scan

package
v7.6.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 9, 2021 License: MIT Imports: 29 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func WriteReport added in v7.0.2

func WriteReport(report Report, opts options.Options, cfg config.Config) error

WriteReport accepts a report and options and will write a report if --report has been set

Types

type ArtifactLocation added in v7.0.2

type ArtifactLocation struct {
	URI string `json:"uri"`
}

ArtifactLocation ...

type CommitScanner

type CommitScanner struct {
	// contains filtered or unexported fields
}

CommitScanner is a commit scanner

func NewCommitScanner

func NewCommitScanner(opts options.Options, cfg config.Config, repo *git.Repository, commit *object.Commit) *CommitScanner

NewCommitScanner creates and returns a commit scanner

func (*CommitScanner) Scan

func (cs *CommitScanner) Scan() (Report, error)

Scan kicks off a CommitScanner Scan

func (*CommitScanner) SetRepoName added in v7.0.2

func (cs *CommitScanner) SetRepoName(repoName string)

SetRepoName sets the repo name of the scanner.

type CommitsScanner

type CommitsScanner struct {
	// contains filtered or unexported fields
}

CommitsScanner is a commit scanner

func NewCommitsScanner

func NewCommitsScanner(opts options.Options, cfg config.Config, repo *git.Repository, commits []string) *CommitsScanner

NewCommitsScanner creates and returns a commits scanner, notice the 's' in commits

func (*CommitsScanner) Scan

func (css *CommitsScanner) Scan() (Report, error)

Scan kicks off a CommitsScanner Scan

type Driver added in v7.0.2

type Driver struct {
	Name            string  `json:"name"`
	SemanticVersion string  `json:"semanticVersion"`
	Rules           []Rules `json:"rules"`
}

Driver ...

type FilesAtCommitScanner

type FilesAtCommitScanner struct {
	// contains filtered or unexported fields
}

FilesAtCommitScanner is a files at commit scanner. This differs from CommitScanner as CommitScanner generates patches that are scanned. FilesAtCommitScanner instead looks at files available at a commit's worktree and scans the entire content of said files. Apologies for the awful struct name...

func NewFilesAtCommitScanner

func NewFilesAtCommitScanner(opts options.Options, cfg config.Config, repo *git.Repository, commit *object.Commit) *FilesAtCommitScanner

NewFilesAtCommitScanner creates and returns a files at commit scanner

func (*FilesAtCommitScanner) Scan

func (fs *FilesAtCommitScanner) Scan() (Report, error)

Scan kicks off a FilesAtCommitScanner Scan

type FullDescription added in v7.0.2

type FullDescription struct {
	Text string `json:"text"`
}

FullDescription ...

type Leak added in v7.0.2

type Leak struct {
	Line            string    `json:"line"`
	LineNumber      int       `json:"lineNumber"`
	Offender        string    `json:"offender"`
	OffenderEntropy float64   `json:"offenderEntropy"`
	Commit          string    `json:"commit"`
	Repo            string    `json:"repo"`
	RepoURL         string    `json:"repoURL"`
	LeakURL         string    `json:"leakURL"`
	Rule            string    `json:"rule"`
	Message         string    `json:"commitMessage"`
	Author          string    `json:"author"`
	Email           string    `json:"email"`
	File            string    `json:"file"`
	Date            time.Time `json:"date"`
	Tags            string    `json:"tags"`
}

Leak is a struct that contains information about some line of code that contains sensitive information as determined by the rules set in a gitleaks config

func NewLeak added in v7.0.2

func NewLeak(line string, offender string, lineNumber int) Leak

NewLeak creates a new leak from common data all leaks must have, line, offender, linenumber

func RedactLeak added in v7.0.2

func RedactLeak(leak Leak) Leak

RedactLeak will replace the offending string with "REDACTED" in both the offender and line field of the leak which.

func (Leak) Log added in v7.0.2

func (leak Leak) Log(opts options.Options)

Log logs a leak and redacts if necessary

func (Leak) URL added in v7.0.2

func (leak Leak) URL() string

URL generates a url to the leak if leak.RepoURL is set

func (Leak) WithCommit added in v7.0.2

func (leak Leak) WithCommit(commit *object.Commit) Leak

WithCommit adds commit data to the leak

func (Leak) WithEntropy added in v7.5.0

func (leak Leak) WithEntropy(entropyLevel float64) Leak

WithEntropy adds OffenderEntropy data to the leak

type Locations added in v7.0.2

type Locations struct {
	PhysicalLocation PhysicalLocation `json:"physicalLocation"`
}

Locations ...

type Message added in v7.0.2

type Message struct {
	Text string `json:"text"`
}

Message ...

type NoGitScanner

type NoGitScanner struct {
	// contains filtered or unexported fields
}

NoGitScanner is a scanner that absolutely despises git

func NewNoGitScanner

func NewNoGitScanner(opts options.Options, cfg config.Config) *NoGitScanner

NewNoGitScanner creates and returns a nogit scanner. This is used for scanning files and directories

func (*NoGitScanner) Scan

func (ngs *NoGitScanner) Scan() (Report, error)

Scan kicks off a NoGitScanner Scan

type ParentScanner

type ParentScanner struct {
	// contains filtered or unexported fields
}

ParentScanner is a parent directory scanner

func NewParentScanner

func NewParentScanner(opts options.Options, cfg config.Config) *ParentScanner

NewParentScanner creates and returns a directory scanner

func (*ParentScanner) Scan

func (ds *ParentScanner) Scan() (Report, error)

Scan kicks off a ParentScanner scan. This uses the directory from --path to discovery repos

type PhysicalLocation added in v7.0.2

type PhysicalLocation struct {
	ArtifactLocation ArtifactLocation `json:"artifactLocation"`
	Region           Region           `json:"region"`
}

PhysicalLocation ...

type Region added in v7.0.2

type Region struct {
	StartLine int     `json:"startLine"`
	Snippet   Snippet `json:"snippet"`
}

Region ...

type RepoScanner

type RepoScanner struct {
	// contains filtered or unexported fields
}

RepoScanner is a repo scanner

func NewRepoScanner

func NewRepoScanner(opts options.Options, cfg config.Config, repo *git.Repository) *RepoScanner

NewRepoScanner returns a new repo scanner (go figure). This function also sets up the leak listener for multi-threaded awesomeness.

func (*RepoScanner) Scan

func (rs *RepoScanner) Scan() (Report, error)

Scan kicks of a repo scan

func (*RepoScanner) SetRepoName added in v7.1.0

func (rs *RepoScanner) SetRepoName(repoName string)

SetRepoName sets the repo name

type Report added in v7.0.2

type Report struct {
	Leaks   []Leak
	Commits int
}

Report is a container for leaks and number of commits scanned

type ResultProperties added in v7.0.2

type ResultProperties struct {
	Commit        string    `json:"commit"`
	Offender      string    `json:"offender"`
	Date          time.Time `json:"date"`
	Author        string    `json:"author"`
	Email         string    `json:"email"`
	CommitMessage string    `json:"commitMessage"`
	Repo          string    `json:"repo"`
}

ResultProperties ...

type Results added in v7.0.2

type Results struct {
	Message    Message          `json:"message"`
	RuleId     string           `json:"ruleId"`
	Properties ResultProperties `json:"properties"`
	Locations  []Locations      `json:"locations"`
}

Results ...

type Rules added in v7.0.2

type Rules struct {
	ID   string `json:"id"`
	Name string `json:"name"`
}

Rules ...

type Runs added in v7.0.2

type Runs struct {
	Tool    Tool      `json:"tool"`
	Results []Results `json:"results"`
}

Runs ...

type Sarif added in v7.0.2

type Sarif struct {
	Schema  string `json:"$schema"`
	Version string `json:"version"`
	Runs    []Runs `json:"runs"`
}

Sarif ...

type Scanner

type Scanner interface {
	Scan() (Report, error)
}

Scanner abstracts unique scanner internals while exposing the Scan function which returns a report.

func NewScanner

func NewScanner(opts options.Options, cfg config.Config) (Scanner, error)

NewScanner accepts options and a config which will be used to determine and create a new scanner which is then returned.

type ScannerType

type ScannerType int

ScannerType is the scanner type which is determined based on program arguments

type ShortDescription added in v7.0.2

type ShortDescription struct {
	Text string `json:"text"`
}

ShortDescription ...

type Snippet added in v7.0.2

type Snippet struct {
	Text string `json:"text"`
}

Snippet ...

type Throttle added in v7.1.0

type Throttle struct {
	// contains filtered or unexported fields
}

Throttle is a struct that limits the number of concurrent goroutines and sets the number of threads available for gitleaks to use via GOMAXPROCS.

func NewThrottle added in v7.1.0

func NewThrottle(opts options.Options) *Throttle

NewThrottle accepts some options and returns a throttle for scanners to use

func (*Throttle) Limit added in v7.1.0

func (t *Throttle) Limit()

Limit blocks new goroutines from spinning up if throttle is at capacity

func (*Throttle) Release added in v7.1.0

func (t *Throttle) Release()

Release releases the hold on the throttle, allowing more goroutines to be spun up

type Tool added in v7.0.2

type Tool struct {
	Driver Driver `json:"driver"`
}

Tool ...

type UnstagedScanner

type UnstagedScanner struct {
	// contains filtered or unexported fields
}

UnstagedScanner is an unstaged scanner. This is the scanner used when you don't provide program arguments which will then scan your PWD. This scans unstaged changes in your repo.

func NewUnstagedScanner

func NewUnstagedScanner(opts options.Options, cfg config.Config, repo *git.Repository) *UnstagedScanner

NewUnstagedScanner returns an unstaged scanner

func (*UnstagedScanner) Scan

func (us *UnstagedScanner) Scan() (Report, error)

Scan kicks off an unstaged scan. This will attempt to determine unstaged changes which are then scanned.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL