refactor: modified gileaks rules and general code cleanup

Author: Psingle20

.gitleaksignore

@@ -0,0 +1 @@
+**/gitleaks_report.json

gitleaks.toml

@@ -59,7 +59,7 @@
     "lodash": "^4.17.21",
     "lusca": "^1.7.0",
     "moment": "^2.29.4",
-    "mongodb": "^5.0.0",
+    "mongodb": "^5.9.2",
     "nodemailer": "^6.6.1",
     "parse-diff": "^0.11.1",
     "passport": "^0.7.0",

package-lock.json

@@ -9,8 +9,14 @@
   "authorisedList": [
     {
       "project": "finos",
-      "name": "git-proxy",
-      "url": "https://github.com/finos/git-proxy.git"
+      "name": "git-proxy-test",
+      "url": "[email protected]:finos/git-proxy-test.git"
+    },
+    {
+      "project": "project name",
+      "name": "repo name",
+      "url": "repo url",
+      "LocalRepoRoot": "specify you local repository path"
     }
   ],
   "sink": [
@@ -23,14 +29,14 @@
     },
     {
       "type": "mongo",
-      "connectionString": "mongodb://localhost:27017/gitproxy",
+      "connectionString": "mongodb+srv://username:[email protected]/?retryWrites=true&w=majority&appName=Cluster0",
       "options": {
         "useNewUrlParser": true,
         "useUnifiedTopology": true,
         "tlsAllowInvalidCertificates": false,
         "ssl": true
       },
-      "enabled": false
+      "enabled": true
     }
   ],
   "authentication": [
@@ -78,16 +84,17 @@
         "literals": [],
         "patterns": [],
         "providers": {},
-        "proxyFileTypes": [".csv", ".jpg", ".xlsx", ".log", ".json"]
+        "proxyFileTypes": [".csv", ".jpg", ".xlsx", ".log", ".json", ".jpg"]
       }
     },
     "checkForSecrets": {
-      "enabled": false
+      "enabled": true
     },
     "aiMlUsage": {
-          "enabled": true,
-          "blockPatterns": ["modelWeights", "largeDatasets", "aiLibraries", "configKeys", "aiFunctions"]
+      "enabled": true,
+      "blockPatterns": ["modelWeights", "largeDatasets", "aiLibraries", "configKeys", "aiFunctions"]
     }
+    
   },
   "attestationConfig": {
     "questions": [

package.json

@@ -75,6 +75,8 @@ exports.addUserCanPush = async (name, user) => {
 exports.addUserCanAuthorise = async (name, user) => {
   return new Promise(async (resolve, reject) => {
     const repo = await exports.getRepo(name);
+    console.log('details');
+    console.log(JSON.stringify(repo));
 
     if (repo.users.canAuthorise.includes(user)) {
       resolve(null);

proxy.config.json

@@ -66,9 +66,9 @@ class Step {
    * @param {*} message
    */
   log(message) {
-    const m = `${this.stepName} - ${message}`;
-    this.logs.push(m);
-    console.info(m);
+    // const m = `${this.stepName} - ${message}`;
+    // this.logs.push(m);
+    // console.info(m);
   }
 }
 

src/db/file/repo.js

@@ -5,21 +5,20 @@ const pushActionChain = [
   proc.push.checkRepoInAuthorisedList,
   proc.push.checkCommitMessages,
   proc.push.checkAuthorEmails,
-  proc.push.checkUserPushPermission,
+  // proc.push.checkUserPushPermission,
   proc.push.checkIfWaitingAuth,
   proc.push.pullRemote,
   proc.push.writePack,
   proc.push.getDiff,
   proc.push.checkForAiMlUsage,
-  proc.push.checkExifJpeg,              
-  proc.push.checkSensitiveData,     
+  proc.push.checkExifJpeg,
+  proc.push.checkSensitiveData,
+  proc.push.checkForSecrets,
   proc.push.clearBareClone,
-  proc.push.checkCryptoImplementation,
   proc.push.scanDiff,
   proc.push.blockForAuth,
 ];
 
-
 const pullActionChain = [proc.push.checkRepoInAuthorisedList];
 
 let pluginsInserted = false;

src/proxy/actions/Step.js

@@ -56,7 +56,9 @@ const exec = async (req, action) => {
   const step = new Step('checkCommitMessages');
 
   const uniqueCommitMessages = [...new Set(action.commitData.map((commit) => commit.message))];
-  console.log({ uniqueCommitMessages });
+  // console.log({ uniqueCommitMessages });
+  console.log('This is my commit data \n');
+  console.log(action);
 
   const illegalMessages = uniqueCommitMessages.filter((message) => !isMessageAllowed(message));
   console.log({ illegalMessages });

src/proxy/chain.js

@@ -37,6 +37,8 @@ const CRYPTO_PATTERNS = {
 };
 
 function analyzeCodeForCrypto(diffContent) {
+  // file access
+  
   const issues = [];
   // Check for above mentioned cryto Patterns
   if(!diffContent) return issues;
@@ -87,14 +89,17 @@ function analyzeCodeForCrypto(diffContent) {
 }
 
 const exec = async (req, action) => {
+
   const step = new Step('checkCryptoImplementation');
 
   try {
     let hasIssues = false;
     const allIssues = [];
-
+    console.log("action:",action);
     for (const commit of action.commitData) {
       const diff = commit.diff || '';
+      console.log("diff",diff);
+     
       const issues = analyzeCodeForCrypto(diff);
 
       if (issues.length > 0) {
@@ -135,6 +140,6 @@ const exec = async (req, action) => {
   }
 };
 
-// exec.displayName = 'checkCryptoImplementation.exec';
+exec.displayName = 'checkCryptoImplementation.exec';
 exports.exec = exec;
 exports.analyzeCodeForCrypto = analyzeCodeForCrypto;