Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: catch username password inside urls #169

Merged

Conversation

hagarfisher
Copy link
Contributor

Closes #165

After researching the Gitleaks docs, I concluded that adding a toml file won't extend the current rules. This is due to the way this project extends Gitleaks.

Proposed Changes

  • added a secrets/custom_rules.go that includes custom rules configuration.
  • a test to validate custom rules were added to the all rules array.
  • added a function to append the custom rules to all rules array.

I submit this contribution under the Apache-2.0 license.

@hagarfisher hagarfisher force-pushed the feat/catch-username-password-inside-URLS branch from 29b8173 to 92f1fe9 Compare August 11, 2023 15:52
Copy link
Contributor

@baruchiro baruchiro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, good luck!

I think you did good work, please see my comments and share what you think.

secrets/secrets.go Outdated Show resolved Hide resolved
secrets/secrets_test.go Outdated Show resolved Hide resolved
@hagarfisher hagarfisher changed the title Feat: catch username password inside urls feat: catch username password inside urls Aug 14, 2023
@hagarfisher hagarfisher requested a review from baruchiro August 16, 2023 09:45
Copy link
Contributor

@baruchiro baruchiro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very good, please see my comments.

secrets/secrets.go Outdated Show resolved Hide resolved
secrets/secrets.go Outdated Show resolved Hide resolved
secrets/rules/authenticated_url.go Outdated Show resolved Hide resolved
secrets/secrets_test.go Outdated Show resolved Hide resolved
secrets/secrets_test.go Outdated Show resolved Hide resolved
secrets/rules/authenticated_url.go Outdated Show resolved Hide resolved
@baruchiro baruchiro self-requested a review August 22, 2023 17:27
hagarfisher and others added 2 commits August 22, 2023 20:41
Co-authored-by: Baruch Odem (Rothkoff) <baruchiro@gmail.com>
@baruchiro baruchiro added this pull request to the merge queue Aug 23, 2023
Merged via the queue into Checkmarx:master with commit 8156dfa Aug 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

catch username:password inside URLS
2 participants