chore: import upstream snapshot with attribution
gitleaks / gitleaks (push) Has been skipped
Test / test (ubuntu-latest) (push) Failing after 0s
Test / test (windows-latest) (push) Has been cancelled

This commit is contained in:
wehub-resource-sync
2026-07-13 12:12:29 +08:00
commit 48b3ccf279
454 changed files with 32865 additions and 0 deletions
+21
View File
@@ -0,0 +1,21 @@
title = "gitleaks config"
# https://learnxinyminutes.com/docs/toml/ for toml reference
[[rules]]
id = "aws-access-key"
description = "AWS Access Key"
regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
tags = ["key", "AWS"]
# Here to confirm that allowlists work in archives
[[rules]]
id = 'password'
description = "Find the DB password in .env.prod"
path = '''\.env\.prod$'''
regex = '''(?i)password=([^\s]+)'''
# Now ignore it to confirm allowlists work
[[allowlists]]
paths = [
'''\.env\.prod$''',
]
+14
View File
@@ -0,0 +1,14 @@
title = "Fragment level composite rule"
[[rules]]
id = "primary-rule"
description = "Primary rule"
regex = 'password\s*=\s*"([^"]+)"'
[[rules.required]]
id = "username-rule"
[[rules]]
id = "username-rule"
description = "Username rule"
regex = 'username\s*=\s*"([^"]+)"'
skipReport = true
+126
View File
@@ -0,0 +1,126 @@
# We want to be able to find this key regardless if it's b64 encoded or not
[[rules]]
id = 'private-key'
description = 'Private Key'
regex = '''(?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY(?: BLOCK)?-----[\s\S-]*?-----END[ A-Z0-9_-]{0,100}PRIVATE KEY(?: BLOCK)?-----'''
tags = ['key', 'private']
keywords = [
'-----begin',
]
# This exists to test what would happen if a normal rule matched something that
# also gets decoded. We don't want to break anyone's existing rules that might
# be looking for specific segments of b64 encoded data.
[[rules]]
id = 'b64-encoded-private-key'
description = 'Private Key'
regex = '''(?:LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0t|0tLS0tQkVHSU4gUFJJVkFURSBLRVktLS0tL|tLS0tLUJFR0lOIFBSSVZBVEUgS0VZLS0tLS)[a-zA-Z0-9+\/]+={0,3}'''
tags = ['key', 'private']
keywords = [
'ls0tls1crudjtibquklwqvrfietfws0tls0t',
'0tls0tqkvhsu4gufjjvkfursblrvktls0tl',
'tls0tlujfr0loifbssvzbveugs0vzls0tls',
]
[[rules]]
id = 'aws-iam-unique-identifier'
description = 'AWS IAM Unique Identifier'
# The funky not group at the beginning consists of ascii ranges
regex = '''(?:^|[^!$-&\(-9<>-~])((?:A3T[A-Z0-9]|ACCA|ABIA|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16})\b'''
tags = ['aws', 'identifier']
entropy = 3.2
secretGroup = 1
keywords = [
'a3t',
'abia',
'acca',
'agpa',
'aida',
'aipa',
'akia',
'anpa',
'anva',
'aroa',
'asia',
]
[[rules]]
id = 'aws-secret-access-key'
description = 'AWS Secret Access Key'
regex = '''(?i)aws[\w\-]{0,32}[\'\"]?\s*?[:=\(]\s*?[\'\"]?([a-z0-9\/+]{40})\b'''
tags = ['aws', 'secret']
entropy = 4
secretGroup = 1
keywords = [
'aws',
]
[[rules]]
# Use a small one for making sure things shifting around are kept up with
# appropriately
id = 'small-secret'
description = 'Small Secret'
regex = '''\bsmall-secret\b'''
tags = ['small', 'secret']
[[rules]]
# When the example value is decoded this will overlap and this is here to
# test that the location information is reported accurately when the match
# goes outside the bounds of the encoded value
id = 'overlapping'
description = 'Overlapping'
regex = '''secret=(decoded-secret-value\w*)'''
tags = ['overlapping']
secretGroup = 1
# -----BEGIN REGEX TARGET DECODED MATCH PATTERNS-----
[[rules]]
id = 'decoded-password-dont-ignore'
description = 'Make sure this would be detected with no allowlist'
regex = '''password\s*=\s*\"([^\"]+please-ignore-me[^\"]+)\"'''
tags = ['decode-ignore']
secretGroup = 1
[[rules]]
id = 'decoded-password-ignore-secret'
description = 'Test ignore on decoded secrets: regexTarget = "secret"'
regex = '''password\s*=\s*\"([^\"]+please-ignore-me[^\"]+)\"'''
tags = ['decode-ignore']
secretGroup = 1
[[rules.allowlists]]
regexTarget = 'secret'
regexes = [
# The decoded segment that we are testing against
'please-ignore-me',
]
[[rules]]
id = 'decoded-password-ignore-match'
description = 'Test ignore on decoded secrets: regexTarget = "match"'
regex = '''password\s*=\s*\"([^\"]+please-ignore-me[^\"]+)\"'''
tags = ['decode-ignore']
secretGroup = 1
[[rules.allowlists]]
regexTarget = 'match'
regexes = [
# The decoded segment that we are testing against
'please-ignore-me',
]
[[rules]]
id = 'decoded-password-ignore-line'
description = 'Test ignore on decoded secrets: regexTarget = "line"'
regex = '''password\s*=\s*\"([^\"]+please-ignore-me[^\"]+)\"'''
tags = ['decode-ignore']
secretGroup = 1
[[rules.allowlists]]
regexTarget = 'line'
regexes = [
# The decoded segment that we are testing against
'please-ignore-me',
]
# -----END REGEX TARGET DECODED MATCH PATTERNS-----
+10
View File
@@ -0,0 +1,10 @@
title = "gitleaks config"
[[rules]]
id = "generic-api-key"
description = "Generic API Key"
regex = '''(?i)(?:key|api|token|secret|client|passwd|password|auth|access)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-z\-_.=]{10,150})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
entropy = 3.5
keywords = [
"key","api","token","secret","client","passwd","password","auth","access",
]
+35
View File
@@ -0,0 +1,35 @@
title = "gitleaks config"
[[rules]]
id = "generic-api-key"
description = "Generic API Key"
path = '''.py'''
regex = '''(?i)((key|api|token|secret|password)[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9a-zA-Z\-_=]{8,64})['\"]'''
secretGroup = 4
entropy = 3.7
[allowlist]
description = "global allow lists"
paths = [
'''gitleaks.toml''',
'''(.*?)(jpg|gif|doc|pdf|bin|svg|socket)$''',
'''(go.mod|go.sum)$'''
]
regexes = [
'''219-09-9999''',
'''078-05-1120''',
'''(9[0-9]{2}|666)-\d{2}-\d{4}''',
'''process''',
'''getenv''',
'''\.env''',
'''env\(''',
'''env\.''',
'''setting''',
'''load''',
'''token''',
'''password''',
'''secret''',
'''api\_key''',
'''apikey''',
'''api\-key''',
]
+2
View File
@@ -0,0 +1,2 @@
[[allowlists]]
@@ -0,0 +1,4 @@
[allowlist]
regexes = ['''123''']
[[allowlists]]
regexes = ['''456''']
@@ -0,0 +1,3 @@
[[allowlists]]
regexTarget = "mtach"
regexes = ['''456''']
@@ -0,0 +1,7 @@
[[rules]]
id = "github-app-token"
regex = '''(?:ghu|ghs)_[0-9a-zA-Z]{36}'''
[[allowlists]]
targetRules = ["github-app-token", "github-pat"]
regexes = ['''.*fake.*''']
+4
View File
@@ -0,0 +1,4 @@
[[rules]]
id = "example"
regex = '''example\d+'''
[[rules.allowlists]]
@@ -0,0 +1,7 @@
[[rules]]
id = "example"
regex = '''example\d+'''
[rules.allowlist]
regexes = ['''123''']
[[rules.allowlists]]
regexes = ['''456''']
@@ -0,0 +1,6 @@
[[rules]]
id = "example"
regex = '''example\d+'''
[[rules.allowlists]]
regexTarget = "mtach"
regexes = ['''456''']
+10
View File
@@ -0,0 +1,10 @@
title = "gitleaks extended 1"
[extend]
path="../testdata/config/invalid/does_not_exist.toml"
[[rules]]
description = "AWS Access Key"
id = "aws-access-key"
regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
tags = ["key", "AWS"]
+7
View File
@@ -0,0 +1,7 @@
[extend]
useDefault = true
[[rules]]
[[rules.allowlists]]
paths = ['^.*\.(xml|log|json)$']
+8
View File
@@ -0,0 +1,8 @@
title = "gitleaks config"
[[rules]]
id = "discord-api-key"
description = "Discord API key"
regex = '''(?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{64})['\"]'''
secretGroup = 5
entropy = 3.5
+7
View File
@@ -0,0 +1,7 @@
title = "gitleaks config"
[[rules]]
description = "Discord API key"
regex = '''(?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{64})['\"]'''
secretGroup = 5
entropy = 3.5
+5
View File
@@ -0,0 +1,5 @@
title = "gitleaks config"
[[rules]]
id = 'discord-api-key'
description = "Discord API key"
+227
View File
@@ -0,0 +1,227 @@
title = "gitleaks config"
# https://learnxinyminutes.com/docs/toml/ for toml reference
[[rules]]
description = "1Password Secret Key"
id = "1password-secret-key"
regex = '''A3-[A-Z0-9]{6}-(?:(?:[A-Z0-9]{11})|(?:[A-Z0-9]{6}-[A-Z0-9]{5}))-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}'''
tags = ["1Password"]
[[rules]]
description = "AWS Access Key"
id = "aws-access-key"
regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
tags = ["key", "AWS"]
[[rules]]
description = "AWS Secret Key"
id = "aws-secret-key"
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
tags = ["key", "AWS"]
[[rules]]
description = "AWS MWS key"
id = "aws-mws-key"
regex = '''amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
tags = ["key", "AWS", "MWS"]
[[rules]]
description = "Facebook Secret Key"
id = "facebook-secret-key"
regex = '''(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]'''
tags = ["key", "Facebook"]
[[rules]]
description = "Facebook Client ID"
id = "facebook-client-id"
regex = '''(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]'''
tags = ["key", "Facebook"]
[[rules]]
description = "Twitter Secret Key"
id = "twitter-secret-key"
regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}['\"]'''
tags = ["key", "Twitter"]
[[rules]]
description = "Twitter Client ID"
id = "twitter-client-id"
regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{18,25}['\"]'''
tags = ["client", "Twitter"]
[[rules]]
description = "Github Personal Access Token"
id = "github-pat"
regex = '''ghp_[0-9a-zA-Z]{36}'''
tags = ["key", "Github"]
[[rules]]
description = "Github OAuth Access Token"
id = "github-oauth"
regex = '''gho_[0-9a-zA-Z]{36}'''
tags = ["key", "Github"]
[[rules]]
id = "github-app"
description = "Github App Token"
regex = '''(ghu|ghs)_[0-9a-zA-Z]{36}'''
tags = ["key", "Github"]
[[rules]]
id = "github-refresh"
description = "Github Refresh Token"
regex = '''ghr_[0-9a-zA-Z]{76}'''
tags = ["key", "Github"]
[[rules]]
id = "linkedin-client"
description = "LinkedIn Client ID"
regex = '''(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}'''
tags = ["client", "LinkedIn"]
[[rules]]
id = "linkedin-secret"
description = "LinkedIn Secret Key"
regex = '''(?i)linkedin(.{0,20})?[0-9a-z]{16}'''
tags = ["secret", "LinkedIn"]
[[rules]]
id = "slack"
description = "Slack"
regex = '''xox[baprs]-(?:[0-9a-zA-Z]{10,48})?'''
tags = ["key", "Slack"]
[[rules]]
id = "apkey"
description = "Asymmetric Private Key"
regex = '''-----BEGIN (?:(?:EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY(?: BLOCK)?-----'''
tags = ["key", "AsymmetricPrivateKey"]
[[rules]]
id = "google"
description = "Google API key"
regex = '''AIza[0-9A-Za-z\-_]{35}'''
tags = ["key", "Google"]
[[rules]]
id = "google"
description = "Google (GCP) Service Account"
regex = '''"type": "service_account"'''
tags = ["key", "Google"]
[[rules]]
id = "heroku"
description = "Heroku API key"
regex = '''(?i)heroku(.{0,20})?[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
tags = ["key", "Heroku"]
[[rules]]
id = "mailchimp"
description = "MailChimp API key"
regex = '''(?i)(mailchimp|mc)(.{0,20})?[0-9a-f]{32}-us[0-9]{1,2}'''
tags = ["key", "Mailchimp"]
[[rules]]
id = "mailgun"
description = "Mailgun API key"
regex = '''((?i)(mailgun|mg)(.{0,20})?)?key-[0-9a-z]{32}'''
tags = ["key", "Mailgun"]
[[rules]]
id = "paypal"
description = "PayPal Braintree access token"
regex = '''access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'''
tags = ["key", "Paypal"]
[[rules]]
id = "piacatic"
description = "Picatic API key"
regex = '''sk_live_[0-9a-z]{32}'''
tags = ["key", "Picatic"]
[[rules]]
id = "sendgrid"
description = "SendGrid API Key"
regex = '''SG\.[\w_]{16,32}\.[\w_]{16,64}'''
tags = ["key", "SendGrid"]
[[rules]]
description = "Sidekiq Secret"
id = "sidekiq-secret"
regex = '''(?i)(?:BUNDLE_ENTERPRISE__CONTRIBSYS__COM|BUNDLE_GEMS__CONTRIBSYS__COM)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{8}:[a-f0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
secretGroup = 1
keywords = [
"bundle_enterprise__contribsys__com","bundle_gems__contribsys__com",
]
[[rules]]
description = "Sidekiq Sensitive URL"
id = "sidekiq-sensitive-url"
regex = '''(?i)\b(http(?:s??):\/\/)([a-f0-9]{8}:[a-f0-9]{8})@(?:gems.contribsys.com|enterprise.contribsys.com)(?:[\/|\#|\?|:]|$)'''
secretGroup = 2
keywords = [
"gems.contribsys.com","enterprise.contribsys.com",
]
[[rules]]
id = "slack-webhook"
description = "Slack Webhook"
regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8,12}/[a-zA-Z0-9_]{24}'''
tags = ["key", "slack"]
[[rules]]
id = "stripe"
description = "Stripe API key"
regex = '''(?i)stripe(.{0,20})?[sr]k_live_[0-9a-zA-Z]{24}'''
tags = ["key", "Stripe"]
[[rules]]
id = "square"
description = "Square access token"
regex = '''sq0atp-[0-9A-Za-z\-_]{22}'''
tags = ["key", "square"]
[[rules]]
id = "square-oauth"
description = "Square OAuth secret"
regex = '''sq0csp-[0-9A-Za-z\-_]{43}'''
tags = ["key", "square"]
[[rules]]
id = "twilio"
description = "Twilio API key"
regex = '''(?i)twilio(.{0,20})?SK[0-9a-f]{32}'''
tags = ["key", "twilio"]
[[rules]]
id = "dynatrace"
description = "Dynatrace ttoken"
regex = '''dt0[a-zA-Z]{1}[0-9]{2}\.[A-Z0-9]{24}\.[A-Z0-9]{64}'''
tags = ["key", "Dynatrace"]
[[rules]]
id = "shopify"
description = "Shopify shared secret"
regex = '''shpss_[a-fA-F0-9]{32}'''
tags = ["key", "Shopify"]
[[rules]]
id = "shopify-access"
description = "Shopify access token"
regex = '''shpat_[a-fA-F0-9]{32}'''
tags = ["key", "Shopify"]
[[rules]]
id = "shopify-custom"
description = "Shopify custom app access token"
regex = '''shpca_[a-fA-F0-9]{32}'''
tags = ["key", "Shopify"]
[[rules]]
id = "shopify-private"
description = "Shopify private app access token"
regex = '''shppa_[a-fA-F0-9]{32}'''
tags = ["key", "Shopify"]
[[rules]]
id = "pypi"
description = "PyPI upload token"
regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}'''
tags = ["key", "pypi"]
+10
View File
@@ -0,0 +1,10 @@
[[rules]]
id = "test"
regex = '''token = "(.+)"'''
[[allowlists]]
regexes = ["^changeit$"]
[[allowlists]]
condition = "AND"
paths = ["^node_modules/.*"]
stopwords = ["mock"]
@@ -0,0 +1,2 @@
[allowlist]
stopwords = ["0989c462-69c9-49fa-b7d2-30dc5c576a97"]
+2
View File
@@ -0,0 +1,2 @@
[allowlist]
regexes = ['''AKIALALEM.L33243OLIA''']
@@ -0,0 +1,20 @@
[[rules]]
id = "github-app-token"
regex = '''(?:ghu|ghs)_[0-9a-zA-Z]{36}'''
[[rules]]
id = "github-oauth"
regex = '''gho_[0-9a-zA-Z]{36}'''
[[rules]]
id = "github-pat"
regex = '''ghp_[0-9a-zA-Z]{36}'''
[[allowlists]]
regexes = ['''.*fake.*''']
[[allowlists]]
targetRules = ["github-app-token", "github-pat"]
paths = [
'''(?:^|/)@octokit/auth-token/README\.md$''',
]
+9
View File
@@ -0,0 +1,9 @@
title = "simple config with allowlist for a specific commit"
[[rules]]
description = "AWS Access Key"
id = "aws-access-key"
regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
tags = ["key", "AWS"]
[[rules.allowlists]]
commits = ['''allowthiscommit''']
@@ -0,0 +1,11 @@
# https://github.com/gitleaks/gitleaks/issues/1844
[extend]
useDefault = true
[[rules]]
id = "generic-api-key"
[[rules.allowlists]]
description = "Exclude a specific file from generic-api-key rule"
paths = [
'''^path/to/your/problematic/file\.js$'''
]
+5
View File
@@ -0,0 +1,5 @@
[[rules]]
id = "example"
regex = '''example\d+'''
[rules.allowlist]
regexes = ['''123''']
+9
View File
@@ -0,0 +1,9 @@
title = "simple config with allowlist for .go files"
[[rules]]
description = "AWS Access Key"
id = "aws-access-key"
regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
tags = ["key", "AWS"]
[[rules.allowlists]]
paths = ['''.go''']
+9
View File
@@ -0,0 +1,9 @@
title = "simple config with allowlist for aws"
[[rules]]
description = "AWS Access Key"
id = "aws-access-key"
regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
tags = ["key", "AWS"]
[[rules.allowlists]]
regexes = ['''AKIALALEMEL33243OLIA''']
+8
View File
@@ -0,0 +1,8 @@
[extend]
path="../testdata/config/valid/extend_base_1.toml"
[[rules]]
description = "AWS Secret Key"
id = "aws-secret-key"
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
tags = ["key", "AWS"]
+10
View File
@@ -0,0 +1,10 @@
title = "gitleaks extended 1"
[extend]
path="../testdata/config/valid/extend_base_2.toml"
[[rules]]
description = "AWS Access Key"
id = "aws-access-key"
regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
tags = ["key", "AWS"]
+10
View File
@@ -0,0 +1,10 @@
title = "gitleaks extended 2"
[extend]
path="../testdata/config/extend_3.toml"
[[rules]]
description = "AWS Secret Key"
id = "aws-secret-key-again"
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
tags = ["key", "AWS"]
+9
View File
@@ -0,0 +1,9 @@
title = "gitleaks extended 3"
## This should not be loaded since we can only extend configs to a depth of 3
[[rules]]
id = "aws-secret-key-again-again"
description = "AWS Secret Key"
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
tags = ["key", "AWS"]
@@ -0,0 +1,8 @@
title = "gitleaks extended 3"
[extend]
path="../testdata/config/valid/extend_rule_keywords_base.toml"
[[rules]]
id = "aws-secret-key-again-again"
description = "A new description"
+11
View File
@@ -0,0 +1,11 @@
title = "gitleaks extend disable"
[extend]
path = "../testdata/config/valid/extend_disabled_base.toml"
disabledRules = [
'custom-rule1'
]
[[rules]]
id = "pypi-upload-token"
regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}'''
+11
View File
@@ -0,0 +1,11 @@
title = "gitleaks extended 3"
[[rules]]
id = "aws-secret-key"
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
tags = ["key", "AWS"]
[[rules]]
id = "custom-rule1"
regex = '''[Cc]ustom!'''
+14
View File
@@ -0,0 +1,14 @@
title = "gitleaks extended 3"
[extend]
path="../testdata/config/valid/extend_rule_allowlist_base.toml"
[[rules]]
id = "aws-secret-key-again-again"
[[rules.allowlists]]
condition = "AND"
commits = ['''abcdefg1''']
regexes = ['''foo.+bar''']
regexTarget = "line"
paths = ['''ignore\.xaml''']
stopwords = ['''example''']
+11
View File
@@ -0,0 +1,11 @@
title = "gitleaks extended 3"
## This should not be loaded since we can only extend configs to a depth of 3
[[rules]]
id = "aws-secret-key-again-again"
description = "AWS Secret Key"
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
tags = ["key", "AWS"]
[[rules.allowlists]]
stopwords = ["fake"]
+13
View File
@@ -0,0 +1,13 @@
title = "gitleaks extended 3"
[extend]
path="../testdata/config/valid/extend_rule_allowlist_base.toml"
[[rules]]
id = "aws-secret-key-again-again"
[[rules.allowlists]]
commits = ['''abcdefg1''']
regexes = ['''foo.+bar''']
regexTarget = "line"
paths = ['''ignore\.xaml''']
stopwords = ['''example''']
+12
View File
@@ -0,0 +1,12 @@
title = "gitleaks extended 3"
## This should not be loaded since we can only extend configs to a depth of 3
[[rules]]
id = "aws-secret-key-again-again"
description = "AWS Secret Key"
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
tags = ["key", "AWS"]
keywords = ["AWS"]
[[rules.allowlists]]
stopwords = ["fake"]
+8
View File
@@ -0,0 +1,8 @@
title = "gitleaks extended 3"
[extend]
path="../testdata/config/valid/extend_rule_keywords_base.toml"
[[rules]]
id = "aws-rule-that-is-not-in-base"
keywords = ["CMS"]
+8
View File
@@ -0,0 +1,8 @@
[extend]
path="../testdata/config/valid/extend_base_3.toml"
[[rules]]
id = "aws-secret-key-again-again"
[[rules.allowlists]]
description = "False positive. Keys used for colors match the rule, and should be excluded."
paths = ['''something.py''']
@@ -0,0 +1,8 @@
title = "override a built-in rule's description"
[extend]
path = "../testdata/config/simple.toml"
[[rules]]
id = "aws-access-key"
description = "Puppy Doggy"
@@ -0,0 +1,8 @@
title = "override a built-in rule's entropy"
[extend]
path = "../testdata/config/simple.toml"
[[rules]]
id = "aws-access-key"
entropy = 999
@@ -0,0 +1,8 @@
title = "override a built-in rule's keywords"
[extend]
path = "../testdata/config/simple.toml"
[[rules]]
id = "aws-access-key"
keywords = ["puppy"]
+8
View File
@@ -0,0 +1,8 @@
title = "override a built-in rule's path"
[extend]
path = "../testdata/config/simple.toml"
[[rules]]
id = "aws-access-key"
path = '''(?:puppy)'''
+8
View File
@@ -0,0 +1,8 @@
title = "override a built-in rule's regex"
[extend]
path = "../testdata/config/simple.toml"
[[rules]]
id = "aws-access-key"
regex = '''(?:a)'''
@@ -0,0 +1,9 @@
title = "override a built-in rule's secretGroup"
[extend]
path = "../testdata/config/simple.toml"
[[rules]]
id = "aws-access-key"
regex = '''(a)(a)'''
secretGroup = 2
+8
View File
@@ -0,0 +1,8 @@
title = "override a built-in rule's tags"
[extend]
path = "../testdata/config/simple.toml"
[[rules]]
id = "aws-access-key"
tags = ["puppy"]
+6
View File
@@ -0,0 +1,6 @@
[[rules]]
id = "discord-api-key"
description = "Discord API key"
regex = '''(?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{64})['\"]'''
secretGroup = 3
entropy = 3.5
+4
View File
@@ -0,0 +1,4 @@
[[rules]]
description = "Python Files"
id = "python-files-only"
path = '''.py'''
@@ -0,0 +1,5 @@
[[rules]]
id = "pypi-upload-token"
description = "PyPI upload token"
regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}'''
tags = ["key", "pypi"]