Audit commits based on date/time parameters (#385)

* time based audit

* fixing SIGSEGV

* adding options for date and time format + tests

* Update repo.go

* Update github.go

* rebase + tests update

audit/audit_test.go

@@ -325,6 +325,37 @@ func TestAudit(t *testing.T) {
 			},
 			wantPath: "../test_data/test_local_repo_six_path_globally_whitelisted.json",
 		},
+		{
+			description: "test local repo six leaks since date",
+			opts: options.Options{
+				RepoPath:     "../test_data/test_repos/test_repo_6",
+				Report:       "../test_data/test_local_repo_six_leaks_since_date.json.got",
+				ReportFormat: "json",
+				CommitSince:  "2019-10-25",
+			},
+			wantPath: "../test_data/test_local_repo_six_leaks_since_date.json",
+		},
+		{
+			description: "test local repo two leaks until date",
+			opts: options.Options{
+				RepoPath:     "../test_data/test_repos/test_repo_6",
+				Report:       "../test_data/test_local_repo_six_leaks_until_date.json.got",
+				ReportFormat: "json",
+				CommitUntil:  "2019-10-25",
+			},
+			wantPath: "../test_data/test_local_repo_six_leaks_until_date.json",
+		},
+		{
+			description: "test local repo four leaks timerange commit",
+			opts: options.Options{
+				RepoPath:     "../test_data/test_repos/test_repo_4",
+				Report:       "../test_data/test_local_repo_four_leaks_commit_timerange.json.got",
+				ReportFormat: "json",
+				CommitSince:  "2019-10-25T13:01:27-0400",
+				CommitUntil:  "2019-10-25T13:12:32-0400",
+			},
+			wantPath: "../test_data/test_local_repo_four_leaks_commit_timerange.json",
+		},
 	}
 
 	for _, test := range tests {

audit/util.go

@@ -418,9 +418,29 @@ func RegexMatched(f interface{}, re *regexp.Regexp) bool {
 // gitleaks gets the full git history.
 func getLogOptions(repo *Repo) (*git.LogOptions, error) {
 	var logOpts git.LogOptions
+	const dateformat string = "2006-01-02"
+	const timeformat string = "2006-01-02T15:04:05-0700"
 	if repo.Manager.Opts.CommitFrom != "" {
 		logOpts.From = plumbing.NewHash(repo.Manager.Opts.CommitFrom)
 	}
+	if repo.Manager.Opts.CommitSince != "" {
+		if t, err := time.Parse(timeformat, repo.Manager.Opts.CommitSince); err == nil {
+			logOpts.Since = &t
+		} else if t, err := time.Parse(dateformat, repo.Manager.Opts.CommitSince); err == nil {
+			logOpts.Since = &t
+		} else {
+			return nil, err
+		}
+	}
+	if repo.Manager.Opts.CommitUntil != "" {
+		if t, err := time.Parse(timeformat, repo.Manager.Opts.CommitUntil); err == nil {
+			logOpts.Until = &t
+		} else if t, err := time.Parse(dateformat, repo.Manager.Opts.CommitUntil); err == nil {
+			logOpts.Until = &t
+		} else {
+			return nil, err
+		}
+	}
 	if repo.Manager.Opts.Branch != "" {
 		refs, err := repo.Storer.IterReferences()
 		if err != nil {
@@ -449,7 +469,7 @@ func getLogOptions(repo *Repo) (*git.LogOptions, error) {
 		}
 		return &logOpts, nil
 	}
-	if !logOpts.From.IsZero() {
+	if !logOpts.From.IsZero() || logOpts.Since != nil || logOpts.Until != nil {
 		return &logOpts, nil
 	}
 	return &git.LogOptions{All: true}, nil

options/options.go

@@ -52,6 +52,8 @@ type Options struct {
 	PrettyPrint   bool   `long:"pretty" description:"Pretty print json if leaks are present"`
 	CommitFrom    string `long:"commit-from" description:"Commit to start audit from"`
 	CommitTo      string `long:"commit-to" description:"Commit to stop audit"`
+	CommitSince   string `long:"commit-since" description:"Audit commits more recent than a specific date. Ex: '2006-01-02' or '2006-01-02T15:04:05-0700' format."`
+	CommitUntil   string `long:"commit-until" description:"Audit commits older than a specific date. Ex: '2006-01-02' or '2006-01-02T15:04:05-0700' format."`
 	Timeout       string `long:"timeout" description:"Time allowed per audit. Ex: 10us, 30s, 1m, 1h10m1s"`
 	Depth         int    `long:"depth" description:"Number of commits to audit"`
 

test_data/test_local_repo_four_leaks_commit_timerange.json

@@ -0,0 +1,67 @@
+[
+ {
+  "line": "    const AWSKEY = \"AKIALALEMEL33243OLIBE\"",
+  "offender": "AKIALALEMEL33243OLIB",
+  "commit": "f61cd8587b7ac1d75a89a0c9af870a2f24c60263",
+  "repo": "test_repo_4",
+  "rule": "AWS Manager ID",
+  "commitMessage": "rm secrets again\n",
+  "author": "zach rice",
+  "email": "zricer@protonmail.com",
+  "file": "secrets.md",
+  "date": "2019-10-25T13:12:32-04:00",
+  "tags": "key, AWS"
+ },
+ {
+  "line": "    const AWSKEY = \"AKIALALEMEL33243OLIBE\"",
+  "offender": "AKIALALEMEL33243OLIB",
+  "commit": "b2eb34a61c988afd9b4aaa9dd58c8dd7d5f14dba",
+  "repo": "test_repo_4",
+  "rule": "AWS Manager ID",
+  "commitMessage": "adding another one\n",
+  "author": "zach rice",
+  "email": "zricer@protonmail.com",
+  "file": "secrets.md",
+  "date": "2019-10-25T13:12:08-04:00",
+  "tags": "key, AWS"
+ },
+ {
+  "line": "Here's an AWS secret: \"AKIALALEMEL33243OLIAE\"",
+  "offender": "AKIALALEMEL33243OLIA",
+  "commit": "996865bb912f3bc45898a370a13aadb315014b55",
+  "repo": "test_repo_4",
+  "rule": "AWS Manager ID",
+  "commitMessage": "committing pem\n",
+  "author": "zach rice",
+  "email": "zricer@protonmail.com",
+  "file": "secrets.md",
+  "date": "2019-10-25T13:07:41-04:00",
+  "tags": "key, AWS"
+ },
+ {
+  "line": "Here's an AWS secret: \"AKIALALEMEL33243OLIAE\"",
+  "offender": "AKIALALEMEL33243OLIA",
+  "commit": "17471a5fda722a9e423f1a0d3f0d267ea009d41c",
+  "repo": "test_repo_4",
+  "rule": "AWS Manager ID",
+  "commitMessage": "wait this is actually adding an aws secret\n",
+  "author": "zach rice",
+  "email": "zricer@protonmail.com",
+  "file": "secrets.md",
+  "date": "2019-10-25T13:01:27-04:00",
+  "tags": "key, AWS"
+ },
+ {
+  "line": "Here's an AWS secret: AKIALALEMEL33243OLIAE",
+  "offender": "AKIALALEMEL33243OLIA",
+  "commit": "17471a5fda722a9e423f1a0d3f0d267ea009d41c",
+  "repo": "test_repo_4",
+  "rule": "AWS Manager ID",
+  "commitMessage": "wait this is actually adding an aws secret\n",
+  "author": "zach rice",
+  "email": "zricer@protonmail.com",
+  "file": "secrets.md",
+  "date": "2019-10-25T13:01:27-04:00",
+  "tags": "key, AWS"
+ }
+]

test_data/test_local_repo_six_leaks_since_date.json

@@ -0,0 +1,15 @@
+[
+ {
+  "line": "aws_access_key_id=AKIAIO5FODNN7EXAMPLE",
+  "offender": "AKIAIO5FODNN7EXAMPLE",
+  "commit": "98b6c7cb3fb29a5993c4c95c56a2dc53050b9247",
+  "repo": "test_repo_6",
+  "rule": "AWS Manager ID",
+  "commitMessage": "Adding some secrets in config folder\n\n",
+  "author": "Noel Algora",
+  "email": "noealgigu@gmail.com",
+  "file": "config/application.properties",
+  "date": "2020-02-24T14:13:15-05:00",
+  "tags": "key, AWS"
+ }
+]

test_data/test_local_repo_six_leaks_until_date.json

@@ -0,0 +1,15 @@
+[
+ {
+  "line": "    aws_access_key_id='AKIAIO5FODNN7EXAMPLE',",
+  "offender": "AKIAIO5FODNN7EXAMPLE",
+  "commit": "6557c92612d3b35979bd426d429255b3bf9fab74",
+  "repo": "test_repo_6",
+  "rule": "AWS Manager ID",
+  "commitMessage": "commit 1 with secrets\n",
+  "author": "zach rice",
+  "email": "zricer@protonmail.com",
+  "file": "server.test.py",
+  "date": "2019-10-24T09:29:27-04:00",
+  "tags": "key, AWS"
+ }
+]