Class: Leakferret::Client

Inherits:

Object

• Object
• Leakferret::Client

Defined in:

lib/leakferret/client.rb

Overview

Thin shell-out wrapper around the native binary. Each public method invokes leakferret <verb> --format json and parses the resulting array. You normally call the module-level scan, verify, and rewrite helpers instead of constructing this directly.

Instance Method Summary

• #rewrite(path, apply: false, backend: 'env', **opts) ⇒ Array<Hash>

  Run scan + classify + rewrite proposal.

• #scan(path, exclude: [], only: nil, show_fixtures: false) ⇒ Array<Hash>

  Run a scan-only pass (regex pre-filter, offline).

• #verify(path, mode: 'best-effort', timeout: 10, **opts) ⇒ Array<Hash>

  Run scan + classify + provider verification.

Instance Method Details

#rewrite(path, apply: false, backend: 'env', **opts) ⇒ Array<Hash>

Run scan + classify + rewrite proposal.

Parameters:

• path (String) —

  file or directory to scan

• apply (Boolean) (defaults to: false) —

  write the rewrites in place when true

• backend (String) (defaults to: 'env') —

  rewrite backend (e.g. env, doppler)

• opts (Hash) —

  a customizable set of options

Options Hash (**opts):

• :exclude (Array<String>) —

  glob(s) to skip

• :only (Array<String>, String) —

  restrict the scan to these path(s)

Returns:

• (Array<Hash>) —

  findings, each with a proposed replacement

Raises:

• (BinaryInvocationError) —

  on an unexpected exit status

# File 'lib/leakferret/client.rb', line 48

def rewrite(path, apply: false, backend: 'env', **opts)
  args = ['rewrite', path, '--format', 'json', '--backend', backend]
  args << '--apply' if apply
  run(args + format_flags(**opts))
end

#scan(path, exclude: [], only: nil, show_fixtures: false) ⇒ Array<Hash>

Run a scan-only pass (regex pre-filter, offline).

Parameters:

• path (String) —

  file or directory to scan

• exclude (Array<String>) (defaults to: []) —

  glob(s) to skip

• only (Array<String>, String, nil) (defaults to: nil) —

  restrict the scan to these path(s)

• show_fixtures (Boolean) (defaults to: false) —

  include catalog fixtures in the result

Returns:

• (Array<Hash>) —

  candidate finding hashes

Raises:

• (BinaryInvocationError) —

  on an unexpected exit status

# File 'lib/leakferret/client.rb', line 20

def scan(path, exclude: [], only: nil, show_fixtures: false)
  run(['scan', path, '--format', 'json'] + format_flags(exclude:, only:, show_fixtures:))
end

#verify(path, mode: 'best-effort', timeout: 10, **opts) ⇒ Array<Hash>

Run scan + classify + provider verification.

Parameters:

• path (String) —

  file or directory to scan

• mode (String) (defaults to: 'best-effort') —

  verify mode passed to --verify-mode

• timeout (Integer) (defaults to: 10) —

  per-verifier timeout in seconds

• opts (Hash) —

  a customizable set of options

Options Hash (**opts):

• :exclude (Array<String>) —

  glob(s) to skip

• :only (Array<String>, String) —

  restrict the scan to these path(s)

• :show_fixtures (Boolean) —

  include catalog fixtures

Returns:

• (Array<Hash>) —

  findings with verification and verdict filled in

Raises:

• (BinaryInvocationError) —

  on an unexpected exit status

# File 'lib/leakferret/client.rb', line 34

def verify(path, mode: 'best-effort', timeout: 10, **opts)
  run(['verify', path, '--format', 'json', '--verify-mode', mode,
       '--verifier-timeout-secs', timeout.to_s] + format_flags(**opts))
end