Merge pull request #6 from UKHomeOffice/feature/cli

cli: Adds scanrepo CMD

.gitignore

@@ -1,5 +1,5 @@
+release
 /repo-security-scanner
-# Logs
 logs
 *.log
 npm-debug.log*

.pre-commit-config.yaml

@@ -4,7 +4,6 @@
     -   id: check-added-large-files
     -   id: check-json
     -   id: check-merge-conflict
-    # -   id: check-yaml
     -   id: detect-private-key
     -   id: end-of-file-fixer
     -   id: forbid-new-submodules
@@ -13,5 +12,3 @@
     sha: cab517ac1132ea76603bd51ba5a95305f81bb2ba
     hooks:
     -   id: gofmt
-    -   id: gofix
-    -   id: govet

Makefile

@@ -12,6 +12,9 @@ RULES_FILE = $(FIXT_DIR)/rules/gitrob.json
 DIFF_FILE = $(FIXT_DIR)/github_event_push.json
 RULES_URL = https://raw.githubusercontent.com/michenriksen/gitrob/master/signatures.json
 
+cli:
+	@go install -race ./cmd/scanrepo
+
 install: deps
 	@go install -race --ldflags=\"-s\" .
 

README.md

@@ -1,5 +1,17 @@
 # repo-security-scanner
 
+
 ## Installation
 
-```make install```
+1. [Download](../../releases) the latest stable release of the CLI tool for your architecture
+2. Extract the tar and move the ```scanrepo``` binary to somewhere in your `$PATH`, eg `/usr/bin`
+
+-----------------------------------------------------------
+
+## Example Usage
+
+Check the entire history of the current branch for secrets.
+
+```
+$ git log -p | scanrepo
+```

cmd/scanrepo/main.go

@@ -0,0 +1,63 @@
+package main
+
+import (
+	"bufio"
+	"flag"
+	"fmt"
+	"log"
+	"os"
+
+	"github.com/techjacker/diffence"
+)
+
+func main() {
+
+	rPath := flag.String("rules", "", "path to custom rules in JSON format")
+	flag.Parse()
+
+	info, _ := os.Stdin.Stat()
+	if (info.Mode() & os.ModeCharDevice) == os.ModeCharDevice {
+		log.Fatalln("The command is intended to work with pipes.")
+		return
+	}
+
+	var (
+		err   error
+		rules *[]diffence.Rule
+	)
+
+	if len(*rPath) > 0 {
+		rules, err = diffence.LoadRulesJSON(*rPath)
+	} else {
+		rules, err = diffence.LoadDefaultRules()
+	}
+	if err != nil {
+		log.Fatalf("Cannot load rules\n%s", err)
+		return
+	}
+
+	diff := diffence.DiffChecker{Rules: rules}
+	res, err := diff.Check(bufio.NewReader(os.Stdin))
+	if err != nil {
+		log.Fatalf("Error reading diff\n%s\n", err)
+		return
+	}
+
+	matches := res.Matches()
+	if matches > 0 {
+		i := 1
+		fmt.Printf("Diff contains %d offenses\n\n", matches)
+		for filename, rule := range res.MatchedRules {
+			fmt.Printf("------------------\n")
+			fmt.Printf("Violation %d\n", i)
+			fmt.Printf("File: %s\n", filename)
+			fmt.Printf("Reason: %#v\n\n", rule[0].Caption)
+			i++
+		}
+		// finding violations constitutes an error
+		os.Exit(1)
+		return
+	}
+	fmt.Printf("Diff contains NO offenses\n\n")
+	os.Exit(0)
+}

handlers_test.go

@@ -73,7 +73,7 @@ func TestGithubHandler(t *testing.T) {
 
 			router := httprouter.New()
 			router.Handler("POST", testPath, GithubHandler(
-				diffence.DiffChecker{getTestRules(t, tt.args.rulesPath)},
+				diffence.DiffChecker{Rules: getTestRules(t, tt.args.rulesPath)},
 				testDiffGetter{tt.args.diffPath},
 			))
 

main.go

@@ -41,7 +41,7 @@ func main() {
 	router.Handler("GET", "/healthz", http.HandlerFunc(HealthHandler))
 	router.Handler("POST", "/github", Adapt(
 		GithubHandler(
-			diffence.DiffChecker{getRules(gitrobRules)},
+			diffence.DiffChecker{Rules: getRules(gitrobRules)},
 			diffGetterGithub{},
 		),
 		AuthMiddleware(GithubAuthenticator{getEnvVar(githubWebhookSecret)}),

vendor.conf

@@ -1,5 +1,5 @@
 # package
 github.com/UKHomeOffice/repo-security-scanner
 
-github.com/techjacker/diffence			6f41b9b0a8150e165cd297ae3e00129766cf8a9b
+github.com/techjacker/diffence			5aa50982d614156536dec11f93f178fdf43b3274
 github.com/julienschmidt/httprouter		8a45e95fc75cb77048068a62daed98cc22fdac7c

version

@@ -0,0 +1 @@
+RELEASE_VERSION=0.2.0