Validate config (#412)

* validate config

* fix import fmt

* cleaning

config/config.go

@@ -9,6 +9,7 @@ import (
 	"github.com/zricethezav/gitleaks/v5/options"
 
 	"github.com/BurntSushi/toml"
+	log "github.com/sirupsen/logrus"
 )
 
 // Allowlist is struct containing items that if encountered will allowlist
@@ -119,6 +120,11 @@ func NewConfig(options options.Options) (Config, error) {
 func (tomlLoader TomlLoader) Parse() (Config, error) {
 	var cfg Config
 	for _, rule := range tomlLoader.Rules {
+		// check and make sure the rule is valid
+		if rule.Regex == "" && rule.FilePathRegex == "" && rule.FileNameRegex == "" && len(rule.Entropies) == 0 {
+			log.Warnf("Rule %s does not define any actionable data", rule.Description)
+			continue
+		}
 		re, err := regexp.Compile(rule.Regex)
 		if err != nil {
 			return cfg, fmt.Errorf("problem loading config: %v", err)

go.sum

@@ -23,8 +23,6 @@ github.com/go-git/go-billy/v5 v5.0.0 h1:7NQHvd9FVid8VL4qVUMm8XifBK+2xCoZ2lSk0agR
 github.com/go-git/go-billy/v5 v5.0.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0=
 github.com/go-git/go-git-fixtures/v4 v4.0.1 h1:q+IFMfLx200Q3scvt2hN79JsEzy4AmBTp/pqnefH+Bc=
 github.com/go-git/go-git-fixtures/v4 v4.0.1/go.mod h1:m+ICp2rF3jDhFgEZ/8yziagdT1C+ZpZcrJjappBCDSw=
-github.com/go-git/go-git/v5 v5.0.0 h1:k5RWPm4iJwYtfWoxIJy4wJX9ON7ihPeZZYC1fLYDnpg=
-github.com/go-git/go-git/v5 v5.0.0/go.mod h1:oYD8y9kWsGINPFJoLdaScGCN6dlKg23blmClfZwtUVA=
 github.com/go-git/go-git/v5 v5.1.0 h1:HxJn9g/E7eYvKW3Fm7Jt4ee8LXfPOm/H1cdDu8vEssk=
 github.com/go-git/go-git/v5 v5.1.0/go.mod h1:ZKfuPUoY1ZqIG4QG9BDBh3G4gLM5zvPuSJAozQrZuyM=
 github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM=

hosts/github.go

@@ -176,9 +176,9 @@ func (g *Github) ScanPR() {
 					continue
 				}
 				repo.CheckRules(&scan.Bundle{
-					Content: *f.Patch,
+					Content:  *f.Patch,
 					FilePath: *f.Filename,
-					Commit: &commitObj,
+					Commit:   &commitObj,
 				})
 			}
 		}

manager/manager.go

@@ -89,7 +89,7 @@ type Metadata struct {
 
 	RegexTime map[string]int64
 	Commits   int
-	ScanTime int64
+	ScanTime  int64
 	patchTime int64
 	cloneTime int64
 }

manager/manager_test.go

@@ -45,14 +45,14 @@ func TestSendReceiveLeaks(t *testing.T) {
 
 func TestSendReceiveMeta(t *testing.T) {
 	tests := []struct {
-		scanTime  int64
+		scanTime   int64
 		patchTime  int64
 		cloneTime  int64
 		regexTime  int64
 		iterations int
 	}{
 		{
-			scanTime:  1000,
+			scanTime:   1000,
 			patchTime:  1000,
 			cloneTime:  1000,
 			regexTime:  1000,

scan/rule.go

@@ -20,11 +20,11 @@ import (
 )
 
 const (
-	diffAddPrefix = "+"
-	diffAddFilePrefix = "+++ b"
+	diffAddPrefix          = "+"
+	diffAddFilePrefix      = "+++ b"
 	diffAddFilePrefixSlash = "+++ b/"
-	diffLineSignature = " @@"
-	defaultLineNumber = -1
+	diffLineSignature      = " @@"
+	defaultLineNumber      = -1
 )
 
 // CheckRules accepts bundle and checks each rule defined in the config against the bundle's content.
@@ -76,18 +76,18 @@ func (repo *Repo) CheckRules(bundle *Bundle) {
 		if !ruleContainRegex(rule) {
 			repo.Manager.SendLeaks(manager.Leak{
 				LineNumber: defaultLineNumber,
-				Line:      "N/A",
-				Offender:  "Filename/path offender: " + filename,
-				Commit:    bundle.Commit.Hash.String(),
-				Repo:      repo.Name,
-				Message:   bundle.Commit.Message,
-				Rule:      rule.Description,
-				Author:    bundle.Commit.Author.Name,
-				Email:     bundle.Commit.Author.Email,
-				Date:      bundle.Commit.Author.When,
-				Tags:      strings.Join(rule.Tags, ", "),
-				File:      filename,
-				Operation: diffOpToString(bundle.Operation),
+				Line:       "N/A",
+				Offender:   "Filename/path offender: " + filename,
+				Commit:     bundle.Commit.Hash.String(),
+				Repo:       repo.Name,
+				Message:    bundle.Commit.Message,
+				Rule:       rule.Description,
+				Author:     bundle.Commit.Author.Name,
+				Email:      bundle.Commit.Author.Email,
+				Date:       bundle.Commit.Author.When,
+				Tags:       strings.Join(rule.Tags, ", "),
+				File:       filename,
+				Operation:  diffOpToString(bundle.Operation),
 			})
 		} else {
 			//otherwise we check if it matches Content regex
@@ -393,4 +393,3 @@ func isFilePathWhiteListed(filepath string, allowlist []config.Allowlist) bool {
 	}
 	return false
 }
-

test_data/test_configs/aws_key_file_regex.toml

@@ -8,6 +8,7 @@
     regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
     tags = ["key", "AWS"]
 
+## this is an example of a rule that won't work
 [[rules]]
 	description = "Python files"
-	fileRegex = '''(.*)?py$'''
+	fileRegex = "(?i)*.py"

test_data/test_local_repo_one_aws_leak_and_file_leak.json

@@ -1,19 +1,4 @@
 [
- {
-  "line": "N/A",
-  "lineNumber": -1,
-  "offender": "Filename/path offender: server.test.py",
-  "commit": "d274003914c707212cbe84e3e466a00013ccb639",
-  "repo": "test_repo_1",
-  "rule": "Python files",
-  "commitMessage": "comment\n",
-  "author": "zach rice",
-  "email": "zricer@protonmail.com",
-  "file": "server.test.py",
-  "date": "2019-10-24T10:03:38-04:00",
-  "tags": "",
-  "operation": "addition"
- },
  {
   "line": "    aws_access_key_id='AKIAIO5FODNN7EXAMPLE',",
   "lineNumber": 5,
@@ -28,20 +13,5 @@
   "date": "2019-10-24T09:29:27-04:00",
   "tags": "key, AWS",
   "operation": "addition"
- },
- {
-  "line": "N/A",
-  "lineNumber": -1,
-  "offender": "Filename/path offender: server.test.py",
-  "commit": "6557c92612d3b35979bd426d429255b3bf9fab74",
-  "repo": "test_repo_1",
-  "rule": "Python files",
-  "commitMessage": "commit 1 with secrets\n",
-  "author": "zach rice",
-  "email": "zricer@protonmail.com",
-  "file": "server.test.py",
-  "date": "2019-10-24T09:29:27-04:00",
-  "tags": "",
-  "operation": "addition"
  }
 ]