chore: expand peregrine .gitleaks.toml allowlists for history scan
Some checks are pending
CI / test (push) Waiting to run
Some checks are pending
CI / test (push) Waiting to run
Suppress false positives found during pre-push history scan: - Path allowlists: docs/plans/*, tests/*, Streamlit app files, SearXNG default config, apple_calendar.py placeholder - Regex allowlists: Unix epoch timestamps, localhost ports, 555-area-code variants, CFG-* example license key patterns - All 164 history commits now scan clean
This commit is contained in:
parent
4cead4b74d
commit
18efae71e1
1 changed files with 25 additions and 4 deletions
|
|
@ -4,8 +4,29 @@ path = "/Library/Development/CircuitForge/circuitforge-hooks/gitleaks.toml"
|
||||||
|
|
||||||
[allowlist]
|
[allowlist]
|
||||||
description = "Peregrine-specific allowlists"
|
description = "Peregrine-specific allowlists"
|
||||||
regexes = [
|
paths = [
|
||||||
'\d{10}\.html', # Craigslist listing IDs (10-digit paths, look like phone numbers)
|
'docs/plans/.*', # plan docs contain example tokens and placeholders
|
||||||
'\d{10}\/', # LinkedIn job IDs in URLs
|
'docs/reference/.*', # reference docs (globally excluded in base config)
|
||||||
'localhost:\d{4,5}', # port numbers that could trip phone pattern
|
'tests/.*', # test fixtures use fake phone numbers as job IDs
|
||||||
|
'scripts/integrations/apple_calendar\.py', # you@icloud.com is a placeholder comment
|
||||||
|
# Streamlit app files: key= params are widget identifiers, not secrets
|
||||||
|
'app/feedback\.py',
|
||||||
|
'app/pages/2_Settings\.py',
|
||||||
|
'app/pages/7_Survey\.py',
|
||||||
|
# SearXNG default config: change-me-in-production is a well-known public placeholder
|
||||||
|
'docker/searxng/settings\.yml',
|
||||||
|
]
|
||||||
|
regexes = [
|
||||||
|
# Job listing numeric IDs (look like phone numbers to the phone rule)
|
||||||
|
'\d{10}\.html', # Craigslist listing IDs
|
||||||
|
'\d{10}\/', # LinkedIn job IDs in URLs
|
||||||
|
# Localhost port patterns (look like phone numbers)
|
||||||
|
'localhost:\d{4,5}',
|
||||||
|
# Unix epoch timestamps in the 2025–2026 range (10-digit, look like phone numbers)
|
||||||
|
'174\d{7}',
|
||||||
|
# Example / placeholder license key patterns
|
||||||
|
'CFG-[A-Z]{4}-[A-Z0-9]{4}-[A-Z0-9]{4}-[A-Z0-9]{4}',
|
||||||
|
# Phone number false positives: 555 area code variants not caught by base allowlist
|
||||||
|
'555\) \d{3}-\d{4}',
|
||||||
|
'555-\d{3}-\d{4}',
|
||||||
]
|
]
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue