working on getting pinned config working

gitleaks.toml

@@ -21,9 +21,6 @@ regex = '''(?i)facebook.*['\"][0-9a-f]{32}['\"]'''
 description = "Twitter"
 regex = '''(?i)twitter.*['\"][0-9a-zA-Z]{35,44}['\"]'''
 [[regexes]]
-description = "Telegram"
-regex = '''(?i)telegram.*['\"][0-9]{1,12}+:[0-9a-zA-Z-]{32,44}['\"]'''
-[[regexes]]
 description = "PGP"
 regex = '''-----BEGIN PGP PRIVATE KEY BLOCK-----'''
 [[regexes]]
@@ -38,5 +35,5 @@ regexes = [
   # "AKIA.*EXAMPLE",
 ]
 files = [
-  "(.*?)(jpg|gif|doc|pdf|bin|go)$"
+  "(.*?)(jpg|gif|doc|pdf|bin)$"
 ]

main.go

@@ -86,6 +86,8 @@ type Options struct {
 	ExcludeForks   bool    `long:"exclude-forks" description:"exclude forks for organization/user audits"`
 	Entropy        float64 `long:"entropy" short:"e" description:"Include entropy checks during audit. Entropy scale: 0.0(no entropy) - 8.0(max entropy)"`
 	NoiseReduction bool    `long:"noise-reduction" description:"Reduce the number of finds when entropy checks are enabled"`
+	Fast           bool    `long:"fast" description:"Run gitleaks on fast mode. This does not include information about commits."`
+	RepoConfig     bool    `long:"repo-config" description:"Load config from target repo. Config file must be \".gitleaks.toml\""`
 	// TODO: IncludeMessages  string `long:"messages" description:"include commit messages in audit"`
 
 	// Output options
@@ -437,6 +439,14 @@ func auditGitRepo(repo *RepoDescriptor) ([]Leak, error) {
 		}
 	}
 
+	// check if target contains an external gitleaks toml
+	if opts.RepoConfig {
+		err := externalConfig(repo)
+		if err != nil {
+			return leaks, nil
+		}
+	}
+
 	// clear commit cache
 	commitMap = make(map[string]bool)
 
@@ -457,6 +467,27 @@ func auditGitRepo(repo *RepoDescriptor) ([]Leak, error) {
 	return leaks, err
 }
 
+func externalConfig(repo *RepoDescriptor) error {
+	var config Config
+	wt, err := repo.repository.Worktree()
+	if err != nil {
+		return err
+	}
+	c, err := wt.Filesystem.Open("gitleaks.toml")
+	if err != nil {
+		return err
+	}
+	if _, err := toml.DecodeReader(c, &config); err != nil {
+		return fmt.Errorf("problem loading config: %v", err)
+	}
+	c.Close()
+	if err != nil {
+		return err
+	}
+	updateConfig(config)
+	return nil
+}
+
 // auditGitReference beings the audit for a git reference. This function will
 // traverse the git reference and audit each line of each diff.
 func auditGitReference(repo *RepoDescriptor, ref *plumbing.Reference) []Leak {
@@ -566,7 +597,7 @@ func auditGitReference(repo *RepoDescriptor, ref *plumbing.Reference) []Leak {
 					commitWg.Done()
 					<-semaphore
 					if r := recover(); r != nil {
-						log.Warnf("recovering from panic on commit %s, likely large diff causing panic", c.Hash.String())
+						log.Warnf("recoverying from panic on commit %s, likely large diff causing panic", c.Hash.String())
 					}
 				}()
 				patch, err := c.Patch(parent)
@@ -894,6 +925,17 @@ func loadToml() error {
 		}
 	}
 
+	if len(config.Misc.Entropy) != 0 {
+		err := entropyLimits(config.Misc.Entropy)
+		if err != nil {
+			return err
+		}
+	}
+	return updateConfig(config)
+}
+
+// updateConfig will update a the global config values
+func updateConfig(config Config) error {
 	if len(config.Misc.Entropy) != 0 {
 		err := entropyLimits(config.Misc.Entropy)
 		if err != nil {
@@ -927,6 +969,7 @@ func loadToml() error {
 	}
 
 	return nil
+
 }
 
 // entropyLimits hydrates entropyRanges which allows for fine tuning entropy checking