From e6bae26b86149d37984f6429f386cc57aa5a9f50 Mon Sep 17 00:00:00 2001 From: Elad Pticha Date: Mon, 17 Mar 2025 15:10:36 +0200 Subject: [PATCH] chore: allow rules to have no decoders --- cmd/root.go | 24 +++++++++++++++--------- pkg/output/stdout/output.go | 6 +++--- 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/cmd/root.go b/cmd/root.go index d979a90..2befb26 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -116,7 +116,7 @@ func run() error { orgScanned[owner] = true repo := result.GetRepository().GetName() - repoScanned[repo] = true + repoScanned[fmt.Sprintf("%s/%s", owner, repo)] = true workflowFile := strings.TrimPrefix(result.GetPath(), ".github/workflows/") workflowScanned[workflowFile] = true @@ -156,25 +156,31 @@ func run() error { continue } + secret := matches[1] for _, dec := range rule.Decoders { decoder, err := decoder.New(dec.Id) if err != nil { log.Warn().Msgf("Error creating decoder: %v", err) - continue + secret = "" + break } - decoded, err := decoder.Decode(matches[1], dec.Repeat) + secret, err = decoder.Decode(secret, dec.Repeat) if err != nil { log.Warn().Msgf("Error decoding secret: %v", err) - continue + break } + } - secretsFound[matches[1]] = true - log.Info().Msg("Found secret in build logs") + if secret == "" { + continue + } - if err := outputClient.Write(owner, repo, workflowFile, run.GetID(), decoded); err != nil { - log.Warn().Msgf("Error writing secret: %v", err) - } + secretsFound[secret] = true + log.Info().Msg("Found secret in build logs") + + if err := outputClient.Write(owner, repo, workflowFile, run.GetID(), secret); err != nil { + log.Warn().Msgf("Error writing secret: %v", err) } } } diff --git a/pkg/output/stdout/output.go b/pkg/output/stdout/output.go index 2b5ed15..669b6ba 100644 --- a/pkg/output/stdout/output.go +++ b/pkg/output/stdout/output.go @@ -23,17 +23,17 @@ func PrintSummary(orgScanned map[string]bool, repoScanned map[string]bool, workf out := fmt.Sprintf("\n=========== Summary ===========\n") out += fmt.Sprintf("Organizations Scanned: %d\n", len(orgScanned)) for org := range orgScanned { - out += fmt.Sprintf(" - %s\n", org) + out += fmt.Sprintf(" - %s\n", org) } out += fmt.Sprintf("Repositories Scanned: %d\n", len(repoScanned)) for repo := range repoScanned { - out += fmt.Sprintf(" - %s\n", repo) + out += fmt.Sprintf(" - %s\n", repo) } out += fmt.Sprintf("Workflows Scanned: %d\n", len(workflowScanned)) for workflow := range workflowScanned { - out += fmt.Sprintf(" - %s\n", workflow) + out += fmt.Sprintf(" - %s\n", workflow) } out += fmt.Sprintf("Workflow Runs Scanned: %d\n", len(runsScanned))