Allow tag (#809)

* gitleaks:allow signature

* readd all tests

* fixing tests

detect/detect.go

@@ -29,6 +29,8 @@ const (
 	DetectType GitScanType = iota
 	ProtectType
 	ProtectStagedType
+
+	gitleaksAllowSignature = "gitleaks:allow"
 )
 
 // Detector is the main detector struct
@@ -170,6 +172,11 @@ func (d *Detector) detectRule(fragment Fragment, rule *config.Rule) []report.Fin
 			Tags:        rule.Tags,
 		}
 
+		if strings.Contains(fragment.Raw[loc.startLineIndex:loc.endLineIndex],
+			gitleaksAllowSignature) {
+			continue
+		}
+
 		// extract secret from secret group if set
 		if rule.SecretGroup != 0 {
 			groups := rule.Regex.FindStringSubmatch(secret)

detect/detect_test.go

@@ -23,6 +23,53 @@ func TestDetect(t *testing.T) {
 		expectedFindings []report.Finding
 		wantError        error
 	}{
+		{
+			cfgName: "simple",
+			fragment: Fragment{
+				Raw:      `awsToken := \"AKIALALEMEL33243OKIA\ // gitleaks:allow"`,
+				FilePath: "tmp.go",
+			},
+			expectedFindings: []report.Finding{},
+		},
+		{
+			cfgName: "simple",
+			fragment: Fragment{
+				Raw: `awsToken := \
+
+                \"AKIALALEMEL33243OKIA\ // gitleaks:allow"
+
+
+                `,
+				FilePath: "tmp.go",
+			},
+			expectedFindings: []report.Finding{},
+		},
+		{
+			cfgName: "simple",
+			fragment: Fragment{
+				Raw: `awsToken := \"AKIALALEMEL33243OKIA\"
+
+		                // gitleaks:allow"
+
+		                `,
+				FilePath: "tmp.go",
+			},
+			expectedFindings: []report.Finding{
+				{
+					Description: "AWS Access Key",
+					Secret:      "AKIALALEMEL33243OKIA",
+					Match:       "AKIALALEMEL33243OKIA",
+					File:        "tmp.go",
+					RuleID:      "aws-access-key",
+					Tags:        []string{"key", "AWS"},
+					StartLine:   0,
+					EndLine:     0,
+					StartColumn: 15,
+					EndColumn:   34,
+					Entropy:     3.1464393,
+				},
+			},
+		},
 		{
 			cfgName: "escaped_character_group",
 			fragment: Fragment{
@@ -37,8 +84,8 @@ func TestDetect(t *testing.T) {
 					File:        "tmp.go",
 					RuleID:      "pypi-upload-token",
 					Tags:        []string{"key", "pypi"},
-					StartLine:   1,
-					EndLine:     1,
+					StartLine:   0,
+					EndLine:     0,
 					StartColumn: 1,
 					EndColumn:   86,
 					Entropy:     1.9606875,
@@ -59,8 +106,8 @@ func TestDetect(t *testing.T) {
 					File:        "tmp.go",
 					RuleID:      "aws-access-key",
 					Tags:        []string{"key", "AWS"},
-					StartLine:   1,
-					EndLine:     1,
+					StartLine:   0,
+					EndLine:     0,
 					StartColumn: 15,
 					EndColumn:   34,
 					Entropy:     3.0841837,
@@ -107,8 +154,8 @@ func TestDetect(t *testing.T) {
 					RuleID:      "discord-api-key",
 					Tags:        []string{},
 					Entropy:     3.7906237,
-					StartLine:   1,
-					EndLine:     1,
+					StartLine:   0,
+					EndLine:     0,
 					StartColumn: 7,
 					EndColumn:   93,
 				},
@@ -137,8 +184,8 @@ func TestDetect(t *testing.T) {
 					RuleID:      "generic-api-key",
 					Tags:        []string{},
 					Entropy:     3.7906237,
-					StartLine:   1,
-					EndLine:     1,
+					StartLine:   0,
+					EndLine:     0,
 					StartColumn: 22,
 					EndColumn:   93,
 				},

detect/location.go

@@ -46,8 +46,22 @@ func location(fragment Fragment, matchIndex []int) Location {
 		// a newline
 		location.startColumn = (start - prevNewLine) + 1 // +1 because counting starts at 1
 		location.endColumn = (end - prevNewLine)
-		location.startLine = _lineNum + 1
-		location.endLine = _lineNum + 1
+		location.startLine = _lineNum
+		location.endLine = _lineNum
+		location.startLineIndex = start
+
+		// search for new line byte index
+		i := 0
+		for end+i < len(fragment.Raw) {
+			if fragment.Raw[end+i] == '\n' {
+				break
+			}
+			if fragment.Raw[end+i] == '\r' {
+				break
+			}
+			i++
+		}
+		location.endLineIndex = end + i
 	}
 	return location
 }