Ensure keywords are downcased (#1633)

* Ensure keywords are downcased

* Update tests

* Remove unnecessary code

* Add msg to test expectation

* Update the keywords as we iterate through them

* Remove unnecessary to lower

---------

Co-authored-by: Craig Smith <5344211-craigmsmith@users.noreply.gitlab.com>

config/config.go

@@ -93,8 +93,10 @@ func (vc *ViperConfig) Translate() (Config, error) {
 		if vr.Keywords == nil {
 			vr.Keywords = []string{}
 		} else {
-			for _, k := range vr.Keywords {
-				keywords[strings.ToLower(k)] = struct{}{}
+			for i, k := range vr.Keywords {
+				keyword := strings.ToLower(k)
+				keywords[keyword] = struct{}{}
+				vr.Keywords[i] = keyword
 			}
 		}
 
@@ -316,9 +318,6 @@ func (c *Config) extend(extensionConfig Config) {
 			for _, k := range baseRule.Keywords {
 				c.Keywords[k] = struct{}{}
 			}
-			for _, k := range currentRule.Keywords {
-				c.Keywords[k] = struct{}{}
-			}
 			c.Rules[ruleID] = baseRule
 		}
 	}

config/config_test.go

@@ -394,3 +394,45 @@ func TestTranslate(t *testing.T) {
 		})
 	}
 }
+
+func TestExtendedRuleKeywordsAreDowncase(t *testing.T) {
+	tests := []struct {
+		name             string
+		cfgName          string
+		expectedKeywords string
+	}{
+		{
+			name:             "Extend base rule that includes AWS keyword with new attribute",
+			cfgName:          "extend_base_rule_including_keysword_with_attribute",
+			expectedKeywords: "aws",
+		},
+		{
+			name:             "Extend base with a new rule with CMS keyword",
+			cfgName:          "extend_with_new_rule",
+			expectedKeywords: "cms",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Cleanup(func() {
+				viper.Reset()
+			})
+
+			viper.AddConfigPath(configPath)
+			viper.SetConfigName(tt.cfgName)
+			viper.SetConfigType("toml")
+			err := viper.ReadInConfig()
+			require.NoError(t, err)
+
+			var vc ViperConfig
+			err = viper.Unmarshal(&vc)
+			require.NoError(t, err)
+			cfg, err := vc.Translate()
+			require.NoError(t, err)
+
+			_, exists := cfg.Keywords[tt.expectedKeywords]
+			require.Truef(t, exists, "The expected keyword %s did not exist as a key of cfg.Keywords", tt.expectedKeywords)
+		})
+	}
+}

testdata/config/extend_base_rule_including_keysword_with_attribute.toml

@@ -0,0 +1,8 @@
+title = "gitleaks extended 3"
+
+[extend]
+path="../testdata/config/extend_rule_keywords_base.toml"
+
+[[rules]]
+    id = "aws-secret-key-again-again"
+    description = "A new description"

testdata/config/extend_rule_keywords_base.toml

@@ -0,0 +1,12 @@
+title = "gitleaks extended 3"
+
+## This should not be loaded since we can only extend configs to a depth of 3
+
+[[rules]]
+    id = "aws-secret-key-again-again"
+    description = "AWS Secret Key"
+    regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
+    tags = ["key", "AWS"]
+    keywords = ["AWS"]
+[[rules.allowlists]]
+    stopwords = ["fake"]

testdata/config/extend_with_new_rule.toml

@@ -0,0 +1,8 @@
+title = "gitleaks extended 3"
+
+[extend]
+path="../testdata/config/extend_rule_keywords_base.toml"
+
+[[rules]]
+    id = "aws-rule-that-is-not-in-base"
+    keywords = ["CMS"]