GitGuardian: Generate a descriptive output about findings
What does this MR do and why?
Related issue: GitGuardian: Generate a descriptive output abou... (#451113 - closed)
Within GitGuardian pre-receive secrets detection (&11494 - closed) we implemented a GitGuardian integration that rejects the pushes if a commit violated a policy check. We output something like:
Secrets detection policy violated at .env for Basic Auth String 'jen_barber'`
However, the json returned by API also returns indexes to get the place in the file that actually violated a policy:
JSON content
{
"policies": [
"Secrets detection"
],
"policy_break_count": 1,
"policy_breaks": [
{
"incident_url": "",
"known_secret": false,
"matches": [
{
"index_end": 48,
"index_start": 39,
"line_end": 1,
"line_start": 1,
"match": "jen_barber",
"type": "username"
},
{
"index_end": 74,
"index_start": 50,
"line_end": 1,
"line_start": 1,
"match": "correcthorsebatterystaple",
"type": "password"
},
{
"index_end": 95,
"index_start": 76,
"line_end": 1,
"line_start": 1,
"match": "cake.gitguardian.com",
"type": "host"
}
],
"policy": "Secrets detection",
"type": "Basic Auth String",
"validity": "no_checker"
}
]
}
What changed
After this MR, if a commit contains violations according to GitGuardian service, a user gets the following info:
> git push --set-upstream origin new-branch-1
Enumerating objects: 4, done.
Counting objects: 100% (4/4), done.
Delta compression using up to 10 threads
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 399 bytes | 399.00 KiB/s, done.
Total 3 (delta 1), reused 0 (delta 0), pack-reused 0 (from 0)
remote: GitLab: .env: 2 incidents detected:
remote:
remote: >> Filenames: .env
remote: Validity: N/A
remote: Known by GitGuardian: No
remote: Incident URL: N/A
remote: Violation: filename `.env` detected
remote:
remote: >> Secrets detection: Basic Auth String
remote: Validity: No checker
remote: Known by GitGuardian: No
remote: Incident URL: N/A
remote: Violation: username `jen_barber1` detected
remote: 2 | url = 'http://jen_barber1:correcthorsebatterystaple@cake.gitguardian.com/isreal.json'
remote: |username_|
remote: Violation: password `correcthorsebatterystaple` detected
remote: 2 | url = 'http://jen_barber1:correcthorsebatterystaple@cake.gitguardian.com/isreal.json'
remote: |_______password________|
remote: Violation: host `cake.gitguardian.com` detected
remote: 2 | url = 'http://jen_barber1:correcthorsebatterystaple@cake.gitguardian.com/isreal.json'
remote: |_______host_______|
remote:
remote: How to remediate:
remote:
remote: The violation was detected before the commit was pushed:
remote:
remote: 1. Fix the violation in the detected files.
remote: 2. Commit and try pushing again.
remote:
remote: [To apply with caution] If you want to bypass the secrets check:
remote:
remote: 1. Add [skip secret detection] flag to the commit message.
remote: 2. Commit and try pushing again.