forked from thoughtworks/talisman
-
Notifications
You must be signed in to change notification settings - Fork 0
/
talisman.go
125 lines (107 loc) · 3.35 KB
/
talisman.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
package main
import flag "github.com/spf13/pflag"
import (
"bufio"
"fmt"
"io"
"os"
"strings"
"talisman/git_repo"
log "github.com/Sirupsen/logrus"
)
var (
fdebug bool
githook string
showVersion bool
pattern string
//Version : Version of talisman
Version = "Development Build"
scan bool
checksum string
)
const (
//PrePush : Const for name of pre-push hook
PrePush = "pre-push"
//PreCommit : Const for name of of pre-commit hook
PreCommit = "pre-commit"
)
func init() {
log.SetOutput(os.Stderr)
}
type options struct {
debug bool
githook string
pattern string
scan bool
checksum string
}
//Logger is the default log device, set to emit at the Error level by default
func main() {
flag.BoolVar(&fdebug, "d", false, "short form of debug")
flag.BoolVar(&fdebug, "debug", false, "enable debug mode (warning: very verbose)")
flag.BoolVar(&showVersion, "v", false, "short form of version")
flag.BoolVar(&showVersion, "version", false, "show current version of talisman")
flag.StringVar(&pattern, "p", "", "short form of pattern")
flag.StringVar(&pattern, "pattern", "", "pattern (glob-like) of files to scan (ignores githooks)")
flag.StringVar(&githook, "githook", PrePush, "either pre-push or pre-commit")
flag.BoolVar(&scan, "s", false, "short form of scanner")
flag.BoolVar(&scan, "scan", false, "scanner scans the git commit history for potential secrets")
flag.StringVar(&checksum, "c", "", "short form of checksum calculator")
flag.StringVar(&checksum, "checksum", "", "checksum calculator calculates checksum and suggests .talsimarc format")
flag.Parse()
if showVersion {
fmt.Printf("talisman %s\n", Version)
os.Exit(0)
}
if flag.NFlag() == 0 {
flag.PrintDefaults()
os.Exit(0)
}
_options := options{
debug: fdebug,
githook: githook,
pattern: pattern,
scan: scan,
checksum: checksum,
}
os.Exit(run(os.Stdin, _options))
}
func run(stdin io.Reader, _options options) (returnCode int) {
if _options.debug {
log.SetLevel(log.DebugLevel)
} else {
log.SetLevel(log.ErrorLevel)
}
if _options.githook == "" {
_options.githook = PrePush
}
var additions []git_repo.Addition
if _options.checksum != "" {
log.Infof("Running %s patterns against checksum calculator", _options.checksum)
return NewRunner(make([]git_repo.Addition, 0)).RunChecksumCalculator(strings.Fields(_options.checksum))
} else if _options.scan {
log.Infof("Running scanner")
return NewRunner(make([]git_repo.Addition, 0)).Scan()
} else if _options.pattern != "" {
log.Infof("Running %s pattern", _options.pattern)
directoryHook := NewDirectoryHook()
additions = directoryHook.GetFilesFromDirectory(_options.pattern)
} else if _options.githook == PreCommit {
log.Infof("Running %s hook", _options.githook)
preCommitHook := NewPreCommitHook()
additions = preCommitHook.GetRepoAdditions()
} else {
log.Infof("Running %s hook", _options.githook)
prePushHook := NewPrePushHook(readRefAndSha(stdin))
additions = prePushHook.GetRepoAdditions()
}
return NewRunner(additions).RunWithoutErrors()
}
func readRefAndSha(file io.Reader) (string, string, string, string) {
text, _ := bufio.NewReader(file).ReadString('\n')
refsAndShas := strings.Split(strings.Trim(string(text), "\n"), " ")
if len(refsAndShas) < 4 {
return EmptySha, EmptySha, "", ""
}
return refsAndShas[0], refsAndShas[1], refsAndShas[2], refsAndShas[3]
}