From 6e934dced7aab634ca0ed6499c31de3d5e71907a Mon Sep 17 00:00:00 2001
From: Andrew Griffiths <mail@andrewgriffithsonline.com>
Date: Mon, 6 Mar 2017 14:28:46 +0000
Subject: [PATCH] cli: cli: Adds scanrepo CMD

---
 .gitignore              |  2 +-
 .pre-commit-config.yaml |  3 --
 Makefile                |  3 ++
 README.md               | 14 ++++++++-
 cmd/scanrepo/main.go    | 63 +++++++++++++++++++++++++++++++++++++++++
 handlers_test.go        |  2 +-
 main.go                 |  2 +-
 vendor.conf             |  2 +-
 version                 |  1 +
 9 files changed, 84 insertions(+), 8 deletions(-)
 create mode 100644 cmd/scanrepo/main.go
 create mode 100644 version

diff --git a/.gitignore b/.gitignore
index cf6ad58..10d8526 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,5 @@
+release
 /repo-security-scanner
-# Logs
 logs
 *.log
 npm-debug.log*
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 94fb9dc..ca63e7d 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -4,7 +4,6 @@
     -   id: check-added-large-files
     -   id: check-json
     -   id: check-merge-conflict
-    # -   id: check-yaml
     -   id: detect-private-key
     -   id: end-of-file-fixer
     -   id: forbid-new-submodules
@@ -13,5 +12,3 @@
     sha: cab517ac1132ea76603bd51ba5a95305f81bb2ba
     hooks:
     -   id: gofmt
-    -   id: gofix
-    -   id: govet
diff --git a/Makefile b/Makefile
index c5741eb..4ea49ee 100644
--- a/Makefile
+++ b/Makefile
@@ -12,6 +12,9 @@ RULES_FILE = $(FIXT_DIR)/rules/gitrob.json
 DIFF_FILE = $(FIXT_DIR)/github_event_push.json
 RULES_URL = https://raw.githubusercontent.com/michenriksen/gitrob/master/signatures.json
 
+cli:
+	@go install -race ./cmd/scanrepo
+
 install: deps
 	@go install -race --ldflags=\"-s\" .
 
diff --git a/README.md b/README.md
index f1ad342..11ab527 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,17 @@
 # repo-security-scanner
 
+
 ## Installation
 
-```make install```
+1. [Download](../../releases) the latest stable release of the CLI tool for your architecture
+2. Extract the tar and move the ```scanrepo``` binary to somewhere in your `$PATH`, eg `/usr/bin`
+
+-----------------------------------------------------------
+
+## Example Usage
+
+Check the entire history of the current branch for secrets.
+
+```
+$ git log -p | scanrepo
+```
diff --git a/cmd/scanrepo/main.go b/cmd/scanrepo/main.go
new file mode 100644
index 0000000..776a923
--- /dev/null
+++ b/cmd/scanrepo/main.go
@@ -0,0 +1,63 @@
+package main
+
+import (
+	"bufio"
+	"flag"
+	"fmt"
+	"log"
+	"os"
+
+	"github.com/techjacker/diffence"
+)
+
+func main() {
+
+	rPath := flag.String("rules", "", "path to custom rules in JSON format")
+	flag.Parse()
+
+	info, _ := os.Stdin.Stat()
+	if (info.Mode() & os.ModeCharDevice) == os.ModeCharDevice {
+		log.Fatalln("The command is intended to work with pipes.")
+		return
+	}
+
+	var (
+		err   error
+		rules *[]diffence.Rule
+	)
+
+	if len(*rPath) > 0 {
+		rules, err = diffence.LoadRulesJSON(*rPath)
+	} else {
+		rules, err = diffence.LoadDefaultRules()
+	}
+	if err != nil {
+		log.Fatalf("Cannot load rules\n%s", err)
+		return
+	}
+
+	diff := diffence.DiffChecker{Rules: rules}
+	res, err := diff.Check(bufio.NewReader(os.Stdin))
+	if err != nil {
+		log.Fatalf("Error reading diff\n%s\n", err)
+		return
+	}
+
+	matches := res.Matches()
+	if matches > 0 {
+		i := 1
+		fmt.Printf("Diff contains %d offenses\n\n", matches)
+		for filename, rule := range res.MatchedRules {
+			fmt.Printf("------------------\n")
+			fmt.Printf("Violation %d\n", i)
+			fmt.Printf("File: %s\n", filename)
+			fmt.Printf("Reason: %#v\n\n", rule[0].Caption)
+			i++
+		}
+		// finding violations constitutes an error
+		os.Exit(1)
+		return
+	}
+	fmt.Printf("Diff contains NO offenses\n\n")
+	os.Exit(0)
+}
diff --git a/handlers_test.go b/handlers_test.go
index fb0dff8..3459b4b 100644
--- a/handlers_test.go
+++ b/handlers_test.go
@@ -73,7 +73,7 @@ func TestGithubHandler(t *testing.T) {
 
 			router := httprouter.New()
 			router.Handler("POST", testPath, GithubHandler(
-				diffence.DiffChecker{getTestRules(t, tt.args.rulesPath)},
+				diffence.DiffChecker{Rules: getTestRules(t, tt.args.rulesPath)},
 				testDiffGetter{tt.args.diffPath},
 			))
 
diff --git a/main.go b/main.go
index 5d20eef..eeba492 100644
--- a/main.go
+++ b/main.go
@@ -41,7 +41,7 @@ func main() {
 	router.Handler("GET", "/healthz", http.HandlerFunc(HealthHandler))
 	router.Handler("POST", "/github", Adapt(
 		GithubHandler(
-			diffence.DiffChecker{getRules(gitrobRules)},
+			diffence.DiffChecker{Rules: getRules(gitrobRules)},
 			diffGetterGithub{},
 		),
 		AuthMiddleware(GithubAuthenticator{getEnvVar(githubWebhookSecret)}),
diff --git a/vendor.conf b/vendor.conf
index c759607..8c82277 100644
--- a/vendor.conf
+++ b/vendor.conf
@@ -1,5 +1,5 @@
 # package
 github.com/UKHomeOffice/repo-security-scanner
 
-github.com/techjacker/diffence			6f41b9b0a8150e165cd297ae3e00129766cf8a9b
+github.com/techjacker/diffence			5aa50982d614156536dec11f93f178fdf43b3274
 github.com/julienschmidt/httprouter		8a45e95fc75cb77048068a62daed98cc22fdac7c
diff --git a/version b/version
new file mode 100644
index 0000000..96acaa8
--- /dev/null
+++ b/version
@@ -0,0 +1 @@
+RELEASE_VERSION=0.2.0