You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the solution you'd like
In some cases it may be useful to not perform a full regex search, since the "regex" you're trying to search may break down to a simple string. Therefore it might be useful to turn off the regex search if the pre-check with a single keyword was successful. I guess this could speed up the detection significanlty especially if there are a lot of these rules in a ruleset. An example here would be a certain list of known leaked credentials that should be included as rules, but doesn't follow any specific pattern that can nicely be formulated in regex.
If there is an already existing method or any better way of doing this with the currently implemented features of gitleaks I would be glad to get to know about them.
Describe alternatives you've considered
At the moment I am building rules like that as follows:
I think it would be worth doing a benchmark. My intuition is that keywords + regex matching literals is already fast enough that any potential increase would be negligible.
The rule contains about 1000 corporate and previously compromised passwords known to me.
Regex string is very long, unconfortable to work with this long regex.
I can't get this config to work:
The TOML structure is correct, Gitleaks work, but the rule does not work (Finds nothing).
Can you share the resulting structure if you managed to reduce the rule to line-by-line form?
Describe the solution you'd like
In some cases it may be useful to not perform a full regex search, since the "regex" you're trying to search may break down to a simple string. Therefore it might be useful to turn off the regex search if the pre-check with a single keyword was successful. I guess this could speed up the detection significanlty especially if there are a lot of these rules in a ruleset. An example here would be a certain list of known leaked credentials that should be included as rules, but doesn't follow any specific pattern that can nicely be formulated in regex.
If there is an already existing method or any better way of doing this with the currently implemented features of gitleaks I would be glad to get to know about them.
Describe alternatives you've considered
At the moment I am building rules like that as follows:
cc @zricethezav
The text was updated successfully, but these errors were encountered: