Strona główna Odkrywaj Pomoc
Zaloguj się
LBP
/
gitleaks
kopia lustrzana https://github.com/gitleaks/gitleaks.git
4
0
Forkuj 0
Pliki Problemy 0 Wiki
Drzewo: 6748a89bf4
Gałęzie Tagi
gitleaks
/
cmd
/
root.go

root.go 4.2 KB
Historia Czysty

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139 
  1. package cmd
    2. 

  2. 

  3. import (
    4. 

  4. 	"fmt"
    5. 

  5. 	"os"
    6. 

  6. 	"path/filepath"
    7. 

  7. 	"strings"
    8. 

  8. 

  9. 	"github.com/rs/zerolog"
    10. 

  10. 	"github.com/rs/zerolog/log"
    11. 

  11. 	"github.com/spf13/cobra"
    12. 

  12. 	"github.com/spf13/viper"
    13. 

  13. 

  14. 	"github.com/zricethezav/gitleaks/v8/config"
    15. 

  15. )
    16. 

  16. 

  17. const banner = `
    18. 

    19. 

  19.     │╲
    20. 

  20.     │ ○
    21. 

  21.     ○ ░
    22. 

  22.     ░    gitleaks
    23. 

  23. 

  24. `
    25. 

  25. 

  26. const configDescription = `config file path
    27. 

  27. order of precedence:
    28. 

  28. 1. --config/-c
    29. 

  29. 2. env var GITLEAKS_CONFIG
    30. 

  30. 3. (--source/-s)/.gitleaks.toml
    31. 

  31. If none of the three options are used, then gitleaks will use the default config`
    32. 

  32. 

  33. var rootCmd = &cobra.Command{
    34. 

  34. 	Use:   "gitleaks",
    35. 

  35. 	Short: "Gitleaks scans code, past or present, for secrets",
    36. 

  36. }
    37. 

  37. 

  38. func init() {
    39. 

  39. 	cobra.OnInitialize(initLog)
    40. 

  40. 	rootCmd.PersistentFlags().StringP("config", "c", "", configDescription)
    41. 

  41. 	rootCmd.PersistentFlags().Int("exit-code", 1, "exit code when leaks have been encountered")
    42. 

  42. 	rootCmd.PersistentFlags().StringP("source", "s", ".", "path to source (default: $PWD)")
    43. 

  43. 	rootCmd.PersistentFlags().StringP("report-path", "r", "", "report file")
    44. 

  44. 	rootCmd.PersistentFlags().StringP("report-format", "f", "json", "output format (json, csv, sarif)")
    45. 

  45. 	rootCmd.PersistentFlags().StringP("log-level", "l", "info", "log level (trace, debug, info, warn, error, fatal)")
    46. 

  46. 	rootCmd.PersistentFlags().BoolP("verbose", "v", false, "show verbose output from scan")
    47. 

  47. 	rootCmd.PersistentFlags().Bool("redact", false, "redact secrets from logs and stdout")
    48. 

  48. 	err := viper.BindPFlag("config", rootCmd.PersistentFlags().Lookup("config"))
    49. 

  49. 	if err != nil {
    50. 

  50. 		log.Fatal().Msgf("err binding config %s", err.Error())
    51. 

  51. 	}
    52. 

  52. }
    53. 

  53. 

  54. func initLog() {
    55. 

  55. 	zerolog.SetGlobalLevel(zerolog.InfoLevel)
    56. 

  56. 	ll, err := rootCmd.Flags().GetString("log-level")
    57. 

  57. 	if err != nil {
    58. 

  58. 		log.Fatal().Msg(err.Error())
    59. 

  59. 	}
    60. 

  60. 	switch strings.ToLower(ll) {
    61. 

  61. 	case "trace":
    62. 

  62. 		zerolog.SetGlobalLevel(zerolog.TraceLevel)
    63. 

  63. 	case "debug":
    64. 

  64. 		zerolog.SetGlobalLevel(zerolog.DebugLevel)
    65. 

  65. 	case "info":
    66. 

  66. 		zerolog.SetGlobalLevel(zerolog.InfoLevel)
    67. 

  67. 	case "warn":
    68. 

  68. 		zerolog.SetGlobalLevel(zerolog.WarnLevel)
    69. 

  69. 	case "err", "error":
    70. 

  70. 		zerolog.SetGlobalLevel(zerolog.ErrorLevel)
    71. 

  71. 	case "fatal":
    72. 

  72. 		zerolog.SetGlobalLevel(zerolog.FatalLevel)
    73. 

  73. 	default:
    74. 

  74. 		zerolog.SetGlobalLevel(zerolog.InfoLevel)
    75. 

  75. 	}
    76. 

  76. }
    77. 

  77. 

  78. func initConfig() {
    79. 

  79. 	fmt.Fprint(os.Stderr, banner)
    80. 

  80. 	cfgPath, err := rootCmd.Flags().GetString("config")
    81. 

  81. 	if err != nil {
    82. 

  82. 		log.Fatal().Msg(err.Error())
    83. 

  83. 	}
    84. 

  84. 	if cfgPath != "" {
    85. 

  85. 		viper.SetConfigFile(cfgPath)
    86. 

  86. 		log.Debug().Msgf("using gitleaks config %s from `--config`", cfgPath)
    87. 

  87. 	} else if os.Getenv("GITLEAKS_CONFIG") != "" {
    88. 

  88. 		envPath := os.Getenv("GITLEAKS_CONFIG")
    89. 

  89. 		viper.SetConfigFile(envPath)
    90. 

  90. 		log.Debug().Msgf("using gitleaks config from GITLEAKS_CONFIG env var: %s", envPath)
    91. 

  91. 	} else {
    92. 

  92. 		source, err := rootCmd.Flags().GetString("source")
    93. 

  93. 		if err != nil {
    94. 

  94. 			log.Fatal().Msg(err.Error())
    95. 

  95. 		}
    96. 

  96. 		fileInfo, err := os.Stat(source)
    97. 

  97. 		if err != nil {
    98. 

  98. 			log.Fatal().Msg(err.Error())
    99. 

  99. 		}
    100. 

  100. 

  101. 		if !fileInfo.IsDir() {
    102. 

  102. 			log.Debug().Msgf("unable to load gitleaks config from %s since --source=%s is a file, using default config",
    103. 

  103. 				filepath.Join(source, ".gitleaks.toml"), source)
    104. 

  104. 			viper.SetConfigType("toml")
    105. 

  105. 			if err = viper.ReadConfig(strings.NewReader(config.DefaultConfig)); err != nil {
    106. 

  106. 				log.Fatal().Msgf("err reading toml %s", err.Error())
    107. 

  107. 			}
    108. 

  108. 			return
    109. 

  109. 		}
    110. 

  110. 

  111. 		if _, err := os.Stat(filepath.Join(source, ".gitleaks.toml")); os.IsNotExist(err) {
    112. 

  112. 			log.Debug().Msgf("no gitleaks config found in path %s, using default gitleaks config", filepath.Join(source, ".gitleaks.toml"))
    113. 

  113. 			viper.SetConfigType("toml")
    114. 

  114. 			if err = viper.ReadConfig(strings.NewReader(config.DefaultConfig)); err != nil {
    115. 

  115. 				log.Fatal().Msgf("err reading default config toml %s", err.Error())
    116. 

  116. 			}
    117. 

  117. 			return
    118. 

  118. 		} else {
    119. 

  119. 			log.Debug().Msgf("using existing gitleaks config %s from `(--source)/.gitleaks.toml`", filepath.Join(source, ".gitleaks.toml"))
    120. 

  120. 		}
    121. 

  121. 

  122. 		viper.AddConfigPath(source)
    123. 

  123. 		viper.SetConfigName(".gitleaks")
    124. 

  124. 		viper.SetConfigType("toml")
    125. 

  125. 	}
    126. 

  126. 	if err := viper.ReadInConfig(); err != nil {
    127. 

  127. 		log.Fatal().Msgf("unable to load gitleaks config, err: %s", err)
    128. 

  128. 	}
    129. 

  129. }
    130. 

  130. 

  131. func Execute() {
    132. 

  132. 	if err := rootCmd.Execute(); err != nil {
    133. 

  133. 		if strings.Contains(err.Error(), "unknown flag") {
    134. 

  134. 			// exit code 126: Command invoked cannot execute
    135. 

  135. 			os.Exit(126)
    136. 

  136. 		}
    137. 

  137. 		log.Fatal().Msg(err.Error())
    138. 

  138. 	}
    139. 

  139. }
    140.