Skip to content

Commit

Permalink
Resolve gitleaks#1170 - Enable selection of a single rule (gitleaks#1183
Browse files Browse the repository at this point in the history
)

* Gitleaks issue gitleaks#1170 - Feature request to add a flag to enable a subset of rules on the command line.

* Added documentation.
  • Loading branch information
mpecan authored Aug 24, 2023
1 parent 3cbcda2 commit db4bc0f
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 0 deletions.
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,8 @@ See the `git log` [documentation](https://git-scm.com/docs/git-log) for more inf

You can scan files and directories by using the `--no-git` option.

If you want to run only specific rules you can do so by using the `--enable-rule` option (with a rule ID as a parameter), this flag can be used multiple times. For example: `--enable-rule=atlassian-api-token` will only apply that rule. You can find a list of rules [here](config/gitleaks.toml).

#### Protect

The `protect` command is used to scan uncommitted changes in a git repo. This command should be used on developer machines in accordance with
Expand Down
17 changes: 17 additions & 0 deletions cmd/detect.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package cmd
import (
"os"
"path/filepath"
"strings"
"time"

"github.com/rs/zerolog/log"
Expand All @@ -20,6 +21,7 @@ func init() {
detectCmd.Flags().Bool("no-git", false, "treat git repo as a regular directory and scan those files, --log-opts has no effect on the scan when --no-git is set")
detectCmd.Flags().Bool("pipe", false, "scan input from stdin, ex: `cat some_file | gitleaks detect --pipe`")
detectCmd.Flags().Bool("follow-symlinks", false, "scan files that are symlinks to other files")
detectCmd.Flags().StringSlice("enable-rule", []string{}, "only enable specific rules by id, ex: `gitleaks detect --enable-rule=atlassian-api-token --enable-rule=slack-access-token`")
detectCmd.Flags().StringP("gitleaks-ignore-path", "i", ".", "path to .gitleaksignore file or folder containing one")
}

Expand Down Expand Up @@ -113,6 +115,21 @@ func runDetect(cmd *cobra.Command, args []string) {
}
}

// If set, only apply rules that are defined in the flag
rules, _ := cmd.Flags().GetStringSlice("enable-rule")
if len(rules) > 0 {
log.Info().Msg("Overriding enabled rules: " + strings.Join(rules, ", "))
ruleOverride := make(map[string]config.Rule)
for _, ruleName := range rules {
if rule, ok := cfg.Rules[ruleName]; ok {
ruleOverride[ruleName] = rule
} else {
log.Fatal().Msgf("Requested rule %s not found in rules", ruleName)
}
}
detector.Config.Rules = ruleOverride
}

// set follow symlinks flag
if detector.FollowSymlinks, err = cmd.Flags().GetBool("follow-symlinks"); err != nil {
log.Fatal().Err(err).Msg("")
Expand Down

0 comments on commit db4bc0f

Please sign in to comment.