Commit 8633de4b authored by Maximilian Dolling's avatar Maximilian Dolling
Browse files

Merge branch 'fix-gitleaks-usage' into 'dev'

Fix gitleaks usage

See merge request id2/software/services/fair/software-quality-assurance!62
parents 57520667 d942c38e
...@@ -18,9 +18,9 @@ ...@@ -18,9 +18,9 @@
**Software Location:** [git](git.gfz-potsdam.de/id2/software/services/fair/software-quality-assurance) **Software Location:** [git](git.gfz-potsdam.de/id2/software/services/fair/software-quality-assurance)
**Last Commit:** 968f640a5663535a457452a5ebc144432fc8486d **Last Commit:** 36c90d9c6992ff961a832f00f37173faeff46217
**Report Time:** 30/03/2021 09:49:57 UTC **Report Time:** 30/03/2021 09:53:41 UTC
**Report Version:** 0.6.0 **Report Version:** 0.6.0
...@@ -61,8 +61,8 @@ ...@@ -61,8 +61,8 @@
|Language|Percentage| |Language|Percentage|
|---|---| |---|---|
|Python|92.74| |Python|92.60|
|Shell|4.24| |Shell|4.37|
|Dockerfile|1.60| |Dockerfile|1.60|
|HTML|1.34| |HTML|1.34|
|Ruby|0.08| |Ruby|0.08|
......
...@@ -66,18 +66,24 @@ class CheckCredentials(Service): ...@@ -66,18 +66,24 @@ class CheckCredentials(Service):
if self.service_config is not None: if self.service_config is not None:
gitleaks_command = ( gitleaks_command = (
f'gitleaks --repo-path="{self.sqa.config.repository_dir}" ' f'gitleaks --path="{self.sqa.config.repository_dir}" '
f'--config="{self.service_config}" ' f'--config-path="{self.service_config}" '
f'--report="{self.sqa.config.sub_report_dir}/check_credentials.json" ' f'--report="{self.sqa.config.sub_report_dir}/check_credentials.json" '
f"--leaks-exit-code=2 "
f'> "{self.sqa.config.sub_report_dir}/check_credentials.log"' f'> "{self.sqa.config.sub_report_dir}/check_credentials.log"'
) )
else: else:
gitleaks_command = ( gitleaks_command = (
f'gitleaks --repo-path="{self.sqa.config.repository_dir}" ' f'gitleaks --path="{self.sqa.config.repository_dir}" '
f'--report="{self.sqa.config.sub_report_dir}/check_credentials.json" ' f'--report="{self.sqa.config.sub_report_dir}/check_credentials.json" '
f"--leaks-exit-code=2 "
f'> "{self.sqa.config.sub_report_dir}/check_credentials.log"' f'> "{self.sqa.config.sub_report_dir}/check_credentials.log"'
) )
# the return of os.system returns a 16 bit integer, which is why the exit codes have the following meaning:
# 0 = OK, no leak
# 256 = ERROR
# 512 = OK, leak
self.result["exit status"] = os.system(gitleaks_command) self.result["exit status"] = os.system(gitleaks_command)
with open( with open(
...@@ -86,46 +92,41 @@ class CheckCredentials(Service): ...@@ -86,46 +92,41 @@ class CheckCredentials(Service):
self.result["log"] = log.read().replace("\n", "") self.result["log"] = log.read().replace("\n", "")
if self.result["exit status"] == 0: if self.result["exit status"] == 0:
if os.path.isfile( self.result["summary"] = "No leaks detected."
elif self.result["exit status"] == 256:
self.result["summary"] = "gitleaks had an error."
elif self.result["exit status"] == 512:
with open(
f"{self.sqa.config.sub_report_dir}/check_credentials.json" f"{self.sqa.config.sub_report_dir}/check_credentials.json"
): ) as cc_json_file:
with open( check_credentials_json = json.load(cc_json_file)
f"{self.sqa.config.sub_report_dir}/check_credentials.json"
) as cc_json_file:
check_credentials_json = json.load(cc_json_file)
cc_json_file.close()
self.result[
"summary"
] = f"{len(check_credentials_json)} possible leaks detected."
for item in check_credentials_json:
if item["rule"] not in self.result["leaks"]:
self.result["leaks"][item["rule"]] = {}
if item["file"] not in self.result["leaks"][item["rule"]]:
self.result["leaks"][item["rule"]][item["file"]] = {}
index = 0
else:
index = (
list(
self.result["leaks"][item["rule"]][item["file"]].keys()
)[-1]
+ 1
)
self.result["leaks"][item["rule"]][item["file"]][index] = {
"offender": item["offender"],
"commit": item["commit"],
}
else:
self.result["summary"] = "No leaks detected."
else:
self.result[ self.result[
"summary" "summary"
] = f"gitleaks had an error and exited with status code {self.result['exit status']}." ] = f"{len(check_credentials_json)} possible leaks detected."
if self.sqa.config.test_mode:
self.result["summary"] = "999 vulnerabilities found" for item in check_credentials_json:
if item["rule"] not in self.result["leaks"]:
self.result["leaks"][item["rule"]] = {}
if item["file"] not in self.result["leaks"][item["rule"]]:
self.result["leaks"][item["rule"]][item["file"]] = {}
index = 0
else:
index = (
list(self.result["leaks"][item["rule"]][item["file"]].keys())[
-1
]
+ 1
)
self.result["leaks"][item["rule"]][item["file"]][index] = {
"offender": item["offender"],
"commit": item["commit"],
}
# if self.sqa.config.test_mode:
# self.result["summary"] = "999 vulnerabilities found"
self.result = order_dict(self.result) self.result = order_dict(self.result)
...@@ -134,7 +135,7 @@ class CheckCredentials(Service): ...@@ -134,7 +135,7 @@ class CheckCredentials(Service):
md_result += f'**{self.result["summary"]}**\n\n' md_result += f'**{self.result["summary"]}**\n\n'
if self.result["exit status"] != 0: if self.result["exit status"] == 256:
md_result += "**gitleaks log**\n\n" md_result += "**gitleaks log**\n\n"
md_result += f'{self.result["log"]}\n\n' md_result += f'{self.result["log"]}\n\n'
...@@ -158,7 +159,7 @@ class CheckCredentials(Service): ...@@ -158,7 +159,7 @@ class CheckCredentials(Service):
cli_result += f'{self.result["summary"]}\n' cli_result += f'{self.result["summary"]}\n'
if self.result["exit status"] != 0: if self.result["exit status"] == 256:
cli_result += "gitleaks log:\n\n" cli_result += "gitleaks log:\n\n"
cli_result += f'{self.result["log"]}\n\n' cli_result += f'{self.result["log"]}\n\n'
......
...@@ -41,10 +41,10 @@ from schema import And, Optional, Schema, SchemaError ...@@ -41,10 +41,10 @@ from schema import And, Optional, Schema, SchemaError
from sqa.helper import ( from sqa.helper import (
delete_multiple_lines, delete_multiple_lines,
non_empty_str, non_empty_str,
order_dict,
valid_py_regex, valid_py_regex,
valid_spdx_identifier, valid_spdx_identifier,
) )
from sqa.helper import order_dict
from ..service import Service from ..service import Service
......
...@@ -35,6 +35,12 @@ docker build --pull \ ...@@ -35,6 +35,12 @@ docker build --pull \
cp "$PWD/tests/test_project/QUALITY.md" "$PWD/tests/test_project/test_report.md" cp "$PWD/tests/test_project/QUALITY.md" "$PWD/tests/test_project/test_report.md"
#docker run -it \
# -v "$PWD/tests/test_project:/repo" \
# -u "$(id -u "${USER}")":"$(id -g "${USER}")" \
# localdev \
# sh
docker run -v "$PWD/tests/test_project:/repo" \ docker run -v "$PWD/tests/test_project:/repo" \
-u "$(id -u "${USER}")":"$(id -g "${USER}")" \ -u "$(id -u "${USER}")":"$(id -g "${USER}")" \
localdev \ localdev \
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment