diff --git a/.gitleaks.toml b/.gitleaks.toml index 65dc6acb7..7862fc836 100644 --- a/.gitleaks.toml +++ b/.gitleaks.toml @@ -16,15 +16,14 @@ paths = [ [[rules]] id = "ethereum-private-key" -description = "Detected Ethereum/EVM private key (64 hex chars)" -regex = '''(?:0x)?[a-fA-F0-9]{64}''' -entropy = 4.0 +description = "Ethereum private key (exact 64 hex chars, standalone)" +regex = '''(^|[^a-fA-F0-9])(0x)?[a-fA-F0-9]{64}([^a-fA-F0-9]|$)''' tags = ["crypto", "evm", "ethereum", "private-key"] [[rules]] id = "bitcoin-wif-private-key" description = "Detected Bitcoin WIF private key" -regex = '''[5KL][1-9A-HJ-NP-Za-km-z]{50,51}''' +regex = '''\b[5KL][1-9A-HJ-NP-Za-km-z]{50,51}\b''' entropy = 3.5 tags = ["crypto", "bitcoin", "private-key"] @@ -38,7 +37,7 @@ tags = ["crypto", "solana", "private-key"] [[rules]] id = "tezos-private-key" description = "Detected Tezos private key" -regex = '''(edsk|spsk|p2sk)[1-9A-HJ-NP-Za-km-z]{50,100}''' +regex = '''\b(edsk[1-9A-HJ-NP-Za-km-z]{50}|edsk[1-9A-HJ-NP-Za-km-z]{94}|spsk[1-9A-HJ-NP-Za-km-z]{50}|p2sk[1-9A-HJ-NP-Za-km-z]{50})\b''' entropy = 3.5 keywords = ["edsk", "spsk", "p2sk"] tags = ["crypto", "tezos", "private-key"] diff --git a/update-all-repos.ps1 b/update-all-repos.ps1 index de60174b2..45c847b33 100644 --- a/update-all-repos.ps1 +++ b/update-all-repos.ps1 @@ -32,9 +32,47 @@ if (-not (Test-Path (Join-Path $TEMPLATE_HOOKS "pre-commit"))) { exit 1 } +# Function to sync global gitleaks config from repository +function Sync-GlobalConfig { + $scriptDir = Split-Path -Parent $PSCommandPath + $sourceConfig = Join-Path $scriptDir ".gitleaks.toml" + $configDir = Join-Path $env:USERPROFILE ".config\gitleaks" + $targetConfig = Join-Path $configDir "gitleaks.toml" + + # Check if source config exists + if (-not (Test-Path $sourceConfig)) { + Write-Warn "Source config not found: $sourceConfig" + Write-Host " Skipping config sync" -ForegroundColor Gray + return $false + } + + # Create config directory if it doesn't exist + try { + New-Item -ItemType Directory -Path $configDir -Force -ErrorAction Stop | Out-Null + } catch { + Write-Fail "Failed to create config directory: $configDir" + return $false + } + + # Copy the config file + try { + Copy-Item -Path $sourceConfig -Destination $targetConfig -Force -ErrorAction Stop + Write-Ok "Synced global config: $targetConfig" + return $true + } catch { + Write-Fail "Failed to sync config to: $targetConfig" + return $false + } +} + $preCommitSrc = Join-Path $TEMPLATE_HOOKS "pre-commit" $commitMsgSrc = Join-Path $TEMPLATE_HOOKS "commit-msg" +# Sync global gitleaks config from repository +Write-Step "Syncing global gitleaks configuration..." +Sync-GlobalConfig | Out-Null +Write-Host "" + # No path given = scan all local fixed drives (C:\, D:\, E:\, etc.) if ($TargetPaths.Count -eq 0) { # Use .Name (e.g. "C:") to avoid null .Root on some Windows setups diff --git a/update-all-repos.sh b/update-all-repos.sh index 7779815e4..256c1d359 100755 --- a/update-all-repos.sh +++ b/update-all-repos.sh @@ -70,6 +70,43 @@ if [ ! -d "$TEMPLATE_DIR/hooks" ]; then exit 1 fi +# Function to sync global gitleaks config from repository +function sync_global_config { + # Determine the script directory (where .gitleaks.toml should be) + local script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + local source_config="$script_dir/.gitleaks.toml" + + # Determine the target config directory (handle sudo case) + local config_dir="$HOME/.config/gitleaks" + if [ -n "$SUDO_USER" ]; then + config_dir=$(eval echo ~$SUDO_USER)/.config/gitleaks + fi + local target_config="$config_dir/gitleaks.toml" + + # Check if source config exists + if [ ! -f "$source_config" ]; then + echo -e "${WARNING}⚠${NORMAL} Warning: Source config not found: $source_config" + echo -e "${HIGHLIGHT}→${NORMAL} Skipping config sync" + return 1 + fi + + # Create config directory if it doesn't exist + mkdir -p "$config_dir" 2>/dev/null || { + echo -e "${ERROR}✗${NORMAL} Failed to create config directory: $config_dir" + return 1 + } + + # Copy the config file + if cp "$source_config" "$target_config" 2>/dev/null; then + echo -e "${SUCCESS}✓${NORMAL} Synced global config: $target_config" + return 0 + else + echo -e "${ERROR}✗${NORMAL} Failed to sync config to: $target_config" + return 1 + fi +} + + # Function to check if gitleaks is already in a file function has_gitleaks { local file="$1" @@ -473,6 +510,11 @@ if [ "$EUID" -eq 0 ]; then echo "" fi +# Sync global gitleaks config from repository +echo -e "${HIGHLIGHT}Syncing global gitleaks configuration...${NORMAL}" +sync_global_config +echo "" + if [ "$#" -eq 0 ]; then # No arguments provided - use smart defaults echo -e "${HIGHLIGHT}No directory specified - using smart detection${NORMAL}\n"