Skip to content

Commit

Permalink
Merge Gitleaks rules 2024-12-23 # 01:32
Browse files Browse the repository at this point in the history
  • Loading branch information
Security Research (r2c-argo) committed Dec 23, 2024
1 parent 1c92567 commit 23e8cc0
Show file tree
Hide file tree
Showing 198 changed files with 898 additions and 170 deletions.
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/1password-service-account-token.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: 1password-service-account-token
message: A gitleaks 1password-service-account-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: (ops_eyJ[a-zA-Z0-9+/]{250,}={0,3})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/adafruit-api-key.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:adafruit)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:adafruit)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/adobe-client-id.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:adobe)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:adobe)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/adobe-client-secret.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b((p8e-)(?i)[a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(p8e-(?i)[a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/age-secret-key.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}
- pattern-regex: (AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/airtable-api-key.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:airtable)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{17})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:airtable)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{17})(?:['|\"|\n|\r|\s|\x60|;]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/algolia-api-key.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:algolia)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:algolia)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/alibaba-access-key-id.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b((LTAI)(?i)[a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(LTAI(?i)[a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/alibaba-secret-key.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:alibaba)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:alibaba)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/asana-client-id.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:asana)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/asana-client-secret.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:asana)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/atlassian-api-token.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:atlassian|confluence|jira)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ([\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:atlassian|confluence|jira)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3})(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-zA-Z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)|\b(ATATT3[A-Za-z0-9_\-=]{186})(?:['|\"|\n|\r|\s|\x60|;]|$))
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b((?:sc|ext|scauth|authress)_[a-z0-9]{5,30}\.[a-z0-9]{4,6}\.acc[_-][a-z0-9-]{10,32}\.[a-z0-9+/_=-]{30,120})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b((?:sc|ext|scauth|authress)_(?i)[a-z0-9]{5,30}\.[a-z0-9]{4,6}\.(?-i:acc)[_-][a-z0-9-]{10,32}\.[a-z0-9+/_=-]{30,120})(?:['|\"|\n|\r|\s|\x60|;]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/aws-access-token.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}
- pattern-regex: (\b((?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16})\b)
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/azure-ad-client-secret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: azure-ad-client-secret
message: A gitleaks azure-ad-client-secret was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: ((?:^|[\\'"\x60\s>=:(,)])([a-zA-Z0-9_~.]{3}\dQ~[a-zA-Z0-9_~.-]{31,34})(?:$|[\\'"\x60\s<),]))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/beamer-api-token.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:beamer)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(b_[a-z0-9=_\-]{44})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:beamer)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(b_[a-z0-9=_\-]{44})(?:['|\"|\n|\r|\s|\x60|;]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/bitbucket-client-id.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:bitbucket)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/bitbucket-client-secret.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:bitbucket)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/bittrex-access-key.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:bittrex)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/bittrex-secret-key.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:bittrex)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/clojars-api-token.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(CLOJARS_)[a-z0-9]{60}
- pattern-regex: ((?i)CLOJARS_[a-z0-9]{60})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/cloudflare-api-key.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:cloudflare)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:cloudflare)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/cloudflare-global-api-key.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:cloudflare)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{37})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:cloudflare)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{37})(?:['|\"|\n|\r|\s|\x60|;]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/cloudflare-origin-ca-key.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: \b(v1\.0-[a-f0-9]{24}-[a-f0-9]{146})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(v1\.0-[a-f0-9]{24}-[a-f0-9]{146})(?:['|\"|\n|\r|\s|\x60|;]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/codecov-access-token.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:codecov)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:codecov)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$))
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/cohere-api-token.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: cohere-api-token
message: A gitleaks cohere-api-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: ([\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:cohere|CO_API_KEY)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3})(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-zA-Z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/coinbase-access-token.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:coinbase)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:coinbase)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/confluent-access-token.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:confluent)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/confluent-secret-key.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:confluent)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$))
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:contentful)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{43})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:contentful)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{43})(?:['|\"|\n|\r|\s|\x60|;]|$))
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/curl-auth-header.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: curl-auth-header
message: A gitleaks curl-auth-header was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: (\bcurl\b(?:.*?|.*?(?:[\r\n]{1,2}.*?){1,5})[ \t\n\r](?:-H|--header)(?:=|[ \t]{0,5})(?:"(?i)(?:Authorization:[ \t]{0,5}(?:Basic[ \t]([a-z0-9+/]{8,}={0,3})|(?:Bearer|(?:Api-)?Token)[ \t]([\w=~@.+/-]{8,})|([\w=~@.+/-]{8,}))|(?:(?:X-(?:[a-z]+-)?)?(?:Api-?)?(?:Key|Token)):[ \t]{0,5}([\w=~@.+/-]{8,}))"|'(?i)(?:Authorization:[ \t]{0,5}(?:Basic[ \t]([a-z0-9+/]{8,}={0,3})|(?:Bearer|(?:Api-)?Token)[ \t]([\w=~@.+/-]{8,})|([\w=~@.+/-]{8,}))|(?:(?:X-(?:[a-z]+-)?)?(?:Api-?)?(?:Key|Token)):[ \t]{0,5}([\w=~@.+/-]{8,}))')(?:\B|\s|\z))
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/curl-auth-user.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: curl-auth-user
message: A gitleaks curl-auth-user was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: (\bcurl\b(?:.*|.*(?:[\r\n]{1,2}.*){1,5})[ \t\n\r](?:-u|--user)(?:=|[ \t]{0,5})(?:"([^:"]{3,}:[^"]{3,})"|'([^:']{3,}:[^']{3,})'|((?:"[^"]{3,}"|'[^']{3,}'|[\w$@.-]+):(?:"[^"]{3,}"|'[^']{3,}'|[\w${}@.-]+)))(?:\s|\z))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/databricks-api-token.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(dapi[a-h0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(dapi[a-f0-9]{32}(?:-\d)?)(?:['|\"|\n|\r|\s|\x60|;]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/datadog-access-token.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:datadog)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:datadog)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/defined-networking-api-token.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:dnkey)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(dnkey-[a-z0-9=_\-]{26}-[a-z0-9=_\-]{52})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:dnkey)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(dnkey-[a-z0-9=_\-]{26}-[a-z0-9=_\-]{52})(?:['|\"|\n|\r|\s|\x60|;]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/digitalocean-access-token.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(doo_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(doo_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/digitalocean-pat.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(dop_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(dop_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/digitalocean-refresh-token.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(dor_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)\b(dor_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/discord-api-token.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:discord)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$))
Loading

0 comments on commit 23e8cc0

Please sign in to comment.