ci: broaden gitleaks allowlist — catch all variable-name patterns. Refs #300
All checks were successful
gitleaks / scan (push) Successful in 35s
All checks were successful
gitleaks / scan (push) Successful in 35s
This commit is contained in:
parent
05521b487d
commit
6f2ae831cc
1 changed files with 5 additions and 6 deletions
|
|
@ -1,12 +1,10 @@
|
|||
# gitleaks config — straw
|
||||
#
|
||||
# Straw is a YouTube Android client. Patterns flagged:
|
||||
# - SharedPreferences key constants (KEY_SB_CATS, REQUEST_KEY) — identifier
|
||||
# strings, not credentials
|
||||
# - SharedPreferences key constants — identifier strings, not credentials
|
||||
# - GOOGLE_API_KEY in PoTokenWebView.kt — the InnerTube public API key
|
||||
# every YouTube client (web, Android, iOS, NewPipe, all forks) ships
|
||||
# hardcoded. Public-by-design; YouTube enforces auth via other channels
|
||||
# (visitor data, po_token).
|
||||
# hardcoded. Public-by-design; YouTube enforces auth via other channels.
|
||||
|
||||
[extend]
|
||||
useDefault = true
|
||||
|
|
@ -17,6 +15,7 @@ regexTarget = "line"
|
|||
regexes = [
|
||||
# InnerTube hardcoded key, public on every YouTube client
|
||||
'''GOOGLE_API_KEY\s*=\s*"AIza[A-Za-z0-9_-]{35}"''',
|
||||
# SharedPreferences keys — identifier string, not a credential
|
||||
'''(private\s+)?(const\s+val|val|var|final\s+(static\s+)?String)\s+(KEY|REQUEST_KEY|PREF_KEY)_[A-Z_]+\s*=''',
|
||||
# Any const val whose name contains KEY — these are SharedPreferences
|
||||
# / request-tag identifier strings, never credentials
|
||||
'''(private\s+)?const\s+val\s+\w*KEY\w*\s*=\s*"''',
|
||||
]
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue