Skip to main content

Identify security leaks in code

 

We will be using Gitleaks software to find security leaks. Here are the steps to identify leaks in your code repo -

  1. Install gitleaks on your local machine. Click here to install. Check if it is installed successfully on your local machine. 
    Website> gitleaks --version
    If its installed, it should show version of gitleaks.

  2. Download sample.config file(see attachment) and copy on your local machine(this is the sample file with configuration/rules, you may change it as per your requirements).

  3. Now git clone the repo on your local machine and goto your code folder.

  4. Once you are in code folder, run gitleaks command.
    Website> gitleaks --path=./ --config-path=../sample.config --verbose where, --path=./ => path of .git folder --config-path=../sample.config => path of sample.config file You can also download the report of leaks for sharing it with your team - Website> gitleaks -v --pretty --path [RepoPath] --config-path=../sample.config --report= [PathtosaveReport] where, --report = [PathtosaveReport] => Give the folder path where report should be saved.

  5. It will take time from 1 minute to 30 minutes depending upon the size of folder and history. 

(output of the gitleaks command)

🏀  Keep learning and sharing to build a strong community. 


Comments

Popular posts from this blog

Cannot alter the login 'sa', because it does not exist or you do not have permission.

Working on projects, it can happen that 'sa' account gets locked. If it is on local machine OR development boxes, onus would be on you to fix it. If scripts and SQL steps are not working, this might help you fixing the issue. Steps to unlock 'sa' account and resetting the password. 1. Open SQL Server Configuration Manager 2. Select SQL Server Services -> 'SQL Server' service. 3. Right click on 'SQL Server' service and click on "Startup Parameters". For 2008, server "Startup Parameters" are inside Advanced tab.   4. Add '-m' in startup parameters as shown above and click on 'Add'. This will put SQL server into 'Single User Mode' and local admin will have 'Super User' rights. For 2008, server you have to add ':-m' in the last of the existing query. 5. Save the settings and Restart the service. 6. Now open the SQL Server Management Studio and connect to database using 'Windows A

Could not load file or assembly 'Microsoft.Web.Infrastructure'

Could not load file or assembly 'Microsoft.Web.Infrastructure, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified. What 'Micorosoft.Web.Infrastructure' does? This dll lets HTTP modules register at run time. Solution to above problem: Copy 'Micorosoft.Web.Infrastructure' dll in bin folder of your project and this problem should be resolved. If you have .Net framework installed on machine, this dll should be present on it. You can search for this dll and copy it in your active project folder.   Alternatively,  you can install this dll using nuget package manager PM> Install-Package Microsoft.Web.Infrastructure -Version 1.0.0 Happy coding!!

Git merge from one repo to another repo

This blog is for those who are looking for merging code from one repo to another repo. Why I will merge code from one repo to another? I forked from one git repo( may be some public git repo ) and did some cutomization on existing code. Occasionaly, features are being introduced in main git branch and I would like to get all those features in my own git repo. In this scenario, I would like to merge latest changes in my git repo. Here are few simple steps which will merge code from one git repo to another- 1. Clone the repo1(source git repo) > git clone https://github.com/org/repo1.git   > git pull 2. Clone the repo2(destination git repo) > git clone https://github.com/org/repo2.git > git pull 3. Goto repo2 (destination git folder) and checkout your prefered branch > cd repo2 > git checkout master>  4. Use below command to see the remote branch associated with your destination git repo > git remote -v  origin https://github.com/org/repo2.g