New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
filesystem support for exclude and include filters #881
Conversation
if err != nil { | ||
logrus.WithError(err).Fatal("could not create filter") | ||
} | ||
|
||
var repoPath string | ||
var remote bool |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: If we declare var err error
here, within the switch we can use regular assignment =
vs :=
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks a lot @mac2000 this looks like a great addition. Really appreciate it 😄
Looks like there is a conflict in main, otherwise LGTM!
|
* Enable skipping of particular key IDs * update test
* add rambbitmq detector * use fixed length redaction Co-authored-by: Dustin Decker <dustin@trufflesec.com>
* Update slack webhook detector check to text. * remove redunant slashes.
* Add custom_detectors proto * Generate proto code * Create custom_detectors package Also create protoyaml package to test YAML unmarshalling the configuration. * Simplify custom_detectors proto by removing connection * Generate proto code * Update custom_detectors parsing tests
* Add logger to context * Fatal on no org
* Add validation skeleton * Add custom detector validation with tests * Validate and test regex vars * Implement RegexVarString * Use RegexVarString for validating regex variables * Add numerics to the regex variable matching Co-authored-by: hxnyk <8292703+hxnyk@users.noreply.github.com>
* Adjust repo count for new app * Fix chunk test count
* Change chunker test source * Emit chunk if the size isn't 0
…ecurity#1006) Bumps [cloud.google.com/go/secretmanager](https://github.com/googleapis/google-cloud-go) from 1.9.0 to 1.10.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md) - [Commits](googleapis/google-cloud-go@dlp/v1.9.0...asset/v1.10.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/secretmanager dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…#1007) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.5.1 to 5.5.2. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.5.1...v5.5.2) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…lesecurity#1008) Bumps [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) from 0.7.1 to 0.7.2. - [Release notes](https://github.com/hashicorp/go-retryablehttp/releases) - [Commits](hashicorp/go-retryablehttp@v0.7.1...v0.7.2) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-retryablehttp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.4.0 to 0.5.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](golang/crypto@v0.4.0...v0.5.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Handle invalid regex for custom detector. * Add comment highlighting invalid regex.
…lesecurity#1010) * Validate custom regular expressions on detector initialization * Add regex name to error message
* Copy metadata for line number aware sources * Improve style
* Update entrypoint. * update comment. * Call each extra arg on its own. * Update loop. * Update extra args. * Use miccah's magic script. * Fix path to bash. * update entrypoint. * Add bash to Dockerfile. * update goreleaser dockerfile.
* Small cleanup of CircleCi source. * address comments. * Add context to methods as first param.
* Small cleanup of CircleCi source. * Add concurrency to circleci. * merge w/ cleanup branch. * Rdefine loop var. * Delete github.go * reverge file delete. * Add debug log for scan errors. * make collecting scanned errors thread safe. * pre-allocate errors slice.
@mac2000 what happened here? It looks like the PR was closed rather than merged and I do not see a reason why. Would love to see this feature added to filesystem scans. |
…urity#1022) Bumps [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go) from 0.16.0 to 0.17.0. - [Release notes](https://github.com/getsentry/sentry-go/releases) - [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md) - [Commits](getsentry/sentry-go@v0.16.0...v0.17.0) --- updated-dependencies: - dependency-name: github.com/getsentry/sentry-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…y#1024) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.77.0 to 0.78.0. - [Release notes](https://github.com/xanzy/go-gitlab/releases) - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](xanzy/go-gitlab@v0.77.0...v0.78.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/sergi/go-diff](https://github.com/sergi/go-diff) from 1.2.0 to 1.3.1. - [Release notes](https://github.com/sergi/go-diff/releases) - [Commits](sergi/go-diff@v1.2.0...v1.3.1) --- updated-dependencies: - dependency-name: github.com/sergi/go-diff dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Hm, sorry, it was my fault, after messing with the GitHub sync of branches, I broke everything completely 🤷♂️ As a result figured out how to reset everything to upstream and cherry pick changes, otherwise my pull request was a mess of all changes from a PR creation @ahrav if there is a chance to not wait for next conflict will be nice to merge it, seems like other similar changes were merged already (e.g. circleci flag for path exclusion)
|
@dickc-sg fyi seems like we have made it 💪 thanks to @dustin-decker 👍 #1033 pull request was approved and merged |
Thank you! |
Closes: #536 and technically closes: #865
What has been done:
err :=
belowFor filesystem engine, itself did not want to touch it so just added one more "method"
WithFilter()
so it can be used where neededIn the same way, as in the git source, we are checking if the filter is not nil and the current file passes it
Offtopic: while trying to figure out how to do it found one more crappy thing in the filter itself - it does not remove empty lines from the exclusion file, and it may lead to scenarios when by mistake we may exclude all files with space in the name
Tests: did not find any tests related to the filter in the git source so have nothing to copy from, and because I'm golang noob all that channel stuff just blows my brain so can not handle that one 🤷♂️