feat(07-02): add Gitleaks JSON + CSV importers

- GitleaksImporter parses native JSON array output to []engine.Finding - GitleaksCSVImporter parses CSV with header-based column resolution - normalizeGitleaksRuleID strips suffixes (-api-key, -access-token, ...) - Shared buildGitleaksFinding helper keeps JSON/CSV paths in lockstep - Test fixtures + 8 tests covering happy path, empty, invalid, symlink fallback
2026-04-05 23:55:36 +03:00
parent 46eec328d2
commit 83640ac200
4 changed files with 378 additions and 0 deletions
--- a/pkg/importer/testdata/gitleaks-sample.csv
+++ b/pkg/importer/testdata/gitleaks-sample.csv
@@ -0,0 +1,4 @@
+RuleID,Commit,File,SymlinkFile,Secret,Match,StartLine,EndLine,StartColumn,EndColumn,Author,Message,Date,Email,Fingerprint,Tags
+openai-api-key,abc123,config/app.yml,,sk-proj-1234567890abcdef1234,key: sk-proj-1234567890abcdef1234,12,12,10,60,dev,add config,2026-04-01T12:00:00Z,dev@example.com,abc123:config/app.yml:openai-api-key:12,"key,openai"
+aws-access-token,def456,terraform/main.tf,,AKIAIOSFODNN7EXAMPLE,access_key = AKIAIOSFODNN7EXAMPLE,55,55,20,40,ops,tf update,2026-04-02T09:30:00Z,ops@example.com,def456:terraform/main.tf:aws-access-token:55,"key,aws"
+generic-api-key,ghi789,scripts/deploy.sh,,xoxp-abcdefghijklmnopqrstuvwxyz,TOKEN=xoxp-abcdefghijklmnopqrstuvwxyz,3,3,8,50,dev,deploy script,2026-04-03T15:45:00Z,dev@example.com,ghi789:scripts/deploy.sh:generic-api-key:3,"key,generic"
--- a/pkg/importer/testdata/gitleaks-sample.json
+++ b/pkg/importer/testdata/gitleaks-sample.json
@@ -0,0 +1,62 @@
+[
+  {
+    "Description": "OpenAI API Key",
+    "StartLine": 12,
+    "EndLine": 12,
+    "StartColumn": 10,
+    "EndColumn": 60,
+    "Match": "key: sk-proj-1234567890abcdef1234",
+    "Secret": "sk-proj-1234567890abcdef1234",
+    "File": "config/app.yml",
+    "SymlinkFile": "",
+    "Commit": "abc123",
+    "Entropy": 4.5,
+    "Author": "dev",
+    "Email": "dev@example.com",
+    "Date": "2026-04-01T12:00:00Z",
+    "Message": "add config",
+    "Tags": ["key", "openai"],
+    "RuleID": "openai-api-key",
+    "Fingerprint": "abc123:config/app.yml:openai-api-key:12"
+  },
+  {
+    "Description": "AWS Access Token",
+    "StartLine": 55,
+    "EndLine": 55,
+    "StartColumn": 20,
+    "EndColumn": 40,
+    "Match": "access_key = AKIAIOSFODNN7EXAMPLE",
+    "Secret": "AKIAIOSFODNN7EXAMPLE",
+    "File": "terraform/main.tf",
+    "SymlinkFile": "",
+    "Commit": "def456",
+    "Entropy": 4.2,
+    "Author": "ops",
+    "Email": "ops@example.com",
+    "Date": "2026-04-02T09:30:00Z",
+    "Message": "tf update",
+    "Tags": ["key", "aws"],
+    "RuleID": "aws-access-token",
+    "Fingerprint": "def456:terraform/main.tf:aws-access-token:55"
+  },
+  {
+    "Description": "Generic API Key",
+    "StartLine": 3,
+    "EndLine": 3,
+    "StartColumn": 8,
+    "EndColumn": 50,
+    "Match": "TOKEN=xoxp-abcdefghijklmnopqrstuvwxyz",
+    "Secret": "xoxp-abcdefghijklmnopqrstuvwxyz",
+    "File": "scripts/deploy.sh",
+    "SymlinkFile": "",
+    "Commit": "ghi789",
+    "Entropy": 3.8,
+    "Author": "dev",
+    "Email": "dev@example.com",
+    "Date": "2026-04-03T15:45:00Z",
+    "Message": "deploy script",
+    "Tags": ["key", "generic"],
+    "RuleID": "generic-api-key",
+    "Fingerprint": "ghi789:scripts/deploy.sh:generic-api-key:3"
+  }
+]