diff --git a/go.mod b/go.mod index 071a97baa5..50ec008298 100644 --- a/go.mod +++ b/go.mod @@ -348,4 +348,4 @@ exclude github.com/goccy/go-json v0.4.11 exclude github.com/satori/go.uuid v1.2.0 -replace github.com/zricethezav/gitleaks/v8 => github.com/TheFox0x7/gitleaks/v8 v8.0.0-20250416161107-ce27b3ebd696 +replace github.com/zricethezav/gitleaks/v8 => github.com/TheFox0x7/gitleaks/v8 v8.24.4-patch-gitea diff --git a/go.sum b/go.sum index ce787509a4..4e91ab9520 100644 --- a/go.sum +++ b/go.sum @@ -83,8 +83,8 @@ github.com/RoaringBitmap/roaring v1.9.4 h1:yhEIoH4YezLYT04s1nHehNO64EKFTop/wBhxv github.com/RoaringBitmap/roaring v1.9.4/go.mod h1:6AXUsoIEzDTFFQCe1RbGA6uFONMhvejWj5rqITANK90= github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.7.3 h1:BP0HiyNT3AQEYi+if3wkRcIdQFHtsw6xX3Kx0glckgA= github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.7.3/go.mod h1:hMNtySovKkn2gdDuLqnqveP+mfhUSaBdoBcr2I7Zt0E= -github.com/TheFox0x7/gitleaks/v8 v8.0.0-20250416161107-ce27b3ebd696 h1:HLdcIxXpEGZ1IrqAiQ+ExvAiUBSVPn1xCcmAmR0zaeI= -github.com/TheFox0x7/gitleaks/v8 v8.0.0-20250416161107-ce27b3ebd696/go.mod h1:D3AhHRLVp0DigFQNxAgHcQks8EbF7wCZanT/UbGd0Jo= +github.com/TheFox0x7/gitleaks/v8 v8.24.4-patch-gitea h1:VMXSHOeB5t4e3Hqet9GSTx5oULskEp7dV2i0/cgEhd4= +github.com/TheFox0x7/gitleaks/v8 v8.24.4-patch-gitea/go.mod h1:D3AhHRLVp0DigFQNxAgHcQks8EbF7wCZanT/UbGd0Jo= github.com/alecthomas/assert/v2 v2.11.0 h1:2Q9r3ki8+JYXvGsDyBXwH3LcJ+WK5D0gc5E8vS6K3D0= github.com/alecthomas/assert/v2 v2.11.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k= github.com/alecthomas/chroma/v2 v2.2.0/go.mod h1:vf4zrexSH54oEjJ7EdB65tGNHmH3pGZmVkgTP5RHvAs= diff --git a/routers/private/hook_pre_receive.go b/routers/private/hook_pre_receive.go index efc89e53e1..47cc00810a 100644 --- a/routers/private/hook_pre_receive.go +++ b/routers/private/hook_pre_receive.go @@ -25,6 +25,7 @@ import ( "code.gitea.io/gitea/modules/web" gitea_context "code.gitea.io/gitea/services/context" pull_service "code.gitea.io/gitea/services/pull" + "github.com/gitleaks/go-gitdiff/gitdiff" "github.com/zricethezav/gitleaks/v8/cmd/scm" gitleaks "github.com/zricethezav/gitleaks/v8/detect" @@ -121,7 +122,7 @@ func HookPreReceive(ctx *gitea_context.PrivateContext) { newCommitID := opts.NewCommitIDs[i] refFullName := opts.RefFullNames[i] - preReceiveSecrets(ourCtx, oldCommitID, newCommitID, refFullName) + preReceiveSecrets(ourCtx, oldCommitID, newCommitID) switch { case refFullName.IsBranch(): preReceiveBranch(ourCtx, oldCommitID, newCommitID, refFullName) @@ -542,7 +543,7 @@ func (ctx *preReceiveContext) loadPusherAndPermission() bool { } // checks commits for secrets -func preReceiveSecrets(ctx *preReceiveContext, oldCommitID, newCommitID string, refFullName git.RefName) { +func preReceiveSecrets(ctx *preReceiveContext, oldCommitID, newCommitID string) { detector, err := gitleaks.NewDetectorDefaultConfig() if err != nil { ctx.Status(http.StatusTeapot) @@ -551,22 +552,20 @@ func preReceiveSecrets(ctx *preReceiveContext, oldCommitID, newCommitID string, repo := ctx.Repo.Repository out, _, err := git.NewCommand("diff", "-U0").AddDynamicArguments(oldCommitID, newCommitID).RunStdBytes(ctx, &git.RunOpts{Dir: repo.RepoPath(), Env: ctx.env}) - // r, w, err := os.Pipe() if err != nil { ctx.Status(http.StatusTeapot) return } - log.Info("done with diff") - giteaCmd, err := newPreRecieveDiff(bytes.NewReader(out)) - log.Info("crerated cmd!") + giteaCmd, err := newPreReceiveDiff(bytes.NewReader(out)) if err != nil { - log.Info("look! a wild error! %v", err) ctx.Status(http.StatusTeapot) return } - log.Info("running the detector!") findings, err := detector.DetectGit(giteaCmd, gitleaks.NewRemoteInfo(scm.GitHubPlatform, repo.Website)) - log.Info("done!") + if err != nil { + ctx.Status(http.StatusTeapot) + return + } if len(findings) != 0 { msg := strings.Builder{} msg.WriteString("This repository has secret detection enabled! Following secrets were detected:\n\n") @@ -578,18 +577,14 @@ func preReceiveSecrets(ctx *preReceiveContext, oldCommitID, newCommitID string, } ctx.JSON(http.StatusForbidden, private.Response{UserMsg: msg.String()}) - } - return - } type giteacmd struct { diffCh <-chan *gitdiff.File - errCh <-chan error } -func newPreRecieveDiff(r io.Reader) (*giteacmd, error) { +func newPreReceiveDiff(r io.Reader) (*giteacmd, error) { diffCh, err := gitdiff.Parse(r) if err != nil { return nil, err @@ -597,7 +592,6 @@ func newPreRecieveDiff(r io.Reader) (*giteacmd, error) { return &giteacmd{ diffCh: diffCh, }, nil - } // DiffFilesCh implements sources.Git.