3.9 KiB
3.9 KiB
phase, plan, subsystem, tags, requires, provides, affects, tech-stack, key-files, decisions, metrics, requirements
| phase | plan | subsystem | tags | requires | provides | affects | tech-stack | key-files | decisions | metrics | requirements | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 07-import-cicd | 02 | importer |
|
|
|
|
|
|
|
|
|
Phase 7 Plan 02: Gitleaks Importer Summary
One-liner: Gitleaks JSON and CSV output ingests into normalized engine.Finding records with provider-name normalization (e.g., openai-api-key -> openai) and header-indexed CSV parsing for column-order resilience.
What was built
GitleaksImporter(Name() = "gitleaks") decodes a JSON array of Gitleaks finding records into[]engine.Finding.GitleaksCSVImporter(Name() = "gitleaks-csv") reads CSV with a mandatory header row, resolves columns by name so column order drift does not break ingestion.normalizeGitleaksRuleIDtrims common Gitleaks suffixes (-api-key,-access-token,-secret-key,-secret,-token,-key) after lowercasing; unknown patterns pass through lowercased (e.g.,github-pat->github-pat).buildGitleaksFindingis a private helper used by both JSON and CSV paths so the two stay in lockstep: setsSourceType="import:gitleaks",Confidence="medium",VerifyStatus="unverified",Verified=false, and falls back fromFiletoSymlinkFilewhen blank.- Fixtures with 3 records each (OpenAI / AWS / generic) in matching JSON and CSV shapes.
Tests
All 8 tests under go test ./pkg/importer/... -run Gitleaks -v pass:
TestGitleaksImporter_Name— Name() assertions for both importersTestGitleaksImporter_JSON— 3-record fixture, provider names, line numbers, SourceType, Confidence, masked keyTestGitleaksImporter_CSV— same assertions against CSV fixtureTestGitleaksImporter_NormalizeRuleID— table: openai/aws/anthropic/generic/github-pat + case variantsTestGitleaksImporter_EmptyArray—[]returns empty slice, nil errorTestGitleaksImporter_EmptyCSV— header-only returns empty slice, nil errorTestGitleaksImporter_InvalidJSON— returns wrapped errorTestGitleaksImporter_SymlinkFallback— uses SymlinkFile when File is blank
Full package go test ./pkg/importer/... also passes (trufflehog/dedup tests from the parallel 07-01 plan continue to pass alongside).
Commits
bd8eb9bfeat(07-02): add Gitleaks JSON + CSV importers
Deviations from Plan
None - plan executed exactly as written. The Importer interface file (pkg/importer/importer.go) was already present from the parallel wave-1 Plan 07-01, so this executor did not need to create it (plan explicitly allowed for either case).
Self-Check: PASSED
- FOUND: pkg/importer/gitleaks.go
- FOUND: pkg/importer/gitleaks_test.go
- FOUND: pkg/importer/testdata/gitleaks-sample.json
- FOUND: pkg/importer/testdata/gitleaks-sample.csv
- FOUND commit:
bd8eb9b - Tests: 8/8 passing
- Build:
go build ./pkg/importer/...clean