feat: Citi Hackathon code submission#810
Conversation
Signed-off-by: ChaitanyaD48 <chaitanya.d48@gmail.com>
…d cryptography Signed-off-by: ChaitanyaD48 <chaitanya.d48@gmail.com>
Signed-off-by: ChaitanyaD48 <chaitanya.d48@gmail.com>
Signed-off-by: ChaitanyaD48 <chaitanya.d48@gmail.com>
✅ Deploy Preview for endearing-brigadeiros-63f9d0 canceled.
|
|
@JamieSlome @coopernetes we were working on some refactor on #798 PR and due to some merge conflicts we had to rollback and the PR got closed this PR contains all the commits we have done till 14-11-2024 please consider this as our submission . We will demonstrate it during our presentation. you can check the commit history for the dates of hackathon period. |
|
@rgmz I have updated the gitleaks rules can you review it and suggest any other changes if needed? |
Psingle20
changed the title
jescalada
left a comment
jescalada
left a comment
There was a problem hiding this comment.
@Psingle20 Thanks for the contribution! 🚀
It might be helpful to split this PR into smaller chunks for each of the issues solved. That will make it easier for us to review 🙂
I've checked out the #745 implementation only.
There was a problem hiding this comment.
It seems this implementation isn't quite what was mentioned in #745. The goal of #745 is to allow blocking certain filenames, such as for example this-is-a-secret.js. We want to be able to use patterns to match these, like we can already do with commit messages and diffs.
The goal is to extend the commitConfig entry in proxy.config.json to include a filename entry:
"commitConfig": {
"author": {
"email": {
"local": {
"block": ""
},
"domain": {
"allow": ".*"
}
}
},
"message": {
"block": {
"literals": [],
"patterns": []
}
},
"diff": {
"block": {
"literals": [],
"patterns": [],
"providers": {}
}
},
"filename": {
"block": {
"literals": [],
"patterns": []
}
}
},And then implement the logic for this in a push-action file, such as checkFilenames.js.
|
The Gitleaks portion of this PR might be superseded by #1010. |
|
Hi @jescalada, This PR was initially created to gather all the features developed during the hackathon in one place. While we could raise a new PR, I believe there have been several new features added since the hackathon, so we’ll need to adjust accordingly. Also, as @coopernetes suggested, instead of adding it to chain , we should consider refactoring these into plugins. That might require some restructuring to align with the new direction. |
06kellyjac
added
the
citi-hackathon
|
@Psingle20 I'll be closing this PR as we're cleaning up our backlog. It would be fantastic if you could adapt these push actions into plugins as explained in the plugin guide. Feel free to open individual PRs associated with each issue so it's easier to review. Thanks! |
6 participants
This PR can be considered as a submission for the FinOS CitiHackathon.
Team members:
This PR solves issue #745 #788 #796 #797 #765
GITPROXY PLUGINS
We have worked on the following features :
.json,.xlsx,.csv).jpg,.jpeg,.tiff)Some Modifications Non-Standard Cryptography Usage are required.
Add the path to your local repository or working directory in the localRepoRoot in the authorisedList to give git-proxy access to your files.
Sensitive Data Detection ( in files like
.json,.xlsx,.csv)Features:
This solves issue #745
proxy.config.jsonwith the file types for which sensitive data detection is required, for ex:Check EXIF Metadata from Images (
.jpg,.jpeg,.tiff)Features:
This solves issue #796
proxy.config.jsonwith the file types for which EXIF Metadata needs to be detected.Detection of AI/ML usage (incl. weights, models etc.)
Features:
This solves issue #788
proxy.config.jsonwith the parameters for which detection needs to be carried out.Vulnerability Detection using GitLeaks
Features:
This solves issue #797
gitleaks.tomlfileproxy.config.jsonto enable / disable the plugin.gitleaks_reports.jsonDetection of Non-Standard Cryptography Usage
This solves issue #765
Features: