Startsida Utforska Hjälp
Logga in
LBP
/
gitleaks
spegling av https://github.com/gitleaks/gitleaks.git
4
0
Fork 0
Filer Ärenden 0 Wiki
Träd: 089639e9fb
Grenar Taggar
gitleaks
/
detect
/
git.go

git.go 2.4 KB
Historik

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495 
  1. package detect
    2. 

  2. 

  3. import (
    4. 

  4. 	"strings"
    5. 

  5. 	"sync"
    6. 

  6. 

  7. 	"github.com/gitleaks/go-gitdiff/gitdiff"
    8. 

  8. 	"github.com/rs/zerolog/log"
    9. 

  9. 	"github.com/zricethezav/gitleaks/v8/config"
    10. 

  10. 	"github.com/zricethezav/gitleaks/v8/report"
    11. 

  11. 	godocutil "golang.org/x/tools/godoc/util"
    12. 

  12. )
    13. 

  13. 

  14. // FromGit accepts a gitdiff.File channel (structure output from `git log -p`) and a configuration
    15. 

  15. // struct. Files from the gitdiff.File channel are then checked against each rule in the configuration to
    16. 

  16. // check for secrets. If any secrets are found, they are added to the list of findings.
    17. 

  17. func FromGit(files <-chan *gitdiff.File, cfg config.Config, outputOptions Options) []*report.Finding {
    18. 

  18. 	var findings []*report.Finding
    19. 

  19. 	mu := sync.Mutex{}
    20. 

  20. 	wg := sync.WaitGroup{}
    21. 

  21. 	commitMap := make(map[string]bool)
    22. 

  22. 	for f := range files {
    23. 

  23. 		// keep track of commits for logging
    24. 

  24. 		if f.PatchHeader != nil {
    25. 

  25. 			commitMap[f.PatchHeader.SHA] = true
    26. 

  26. 		}
    27. 

  27. 

  28. 		wg.Add(1)
    29. 

  29. 		go func(f *gitdiff.File) {
    30. 

  30. 			defer wg.Done()
    31. 

  31. 			if f.IsBinary {
    32. 

  32. 				return
    33. 

  33. 			}
    34. 

  34. 

  35. 			if f.IsDelete {
    36. 

  36. 				return
    37. 

  37. 			}
    38. 

  38. 

  39. 			commitSHA := ""
    40. 

  40. 

  41. 			// Check if commit is allowed
    42. 

  42. 			if f.PatchHeader != nil {
    43. 

  43. 				commitSHA = f.PatchHeader.SHA
    44. 

  44. 				if cfg.Allowlist.CommitAllowed(f.PatchHeader.SHA) {
    45. 

  45. 					return
    46. 

  46. 				}
    47. 

  47. 			}
    48. 

  48. 

  49. 			for _, tf := range f.TextFragments {
    50. 

  50. 				if f.TextFragments == nil {
    51. 

  51. 					// TODO fix this in gitleaks gitdiff fork
    52. 

  52. 					// https://github.com/gitleaks/gitleaks/issues/11
    53. 

  53. 					continue
    54. 

  54. 				}
    55. 

  55. 

  56. 				if !godocutil.IsText([]byte(tf.Raw(gitdiff.OpAdd))) {
    57. 

  57. 					continue
    58. 

  58. 				}
    59. 

  59. 

  60. 				for _, fi := range DetectFindings(cfg, []byte(tf.Raw(gitdiff.OpAdd)), f.NewName, commitSHA) {
    61. 

  61. 					// don't add to start/end lines if finding is from a file only rule
    62. 

  62. 					if !strings.HasPrefix(fi.Context, "file detected") {
    63. 

  63. 						fi.StartLine += int(tf.NewPosition)
    64. 

  64. 						fi.EndLine += int(tf.NewPosition)
    65. 

  65. 					}
    66. 

  66. 					if f.PatchHeader != nil {
    67. 

  67. 						fi.Commit = f.PatchHeader.SHA
    68. 

  68. 						fi.Message = f.PatchHeader.Message()
    69. 

  69. 						if f.PatchHeader.Author != nil {
    70. 

  70. 							fi.Author = f.PatchHeader.Author.Name
    71. 

  71. 							fi.Email = f.PatchHeader.Author.Email
    72. 

  72. 						}
    73. 

  73. 						fi.Date = f.PatchHeader.AuthorDate.String()
    74. 

  74. 					}
    75. 

  75. 

  76. 					if outputOptions.Redact {
    77. 

  77. 						fi.Redact()
    78. 

  78. 					}
    79. 

  79. 

  80. 					if outputOptions.Verbose {
    81. 

  81. 						printFinding(fi)
    82. 

  82. 					}
    83. 

  83. 					mu.Lock()
    84. 

  84. 					findings = append(findings, &fi)
    85. 

  85. 					mu.Unlock()
    86. 

  86. 

  87. 				}
    88. 

  88. 			}
    89. 

  89. 		}(f)
    90. 

  90. 	}
    91. 

  91. 

  92. 	wg.Wait()
    93. 

  93. 	log.Debug().Msgf("%d commits scanned. Note: this number might be smaller than expected due to commits with no additions", len(commitMap))
    94. 

  94. 	return findings
    95. 

  95. }
    96.