search

GSA-TTS / tts-tech-operations

Home of the TTS Technology Portfolio team
https://handbook.tts.gsa.gov/tech-operations/
Other
5 stars 0 forks source link

IT Standards update script fails with gitleaks/caulking false positives #1520

Closed adborden closed 5 months ago

adborden commented 3 years ago

Background Information

Reproduce:

  1. Install/configure https://github.com/cloud-gov/caulking
  2. Clone https://github.com/GSA/data
  3. cd enterprise-data
  4. ./update.sh

Expected behavior:

Script runs successfully, new PR opened in web browser.

Actual:

INFO[0000] opening .
{
        "line": "Evernote,\"Evernote is a cross-platform, freemium app designed for note taking, organizing, and archiving.  The app allows users to create a \"\"note\"\" which can be a piece of formatted text, a full webpage or webpage excerpt, a photograph, a voice memo, or a handwritten \"\"ink\"\" note. Notes can also have file attachments. Notebooks can be added to a stack while notes can be sorted into a notebook, tagged, annotated, edited, given comments, searched, and exported as part of a notebook.\",Collaboration Software,Denied,Desktop,-\r",
        "lineNumber": 2,
        "offender": "users to create a \"\"note\"",
        "offenderEntropy": -1,
        "commit": "0000000000000000000000000000000000000000",
        "repo": "data",
        "repoURL": "",
        "leakURL": "",
        "rule": "Generic Username",
        "commitMessage": "",
        "author": "",
        "email": "",
        "file": "enterprise-architecture/it-standards.csv",
        "date": "1970-01-01T00:00:00Z",
        "tags": "key, username, generic"
}
{
        "line": "Reliable Controls RC-Toolkit 3.2.1.0,\"Reliable Controls RC-Toolkit is a Windows-based utility that is used to install, configure and maintain devices using ModBus, BACnet, or OpenADR.\",Building Automation,Approved,Desktop,2023-06-28\r",
        "lineNumber": 2,
        "offender": "3.2.1.0",
        "offenderEntropy": -1,
        "commit": "0000000000000000000000000000000000000000",
        "repo": "data",
        "repoURL": "",
        "leakURL": "",
        "rule": "IPv4 addresses",
        "commitMessage": "",
        "author": "",
        "email": "",
        "file": "enterprise-architecture/it-standards.csv",
        "date": "1970-01-01T00:00:00Z",
        "tags": "IPv4, IP, addresses"
}
{
        "line": "SecureAuth 9.x,\"Whether on-premises, in the Cloud or both, SecureAuth’s solutions deliver an incredible array of industry-leading (and often industry-only) capabilities for Adaptive Authentication, Single Sign-On (SSO) and User Self-Service.   \"\"RADIUS\"\" is also included as a component of this technology.\",Identity and Access Management,Approved,Server,2021-08-26\r",
        "lineNumber": 2,
        "offender": "User Self-Service.   \"\"RADIUS\"",
        "offenderEntropy": -1,
        "commit": "0000000000000000000000000000000000000000",
        "repo": "data",
        "repoURL": "",
        "leakURL": "",
        "rule": "Generic Username",
        "commitMessage": "",
        "author": "",
        "email": "",
        "file": "enterprise-architecture/it-standards.csv",
        "date": "1970-01-01T00:00:00Z",
        "tags": "key, username, generic"
}
INFO[0001] scan time: 1 second 838 milliseconds 929 microseconds
WARN[0001] leaks found: 3
Error: gitleaks has detected sensitive information in your changes.
For examples use: CHANGEME|changeme|feedabee|EXAMPLE|23.22.13.113|1234567890
If you know what you are doing you can disable this check using:
    git config --local hooks.gitleaks false;
    git commit ....;
    git config --local hooks.gitleaks true;

Implementation Steps

Acceptance Criteria

adborden commented 3 years ago

Work around:

git add -u
git commit --no-verify

Then you can submit the PR.