Commit 5c4ddf44 authored by Lucas Charles's avatar Lucas Charles

Merge branch 'disable-rulesets' into 'master'

Enable disablement of rulesets

See merge request !86
parents 9ecdc734 32b7cd68
Pipeline #222683880 passed with stages
in 5 minutes and 32 seconds
# Secrets analyzer changelog
## v3.12.0
- Add disablement of rulesets (!86)
## v3.11.1
- Add invalid line number warning message to the vulnerability description (!84)
- Change invalid line "-1" in vulnerability location to default to "1" (!84)
......
package main
import (
"os"
"path/filepath"
"sort"
"strings"
"time"
log "github.com/sirupsen/logrus"
......@@ -26,17 +24,16 @@ func analyze(c *cli.Context, path string, startTime issue.ScanTime) (*issue.Repo
customRuleset, err := ruleset.Load(rulesetPath, "secrets")
if err != nil {
switch err.(type) {
case *os.PathError:
// Couldn't load an optional custom ruleset file
case *ruleset.NotEnabledError:
log.Debug(err)
case *ruleset.ConfigFileNotFoundError:
log.Debug(err)
case *ruleset.ConfigNotFoundError:
log.Debug(err)
case *ruleset.InvalidConfig:
log.Fatal(err)
default:
// TODO: replace with type check
// The ruleset file did not include a `secrets` analyzer section.
if strings.HasPrefix(err.Error(), "unable to find a custom ruleset") {
log.Debug(err)
} else {
return nil, err
}
return nil, err
}
}
......@@ -77,6 +74,8 @@ func analyze(c *cli.Context, path string, startTime issue.ScanTime) (*issue.Repo
issues = []issue.Issue{}
}
report := issue.NewReport()
report.Analyzer = "gitleaks"
report.Config.Path = ruleset.PathSecretDetection
report.Vulnerabilities = issues
report.Scan.Scanner = metadata.ReportScanner
report.Scan.Type = metadata.Type
......
......@@ -14,7 +14,7 @@ const (
)
// ConfigPath will look at rulesets to determine the path for the gitleaks.toml
func ConfigPath(projectPath string, customRuleset *ruleset.Ruleset) (string, error) {
func ConfigPath(projectPath string, customRuleset *ruleset.Config) (string, error) {
// Set path to default
pathGitleaksConfig := DefaultPathGitleaksConfig
......
......@@ -12,7 +12,7 @@ func TestConfigPath(t *testing.T) {
rootPath := "/root/path"
tests := []struct {
name string
in *ruleset.Ruleset
in *ruleset.Config
want string
}{
{
......@@ -22,7 +22,7 @@ func TestConfigPath(t *testing.T) {
},
{
"passthrough without a mathing target",
&ruleset.Ruleset{
&ruleset.Config{
PassThrough: []ruleset.PassThrough{
{
Type: ruleset.PassThroughFile,
......@@ -34,7 +34,7 @@ func TestConfigPath(t *testing.T) {
},
{
"PassThrough File",
&ruleset.Ruleset{
&ruleset.Config{
PassThrough: []ruleset.PassThrough{
{
Type: ruleset.PassThroughFile,
......@@ -64,7 +64,7 @@ func TestConfigPath(t *testing.T) {
func TestConfigPathWithPassThroughRaw(t *testing.T) {
rawGitleaksConfig := "the most raw"
rs := &ruleset.Ruleset{
rs := &ruleset.Config{
PassThrough: []ruleset.PassThrough{
{
Type: ruleset.PassThroughRaw,
......
......@@ -58,6 +58,8 @@ github.com/otiai10/mint v1.3.1 h1:BCmzIS3n71sGfHB5NMNDB3lHYPz8fWSkCAErHed//qc=
github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc=
github.com/pelletier/go-buffruneio v0.2.0 h1:U4t4R6YkofJ5xHm3dJzuRpPZ0mr5MMCoAWooScCR7aA=
github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtbSNq5BcowyYOWdKo=
github.com/pelletier/go-toml v1.8.1 h1:1Nf83orprkJyknT6h7zbuEGUEjcyVlCxSUGTENmNCRM=
github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc=
github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
......@@ -84,8 +86,8 @@ github.com/urfave/cli v1.22.4 h1:u7tSpNPPswAFymm8IehJhy4uJMlUuU/GmqSkvJ1InXA=
github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
github.com/xanzy/ssh-agent v0.2.1 h1:TCbipTQL2JiiCprBWx9frJ2eJlCYT00NmctrHxVAr70=
github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4=
gitlab.com/gitlab-org/security-products/analyzers/common/v2 v2.20.3 h1:je2us8hGBJo71W2Sl+glORgU5hUJ5cKQ+YNonPk3Hho=
gitlab.com/gitlab-org/security-products/analyzers/common/v2 v2.20.3/go.mod h1:OyejKwW6MJQTfOO34XYhVzXzftggmMNI7q5cB28boAo=
gitlab.com/gitlab-org/security-products/analyzers/common/v2 v2.21.3 h1:pwUYIL1bTiCs32N6s+lcMZRu+crkBlB4STQq4PS025A=
gitlab.com/gitlab-org/security-products/analyzers/common/v2 v2.21.3/go.mod h1:QC173T50ehSiRMHDrUR6hgmp2NVlGrwa2D4HXYzucRs=
golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4 h1:HuIa8hRrWRSrqYzx1qI49NNxhdi2PrY7gxVSq1JjLDc=
......
......@@ -107,6 +107,7 @@ func runCommand() cli.Command {
// filter paths, sort
report.ExcludePaths(filter.IsExcluded)
report.FilterDisabledRules(filepath.Join(targetDir, report.Config.Path), report.Analyzer)
report.Sort()
// Writing both SAST and Secret Detection artifacts. Eventually we will remove the SAST artifact once
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment