Baseline is ignored when using the --redact argument #1441
Description
Describe the bug
When using the --redact argument, a baseline file is not taken into account, and leaks are still reported.
To Reproduce
Starting in a new git repo, commit a file containing a secret. I used a file called private_key, with content generated here https://cryptotools.net/rsagen.
$ gitleaks detect --redact
○
│╲
│ ○
○ ░
░ gitleaks
11:57AM INF 1 commits scanned.
11:57AM INF scan completed in 4.27ms
11:57AM WRN leaks found: 1
Leak reported as expected
$ gitleaks detect --report-path gitleaks-report.json
○
│╲
│ ○
○ ░
░ gitleaks
11:58AM INF 1 commits scanned.
11:58AM INF scan completed in 4.31ms
11:58AM WRN leaks found: 1
$ gitleaks detect --baseline-path gitleaks-report.json
○
│╲
│ ○
○ ░
░ gitleaks
11:58AM INF 1 commits scanned.
11:58AM INF scan completed in 4.06ms
11:58AM INF no leaks found
Creating a baseline and using it according to instructions in README.md reports no leak.
$ gitleaks detect --baseline-path gitleaks-report.json --redact
○
│╲
│ ○
○ ░
░ gitleaks
11:58AM INF 1 commits scanned.
11:58AM INF scan completed in 4.05ms
11:58AM WRN leaks found: 1
Adding --redact argument causes baseline to be ignored
Expected behaviour
No leaks should be reported when the --redact argument is added
Basic Info (please complete the following information):
- OS:
$ hostnamectl | grep Operating
Operating System: Ubuntu 22.04.4 LTS
$ hostnamectl | grep Kernel
Kernel: Linux 6.5.0-41-generic
- Gitleaks Version:
$ gitleaks version
8.18.4
Additional context
Add any other context about the problem here.
cc @zricethezav