chore: import upstream snapshot with attribution
gitleaks / gitleaks (push) Has been skipped
Test / test (ubuntu-latest) (push) Failing after 0s
Test / test (windows-latest) (push) Has been cancelled

This commit is contained in:
wehub-resource-sync
2026-07-13 12:12:29 +08:00
commit 48b3ccf279
454 changed files with 32865 additions and 0 deletions
+10
View File
@@ -0,0 +1,10 @@
[[rules]]
id = "test"
regex = '''token = "(.+)"'''
[[allowlists]]
regexes = ["^changeit$"]
[[allowlists]]
condition = "AND"
paths = ["^node_modules/.*"]
stopwords = ["mock"]
@@ -0,0 +1,2 @@
[allowlist]
stopwords = ["0989c462-69c9-49fa-b7d2-30dc5c576a97"]
+2
View File
@@ -0,0 +1,2 @@
[allowlist]
regexes = ['''AKIALALEM.L33243OLIA''']
@@ -0,0 +1,20 @@
[[rules]]
id = "github-app-token"
regex = '''(?:ghu|ghs)_[0-9a-zA-Z]{36}'''
[[rules]]
id = "github-oauth"
regex = '''gho_[0-9a-zA-Z]{36}'''
[[rules]]
id = "github-pat"
regex = '''ghp_[0-9a-zA-Z]{36}'''
[[allowlists]]
regexes = ['''.*fake.*''']
[[allowlists]]
targetRules = ["github-app-token", "github-pat"]
paths = [
'''(?:^|/)@octokit/auth-token/README\.md$''',
]
+9
View File
@@ -0,0 +1,9 @@
title = "simple config with allowlist for a specific commit"
[[rules]]
description = "AWS Access Key"
id = "aws-access-key"
regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
tags = ["key", "AWS"]
[[rules.allowlists]]
commits = ['''allowthiscommit''']
@@ -0,0 +1,11 @@
# https://github.com/gitleaks/gitleaks/issues/1844
[extend]
useDefault = true
[[rules]]
id = "generic-api-key"
[[rules.allowlists]]
description = "Exclude a specific file from generic-api-key rule"
paths = [
'''^path/to/your/problematic/file\.js$'''
]
+5
View File
@@ -0,0 +1,5 @@
[[rules]]
id = "example"
regex = '''example\d+'''
[rules.allowlist]
regexes = ['''123''']
+9
View File
@@ -0,0 +1,9 @@
title = "simple config with allowlist for .go files"
[[rules]]
description = "AWS Access Key"
id = "aws-access-key"
regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
tags = ["key", "AWS"]
[[rules.allowlists]]
paths = ['''.go''']
+9
View File
@@ -0,0 +1,9 @@
title = "simple config with allowlist for aws"
[[rules]]
description = "AWS Access Key"
id = "aws-access-key"
regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
tags = ["key", "AWS"]
[[rules.allowlists]]
regexes = ['''AKIALALEMEL33243OLIA''']
+8
View File
@@ -0,0 +1,8 @@
[extend]
path="../testdata/config/valid/extend_base_1.toml"
[[rules]]
description = "AWS Secret Key"
id = "aws-secret-key"
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
tags = ["key", "AWS"]
+10
View File
@@ -0,0 +1,10 @@
title = "gitleaks extended 1"
[extend]
path="../testdata/config/valid/extend_base_2.toml"
[[rules]]
description = "AWS Access Key"
id = "aws-access-key"
regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
tags = ["key", "AWS"]
+10
View File
@@ -0,0 +1,10 @@
title = "gitleaks extended 2"
[extend]
path="../testdata/config/extend_3.toml"
[[rules]]
description = "AWS Secret Key"
id = "aws-secret-key-again"
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
tags = ["key", "AWS"]
+9
View File
@@ -0,0 +1,9 @@
title = "gitleaks extended 3"
## This should not be loaded since we can only extend configs to a depth of 3
[[rules]]
id = "aws-secret-key-again-again"
description = "AWS Secret Key"
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
tags = ["key", "AWS"]
@@ -0,0 +1,8 @@
title = "gitleaks extended 3"
[extend]
path="../testdata/config/valid/extend_rule_keywords_base.toml"
[[rules]]
id = "aws-secret-key-again-again"
description = "A new description"
+11
View File
@@ -0,0 +1,11 @@
title = "gitleaks extend disable"
[extend]
path = "../testdata/config/valid/extend_disabled_base.toml"
disabledRules = [
'custom-rule1'
]
[[rules]]
id = "pypi-upload-token"
regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}'''
+11
View File
@@ -0,0 +1,11 @@
title = "gitleaks extended 3"
[[rules]]
id = "aws-secret-key"
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
tags = ["key", "AWS"]
[[rules]]
id = "custom-rule1"
regex = '''[Cc]ustom!'''
+14
View File
@@ -0,0 +1,14 @@
title = "gitleaks extended 3"
[extend]
path="../testdata/config/valid/extend_rule_allowlist_base.toml"
[[rules]]
id = "aws-secret-key-again-again"
[[rules.allowlists]]
condition = "AND"
commits = ['''abcdefg1''']
regexes = ['''foo.+bar''']
regexTarget = "line"
paths = ['''ignore\.xaml''']
stopwords = ['''example''']
+11
View File
@@ -0,0 +1,11 @@
title = "gitleaks extended 3"
## This should not be loaded since we can only extend configs to a depth of 3
[[rules]]
id = "aws-secret-key-again-again"
description = "AWS Secret Key"
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
tags = ["key", "AWS"]
[[rules.allowlists]]
stopwords = ["fake"]
+13
View File
@@ -0,0 +1,13 @@
title = "gitleaks extended 3"
[extend]
path="../testdata/config/valid/extend_rule_allowlist_base.toml"
[[rules]]
id = "aws-secret-key-again-again"
[[rules.allowlists]]
commits = ['''abcdefg1''']
regexes = ['''foo.+bar''']
regexTarget = "line"
paths = ['''ignore\.xaml''']
stopwords = ['''example''']
+12
View File
@@ -0,0 +1,12 @@
title = "gitleaks extended 3"
## This should not be loaded since we can only extend configs to a depth of 3
[[rules]]
id = "aws-secret-key-again-again"
description = "AWS Secret Key"
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
tags = ["key", "AWS"]
keywords = ["AWS"]
[[rules.allowlists]]
stopwords = ["fake"]
+8
View File
@@ -0,0 +1,8 @@
title = "gitleaks extended 3"
[extend]
path="../testdata/config/valid/extend_rule_keywords_base.toml"
[[rules]]
id = "aws-rule-that-is-not-in-base"
keywords = ["CMS"]
+8
View File
@@ -0,0 +1,8 @@
[extend]
path="../testdata/config/valid/extend_base_3.toml"
[[rules]]
id = "aws-secret-key-again-again"
[[rules.allowlists]]
description = "False positive. Keys used for colors match the rule, and should be excluded."
paths = ['''something.py''']
@@ -0,0 +1,8 @@
title = "override a built-in rule's description"
[extend]
path = "../testdata/config/simple.toml"
[[rules]]
id = "aws-access-key"
description = "Puppy Doggy"
@@ -0,0 +1,8 @@
title = "override a built-in rule's entropy"
[extend]
path = "../testdata/config/simple.toml"
[[rules]]
id = "aws-access-key"
entropy = 999
@@ -0,0 +1,8 @@
title = "override a built-in rule's keywords"
[extend]
path = "../testdata/config/simple.toml"
[[rules]]
id = "aws-access-key"
keywords = ["puppy"]
+8
View File
@@ -0,0 +1,8 @@
title = "override a built-in rule's path"
[extend]
path = "../testdata/config/simple.toml"
[[rules]]
id = "aws-access-key"
path = '''(?:puppy)'''
+8
View File
@@ -0,0 +1,8 @@
title = "override a built-in rule's regex"
[extend]
path = "../testdata/config/simple.toml"
[[rules]]
id = "aws-access-key"
regex = '''(?:a)'''
@@ -0,0 +1,9 @@
title = "override a built-in rule's secretGroup"
[extend]
path = "../testdata/config/simple.toml"
[[rules]]
id = "aws-access-key"
regex = '''(a)(a)'''
secretGroup = 2
+8
View File
@@ -0,0 +1,8 @@
title = "override a built-in rule's tags"
[extend]
path = "../testdata/config/simple.toml"
[[rules]]
id = "aws-access-key"
tags = ["puppy"]
+6
View File
@@ -0,0 +1,6 @@
[[rules]]
id = "discord-api-key"
description = "Discord API key"
regex = '''(?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{64})['\"]'''
secretGroup = 3
entropy = 3.5
+4
View File
@@ -0,0 +1,4 @@
[[rules]]
description = "Python Files"
id = "python-files-only"
path = '''.py'''
@@ -0,0 +1,5 @@
[[rules]]
id = "pypi-upload-token"
description = "PyPI upload token"
regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}'''
tags = ["key", "pypi"]