feat: pass optional arguments to gitleaks (#6756)

ferrarimarco · web-flow · commit 109384b3f0f3 · 2025-05-04T18:16:01.000+02:00
Support passing optional arguments when running gitleaks Close #6601
diff --git a/README.md b/README.md
@@ -285,6 +285,7 @@ You can configure Super-linter using the following environment variables:
 | **GITHUB_CUSTOM_API_URL**                       | `https://api.${GITHUB_DOMAIN}`                                               | Specify a custom GitHub API URL in case GitHub Enterprise is used: e.g. `https://github.myenterprise.com/api/v3`                                                                                                                                                                                                                     |
 | **GITHUB_CUSTOM_SERVER_URL**                    | `https://${GITHUB_DOMAIN}"`                                                  | Specify a custom GitHub server URL. Useful for GitHub Enterprise instances.                                                                                                                                                                                                                                                          |
 | **GITHUB_DOMAIN**                               | `github.com`                                                                 | Specify a custom GitHub domain in case GitHub Enterprise is used: e.g. `github.myenterprise.com`. `GITHUB_DOMAIN` is a convenience configuration variable to automatically build `GITHUB_CUSTOM_API_URL` and `GITHUB_CUSTOM_SERVER_URL`.                                                                                             |
+| **GITLEAKS_COMMAND_OPTIONS**                    | not set                                                                      | Additional options and arguments to pass to the command when running Gitleaks                                                                                                                                                                                                                                                        |
 | **GITLEAKS_CONFIG_FILE**                        | `.gitleaks.toml`                                                             | Filename for [GitLeaks configuration](https://github.com/zricethezav/gitleaks#configuration) (ex: `.gitleaks.toml`)                                                                                                                                                                                                                  |
 | **GITLEAKS_LOG_LEVEL**                          | Gitleaks default log level                                                   | Gitleaks log level. Defaults to the Gitleaks default log level.                                                                                                                                                                                                                                                                      |
 | **GO_CONFIG_FILE**                              | `.golangci.yml`                                                              | Filename for [golangci-lint configuration](https://golangci-lint.run/usage/configuration/) (ex: `.golangci.toml`)                                                                                                                                                                                                                    |
diff --git a/lib/functions/linterCommands.sh b/lib/functions/linterCommands.sh
@@ -149,6 +149,10 @@ if [ -n "${GITLEAKS_LOG_LEVEL:-}" ]; then
   LINTER_COMMANDS_ARRAY_GITLEAKS+=("${GITLEAKS_LOG_LEVEL_OPTIONS[@]}" "${GITLEAKS_LOG_LEVEL}")
   debug "Add log options to the Gitleaks command: ${LINTER_COMMANDS_ARRAY_GITLEAKS[*]}"
 fi
+if [ -n "${GITLEAKS_COMMAND_OPTIONS:-}" ]; then
+  export GITLEAKS_COMMAND_OPTIONS
+  AddOptionsToCommand "LINTER_COMMANDS_ARRAY_GITLEAKS" "${GITLEAKS_COMMAND_OPTIONS}"
+fi
 LINTER_COMMANDS_ARRAY_GITLEAKS+=(--source)
 LINTER_COMMANDS_ARRAY_GHERKIN=(gherkin-lint -c "${GHERKIN_LINTER_RULES}")
 LINTER_COMMANDS_ARRAY_GIT_COMMITLINT=(commitlint --verbose --cwd "{}")
diff --git a/test/lib/linterCommandsTest.sh b/test/lib/linterCommandsTest.sh
@@ -396,36 +396,67 @@ function InitPowerShellCommandTest() {
   notice "${FUNCTION_NAME} PASS"
 }
 
+# Test environment variables to set command options
 CommandOptionsTest() {
   local FUNCTION_NAME
   FUNCTION_NAME="${FUNCNAME[0]}"
   info "${FUNCTION_NAME} start"
 
   # Add custom arguments to linter commands that support them.
-  # If possible, use command option that can run without modifying the filesystem,
-  # and that don't need any input.
 
+  ARGS_TO_ADD="--arg1 --arg2"
+
+  # shellcheck disable=SC2034
+  local GITHUB_ACTIONS_COMMAND_ARGS="${ARGS_TO_ADD}"
   # shellcheck disable=SC2034
-  local GITHUB_ACTIONS_COMMAND_ARGS="-color -debug -verbose -version"
+  local GITLEAKS_COMMAND_OPTIONS="${ARGS_TO_ADD}"
   # shellcheck disable=SC2034
-  local KUBERNETES_KUBECONFORM_OPTIONS="-debug -verbose -v"
+  local KUBERNETES_KUBECONFORM_OPTIONS="${ARGS_TO_ADD}"
   # shellcheck disable=SC2034
-  local PERL_PERLCRITIC_OPTIONS="--gentle --count test/linters/perl/perl_good_1.pl"
+  local PERL_PERLCRITIC_OPTIONS="${ARGS_TO_ADD}"
   # shellcheck disable=SC2034
-  local RUST_CLIPPY_COMMAND_OPTIONS="--verbose --help"
+  local RUST_CLIPPY_COMMAND_OPTIONS="${ARGS_TO_ADD}"
 
   # Source the file again so it accounts for modifications
   # shellcheck source=/dev/null
   source "lib/functions/linterCommands.sh"
 
-  # Try running the commands
-  "${LINTER_COMMANDS_ARRAY_GITHUB_ACTIONS[@]}"
-  "${LINTER_COMMANDS_ARRAY_KUBERNETES_KUBECONFORM[@]}"
-  "${LINTER_COMMANDS_ARRAY_PERL[@]}"
-  # Rust Clippy is only available in the standard image, so we can't run it when
-  # testing the slim image
-  if IsStandardImage; then
-    "${LINTER_COMMANDS_ARRAY_RUST_CLIPPY[@]}"
+  # shellcheck disable=SC2034
+  local EXPECTED_LINTER_COMMANDS_ARRAY_GITLEAKS=("${BASE_LINTER_COMMANDS_ARRAY_GITLEAKS[@]}")
+  # remove the last argument (--source) because we add command arguments before --source
+  unset "EXPECTED_LINTER_COMMANDS_ARRAY_GITLEAKS[-1]"
+  # also add the --source argument that we removed before
+  AddOptionsToCommand "EXPECTED_LINTER_COMMANDS_ARRAY_GITLEAKS" "${GITLEAKS_COMMAND_OPTIONS} --source"
+  if ! AssertArraysElementsContentMatch "LINTER_COMMANDS_ARRAY_GITLEAKS" "EXPECTED_LINTER_COMMANDS_ARRAY_GITLEAKS"; then
+    fatal "${FUNCTION_NAME} test failed"
+  fi
+
+  # shellcheck disable=SC2034
+  local EXPECTED_LINTER_COMMANDS_ARRAY_GITHUB_ACTIONS=("${BASE_LINTER_COMMANDS_ARRAY_GITHUB_ACTIONS[@]}")
+  AddOptionsToCommand "EXPECTED_LINTER_COMMANDS_ARRAY_GITHUB_ACTIONS" "${GITHUB_ACTIONS_COMMAND_ARGS}"
+  if ! AssertArraysElementsContentMatch "LINTER_COMMANDS_ARRAY_GITHUB_ACTIONS" "EXPECTED_LINTER_COMMANDS_ARRAY_GITHUB_ACTIONS"; then
+    fatal "${FUNCTION_NAME} test failed"
+  fi
+
+  # shellcheck disable=SC2034
+  local EXPECTED_LINTER_COMMANDS_ARRAY_KUBERNETES_KUBECONFORM=("${BASE_LINTER_COMMANDS_ARRAY_KUBERNETES_KUBECONFORM[@]}")
+  AddOptionsToCommand "EXPECTED_LINTER_COMMANDS_ARRAY_KUBERNETES_KUBECONFORM" "${KUBERNETES_KUBECONFORM_OPTIONS}"
+  if ! AssertArraysElementsContentMatch "LINTER_COMMANDS_ARRAY_KUBERNETES_KUBECONFORM" "EXPECTED_LINTER_COMMANDS_ARRAY_KUBERNETES_KUBECONFORM"; then
+    fatal "${FUNCTION_NAME} test failed"
+  fi
+
+  # shellcheck disable=SC2034
+  local EXPECTED_LINTER_COMMANDS_ARRAY_PERL=("${BASE_LINTER_COMMANDS_ARRAY_PERL[@]}")
+  AddOptionsToCommand "EXPECTED_LINTER_COMMANDS_ARRAY_PERL" "${PERL_PERLCRITIC_OPTIONS}"
+  if ! AssertArraysElementsContentMatch "LINTER_COMMANDS_ARRAY_PERL" "EXPECTED_LINTER_COMMANDS_ARRAY_PERL"; then
+    fatal "${FUNCTION_NAME} test failed"
+  fi
+
+  # shellcheck disable=SC2034
+  local EXPECTED_LINTER_COMMANDS_ARRAY_RUST_CLIPPY=("${BASE_LINTER_COMMANDS_ARRAY_RUST_CLIPPY[@]}")
+  AddOptionsToCommand "EXPECTED_LINTER_COMMANDS_ARRAY_RUST_CLIPPY" "${RUST_CLIPPY_COMMAND_OPTIONS}"
+  if ! AssertArraysElementsContentMatch "LINTER_COMMANDS_ARRAY_RUST_CLIPPY" "EXPECTED_LINTER_COMMANDS_ARRAY_RUST_CLIPPY"; then
+    fatal "${FUNCTION_NAME} test failed"
   fi
 
   notice "${FUNCTION_NAME} PASS"
@@ -436,24 +467,17 @@ AddOptionsToCommandTest() {
   FUNCTION_NAME="${FUNCNAME[0]}"
   info "${FUNCTION_NAME} start"
 
-  local TEST_LINTER_COMMANDS_ARRAY_GITHUB_ACTIONS=("${BASE_LINTER_COMMANDS_ARRAY_GITHUB_ACTIONS[@]}")
-  AddOptionsToCommand "TEST_LINTER_COMMANDS_ARRAY_GITHUB_ACTIONS" "-color -debug -verbose -version"
-  "${TEST_LINTER_COMMANDS_ARRAY_GITHUB_ACTIONS[@]}"
+  local TEST_LINTER_COMMANDS_ARRAY=("command1")
 
-  local TEST_LINTER_COMMANDS_ARRAY_KUBERNETES_KUBECONFORM=("${BASE_LINTER_COMMANDS_ARRAY_KUBERNETES_KUBECONFORM[@]}")
-  AddOptionsToCommand "TEST_LINTER_COMMANDS_ARRAY_KUBERNETES_KUBECONFORM" "-debug -verbose -v"
-  "${TEST_LINTER_COMMANDS_ARRAY_KUBERNETES_KUBECONFORM[@]}"
+  ARG_TO_ADD_1="--arg1"
+  ARG_TO_ADD_2="--arg2"
 
-  local TEST_LINTER_COMMANDS_ARRAY_PERL=("${BASE_LINTER_COMMANDS_ARRAY_PERL[@]}")
-  AddOptionsToCommand "TEST_LINTER_COMMANDS_ARRAY_PERL" "--gentle --count test/linters/perl/perl_good_1.pl"
-  "${TEST_LINTER_COMMANDS_ARRAY_PERL[@]}"
+  # shellcheck disable=SC2034
+  local EXPECTED_COMMAND_ARRAY=("${TEST_LINTER_COMMANDS_ARRAY[@]}" "${ARG_TO_ADD_1}" "${ARG_TO_ADD_2}")
 
-  # Rust Clippy is only available in the standard image, so we can't run it when
-  # testing the slim image
-  if IsStandardImage; then
-    local TEST_LINTER_COMMANDS_ARRAY_RUST_CLIPPY=("${BASE_LINTER_COMMANDS_ARRAY_RUST_CLIPPY[@]}")
-    AddOptionsToCommand "TEST_LINTER_COMMANDS_ARRAY_RUST_CLIPPY" "--verbose --help"
-    "${TEST_LINTER_COMMANDS_ARRAY_RUST_CLIPPY[@]}"
+  AddOptionsToCommand "TEST_LINTER_COMMANDS_ARRAY" "${ARG_TO_ADD_1} ${ARG_TO_ADD_2}"
+  if ! AssertArraysElementsContentMatch "TEST_LINTER_COMMANDS_ARRAY" "EXPECTED_COMMAND_ARRAY"; then
+    fatal "${FUNCTION_NAME} test failed"
   fi
 
   notice "${FUNCTION_NAME} PASS"
