Skip to content

Commit

Permalink
Feat/add fingerprint no git (gitleaks#952)
Browse files Browse the repository at this point in the history
* no-git support fingerprint support

* updating gitleaksignore w/ no-git false positives

* fix test
  • Loading branch information
zricethezav authored Aug 12, 2022
1 parent 6748a89 commit 1b3f10c
Show file tree
Hide file tree
Showing 4 changed files with 69 additions and 1 deletion.
62 changes: 62 additions & 0 deletions .gitleaksignore
Original file line number Diff line number Diff line change
Expand Up @@ -651,3 +651,65 @@ bc26e979c5911cf647c1bede0b3700ebaaa454c8:checks_test.go:aws-access-token:36
8f352bd840f028b481dc725b77d2f4904b77913b:checks_test.go:aws-access-token:34
ec2fc9d6cb0954fb3b57201cf6133c48d8ca0d29:checks_test.go:aws-access-token:37
06c9e824d5985c8e8789321ae70de7ace3b093dc:main.go:aws-access-token:15

README.md:aws-access-token:204
README.md:aws-access-token:205
README.md:aws-access-token:244
cmd/generate/config/rules/privatekey.go:private-key:19
cmd/generate/config/rules/generic.go:clojars-api-token:43
cmd/generate/config/rules/generic.go:generic-api-key:45
cmd/generate/config/rules/generic.go:generic-api-key:46
cmd/generate/config/rules/sidekiq.go:sidekiq-secret:22
cmd/generate/config/rules/sidekiq.go:sidekiq-secret:23
cmd/generate/config/rules/sidekiq.go:sidekiq-secret:24
cmd/generate/config/rules/sidekiq.go:sidekiq-secret:28
cmd/generate/config/rules/sidekiq.go:sidekiq-secret:29
cmd/generate/config/rules/sidekiq.go:sidekiq-sensitive-url:46
cmd/generate/config/rules/sidekiq.go:sidekiq-sensitive-url:48
cmd/generate/config/rules/sidekiq.go:sidekiq-sensitive-url:50
cmd/generate/config/rules/sidekiq.go:sidekiq-sensitive-url:52
cmd/generate/config/rules/sidekiq.go:sidekiq-sensitive-url:54
cmd/generate/config/rules/sidekiq.go:sidekiq-sensitive-url:55
cmd/generate/config/rules/sidekiq.go:sidekiq-sensitive-url:56
cmd/generate/config/rules/sidekiq.go:sidekiq-sensitive-url:57
config/config_test.go:aws-access-token:31
detect/detect_test.go:sidekiq-secret:120
detect/detect_test.go:sidekiq-secret:126
detect/detect_test.go:sidekiq-secret:142
detect/detect_test.go:aws-access-token:50
detect/detect_test.go:aws-access-token:60
detect/detect_test.go:aws-access-token:61
detect/detect_test.go:aws-access-token:98
detect/detect_test.go:aws-access-token:104
detect/detect_test.go:aws-access-token:105
detect/detect_test.go:aws-access-token:186
detect/detect_test.go:aws-access-token:194
detect/detect_test.go:aws-access-token:202
detect/detect_test.go:aws-access-token:288
detect/detect_test.go:aws-access-token:296
detect/detect_test.go:aws-access-token:359
detect/detect_test.go:aws-access-token:360
detect/detect_test.go:aws-access-token:378
detect/detect_test.go:aws-access-token:379
detect/detect_test.go:aws-access-token:404
detect/detect_test.go:aws-access-token:405
detect/detect_test.go:aws-access-token:480
detect/detect_test.go:aws-access-token:481
detect/detect_test.go:aws-access-token:499
detect/detect_test.go:aws-access-token:500
detect/detect_test.go:sidekiq-sensitive-url:164
detect/detect_test.go:sidekiq-sensitive-url:170
detect/detect_test.go:pypi-upload-token:76
detect/detect_test.go:pypi-upload-token:82
detect/detect_test.go:pypi-upload-token:83
detect/detect_test.go:discord-api-token:211
detect/detect_test.go:discord-api-token:233
detect/detect_test.go:discord-api-token:241
detect/detect_test.go:discord-api-token:263
detect/detect_test.go:discord-api-token:279
testdata/config/allow_aws_re.toml:aws-access-token:9
testdata/config/allow_global_aws_re.toml:aws-access-token:8
testdata/expected/git/small-branch-foo.txt:aws-access-token:15
testdata/expected/git/small.txt:aws-access-token:15
testdata/expected/git/small.txt:aws-access-token:44
testdata/repos/nogit/main.go:aws-access-token:20
5 changes: 5 additions & 0 deletions detect/detect.go
Original file line number Diff line number Diff line change
Expand Up @@ -450,6 +450,11 @@ func (d *Detector) Detect(fragment Fragment) []report.Finding {

// addFinding synchronously adds a finding to the findings slice
func (d *Detector) addFinding(finding report.Finding) {
if finding.Commit == "" {
finding.Fingerprint = fmt.Sprintf("%s:%s:%d", finding.File, finding.RuleID, finding.StartLine)
} else {
finding.Fingerprint = fmt.Sprintf("%s:%s:%s:%d", finding.Commit, finding.File, finding.RuleID, finding.StartLine)
}
// check if we should ignore this finding
if _, ok := d.gitleaksIgnore[finding.Fingerprint]; ok {
log.Debug().Msgf("ignoring finding with Fingerprint %s",
Expand Down
2 changes: 2 additions & 0 deletions detect/detect_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -483,6 +483,7 @@ func TestFromFiles(t *testing.T) {
RuleID: "aws-access-key",
Tags: []string{"key", "AWS"},
Entropy: 3.0841837,
Fingerprint: "../testdata/repos/nogit/main.go:aws-access-key:20",
},
},
},
Expand All @@ -502,6 +503,7 @@ func TestFromFiles(t *testing.T) {
RuleID: "aws-access-key",
Tags: []string{"key", "AWS"},
Entropy: 3.0841837,
Fingerprint: "../testdata/repos/nogit/main.go:aws-access-key:20",
},
},
},
Expand Down
1 change: 0 additions & 1 deletion detect/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@ func augmentGitFinding(finding report.Finding, textFragment *gitdiff.TextFragmen
}
finding.Date = f.PatchHeader.AuthorDate.UTC().Format(time.RFC3339)
}
finding.Fingerprint = fmt.Sprintf("%s:%s:%s:%d", finding.Commit, finding.File, finding.RuleID, finding.StartLine)
return finding
}

Expand Down

0 comments on commit 1b3f10c

Please sign in to comment.