Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/techjacker/diffence

Checks a git diff for offensive content
https://github.com/techjacker/diffence

diff git-diff passwords secrets security

Last synced: 15 days ago
JSON representation

Checks a git diff for offensive content

Host: GitHub
URL: https://github.com/techjacker/diffence
Owner: techjacker
License: mit
Created: 2017-01-23T12:21:17.000Z (almost 8 years ago)
Default Branch: master
Last Pushed: 2021-12-29T17:55:56.000Z (almost 3 years ago)
Last Synced: 2024-06-21T06:34:38.599Z (5 months ago)
Topics: diff, git-diff, passwords, secrets, security
Language: Go
Homepage: https://godoc.org/github.com/techjacker/diffence
Size: 4.52 MB
Stars: 7
Watchers: 3
Forks: 3
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

[![Build Status](https://travis-ci.org/techjacker/diffence.svg?branch=master)](https://travis-ci.org/techjacker/diffence)
[![Go Report Card](https://goreportcard.com/badge/github.com/techjacker/diffence)](https://goreportcard.com/report/github.com/techjacker/diffence)

# diffence
- Checks a git diff for passwords/secret keys accidentally committed
- Golang 1.7+

-----------------------------------------------------------
### Check the entire history of current branch for passwords/keys committed
```$ git log -p | diffence```

#### Example
```
$ git log -p --full-diff | diffence

------------------
Violation 1
Commit: 4cc087a1b4731d1017844cc86323df43068b0409
File: web/src/db/seed.sql
Reason: "SQL dump file"

------------------
Violation 2
Commit: 142e6019248c0d53a5240242ed1a75c0cc110a0b
File: config/passwords.ini
Reason: "Contains word: password"
```

-----------------------------------------------------------
### Add false positives to `.secignore`

```
$ cat .secignore
file/that/is/not/really/a/secret/but/looks/like/one/to/diffence
these/pems/are/ok/*.pem
```

[See example in this repo](./.secignore).

-----------------------------------------------------------
## Install

### Binary
[Download](../../releases) the latest stable release.

### CLI
```
$ go get -u github.com/techjacker/diffence/cmd/diffence
```

### Library
```
$ go get -u github.com/techjacker/diffence
```

-----------------------------------------------------------
## CLI tool

### Example Usage
```
$ touch key.pem

$ git add -N key.pem

$ git diff --stat HEAD
gds HEAD
key.pem | 0
1 file changed, 0 insertions(+), 0 deletions(-)

$ git diff HEAD |diffence
File key.pem violates 1 rules:

Caption: Potential cryptographic private key
Description:
Part: extension
Pattern: pem
Type: match

```

-----------------------------------------------------------
## Rules
- [x] Analyse fPaths with [gitrob rules](https://github.com/michenriksen/gitrob#signature-keys)
- [ ] Analyse added lines - need to find/create ruleset that can analyse file contents
- [ ] Add option to use your own rules again file path/contents

-----------------------------------------------------------
## Tests
```
$ go test ./...
```

-----------------------------------------------------------
## Local Development

#### Build & Run Locally
```shell
$ go install -race ./cmd/diffence
```
OR
```shell
$ go build -race ./cmd/diffence
```

#### Check for race conditions
```shell
$ go run -race ./cmd/diffence/main.go
```