Files
wehub-resource-sync 48b3ccf279
gitleaks / gitleaks (push) Has been skipped
Test / test (ubuntu-latest) (push) Failing after 0s
Test / test (windows-latest) (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:12:29 +08:00

69 lines
2.3 KiB
Go

package rules
import (
"github.com/zricethezav/gitleaks/v8/cmd/generate/config/utils"
"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
"github.com/zricethezav/gitleaks/v8/config"
"github.com/zricethezav/gitleaks/v8/regexp"
)
func ShopifySharedSecret() *config.Rule {
// define rule
r := config.Rule{
RuleID: "shopify-shared-secret",
Description: "Found a Shopify shared secret, posing a risk to application authentication and e-commerce platform security.",
Regex: regexp.MustCompile(`shpss_[a-fA-F0-9]{32}`),
Entropy: 2,
Keywords: []string{"shpss_"},
}
// validate
tps := utils.GenerateSampleSecrets("shopify", "shpss_"+secrets.NewSecret(utils.Hex("32")))
return utils.Validate(r, tps, nil)
}
func ShopifyAccessToken() *config.Rule {
// define rule
r := config.Rule{
RuleID: "shopify-access-token",
Description: "Uncovered a Shopify access token, which could lead to unauthorized e-commerce platform access and data breaches.",
Regex: regexp.MustCompile(`shpat_[a-fA-F0-9]{32}`),
Entropy: 2,
Keywords: []string{"shpat_"},
}
// validate
tps := utils.GenerateSampleSecrets("shopify", "shpat_"+secrets.NewSecret(utils.Hex("32")))
return utils.Validate(r, tps, nil)
}
func ShopifyCustomAccessToken() *config.Rule {
// define rule
r := config.Rule{
RuleID: "shopify-custom-access-token",
Description: "Detected a Shopify custom access token, potentially compromising custom app integrations and e-commerce data security.",
Regex: regexp.MustCompile(`shpca_[a-fA-F0-9]{32}`),
Entropy: 2,
Keywords: []string{"shpca_"},
}
// validate
tps := utils.GenerateSampleSecrets("shopify", "shpca_"+secrets.NewSecret(utils.Hex("32")))
return utils.Validate(r, tps, nil)
}
func ShopifyPrivateAppAccessToken() *config.Rule {
// define rule
r := config.Rule{
RuleID: "shopify-private-app-access-token",
Description: "Identified a Shopify private app access token, risking unauthorized access to private app data and store operations.",
Regex: regexp.MustCompile(`shppa_[a-fA-F0-9]{32}`),
Entropy: 2,
Keywords: []string{"shppa_"},
}
// validate
tps := utils.GenerateSampleSecrets("shopify", "shppa_"+secrets.NewSecret(utils.Hex("32")))
return utils.Validate(r, tps, nil)
}