Skip to content

Commit

Permalink
gitleaks: implement --gitleaks-limit-msg-len defaulting to 512
Browse files Browse the repository at this point in the history
This package contains an extension of gitleaks plug-in to support a new
command line option for controlling event message length from csmock.
csmock-plugin-gitleaks is dependent on the updated version of csdiff

Closes: #114
Related: https://issues.redhat.com/browse/OSH-67
  • Loading branch information
lbossis authored and kdudka committed Aug 17, 2023
1 parent 3869525 commit ac7541f
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 3 deletions.
2 changes: 1 addition & 1 deletion make-srpm.sh
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ Tool for plugging static analyzers into the build process, free of mock.
%package -n csmock-common
Summary: Core of csmock (a mock wrapper for Static Analysis tools)
Requires: csdiff > 3.0.2
Requires: csdiff > 3.0.3
Requires: csgcca
Requires: cswrap
Requires: mock
Expand Down
8 changes: 6 additions & 2 deletions py/plugins/gitleaks.py
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@

GITLEAKS_LOG = "/builddir/gitleaks-capture.log"

FILTER_CMD = "csgrep '%s' --mode=json --warning-rate-limit=%i > '%s'"
FILTER_CMD = "csgrep '%s' --mode=json --warning-rate-limit=%i --limit-msg-len=%i > '%s'"


class PluginProps:
Expand Down Expand Up @@ -72,6 +72,10 @@ def init_parser(self, parser):
"--gitleaks-rate-limit", type=int, default=1024,
help="drop warnings if their count exceeds the specified limit")

parser.add_argument(
"--gitleaks-limit-msg-len", type=int, default=512,
help="trim message if it exceeds max message length")

parser.add_argument(
"--gitleaks-refresh", action="store_true",
help="force download of gitleaks binary executable (in a .tar.gz) from")
Expand Down Expand Up @@ -145,7 +149,7 @@ def fetch_gitleaks_hook(results, props):
def filter_hook(results):
src = results.dbgdir_raw + GITLEAKS_OUTPUT
dst = "%s/gitleaks-capture.js" % results.dbgdir_uni
cmd = FILTER_CMD % (src, args.gitleaks_rate_limit, dst)
cmd = FILTER_CMD % (src, args.gitleaks_rate_limit, args.gitleaks_limit_msg_len, dst)
return results.exec_cmd(cmd, shell=True)

props.post_process_hooks += [filter_hook]

0 comments on commit ac7541f

Please sign in to comment.