Remove git crypt code

hawkeyesec · Oct 10, 2018 · 8da3acf · 8da3acf
1 parent 8feda07
commit 8da3acf
Show file tree

Hide file tree

Showing 6 changed files with 5 additions and 33 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -8,7 +8,6 @@ node_modules/
 
 Dockerfile
 .git
-.git-crypt
 .idea
 
 **/__tests__

diff --git a/Dockerfile b/Dockerfile
@@ -12,16 +12,6 @@ RUN yum -y -q update && \
               php php-cli && \
     yum -y -q clean all
 
-# Git-crypt
-ENV GIT_CRYPT_VERSION=0.6.0
-RUN cd /tmp && \
-    wget --quiet https://www.agwa.name/projects/git-crypt/downloads/git-crypt-${GIT_CRYPT_VERSION}.tar.gz && \
-    tar xzf git-crypt* && \
-    cd git-crypt* && \
-    make && \
-    make install && \
-    rm -rf /tmp/git-crypt*
-
 # Get nodejs repos
 ENV NODE_VERSION=10.10.0
 RUN curl --silent --location https://rpm.nodesource.com/setup_8.x | bash -

diff --git a/README.md b/README.md
@@ -166,7 +166,7 @@ README.md
 There are a few options available:
 
 #### -a, --all: Running against all files rather than git tree
-Hawkeye by default will attempt to detect a .git folder in your target, if it is there it will only scan git tracked files.  Further to that, if a .git-crypt folder is detected, we will also exclude files which are GPG encrypted.  If there is no .git in the target directory, then all files will be scanned.
+Hawkeye by default will attempt to detect a .git folder in your target, if it is there it will only scan git tracked files. If there is no .git in the target directory, then all files will be scanned.
 
 You can override this behaviour with the `--all` flag, which will scan all files regardless.
 
@@ -188,7 +188,7 @@ This will post the results to a SumoLogic HTTP collector.  See the SumoLogic sec
 #### -e, --exclude  <pattern>: Exclude files that match a specified RegEx pattern
 This parameter (which can be specified multiple times) allows you to specify patterns you wish to be excluded from the scan.  For example `hawkeye scan -e "^test/"` would exclude all your test files.  All paths are __relative__ to the `--target`.
 
-There are some global exclusions in place, and those are "^.git", "^.git-crypt" and "^node_modules".
+There are some global exclusions in place, and those are "^.git", "^node_modules".
 
 #### -l, --file-limit  <n>: Set limit on number of files to be scanned (Defaults to 1000)
 The `--file-limit` allows you to set a higher file limit thab the default (1000). This is useful when the target directory includes more files.
@@ -259,9 +259,6 @@ $ hawkeye scan
 [info] Node Check Updates dynamically loaded
 [info] Node Security Project dynamically loaded
 [info] git repo detected, will only use git tracked files
-[info] git-crypt detected, excluding files covered by GPG encryption
-[info]  -> git-crypt status -e
-[info] Files excluded by git-crypt: 0
 [info]  -> git ls-tree --full-tree --name-only -r HEAD
 [info] Files included in scan: 62
 [info] Target for scan: /Users/kstoney/git/stono/hawkeye

diff --git a/lib/__tests__/rc-unit.js b/lib/__tests__/rc-unit.js
@@ -72,7 +72,7 @@ describe('RC', () => {
 
   describe('when files not present', () => {
     it('should default the excludes', () => {
-      expect(noRc.exclude).to.deep.equal([/^node_modules\//, /^.git\//, /^.git-crypt\//, /package-lock.json/])
+      expect(noRc.exclude).to.deep.equal([/^node_modules\//, /^.git\//, /package-lock.json/])
     })
     it('should default the modules to all', () => {
       expect(noRc.modules).to.deep.equal(['all'])
@@ -89,7 +89,7 @@ describe('RC', () => {
       }).to.throw()
     })
     it('should concat the excludes together', () => {
-      expect(rc.exclude).to.deep.equal([/^node_modules\//, /^.git\//, /^.git-crypt\//, /package-lock.json/, /^another\//])
+      expect(rc.exclude).to.deep.equal([/^node_modules\//, /^.git\//, /package-lock.json/, /^another\//])
     })
     it('should replace the modules', () => {
       expect(rc.modules).to.deep.equal(['contents', 'entropy', 'files', 'node-npmoutdated', 'node-npmaudit'])

diff --git a/lib/file-manager.js b/lib/file-manager.js
@@ -55,31 +55,17 @@ module.exports = class FileManager {
     })
   }
 
-  gatherEncryptedFiles (cwd) {
-    if (!fs.existsSync(path.join(cwd, '.git-crypt'))) return []
-
-    logger.log('git-crypt detected, excluding files covered by GPG encryption')
-    let { stdout } = exec.commandSync('git-crypt status -e', { cwd })
-    let encrypted = stdout.split('\n').map(f => f.split('encrypted: ').slice(-1)[0])
-    logger.log('Files excluded by git-crypt:', encrypted.length)
-    return encrypted
-  }
-
   allFilesGit (cwd) {
-    let encrypted = this.gatherEncryptedFiles(cwd)
     exec.commandSync('git ls-tree --full-tree --name-only -r HEAD', { cwd })
       .stdout.trim()
       .split('\n')
-      .filter(f => encrypted.indexOf(f) === -1)
       .forEach(f => this.addFile(f))
   }
 
   allFilesGitStaged (cwd) {
-    let encrypted = this.gatherEncryptedFiles(cwd)
     exec.commandSync('git --no-pager diff --name-only --staged', { cwd })
       .stdout.trim()
       .split('\n')
-      .filter(f => encrypted.indexOf(f) === -1)
       .forEach(f => this.addFile(f))
   }
 

diff --git a/lib/rc.js b/lib/rc.js
@@ -11,7 +11,7 @@ const logger = require('./logger')
 
 module.exports = class RC {
   constructor () {
-    this.exclude = [/^node_modules\//, /^.git\//, /^.git-crypt\//, /package-lock.json/]
+    this.exclude = [/^node_modules\//, /^.git\//, /package-lock.json/]
     this.failOn = 'low'
     this.modules = ['all']
     this.all = false
-Original file line number
+Diff line change
@@ Expand Up / @@ -8,7 +8,6 @@ node_modules/ @@
     Dockerfile
     .git
-    .git-crypt
     .idea
     **/__tests__
@@ Expand Down @@