Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

reimplementing depth feature #321

Merged
merged 1 commit into from
Jan 19, 2020
Merged

reimplementing depth feature #321

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 3 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,6 @@ Application Options:
--config= config path
--disk Clones repo(s) to disk
--version version number
--timeout= Timeout (s)
--username= Username for git repo
--password= Password for git repo
--access-token= Access token for git repo
Expand All @@ -79,6 +78,9 @@ Application Options:
--pretty Pretty print json if leaks are present
--commit-from= Commit to start audit from
--commit-to= Commit to stop audit
--timeout= Time allowed per audit. Ex: 10us, 30s, 1m, 1h10m1s
--depth= Number of commits to audit

--host= git hosting service like gitlab or github. Supported hosts include: Github, Gitlab
--baseurl= Base URL for API requests. Defaults to the public GitLab or GitHub API, but can be set to a domain endpoint to use with a self hosted server.
--org= organization to audit
Expand Down
10 changes: 10 additions & 0 deletions audit/audit_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -233,6 +233,16 @@ func TestAudit(t *testing.T) {
},
wantPath: "../test_data/test_local_repo_one_aws_leak.json",
},
{
description: "test owner path depth=2",
opts: options.Options{
OwnerPath: "../test_data/test_repos/",
Report: "../test_data/test_local_owner_aws_leak_depth_2.json.got",
ReportFormat: "json",
Depth: 2,
},
wantPath: "../test_data/test_local_owner_aws_leak_depth_2.json",
},
}

for _, test := range tests {
Expand Down
11 changes: 10 additions & 1 deletion audit/repo.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -261,7 +261,8 @@ func (repo *Repo) Audit() error {
semaphore := make(chan bool, howManyThreads(repo.Manager.Opts.Threads))
wg := sync.WaitGroup{}
err = cIter.ForEach(func(c *object.Commit) error {
if c == nil || c.Hash.String() == repo.Manager.Opts.CommitTo || repo.timeoutReached() {
if c == nil || c.Hash.String() == repo.Manager.Opts.CommitTo ||
repo.timeoutReached() || repo.depthReached(cc) {
return storer.ErrStop
}

Expand Down Expand Up @@ -392,3 +393,11 @@ func (repo *Repo) setupTimeout() error {
}()
return nil
}

func (repo *Repo) depthReached(i int) bool {
if repo.Manager.Opts.Depth != 0 && repo.Manager.Opts.Depth == i {
log.Warnf("Exceeded depth limit (%d)", i)
return true
}
return false
}
1 change: 1 addition & 0 deletions options/options.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ type Options struct {
CommitFrom string `long:"commit-from" description:"Commit to start audit from"`
CommitTo string `long:"commit-to" description:"Commit to stop audit"`
Timeout string `long:"timeout" description:"Time allowed per audit. Ex: 10us, 30s, 1m, 1h10m1s"`
Depth int `long:"depth" description:"Number of commits to audit"`

// Hosts
Host string `long:"host" description:"git hosting service like gitlab or github. Supported hosts include: Github, Gitlab"`
Expand Down
119 changes: 119 additions & 0 deletions test_data/test_local_owner_aws_leak_depth_2.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,119 @@
[
{
"line": " aws_access_key_id='AKIAIO5FODNN7EXAMPLE',",
"offender": "AKIAIO5FODNN7EXAMPLE",
"commit": "6557c92612d3b35979bd426d429255b3bf9fab74",
"repo": "test_repo_1",
"rule": "AWS Manager ID",
"commitMessage": "commit 1 with secrets\n",
"author": "zach rice",
"email": "zricer@protonmail.com",
"file": "server.test.py",
"date": "2019-10-24T09:29:27-04:00",
"tags": "key, AWS"
},
{
"line": " const AWSKEY = \"AKIALALEMEL33243OLIBE\"",
"offender": "AKIALALEMEL33243OLIB",
"commit": "f61cd8587b7ac1d75a89a0c9af870a2f24c60263",
"repo": "test_repo_2",
"rule": "AWS Manager ID",
"commitMessage": "rm secrets again\n",
"author": "zach rice",
"email": "zricer@protonmail.com",
"file": "secrets.md",
"date": "2019-10-25T13:12:32-04:00",
"tags": "key, AWS"
},
{
"line": " const AWSSECRET = \"99432bfewaf823ec3294e231\"",
"offender": "SECRET = \"99432bfewaf823ec3294e231\"",
"commit": "f61cd8587b7ac1d75a89a0c9af870a2f24c60263",
"repo": "test_repo_2",
"rule": "Generic Credential",
"commitMessage": "rm secrets again\n",
"author": "zach rice",
"email": "zricer@protonmail.com",
"file": "secrets.md",
"date": "2019-10-25T13:12:32-04:00",
"tags": "key, API, generic"
},
{
"line": " const AWSKEY = \"AKIALALEMEL33243OLIBE\"",
"offender": "AKIALALEMEL33243OLIB",
"commit": "b2eb34a61c988afd9b4aaa9dd58c8dd7d5f14dba",
"repo": "test_repo_2",
"rule": "AWS Manager ID",
"commitMessage": "adding another one\n",
"author": "zach rice",
"email": "zricer@protonmail.com",
"file": "secrets.md",
"date": "2019-10-25T13:12:08-04:00",
"tags": "key, AWS"
},
{
"line": " const AWSSECRET = \"99432bfewaf823ec3294e231\"",
"offender": "SECRET = \"99432bfewaf823ec3294e231\"",
"commit": "b2eb34a61c988afd9b4aaa9dd58c8dd7d5f14dba",
"repo": "test_repo_2",
"rule": "Generic Credential",
"commitMessage": "adding another one\n",
"author": "zach rice",
"email": "zricer@protonmail.com",
"file": "secrets.md",
"date": "2019-10-25T13:12:08-04:00",
"tags": "key, API, generic"
},
{
"line": "const AWSKEY = \"AKIALALEMEL33243OLIAE\"",
"offender": "AKIALALEMEL33243OLIA",
"commit": "cd5eb8bef855f73c46b97b4c088badffdc40ebe9",
"repo": "test_repo_3",
"rule": "AWS Manager ID",
"commitMessage": "rm secrets\n",
"author": "zach rice",
"email": "zricer@protonmail.com",
"file": "secrets.md",
"date": "2019-10-25T13:54:26-04:00",
"tags": "key, AWS"
},
{
"line": "const AWSSECRET = \"99432bfewaf823ec3294e231\"",
"offender": "SECRET = \"99432bfewaf823ec3294e231\"",
"commit": "cd5eb8bef855f73c46b97b4c088badffdc40ebe9",
"repo": "test_repo_3",
"rule": "Generic Credential",
"commitMessage": "rm secrets\n",
"author": "zach rice",
"email": "zricer@protonmail.com",
"file": "secrets.md",
"date": "2019-10-25T13:54:26-04:00",
"tags": "key, API, generic"
},
{
"line": "const AWSKEY = \"AKIALALEMEL33243OLIAE\"",
"offender": "AKIALALEMEL33243OLIA",
"commit": "84ac4e80d4dbf2c968b64e9d4005f5079795bb81",
"repo": "test_repo_3",
"rule": "AWS Manager ID",
"commitMessage": "more secrets\n",
"author": "zach rice",
"email": "zricer@protonmail.com",
"file": "secrets.md",
"date": "2019-10-25T13:54:08-04:00",
"tags": "key, AWS"
},
{
"line": "const AWSSECRET = \"99432bfewaf823ec3294e231\"",
"offender": "SECRET = \"99432bfewaf823ec3294e231\"",
"commit": "84ac4e80d4dbf2c968b64e9d4005f5079795bb81",
"repo": "test_repo_3",
"rule": "Generic Credential",
"commitMessage": "more secrets\n",
"author": "zach rice",
"email": "zricer@protonmail.com",
"file": "secrets.md",
"date": "2019-10-25T13:54:08-04:00",
"tags": "key, API, generic"
}
]