From 9b4856d7d532b5122a696939c900a82c1b6dd2ce Mon Sep 17 00:00:00 2001
From: Mick Grove <mick.grove@mongodb.com>
Date: Wed, 23 Jul 2025 19:57:33 -0700
Subject: [PATCH] Fixed Gitlab support. Added pre-commit and pre-receive
 installation scripts.

---
 CHANGELOG.md              |  9 +++++++++
 Cargo.toml                |  2 +-
 data/rules/baseten.yml    | 11 +++++++----
 data/rules/mongodb.yml    |  4 +++-
 src/validation.rs         | 16 ++++++++--------
 src/validation/mongodb.rs | 23 +++++++++++++++++++----
 6 files changed, 47 insertions(+), 18 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9f609a2..3f3092e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,15 @@
 
 All notable changes to this project will be documented in this file.
 
+## [1.26.0]
+- Fixed GitLab authentication bug
+- Improved Baseten rule to be less noisy
+- Added pre-commit and pre-receive installation hooks
+
+## [1.25.0]
+- MongoDB validator now skips `mongodb+srv://` URIs and returns a message that validation was skipped
+- Fixed noisy Baseten rule
+
 ## [1.24.0]
 - Now generating DEB and RPM packages
 - Now releasing Docker images, and updated README
diff --git a/Cargo.toml b/Cargo.toml
index 1361d7a..0146316 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -10,7 +10,7 @@ publish = false
 
 [package]
 name = "kingfisher"
-version = "1.24.0"
+version = "1.26.0"
 description = "MongoDB's blazingly fast secret scanning and validation tool"
 edition.workspace = true
 rust-version.workspace = true
diff --git a/data/rules/baseten.yml b/data/rules/baseten.yml
index 17d2285..8773d6c 100644
--- a/data/rules/baseten.yml
+++ b/data/rules/baseten.yml
@@ -4,6 +4,9 @@ rules:
     pattern: |
       (?x)       
       \b
+      baseten
+      (?:.|[\n\r]){0,32}?
+      \b
       (               
         [A-Za-z0-9]{8} 
         \.             
@@ -13,10 +16,10 @@ rules:
     min_entropy: 3.4
     confidence: medium
     examples:
-      - WSsDXzCD.uOcxAp7k82IvCKyY36TnpVbP4ZszP1qw
-      - crXCQC3W.CgCGGY1b9IfJan5TppW0Z07C9oMN2DmR
-      - h2wFkhFC.3WFVwVcxGFr4Qup0gyhvIuONwQxEpL0A
-      - XqbIpj04.x73j1zLUOEgGIKROqVbxsmggPdL8JvAY
+      - baseten_key = WSsDXzCD.uOcxAp7k82IvCKyY36TnpVbP4ZszP1qw
+      - baseten_key = crXCQC3W.CgCGGY1b9IfJan5TppW0Z07C9oMN2DmR
+      - baseten_key = h2wFkhFC.3WFVwVcxGFr4Qup0gyhvIuONwQxEpL0A
+      - baseten_key = XqbIpj04.x73j1zLUOEgGIKROqVbxsmggPdL8JvAY
     references:
       - https://docs.baseten.co/examples/vllm 
       - https://docs.baseten.co/reference/management-api/api-keys/lists-the-users-api-keys
diff --git a/data/rules/mongodb.yml b/data/rules/mongodb.yml
index 63e4775..46fbcf8 100644
--- a/data/rules/mongodb.yml
+++ b/data/rules/mongodb.yml
@@ -91,4 +91,6 @@ rules:
       \b
     min_entropy: 3.5
     examples:
-      - mdb_sa_sk_BdIX_jLzut2WTgglKzKvSgWMDDj5hEoTqdwOyLOL
\ No newline at end of file
+      - mdb_sa_sk_BdIX_jLzut2WTgglKzKvSgWMDDj5hEoTqdwOyLOL
+    validation:
+      type: MongoDB
\ No newline at end of file
diff --git a/src/validation.rs b/src/validation.rs
index 6cb3711..59f5362 100644
--- a/src/validation.rs
+++ b/src/validation.rs
@@ -538,16 +538,16 @@ async fn timed_validate_single_match<'a>(
             }
 
             match mongodb::validate_mongodb(&uri).await {
-                Ok(ok) => {
+                Ok((ok, msg)) => {
                     m.validation_success = ok;
-                    m.validation_response_body = if ok {
-                        "MongoDB connection is valid."
+                    m.validation_response_body = msg;
+                    m.validation_response_status = if uri.starts_with("mongodb+srv://") {
+                        StatusCode::CONTINUE
+                    } else if ok {
+                        StatusCode::OK
                     } else {
-                        "MongoDB connection failed."
-                    }
-                    .to_string();
-                    m.validation_response_status =
-                        if ok { StatusCode::OK } else { StatusCode::UNAUTHORIZED };
+                        StatusCode::UNAUTHORIZED
+                    };
                 }
                 Err(e) => {
                     m.validation_success = false;
diff --git a/src/validation/mongodb.rs b/src/validation/mongodb.rs
index efac6fa..74a82d5 100644
--- a/src/validation/mongodb.rs
+++ b/src/validation/mongodb.rs
@@ -19,15 +19,24 @@ const FAST_SELECT_MS: u64 = 300;
 const SRV_CONNECT_MS: u64 = 15_000; // gives Atlas a fighting chance
 const SRV_SELECT_MS: u64 = 15_000;
 
-/// Validates a MongoDB URI in ≤ 2 s. Returns `Ok(true)` on successful ping.
-pub async fn validate_mongodb(uri: &str) -> Result<bool> {
+/// Validates a MongoDB URI in ≤ 2 s. Returns `(bool, String)` where the
+/// boolean indicates success and the string provides a status message.
+pub async fn validate_mongodb(uri: &str) -> Result<(bool, String)> {
     // ---- quick reject without touching the network
     if !looks_like_mongodb_uri(uri) {
-        return Ok(false);
+        return Ok((false, "Invalid MongoDB URI".to_string()));
     }
 
     let is_srv = uri.starts_with("mongodb+srv://");
 
+    if is_srv {
+        // Skip SRV URIs to avoid slow DNS lookups and topology discovery.
+        return Ok((
+            false,
+            "Validation skipped for mongodb+srv:// URI (performance reasons)".to_string(),
+        ));
+    }
+
     // ---- build client opts
     let mut opts = ClientOptions::parse(uri).await?;
     if !is_srv {
@@ -46,7 +55,13 @@ pub async fn validate_mongodb(uri: &str) -> Result<bool> {
 
     // ---- dial and ping
     let client = Client::with_options(opts)?;
-    Ok(client.database("admin").run_command(doc! { "ping": 1 }).await.is_ok())
+    let ok = client.database("admin").run_command(doc! { "ping": 1 }).await.is_ok();
+    let msg = if ok {
+        "MongoDB connection is valid.".to_string()
+    } else {
+        "MongoDB connection failed.".to_string()
+    };
+    Ok((ok, msg))
 }
 
 // pub fn generate_mongodb_cache_key(mongodb_uri: &str) -> String {