# Gitleaks configuration file
# This file configures gitleaks to ignore known false positives

title = "PunimTag Gitleaks Configuration"

[allowlist]
description = "Allowlist for known false positives and test files"

# Ignore demo photos directory (contains sample/test HTML files)
paths = [
  '''demo_photos/.*''',
]

# Ignore specific commits that contain known false positives
# These are test tokens or sample files, not real secrets
commits = [
  "77ffbdcc5041cd732bfcbc00ba513bccb87cfe96",  # test_api_auth.py expired_token test
  "d300eb1122d12ffb2cdc3fab6dada520b53c20da",  # demo_photos/imgres.html sample file
]

# Allowlist specific regex patterns for test files
regexes = [
  '''tests/test_api_auth.py.*expired_token.*eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\.eyJzdWIiOiJhZG1pbiIsImV4cCI6MTYwOTQ1NjgwMH0\.invalid''',
]