This repository has been archived by the owner on May 18, 2022. It is now read-only.
forked from rzandonai/gitleaks
/
allowlist.go
60 lines (51 loc) 路 1.52 KB
/
allowlist.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
package config
import (
"regexp"
)
// used for ignoring .git directories when the --no-git flag is set
// related issue: https://github.com/ed-wp/gitleaks/issues/486
const dotGit = `/\.git/`
// AllowList is struct containing items that if encountered will allowlist
// a commit/line of code that would be considered a leak.
type AllowList struct {
Description string
Regexes []*regexp.Regexp
Commits []string
Files []*regexp.Regexp
Paths []*regexp.Regexp
Repos []*regexp.Regexp
}
// CommitAllowed checks if a commit is allowlisted
func (a *AllowList) CommitAllowed(commit string) bool {
for _, hash := range a.Commits {
if commit == hash {
return true
}
}
return false
}
// FileAllowed checks if a file is allowlisted
func (a *AllowList) FileAllowed(fileName string) bool {
return anyRegexMatch(fileName, a.Files)
}
// PathAllowed checks if a path is allowlisted
func (a *AllowList) PathAllowed(filePath string) bool {
return anyRegexMatch(filePath, a.Paths)
}
// RegexAllowed checks if a regex is allowlisted
func (a *AllowList) RegexAllowed(content string) bool {
return anyRegexMatch(content, a.Regexes)
}
// RepoAllowed checks if a regex is allowlisted
func (a *AllowList) RepoAllowed(repo string) bool {
return anyRegexMatch(repo, a.Repos)
}
// IgnoreDotGit appends a `\.git` rule to ignore all .git paths. This is used for --no-git scans
func (a *AllowList) IgnoreDotGit() error {
re, err := regexp.Compile(dotGit)
if err != nil {
return err
}
a.Paths = append(a.Paths, re)
return nil
}