commit gitleaks for openSUSE:Factory

Source-Sync Mon, 23 Sep 2024 06:22:02 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package gitleaks for openSUSE:Factory 
checked in at 2024-09-23 15:20:33
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gitleaks (Old)
 and      /work/SRC/openSUSE:Factory/.gitleaks.new.29891 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "gitleaks"

Mon Sep 23 15:20:33 2024 rev:7 rq:1202400 version:8.19.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/gitleaks/gitleaks.changes        2024-09-15 
12:41:44.185886694 +0200
+++ /work/SRC/openSUSE:Factory/.gitleaks.new.29891/gitleaks.changes     
2024-09-23 15:21:42.704172300 +0200
@@ -1,0 +2,8 @@
+Sat Sep 21 17:09:32 UTC 2024 - opensuse_buildserv...@ojkastl.de
+
+- Update to version 8.19.2:
+  * fix(rule): comment out errant validation case (#1509)
+  * remove validate config test temporarily
+  * Update README.md
+
+-------------------------------------------------------------------

Old:
----
  gitleaks-8.19.1.obscpio

New:
----
  gitleaks-8.19.2.obscpio

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ gitleaks.spec ++++++
--- /var/tmp/diff_new_pack.JBQesX/_old  2024-09-23 15:21:43.356199341 +0200
+++ /var/tmp/diff_new_pack.JBQesX/_new  2024-09-23 15:21:43.360199506 +0200
@@ -20,7 +20,7 @@
 %define __arch_install_post export NO_BRP_STRIP_DEBUG=true
 
 Name:           gitleaks
-Version:        8.19.1
+Version:        8.19.2
 Release:        0
 Summary:        Protect and discover secrets using Gitleaks
 License:        MIT

++++++ _service ++++++
--- /var/tmp/diff_new_pack.JBQesX/_old  2024-09-23 15:21:43.400201166 +0200
+++ /var/tmp/diff_new_pack.JBQesX/_new  2024-09-23 15:21:43.408201497 +0200
@@ -3,7 +3,7 @@
     <param name="url">https://github.com/zricethezav/gitleaks</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="revision">v8.19.1</param>
+    <param name="revision">v8.19.2</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>
     <param name="versionrewrite-pattern">v(.*)</param>

++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.JBQesX/_old  2024-09-23 15:21:43.432202493 +0200
+++ /var/tmp/diff_new_pack.JBQesX/_new  2024-09-23 15:21:43.436202659 +0200
@@ -1,6 +1,6 @@
 <servicedata>
 <service name="tar_scm">
                 <param 
name="url">https://github.com/zricethezav/gitleaks</param>
-              <param 
name="changesrevision">9463ffaa5e9efc94ee235972d1519eac2844fad3</param></service></servicedata>
+              <param 
name="changesrevision">128cd22f7c7c8aaf001234999e509e84ef5d6577</param></service></servicedata>
 (No newline at EOF)
 

++++++ gitleaks-8.19.1.obscpio -> gitleaks-8.19.2.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/gitleaks-8.19.1/.github/workflows/test.yml 
new/gitleaks-8.19.2/.github/workflows/test.yml
--- old/gitleaks-8.19.1/.github/workflows/test.yml      2024-09-14 
11:01:27.000000000 +0200
+++ new/gitleaks-8.19.2/.github/workflows/test.yml      2024-09-16 
13:17:26.000000000 +0200
@@ -24,6 +24,3 @@
 
       - name: Test
         run: make test
-
-      - name: Validate Config
-        run: go generate ./... && git diff --exit-code
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/gitleaks-8.19.1/README.md 
new/gitleaks-8.19.2/README.md
--- old/gitleaks-8.19.1/README.md       2024-09-14 11:01:27.000000000 +0200
+++ new/gitleaks-8.19.2/README.md       2024-09-16 13:17:26.000000000 +0200
@@ -208,54 +208,6 @@
 
 After running the detect command with the --baseline-path parameter, report 
output (findings.json) will only contain new issues.
 
-### Verify Findings
-
-You can verify a finding found by gitleaks using a `git log` command.
-Example output:
-
-```
-Finding:     aws_secret="AKIAIMNOJVGFDXXXE4OA"
-RuleID:      aws-access-token
-Secret       AKIAIMNOJVGFDXXXE4OA
-Entropy:     3.65
-File:        checks_test.go
-Line:        37
-Commit:      ec2fc9d6cb0954fb3b57201cf6133c48d8ca0d29
-Author:      Zachary Rice
-Email:       z...@email.com
-Date:        2018-01-28T17:39:00Z
-Fingerprint: 
ec2fc9d6cb0954fb3b57201cf6133c48d8ca0d29:checks_test.go:aws-access-token:37
-```
-
-We can use the following format to verify the leak:
-
-```
-git log -L {StartLine,EndLine}:{File} {Commit}
-```
-
-So in this example it would look like:
-
-```
-git log -L 37,37:checks_test.go ec2fc9d6cb0954fb3b57201cf6133c48d8ca0d29
-```
-
-Which gives us:
-
-```
-commit ec2fc9d6cb0954fb3b57201cf6133c48d8ca0d29
-Author: zricethezav <thisispublicanyw...@gmail.com>
-Date:   Sun Jan 28 17:39:00 2018 -0500
-
-    [update] entropy check
-
-diff --git a/checks_test.go b/checks_test.go
---- a/checks_test.go
-+++ b/checks_test.go
-@@ -28,0 +37,1 @@
-+               "aws_secret= \"AKIAIMNOJVGFDXXXE4OA\"":          true,
-
-```
-
 ## Pre-Commit hook
 
 You can run Gitleaks as a pre-commit hook by copying the example 
`pre-commit.py` script into
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/gitleaks-8.19.1/config/config_test.go 
new/gitleaks-8.19.2/config/config_test.go
--- old/gitleaks-8.19.1/config/config_test.go   2024-09-14 11:01:27.000000000 
+0200
+++ new/gitleaks-8.19.2/config/config_test.go   2024-09-16 13:17:26.000000000 
+0200
@@ -91,11 +91,11 @@
                        cfg:       Config{},
                        wantError: fmt.Errorf("rule |id| is missing or empty, 
regex: (?i)(discord[a-z0-9_ 
.\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-h0-9]{64})['\\\"]"),
                },
-               {
-                       cfgName:   "no_regex_or_path",
-                       cfg:       Config{},
-                       wantError: fmt.Errorf("discord-api-key: both |regex| 
and |path| are empty, this rule will have no effect"),
-               },
+               //{
+               //      cfgName:   "no_regex_or_path",
+               //      cfg:       Config{},
+               //      wantError: fmt.Errorf("discord-api-key: both |regex| 
and |path| are empty, this rule will have no effect"),
+               //},
                {
                        cfgName:   "bad_entropy_group",
                        cfg:       Config{},
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/gitleaks-8.19.1/config/rule.go 
new/gitleaks-8.19.2/config/rule.go
--- old/gitleaks-8.19.1/config/rule.go  2024-09-14 11:01:27.000000000 +0200
+++ new/gitleaks-8.19.2/config/rule.go  2024-09-16 13:17:26.000000000 +0200
@@ -60,10 +60,12 @@
                return fmt.Errorf("rule |id| is missing or empty" + context)
        }
 
+       // TODO: uncomment this once it works with |extend|.
+       // See: 
https://github.com/gitleaks/gitleaks/issues/1507#issuecomment-2352559213
        // Ensure the rule actually matches something.
-       if r.Regex == nil && r.Path == nil {
-               return fmt.Errorf("%s: both |regex| and |path| are empty, this 
rule will have no effect", r.RuleID)
-       }
+       //if r.Regex == nil && r.Path == nil {
+       //      return fmt.Errorf("%s: both |regex| and |path| are empty, this 
rule will have no effect", r.RuleID)
+       //}
 
        // Ensure |secretGroup| works.
        if r.Regex != nil && r.SecretGroup > r.Regex.NumSubexp() {

++++++ gitleaks.obsinfo ++++++
--- /var/tmp/diff_new_pack.JBQesX/_old  2024-09-23 15:21:43.688213110 +0200
+++ /var/tmp/diff_new_pack.JBQesX/_new  2024-09-23 15:21:43.692213276 +0200
@@ -1,5 +1,5 @@
 name: gitleaks
-version: 8.19.1
-mtime: 1726304487
-commit: 9463ffaa5e9efc94ee235972d1519eac2844fad3
+version: 8.19.2
+mtime: 1726485446
+commit: 128cd22f7c7c8aaf001234999e509e84ef5d6577
 

++++++ vendor.tar.gz ++++++

commit gitleaks for openSUSE:Factory

Reply via email to