Etusivu Tutki Apua
Kirjaudu sisään
LBP
/
gitleaks
peilaus alkaen https://github.com/gitleaks/gitleaks.git
4
0
Fork 0
Tiedostot Ongelmat 0 Wiki
Selaa lähdekoodia

Resolve #1170 - Enable selection of a single rule (#1183)

* Gitleaks issue #1170 - Feature request to add a flag to enable a subset of rules on the command line.

* Added documentation.
Matjaž Domen Pečan 2 vuotta sitten
vanhempi
3cbcda20d2
commit
db4bc0fe76
2 muutettua tiedostoa jossa 19 lisäystä ja 0 poistoa
Yhdistetty näkymä Näytä diff tilastot
  1. 2 0
      README.md
  2. 17 0
      cmd/detect.go

+ 2 - 0
README.md
Näytä tiedosto 

@@ -182,6 +182,8 @@ See the `git log` [documentation](https://git-scm.com/docs/git-log) for more inf
 
 
 
 You can scan files and directories by using the `--no-git` option.
 
 You can scan files and directories by using the `--no-git` option.
 
 
 
+If you want to run only specific rules you can do so by using the `--enable-rule` option (with a rule ID as a parameter), this flag can be used multiple times. For example: `--enable-rule=atlassian-api-token` will only apply that rule. You can find a list of rules [here](config/gitleaks.toml).
 
+
 
 #### Protect
 
 #### Protect
 
 
 
 The `protect` command is used to scan uncommitted changes in a git repo. This command should be used on developer machines in accordance with
 
 The `protect` command is used to scan uncommitted changes in a git repo. This command should be used on developer machines in accordance with

+ 17 - 0
cmd/detect.go
Näytä tiedosto 

@@ -3,6 +3,7 @@ package cmd
 
 import (
 
 import (
 
 	"os"
 
 	"os"
 
 	"path/filepath"
 
 	"path/filepath"
 
+	"strings"
 
 	"time"
 
 	"time"
 
 
 
 	"github.com/rs/zerolog/log"
 
 	"github.com/rs/zerolog/log"
 
@@ -20,6 +21,7 @@ func init() {
 
 	detectCmd.Flags().Bool("no-git", false, "treat git repo as a regular directory and scan those files, --log-opts has no effect on the scan when --no-git is set")
 
 	detectCmd.Flags().Bool("no-git", false, "treat git repo as a regular directory and scan those files, --log-opts has no effect on the scan when --no-git is set")
 
 	detectCmd.Flags().Bool("pipe", false, "scan input from stdin, ex: `cat some_file | gitleaks detect --pipe`")
 
 	detectCmd.Flags().Bool("pipe", false, "scan input from stdin, ex: `cat some_file | gitleaks detect --pipe`")
 
 	detectCmd.Flags().Bool("follow-symlinks", false, "scan files that are symlinks to other files")
 
 	detectCmd.Flags().Bool("follow-symlinks", false, "scan files that are symlinks to other files")
 
+	detectCmd.Flags().StringSlice("enable-rule", []string{}, "only enable specific rules by id, ex: `gitleaks detect --enable-rule=atlassian-api-token --enable-rule=slack-access-token`")
 
 	detectCmd.Flags().StringP("gitleaks-ignore-path", "i", ".", "path to .gitleaksignore file or folder containing one")
 
 	detectCmd.Flags().StringP("gitleaks-ignore-path", "i", ".", "path to .gitleaksignore file or folder containing one")
 
 }
 
 }
 
 
 
@@ -113,6 +115,21 @@ func runDetect(cmd *cobra.Command, args []string) {
 
 		}
 
 		}
 
 	}
 
 	}
 
 
 
+	// If set, only apply rules that are defined in the flag
 
+	rules, _ := cmd.Flags().GetStringSlice("enable-rule")
 
+	if len(rules) > 0 {
 
+		log.Info().Msg("Overriding enabled rules: " + strings.Join(rules, ", "))
 
+		ruleOverride := make(map[string]config.Rule)
 
+		for _, ruleName := range rules {
 
+			if rule, ok := cfg.Rules[ruleName]; ok {
 
+				ruleOverride[ruleName] = rule
 
+			} else {
 
+				log.Fatal().Msgf("Requested rule %s not found in rules", ruleName)
 
+			}
 
+		}
 
+		detector.Config.Rules = ruleOverride
 
+	}
 
+
 
 	// set follow symlinks flag
 
 	// set follow symlinks flag
 
 	if detector.FollowSymlinks, err = cmd.Flags().GetBool("follow-symlinks"); err != nil {
 
 	if detector.FollowSymlinks, err = cmd.Flags().GetBool("follow-symlinks"); err != nil {
 
 		log.Fatal().Err(err).Msg("")
 
 		log.Fatal().Err(err).Msg("")