config

package
v8.8.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 28, 2022 License: MIT Imports: 4 Imported by: 25

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var DefaultConfig string

Functions

This section is empty.

Types

type Allowlist 

type Allowlist struct {
	// Short human readable description of the allowlist.
	Description string

	// Regexes is slice of content regular expressions that are allowed to be ignored.
	Regexes []*regexp.Regexp

	// Paths is a slice of path regular expressions that are allowed to be ignored.
	Paths []*regexp.Regexp

	// Commits is a slice of commit SHAs that are allowed to be ignored.
	Commits []string

	// StopWords is a slice of stop words that are allowed to be ignored.
	// This targets the _secret_, not the content of the regex match like the
	// Regexes slice.
	StopWords []string
}

Allowlist allows a rule to be ignored for specific regexes, paths, and/or commits

func (*Allowlist) CommitAllowed 

func (a *Allowlist) CommitAllowed(c string) bool

CommitAllowed returns true if the commit is allowed to be ignored.

func (*Allowlist) ContainsStopWord added in v8.8.0 

func (a *Allowlist) ContainsStopWord(s string) bool

func (*Allowlist) PathAllowed 

func (a *Allowlist) PathAllowed(path string) bool

PathAllowed returns true if the path is allowed to be ignored.

func (*Allowlist) RegexAllowed 

func (a *Allowlist) RegexAllowed(s string) bool

RegexAllowed returns true if the regex is allowed to be ignored.

type Config 

type Config struct {
	Path        string
	Description string
	Rules       []*Rule
	Allowlist   Allowlist
	Keywords    []string
}

Config is a configuration struct that contains rules and an allowlist if present.

type Rule 

type Rule struct {
	// Description is the description of the rule.
	Description string

	// RuleID is a unique identifier for this rule
	RuleID string

	// Entropy is a float representing the minimum shannon
	// entropy a regex group must have to be considered a secret.
	Entropy float64

	// SecretGroup is an int used to extract secret from regex
	// match and used as the group that will have its entropy
	// checked if `entropy` is set.
	SecretGroup int

	// Regex is a golang regular expression used to detect secrets.
	Regex *regexp.Regexp

	// Path is a golang regular expression used to
	// filter secrets by path
	Path *regexp.Regexp

	// Tags is an array of strings used for metadata
	// and reporting purposes.
	Tags []string

	// Keywords are used for pre-regex check filtering. Rules that contain
	// keywords will perform a quick string compare check to make sure the
	// keyword(s) are in the content being scanned.
	Keywords []string

	// Allowlist allows a rule to be ignored for specific
	// regexes, paths, and/or commits
	Allowlist Allowlist
}

Rules contain information that define details on how to detect secrets

type ViperConfig 

type ViperConfig struct {
	Description string
	Rules       []struct {
		ID          string
		Description string
		Entropy     float64
		SecretGroup int
		Regex       string
		Keywords    []string
		Path        string
		Tags        []string

		Allowlist struct {
			Regexes   []string
			Paths     []string
			Commits   []string
			StopWords []string
		}
	}
	Allowlist struct {
		Regexes   []string
		Paths     []string
		Commits   []string
		StopWords []string
	}
}

ViperConfig is the config struct used by the Viper config package to parse the config file. This struct does not include regular expressions. It is used as an intermediary to convert the Viper config to the Config struct.

func (*ViperConfig) Translate 

func (vc *ViperConfig) Translate() (Config, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.