Documentation for the [extend] file is wrong

[drclark-dev]

The documentation for [extend] config files states:

# Extend the base (this) configuration. When you extend a configuration
# the base rules take precedence over the extended rules. I.e., if there are
# duplicate rules in both the base configuration and the extended configuration
# the base rules will override the extended rules.

This seems counterintuitive because extensibility by definition adds to or modifies base functionality, and in fact after testing with an extend file that makes private-key just match on the substring toto I see that it does in fact override the base rules.

title = "Test extend"

[extend]
useDefault = true

[[rules]]
description = "test"
id = "private-key"
regex = '''toto'''

And using the extend file I get a match based on the extend rule, not the base rule.

gitleaks detect --no-git -v -c ..\gitleaks-extend.toml

    ○
    │╲
    │ ○
    ○ ░
    ░    gitleaks

Finding:     totoo
Secret:      toto
RuleID:      private-key
Entropy:     1.000000
File:        test.txt
Line:        1
Fingerprint: test.txt:private-key:1

11:02AM INF scan completed in 13.3ms
11:02AM WRN leaks found: 1

In my opinion this is the desired functionality for an extend rule, and the documentation should be corrected to reflect it.