add global regex check (#717)

detect/detect.go

@@ -72,7 +72,7 @@ func DetectFindings(cfg config.Config, b []byte, filePath string, commit string)
 				Tags:        r.Tags,
 			}
 
-			if r.Allowlist.RegexAllowed(f.Secret) {
+			if r.Allowlist.RegexAllowed(f.Secret) || cfg.Allowlist.RegexAllowed(f.Secret) {
 				continue
 			}
 

detect/detect_test.go

@@ -118,6 +118,12 @@ func TestDetectFindings(t *testing.T) {
 			filePath:         filepath.Join(configPath, "simple.toml"),
 			expectedFindings: []report.Finding{},
 		},
+		{
+			cfgName:          "allow_global_aws_re",
+			bytes:            []byte(`awsToken := \"AKIALALEMEL33243OLIA\"`),
+			filePath:         "tmp.go",
+			expectedFindings: []report.Finding{},
+		},
 	}
 
 	for _, tt := range tests {

testdata/config/allow_global_aws_re.toml

@@ -0,0 +1,8 @@
+[[rules]]
+    description = "AWS Access Key"
+    id = "aws-access-key"
+    regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
+    tags = ["key", "AWS"]
+
+[allowlist]
+    regexes = ['''AKIALALEMEL33243OLIA''']