feat: allow customizing gitleaks log level (#5993)

This commit is contained in:
Marco Ferrari 2024-08-14 14:54:16 +02:00 committed by GitHub
parent 1de649c709
commit 8dc1475a3a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 87 additions and 2 deletions

View file

@ -4,7 +4,7 @@
all: info docker test ## Run all targets. all: info docker test ## Run all targets.
.PHONY: test .PHONY: test
test: info validate-container-image-labels docker-build-check docker-dev-container-build-check test-lib inspec lint-codebase fix-codebase test-default-config-files test-actions-runner-debug test-actions-steps-debug test-runner-debug test-find lint-subset-files test-custom-ssl-cert test-non-default-workdir test-git-flags test-non-default-home-directory test-git-initial-commit test-git-merge-commit-push test-log-level test-use-find-and-ignore-gitignored-files test-linters-expect-failure-log-level-notice test-bash-exec-library-expect-success test-bash-exec-library-expect-failure test-save-super-linter-output test-save-super-linter-output-custom-path test-save-super-linter-custom-summary test-linters test-linters-fix-mode ## Run the test suite test: info validate-container-image-labels docker-build-check docker-dev-container-build-check test-lib inspec lint-codebase fix-codebase test-default-config-files test-actions-runner-debug test-actions-steps-debug test-runner-debug test-find lint-subset-files test-custom-ssl-cert test-non-default-workdir test-git-flags test-non-default-home-directory test-git-initial-commit test-git-merge-commit-push test-log-level test-use-find-and-ignore-gitignored-files test-linters-expect-failure-log-level-notice test-bash-exec-library-expect-success test-bash-exec-library-expect-failure test-save-super-linter-output test-save-super-linter-output-custom-path test-save-super-linter-custom-summary test-custom-gitleaks-log-level test-linters test-linters-fix-mode ## Run the test suite
# if this session isn't interactive, then we don't want to allocate a # if this session isn't interactive, then we don't want to allocate a
# TTY, which would fail, but if it is interactive, we do want to attach # TTY, which would fail, but if it is interactive, we do want to attach
@ -521,6 +521,13 @@ test-save-super-linter-custom-summary: ## Run super-linter with a custom SUPER_L
"run_test_case_custom_summary" \ "run_test_case_custom_summary" \
"$(IMAGE)" "$(IMAGE)"
.PHONY: test-custom-gitleaks-log-level
test-custom-gitleaks-log-level: ## Run super-linter with a custom Gitleaks log level
$(CURDIR)/test/run-super-linter-tests.sh \
$(SUPER_LINTER_TEST_CONTAINER_URL) \
"run_test_case_gitleaks_custom_log_level" \
"$(IMAGE)"
.PHONY: docker-dev-container-build-check ## Run Docker build checks against the dev-container image .PHONY: docker-dev-container-build-check ## Run Docker build checks against the dev-container image
docker-dev-container-build-check: docker-dev-container-build-check:
DOCKER_BUILDKIT=1 docker buildx build --check \ DOCKER_BUILDKIT=1 docker buildx build --check \

View file

@ -250,6 +250,7 @@ You can configure Super-linter using the following environment variables:
| **GITHUB_CUSTOM_SERVER_URL** | `https://${GITHUB_DOMAIN}"` | Specify a custom GitHub server URL. Useful for GitHub Enterprise instances. | | **GITHUB_CUSTOM_SERVER_URL** | `https://${GITHUB_DOMAIN}"` | Specify a custom GitHub server URL. Useful for GitHub Enterprise instances. |
| **GITHUB_DOMAIN** | `github.com` | Specify a custom GitHub domain in case GitHub Enterprise is used: e.g. `github.myenterprise.com`. `GITHUB_DOMAIN` is a convenience configuration variable to automatically build `GITHUB_CUSTOM_API_URL` and `GITHUB_CUSTOM_SERVER_URL`. | | **GITHUB_DOMAIN** | `github.com` | Specify a custom GitHub domain in case GitHub Enterprise is used: e.g. `github.myenterprise.com`. `GITHUB_DOMAIN` is a convenience configuration variable to automatically build `GITHUB_CUSTOM_API_URL` and `GITHUB_CUSTOM_SERVER_URL`. |
| **GITLEAKS_CONFIG_FILE** | `.gitleaks.toml` | Filename for [GitLeaks configuration](https://github.com/zricethezav/gitleaks#configuration) (ex: `.gitleaks.toml`) | | **GITLEAKS_CONFIG_FILE** | `.gitleaks.toml` | Filename for [GitLeaks configuration](https://github.com/zricethezav/gitleaks#configuration) (ex: `.gitleaks.toml`) |
| **GITLEAKS_LOG_LEVEL** | Gitleaks default log level | Gitleaks log level. Defaults to the Gitleaks default log level. |
| **IGNORE_GENERATED_FILES** | `false` | If set to `true`, super-linter will ignore all the files with `@generated` marker but without `@not-generated` marker. | | **IGNORE_GENERATED_FILES** | `false` | If set to `true`, super-linter will ignore all the files with `@generated` marker but without `@not-generated` marker. |
| **IGNORE_GITIGNORED_FILES** | `false` | If set to `true`, super-linter will ignore all the files that are ignored by Git. | | **IGNORE_GITIGNORED_FILES** | `false` | If set to `true`, super-linter will ignore all the files that are ignored by Git. |
| **JAVA_FILE_NAME** | `sun_checks.xml` | Filename for [Checkstyle configuration](https://checkstyle.sourceforge.io/config.html). Checkstyle embeds several configuration files, such as `sun_checks.xml`, `google_checks.xml` that you can use without providing your own configuration file. | | **JAVA_FILE_NAME** | `sun_checks.xml` | Filename for [Checkstyle configuration](https://checkstyle.sourceforge.io/config.html). Checkstyle embeds several configuration files, such as `sun_checks.xml`, `google_checks.xml` that you can use without providing your own configuration file. |

View file

@ -52,7 +52,13 @@ if [ "${GITHUB_ACTIONS_COMMAND_ARGS}" != "null" ] && [ -n "${GITHUB_ACTIONS_COMM
export GITHUB_ACTIONS_COMMAND_ARGS export GITHUB_ACTIONS_COMMAND_ARGS
LINTER_COMMANDS_ARRAY_GITHUB_ACTIONS+=("${GITHUB_ACTIONS_COMMAND_ARGS}") LINTER_COMMANDS_ARRAY_GITHUB_ACTIONS+=("${GITHUB_ACTIONS_COMMAND_ARGS}")
fi fi
LINTER_COMMANDS_ARRAY_GITLEAKS=(gitleaks detect --no-banner --no-git --redact --config "${GITLEAKS_LINTER_RULES}" --verbose --source) LINTER_COMMANDS_ARRAY_GITLEAKS=(gitleaks detect --no-banner --no-git --redact --config "${GITLEAKS_LINTER_RULES}" --verbose)
if [ -n "${GITLEAKS_LOG_LEVEL:-}" ]; then
export GITLEAKS_LOG_LEVEL
LINTER_COMMANDS_ARRAY_GITLEAKS+=("${GITLEAKS_LOG_LEVEL_OPTIONS[@]}" "${GITLEAKS_LOG_LEVEL}")
debug "Add log options to the Gitleaks command: ${LINTER_COMMANDS_ARRAY_GITLEAKS[*]}"
fi
LINTER_COMMANDS_ARRAY_GITLEAKS+=(--source)
LINTER_COMMANDS_ARRAY_GHERKIN=(gherkin-lint -c "${GHERKIN_LINTER_RULES}") LINTER_COMMANDS_ARRAY_GHERKIN=(gherkin-lint -c "${GHERKIN_LINTER_RULES}")
LINTER_COMMANDS_ARRAY_GO=(golangci-lint run -c "${GO_LINTER_RULES}" --fast) LINTER_COMMANDS_ARRAY_GO=(golangci-lint run -c "${GO_LINTER_RULES}" --fast)
LINTER_COMMANDS_ARRAY_GO_MODULES=(golangci-lint run --allow-parallel-runners -c "${GO_LINTER_RULES}") LINTER_COMMANDS_ARRAY_GO_MODULES=(golangci-lint run --allow-parallel-runners -c "${GO_LINTER_RULES}")

View file

@ -77,3 +77,5 @@ SQLFLUFF_FIX_MODE_OPTIONS+=("${SQLFLUFF_SHARED_SUBCOMMAND_OPTIONS[@]}")
# Setting the -n 0 GNU Parallel would not help in this case, because the input # Setting the -n 0 GNU Parallel would not help in this case, because the input
# will not be passed to the --workdir option as well. # will not be passed to the --workdir option as well.
INPUT_CONSUME_COMMAND=("&& echo \"Linted: {}\"") INPUT_CONSUME_COMMAND=("&& echo \"Linted: {}\"")
GITLEAKS_LOG_LEVEL_OPTIONS=("--log-level")

View file

@ -61,6 +61,7 @@ source "lib/functions/linterCommands.sh"
# Initialize the variables we're going to use to verify tests before running tests # Initialize the variables we're going to use to verify tests before running tests
# because some tests modify LINTER_COMMANDS_xxx variables # because some tests modify LINTER_COMMANDS_xxx variables
BASE_LINTER_COMMANDS_ARRAY_ANSIBLE=("${LINTER_COMMANDS_ARRAY_ANSIBLE[@]}") BASE_LINTER_COMMANDS_ARRAY_ANSIBLE=("${LINTER_COMMANDS_ARRAY_ANSIBLE[@]}")
BASE_LINTER_COMMANDS_ARRAY_GITLEAKS=("${LINTER_COMMANDS_ARRAY_GITLEAKS[@]}")
BASE_LINTER_COMMANDS_ARRAY_GO_MODULES=("${LINTER_COMMANDS_ARRAY_GO_MODULES[@]}") BASE_LINTER_COMMANDS_ARRAY_GO_MODULES=("${LINTER_COMMANDS_ARRAY_GO_MODULES[@]}")
BASE_LINTER_COMMANDS_ARRAY_JSCPD=("${LINTER_COMMANDS_ARRAY_JSCPD[@]}") BASE_LINTER_COMMANDS_ARRAY_JSCPD=("${LINTER_COMMANDS_ARRAY_JSCPD[@]}")
BASE_LINTER_COMMANDS_ARRAY_RUST_CLIPPY=("${LINTER_COMMANDS_ARRAY_RUST_CLIPPY[@]}") BASE_LINTER_COMMANDS_ARRAY_RUST_CLIPPY=("${LINTER_COMMANDS_ARRAY_RUST_CLIPPY[@]}")
@ -128,6 +129,59 @@ function JscpdCommandTest() {
notice "${FUNCTION_NAME} PASS" notice "${FUNCTION_NAME} PASS"
} }
function GitleaksCommandTest() {
local FUNCTION_NAME
FUNCTION_NAME="${FUNCNAME[0]}"
info "${FUNCTION_NAME} start"
# shellcheck disable=SC2034
EXPECTED_COMMAND=("${BASE_LINTER_COMMANDS_ARRAY_GITLEAKS[@]}")
if [[ "${EXPECTED_GITLEAKS_LOG_LEVEL:-}" ]]; then
# The gitleaks command ends with an option to specify the path
# to the file to check, so we need to append the log option before that.
local GITLEAKS_FILE_PATH_OPTION="${EXPECTED_COMMAND[-1]}"
# Remove the file path option so we can append the log option
unset 'EXPECTED_COMMAND[-1]'
# shellcheck disable=SC2034
GITLEAKS_LOG_LEVEL="${EXPECTED_GITLEAKS_LOG_LEVEL}"
EXPECTED_COMMAND+=("${GITLEAKS_LOG_LEVEL_OPTIONS[@]}" "${EXPECTED_GITLEAKS_LOG_LEVEL}")
# Add the file path option back
EXPECTED_COMMAND+=("${GITLEAKS_FILE_PATH_OPTION}")
fi
# Source the file again so it accounts for modifications
# shellcheck source=/dev/null
source "lib/functions/linterCommands.sh"
if [[ ! -v GITLEAKS_LOG_LEVEL_OPTIONS ]]; then
fatal "GITLEAKS_LOG_LEVEL_OPTIONS is not defined"
fi
if [[ "${#GITLEAKS_LOG_LEVEL_OPTIONS[@]}" -eq 0 ]]; then
fatal "GITLEAKS_LOG_LEVEL_OPTIONS is empty"
fi
if ! AssertArraysElementsContentMatch "LINTER_COMMANDS_ARRAY_GITLEAKS" "EXPECTED_COMMAND"; then
fatal "${FUNCTION_NAME} test failed"
fi
notice "${FUNCTION_NAME} PASS"
}
function GitleaksCommandCustomLogLevelTest() {
local FUNCTION_NAME
FUNCTION_NAME="${FUNCNAME[0]}"
info "${FUNCTION_NAME} start"
EXPECTED_GITLEAKS_LOG_LEVEL="debug"
GitleaksCommandTest
notice "${FUNCTION_NAME} PASS"
}
function InitInputConsumeCommandsTest() { function InitInputConsumeCommandsTest() {
local FUNCTION_NAME local FUNCTION_NAME
FUNCTION_NAME="${FUNCNAME[0]}" FUNCTION_NAME="${FUNCNAME[0]}"
@ -231,6 +285,10 @@ function InitFixModeOptionsAndCommandsTest() {
} }
function InitPowerShellCommandTest() { function InitPowerShellCommandTest() {
local FUNCTION_NAME
FUNCTION_NAME="${FUNCNAME[0]}"
info "${FUNCTION_NAME} start"
# shellcheck disable=SC2034 # shellcheck disable=SC2034
EXPECTED_LINTER_COMMANDS_ARRAY_POWERSHELL=(pwsh -NoProfile -NoLogo -Command "\"${LINTER_COMMANDS_ARRAY_POWERSHELL[*]}; if (\\\${Error}.Count) { exit 1 }\"") EXPECTED_LINTER_COMMANDS_ARRAY_POWERSHELL=(pwsh -NoProfile -NoLogo -Command "\"${LINTER_COMMANDS_ARRAY_POWERSHELL[*]}; if (\\\${Error}.Count) { exit 1 }\"")
InitPowerShellCommand InitPowerShellCommand
@ -238,11 +296,15 @@ function InitPowerShellCommandTest() {
if ! AssertArraysElementsContentMatch "LINTER_COMMANDS_ARRAY_POWERSHELL" "EXPECTED_LINTER_COMMANDS_ARRAY_POWERSHELL"; then if ! AssertArraysElementsContentMatch "LINTER_COMMANDS_ARRAY_POWERSHELL" "EXPECTED_LINTER_COMMANDS_ARRAY_POWERSHELL"; then
fatal "${FUNCTION_NAME} test failed" fatal "${FUNCTION_NAME} test failed"
fi fi
notice "${FUNCTION_NAME} PASS"
} }
LinterCommandPresenceTest LinterCommandPresenceTest
IgnoreGitIgnoredFilesJscpdCommandTest IgnoreGitIgnoredFilesJscpdCommandTest
JscpdCommandTest JscpdCommandTest
GitleaksCommandTest
GitleaksCommandCustomLogLevelTest
InitInputConsumeCommandsTest InitInputConsumeCommandsTest
InitFixModeOptionsAndCommandsTest InitFixModeOptionsAndCommandsTest
InitPowerShellCommandTest InitPowerShellCommandTest

View file

@ -162,6 +162,13 @@ run_test_case_custom_summary() {
SUPER_LINTER_SUMMARY_FILE_NAME="custom-github-step-summary.md" SUPER_LINTER_SUMMARY_FILE_NAME="custom-github-step-summary.md"
} }
run_test_case_gitleaks_custom_log_level() {
run_test_cases_expect_success
CREATE_LOG_FILE="true"
SAVE_SUPER_LINTER_OUTPUT="true"
COMMAND_TO_RUN+=(--env GITLEAKS_LOG_LEVEL="warn")
}
run_test_case_fix_mode() { run_test_case_fix_mode() {
CREATE_LOG_FILE="true" CREATE_LOG_FILE="true"
SAVE_SUPER_LINTER_OUTPUT="true" SAVE_SUPER_LINTER_OUTPUT="true"