Начало Каталог Помощ
Вход
LBP
/
gitleaks
огледало от https://github.com/gitleaks/gitleaks.git
4
0
Разклонения 0
Файлове Задачи 0 Уики
ИН на ревизия: c50906373c
Клонове Маркери
gitleaks
/
scan
/
commit.go

commit.go 2.1 KB
История Директен файл

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586 
  1. package scan
    2. 

  2. 

  3. import (
    4. 

  4. 	"fmt"
    5. 

  5. 

  6. 	"github.com/zricethezav/gitleaks/v7/report"
    7. 

  7. 

  8. 	"github.com/go-git/go-git/v5"
    9. 

  9. 	fdiff "github.com/go-git/go-git/v5/plumbing/format/diff"
    10. 

  10. 	"github.com/go-git/go-git/v5/plumbing/object"
    11. 

  11. )
    12. 

  12. 

  13. // CommitScanner is a commit scanner
    14. 

  14. type CommitScanner struct {
    15. 

  15. 	BaseScanner
    16. 

  16. 	repo     *git.Repository
    17. 

  17. 	repoName string
    18. 

  18. 	commit   *object.Commit
    19. 

  19. }
    20. 

  20. 

  21. // NewCommitScanner creates and returns a commit scanner
    22. 

  22. func NewCommitScanner(base BaseScanner, repo *git.Repository, commit *object.Commit) *CommitScanner {
    23. 

  23. 	cs := &CommitScanner{
    24. 

  24. 		BaseScanner: base,
    25. 

  25. 		repo:        repo,
    26. 

  26. 		commit:      commit,
    27. 

  27. 		repoName:    getRepoName(base.opts),
    28. 

  28. 	}
    29. 

  29. 	cs.scannerType = typeCommitScanner
    30. 

  30. 	return cs
    31. 

  31. }
    32. 

  32. 

  33. // Scan kicks off a CommitScanner Scan
    34. 

  34. func (cs *CommitScanner) Scan() (report.Report, error) {
    35. 

  35. 	var scannerReport report.Report
    36. 

  36. 	if len(cs.commit.ParentHashes) == 0 {
    37. 

  37. 		facScanner := NewFilesAtCommitScanner(cs.BaseScanner, cs.repo, cs.commit)
    38. 

  38. 		return facScanner.Scan()
    39. 

  39. 	}
    40. 

  40. 

  41. 	err := cs.commit.Parents().ForEach(func(parent *object.Commit) error {
    42. 

  42. 		defer func() {
    43. 

  43. 			if err := recover(); err != nil {
    44. 

  44. 				// sometimes the Patch generation will fail due to a known bug in
    45. 

  45. 				// sergi's go-diff: https://github.com/sergi/go-diff/issues/89.
    46. 

  46. 				// Once a fix has been merged I will remove this recover.
    47. 

  47. 				return
    48. 

  48. 			}
    49. 

  49. 		}()
    50. 

  50. 		if parent == nil {
    51. 

  51. 			return nil
    52. 

  52. 		}
    53. 

  53. 

  54. 		patch, err := parent.Patch(cs.commit)
    55. 

  55. 		if err != nil {
    56. 

  56. 			return fmt.Errorf("could not generate Patch")
    57. 

  57. 		}
    58. 

  58. 

  59. 		patchContent := patch.String()
    60. 

  60. 

  61. 		for _, f := range patch.FilePatches() {
    62. 

  62. 			if f.IsBinary() {
    63. 

  63. 				continue
    64. 

  64. 			}
    65. 

  65. 			for _, chunk := range f.Chunks() {
    66. 

  66. 				if chunk.Type() == fdiff.Add {
    67. 

  67. 					_, to := f.Files()
    68. 

  68. 					leaks := checkRules(cs.BaseScanner, cs.commit, cs.repoName, to.Path(), chunk.Content())
    69. 

  69. 

  70. 					lineLookup := make(map[string]bool)
    71. 

  71. 					for _, leak := range leaks {
    72. 

  72. 						leak.LineNumber = extractLine(patchContent, leak, lineLookup)
    73. 

  73. 						leak.LeakURL = leakURL(leak)
    74. 

  74. 						scannerReport.Leaks = append(scannerReport.Leaks, leak)
    75. 

  75. 						if cs.opts.Verbose {
    76. 

  76. 							logLeak(leak, cs.opts.Redact)
    77. 

  77. 						}
    78. 

  78. 					}
    79. 

  79. 				}
    80. 

  80. 			}
    81. 

  81. 		}
    82. 

  82. 		return nil
    83. 

  83. 	})
    84. 

  84. 	scannerReport.Commits = 1
    85. 

  85. 	return scannerReport, err
    86. 

  86. }
    87.