LBP
/
gitleaks
réplica de https://github.com/gitleaks/gitleaks.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960
							package scan

import (
	"github.com/go-git/go-git/v5"
	"github.com/go-git/go-git/v5/plumbing/object"
	"github.com/zricethezav/gitleaks/v7/report"
)

// FilesAtCommitScanner is a files at commit scanner. This differs from CommitScanner
// as CommitScanner generates patches that are scanned. FilesAtCommitScanner instead looks at
// files available at a commit's worktree and scans the entire content of said files.
// Apologies for the awful struct name...
type FilesAtCommitScanner struct {
	BaseScanner

	repo     *git.Repository
	commit   *object.Commit
	repoName string
}

// NewFilesAtCommitScanner creates and returns a files at commit scanner
func NewFilesAtCommitScanner(base BaseScanner, repo *git.Repository, commit *object.Commit) *FilesAtCommitScanner {
	fs := &FilesAtCommitScanner{
		BaseScanner: base,
		repo:        repo,
		commit:      commit,
		repoName:    getRepoName(base.opts),
	}
	fs.scannerType = typeFilesAtCommitScanner
	return fs
}

// Scan kicks off a FilesAtCommitScanner Scan
func (fs *FilesAtCommitScanner) Scan() (report.Report, error) {
	var scannerReport report.Report
	fIter, err := fs.commit.Files()
	if err != nil {
		return scannerReport, err
	}

	err = fIter.ForEach(func(f *object.File) error {
		bin, err := f.IsBinary()
		if bin {
			return nil
		} else if err != nil {
			return err
		}

		content, err := f.Contents()
		if err != nil {
			return err
		}

		scannerReport.Leaks = append(scannerReport.Leaks, checkRules(fs.BaseScanner, fs.commit, fs.repoName, f.Name, content)...)
		return nil
	})

	scannerReport.Commits = 1
	return scannerReport, err
}