Merge pull request #114 from zricethezav/report

report filetype enforcement, time to audit

CHANGELOG.md

@@ -1,6 +1,12 @@
 CHANGELOG
 =========
 
+1.12.0
+----
+- removing --csv option
+- --report option now requires .json or .csv in filename
+- adding total time to audit in logs
+
 1.11.1
 ----
 - fix commit whitelist logic

Gopkg.lock

@@ -44,6 +44,12 @@
   revision = "44c6ddd0a2342c386950e880b658017258da92fc"
   version = "v1.0.0"
 
+[[projects]]
+  name = "github.com/hako/durafmt"
+  packages = ["."]
+  revision = "7b7ae1e72eade09dbc9c2cfba3e6c4bae7b8bcac"
+  version = "1.0.0"
+
 [[projects]]
   branch = "master"
   name = "github.com/jbenet/go-context"
@@ -249,6 +255,6 @@
 [solve-meta]
   analyzer-name = "dep"
   analyzer-version = 1
-  inputs-digest = "8185a08afcb3ad854f58b49061fb70c57e7b64244abb43a08714d55cac7a97f9"
+  inputs-digest = "ad1b6855b3c8b3e1303f29123160cde693d39d6724682ce1cd246cd1a2343c7c"
   solver-name = "gps-cdcl"
   solver-version = 1

Makefile

@@ -1,7 +1,7 @@
 .PHONY: test build-all deploy
 
 test:
-	go get github.com/golang/lint/golint
+	go get golang.org/x/lint/golint
 	go fmt
 	golint
 	go test --race --cover -run=Test$

README.md

@@ -46,7 +46,6 @@ Application Options:
   -l, --log=           log level
   -v, --verbose        Show verbose output from gitleaks audit
       --report=        path to write report file
-      --csv            report output to csv
       --redact         redact secrets from log messages and report
       --version        version number
       --sample-config  prints a sample config file

gitleaks_test.go

@@ -315,6 +315,8 @@ func TestRun(t *testing.T) {
 func TestWriteReport(t *testing.T) {
 	tmpDir, _ := ioutil.TempDir("", "reportDir")
 	reportJSON := path.Join(tmpDir, "report.json")
+	reportJASON := path.Join(tmpDir, "report.jason")
+	reportVOID := path.Join("thereIsNoWay", "thisReportWillGetWritten.json")
 	reportCSV := path.Join(tmpDir, "report.csv")
 	defer os.RemoveAll(tmpDir)
 	leaks := []Leak{
@@ -331,17 +333,18 @@ func TestWriteReport(t *testing.T) {
 	}
 
 	var tests = []struct {
-		leaks       []Leak
-		reportFile  string
-		fileName    string
-		description string
-		testOpts    Options
+		leaks          []Leak
+		reportFile     string
+		fileName       string
+		description    string
+		testOpts       Options
+		expectedErrMsg string
 	}{
 		{
 			leaks:       leaks,
 			reportFile:  reportJSON,
 			fileName:    "report.json",
-			description: "can we write a file",
+			description: "can we write a json file",
 			testOpts: Options{
 				Report: reportJSON,
 			},
@@ -350,10 +353,29 @@ func TestWriteReport(t *testing.T) {
 			leaks:       leaks,
 			reportFile:  reportCSV,
 			fileName:    "report.csv",
-			description: "can we write a file",
+			description: "can we write a csv file",
 			testOpts: Options{
 				Report: reportCSV,
-				CSV:    true,
+			},
+		},
+		{
+			leaks:          leaks,
+			reportFile:     reportJASON,
+			fileName:       "report.jason",
+			description:    "bad file",
+			expectedErrMsg: "Report should be a .json or .csv file",
+			testOpts: Options{
+				Report: reportJASON,
+			},
+		},
+		{
+			leaks:          leaks,
+			reportFile:     reportVOID,
+			fileName:       "report.jason",
+			description:    "bad dir",
+			expectedErrMsg: "thereIsNoWay does not exist",
+			testOpts: Options{
+				Report: reportVOID,
 			},
 		},
 	}
@@ -362,9 +384,14 @@ func TestWriteReport(t *testing.T) {
 		g.Describe("TestWriteReport", func() {
 			g.It(test.description, func() {
 				opts = test.testOpts
-				writeReport(test.leaks)
-				f, _ := os.Stat(test.reportFile)
-				g.Assert(f.Name()).Equal(test.fileName)
+				err := optsGuard()
+				if err != nil {
+					g.Assert(err.Error()).Equal(test.expectedErrMsg)
+				} else {
+					writeReport(test.leaks)
+					f, _ := os.Stat(test.reportFile)
+					g.Assert(f.Name()).Equal(test.fileName)
+				}
 			})
 		})
 	}

main.go

@@ -31,14 +31,13 @@ import (
 
 	"github.com/BurntSushi/toml"
 	"github.com/google/go-github/github"
+	"github.com/hako/durafmt"
 	flags "github.com/jessevdk/go-flags"
 	log "github.com/sirupsen/logrus"
 	git "gopkg.in/src-d/go-git.v4"
 )
 
 // Leak represents a leaked secret or regex match.
-// Output to stdout as json if the --verbose option is set or
-// as a csv if the --csv and --report options are set.
 type Leak struct {
 	Line     string `json:"line"`
 	Commit   string `json:"commit"`
@@ -97,8 +96,7 @@ type Options struct {
 	// Output options
 	Log          string `short:"l" long:"log" description:"log level"`
 	Verbose      bool   `short:"v" long:"verbose" description:"Show verbose output from gitleaks audit"`
-	Report       string `long:"report" description:"path to write report file"`
-	CSV          bool   `long:"csv" description:"report output to csv"`
+	Report       string `long:"report" description:"path to write report file. Needs to be csv or json"`
 	Redact       bool   `long:"redact" description:"redact secrets from log messages and report"`
 	Version      bool   `long:"version" description:"version number"`
 	SampleConfig bool   `long:"sample-config" description:"prints a sample config file"`
@@ -218,6 +216,7 @@ func main() {
 		fmt.Println(defaultConfig)
 		os.Exit(0)
 	}
+	now := time.Now()
 	leaks, err := run()
 	if err != nil {
 		log.Error(err)
@@ -227,7 +226,7 @@ func main() {
 		writeReport(leaks)
 	}
 
-	log.Infof("%d commits inspected", totalCommits)
+	log.Infof("%d commits inspected in %s", totalCommits, durafmt.Parse(time.Now().Sub(now)).String())
 	if len(leaks) != 0 {
 		log.Warnf("%d leaks detected", len(leaks))
 		os.Exit(leakExit)
@@ -300,7 +299,7 @@ func run() ([]Leak, error) {
 func writeReport(leaks []Leak) error {
 	var err error
 	log.Infof("writing report to %s", opts.Report)
-	if opts.CSV {
+	if strings.HasSuffix(opts.Report, ".csv") {
 		f, err := os.Create(opts.Report)
 		if err != nil {
 			return err
@@ -926,6 +925,15 @@ func optsGuard() error {
 	if opts.Entropy > 8 {
 		return fmt.Errorf("The maximum level of entropy is 8")
 	}
+	if opts.Report != "" {
+		if !strings.HasSuffix(opts.Report, ".json") && !strings.HasSuffix(opts.Report, ".csv") {
+			return fmt.Errorf("Report should be a .json or .csv file")
+		}
+		dirPath := filepath.Dir(opts.Report)
+		if _, err := os.Stat(dirPath); os.IsNotExist(err) {
+			return fmt.Errorf("%s does not exist", dirPath)
+		}
+	}
 
 	return nil
 }

vendor/github.com/hako/durafmt/.gitignore

@@ -0,0 +1,24 @@
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+*.o
+*.a
+*.so
+
+# Folders
+_obj
+_test
+
+# Architecture specific extensions/prefixes
+*.[568vq]
+[568vq].out
+
+*.cgo1.go
+*.cgo2.c
+_cgo_defun.c
+_cgo_gotypes.go
+_cgo_export.*
+
+_testmain.go
+
+*.exe
+*.test
+*.prof

vendor/github.com/hako/durafmt/.travis.yml

@@ -0,0 +1,21 @@
+language: go
+
+go:
+  - 1.5
+  - 1.6
+  - 1.7
+  - 1.8
+  - 1.9
+  - tip
+
+before_install:
+  - go get golang.org/x/tools/cmd/cover
+
+script:
+  - GOARCH=386 go test # test 32bit architectures.
+  - go test -coverprofile=coverage.txt -covermode=atomic
+
+after_success:
+  - bash <(curl -s https://codecov.io/bash)
+
+sudo: false

vendor/github.com/hako/durafmt/CODE_OF_CONDUCT.md

@@ -0,0 +1,46 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at wesley@hakobaito.co.uk. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

vendor/github.com/hako/durafmt/CONTRIBUTING.md

@@ -0,0 +1,9 @@
+# Contributing
+
+Contributions are welcome! Fork this repo and add your changes and submit a PR.
+
+If you would like to fix a bug, add a feature or provide feedback you can do so in the issues section.
+
+You can run tests by runnning `go test`. Running `go test; go vet; golint` is recommended.
+
+durafmt is also tested against `gometalinter`.

vendor/github.com/hako/durafmt/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Wesley Hill
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

vendor/github.com/hako/durafmt/README.md

@@ -0,0 +1,122 @@
+# durafmt
+
+[![Build Status](https://travis-ci.org/hako/durafmt.svg?branch=master)](https://travis-ci.org/hako/durafmt) [![Go Report Card](https://goreportcard.com/badge/github.com/hako/durafmt)](https://goreportcard.com/report/github.com/hako/durafmt) [![codecov](https://codecov.io/gh/hako/durafmt/branch/master/graph/badge.svg)](https://codecov.io/gh/hako/durafmt) [![GoDoc](https://godoc.org/github.com/hako/durafmt?status.svg)](https://godoc.org/github.com/hako/durafmt) 
+[![Open Source Helpers](https://www.codetriage.com/hako/durafmt/badges/users.svg)](https://www.codetriage.com/hako/durafmt)
+
+
+
+durafmt is a tiny Go library that formats `time.Duration` strings into a human readable format.
+
+```
+go get github.com/hako/durafmt
+```
+
+# Why
+
+If you've worked with `time.Duration` in Go, you most likely have come across this:
+
+```
+53m28.587093086s // :)
+```
+
+The above seems very easy to read, unless your duration looks like this:
+
+```
+354h22m3.24s // :S
+```
+
+# Usage
+
+### durafmt.ParseString()
+
+```go
+package main
+
+import (
+	"fmt"
+	"github.com/hako/durafmt"
+)
+
+func main() {
+	duration, err := durafmt.ParseString("354h22m3.24s")
+	if err != nil {
+		fmt.Println(err)
+	}
+	fmt.Println(duration) // 2 weeks 18 hours 22 minutes 3 seconds
+	// duration.String() // String representation. "2 weeks 18 hours 22 minutes 3 seconds"
+}
+```
+
+### durafmt.ParseStringShort()
+
+Version of `durafmt.ParseString()` that only returns the first part of the duration string.
+
+```go
+package main
+
+import (
+	"fmt"
+	"github.com/hako/durafmt"
+)
+
+func main() {
+	duration, err := durafmt.ParseStringShort("354h22m3.24s")
+	if err != nil {
+		fmt.Println(err)
+	}
+	fmt.Println(duration) // 2 weeks
+	// duration.String() // String short representation. "2 weeks"
+}
+```
+
+### durafmt.Parse()
+
+```go
+package main
+
+import (
+	"fmt"
+	"time"
+	"github.com/hako/durafmt"
+)
+
+func main() {
+	timeduration := (354 * time.Hour) + (22 * time.Minute) + (3 * time.Second)
+	duration := durafmt.Parse(timeduration).String()
+	fmt.Println(duration) // 2 weeks 18 hours 22 minutes 3 seconds
+}
+```
+
+### durafmt.ParseShort()
+
+Version of `durafmt.Parse()` that only returns the first part of the duration string.
+
+```go
+package main
+
+import (
+	"fmt"
+	"time"
+	"github.com/hako/durafmt"
+)
+
+func main() {
+	timeduration := (354 * time.Hour) + (22 * time.Minute) + (3 * time.Second)
+	duration := durafmt.ParseShort(timeduration).String()
+	fmt.Println(duration) // 2 weeks
+}
+```
+
+# Contributing
+
+Contributions are welcome! Fork this repo and add your changes and submit a PR.
+
+If you would like to fix a bug, add a feature or provide feedback you can do so in the issues section.
+
+You can run tests by runnning `go test`. Running `go test; go vet; golint` is recommended.
+
+durafmt is also tested against `gometalinter`.
+
+# License
+
+MIT

vendor/github.com/hako/durafmt/durafmt.go

@@ -0,0 +1,147 @@
+// Package durafmt formats time.Duration into a human readable format.
+package durafmt
+
+import (
+	"errors"
+	"strconv"
+	"strings"
+	"time"
+)
+
+var (
+	units = []string{"years", "weeks", "days", "hours", "minutes", "seconds", "milliseconds"}
+)
+
+// Durafmt holds the parsed duration and the original input duration.
+type Durafmt struct {
+	duration time.Duration
+	input    string // Used as reference.
+	short    bool
+}
+
+// Parse creates a new *Durafmt struct, returns error if input is invalid.
+func Parse(dinput time.Duration) *Durafmt {
+	input := dinput.String()
+	return &Durafmt{dinput, input, false}
+}
+
+// ParseShort creates a new *Durafmt struct, short form, returns error if input is invalid.
+func ParseShort(dinput time.Duration) *Durafmt {
+	input := dinput.String()
+	return &Durafmt{dinput, input, true}
+}
+
+// ParseString creates a new *Durafmt struct from a string.
+// returns an error if input is invalid.
+func ParseString(input string) (*Durafmt, error) {
+	if input == "0" || input == "-0" {
+		return nil, errors.New("durafmt: missing unit in duration " + input)
+	}
+	duration, err := time.ParseDuration(input)
+	if err != nil {
+		return nil, err
+	}
+	return &Durafmt{duration, input, false}, nil
+}
+
+// ParseStringShort creates a new *Durafmt struct from a string, short form
+// returns an error if input is invalid.
+func ParseStringShort(input string) (*Durafmt, error) {
+	if input == "0" || input == "-0" {
+		return nil, errors.New("durafmt: missing unit in duration " + input)
+	}
+	duration, err := time.ParseDuration(input)
+	if err != nil {
+		return nil, err
+	}
+	return &Durafmt{duration, input, true}, nil
+}
+
+// String parses d *Durafmt into a human readable duration.
+func (d *Durafmt) String() string {
+	var duration string
+
+	// Check for minus durations.
+	if string(d.input[0]) == "-" {
+		duration += "-"
+		d.duration = -d.duration
+	}
+
+	// Convert duration.
+	seconds := int64(d.duration.Seconds()) % 60
+	minutes := int64(d.duration.Minutes()) % 60
+	hours := int64(d.duration.Hours()) % 24
+	days := int64(d.duration/(24*time.Hour)) % 365 % 7
+
+	// Edge case between 364 and 365 days.
+	// We need to calculate weeks from what is left from years
+	leftYearDays := int64(d.duration/(24*time.Hour)) % 365
+	weeks := leftYearDays / 7
+	if leftYearDays >= 364 && leftYearDays < 365 {
+		weeks = 52
+	}
+
+	years := int64(d.duration/(24*time.Hour)) / 365
+	milliseconds := int64(d.duration/time.Millisecond) -
+		(seconds * 1000) - (minutes * 60000) - (hours * 3600000) -
+		(days * 86400000) - (weeks * 604800000) - (years * 31536000000)
+
+	// Create a map of the converted duration time.
+	durationMap := map[string]int64{
+		"milliseconds": milliseconds,
+		"seconds":      seconds,
+		"minutes":      minutes,
+		"hours":        hours,
+		"days":         days,
+		"weeks":        weeks,
+		"years":        years,
+	}
+
+	// Construct duration string.
+	for _, u := range units {
+		v := durationMap[u]
+		strval := strconv.FormatInt(v, 10)
+		switch {
+		// add to the duration string if v > 1.
+		case v > 1:
+			duration += strval + " " + u + " "
+		// remove the plural 's', if v is 1.
+		case v == 1:
+			duration += strval + " " + strings.TrimRight(u, "s") + " "
+		// omit any value with 0s or 0.
+		case d.duration.String() == "0" || d.duration.String() == "0s":
+			// note: milliseconds and minutes have the same suffix (m)
+			// so we have to check if the units match with the suffix.
+
+			// check for a suffix that is NOT the milliseconds suffix.
+			if strings.HasSuffix(d.input, string(u[0])) && !strings.Contains(d.input, "ms") {
+				// if it happens that the units are milliseconds, skip.
+				if u == "milliseconds" {
+					continue
+				}
+				duration += strval + " " + u
+			}
+			// process milliseconds here.
+			if u == "milliseconds" {
+				if strings.Contains(d.input, "ms") {
+					duration += strval + " " + u
+					break
+				}
+			}
+			break
+		// omit any value with 0.
+		case v == 0:
+			continue
+		}
+	}
+	// trim any remaining spaces.
+	duration = strings.TrimSpace(duration)
+
+	// if more than 2 spaces present return the first 2 strings
+	// if short version is requested
+	if d.short {
+		duration = strings.Join(strings.Split(duration, " ")[:2], " ")
+	}
+
+	return duration
+}