Skip to content

Enhance how multiple findings in one blob is displayed in secrets check

What does this MR do and why?

This merge request updates the secrets push check to handle displaying multiple findings in a blob properly.

Please read this section to understand more about the changes introduced here.

Note: I have used the opportunity to do a cleanup of shared contexts (specifically the one with log/error messages) within these changes.

Resolves #435392 (closed).

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Before reviewer's feedback:

Before After
Screenshot_2023-12-21_at_7.04.36_PM Screenshot_2023-12-21_at_7.05.51_PM

After reviewer's feedback:

Before After
Screenshot_2023-12-21_at_7.04.36_PM Screenshot_2024-01-16_at_5.38.57_PM

How to set up and validate locally

  • Create a new project or use an existing one.
  • In your rails console, execute the following commands:
pry(main)> Gitlab::CurrentSettings.update!(pre_receive_secret_detection_enabled: true) # to ensure feature is enabled instance-wide

pry(main)> project = Project.find(PROJECT_ID)
pry(main)> Feature.enable(:pre_receive_secret_detection_push_check, project) 
  • Ensure your GDK is licensed as ultimate.
  • In your terminal, navigate to the project folder.
  • Create a new file, e.g. .env, and add a gitlab personal access token:
TEST=glpat-JUST20LETTERSANDNUMB
SECRET=glpat-JUST20LETTERSANDNUMB
DETECTION=glpat-JUST20LETTERSANDNUMB
  • Run git add . and git commit -m 'test' to commit the file.
  • Run the command to push the commited file git push.
  • Verify the push fails with a message that looks something like the following:
remote: Secret leaked in commit: [commit id]
remote:   -- .env:1 | GitLab Personal Access Token
remote:
remote: Secret leaked in commit: [commit id]
remote:   -- .env:2 | GitLab Personal Access Token
remote:
remote: Secret leaked in commit: [commit id]
remote:   -- .env:3 | GitLab Personal Access Token
Edited by Ahmed Hemdan

Merge request reports

Loading