48 | {({ className, style, tokens, getLineProps, getTokenProps }) => (
49 |
50 | {cleanTokens(tokens).map((line, i) => {
51 | let lineClass = {};
52 |
53 | let isDiff = false;
54 |
55 | if (line[0] && line[0].content.length && line[0].content[0] === '+') {
56 | lineClass = { backgroundColor: 'rgba(76, 175, 80, 0.2)' };
57 | isDiff = true;
58 | } else if (line[0] && line[0].content.length && line[0].content[0] === '-') {
59 | lineClass = { backgroundColor: 'rgba(244, 67, 54, 0.2)' };
60 | isDiff = true;
61 | } else if (line[0] && line[0].content === '' && line[1] && line[1].content === '+') {
62 | lineClass = { backgroundColor: 'rgba(76, 175, 80, 0.2)' };
63 | isDiff = true;
64 | } else if (line[0] && line[0].content === '' && line[1] && line[1].content === '-') {
65 | lineClass = { backgroundColor: 'rgba(244, 67, 54, 0.2)' };
66 | isDiff = true;
67 | }
68 | const lineProps = getLineProps({ line, key: i });
69 |
70 | lineProps.style = lineClass;
71 | const diffStyle = {
72 | userSelect: 'none',
73 | MozUserSelect: '-moz-none',
74 | WebkitUserSelect: 'none',
75 | };
76 |
77 | let splitToken;
78 |
79 | return (
80 |
81 | {line.map((token, key) => {
82 | if (isDiff) {
83 | if (
84 | (key === 0 || key === 1) &
85 | (token.content.charAt(0) === '+' || token.content.charAt(0) === '-')
86 | ) {
87 | if (token.content.length > 1) {
88 | splitToken = {
89 | types: ['template-string', 'string'],
90 | content: token.content.slice(1),
91 | };
92 | const firstChar = {
93 | types: ['operator'],
94 | content: token.content.charAt(0),
95 | };
96 |
97 | return (
98 |
99 |
103 |
104 |
105 | );
106 | } else {
107 | return ;
108 | }
109 | }
110 | }
111 | return ;
112 | })}
113 |
114 | );
115 | })}
116 |
117 | )}
118 |
119 | );
120 | }
121 | };
122 |
123 | export default CodeBlock;
124 |
--------------------------------------------------------------------------------
/.github/workflows/release.yml:
--------------------------------------------------------------------------------
1 | name: Release
2 |
3 | on:
4 | push:
5 | tags:
6 | - "v*"
7 | paths-ignore:
8 | - "docs"
9 | - ".vscode"
10 |
11 | jobs:
12 | build:
13 | name: Build all
14 | strategy:
15 | matrix:
16 | target:
17 | - x86_64-unknown-linux-gnu
18 | - x86_64-pc-windows-gnu
19 | - x86_64-apple-darwin
20 | include:
21 | - target: x86_64-unknown-linux-gnu
22 | os: ubuntu-latest
23 | - target: x86_64-pc-windows-gnu
24 | os: ubuntu-latest
25 | - target: x86_64-apple-darwin
26 | os: macos-latest
27 |
28 | runs-on: ${{ matrix.os }}
29 | steps:
30 | - name: Checkout HEAD
31 | uses: actions/checkout@v1
32 | with:
33 | submodules: true
34 | - name: Setup Rust
35 | uses: actions-rs/toolchain@v1
36 | with:
37 | profile: minimal
38 | toolchain: stable
39 | override: true
40 |
41 | - name: Cache cargo registry
42 | uses: actions/cache@v1
43 | with:
44 | path: ~/.cargo/registry
45 | key: ${{ runner.os }}-cargo-registry-${{ hashFiles('**/Cargo.lock') }}
46 | - name: Cache cargo index
47 | uses: actions/cache@v1
48 | with:
49 | path: ~/.cargo/git
50 | key: ${{ runner.os }}-cargo-index-${{ hashFiles('**/Cargo.lock') }}
51 | - name: Cache cargo build
52 | uses: actions/cache@v1
53 | with:
54 | path: target
55 | key: ${{ runner.os }}-cargo-build-target-${{ hashFiles('**/Cargo.lock') }}
56 |
57 | - uses: actions-rs/cargo@v1.0.1
58 | with:
59 | command: build
60 | args: --release --target=${{ matrix.target }}
61 | use-cross: true
62 | - name: Compress release files
63 | run: |
64 | zip --junk-paths shisho-${{ matrix.target }} target/${{ matrix.target }}/release/shisho{,.exe}
65 | - uses: actions/upload-artifact@v1
66 | with:
67 | name: build-${{ matrix.target }}
68 | path: shisho-${{ matrix.target }}.zip
69 |
70 | create-release:
71 | name: Create Github Release
72 | needs:
73 | - build
74 | runs-on: ubuntu-latest
75 | steps:
76 | - name: Create a GitHub release
77 | id: create-release
78 | uses: actions/create-release@v1
79 | env:
80 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
81 | with:
82 | tag_name: ${{ github.ref }}
83 | release_name: Release ${{ github.ref }}
84 | draft: false
85 | - run: |
86 | echo '${{ steps.create-release.outputs.upload_url }}' > release_upload_url.txt
87 | - uses: actions/upload-artifact@v1
88 | with:
89 | name: create-release
90 | path: release_upload_url.txt
91 |
92 | upload-assets:
93 | name: Create Github Release
94 | needs:
95 | - create-release
96 | strategy:
97 | matrix:
98 | target:
99 | - x86_64-unknown-linux-gnu
100 | - x86_64-pc-windows-gnu
101 | - x86_64-apple-darwin
102 | runs-on: ubuntu-latest
103 | steps:
104 | - name: Fetch meta artifacts
105 | uses: actions/download-artifact@v1
106 | with:
107 | name: create-release
108 | - name: Extract an upload URL
109 | id: upload-url
110 | run: |
111 | echo "::set-output name=url::$(cat create-release/release_upload_url.txt)"
112 | - name: Download actual artifacts
113 | uses: actions/download-artifact@v1
114 | with:
115 | name: build-${{ matrix.target }}
116 | - uses: actions/upload-release-asset@v1
117 | env:
118 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
119 | with:
120 | upload_url: ${{ steps.upload-url.outputs.url }}
121 | asset_name: build-${{ matrix.target }}.zip
122 | asset_path: build-${{ matrix.target }}/shisho-${{ matrix.target }}.zip
123 | asset_content_type: application/zip
124 |
125 | release-image:
126 | runs-on: ubuntu-latest
127 | env:
128 | IMAGE_NAME: shisho-cli
129 | steps:
130 | - name: Checkout HEAD
131 | uses: actions/checkout@v1
132 | with:
133 | submodules: true
134 |
135 | - name: Set up Docker Buildx
136 | uses: docker/setup-buildx-action@v1
137 |
138 | - name: Login to GitHub Container Registry
139 | uses: docker/login-action@v1
140 | with:
141 | registry: ghcr.io
142 | username: ${{ github.repository_owner }}
143 | password: ${{ secrets.GITHUB_TOKEN }}
144 |
145 | - name: Retrive version string
146 | run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
147 |
148 | - name: Build and push
149 | uses: docker/build-push-action@v2
150 | with:
151 | context: .
152 | push: true
153 | tags: |
154 | ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest
155 | ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }}
156 |
--------------------------------------------------------------------------------
/docs/content/shisho-cloud/frequently-asked-questions.md:
--------------------------------------------------------------------------------
1 | ---
2 | title: 'Frequently Asked Questions'
3 | metaTitle: 'Frequently Asked Questions - Shisho Cloud'
4 | metaDescription: 'This page shows frequently asked questions.'
5 | ---
6 |
7 | ### Sign Up
8 |
9 | #### I do not have any SSO accounts. What should I do?
10 |
11 | At this stage, we do not provide email/password-based sign-up and the other SSO options. For the registration, [Shisho Cloud](https://shisho.dev/) needs to integrate with at least one of the repository managers. This way gives you centrally to manage both the account and integration configuration. If we continuously receive the request, we consider them but please consider creating the account of the repository managers.
12 |
13 | #### Can I sign up with multiple SSOs?
14 |
15 | Yes, but [Shisho Cloud](https://shisho.dev/) treats your multiple accounts as different accounts even though you work with the same repositories in repository managers.
16 |
17 | ### Repository connection
18 |
19 | #### Can I link with repositories of multiple repository managers such as GitHub and Bitbucket?
20 |
21 | Yes, you are able to link with repositories of multiple repository managers. We know some enterprises and small businesses separately own repositories due to the company policy. You do not need to sign up with each of them, please simply log in by the current SSO and connect with the other repository managers.
22 |
23 | #### Can I connect Shisho Cloud with my own Git server?
24 |
25 | Unfortunately, we do not support the own Git servers at this stage but we of course consider that. If you seriously want, please send feedback. We might prioritize it higher.
26 |
27 | #### Can I connect Shisho Cloud with other services such as Azure Repos?
28 |
29 | We support [GitHub](https://github.com/), [GitLab](https://about.gitlab.com/), and [BitBucket](https://bitbucket.org/product) at the moment but we consider expanding the other services. If you want, please send feedback regarding the request. We might change task priorities.
30 |
31 | #### I want to test Shisho Cloud but I have not had Terraform code yet. Is it possible?
32 |
33 | Please consider trying a test repository. You might be able to understand what IaC is and why the security is significant for it. As you know, IaC such as [Terrafrom](https://www.terraform.io/) is useful and powerful to create, update and destroy cloud resources. We are happy to support the new journey of secured cloud resource management.
34 |
35 | ### Test repository "[flatt-security/tfgoat-aws](https://github.com/flatt-security/tfgoat-aws)"
36 |
37 | #### What is a test repository?
38 |
39 | The test repository, "[flatt-security/tfgoat-aws](https://github.com/flatt-security/tfgoat-aws)" is our vulnerable-by-design [Terrafrom](https://www.terraform.io/) repository for testing purposes. Why we created is that some clients want us to demonstrate [Shisho Cloud](https://shisho.dev/) without connecting with their repositories. We are pretty sure that it is enough to assess the quality and performance of [Shisho Cloud](https://shisho.dev/).
40 |
41 | #### So, will I have any risks with the test repository?
42 |
43 | No worries, friends. You should not have any troubles with your cloud services and of course, repositories as well. The [Terrafrom](https://www.terraform.io/) code misconfigures [AWS](https://aws.amazon.com/) resources and policies for dummy resources on purpose but it will never pose critical incidents for your existing resources.
44 |
45 | #### Is it safe if I keep the test repository?
46 |
47 | Of course, yes. You should not have any troubles with your cloud services and repositories. However, if you want to delete it, you can remove it from your repository managers, [GitHub](https://github.com/), [GitLab](https://about.gitlab.com/), and [BitBucket](https://bitbucket.org/product). Moreover, you can delete the repository integration OR your account itself of [Shisho Cloud](https://shisho.dev/).
48 |
49 | ### Shisho GitHub App
50 |
51 | #### What is Shisho GitHub App?
52 |
53 | Shisho GitHub App is one of the official "GitHub Apps" and our [GitHub](https://github.com/) repository integration requires it. Shisho GitHub Apps can be installed directly on organizations and user accounts and granted access to specific repositories via GitHub Apps.
54 |
55 | #### I do not want to install Shisho GitHub App on my PC. Is it OK?
56 |
57 | Some people are confused "GitHub Apps" as a desktop application that you need to install for your machines. This is an extension for your [GitHub](https://github.com/) account for the seamless integration and your manageable identities and assets.
58 |
59 | #### I cannot install Shisho GitHub App for repositories managed by my employer. Why?
60 |
61 | If you want to use [Shisho Cloud](https://shisho.dev/) with your workplace repositories, you might need to ask your repository administrator to install the app at the organization level. If it is difficult for testing purposes, please consider installing it on your private account.
62 |
63 | #### Is it possible to uninstall Shisho GitHub App?
64 |
65 | Yes, you can uninstall Shisho GitHub App from [GitHub](https://github.com/) Profile menu. Please go to Settings -> Applications / Integrations section.
66 |
67 | ### Shisho Cloud account
68 |
69 | #### Is it possible to delete Shisho Cloud?
70 |
71 | Yes, you can delete the [Shisho Cloud](https://shisho.dev/) account by yourself but we might cry :( We remove SSO details for login and discard all your work.
--------------------------------------------------------------------------------
/src/cli/encoding.rs:
--------------------------------------------------------------------------------
1 | use anyhow::Result;
2 | use encoding_rs::Encoding;
3 |
4 | pub fn parse_encoding(label: &str) -> Result<&'static Encoding> {
5 | match Encoding::for_label((label).as_bytes()) {
6 | Some(encoding) => Ok(encoding),
7 | None => Err(anyhow::anyhow!("failed to parse encoding {}", label)),
8 | }
9 | }
10 |
11 | // This list comes from encoding_rs, which is licensed under Apache 2.0 or MIT.
12 | // https://github.com/hsivonen/encoding_rs/blob/19efaf064f5b95477cc1e0b487566d213a6d67f3/src/lib.rs#L2140
13 | pub static LABELS_SORTED: [&str; 219] = [
14 | "l1",
15 | "l2",
16 | "l3",
17 | "l4",
18 | "l5",
19 | "l6",
20 | "l9",
21 | "866",
22 | "mac",
23 | "koi",
24 | "gbk",
25 | "big5",
26 | "utf8",
27 | "koi8",
28 | "sjis",
29 | "ms932",
30 | "cp866",
31 | "utf-8",
32 | "cp819",
33 | "ascii",
34 | "x-gbk",
35 | "greek",
36 | "cp1250",
37 | "cp1251",
38 | "latin1",
39 | "gb2312",
40 | "cp1252",
41 | "latin2",
42 | "cp1253",
43 | "latin3",
44 | "cp1254",
45 | "latin4",
46 | "cp1255",
47 | "csbig5",
48 | "latin5",
49 | "utf-16",
50 | "cp1256",
51 | "ibm866",
52 | "latin6",
53 | "cp1257",
54 | "cp1258",
55 | "greek8",
56 | "ibm819",
57 | "arabic",
58 | "visual",
59 | "korean",
60 | "euc-jp",
61 | "koi8-r",
62 | "koi8_r",
63 | "euc-kr",
64 | "x-sjis",
65 | "koi8-u",
66 | "hebrew",
67 | "tis-620",
68 | "gb18030",
69 | "ksc5601",
70 | "gb_2312",
71 | "dos-874",
72 | "cn-big5",
73 | "chinese",
74 | "logical",
75 | "cskoi8r",
76 | "cseuckr",
77 | "koi8-ru",
78 | "x-cp1250",
79 | "ksc_5601",
80 | "x-cp1251",
81 | "iso88591",
82 | "csgb2312",
83 | "x-cp1252",
84 | "iso88592",
85 | "x-cp1253",
86 | "iso88593",
87 | "ecma-114",
88 | "x-cp1254",
89 | "iso88594",
90 | "x-cp1255",
91 | "iso88595",
92 | "x-x-big5",
93 | "x-cp1256",
94 | "csibm866",
95 | "iso88596",
96 | "x-cp1257",
97 | "iso88597",
98 | "asmo-708",
99 | "ecma-118",
100 | "elot_928",
101 | "x-cp1258",
102 | "iso88598",
103 | "iso88599",
104 | "cyrillic",
105 | "utf-16be",
106 | "utf-16le",
107 | "us-ascii",
108 | "ms_kanji",
109 | "x-euc-jp",
110 | "iso885910",
111 | "iso8859-1",
112 | "iso885911",
113 | "iso8859-2",
114 | "iso8859-3",
115 | "iso885913",
116 | "iso8859-4",
117 | "iso885914",
118 | "iso8859-5",
119 | "iso885915",
120 | "iso8859-6",
121 | "iso8859-7",
122 | "iso8859-8",
123 | "iso-ir-58",
124 | "iso8859-9",
125 | "macintosh",
126 | "shift-jis",
127 | "shift_jis",
128 | "iso-ir-100",
129 | "iso8859-10",
130 | "iso-ir-110",
131 | "gb_2312-80",
132 | "iso-8859-1",
133 | "iso_8859-1",
134 | "iso-ir-101",
135 | "iso8859-11",
136 | "iso-8859-2",
137 | "iso_8859-2",
138 | "hz-gb-2312",
139 | "iso-8859-3",
140 | "iso_8859-3",
141 | "iso8859-13",
142 | "iso-8859-4",
143 | "iso_8859-4",
144 | "iso8859-14",
145 | "iso-ir-144",
146 | "iso-8859-5",
147 | "iso_8859-5",
148 | "iso8859-15",
149 | "iso-8859-6",
150 | "iso_8859-6",
151 | "iso-ir-126",
152 | "iso-8859-7",
153 | "iso_8859-7",
154 | "iso-ir-127",
155 | "iso-ir-157",
156 | "iso-8859-8",
157 | "iso_8859-8",
158 | "iso-ir-138",
159 | "iso-ir-148",
160 | "iso-8859-9",
161 | "iso_8859-9",
162 | "iso-ir-109",
163 | "iso-ir-149",
164 | "big5-hkscs",
165 | "csshiftjis",
166 | "iso-8859-10",
167 | "iso-8859-11",
168 | "csisolatin1",
169 | "csisolatin2",
170 | "iso-8859-13",
171 | "csisolatin3",
172 | "iso-8859-14",
173 | "windows-874",
174 | "csisolatin4",
175 | "iso-8859-15",
176 | "iso_8859-15",
177 | "csisolatin5",
178 | "iso-8859-16",
179 | "csisolatin6",
180 | "windows-949",
181 | "csisolatin9",
182 | "csiso88596e",
183 | "csiso88598e",
184 | "csmacintosh",
185 | "csiso88596i",
186 | "csiso88598i",
187 | "windows-31j",
188 | "x-mac-roman",
189 | "iso-2022-cn",
190 | "iso-2022-jp",
191 | "csiso2022jp",
192 | "iso-2022-kr",
193 | "csiso2022kr",
194 | "replacement",
195 | "windows-1250",
196 | "windows-1251",
197 | "windows-1252",
198 | "windows-1253",
199 | "windows-1254",
200 | "windows-1255",
201 | "windows-1256",
202 | "windows-1257",
203 | "windows-1258",
204 | "iso-8859-6-e",
205 | "iso-8859-8-e",
206 | "iso-8859-6-i",
207 | "iso-8859-8-i",
208 | "sun_eu_greek",
209 | "csksc56011987",
210 | "ks_c_5601-1987",
211 | "ansi_x3.4-1968",
212 | "ks_c_5601-1989",
213 | "x-mac-cyrillic",
214 | "x-user-defined",
215 | "csiso58gb231280",
216 | "iso_8859-1:1987",
217 | "iso_8859-2:1987",
218 | "iso_8859-6:1987",
219 | "iso_8859-7:1987",
220 | "iso_8859-3:1988",
221 | "iso_8859-4:1988",
222 | "iso_8859-5:1988",
223 | "iso_8859-8:1988",
224 | "iso_8859-9:1989",
225 | "csisolatingreek",
226 | "x-mac-ukrainian",
227 | "iso-2022-cn-ext",
228 | "csisolatinarabic",
229 | "csisolatinhebrew",
230 | "unicode-1-1-utf-8",
231 | "csisolatincyrillic",
232 | "cseucpkdfmtjapanese",
233 | ];
234 |
--------------------------------------------------------------------------------
/src/cli/reporter/sarif.rs:
--------------------------------------------------------------------------------
1 | use super::Reporter;
2 | use crate::core::{
3 | language::Queryable,
4 | matcher::MatchedItem,
5 | ruleset::{Rule, Severity},
6 | target::Target,
7 | };
8 | use anyhow::Result;
9 | use serde_sarif::sarif;
10 | use std::{collections::HashMap, convert::TryInto};
11 |
12 | pub struct SARIFReporter<'a, Writer: std::io::Write> {
13 | writer: &'a mut Writer,
14 |
15 | results: Vec
20 |
21 | #### Shisho LP - 01/21/2022
22 |
23 | We updated some content with a new design.
24 |
25 | #### Shisho Cloud - 01/21/2022
26 |
27 | We released the new console UI.
28 |
29 | #### Shisho Cloud - 01/18/2022
30 |
31 | We released PR comment functions for [GitLab](https://about.gitlab.com/) and [BitBucket](https://bitbucket.org/product).
32 |
33 | #### Shisho Cloud - 01/14/2022
34 |
35 | We added new rules for [AWS](https://aws.amazon.com/), [GCP](https://cloud.google.com/) and [Azure](https://azure.microsoft.com/).
36 |
37 | #### Shisho Dojo - 12/18/2021
38 |
39 | We launched [SHisho Dojo](https://shisho.dev/dojo/).
40 |
41 | > Last Update: 01/28/2022
--------------------------------------------------------------------------------
/docs/.eslintrc.json:
--------------------------------------------------------------------------------
1 | {
2 | "extends": [
3 | "eslint:recommended",
4 | "plugin:import/errors",
5 | "plugin:react/recommended",
6 | "plugin:jsx-a11y/recommended",
7 | "prettier",
8 | "prettier/react"
9 | ],
10 | "plugins": ["react", "import", "jsx-a11y"],
11 | "settings": {
12 | "react": {
13 | "version": "detect"
14 | }
15 | },
16 | "rules": {
17 | "react/prop-types": 0,
18 | "react/react-in-jsx-scope": "off",
19 | "lines-between-class-members": ["error", "always"],
20 | "padding-line-between-statements": [
21 | "error",
22 | { "blankLine": "always", "prev": ["const", "let", "var"], "next": "*" },
23 | {
24 | "blankLine": "always",
25 | "prev": ["const", "let", "var"],
26 | "next": ["const", "let", "var"]
27 | },
28 | { "blankLine": "always", "prev": "directive", "next": "*" },
29 | { "blankLine": "any", "prev": "directive", "next": "directive" }
30 | ]
31 | },
32 | "parser": "babel-eslint",
33 | "parserOptions": {
34 | "ecmaVersion": 10,
35 | "sourceType": "module",
36 | "ecmaFeatures": {
37 | "jsx": true
38 | }
39 | },
40 | "env": {
41 | "es6": true,
42 | "browser": true,
43 | "node": true
44 | },
45 | "globals": {
46 | "graphql": false
47 | }
48 | }
49 |
--------------------------------------------------------------------------------
/src/cli/reporter.rs:
--------------------------------------------------------------------------------
1 | mod console;
2 | pub use self::console::*;
3 |
4 | mod json;
5 | pub use self::json::*;
6 |
7 | mod sarif;
8 | pub use self::sarif::*;
9 |
10 | use crate::core::{language::Queryable, matcher::MatchedItem, ruleset::Rule, target::Target};
11 | use anyhow::Result;
12 | use std::str::FromStr;
13 |
14 | pub trait Reporter<'a> {
15 | type Writer: std::io::Write;
16 | fn new(writer: &'a mut Self::Writer) -> Self
17 | where
18 | Self: Sized;
19 |
20 | fn add_entry