You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Gitleaks relies on a core set of regex patterns that are mysterious and seem to work well enough, but may in fact have some blind spots (as mentioned in this comment). I believe that we can significantly increase the quality of detections (more true positives and fewer false positives) by creating a set of known/realistic true & false positive, and testing each rule against them, rather than manually creating one or a handful of test cases for each rule.
Below, I've created the skeleton of what that list may look like. Realistically it may not be possible to match all of these scenarios, or do so without creating significant false positives.
Describe the solution you'd like
Gitleaks relies on a core set of regex patterns that are mysterious and seem to work well enough, but may in fact have some blind spots (as mentioned in this comment). I believe that we can significantly increase the quality of detections (more true positives and fewer false positives) by creating a set of known/realistic true & false positive, and testing each rule against them, rather than manually creating one or a handful of test cases for each rule.
gitleaks/cmd/generate/config/rules/adobe.go
Lines 19 to 22 in 06db3b9
Below, I've created the skeleton of what that list may look like. Realistically it may not be possible to match all of these scenarios, or do so without creating significant false positives.
Configuration Formats
HCL
INI (https://quickref.me/ini.html)
Quoted
Unquoted
Comments
Comments after line
JSON (https://quickref.me/json.html)
String value
Separate key/value
Array value
Escaped
Properties
Equals sign
Colon
TOML
XML
Element
Attribute
Separate key/value nodes
YAML (https://yaml-multiline.info/)
Single line
Multiline (literal style)
Multiline (folding style)
Programming Languages
C# / .NET
Variable
Go (https://quickref.me/go)
Variable
Short variable
Java / JVM
Java
Kotlin
Node.js / JavaScript / TypeScript
PHP
Python
Simple variable
Ruby
Miscellaneous Tools & File Formats
CSV
...
Logstash
Makefile
cc @zricethezav
The text was updated successfully, but these errors were encountered: