add gitleak to cli

cli/.infisicalignore

@@ -0,0 +1,3 @@
+bea0ff6e05a4de73a5db625d4ae181a015b50855:frontend/components/utilities/attemptLogin.js:stripe-access-token:147
+bea0ff6e05a4de73a5db625d4ae181a015b50855:backend/src/json/integrations.json:generic-api-key:5
+1961b92340e5d2613acae528b886c842427ce5d0:frontend/components/utilities/attemptLogin.js:stripe-access-token:148

cli/config/allowlist.go

@@ -0,0 +1,85 @@
+// MIT License
+
+// Copyright (c) 2019 Zachary Rice
+
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+
+// The above copyright notice and this permission notice shall be included in all
+// copies or substantial portions of the Software.
+
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+// SOFTWARE.
+
+package config
+
+import (
+	"regexp"
+	"strings"
+)
+
+// Allowlist allows a rule to be ignored for specific
+// regexes, paths, and/or commits
+type Allowlist struct {
+	// Short human readable description of the allowlist.
+	Description string
+
+	// Regexes is slice of content regular expressions that are allowed to be ignored.
+	Regexes []*regexp.Regexp
+
+	// RegexTarget
+	RegexTarget string
+
+	// Paths is a slice of path regular expressions that are allowed to be ignored.
+	Paths []*regexp.Regexp
+
+	// Commits is a slice of commit SHAs that are allowed to be ignored.
+	Commits []string
+
+	// StopWords is a slice of stop words that are allowed to be ignored.
+	// This targets the _secret_, not the content of the regex match like the
+	// Regexes slice.
+	StopWords []string
+}
+
+// CommitAllowed returns true if the commit is allowed to be ignored.
+func (a *Allowlist) CommitAllowed(c string) bool {
+	if c == "" {
+		return false
+	}
+	for _, commit := range a.Commits {
+		if commit == c {
+			return true
+		}
+	}
+	return false
+}
+
+// PathAllowed returns true if the path is allowed to be ignored.
+func (a *Allowlist) PathAllowed(path string) bool {
+	return anyRegexMatch(path, a.Paths)
+}
+
+// RegexAllowed returns true if the regex is allowed to be ignored.
+func (a *Allowlist) RegexAllowed(s string) bool {
+	return anyRegexMatch(s, a.Regexes)
+}
+
+func (a *Allowlist) ContainsStopWord(s string) bool {
+	s = strings.ToLower(s)
+	for _, stopWord := range a.StopWords {
+		if strings.Contains(s, strings.ToLower(stopWord)) {
+			return true
+		}
+	}
+	return false
+}

cli/config/allowlist_test.go

@@ -0,0 +1,115 @@
+// MIT License
+
+// Copyright (c) 2019 Zachary Rice
+
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+
+// The above copyright notice and this permission notice shall be included in all
+// copies or substantial portions of the Software.
+
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+// SOFTWARE.
+
+package config
+
+import (
+	"regexp"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestCommitAllowed(t *testing.T) {
+	tests := []struct {
+		allowlist     Allowlist
+		commit        string
+		commitAllowed bool
+	}{
+		{
+			allowlist: Allowlist{
+				Commits: []string{"commitA"},
+			},
+			commit:        "commitA",
+			commitAllowed: true,
+		},
+		{
+			allowlist: Allowlist{
+				Commits: []string{"commitB"},
+			},
+			commit:        "commitA",
+			commitAllowed: false,
+		},
+		{
+			allowlist: Allowlist{
+				Commits: []string{"commitB"},
+			},
+			commit:        "",
+			commitAllowed: false,
+		},
+	}
+	for _, tt := range tests {
+		assert.Equal(t, tt.commitAllowed, tt.allowlist.CommitAllowed(tt.commit))
+	}
+}
+
+func TestRegexAllowed(t *testing.T) {
+	tests := []struct {
+		allowlist    Allowlist
+		secret       string
+		regexAllowed bool
+	}{
+		{
+			allowlist: Allowlist{
+				Regexes: []*regexp.Regexp{regexp.MustCompile("matchthis")},
+			},
+			secret:       "a secret: matchthis, done",
+			regexAllowed: true,
+		},
+		{
+			allowlist: Allowlist{
+				Regexes: []*regexp.Regexp{regexp.MustCompile("matchthis")},
+			},
+			secret:       "a secret",
+			regexAllowed: false,
+		},
+	}
+	for _, tt := range tests {
+		assert.Equal(t, tt.regexAllowed, tt.allowlist.RegexAllowed(tt.secret))
+	}
+}
+
+func TestPathAllowed(t *testing.T) {
+	tests := []struct {
+		allowlist   Allowlist
+		path        string
+		pathAllowed bool
+	}{
+		{
+			allowlist: Allowlist{
+				Paths: []*regexp.Regexp{regexp.MustCompile("path")},
+			},
+			path:        "a path",
+			pathAllowed: true,
+		},
+		{
+			allowlist: Allowlist{
+				Paths: []*regexp.Regexp{regexp.MustCompile("path")},
+			},
+			path:        "a ???",
+			pathAllowed: false,
+		},
+	}
+	for _, tt := range tests {
+		assert.Equal(t, tt.pathAllowed, tt.allowlist.PathAllowed(tt.path))
+	}
+}