config

package
v8.23.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 13, 2025 License: MIT Imports: 8 Imported by: 25

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var DefaultConfig string

Functions

This section is empty.

Types

type Allowlist 

type Allowlist struct {
	// Short human readable description of the allowlist.
	Description string

	// MatchCondition determines whether all criteria must match.
	MatchCondition AllowlistMatchCondition

	// Commits is a slice of commit SHAs that are allowed to be ignored. Defaults to "OR".
	Commits []string

	// Paths is a slice of path regular expressions that are allowed to be ignored.
	Paths []*regexp.Regexp

	// Regexes is slice of content regular expressions that are allowed to be ignored.
	Regexes []*regexp.Regexp

	// Can be `match` or `line`.
	//
	// If `match` the _Regexes_ will be tested against the match of the _Rule.Regex_.
	//
	// If `line` the _Regexes_ will be tested against the entire line.
	//
	// If RegexTarget is empty, it will be tested against the found secret.
	RegexTarget string

	// StopWords is a slice of stop words that are allowed to be ignored.
	// This targets the _secret_, not the content of the regex match like the
	// Regexes slice.
	StopWords []string
}

Allowlist allows a rule to be ignored for specific regexes, paths, and/or commits

func (*Allowlist) CommitAllowed 

func (a *Allowlist) CommitAllowed(c string) bool

CommitAllowed returns true if the commit is allowed to be ignored.

func (*Allowlist) ContainsStopWord added in v8.8.0 

func (a *Allowlist) ContainsStopWord(s string) bool

func (*Allowlist) PathAllowed 

func (a *Allowlist) PathAllowed(path string) bool

PathAllowed returns true if the path is allowed to be ignored.

func (*Allowlist) RegexAllowed 

func (a *Allowlist) RegexAllowed(secret string) bool

RegexAllowed returns true if the regex is allowed to be ignored.

func (*Allowlist) Validate added in v8.21.0 

func (a *Allowlist) Validate() error

type AllowlistMatchCondition added in v8.21.0 

type AllowlistMatchCondition int
const (
	AllowlistMatchOr AllowlistMatchCondition = iota
	AllowlistMatchAnd
)

func (AllowlistMatchCondition) String added in v8.21.1 

func (a AllowlistMatchCondition) String() string

type Config 

type Config struct {
	Title       string
	Extend      Extend
	Path        string
	Description string
	Rules       map[string]Rule
	Allowlist   Allowlist
	Keywords    map[string]struct{}

	// used to keep sarif results consistent
	OrderedRules []string
}

Config is a configuration struct that contains rules and an allowlist if present.

func (*Config) GetOrderedRules added in v8.18.3 

func (c *Config) GetOrderedRules() []Rule

type Extend added in v8.9.0 

type Extend struct {
	Path       string
	URL        string
	UseDefault bool
}

Extend is a struct that allows users to define how they want their configuration extended by other configuration files.

type Rule 

type Rule struct {
	// RuleID is a unique identifier for this rule
	RuleID string

	// Description is the description of the rule.
	Description string

	// Entropy is a float representing the minimum shannon
	// entropy a regex group must have to be considered a secret.
	Entropy float64

	// SecretGroup is an int used to extract secret from regex
	// match and used as the group that will have its entropy
	// checked if `entropy` is set.
	SecretGroup int

	// Regex is a golang regular expression used to detect secrets.
	Regex *regexp.Regexp

	// Path is a golang regular expression used to
	// filter secrets by path
	Path *regexp.Regexp

	// Tags is an array of strings used for metadata
	// and reporting purposes.
	Tags []string

	// Keywords are used for pre-regex check filtering. Rules that contain
	// keywords will perform a quick string compare check to make sure the
	// keyword(s) are in the content being scanned.
	Keywords []string

	// Allowlists allows a rule to be ignored for specific commits, paths, regexes, and/or stopwords.
	Allowlists []Allowlist
}

Rules contain information that define details on how to detect secrets

func (Rule) Validate added in v8.19.0 

func (r Rule) Validate() error

Validate guards against common misconfigurations.

type ViperConfig 

type ViperConfig struct {
	Description string
	Extend      Extend
	Rules       []struct {
		ID          string
		Description string
		Regex       string
		SecretGroup int
		Entropy     float64
		Keywords    []string
		Path        string
		Tags        []string

		// Deprecated: this is a shim for backwards-compatibility. It should be removed in 9.x.
		AllowList  *viperRuleAllowlist
		Allowlists []viperRuleAllowlist
	}
	Allowlist struct {
		Commits     []string
		Paths       []string
		RegexTarget string
		Regexes     []string
		StopWords   []string
	}
}

ViperConfig is the config struct used by the Viper config package to parse the config file. This struct does not include regular expressions. It is used as an intermediary to convert the Viper config to the Config struct.

func (*ViperConfig) Translate 

func (vc *ViperConfig) Translate() (Config, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.