add sourcing config from default branch

TheFox0x7 · TheFox0x7 · commit 9f8d729535d8 · 2025-04-20T12:20:12.000+02:00
diff --git a/go.mod b/go.mod
@@ -103,10 +103,12 @@ require (
 	github.com/quasoft/websspi v1.1.2
 	github.com/redis/go-redis/v9 v9.7.3
 	github.com/robfig/cron/v3 v3.0.1
+	github.com/rs/zerolog v1.33.0
 	github.com/santhosh-tekuri/jsonschema/v5 v5.3.1
 	github.com/sassoftware/go-rpmutils v0.4.0
 	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3
 	github.com/shurcooL/vfsgen v0.0.0-20230704071429-0000e147ea92
+	github.com/spf13/viper v1.20.0
 	github.com/stretchr/testify v1.10.0
 	github.com/syndtr/goleveldb v1.0.0
 	github.com/tstranex/u2f v1.0.0
@@ -286,7 +288,6 @@ require (
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/rogpeppe/go-internal v1.14.1 // indirect
 	github.com/rs/xid v1.6.0 // indirect
-	github.com/rs/zerolog v1.33.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/sagikazarmark/locafero v0.8.0 // indirect
 	github.com/shopspring/decimal v1.4.0 // indirect
@@ -297,7 +298,6 @@ require (
 	github.com/spf13/afero v1.14.0 // indirect
 	github.com/spf13/cast v1.7.1 // indirect
 	github.com/spf13/pflag v1.0.6 // indirect
-	github.com/spf13/viper v1.20.0 // indirect
 	github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/tetratelabs/wazero v1.9.0 // indirect
diff --git a/routers/private/hook_pre_receive.go b/routers/private/hook_pre_receive.go
@@ -29,7 +29,9 @@ import (
 
 	"github.com/gitleaks/go-gitdiff/gitdiff"
 	"github.com/rs/zerolog"
+	"github.com/spf13/viper"
 	"github.com/zricethezav/gitleaks/v8/cmd/scm"
+	gitleaks_config "github.com/zricethezav/gitleaks/v8/config"
 	gitleaks "github.com/zricethezav/gitleaks/v8/detect"
 	gitleaks_log "github.com/zricethezav/gitleaks/v8/logging"
 )
@@ -562,10 +564,10 @@ func preReceiveSecrets(ctx *preReceiveContext, oldCommitID, newCommitID string,
 	if newCommitID == ctx.Repo.GetObjectFormat().EmptyObjectID().String() {
 		return
 	}
-
-	detector, err := gitleaks.NewDetectorDefaultConfig()
+	config, _, _ := git.NewCommand("show").AddDynamicArguments(repo.DefaultBranch+":.gitleaks.toml").RunStdString(ctx, &git.RunOpts{Dir: repo.RepoPath(), Env: ctx.env})
+	detector, err := newDetector(config)
 	if err != nil {
-		ctx.Status(http.StatusTeapot)
+		ctx.JSON(http.StatusTeapot, private.Response{Err: err.Error(), UserMsg: err.Error()})
 		return
 	}
 
@@ -640,3 +642,26 @@ func (g *giteacmd) Wait() (err error) {
 func init() {
 	gitleaks_log.Logger = zerolog.Nop()
 }
+
+func newDetector(config string) (*gitleaks.Detector, error) {
+	viper.SetConfigType("toml")
+	var err error
+	if len(config) > 0 {
+		err = viper.ReadConfig(strings.NewReader(config))
+	} else {
+		err = viper.ReadConfig(strings.NewReader(gitleaks_config.DefaultConfig))
+	}
+	if err != nil {
+		return nil, err
+	}
+	var vc gitleaks_config.ViperConfig
+	err = viper.Unmarshal(&vc)
+	if err != nil {
+		return nil, err
+	}
+	cfg, err := vc.Translate()
+	if err != nil {
+		return nil, err
+	}
+	return gitleaks.NewDetector(cfg), nil
+}
