Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var DefaultConfig string
Functions ¶
This section is empty.
Types ¶
type Allowlist ¶
type Allowlist struct {
// Short human readable description of the allowlist.
Description string
// Regexes is slice of content regular expressions that are allowed to be ignored.
Regexes []*regexp.Regexp
// RegexTarget
RegexTarget string
// Paths is a slice of path regular expressions that are allowed to be ignored.
Paths []*regexp.Regexp
// Commits is a slice of commit SHAs that are allowed to be ignored.
Commits []string
// StopWords is a slice of stop words that are allowed to be ignored.
// This targets the _secret_, not the content of the regex match like the
// Regexes slice.
StopWords []string
}
Allowlist allows a rule to be ignored for specific regexes, paths, and/or commits
func (*Allowlist) CommitAllowed ¶
CommitAllowed returns true if the commit is allowed to be ignored.
func (*Allowlist) ContainsStopWord ¶
func (*Allowlist) PathAllowed ¶
PathAllowed returns true if the path is allowed to be ignored.
func (*Allowlist) RegexAllowed ¶
RegexAllowed returns true if the regex is allowed to be ignored.
type Config ¶
type Config struct {
Extend Extend
Path string
Description string
Rules map[string]Rule
Allowlist Allowlist
Keywords []string
// contains filtered or unexported fields
}
Config is a configuration struct that contains rules and an allowlist if present.
func (*Config) OrderedRules ¶
type Extend ¶
Extend is a struct that allows users to define how they want their configuration extended by other configuration files.
type Rule ¶
type Rule struct {
// Description is the description of the rule.
Description string
// RuleID is a unique identifier for this rule
RuleID string
// Entropy is a float representing the minimum shannon
// entropy a regex group must have to be considered a secret.
Entropy float64
// SecretGroup is an int used to extract secret from regex
// match and used as the group that will have its entropy
// checked if `entropy` is set.
SecretGroup int
// Regex is a golang regular expression used to detect secrets.
Regex *regexp.Regexp
// Path is a golang regular expression used to
// filter secrets by path
Path *regexp.Regexp
// Tags is an array of strings used for metadata
// and reporting purposes.
Tags []string
// Keywords are used for pre-regex check filtering. Rules that contain
// keywords will perform a quick string compare check to make sure the
// keyword(s) are in the content being scanned.
Keywords []string
// Allowlist allows a rule to be ignored for specific
// regexes, paths, and/or commits
Allowlist Allowlist
}
Rules contain information that define details on how to detect secrets
type ViperConfig ¶
type ViperConfig struct {
Description string
Extend Extend
Rules []struct {
ID string
Description string
Entropy float64
SecretGroup int
Regex string
Keywords []string
Path string
Tags []string
Allowlist struct {
RegexTarget string
Regexes []string
Paths []string
Commits []string
StopWords []string
}
}
Allowlist struct {
RegexTarget string
Regexes []string
Paths []string
Commits []string
StopWords []string
}
}
ViperConfig is the config struct used by the Viper config package to parse the config file. This struct does not include regular expressions. It is used as an intermediary to convert the Viper config to the Config struct.
func (*ViperConfig) Translate ¶
func (vc *ViperConfig) Translate() (Config, error)
Source Files