search

praetorian-inc / noseyparker

Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history.
Apache License 2.0
1.66k stars 79 forks source link

Allow to ignore validation of TLS certificates #125

Closed seqre closed 7 months ago

seqre commented 7 months ago

This PR closes #116. If there's a need for tests or anything else, I can add them.

There are two approaches I see to CLI arguments:

  1. (implemented right now) For each command that interacts with certificates, add an argument to its defined arguments and pass it to the functions. It's more local, closer to actual use, yet adds more places where it needs to be maintained.
  2. Consider this to be a global argument. The plus of this approach is that there is only one place for the user to set it, and it could be easily used if additional clients were to be added in the future (e.g. GitLab or something else). The disadvantage is that it would require more modification to the code as GlobalArgs is not always passed that deep. Also, it wouldn't apply to all subcommands, so it wouldn't be truly "global".
seqre commented 7 months ago

I've applied review comments and tested manually that the flag works against self-hosted Gitea with self-signed SSL certificates. Output without the --ignore-certs:

2024-02-16T03:20:50.135120Z ERROR noseyparker_cli::cmd_scan: Failed to clone https://localhost:3000/admin2/test to /home/seqre/Projects/noseyparker/np.test/clones/https/localhost:3000/admin2/test: git execution failed
code=exit status: 128
stdout=```
```
stderr=```
Cloning into bare repository '/home/seqre/Projects/noseyparker/np.test/clones/https/localhost:3000/admin2/test'...
fatal: unable to access 'https://localhost:3000/admin2/test/': SSL certificate problem: self-signed certificate
```

Once the --ignore-certs flag was supplied, Noseyparker executed without issues.

Regarding the nice-to-have tests, I'd gladly create them, but I have no idea how to approach them. I don't think we want to spin up the git server in the CI pipeline or connect to some random git server on the Internet that doesn't have proper certificates.

bradlarsen commented 7 months ago

Regarding the nice-to-have tests, I'd gladly create them, but I have no idea how to approach them. I don't think we want to spin up the git server in the CI pipeline or connect to some random git server on the Internet that doesn't have proper certificates.

Yeah, I don't know an easy way to write those tests either. Don't worry about adding those now.

bradlarsen commented 7 months ago

Thanks @seqre!