6 лет назад · 6e1c41b536
--- a/README.md
+++ b/README.md
@@ -45,16 +45,20 @@ go get -u github.com/zricethezav/gitleaks
 
				 gitleaks has a wide range of configuration options that can be adjusted at runtime or via a configuration file based on your specific requirements.
			
 
				 
			
 
				 ```
			
 
				+Usage:
			
 
				+  gitleaks [OPTIONS]
			
 
				+
			
 
				 Application Options:
			
 
				   -v, --verbose       Show verbose output from audit
			
 
				   -r, --repo=         Target repository
			
 
				       --config=       config path
			
 
				       --disk          Clones repo(s) to disk
			
 
				+      --version       version number
			
 
				       --timeout=      Timeout (s)
			
 
				       --username=     Username for git repo
			
 
				       --password=     Password for git repo
			
 
				       --access-token= Access token for git repo
			
 
				-      --Commit=       sha of Commit to audit
			
 
				+      --commit=       sha of commit to audit
			
 
				       --threads=      Maximum number of threads gitleaks spawns
			
 
				       --ssh-key=      path to ssh key used for auth
			
 
				       --uncommitted   run gitleaks on uncommitted code
			
@@ -63,8 +67,9 @@ Application Options:
 
				       --branch=       Branch to audit
			
 
				       --report=       path to write json leaks file
			
 
				       --redact        redact secrets from log messages and leaks
			
 
				-      --version       version number
			
 
				       --debug         log debug messages
			
 
				+      --repo-config   Load config from target repo. Config file must be ".gitleaks.toml" or "gitleaks.toml"
			
 
				+      --pretty        Pretty print json if leaks are present
			
 
				       --host=         git hosting service like gitlab or github. Supported hosts include: Github, Gitlab
			
 
				       --org=          organization to audit
			
 
				       --user=         user to audit
			
@@ -72,7 +77,6 @@ Application Options:
 
				 
			
 
				 Help Options:
			
 
				   -h, --help          Show this help message
			
 
				-
			
 
				 ```
			
 
				 
			
 
				 ### Docker usage examples
			
--- a/config/default.go
+++ b/config/default.go
@@ -6,6 +6,11 @@ package config
 
				 const DefaultConfig = `
			
 
				 title = "gitleaks config"
			
 
				 
			
 
				+[[rules]]
			
 
				+	description = "AWS Manager ID"
			
 
				+	regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
			
 
				+	tags = ["key", "AWS"]
			
 
				+
			
 
				 [[rules]]
			
 
				 	description = "AWS Secret Key"
			
 
				 	regex = '''(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]'''
			
@@ -62,14 +67,10 @@ title = "gitleaks config"
 
				 	tags = ["key", "EC"]
			
 
				 
			
 
				 [[rules]]
			
 
				-	description = "Generic API key"
			
 
				-	regex = '''(?i)(api_key|apikey)(.{0,20})?['|"][0-9a-zA-Z]{32,45}['|"]'''
			
 
				+	description = "Generic Credential"
			
 
				+	regex = '''(?i)(api_key|apikey|secret)(.{0,20})?['|"][0-9a-zA-Z]{16,45}['|"]'''
			
 
				 	tags = ["key", "API", "generic"]
			
 
				 
			
 
				-[[rules]]
			
 
				-	description = "Generic Secret"
			
 
				-	regex = '''(?i)secret(.{0,20})?['|"][0-9a-zA-Z]{32,45}['|"]'''
			
 
				-	tags = ["key", "Secret", "generic"]
			
 
				 
			
 
				 [[rules]]
			
 
				 	description = "Google API key"
			
@@ -127,11 +128,6 @@ title = "gitleaks config"
 
				 	regex = '''(?i)twilio(.{0,20})?['\"][0-9a-f]{32}['\"]'''
			
 
				 	tags = ["key", "twilio"]
			
 
				 
			
 
				-[[rules]]
			
 
				-	description = "AWS Manager ID"
			
 
				-	regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
			
 
				-	tags = ["key", "AWS"]
			
 
				-
			
 
				 [whitelist]
			
 
				 	description = "image whitelists"
			
 
				 	file = '''(.*?)(jpg|gif|doc|pdf|bin)$'''
			
--- a/examples/regex_and_entropy_config.toml
+++ b/examples/regex_and_entropy_config.toml
@@ -13,5 +13,3 @@
 
				         "5.5-6.3",
			
 
				     ]
			
 
				 	tags = ["entropy"]
			
 
				-
			
 
				-
			
--- a/examples/regex_and_file.toml
+++ b/examples/regex_and_file.toml
@@ -0,0 +1,10 @@
 
				+# This is a simple gitleaks config that contains one rule which checks for AWS keys and a file check that will trigger
			
 
				+# a leak if a .pem file is found
			
 
				+
			
 
				+[[rules]]
			
 
				+    description = "AWS Manager ID"
			
 
				+    regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
			
 
				+    tags = ["key", "AWS"]
			
 
				+
			
 
				+[Global]
			
 
				+    file = '''(.*)?pem$'''
			
--- a/examples/simple_regex_and_whitelist_config.toml
+++ b/examples/simple_regex_and_whitelist_config.toml
@@ -1,5 +1,13 @@
 
				+# This config contains a single rule that checks for AWS keys. However, it also contains a whitelist table
			
 
				+# where you can define one or more whitelists. What this means is that if you have an example AWS key as part of your
			
 
				+# code (in a test for example), then you can whitelist that specific key so gitleaks will not label it as a leak.
			
 
				+# If this line was present in a git history: `aws_access_key_id='AKIAIO5FODNN7EXAMPLE``, gitleaks would match this line
			
 
				+# with the rule below, but since we have a whitelist against that specific key, it would be ignored.
			
 
				 
			
 
				 [[rules]]
			
 
				     description = "AWS Manager ID"
			
 
				     regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
			
 
				     tags = ["key", "AWS"]
			
 
				+        [[rules.whitelist]]
			
 
				+            regex = '''AKIAIO5FODNN7EXAMPLE.*'''
			
 
				+            description = "ignore example aws key"
			
--- a/main.go
+++ b/main.go
@@ -13,11 +13,6 @@ import (
 
				 	"time"
			
 
				 )
			
 
				 
			
 
				-// TODO documentation for
			
 
				-// 1. ./gitleaks --repo=https://github.com/gitleakstest/gronit -v | jq -R 'fromjson?'
			
 
				-// 2. Dockerfile
			
 
				-// 3. prepare release
			
 
				-
			
 
				 func main() {
			
 
				 	opts, err := options.ParseOptions()
			
 
				 	if err != nil {