adding logic to ignore gitleaks config during scans (#710)

cmd/detect.go

@@ -2,6 +2,7 @@ package cmd
 
 import (
 	"os"
+	"path/filepath"
 	"time"
 
 	"github.com/rs/zerolog/log"
@@ -40,12 +41,16 @@ func runDetect(cmd *cobra.Command, args []string) {
 		log.Fatal().Err(err).Msg("Failed to load config")
 	}
 
+	cfg.Path, _ = cmd.Flags().GetString("config")
 	source, _ := cmd.Flags().GetString("source")
 	logOpts, _ := cmd.Flags().GetString("log-opts")
 	verbose, _ := cmd.Flags().GetBool("verbose")
 	redact, _ := cmd.Flags().GetBool("redact")
 	noGit, _ := cmd.Flags().GetBool("no-git")
 	exitCode, _ := cmd.Flags().GetInt("exit-code")
+	if cfg.Path == "" {
+		cfg.Path = filepath.Join(source, ".gitleaks.toml")
+	}
 	start := time.Now()
 
 	if noGit {

cmd/protect.go

@@ -2,6 +2,7 @@ package cmd
 
 import (
 	"os"
+	"path/filepath"
 	"time"
 
 	"github.com/rs/zerolog/log"
@@ -35,11 +36,15 @@ func runProtect(cmd *cobra.Command, args []string) {
 		log.Fatal().Err(err).Msg("Failed to load config")
 	}
 
+	cfg.Path, _ = cmd.Flags().GetString("config")
 	source, _ := cmd.Flags().GetString("source")
 	verbose, _ := cmd.Flags().GetBool("verbose")
 	redact, _ := cmd.Flags().GetBool("redact")
 	exitCode, _ := cmd.Flags().GetInt("exit-code")
 	staged, _ := cmd.Flags().GetBool("staged")
+	if cfg.Path == "" {
+		cfg.Path = filepath.Join(source, ".gitleaks.toml")
+	}
 	start := time.Now()
 
 	files, err := git.GitDiff(source, staged)

config/config.go

@@ -38,6 +38,7 @@ type ViperConfig struct {
 
 // Config is a configuration struct that contains rules and an allowlist if present.
 type Config struct {
+	Path        string
 	Description string
 	Rules       []*Rule
 	Allowlist   Allowlist

config/gitleaks.toml

@@ -445,4 +445,4 @@ regex = '''(?i)(typeform[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}(tfp_[a
 [allowlist]
 description = "global allow lists"
 regexes = ['''219-09-9999''', '''078-05-1120''', '''(9[0-9]{2}|666)-\d{2}-\d{4}''']
-files = ['''(.*?)(jpg|gif|doc|pdf|bin|svg|socket)$''']
+paths = ['''(.*?)(jpg|gif|doc|pdf|bin|svg|socket)$''']

detect/detect.go

@@ -19,8 +19,8 @@ func DetectFindings(cfg config.Config, b []byte, filePath string, commit string)
 	var findings []report.Finding
 	linePairs := regexp.MustCompile("\n").FindAllIndex(b, -1)
 
-	// check if we should skip file based on the global allowlist
-	if cfg.Allowlist.PathAllowed(filePath) {
+	// check if we should skip file based on the global allowlist or if the file is the same as the gitleaks config
+	if cfg.Allowlist.PathAllowed(filePath) || filePath == cfg.Path {
 		return findings
 	}
 

detect/detect_test.go

@@ -2,6 +2,7 @@ package detect
 
 import (
 	"fmt"
+	"path/filepath"
 	"testing"
 
 	"github.com/spf13/viper"
@@ -111,6 +112,12 @@ func TestDetectFindings(t *testing.T) {
 			expectedFindings: []report.Finding{},
 			wantError:        fmt.Errorf("Discord API key invalid regex entropy group 5, max regex entropy group 3"),
 		},
+		{
+			cfgName:          "simple",
+			bytes:            []byte(`awsToken := \"AKIALALEMEL33243OLIA\"`),
+			filePath:         filepath.Join(configPath, "simple.toml"),
+			expectedFindings: []report.Finding{},
+		},
 	}
 
 	for _, tt := range tests {
@@ -126,6 +133,7 @@ func TestDetectFindings(t *testing.T) {
 		var vc config.ViperConfig
 		viper.Unmarshal(&vc)
 		cfg, err := vc.Translate()
+		cfg.Path = filepath.Join(configPath, tt.cfgName+".toml")
 		if tt.wantError != nil {
 			if err == nil {
 				t.Errorf("expected error")