filesystem support for exclude and include filters #881
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ahrav
reviewed
Nov 15, 2022
| if err != nil { | ||
| logrus.WithError(err).Fatal("could not create filter") | ||
| } | ||
|
|
||
| var repoPath string | ||
| var remote bool |
There was a problem hiding this comment.
nit: If we declare var err error here, within the switch we can use regular assignment = vs :=
|
|
* Enable skipping of particular key IDs * update test
* add rambbitmq detector * use fixed length redaction Co-authored-by: Dustin Decker <dustin@trufflesec.com>
* Update slack webhook detector check to text. * remove redunant slashes.
* Add custom_detectors proto * Generate proto code * Create custom_detectors package Also create protoyaml package to test YAML unmarshalling the configuration. * Simplify custom_detectors proto by removing connection * Generate proto code * Update custom_detectors parsing tests
* Add logger to context * Fatal on no org
* Add validation skeleton * Add custom detector validation with tests * Validate and test regex vars * Implement RegexVarString * Use RegexVarString for validating regex variables * Add numerics to the regex variable matching Co-authored-by: hxnyk <8292703+hxnyk@users.noreply.github.com>
* Adjust repo count for new app * Fix chunk test count
* Change chunker test source * Emit chunk if the size isn't 0
…ecurity#1006) Bumps [cloud.google.com/go/secretmanager](https://github.com/googleapis/google-cloud-go) from 1.9.0 to 1.10.0. - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md) - [Commits](googleapis/google-cloud-go@dlp/v1.9.0...asset/v1.10.0) --- updated-dependencies: - dependency-name: cloud.google.com/go/secretmanager dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…#1007) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.5.1 to 5.5.2. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.5.1...v5.5.2) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…lesecurity#1008) Bumps [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) from 0.7.1 to 0.7.2. - [Release notes](https://github.com/hashicorp/go-retryablehttp/releases) - [Commits](hashicorp/go-retryablehttp@v0.7.1...v0.7.2) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-retryablehttp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.4.0 to 0.5.0. - [Release notes](https://github.com/golang/crypto/releases) - [Commits](golang/crypto@v0.4.0...v0.5.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Handle invalid regex for custom detector. * Add comment highlighting invalid regex.
…lesecurity#1010) * Validate custom regular expressions on detector initialization * Add regex name to error message
* Copy metadata for line number aware sources * Improve style
* Update entrypoint. * update comment. * Call each extra arg on its own. * Update loop. * Update extra args. * Use miccah's magic script. * Fix path to bash. * update entrypoint. * Add bash to Dockerfile. * update goreleaser dockerfile.
* Small cleanup of CircleCi source. * address comments. * Add context to methods as first param.
* Small cleanup of CircleCi source. * Add concurrency to circleci. * merge w/ cleanup branch. * Rdefine loop var. * Delete github.go * reverge file delete. * Add debug log for scan errors. * make collecting scanned errors thread safe. * pre-allocate errors slice.
|
@mac2000 what happened here? It looks like the PR was closed rather than merged and I do not see a reason why. Would love to see this feature added to filesystem scans. |
…urity#1022) Bumps [github.com/getsentry/sentry-go](https://github.com/getsentry/sentry-go) from 0.16.0 to 0.17.0. - [Release notes](https://github.com/getsentry/sentry-go/releases) - [Changelog](https://github.com/getsentry/sentry-go/blob/master/CHANGELOG.md) - [Commits](getsentry/sentry-go@v0.16.0...v0.17.0) --- updated-dependencies: - dependency-name: github.com/getsentry/sentry-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…y#1024) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.77.0 to 0.78.0. - [Release notes](https://github.com/xanzy/go-gitlab/releases) - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](xanzy/go-gitlab@v0.77.0...v0.78.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/sergi/go-diff](https://github.com/sergi/go-diff) from 1.2.0 to 1.3.1. - [Release notes](https://github.com/sergi/go-diff/releases) - [Commits](sergi/go-diff@v1.2.0...v1.3.1) --- updated-dependencies: - dependency-name: github.com/sergi/go-diff dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
Hm, sorry, it was my fault, after messing with the GitHub sync of branches, I broke everything completely 🤷♂️ As a result figured out how to reset everything to upstream and cherry pick changes, otherwise my pull request was a mess of all changes from a PR creation @ahrav if there is a chance to not wait for next conflict will be nice to merge it, seems like other similar changes were merged already (e.g. circleci flag for path exclusion)
|
|
@dickc-sg fyi seems like we have made it 💪 thanks to @dustin-decker 👍 #1033 pull request was approved and merged |
|
Thank you! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes: #536 and technically closes: #865
What has been done:
err :=belowFor filesystem engine, itself did not want to touch it so just added one more "method"
WithFilter()so it can be used where neededIn the same way, as in the git source, we are checking if the filter is not nil and the current file passes it
Offtopic: while trying to figure out how to do it found one more crappy thing in the filter itself - it does not remove empty lines from the exclusion file, and it may lead to scenarios when by mistake we may exclude all files with space in the name
Tests: did not find any tests related to the filter in the git source so have nothing to copy from, and because I'm golang noob all that channel stuff just blows my brain so can not handle that one 🤷♂️