Enhance how multiple findings in one blob is displayed in secrets check
What does this MR do and why?
This merge request updates the secrets push check to handle displaying multiple findings in a blob properly.
Please read this section to understand more about the changes introduced here.
Note: I have used the opportunity to do a cleanup of shared contexts (specifically the one with log/error messages) within these changes.
Resolves #435392 (closed).
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Screenshots or screen recordings
Before reviewer's feedback:
Before | After |
---|---|
After reviewer's feedback:
Before | After |
---|---|
How to set up and validate locally
- Create a new project or use an existing one.
- In your
rails
console, execute the following commands:
pry(main)> Gitlab::CurrentSettings.update!(pre_receive_secret_detection_enabled: true) # to ensure feature is enabled instance-wide
pry(main)> project = Project.find(PROJECT_ID)
pry(main)> Feature.enable(:pre_receive_secret_detection_push_check, project)
- Ensure your GDK is licensed as
ultimate
. - In your terminal, navigate to the project folder.
- Create a new file, e.g.
.env
, and add a gitlab personal access token:
TEST=glpat-JUST20LETTERSANDNUMB
SECRET=glpat-JUST20LETTERSANDNUMB
DETECTION=glpat-JUST20LETTERSANDNUMB
- Run
git add .
andgit commit -m 'test'
to commit the file. - Run the command to push the commited file
git push
. - Verify the push fails with a message that looks something like the following:
remote: Secret leaked in commit: [commit id]
remote: -- .env:1 | GitLab Personal Access Token
remote:
remote: Secret leaked in commit: [commit id]
remote: -- .env:2 | GitLab Personal Access Token
remote:
remote: Secret leaked in commit: [commit id]
remote: -- .env:3 | GitLab Personal Access Token
Edited by Ahmed Hemdan