Merge remote-tracking branch 'upstream/master'

main.go

@@ -2,14 +2,19 @@ package main
 
 import (
 	"os"
+	"strings"
 
 	log "github.com/sirupsen/logrus"
-	"github.com/zricethezav/gitleaks/src"
+	gitleaks "github.com/zricethezav/gitleaks/src"
 )
 
 func main() {
 	report, err := gitleaks.Run(gitleaks.ParseOpts())
 	if err != nil {
+		if strings.Contains(err.Error(), "whitelisted") {
+			log.Info(err.Error())
+			os.Exit(0)
+		}
 		log.Error(err)
 		os.Exit(gitleaks.ErrExit)
 	}

src/core.go

@@ -3,7 +3,6 @@ package gitleaks
 import (
 	"io/ioutil"
 	"os"
-	"strings"
 	"sync"
 	"time"
 
@@ -60,7 +59,8 @@ func Run(optsL *Options) (*Report, error) {
 
 	// start audits
 	if opts.Repo != "" || opts.RepoPath != "" {
-		repoInfo, err := newRepoInfo()
+		var repoInfo *RepoInfo
+		repoInfo, err = newRepoInfo()
 		if err != nil {
 			goto postAudit
 		}
@@ -70,7 +70,8 @@ func Run(optsL *Options) (*Report, error) {
 		}
 		leaks, err = repoInfo.audit()
 	} else if opts.OwnerPath != "" {
-		repoDs, err := discoverRepos(opts.OwnerPath)
+		var repoDs []*RepoInfo
+		repoDs, err = discoverRepos(opts.OwnerPath)
 		if err != nil {
 			goto postAudit
 		}
@@ -96,12 +97,7 @@ func Run(optsL *Options) (*Report, error) {
 
 postAudit:
 	if err != nil {
-		if strings.Contains(err.Error(), "whitelisted") {
-			log.Info(err.Error())
-			os.Exit(0)
-		}
-		log.Error(err)
-		os.Exit(ErrExit)
+		return &Report{}, err
 	}
 
 	if opts.Report != "" {

src/gitleaks_test.go

@@ -64,22 +64,22 @@ func TestGetRepo(t *testing.T) {
 				Repo: "https://github.com/gitleakstest/nope",
 			},
 			description:    "test no repo",
-			expectedErrMsg: "authentication required",
+			expectedErrMsg: "repository not found",
 		},
 		{
 			testOpts: &Options{
 				Repo: "https://github.com/gitleakstest/private",
 			},
 			description:    "test private repo",
-			expectedErrMsg: "authentication required",
+			expectedErrMsg: "repository not found",
 		},
 		{
 			testOpts: &Options{
 				Repo: "https://github.com/gitleakstest/private",
 				Disk: true,
 			},
-			description:    "test private repo",
-			expectedErrMsg: "authentication required",
+			description:    "test private repo disk",
+			expectedErrMsg: "repository not found",
 		},
 	}
 	g := goblin.Goblin(t)
@@ -207,7 +207,7 @@ func TestRun(t *testing.T) {
 			},
 			description:    "test empty",
 			numLeaks:       0,
-			expectedErrMsg: "reference not found",
+			expectedErrMsg: "repository not found",
 		},
 		{
 			testOpts: &Options{

src/repo.go

@@ -15,6 +15,7 @@ import (
 	diffType "gopkg.in/src-d/go-git.v4/plumbing/format/diff"
 	"gopkg.in/src-d/go-git.v4/plumbing/object"
 	"gopkg.in/src-d/go-git.v4/plumbing/storer"
+	gitHttp "gopkg.in/src-d/go-git.v4/plumbing/transport/http"
 	"gopkg.in/src-d/go-git.v4/storage/memory"
 )
 
@@ -77,10 +78,17 @@ func (repoInfo *RepoInfo) clone() error {
 			})
 		} else {
 			// public
-			repo, err = git.PlainClone(cloneTarget, false, &git.CloneOptions{
+			options := &git.CloneOptions{
 				URL:      opts.Repo,
 				Progress: os.Stdout,
-			})
+			}
+			if os.Getenv("GITHUB_TOKEN") != "" {
+				options.Auth = &gitHttp.BasicAuth{
+					Username: "fakeUsername", // yes, this can be anything except an empty string
+					Password: os.Getenv("GITHUB_TOKEN"),
+				}
+			}
+			repo, err = git.PlainClone(cloneTarget, false, options)
 		}
 	} else if repoInfo.path != "" {
 		log.Infof("opening %s", repoInfo.path)
@@ -98,10 +106,17 @@ func (repoInfo *RepoInfo) clone() error {
 				Auth:     config.sshAuth,
 			})
 		} else {
-			repo, err = git.Clone(memory.NewStorage(), nil, &git.CloneOptions{
+			options := &git.CloneOptions{
 				URL:      opts.Repo,
 				Progress: os.Stdout,
-			})
+			}
+			if os.Getenv("GITHUB_TOKEN") != "" {
+				options.Auth = &gitHttp.BasicAuth{
+					Username: "fakeUsername", // yes, this can be anything except an empty string
+					Password: os.Getenv("GITHUB_TOKEN"),
+				}
+			}
+			repo, err = git.Clone(memory.NewStorage(), nil, options)
 		}
 	}
 	repoInfo.repository = repo
@@ -133,7 +148,21 @@ func (repoInfo *RepoInfo) audit() ([]Leak, error) {
 		}
 	}
 
-	if opts.Branch != "" {
+	if opts.Commit != "" {
+		h := plumbing.NewHash(opts.Commit)
+		c, err := repoInfo.repository.CommitObject(h)
+		if err != nil {
+			return leaks, nil
+		}
+
+		commitCount = commitCount + 1
+		totalCommits = totalCommits + 1
+		leaksFromSingleCommit := repoInfo.auditSingleCommit(c)
+		mutex.Lock()
+		leaks = append(leaksFromSingleCommit, leaks...)
+		mutex.Unlock()
+		return leaks, err
+	} else if opts.Branch != "" {
 		refs, err := repoInfo.repository.Storer.IterReferences()
 		if err != nil {
 			return leaks, err
@@ -187,21 +216,14 @@ func (repoInfo *RepoInfo) audit() ([]Leak, error) {
 			return nil
 		}
 
-		// commits w/o parent (root of git the git ref) or option for single commit is not empty str
-		if (len(c.ParentHashes) == 0 && opts.Commit == "") || (len(c.ParentHashes) == 0 && opts.Commit == c.Hash.String()) {
+		// commits w/o parent (root of git the git ref)
+		if len(c.ParentHashes) == 0 {
 			commitCount = commitCount + 1
 			totalCommits = totalCommits + 1
 			leaksFromSingleCommit := repoInfo.auditSingleCommit(c)
 			mutex.Lock()
 			leaks = append(leaksFromSingleCommit, leaks...)
 			mutex.Unlock()
-			if opts.Commit == c.Hash.String() {
-				return storer.ErrStop
-			}
-			return nil
-		}
-
-		if opts.Commit != "" && opts.Commit != c.Hash.String() {
 			return nil
 		}