fix(gitleaks): improve flags order in command

bancolombia · Jan 7, 2025 · dd274a8 · dd274a8
1 parent 9bbf9e1
commit dd274a8
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/...ls/engine_sast/engine_secret/src/infrastructure/driven_adapters/gitleaks/gitleaks_tool.py b/...ls/engine_sast/engine_secret/src/infrastructure/driven_adapters/gitleaks/gitleaks_tool.py
@@ -92,7 +92,7 @@ def run_tool_secret_scan(
             if "gitleaks.exe" in self.COMMAND: folder = agent_work_folder
             else: folder = "/tmp"
 
-            command.extend(["--config", f"{folder}{os.sep}rules{os.sep}gitleaks{os.sep}gitleaks.toml"])
+            config_flag = ["--config", f"{folder}{os.sep}rules{os.sep}gitleaks{os.sep}gitleaks.toml"]
 
         try:
             findings = []
@@ -116,6 +116,9 @@ def run_tool_secret_scan(
                         if not config_tool[tool]["ALLOW_IGNORE_LEAKS"]: 
                             command_aux.append("--ignore-gitleaks-allow")
 
+                        if config_tool[tool]["ENABLE_CUSTOM_RULES"]:
+                            command_aux.extend(config_flag)
+
                         futures.append(executor.submit(self.run_subprocess_command, command_aux, aux_finding_path))
 
                     for future in as_completed(futures):
@@ -128,6 +131,9 @@ def run_tool_secret_scan(
 
                 if not config_tool[tool]["ALLOW_IGNORE_LEAKS"]:
                     command.append("--ignore-gitleaks-allow")
+
+                if config_tool[tool]["ENABLE_CUSTOM_RULES"]:
+                    command.extend(config_flag)
 
                 subprocess.run(command, capture_output=True, text=True)
                 findings = self.extract_json_data(finding_path)