chore: import upstream snapshot with attribution
This commit is contained in:
Vendored
BIN
Binary file not shown.
Vendored
BIN
Binary file not shown.
Vendored
BIN
Binary file not shown.
Vendored
BIN
Binary file not shown.
Vendored
BIN
Binary file not shown.
Vendored
+6
@@ -0,0 +1,6 @@
|
||||
DB_HOST=example.com
|
||||
DB_PORT=443
|
||||
DB_USERNAME=postgres
|
||||
DB_PASSWORD=8ae31cacf141669ddfb5da
|
||||
DB_NAME=best_db
|
||||
DB_SSL=true
|
||||
+1
@@ -0,0 +1 @@
|
||||
../testdata/repos/nogit/api.go:aws-access-key:20
|
||||
Vendored
+24
@@ -0,0 +1,24 @@
|
||||
package main
|
||||
|
||||
import "fmt"
|
||||
|
||||
func main() {
|
||||
|
||||
var a = "initial"
|
||||
fmt.Println(a)
|
||||
|
||||
var b, c int = 1, 2
|
||||
fmt.Println(b, c)
|
||||
|
||||
var d = true
|
||||
fmt.Println(d)
|
||||
|
||||
var e int
|
||||
fmt.Println(e)
|
||||
|
||||
// opps I added a secret at line 20
|
||||
awsToken := "AKIALALEMEL33243OLIA"
|
||||
|
||||
f := "apple"
|
||||
fmt.Println(f)
|
||||
}
|
||||
Vendored
+24
@@ -0,0 +1,24 @@
|
||||
package main
|
||||
|
||||
import "fmt"
|
||||
|
||||
func main() {
|
||||
|
||||
var a = "initial"
|
||||
fmt.Println(a)
|
||||
|
||||
var b, c int = 1, 2
|
||||
fmt.Println(b, c)
|
||||
|
||||
var d = true
|
||||
fmt.Println(d)
|
||||
|
||||
var e int
|
||||
fmt.Println(e)
|
||||
|
||||
// opps I added a secret at line 20
|
||||
awsToken := "AKIALALEMEL33243OLIA"
|
||||
|
||||
f := "apple"
|
||||
fmt.Println(f)
|
||||
}
|
||||
Vendored
BIN
Binary file not shown.
Vendored
BIN
Binary file not shown.
Vendored
BIN
Binary file not shown.
Vendored
BIN
Binary file not shown.
Vendored
+2
@@ -0,0 +1,2 @@
|
||||
RuleID,Commit,File,Secret,Match,StartLine,EndLine,StartColumn,EndColumn,Author,Message,Date,Email,Fingerprint
|
||||
1,b,c,f,s,m,s,e,s,e,a,m,f,r,f
|
||||
|
Vendored
+40
@@ -0,0 +1,40 @@
|
||||
[
|
||||
{
|
||||
"Description": "PyPI upload token",
|
||||
"StartLine": 32,
|
||||
"EndLine": 32,
|
||||
"StartColumn": 21,
|
||||
"EndColumn": 106,
|
||||
"Match": "************************",
|
||||
"Secret": "************************",
|
||||
"File": "detect/detect_test.go",
|
||||
"Commit": "9326f35380636bcbe61e94b0584d1618c4b5c2c2",
|
||||
"Entropy": 1.9606875,
|
||||
"Author": "****",
|
||||
"Email": "****",
|
||||
"Date": "2022-03-07T14:33:06Z",
|
||||
"Message": "Escape - character in regex character groups (#802)\n\n* fix char escape\n\n* add test\n\n* fix verbosity in make test",
|
||||
"Tags": [],
|
||||
"RuleID": "pypi-upload-token",
|
||||
"Fingerprint": "9326f35380636bcbe61e94b0584d1618c4b5c2c2:detect/detect_test.go:pypi-upload-token:32"
|
||||
},
|
||||
{
|
||||
"Description": "PyPI upload token",
|
||||
"StartLine": 33,
|
||||
"EndLine": 33,
|
||||
"StartColumn": 21,
|
||||
"EndColumn": 106,
|
||||
"Match": "************************",
|
||||
"Secret": "************************",
|
||||
"File": "detect/detect_test.go",
|
||||
"Commit": "9326f35380636bcbe61e94b0584d1618c4b5c2c2",
|
||||
"Entropy": 1.9606875,
|
||||
"Author": "****",
|
||||
"Email": "****",
|
||||
"Date": "2022-03-07T14:33:06Z",
|
||||
"Message": "Escape - character in regex character groups (#802)\n\n* fix char escape\n\n* add test\n\n* fix verbosity in make test",
|
||||
"Tags": [],
|
||||
"RuleID": "pypi-upload-token",
|
||||
"Fingerprint": "9326f35380636bcbe61e94b0584d1618c4b5c2c2:detect/detect_test.go:pypi-upload-token:33"
|
||||
}
|
||||
]
|
||||
Vendored
+6
@@ -0,0 +1,6 @@
|
||||
{
|
||||
"$schema": "https://json.schemastore.org/sarif-2.1.0.json",
|
||||
"version": "2.1.0",
|
||||
"runs": [
|
||||
]
|
||||
}
|
||||
Vendored
+21
@@ -0,0 +1,21 @@
|
||||
title = "gitleaks config"
|
||||
# https://learnxinyminutes.com/docs/toml/ for toml reference
|
||||
|
||||
[[rules]]
|
||||
id = "aws-access-key"
|
||||
description = "AWS Access Key"
|
||||
regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
|
||||
tags = ["key", "AWS"]
|
||||
|
||||
# Here to confirm that allowlists work in archives
|
||||
[[rules]]
|
||||
id = 'password'
|
||||
description = "Find the DB password in .env.prod"
|
||||
path = '''\.env\.prod$'''
|
||||
regex = '''(?i)password=([^\s]+)'''
|
||||
|
||||
# Now ignore it to confirm allowlists work
|
||||
[[allowlists]]
|
||||
paths = [
|
||||
'''\.env\.prod$''',
|
||||
]
|
||||
Vendored
+14
@@ -0,0 +1,14 @@
|
||||
title = "Fragment level composite rule"
|
||||
|
||||
[[rules]]
|
||||
id = "primary-rule"
|
||||
description = "Primary rule"
|
||||
regex = 'password\s*=\s*"([^"]+)"'
|
||||
[[rules.required]]
|
||||
id = "username-rule"
|
||||
|
||||
[[rules]]
|
||||
id = "username-rule"
|
||||
description = "Username rule"
|
||||
regex = 'username\s*=\s*"([^"]+)"'
|
||||
skipReport = true
|
||||
Vendored
+126
@@ -0,0 +1,126 @@
|
||||
# We want to be able to find this key regardless if it's b64 encoded or not
|
||||
[[rules]]
|
||||
id = 'private-key'
|
||||
description = 'Private Key'
|
||||
regex = '''(?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY(?: BLOCK)?-----[\s\S-]*?-----END[ A-Z0-9_-]{0,100}PRIVATE KEY(?: BLOCK)?-----'''
|
||||
tags = ['key', 'private']
|
||||
keywords = [
|
||||
'-----begin',
|
||||
]
|
||||
|
||||
# This exists to test what would happen if a normal rule matched something that
|
||||
# also gets decoded. We don't want to break anyone's existing rules that might
|
||||
# be looking for specific segments of b64 encoded data.
|
||||
[[rules]]
|
||||
id = 'b64-encoded-private-key'
|
||||
description = 'Private Key'
|
||||
regex = '''(?:LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0t|0tLS0tQkVHSU4gUFJJVkFURSBLRVktLS0tL|tLS0tLUJFR0lOIFBSSVZBVEUgS0VZLS0tLS)[a-zA-Z0-9+\/]+={0,3}'''
|
||||
tags = ['key', 'private']
|
||||
keywords = [
|
||||
'ls0tls1crudjtibquklwqvrfietfws0tls0t',
|
||||
'0tls0tqkvhsu4gufjjvkfursblrvktls0tl',
|
||||
'tls0tlujfr0loifbssvzbveugs0vzls0tls',
|
||||
]
|
||||
|
||||
|
||||
[[rules]]
|
||||
id = 'aws-iam-unique-identifier'
|
||||
description = 'AWS IAM Unique Identifier'
|
||||
# The funky not group at the beginning consists of ascii ranges
|
||||
regex = '''(?:^|[^!$-&\(-9<>-~])((?:A3T[A-Z0-9]|ACCA|ABIA|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16})\b'''
|
||||
tags = ['aws', 'identifier']
|
||||
entropy = 3.2
|
||||
secretGroup = 1
|
||||
keywords = [
|
||||
'a3t',
|
||||
'abia',
|
||||
'acca',
|
||||
'agpa',
|
||||
'aida',
|
||||
'aipa',
|
||||
'akia',
|
||||
'anpa',
|
||||
'anva',
|
||||
'aroa',
|
||||
'asia',
|
||||
]
|
||||
|
||||
[[rules]]
|
||||
id = 'aws-secret-access-key'
|
||||
description = 'AWS Secret Access Key'
|
||||
regex = '''(?i)aws[\w\-]{0,32}[\'\"]?\s*?[:=\(]\s*?[\'\"]?([a-z0-9\/+]{40})\b'''
|
||||
tags = ['aws', 'secret']
|
||||
entropy = 4
|
||||
secretGroup = 1
|
||||
keywords = [
|
||||
'aws',
|
||||
]
|
||||
|
||||
[[rules]]
|
||||
# Use a small one for making sure things shifting around are kept up with
|
||||
# appropriately
|
||||
id = 'small-secret'
|
||||
description = 'Small Secret'
|
||||
regex = '''\bsmall-secret\b'''
|
||||
tags = ['small', 'secret']
|
||||
|
||||
[[rules]]
|
||||
# When the example value is decoded this will overlap and this is here to
|
||||
# test that the location information is reported accurately when the match
|
||||
# goes outside the bounds of the encoded value
|
||||
id = 'overlapping'
|
||||
description = 'Overlapping'
|
||||
regex = '''secret=(decoded-secret-value\w*)'''
|
||||
tags = ['overlapping']
|
||||
secretGroup = 1
|
||||
|
||||
# -----BEGIN REGEX TARGET DECODED MATCH PATTERNS-----
|
||||
[[rules]]
|
||||
id = 'decoded-password-dont-ignore'
|
||||
description = 'Make sure this would be detected with no allowlist'
|
||||
regex = '''password\s*=\s*\"([^\"]+please-ignore-me[^\"]+)\"'''
|
||||
tags = ['decode-ignore']
|
||||
secretGroup = 1
|
||||
|
||||
[[rules]]
|
||||
id = 'decoded-password-ignore-secret'
|
||||
description = 'Test ignore on decoded secrets: regexTarget = "secret"'
|
||||
regex = '''password\s*=\s*\"([^\"]+please-ignore-me[^\"]+)\"'''
|
||||
tags = ['decode-ignore']
|
||||
secretGroup = 1
|
||||
|
||||
[[rules.allowlists]]
|
||||
regexTarget = 'secret'
|
||||
regexes = [
|
||||
# The decoded segment that we are testing against
|
||||
'please-ignore-me',
|
||||
]
|
||||
|
||||
[[rules]]
|
||||
id = 'decoded-password-ignore-match'
|
||||
description = 'Test ignore on decoded secrets: regexTarget = "match"'
|
||||
regex = '''password\s*=\s*\"([^\"]+please-ignore-me[^\"]+)\"'''
|
||||
tags = ['decode-ignore']
|
||||
secretGroup = 1
|
||||
|
||||
[[rules.allowlists]]
|
||||
regexTarget = 'match'
|
||||
regexes = [
|
||||
# The decoded segment that we are testing against
|
||||
'please-ignore-me',
|
||||
]
|
||||
|
||||
[[rules]]
|
||||
id = 'decoded-password-ignore-line'
|
||||
description = 'Test ignore on decoded secrets: regexTarget = "line"'
|
||||
regex = '''password\s*=\s*\"([^\"]+please-ignore-me[^\"]+)\"'''
|
||||
tags = ['decode-ignore']
|
||||
secretGroup = 1
|
||||
|
||||
[[rules.allowlists]]
|
||||
regexTarget = 'line'
|
||||
regexes = [
|
||||
# The decoded segment that we are testing against
|
||||
'please-ignore-me',
|
||||
]
|
||||
# -----END REGEX TARGET DECODED MATCH PATTERNS-----
|
||||
Vendored
+10
@@ -0,0 +1,10 @@
|
||||
title = "gitleaks config"
|
||||
|
||||
[[rules]]
|
||||
id = "generic-api-key"
|
||||
description = "Generic API Key"
|
||||
regex = '''(?i)(?:key|api|token|secret|client|passwd|password|auth|access)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-z\-_.=]{10,150})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
|
||||
entropy = 3.5
|
||||
keywords = [
|
||||
"key","api","token","secret","client","passwd","password","auth","access",
|
||||
]
|
||||
+35
@@ -0,0 +1,35 @@
|
||||
title = "gitleaks config"
|
||||
|
||||
[[rules]]
|
||||
id = "generic-api-key"
|
||||
description = "Generic API Key"
|
||||
path = '''.py'''
|
||||
regex = '''(?i)((key|api|token|secret|password)[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9a-zA-Z\-_=]{8,64})['\"]'''
|
||||
secretGroup = 4
|
||||
entropy = 3.7
|
||||
|
||||
[allowlist]
|
||||
description = "global allow lists"
|
||||
paths = [
|
||||
'''gitleaks.toml''',
|
||||
'''(.*?)(jpg|gif|doc|pdf|bin|svg|socket)$''',
|
||||
'''(go.mod|go.sum)$'''
|
||||
]
|
||||
regexes = [
|
||||
'''219-09-9999''',
|
||||
'''078-05-1120''',
|
||||
'''(9[0-9]{2}|666)-\d{2}-\d{4}''',
|
||||
'''process''',
|
||||
'''getenv''',
|
||||
'''\.env''',
|
||||
'''env\(''',
|
||||
'''env\.''',
|
||||
'''setting''',
|
||||
'''load''',
|
||||
'''token''',
|
||||
'''password''',
|
||||
'''secret''',
|
||||
'''api\_key''',
|
||||
'''apikey''',
|
||||
'''api\-key''',
|
||||
]
|
||||
@@ -0,0 +1,2 @@
|
||||
|
||||
[[allowlists]]
|
||||
@@ -0,0 +1,4 @@
|
||||
[allowlist]
|
||||
regexes = ['''123''']
|
||||
[[allowlists]]
|
||||
regexes = ['''456''']
|
||||
@@ -0,0 +1,3 @@
|
||||
[[allowlists]]
|
||||
regexTarget = "mtach"
|
||||
regexes = ['''456''']
|
||||
@@ -0,0 +1,7 @@
|
||||
[[rules]]
|
||||
id = "github-app-token"
|
||||
regex = '''(?:ghu|ghs)_[0-9a-zA-Z]{36}'''
|
||||
|
||||
[[allowlists]]
|
||||
targetRules = ["github-app-token", "github-pat"]
|
||||
regexes = ['''.*fake.*''']
|
||||
@@ -0,0 +1,4 @@
|
||||
[[rules]]
|
||||
id = "example"
|
||||
regex = '''example\d+'''
|
||||
[[rules.allowlists]]
|
||||
@@ -0,0 +1,7 @@
|
||||
[[rules]]
|
||||
id = "example"
|
||||
regex = '''example\d+'''
|
||||
[rules.allowlist]
|
||||
regexes = ['''123''']
|
||||
[[rules.allowlists]]
|
||||
regexes = ['''456''']
|
||||
@@ -0,0 +1,6 @@
|
||||
[[rules]]
|
||||
id = "example"
|
||||
regex = '''example\d+'''
|
||||
[[rules.allowlists]]
|
||||
regexTarget = "mtach"
|
||||
regexes = ['''456''']
|
||||
@@ -0,0 +1,10 @@
|
||||
title = "gitleaks extended 1"
|
||||
|
||||
[extend]
|
||||
path="../testdata/config/invalid/does_not_exist.toml"
|
||||
|
||||
[[rules]]
|
||||
description = "AWS Access Key"
|
||||
id = "aws-access-key"
|
||||
regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
|
||||
tags = ["key", "AWS"]
|
||||
@@ -0,0 +1,7 @@
|
||||
[extend]
|
||||
useDefault = true
|
||||
|
||||
[[rules]]
|
||||
|
||||
[[rules.allowlists]]
|
||||
paths = ['^.*\.(xml|log|json)$']
|
||||
+8
@@ -0,0 +1,8 @@
|
||||
title = "gitleaks config"
|
||||
|
||||
[[rules]]
|
||||
id = "discord-api-key"
|
||||
description = "Discord API key"
|
||||
regex = '''(?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{64})['\"]'''
|
||||
secretGroup = 5
|
||||
entropy = 3.5
|
||||
+7
@@ -0,0 +1,7 @@
|
||||
title = "gitleaks config"
|
||||
|
||||
[[rules]]
|
||||
description = "Discord API key"
|
||||
regex = '''(?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{64})['\"]'''
|
||||
secretGroup = 5
|
||||
entropy = 3.5
|
||||
+5
@@ -0,0 +1,5 @@
|
||||
title = "gitleaks config"
|
||||
|
||||
[[rules]]
|
||||
id = 'discord-api-key'
|
||||
description = "Discord API key"
|
||||
Vendored
+227
@@ -0,0 +1,227 @@
|
||||
title = "gitleaks config"
|
||||
# https://learnxinyminutes.com/docs/toml/ for toml reference
|
||||
|
||||
[[rules]]
|
||||
description = "1Password Secret Key"
|
||||
id = "1password-secret-key"
|
||||
regex = '''A3-[A-Z0-9]{6}-(?:(?:[A-Z0-9]{11})|(?:[A-Z0-9]{6}-[A-Z0-9]{5}))-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}'''
|
||||
tags = ["1Password"]
|
||||
|
||||
[[rules]]
|
||||
description = "AWS Access Key"
|
||||
id = "aws-access-key"
|
||||
regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
|
||||
tags = ["key", "AWS"]
|
||||
|
||||
[[rules]]
|
||||
description = "AWS Secret Key"
|
||||
id = "aws-secret-key"
|
||||
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
|
||||
tags = ["key", "AWS"]
|
||||
|
||||
[[rules]]
|
||||
description = "AWS MWS key"
|
||||
id = "aws-mws-key"
|
||||
regex = '''amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
|
||||
tags = ["key", "AWS", "MWS"]
|
||||
|
||||
[[rules]]
|
||||
description = "Facebook Secret Key"
|
||||
id = "facebook-secret-key"
|
||||
regex = '''(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]'''
|
||||
tags = ["key", "Facebook"]
|
||||
|
||||
[[rules]]
|
||||
description = "Facebook Client ID"
|
||||
id = "facebook-client-id"
|
||||
regex = '''(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]'''
|
||||
tags = ["key", "Facebook"]
|
||||
|
||||
[[rules]]
|
||||
description = "Twitter Secret Key"
|
||||
id = "twitter-secret-key"
|
||||
regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}['\"]'''
|
||||
tags = ["key", "Twitter"]
|
||||
|
||||
[[rules]]
|
||||
description = "Twitter Client ID"
|
||||
id = "twitter-client-id"
|
||||
regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{18,25}['\"]'''
|
||||
tags = ["client", "Twitter"]
|
||||
|
||||
[[rules]]
|
||||
description = "Github Personal Access Token"
|
||||
id = "github-pat"
|
||||
regex = '''ghp_[0-9a-zA-Z]{36}'''
|
||||
tags = ["key", "Github"]
|
||||
[[rules]]
|
||||
description = "Github OAuth Access Token"
|
||||
id = "github-oauth"
|
||||
regex = '''gho_[0-9a-zA-Z]{36}'''
|
||||
tags = ["key", "Github"]
|
||||
[[rules]]
|
||||
id = "github-app"
|
||||
description = "Github App Token"
|
||||
regex = '''(ghu|ghs)_[0-9a-zA-Z]{36}'''
|
||||
tags = ["key", "Github"]
|
||||
[[rules]]
|
||||
id = "github-refresh"
|
||||
description = "Github Refresh Token"
|
||||
regex = '''ghr_[0-9a-zA-Z]{76}'''
|
||||
tags = ["key", "Github"]
|
||||
|
||||
[[rules]]
|
||||
id = "linkedin-client"
|
||||
description = "LinkedIn Client ID"
|
||||
regex = '''(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}'''
|
||||
tags = ["client", "LinkedIn"]
|
||||
|
||||
[[rules]]
|
||||
id = "linkedin-secret"
|
||||
description = "LinkedIn Secret Key"
|
||||
regex = '''(?i)linkedin(.{0,20})?[0-9a-z]{16}'''
|
||||
tags = ["secret", "LinkedIn"]
|
||||
|
||||
[[rules]]
|
||||
id = "slack"
|
||||
description = "Slack"
|
||||
regex = '''xox[baprs]-(?:[0-9a-zA-Z]{10,48})?'''
|
||||
tags = ["key", "Slack"]
|
||||
|
||||
[[rules]]
|
||||
id = "apkey"
|
||||
description = "Asymmetric Private Key"
|
||||
regex = '''-----BEGIN (?:(?:EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY(?: BLOCK)?-----'''
|
||||
tags = ["key", "AsymmetricPrivateKey"]
|
||||
|
||||
[[rules]]
|
||||
id = "google"
|
||||
description = "Google API key"
|
||||
regex = '''AIza[0-9A-Za-z\-_]{35}'''
|
||||
tags = ["key", "Google"]
|
||||
|
||||
[[rules]]
|
||||
id = "google"
|
||||
description = "Google (GCP) Service Account"
|
||||
regex = '''"type": "service_account"'''
|
||||
tags = ["key", "Google"]
|
||||
|
||||
[[rules]]
|
||||
id = "heroku"
|
||||
description = "Heroku API key"
|
||||
regex = '''(?i)heroku(.{0,20})?[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
|
||||
tags = ["key", "Heroku"]
|
||||
|
||||
[[rules]]
|
||||
id = "mailchimp"
|
||||
description = "MailChimp API key"
|
||||
regex = '''(?i)(mailchimp|mc)(.{0,20})?[0-9a-f]{32}-us[0-9]{1,2}'''
|
||||
tags = ["key", "Mailchimp"]
|
||||
|
||||
[[rules]]
|
||||
id = "mailgun"
|
||||
description = "Mailgun API key"
|
||||
regex = '''((?i)(mailgun|mg)(.{0,20})?)?key-[0-9a-z]{32}'''
|
||||
tags = ["key", "Mailgun"]
|
||||
|
||||
[[rules]]
|
||||
id = "paypal"
|
||||
description = "PayPal Braintree access token"
|
||||
regex = '''access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'''
|
||||
tags = ["key", "Paypal"]
|
||||
|
||||
[[rules]]
|
||||
id = "piacatic"
|
||||
description = "Picatic API key"
|
||||
regex = '''sk_live_[0-9a-z]{32}'''
|
||||
tags = ["key", "Picatic"]
|
||||
|
||||
[[rules]]
|
||||
id = "sendgrid"
|
||||
description = "SendGrid API Key"
|
||||
regex = '''SG\.[\w_]{16,32}\.[\w_]{16,64}'''
|
||||
tags = ["key", "SendGrid"]
|
||||
|
||||
[[rules]]
|
||||
description = "Sidekiq Secret"
|
||||
id = "sidekiq-secret"
|
||||
regex = '''(?i)(?:BUNDLE_ENTERPRISE__CONTRIBSYS__COM|BUNDLE_GEMS__CONTRIBSYS__COM)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{8}:[a-f0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
|
||||
secretGroup = 1
|
||||
keywords = [
|
||||
"bundle_enterprise__contribsys__com","bundle_gems__contribsys__com",
|
||||
]
|
||||
|
||||
[[rules]]
|
||||
description = "Sidekiq Sensitive URL"
|
||||
id = "sidekiq-sensitive-url"
|
||||
regex = '''(?i)\b(http(?:s??):\/\/)([a-f0-9]{8}:[a-f0-9]{8})@(?:gems.contribsys.com|enterprise.contribsys.com)(?:[\/|\#|\?|:]|$)'''
|
||||
secretGroup = 2
|
||||
keywords = [
|
||||
"gems.contribsys.com","enterprise.contribsys.com",
|
||||
]
|
||||
|
||||
[[rules]]
|
||||
id = "slack-webhook"
|
||||
description = "Slack Webhook"
|
||||
regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8,12}/[a-zA-Z0-9_]{24}'''
|
||||
tags = ["key", "slack"]
|
||||
|
||||
[[rules]]
|
||||
id = "stripe"
|
||||
description = "Stripe API key"
|
||||
regex = '''(?i)stripe(.{0,20})?[sr]k_live_[0-9a-zA-Z]{24}'''
|
||||
tags = ["key", "Stripe"]
|
||||
|
||||
[[rules]]
|
||||
id = "square"
|
||||
description = "Square access token"
|
||||
regex = '''sq0atp-[0-9A-Za-z\-_]{22}'''
|
||||
tags = ["key", "square"]
|
||||
|
||||
[[rules]]
|
||||
id = "square-oauth"
|
||||
description = "Square OAuth secret"
|
||||
regex = '''sq0csp-[0-9A-Za-z\-_]{43}'''
|
||||
tags = ["key", "square"]
|
||||
|
||||
[[rules]]
|
||||
id = "twilio"
|
||||
description = "Twilio API key"
|
||||
regex = '''(?i)twilio(.{0,20})?SK[0-9a-f]{32}'''
|
||||
tags = ["key", "twilio"]
|
||||
|
||||
[[rules]]
|
||||
id = "dynatrace"
|
||||
description = "Dynatrace ttoken"
|
||||
regex = '''dt0[a-zA-Z]{1}[0-9]{2}\.[A-Z0-9]{24}\.[A-Z0-9]{64}'''
|
||||
tags = ["key", "Dynatrace"]
|
||||
|
||||
[[rules]]
|
||||
id = "shopify"
|
||||
description = "Shopify shared secret"
|
||||
regex = '''shpss_[a-fA-F0-9]{32}'''
|
||||
tags = ["key", "Shopify"]
|
||||
|
||||
[[rules]]
|
||||
id = "shopify-access"
|
||||
description = "Shopify access token"
|
||||
regex = '''shpat_[a-fA-F0-9]{32}'''
|
||||
tags = ["key", "Shopify"]
|
||||
|
||||
[[rules]]
|
||||
id = "shopify-custom"
|
||||
description = "Shopify custom app access token"
|
||||
regex = '''shpca_[a-fA-F0-9]{32}'''
|
||||
tags = ["key", "Shopify"]
|
||||
|
||||
[[rules]]
|
||||
id = "shopify-private"
|
||||
description = "Shopify private app access token"
|
||||
regex = '''shppa_[a-fA-F0-9]{32}'''
|
||||
tags = ["key", "Shopify"]
|
||||
|
||||
[[rules]]
|
||||
id = "pypi"
|
||||
description = "PyPI upload token"
|
||||
regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}'''
|
||||
tags = ["key", "pypi"]
|
||||
@@ -0,0 +1,10 @@
|
||||
[[rules]]
|
||||
id = "test"
|
||||
regex = '''token = "(.+)"'''
|
||||
|
||||
[[allowlists]]
|
||||
regexes = ["^changeit$"]
|
||||
[[allowlists]]
|
||||
condition = "AND"
|
||||
paths = ["^node_modules/.*"]
|
||||
stopwords = ["mock"]
|
||||
@@ -0,0 +1,2 @@
|
||||
[allowlist]
|
||||
stopwords = ["0989c462-69c9-49fa-b7d2-30dc5c576a97"]
|
||||
@@ -0,0 +1,2 @@
|
||||
[allowlist]
|
||||
regexes = ['''AKIALALEM.L33243OLIA''']
|
||||
@@ -0,0 +1,20 @@
|
||||
[[rules]]
|
||||
id = "github-app-token"
|
||||
regex = '''(?:ghu|ghs)_[0-9a-zA-Z]{36}'''
|
||||
|
||||
[[rules]]
|
||||
id = "github-oauth"
|
||||
regex = '''gho_[0-9a-zA-Z]{36}'''
|
||||
|
||||
[[rules]]
|
||||
id = "github-pat"
|
||||
regex = '''ghp_[0-9a-zA-Z]{36}'''
|
||||
|
||||
|
||||
[[allowlists]]
|
||||
regexes = ['''.*fake.*''']
|
||||
[[allowlists]]
|
||||
targetRules = ["github-app-token", "github-pat"]
|
||||
paths = [
|
||||
'''(?:^|/)@octokit/auth-token/README\.md$''',
|
||||
]
|
||||
@@ -0,0 +1,9 @@
|
||||
title = "simple config with allowlist for a specific commit"
|
||||
|
||||
[[rules]]
|
||||
description = "AWS Access Key"
|
||||
id = "aws-access-key"
|
||||
regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
|
||||
tags = ["key", "AWS"]
|
||||
[[rules.allowlists]]
|
||||
commits = ['''allowthiscommit''']
|
||||
@@ -0,0 +1,11 @@
|
||||
# https://github.com/gitleaks/gitleaks/issues/1844
|
||||
[extend]
|
||||
useDefault = true
|
||||
|
||||
[[rules]]
|
||||
id = "generic-api-key"
|
||||
[[rules.allowlists]]
|
||||
description = "Exclude a specific file from generic-api-key rule"
|
||||
paths = [
|
||||
'''^path/to/your/problematic/file\.js$'''
|
||||
]
|
||||
@@ -0,0 +1,5 @@
|
||||
[[rules]]
|
||||
id = "example"
|
||||
regex = '''example\d+'''
|
||||
[rules.allowlist]
|
||||
regexes = ['''123''']
|
||||
@@ -0,0 +1,9 @@
|
||||
title = "simple config with allowlist for .go files"
|
||||
|
||||
[[rules]]
|
||||
description = "AWS Access Key"
|
||||
id = "aws-access-key"
|
||||
regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
|
||||
tags = ["key", "AWS"]
|
||||
[[rules.allowlists]]
|
||||
paths = ['''.go''']
|
||||
@@ -0,0 +1,9 @@
|
||||
title = "simple config with allowlist for aws"
|
||||
|
||||
[[rules]]
|
||||
description = "AWS Access Key"
|
||||
id = "aws-access-key"
|
||||
regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
|
||||
tags = ["key", "AWS"]
|
||||
[[rules.allowlists]]
|
||||
regexes = ['''AKIALALEMEL33243OLIA''']
|
||||
Vendored
+8
@@ -0,0 +1,8 @@
|
||||
[extend]
|
||||
path="../testdata/config/valid/extend_base_1.toml"
|
||||
|
||||
[[rules]]
|
||||
description = "AWS Secret Key"
|
||||
id = "aws-secret-key"
|
||||
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
|
||||
tags = ["key", "AWS"]
|
||||
+10
@@ -0,0 +1,10 @@
|
||||
title = "gitleaks extended 1"
|
||||
|
||||
[extend]
|
||||
path="../testdata/config/valid/extend_base_2.toml"
|
||||
|
||||
[[rules]]
|
||||
description = "AWS Access Key"
|
||||
id = "aws-access-key"
|
||||
regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
|
||||
tags = ["key", "AWS"]
|
||||
+10
@@ -0,0 +1,10 @@
|
||||
title = "gitleaks extended 2"
|
||||
|
||||
[extend]
|
||||
path="../testdata/config/extend_3.toml"
|
||||
|
||||
[[rules]]
|
||||
description = "AWS Secret Key"
|
||||
id = "aws-secret-key-again"
|
||||
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
|
||||
tags = ["key", "AWS"]
|
||||
+9
@@ -0,0 +1,9 @@
|
||||
title = "gitleaks extended 3"
|
||||
|
||||
## This should not be loaded since we can only extend configs to a depth of 3
|
||||
|
||||
[[rules]]
|
||||
id = "aws-secret-key-again-again"
|
||||
description = "AWS Secret Key"
|
||||
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
|
||||
tags = ["key", "AWS"]
|
||||
@@ -0,0 +1,8 @@
|
||||
title = "gitleaks extended 3"
|
||||
|
||||
[extend]
|
||||
path="../testdata/config/valid/extend_rule_keywords_base.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-secret-key-again-again"
|
||||
description = "A new description"
|
||||
+11
@@ -0,0 +1,11 @@
|
||||
title = "gitleaks extend disable"
|
||||
|
||||
[extend]
|
||||
path = "../testdata/config/valid/extend_disabled_base.toml"
|
||||
disabledRules = [
|
||||
'custom-rule1'
|
||||
]
|
||||
|
||||
[[rules]]
|
||||
id = "pypi-upload-token"
|
||||
regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}'''
|
||||
+11
@@ -0,0 +1,11 @@
|
||||
title = "gitleaks extended 3"
|
||||
|
||||
|
||||
[[rules]]
|
||||
id = "aws-secret-key"
|
||||
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
|
||||
tags = ["key", "AWS"]
|
||||
|
||||
[[rules]]
|
||||
id = "custom-rule1"
|
||||
regex = '''[Cc]ustom!'''
|
||||
@@ -0,0 +1,14 @@
|
||||
title = "gitleaks extended 3"
|
||||
|
||||
[extend]
|
||||
path="../testdata/config/valid/extend_rule_allowlist_base.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-secret-key-again-again"
|
||||
[[rules.allowlists]]
|
||||
condition = "AND"
|
||||
commits = ['''abcdefg1''']
|
||||
regexes = ['''foo.+bar''']
|
||||
regexTarget = "line"
|
||||
paths = ['''ignore\.xaml''']
|
||||
stopwords = ['''example''']
|
||||
@@ -0,0 +1,11 @@
|
||||
title = "gitleaks extended 3"
|
||||
|
||||
## This should not be loaded since we can only extend configs to a depth of 3
|
||||
|
||||
[[rules]]
|
||||
id = "aws-secret-key-again-again"
|
||||
description = "AWS Secret Key"
|
||||
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
|
||||
tags = ["key", "AWS"]
|
||||
[[rules.allowlists]]
|
||||
stopwords = ["fake"]
|
||||
@@ -0,0 +1,13 @@
|
||||
title = "gitleaks extended 3"
|
||||
|
||||
[extend]
|
||||
path="../testdata/config/valid/extend_rule_allowlist_base.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-secret-key-again-again"
|
||||
[[rules.allowlists]]
|
||||
commits = ['''abcdefg1''']
|
||||
regexes = ['''foo.+bar''']
|
||||
regexTarget = "line"
|
||||
paths = ['''ignore\.xaml''']
|
||||
stopwords = ['''example''']
|
||||
@@ -0,0 +1,12 @@
|
||||
title = "gitleaks extended 3"
|
||||
|
||||
## This should not be loaded since we can only extend configs to a depth of 3
|
||||
|
||||
[[rules]]
|
||||
id = "aws-secret-key-again-again"
|
||||
description = "AWS Secret Key"
|
||||
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
|
||||
tags = ["key", "AWS"]
|
||||
keywords = ["AWS"]
|
||||
[[rules.allowlists]]
|
||||
stopwords = ["fake"]
|
||||
+8
@@ -0,0 +1,8 @@
|
||||
title = "gitleaks extended 3"
|
||||
|
||||
[extend]
|
||||
path="../testdata/config/valid/extend_rule_keywords_base.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-rule-that-is-not-in-base"
|
||||
keywords = ["CMS"]
|
||||
@@ -0,0 +1,8 @@
|
||||
[extend]
|
||||
path="../testdata/config/valid/extend_base_3.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-secret-key-again-again"
|
||||
[[rules.allowlists]]
|
||||
description = "False positive. Keys used for colors match the rule, and should be excluded."
|
||||
paths = ['''something.py''']
|
||||
@@ -0,0 +1,8 @@
|
||||
title = "override a built-in rule's description"
|
||||
|
||||
[extend]
|
||||
path = "../testdata/config/simple.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-access-key"
|
||||
description = "Puppy Doggy"
|
||||
@@ -0,0 +1,8 @@
|
||||
title = "override a built-in rule's entropy"
|
||||
|
||||
[extend]
|
||||
path = "../testdata/config/simple.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-access-key"
|
||||
entropy = 999
|
||||
@@ -0,0 +1,8 @@
|
||||
title = "override a built-in rule's keywords"
|
||||
|
||||
[extend]
|
||||
path = "../testdata/config/simple.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-access-key"
|
||||
keywords = ["puppy"]
|
||||
@@ -0,0 +1,8 @@
|
||||
title = "override a built-in rule's path"
|
||||
|
||||
[extend]
|
||||
path = "../testdata/config/simple.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-access-key"
|
||||
path = '''(?:puppy)'''
|
||||
@@ -0,0 +1,8 @@
|
||||
title = "override a built-in rule's regex"
|
||||
|
||||
[extend]
|
||||
path = "../testdata/config/simple.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-access-key"
|
||||
regex = '''(?:a)'''
|
||||
@@ -0,0 +1,9 @@
|
||||
title = "override a built-in rule's secretGroup"
|
||||
|
||||
[extend]
|
||||
path = "../testdata/config/simple.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-access-key"
|
||||
regex = '''(a)(a)'''
|
||||
secretGroup = 2
|
||||
@@ -0,0 +1,8 @@
|
||||
title = "override a built-in rule's tags"
|
||||
|
||||
[extend]
|
||||
path = "../testdata/config/simple.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-access-key"
|
||||
tags = ["puppy"]
|
||||
+6
@@ -0,0 +1,6 @@
|
||||
[[rules]]
|
||||
id = "discord-api-key"
|
||||
description = "Discord API key"
|
||||
regex = '''(?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{64})['\"]'''
|
||||
secretGroup = 3
|
||||
entropy = 3.5
|
||||
+4
@@ -0,0 +1,4 @@
|
||||
[[rules]]
|
||||
description = "Python Files"
|
||||
id = "python-files-only"
|
||||
path = '''.py'''
|
||||
@@ -0,0 +1,5 @@
|
||||
[[rules]]
|
||||
id = "pypi-upload-token"
|
||||
description = "PyPI upload token"
|
||||
regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}'''
|
||||
tags = ["key", "pypi"]
|
||||
+17
@@ -0,0 +1,17 @@
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
)
|
||||
// seems safer
|
||||
aws_token := os.Getenv("AWS_TOKEN")
|
||||
package foo
|
||||
|
||||
import "fmt"
|
||||
|
||||
func Foo() {
|
||||
fmt.Println("foo")
|
||||
|
||||
// seems safe
|
||||
aws_token := "AKIALALEMEL33243OLIA"
|
||||
fmt.Println(aws_token)
|
||||
}
|
||||
Vendored
+67
@@ -0,0 +1,67 @@
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
)
|
||||
// seems safer
|
||||
aws_token := os.Getenv("AWS_TOKEN")
|
||||
package foo
|
||||
|
||||
import "fmt"
|
||||
|
||||
func Foo() {
|
||||
fmt.Println("foo")
|
||||
|
||||
// seems safe
|
||||
aws_token := "AKIALALEMEL33243OLIA"
|
||||
fmt.Println(aws_token)
|
||||
}
|
||||
package api
|
||||
|
||||
import "fmt"
|
||||
|
||||
func PrintHello() {
|
||||
fmt.Println("hello")
|
||||
}
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
)
|
||||
var a = "initial"
|
||||
fmt.Println(a)
|
||||
var b, c int = 1, 2
|
||||
fmt.Println(b, c)
|
||||
var d = true
|
||||
fmt.Println(d)
|
||||
var e int
|
||||
fmt.Println(e)
|
||||
// load secret via env
|
||||
awsToken := os.Getenv("AWS_TOKEN")
|
||||
|
||||
f := "apple"
|
||||
fmt.Println(f)
|
||||
|
||||
// opps I added a secret at line 20
|
||||
awsToken := "AKIALALEMEL33243OLIA"
|
||||
package main
|
||||
|
||||
import "fmt"
|
||||
|
||||
func main() {
|
||||
|
||||
var a = "initial"
|
||||
fmt.Println(a)
|
||||
|
||||
var b, c int = 1, 2
|
||||
fmt.Println(b, c)
|
||||
|
||||
var d = true
|
||||
fmt.Println(d)
|
||||
|
||||
var e int
|
||||
fmt.Println(e)
|
||||
|
||||
f := "apple"
|
||||
fmt.Println(f)
|
||||
}
|
||||
# test
|
||||
This is a repo used for testing gitleaks
|
||||
+2
@@ -0,0 +1,2 @@
|
||||
RuleID,Commit,File,SymlinkFile,Secret,Match,StartLine,EndLine,StartColumn,EndColumn,Author,Message,Date,Email,Fingerprint,Tags
|
||||
test-rule,0000000000000000,auth.py,,a secret,line containing secret,1,2,1,2,John Doe,opps,10-19-2003,johndoe@gmail.com,fingerprint,tag1 tag2 tag3
|
||||
|
Vendored
+1
@@ -0,0 +1 @@
|
||||
[]
|
||||
+22
@@ -0,0 +1,22 @@
|
||||
[
|
||||
{
|
||||
"RuleID": "test-rule",
|
||||
"Description": "",
|
||||
"StartLine": 1,
|
||||
"EndLine": 2,
|
||||
"StartColumn": 1,
|
||||
"EndColumn": 2,
|
||||
"Match": "line containing secret",
|
||||
"Secret": "a secret",
|
||||
"File": "auth.py",
|
||||
"SymlinkFile": "",
|
||||
"Commit": "0000000000000000",
|
||||
"Entropy": 0,
|
||||
"Author": "John Doe",
|
||||
"Email": "johndoe@gmail.com",
|
||||
"Date": "10-19-2003",
|
||||
"Message": "opps",
|
||||
"Tags": [],
|
||||
"Fingerprint": ""
|
||||
}
|
||||
]
|
||||
+4
@@ -0,0 +1,4 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<testsuites>
|
||||
<testsuite failures="0" name="gitleaks" tests="0" time=""></testsuite>
|
||||
</testsuites>
|
||||
+11
@@ -0,0 +1,11 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<testsuites>
|
||||
<testsuite failures="2" name="gitleaks" tests="2" time="">
|
||||
<testcase classname="Test Rule" file="auth.py" name="test-rule has detected a secret in file auth.py, line 1, at commit 0000000000000000." time="">
|
||||
<failure message="test-rule has detected a secret in file auth.py, line 1, at commit 0000000000000000." type="Test Rule">{
	"RuleID": "test-rule",
	"Description": "Test Rule",
	"StartLine": 1,
	"EndLine": 2,
	"StartColumn": 1,
	"EndColumn": 2,
	"Match": "line containing secret",
	"Secret": "a secret",
	"File": "auth.py",
	"SymlinkFile": "",
	"Commit": "0000000000000000",
	"Entropy": 0,
	"Author": "John Doe",
	"Email": "johndoe@gmail.com",
	"Date": "10-19-2003",
	"Message": "opps",
	"Tags": [],
	"Fingerprint": ""
}</failure>
|
||||
</testcase>
|
||||
<testcase classname="Test Rule" file="auth.py" name="test-rule has detected a secret in file auth.py, line 2." time="">
|
||||
<failure message="test-rule has detected a secret in file auth.py, line 2." type="Test Rule">{
	"RuleID": "test-rule",
	"Description": "Test Rule",
	"StartLine": 2,
	"EndLine": 3,
	"StartColumn": 1,
	"EndColumn": 2,
	"Match": "line containing secret",
	"Secret": "a secret",
	"File": "auth.py",
	"SymlinkFile": "",
	"Commit": "",
	"Entropy": 0,
	"Author": "",
	"Email": "",
	"Date": "",
	"Message": "",
	"Tags": [],
	"Fingerprint": ""
}</failure>
|
||||
</testcase>
|
||||
</testsuite>
|
||||
</testsuites>
|
||||
+69
@@ -0,0 +1,69 @@
|
||||
{
|
||||
"$schema": "https://json.schemastore.org/sarif-2.1.0.json",
|
||||
"version": "2.1.0",
|
||||
"runs": [
|
||||
{
|
||||
"tool": {
|
||||
"driver": {
|
||||
"name": "gitleaks",
|
||||
"semanticVersion": "v8.0.0",
|
||||
"informationUri": "https://github.com/gitleaks/gitleaks",
|
||||
"rules": [
|
||||
{
|
||||
"id": "aws-access-key",
|
||||
"shortDescription": {
|
||||
"text": "AWS Access Key"
|
||||
}
|
||||
},
|
||||
{
|
||||
"id": "pypi",
|
||||
"shortDescription": {
|
||||
"text": "PyPI upload token"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"results": [
|
||||
{
|
||||
"message": {
|
||||
"text": "test-rule has detected secret for file auth.py at commit 0000000000000000."
|
||||
},
|
||||
"ruleId": "test-rule",
|
||||
"locations": [
|
||||
{
|
||||
"physicalLocation": {
|
||||
"artifactLocation": {
|
||||
"uri": "auth.py"
|
||||
},
|
||||
"region": {
|
||||
"startLine": 1,
|
||||
"startColumn": 1,
|
||||
"endLine": 2,
|
||||
"endColumn": 2,
|
||||
"snippet": {
|
||||
"text": "a secret"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
],
|
||||
"partialFingerprints": {
|
||||
"commitSha": "0000000000000000",
|
||||
"email": "johndoe@gmail.com",
|
||||
"author": "John Doe",
|
||||
"date": "10-19-2003",
|
||||
"commitMessage": "opps"
|
||||
},
|
||||
"properties": {
|
||||
"tags": [
|
||||
"tag1",
|
||||
"tag2",
|
||||
"tag3"
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
@@ -0,0 +1,23 @@
|
||||
[
|
||||
{
|
||||
"Description": "A test rule",
|
||||
"StartLine": 1,
|
||||
"EndLine": 2,
|
||||
"StartColumn": 1,
|
||||
"EndColumn": 2,
|
||||
"Line": "whole line containing secret",
|
||||
"Match": "line containing secret",
|
||||
"Secret": "a secret",
|
||||
"File": "auth.py",
|
||||
"SymlinkFile": "",
|
||||
"Commit": "0000000000000000",
|
||||
"Entropy": 0,
|
||||
"Author": "John Doe",
|
||||
"Email": "johndoe@gmail.com",
|
||||
"Date": "10-19-2003",
|
||||
"Message": "opps",
|
||||
"Tags": ["tag1","tag2","tag3"],
|
||||
"RuleID": "test-rule",
|
||||
"Fingerprint": ""
|
||||
}
|
||||
]
|
||||
@@ -0,0 +1,3 @@
|
||||
| File | Line | Secret |
|
||||
|:-----|-----:|--------|
|
||||
| auth.py | 1 | "a secret" |
|
||||
+4
@@ -0,0 +1,4 @@
|
||||
foo\bar\gitleaks-false-positive.yaml:aws-access-token:4
|
||||
b55d88dc151f7022901cda41a03d43e0e508f2b7:test_data\test_local_repo_three_leaks.json:aws-access-token:73
|
||||
foo/bar/gitleaks-false-positive.yaml:aws-access-token:5
|
||||
# comment
|
||||
Vendored
+25
@@ -0,0 +1,25 @@
|
||||
[{{ $lastFinding := (sub (len . ) 1) }}
|
||||
{{- range $i, $finding := . }}{{with $finding}}
|
||||
{
|
||||
"Description": {{ quote .Description }},
|
||||
"StartLine": {{ .StartLine }},
|
||||
"EndLine": {{ .EndLine }},
|
||||
"StartColumn": {{ .StartColumn }},
|
||||
"EndColumn": {{ .EndColumn }},
|
||||
"Line": {{ quote .Line }},
|
||||
"Match": {{ quote .Match }},
|
||||
"Secret": {{ quote .Secret }},
|
||||
"File": "{{ .File }}",
|
||||
"SymlinkFile": {{ quote .SymlinkFile }},
|
||||
"Commit": {{ quote .Commit }},
|
||||
"Entropy": {{ .Entropy }},
|
||||
"Author": {{ quote .Author }},
|
||||
"Email": {{ quote .Email }},
|
||||
"Date": {{ quote .Date }},
|
||||
"Message": {{ quote .Message }},
|
||||
"Tags": [{{ $lastTag := (sub (len .Tags ) 1) }}{{ range $j, $tag := .Tags }}{{ quote . }}{{ if ne $j $lastTag }},{{ end }}{{ end }}],
|
||||
"RuleID": {{ quote .RuleID }},
|
||||
"Fingerprint": {{ quote .Fingerprint }}
|
||||
}{{ if ne $i $lastFinding }},{{ end }}
|
||||
{{- end}}{{ end }}
|
||||
]
|
||||
Vendored
+5
@@ -0,0 +1,5 @@
|
||||
| File | Line | Secret |
|
||||
|:-----|-----:|--------|
|
||||
{{ range . -}}
|
||||
| {{ .File }} | {{ .StartLine }} | {{ quote .Secret }} |
|
||||
{{ end -}}
|
||||
Vendored
+10
@@ -0,0 +1,10 @@
|
||||
# Archives
|
||||
|
||||
This repo has some archive files in its history!
|
||||
|
||||
Commits:
|
||||
|
||||
```
|
||||
07d2bd71800f1abf0421abe9bc4a83a6fdca1f68 nested.tar.gz
|
||||
db8789716fc664dbce0ed2d492570e92abf717a5 main.go.zst
|
||||
```
|
||||
Vendored
+1
@@ -0,0 +1 @@
|
||||
ref: refs/heads/main
|
||||
+1
@@ -0,0 +1 @@
|
||||
15fa60c13dccec6add267b7baa065977a6cc748a
|
||||
+13
@@ -0,0 +1,13 @@
|
||||
[core]
|
||||
repositoryformatversion = 0
|
||||
filemode = true
|
||||
bare = false
|
||||
logallrefupdates = true
|
||||
|
||||
[remote "origin"]
|
||||
url = git@github.com:gitleaks/test.git
|
||||
fetch = +refs/heads/*:refs/remotes/origin/*
|
||||
|
||||
[branch "main"]
|
||||
remote = origin
|
||||
merge = refs/heads/main
|
||||
+1
@@ -0,0 +1 @@
|
||||
Unnamed repository; edit this file 'description' to name the repository.
|
||||
Vendored
BIN
Binary file not shown.
+6
@@ -0,0 +1,6 @@
|
||||
# git ls-files --others --exclude-from=.git/info/exclude
|
||||
# Lines that start with '#' are comments.
|
||||
# For a project mostly in C, the following would be a good set of
|
||||
# exclude patterns (uncomment them if you want to use them):
|
||||
# *.[oa]
|
||||
# *~
|
||||
+1
@@ -0,0 +1 @@
|
||||
15fa60c13dccec6add267b7baa065977a6cc748a refs/heads/main
|
||||
Binary file not shown.
@@ -0,0 +1,2 @@
|
||||
P pack-9d774732f0e985d717a26e126e6574d089375b0d.pack
|
||||
|
||||
Vendored
BIN
Binary file not shown.
Vendored
BIN
Binary file not shown.
Vendored
BIN
Binary file not shown.
+2
@@ -0,0 +1,2 @@
|
||||
# pack-refs with: peeled fully-peeled sorted
|
||||
15fa60c13dccec6add267b7baa065977a6cc748a refs/heads/main
|
||||
Vendored
BIN
Binary file not shown.
Vendored
+6
@@ -0,0 +1,6 @@
|
||||
DB_HOST=example.com
|
||||
DB_PORT=443
|
||||
DB_USERNAME=postgres
|
||||
DB_PASSWORD=8ae31cacf141669ddfb5da
|
||||
DB_NAME=best_db
|
||||
DB_SSL=true
|
||||
Vendored
+1
@@ -0,0 +1 @@
|
||||
../testdata/repos/nogit/api.go:aws-access-key:20
|
||||
Vendored
+24
@@ -0,0 +1,24 @@
|
||||
package main
|
||||
|
||||
import "fmt"
|
||||
|
||||
func main() {
|
||||
|
||||
var a = "initial"
|
||||
fmt.Println(a)
|
||||
|
||||
var b, c int = 1, 2
|
||||
fmt.Println(b, c)
|
||||
|
||||
var d = true
|
||||
fmt.Println(d)
|
||||
|
||||
var e int
|
||||
fmt.Println(e)
|
||||
|
||||
// opps I added a secret at line 20
|
||||
awsToken := "AKIALALEMEL33243OLIA"
|
||||
|
||||
f := "apple"
|
||||
fmt.Println(f)
|
||||
}
|
||||
Vendored
+24
@@ -0,0 +1,24 @@
|
||||
package main
|
||||
|
||||
import "fmt"
|
||||
|
||||
func main() {
|
||||
|
||||
var a = "initial"
|
||||
fmt.Println(a)
|
||||
|
||||
var b, c int = 1, 2
|
||||
fmt.Println(b, c)
|
||||
|
||||
var d = true
|
||||
fmt.Println(d)
|
||||
|
||||
var e int
|
||||
fmt.Println(e)
|
||||
|
||||
// opps I added a secret at line 20
|
||||
awsToken := "AKIALALEMEL33243OLIA"
|
||||
|
||||
f := "apple"
|
||||
fmt.Println(f)
|
||||
}
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user