7 лет назад · 55218fc8f8
--- a/gitleaks_test.go
+++ b/gitleaks_test.go
@@ -56,6 +56,17 @@ regexes= [
 
				 ]
			
 
				 `
			
 
				 
			
 
				+const testWhitelistRepo = `
			
 
				+[[regexes]]
			
 
				+description = "AWS"
			
 
				+regex = '''AKIA[0-9A-Z]{16}'''
			
 
				+
			
 
				+[whitelist]
			
 
				+repos = [
			
 
				+  "gronit",
			
 
				+]
			
 
				+`
			
 
				+
			
 
				 var benchmarkRepo *RepoDescriptor
			
 
				 var benchmarkLeaksRepo *RepoDescriptor
			
 
				 
			
@@ -166,9 +177,8 @@ func TestGetRepo(t *testing.T) {
 
				 	}
			
 
				 }
			
 
				 func TestRun(t *testing.T) {
			
 
				-	err := loadToml()
			
 
				+	var err error
			
 
				 	configsDir := testTomlLoader()
			
 
				-	defer os.RemoveAll(configsDir)
			
 
				 
			
 
				 	dir, err = ioutil.TempDir("", "gitleaksTestOwner")
			
 
				 	defer os.RemoveAll(dir)
			
@@ -185,7 +195,9 @@ func TestRun(t *testing.T) {
 
				 		testOpts       Options
			
 
				 		description    string
			
 
				 		expectedErrMsg string
			
 
				+		whiteListRepos []string
			
 
				 		numLeaks       int
			
 
				+		configPath     string
			
 
				 	}{
			
 
				 		{
			
 
				 			testOpts: Options{
			
@@ -263,11 +275,23 @@ func TestRun(t *testing.T) {
 
				 			numLeaks:       0,
			
 
				 			expectedErrMsg: "reference not found",
			
 
				 		},
			
 
				+		{
			
 
				+			testOpts: Options{
			
 
				+				GithubOrg: "gitleakstestorg",
			
 
				+			},
			
 
				+			description:    "test github org",
			
 
				+			numLeaks:       0,
			
 
				+			expectedErrMsg: "",
			
 
				+			configPath:     path.Join(configsDir, "repo"),
			
 
				+		},
			
 
				 	}
			
 
				 	g := goblin.Goblin(t)
			
 
				 	for _, test := range tests {
			
 
				 		g.Describe("TestRun", func() {
			
 
				 			g.It(test.description, func() {
			
 
				+				if test.configPath != "" {
			
 
				+					os.Setenv("GITLEAKS_CONFIG", test.configPath)
			
 
				+				}
			
 
				 				opts = test.testOpts
			
 
				 				leaks, err := run()
			
 
				 				if err != nil {
			
@@ -344,6 +368,7 @@ func testTomlLoader() string {
 
				 	ioutil.WriteFile(path.Join(tmpDir, "branch"), []byte(testWhitelistBranch), 0644)
			
 
				 	ioutil.WriteFile(path.Join(tmpDir, "commit"), []byte(testWhitelistCommit), 0644)
			
 
				 	ioutil.WriteFile(path.Join(tmpDir, "file"), []byte(testWhitelistFile), 0644)
			
 
				+	ioutil.WriteFile(path.Join(tmpDir, "repo"), []byte(testWhitelistRepo), 0644)
			
 
				 	return tmpDir
			
 
				 }
			
 
				 
			
@@ -387,6 +412,7 @@ func TestAuditRepo(t *testing.T) {
 
				 		whiteListFiles    []*regexp.Regexp
			
 
				 		whiteListCommits  map[string]bool
			
 
				 		whiteListBranches []string
			
 
				+		whiteListRepos    []string
			
 
				 		whiteListRegexes  []*regexp.Regexp
			
 
				 		configPath        string
			
 
				 	}{
			
@@ -511,6 +537,20 @@ func TestAuditRepo(t *testing.T) {
 
				 			configPath:  path.Join(configsDir, "commit"),
			
 
				 			numLeaks:    2,
			
 
				 		},
			
 
				+		{
			
 
				+			repo:        leaksRepo,
			
 
				+			description: "audit whitelist repo",
			
 
				+			numLeaks:    0,
			
 
				+			whiteListRepos: []string{
			
 
				+				"gronit",
			
 
				+			},
			
 
				+		},
			
 
				+		{
			
 
				+			repo:        leaksRepo,
			
 
				+			description: "toml whitelist repo",
			
 
				+			numLeaks:    0,
			
 
				+			configPath:  path.Join(configsDir, "repo"),
			
 
				+		},
			
 
				 	}
			
 
				 
			
 
				 	whiteListCommits = make(map[string]bool)
			
@@ -540,6 +580,11 @@ func TestAuditRepo(t *testing.T) {
 
				 				} else {
			
 
				 					whiteListRegexes = nil
			
 
				 				}
			
 
				+				if test.whiteListRepos != nil {
			
 
				+					whiteListRepos = test.whiteListRepos
			
 
				+				} else {
			
 
				+					whiteListRepos = nil
			
 
				+				}
			
 
				 
			
 
				 				// config paths
			
 
				 				if test.configPath != "" {
			
--- a/main.go
+++ b/main.go
@@ -109,6 +109,7 @@ type Config struct {
 
				 		Regexes  []string
			
 
				 		Commits  []string
			
 
				 		Branches []string
			
 
				+		Repos    []string
			
 
				 	}
			
 
				 }
			
 
				 
			
@@ -167,6 +168,10 @@ regex = '''(?i)twitter.*['\"][0-9a-zA-Z]{35,44}['\"]'''
 
				 #branches = [
			
 
				 #	"dev/STUPDIFKNFEATURE"
			
 
				 #]
			
 
				+
			
 
				+#repos = [
			
 
				+#	"someYugeRepoWeKnowIsCLEAR"
			
 
				+#]
			
 
				 `
			
 
				 
			
 
				 var (
			
@@ -177,6 +182,7 @@ var (
 
				 	whiteListFiles    []*regexp.Regexp
			
 
				 	whiteListCommits  map[string]bool
			
 
				 	whiteListBranches []string
			
 
				+	whiteListRepos    []string
			
 
				 	fileDiffRegex     *regexp.Regexp
			
 
				 	sshAuth           *ssh.PublicKeys
			
 
				 	dir               string
			
@@ -354,6 +360,11 @@ func auditGitRepo(repo *RepoDescriptor) ([]Leak, error) {
 
				 		err   error
			
 
				 		leaks []Leak
			
 
				 	)
			
 
				+	for _, repoName := range whiteListRepos {
			
 
				+		if repoName == repo.name {
			
 
				+			return nil, fmt.Errorf("skipping %s, whitelisted", repoName)
			
 
				+		}
			
 
				+	}
			
 
				 	ref, err := repo.repository.Head()
			
 
				 	if err != nil {
			
 
				 		return leaks, err
			
@@ -694,6 +705,11 @@ func cloneGithubRepo(githubRepo *github.Repository) (*RepoDescriptor, error) {
 
				 		repo *git.Repository
			
 
				 		err  error
			
 
				 	)
			
 
				+	for _, repoName := range whiteListRepos {
			
 
				+		if repoName == *githubRepo.Name {
			
 
				+			return nil, fmt.Errorf("skipping %s, whitelisted", repoName)
			
 
				+		}
			
 
				+	}
			
 
				 	log.Infof("cloning: %s", *githubRepo.Name)
			
 
				 	if opts.Disk {
			
 
				 		ownerDir, err := ioutil.TempDir(dir, opts.GithubUser)
			
@@ -878,6 +894,7 @@ func loadToml() error {
 
				 		}
			
 
				 	}
			
 
				 	whiteListBranches = config.Whitelist.Branches
			
 
				+	whiteListRepos = config.Whitelist.Repos
			
 
				 	whiteListCommits = make(map[string]bool)
			
 
				 	for _, commit := range config.Whitelist.Commits {
			
 
				 		whiteListCommits[commit] = true