Home Verkennen Help
Inloggen
LBP
/
gitleaks
spiegel van https://github.com/gitleaks/gitleaks.git
4
0
Vork 0
Bestanden Issues 0 Wiki
Boom: 106897fdf0
Aftakkingen Labels
gitleaks
/
detect
/
git.go

git.go 2.5 KB
Geschiedenis Ruwe

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596 
  1. package detect
    2. 

  2. 

  3. import (
    4. 

  4. 	"strings"
    5. 

  5. 	"sync"
    6. 

  6. 	"time"
    7. 

  7. 

  8. 	"github.com/gitleaks/go-gitdiff/gitdiff"
    9. 

  9. 	"github.com/rs/zerolog/log"
    10. 

  10. 	"github.com/zricethezav/gitleaks/v8/config"
    11. 

  11. 	"github.com/zricethezav/gitleaks/v8/report"
    12. 

  12. 	godocutil "golang.org/x/tools/godoc/util"
    13. 

  13. )
    14. 

  14. 

  15. // FromGit accepts a gitdiff.File channel (structure output from `git log -p`) and a configuration
    16. 

  16. // struct. Files from the gitdiff.File channel are then checked against each rule in the configuration to
    17. 

  17. // check for secrets. If any secrets are found, they are added to the list of findings.
    18. 

  18. func FromGit(files <-chan *gitdiff.File, cfg config.Config, outputOptions Options) []*report.Finding {
    19. 

  19. 	var findings []*report.Finding
    20. 

  20. 	mu := sync.Mutex{}
    21. 

  21. 	wg := sync.WaitGroup{}
    22. 

  22. 	commitMap := make(map[string]bool)
    23. 

  23. 	for f := range files {
    24. 

  24. 		// keep track of commits for logging
    25. 

  25. 		if f.PatchHeader != nil {
    26. 

  26. 			commitMap[f.PatchHeader.SHA] = true
    27. 

  27. 		}
    28. 

  28. 

  29. 		wg.Add(1)
    30. 

  30. 		go func(f *gitdiff.File) {
    31. 

  31. 			defer wg.Done()
    32. 

  32. 			if f.IsBinary {
    33. 

  33. 				return
    34. 

  34. 			}
    35. 

  35. 

  36. 			if f.IsDelete {
    37. 

  37. 				return
    38. 

  38. 			}
    39. 

  39. 

  40. 			commitSHA := ""
    41. 

  41. 

  42. 			// Check if commit is allowed
    43. 

  43. 			if f.PatchHeader != nil {
    44. 

  44. 				commitSHA = f.PatchHeader.SHA
    45. 

  45. 				if cfg.Allowlist.CommitAllowed(f.PatchHeader.SHA) {
    46. 

  46. 					return
    47. 

  47. 				}
    48. 

  48. 			}
    49. 

  49. 

  50. 			for _, tf := range f.TextFragments {
    51. 

  51. 				if f.TextFragments == nil {
    52. 

  52. 					// TODO fix this in gitleaks gitdiff fork
    53. 

  53. 					// https://github.com/gitleaks/gitleaks/issues/11
    54. 

  54. 					continue
    55. 

  55. 				}
    56. 

  56. 

  57. 				if !godocutil.IsText([]byte(tf.Raw(gitdiff.OpAdd))) {
    58. 

  58. 					continue
    59. 

  59. 				}
    60. 

  60. 

  61. 				for _, fi := range DetectFindings(cfg, []byte(tf.Raw(gitdiff.OpAdd)), f.NewName, commitSHA) {
    62. 

  62. 					// don't add to start/end lines if finding is from a file only rule
    63. 

  63. 					if !strings.HasPrefix(fi.Match, "file detected") {
    64. 

  64. 						fi.StartLine += int(tf.NewPosition)
    65. 

  65. 						fi.EndLine += int(tf.NewPosition)
    66. 

  66. 					}
    67. 

  67. 					if f.PatchHeader != nil {
    68. 

  68. 						fi.Commit = f.PatchHeader.SHA
    69. 

  69. 						fi.Message = f.PatchHeader.Message()
    70. 

  70. 						if f.PatchHeader.Author != nil {
    71. 

  71. 							fi.Author = f.PatchHeader.Author.Name
    72. 

  72. 							fi.Email = f.PatchHeader.Author.Email
    73. 

  73. 						}
    74. 

  74. 						fi.Date = f.PatchHeader.AuthorDate.UTC().Format(time.RFC3339)
    75. 

  75. 					}
    76. 

  76. 

  77. 					if outputOptions.Redact {
    78. 

  78. 						fi.Redact()
    79. 

  79. 					}
    80. 

  80. 

  81. 					if outputOptions.Verbose {
    82. 

  82. 						printFinding(fi)
    83. 

  83. 					}
    84. 

  84. 					mu.Lock()
    85. 

  85. 					findings = append(findings, &fi)
    86. 

  86. 					mu.Unlock()
    87. 

  87. 

  88. 				}
    89. 

  89. 			}
    90. 

  90. 		}(f)
    91. 

  91. 	}
    92. 

  92. 

  93. 	wg.Wait()
    94. 

  94. 	log.Debug().Msgf("%d commits scanned. Note: this number might be smaller than expected due to commits with no additions", len(commitMap))
    95. 

  95. 	return findings
    96. 

  96. }
    97.