search

cloud-gov / caulking

Prevent leaks with gitleaks, and use tests to validate
Other
32 stars 11 forks source link

Only check files to be committed #41

Closed bengerman13 closed 2 years ago

bengerman13 commented 3 years ago

Currently, caulking checks all modified files for suspected leaks, not just those to be committed. It would be a much better experience to only check those files that are being committed.

Example:

$ git diff --cached
diff --git a/.gitignore b/.gitignore
index 8f8109e..177b00d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@ venv
 .vscode
 **/__pycache__/*

+flask_session

$ git commit -m 'not gonna work'
{
        "line": "    monkeypatch.setenv(\"UAA_AUTH_URL\", \"https://uaa.example.com/authorize\")",
        "lineNumber": 24,
        "offender": "keypatch.setenv(\"UAA_AUTH_URL\"",
        "commit": "0000000000000000000000000000000000000000",
        "repo": "kibana-cf-auth-proxy",
        "rule": "Generic Credential",
        "commitMessage": "***STAGED CHANGES***",
        "author": "",
        "email": "",
        "file": "tests/unit/test_config.py",
        "date": "1970-01-01T00:00:00Z",
        "tags": "key, API, generic",
        "operation": "equal"
}
WARN[2021-01-21T15:53:35-08:00] 3 leaks detected in staged changes           
Error: gitleaks has detected sensitive information in your changes.
For examples use: CHANGEME|changeme|feedabee|EXAMPLE|23.22.13.113|1234567890
If you know what you are doing you can disable this check using:
    git config --local hooks.gitleaks false; 
    git commit ....; 
    git config --local hooks.gitleaks true;
pburkholder commented 3 years ago

42 should address this, @bengerman13 -- care to give it a whirl?

bengerman13 commented 3 years ago

Sure - is it just a matter of checking out the branch and running make then retesting?

pburkholder commented 3 years ago

Hold off. I see there are errors I need to fix.

On Mon, Jan 25, 2021 at 6:43 PM Ben Berry notifications@github.com wrote:

Sure - is it just a matter of checking out the branch and running make then retesting?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/cloud-gov/caulking/issues/41#issuecomment-767184077, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJHWCT2ZQIDWXBJ3QHR55TS3X6YHANCNFSM4WNV5KRA .

--

*Peter Burkholder | *cloud.gov https://cloud.gov compliance & security please use cloud-gov-compliance@gsa.gov for cloud.gov matters

202-709-2028 <(202)%20209-2028> | peter.burkholder@gsa.gov peter.burkholder@gsa.gov

| pronouns he-him https://www.mypronouns.org/he-him Free/Busy Calendar https://calendar.google.com/calendar/embed?src=peter.burkholder@gsa.gov