config

package

v7.6.0 Latest Latest Go to latest Published: Aug 19, 2021 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ed-wp/gitleaks

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type AllowList
type Config
- func (config *Config) AppendConfig(configToBeAppended Config) Config
type Entropy
type Offender
- func (o *Offender) IsEmpty() bool
- func (o *Offender) ToString() string
type Rule
type TomlAllowList
type TomlLoader
- func (tomlLoader TomlLoader) Parse() (Config, error)

Constants ¶

View Source

const DefaultConfig = `` /* 5292-byte string literal not displayed */

DefaultConfig is the default gitleaks configuration. If --config={path-to-config} is set than the config located at {path-to-config} will be used. Alternatively, if --repo-config is set then gitleaks will attempt to use the config set in a gitleaks.toml or .gitleaks.toml file in the repo that is run with --repo-config set.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AllowList ¶

type AllowList struct {
	Description string
	Regexes     []*regexp.Regexp
	Commits     []string
	Files       []*regexp.Regexp
	Paths       []*regexp.Regexp
	Repos       []*regexp.Regexp
}

AllowList is struct containing items that if encountered will allowlist a commit/line of code that would be considered a leak.

func (*AllowList) CommitAllowed ¶

func (a *AllowList) CommitAllowed(commit string) bool

CommitAllowed checks if a commit is allowlisted

func (*AllowList) FileAllowed ¶

func (a *AllowList) FileAllowed(fileName string) bool

FileAllowed checks if a file is allowlisted

func (*AllowList) IgnoreDotGit ¶

func (a *AllowList) IgnoreDotGit() error

IgnoreDotGit appends a `\.git` rule to ignore all .git paths. This is used for --no-git scans

func (*AllowList) PathAllowed ¶

func (a *AllowList) PathAllowed(filePath string) bool

PathAllowed checks if a path is allowlisted

func (*AllowList) RegexAllowed ¶

func (a *AllowList) RegexAllowed(content string) bool

RegexAllowed checks if a regex is allowlisted

func (*AllowList) RepoAllowed ¶

func (a *AllowList) RepoAllowed(repo string) bool

RepoAllowed checks if a regex is allowlisted

type Config ¶

type Config struct {
	Rules     []Rule
	Allowlist AllowList
}

Config is a composite struct of Rules and Allowlists Each Rule contains a description, regular expression, tags, and allowlists if available

func LoadAdditionalConfig ¶

func LoadAdditionalConfig(repoConfig string) (Config, error)

LoadAdditionalConfig Accepts a path to a gitleaks config and returns a Config struct

func LoadRepoConfig ¶

func LoadRepoConfig(repo *git.Repository, repoConfig string) (Config, error)

LoadRepoConfig accepts a repo and config path related to the target repo's root.

func NewConfig ¶

func NewConfig(options options.Options) (Config, error)

NewConfig will create a new config struct which contains rules on how gitleaks will proceed with its scan. If no options are passed via cli then NewConfig will return a default config which can be seen in config.go

func (*Config) AppendConfig ¶

func (config *Config) AppendConfig(configToBeAppended Config) Config

AppendConfig Accepts a Config struct and will append those fields to this Config Struct's fields

type Entropy ¶

type Entropy struct {
	Min   float64
	Max   float64
	Group int
}

Entropy represents an entropy range

type Offender ¶

type Offender struct {
	Match        string
	EntropyLevel float64
	Line         int
}

Offender is a struct that contains the information matched when searching content and information on why it matched (i.e. the EntropyLevel)

func (*Offender) IsEmpty ¶

func (o *Offender) IsEmpty() bool

IsEmpty checks to see if nothing was found in the match

func (*Offender) ToString ¶

func (o *Offender) ToString() string

ToString the contents of the match

type Rule ¶

type Rule struct {
	Description string
	Regex       *regexp.Regexp
	File        *regexp.Regexp
	Path        *regexp.Regexp
	ReportGroup int
	Multiline   bool
	Tags        []string
	AllowList   AllowList
	Entropies   []Entropy
}

Rule is a struct that contains information that is loaded from a gitleaks config. This struct is used in the Config struct as an array of Rules and is iterated over during an scan. Each rule will be checked. If a regex match is found AND that match is not allowlisted (globally or locally), then a leak will be appended to the final scan report.

func (*Rule) CheckEntropy ¶

func (r *Rule) CheckEntropy(groups []string) (bool, float64)

CheckEntropy checks if there is an entropy leak

func (*Rule) CommitAllowed ¶

func (r *Rule) CommitAllowed(commit string) bool

CommitAllowed checks if a commit is allowlisted

func (*Rule) HasFileLeak ¶

func (r *Rule) HasFileLeak(fileName string) bool

HasFileLeak checks if there is a file leak

func (*Rule) HasFileOrPathLeakOnly ¶

func (r *Rule) HasFileOrPathLeakOnly(filePath string) bool

HasFileOrPathLeakOnly first checks if there are no entropy/regex rules, then checks if there are any file/path leaks

func (*Rule) HasFilePathLeak ¶

func (r *Rule) HasFilePathLeak(filePath string) bool

HasFilePathLeak checks if there is a path leak

func (*Rule) Inspect ¶

func (r *Rule) Inspect(line string) *Offender

Inspect checks the content of a line for a leak

func (*Rule) InspectFile ¶

func (r *Rule) InspectFile(fileLines string) []Offender

func (*Rule) RegexAllowed ¶

func (r *Rule) RegexAllowed(content string) bool

RegexAllowed checks if the content is allowlisted

type TomlAllowList ¶

type TomlAllowList struct {
	Description string
	Regexes     []string
	Commits     []string
	Files       []string
	Paths       []string
	Repos       []string
}

TomlAllowList is a struct used in the TomlLoader that loads in allowlists from specific rules or globally at the top level config

type TomlLoader ¶

type TomlLoader struct {
	AllowList TomlAllowList
	Rules     []struct {
		Description string
		Regex       string
		File        string
		Path        string
		ReportGroup int
		Multiline   bool
		Tags        []string
		Entropies   []struct {
			Min   string
			Max   string
			Group string
		}
		AllowList TomlAllowList
	}
}

TomlLoader gets loaded with the values from a gitleaks toml config see the config in config/defaults.go for an example. TomlLoader is used to generate Config values (compiling regexes, etc).

func (TomlLoader) Parse ¶

func (tomlLoader TomlLoader) Parse() (Config, error)

Parse will parse the values set in a TomlLoader and use those values to create compiled regular expressions and rules used in scans

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL