g.parotte
/
docker-infisical
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

rebrand and small tweeks

Browse Source
add-gitleak
Maidul Islam 1 year ago
parent 8249043826
commit 353ff63298
5 changed files with 44 additions and 38 deletions
Show Stats Download Patch File Download Diff File

6
cli/config/config.go
Unescape View File

@ -32,7 +32,7 @@ import (
"github.com/spf13/viper"
)
//go:embed gitleaks.toml
//go:embed infisical-scan.toml
var DefaultConfig string
// use to keep track of how many configs we can extend
@ -41,6 +41,10 @@ var extendDepth int
const maxExtendDepth = 2
const DefaultScanConfigFileName = ".infisical-scan.toml"
const DefaultScanConfigEnvName = "INFISICAL_SCAN_CONFIG"
const DefaultInfisicalIgnoreFineName = ".infisicalignore"
// ViperConfig is the config struct used by the Viper config package
// to parse the config file. This struct does not include regular expressions.
// It is used as an intermediary to convert the Viper config to the Config struct.

2
cli/config/gitleaks.toml → cli/config/infisical-scan.toml
Unescape View File

@ -14,7 +14,7 @@ title = "gitleaks config"
[allowlist]
description = "global allow lists"
paths = [
'''gitleaks.toml''',
'''infisical-scan.toml''',
'''(.*?)(jpg|gif|doc|docx|zip|xls|pdf|bin|svg|socket)$''',
'''(go.mod|go.sum)$''',
'''gradle.lockfile''',

2
cli/detect/detect.go
Unescape View File

@ -58,7 +58,7 @@ const (
ProtectType
ProtectStagedType
gitleaksAllowSignature = "gitleaks:allow"
gitleaksAllowSignature = "infisical-scan:ignore"
)
// Detector is the main detector struct

6
cli/detect/detect_test.go
Unescape View File

@ -54,7 +54,7 @@ func TestDetect(t *testing.T) {
{
cfgName: "simple",
fragment: Fragment{
Raw: `awsToken := \"AKIALALEMEL33243OKIA\ // gitleaks:allow"`,
Raw: `awsToken := \"AKIALALEMEL33243OKIA\ // infisical-scan:ignore"`,
FilePath: "tmp.go",
},
expectedFindings: []report.Finding{},
@ -64,7 +64,7 @@ func TestDetect(t *testing.T) {
fragment: Fragment{
Raw: `awsToken := \
\"AKIALALEMEL33243OKIA\ // gitleaks:allow"
\"AKIALALEMEL33243OKIA\ // infisical-scan:ignore"
`,
FilePath: "tmp.go",
@ -76,7 +76,7 @@ func TestDetect(t *testing.T) {
fragment: Fragment{
Raw: `awsToken := \"AKIALALEMEL33243OKIA\"
// gitleaks:allow"
// infisical-scan:ignore"
`,
FilePath: "tmp.go",

66
cli/packages/cmd/scan.go
Unescape View File

@ -38,16 +38,16 @@ import (
const configDescription = `config file path
order of precedence:
1. --config/-c
2. env var GITLEAKS_CONFIG
3. (--source/-s)/.gitleaks.toml
If none of the three options are used, then gitleaks will use the default config`
1. --config flag
2. env var INFISICAL_SCAN_CONFIG
3. (--source/-s)/.infisical-scan.toml
If none of the three options are used, then Infisical will use the default scan config`
func init() {
// scan flag for only scan command
scanCmd.Flags().String("log-opts", "", "git log options")
scanCmd.Flags().Bool("no-git", false, "treat git repo as a regular directory and scan those files, --log-opts has no effect on the scan when --no-git is set")
scanCmd.Flags().Bool("pipe", false, "scan input from stdin, ex: `cat some_file | gitleaks detect --pipe`")
scanCmd.Flags().Bool("pipe", false, "scan input from stdin, ex: `cat some_file | infisical scan --pipe`")
scanCmd.Flags().Bool("follow-symlinks", false, "scan files that are symlinks to other files")
// global scan flags
@ -75,9 +75,6 @@ func init() {
// add flags to main
scanCmd.AddCommand(scanGitChangesCmd)
rootCmd.AddCommand(scanCmd)
// Hide flags
scanCmd.PersistentFlags().MarkHidden("config")
}
func initScanConfig(cmd *cobra.Command) {
@ -85,13 +82,14 @@ func initScanConfig(cmd *cobra.Command) {
if err != nil {
log.Fatal().Msg(err.Error())
}
if cfgPath != "" {
viper.SetConfigFile(cfgPath)
log.Debug().Msgf("using gitleaks config %s from `--config`", cfgPath)
} else if os.Getenv("GITLEAKS_CONFIG") != "" {
envPath := os.Getenv("GITLEAKS_CONFIG")
log.Debug().Msgf("using scan config %s from `--config`", cfgPath)
} else if os.Getenv(config.DefaultScanConfigEnvName) != "" {
envPath := os.Getenv(config.DefaultScanConfigEnvName)
viper.SetConfigFile(envPath)
log.Debug().Msgf("using gitleaks config from GITLEAKS_CONFIG env var: %s", envPath)
log.Debug().Msgf("using scan config from %s env var: %s", config.DefaultScanConfigEnvName, envPath)
} else {
source, err := cmd.Flags().GetString("source")
if err != nil {
@ -103,8 +101,8 @@ func initScanConfig(cmd *cobra.Command) {
}
if !fileInfo.IsDir() {
log.Debug().Msgf("unable to load gitleaks config from %s since --source=%s is a file, using default config",
filepath.Join(source, ".gitleaks.toml"), source)
log.Debug().Msgf("unable to load scan config from %s since --source=%s is a file, using default config",
filepath.Join(source, config.DefaultScanConfigFileName), source)
viper.SetConfigType("toml")
if err = viper.ReadConfig(strings.NewReader(config.DefaultConfig)); err != nil {
log.Fatal().Msgf("err reading toml %s", err.Error())
@ -112,23 +110,23 @@ func initScanConfig(cmd *cobra.Command) {
return
}
if _, err := os.Stat(filepath.Join(source, ".gitleaks.toml")); os.IsNotExist(err) {
log.Debug().Msgf("no gitleaks config found in path %s, using default gitleaks config", filepath.Join(source, ".gitleaks.toml"))
if _, err := os.Stat(filepath.Join(source, config.DefaultScanConfigFileName)); os.IsNotExist(err) {
log.Debug().Msgf("no scan config found in path %s, using default scan config", filepath.Join(source, config.DefaultScanConfigFileName))
viper.SetConfigType("toml")
if err = viper.ReadConfig(strings.NewReader(config.DefaultConfig)); err != nil {
log.Fatal().Msgf("err reading default config toml %s", err.Error())
log.Fatal().Msgf("err reading default scan config toml %s", err.Error())
}
return
} else {
log.Debug().Msgf("using existing gitleaks config %s from `(--source)/.gitleaks.toml`", filepath.Join(source, ".gitleaks.toml"))
log.Debug().Msgf("using existing scan config %s from `(--source)/%s`", filepath.Join(source, config.DefaultScanConfigFileName), config.DefaultScanConfigFileName)
}
viper.AddConfigPath(source)
viper.SetConfigName(".gitleaks")
viper.SetConfigName(config.DefaultScanConfigFileName)
viper.SetConfigType("toml")
}
if err := viper.ReadInConfig(); err != nil {
log.Fatal().Msgf("unable to load gitleaks config, err: %s", err)
log.Fatal().Msgf("unable to load scan config, err: %s", err)
}
}
@ -167,10 +165,10 @@ var scanCmd = &cobra.Command{
if err != nil {
log.Fatal().Err(err).Msg("")
}
// if config path is not set, then use the {source}/.gitleaks.toml path.
// note that there may not be a `{source}/.gitleaks.toml` file, this is ok.
// if config path is not set, then use the {source}/.infisical-scan.toml path.
// note that there may not be a `{source}/.infisical-scan.toml` file, this is ok.
if detector.Config.Path == "" {
detector.Config.Path = filepath.Join(source, ".gitleaks.toml")
detector.Config.Path = filepath.Join(source, config.DefaultScanConfigFileName)
}
// set verbose flag
if detector.Verbose, err = cmd.Flags().GetBool("verbose"); err != nil {
@ -188,8 +186,8 @@ var scanCmd = &cobra.Command{
log.Fatal().Err(err).Msg("")
}
if fileExists(filepath.Join(source, ".infisicalignore")) {
if err = detector.AddGitleaksIgnore(filepath.Join(source, ".infisicalignore")); err != nil {
if fileExists(filepath.Join(source, config.DefaultInfisicalIgnoreFineName)) {
if err = detector.AddGitleaksIgnore(filepath.Join(source, config.DefaultInfisicalIgnoreFineName)); err != nil {
log.Fatal().Err(err).Msg("could not call AddInfisicalIgnore")
}
}
@ -199,7 +197,7 @@ var scanCmd = &cobra.Command{
if baselinePath != "" {
err = detector.AddBaseline(baselinePath, source)
if err != nil {
log.Error().Msgf("Could not load baseline. The path must point of a gitleaks report generated using the default format: %s", err)
log.Error().Msgf("Could not load baseline. The path must point to report generated by `infisical scan` using the default format: %s", err)
}
}
@ -226,6 +224,8 @@ var scanCmd = &cobra.Command{
log.Fatal().Err(err)
}
log.Info().Msgf("scanning for exposed secrets...")
// start the detector scan
if noGit {
findings, err = detector.DetectFiles(source)
@ -320,10 +320,10 @@ var scanGitChangesCmd = &cobra.Command{
if err != nil {
log.Fatal().Err(err).Msg("")
}
// if config path is not set, then use the {source}/.gitleaks.toml path.
// note that there may not be a `{source}/.gitleaks.toml` file, this is ok.
// if config path is not set, then use the {source}/.infisical-scan.toml path.
// note that there may not be a `{source}/.infisical-scan.toml` file, this is ok.
if detector.Config.Path == "" {
detector.Config.Path = filepath.Join(source, ".gitleaks.toml")
detector.Config.Path = filepath.Join(source, config.DefaultScanConfigFileName)
}
// set verbose flag
if detector.Verbose, err = cmd.Flags().GetBool("verbose"); err != nil {
@ -341,8 +341,8 @@ var scanGitChangesCmd = &cobra.Command{
log.Fatal().Err(err).Msg("")
}
if fileExists(filepath.Join(source, ".infisicalignore")) {
if err = detector.AddGitleaksIgnore(filepath.Join(source, ".infisicalignore")); err != nil {
if fileExists(filepath.Join(source, config.DefaultInfisicalIgnoreFineName)) {
if err = detector.AddGitleaksIgnore(filepath.Join(source, config.DefaultInfisicalIgnoreFineName)); err != nil {
log.Fatal().Err(err).Msg("could not call AddInfisicalIgnore")
}
}
@ -353,6 +353,8 @@ var scanGitChangesCmd = &cobra.Command{
log.Fatal().Err(err).Msg("")
}
log.Info().Msgf("scanning for exposed secrets...")
// start git scan
var findings []report.Finding
if staged {
@ -387,7 +389,7 @@ var scanGitChangesCmd = &cobra.Command{
}
func fileExists(fileName string) bool {
// check for a .gitleaksignore file
// check for a .infisicalignore file
info, err := os.Stat(fileName)
if err != nil && !os.IsNotExist(err) {
return false

Write Preview
Loading…
Cancel
Save