trufflehog/pkg/engine/git.go

package engine

import (
	"context"
	"fmt"
	"runtime"

	gogit "github.com/go-git/go-git/v5"
	"github.com/go-git/go-git/v5/plumbing"
	"github.com/go-git/go-git/v5/plumbing/object"
	"github.com/sirupsen/logrus"
	"github.com/trufflesecurity/trufflehog/v3/pkg/common"
	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/source_metadatapb"
	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/sourcespb"
	"github.com/trufflesecurity/trufflehog/v3/pkg/sources/git"
)

func (e *Engine) ScanGit(ctx context.Context, repoPath, headRef, baseRef string, maxDepth int, filter *common.Filter) error {
	repo, err := gogit.PlainOpenWithOptions(repoPath, &gogit.PlainOpenOptions{DetectDotGit: true})
	if err != nil {
		return fmt.Errorf("could open repo: %s: %w", repoPath, err)
	}

	logOptions := &gogit.LogOptions{
		All: true,
	}

	var sinceCommit, headCommit *object.Commit
	if len(baseRef) > 0 {
		baseHash := plumbing.NewHash(baseRef)
		if baseHash.IsZero() {
			base, err := git.TryAdditionalBaseRefs(repo, baseRef)
			if err == nil && !base.IsZero() {
				baseHash = *base
			}
		}
		sinceCommit, err = repo.CommitObject(baseHash)
		if err != nil {
			return fmt.Errorf("unable to resolve commit %s: %s", baseRef, err)
		}
	}

	if headRef != "" {
		headHash, err := git.TryAdditionalBaseRefs(repo, headRef)
		if err != nil {
			return fmt.Errorf("could not parse revision: %q: %w", headRef, err)
		}

		headCommit, err = repo.CommitObject(*headHash)
		if err != nil {
			return fmt.Errorf("could not find commit: %q: %w", headRef, err)
		}

		logrus.WithFields(logrus.Fields{
			"commit": headCommit.Hash.String(),
		}).Debug("resolved head reference")

		logOptions.From = headCommit.Hash
		logOptions.All = false
	}

	gitSource := git.NewGit(sourcespb.SourceType_SOURCE_TYPE_GIT, 0, 0, "local", true, runtime.NumCPU(),
		func(file, email, commit, repository string) *source_metadatapb.MetaData {
			return &source_metadatapb.MetaData{
				Data: &source_metadatapb.MetaData_Git{
					Git: &source_metadatapb.Git{
						Commit:     commit,
						File:       file,
						Email:      email,
						Repository: repository,
					},
				},
			}
		})

	opts := []git.ScanOption{
		git.ScanOptionFilter(filter),
		git.ScanOptionLogOptions(logOptions),
	}
	// TODO: Add kingpin type that can differentiate between `not set` and `0` for int.
	if maxDepth != 0 {
		opts = append(opts, git.ScanOptionMaxDepth(int64(maxDepth)))
	}
	if sinceCommit != nil {
		opts = append(opts, git.ScanOptionBaseCommit(sinceCommit))
	}
	if headCommit != nil {
		opts = append(opts, git.ScanOptionHeadCommit(headCommit))
	}
	scanOptions := git.NewScanOptions(opts...)

	go func() {
		err := gitSource.ScanRepo(ctx, repo, scanOptions, e.ChunksChan())
		if err != nil {
			logrus.WithError(err).Fatal("could not scan repo")
		}
		close(e.ChunksChan())
	}()
	return nil
}
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`package engine`

			`import (`
			`"context"`
			`"fmt"`
Initial docs and release automation (#5) 2022-01-19 00:59:18 +00:00			`"runtime"`

Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`gogit "github.com/go-git/go-git/v5"`
			`"github.com/go-git/go-git/v5/plumbing"`
Check commit order, dedupe results, and support using a head commit. (#44) * Check commit order and support using a head commit. * Only apply dedupe to git bases source 2022-02-17 01:10:42 +00:00			`"github.com/go-git/go-git/v5/plumbing/object"`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`"github.com/sirupsen/logrus"`
module v3 2022-02-10 18:54:33 +00:00			`"github.com/trufflesecurity/trufflehog/v3/pkg/common"`
			`"github.com/trufflesecurity/trufflehog/v3/pkg/pb/source_metadatapb"`
			`"github.com/trufflesecurity/trufflehog/v3/pkg/pb/sourcespb"`
			`"github.com/trufflesecurity/trufflehog/v3/pkg/sources/git"`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`)`

Resolve a ref as arg for --since_commit (#57) 2022-03-01 04:25:24 +00:00			`func (e Engine) ScanGit(ctx context.Context, repoPath, headRef, baseRef string, maxDepth int, filter common.Filter) error {`
Support remote git repos using https (#9) Co-authored-by: Bill Rich <bill.rich@trufflesec.com> 2022-01-15 00:07:45 +00:00			`repo, err := gogit.PlainOpenWithOptions(repoPath, &gogit.PlainOpenOptions{DetectDotGit: true})`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`if err != nil {`
Support remote git repos using https (#9) Co-authored-by: Bill Rich <bill.rich@trufflesec.com> 2022-01-15 00:07:45 +00:00			`return fmt.Errorf("could open repo: %s: %w", repoPath, err)`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`}`

Complete support for existing git scan flags (#13) * Add `since_commit` to git scan * Support `max_depth` option for git scan * Use new options in github and gitlab sources * Address review feedback Co-authored-by: Bill Rich <bill.rich@trufflesec.com> 2022-01-22 00:28:41 +00:00			`logOptions := &gogit.LogOptions{`
Change log order and path filtering. 2022-01-24 19:59:04 +00:00			`All: true,`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`}`

Complete support for existing git scan flags (#13) * Add `since_commit` to git scan * Support `max_depth` option for git scan * Use new options in github and gitlab sources * Address review feedback Co-authored-by: Bill Rich <bill.rich@trufflesec.com> 2022-01-22 00:28:41 +00:00			`var sinceCommit, headCommit *object.Commit`
Resolve a ref as arg for --since_commit (#57) 2022-03-01 04:25:24 +00:00			`if len(baseRef) > 0 {`
			`baseHash := plumbing.NewHash(baseRef)`
			`if baseHash.IsZero() {`
			`base, err := git.TryAdditionalBaseRefs(repo, baseRef)`
			`if err == nil && !base.IsZero() {`
			`baseHash = *base`
			`}`
			`}`
			`sinceCommit, err = repo.CommitObject(baseHash)`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`if err != nil {`
Resolve a ref as arg for --since_commit (#57) 2022-03-01 04:25:24 +00:00			`return fmt.Errorf("unable to resolve commit %s: %s", baseRef, err)`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`}`
Complete support for existing git scan flags (#13) * Add `since_commit` to git scan * Support `max_depth` option for git scan * Use new options in github and gitlab sources * Address review feedback Co-authored-by: Bill Rich <bill.rich@trufflesec.com> 2022-01-22 00:28:41 +00:00			`}`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00
Resolve a ref as arg for --since_commit (#57) 2022-03-01 04:25:24 +00:00			`if headRef != "" {`
			`headHash, err := git.TryAdditionalBaseRefs(repo, headRef)`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`if err != nil {`
Resolve a ref as arg for --since_commit (#57) 2022-03-01 04:25:24 +00:00			`return fmt.Errorf("could not parse revision: %q: %w", headRef, err)`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`}`

Complete support for existing git scan flags (#13) * Add `since_commit` to git scan * Support `max_depth` option for git scan * Use new options in github and gitlab sources * Address review feedback Co-authored-by: Bill Rich <bill.rich@trufflesec.com> 2022-01-22 00:28:41 +00:00			`headCommit, err = repo.CommitObject(*headHash)`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`if err != nil {`
Resolve a ref as arg for --since_commit (#57) 2022-03-01 04:25:24 +00:00			`return fmt.Errorf("could not find commit: %q: %w", headRef, err)`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`}`

			`logrus.WithFields(logrus.Fields{`
			`"commit": headCommit.Hash.String(),`
			`}).Debug("resolved head reference")`

Complete support for existing git scan flags (#13) * Add `since_commit` to git scan * Support `max_depth` option for git scan * Use new options in github and gitlab sources * Address review feedback Co-authored-by: Bill Rich <bill.rich@trufflesec.com> 2022-01-22 00:28:41 +00:00			`logOptions.From = headCommit.Hash`
			`logOptions.All = false`
			`}`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00
			`gitSource := git.NewGit(sourcespb.SourceType_SOURCE_TYPE_GIT, 0, 0, "local", true, runtime.NumCPU(),`
			`func(file, email, commit, repository string) *source_metadatapb.MetaData {`
			`return &source_metadatapb.MetaData{`
			`Data: &source_metadatapb.MetaData_Git{`
			`Git: &source_metadatapb.Git{`
			`Commit: commit,`
			`File: file,`
			`Email: email,`
			`Repository: repository,`
			`},`
			`},`
			`}`
			`})`

Complete support for existing git scan flags (#13) * Add `since_commit` to git scan * Support `max_depth` option for git scan * Use new options in github and gitlab sources * Address review feedback Co-authored-by: Bill Rich <bill.rich@trufflesec.com> 2022-01-22 00:28:41 +00:00			`opts := []git.ScanOption{`
			`git.ScanOptionFilter(filter),`
			`git.ScanOptionLogOptions(logOptions),`
			`}`
			// TODO: Add kingpin type that can differentiate between `not set` and `0` for int.
			`if maxDepth != 0 {`
			`opts = append(opts, git.ScanOptionMaxDepth(int64(maxDepth)))`
			`}`
			`if sinceCommit != nil {`
Check commit order, dedupe results, and support using a head commit. (#44) * Check commit order and support using a head commit. * Only apply dedupe to git bases source 2022-02-17 01:10:42 +00:00			`opts = append(opts, git.ScanOptionBaseCommit(sinceCommit))`
			`}`
			`if headCommit != nil {`
			`opts = append(opts, git.ScanOptionHeadCommit(headCommit))`
Complete support for existing git scan flags (#13) * Add `since_commit` to git scan * Support `max_depth` option for git scan * Use new options in github and gitlab sources * Address review feedback Co-authored-by: Bill Rich <bill.rich@trufflesec.com> 2022-01-22 00:28:41 +00:00			`}`
			`scanOptions := git.NewScanOptions(opts...)`

Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`go func() {`
Complete support for existing git scan flags (#13) * Add `since_commit` to git scan * Support `max_depth` option for git scan * Use new options in github and gitlab sources * Address review feedback Co-authored-by: Bill Rich <bill.rich@trufflesec.com> 2022-01-22 00:28:41 +00:00			`err := gitSource.ScanRepo(ctx, repo, scanOptions, e.ChunksChan())`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`if err != nil {`
			`logrus.WithError(err).Fatal("could not scan repo")`
			`}`
			`close(e.ChunksChan())`
			`}()`
			`return nil`
			`}`