Intsights
diff --git a/‎.github/workflows/build.yml‎
Lines changed: 42 additions & 15 deletions b/‎.github/workflows/build.yml‎
Lines changed: 42 additions & 15 deletions
diff --git a/‎.github/workflows/deploy.yml‎
Lines changed: 22 additions & 14 deletions b/‎.github/workflows/deploy.yml‎
Lines changed: 22 additions & 14 deletions
diff --git a/‎.gitignore‎
Lines changed: 24 additions & 5 deletions b/‎.gitignore‎
Lines changed: 24 additions & 5 deletions
diff --git a/‎Cargo.toml‎
Lines changed: 24 additions & 0 deletions b/‎Cargo.toml‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎MANIFEST.in‎
Lines changed: 0 additions & 4 deletions b/‎MANIFEST.in‎
Lines changed: 0 additions & 4 deletions
diff --git a/‎README.md‎
Lines changed: 38 additions & 50 deletions b/‎README.md‎
Lines changed: 38 additions & 50 deletions
diff --git a/‎benchmarks/gitleaks.sh‎
Lines changed: 1 addition & 0 deletions b/‎benchmarks/gitleaks.sh‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎benchmarks/gitleaks.toml‎
Lines changed: 4 additions & 0 deletions b/‎benchmarks/gitleaks.toml‎
Lines changed: 4 additions & 0 deletions
@@ -2,22 +2,49 @@ name: Build
 on: [push, pull_request]
 
 jobs:
-  build:
+  lint:
     if: github.event_name == 'push' && !startsWith(github.event.ref, 'refs/tags')
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v1
+      - name: Install latest rust
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          override: true
+          components: clippy
+      - name: Lint with clippy
+        uses: actions-rs/cargo@v1
+        with:
+          command: clippy
+          args: --all-targets --all-features
+  test:
+    runs-on: ${{ matrix.os }}
+    needs: lint
     strategy:
-      max-parallel: 4
+      fail-fast: false
       matrix:
-        python-version: [3.6, 3.7, 3.8, pypy3]
+        python-version: [3.6, 3.7, 3.8]
+        os: [ubuntu-latest , macos-latest, windows-latest]
+
     steps:
-    - uses: actions/checkout@v1
-    - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v1
-      with:
-        python-version: ${{ matrix.python-version }}
-    - name: Install Ubuntu packages
-      run: >-
-        sudo apt install libre2-dev libgit2-dev;
-    - name: Test module
-      run: >-
-        python setup.py test
+      - name: Checkout
+        uses: actions/checkout@v1
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v1
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Run image
+        uses: abatilo/[email protected]
+      - name: Install latest rust
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          override: true
+      - name: Install dependencies
+        run: poetry install
+      - name: Build Python package
+        run: poetry run maturin develop
+      - name: pytest
+        run: poetry run pytest tests
@@ -5,18 +5,26 @@ on:
 
 jobs:
   deploy:
-    runs-on: ubuntu-20.04
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: [3.6, 3.7, 3.8]
+        os: [ubuntu-latest, macos-latest, windows-latest]
     steps:
-    - uses: actions/checkout@v1
-    - name: Set up Python 3.8
-      uses: actions/setup-python@v1
-      with:
-        python-version: 3.8
-    - name: Build a source tarball
-      run: >-
-        python -m pip install --user --upgrade setuptools;
-        python setup.py sdist;
-    - name: Publish distribution 📦 to PyPI
-      uses: pypa/gh-action-pypi-publish@master
-      with:
-        password: ${{ secrets.pypi_password }}
+      - uses: actions/checkout@v1
+      - uses: actions/setup-python@v1
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Install latest rust
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+          override: true
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip maturin
+      - name: Build & Publish to PyPi
+        run: maturin publish --username __token__ --no-sdist --interpreter python${{matrix.python_version}} --manylinux=2014
+        env:
+          MATURIN_PASSWORD: ${{ secrets.pypi_password }}
@@ -20,7 +20,6 @@ parts/
 sdist/
 var/
 wheels/
-pip-wheel-metadata/
 share/python-wheels/
 *.egg-info/
 .installed.cfg
@@ -50,6 +49,7 @@ coverage.xml
 *.py,cover
 .hypothesis/
 .pytest_cache/
+cover/
 
 # Translations
 *.mo
@@ -72,6 +72,7 @@ instance/
 docs/_build/
 
 # PyBuilder
+.pybuilder/
 target/
 
 # Jupyter Notebook
@@ -82,7 +83,9 @@ profile_default/
 ipython_config.py
 
 # pyenv
-.python-version
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
 
 # pipenv
 #   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
@@ -128,6 +131,22 @@ dmypy.json
 # Pyre type checker
 .pyre/
 
-*.cppimporthash
-.rendered.*
-.vscode
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+.gitignore
+.gitignore
+
+# Generated by Cargo
+# will have compiled files and executables
+debug/
+target/
+
+# Remove Cargo.lock from gitignore if creating an executable, leave it for libraries
+# More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html
+Cargo.lock
+
+# These are backup files generated by rustfmt
+**/*.rs.bk
@@ -0,0 +1,24 @@
+[package]
+name = "pyrepscan"
+version = "0.1.0"
+authors = ["Gal Ben David <[email protected]>"]
+edition = "2018"
+
+[lib]
+name = "pyrepscan"
+crate-type = ["cdylib"]
+
+[dependencies]
+git2 = "*"
+regex = "*"
+rayon = "*"
+chrono = "*"
+parking_lot = "*"
+
+[dependencies.pyo3]
+version = "0.12"
+features = ["extension-module"]
+
+[profile.release]
+lto = true
+panic = "abort"
@@ -3,7 +3,7 @@
         <img src="https://raw.githubusercontent.com/intsights/PyRepScan/master/images/logo.png" alt="Logo">
     </a>
     <h3 align="center">
-        A Git Repository Leaks Scanner Python library written in C++
+        A Git Repository Secrets Scanner written in Rust
     </h3>
 </p>
 
@@ -19,7 +19,6 @@
   - [Built With](#built-with)
   - [Performance](#performance)
     - [CPU](#cpu)
-  - [Prerequisites](#prerequisites)
   - [Installation](#installation)
 - [Documentation](#documentation)
 - [Usage](#usage)
@@ -29,37 +28,25 @@
 
 ## About The Project
 
-PyRepScan is a python library written in C++. The library uses [libgit2](https://github.com/libgit2/libgit2) for repository parsing and traversing, [re2](https://github.com/google/re2) for regex pattern matching and [taskflow](https://github.com/taskflow/taskflow) for concurrency. The library was written to achieve high performance and python bindings.
+PyRepScan is a python library written in Rust. The library uses [git2-rs](https://github.com/rust-lang/git2-rs) for repository parsing and traversing, [regex](https://github.com/rust-lang/regex) for regex pattern matching and [rayon](https://github.com/rayon-rs/rayon) for concurrency. The library was written to achieve high performance and python bindings.
 
 
 ### Built With
 
-* [libgit2](https://github.com/libgit2/libgit2)
-* [re2](https://github.com/google/re2)
-* [taskflow](https://github.com/taskflow/taskflow)
+* [git2-rs](https://github.com/rust-lang/git2-rs)
+* [regex](https://github.com/rust-lang/regex)
+* [rayon](https://github.com/rayon-rs/rayon)
 
 
 ### Performance
 
 #### CPU
-| Library | Time | Improvement Factor |
+| Library | Time | Peak Memory |
 | ------------- | ------------- | ------------- |
-| [PyRepScan](https://github.com/intsights/PyRepScan) | 2.18s | 1.0x |
-| [gitleaks](https://github.com/zricethezav/gitleaks) | 63.0s | 28.9x |
+| [PyRepScan](https://github.com/intsights/PyRepScan) | 4s | 501,708 kb |
+| [gitleaks](https://github.com/zricethezav/gitleaks) | 507s | 823,016 kb |
 
 
-### Prerequisites
-
-In order to compile this package you should have GCC & Python development package installed.
-* Fedora
-```sh
-sudo dnf install python3-devel gcc-c++ libgit2-devel re2-devel
-```
-* Ubuntu 20.04
-```sh
-sudo apt install python3-dev libgit2-dev libre2-dev
-```
-
 ### Installation
 
 ```sh
@@ -82,62 +69,62 @@ This class holds all the added rules for fast reuse.
 def add_content_rule(
     self,
     name: str,
-    regex_pattern: str,
-    whitelist_regex_patterns: typing.List[str],
-    blacklist_regex_patterns: typing.List[str],
+    pattern: str,
+    whitelist_patterns: typing.List[str],
+    blacklist_patterns: typing.List[str],
 ) -> None
 ```
 The `add_content_rule` function adds a new rule to an internal list of rules that could be reused multiple times against different repositories. The same name can be used multiple times and would lead to results which can hold the same name. Content rule means that the regex pattern would be tested against the content of the files.
 - `name` - The name of the rule so it can be identified.
-- `regex_pattern` - The regex pattern (RE2 syntax) to match against the content of the commited files.
-- `whitelist_regex_patterns` - A list of regex patterns (RE2 syntax) to match against the content of the committed file to filter in results. Only one of the patterns should be matched to pass through the result. There is an OR relation between the patterns.
-- `blacklist_regex_patterns` - A list of regex patterns (RE2 syntax) to match against the content of the committed file to filter out results. Only one of the patterns should be matched to omit the result. There is an OR relation between the patterns.
+- `pattern` - The regex pattern (Rust Regex syntax) to match against the content of the commited files.
+- `whitelist_patterns` - A list of regex patterns (Rust Regex syntax) to match against the content of the committed file to filter in results. Only one of the patterns should be matched to pass through the result. There is an OR relation between the patterns.
+- `blacklist_patterns` - A list of regex patterns (Rust Regex syntax) to match against the content of the committed file to filter out results. Only one of the patterns should be matched to omit the result. There is an OR relation between the patterns.
 
 
 ```python
-def add_file_name_rule(
+def add_file_path_rule(
     self,
     name: str,
-    regex_pattern: str,
+    pattern: str,
 ) -> None
 ```
-The `add_file_name_rule` function adds a new rule to an internal list of rules that could be reused multiple times against different repositories. The same name can be used multiple times and would lead to results which can hold the same name. File name rule means that the regex pattern would be tested against the file names.
+The `add_file_path_rule` function adds a new rule to an internal list of rules that could be reused multiple times against different repositories. The same name can be used multiple times and would lead to results which can hold the same name. File name rule means that the regex pattern would be tested against the file paths.
 - `name` - The name of the rule so it can be identified.
-- `regex_pattern` - The regex pattern (RE2 syntax) to match against the file names of the commited files.
+- `pattern` - The regex pattern (Rust Regex syntax) to match against the file paths of the commited files.
 
 
 ```python
-def add_ignored_file_extension(
+def add_file_extension_to_skip(
     self,
     file_extension: str,
 ) -> None
 ```
-The `add_ignored_file_extension` function adds a new file extension to the filtering phase to reduce the amount of inspected files and to increase the performance of the scan.
+The `add_file_extension_to_skip` function adds a new file extension to the filtering phase to reduce the amount of inspected files and to increase the performance of the scan.
 - `file_extension` - A file extension, without a leading dot, to filter out from the scan.
 
 
 ```python
-def add_ignored_file_path(
+def add_file_path_to_skip(
     self,
     file_path: str,
 ) -> None
 ```
-The `add_ignored_file_path` function adds a new file pattern to the filtering phase to reduce the amount of inspected files and to increase the performance of the scan. Every file path that would include the `file_path` substring would be left out of the scanned files.
+The `add_file_path_to_skip` function adds a new file path pattern to the filtering phase to reduce the amount of inspected files and to increase the performance of the scan. Every file path that would include the `file_path` substring would be left out of the scanned files.
 - `file_path` - If the inspected file path would include this substring, it won't be scanned. This parameter is a free text.
 
 
 ```python
 def scan(
     self,
     repository_path: str,
-    branch_glob_pattern: '*',
-    from_timestamp: int = 0,
+    branch_glob_pattern: typing.Optional[str],
+    from_timestamp: typing.Optional[int],
 ) -> typing.List[typing.Dict[str, str]]
 ```
 The `scan` function is the main function in the library. Calling this function would trigger a new scan that would return a list of matches. The scan function is a multithreaded operation, that would utilize all the available core in the system. The results would not include the file content but only the regex matching group. To retrieve the full file content one should take the `results['oid']` and to call `get_file_content` function.
 - `repository_path` - The git repository folder path.
-- `branch_glob_pattern` - A glob pattern to filter branches for the scan.
-- `from_timestamp` - A UTC timestamp (Int) that only commits that were created after this timestamp would be included in the scan.
+- `branch_glob_pattern` - A glob pattern to filter branches for the scan. If None is sent, defaults to `*`.
+- `from_timestamp` - A UTC timestamp (Int) that only commits that were created after this timestamp would be included in the scan. If None is sent, defaults to `0`.
 
 A sample result would look like this:
 ```python
@@ -157,6 +144,7 @@ A sample result would look like this:
 
 ```python
 def get_file_content(
+    self,
     repository_path: str,
     file_oid: str,
 ) -> bytes
@@ -176,32 +164,32 @@ grs = pyrepscan.GitRepositoryScanner()
 # Adds a specific rule, can be called multiple times or none
 grs.add_content_rule(
     name='First Rule',
-    regex_pattern=r'(-----BEGIN PRIVATE KEY-----)',
-    whitelist_regex_patterns=[],
-    blacklist_regex_patterns=[],
+    pattern=r'(-----BEGIN PRIVATE KEY-----)',
+    whitelist_patterns=[],
+    blacklist_patterns=[],
 )
-grs.add_file_name_rule(
+grs.add_file_path_rule(
     name='Second Rule',
-    regex_pattern=r'.+\.pem',
+    pattern=r'.+\.pem',
 )
-grs.add_file_name_rule(
+grs.add_file_path_rule(
     name='Third Rule',
-    regex_pattern=r'(prod|dev|stage).+key',
+    pattern=r'(prod|dev|stage).+key',
 )
 
 # Add file extensions to ignore during the search
-grs.add_ignored_file_extension(
+grs.add_file_extension_to_skip(
     file_extension='bin',
 )
-grs.add_ignored_file_extension(
+grs.add_file_extension_to_skip(
     file_extension='jpg',
 )
 
 # Add file paths to ignore during the search. Free text is allowed
-grs.add_ignored_file_path(
+grs.add_file_path_to_skip(
     file_path='site-packages',
 )
-grs.add_ignored_file_path(
+grs.add_file_path_to_skip(
     file_path='node_modules',
 )
 
 
@@ -0,0 +1 @@
+~/go/bin/gitleaks --repo-path=$REPO_PATH --config=gitleaks.toml
@@ -0,0 +1,4 @@
+[[rules]]
+    description = "AWS Manager ID"
+    regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
+    tags = ["key", "AWS"]
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+~/go/bin/gitleaks --repo-path=$REPO_PATH --config=gitleaks.toml`