fix whitelist commits, added test (#390)

gitleaks · May 31, 2020 · bdc688d · bdc688d
1 parent e0f6399
commit bdc688d
Show file tree

Hide file tree

Showing 4 changed files with 59 additions and 4 deletions.
diff --git a/audit/audit_test.go b/audit/audit_test.go
@@ -356,6 +356,16 @@ func TestAudit(t *testing.T) {
 			},
 			wantPath: "../test_data/test_local_repo_four_leaks_commit_timerange.json",
 		},
+		{
+			description: "test local repo two whitelist commit config",
+			opts: options.Options{
+				RepoPath:     "../test_data/test_repos/test_repo_2",
+				Report:       "../test_data/test_local_repo_two_whitelist_commits.json.got",
+				Config:       "../test_data/test_configs/whitelist_commit.toml",
+				ReportFormat: "json",
+			},
+			wantPath: "../test_data/test_local_repo_two_whitelist_commits.json",
+		},
 	}
 
 	for _, test := range tests {

diff --git a/audit/repo.go b/audit/repo.go
@@ -282,6 +282,12 @@ func (repo *Repo) Audit() error {
 			return storer.ErrStop
 		}
 
+		// Check if commit is whitelisted
+		if isCommitWhiteListed(c.Hash.String(), repo.config.Whitelist.Commits) {
+			return nil
+		}
+
+		// Check if at root
 		if len(c.ParentHashes) == 0 {
 			cc++
 			err = inspectFilesAtCommit(c, repo)
@@ -291,11 +297,9 @@ func (repo *Repo) Audit() error {
 			return nil
 		}
 
-		if isCommitWhiteListed(c.Hash.String(), repo.config.Whitelist.Commits) {
-			return nil
-		}
-
+		// increase commit counter
 		cc++
+
 		err = c.Parents().ForEach(func(parent *object.Commit) error {
 			defer func() {
 				if err := recover(); err != nil {

diff --git a/test_data/test_configs/whitelist_commit.toml b/test_data/test_configs/whitelist_commit.toml
@@ -0,0 +1,13 @@
+[[rules]]
+    description = "AWS Manager ID"
+    regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
+    tags = ["key", "AWS"]
+
+
+[whitelist]
+  commits = [
+    "b10b3e2cb320a8c211fda94c4567299d37de7776",
+    "17471a5fda722a9e423f1a0d3f0d267ea009d41c",
+    "996865bb912f3bc45898a370a13aadb315014b55"
+  ]
+
diff --git a/test_data/test_local_repo_two_whitelist_commits.json b/test_data/test_local_repo_two_whitelist_commits.json
@@ -0,0 +1,28 @@
+[
+ {
+  "line": "    const AWSKEY = \"AKIALALEMEL33243OLIBE\"",
+  "offender": "AKIALALEMEL33243OLIB",
+  "commit": "f61cd8587b7ac1d75a89a0c9af870a2f24c60263",
+  "repo": "test_repo_2",
+  "rule": "AWS Manager ID",
+  "commitMessage": "rm secrets again\n",
+  "author": "zach rice",
+  "email": "zricer@protonmail.com",
+  "file": "secrets.md",
+  "date": "2019-10-25T13:12:32-04:00",
+  "tags": "key, AWS"
+ },
+ {
+  "line": "    const AWSKEY = \"AKIALALEMEL33243OLIBE\"",
+  "offender": "AKIALALEMEL33243OLIB",
+  "commit": "b2eb34a61c988afd9b4aaa9dd58c8dd7d5f14dba",
+  "repo": "test_repo_2",
+  "rule": "AWS Manager ID",
+  "commitMessage": "adding another one\n",
+  "author": "zach rice",
+  "email": "zricer@protonmail.com",
+  "file": "secrets.md",
+  "date": "2019-10-25T13:12:08-04:00",
+  "tags": "key, AWS"
+ }
+]