Strona główna Odkrywaj Pomoc
Zaloguj się
LBP
/
gitleaks
kopia lustrzana https://github.com/gitleaks/gitleaks.git
4
0
Forkuj 0
Pliki Problemy 0 Wiki
Drzewo: fbfb3f591e
Gałęzie Tagi
gitleaks
/
detect
/
git.go

git.go 2.5 KB
Historia Czysty

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495 
  1. package detect
    2. 

  2. 

  3. import (
    4. 

  4. 	"strings"
    5. 

  5. 	"sync"
    6. 

  6. 	"time"
    7. 

  7. 

  8. 	"github.com/gitleaks/go-gitdiff/gitdiff"
    9. 

  9. 	"github.com/rs/zerolog/log"
    10. 

  10. 	"github.com/zricethezav/gitleaks/v8/config"
    11. 

  11. 	"github.com/zricethezav/gitleaks/v8/report"
    12. 

  12. )
    13. 

  13. 

  14. // FromGit accepts a gitdiff.File channel (structure output from `git log -p`) and a configuration
    15. 

  15. // struct. Files from the gitdiff.File channel are then checked against each rule in the configuration to
    16. 

  16. // check for secrets. If any secrets are found, they are added to the list of findings.
    17. 

  17. func FromGit(files <-chan *gitdiff.File, cfg config.Config, outputOptions Options) []report.Finding {
    18. 

  18. 	var findings []report.Finding
    19. 

  19. 	mu := sync.Mutex{}
    20. 

  20. 	wg := sync.WaitGroup{}
    21. 

  21. 	concurrentGoroutines := make(chan struct{}, MAXGOROUTINES)
    22. 

  22. 	commitMap := make(map[string]bool)
    23. 

  23. 	for f := range files {
    24. 

  24. 		// keep track of commits for logging
    25. 

  25. 		if f.PatchHeader != nil {
    26. 

  26. 			commitMap[f.PatchHeader.SHA] = true
    27. 

  27. 		}
    28. 

  28. 		wg.Add(1)
    29. 

  29. 		concurrentGoroutines <- struct{}{}
    30. 

  30. 		go func(f *gitdiff.File) {
    31. 

  31. 			defer func() {
    32. 

  32. 				wg.Done()
    33. 

  33. 				<-concurrentGoroutines
    34. 

  34. 			}()
    35. 

  35. 			if f.IsBinary {
    36. 

  36. 				return
    37. 

  37. 			}
    38. 

  38. 

  39. 			if f.IsDelete {
    40. 

  40. 				return
    41. 

  41. 			}
    42. 

  42. 

  43. 			commitSHA := ""
    44. 

  44. 

  45. 			// Check if commit is allowed
    46. 

  46. 			if f.PatchHeader != nil {
    47. 

  47. 				commitSHA = f.PatchHeader.SHA
    48. 

  48. 				if cfg.Allowlist.CommitAllowed(f.PatchHeader.SHA) {
    49. 

  49. 					return
    50. 

  50. 				}
    51. 

  51. 			}
    52. 

  52. 

  53. 			for _, tf := range f.TextFragments {
    54. 

  54. 				if f.TextFragments == nil {
    55. 

  55. 					// TODO fix this in gitleaks gitdiff fork
    56. 

  56. 					// https://github.com/gitleaks/gitleaks/issues/11
    57. 

  57. 					continue
    58. 

  58. 				}
    59. 

  59. 

  60. 				for _, fi := range DetectFindings(cfg, []byte(tf.Raw(gitdiff.OpAdd)), f.NewName, commitSHA) {
    61. 

  61. 					// don't add to start/end lines if finding is from a file only rule
    62. 

  62. 					if !strings.HasPrefix(fi.Match, "file detected") {
    63. 

  63. 						fi.StartLine += int(tf.NewPosition)
    64. 

  64. 						fi.EndLine += int(tf.NewPosition)
    65. 

  65. 					}
    66. 

  66. 					if f.PatchHeader != nil {
    67. 

  67. 						fi.Commit = f.PatchHeader.SHA
    68. 

  68. 						fi.Message = f.PatchHeader.Message()
    69. 

  69. 						if f.PatchHeader.Author != nil {
    70. 

  70. 							fi.Author = f.PatchHeader.Author.Name
    71. 

  71. 							fi.Email = f.PatchHeader.Author.Email
    72. 

  72. 						}
    73. 

  73. 						fi.Date = f.PatchHeader.AuthorDate.UTC().Format(time.RFC3339)
    74. 

  74. 					}
    75. 

  75. 

  76. 					if outputOptions.Redact {
    77. 

  77. 						fi.Redact()
    78. 

  78. 					}
    79. 

  79. 

  80. 					if outputOptions.Verbose {
    81. 

  81. 						printFinding(fi)
    82. 

  82. 					}
    83. 

  83. 					mu.Lock()
    84. 

  84. 					findings = append(findings, fi)
    85. 

  85. 					mu.Unlock()
    86. 

  86. 

  87. 				}
    88. 

  88. 			}
    89. 

  89. 		}(f)
    90. 

  90. 	}
    91. 

  91. 

  92. 	wg.Wait()
    93. 

  93. 	log.Debug().Msgf("%d commits scanned. Note: this number might be smaller than expected due to commits with no additions", len(commitMap))
    94. 

  94. 	return findings
    95. 

  95. }
    96.