Fixed Gitlab support. Added pre-commit and pre-receive installation scripts.

2025-07-23 19:57:33 -07:00 · 2025-07-23 19:57:33 -07:00 · 9b4856d7d5
commit 9b4856d7d5
parent 884fa1cab9
6 changed files with 47 additions and 18 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,6 +2,15 @@

 All notable changes to this project will be documented in this file.

+## [1.26.0]
+- Fixed GitLab authentication bug
+- Improved Baseten rule to be less noisy
+- Added pre-commit and pre-receive installation hooks
+
+## [1.25.0]
+- MongoDB validator now skips `mongodb+srv://` URIs and returns a message that validation was skipped
+- Fixed noisy Baseten rule
+
 ## [1.24.0]
 - Now generating DEB and RPM packages
 - Now releasing Docker images, and updated README
--- a/Cargo.toml
+++ b/Cargo.toml
@ -10,7 +10,7 @@ publish = false

 [package]
 name = "kingfisher"
-version = "1.24.0"
+version = "1.26.0"
 description = "MongoDB's blazingly fast secret scanning and validation tool"
 edition.workspace = true
 rust-version.workspace = true
--- a/data/rules/baseten.yml
+++ b/data/rules/baseten.yml
@ -4,6 +4,9 @@ rules:
    pattern: |
      (?x)       
      \b
+      baseten
+      (?:.|[\n\r]){0,32}?
+      \b
      (               
        [A-Za-z0-9]{8} 
        \.             
@ -13,10 +16,10 @@ rules:
    min_entropy: 3.4
    confidence: medium
    examples:
-      - WSsDXzCD.uOcxAp7k82IvCKyY36TnpVbP4ZszP1qw
-      - crXCQC3W.CgCGGY1b9IfJan5TppW0Z07C9oMN2DmR
-      - h2wFkhFC.3WFVwVcxGFr4Qup0gyhvIuONwQxEpL0A
-      - XqbIpj04.x73j1zLUOEgGIKROqVbxsmggPdL8JvAY
+      - baseten_key = WSsDXzCD.uOcxAp7k82IvCKyY36TnpVbP4ZszP1qw
+      - baseten_key = crXCQC3W.CgCGGY1b9IfJan5TppW0Z07C9oMN2DmR
+      - baseten_key = h2wFkhFC.3WFVwVcxGFr4Qup0gyhvIuONwQxEpL0A
+      - baseten_key = XqbIpj04.x73j1zLUOEgGIKROqVbxsmggPdL8JvAY
    references:
      - https://docs.baseten.co/examples/vllm 
      - https://docs.baseten.co/reference/management-api/api-keys/lists-the-users-api-keys
--- a/data/rules/mongodb.yml
+++ b/data/rules/mongodb.yml
@ -91,4 +91,6 @@ rules:
      \b
    min_entropy: 3.5
    examples:
-      - mdb_sa_sk_BdIX_jLzut2WTgglKzKvSgWMDDj5hEoTqdwOyLOL
+      - mdb_sa_sk_BdIX_jLzut2WTgglKzKvSgWMDDj5hEoTqdwOyLOL
+    validation:
+      type: MongoDB
--- a/src/validation.rs
+++ b/src/validation.rs
@ -538,16 +538,16 @@ async fn timed_validate_single_match<'a>(
            }

            match mongodb::validate_mongodb(&uri).await {
-                Ok(ok) => {
+                Ok((ok, msg)) => {
                    m.validation_success = ok;
-                    m.validation_response_body = if ok {
-                        "MongoDB connection is valid."
+                    m.validation_response_body = msg;
+                    m.validation_response_status = if uri.starts_with("mongodb+srv://") {
+                        StatusCode::CONTINUE
+                    } else if ok {
+                        StatusCode::OK
                    } else {
-                        "MongoDB connection failed."
-                    }
-                    .to_string();
-                    m.validation_response_status =
-                        if ok { StatusCode::OK } else { StatusCode::UNAUTHORIZED };
+                        StatusCode::UNAUTHORIZED
+                    };
                }
                Err(e) => {
                    m.validation_success = false;
--- a/src/validation/mongodb.rs
+++ b/src/validation/mongodb.rs
@ -19,15 +19,24 @@ const FAST_SELECT_MS: u64 = 300;
 const SRV_CONNECT_MS: u64 = 15_000; // gives Atlas a fighting chance
 const SRV_SELECT_MS: u64 = 15_000;

-/// Validates a MongoDB URI in ≤ 2 s. Returns `Ok(true)` on successful ping.
-pub async fn validate_mongodb(uri: &str) -> Result<bool> {
+/// Validates a MongoDB URI in ≤ 2 s. Returns `(bool, String)` where the
+/// boolean indicates success and the string provides a status message.
+pub async fn validate_mongodb(uri: &str) -> Result<(bool, String)> {
    // ---- quick reject without touching the network
    if !looks_like_mongodb_uri(uri) {
-        return Ok(false);
+        return Ok((false, "Invalid MongoDB URI".to_string()));
    }

    let is_srv = uri.starts_with("mongodb+srv://");

+    if is_srv {
+        // Skip SRV URIs to avoid slow DNS lookups and topology discovery.
+        return Ok((
+            false,
+            "Validation skipped for mongodb+srv:// URI (performance reasons)".to_string(),
+        ));
+    }
+
    // ---- build client opts
    let mut opts = ClientOptions::parse(uri).await?;
    if !is_srv {
@ -46,7 +55,13 @@ pub async fn validate_mongodb(uri: &str) -> Result<bool> {

    // ---- dial and ping
    let client = Client::with_options(opts)?;
-    Ok(client.database("admin").run_command(doc! { "ping": 1 }).await.is_ok())
+    let ok = client.database("admin").run_command(doc! { "ping": 1 }).await.is_ok();
+    let msg = if ok {
+        "MongoDB connection is valid.".to_string()
+    } else {
+        "MongoDB connection failed.".to_string()
+    };
+    Ok((ok, msg))
 }

 // pub fn generate_mongodb_cache_key(mongodb_uri: &str) -> String {