commit depth option

CHANGELOG.md

@@ -1,9 +1,15 @@
 CHANGELOG
 =========
 
+1.11.0
+-----
+- Commit depth option
+- Commit stats output
+
 1.10.0
 -----
 - Add entropy option
+
 1.9.0
 -----
 - exclude fork option

README.md

@@ -26,12 +26,13 @@ Usage:
 
 Application Options:
   -r, --repo=          Repo url to audit
-      --github-user=   User url to audit
-      --github-org=    Organization url to audit
+      --github-user=   Github user to audit
+      --github-org=    Github organization to audit
       --github-url=    GitHub API Base URL, use for GitHub Enterprise. Example: https://github.example.com/api/v3/ (default: https://api.github.com/)
   -p, --private        Include private repos in audit
   -b, --branch=        branch name to audit (defaults to HEAD)
   -c, --commit=        sha of commit to stop at
+      --depth=         maximum commit depth
       --repo-path=     Path to repo
       --owner-path=    Path to owner directory (repos discovered)
       --max-go=        Maximum number of concurrent go-routines gitleaks spawns
@@ -40,6 +41,8 @@ Application Options:
       --single-search= single regular expression to search for
       --config=        path to gitleaks config
       --ssh-key=       path to ssh key
+      --exclude-forks  exclude forks for organization/user audits
+  -e, --entropy=       Include entropy checks during audit. Entropy scale: 0.0(no entropy) - 8.0(max entropy)
   -l, --log=           log level
   -v, --verbose        Show verbose output from gitleaks audit
       --report=        path to write report file

gitleaks_test.go

@@ -576,6 +576,22 @@ func TestAuditRepo(t *testing.T) {
 				Commit: "f6839959b7bbdcd23008f1fb16f797f35bcd3a0c",
 			},
 		},
+		{
+			repo:        leaksRepo,
+			description: "commit depth = 1, no leaks",
+			numLeaks:    0,
+			testOpts: Options{
+				Depth: 1,
+			},
+		},
+		{
+			repo:        leaksRepo,
+			description: "commit depth = 2, one leak",
+			numLeaks:    1,
+			testOpts: Options{
+				Depth: 2,
+			},
+		},
 	}
 
 	whiteListCommits = make(map[string]bool)
@@ -874,22 +890,6 @@ func BenchmarkAuditRepo1000Proc(b *testing.B) {
 		auditGitRepo(benchmarkRepo)
 	}
 }
-func BenchmarkAuditRepo10000Proc(b *testing.B) {
-	loadToml()
-	opts.MaxGoRoutines = 10000
-	benchmarkRepo = getBenchmarkRepo()
-	for n := 0; n < b.N; n++ {
-		auditGitRepo(benchmarkRepo)
-	}
-}
-func BenchmarkAuditRepo100000Proc(b *testing.B) {
-	loadToml()
-	opts.MaxGoRoutines = 100000
-	benchmarkRepo = getBenchmarkRepo()
-	for n := 0; n < b.N; n++ {
-		auditGitRepo(benchmarkRepo)
-	}
-}
 func BenchmarkAuditLeakRepo1Proc(b *testing.B) {
 	loadToml()
 	opts.MaxGoRoutines = 1
@@ -950,21 +950,3 @@ func BenchmarkAuditLeakRepo1000Proc(b *testing.B) {
 		auditGitRepo(benchmarkRepo)
 	}
 }
-
-func BenchmarkAuditLeakRepo10000Proc(b *testing.B) {
-	loadToml()
-	opts.MaxGoRoutines = 10000
-	benchmarkLeaksRepo = getBenchmarkLeaksRepo()
-	for n := 0; n < b.N; n++ {
-		auditGitRepo(benchmarkRepo)
-	}
-}
-
-func BenchmarkAuditLeakRepo100000Proc(b *testing.B) {
-	loadToml()
-	opts.MaxGoRoutines = 100000
-	benchmarkLeaksRepo = getBenchmarkLeaksRepo()
-	for n := 0; n < b.N; n++ {
-		auditGitRepo(benchmarkRepo)
-	}
-}

main.go

@@ -77,6 +77,7 @@ type Options struct {
 
 	Branch string `short:"b" long:"branch" description:"branch name to audit (defaults to HEAD)"`
 	Commit string `short:"c" long:"commit" description:"sha of commit to stop at"`
+	Depth  int    `long:"depth" description:"maximum commit depth"`
 
 	// local target option
 	RepoPath  string `long:"repo-path" description:"Path to repo"`
@@ -127,7 +128,7 @@ type gitDiff struct {
 }
 
 const defaultGithubURL = "https://api.github.com/"
-const version = "1.10.0"
+const version = "1.11.0"
 const errExit = 2
 const leakExit = 1
 const defaultConfig = `
@@ -197,6 +198,7 @@ var (
 	sshAuth           *ssh.PublicKeys
 	dir               string
 	maxGo             int
+	totalCommits      int64
 )
 
 func init() {
@@ -225,6 +227,7 @@ func main() {
 		writeReport(leaks)
 	}
 
+	log.Infof("%d commits inspected, %d leaks detected", totalCommits, len(leaks))
 	if len(leaks) != 0 {
 		log.Warnf("leaks detected")
 		os.Exit(leakExit)
@@ -432,13 +435,14 @@ func auditGitRepo(repo *RepoDescriptor) ([]Leak, error) {
 // the --max-go option (default is set to the number of cores on your cpu).
 func auditGitReference(repo *RepoDescriptor, ref *plumbing.Reference) []Leak {
 	var (
-		err        error
-		prevCommit *object.Commit
-		semaphore  chan bool
-		repoName   string
-		leaks      []Leak
-		commitWg   sync.WaitGroup
-		mutex      = &sync.Mutex{}
+		err         error
+		prevCommit  *object.Commit
+		semaphore   chan bool
+		repoName    string
+		leaks       []Leak
+		commitWg    sync.WaitGroup
+		mutex       = &sync.Mutex{}
+		commitCount int
 	)
 	repoName = repo.name
 	if opts.MaxGoRoutines != 0 {
@@ -451,10 +455,12 @@ func auditGitReference(repo *RepoDescriptor, ref *plumbing.Reference) []Leak {
 		return nil
 	}
 	err = cIter.ForEach(func(c *object.Commit) error {
-		if c.Hash.String() == opts.Commit {
+		if c.Hash.String() == opts.Commit || (opts.Depth != 0 && commitCount == opts.Depth) {
 			cIter.Close()
 			return errors.New("ErrStop")
 		}
+		commitCount = commitCount + 1
+		totalCommits = totalCommits + 1
 		if whiteListCommits[c.Hash.String()] {
 			log.Infof("skipping commit: %s\n", c.Hash.String())
 			return nil
@@ -546,6 +552,11 @@ func auditGitReference(repo *RepoDescriptor, ref *plumbing.Reference) []Leak {
 		return nil
 	})
 	commitWg.Wait()
+
+	if opts.Verbose {
+		log.Infof("%d commits inspected for %s", commitCount, repo.name)
+	}
+
 	return leaks
 }