pyr0ball
18efae71e1
Some checks are pending
CI / test (push) Waiting to run
Suppress false positives found during pre-push history scan: - Path allowlists: docs/plans/*, tests/*, Streamlit app files, SearXNG default config, apple_calendar.py placeholder - Regex allowlists: Unix epoch timestamps, localhost ports, 555-area-code variants, CFG-* example license key patterns - All 164 history commits now scan clean
32 lines
1.6 KiB
TOML
32 lines
1.6 KiB
TOML
# peregrine/.gitleaks.toml — per-repo allowlists extending the shared base config
|
||
[extend]
|
||
path = "/Library/Development/CircuitForge/circuitforge-hooks/gitleaks.toml"
|
||
|
||
[allowlist]
|
||
description = "Peregrine-specific allowlists"
|
||
paths = [
|
||
'docs/plans/.*', # plan docs contain example tokens and placeholders
|
||
'docs/reference/.*', # reference docs (globally excluded in base config)
|
||
'tests/.*', # test fixtures use fake phone numbers as job IDs
|
||
'scripts/integrations/apple_calendar\.py', # you@icloud.com is a placeholder comment
|
||
# Streamlit app files: key= params are widget identifiers, not secrets
|
||
'app/feedback\.py',
|
||
'app/pages/2_Settings\.py',
|
||
'app/pages/7_Survey\.py',
|
||
# SearXNG default config: change-me-in-production is a well-known public placeholder
|
||
'docker/searxng/settings\.yml',
|
||
]
|
||
regexes = [
|
||
# Job listing numeric IDs (look like phone numbers to the phone rule)
|
||
'\d{10}\.html', # Craigslist listing IDs
|
||
'\d{10}\/', # LinkedIn job IDs in URLs
|
||
# Localhost port patterns (look like phone numbers)
|
||
'localhost:\d{4,5}',
|
||
# Unix epoch timestamps in the 2025–2026 range (10-digit, look like phone numbers)
|
||
'174\d{7}',
|
||
# Example / placeholder license key patterns
|
||
'CFG-[A-Z]{4}-[A-Z0-9]{4}-[A-Z0-9]{4}-[A-Z0-9]{4}',
|
||
# Phone number false positives: 555 area code variants not caught by base allowlist
|
||
'555\) \d{3}-\d{4}',
|
||
'555-\d{3}-\d{4}',
|
||
]
|