Documentation
¶
Overview ¶
Package diffcheck provides functions for checking a git diff for potentially sensitive information.
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // UseEntropy is a feature flag that, if set true, enables experimental // string entropy testing UseEntropy = false )
Functions ¶
This section is empty.
Types ¶
type Report ¶
type Report struct {
// Current relative path of the file to which the report pertains
Path string
// Old path of the file - will be identical unless the file has been
// moved/renamed as part of the changeset
OldPath string
// Set of warnings pertaining to this report
Warnings []Warning
}
Report is a collection of warnings for a particular file discovered in a patch
func SnoopPatch ¶
SnoopPatch takes a raw github patch byte array and tests it against the defined rulesets. Returns true if diff appears clean and false otherwise. In the case of a potentially unclean diff, a report set will also be returned detailing a set of warnings identified.
Example ¶
package main
import (
"fmt"
"os/exec"
"github.com/ONSdigital/git-diff-check/diffcheck"
)
func main() {
patch, _ := exec.Command("git", "diff", "-U0", "--staged").CombinedOutput()
ok, reports, err := diffcheck.SnoopPatch(patch)
if err != nil {
panic(err)
}
if !ok {
fmt.Println("WARNING! Potential sensitive data found:")
for _, r := range reports {
fmt.Printf("Found in (%s)\n", r.Path)
for _, w := range r.Warnings {
fmt.Printf("\t> [%s] %s (line %d)\n", w.Type, w.Description, w.Line)
}
}
}
}
type Warning ¶
type Warning struct {
// The ruleset type that triggered the warning. e.g. "file" or "line"
Type string
// Human compatible warning description
Description string
// Line number (if applicable) where the warning was triggered.
// If no line then will be -1
Line int
}
Warning is a specific warning about a file in diff. One or more are compiled into a `Report`
Source Files
Click to show internal directories.
Click to hide internal directories.