Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var IgnoredPatterns = []string{
"go.sum",
"go.mod",
"vendor/",
"_generated.go",
".pb.go",
"_test.go",
".mock.go",
"mocks/",
"testdata/",
".git/",
"node_modules/",
"dist/",
"build/",
}
IgnoredPatterns contains file patterns to ignore during review
View Source
var SecretPatterns = []*regexp.Regexp{ regexp.MustCompile(`(?i)(api[_-]?key|apikey)\s*[:=]\s*["']?[a-zA-Z0-9_\-]{20,}["']?`), regexp.MustCompile(`(?i)(secret|password|passwd|pwd)\s*[:=]\s*["'][^"']{8,}["']`), regexp.MustCompile(`(?i)(token|bearer)\s*[:=]\s*["']?[a-zA-Z0-9_\-\.]{20,}["']?`), regexp.MustCompile(`(?i)private[_-]?key\s*[:=]`), regexp.MustCompile(`-----BEGIN (RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----`), regexp.MustCompile(`(?i)(aws[_-]?access[_-]?key[_-]?id|aws[_-]?secret[_-]?access[_-]?key)\s*[:=]\s*["']?[A-Z0-9]{16,}["']?`), regexp.MustCompile(`ghp_[a-zA-Z0-9]{36}`), regexp.MustCompile(`gho_[a-zA-Z0-9]{36}`), regexp.MustCompile(`sk-[a-zA-Z0-9]{32,}`), regexp.MustCompile(`AIza[0-9A-Za-z\-_]{35}`), regexp.MustCompile(`(?i)database[_-]?url\s*[:=]\s*["']?[a-zA-Z]+://[^"'\s]+`), }
SecretPatterns contains regex patterns that might indicate secrets
Functions ¶
func FilterDiff ¶
FilterDiff filters the raw diff to remove ignored file changes
Types ¶
type FilterResult ¶
type FilterResult struct {
// FilteredFiles maps file paths to their content after filtering
FilteredFiles map[string]string
// IgnoredFiles lists files that were ignored
IgnoredFiles []string
// SecretsFound contains potential secrets that were detected
SecretsFound []SecretMatch
}
FilterResult contains the filtering results
func Filter ¶
func Filter(files map[string]string, rawDiff string) *FilterResult
Filter filters out ignored files and scans for secrets
func (*FilterResult) HasSecrets ¶
func (r *FilterResult) HasSecrets() bool
HasSecrets returns true if any secrets were found
Source Files
Click to show internal directories.
Click to hide internal directories.