Standardize code formatting and detect local directory (#3)

* standardize code formatting and detect local directory

Signed-off-by: sonichen <[email protected]>

* standardize code formatting and detect local directory

Signed-off-by: sonichen <[email protected]>

---------

Signed-off-by: sonichen <[email protected]>

Author: sonichen

.github/dependabot.yml

@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "cargo" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "daily"

.github/workflows/base.yml

@@ -0,0 +1,56 @@
+# Based on https://github.com/actions-rs/meta/blob/master/recipes/quickstart.md
+#
+# History:
+#   1. 2023-02-14: Created at 2023-02-14T16:00:00Z by Quanyi Ma <[email protected]>
+#
+#
+#
+
+on: [ push, pull_request ]
+
+name: Base GitHub Action for Check, Test and Lints
+
+jobs:
+  check:
+    name: Check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: stable
+          override: true
+      - uses: actions-rs/cargo@v1
+        with:
+          command: check
+
+  test:
+    name: Test Suite
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: stable
+          override: true
+      - uses: actions-rs/cargo@v1
+        with:
+          command: test
+
+  clippy:
+    name: Clippy
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: stable
+          override: true
+      - run: rustup component add clippy
+      - uses: actions-rs/cargo@v1
+        with:
+          command: clippy
+          args: -- -D warnings

CODE-OF-CONDUCT.md

@@ -0,0 +1,45 @@
+# CODE OF CONDUCT
+
+This code of conduct outlines the expected behavior of all members of Open Rust Initiative to ensure a safe, productive, and inclusive environment for everyone.
+
+All members of Open Rust Initiative, including employees, contractors, interns, volunteers, and anyone else represents the company, are expected to behave in a professional, respectful, considerate, and collaborative manner. Harassment, discrimination, or toxic behavior of any kind will not be tolerated.
+
+Open Rust Initiative is committed to providing an environment free of harassment and discrimination for everyone, regardless of gender, gender identity and expression, sexual orientation, disability, physical appearance, body size, race, age, or religion. We do not tolerate harassment of participants in any form. Harassment includes offensive comments related to these characteristics, as well as deliberate intimidation, stalking, following, harassing photography or recording, sustained disruption of talks or other events, inappropriate physical contact, and unwelcome sexual attention.
+
+If you experience or witness unacceptable behavior, see something that makes you feel unsafe, or have concerns about the well-being of a participant, please report it to Eli Ma or Charles Feng immediately. All reports will be handled confidentially.
+
+We value diverse opinions, skills, and experiences. We strive to build an inclusive environment where everyone feels safe and respected. Together, we can achieve great things.
+
+THANK YOU FOR YOUR COOPERATION IN ADVANCING OUR COMMITMENT TO INCLUSION AND RESPECT.
+
+Responsibilities
+
+All members of Open Rust Initiative are expected to:
+
+- Treat all people with respect and consideration, valuing a diversity of views and opinions.
+  • Communicate openly and thoughtfully.
+  • Avoid personal attacks directed at other participants.
+  • Be mindful of your surroundings and your fellow participants. Alert Eli Ma if you notice a dangerous situation or someone in distress.
+  • Respect personal space and property.
+  • Refrain from demeaning, discriminatory, or harassing behavior, speech, and imagery.
+  • Be considerate in your use of space and resources. For example, avoid excessive noise from conversations, laptops, and other electronic devices. Be courteous when taking up shared space such as tables and walkways.
+  • Follow the instructions of Open Rust Initiative staff and security.
+  • Avoid using language that reinforces social and cultural structures of domination related to gender, gender identity and expression, sexual orientation, disability, physical appearance, body size, race, age, religion, or other personal characteristics.
+
+Consequences
+
+Failure to comply with this Code of Conduct may result in disciplinary action, including removal from Open Rust Initiative spaces and events and prohibition from future participation.
+
+Contact Information
+
+If you have questions or concerns about this Code of Conduct, contact Eli Ma or Charles Feng.
+
+# Enforcement
+
+Open Rust Initiative prioritizes creating a safe and positive experience for everyone. We do not tolerate harassment or discrimination of any kind.
+
+We expect participants to follow these rules at all Open Rust Initiative venues and events. Open Rust Initiative staff will enforce this Code of Conduct.
+
+If a participant engages in harassing or discriminatory behavior, Open Rust Initiative staff will take reasonable action they deem appropriate, including warning the offender, expulsion from an event, or banning them from future events.
+
+At their discretion, Open Rust Initiative staff may report offenders to local law enforcement. Open Rust Initiative staff may take action against participants for other behaviors that violate this Code of Conduct or negatively impact the safety and inclusion of event participants.

CONTRIBUTING.md

@@ -0,0 +1,22 @@
+# CONTRIBUTING
+
+Thank you for your interest in contributing to this project. There are many ways you can contribute, from writing tutorials or blog posts, improving the documentation, submitting bug reports and feature requests, all the way to developing code which can be incorporated into the project.
+
+As a contributor, you agree to abide by the Code of Conduct enforced in this community.
+
+## How to contribute
+
+Here are some guidelines for contributing to this project:
+
+1. Report issues/bugs: If you find any issues or bugs in the project, please report them by creating an issue on the issue tracker. Describe the issue in detail and also mention the steps to reproduce it. The more details you provide, the easier it will be for me to investigate and fix the issue.
+2. Suggest enhancements: If you have an idea to enhance or improve this project, you can suggest it by creating an issue on the issue tracker. Explain your enhancement in detail along with its use cases and benefits. I appreciate well-thought-out enhancement suggestions.
+3. Contribute code: If you want to develop and contribute code, follow these steps:
+- Fork the repository and clone it locally.
+- Create a new branch for your feature/bugfix.
+- Make necessary changes and commit them with proper commit messages.
+- Push your changes to your fork and create a pull request.
+- I will review your changes and merge the PR if found suitable. Please ensure your code is properly formatted and follows the same style as the existing codebase.
+1. Write tutorials/blog posts: You can contribute by writing tutorials or blog posts to help users get started with this project. Submit your posts on the issue tracker for review and inclusion. High quality posts that provide value to users are highly appreciated.
+2. Improve documentation: If you find any gaps in the documentation or think any part can be improved, you can make changes to files in the documentation folder and submit a PR. Ensure the documentation is up-to-date with the latest changes.
+
+Your contributions are highly appreciated. Feel free to ask any questions if you have any doubts or facing issues while contributing. The more you contribute, the more you will learn and improve your skills.

Cargo.toml

@@ -0,0 +1,20 @@
+[package]
+name = "sensleak"
+version = "0.1.0"
+edition = "2021"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+
+
+[dependencies]
+regex = "1.5.4"
+clap = { version = "4.2.4", features = ["derive"] }
+toml="0.7.3"
+walkdir = "2.3.2"
+rayon = "1.5.1"
+serde = { version = "1.0", features = ["derive"] }
+serde_json = "1.0"
+chrono = "0.4"
+assert_cmd = "2.0.10"
+tempfile = "3.2.0"

LICENSE-MIT

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 - 2023 Open Rust Initiative
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -1 +1,143 @@
-# sensleak-rs
+# sensleak-rs
+
+sensleak-rs is developing a detect tool  similar to gitleaks using Rust, which will detecting hardcoded secrets like passwords, api keys, and tokens in git repos. 
+
+## Background
+
+Many developers store sensitive information such as keys and certificates in their code, which poses security risks. Therefore, there are commercial services like GitGuardian scanning GitHub and GitLab, as well as open-source components like truffleHog and Gitleaks that support similar functionalities.
+
+### Requirements
+
+Develop a Git repository sensitive data detection tool using the Rust programming language.
+
+1. Develop in Rust for improved security.
+2. Command-line tool that outputs a test report.
+3. Support running as a service and provide access control through a REST API.
+
+### Environment
+
+- Runs on X86_64 and ARM64 architectures.
+- Uses Rust Edition 2021.
+
+## Usage
+
+Here are a few examples of how to use the tool in different scenarios:
+
+- Running the tool in the command-line interface (CLI) to perform sensitive data checks.
+
+**Note: This project is currently under development. The following features describe sensitive information search within a local folder.**
+
+```shell
+sensleaks-rs
+
+Usage: sensleak.exe [OPTIONS] --repo <REPO>
+
+Options:
+  -r, --repo <REPO>      Target repository
+  -c, --config <CONFIG>  Config path.. [default: gitleaks.toml]
+  -o, --report <REPORT>  Path to write json leaks file [default: ]
+  -v, --verbose          Show verbose output from scan
+  -e, --pretty           Pretty print json if leaks are present
+  -h, --help             Print help (see more with '--help')
+  -V, --version          Print version
+
+Repository: https://github.com/open-rust-initiative/sensleak-rs
+```
+
+Examples: (test the file in src\tests\files\test)
+
+```shell
+sensleak -r="tests\files\test" -v -e
+```
+
+Output:
+
+```shell
+[
+    OutputItem {
+        line: "token = sk_test_abcd1234567890efghijklmno",
+        line_number: 5,
+        secret: "sk_test_abcd1234567890efghijklmno",
+        entropy: "",
+        commit: "",
+        repo: "",
+        rule: "Stripe Access Token",
+        commit_message: "",
+        author: "",
+        email: "",
+        file: "tests\\files\\test\\file2.txt",
+        date: "",
+        tags: "",
+        operation: "",
+    },
+    OutputItem {
+        line: "twilio_api_key = SK12345678901234567890123456789012",
+        line_number: 6,
+        secret: "SK12345678901234567890123456789012",
+        entropy: "",
+        commit: "",
+        repo: "",
+        rule: "Twilio API Key",
+        commit_message: "",
+        author: "",
+        email: "",
+        file: "tests\\files\\test\\file2.txt",
+        date: "",
+        tags: "",
+        operation: "",
+    },
+    ....
+]
+WARN:[2023-05-17 09:45:07]10 leaks detected. XXX commits scanned in 66.6222ms
+```
+
+
+
+- Accessing the tool's functionality through the REST API for access control and data scanning. (Coming soon...)
+
+## Configuration
+
+Use the [gitleaks configuration](https://github.com/gitleaks/gitleaks#configuration) in this project.
+
+## Document
+
+Run the following code to read the project document.
+
+```shell
+cargo doc --document-private-items --open
+```
+
+## Contributing
+
+The  project relies on community contributions and aims to simplify getting  started. To use sensleak-rs, clone the repo, install dependencies, and run  sensleak-rs. Pick an issue, make changes, and submit a pull request for community review.
+
+To contribute to rkos, you should:
+
+- Familiarize yourself with the [Code of Conduct](https://github.com/open-rust-initiative/rkos/blob/main/CODE-OF-CONDUCT.md). sensleak-rs has a strict policy against abusive, unethical, or illegal behavior.
+- Review the [Contributing Guidelines](https://github.com/open-rust-initiative/rkos/blob/main/CONTRIBUTING.md). This document outlines the process for submitting bug reports, feature requests, and pull requests to sensleak-rs.
+- Sign the [Developer Certificate of Origin](https://developercertificate.org) (DCO) by adding a `Signed-off-by` line to your commit messages. This certifies that you wrote or have the right to submit the code you are contributing to the project.
+- Choose an issue to work on. Issues labeled `good first issue` are suitable for newcomers. You can also look for issues marked `help wanted`.
+- Fork the sensleak-rs repository and create a branch for your changes.
+- Make your changes and commit them with a clear commit message.
+- Push your changes to GitHub and open a pull request.
+- Respond to any feedback on your pull request. The sensleak-rs maintainers  will review your changes and may request modifications before merging.
+- Once your pull request is merged, you will be listed as a contributor in the project repository and documentation.
+
+To comply with the requirements, contributors must include both a `Signed-off-by` line and a PGP signature in their commit messages. You can find more information about how to generate a PGP key [here](https://docs.github.com/en/github/authenticating-to-github/managing-commit-signature-verification/generating-a-new-gpg-key).
+
+Git even has a `-s` command line option to append this automatically to your commit message, and `-S` to sign your commit with your PGP key. For example:
+
+```shell
+$ git commit -S -s -m 'This is my commit message'
+```
+
+## License
+
+sensleak-rs is licensed under this licensed:
+
+- MIT LICENSE (  https://opensource.org/licenses/MIT)
+
+## References
+
+1. [What is Gitleaks and how to use it?](https://akashchandwani.medium.com/what-is-gitleaks-and-how-to-use-it-a05f2fb5b034)
+2. [Gitleaks.tools](https://github.com/gitleaks/gitleaks)