|
|
@@ -194,7 +194,13 @@ func (d *Detector) detectRule(fragment Fragment, rule *config.Rule) []report.Fin
|
|
|
gitleaksAllowSignature) {
|
|
|
continue
|
|
|
}
|
|
|
-
|
|
|
+
|
|
|
+ // check if the secret is in the allowlist
|
|
|
+ if rule.Allowlist.RegexAllowed(finding.Secret) ||
|
|
|
+ d.Config.Allowlist.RegexAllowed(finding.Secret) {
|
|
|
+ continue
|
|
|
+ }
|
|
|
+
|
|
|
// extract secret from secret group if set
|
|
|
if rule.SecretGroup != 0 {
|
|
|
groups := rule.Regex.FindStringSubmatch(secret)
|
|
|
@@ -206,12 +212,6 @@ func (d *Detector) detectRule(fragment Fragment, rule *config.Rule) []report.Fin
|
|
|
finding.Secret = secret
|
|
|
}
|
|
|
|
|
|
- // check if the secret is in the allowlist
|
|
|
- if rule.Allowlist.RegexAllowed(finding.Secret) ||
|
|
|
- d.Config.Allowlist.RegexAllowed(finding.Secret) {
|
|
|
- continue
|
|
|
- }
|
|
|
-
|
|
|
// check entropy
|
|
|
entropy := shannonEntropy(finding.Secret)
|
|
|
finding.Entropy = float32(entropy)
|
0xn3va