chore: import upstream snapshot with attribution
This commit is contained in:
Vendored
+21
@@ -0,0 +1,21 @@
|
||||
title = "gitleaks config"
|
||||
# https://learnxinyminutes.com/docs/toml/ for toml reference
|
||||
|
||||
[[rules]]
|
||||
id = "aws-access-key"
|
||||
description = "AWS Access Key"
|
||||
regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
|
||||
tags = ["key", "AWS"]
|
||||
|
||||
# Here to confirm that allowlists work in archives
|
||||
[[rules]]
|
||||
id = 'password'
|
||||
description = "Find the DB password in .env.prod"
|
||||
path = '''\.env\.prod$'''
|
||||
regex = '''(?i)password=([^\s]+)'''
|
||||
|
||||
# Now ignore it to confirm allowlists work
|
||||
[[allowlists]]
|
||||
paths = [
|
||||
'''\.env\.prod$''',
|
||||
]
|
||||
Vendored
+14
@@ -0,0 +1,14 @@
|
||||
title = "Fragment level composite rule"
|
||||
|
||||
[[rules]]
|
||||
id = "primary-rule"
|
||||
description = "Primary rule"
|
||||
regex = 'password\s*=\s*"([^"]+)"'
|
||||
[[rules.required]]
|
||||
id = "username-rule"
|
||||
|
||||
[[rules]]
|
||||
id = "username-rule"
|
||||
description = "Username rule"
|
||||
regex = 'username\s*=\s*"([^"]+)"'
|
||||
skipReport = true
|
||||
Vendored
+126
@@ -0,0 +1,126 @@
|
||||
# We want to be able to find this key regardless if it's b64 encoded or not
|
||||
[[rules]]
|
||||
id = 'private-key'
|
||||
description = 'Private Key'
|
||||
regex = '''(?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY(?: BLOCK)?-----[\s\S-]*?-----END[ A-Z0-9_-]{0,100}PRIVATE KEY(?: BLOCK)?-----'''
|
||||
tags = ['key', 'private']
|
||||
keywords = [
|
||||
'-----begin',
|
||||
]
|
||||
|
||||
# This exists to test what would happen if a normal rule matched something that
|
||||
# also gets decoded. We don't want to break anyone's existing rules that might
|
||||
# be looking for specific segments of b64 encoded data.
|
||||
[[rules]]
|
||||
id = 'b64-encoded-private-key'
|
||||
description = 'Private Key'
|
||||
regex = '''(?:LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0t|0tLS0tQkVHSU4gUFJJVkFURSBLRVktLS0tL|tLS0tLUJFR0lOIFBSSVZBVEUgS0VZLS0tLS)[a-zA-Z0-9+\/]+={0,3}'''
|
||||
tags = ['key', 'private']
|
||||
keywords = [
|
||||
'ls0tls1crudjtibquklwqvrfietfws0tls0t',
|
||||
'0tls0tqkvhsu4gufjjvkfursblrvktls0tl',
|
||||
'tls0tlujfr0loifbssvzbveugs0vzls0tls',
|
||||
]
|
||||
|
||||
|
||||
[[rules]]
|
||||
id = 'aws-iam-unique-identifier'
|
||||
description = 'AWS IAM Unique Identifier'
|
||||
# The funky not group at the beginning consists of ascii ranges
|
||||
regex = '''(?:^|[^!$-&\(-9<>-~])((?:A3T[A-Z0-9]|ACCA|ABIA|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16})\b'''
|
||||
tags = ['aws', 'identifier']
|
||||
entropy = 3.2
|
||||
secretGroup = 1
|
||||
keywords = [
|
||||
'a3t',
|
||||
'abia',
|
||||
'acca',
|
||||
'agpa',
|
||||
'aida',
|
||||
'aipa',
|
||||
'akia',
|
||||
'anpa',
|
||||
'anva',
|
||||
'aroa',
|
||||
'asia',
|
||||
]
|
||||
|
||||
[[rules]]
|
||||
id = 'aws-secret-access-key'
|
||||
description = 'AWS Secret Access Key'
|
||||
regex = '''(?i)aws[\w\-]{0,32}[\'\"]?\s*?[:=\(]\s*?[\'\"]?([a-z0-9\/+]{40})\b'''
|
||||
tags = ['aws', 'secret']
|
||||
entropy = 4
|
||||
secretGroup = 1
|
||||
keywords = [
|
||||
'aws',
|
||||
]
|
||||
|
||||
[[rules]]
|
||||
# Use a small one for making sure things shifting around are kept up with
|
||||
# appropriately
|
||||
id = 'small-secret'
|
||||
description = 'Small Secret'
|
||||
regex = '''\bsmall-secret\b'''
|
||||
tags = ['small', 'secret']
|
||||
|
||||
[[rules]]
|
||||
# When the example value is decoded this will overlap and this is here to
|
||||
# test that the location information is reported accurately when the match
|
||||
# goes outside the bounds of the encoded value
|
||||
id = 'overlapping'
|
||||
description = 'Overlapping'
|
||||
regex = '''secret=(decoded-secret-value\w*)'''
|
||||
tags = ['overlapping']
|
||||
secretGroup = 1
|
||||
|
||||
# -----BEGIN REGEX TARGET DECODED MATCH PATTERNS-----
|
||||
[[rules]]
|
||||
id = 'decoded-password-dont-ignore'
|
||||
description = 'Make sure this would be detected with no allowlist'
|
||||
regex = '''password\s*=\s*\"([^\"]+please-ignore-me[^\"]+)\"'''
|
||||
tags = ['decode-ignore']
|
||||
secretGroup = 1
|
||||
|
||||
[[rules]]
|
||||
id = 'decoded-password-ignore-secret'
|
||||
description = 'Test ignore on decoded secrets: regexTarget = "secret"'
|
||||
regex = '''password\s*=\s*\"([^\"]+please-ignore-me[^\"]+)\"'''
|
||||
tags = ['decode-ignore']
|
||||
secretGroup = 1
|
||||
|
||||
[[rules.allowlists]]
|
||||
regexTarget = 'secret'
|
||||
regexes = [
|
||||
# The decoded segment that we are testing against
|
||||
'please-ignore-me',
|
||||
]
|
||||
|
||||
[[rules]]
|
||||
id = 'decoded-password-ignore-match'
|
||||
description = 'Test ignore on decoded secrets: regexTarget = "match"'
|
||||
regex = '''password\s*=\s*\"([^\"]+please-ignore-me[^\"]+)\"'''
|
||||
tags = ['decode-ignore']
|
||||
secretGroup = 1
|
||||
|
||||
[[rules.allowlists]]
|
||||
regexTarget = 'match'
|
||||
regexes = [
|
||||
# The decoded segment that we are testing against
|
||||
'please-ignore-me',
|
||||
]
|
||||
|
||||
[[rules]]
|
||||
id = 'decoded-password-ignore-line'
|
||||
description = 'Test ignore on decoded secrets: regexTarget = "line"'
|
||||
regex = '''password\s*=\s*\"([^\"]+please-ignore-me[^\"]+)\"'''
|
||||
tags = ['decode-ignore']
|
||||
secretGroup = 1
|
||||
|
||||
[[rules.allowlists]]
|
||||
regexTarget = 'line'
|
||||
regexes = [
|
||||
# The decoded segment that we are testing against
|
||||
'please-ignore-me',
|
||||
]
|
||||
# -----END REGEX TARGET DECODED MATCH PATTERNS-----
|
||||
Vendored
+10
@@ -0,0 +1,10 @@
|
||||
title = "gitleaks config"
|
||||
|
||||
[[rules]]
|
||||
id = "generic-api-key"
|
||||
description = "Generic API Key"
|
||||
regex = '''(?i)(?:key|api|token|secret|client|passwd|password|auth|access)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-z\-_.=]{10,150})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
|
||||
entropy = 3.5
|
||||
keywords = [
|
||||
"key","api","token","secret","client","passwd","password","auth","access",
|
||||
]
|
||||
+35
@@ -0,0 +1,35 @@
|
||||
title = "gitleaks config"
|
||||
|
||||
[[rules]]
|
||||
id = "generic-api-key"
|
||||
description = "Generic API Key"
|
||||
path = '''.py'''
|
||||
regex = '''(?i)((key|api|token|secret|password)[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9a-zA-Z\-_=]{8,64})['\"]'''
|
||||
secretGroup = 4
|
||||
entropy = 3.7
|
||||
|
||||
[allowlist]
|
||||
description = "global allow lists"
|
||||
paths = [
|
||||
'''gitleaks.toml''',
|
||||
'''(.*?)(jpg|gif|doc|pdf|bin|svg|socket)$''',
|
||||
'''(go.mod|go.sum)$'''
|
||||
]
|
||||
regexes = [
|
||||
'''219-09-9999''',
|
||||
'''078-05-1120''',
|
||||
'''(9[0-9]{2}|666)-\d{2}-\d{4}''',
|
||||
'''process''',
|
||||
'''getenv''',
|
||||
'''\.env''',
|
||||
'''env\(''',
|
||||
'''env\.''',
|
||||
'''setting''',
|
||||
'''load''',
|
||||
'''token''',
|
||||
'''password''',
|
||||
'''secret''',
|
||||
'''api\_key''',
|
||||
'''apikey''',
|
||||
'''api\-key''',
|
||||
]
|
||||
@@ -0,0 +1,2 @@
|
||||
|
||||
[[allowlists]]
|
||||
@@ -0,0 +1,4 @@
|
||||
[allowlist]
|
||||
regexes = ['''123''']
|
||||
[[allowlists]]
|
||||
regexes = ['''456''']
|
||||
@@ -0,0 +1,3 @@
|
||||
[[allowlists]]
|
||||
regexTarget = "mtach"
|
||||
regexes = ['''456''']
|
||||
@@ -0,0 +1,7 @@
|
||||
[[rules]]
|
||||
id = "github-app-token"
|
||||
regex = '''(?:ghu|ghs)_[0-9a-zA-Z]{36}'''
|
||||
|
||||
[[allowlists]]
|
||||
targetRules = ["github-app-token", "github-pat"]
|
||||
regexes = ['''.*fake.*''']
|
||||
@@ -0,0 +1,4 @@
|
||||
[[rules]]
|
||||
id = "example"
|
||||
regex = '''example\d+'''
|
||||
[[rules.allowlists]]
|
||||
@@ -0,0 +1,7 @@
|
||||
[[rules]]
|
||||
id = "example"
|
||||
regex = '''example\d+'''
|
||||
[rules.allowlist]
|
||||
regexes = ['''123''']
|
||||
[[rules.allowlists]]
|
||||
regexes = ['''456''']
|
||||
@@ -0,0 +1,6 @@
|
||||
[[rules]]
|
||||
id = "example"
|
||||
regex = '''example\d+'''
|
||||
[[rules.allowlists]]
|
||||
regexTarget = "mtach"
|
||||
regexes = ['''456''']
|
||||
@@ -0,0 +1,10 @@
|
||||
title = "gitleaks extended 1"
|
||||
|
||||
[extend]
|
||||
path="../testdata/config/invalid/does_not_exist.toml"
|
||||
|
||||
[[rules]]
|
||||
description = "AWS Access Key"
|
||||
id = "aws-access-key"
|
||||
regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
|
||||
tags = ["key", "AWS"]
|
||||
@@ -0,0 +1,7 @@
|
||||
[extend]
|
||||
useDefault = true
|
||||
|
||||
[[rules]]
|
||||
|
||||
[[rules.allowlists]]
|
||||
paths = ['^.*\.(xml|log|json)$']
|
||||
+8
@@ -0,0 +1,8 @@
|
||||
title = "gitleaks config"
|
||||
|
||||
[[rules]]
|
||||
id = "discord-api-key"
|
||||
description = "Discord API key"
|
||||
regex = '''(?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{64})['\"]'''
|
||||
secretGroup = 5
|
||||
entropy = 3.5
|
||||
+7
@@ -0,0 +1,7 @@
|
||||
title = "gitleaks config"
|
||||
|
||||
[[rules]]
|
||||
description = "Discord API key"
|
||||
regex = '''(?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{64})['\"]'''
|
||||
secretGroup = 5
|
||||
entropy = 3.5
|
||||
+5
@@ -0,0 +1,5 @@
|
||||
title = "gitleaks config"
|
||||
|
||||
[[rules]]
|
||||
id = 'discord-api-key'
|
||||
description = "Discord API key"
|
||||
Vendored
+227
@@ -0,0 +1,227 @@
|
||||
title = "gitleaks config"
|
||||
# https://learnxinyminutes.com/docs/toml/ for toml reference
|
||||
|
||||
[[rules]]
|
||||
description = "1Password Secret Key"
|
||||
id = "1password-secret-key"
|
||||
regex = '''A3-[A-Z0-9]{6}-(?:(?:[A-Z0-9]{11})|(?:[A-Z0-9]{6}-[A-Z0-9]{5}))-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}'''
|
||||
tags = ["1Password"]
|
||||
|
||||
[[rules]]
|
||||
description = "AWS Access Key"
|
||||
id = "aws-access-key"
|
||||
regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
|
||||
tags = ["key", "AWS"]
|
||||
|
||||
[[rules]]
|
||||
description = "AWS Secret Key"
|
||||
id = "aws-secret-key"
|
||||
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
|
||||
tags = ["key", "AWS"]
|
||||
|
||||
[[rules]]
|
||||
description = "AWS MWS key"
|
||||
id = "aws-mws-key"
|
||||
regex = '''amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
|
||||
tags = ["key", "AWS", "MWS"]
|
||||
|
||||
[[rules]]
|
||||
description = "Facebook Secret Key"
|
||||
id = "facebook-secret-key"
|
||||
regex = '''(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]'''
|
||||
tags = ["key", "Facebook"]
|
||||
|
||||
[[rules]]
|
||||
description = "Facebook Client ID"
|
||||
id = "facebook-client-id"
|
||||
regex = '''(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]'''
|
||||
tags = ["key", "Facebook"]
|
||||
|
||||
[[rules]]
|
||||
description = "Twitter Secret Key"
|
||||
id = "twitter-secret-key"
|
||||
regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}['\"]'''
|
||||
tags = ["key", "Twitter"]
|
||||
|
||||
[[rules]]
|
||||
description = "Twitter Client ID"
|
||||
id = "twitter-client-id"
|
||||
regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{18,25}['\"]'''
|
||||
tags = ["client", "Twitter"]
|
||||
|
||||
[[rules]]
|
||||
description = "Github Personal Access Token"
|
||||
id = "github-pat"
|
||||
regex = '''ghp_[0-9a-zA-Z]{36}'''
|
||||
tags = ["key", "Github"]
|
||||
[[rules]]
|
||||
description = "Github OAuth Access Token"
|
||||
id = "github-oauth"
|
||||
regex = '''gho_[0-9a-zA-Z]{36}'''
|
||||
tags = ["key", "Github"]
|
||||
[[rules]]
|
||||
id = "github-app"
|
||||
description = "Github App Token"
|
||||
regex = '''(ghu|ghs)_[0-9a-zA-Z]{36}'''
|
||||
tags = ["key", "Github"]
|
||||
[[rules]]
|
||||
id = "github-refresh"
|
||||
description = "Github Refresh Token"
|
||||
regex = '''ghr_[0-9a-zA-Z]{76}'''
|
||||
tags = ["key", "Github"]
|
||||
|
||||
[[rules]]
|
||||
id = "linkedin-client"
|
||||
description = "LinkedIn Client ID"
|
||||
regex = '''(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}'''
|
||||
tags = ["client", "LinkedIn"]
|
||||
|
||||
[[rules]]
|
||||
id = "linkedin-secret"
|
||||
description = "LinkedIn Secret Key"
|
||||
regex = '''(?i)linkedin(.{0,20})?[0-9a-z]{16}'''
|
||||
tags = ["secret", "LinkedIn"]
|
||||
|
||||
[[rules]]
|
||||
id = "slack"
|
||||
description = "Slack"
|
||||
regex = '''xox[baprs]-(?:[0-9a-zA-Z]{10,48})?'''
|
||||
tags = ["key", "Slack"]
|
||||
|
||||
[[rules]]
|
||||
id = "apkey"
|
||||
description = "Asymmetric Private Key"
|
||||
regex = '''-----BEGIN (?:(?:EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY(?: BLOCK)?-----'''
|
||||
tags = ["key", "AsymmetricPrivateKey"]
|
||||
|
||||
[[rules]]
|
||||
id = "google"
|
||||
description = "Google API key"
|
||||
regex = '''AIza[0-9A-Za-z\-_]{35}'''
|
||||
tags = ["key", "Google"]
|
||||
|
||||
[[rules]]
|
||||
id = "google"
|
||||
description = "Google (GCP) Service Account"
|
||||
regex = '''"type": "service_account"'''
|
||||
tags = ["key", "Google"]
|
||||
|
||||
[[rules]]
|
||||
id = "heroku"
|
||||
description = "Heroku API key"
|
||||
regex = '''(?i)heroku(.{0,20})?[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
|
||||
tags = ["key", "Heroku"]
|
||||
|
||||
[[rules]]
|
||||
id = "mailchimp"
|
||||
description = "MailChimp API key"
|
||||
regex = '''(?i)(mailchimp|mc)(.{0,20})?[0-9a-f]{32}-us[0-9]{1,2}'''
|
||||
tags = ["key", "Mailchimp"]
|
||||
|
||||
[[rules]]
|
||||
id = "mailgun"
|
||||
description = "Mailgun API key"
|
||||
regex = '''((?i)(mailgun|mg)(.{0,20})?)?key-[0-9a-z]{32}'''
|
||||
tags = ["key", "Mailgun"]
|
||||
|
||||
[[rules]]
|
||||
id = "paypal"
|
||||
description = "PayPal Braintree access token"
|
||||
regex = '''access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'''
|
||||
tags = ["key", "Paypal"]
|
||||
|
||||
[[rules]]
|
||||
id = "piacatic"
|
||||
description = "Picatic API key"
|
||||
regex = '''sk_live_[0-9a-z]{32}'''
|
||||
tags = ["key", "Picatic"]
|
||||
|
||||
[[rules]]
|
||||
id = "sendgrid"
|
||||
description = "SendGrid API Key"
|
||||
regex = '''SG\.[\w_]{16,32}\.[\w_]{16,64}'''
|
||||
tags = ["key", "SendGrid"]
|
||||
|
||||
[[rules]]
|
||||
description = "Sidekiq Secret"
|
||||
id = "sidekiq-secret"
|
||||
regex = '''(?i)(?:BUNDLE_ENTERPRISE__CONTRIBSYS__COM|BUNDLE_GEMS__CONTRIBSYS__COM)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{8}:[a-f0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
|
||||
secretGroup = 1
|
||||
keywords = [
|
||||
"bundle_enterprise__contribsys__com","bundle_gems__contribsys__com",
|
||||
]
|
||||
|
||||
[[rules]]
|
||||
description = "Sidekiq Sensitive URL"
|
||||
id = "sidekiq-sensitive-url"
|
||||
regex = '''(?i)\b(http(?:s??):\/\/)([a-f0-9]{8}:[a-f0-9]{8})@(?:gems.contribsys.com|enterprise.contribsys.com)(?:[\/|\#|\?|:]|$)'''
|
||||
secretGroup = 2
|
||||
keywords = [
|
||||
"gems.contribsys.com","enterprise.contribsys.com",
|
||||
]
|
||||
|
||||
[[rules]]
|
||||
id = "slack-webhook"
|
||||
description = "Slack Webhook"
|
||||
regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8,12}/[a-zA-Z0-9_]{24}'''
|
||||
tags = ["key", "slack"]
|
||||
|
||||
[[rules]]
|
||||
id = "stripe"
|
||||
description = "Stripe API key"
|
||||
regex = '''(?i)stripe(.{0,20})?[sr]k_live_[0-9a-zA-Z]{24}'''
|
||||
tags = ["key", "Stripe"]
|
||||
|
||||
[[rules]]
|
||||
id = "square"
|
||||
description = "Square access token"
|
||||
regex = '''sq0atp-[0-9A-Za-z\-_]{22}'''
|
||||
tags = ["key", "square"]
|
||||
|
||||
[[rules]]
|
||||
id = "square-oauth"
|
||||
description = "Square OAuth secret"
|
||||
regex = '''sq0csp-[0-9A-Za-z\-_]{43}'''
|
||||
tags = ["key", "square"]
|
||||
|
||||
[[rules]]
|
||||
id = "twilio"
|
||||
description = "Twilio API key"
|
||||
regex = '''(?i)twilio(.{0,20})?SK[0-9a-f]{32}'''
|
||||
tags = ["key", "twilio"]
|
||||
|
||||
[[rules]]
|
||||
id = "dynatrace"
|
||||
description = "Dynatrace ttoken"
|
||||
regex = '''dt0[a-zA-Z]{1}[0-9]{2}\.[A-Z0-9]{24}\.[A-Z0-9]{64}'''
|
||||
tags = ["key", "Dynatrace"]
|
||||
|
||||
[[rules]]
|
||||
id = "shopify"
|
||||
description = "Shopify shared secret"
|
||||
regex = '''shpss_[a-fA-F0-9]{32}'''
|
||||
tags = ["key", "Shopify"]
|
||||
|
||||
[[rules]]
|
||||
id = "shopify-access"
|
||||
description = "Shopify access token"
|
||||
regex = '''shpat_[a-fA-F0-9]{32}'''
|
||||
tags = ["key", "Shopify"]
|
||||
|
||||
[[rules]]
|
||||
id = "shopify-custom"
|
||||
description = "Shopify custom app access token"
|
||||
regex = '''shpca_[a-fA-F0-9]{32}'''
|
||||
tags = ["key", "Shopify"]
|
||||
|
||||
[[rules]]
|
||||
id = "shopify-private"
|
||||
description = "Shopify private app access token"
|
||||
regex = '''shppa_[a-fA-F0-9]{32}'''
|
||||
tags = ["key", "Shopify"]
|
||||
|
||||
[[rules]]
|
||||
id = "pypi"
|
||||
description = "PyPI upload token"
|
||||
regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}'''
|
||||
tags = ["key", "pypi"]
|
||||
@@ -0,0 +1,10 @@
|
||||
[[rules]]
|
||||
id = "test"
|
||||
regex = '''token = "(.+)"'''
|
||||
|
||||
[[allowlists]]
|
||||
regexes = ["^changeit$"]
|
||||
[[allowlists]]
|
||||
condition = "AND"
|
||||
paths = ["^node_modules/.*"]
|
||||
stopwords = ["mock"]
|
||||
@@ -0,0 +1,2 @@
|
||||
[allowlist]
|
||||
stopwords = ["0989c462-69c9-49fa-b7d2-30dc5c576a97"]
|
||||
@@ -0,0 +1,2 @@
|
||||
[allowlist]
|
||||
regexes = ['''AKIALALEM.L33243OLIA''']
|
||||
@@ -0,0 +1,20 @@
|
||||
[[rules]]
|
||||
id = "github-app-token"
|
||||
regex = '''(?:ghu|ghs)_[0-9a-zA-Z]{36}'''
|
||||
|
||||
[[rules]]
|
||||
id = "github-oauth"
|
||||
regex = '''gho_[0-9a-zA-Z]{36}'''
|
||||
|
||||
[[rules]]
|
||||
id = "github-pat"
|
||||
regex = '''ghp_[0-9a-zA-Z]{36}'''
|
||||
|
||||
|
||||
[[allowlists]]
|
||||
regexes = ['''.*fake.*''']
|
||||
[[allowlists]]
|
||||
targetRules = ["github-app-token", "github-pat"]
|
||||
paths = [
|
||||
'''(?:^|/)@octokit/auth-token/README\.md$''',
|
||||
]
|
||||
@@ -0,0 +1,9 @@
|
||||
title = "simple config with allowlist for a specific commit"
|
||||
|
||||
[[rules]]
|
||||
description = "AWS Access Key"
|
||||
id = "aws-access-key"
|
||||
regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
|
||||
tags = ["key", "AWS"]
|
||||
[[rules.allowlists]]
|
||||
commits = ['''allowthiscommit''']
|
||||
@@ -0,0 +1,11 @@
|
||||
# https://github.com/gitleaks/gitleaks/issues/1844
|
||||
[extend]
|
||||
useDefault = true
|
||||
|
||||
[[rules]]
|
||||
id = "generic-api-key"
|
||||
[[rules.allowlists]]
|
||||
description = "Exclude a specific file from generic-api-key rule"
|
||||
paths = [
|
||||
'''^path/to/your/problematic/file\.js$'''
|
||||
]
|
||||
@@ -0,0 +1,5 @@
|
||||
[[rules]]
|
||||
id = "example"
|
||||
regex = '''example\d+'''
|
||||
[rules.allowlist]
|
||||
regexes = ['''123''']
|
||||
@@ -0,0 +1,9 @@
|
||||
title = "simple config with allowlist for .go files"
|
||||
|
||||
[[rules]]
|
||||
description = "AWS Access Key"
|
||||
id = "aws-access-key"
|
||||
regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
|
||||
tags = ["key", "AWS"]
|
||||
[[rules.allowlists]]
|
||||
paths = ['''.go''']
|
||||
@@ -0,0 +1,9 @@
|
||||
title = "simple config with allowlist for aws"
|
||||
|
||||
[[rules]]
|
||||
description = "AWS Access Key"
|
||||
id = "aws-access-key"
|
||||
regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
|
||||
tags = ["key", "AWS"]
|
||||
[[rules.allowlists]]
|
||||
regexes = ['''AKIALALEMEL33243OLIA''']
|
||||
Vendored
+8
@@ -0,0 +1,8 @@
|
||||
[extend]
|
||||
path="../testdata/config/valid/extend_base_1.toml"
|
||||
|
||||
[[rules]]
|
||||
description = "AWS Secret Key"
|
||||
id = "aws-secret-key"
|
||||
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
|
||||
tags = ["key", "AWS"]
|
||||
+10
@@ -0,0 +1,10 @@
|
||||
title = "gitleaks extended 1"
|
||||
|
||||
[extend]
|
||||
path="../testdata/config/valid/extend_base_2.toml"
|
||||
|
||||
[[rules]]
|
||||
description = "AWS Access Key"
|
||||
id = "aws-access-key"
|
||||
regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
|
||||
tags = ["key", "AWS"]
|
||||
+10
@@ -0,0 +1,10 @@
|
||||
title = "gitleaks extended 2"
|
||||
|
||||
[extend]
|
||||
path="../testdata/config/extend_3.toml"
|
||||
|
||||
[[rules]]
|
||||
description = "AWS Secret Key"
|
||||
id = "aws-secret-key-again"
|
||||
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
|
||||
tags = ["key", "AWS"]
|
||||
+9
@@ -0,0 +1,9 @@
|
||||
title = "gitleaks extended 3"
|
||||
|
||||
## This should not be loaded since we can only extend configs to a depth of 3
|
||||
|
||||
[[rules]]
|
||||
id = "aws-secret-key-again-again"
|
||||
description = "AWS Secret Key"
|
||||
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
|
||||
tags = ["key", "AWS"]
|
||||
@@ -0,0 +1,8 @@
|
||||
title = "gitleaks extended 3"
|
||||
|
||||
[extend]
|
||||
path="../testdata/config/valid/extend_rule_keywords_base.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-secret-key-again-again"
|
||||
description = "A new description"
|
||||
+11
@@ -0,0 +1,11 @@
|
||||
title = "gitleaks extend disable"
|
||||
|
||||
[extend]
|
||||
path = "../testdata/config/valid/extend_disabled_base.toml"
|
||||
disabledRules = [
|
||||
'custom-rule1'
|
||||
]
|
||||
|
||||
[[rules]]
|
||||
id = "pypi-upload-token"
|
||||
regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}'''
|
||||
+11
@@ -0,0 +1,11 @@
|
||||
title = "gitleaks extended 3"
|
||||
|
||||
|
||||
[[rules]]
|
||||
id = "aws-secret-key"
|
||||
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
|
||||
tags = ["key", "AWS"]
|
||||
|
||||
[[rules]]
|
||||
id = "custom-rule1"
|
||||
regex = '''[Cc]ustom!'''
|
||||
@@ -0,0 +1,14 @@
|
||||
title = "gitleaks extended 3"
|
||||
|
||||
[extend]
|
||||
path="../testdata/config/valid/extend_rule_allowlist_base.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-secret-key-again-again"
|
||||
[[rules.allowlists]]
|
||||
condition = "AND"
|
||||
commits = ['''abcdefg1''']
|
||||
regexes = ['''foo.+bar''']
|
||||
regexTarget = "line"
|
||||
paths = ['''ignore\.xaml''']
|
||||
stopwords = ['''example''']
|
||||
@@ -0,0 +1,11 @@
|
||||
title = "gitleaks extended 3"
|
||||
|
||||
## This should not be loaded since we can only extend configs to a depth of 3
|
||||
|
||||
[[rules]]
|
||||
id = "aws-secret-key-again-again"
|
||||
description = "AWS Secret Key"
|
||||
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
|
||||
tags = ["key", "AWS"]
|
||||
[[rules.allowlists]]
|
||||
stopwords = ["fake"]
|
||||
@@ -0,0 +1,13 @@
|
||||
title = "gitleaks extended 3"
|
||||
|
||||
[extend]
|
||||
path="../testdata/config/valid/extend_rule_allowlist_base.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-secret-key-again-again"
|
||||
[[rules.allowlists]]
|
||||
commits = ['''abcdefg1''']
|
||||
regexes = ['''foo.+bar''']
|
||||
regexTarget = "line"
|
||||
paths = ['''ignore\.xaml''']
|
||||
stopwords = ['''example''']
|
||||
@@ -0,0 +1,12 @@
|
||||
title = "gitleaks extended 3"
|
||||
|
||||
## This should not be loaded since we can only extend configs to a depth of 3
|
||||
|
||||
[[rules]]
|
||||
id = "aws-secret-key-again-again"
|
||||
description = "AWS Secret Key"
|
||||
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
|
||||
tags = ["key", "AWS"]
|
||||
keywords = ["AWS"]
|
||||
[[rules.allowlists]]
|
||||
stopwords = ["fake"]
|
||||
+8
@@ -0,0 +1,8 @@
|
||||
title = "gitleaks extended 3"
|
||||
|
||||
[extend]
|
||||
path="../testdata/config/valid/extend_rule_keywords_base.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-rule-that-is-not-in-base"
|
||||
keywords = ["CMS"]
|
||||
@@ -0,0 +1,8 @@
|
||||
[extend]
|
||||
path="../testdata/config/valid/extend_base_3.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-secret-key-again-again"
|
||||
[[rules.allowlists]]
|
||||
description = "False positive. Keys used for colors match the rule, and should be excluded."
|
||||
paths = ['''something.py''']
|
||||
@@ -0,0 +1,8 @@
|
||||
title = "override a built-in rule's description"
|
||||
|
||||
[extend]
|
||||
path = "../testdata/config/simple.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-access-key"
|
||||
description = "Puppy Doggy"
|
||||
@@ -0,0 +1,8 @@
|
||||
title = "override a built-in rule's entropy"
|
||||
|
||||
[extend]
|
||||
path = "../testdata/config/simple.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-access-key"
|
||||
entropy = 999
|
||||
@@ -0,0 +1,8 @@
|
||||
title = "override a built-in rule's keywords"
|
||||
|
||||
[extend]
|
||||
path = "../testdata/config/simple.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-access-key"
|
||||
keywords = ["puppy"]
|
||||
@@ -0,0 +1,8 @@
|
||||
title = "override a built-in rule's path"
|
||||
|
||||
[extend]
|
||||
path = "../testdata/config/simple.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-access-key"
|
||||
path = '''(?:puppy)'''
|
||||
@@ -0,0 +1,8 @@
|
||||
title = "override a built-in rule's regex"
|
||||
|
||||
[extend]
|
||||
path = "../testdata/config/simple.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-access-key"
|
||||
regex = '''(?:a)'''
|
||||
@@ -0,0 +1,9 @@
|
||||
title = "override a built-in rule's secretGroup"
|
||||
|
||||
[extend]
|
||||
path = "../testdata/config/simple.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-access-key"
|
||||
regex = '''(a)(a)'''
|
||||
secretGroup = 2
|
||||
@@ -0,0 +1,8 @@
|
||||
title = "override a built-in rule's tags"
|
||||
|
||||
[extend]
|
||||
path = "../testdata/config/simple.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-access-key"
|
||||
tags = ["puppy"]
|
||||
+6
@@ -0,0 +1,6 @@
|
||||
[[rules]]
|
||||
id = "discord-api-key"
|
||||
description = "Discord API key"
|
||||
regex = '''(?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{64})['\"]'''
|
||||
secretGroup = 3
|
||||
entropy = 3.5
|
||||
+4
@@ -0,0 +1,4 @@
|
||||
[[rules]]
|
||||
description = "Python Files"
|
||||
id = "python-files-only"
|
||||
path = '''.py'''
|
||||
@@ -0,0 +1,5 @@
|
||||
[[rules]]
|
||||
id = "pypi-upload-token"
|
||||
description = "PyPI upload token"
|
||||
regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}'''
|
||||
tags = ["key", "pypi"]
|
||||
Reference in New Issue
Block a user