|
|
@@ -292,6 +292,17 @@ func (d *Detector) detectRule(fragment Fragment, rule config.Rule) []report.Find
|
|
|
continue
|
|
|
}
|
|
|
|
|
|
+ // extract secret from secret group if set
|
|
|
+ if rule.SecretGroup != 0 {
|
|
|
+ groups := rule.Regex.FindStringSubmatch(secret)
|
|
|
+ if len(groups) <= rule.SecretGroup || len(groups) == 0 {
|
|
|
+ // Config validation should prevent this
|
|
|
+ continue
|
|
|
+ }
|
|
|
+ secret = groups[rule.SecretGroup]
|
|
|
+ finding.Secret = secret
|
|
|
+ }
|
|
|
+
|
|
|
// check if the regexTarget is defined in the allowlist "regexes" entry
|
|
|
allowlistTarget := finding.Secret
|
|
|
switch rule.Allowlist.RegexTarget {
|
|
|
@@ -313,17 +324,6 @@ func (d *Detector) detectRule(fragment Fragment, rule config.Rule) []report.Find
|
|
|
continue
|
|
|
}
|
|
|
|
|
|
- // extract secret from secret group if set
|
|
|
- if rule.SecretGroup != 0 {
|
|
|
- groups := rule.Regex.FindStringSubmatch(secret)
|
|
|
- if len(groups) <= rule.SecretGroup || len(groups) == 0 {
|
|
|
- // Config validation should prevent this
|
|
|
- continue
|
|
|
- }
|
|
|
- secret = groups[rule.SecretGroup]
|
|
|
- finding.Secret = secret
|
|
|
- }
|
|
|
-
|
|
|
// check if the secret is in the list of stopwords
|
|
|
if rule.Allowlist.ContainsStopWord(finding.Secret) ||
|
|
|
d.Config.Allowlist.ContainsStopWord(finding.Secret) {
|
Richard Gomez