last updates?

.gitignore

@@ -9,4 +9,4 @@
 *.test
 *.out
 
-tmp
+examples

gitleaks.toml

@@ -66,11 +66,16 @@ files = [
 # [[rules]]
 # description = "Generic Key"
 # regex = '''(?i)key(.{0,6})?(:|=|=>|:=)'''
-# entropies = ["4.1-4.3"]
+# entropies = [
+#     "4.1-4.3",
+#     "5.5-6.3",
+# ]
 # entropyROI = "line"
+# filetypes = [".go", ".py", ".c"]
 # tags = ["key"]
 # severity = "8"
 #
+#
 # [[rules]]
 # description = "Generic Key"
 # regex = '''(?i)key(.{0,6})?(:|=|=>|:=)'''
@@ -79,9 +84,9 @@ files = [
 # entropyROI = "line"
 # tags = ["key"]
 # severity = "medium"
-#
+
 # [[rules]]
-# description = "Any go file"
-# filetypes = [".go"]
-# tags = ["go files"]
-# severity = "low"
+# description = "Any pem file"
+# filetypes = [".key"]
+# tags = ["pem"]
+# severity = "high"

src/constants_test.go

@@ -71,14 +71,14 @@ entropies = [
 ]
 `
 
-const testEntropyLineRegexRange = `
+const testEntropyWordRegexRange = `
 [[rules]]
 description = "test entropy regex ranges"
 regex = '''(?i)key(.{0,6})?(:|=|=>|:=)'''
 entropies = [
 	"4.1-4.3",
 ]
-entropyROI="line"
+entropyROI="word"
 `
 
 const testEntropyRegexRange = `
@@ -104,13 +104,12 @@ entropies = [
 	"4.1-4.3",
 ]
 filetypes = [".go"]
-entropyROI="line"
 `
 
 func testTomlLoader() string {
 	tmpDir, _ := ioutil.TempDir("", "whiteListConfigs")
 	ioutil.WriteFile(path.Join(tmpDir, "regex"), []byte(testWhitelistRegex), 0644)
-	ioutil.WriteFile(path.Join(tmpDir, "entropyLineRegex"), []byte(testEntropyLineRegexRange), 0644)
+	ioutil.WriteFile(path.Join(tmpDir, "entropyWordRegex"), []byte(testEntropyWordRegexRange), 0644)
 	ioutil.WriteFile(path.Join(tmpDir, "entropyRegex"), []byte(testEntropyRegexRange), 0644)
 	ioutil.WriteFile(path.Join(tmpDir, "commit"), []byte(testWhitelistCommit), 0644)
 	ioutil.WriteFile(path.Join(tmpDir, "file"), []byte(testWhitelistFile), 0644)
@@ -119,6 +118,6 @@ func testTomlLoader() string {
 	ioutil.WriteFile(path.Join(tmpDir, "badEntropy"), []byte(testBadEntropyRange), 0644)
 	ioutil.WriteFile(path.Join(tmpDir, "badEntropy2"), []byte(testBadEntropyRange2), 0644)
 	ioutil.WriteFile(path.Join(tmpDir, "mdFiles"), []byte(testMDFileType), 0644)
-	ioutil.WriteFile(path.Join(tmpDir, "entropyLineRegexGo"), []byte(testEntropyRegexRangeGoFilter), 0644)
+	ioutil.WriteFile(path.Join(tmpDir, "entropyRegexGo"), []byte(testEntropyRegexRangeGoFilter), 0644)
 	return tmpDir
 }

src/gitleaks_test.go

@@ -561,29 +561,22 @@ func TestAuditRepo(t *testing.T) {
 		{
 			repo:        leaksRepo,
 			description: "toml entropy range from opts",
-			numLeaks:    426,
+			numLeaks:    266,
 			testOpts: &Options{
 				ConfigPath: path.Join(configsDir, "entropy"),
 			},
 		},
 		{
 			repo:        leaksRepo,
-			description: "toml entropy range",
-			numLeaks:    426,
-			testOpts:    &Options{},
-			configPath:  path.Join(configsDir, "entropy"),
-		},
-		{
-			repo:        leaksRepo,
-			description: "toml entropy regex line range",
-			numLeaks:    2,
+			description: "toml entropy regex word range",
+			numLeaks:    0,
 			testOpts:    &Options{},
-			configPath:  path.Join(configsDir, "entropyLineRegex"),
+			configPath:  path.Join(configsDir, "entropyWordRegex"),
 		},
 		{
 			repo:        leaksRepo,
 			description: "toml entropy regex range",
-			numLeaks:    0,
+			numLeaks:    2,
 			testOpts:    &Options{},
 			configPath:  path.Join(configsDir, "entropyRegex"),
 		},
@@ -615,7 +608,7 @@ func TestAuditRepo(t *testing.T) {
 			description: "toml entropys line regex go",
 			numLeaks:    2,
 			testOpts:    &Options{},
-			configPath:  path.Join(configsDir, "entropyLineRegexGo"),
+			configPath:  path.Join(configsDir, "entropyRegexGo"),
 		},
 	}
 	g := goblin.Goblin(t)

src/options.go

@@ -60,13 +60,13 @@ func ParseOpts() *Options {
 	_, err := parser.Parse()
 
 	if err != nil {
-		if flagsErr, ok := err.(*flags.Error); ok && flagsErr.Type == flags.ErrHelp {
-			os.Exit(0)
+		if flagsErr, ok := err.(*flags.Error); ok && flagsErr.Type != flags.ErrHelp {
+			parser.WriteHelp(os.Stdout)
 		}
+		os.Exit(0)
 	}
 
 	if len(os.Args) == 1 {
-		// TODO: this will be a feature, check locally
 		parser.WriteHelp(os.Stdout)
 		os.Exit(0)
 	}

src/utils.go

@@ -103,16 +103,7 @@ func (rule *Rule) check(line string, commit *commitInfo) (*Leak, error) {
 	}
 
 	if rule.entropies != nil {
-		if rule.entropyROI == "line" {
-			_entropy := getShannonEntropy(line)
-			for _, e := range rule.entropies {
-				if _entropy > e.v1 && _entropy < e.v2 {
-					entropy = _entropy
-					entropyWord = line
-					goto postEntropy
-				}
-			}
-		} else {
+		if rule.entropyROI == "word" {
 			words := strings.Fields(line)
 			for _, word := range words {
 				_entropy := getShannonEntropy(word)
@@ -124,6 +115,15 @@ func (rule *Rule) check(line string, commit *commitInfo) (*Leak, error) {
 					}
 				}
 			}
+		} else {
+			_entropy := getShannonEntropy(line)
+			for _, e := range rule.entropies {
+				if _entropy > e.v1 && _entropy < e.v2 {
+					entropy = _entropy
+					entropyWord = line
+					goto postEntropy
+				}
+			}
 		}
 	}