diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 037280e..7ff53c9 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,12 +1,12 @@ repos: - repo: git@github.com:Yelp/detect-secrets - rev: v0.13.1 + rev: v1.5.0 hooks: - id: detect-secrets args: ['--baseline', '.secrets.baseline'] exclude: go.sum - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v2.5.0 + rev: v6.0.0 hooks: - id: no-commit-to-branch args: [--branch, develop, --branch, master, --pattern, release/.*] diff --git a/.secrets.baseline b/.secrets.baseline index 51c7443..9ab82c6 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -1,19 +1,18 @@ { - "exclude": { - "files": "go.sum|^.secrets.baseline$", - "lines": null - }, - "generated_at": "2024-03-11T21:41:11Z", + "version": "1.5.0", "plugins_used": [ + { + "name": "ArtifactoryDetector" + }, { "name": "AWSKeyDetector" }, { - "name": "ArtifactoryDetector" + "name": "AzureStorageKeyDetector" }, { - "base64_limit": 4.5, - "name": "Base64HighEntropyString" + "name": "Base64HighEntropyString", + "limit": 4.5 }, { "name": "BasicAuthDetector" @@ -22,8 +21,17 @@ "name": "CloudantDetector" }, { - "hex_limit": 3, - "name": "HexHighEntropyString" + "name": "DiscordBotTokenDetector" + }, + { + "name": "GitHubTokenDetector" + }, + { + "name": "GitLabTokenDetector" + }, + { + "name": "HexHighEntropyString", + "limit": 3 }, { "name": "IbmCloudIamDetector" @@ -31,61 +39,130 @@ { "name": "IbmCosHmacDetector" }, + { + "name": "IPPublicDetector" + }, { "name": "JwtTokenDetector" }, { - "keyword_exclude": null, - "name": "KeywordDetector" + "name": "KeywordDetector", + "keyword_exclude": "" }, { "name": "MailchimpDetector" }, + { + "name": "NpmDetector" + }, + { + "name": "OpenAIDetector" + }, { "name": "PrivateKeyDetector" }, + { + "name": "PypiTokenDetector" + }, + { + "name": "SendGridDetector" + }, { "name": "SlackDetector" }, { "name": "SoftlayerDetector" }, + { + "name": "SquareOAuthDetector" + }, { "name": "StripeDetector" }, + { + "name": "TelegramBotTokenDetector" + }, { "name": "TwilioKeyDetector" } ], + "filters_used": [ + { + "path": "detect_secrets.filters.allowlist.is_line_allowlisted" + }, + { + "path": "detect_secrets.filters.common.is_baseline_file", + "filename": ".secrets.baseline" + }, + { + "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies", + "min_level": 2 + }, + { + "path": "detect_secrets.filters.heuristic.is_indirect_reference" + }, + { + "path": "detect_secrets.filters.heuristic.is_likely_id_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_lock_file" + }, + { + "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_potential_uuid" + }, + { + "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign" + }, + { + "path": "detect_secrets.filters.heuristic.is_sequential_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_swagger_file" + }, + { + "path": "detect_secrets.filters.heuristic.is_templated_secret" + }, + { + "path": "detect_secrets.filters.regex.should_exclude_file", + "pattern": [ + "go.sum|^.secrets.baseline$" + ] + } + ], "results": { ".github/workflows/golang-ci-workflow.yaml": [ { + "type": "Secret Keyword", + "filename": ".github/workflows/golang-ci-workflow.yaml", "hashed_secret": "afc848c316af1a89d49826c5ae9d00ed769415f3", "is_verified": false, "line_number": 13, - "type": "Secret Keyword" + "is_secret": false } ], "docs/openapi.yaml": [ { + "type": "Base64 High Entropy String", + "filename": "docs/openapi.yaml", "hashed_secret": "f9fdc64928c96c7ad56bf7da557f70345d83a6ed", "is_verified": false, "line_number": 1688, - "type": "Base64 High Entropy String" + "is_secret": false } ], "main.go": [ { + "type": "Basic Auth Credentials", + "filename": "main.go", "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8", "is_verified": false, "line_number": 31, - "type": "Basic Auth Credentials" + "is_secret": false } ] }, - "version": "0.13.1", - "word_list": { - "file": null, - "hash": null - } + "generated_at": "2026-01-08T15:36:16Z" } diff --git a/main.go b/main.go index 39029e6..eb3f2fb 100644 --- a/main.go +++ b/main.go @@ -67,6 +67,25 @@ func main() { ErrorLog: httpLogger, Handler: router, } - httpLogger.Println("arborist serving at", httpServer.Addr) - httpLogger.Fatal(httpServer.ListenAndServe()) + + certPath := "/tls/cert.pem" + keyPath := "/tls/key.pem" + + // Check if both certificate and key files exist + if _, err := os.Stat(certPath); err == nil { + if _, err := os.Stat(keyPath); err == nil { + // Both files exist, use HTTPS + httpLogger.Println("arborist serving at", addr, "with HTTPS") + httpLogger.Fatal(httpServer.ListenAndServeTLS(certPath, keyPath)) + } else { + // Certificate exists but key doesn't + httpLogger.Printf("WARNING: Certificate found at %s but key file not found at %s, serving over HTTP\n", certPath, keyPath) + httpLogger.Println("arborist serving at", httpServer.Addr) + httpLogger.Fatal(httpServer.ListenAndServe()) + } + } else { + // No certificate found, use HTTP + httpLogger.Println("arborist serving at", httpServer.Addr) + httpLogger.Fatal(httpServer.ListenAndServe()) + } }