feat(config): ignore jquery static assets (#1595)

cmd/generate/config/base/config.go

@@ -71,7 +71,7 @@ func CreateGlobalConfig() config.Config {
 				regexp.MustCompile(`(^|/)mvnw(\.cmd)?$`),
 				regexp.MustCompile(`(^|/)\.mvn/wrapper/MavenWrapperDownloader\.java$`),
 
-				// ----------- Node.js files -----------
+				// ----------- JavaScript files -----------
 				// Dependencies and lock files.
 				regexp.MustCompile(`(^|/)node_modules/.*?$`),
 				regexp.MustCompile(`(^|/)package-lock\.json$`),
@@ -79,6 +79,8 @@ func CreateGlobalConfig() config.Config {
 				regexp.MustCompile(`(^|/)pnpm-lock\.yaml$`),
 				regexp.MustCompile(`(^|/)npm-shrinkwrap\.json$`),
 				regexp.MustCompile(`(^|/)bower_components/.*?$`),
+				// TODO: Add more common static assets, such as swagger-ui.
+				regexp.MustCompile(`(^|/)jquery(-ui)?-[a-zA-Z0-9.-]+\.js$`),
 
 				// ----------- Python files -----------
 				// Dependencies and lock files.

cmd/generate/config/base/config_test.go

@@ -83,3 +83,35 @@ func TestConfigAllowlistRegexes(t *testing.T) {
 		})
 	}
 }
+
+func TestConfigAllowlistPaths(t *testing.T) {
+	tests := map[string]struct {
+		invalid []string
+		valid   []string
+	}{
+		"javascript - jquery.js": {
+			invalid: []string{
+				`src/main/resources/static/jquery-ui-1.12.1/jquery-ui-min.js`,
+				`src/main/resources/static/js/jquery-ui-1.10.4.min.js`,
+			},
+		},
+	}
+
+	cfg := CreateGlobalConfig()
+	allowlist := cfg.Allowlist
+	for name, cases := range tests {
+		t.Run(name, func(t *testing.T) {
+			for _, c := range cases.invalid {
+				if !allowlist.PathAllowed(c) {
+					t.Errorf("invalid path not marked as allowed: %s", c)
+				}
+			}
+
+			for _, c := range cases.valid {
+				if allowlist.PathAllowed(c) {
+					t.Errorf("valid path marked as allowed: %s", c)
+				}
+			}
+		})
+	}
+}

config/gitleaks.toml

@@ -43,6 +43,7 @@ paths = [
     '''(^|/)pnpm-lock\.yaml$''',
     '''(^|/)npm-shrinkwrap\.json$''',
     '''(^|/)bower_components/.*?$''',
+    '''(^|/)jquery(-ui)?-[a-zA-Z0-9.-]+\.js$''',
     '''(^|/)Pipfile\.lock$''',
     '''(^|/)poetry\.lock$''',
     '''(?i)/?(v?env|virtualenv)/lib/.+$''',