Unable to scan .bru files by default, only scans when renamed to .txt #1949
Description
Describe the bug
Gitleaks does not scan files with the .bru extension (Bruno API client files) for secrets, even when using custom configuration rules that explicitly target these files. The same content is correctly detected when the file extension is changed to .txt or other recognized extensions.
To Reproduce
Steps to reproduce the behavior:
- Create a
.brufile with sensitive data (example below) - Run gitleaks scan:
gitleaks dir . -v - Observe that no secrets are detected
- Rename the same file to
.txtextension - Run gitleaks again - secrets are now correctly detected
Expected behavior
Gitleaks should scan .bru files.
Example .bru file content that should be detected:
meta {
name: Refresh Token
type: http
seq: 2
}
post {
url: https://example-oauth.com/oauth/token?client_id=a1b2c3d4-e5f6-7890-abcd-ef1234567890&grant_type=refresh_token&client_secret=K4A04cZk1QtAcBh2UV4fau2RVe1fh8ggZnLc1SviL5kELDWOvECMF9zZ1syeLXtp66k9DUxdNQgynYD2sju6CT&redirect_uri=https://localhost&refresh_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30
body: none
auth: inherit
}
params:query {
client_id: a1b2c3d4-e5f6-7890-abcd-ef1234567890
grant_type: refresh_token
client_secret: K4A04cZk1QtAcBh2UV4fau2RVe1fh8ggZnLc1SviL5kELDWOvECMF9zZ1syeLXtp66k9DUxdNQgynYD2sju6CT
redirect_uri: https://localhost
refresh_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30
}
headers {
Accept: */*
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Connection: keep-alive
}
Commands tested:
gitleaks dir . -v
Basic Info:
- OS: macOS
- Also tried using the docker image from docker hub.
- Gitleaks Version: 8.28.0
Additional context
Bruno (https://github.com/usebruno/bruno) is a popular API client that stores requests in .bru files. These files often contain sensitive information like API keys, client secrets that should be detected by secret scanning tools. The issue appears to be that Gitleaks may have an internal allowlist or filtering mechanism that excludes .bru files from scanning, even when explicitly configured to scan them.
This is a security concern as organizations using Bruno for API development may unknowingly commit sensitive secrets in .bru files that go undetected.
cc @zricethezav