feat(allowlist): promote optimizations (#1908)

cmd/root.go

@@ -77,7 +77,6 @@ func init() {
 	rootCmd.PersistentFlags().StringP("gitleaks-ignore-path", "i", ".", "path to .gitleaksignore file or folder containing one")
 	rootCmd.PersistentFlags().Int("max-decode-depth", 0, "allow recursive decoding up to this depth (default \"0\", no decoding is done)")
 	rootCmd.PersistentFlags().Int("max-archive-depth", 0, "allow scanning into nested archives up to this depth (default \"0\", no archive traversal is done)")
-	rootCmd.PersistentFlags().BoolP("experimental-optimizations", "", false, "enables experimental allowlist optimizations, increasing performance at the cost of startup time")
 
 	// Add diagnostics flags
 	rootCmd.PersistentFlags().String("diagnostics", "", "enable diagnostics (http OR comma-separated list: cpu,mem,trace). cpu=CPU prof, mem=memory prof, trace=exec tracing, http=serve via net/http/pprof")
@@ -223,11 +222,7 @@ func Config(cmd *cobra.Command) config.Config {
 	if err := viper.Unmarshal(&vc); err != nil {
 		logging.Fatal().Err(err).Msg("Failed to load config")
 	}
-	// set experimental feature flag(s)
-	if mustGetBoolFlag(cmd, "experimental-optimizations") {
-		logging.Warn().Msgf("using experimental allowlist optimizations, updates may contain breaking changes!")
-		vc.EnableExperimentalAllowlistOptimizations = true
-	}
+
 	cfg, err := vc.Translate()
 	if err != nil {
 		logging.Fatal().Err(err).Msg("Failed to load config")

config/allowlist.go

@@ -59,11 +59,6 @@ type Allowlist struct {
 	// validated is an internal flag to track whether `Validate()` has been called.
 	validated bool
 
-	// EnableExperimentalOptimizations must be set prior to calling `Validate()`.
-	// See: https://github.com/gitleaks/gitleaks/pull/1731
-	//
-	// NOTE: This flag may be removed in the future.
-	EnableExperimentalOptimizations bool
 	// commitMap is a normalized version of Commits, used for efficiency purposes.
 	// TODO: possible optimizations so that both short and long hashes work.
 	commitMap    map[string]struct{}
@@ -92,11 +87,8 @@ func (a *Allowlist) Validate() error {
 			// Commits are case-insensitive.
 			uniqueCommits[strings.TrimSpace(strings.ToLower(commit))] = struct{}{}
 		}
-		if a.EnableExperimentalOptimizations {
-			a.commitMap = uniqueCommits
-		} else {
-			a.Commits = maps.Keys(uniqueCommits)
-		}
+		a.Commits = maps.Keys(uniqueCommits)
+		a.commitMap = uniqueCommits
 	}
 	if len(a.StopWords) > 0 {
 		uniqueStopwords := make(map[string]struct{})
@@ -105,21 +97,16 @@ func (a *Allowlist) Validate() error {
 		}
 
 		values := maps.Keys(uniqueStopwords)
-		if a.EnableExperimentalOptimizations {
-			a.stopwordTrie = ahocorasick.NewTrieBuilder().AddStrings(values).Build()
-		} else {
-			a.StopWords = values
-		}
+		a.StopWords = values
+		a.stopwordTrie = ahocorasick.NewTrieBuilder().AddStrings(values).Build()
 	}
 
 	// Combine patterns into a single expression.
-	if a.EnableExperimentalOptimizations {
-		if len(a.Paths) > 0 {
-			a.pathPat = joinRegexOr(a.Paths)
-		}
-		if len(a.Regexes) > 0 {
-			a.regexPat = joinRegexOr(a.Regexes)
-		}
+	if len(a.Paths) > 0 {
+		a.pathPat = joinRegexOr(a.Paths)
+	}
+	if len(a.Regexes) > 0 {
+		a.regexPat = joinRegexOr(a.Regexes)
 	}
 
 	a.validated = true

config/allowlist_test.go

@@ -151,7 +151,7 @@ func TestValidate(t *testing.T) {
 				cmpopts.IgnoreUnexported(Allowlist{}),
 			}
 		)
-		if diff := cmp.Diff(tt.input, tt.expected, opts); diff != "" {
+		if diff := cmp.Diff(tt.expected, tt.input, opts); diff != "" {
 			t.Errorf("diff: (-want +got)\n%s", diff)
 		}
 	}

config/config.go

@@ -50,12 +50,6 @@ type ViperConfig struct {
 	// TODO: Remove this in 9.x.
 	AllowList  *viperGlobalAllowlist
 	Allowlists []*viperGlobalAllowlist
-
-	// EnableExperimentalAllowlistOptimizations enables a preview feature.
-	// See: https://github.com/gitleaks/gitleaks/pull/1731
-	//
-	// NOTE: This flag may be removed in the future.
-	EnableExperimentalAllowlistOptimizations bool
 }
 
 type viperRuleAllowlist struct {
@@ -261,14 +255,13 @@ func (vc *ViperConfig) parseAllowlist(a *viperRuleAllowlist) (*Allowlist, error)
 	}
 
 	allowlist := &Allowlist{
-		Description:                     a.Description,
-		MatchCondition:                  matchCondition,
-		Commits:                         a.Commits,
-		Paths:                           allowlistPaths,
-		RegexTarget:                     regexTarget,
-		Regexes:                         allowlistRegexes,
-		StopWords:                       a.StopWords,
-		EnableExperimentalOptimizations: vc.EnableExperimentalAllowlistOptimizations,
+		Description:    a.Description,
+		MatchCondition: matchCondition,
+		Commits:        a.Commits,
+		Paths:          allowlistPaths,
+		RegexTarget:    regexTarget,
+		Regexes:        allowlistRegexes,
+		StopWords:      a.StopWords,
 	}
 	if err := allowlist.Validate(); err != nil {
 		return nil, err
@@ -292,9 +285,7 @@ func (c *Config) extendDefault(parent *ViperConfig) error {
 	if err := viper.ReadConfig(strings.NewReader(DefaultConfig)); err != nil {
 		return fmt.Errorf("failed to load extended default config, err: %w", err)
 	}
-	defaultViperConfig := ViperConfig{
-		EnableExperimentalAllowlistOptimizations: parent.EnableExperimentalAllowlistOptimizations,
-	}
+	defaultViperConfig := ViperConfig{}
 	if err := viper.Unmarshal(&defaultViperConfig); err != nil {
 		return fmt.Errorf("failed to load extended default config, err: %w", err)
 	}
@@ -314,9 +305,7 @@ func (c *Config) extendPath(parent *ViperConfig) error {
 	if err := viper.ReadInConfig(); err != nil {
 		return fmt.Errorf("failed to load extended config, err: %w", err)
 	}
-	extensionViperConfig := ViperConfig{
-		EnableExperimentalAllowlistOptimizations: parent.EnableExperimentalAllowlistOptimizations,
-	}
+	extensionViperConfig := ViperConfig{}
 	if err := viper.Unmarshal(&extensionViperConfig); err != nil {
 		return fmt.Errorf("failed to load extended config, err: %w", err)
 	}