working on filetype filtering

src/config.go

@@ -26,6 +26,7 @@ type Rule struct {
 	tags        []string
 	entropies   []*entropyRange
 	entropyROI  string
+	fileTypes   []*regexp.Regexp
 }
 
 // TomlConfig is used for loading gitleaks configs from a toml file
@@ -37,6 +38,7 @@ type TomlConfig struct {
 		Tags        []string
 		Severity    string
 		EntropyROI  string
+		FileTypes   []string
 	}
 	Whitelist struct {
 		Files   []string
@@ -55,7 +57,8 @@ type Config struct {
 		commits map[string]bool
 		repos   []*regexp.Regexp
 	}
-	sshAuth *ssh.PublicKeys
+	FileRules []*Rule
+	sshAuth   *ssh.PublicKeys
 }
 
 // loadToml loads of the toml config containing regexes and whitelists.
@@ -109,10 +112,16 @@ func (config *Config) update(tomlConfig TomlConfig) error {
 	for _, rule := range tomlConfig.Rules {
 		re := regexp.MustCompile(rule.Regex)
 		ranges, err := getEntropyRanges(rule.Entropies)
+		var fileTypes = []*regexp.Regexp{}
+		for _, regex := range rule.FileTypes {
+			fileTypes = append(fileTypes, regexp.MustCompile(regex))
+		}
+
 		if err != nil {
 			log.Errorf("could not create entropy range for %s, skipping rule", rule.Description)
 			continue
 		}
+
 		r := &Rule{
 			description: rule.Description,
 			regex:       re,
@@ -120,8 +129,14 @@ func (config *Config) update(tomlConfig TomlConfig) error {
 			tags:        rule.Tags,
 			entropies:   ranges,
 			entropyROI:  rule.EntropyROI,
+			fileTypes:   fileTypes,
+		}
+
+		if len(rule.Entropies) == 0 && rule.Regex == "" && len(fileTypes) != 0 {
+			config.FileRules = append(config.FileRules, r)
 		}
 		config.Rules = append(config.Rules, r)
+
 	}
 
 	// set whitelists

src/constants.go

@@ -22,6 +22,7 @@ title = "gitleaks config"
 description = "AWS Key"
 regex = '''AKIA[0-9A-Z]{16}'''
 tags = ["key", "AWS"]
+severity = "high"
 
 [[rules]]
 description = "PKCS8"
@@ -63,6 +64,21 @@ description = "Slack"
 regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})?'''
 tags = ["key", "Slack"]
 
+[[rules]]
+description = "Generic Key"
+regex = '''(?i)key(.{0,6})?(:|=|=>|:=)'''
+entropies = ["4.1-4.3"]
+filetypes = [".gee"]
+entropyROI = "line"
+tags = ["key"]
+severity = "medium"
+
+[[rules]]
+description = "Any go file"
+filetypes = [".go"]
+tags = ["go files"]
+severity = "low"
+
 [whitelist]
 files = [
   "(.*?)(jpg|gif|doc|pdf|bin)$"

src/repo.go

@@ -241,6 +241,27 @@ func (repoInfo *RepoInfo) audit() ([]Leak, error) {
 					} else if to != nil {
 						filePath = to.Path()
 					}
+
+					for _, fr := range config.FileRules {
+						for _, r := range fr.fileTypes {
+							if r.FindString(filePath) != "" {
+								commitInfo := &commitInfo{
+									repoName: repoInfo.name,
+									filePath: filePath,
+									sha:      c.Hash.String(),
+									author:   c.Author.Name,
+									email:    c.Author.Email,
+									message:  strings.Replace(c.Message, "\n", " ", -1),
+									date:     c.Author.When,
+								}
+								leak := *newLeak("N/A", fmt.Sprintf("filetype %s found", r.String()), r.String(), fr, commitInfo)
+								mutex.Lock()
+								leaks = append(leaks, leak)
+								mutex.Unlock()
+							}
+						}
+					}
+
 					for _, re := range config.WhiteList.files {
 						if re.FindString(filePath) != "" {
 							log.Debugf("skipping whitelisted file (matched regex '%s'): %s", re.String(), filePath)

src/utils.go

@@ -41,9 +41,9 @@ func writeReport(leaks []Leak) error {
 		}
 		defer f.Close()
 		w := csv.NewWriter(f)
-		w.Write([]string{"repo", "line", "commit", "offender", "rule", "info", "tags", "commitMsg", "author", "email", "file", "date"})
+		w.Write([]string{"repo", "line", "commit", "offender", "rule", "info", "tags", "severity", "commitMsg", "author", "email", "file", "date"})
 		for _, leak := range leaks {
-			w.Write([]string{leak.Repo, leak.Line, leak.Commit, leak.Offender, leak.Rule, leak.Info, leak.Tags, leak.Message, leak.Author, leak.Email, leak.File, leak.Date.Format(time.RFC3339)})
+			w.Write([]string{leak.Repo, leak.Line, leak.Commit, leak.Offender, leak.Rule, leak.Info, leak.Tags, leak.Severity, leak.Message, leak.Author, leak.Email, leak.File, leak.Date.Format(time.RFC3339)})
 		}
 		w.Flush()
 	} else {
@@ -86,10 +86,22 @@ func writeReport(leaks []Leak) error {
 func (rule *Rule) check(line string, commit *commitInfo) (*Leak, error) {
 	var (
 		match       string
+		fileMatch   string
 		entropy     float64
 		entropyWord string
 	)
 
+	for _, f := range rule.fileTypes {
+		fileMatch = f.FindString(commit.filePath)
+		if fileMatch != "" {
+			break
+		}
+	}
+
+	if fileMatch == "" && len(rule.fileTypes) != 0 {
+		return nil, nil
+	}
+
 	if rule.entropies != nil {
 		if rule.entropyROI == "line" {
 			_entropy := getShannonEntropy(line)