Files
wehub-resource-sync 48b3ccf279
gitleaks / gitleaks (push) Has been skipped
Test / test (ubuntu-latest) (push) Failing after 0s
Test / test (windows-latest) (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:12:29 +08:00

98 lines
2.6 KiB
Go

// == WARNING ==
// These functions are used to generate GitLeak's default config.
// You are free to use these in your own project, HOWEVER, no API stability is guaranteed.
package utils
import (
"strings"
"github.com/zricethezav/gitleaks/v8/cmd/generate/config/base"
"github.com/zricethezav/gitleaks/v8/config"
"github.com/zricethezav/gitleaks/v8/detect"
"github.com/zricethezav/gitleaks/v8/logging"
)
func Validate(rule config.Rule, truePositives []string, falsePositives []string) *config.Rule {
r := &rule
d := createSingleRuleDetector(r)
for _, tp := range truePositives {
if len(d.DetectString(tp)) < 1 {
logging.Fatal().
Str("rule", r.RuleID).
Str("value", tp).
Str("regex", r.Regex.String()).
Msg("Failed to Validate. True positive was not detected by regex.")
}
}
for _, fp := range falsePositives {
findings := d.DetectString(fp)
if len(findings) != 0 {
logging.Fatal().
Str("rule", r.RuleID).
Str("value", fp).
Str("regex", r.Regex.String()).
Msg("Failed to Validate. False positive was detected by regex.")
}
}
return r
}
func ValidateWithPaths(rule config.Rule, truePositives map[string]string, falsePositives map[string]string) *config.Rule {
r := &rule
d := createSingleRuleDetector(r)
for path, tp := range truePositives {
f := detect.Fragment{Raw: tp, FilePath: path}
if len(d.Detect(f)) != 1 {
logging.Fatal().
Str("rule", r.RuleID).
Str("value", tp).
Str("regex", r.Regex.String()).
Str("path", r.Path.String()).
Msg("Failed to Validate. True positive was not detected by regex and/or path.")
}
}
for path, fp := range falsePositives {
f := detect.Fragment{Raw: fp, FilePath: path}
if len(d.Detect(f)) != 0 {
logging.Fatal().
Str("rule", r.RuleID).
Str("value", fp).
Str("regex", r.Regex.String()).
Str("path", r.Path.String()).
Msg("Failed to Validate. False positive was detected by regex and/or path.")
}
}
return r
}
func createSingleRuleDetector(r *config.Rule) *detect.Detector {
// normalize keywords like in the config package
var (
uniqueKeywords = make(map[string]struct{})
keywords []string
)
for _, keyword := range r.Keywords {
k := strings.ToLower(keyword)
if _, ok := uniqueKeywords[k]; ok {
continue
}
keywords = append(keywords, k)
uniqueKeywords[k] = struct{}{}
}
r.Keywords = keywords
rules := map[string]config.Rule{
r.RuleID: *r,
}
cfg := base.CreateGlobalConfig()
cfg.Rules = rules
cfg.Keywords = uniqueKeywords
for _, a := range cfg.Allowlists {
if err := a.Validate(); err != nil {
logging.Fatal().Err(err).Msg("invalid global allowlist")
}
}
return detect.NewDetector(cfg)
}