report filetype enforcement, time to audit

CHANGELOG.md

@@ -1,6 +1,12 @@
 CHANGELOG
 =========
 
+1.12.0
+----
+- removing --csv option
+- --report option now requires .json or .csv in filename
+- adding total time to audit in logs
+
 1.11.1
 ----
 - fix commit whitelist logic

README.md

@@ -46,7 +46,6 @@ Application Options:
   -l, --log=           log level
   -v, --verbose        Show verbose output from gitleaks audit
       --report=        path to write report file
-      --csv            report output to csv
       --redact         redact secrets from log messages and report
       --version        version number
       --sample-config  prints a sample config file

gitleaks_test.go

@@ -315,6 +315,8 @@ func TestRun(t *testing.T) {
 func TestWriteReport(t *testing.T) {
 	tmpDir, _ := ioutil.TempDir("", "reportDir")
 	reportJSON := path.Join(tmpDir, "report.json")
+	reportJASON := path.Join(tmpDir, "report.jason")
+	reportVOID := path.Join("thereIsNoWay", "thisReportWillGetWritten.json")
 	reportCSV := path.Join(tmpDir, "report.csv")
 	defer os.RemoveAll(tmpDir)
 	leaks := []Leak{
@@ -331,17 +333,18 @@ func TestWriteReport(t *testing.T) {
 	}
 
 	var tests = []struct {
-		leaks       []Leak
-		reportFile  string
-		fileName    string
-		description string
-		testOpts    Options
+		leaks          []Leak
+		reportFile     string
+		fileName       string
+		description    string
+		testOpts       Options
+		expectedErrMsg string
 	}{
 		{
 			leaks:       leaks,
 			reportFile:  reportJSON,
 			fileName:    "report.json",
-			description: "can we write a file",
+			description: "can we write a json file",
 			testOpts: Options{
 				Report: reportJSON,
 			},
@@ -350,10 +353,29 @@ func TestWriteReport(t *testing.T) {
 			leaks:       leaks,
 			reportFile:  reportCSV,
 			fileName:    "report.csv",
-			description: "can we write a file",
+			description: "can we write a csv file",
 			testOpts: Options{
 				Report: reportCSV,
-				CSV:    true,
+			},
+		},
+		{
+			leaks:          leaks,
+			reportFile:     reportJASON,
+			fileName:       "report.jason",
+			description:    "bad file",
+			expectedErrMsg: "Report should be a .json or .csv file",
+			testOpts: Options{
+				Report: reportJASON,
+			},
+		},
+		{
+			leaks:          leaks,
+			reportFile:     reportVOID,
+			fileName:       "report.jason",
+			description:    "bad dir",
+			expectedErrMsg: "thereIsNoWay does not exist",
+			testOpts: Options{
+				Report: reportVOID,
 			},
 		},
 	}
@@ -362,9 +384,14 @@ func TestWriteReport(t *testing.T) {
 		g.Describe("TestWriteReport", func() {
 			g.It(test.description, func() {
 				opts = test.testOpts
-				writeReport(test.leaks)
-				f, _ := os.Stat(test.reportFile)
-				g.Assert(f.Name()).Equal(test.fileName)
+				err := optsGuard()
+				if err != nil {
+					g.Assert(err.Error()).Equal(test.expectedErrMsg)
+				} else {
+					writeReport(test.leaks)
+					f, _ := os.Stat(test.reportFile)
+					g.Assert(f.Name()).Equal(test.fileName)
+				}
 			})
 		})
 	}

main.go

@@ -31,14 +31,13 @@ import (
 
 	"github.com/BurntSushi/toml"
 	"github.com/google/go-github/github"
+	"github.com/hako/durafmt"
 	flags "github.com/jessevdk/go-flags"
 	log "github.com/sirupsen/logrus"
 	git "gopkg.in/src-d/go-git.v4"
 )
 
 // Leak represents a leaked secret or regex match.
-// Output to stdout as json if the --verbose option is set or
-// as a csv if the --csv and --report options are set.
 type Leak struct {
 	Line     string `json:"line"`
 	Commit   string `json:"commit"`
@@ -97,8 +96,7 @@ type Options struct {
 	// Output options
 	Log          string `short:"l" long:"log" description:"log level"`
 	Verbose      bool   `short:"v" long:"verbose" description:"Show verbose output from gitleaks audit"`
-	Report       string `long:"report" description:"path to write report file"`
-	CSV          bool   `long:"csv" description:"report output to csv"`
+	Report       string `long:"report" description:"path to write report file. Needs to be csv or json"`
 	Redact       bool   `long:"redact" description:"redact secrets from log messages and report"`
 	Version      bool   `long:"version" description:"version number"`
 	SampleConfig bool   `long:"sample-config" description:"prints a sample config file"`
@@ -218,6 +216,7 @@ func main() {
 		fmt.Println(defaultConfig)
 		os.Exit(0)
 	}
+	now := time.Now()
 	leaks, err := run()
 	if err != nil {
 		log.Error(err)
@@ -227,7 +226,7 @@ func main() {
 		writeReport(leaks)
 	}
 
-	log.Infof("%d commits inspected", totalCommits)
+	log.Infof("%d commits inspected in %s", totalCommits, durafmt.Parse(time.Now().Sub(now)).String())
 	if len(leaks) != 0 {
 		log.Warnf("%d leaks detected", len(leaks))
 		os.Exit(leakExit)
@@ -300,7 +299,7 @@ func run() ([]Leak, error) {
 func writeReport(leaks []Leak) error {
 	var err error
 	log.Infof("writing report to %s", opts.Report)
-	if opts.CSV {
+	if strings.HasSuffix(opts.Report, ".csv") {
 		f, err := os.Create(opts.Report)
 		if err != nil {
 			return err
@@ -926,6 +925,15 @@ func optsGuard() error {
 	if opts.Entropy > 8 {
 		return fmt.Errorf("The maximum level of entropy is 8")
 	}
+	if opts.Report != "" {
+		if !strings.HasSuffix(opts.Report, ".json") && !strings.HasSuffix(opts.Report, ".csv") {
+			return fmt.Errorf("Report should be a .json or .csv file")
+		}
+		dirPath := filepath.Dir(opts.Report)
+		if _, err := os.Stat(dirPath); os.IsNotExist(err) {
+			return fmt.Errorf("%s does not exist", dirPath)
+		}
+	}
 
 	return nil
 }