1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

use serde::{Deserialize, Serialize};
use std::collections::HashSet;

#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct SecretType {
    pub name: String,
    pub regex: String,
    pub description: Option<String>,
    pub examples: HashSet<String>,
    #[serde(default)]
    pub false_positives: HashSet<String>,
}

impl SecretType {
    pub fn new(
        name: String,
        regex: String,
        description: Option<String>,
        examples: HashSet<String>,
        false_positives: HashSet<String>,
    ) -> Self {
        SecretType {
            name,
            regex,
            description,
            examples,
            false_positives,
        }
    }

    pub fn validate(&self) -> Result<(), String> {
        // 1. Check if the regex is valid
        let re = match regex::Regex::new(&self.regex) {
            Ok(re) => re,
            Err(e) => return Err(format!("Invalid regex: {}", e)),
        };

        // 2. Ensure that all examples match the regex
        for example in &self.examples {
            if !re.is_match(example) {
                return Err(format!("Example '{}' does not match the regex", example));
            }
        }

        // 3. Ensure that all false positives do not match the regex
        for false_positive in &self.false_positives {
            if re.is_match(false_positive) {
                return Err(format!(
                    "False positive '{}' matches the regex",
                    false_positive
                ));
            }
        }

        Ok(())
    }
}