chore: import upstream snapshot with attribution
This commit is contained in:
@@ -0,0 +1,10 @@
|
||||
[[rules]]
|
||||
id = "test"
|
||||
regex = '''token = "(.+)"'''
|
||||
|
||||
[[allowlists]]
|
||||
regexes = ["^changeit$"]
|
||||
[[allowlists]]
|
||||
condition = "AND"
|
||||
paths = ["^node_modules/.*"]
|
||||
stopwords = ["mock"]
|
||||
@@ -0,0 +1,2 @@
|
||||
[allowlist]
|
||||
stopwords = ["0989c462-69c9-49fa-b7d2-30dc5c576a97"]
|
||||
@@ -0,0 +1,2 @@
|
||||
[allowlist]
|
||||
regexes = ['''AKIALALEM.L33243OLIA''']
|
||||
@@ -0,0 +1,20 @@
|
||||
[[rules]]
|
||||
id = "github-app-token"
|
||||
regex = '''(?:ghu|ghs)_[0-9a-zA-Z]{36}'''
|
||||
|
||||
[[rules]]
|
||||
id = "github-oauth"
|
||||
regex = '''gho_[0-9a-zA-Z]{36}'''
|
||||
|
||||
[[rules]]
|
||||
id = "github-pat"
|
||||
regex = '''ghp_[0-9a-zA-Z]{36}'''
|
||||
|
||||
|
||||
[[allowlists]]
|
||||
regexes = ['''.*fake.*''']
|
||||
[[allowlists]]
|
||||
targetRules = ["github-app-token", "github-pat"]
|
||||
paths = [
|
||||
'''(?:^|/)@octokit/auth-token/README\.md$''',
|
||||
]
|
||||
@@ -0,0 +1,9 @@
|
||||
title = "simple config with allowlist for a specific commit"
|
||||
|
||||
[[rules]]
|
||||
description = "AWS Access Key"
|
||||
id = "aws-access-key"
|
||||
regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
|
||||
tags = ["key", "AWS"]
|
||||
[[rules.allowlists]]
|
||||
commits = ['''allowthiscommit''']
|
||||
@@ -0,0 +1,11 @@
|
||||
# https://github.com/gitleaks/gitleaks/issues/1844
|
||||
[extend]
|
||||
useDefault = true
|
||||
|
||||
[[rules]]
|
||||
id = "generic-api-key"
|
||||
[[rules.allowlists]]
|
||||
description = "Exclude a specific file from generic-api-key rule"
|
||||
paths = [
|
||||
'''^path/to/your/problematic/file\.js$'''
|
||||
]
|
||||
@@ -0,0 +1,5 @@
|
||||
[[rules]]
|
||||
id = "example"
|
||||
regex = '''example\d+'''
|
||||
[rules.allowlist]
|
||||
regexes = ['''123''']
|
||||
@@ -0,0 +1,9 @@
|
||||
title = "simple config with allowlist for .go files"
|
||||
|
||||
[[rules]]
|
||||
description = "AWS Access Key"
|
||||
id = "aws-access-key"
|
||||
regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
|
||||
tags = ["key", "AWS"]
|
||||
[[rules.allowlists]]
|
||||
paths = ['''.go''']
|
||||
@@ -0,0 +1,9 @@
|
||||
title = "simple config with allowlist for aws"
|
||||
|
||||
[[rules]]
|
||||
description = "AWS Access Key"
|
||||
id = "aws-access-key"
|
||||
regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
|
||||
tags = ["key", "AWS"]
|
||||
[[rules.allowlists]]
|
||||
regexes = ['''AKIALALEMEL33243OLIA''']
|
||||
Vendored
+8
@@ -0,0 +1,8 @@
|
||||
[extend]
|
||||
path="../testdata/config/valid/extend_base_1.toml"
|
||||
|
||||
[[rules]]
|
||||
description = "AWS Secret Key"
|
||||
id = "aws-secret-key"
|
||||
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
|
||||
tags = ["key", "AWS"]
|
||||
+10
@@ -0,0 +1,10 @@
|
||||
title = "gitleaks extended 1"
|
||||
|
||||
[extend]
|
||||
path="../testdata/config/valid/extend_base_2.toml"
|
||||
|
||||
[[rules]]
|
||||
description = "AWS Access Key"
|
||||
id = "aws-access-key"
|
||||
regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
|
||||
tags = ["key", "AWS"]
|
||||
+10
@@ -0,0 +1,10 @@
|
||||
title = "gitleaks extended 2"
|
||||
|
||||
[extend]
|
||||
path="../testdata/config/extend_3.toml"
|
||||
|
||||
[[rules]]
|
||||
description = "AWS Secret Key"
|
||||
id = "aws-secret-key-again"
|
||||
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
|
||||
tags = ["key", "AWS"]
|
||||
+9
@@ -0,0 +1,9 @@
|
||||
title = "gitleaks extended 3"
|
||||
|
||||
## This should not be loaded since we can only extend configs to a depth of 3
|
||||
|
||||
[[rules]]
|
||||
id = "aws-secret-key-again-again"
|
||||
description = "AWS Secret Key"
|
||||
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
|
||||
tags = ["key", "AWS"]
|
||||
@@ -0,0 +1,8 @@
|
||||
title = "gitleaks extended 3"
|
||||
|
||||
[extend]
|
||||
path="../testdata/config/valid/extend_rule_keywords_base.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-secret-key-again-again"
|
||||
description = "A new description"
|
||||
+11
@@ -0,0 +1,11 @@
|
||||
title = "gitleaks extend disable"
|
||||
|
||||
[extend]
|
||||
path = "../testdata/config/valid/extend_disabled_base.toml"
|
||||
disabledRules = [
|
||||
'custom-rule1'
|
||||
]
|
||||
|
||||
[[rules]]
|
||||
id = "pypi-upload-token"
|
||||
regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}'''
|
||||
+11
@@ -0,0 +1,11 @@
|
||||
title = "gitleaks extended 3"
|
||||
|
||||
|
||||
[[rules]]
|
||||
id = "aws-secret-key"
|
||||
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
|
||||
tags = ["key", "AWS"]
|
||||
|
||||
[[rules]]
|
||||
id = "custom-rule1"
|
||||
regex = '''[Cc]ustom!'''
|
||||
@@ -0,0 +1,14 @@
|
||||
title = "gitleaks extended 3"
|
||||
|
||||
[extend]
|
||||
path="../testdata/config/valid/extend_rule_allowlist_base.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-secret-key-again-again"
|
||||
[[rules.allowlists]]
|
||||
condition = "AND"
|
||||
commits = ['''abcdefg1''']
|
||||
regexes = ['''foo.+bar''']
|
||||
regexTarget = "line"
|
||||
paths = ['''ignore\.xaml''']
|
||||
stopwords = ['''example''']
|
||||
@@ -0,0 +1,11 @@
|
||||
title = "gitleaks extended 3"
|
||||
|
||||
## This should not be loaded since we can only extend configs to a depth of 3
|
||||
|
||||
[[rules]]
|
||||
id = "aws-secret-key-again-again"
|
||||
description = "AWS Secret Key"
|
||||
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
|
||||
tags = ["key", "AWS"]
|
||||
[[rules.allowlists]]
|
||||
stopwords = ["fake"]
|
||||
@@ -0,0 +1,13 @@
|
||||
title = "gitleaks extended 3"
|
||||
|
||||
[extend]
|
||||
path="../testdata/config/valid/extend_rule_allowlist_base.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-secret-key-again-again"
|
||||
[[rules.allowlists]]
|
||||
commits = ['''abcdefg1''']
|
||||
regexes = ['''foo.+bar''']
|
||||
regexTarget = "line"
|
||||
paths = ['''ignore\.xaml''']
|
||||
stopwords = ['''example''']
|
||||
@@ -0,0 +1,12 @@
|
||||
title = "gitleaks extended 3"
|
||||
|
||||
## This should not be loaded since we can only extend configs to a depth of 3
|
||||
|
||||
[[rules]]
|
||||
id = "aws-secret-key-again-again"
|
||||
description = "AWS Secret Key"
|
||||
regex = '''(?i)aws_(.{0,20})?=?.[\'\"0-9a-zA-Z\/+]{40}'''
|
||||
tags = ["key", "AWS"]
|
||||
keywords = ["AWS"]
|
||||
[[rules.allowlists]]
|
||||
stopwords = ["fake"]
|
||||
+8
@@ -0,0 +1,8 @@
|
||||
title = "gitleaks extended 3"
|
||||
|
||||
[extend]
|
||||
path="../testdata/config/valid/extend_rule_keywords_base.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-rule-that-is-not-in-base"
|
||||
keywords = ["CMS"]
|
||||
@@ -0,0 +1,8 @@
|
||||
[extend]
|
||||
path="../testdata/config/valid/extend_base_3.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-secret-key-again-again"
|
||||
[[rules.allowlists]]
|
||||
description = "False positive. Keys used for colors match the rule, and should be excluded."
|
||||
paths = ['''something.py''']
|
||||
@@ -0,0 +1,8 @@
|
||||
title = "override a built-in rule's description"
|
||||
|
||||
[extend]
|
||||
path = "../testdata/config/simple.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-access-key"
|
||||
description = "Puppy Doggy"
|
||||
@@ -0,0 +1,8 @@
|
||||
title = "override a built-in rule's entropy"
|
||||
|
||||
[extend]
|
||||
path = "../testdata/config/simple.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-access-key"
|
||||
entropy = 999
|
||||
@@ -0,0 +1,8 @@
|
||||
title = "override a built-in rule's keywords"
|
||||
|
||||
[extend]
|
||||
path = "../testdata/config/simple.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-access-key"
|
||||
keywords = ["puppy"]
|
||||
@@ -0,0 +1,8 @@
|
||||
title = "override a built-in rule's path"
|
||||
|
||||
[extend]
|
||||
path = "../testdata/config/simple.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-access-key"
|
||||
path = '''(?:puppy)'''
|
||||
@@ -0,0 +1,8 @@
|
||||
title = "override a built-in rule's regex"
|
||||
|
||||
[extend]
|
||||
path = "../testdata/config/simple.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-access-key"
|
||||
regex = '''(?:a)'''
|
||||
@@ -0,0 +1,9 @@
|
||||
title = "override a built-in rule's secretGroup"
|
||||
|
||||
[extend]
|
||||
path = "../testdata/config/simple.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-access-key"
|
||||
regex = '''(a)(a)'''
|
||||
secretGroup = 2
|
||||
@@ -0,0 +1,8 @@
|
||||
title = "override a built-in rule's tags"
|
||||
|
||||
[extend]
|
||||
path = "../testdata/config/simple.toml"
|
||||
|
||||
[[rules]]
|
||||
id = "aws-access-key"
|
||||
tags = ["puppy"]
|
||||
+6
@@ -0,0 +1,6 @@
|
||||
[[rules]]
|
||||
id = "discord-api-key"
|
||||
description = "Discord API key"
|
||||
regex = '''(?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{64})['\"]'''
|
||||
secretGroup = 3
|
||||
entropy = 3.5
|
||||
+4
@@ -0,0 +1,4 @@
|
||||
[[rules]]
|
||||
description = "Python Files"
|
||||
id = "python-files-only"
|
||||
path = '''.py'''
|
||||
@@ -0,0 +1,5 @@
|
||||
[[rules]]
|
||||
id = "pypi-upload-token"
|
||||
description = "PyPI upload token"
|
||||
regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}'''
|
||||
tags = ["key", "pypi"]
|
||||
Reference in New Issue
Block a user