From d90c6d8a5481aab95198ca088019f7c9aebbe012 Mon Sep 17 00:00:00 2001 From: RuiO <139987905+cx-rui-oliveira@users.noreply.github.com> Date: Wed, 2 Jul 2025 11:25:30 +0100 Subject: [PATCH 1/6] feat: add base commit argument for scanning range in git --- plugins/git.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/plugins/git.go b/plugins/git.go index be82f96b..61a8c3dc 100644 --- a/plugins/git.go +++ b/plugins/git.go @@ -24,6 +24,7 @@ const ( argDepth = "depth" argScanAllBranches = "all-branches" argProjectName = "project-name" + argBaseCommit = "base-commit" unknownCommit = "unknown" ) @@ -33,6 +34,7 @@ type GitPlugin struct { depth int scanAllBranches bool projectName string + baseCommit string } type GitInfo struct { @@ -67,6 +69,7 @@ func (p *GitPlugin) DefineCommand(items chan ISourceItem, errors chan error) (*c flags.BoolVar(&p.scanAllBranches, argScanAllBranches, false, "scan all branches [default: false]") flags.IntVar(&p.depth, argDepth, 0, "number of commits to scan from HEAD") flags.StringVar(&p.projectName, argProjectName, "", "Project name to differentiate between filesystem scans") + flags.StringVar(&p.baseCommit, argBaseCommit, "", "Base commit to scan commits between base and HEAD") return command, nil } @@ -75,9 +78,14 @@ func (p *GitPlugin) buildScanOptions() string { if p.scanAllBranches { options = append(options, "--all") } - if p.depth > 0 { + + // If base commit is specified, use commit range instead of depth + if p.baseCommit != "" { + options = append(options, fmt.Sprintf("%s..HEAD", p.baseCommit)) + } else if p.depth > 0 { options = append(options, fmt.Sprintf("-n %d", p.depth)) } + return strings.Join(options, " ") } From 53805b3ced021b678458d00c7b274fe7dd0994be Mon Sep 17 00:00:00 2001 From: RuiO <139987905+cx-rui-oliveira@users.noreply.github.com> Date: Wed, 2 Jul 2025 11:25:50 +0100 Subject: [PATCH 2/6] refactor: reorganize test cases and add base commit scenarios --- plugins/git_test.go | 42 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 39 insertions(+), 3 deletions(-) diff --git a/plugins/git_test.go b/plugins/git_test.go index 8a71aff7..a4162beb 100644 --- a/plugins/git_test.go +++ b/plugins/git_test.go @@ -3,12 +3,13 @@ package plugins import ( "errors" "fmt" - "github.com/gitleaks/go-gitdiff/gitdiff" - "github.com/spf13/cobra" - "github.com/stretchr/testify/assert" "os" "path/filepath" "testing" + + "github.com/gitleaks/go-gitdiff/gitdiff" + "github.com/spf13/cobra" + "github.com/stretchr/testify/assert" ) func TestBuildScanOptions(t *testing.T) { @@ -16,38 +17,72 @@ func TestBuildScanOptions(t *testing.T) { name string scanAllBranches bool depth int + baseCommit string expectedOptions string }{ { name: "Default: scan every commit from checked in branch", scanAllBranches: false, depth: 0, + baseCommit: "", expectedOptions: "--full-history", }, { name: "Scan all commits from all branches", scanAllBranches: true, depth: 0, + baseCommit: "", expectedOptions: "--full-history --all", }, { name: "scan the last 10 commits from checked in branch", scanAllBranches: false, depth: 10, + baseCommit: "", expectedOptions: "--full-history -n 10", }, { name: "Scan the last 10 commits of all branches", scanAllBranches: true, depth: 10, + baseCommit: "", expectedOptions: "--full-history --all -n 10", }, { name: "Negative depth: should not include depth option", scanAllBranches: true, depth: -5, + baseCommit: "", expectedOptions: "--full-history --all", }, + { + name: "Base commit: scan commits between base and HEAD", + scanAllBranches: false, + depth: 0, + baseCommit: "abc123", + expectedOptions: "--full-history abc123..HEAD", + }, + { + name: "Base commit with all branches", + scanAllBranches: true, + depth: 0, + baseCommit: "def456", + expectedOptions: "--full-history --all def456..HEAD", + }, + { + name: "Base commit takes precedence over depth", + scanAllBranches: false, + depth: 10, + baseCommit: "ghi789", + expectedOptions: "--full-history ghi789..HEAD", + }, + { + name: "Base commit with all branches takes precedence over depth", + scanAllBranches: true, + depth: 15, + baseCommit: "jkl012", + expectedOptions: "--full-history --all jkl012..HEAD", + }, } for _, tt := range tests { @@ -55,6 +90,7 @@ func TestBuildScanOptions(t *testing.T) { p := &GitPlugin{ scanAllBranches: tt.scanAllBranches, depth: tt.depth, + baseCommit: tt.baseCommit, } result := p.buildScanOptions() assert.Equal(t, tt.expectedOptions, result) From 9a810d9475f83db97b8daae07c8c73bb98c0b4db Mon Sep 17 00:00:00 2001 From: RuiO <139987905+cx-rui-oliveira@users.noreply.github.com> Date: Wed, 2 Jul 2025 11:26:23 +0100 Subject: [PATCH 3/6] docs: update README to include `--base-commit` arg --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index e930e53d..2f5381fb 100644 --- a/README.md +++ b/README.md @@ -336,6 +336,7 @@ Scans a local git repository | ---------------- | ----- | -------------------------------------- | -------------------------------------------------------- | | `--all-branches` | - | false - only current checked in branch | scan all branches | | `--depth` | int | no limit | limit the number of historical commits to scan from HEAD | +| `--base-commit` | string| - | Base commit to scan commits between base and HEAD | For example From 908ab339ac59a462a2b25115e6812cae3a37c9ee Mon Sep 17 00:00:00 2001 From: RuiO <139987905+cx-rui-oliveira@users.noreply.github.com> Date: Wed, 2 Jul 2025 11:41:07 +0100 Subject: [PATCH 4/6] docs: use lowercase --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2f5381fb..13c6cbe4 100644 --- a/README.md +++ b/README.md @@ -336,7 +336,7 @@ Scans a local git repository | ---------------- | ----- | -------------------------------------- | -------------------------------------------------------- | | `--all-branches` | - | false - only current checked in branch | scan all branches | | `--depth` | int | no limit | limit the number of historical commits to scan from HEAD | -| `--base-commit` | string| - | Base commit to scan commits between base and HEAD | +| `--base-commit` | string| - | base commit to scan commits between base and HEAD | For example From 27ffb9022e0a3fe73d1d64b0900675c7fcb86e77 Mon Sep 17 00:00:00 2001 From: RuiO <139987905+cx-rui-oliveira@users.noreply.github.com> Date: Fri, 4 Jul 2025 17:13:32 +0100 Subject: [PATCH 5/6] chore: ignore secrets from test file --- .2ms.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.2ms.yml b/.2ms.yml index e5c9b015..02c789f8 100644 --- a/.2ms.yml +++ b/.2ms.yml @@ -132,7 +132,13 @@ ignore-result: - 44eca14299c23849c83a7a84fdaa35b8a6a0de34 # value used for testing - 374eb22f69352d768e8096f9d55299c4dfd8888c # value used for testing - bd69025b337716ee008f80192523d3cb1c11ed09 # value used for testing - - +- abee8cb648ac1d20c88db6ec5a4ae079c7d29ea8 # value used for testing +- b8e323e82ffb1a6cd55f6f21c05ac963c2586c8f # value used for testing +- 53fea9d5c1718a37457bc484d5a0c8336ef7ab75 # value used for testing +- 4666bc0670fcfa15e706f53abdc59eff2674854f # value used for testing +- f701cd699fcb706453af869581c74a7133a5a317 # value used for testing +- b3f999807edd036ffd73f14a2ca43c543bcf366d # value used for testing +- 7585409b82ac064a256b70d9e526a011ebfb0411 # value used for testing +- f4d8d834faf54a9551b2a1d937a436bea498506e From f0e7e8e48d4caa6dcd12eae0920f93506e34533f Mon Sep 17 00:00:00 2001 From: RuiO <139987905+cx-rui-oliveira@users.noreply.github.com> Date: Fri, 4 Jul 2025 18:13:21 +0100 Subject: [PATCH 6/6] chore: add missing comment --- .2ms.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.2ms.yml b/.2ms.yml index 02c789f8..ce0febcd 100644 --- a/.2ms.yml +++ b/.2ms.yml @@ -139,6 +139,4 @@ ignore-result: - f701cd699fcb706453af869581c74a7133a5a317 # value used for testing - b3f999807edd036ffd73f14a2ca43c543bcf366d # value used for testing - 7585409b82ac064a256b70d9e526a011ebfb0411 # value used for testing -- f4d8d834faf54a9551b2a1d937a436bea498506e - - +- f4d8d834faf54a9551b2a1d937a436bea498506e # value used for testing \ No newline at end of file