azure-sdk-tools/tools/test-proxy/Azure.Sdk.Tools.TestProxy/Common/SecretScanner.cs at b7c8ddc9e4faf67aa725e063d112e5777924415f · Azure/azure-sdk-tools · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Threading;
using System.Threading.Tasks;
using Azure.Sdk.Tools.TestProxy.Console;
using Microsoft.Build.Tasks;
using Microsoft.Security.Utilities;

namespace Azure.Sdk.Tools.TestProxy.Common
{
    public class SecretScanner
    {
        public SecretMasker SecretMasker = new SecretMasker(
            WellKnownRegexPatterns.HighConfidenceMicrosoftSecurityModels.Concat(WellKnownRegexPatterns.LowConfidencePotentialSecurityKeys),
            generateCorrelatingIds: true);

        private IConsoleWrapper Console;

        public SecretScanner(IConsoleWrapper consoleWrapper)
        {
            Console = consoleWrapper;
        }

        public List<Tuple<string, Detection>> DiscoverSecrets(string assetRepoRoot, IEnumerable<string> relativePaths)
        {
            var detectedSecrets = new ConcurrentBag<Tuple<string, Detection>>();
            var total = relativePaths.Count();
            var seen = 0;
            Console.WriteLine(string.Empty);

            var options = new ParallelOptions
            {
                MaxDegreeOfParallelism = Environment.ProcessorCount
            };

            Parallel.ForEach(relativePaths, options, (filePath) =>
            {
                var path = Path.Combine(assetRepoRoot, filePath);

                if (File.Exists(path))
                {
                    var content = File.ReadAllText(path);
                    var fileDetections = DetectSecrets(content);

                    if (fileDetections != null && fileDetections.Count > 0)
                    {
                        foreach (Detection detection in fileDetections)
                        {
                            detectedSecrets.Add(Tuple.Create(filePath, detection));
                        }
                    }

                    Interlocked.Increment(ref seen);

                    Console.Write($"\r\u001b[2KScanned {seen}/{total}.");
                }
            });

            Console.WriteLine(string.Empty);

            return detectedSecrets.ToList();
        }

        private async Task<string> ReadFile(string filePath)
        {
            using (StreamReader reader = new StreamReader(filePath))
            {
                return await reader.ReadToEndAsync();
            }
        }

        private ICollection<Detection> DetectSecrets(string stringContent)
        {
            return SecretMasker.DetectSecrets(stringContent);
        }

    }
}