Class: Ace::Git::Secrets::Atoms::GitleaksRunner

Inherits:

Object

• Object
• Ace::Git::Secrets::Atoms::GitleaksRunner

Defined in:

lib/ace/git/secrets/atoms/gitleaks_runner.rb

Overview

Runner for gitleaks external tool Handles gitleaks availability detection and execution

Gitleaks is REQUIRED for ace-git-secrets. The gem focuses on remediation (revocation, history rewriting) while delegating detection to gitleaks which has 100+ actively maintained patterns.

Defined Under Namespace

Classes: GitleaksNotFoundError

Instance Attribute Summary

• #config_path ⇒ Object readonly

  Returns the value of attribute config_path.

Class Method Summary

• .available? ⇒ Boolean

  Check if gitleaks is available in PATH.

• .ensure_available! ⇒ Object

  Ensure gitleaks is available, raising error if not.

• .ensure_compatible! ⇒ Object

  Ensure gitleaks version is compatible.

Instance Method Summary

• #available? ⇒ Boolean

  Instance method for backward compatibility.

• #compatible_version? ⇒ Boolean

  Check if gitleaks version is compatible (8.0+) ace-git-secrets requires gitleaks 8.x for the ‘git` subcommand and JSON report format.

• #initialize(config_path: nil) ⇒ GitleaksRunner constructor

  A new instance of GitleaksRunner.

• #scan_files(path: ".", verbose: false) ⇒ Hash

  Run gitleaks scan on current files (no git history).

• #scan_history(path: ".", since: nil, verbose: false) ⇒ Hash

  Run gitleaks scan on git history.

• #version ⇒ String^?

  Get gitleaks version.

Constructor Details

#initialize(config_path: nil) ⇒ GitleaksRunner

Returns a new instance of GitleaksRunner.

Parameters:

• config_path (String, nil) (defaults to: nil) —

  Path to gitleaks config file

# File 'lib/ace/git/secrets/atoms/gitleaks_runner.rb', line 24

def initialize(config_path: nil)
  @config_path = config_path
end

Instance Attribute Details

#config_path ⇒ Object (readonly)

Returns the value of attribute config_path.

# File 'lib/ace/git/secrets/atoms/gitleaks_runner.rb', line 21

def config_path
  @config_path
end

Class Method Details

.available? ⇒ Boolean

Check if gitleaks is available in PATH

Returns:

• (Boolean)

# File 'lib/ace/git/secrets/atoms/gitleaks_runner.rb', line 30

def self.available?
  system("which gitleaks > /dev/null 2>&1")
end

.ensure_available! ⇒ Object

Ensure gitleaks is available, raising error if not

Raises:

• (GitleaksNotFoundError) —

  If gitleaks is not installed

# File 'lib/ace/git/secrets/atoms/gitleaks_runner.rb', line 36

def self.ensure_available!
  return if available?

  raise GitleaksNotFoundError,
    "gitleaks is required but not installed. Install with: brew install gitleaks"
end

.ensure_compatible! ⇒ Object

Ensure gitleaks version is compatible

Raises:

• (GitleaksNotFoundError) —

  If gitleaks is incompatible

# File 'lib/ace/git/secrets/atoms/gitleaks_runner.rb', line 77

def self.ensure_compatible!
  runner = new
  return if runner.compatible_version?

  ver = runner.version || "unknown"
  raise GitleaksNotFoundError,
    "gitleaks version #{ver} is not compatible. Version 8.0+ is required. " \
    "Upgrade with: brew upgrade gitleaks"
end

Instance Method Details

#available? ⇒ Boolean

Instance method for backward compatibility

Returns:

• (Boolean)

# File 'lib/ace/git/secrets/atoms/gitleaks_runner.rb', line 45

def available?
  self.class.available?
end

#compatible_version? ⇒ Boolean

Check if gitleaks version is compatible (8.0+) ace-git-secrets requires gitleaks 8.x for the ‘git` subcommand and JSON report format

Returns:

• (Boolean) —

  true if version is compatible

# File 'lib/ace/git/secrets/atoms/gitleaks_runner.rb', line 63

def compatible_version?
  ver = version
  return false unless ver

  # Extract major version from strings like "v8.18.4" or "8.18.4"
  match = ver.match(/v?(\d+)\./)
  return false unless match

  major = match[1].to_i
  major >= 8
end

#scan_files(path: ".", verbose: false) ⇒ Hash

Run gitleaks scan on current files (no git history)

Parameters:

• path (String) (defaults to: ".") —

  Path to scan

• verbose (Boolean) (defaults to: false) —

  Enable verbose output

Returns:

• (Hash) —

  Scan results with :success, :findings, :output keys

# File 'lib/ace/git/secrets/atoms/gitleaks_runner.rb', line 91

def scan_files(path: ".", verbose: false)
  run_gitleaks(path: path, no_git: true, verbose: verbose)
end

#scan_history(path: ".", since: nil, verbose: false) ⇒ Hash

Run gitleaks scan on git history

Parameters:

• path (String) (defaults to: ".") —

  Path to repository

• since (String, nil) (defaults to: nil) —

  Start commit for scanning

• verbose (Boolean) (defaults to: false) —

  Enable verbose output

Returns:

• (Hash) —

  Scan results with :success, :findings, :output keys

# File 'lib/ace/git/secrets/atoms/gitleaks_runner.rb', line 100

def scan_history(path: ".", since: nil, verbose: false)
  run_gitleaks(path: path, no_git: false, since: since, verbose: verbose)
end

#version ⇒ String^?

Get gitleaks version

Returns:

• (String, nil) —

  Version string or nil if not available

# File 'lib/ace/git/secrets/atoms/gitleaks_runner.rb', line 51

def version
  return nil unless available?

  stdout, _status = Open3.capture2("gitleaks version")
  stdout.strip
rescue
  nil
end