sonarcloud[bot]
commented
1 year ago Kudos, SonarCloud Quality Gate passed! 
0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells
No Coverage information
No Duplication information
This PR contains the following updates:
v8.15.4->v8.16.0Release Notes
zricethezav/gitleaks
### [`v8.16.0`](https://togithub.com/zricethezav/gitleaks/releases/tag/v8.16.0) [Compare Source](https://togithub.com/zricethezav/gitleaks/compare/v8.15.4...v8.16.0) #### Changelog - [`4b5e8e1`](https://togithub.com/zricethezav/gitleaks/commit/4b5e8e1) Feat/allowlist regex target ([#1107](https://togithub.com/zricethezav/gitleaks/issues/1107)) ##### Allowlist Regex Targets Let's use the generic rule to demonstrate the new `regexTarget` allowlist option ```toml [[rules]] description = "Generic API Key" id = "generic-api-key" regex = '''(?i)(?:key|api|token|secret|client|passwd|password|auth|access)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9a-z\-_.=]{10,150})(?:['|\"|\n|\r|\s|\x60|;]|$)''' secretGroup = 1 entropy = 3.5 keywords = [ "key","api","token","secret","client","passwd","password","auth","access", ] ``` `example.txt` will be our target and contain a single line with a fake secret: ```txt var discord_client_secret = '8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ' ``` Running gitleaks on this file using the generic rule will return one finding: gitleaks detect --source=example.txt --no-git -v --config=example.toml ○ │╲ │ ○ ○ ░ ░ gitleaks Finding: discord_client_secret = '8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ' Secret: 8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ RuleID: generic-api-key Entropy: 4.413910 File: example.txt Line: 1 Fingerprint: example.txt:generic-api-key:1 We can add a allowlist `regexes` entry to include part of the *secret*. This will cause gitleaks to ignore the finding above. Note that *by default* gitleaks uses the *Secret* to compare against allowlist regexes. Adding the following allowlist to the generic rule will cause gitleaks to ignore the finding: ```toml [rules.allowlist] regexes = ["vV"] ``` But now say you don't want to use `Secret` to compare against your allowlist regexes. Well, now you can use `regexTarget` and set the value as either `line` or `match` to compare against the line or regex match: ```toml [rules.allowlist] regexTarget = "match" regexes = ["discord"] ``` and ```toml [rules.allowlist] regexTarget = "line" regexes = ["var"] ``` will both result in the finding being ignored because `discord` is found in the generic rule regex *match* and `var` is in the *line* where the finding was found. In addition to rule allowlists, you can set `regexTarget` in the global allowlist: ```toml [allowlist] regexTarget = "line" regexes = ["var"] ``` Thanks [@bplaxco](https://togithub.com/bplaxco) for the reviewConfiguration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.