Sulkta-OSS/straw
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
straw/.gitleaks.toml
kayos 6f2ae831cc
All checks were successful
gitleaks / scan (push) Successful in 35s
Details
ci: broaden gitleaks allowlist — catch all variable-name patterns. Refs #300
2026-05-28 12:19:24 -07:00

21 lines
848 B
TOML
Raw Permalink Blame History

# gitleaks config — straw
#
# Straw is a YouTube Android client. Patterns flagged:
# - SharedPreferences key constants — identifier strings, not credentials
# - GOOGLE_API_KEY in PoTokenWebView.kt — the InnerTube public API key
# every YouTube client (web, Android, iOS, NewPipe, all forks) ships
# hardcoded. Public-by-design; YouTube enforces auth via other channels.
[extend]
useDefault = true
[allowlist]
description = "Public InnerTube API key + SharedPreferences key-name constants"
regexTarget = "line"
regexes = [
# InnerTube hardcoded key, public on every YouTube client
'''GOOGLE_API_KEY\s*=\s*"AIza[A-Za-z0-9_-]{35}"''',
# Any const val whose name contains KEY — these are SharedPreferences
# / request-tag identifier strings, never credentials
'''(private\s+)?const\s+val\s+\w*KEY\w*\s*=\s*"''',
]
Reference in a new issue View git blame Copy permalink