diff --git a/audit/audit.go b/audit/audit.go index b44672beb..a6d5423db 100644 --- a/audit/audit.go +++ b/audit/audit.go @@ -33,6 +33,15 @@ func Run(m *manager.Manager) error { } func runHelper(r *Repo) error { + // Ignore whitelisted repos + for _, wlRepo := range r.Manager.Config.Whitelist.Repos { + if RegexMatched(r.Manager.Opts.RepoPath, wlRepo) { + return nil + } + if RegexMatched(r.Manager.Opts.Repo, wlRepo) { + return nil + } + } if r.Manager.Opts.OpenLocal() { r.Name = path.Base(r.Manager.Opts.RepoPath) if err := r.Open(); err != nil { diff --git a/audit/audit_test.go b/audit/audit_test.go index 17b1c13d1..c6ba1a1ee 100644 --- a/audit/audit_test.go +++ b/audit/audit_test.go @@ -173,6 +173,16 @@ func TestAudit(t *testing.T) { }, wantPath: "../test_data/test_local_owner_aws_leak.json", }, + { + description: "test owner path whitelist repo", + opts: options.Options{ + OwnerPath: "../test_data/test_repos/", + Report: "../test_data/test_local_owner_aws_leak_whitelist_repo.json.got", + ReportFormat: "json", + Config: "../test_data/test_configs/aws_key_local_owner_whitelist_repo.toml", + }, + wantPath: "../test_data/test_local_owner_aws_leak_whitelist_repo.json", + }, { description: "test entropy and regex", opts: options.Options{ diff --git a/audit/repo.go b/audit/repo.go index 282d619f2..794492c17 100644 --- a/audit/repo.go +++ b/audit/repo.go @@ -5,6 +5,7 @@ import ( "context" "crypto/md5" "fmt" + "github.com/go-git/go-git/v5" "io" "os" "path" @@ -16,14 +17,13 @@ import ( "github.com/zricethezav/gitleaks/v4/manager" "github.com/BurntSushi/toml" + "github.com/go-git/go-billy/v5" + "github.com/go-git/go-git/v5/plumbing" + "github.com/go-git/go-git/v5/plumbing/object" + "github.com/go-git/go-git/v5/plumbing/storer" + "github.com/go-git/go-git/v5/storage/memory" "github.com/sergi/go-diff/diffmatchpatch" log "github.com/sirupsen/logrus" - "gopkg.in/src-d/go-billy.v4" - "gopkg.in/src-d/go-git.v4" - "gopkg.in/src-d/go-git.v4/plumbing" - "gopkg.in/src-d/go-git.v4/plumbing/object" - "gopkg.in/src-d/go-git.v4/plumbing/storer" - "gopkg.in/src-d/go-git.v4/storage/memory" ) // Repo wraps a *git.Repository object in addition to a manager object and the name of the repo. @@ -259,7 +259,6 @@ func (repo *Repo) Audit() error { auditTimeStart := time.Now() // audit commit patches OR all files at commit. See https://github.com/zricethezav/gitleaks/issues/326 - // TODO having --commit= and --fites-at-commit= set should probably be guarded against if repo.Manager.Opts.Commit != "" { return inspectCommit(repo.Manager.Opts.Commit, repo, inspectCommitPatches) } else if repo.Manager.Opts.FilesAtCommit != "" { diff --git a/audit/util.go b/audit/util.go index d82d901fc..e817ef96d 100644 --- a/audit/util.go +++ b/audit/util.go @@ -13,10 +13,10 @@ import ( "github.com/zricethezav/gitleaks/v4/manager" log "github.com/sirupsen/logrus" - "gopkg.in/src-d/go-git.v4" - "gopkg.in/src-d/go-git.v4/plumbing" - fdiff "gopkg.in/src-d/go-git.v4/plumbing/format/diff" - "gopkg.in/src-d/go-git.v4/plumbing/object" + "github.com/go-git/go-git/v5" + "github.com/go-git/go-git/v5/plumbing" + fdiff "github.com/go-git/go-git/v5/plumbing/format/diff" + "github.com/go-git/go-git/v5/plumbing/object" ) // Inspect patch accepts a patch, commit, and repo. If the patches contains files that are @@ -164,7 +164,7 @@ func InspectFile(content string, fullpath string, c *object.Commit, repo *Repo) // We want to check if there is a whitelist for this file if len(repo.config.Whitelist.Files) != 0 { for _, reFileName := range repo.config.Whitelist.Files { - if fileMatched(filename, reFileName) { + if RegexMatched(filename, reFileName) { log.Debugf("whitelisted file found, skipping audit of file: %s", filename) return } @@ -174,7 +174,7 @@ func InspectFile(content string, fullpath string, c *object.Commit, repo *Repo) // We want to check if there is a whitelist for this path if len(repo.config.Whitelist.Paths) != 0 { for _, reFilePath := range repo.config.Whitelist.Paths { - if fileMatched(path, reFilePath) { + if RegexMatched(path, reFilePath) { log.Debugf("file in whitelisted path found, skipping audit of file: %s", filename) return } @@ -190,12 +190,12 @@ func InspectFile(content string, fullpath string, c *object.Commit, repo *Repo) } // If it has fileNameRegex and it doesnt match we continue to next rule - if ruleContainFileNameRegex(rule) && !fileMatched(filename, rule.FileNameRegex) { + if ruleContainFileNameRegex(rule) && !RegexMatched(filename, rule.FileNameRegex) { continue } // If it has filePathRegex and it doesnt match we continue to next rule - if ruleContainFilePathRegex(rule) && !fileMatched(path, rule.FilePathRegex) { + if ruleContainFilePathRegex(rule) && !RegexMatched(path, rule.FilePathRegex) { continue } @@ -376,7 +376,7 @@ func isOffenderWhiteListed(offender string, whitelist []config.Whitelist) bool { func isFileNameWhiteListed(filename string, whitelist []config.Whitelist) bool { if len(whitelist) != 0 { for _, wl := range whitelist { - if fileMatched(filename, wl.File) { + if RegexMatched(filename, wl.File) { return true } } @@ -387,7 +387,7 @@ func isFileNameWhiteListed(filename string, whitelist []config.Whitelist) bool { func isFilePathWhiteListed(filepath string, whitelist []config.Whitelist) bool { if len(whitelist) != 0 { for _, wl := range whitelist { - if fileMatched(filepath, wl.Path) { + if RegexMatched(filepath, wl.Path) { return true } } @@ -395,7 +395,9 @@ func isFilePathWhiteListed(filepath string, whitelist []config.Whitelist) bool { return false } -func fileMatched(f interface{}, re *regexp.Regexp) bool { +// RegexMatched matched an interface to a regular expression. The interface f can +// be a string type or go-git *object.File type. +func RegexMatched(f interface{}, re *regexp.Regexp) bool { if re == nil { return false } diff --git a/config/config.go b/config/config.go index 4ebac4f7a..8852286cb 100644 --- a/config/config.go +++ b/config/config.go @@ -51,6 +51,7 @@ type Config struct { Commits []string Files []*regexp.Regexp Paths []*regexp.Regexp + Repos []*regexp.Regexp } } @@ -63,6 +64,7 @@ type TomlLoader struct { Commits []string Files []string Paths []string + Repos []string } Rules []struct { Description string @@ -210,6 +212,16 @@ func (tomlLoader TomlLoader) Parse() (Config, error) { } cfg.Whitelist.Paths = append(cfg.Whitelist.Paths, re) } + + // global repo whitelists + for _, wlRepo := range tomlLoader.Whitelist.Repos { + re, err := regexp.Compile(wlRepo) + if err != nil { + return cfg, fmt.Errorf("problem loading config: %v", err) + } + cfg.Whitelist.Repos = append(cfg.Whitelist.Repos, re) + } + cfg.Whitelist.Commits = tomlLoader.Whitelist.Commits cfg.Whitelist.Description = tomlLoader.Whitelist.Description diff --git a/go.mod b/go.mod index 4c006470d..9cdceeaf8 100644 --- a/go.mod +++ b/go.mod @@ -4,16 +4,15 @@ go 1.14 require ( github.com/BurntSushi/toml v0.3.1 + github.com/go-git/go-billy/v5 v5.0.0 + github.com/go-git/go-git/v5 v5.0.0 github.com/google/go-cmp v0.4.0 // indirect - github.com/google/go-github/v29 v29.0.3 + github.com/google/go-github/v31 v31.0.0 github.com/hako/durafmt v0.0.0-20191009132224-3f39dc1ed9f4 github.com/jessevdk/go-flags v1.4.0 github.com/mattn/go-colorable v0.1.2 - github.com/sergi/go-diff v1.0.0 + github.com/sergi/go-diff v1.1.0 github.com/sirupsen/logrus v1.4.2 github.com/xanzy/go-gitlab v0.21.0 - golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 // indirect golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 - gopkg.in/src-d/go-billy.v4 v4.3.2 - gopkg.in/src-d/go-git.v4 v4.13.1 ) diff --git a/go.sum b/go.sum index 84c799555..067efed74 100644 --- a/go.sum +++ b/go.sum @@ -7,7 +7,7 @@ github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -17,6 +17,14 @@ github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjr github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0= github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= +github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4= +github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E= +github.com/go-git/go-billy/v5 v5.0.0 h1:7NQHvd9FVid8VL4qVUMm8XifBK+2xCoZ2lSk0agRrHM= +github.com/go-git/go-billy/v5 v5.0.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= +github.com/go-git/go-git-fixtures/v4 v4.0.1 h1:q+IFMfLx200Q3scvt2hN79JsEzy4AmBTp/pqnefH+Bc= +github.com/go-git/go-git-fixtures/v4 v4.0.1/go.mod h1:m+ICp2rF3jDhFgEZ/8yziagdT1C+ZpZcrJjappBCDSw= +github.com/go-git/go-git/v5 v5.0.0 h1:k5RWPm4iJwYtfWoxIJy4wJX9ON7ihPeZZYC1fLYDnpg= +github.com/go-git/go-git/v5 v5.0.0/go.mod h1:oYD8y9kWsGINPFJoLdaScGCN6dlKg23blmClfZwtUVA= github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs= @@ -25,8 +33,8 @@ github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-github/v29 v29.0.3 h1:IktKCTwU//aFHnpA+2SLIi7Oo9uhAzgsdZNbcAqhgdc= -github.com/google/go-github/v29 v29.0.3/go.mod h1:CHKiKKPHJ0REzfwc14QMklvtHwCveD0PxlMjLlzAM5E= +github.com/google/go-github/v31 v31.0.0 h1:JJUxlP9lFK+ziXKimTCprajMApV1ecWD4NB6CCb0plo= +github.com/google/go-github/v31 v31.0.0/go.mod h1:NQPZol8/1sMoWYGN2yaALIBytu17gAWfhbweiEed3pM= github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/hako/durafmt v0.0.0-20191009132224-3f39dc1ed9f4 h1:60gBOooTSmNtrqNaRvrDbi8VAne0REaek2agjnITKSw= @@ -42,32 +50,29 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxv github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/mattn/go-colorable v0.1.2 h1:/bC9yWikZXAL9uJdulbSfyVNIR3n3trXl+v8+1sx8mU= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-isatty v0.0.8 h1:HLtExJ+uU2HOZ+wI0Tt5DtUDrx8yhUqDcp7fYERX4CE= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtbSNq5BcowyYOWdKo= +github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs= +github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ= -github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= +github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= +github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= -github.com/src-d/gcfg v1.4.0 h1:xXbNR5AlLSA315x2UO+fTSSAXCDf+Ar38/6oyGbDKQ4= -github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/xanzy/go-gitlab v0.21.0 h1:Ru55sR4TBoDNsAKwCOpzeaGtbiWj7xTksVmzBJbLu6c= @@ -76,39 +81,32 @@ github.com/xanzy/ssh-agent v0.2.1 h1:TCbipTQL2JiiCprBWx9frJ2eJlCYT00NmctrHxVAr70 github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4 h1:HuIa8hRrWRSrqYzx1qI49NNxhdi2PrY7gxVSq1JjLDc= -golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073 h1:xMPOj6Pz6UipU1wXLkrtqpHbR0AVFnyPEQq/wRWz9lM= +golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181108082009-03003ca0c849/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190724013045-ca1201d0de80 h1:Ao/3l156eZf2AW5wK8a7/smtodRU+gha3+BeqJ69lRk= -golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200301022130-244492dfa37a h1:GuSPYbZzB5/dcLNCwLQLsg3obCJtX9IJhpXkvY7kzk0= +golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e h1:D5TXcfTk7xF7hvieo4QErS3qqCB4teTffacDWr7CI+0= -golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527 h1:uYVVQ9WP/Ds2ROhcaGPeIdVq0RIXVLwsHlnvJ+cT1So= +golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190729092621-ff9f1409240a h1:mEQZbbaBjWyLNy0tmZmgEuQAR8XOQ3hL8GYi3J/NG64= -golang.org/x/tools v0.0.0-20190729092621-ff9f1409240a/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= @@ -116,15 +114,12 @@ google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/src-d/go-billy.v4 v4.3.2 h1:0SQA1pRztfTFx2miS8sA97XvooFeNOmvUenF4o0EcVg= -gopkg.in/src-d/go-billy.v4 v4.3.2/go.mod h1:nDjArDMp+XMs1aFAESLRjfGSgfvoYN0hDfzEk0GjC98= -gopkg.in/src-d/go-git-fixtures.v3 v3.5.0 h1:ivZFOIltbce2Mo8IjzUHAFoq/IylO9WHhNOAJK+LsJg= -gopkg.in/src-d/go-git-fixtures.v3 v3.5.0/go.mod h1:dLBcvytrw/TYZsNTWCnkNF2DSIlzWYqTe3rJR56Ac7g= -gopkg.in/src-d/go-git.v4 v4.13.1 h1:SRtFyV8Kxc0UP7aCHcijOMQGPxHSmMOPrzulQWolkYE= -gopkg.in/src-d/go-git.v4 v4.13.1/go.mod h1:nx5NYcxdKxq5fpltdHnPa2Exj4Sx0EclMWZQbYDu2z8= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU= +gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/hosts/github.go b/hosts/github.go index fe5252470..0dc57f0a5 100644 --- a/hosts/github.go +++ b/hosts/github.go @@ -10,13 +10,13 @@ import ( "github.com/zricethezav/gitleaks/v4/manager" "github.com/zricethezav/gitleaks/v4/options" - "github.com/google/go-github/v29/github" + "github.com/go-git/go-git/v5" + "github.com/go-git/go-git/v5/plumbing" + "github.com/go-git/go-git/v5/plumbing/object" + "github.com/go-git/go-git/v5/plumbing/transport" + "github.com/google/go-github/v31/github" log "github.com/sirupsen/logrus" "golang.org/x/oauth2" - "gopkg.in/src-d/go-git.v4" - "gopkg.in/src-d/go-git.v4/plumbing" - "gopkg.in/src-d/go-git.v4/plumbing/object" - "gopkg.in/src-d/go-git.v4/plumbing/transport" ) // Github wraps a github client and manager. This struct implements what the Host interface defines. diff --git a/manager/manager.go b/manager/manager.go index 43fc2f055..dea835ec6 100644 --- a/manager/manager.go +++ b/manager/manager.go @@ -19,7 +19,7 @@ import ( "github.com/hako/durafmt" "github.com/mattn/go-colorable" log "github.com/sirupsen/logrus" - "gopkg.in/src-d/go-git.v4" + "github.com/go-git/go-git/v5" ) const maxLineLen = 200 diff --git a/options/options.go b/options/options.go index 82366790b..19223c2e7 100644 --- a/options/options.go +++ b/options/options.go @@ -11,9 +11,9 @@ import ( "github.com/jessevdk/go-flags" log "github.com/sirupsen/logrus" - "gopkg.in/src-d/go-git.v4" - "gopkg.in/src-d/go-git.v4/plumbing/transport/http" - "gopkg.in/src-d/go-git.v4/plumbing/transport/ssh" + "github.com/go-git/go-git/v5" + "github.com/go-git/go-git/v5/plumbing/transport/http" + "github.com/go-git/go-git/v5/plumbing/transport/ssh" ) // No leaks or early exit due to invalid options @@ -110,6 +110,9 @@ func (opts Options) Guard() error { if !oneOrNoneSet(opts.AccessToken, opts.Password) { log.Warn("both access-token and password are set. Only password will be attempted") } + if !oneOrNoneSet(opts.FilesAtCommit, opts.Commit, opts.CommitTo, opts.CommitFrom) { + return fmt.Errorf("invalid commit options set") + } return nil } diff --git a/test_data/test_configs/aws_key_local_owner_whitelist_repo.toml b/test_data/test_configs/aws_key_local_owner_whitelist_repo.toml new file mode 100644 index 000000000..bd1134eb7 --- /dev/null +++ b/test_data/test_configs/aws_key_local_owner_whitelist_repo.toml @@ -0,0 +1,4 @@ +[[rules]] + description = "AWS Manager ID" + regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}''' + tags = ["key", "AWS"] diff --git a/test_data/test_local_owner_aws_leak_whitelist_repo.json b/test_data/test_local_owner_aws_leak_whitelist_repo.json new file mode 100644 index 000000000..696312056 --- /dev/null +++ b/test_data/test_local_owner_aws_leak_whitelist_repo.json @@ -0,0 +1,184 @@ +[ + { + "line": " aws_access_key_id='AKIAIO5FODNN7EXAMPLE',", + "offender": "AKIAIO5FODNN7EXAMPLE", + "commit": "6557c92612d3b35979bd426d429255b3bf9fab74", + "repo": "test_repo_1", + "rule": "AWS Manager ID", + "commitMessage": "commit 1 with secrets\n", + "author": "zach rice", + "email": "zricer@protonmail.com", + "file": "server.test.py", + "date": "2019-10-24T09:29:27-04:00", + "tags": "key, AWS" + }, + { + "line": " const AWSKEY = \"AKIALALEMEL33243OLIBE\"", + "offender": "AKIALALEMEL33243OLIB", + "commit": "f61cd8587b7ac1d75a89a0c9af870a2f24c60263", + "repo": "test_repo_2", + "rule": "AWS Manager ID", + "commitMessage": "rm secrets again\n", + "author": "zach rice", + "email": "zricer@protonmail.com", + "file": "secrets.md", + "date": "2019-10-25T13:12:32-04:00", + "tags": "key, AWS" + }, + { + "line": " const AWSKEY = \"AKIALALEMEL33243OLIBE\"", + "offender": "AKIALALEMEL33243OLIB", + "commit": "b2eb34a61c988afd9b4aaa9dd58c8dd7d5f14dba", + "repo": "test_repo_2", + "rule": "AWS Manager ID", + "commitMessage": "adding another one\n", + "author": "zach rice", + "email": "zricer@protonmail.com", + "file": "secrets.md", + "date": "2019-10-25T13:12:08-04:00", + "tags": "key, AWS" + }, + { + "line": "Here's an AWS secret: \"AKIALALEMEL33243OLIAE\"", + "offender": "AKIALALEMEL33243OLIA", + "commit": "996865bb912f3bc45898a370a13aadb315014b55", + "repo": "test_repo_2", + "rule": "AWS Manager ID", + "commitMessage": "committing pem\n", + "author": "zach rice", + "email": "zricer@protonmail.com", + "file": "secrets.md", + "date": "2019-10-25T13:07:41-04:00", + "tags": "key, AWS" + }, + { + "line": "Here's an AWS secret: \"AKIALALEMEL33243OLIAE\"", + "offender": "AKIALALEMEL33243OLIA", + "commit": "17471a5fda722a9e423f1a0d3f0d267ea009d41c", + "repo": "test_repo_2", + "rule": "AWS Manager ID", + "commitMessage": "wait this is actually adding an aws secret\n", + "author": "zach rice", + "email": "zricer@protonmail.com", + "file": "secrets.md", + "date": "2019-10-25T13:01:27-04:00", + "tags": "key, AWS" + }, + { + "line": "Here's an AWS secret: AKIALALEMEL33243OLIAE", + "offender": "AKIALALEMEL33243OLIA", + "commit": "17471a5fda722a9e423f1a0d3f0d267ea009d41c", + "repo": "test_repo_2", + "rule": "AWS Manager ID", + "commitMessage": "wait this is actually adding an aws secret\n", + "author": "zach rice", + "email": "zricer@protonmail.com", + "file": "secrets.md", + "date": "2019-10-25T13:01:27-04:00", + "tags": "key, AWS" + }, + { + "line": "\nHere's an AWS secret: AKIALALEMEL33243OLIAE", + "offender": "AKIALALEMEL33243OLIA", + "commit": "b10b3e2cb320a8c211fda94c4567299d37de7776", + "repo": "test_repo_2", + "rule": "AWS Manager ID", + "commitMessage": "adding aws key\n", + "author": "zach rice", + "email": "zricer@protonmail.com", + "file": "secrets.md", + "date": "2019-10-25T12:58:39-04:00", + "tags": "key, AWS" + }, + { + "line": "const AWSKEY = \"AKIALALEMEL33243OLIAE\"", + "offender": "AKIALALEMEL33243OLIA", + "commit": "cd5eb8bef855f73c46b97b4c088badffdc40ebe9", + "repo": "test_repo_3", + "rule": "AWS Manager ID", + "commitMessage": "rm secrets\n", + "author": "zach rice", + "email": "zricer@protonmail.com", + "file": "secrets.md", + "date": "2019-10-25T13:54:26-04:00", + "tags": "key, AWS" + }, + { + "line": "const AWSKEY = \"AKIALALEMEL33243OLIAE\"", + "offender": "AKIALALEMEL33243OLIA", + "commit": "84ac4e80d4dbf2c968b64e9d4005f5079795bb81", + "repo": "test_repo_3", + "rule": "AWS Manager ID", + "commitMessage": "more secrets\n", + "author": "zach rice", + "email": "zricer@protonmail.com", + "file": "secrets.md", + "date": "2019-10-25T13:54:08-04:00", + "tags": "key, AWS" + }, + { + "line": "AWS secret: \"AKIALALEMEL33243OLIAE\"", + "offender": "AKIALALEMEL33243OLIA", + "commit": "64cfcee9aad1c84581631636bfc54f2050718d1a", + "repo": "test_repo_3", + "rule": "AWS Manager ID", + "commitMessage": "rm secrets\n", + "author": "zach rice", + "email": "zricer@protonmail.com", + "file": "secrets.md", + "date": "2019-10-25T13:36:22-04:00", + "tags": "key, AWS" + }, + { + "line": "AWS secret: \"AKIALALEMEL33243OLIAE\"", + "offender": "AKIALALEMEL33243OLIA", + "commit": "deea550dd6c7acaf0e59432600593533984a2125", + "repo": "test_repo_3", + "rule": "AWS Manager ID", + "commitMessage": "dev branch\n", + "author": "zach rice", + "email": "zricer@protonmail.com", + "file": "secrets.md", + "date": "2019-10-25T13:35:03-04:00", + "tags": "key, AWS" + }, + { + "line": "\naws_access_key_id='AKIAIO5FODNN7EXAMPL2'", + "offender": "AKIAIO5FODNN7EXAMPL2", + "commit": "ca71fcdeda15f25f0cc661d90e8785c255925c27", + "repo": "test_repo_5", + "rule": "AWS Manager ID", + "commitMessage": "introduce more secrets\n", + "author": "Zach Rice", + "email": "zrice@gitlab.com", + "file": "secrets.py", + "date": "2020-02-01T10:08:04-05:00", + "tags": "key, AWS" + }, + { + "line": "aws_access_key_id='AKIAIO5FODNN7EXAMPLE'", + "offender": "AKIAIO5FODNN7EXAMPLE", + "commit": "1f2a4abc47dabf991e6af6f9770867ce0ac1f360", + "repo": "test_repo_5", + "rule": "AWS Manager ID", + "commitMessage": "introduce secrets\n", + "author": "Zach Rice", + "email": "zrice@gitlab.com", + "file": "secrets.py", + "date": "2020-02-01T10:07:34-05:00", + "tags": "key, AWS" + }, + { + "line": "aws_access_key_id=AKIAIO5FODNN7EXAMPLE", + "offender": "AKIAIO5FODNN7EXAMPLE", + "commit": "98b6c7cb3fb29a5993c4c95c56a2dc53050b9247", + "repo": "test_repo_6", + "rule": "AWS Manager ID", + "commitMessage": "Adding some secrets in config folder\n\n", + "author": "Noel Algora", + "email": "noealgigu@gmail.com", + "file": "config/application.properties", + "date": "2020-02-24T14:13:15-05:00", + "tags": "key, AWS" + } +]