scan

package
v7.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 19, 2021 License: MIT Imports: 28 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func WriteReport 

func WriteReport(report Report, opts options.Options, cfg config.Config) error

WriteReport accepts a report and options and will write a report if --report has been set

Types

type ArtifactLocation 

type ArtifactLocation struct {
	URI string `json:"uri"`
}

ArtifactLocation ...

type CommitScanner 

type CommitScanner struct {
	// contains filtered or unexported fields
}

CommitScanner is a commit scanner

func NewCommitScanner 

func NewCommitScanner(opts options.Options, cfg config.Config, repo *git.Repository, commit *object.Commit) *CommitScanner

NewCommitScanner creates and returns a commit scanner

func (*CommitScanner) Scan 

func (cs *CommitScanner) Scan() (Report, error)

Scan kicks off a CommitScanner Scan

func (*CommitScanner) SetRepoName 

func (cs *CommitScanner) SetRepoName(repoName string)

SetRepoName sets the repo name of the scanner.

type CommitsScanner 

type CommitsScanner struct {
	// contains filtered or unexported fields
}

CommitsScanner is a commit scanner

func NewCommitsScanner 

func NewCommitsScanner(opts options.Options, cfg config.Config, repo *git.Repository, commits []string) *CommitsScanner

NewCommitsScanner creates and returns a commits scanner, notice the 's' in commits

func (*CommitsScanner) Scan 

func (css *CommitsScanner) Scan() (Report, error)

Scan kicks off a CommitsScanner Scan

type Driver 

type Driver struct {
	Name            string  `json:"name"`
	SemanticVersion string  `json:"semanticVersion"`
	Rules           []Rules `json:"rules"`
}

Driver ...

type FilesAtCommitScanner 

type FilesAtCommitScanner struct {
	// contains filtered or unexported fields
}

FilesAtCommitScanner is a files at commit scanner. This differs from CommitScanner as CommitScanner generates patches that are scanned. FilesAtCommitScanner instead looks at files available at a commit's worktree and scans the entire content of said files. Apologies for the awful struct name...

func NewFilesAtCommitScanner 

func NewFilesAtCommitScanner(opts options.Options, cfg config.Config, repo *git.Repository, commit *object.Commit) *FilesAtCommitScanner

NewFilesAtCommitScanner creates and returns a files at commit scanner

func (*FilesAtCommitScanner) Scan 

func (fs *FilesAtCommitScanner) Scan() (Report, error)

Scan kicks off a FilesAtCommitScanner Scan

type FullDescription 

type FullDescription struct {
	Text string `json:"text"`
}

FullDescription ...

type Leak 

type Leak struct {
	Line            string    `json:"line"`
	LineNumber      int       `json:"lineNumber"`
	Offender        string    `json:"offender"`
	OffenderEntropy float64   `json:"offenderEntropy"`
	Commit          string    `json:"commit"`
	Repo            string    `json:"repo"`
	RepoURL         string    `json:"repoURL"`
	LeakURL         string    `json:"leakURL"`
	Rule            string    `json:"rule"`
	Message         string    `json:"commitMessage"`
	Author          string    `json:"author"`
	Email           string    `json:"email"`
	File            string    `json:"file"`
	Date            time.Time `json:"date"`
	Tags            string    `json:"tags"`
}

Leak is a struct that contains information about some line of code that contains sensitive information as determined by the rules set in a gitleaks config

func NewLeak 

func NewLeak(line string, offender string, lineNumber int) Leak

NewLeak creates a new leak from common data all leaks must have, line, offender, linenumber

func RedactLeak 

func RedactLeak(leak Leak) Leak

RedactLeak will replace the offending string with "REDACTED" in both the offender and line field of the leak which.

func (Leak) Log 

func (leak Leak) Log(opts options.Options)

Log logs a leak and redacts if necessary

func (Leak) URL 

func (leak Leak) URL() string

URL generates a url to the leak if leak.RepoURL is set

func (Leak) WithCommit 

func (leak Leak) WithCommit(commit *object.Commit) Leak

WithCommit adds commit data to the leak

func (Leak) WithEntropy 

func (leak Leak) WithEntropy(entropyLevel float64) Leak

WithEntropy adds OffenderEntropy data to the leak

type Locations 

type Locations struct {
	PhysicalLocation PhysicalLocation `json:"physicalLocation"`
}

Locations ...

type Message 

type Message struct {
	Text string `json:"text"`
}

Message ...

type NoGitScanner 

type NoGitScanner struct {
	// contains filtered or unexported fields
}

NoGitScanner is a scanner that absolutely despises git

func NewNoGitScanner 

func NewNoGitScanner(opts options.Options, cfg config.Config) *NoGitScanner

NewNoGitScanner creates and returns a nogit scanner. This is used for scanning files and directories

func (*NoGitScanner) Scan 

func (ngs *NoGitScanner) Scan() (Report, error)

Scan kicks off a NoGitScanner Scan

type ParentScanner 

type ParentScanner struct {
	// contains filtered or unexported fields
}

ParentScanner is a parent directory scanner

func NewParentScanner 

func NewParentScanner(opts options.Options, cfg config.Config) *ParentScanner

NewParentScanner creates and returns a directory scanner

func (*ParentScanner) Scan 

func (ds *ParentScanner) Scan() (Report, error)

Scan kicks off a ParentScanner scan. This uses the directory from --path to discovery repos

type PhysicalLocation 

type PhysicalLocation struct {
	ArtifactLocation ArtifactLocation `json:"artifactLocation"`
	Region           Region           `json:"region"`
}

PhysicalLocation ...

type Region 

type Region struct {
	StartLine int     `json:"startLine"`
	Snippet   Snippet `json:"snippet"`
}

Region ...

type RepoScanner 

type RepoScanner struct {
	// contains filtered or unexported fields
}

RepoScanner is a repo scanner

func NewRepoScanner 

func NewRepoScanner(opts options.Options, cfg config.Config, repo *git.Repository) *RepoScanner

NewRepoScanner returns a new repo scanner (go figure). This function also sets up the leak listener for multi-threaded awesomeness.

func (*RepoScanner) Scan 

func (rs *RepoScanner) Scan() (Report, error)

Scan kicks of a repo scan

func (*RepoScanner) SetRepoName 

func (rs *RepoScanner) SetRepoName(repoName string)

SetRepoName sets the repo name

type Report 

type Report struct {
	Leaks   []Leak
	Commits int
}

Report is a container for leaks and number of commits scanned

type ResultProperties 

type ResultProperties struct {
	Commit        string    `json:"commit"`
	Offender      string    `json:"offender"`
	Date          time.Time `json:"date"`
	Author        string    `json:"author"`
	Email         string    `json:"email"`
	CommitMessage string    `json:"commitMessage"`
	Repo          string    `json:"repo"`
}

ResultProperties ...

type Results 

type Results struct {
	Message    Message          `json:"message"`
	Properties ResultProperties `json:"properties"`
	Locations  []Locations      `json:"locations"`
}

Results ...

type Rules 

type Rules struct {
	ID   string `json:"id"`
	Name string `json:"name"`
}

Rules ...

type Runs 

type Runs struct {
	Tool    Tool      `json:"tool"`
	Results []Results `json:"results"`
}

Runs ...

type Sarif 

type Sarif struct {
	Schema  string `json:"$schema"`
	Version string `json:"version"`
	Runs    []Runs `json:"runs"`
}

Sarif ...

type Scanner 

type Scanner interface {
	Scan() (Report, error)
}

Scanner abstracts unique scanner internals while exposing the Scan function which returns a report.

func NewScanner 

func NewScanner(opts options.Options, cfg config.Config) (Scanner, error)

NewScanner accepts options and a config which will be used to determine and create a new scanner which is then returned.

type ScannerType 

type ScannerType int

ScannerType is the scanner type which is determined based on program arguments

type ShortDescription 

type ShortDescription struct {
	Text string `json:"text"`
}

ShortDescription ...

type Snippet 

type Snippet struct {
	Text string `json:"text"`
}

Snippet ...

type Throttle 

type Throttle struct {
	// contains filtered or unexported fields
}

Throttle is a struct that limits the number of concurrent goroutines and sets the number of threads available for gitleaks to use via GOMAXPROCS.

func NewThrottle 

func NewThrottle(opts options.Options) *Throttle

NewThrottle accepts some options and returns a throttle for scanners to use

func (*Throttle) Limit 

func (t *Throttle) Limit()

Limit blocks new goroutines from spinning up if throttle is at capacity

func (*Throttle) Release 

func (t *Throttle) Release()

Release releases the hold on the throttle, allowing more goroutines to be spun up

type Tool 

type Tool struct {
	Driver Driver `json:"driver"`
}

Tool ...

type UnstagedScanner 

type UnstagedScanner struct {
	// contains filtered or unexported fields
}

UnstagedScanner is an unstaged scanner. This is the scanner used when you don't provide program arguments which will then scan your PWD. This scans unstaged changes in your repo.

func NewUnstagedScanner 

func NewUnstagedScanner(opts options.Options, cfg config.Config, repo *git.Repository) *UnstagedScanner

NewUnstagedScanner returns an unstaged scanner

func (*UnstagedScanner) Scan 

func (us *UnstagedScanner) Scan() (Report, error)

Scan kicks off an unstaged scan. This will attempt to determine unstaged changes which are then scanned.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.