Use allowlist (#411)

config/config.go

@@ -11,9 +11,9 @@ import (
 	"github.com/BurntSushi/toml"
 )
 
-// Whitelist is struct containing items that if encountered will whitelist
+// Allowlist is struct containing items that if encountered will allowlist
 // a commit/line of code that would be considered a leak.
-type Whitelist struct {
+type Allowlist struct {
 	Description string
 	Regex       *regexp.Regexp
 	File        *regexp.Regexp
@@ -30,7 +30,7 @@ type Entropy struct {
 // Rule is a struct that contains information that is loaded from a gitleaks config.
 // This struct is used in the Config struct as an array of Rules and is iterated
 // over during an scan. Each rule will be checked. If a regex match is found AND
-// that match is not whitelisted (globally or locally), then a leak will be appended
+// that match is not allowlisted (globally or locally), then a leak will be appended
 // to the final scan report.
 type Rule struct {
 	Description   string
@@ -38,15 +38,15 @@ type Rule struct {
 	FileNameRegex *regexp.Regexp
 	FilePathRegex *regexp.Regexp
 	Tags          []string
-	Whitelist     []Whitelist
+	Allowlist     []Allowlist
 	Entropies     []Entropy
 }
 
-// Config is a composite struct of Rules and Whitelists
-// Each Rule contains a description, regular expression, tags, and whitelists if available
+// Config is a composite struct of Rules and Allowlists
+// Each Rule contains a description, regular expression, tags, and allowlists if available
 type Config struct {
 	Rules     []Rule
-	Whitelist struct {
+	Allowlist struct {
 		Description string
 		Commits     []string
 		Files       []*regexp.Regexp
@@ -59,7 +59,7 @@ type Config struct {
 // see the config in config/defaults.go for an example. TomlLoader is used
 // to generate Config values (compiling regexes, etc).
 type TomlLoader struct {
-	Whitelist struct {
+	Allowlist struct {
 		Description string
 		Commits     []string
 		Files       []string
@@ -77,7 +77,7 @@ type TomlLoader struct {
 			Max   string
 			Group string
 		}
-		Whitelist []struct {
+		Allowlist []struct {
 			Description string
 			Regex       string
 			File        string
@@ -97,8 +97,8 @@ func NewConfig(options options.Options) (Config, error) {
 	var err error
 	if options.Config != "" {
 		_, err = toml.DecodeFile(options.Config, &tomlLoader)
-		// append a whitelist rule for whitelisting the config
-		tomlLoader.Whitelist.Files = append(tomlLoader.Whitelist.Files, path.Base(options.Config))
+		// append a allowlist rule for allowlisting the config
+		tomlLoader.Allowlist.Files = append(tomlLoader.Allowlist.Files, path.Base(options.Config))
 	} else {
 		_, err = toml.Decode(DefaultConfig, &tomlLoader)
 	}
@@ -132,9 +132,9 @@ func (tomlLoader TomlLoader) Parse() (Config, error) {
 			return cfg, fmt.Errorf("problem loading config: %v", err)
 		}
 
-		// rule specific whitelists
-		var whitelists []Whitelist
-		for _, wl := range rule.Whitelist {
+		// rule specific allowlists
+		var allowlists []Allowlist
+		for _, wl := range rule.Allowlist {
 			wlRe, err := regexp.Compile(wl.Regex)
 			if err != nil {
 				return cfg, fmt.Errorf("problem loading config: %v", err)
@@ -147,7 +147,7 @@ func (tomlLoader TomlLoader) Parse() (Config, error) {
 			if err != nil {
 				return cfg, fmt.Errorf("problem loading config: %v", err)
 			}
-			whitelists = append(whitelists, Whitelist{
+			allowlists = append(allowlists, Allowlist{
 				Description: wl.Description,
 				File:        wlFileNameRe,
 				Path:        wlFilePathRe,
@@ -190,40 +190,40 @@ func (tomlLoader TomlLoader) Parse() (Config, error) {
 			FileNameRegex: fileNameRe,
 			FilePathRegex: filePathRe,
 			Tags:          rule.Tags,
-			Whitelist:     whitelists,
+			Allowlist:     allowlists,
 			Entropies:     entropies,
 		})
 	}
 
-	// global file name whitelists
-	for _, wlFileName := range tomlLoader.Whitelist.Files {
+	// global file name allowlists
+	for _, wlFileName := range tomlLoader.Allowlist.Files {
 		re, err := regexp.Compile(wlFileName)
 		if err != nil {
 			return cfg, fmt.Errorf("problem loading config: %v", err)
 		}
-		cfg.Whitelist.Files = append(cfg.Whitelist.Files, re)
+		cfg.Allowlist.Files = append(cfg.Allowlist.Files, re)
 	}
 
-	// global file path whitelists
-	for _, wlFilePath := range tomlLoader.Whitelist.Paths {
+	// global file path allowlists
+	for _, wlFilePath := range tomlLoader.Allowlist.Paths {
 		re, err := regexp.Compile(wlFilePath)
 		if err != nil {
 			return cfg, fmt.Errorf("problem loading config: %v", err)
 		}
-		cfg.Whitelist.Paths = append(cfg.Whitelist.Paths, re)
+		cfg.Allowlist.Paths = append(cfg.Allowlist.Paths, re)
 	}
 
-	// global repo whitelists
-	for _, wlRepo := range tomlLoader.Whitelist.Repos {
+	// global repo allowlists
+	for _, wlRepo := range tomlLoader.Allowlist.Repos {
 		re, err := regexp.Compile(wlRepo)
 		if err != nil {
 			return cfg, fmt.Errorf("problem loading config: %v", err)
 		}
-		cfg.Whitelist.Repos = append(cfg.Whitelist.Repos, re)
+		cfg.Allowlist.Repos = append(cfg.Allowlist.Repos, re)
 	}
 
-	cfg.Whitelist.Commits = tomlLoader.Whitelist.Commits
-	cfg.Whitelist.Description = tomlLoader.Whitelist.Description
+	cfg.Allowlist.Commits = tomlLoader.Allowlist.Commits
+	cfg.Allowlist.Description = tomlLoader.Allowlist.Description
 
 	return cfg, nil
 }

config/config_test.go

@@ -15,7 +15,7 @@ func TestParse(t *testing.T) {
 		wantErr       error
 		wantFileRegex *regexp.Regexp
 		wantMessages  *regexp.Regexp
-		wantWhitelist Whitelist
+		wantAllowlist Allowlist
 	}{
 		{
 			description: "default config",
@@ -42,9 +42,9 @@ func TestParse(t *testing.T) {
 			wantErr: fmt.Errorf("problem loading config: error parsing regexp: invalid nested repetition operator: `???`"),
 		},
 		{
-			description: "test bad global whitelist file regex",
+			description: "test bad global allowlist file regex",
 			opts: options.Options{
-				Config: "../test_data/test_configs/bad_aws_key_global_whitelist_file.toml",
+				Config: "../test_data/test_configs/bad_aws_key_global_allowlist_file.toml",
 			},
 			wantErr: fmt.Errorf("problem loading config: error parsing regexp: missing argument to repetition operator: `??`"),
 		},

config/default.go

@@ -131,8 +131,8 @@ title = "gitleaks config"
 	regex = '''(?i)twilio(.{0,20})?SK[0-9a-f]{32}'''
 	tags = ["key", "twilio"]
 
-[whitelist]
-	description = "Whitelisted files"
+[allowlist]
+	description = "Allowlisted files"
 	files = ['''^\.?gitleaks.toml$''',
 	'''(.*?)(jpg|gif|doc|pdf|bin)$''',
 	'''(go.mod|go.sum)$''']

examples/leaky-repo.toml

@@ -129,7 +129,7 @@ title = "gitleaks config"
 [[rules]]
 	description = "Port"
 	regex = '''(?i)port(.{0,4})?[0-9]{1,10}'''
-	[[rules.whitelist]]
+	[[rules.allowlist]]
 		regex = '''(?i)port '''
 		description = "ignore export "
 
@@ -139,7 +139,7 @@ title = "gitleaks config"
 	description = "Email"
 	regex = '''[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}'''
 	tags = ["email"]
-	[[rules.whitelist]]
+	[[rules.allowlist]]
 		file = '''(?i)bashrc'''
 		description = "ignore bashrc emails"
 
@@ -149,13 +149,13 @@ title = "gitleaks config"
 	regex = '''(?i)(dbpasswd|dbuser|dbname|dbhost|api_key|apikey|secret|key|api|password|user|guid|hostname|pw|auth)(.{0,20})?['|"]([0-9a-zA-Z-_\/+!{}/=]{4,120})['|"]'''
 	tags = ["key", "API", "generic"]
 	# ignore leaks with specific identifiers like slack and aws
-	[[rules.whitelist]]
+	[[rules.allowlist]]
 		regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})'''
 		description = "ignore slack"
-	[[rules.whitelist]]
+	[[rules.allowlist]]
 		description = "MailChimp API key"
 		regex = '''(?i)(.{0,20})?['"][0-9a-f]{32}-us[0-9]{1,2}['"]'''
-	[[rules.whitelist]]
+	[[rules.allowlist]]
 		description = "AWS Manager ID"
 		regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
 
@@ -172,7 +172,7 @@ title = "gitleaks config"
         [[rules.Entropies]]
             Min = "4.3"
             Max = "7.0"
-        [[rules.whitelist]]
+        [[rules.allowlist]]
             description = "ignore ssh key and pems"
             file = '''(pem|ppk|env)$'''
             path = '''(.*)?ssh'''
@@ -197,7 +197,7 @@ title = "gitleaks config"
 	description = "Files with keys and credentials"
     fileNameRegex = '''(?i)(id_rsa|passwd|id_rsa.pub|pgpass|pem|key|shadow)'''
 
-[whitelist]
-	description = "image whitelists"
+[allowlist]
+	description = "image allowlists"
 	files = ['''(.*?)(jpg|gif|doc|pdf|bin)$''']
 

examples/simple_regex_and_whitelist_config.toml → examples/simple_regex_and_allowlist_config.toml

@@ -1,13 +1,13 @@
-# This config contains a single rule that checks for AWS keys. However, it also contains a whitelist table
-# where you can define one or more whitelists. What this means is that if you have an example AWS key as part of your
-# code (in a test for example), then you can whitelist that specific key so gitleaks will not label it as a leak.
+# This config contains a single rule that checks for AWS keys. However, it also contains a allowlist table
+# where you can define one or more allowlists. What this means is that if you have an example AWS key as part of your
+# code (in a test for example), then you can allowlist that specific key so gitleaks will not label it as a leak.
 # If this line was present in a git history: `aws_access_key_id='AKIAIO5FODNN7EXAMPLE``, gitleaks would match this line
-# with the rule below, but since we have a whitelist against that specific key, it would be ignored.
+# with the rule below, but since we have a allowlist against that specific key, it would be ignored.
 
 [[rules]]
     description = "AWS Manager ID"
     regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
     tags = ["key", "AWS"]
-        [[rules.whitelist]]
+        [[rules.allowlist]]
             regex = '''AKIAIO5FODNN7EXAMPLE.*'''
             description = "ignore example aws key"

scan/repo.go

@@ -76,8 +76,8 @@ func Run(m *manager.Manager) error {
 }
 
 func runHelper(r *Repo) error {
-	// Ignore whitelisted repos
-	for _, wlRepo := range r.Manager.Config.Whitelist.Repos {
+	// Ignore allowlisted repos
+	for _, wlRepo := range r.Manager.Config.Allowlist.Repos {
 		if RegexMatched(r.Manager.Opts.RepoPath, wlRepo) {
 			return nil
 		}

scan/rule.go

@@ -34,21 +34,21 @@ func (repo *Repo) CheckRules(bundle *Bundle) {
 
 	bundle.lineLookup = make(map[string]bool)
 
-	// We want to check if there is a whitelist for this file
-	if len(repo.config.Whitelist.Files) != 0 {
-		for _, reFileName := range repo.config.Whitelist.Files {
+	// We want to check if there is a allowlist for this file
+	if len(repo.config.Allowlist.Files) != 0 {
+		for _, reFileName := range repo.config.Allowlist.Files {
 			if RegexMatched(filename, reFileName) {
-				log.Debugf("whitelisted file found, skipping scan of file: %s", filename)
+				log.Debugf("allowlisted file found, skipping scan of file: %s", filename)
 				return
 			}
 		}
 	}
 
-	// We want to check if there is a whitelist for this path
-	if len(repo.config.Whitelist.Paths) != 0 {
-		for _, reFilePath := range repo.config.Whitelist.Paths {
+	// We want to check if there is a allowlist for this path
+	if len(repo.config.Allowlist.Paths) != 0 {
+		for _, reFilePath := range repo.config.Allowlist.Paths {
 			if RegexMatched(path, reFilePath) {
-				log.Debugf("file in whitelisted path found, skipping scan of file: %s", filename)
+				log.Debugf("file in allowlisted path found, skipping scan of file: %s", filename)
 				return
 			}
 		}
@@ -57,8 +57,8 @@ func (repo *Repo) CheckRules(bundle *Bundle) {
 	for _, rule := range repo.config.Rules {
 		start := time.Now()
 
-		// For each rule we want to check filename whitelists
-		if isFileNameWhiteListed(filename, rule.Whitelist) || isFilePathWhiteListed(path, rule.Whitelist) {
+		// For each rule we want to check filename allowlists
+		if isFileNameWhiteListed(filename, rule.Allowlist) || isFilePathWhiteListed(path, rule.Allowlist) {
 			continue
 		}
 
@@ -112,7 +112,7 @@ func (repo *Repo) CheckRules(bundle *Bundle) {
 					offender := bundle.Content[loc[0]:loc[1]]
 					groups := rule.Regex.FindStringSubmatch(offender)
 
-					if isOffenderWhiteListed(offender, rule.Whitelist) {
+					if isOffenderWhiteListed(offender, rule.Allowlist) {
 						continue
 					}
 
@@ -352,8 +352,8 @@ func ruleContainFilePathRegex(rule config.Rule) bool {
 	return true
 }
 
-func isCommitWhiteListed(commitHash string, whitelistedCommits []string) bool {
-	for _, hash := range whitelistedCommits {
+func isCommitWhiteListed(commitHash string, allowlistedCommits []string) bool {
+	for _, hash := range allowlistedCommits {
 		if commitHash == hash {
 			return true
 		}
@@ -361,9 +361,9 @@ func isCommitWhiteListed(commitHash string, whitelistedCommits []string) bool {
 	return false
 }
 
-func isOffenderWhiteListed(offender string, whitelist []config.Whitelist) bool {
-	if len(whitelist) != 0 {
-		for _, wl := range whitelist {
+func isOffenderWhiteListed(offender string, allowlist []config.Allowlist) bool {
+	if len(allowlist) != 0 {
+		for _, wl := range allowlist {
 			if wl.Regex.FindString(offender) != "" {
 				return true
 			}
@@ -372,9 +372,9 @@ func isOffenderWhiteListed(offender string, whitelist []config.Whitelist) bool {
 	return false
 }
 
-func isFileNameWhiteListed(filename string, whitelist []config.Whitelist) bool {
-	if len(whitelist) != 0 {
-		for _, wl := range whitelist {
+func isFileNameWhiteListed(filename string, allowlist []config.Allowlist) bool {
+	if len(allowlist) != 0 {
+		for _, wl := range allowlist {
 			if RegexMatched(filename, wl.File) {
 				return true
 			}
@@ -383,9 +383,9 @@ func isFileNameWhiteListed(filename string, whitelist []config.Whitelist) bool {
 	return false
 }
 
-func isFilePathWhiteListed(filepath string, whitelist []config.Whitelist) bool {
-	if len(whitelist) != 0 {
-		for _, wl := range whitelist {
+func isFilePathWhiteListed(filepath string, allowlist []config.Allowlist) bool {
+	if len(allowlist) != 0 {
+		for _, wl := range allowlist {
 			if RegexMatched(filepath, wl.Path) {
 				return true
 			}

scan/scan.go

@@ -95,8 +95,8 @@ func (repo *Repo) Scan() error {
 			return storer.ErrStop
 		}
 
-		// Check if Commit is whitelisted
-		if isCommitWhiteListed(c.Hash.String(), repo.config.Whitelist.Commits) {
+		// Check if Commit is allowlisted
+		if isCommitWhiteListed(c.Hash.String(), repo.config.Allowlist.Commits) {
 			return nil
 		}
 
@@ -301,7 +301,7 @@ func (repo *Repo) scanUncommitted() error {
 
 // scan accepts a Patch, Commit, and repo. If the patches contains files that are
 // binary, then gitleaks will skip scanning that file OR if a file is matched on
-// whitelisted files set in the configuration. If a global rule for files is defined and a filename
+// allowlisted files set in the configuration. If a global rule for files is defined and a filename
 // matches said global rule, then a leak is sent to the manager.
 // After that, file chunks are created which are then inspected by InspectString()
 func scanPatch(patch *object.Patch, c *object.Commit, repo *Repo) {
@@ -360,7 +360,7 @@ func scanCommit(commit string, repo *Repo, f commitScanner) error {
 // scanCommitPatches accepts a Commit object and a repo. This function is only called when the --Commit=
 // option has been set. That option tells gitleaks to look only at a single Commit and check the contents
 // of said Commit. Similar to scan(), if the files contained in the Commit are a binaries or if they are
-// whitelisted then those files will be skipped.
+// allowlisted then those files will be skipped.
 func scanCommitPatches(c *object.Commit, repo *Repo) error {
 	if len(c.ParentHashes) == 0 {
 		err := scanFilesAtCommit(c, repo)
@@ -400,7 +400,7 @@ func scanCommitPatches(c *object.Commit, repo *Repo) error {
 // scanFilesAtCommit accepts a Commit object and a repo. This function is only called when the --files-at-Commit=
 // option has been set. That option tells gitleaks to look only at ALL the files at a Commit and check the contents
 // of said Commit. Similar to scan(), if the files contained in the Commit are a binaries or if they are
-// whitelisted then those files will be skipped.
+// allowlisted then those files will be skipped.
 func scanFilesAtCommit(c *object.Commit, repo *Repo) error {
 	fIter, err := c.Files()
 	if err != nil {

scan/scan_test.go

@@ -58,11 +58,11 @@ func TestScan(t *testing.T) {
 			emptyRepo: true,
 		},
 		{
-			description: "test local repo one aws leak whitelisted",
+			description: "test local repo one aws leak allowlisted",
 			opts: options.Options{
 				RepoPath:     "../test_data/test_repos/test_repo_1",
 				ReportFormat: "json",
-				Config:       "../test_data/test_configs/aws_key_whitelist_python_files.toml",
+				Config:       "../test_data/test_configs/aws_key_allowlist_python_files.toml",
 			},
 			wantEmpty: true,
 		},
@@ -107,19 +107,19 @@ func TestScan(t *testing.T) {
 			wantPath: "../test_data/test_local_repo_two_leaks_commit_range.json",
 		},
 		{
-			description: "test local repo two leaks globally whitelisted",
+			description: "test local repo two leaks globally allowlisted",
 			opts: options.Options{
 				RepoPath:     "../test_data/test_repos/test_repo_2",
-				Config:       "../test_data/test_configs/aws_key_global_whitelist_file.toml",
+				Config:       "../test_data/test_configs/aws_key_global_allowlist_file.toml",
 				ReportFormat: "json",
 			},
 			wantEmpty: true,
 		},
 		{
-			description: "test local repo two leaks whitelisted",
+			description: "test local repo two leaks allowlisted",
 			opts: options.Options{
 				RepoPath:     "../test_data/test_repos/test_repo_2",
-				Config:       "../test_data/test_configs/aws_key_whitelist_files.toml",
+				Config:       "../test_data/test_configs/aws_key_allowlist_files.toml",
 				ReportFormat: "json",
 			},
 			wantEmpty: true,
@@ -174,14 +174,14 @@ func TestScan(t *testing.T) {
 			wantPath: "../test_data/test_local_owner_aws_leak.json",
 		},
 		{
-			description: "test owner path whitelist repo",
+			description: "test owner path allowlist repo",
 			opts: options.Options{
 				OwnerPath:    "../test_data/test_repos/",
-				Report:       "../test_data/test_local_owner_aws_leak_whitelist_repo.json.got",
+				Report:       "../test_data/test_local_owner_aws_leak_allowlist_repo.json.got",
 				ReportFormat: "json",
-				Config:       "../test_data/test_configs/aws_key_local_owner_whitelist_repo.toml",
+				Config:       "../test_data/test_configs/aws_key_local_owner_allowlist_repo.toml",
 			},
-			wantPath: "../test_data/test_local_owner_aws_leak_whitelist_repo.json",
+			wantPath: "../test_data/test_local_owner_aws_leak_allowlist_repo.json",
 		},
 		{
 			description: "test entropy and regex",
@@ -207,8 +207,8 @@ func TestScan(t *testing.T) {
 			description: "test local repo four entropy alternative config",
 			opts: options.Options{
 				RepoPath:     "../test_data/test_repos/test_repo_1",
-				Report:       "../test_data/test_regex_whitelist.json.got",
-				Config:       "../test_data/test_configs/aws_key_aws_whitelisted.toml",
+				Report:       "../test_data/test_regex_allowlist.json.got",
+				Config:       "../test_data/test_configs/aws_key_aws_allowlisted.toml",
 				ReportFormat: "json",
 			},
 			wantEmpty: true,
@@ -316,14 +316,14 @@ func TestScan(t *testing.T) {
 			wantPath: "../test_data/test_local_repo_six_filepath_filename.json",
 		},
 		{
-			description: "test local repo six path globally whitelisted",
+			description: "test local repo six path globally allowlisted",
 			opts: options.Options{
 				RepoPath:     "../test_data/test_repos/test_repo_6",
-				Report:       "../test_data/test_local_repo_six_path_globally_whitelisted.json.got",
-				Config:       "../test_data/test_configs/aws_key_global_whitelist_path.toml",
+				Report:       "../test_data/test_local_repo_six_path_globally_allowlisted.json.got",
+				Config:       "../test_data/test_configs/aws_key_global_allowlist_path.toml",
 				ReportFormat: "json",
 			},
-			wantPath: "../test_data/test_local_repo_six_path_globally_whitelisted.json",
+			wantPath: "../test_data/test_local_repo_six_path_globally_allowlisted.json",
 		},
 		{
 			description: "test local repo six leaks since date",
@@ -357,14 +357,14 @@ func TestScan(t *testing.T) {
 			wantPath: "../test_data/test_local_repo_four_leaks_commit_timerange.json",
 		},
 		{
-			description: "test local repo two whitelist Commit config",
+			description: "test local repo two allowlist Commit config",
 			opts: options.Options{
 				RepoPath:     "../test_data/test_repos/test_repo_2",
-				Report:       "../test_data/test_local_repo_two_whitelist_commits.json.got",
-				Config:       "../test_data/test_configs/whitelist_commit.toml",
+				Report:       "../test_data/test_local_repo_two_allowlist_commits.json.got",
+				Config:       "../test_data/test_configs/allowlist_commit.toml",
 				ReportFormat: "json",
 			},
-			wantPath: "../test_data/test_local_repo_two_whitelist_commits.json",
+			wantPath: "../test_data/test_local_repo_two_allowlist_commits.json",
 		},
 		{
 			description: "test local repo two deletion",

test_data/test_configs/whitelist_commit.toml → test_data/test_configs/allowlist_commit.toml

@@ -4,7 +4,7 @@
     tags = ["key", "AWS"]
 
 
-[whitelist]
+[allowlist]
   commits = [
     "b10b3e2cb320a8c211fda94c4567299d37de7776",
     "17471a5fda722a9e423f1a0d3f0d267ea009d41c",

test_data/test_configs/aws_key_whitelist_files.toml → test_data/test_configs/aws_key_allowlist_files.toml

@@ -2,13 +2,13 @@
     description = "AWS Manager ID"
     regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
     tags = ["key", "AWS"]
-        [[rules.whitelist]]
+        [[rules.allowlist]]
             description = "ignore md files"
             file = '''(.*)?md$'''
-        [[rules.whitelist]]
+        [[rules.allowlist]]
             description = "ignore this regex"
             regex = '''ignore$'''
-        [[rules.whitelist]]
+        [[rules.allowlist]]
             description = "ignore regex and md files"
             regex = '''ignore$'''
             file = '''(.*)?md$'''

test_data/test_configs/aws_key_whitelist_python_files.toml → test_data/test_configs/aws_key_allowlist_python_files.toml

@@ -2,6 +2,6 @@
     description = "AWS Manager ID"
     regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
     tags = ["key", "AWS"]
-        [[rules.whitelist]]
+        [[rules.allowlist]]
             description = "ignore python files"
             file = '''(.*)?py$'''

test_data/test_configs/aws_key_aws_whitelisted.toml → test_data/test_configs/aws_key_aws_allowlisted.toml

@@ -2,6 +2,6 @@
     description = "AWS Manager ID"
     regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
     tags = ["key", "AWS"]
-        [[rules.whitelist]]
+        [[rules.allowlist]]
             regex = '''AKIAIO5FODNN7EXAMPLE.*'''
             description = "ignore aws key"

test_data/test_configs/aws_key_global_whitelist_file.toml → test_data/test_configs/aws_key_global_allowlist_file.toml

@@ -3,7 +3,7 @@
     regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
     tags = ["key", "AWS"]
 
-[whitelist]
+[allowlist]
     description = "ignore md files"
     files = [
         '''(.*)?md$'''

test_data/test_configs/aws_key_global_whitelist_path.toml → test_data/test_configs/aws_key_global_allowlist_path.toml

@@ -3,7 +3,7 @@
     regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
     tags = ["key", "AWS"]
 
-[whitelist]
+[allowlist]
     description = "ignore config folders"
     paths = [
         '''config(uration)?'''

test_data/test_configs/aws_key_local_owner_whitelist_repo.toml → test_data/test_configs/aws_key_local_owner_allowlist_repo.toml

@@ -2,8 +2,8 @@
     description = "AWS Manager ID"
     regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
     tags = ["key", "AWS"]
-    [whitelist]
-        description = "whitelist repo"
+    [allowlist]
+        description = "allowlist repo"
         repos = [
             '''test_repo_1'''
         ]

test_data/test_configs/bad_aws_key_global_whitelist_file.toml → test_data/test_configs/bad_aws_key_global_allowlist_file.toml

@@ -3,6 +3,6 @@
     regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
     tags = ["key", "AWS"]
 
-[whitelist]
+[allowlist]
     description = "ignore md files"
     files = ['''???????''']

test_data/test_configs/large.toml

@@ -125,13 +125,13 @@ title = "gitleaks config"
 	description = "AWS Manager ID"
 	regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
 	tags = ["key", "AWS"]
-		[[rules.whitelist]]
+		[[rules.allowlist]]
 			description = "ignore common jenkins functions"
-			regex = '''whitelistme'''
+			regex = '''allowlistme'''
 			file = '''(.*)?Jenkinsfile$'''
-		[[rules.whitelist]]
+		[[rules.allowlist]]
 			description = "ignore common jenkins functions2"
-			regex = '''whitelistme'''
+			regex = '''allowlistme'''
 			file = '''(.*)?Jenkinsfile$'''
 
 # Global rules. This instructs gitleaks to ignore all .pem files or if a message with
@@ -139,8 +139,8 @@ title = "gitleaks config"
 	description = "Files with keys and credentials"
     fileRegex = '''(.*?)(pem)'''
 
-[whitelist]
-	description = "File whitelists"
+[allowlist]
+	description = "File allowlists"
 	files = [
 		'''(.*?)(jpg|gif)$''',
 		'''(.*?)(doc|pdf|bin)$'''