feat(ssh_command): yay, works@@ -17,11 +17,12 @@ require "./fetch"
# ---------- Config ----------
MAX_PACK_BYTES = 50 * 1024 * 1024 # 50 MiB
-CHUNK_SIZE = 64 * 1024 # 64 KiB
-OVERLAP = 4096 # 4 KiB overlap
-MAX_MATCHES = 500
-LOG_FILE = "/var/log/gitfoss/git_ssh.log"
+CHUNK_SIZE = 64 * 1024 # 64 KiB
+OVERLAP = 4096 # 4 KiB overlap
+MAX_MATCHES = 500 # maximum number of secrets to find in a pack
+LOG_FILE = "/var/log/gitfoss/git_ssh.log"
+# regex patterns for secrets to scan for
PATTERNS = [
/AKIA[0-9A-Z]{16}/,
/AIza[0-9A-Za-z\-_]{35}/,
@@ -30,7 +31,7 @@ PATTERNS = [
]
# prefix
-SIDEBAND_PREFIX = "0008" + "\x02"
+SIDEBAND_PREFIX = "0008" + "\x02"
SIDEBAND_ERR_PREFIX = "0008" + "\x03"
# ---------- Helpers ----------
@@ -252,7 +253,7 @@ write_to_file("mode: #{mode.to_s}\n")
# For upload (fetch/pull), just exec the original command (auth already done).
if mode == :upload
- exec_replace(["/bin/sh", "-c", SSH_ORIGINAL_COMMAND.split(" ")[0]], repoDir)
+ exec_replace(["/bin/sh", "-c", SSH_ORIGINAL_COMMAND], repoDir.gsub("#{info[:org]}/#{info[:repo]}.git", ""))
end
# ---------- From here: mode == :receive (push) ----------
@@ -477,4 +478,4 @@ end
FileUtils.rm_rf(tmpdir) rescue nil
sideband_println("No secrets detected; allowing push")
-exec_replace(["/bin/sh", "-c", SSH_ORIGINAL_COMMAND])
+exec_replace(["/bin/sh", "-c", SSH_ORIGINAL_COMMAND], repoDir.gsub("#{info[:org]}/#{info[:repo]}.git", ""))
@@ -54,7 +54,7 @@ function build_and_deploy() {
}
echo -e ""
{
- echo -e "[..] ssh ${remote_ssh_user}@${remote_ssh_host} -p ${remote_ssh_port}\"docker load -i ${docker_image_name}.tar\""
+ echo -e "[..] ssh ${remote_ssh_user}@${remote_ssh_host} -p ${remote_ssh_port} \"docker load -i ${docker_image_name}.tar\""
ssh \
${remote_ssh_user}@${remote_ssh_host} -p ${remote_ssh_port} \
"docker load -i ${remote_dest_path}/${docker_image_name}.tar"