Documentation
¶
Overview ¶
Package config provides configuration loading and management for GoSecretScanv2.
Index ¶
- Constants
- type AllowlistConfig
- type CompiledConfig
- func (cc *CompiledConfig) GetEnabledRules() []RuleConfig
- func (cc *CompiledConfig) GetMaxFileSize() int64
- func (cc *CompiledConfig) GetMinEntropy() float64
- func (cc *CompiledConfig) IsPathAllowed(relPath string) bool
- func (cc *CompiledConfig) IsRuleDisabled(ruleID string) bool
- func (cc *CompiledConfig) IsSecretAllowed(secret string) bool
- type Config
- type GeneralConfig
- type RuleConfig
Constants ¶
const DefaultConfigFile = ".gosecretscanner.json"
DefaultConfigFile is the default config file name looked for in the repo root.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AllowlistConfig ¶
type AllowlistConfig struct {
Paths []string `json:"paths"` // Glob patterns for paths to ignore
Secrets []string `json:"secrets"` // Exact secret values to ignore
Regexes []string `json:"regexes"` // Regex patterns for secrets to ignore
RuleIDs []string `json:"rule_ids"` // Rule IDs to disable entirely
PathRegexes []string `json:"path_regexes"` // Regex patterns for paths to ignore
Files []string `json:"files"` // Exact file names to ignore
}
AllowlistConfig defines patterns/paths to exclude from findings.
type CompiledConfig ¶
type CompiledConfig struct {
Config *Config
CustomPatterns []*regexp.Regexp
AllowlistRegexes []*regexp.Regexp
PathRegexes []*regexp.Regexp
AllowedSecrets map[string]bool
DisabledRules map[string]bool
}
CompiledConfig holds pre-compiled regexes for performance.
func (*CompiledConfig) GetEnabledRules ¶
func (cc *CompiledConfig) GetEnabledRules() []RuleConfig
GetEnabledRules returns all enabled custom rules.
func (*CompiledConfig) GetMaxFileSize ¶
func (cc *CompiledConfig) GetMaxFileSize() int64
GetMaxFileSize returns the effective maximum file size.
func (*CompiledConfig) GetMinEntropy ¶
func (cc *CompiledConfig) GetMinEntropy() float64
GetMinEntropy returns the effective minimum entropy threshold.
func (*CompiledConfig) IsPathAllowed ¶
func (cc *CompiledConfig) IsPathAllowed(relPath string) bool
IsPathAllowed checks if a path should be scanned (not in allowlist).
func (*CompiledConfig) IsRuleDisabled ¶
func (cc *CompiledConfig) IsRuleDisabled(ruleID string) bool
IsRuleDisabled checks if a rule ID is disabled.
func (*CompiledConfig) IsSecretAllowed ¶
func (cc *CompiledConfig) IsSecretAllowed(secret string) bool
IsSecretAllowed checks if a specific secret value should be ignored.
type Config ¶
type Config struct {
General GeneralConfig `json:"general"`
Rules []RuleConfig `json:"rules"`
Allowlist AllowlistConfig `json:"allowlist"`
}
Config represents the full scanner configuration.
func DefaultConfig ¶
func DefaultConfig() *Config
DefaultConfig returns a config with sensible defaults.
func Load ¶
Load reads config from the specified path, or looks for DefaultConfigFile in dir. Returns default config if no file is found.
func (*Config) Compile ¶
func (c *Config) Compile() (*CompiledConfig, error)
Compile pre-compiles all regex patterns for performance.
type GeneralConfig ¶
type GeneralConfig struct {
MinEntropy float64 `json:"min_entropy"` // Minimum entropy threshold (default: 3.0)
MaxFileSize int64 `json:"max_file_size"` // Max file size in bytes (default: 5MB)
}
GeneralConfig contains general scanner settings.
type RuleConfig ¶
type RuleConfig struct {
ID string `json:"id"` // Unique rule identifier
Pattern string `json:"pattern"` // Regex pattern
Description string `json:"description,omitempty"` // Human-readable description
Tags []string `json:"tags,omitempty"` // Categorization tags
MinEntropy float64 `json:"min_entropy,omitempty"` // Override global entropy threshold
Enabled bool `json:"enabled"` // Whether rule is active
Confidence string `json:"confidence,omitempty"` // Default confidence level
}
RuleConfig defines a custom detection rule.
Source Files