feat: update global allowlist (#1597)

cmd/generate/config/base/config.go

@@ -84,18 +84,10 @@ func CreateGlobalConfig() config.Config {
 
 				// ----------- Python files -----------
 				// Dependencies and lock files.
-				regexp.MustCompile(`(^|/)Pipfile\.lock$`),
-				regexp.MustCompile(`(^|/)poetry\.lock$`),
+				regexp.MustCompile(`(^|/)(Pipfile|poetry)\.lock$`),
 				// Virtual environments
-				// env/lib/python3.7/site-packages/urllib3/util/url.py
-				regexp.MustCompile(`(?i)/?(v?env|virtualenv)/lib/.+$`),
-				// /python/3.7.4/Lib/site-packages/dask/bytes/tests/test_bytes_utils.py
-				// python/3.7.4/Lib/site-packages/fsspec/utils.py
-				// python/2.7.16.32/Lib/bsddb/test/test_dbenv.py
-				regexp.MustCompile(`(?i)/?python/[23](\.\d{1,2})+/lib/.+$`),
-				// python/lib/python3.8/site-packages/boto3/data/ec2/2016-04-01/resources-1.json
-				// python/lib/python3.8/site-packages/botocore/data/alexaforbusiness/2017-11-09/service-2.json
-				regexp.MustCompile(`(?i)/?python/lib/python[23](\.\d{1,2})+/.+$`),
+				regexp.MustCompile(`(?i)/?(v?env|virtualenv)/lib(64)?/.+$`),
+				regexp.MustCompile(`(?i)(^|/)(lib(64)?/python[23](\.\d{1,2})+/|python/[23](\.\d{1,2})+/lib(64)?/).+$`),
 				// dist-info directory (https://py-pkgs.org/04-package-structure.html#building-sdists-and-wheels)
 				regexp.MustCompile(`(?i)(^|/)[a-z0-9_.]+-[0-9.]+\.dist-info/.+$`),
 

cmd/generate/config/base/config_test.go

@@ -95,6 +95,28 @@ func TestConfigAllowlistPaths(t *testing.T) {
 				`src/main/resources/static/js/jquery-ui-1.10.4.min.js`,
 			},
 		},
+		"python": {
+			invalid: []string{
+				// lock files
+				`Pipfile.lock`, `poetry.lock`,
+				// virtual environments
+				"env/lib/python3.7/site-packages/urllib3/util/url.py",
+				"venv/Lib/site-packages/regex-2018.08.29.dist-info/DESCRIPTION.rst",
+				"venv/lib64/python3.5/site-packages/pynvml.py",
+				"python/python3/virtualenv/Lib/site-packages/pyphonetics/utils.py",
+				"virtualenv/lib64/python3.7/base64.py",
+				// packages
+				"cde-root/usr/lib64/python2.4/site-packages/Numeric.pth",
+				"lib/python3.9/site-packages/setuptools/_distutils/msvccompiler.py",
+				"lib/python3.8/site-packages/botocore/data/alexaforbusiness/2017-11-09/service-2.json",
+				"code/python/3.7.4/Lib/site-packages/dask/bytes/tests/test_bytes_utils.py",
+				"python/3.7.4/Lib/site-packages/fsspec/utils.py",
+				"python/2.7.16.32/Lib/bsddb/test/test_dbenv.py",
+				"python/lib/python3.8/site-packages/boto3/data/ec2/2016-04-01/resources-1.json",
+				// distinfo
+				"libs/PyX-0.15.dist-info/AUTHORS",
+			},
+		},
 	}
 
 	cfg := CreateGlobalConfig()

config/gitleaks.toml

@@ -44,11 +44,9 @@ paths = [
     '''(^|/)npm-shrinkwrap\.json$''',
     '''(^|/)bower_components/.*?$''',
     '''(^|/)jquery(-ui)?-[a-zA-Z0-9.-]+\.js$''',
-    '''(^|/)Pipfile\.lock$''',
-    '''(^|/)poetry\.lock$''',
-    '''(?i)/?(v?env|virtualenv)/lib/.+$''',
-    '''(?i)/?python/[23](\.\d{1,2})+/lib/.+$''',
-    '''(?i)/?python/lib/python[23](\.\d{1,2})+/.+$''',
+    '''(^|/)(Pipfile|poetry)\.lock$''',
+    '''(?i)/?(v?env|virtualenv)/lib(64)?/.+$''',
+    '''(?i)(^|/)(lib(64)?/python[23](\.\d{1,2})+/|python/[23](\.\d{1,2})+/lib(64)?/).+$''',
     '''(?i)(^|/)[a-z0-9_.]+-[0-9.]+\.dist-info/.+$''',
     '''(^|/)vendor/(bundle|ruby)/.*?$''',
     '''\.gem$''',