#!/usr/bin/env bash

# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy
# of the License at http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software distributed
# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
# CONDITIONS OF ANY KIND, either express or implied. See the License for the
# specific language governing permissions and limitations under the License.

# detector and configuration of detect-secrets
secretsDetector(){
    if ! command -v "detect-secrets" &>/dev/null
    then
        echo -e "\n$RED ERROR!$NORMAL python library detect-secrets not found. Make sure it is installed correctly and in your \$PATH\n"
        EXITCODE=241
        exit $EXITCODE
    else
        SECRETS_TEMP_FOLDER="$PROWLER_DIR/secrets-$ACCOUNT_NUM"
        if [[ ! -d "${SECRETS_TEMP_FOLDER}" ]]; then
            mkdir "${SECRETS_TEMP_FOLDER}"
        fi

        # Sets the entropy limit for high entropy base64 strings from environment variable BASE64_LIMIT.
        # Value must be between 0.0 and 8.0, defaults is 4.5.
        # Sets the entropy limit for high entropy hex strings from environment variable HEX_LIMIT.
        # Value must be between 0.0 and 8.0, defaults is 3.0.
        case $1 in
            file )
                # this is to scan a file
                detect-secrets scan --hex-limit "${HEX_LIMIT:-3.0}" --base64-limit "${BASE64_LIMIT:-4.5}" "${2}" \
                | jq -r '.results[]|.[] | [.line_number, .type]|@csv' \
                | wc -l
                # jq -r '.results[] | .[] | "\(.line_number)\t\(.type)"'
                # this command must return values in two colums:
                # line in file and type of secrets found
                ;;
            string )
                # this is to scan a given string
                detect-secrets scan --hex-limit "${HEX_LIMIT:-3.0}" --base64-limit "${BASE64_LIMIT:-4.5}" --string "${2}" \
                | grep True | wc -l
            ;;
            folder )
                # this is to scan a given folder with all lambda files
                detect-secrets scan --hex-limit "${HEX_LIMIT:-3.0}" --base64-limit "${BASE64_LIMIT:-4.5}" --all-files "${2}" \
                | jq -r '.results[]|.[] | [.line_number, .type]|@csv' | wc -l
            ;;
        esac
    fi
}
