Accueil Explorer Aide
Connexion
LBP
/
gitleaks
miroir de https://github.com/gitleaks/gitleaks.git
4
0
Fork 0
Fichiers Tickets 0 Wiki
Parcourir la source

reimplementing depth feature

zricethezav il y a 6 ans
Parent
b47e00858e
commit
f6460a7365
5 fichiers modifiés avec 143 ajouts et 2 suppressions
Vue séparée Afficher les stats Diff
  1. 3 1
      README.md
  2. 10 0
      audit/audit_test.go
  3. 10 1
      audit/repo.go
  4. 1 0
      options/options.go
  5. 119 0
      test_data/test_local_owner_aws_leak_depth_2.json

+ 3 - 1
README.md
Voir le fichier 

@@ -60,7 +60,6 @@ Application Options:
 
       --config=        config path
 
       --disk           Clones repo(s) to disk
 
       --version        version number
 
-      --timeout=       Timeout (s)
 
       --username=      Username for git repo
 
       --password=      Password for git repo
 
       --access-token=  Access token for git repo
 
@@ -79,6 +78,9 @@ Application Options:
 
       --pretty         Pretty print json if leaks are present
 
       --commit-from=   Commit to start audit from
 
       --commit-to=     Commit to stop audit
 
+      --timeout=       Time allowed per audit. Ex: 10us, 30s, 1m, 1h10m1s
 
+      --depth=         Number of commits to audit
 
+
 
       --host=          git hosting service like gitlab or github. Supported hosts include: Github, Gitlab
 
       --baseurl=       Base URL for API requests. Defaults to the public GitLab or GitHub API, but can be set to a domain endpoint to use with a self hosted server.
 
       --org=           organization to audit

+ 10 - 0
audit/audit_test.go
Voir le fichier 

@@ -233,6 +233,16 @@ func TestAudit(t *testing.T) {
 
 			},
 
 			wantPath: "../test_data/test_local_repo_one_aws_leak.json",
 
 		},
 
+		{
 
+			description: "test owner path depth=2",
 
+			opts: options.Options{
 
+				OwnerPath:    "../test_data/test_repos/",
 
+				Report:       "../test_data/test_local_owner_aws_leak_depth_2.json.got",
 
+				ReportFormat: "json",
 
+				Depth:        2,
 
+			},
 
+			wantPath: "../test_data/test_local_owner_aws_leak_depth_2.json",
 
+		},
 
 	}
 
 
 	for _, test := range tests {

+ 10 - 1
audit/repo.go
Voir le fichier 

@@ -261,7 +261,8 @@ func (repo *Repo) Audit() error {
 
 	semaphore := make(chan bool, howManyThreads(repo.Manager.Opts.Threads))
 
 	wg := sync.WaitGroup{}
 
 	err = cIter.ForEach(func(c *object.Commit) error {
 
-		if c == nil || c.Hash.String() == repo.Manager.Opts.CommitTo || repo.timeoutReached() {
 
+		if c == nil || c.Hash.String() == repo.Manager.Opts.CommitTo ||
 
+			repo.timeoutReached() || repo.depthReached(cc) {
 
 			return storer.ErrStop
 
 		}
 
 
@@ -392,3 +393,11 @@ func (repo *Repo) setupTimeout() error {
 
 	}()
 
 	return nil
 
 }
 
+
 
+func (repo *Repo) depthReached(i int) bool {
 
+	if repo.Manager.Opts.Depth != 0 && repo.Manager.Opts.Depth == i {
 
+		log.Warnf("Exceeded depth limit (%d)", i)
 
+		return true
 
+	}
 
+	return false
 
+}

+ 1 - 0
options/options.go
Voir le fichier 

@@ -51,6 +51,7 @@ type Options struct {
 
 	CommitFrom   string `long:"commit-from" description:"Commit to start audit from"`
 
 	CommitTo     string `long:"commit-to" description:"Commit to stop audit"`
 
 	Timeout      string `long:"timeout" description:"Time allowed per audit. Ex: 10us, 30s, 1m, 1h10m1s"`
 
+	Depth        int    `long:"depth" description:"Number of commits to audit"`
 
 
 	// Hosts
 
 	Host         string `long:"host" description:"git hosting service like gitlab or github. Supported hosts include: Github, Gitlab"`

+ 119 - 0
test_data/test_local_owner_aws_leak_depth_2.json
Voir le fichier 

@@ -0,0 +1,119 @@
 
+[
 
+ {
 
+  "line": "    aws_access_key_id='AKIAIO5FODNN7EXAMPLE',",
 
+  "offender": "AKIAIO5FODNN7EXAMPLE",
 
+  "commit": "6557c92612d3b35979bd426d429255b3bf9fab74",
 
+  "repo": "test_repo_1",
 
+  "rule": "AWS Manager ID",
 
+  "commitMessage": "commit 1 with secrets\n",
 
+  "author": "zach rice",
 
+  "email": "zricer@protonmail.com",
 
+  "file": "server.test.py",
 
+  "date": "2019-10-24T09:29:27-04:00",
 
+  "tags": "key, AWS"
 
+ },
 
+ {
 
+  "line": "    const AWSKEY = \"AKIALALEMEL33243OLIBE\"",
 
+  "offender": "AKIALALEMEL33243OLIB",
 
+  "commit": "f61cd8587b7ac1d75a89a0c9af870a2f24c60263",
 
+  "repo": "test_repo_2",
 
+  "rule": "AWS Manager ID",
 
+  "commitMessage": "rm secrets again\n",
 
+  "author": "zach rice",
 
+  "email": "zricer@protonmail.com",
 
+  "file": "secrets.md",
 
+  "date": "2019-10-25T13:12:32-04:00",
 
+  "tags": "key, AWS"
 
+ },
 
+ {
 
+  "line": "    const AWSSECRET = \"99432bfewaf823ec3294e231\"",
 
+  "offender": "SECRET = \"99432bfewaf823ec3294e231\"",
 
+  "commit": "f61cd8587b7ac1d75a89a0c9af870a2f24c60263",
 
+  "repo": "test_repo_2",
 
+  "rule": "Generic Credential",
 
+  "commitMessage": "rm secrets again\n",
 
+  "author": "zach rice",
 
+  "email": "zricer@protonmail.com",
 
+  "file": "secrets.md",
 
+  "date": "2019-10-25T13:12:32-04:00",
 
+  "tags": "key, API, generic"
 
+ },
 
+ {
 
+  "line": "    const AWSKEY = \"AKIALALEMEL33243OLIBE\"",
 
+  "offender": "AKIALALEMEL33243OLIB",
 
+  "commit": "b2eb34a61c988afd9b4aaa9dd58c8dd7d5f14dba",
 
+  "repo": "test_repo_2",
 
+  "rule": "AWS Manager ID",
 
+  "commitMessage": "adding another one\n",
 
+  "author": "zach rice",
 
+  "email": "zricer@protonmail.com",
 
+  "file": "secrets.md",
 
+  "date": "2019-10-25T13:12:08-04:00",
 
+  "tags": "key, AWS"
 
+ },
 
+ {
 
+  "line": "    const AWSSECRET = \"99432bfewaf823ec3294e231\"",
 
+  "offender": "SECRET = \"99432bfewaf823ec3294e231\"",
 
+  "commit": "b2eb34a61c988afd9b4aaa9dd58c8dd7d5f14dba",
 
+  "repo": "test_repo_2",
 
+  "rule": "Generic Credential",
 
+  "commitMessage": "adding another one\n",
 
+  "author": "zach rice",
 
+  "email": "zricer@protonmail.com",
 
+  "file": "secrets.md",
 
+  "date": "2019-10-25T13:12:08-04:00",
 
+  "tags": "key, API, generic"
 
+ },
 
+ {
 
+  "line": "const AWSKEY = \"AKIALALEMEL33243OLIAE\"",
 
+  "offender": "AKIALALEMEL33243OLIA",
 
+  "commit": "cd5eb8bef855f73c46b97b4c088badffdc40ebe9",
 
+  "repo": "test_repo_3",
 
+  "rule": "AWS Manager ID",
 
+  "commitMessage": "rm secrets\n",
 
+  "author": "zach rice",
 
+  "email": "zricer@protonmail.com",
 
+  "file": "secrets.md",
 
+  "date": "2019-10-25T13:54:26-04:00",
 
+  "tags": "key, AWS"
 
+ },
 
+ {
 
+  "line": "const AWSSECRET = \"99432bfewaf823ec3294e231\"",
 
+  "offender": "SECRET = \"99432bfewaf823ec3294e231\"",
 
+  "commit": "cd5eb8bef855f73c46b97b4c088badffdc40ebe9",
 
+  "repo": "test_repo_3",
 
+  "rule": "Generic Credential",
 
+  "commitMessage": "rm secrets\n",
 
+  "author": "zach rice",
 
+  "email": "zricer@protonmail.com",
 
+  "file": "secrets.md",
 
+  "date": "2019-10-25T13:54:26-04:00",
 
+  "tags": "key, API, generic"
 
+ },
 
+ {
 
+  "line": "const AWSKEY = \"AKIALALEMEL33243OLIAE\"",
 
+  "offender": "AKIALALEMEL33243OLIA",
 
+  "commit": "84ac4e80d4dbf2c968b64e9d4005f5079795bb81",
 
+  "repo": "test_repo_3",
 
+  "rule": "AWS Manager ID",
 
+  "commitMessage": "more secrets\n",
 
+  "author": "zach rice",
 
+  "email": "zricer@protonmail.com",
 
+  "file": "secrets.md",
 
+  "date": "2019-10-25T13:54:08-04:00",
 
+  "tags": "key, AWS"
 
+ },
 
+ {
 
+  "line": "const AWSSECRET = \"99432bfewaf823ec3294e231\"",
 
+  "offender": "SECRET = \"99432bfewaf823ec3294e231\"",
 
+  "commit": "84ac4e80d4dbf2c968b64e9d4005f5079795bb81",
 
+  "repo": "test_repo_3",
 
+  "rule": "Generic Credential",
 
+  "commitMessage": "more secrets\n",
 
+  "author": "zach rice",
 
+  "email": "zricer@protonmail.com",
 
+  "file": "secrets.md",
 
+  "date": "2019-10-25T13:54:08-04:00",
 
+  "tags": "key, API, generic"
 
+ }
 
+]