From 23e8cc0db0a6d7d39184293c747dfc4781e076be Mon Sep 17 00:00:00 2001 From: "Security Research (r2c-argo)" Date: Mon, 23 Dec 2024 01:32:03 +0000 Subject: [PATCH] Merge Gitleaks rules 2024-12-23 # 01:32 --- .../1password-service-account-token.yaml | 26 +++++++++++++++++++ .../secrets/gitleaks/adafruit-api-key.yaml | 2 +- generic/secrets/gitleaks/adobe-client-id.yaml | 2 +- .../secrets/gitleaks/adobe-client-secret.yaml | 2 +- generic/secrets/gitleaks/age-secret-key.yaml | 2 +- .../secrets/gitleaks/airtable-api-key.yaml | 2 +- generic/secrets/gitleaks/algolia-api-key.yaml | 2 +- .../gitleaks/alibaba-access-key-id.yaml | 2 +- .../secrets/gitleaks/alibaba-secret-key.yaml | 2 +- generic/secrets/gitleaks/asana-client-id.yaml | 2 +- .../secrets/gitleaks/asana-client-secret.yaml | 2 +- .../secrets/gitleaks/atlassian-api-token.yaml | 2 +- .../authress-service-client-access-key.yaml | 2 +- .../secrets/gitleaks/aws-access-token.yaml | 2 +- .../gitleaks/azure-ad-client-secret.yaml | 26 +++++++++++++++++++ .../secrets/gitleaks/beamer-api-token.yaml | 2 +- .../secrets/gitleaks/bitbucket-client-id.yaml | 2 +- .../gitleaks/bitbucket-client-secret.yaml | 2 +- .../secrets/gitleaks/bittrex-access-key.yaml | 2 +- .../secrets/gitleaks/bittrex-secret-key.yaml | 2 +- .../secrets/gitleaks/clojars-api-token.yaml | 2 +- .../secrets/gitleaks/cloudflare-api-key.yaml | 2 +- .../gitleaks/cloudflare-global-api-key.yaml | 2 +- .../gitleaks/cloudflare-origin-ca-key.yaml | 2 +- .../gitleaks/codecov-access-token.yaml | 2 +- .../secrets/gitleaks/cohere-api-token.yaml | 26 +++++++++++++++++++ .../gitleaks/coinbase-access-token.yaml | 2 +- .../gitleaks/confluent-access-token.yaml | 2 +- .../gitleaks/confluent-secret-key.yaml | 2 +- .../contentful-delivery-api-token.yaml | 2 +- .../secrets/gitleaks/curl-auth-header.yaml | 26 +++++++++++++++++++ generic/secrets/gitleaks/curl-auth-user.yaml | 26 +++++++++++++++++++ .../gitleaks/databricks-api-token.yaml | 2 +- .../gitleaks/datadog-access-token.yaml | 2 +- .../defined-networking-api-token.yaml | 2 +- .../gitleaks/digitalocean-access-token.yaml | 2 +- .../secrets/gitleaks/digitalocean-pat.yaml | 2 +- .../gitleaks/digitalocean-refresh-token.yaml | 2 +- .../secrets/gitleaks/discord-api-token.yaml | 2 +- .../secrets/gitleaks/discord-client-id.yaml | 2 +- .../gitleaks/discord-client-secret.yaml | 2 +- .../secrets/gitleaks/doppler-api-token.yaml | 2 +- .../gitleaks/droneci-access-token.yaml | 2 +- .../secrets/gitleaks/dropbox-api-token.yaml | 2 +- .../dropbox-long-lived-api-token.yaml | 2 +- .../dropbox-short-lived-api-token.yaml | 2 +- .../secrets/gitleaks/duffel-api-token.yaml | 2 +- .../secrets/gitleaks/dynatrace-api-token.yaml | 2 +- .../secrets/gitleaks/easypost-api-token.yaml | 2 +- .../gitleaks/easypost-test-api-token.yaml | 2 +- .../secrets/gitleaks/etsy-access-token.yaml | 2 +- .../gitleaks/facebook-access-token.yaml | 2 +- .../gitleaks/facebook-page-access-token.yaml | 2 +- generic/secrets/gitleaks/facebook-secret.yaml | 2 +- .../secrets/gitleaks/fastly-api-token.yaml | 2 +- .../secrets/gitleaks/finicity-api-token.yaml | 2 +- .../gitleaks/finicity-client-secret.yaml | 2 +- .../gitleaks/finnhub-access-token.yaml | 2 +- .../secrets/gitleaks/flickr-access-token.yaml | 2 +- .../gitleaks/flutterwave-encryption-key.yaml | 2 +- .../gitleaks/flutterwave-public-key.yaml | 2 +- .../gitleaks/flutterwave-secret-key.yaml | 2 +- .../secrets/gitleaks/flyio-access-token.yaml | 26 +++++++++++++++++++ .../secrets/gitleaks/frameio-api-token.yaml | 2 +- .../secrets/gitleaks/freemius-secret-key.yaml | 26 +++++++++++++++++++ .../gitleaks/freshbooks-access-token.yaml | 2 +- generic/secrets/gitleaks/gcp-api-key.yaml | 2 +- .../secrets/gitleaks/github-app-token.yaml | 2 +- .../gitleaks/github-fine-grained-pat.yaml | 2 +- generic/secrets/gitleaks/github-oauth.yaml | 2 +- generic/secrets/gitleaks/github-pat.yaml | 2 +- .../gitleaks/github-refresh-token.yaml | 2 +- .../gitleaks/gitlab-cicd-job-token.yaml | 26 +++++++++++++++++++ .../secrets/gitleaks/gitlab-deploy-token.yaml | 26 +++++++++++++++++++ .../gitlab-feature-flag-client-token.yaml | 26 +++++++++++++++++++ .../secrets/gitleaks/gitlab-feed-token.yaml | 26 +++++++++++++++++++ .../gitleaks/gitlab-incoming-mail-token.yaml | 26 +++++++++++++++++++ .../gitlab-kubernetes-agent-token.yaml | 26 +++++++++++++++++++ .../gitleaks/gitlab-oauth-app-secret.yaml | 26 +++++++++++++++++++ .../secrets/gitleaks/gitlab-pat-routable.yaml | 26 +++++++++++++++++++ generic/secrets/gitleaks/gitlab-pat.yaml | 2 +- generic/secrets/gitleaks/gitlab-ptt.yaml | 2 +- generic/secrets/gitleaks/gitlab-rrt.yaml | 2 +- .../gitlab-runner-authentication-token.yaml | 26 +++++++++++++++++++ .../secrets/gitleaks/gitlab-scim-token.yaml | 26 +++++++++++++++++++ .../gitleaks/gitlab-session-cookie.yaml | 26 +++++++++++++++++++ .../secrets/gitleaks/gitter-access-token.yaml | 2 +- .../gitleaks/gocardless-api-token.yaml | 2 +- generic/secrets/gitleaks/grafana-api-key.yaml | 2 +- .../gitleaks/grafana-cloud-api-token.yaml | 2 +- .../grafana-service-account-token.yaml | 2 +- generic/secrets/gitleaks/harness-api-key.yaml | 2 +- .../gitleaks/hashicorp-tf-api-token.yaml | 2 +- .../gitleaks/hashicorp-tf-password.yaml | 2 +- generic/secrets/gitleaks/heroku-api-key.yaml | 2 +- generic/secrets/gitleaks/hubspot-api-key.yaml | 2 +- .../gitleaks/huggingface-access-token.yaml | 2 +- .../huggingface-organization-api-token.yaml | 2 +- .../secrets/gitleaks/infracost-api-token.yaml | 2 +- .../secrets/gitleaks/intercom-api-key.yaml | 2 +- .../gitleaks/intra42-client-secret.yaml | 2 +- generic/secrets/gitleaks/jfrog-api-key.yaml | 2 +- .../gitleaks/jfrog-identity-token.yaml | 2 +- generic/secrets/gitleaks/jwt-base64.yaml | 2 +- generic/secrets/gitleaks/jwt.yaml | 2 +- .../secrets/gitleaks/kraken-access-token.yaml | 2 +- .../gitleaks/kubernetes-secret-yaml.yaml | 26 +++++++++++++++++++ .../secrets/gitleaks/kucoin-access-token.yaml | 2 +- .../secrets/gitleaks/kucoin-secret-key.yaml | 2 +- .../gitleaks/launchdarkly-access-token.yaml | 2 +- generic/secrets/gitleaks/linear-api-key.yaml | 2 +- .../gitleaks/linear-client-secret.yaml | 2 +- .../secrets/gitleaks/linkedin-client-id.yaml | 2 +- .../gitleaks/linkedin-client-secret.yaml | 2 +- generic/secrets/gitleaks/lob-api-key.yaml | 2 +- generic/secrets/gitleaks/lob-pub-api-key.yaml | 2 +- .../secrets/gitleaks/mailchimp-api-key.yaml | 2 +- .../gitleaks/mailgun-private-api-token.yaml | 2 +- generic/secrets/gitleaks/mailgun-pub-key.yaml | 2 +- .../secrets/gitleaks/mailgun-signing-key.yaml | 2 +- .../secrets/gitleaks/mapbox-api-token.yaml | 2 +- .../gitleaks/mattermost-access-token.yaml | 2 +- .../gitleaks/messagebird-api-token.yaml | 2 +- .../gitleaks/messagebird-client-id.yaml | 2 +- .../gitleaks/microsoft-teams-webhook.yaml | 2 +- .../gitleaks/netlify-access-token.yaml | 2 +- .../gitleaks/new-relic-browser-api-token.yaml | 2 +- .../gitleaks/new-relic-insert-key.yaml | 2 +- .../gitleaks/new-relic-user-api-id.yaml | 2 +- .../gitleaks/new-relic-user-api-key.yaml | 2 +- .../secrets/gitleaks/npm-access-token.yaml | 2 +- .../gitleaks/nuget-config-password.yaml | 26 +++++++++++++++++++ .../gitleaks/nytimes-access-token.yaml | 2 +- .../gitleaks/octopus-deploy-api-key.yaml | 26 +++++++++++++++++++ .../secrets/gitleaks/okta-access-token.yaml | 2 +- generic/secrets/gitleaks/openai-api-key.yaml | 2 +- .../gitleaks/openshift-user-token.yaml | 26 +++++++++++++++++++ generic/secrets/gitleaks/plaid-api-token.yaml | 2 +- generic/secrets/gitleaks/plaid-client-id.yaml | 2 +- .../secrets/gitleaks/plaid-secret-key.yaml | 2 +- .../gitleaks/planetscale-api-token.yaml | 2 +- .../gitleaks/planetscale-oauth-token.yaml | 2 +- .../gitleaks/planetscale-password.yaml | 2 +- .../secrets/gitleaks/postman-api-token.yaml | 2 +- .../secrets/gitleaks/prefect-api-token.yaml | 2 +- generic/secrets/gitleaks/private-key.yaml | 2 +- .../secrets/gitleaks/privateai-api-token.yaml | 26 +++++++++++++++++++ .../secrets/gitleaks/pulumi-api-token.yaml | 2 +- .../secrets/gitleaks/pypi-upload-token.yaml | 2 +- .../gitleaks/rapidapi-access-token.yaml | 2 +- .../secrets/gitleaks/readme-api-token.yaml | 2 +- .../secrets/gitleaks/rubygems-api-token.yaml | 2 +- .../secrets/gitleaks/scalingo-api-token.yaml | 2 +- .../secrets/gitleaks/sendbird-access-id.yaml | 2 +- .../gitleaks/sendbird-access-token.yaml | 2 +- .../secrets/gitleaks/sendgrid-api-token.yaml | 2 +- .../gitleaks/sendinblue-api-token.yaml | 2 +- .../secrets/gitleaks/sentry-access-token.yaml | 2 +- .../secrets/gitleaks/sentry-org-token.yaml | 26 +++++++++++++++++++ .../secrets/gitleaks/sentry-user-token.yaml | 26 +++++++++++++++++++ .../settlemint-application-access-token.yaml | 26 +++++++++++++++++++ .../settlemint-personal-access-token.yaml | 26 +++++++++++++++++++ .../settlemint-service-access-token.yaml | 26 +++++++++++++++++++ .../secrets/gitleaks/shippo-api-token.yaml | 2 +- .../gitleaks/shopify-access-token.yaml | 2 +- .../gitleaks/shopify-custom-access-token.yaml | 2 +- .../shopify-private-app-access-token.yaml | 2 +- .../gitleaks/shopify-shared-secret.yaml | 2 +- generic/secrets/gitleaks/sidekiq-secret.yaml | 2 +- .../gitleaks/sidekiq-sensitive-url.yaml | 2 +- generic/secrets/gitleaks/slack-app-token.yaml | 2 +- generic/secrets/gitleaks/slack-bot-token.yaml | 2 +- .../gitleaks/slack-config-access-token.yaml | 2 +- .../gitleaks/slack-config-refresh-token.yaml | 2 +- .../gitleaks/slack-legacy-bot-token.yaml | 2 +- .../secrets/gitleaks/slack-webhook-url.yaml | 2 +- generic/secrets/gitleaks/snyk-api-token.yaml | 2 +- .../secrets/gitleaks/square-access-token.yaml | 2 +- .../gitleaks/squarespace-access-token.yaml | 2 +- .../secrets/gitleaks/stripe-access-token.yaml | 2 +- .../secrets/gitleaks/sumologic-access-id.yaml | 2 +- .../gitleaks/sumologic-access-token.yaml | 2 +- .../gitleaks/telegram-bot-api-token.yaml | 2 +- .../gitleaks/travisci-access-token.yaml | 2 +- generic/secrets/gitleaks/twilio-api-key.yaml | 2 +- .../secrets/gitleaks/twitch-api-token.yaml | 2 +- .../gitleaks/twitter-access-secret.yaml | 2 +- .../gitleaks/twitter-access-token.yaml | 2 +- generic/secrets/gitleaks/twitter-api-key.yaml | 2 +- .../secrets/gitleaks/twitter-api-secret.yaml | 2 +- .../gitleaks/twitter-bearer-token.yaml | 2 +- .../secrets/gitleaks/typeform-api-token.yaml | 2 +- .../secrets/gitleaks/vault-batch-token.yaml | 2 +- .../secrets/gitleaks/vault-service-token.yaml | 2 +- .../secrets/gitleaks/yandex-access-token.yaml | 2 +- generic/secrets/gitleaks/yandex-api-key.yaml | 2 +- .../gitleaks/yandex-aws-access-token.yaml | 2 +- .../secrets/gitleaks/zendesk-secret-key.yaml | 2 +- 198 files changed, 898 insertions(+), 170 deletions(-) create mode 100644 generic/secrets/gitleaks/1password-service-account-token.yaml create mode 100644 generic/secrets/gitleaks/azure-ad-client-secret.yaml create mode 100644 generic/secrets/gitleaks/cohere-api-token.yaml create mode 100644 generic/secrets/gitleaks/curl-auth-header.yaml create mode 100644 generic/secrets/gitleaks/curl-auth-user.yaml create mode 100644 generic/secrets/gitleaks/flyio-access-token.yaml create mode 100644 generic/secrets/gitleaks/freemius-secret-key.yaml create mode 100644 generic/secrets/gitleaks/gitlab-cicd-job-token.yaml create mode 100644 generic/secrets/gitleaks/gitlab-deploy-token.yaml create mode 100644 generic/secrets/gitleaks/gitlab-feature-flag-client-token.yaml create mode 100644 generic/secrets/gitleaks/gitlab-feed-token.yaml create mode 100644 generic/secrets/gitleaks/gitlab-incoming-mail-token.yaml create mode 100644 generic/secrets/gitleaks/gitlab-kubernetes-agent-token.yaml create mode 100644 generic/secrets/gitleaks/gitlab-oauth-app-secret.yaml create mode 100644 generic/secrets/gitleaks/gitlab-pat-routable.yaml create mode 100644 generic/secrets/gitleaks/gitlab-runner-authentication-token.yaml create mode 100644 generic/secrets/gitleaks/gitlab-scim-token.yaml create mode 100644 generic/secrets/gitleaks/gitlab-session-cookie.yaml create mode 100644 generic/secrets/gitleaks/kubernetes-secret-yaml.yaml create mode 100644 generic/secrets/gitleaks/nuget-config-password.yaml create mode 100644 generic/secrets/gitleaks/octopus-deploy-api-key.yaml create mode 100644 generic/secrets/gitleaks/openshift-user-token.yaml create mode 100644 generic/secrets/gitleaks/privateai-api-token.yaml create mode 100644 generic/secrets/gitleaks/sentry-org-token.yaml create mode 100644 generic/secrets/gitleaks/sentry-user-token.yaml create mode 100644 generic/secrets/gitleaks/settlemint-application-access-token.yaml create mode 100644 generic/secrets/gitleaks/settlemint-personal-access-token.yaml create mode 100644 generic/secrets/gitleaks/settlemint-service-access-token.yaml diff --git a/generic/secrets/gitleaks/1password-service-account-token.yaml b/generic/secrets/gitleaks/1password-service-account-token.yaml new file mode 100644 index 0000000000..afc9765462 --- /dev/null +++ b/generic/secrets/gitleaks/1password-service-account-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: 1password-service-account-token + message: A gitleaks 1password-service-account-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (ops_eyJ[a-zA-Z0-9+/]{250,}={0,3}) diff --git a/generic/secrets/gitleaks/adafruit-api-key.yaml b/generic/secrets/gitleaks/adafruit-api-key.yaml index 7414a57e4a..a4a974151e 100644 --- a/generic/secrets/gitleaks/adafruit-api-key.yaml +++ b/generic/secrets/gitleaks/adafruit-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:adafruit)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:adafruit)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/adobe-client-id.yaml b/generic/secrets/gitleaks/adobe-client-id.yaml index e5c30adf39..77a37daef2 100644 --- a/generic/secrets/gitleaks/adobe-client-id.yaml +++ b/generic/secrets/gitleaks/adobe-client-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:adobe)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:adobe)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/adobe-client-secret.yaml b/generic/secrets/gitleaks/adobe-client-secret.yaml index 01effd0a9e..b348d72255 100644 --- a/generic/secrets/gitleaks/adobe-client-secret.yaml +++ b/generic/secrets/gitleaks/adobe-client-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b((p8e-)(?i)[a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(p8e-(?i)[a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/age-secret-key.yaml b/generic/secrets/gitleaks/age-secret-key.yaml index fd32bd955a..f3ab7d18ff 100644 --- a/generic/secrets/gitleaks/age-secret-key.yaml +++ b/generic/secrets/gitleaks/age-secret-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58} + - pattern-regex: (AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}) diff --git a/generic/secrets/gitleaks/airtable-api-key.yaml b/generic/secrets/gitleaks/airtable-api-key.yaml index ffc6b5b143..f8ff9d67a5 100644 --- a/generic/secrets/gitleaks/airtable-api-key.yaml +++ b/generic/secrets/gitleaks/airtable-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:airtable)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{17})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:airtable)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{17})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/algolia-api-key.yaml b/generic/secrets/gitleaks/algolia-api-key.yaml index 0f0a5f0a34..648ad1008c 100644 --- a/generic/secrets/gitleaks/algolia-api-key.yaml +++ b/generic/secrets/gitleaks/algolia-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:algolia)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:algolia)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/alibaba-access-key-id.yaml b/generic/secrets/gitleaks/alibaba-access-key-id.yaml index 1d1d5cd203..913f72ec4b 100644 --- a/generic/secrets/gitleaks/alibaba-access-key-id.yaml +++ b/generic/secrets/gitleaks/alibaba-access-key-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b((LTAI)(?i)[a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(LTAI(?i)[a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/alibaba-secret-key.yaml b/generic/secrets/gitleaks/alibaba-secret-key.yaml index 595e513d91..318ef2f79e 100644 --- a/generic/secrets/gitleaks/alibaba-secret-key.yaml +++ b/generic/secrets/gitleaks/alibaba-secret-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:alibaba)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:alibaba)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/asana-client-id.yaml b/generic/secrets/gitleaks/asana-client-id.yaml index 1f88459c0b..143bbb657d 100644 --- a/generic/secrets/gitleaks/asana-client-id.yaml +++ b/generic/secrets/gitleaks/asana-client-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:asana)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/asana-client-secret.yaml b/generic/secrets/gitleaks/asana-client-secret.yaml index 9bf28eb7a9..6a5f44c517 100644 --- a/generic/secrets/gitleaks/asana-client-secret.yaml +++ b/generic/secrets/gitleaks/asana-client-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:asana)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/atlassian-api-token.yaml b/generic/secrets/gitleaks/atlassian-api-token.yaml index 1fcebb128f..3b5f7997c7 100644 --- a/generic/secrets/gitleaks/atlassian-api-token.yaml +++ b/generic/secrets/gitleaks/atlassian-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:atlassian|confluence|jira)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ([\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:atlassian|confluence|jira)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3})(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-zA-Z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)|\b(ATATT3[A-Za-z0-9_\-=]{186})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/authress-service-client-access-key.yaml b/generic/secrets/gitleaks/authress-service-client-access-key.yaml index 7ffeba74c0..284e4c6e7f 100644 --- a/generic/secrets/gitleaks/authress-service-client-access-key.yaml +++ b/generic/secrets/gitleaks/authress-service-client-access-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b((?:sc|ext|scauth|authress)_[a-z0-9]{5,30}\.[a-z0-9]{4,6}\.acc[_-][a-z0-9-]{10,32}\.[a-z0-9+/_=-]{30,120})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b((?:sc|ext|scauth|authress)_(?i)[a-z0-9]{5,30}\.[a-z0-9]{4,6}\.(?-i:acc)[_-][a-z0-9-]{10,32}\.[a-z0-9+/_=-]{30,120})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/aws-access-token.yaml b/generic/secrets/gitleaks/aws-access-token.yaml index 8fa251c7d6..39e336a153 100644 --- a/generic/secrets/gitleaks/aws-access-token.yaml +++ b/generic/secrets/gitleaks/aws-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16} + - pattern-regex: (\b((?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16})\b) diff --git a/generic/secrets/gitleaks/azure-ad-client-secret.yaml b/generic/secrets/gitleaks/azure-ad-client-secret.yaml new file mode 100644 index 0000000000..4e74654742 --- /dev/null +++ b/generic/secrets/gitleaks/azure-ad-client-secret.yaml @@ -0,0 +1,26 @@ +rules: +- id: azure-ad-client-secret + message: A gitleaks azure-ad-client-secret was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: ((?:^|[\\'"\x60\s>=:(,)])([a-zA-Z0-9_~.]{3}\dQ~[a-zA-Z0-9_~.-]{31,34})(?:$|[\\'"\x60\s<),])) diff --git a/generic/secrets/gitleaks/beamer-api-token.yaml b/generic/secrets/gitleaks/beamer-api-token.yaml index a55bcee05d..f4410d004a 100644 --- a/generic/secrets/gitleaks/beamer-api-token.yaml +++ b/generic/secrets/gitleaks/beamer-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:beamer)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(b_[a-z0-9=_\-]{44})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:beamer)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(b_[a-z0-9=_\-]{44})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/bitbucket-client-id.yaml b/generic/secrets/gitleaks/bitbucket-client-id.yaml index 80c036617a..d93fb157ba 100644 --- a/generic/secrets/gitleaks/bitbucket-client-id.yaml +++ b/generic/secrets/gitleaks/bitbucket-client-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:bitbucket)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/bitbucket-client-secret.yaml b/generic/secrets/gitleaks/bitbucket-client-secret.yaml index b5ede43cda..fc85d4e0b0 100644 --- a/generic/secrets/gitleaks/bitbucket-client-secret.yaml +++ b/generic/secrets/gitleaks/bitbucket-client-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:bitbucket)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/bittrex-access-key.yaml b/generic/secrets/gitleaks/bittrex-access-key.yaml index a3206ae4e9..afa966f936 100644 --- a/generic/secrets/gitleaks/bittrex-access-key.yaml +++ b/generic/secrets/gitleaks/bittrex-access-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:bittrex)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/bittrex-secret-key.yaml b/generic/secrets/gitleaks/bittrex-secret-key.yaml index c87a9f164b..8b779c1630 100644 --- a/generic/secrets/gitleaks/bittrex-secret-key.yaml +++ b/generic/secrets/gitleaks/bittrex-secret-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:bittrex)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/clojars-api-token.yaml b/generic/secrets/gitleaks/clojars-api-token.yaml index 1bd151c065..8131050bca 100644 --- a/generic/secrets/gitleaks/clojars-api-token.yaml +++ b/generic/secrets/gitleaks/clojars-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(CLOJARS_)[a-z0-9]{60} + - pattern-regex: ((?i)CLOJARS_[a-z0-9]{60}) diff --git a/generic/secrets/gitleaks/cloudflare-api-key.yaml b/generic/secrets/gitleaks/cloudflare-api-key.yaml index 33e967153a..4b3d2c8d41 100644 --- a/generic/secrets/gitleaks/cloudflare-api-key.yaml +++ b/generic/secrets/gitleaks/cloudflare-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:cloudflare)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:cloudflare)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/cloudflare-global-api-key.yaml b/generic/secrets/gitleaks/cloudflare-global-api-key.yaml index 9d014dbdb8..43032fc813 100644 --- a/generic/secrets/gitleaks/cloudflare-global-api-key.yaml +++ b/generic/secrets/gitleaks/cloudflare-global-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:cloudflare)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{37})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:cloudflare)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{37})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/cloudflare-origin-ca-key.yaml b/generic/secrets/gitleaks/cloudflare-origin-ca-key.yaml index adf4b23b22..b68696ad86 100644 --- a/generic/secrets/gitleaks/cloudflare-origin-ca-key.yaml +++ b/generic/secrets/gitleaks/cloudflare-origin-ca-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: \b(v1\.0-[a-f0-9]{24}-[a-f0-9]{146})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(v1\.0-[a-f0-9]{24}-[a-f0-9]{146})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/codecov-access-token.yaml b/generic/secrets/gitleaks/codecov-access-token.yaml index f9515d316f..484b6f1293 100644 --- a/generic/secrets/gitleaks/codecov-access-token.yaml +++ b/generic/secrets/gitleaks/codecov-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:codecov)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:codecov)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/cohere-api-token.yaml b/generic/secrets/gitleaks/cohere-api-token.yaml new file mode 100644 index 0000000000..78fdae8f0f --- /dev/null +++ b/generic/secrets/gitleaks/cohere-api-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: cohere-api-token + message: A gitleaks cohere-api-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: ([\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:cohere|CO_API_KEY)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3})(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-zA-Z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/coinbase-access-token.yaml b/generic/secrets/gitleaks/coinbase-access-token.yaml index 4fd9aebe89..ea9c646bf6 100644 --- a/generic/secrets/gitleaks/coinbase-access-token.yaml +++ b/generic/secrets/gitleaks/coinbase-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:coinbase)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:coinbase)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/confluent-access-token.yaml b/generic/secrets/gitleaks/confluent-access-token.yaml index bbc6ce8f49..52a1a3f8d6 100644 --- a/generic/secrets/gitleaks/confluent-access-token.yaml +++ b/generic/secrets/gitleaks/confluent-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:confluent)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/confluent-secret-key.yaml b/generic/secrets/gitleaks/confluent-secret-key.yaml index fb7cb1f52d..859ae9787c 100644 --- a/generic/secrets/gitleaks/confluent-secret-key.yaml +++ b/generic/secrets/gitleaks/confluent-secret-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:confluent)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/contentful-delivery-api-token.yaml b/generic/secrets/gitleaks/contentful-delivery-api-token.yaml index 8ec12ef026..ce221fcfeb 100644 --- a/generic/secrets/gitleaks/contentful-delivery-api-token.yaml +++ b/generic/secrets/gitleaks/contentful-delivery-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:contentful)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{43})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:contentful)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{43})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/curl-auth-header.yaml b/generic/secrets/gitleaks/curl-auth-header.yaml new file mode 100644 index 0000000000..8fab490b5e --- /dev/null +++ b/generic/secrets/gitleaks/curl-auth-header.yaml @@ -0,0 +1,26 @@ +rules: +- id: curl-auth-header + message: A gitleaks curl-auth-header was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (\bcurl\b(?:.*?|.*?(?:[\r\n]{1,2}.*?){1,5})[ \t\n\r](?:-H|--header)(?:=|[ \t]{0,5})(?:"(?i)(?:Authorization:[ \t]{0,5}(?:Basic[ \t]([a-z0-9+/]{8,}={0,3})|(?:Bearer|(?:Api-)?Token)[ \t]([\w=~@.+/-]{8,})|([\w=~@.+/-]{8,}))|(?:(?:X-(?:[a-z]+-)?)?(?:Api-?)?(?:Key|Token)):[ \t]{0,5}([\w=~@.+/-]{8,}))"|'(?i)(?:Authorization:[ \t]{0,5}(?:Basic[ \t]([a-z0-9+/]{8,}={0,3})|(?:Bearer|(?:Api-)?Token)[ \t]([\w=~@.+/-]{8,})|([\w=~@.+/-]{8,}))|(?:(?:X-(?:[a-z]+-)?)?(?:Api-?)?(?:Key|Token)):[ \t]{0,5}([\w=~@.+/-]{8,}))')(?:\B|\s|\z)) diff --git a/generic/secrets/gitleaks/curl-auth-user.yaml b/generic/secrets/gitleaks/curl-auth-user.yaml new file mode 100644 index 0000000000..d06f196384 --- /dev/null +++ b/generic/secrets/gitleaks/curl-auth-user.yaml @@ -0,0 +1,26 @@ +rules: +- id: curl-auth-user + message: A gitleaks curl-auth-user was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (\bcurl\b(?:.*|.*(?:[\r\n]{1,2}.*){1,5})[ \t\n\r](?:-u|--user)(?:=|[ \t]{0,5})(?:"([^:"]{3,}:[^"]{3,})"|'([^:']{3,}:[^']{3,})'|((?:"[^"]{3,}"|'[^']{3,}'|[\w$@.-]+):(?:"[^"]{3,}"|'[^']{3,}'|[\w${}@.-]+)))(?:\s|\z)) diff --git a/generic/secrets/gitleaks/databricks-api-token.yaml b/generic/secrets/gitleaks/databricks-api-token.yaml index ba1e2023de..0f53100e51 100644 --- a/generic/secrets/gitleaks/databricks-api-token.yaml +++ b/generic/secrets/gitleaks/databricks-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(dapi[a-h0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(dapi[a-f0-9]{32}(?:-\d)?)(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/datadog-access-token.yaml b/generic/secrets/gitleaks/datadog-access-token.yaml index 73a332402c..c3631f4234 100644 --- a/generic/secrets/gitleaks/datadog-access-token.yaml +++ b/generic/secrets/gitleaks/datadog-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:datadog)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:datadog)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/defined-networking-api-token.yaml b/generic/secrets/gitleaks/defined-networking-api-token.yaml index ad67b31107..f1b9742404 100644 --- a/generic/secrets/gitleaks/defined-networking-api-token.yaml +++ b/generic/secrets/gitleaks/defined-networking-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:dnkey)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(dnkey-[a-z0-9=_\-]{26}-[a-z0-9=_\-]{52})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:dnkey)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(dnkey-[a-z0-9=_\-]{26}-[a-z0-9=_\-]{52})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/digitalocean-access-token.yaml b/generic/secrets/gitleaks/digitalocean-access-token.yaml index 4d907631dc..d9cd621437 100644 --- a/generic/secrets/gitleaks/digitalocean-access-token.yaml +++ b/generic/secrets/gitleaks/digitalocean-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(doo_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(doo_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/digitalocean-pat.yaml b/generic/secrets/gitleaks/digitalocean-pat.yaml index 48cc5bf5d3..d2d230112a 100644 --- a/generic/secrets/gitleaks/digitalocean-pat.yaml +++ b/generic/secrets/gitleaks/digitalocean-pat.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(dop_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(dop_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/digitalocean-refresh-token.yaml b/generic/secrets/gitleaks/digitalocean-refresh-token.yaml index c4abd2e6d7..3396467d4c 100644 --- a/generic/secrets/gitleaks/digitalocean-refresh-token.yaml +++ b/generic/secrets/gitleaks/digitalocean-refresh-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(dor_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)\b(dor_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/discord-api-token.yaml b/generic/secrets/gitleaks/discord-api-token.yaml index 10305163a1..dda108160a 100644 --- a/generic/secrets/gitleaks/discord-api-token.yaml +++ b/generic/secrets/gitleaks/discord-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:discord)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/discord-client-id.yaml b/generic/secrets/gitleaks/discord-client-id.yaml index 2a3f34c885..7904ad86ca 100644 --- a/generic/secrets/gitleaks/discord-client-id.yaml +++ b/generic/secrets/gitleaks/discord-client-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{18})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:discord)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{18})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/discord-client-secret.yaml b/generic/secrets/gitleaks/discord-client-secret.yaml index 0dc0a21caf..0f29c496fd 100644 --- a/generic/secrets/gitleaks/discord-client-secret.yaml +++ b/generic/secrets/gitleaks/discord-client-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:discord)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/doppler-api-token.yaml b/generic/secrets/gitleaks/doppler-api-token.yaml index 4fa906b50d..9c9366b7bf 100644 --- a/generic/secrets/gitleaks/doppler-api-token.yaml +++ b/generic/secrets/gitleaks/doppler-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (dp\.pt\.)(?i)[a-z0-9]{43} + - pattern-regex: (dp\.pt\.(?i)[a-z0-9]{43}) diff --git a/generic/secrets/gitleaks/droneci-access-token.yaml b/generic/secrets/gitleaks/droneci-access-token.yaml index 87b22f19f6..2e9a0e5e01 100644 --- a/generic/secrets/gitleaks/droneci-access-token.yaml +++ b/generic/secrets/gitleaks/droneci-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:droneci)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:droneci)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/dropbox-api-token.yaml b/generic/secrets/gitleaks/dropbox-api-token.yaml index 44e072e701..057ecc627d 100644 --- a/generic/secrets/gitleaks/dropbox-api-token.yaml +++ b/generic/secrets/gitleaks/dropbox-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{15})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:dropbox)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{15})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/dropbox-long-lived-api-token.yaml b/generic/secrets/gitleaks/dropbox-long-lived-api-token.yaml index b0edbad230..8886666504 100644 --- a/generic/secrets/gitleaks/dropbox-long-lived-api-token.yaml +++ b/generic/secrets/gitleaks/dropbox-long-lived-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\-_=]{43})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:dropbox)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\-_=]{43})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/dropbox-short-lived-api-token.yaml b/generic/secrets/gitleaks/dropbox-short-lived-api-token.yaml index e6c729aeae..ec5690b095 100644 --- a/generic/secrets/gitleaks/dropbox-short-lived-api-token.yaml +++ b/generic/secrets/gitleaks/dropbox-short-lived-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(sl\.[a-z0-9\-=_]{135})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:dropbox)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(sl\.[a-z0-9\-=_]{135})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/duffel-api-token.yaml b/generic/secrets/gitleaks/duffel-api-token.yaml index 93a67e4ea9..7560962e7a 100644 --- a/generic/secrets/gitleaks/duffel-api-token.yaml +++ b/generic/secrets/gitleaks/duffel-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: duffel_(test|live)_(?i)[a-z0-9_\-=]{43} + - pattern-regex: (duffel_(?:test|live)_(?i)[a-z0-9_\-=]{43}) diff --git a/generic/secrets/gitleaks/dynatrace-api-token.yaml b/generic/secrets/gitleaks/dynatrace-api-token.yaml index 1b8632cd81..581a9c78fc 100644 --- a/generic/secrets/gitleaks/dynatrace-api-token.yaml +++ b/generic/secrets/gitleaks/dynatrace-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: dt0c01\.(?i)[a-z0-9]{24}\.[a-z0-9]{64} + - pattern-regex: (dt0c01\.(?i)[a-z0-9]{24}\.[a-z0-9]{64}) diff --git a/generic/secrets/gitleaks/easypost-api-token.yaml b/generic/secrets/gitleaks/easypost-api-token.yaml index bb01dc144e..72e9e69731 100644 --- a/generic/secrets/gitleaks/easypost-api-token.yaml +++ b/generic/secrets/gitleaks/easypost-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: \bEZAK(?i)[a-z0-9]{54} + - pattern-regex: (\bEZAK(?i)[a-z0-9]{54}\b) diff --git a/generic/secrets/gitleaks/easypost-test-api-token.yaml b/generic/secrets/gitleaks/easypost-test-api-token.yaml index c62c3d8f91..2567db2301 100644 --- a/generic/secrets/gitleaks/easypost-test-api-token.yaml +++ b/generic/secrets/gitleaks/easypost-test-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: \bEZTK(?i)[a-z0-9]{54} + - pattern-regex: (\bEZTK(?i)[a-z0-9]{54}\b) diff --git a/generic/secrets/gitleaks/etsy-access-token.yaml b/generic/secrets/gitleaks/etsy-access-token.yaml index 799c2e9a2a..8c086df9cf 100644 --- a/generic/secrets/gitleaks/etsy-access-token.yaml +++ b/generic/secrets/gitleaks/etsy-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:etsy)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:(?-i:ETSY|[Ee]tsy))(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/facebook-access-token.yaml b/generic/secrets/gitleaks/facebook-access-token.yaml index 2344c7643e..cf7c579a79 100644 --- a/generic/secrets/gitleaks/facebook-access-token.yaml +++ b/generic/secrets/gitleaks/facebook-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(\d{15,16}(\||%)[0-9a-z\-_]{27,40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)\b(\d{15,16}(\||%)[0-9a-z\-_]{27,40})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/facebook-page-access-token.yaml b/generic/secrets/gitleaks/facebook-page-access-token.yaml index 5e8191f515..9ae9a77a03 100644 --- a/generic/secrets/gitleaks/facebook-page-access-token.yaml +++ b/generic/secrets/gitleaks/facebook-page-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(EAA[MC][a-z0-9]{20,})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(EAA[MC](?i)[a-z0-9]{100,})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/facebook-secret.yaml b/generic/secrets/gitleaks/facebook-secret.yaml index 1d5facc02a..830e0bc841 100644 --- a/generic/secrets/gitleaks/facebook-secret.yaml +++ b/generic/secrets/gitleaks/facebook-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:facebook)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:facebook)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/fastly-api-token.yaml b/generic/secrets/gitleaks/fastly-api-token.yaml index b2b539313d..87832ac34b 100644 --- a/generic/secrets/gitleaks/fastly-api-token.yaml +++ b/generic/secrets/gitleaks/fastly-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:fastly)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:fastly)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/finicity-api-token.yaml b/generic/secrets/gitleaks/finicity-api-token.yaml index 57b97e251e..15ac7b249c 100644 --- a/generic/secrets/gitleaks/finicity-api-token.yaml +++ b/generic/secrets/gitleaks/finicity-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:finicity)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:finicity)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/finicity-client-secret.yaml b/generic/secrets/gitleaks/finicity-client-secret.yaml index 47fdf50289..c113b128b8 100644 --- a/generic/secrets/gitleaks/finicity-client-secret.yaml +++ b/generic/secrets/gitleaks/finicity-client-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:finicity)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:finicity)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/finnhub-access-token.yaml b/generic/secrets/gitleaks/finnhub-access-token.yaml index caa2249c36..d1ef24cb04 100644 --- a/generic/secrets/gitleaks/finnhub-access-token.yaml +++ b/generic/secrets/gitleaks/finnhub-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:finnhub)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:finnhub)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/flickr-access-token.yaml b/generic/secrets/gitleaks/flickr-access-token.yaml index df72d9b46d..21817c34cf 100644 --- a/generic/secrets/gitleaks/flickr-access-token.yaml +++ b/generic/secrets/gitleaks/flickr-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:flickr)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:flickr)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/flutterwave-encryption-key.yaml b/generic/secrets/gitleaks/flutterwave-encryption-key.yaml index 6f443836bd..00a04c0f5a 100644 --- a/generic/secrets/gitleaks/flutterwave-encryption-key.yaml +++ b/generic/secrets/gitleaks/flutterwave-encryption-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: FLWSECK_TEST-(?i)[a-h0-9]{12} + - pattern-regex: (FLWSECK_TEST-(?i)[a-h0-9]{12}) diff --git a/generic/secrets/gitleaks/flutterwave-public-key.yaml b/generic/secrets/gitleaks/flutterwave-public-key.yaml index 3a79099834..cca4cbec42 100644 --- a/generic/secrets/gitleaks/flutterwave-public-key.yaml +++ b/generic/secrets/gitleaks/flutterwave-public-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: FLWPUBK_TEST-(?i)[a-h0-9]{32}-X + - pattern-regex: (FLWPUBK_TEST-(?i)[a-h0-9]{32}-X) diff --git a/generic/secrets/gitleaks/flutterwave-secret-key.yaml b/generic/secrets/gitleaks/flutterwave-secret-key.yaml index cc7bd0d694..565a2cafa7 100644 --- a/generic/secrets/gitleaks/flutterwave-secret-key.yaml +++ b/generic/secrets/gitleaks/flutterwave-secret-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: FLWSECK_TEST-(?i)[a-h0-9]{32}-X + - pattern-regex: (FLWSECK_TEST-(?i)[a-h0-9]{32}-X) diff --git a/generic/secrets/gitleaks/flyio-access-token.yaml b/generic/secrets/gitleaks/flyio-access-token.yaml new file mode 100644 index 0000000000..91c56d1795 --- /dev/null +++ b/generic/secrets/gitleaks/flyio-access-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: flyio-access-token + message: A gitleaks flyio-access-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (\b((?:fo1_[\w-]{43}|fm1[ar]_[a-zA-Z0-9+\/]{100,}={0,3}|fm2_[a-zA-Z0-9+\/]{100,}={0,3}))(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/frameio-api-token.yaml b/generic/secrets/gitleaks/frameio-api-token.yaml index 4daf4c8d92..0b800a708b 100644 --- a/generic/secrets/gitleaks/frameio-api-token.yaml +++ b/generic/secrets/gitleaks/frameio-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: fio-u-(?i)[a-z0-9\-_=]{64} + - pattern-regex: (fio-u-(?i)[a-z0-9\-_=]{64}) diff --git a/generic/secrets/gitleaks/freemius-secret-key.yaml b/generic/secrets/gitleaks/freemius-secret-key.yaml new file mode 100644 index 0000000000..67e3ad2d45 --- /dev/null +++ b/generic/secrets/gitleaks/freemius-secret-key.yaml @@ -0,0 +1,26 @@ +rules: +- id: freemius-secret-key + message: A gitleaks freemius-secret-key was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: ((?i)["']secret_key["']\s*=>\s*["'](sk_[\S]{29})["']) diff --git a/generic/secrets/gitleaks/freshbooks-access-token.yaml b/generic/secrets/gitleaks/freshbooks-access-token.yaml index c2abe89406..78dc4f21a2 100644 --- a/generic/secrets/gitleaks/freshbooks-access-token.yaml +++ b/generic/secrets/gitleaks/freshbooks-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:freshbooks)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:freshbooks)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/gcp-api-key.yaml b/generic/secrets/gitleaks/gcp-api-key.yaml index 6ceb4d34d1..3fe0ef5088 100644 --- a/generic/secrets/gitleaks/gcp-api-key.yaml +++ b/generic/secrets/gitleaks/gcp-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(AIza[0-9A-Za-z\\-_]{35})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(AIza[\w-]{35})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/github-app-token.yaml b/generic/secrets/gitleaks/github-app-token.yaml index 269ba4b25a..a10c5b8147 100644 --- a/generic/secrets/gitleaks/github-app-token.yaml +++ b/generic/secrets/gitleaks/github-app-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (ghu|ghs)_[0-9a-zA-Z]{36} + - pattern-regex: ((?:ghu|ghs)_[0-9a-zA-Z]{36}) diff --git a/generic/secrets/gitleaks/github-fine-grained-pat.yaml b/generic/secrets/gitleaks/github-fine-grained-pat.yaml index a8557c8a48..0f9e1c1844 100644 --- a/generic/secrets/gitleaks/github-fine-grained-pat.yaml +++ b/generic/secrets/gitleaks/github-fine-grained-pat.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: github_pat_[0-9a-zA-Z_]{82} + - pattern-regex: (github_pat_\w{82}) diff --git a/generic/secrets/gitleaks/github-oauth.yaml b/generic/secrets/gitleaks/github-oauth.yaml index 0d9a0b10f7..8937240664 100644 --- a/generic/secrets/gitleaks/github-oauth.yaml +++ b/generic/secrets/gitleaks/github-oauth.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: gho_[0-9a-zA-Z]{36} + - pattern-regex: (gho_[0-9a-zA-Z]{36}) diff --git a/generic/secrets/gitleaks/github-pat.yaml b/generic/secrets/gitleaks/github-pat.yaml index c0468682a0..34eabfec47 100644 --- a/generic/secrets/gitleaks/github-pat.yaml +++ b/generic/secrets/gitleaks/github-pat.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: ghp_[0-9a-zA-Z]{36} + - pattern-regex: (ghp_[0-9a-zA-Z]{36}) diff --git a/generic/secrets/gitleaks/github-refresh-token.yaml b/generic/secrets/gitleaks/github-refresh-token.yaml index 4107387505..e5e79751cc 100644 --- a/generic/secrets/gitleaks/github-refresh-token.yaml +++ b/generic/secrets/gitleaks/github-refresh-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: ghr_[0-9a-zA-Z]{36} + - pattern-regex: (ghr_[0-9a-zA-Z]{36}) diff --git a/generic/secrets/gitleaks/gitlab-cicd-job-token.yaml b/generic/secrets/gitleaks/gitlab-cicd-job-token.yaml new file mode 100644 index 0000000000..e48885fa94 --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-cicd-job-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-cicd-job-token + message: A gitleaks gitlab-cicd-job-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (glcbt-[0-9a-zA-Z]{1,5}_[0-9a-zA-Z_-]{20}) diff --git a/generic/secrets/gitleaks/gitlab-deploy-token.yaml b/generic/secrets/gitleaks/gitlab-deploy-token.yaml new file mode 100644 index 0000000000..f6e2bc7bd1 --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-deploy-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-deploy-token + message: A gitleaks gitlab-deploy-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (gldt-[0-9a-zA-Z_\-]{20}) diff --git a/generic/secrets/gitleaks/gitlab-feature-flag-client-token.yaml b/generic/secrets/gitleaks/gitlab-feature-flag-client-token.yaml new file mode 100644 index 0000000000..042a096b10 --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-feature-flag-client-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-feature-flag-client-token + message: A gitleaks gitlab-feature-flag-client-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (glffct-[0-9a-zA-Z_\-]{20}) diff --git a/generic/secrets/gitleaks/gitlab-feed-token.yaml b/generic/secrets/gitleaks/gitlab-feed-token.yaml new file mode 100644 index 0000000000..2b35d0ba96 --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-feed-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-feed-token + message: A gitleaks gitlab-feed-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (glft-[0-9a-zA-Z_\-]{20}) diff --git a/generic/secrets/gitleaks/gitlab-incoming-mail-token.yaml b/generic/secrets/gitleaks/gitlab-incoming-mail-token.yaml new file mode 100644 index 0000000000..87ed533357 --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-incoming-mail-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-incoming-mail-token + message: A gitleaks gitlab-incoming-mail-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (glimt-[0-9a-zA-Z_\-]{25}) diff --git a/generic/secrets/gitleaks/gitlab-kubernetes-agent-token.yaml b/generic/secrets/gitleaks/gitlab-kubernetes-agent-token.yaml new file mode 100644 index 0000000000..1adbfe0bcd --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-kubernetes-agent-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-kubernetes-agent-token + message: A gitleaks gitlab-kubernetes-agent-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (glagent-[0-9a-zA-Z_\-]{50}) diff --git a/generic/secrets/gitleaks/gitlab-oauth-app-secret.yaml b/generic/secrets/gitleaks/gitlab-oauth-app-secret.yaml new file mode 100644 index 0000000000..a69fbe70cf --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-oauth-app-secret.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-oauth-app-secret + message: A gitleaks gitlab-oauth-app-secret was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (gloas-[0-9a-zA-Z_\-]{64}) diff --git a/generic/secrets/gitleaks/gitlab-pat-routable.yaml b/generic/secrets/gitleaks/gitlab-pat-routable.yaml new file mode 100644 index 0000000000..566967d964 --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-pat-routable.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-pat-routable + message: A gitleaks gitlab-pat-routable was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (\bglpat-[0-9a-zA-Z_-]{27,300}\.[0-9a-z]{2}[0-9a-z]{7}\b) diff --git a/generic/secrets/gitleaks/gitlab-pat.yaml b/generic/secrets/gitleaks/gitlab-pat.yaml index 351a2a38fe..d2df589034 100644 --- a/generic/secrets/gitleaks/gitlab-pat.yaml +++ b/generic/secrets/gitleaks/gitlab-pat.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: glpat-[0-9a-zA-Z\-\_]{20} + - pattern-regex: (glpat-[\w-]{20}) diff --git a/generic/secrets/gitleaks/gitlab-ptt.yaml b/generic/secrets/gitleaks/gitlab-ptt.yaml index d915829abe..69694983c7 100644 --- a/generic/secrets/gitleaks/gitlab-ptt.yaml +++ b/generic/secrets/gitleaks/gitlab-ptt.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: glptt-[0-9a-f]{40} + - pattern-regex: (glptt-[0-9a-f]{40}) diff --git a/generic/secrets/gitleaks/gitlab-rrt.yaml b/generic/secrets/gitleaks/gitlab-rrt.yaml index 846100ef4a..63dcc435eb 100644 --- a/generic/secrets/gitleaks/gitlab-rrt.yaml +++ b/generic/secrets/gitleaks/gitlab-rrt.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: GR1348941[0-9a-zA-Z\-\_]{20} + - pattern-regex: (GR1348941[\w-]{20}) diff --git a/generic/secrets/gitleaks/gitlab-runner-authentication-token.yaml b/generic/secrets/gitleaks/gitlab-runner-authentication-token.yaml new file mode 100644 index 0000000000..66db196b4e --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-runner-authentication-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-runner-authentication-token + message: A gitleaks gitlab-runner-authentication-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (glrt-[0-9a-zA-Z_\-]{20}) diff --git a/generic/secrets/gitleaks/gitlab-scim-token.yaml b/generic/secrets/gitleaks/gitlab-scim-token.yaml new file mode 100644 index 0000000000..cdc5d89c93 --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-scim-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-scim-token + message: A gitleaks gitlab-scim-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (glsoat-[0-9a-zA-Z_\-]{20}) diff --git a/generic/secrets/gitleaks/gitlab-session-cookie.yaml b/generic/secrets/gitleaks/gitlab-session-cookie.yaml new file mode 100644 index 0000000000..100b2e1958 --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-session-cookie.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-session-cookie + message: A gitleaks gitlab-session-cookie was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (_gitlab_session=[0-9a-z]{32}) diff --git a/generic/secrets/gitleaks/gitter-access-token.yaml b/generic/secrets/gitleaks/gitter-access-token.yaml index 2cb158da4b..0ab83168ab 100644 --- a/generic/secrets/gitleaks/gitter-access-token.yaml +++ b/generic/secrets/gitleaks/gitter-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:gitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:gitter)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/gocardless-api-token.yaml b/generic/secrets/gitleaks/gocardless-api-token.yaml index b0ed689af6..3c943df972 100644 --- a/generic/secrets/gitleaks/gocardless-api-token.yaml +++ b/generic/secrets/gitleaks/gocardless-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:gocardless)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(live_(?i)[a-z0-9\-_=]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:gocardless)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(live_(?i)[a-z0-9\-_=]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/grafana-api-key.yaml b/generic/secrets/gitleaks/grafana-api-key.yaml index fa9978b807..87968b09a7 100644 --- a/generic/secrets/gitleaks/grafana-api-key.yaml +++ b/generic/secrets/gitleaks/grafana-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(eyJrIjoi[A-Za-z0-9]{70,400}={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)\b(eyJrIjoi[A-Za-z0-9]{70,400}={0,3})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/grafana-cloud-api-token.yaml b/generic/secrets/gitleaks/grafana-cloud-api-token.yaml index a34a991cb7..1bb1d7584d 100644 --- a/generic/secrets/gitleaks/grafana-cloud-api-token.yaml +++ b/generic/secrets/gitleaks/grafana-cloud-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(glc_[A-Za-z0-9+/]{32,400}={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)\b(glc_[A-Za-z0-9+/]{32,400}={0,3})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/grafana-service-account-token.yaml b/generic/secrets/gitleaks/grafana-service-account-token.yaml index 2b8440df0a..52bdada452 100644 --- a/generic/secrets/gitleaks/grafana-service-account-token.yaml +++ b/generic/secrets/gitleaks/grafana-service-account-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(glsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)\b(glsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/harness-api-key.yaml b/generic/secrets/gitleaks/harness-api-key.yaml index c668ea9573..c4931250d2 100644 --- a/generic/secrets/gitleaks/harness-api-key.yaml +++ b/generic/secrets/gitleaks/harness-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: ((?:pat|sat)\.[a-zA-Z0-9]{22}\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{20}) + - pattern-regex: ((?:pat|sat)\.[a-zA-Z0-9_-]{22}\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{20}) diff --git a/generic/secrets/gitleaks/hashicorp-tf-api-token.yaml b/generic/secrets/gitleaks/hashicorp-tf-api-token.yaml index 8e8e8b1e32..3fc094cc50 100644 --- a/generic/secrets/gitleaks/hashicorp-tf-api-token.yaml +++ b/generic/secrets/gitleaks/hashicorp-tf-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)[a-z0-9]{14}\.atlasv1\.[a-z0-9\-_=]{60,70} + - pattern-regex: ((?i)[a-z0-9]{14}\.(?-i:atlasv1)\.[a-z0-9\-_=]{60,70}) diff --git a/generic/secrets/gitleaks/hashicorp-tf-password.yaml b/generic/secrets/gitleaks/hashicorp-tf-password.yaml index 7eb7830803..b81d7bc136 100644 --- a/generic/secrets/gitleaks/hashicorp-tf-password.yaml +++ b/generic/secrets/gitleaks/hashicorp-tf-password.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:administrator_login_password|password)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}("[a-z0-9=_\-]{8,20}")(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:administrator_login_password|password)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}("[a-z0-9=_\-]{8,20}")(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/heroku-api-key.yaml b/generic/secrets/gitleaks/heroku-api-key.yaml index d56827e78b..c704b8c74b 100644 --- a/generic/secrets/gitleaks/heroku-api-key.yaml +++ b/generic/secrets/gitleaks/heroku-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:heroku)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:heroku)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/hubspot-api-key.yaml b/generic/secrets/gitleaks/hubspot-api-key.yaml index f6e7d8ee93..265c394d4a 100644 --- a/generic/secrets/gitleaks/hubspot-api-key.yaml +++ b/generic/secrets/gitleaks/hubspot-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:hubspot)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:hubspot)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/huggingface-access-token.yaml b/generic/secrets/gitleaks/huggingface-access-token.yaml index cf18c503b3..83a1beb193 100644 --- a/generic/secrets/gitleaks/huggingface-access-token.yaml +++ b/generic/secrets/gitleaks/huggingface-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?:^|[\\'"` >=:])(hf_[a-zA-Z]{34})(?:$|[\\'"` <]) + - pattern-regex: (\b(hf_(?i:[a-z]{34}))(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/huggingface-organization-api-token.yaml b/generic/secrets/gitleaks/huggingface-organization-api-token.yaml index f1d91d9073..efad953078 100644 --- a/generic/secrets/gitleaks/huggingface-organization-api-token.yaml +++ b/generic/secrets/gitleaks/huggingface-organization-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?:^|[\\'"` >=:\(,)])(api_org_[a-zA-Z]{34})(?:$|[\\'"` <\),]) + - pattern-regex: (\b(api_org_(?i:[a-z]{34}))(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/infracost-api-token.yaml b/generic/secrets/gitleaks/infracost-api-token.yaml index f5575d7734..f5b5ae2e1e 100644 --- a/generic/secrets/gitleaks/infracost-api-token.yaml +++ b/generic/secrets/gitleaks/infracost-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(ico-[a-zA-Z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(ico-[a-zA-Z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/intercom-api-key.yaml b/generic/secrets/gitleaks/intercom-api-key.yaml index 3805cd60fe..601a5136b0 100644 --- a/generic/secrets/gitleaks/intercom-api-key.yaml +++ b/generic/secrets/gitleaks/intercom-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:intercom)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{60})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:intercom)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{60})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/intra42-client-secret.yaml b/generic/secrets/gitleaks/intra42-client-secret.yaml index 08a2cc575d..58a2e28bf8 100644 --- a/generic/secrets/gitleaks/intra42-client-secret.yaml +++ b/generic/secrets/gitleaks/intra42-client-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(s-s4t2(?:ud|af)-[abcdef0123456789]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(s-s4t2(?:ud|af)-(?i)[abcdef0123456789]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/jfrog-api-key.yaml b/generic/secrets/gitleaks/jfrog-api-key.yaml index 126c75fb0e..7b4e440be0 100644 --- a/generic/secrets/gitleaks/jfrog-api-key.yaml +++ b/generic/secrets/gitleaks/jfrog-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:jfrog|artifactory|bintray|xray)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{73})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:jfrog|artifactory|bintray|xray)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{73})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/jfrog-identity-token.yaml b/generic/secrets/gitleaks/jfrog-identity-token.yaml index 6221dd82de..566e533e69 100644 --- a/generic/secrets/gitleaks/jfrog-identity-token.yaml +++ b/generic/secrets/gitleaks/jfrog-identity-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:jfrog|artifactory|bintray|xray)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:jfrog|artifactory|bintray|xray)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/jwt-base64.yaml b/generic/secrets/gitleaks/jwt-base64.yaml index 6dcfda8548..6da25430e4 100644 --- a/generic/secrets/gitleaks/jwt-base64.yaml +++ b/generic/secrets/gitleaks/jwt-base64.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: \bZXlK(?:(?PaGJHY2lPaU)|(?PaGNIVWlPaU)|(?PaGNIWWlPaU)|(?PaGRXUWlPaU)|(?PaU5qUWlP)|(?PamNtbDBJanBi)|(?PamRIa2lPaU)|(?PbGNHc2lPbn)|(?PbGJtTWlPaU)|(?PcWEzVWlPaU)|(?PcWQyc2lPb)|(?PcGMzTWlPaU)|(?PcGRpSTZJ)|(?PcmFXUWlP)|(?PclpYbGZiM0J6SWpwY)|(?PcmRIa2lPaUp)|(?PdWIyNWpaU0k2)|(?Pd01tTWlP)|(?Pd01uTWlPaU)|(?Pd2NIUWlPaU)|(?PemRXSWlPaU)|(?PemRuUWlP)|(?PMFlXY2lPaU)|(?PMGVYQWlPaUp)|(?PMWNtd2l)|(?PMWMyVWlPaUp)|(?PMlpYSWlPaU)|(?PMlpYSnphVzl1SWpv)|(?PNElqb2)|(?PNE5XTWlP)|(?PNE5YUWlPaU)|(?PNE5YUWpVekkxTmlJNkl)|(?PNE5YVWlPaU)|(?PNmFYQWlPaU))[a-zA-Z0-9\/\\_+\-\r\n]{40,}={0,2} + - pattern-regex: (\bZXlK(?:(?PaGJHY2lPaU)|(?PaGNIVWlPaU)|(?PaGNIWWlPaU)|(?PaGRXUWlPaU)|(?PaU5qUWlP)|(?PamNtbDBJanBi)|(?PamRIa2lPaU)|(?PbGNHc2lPbn)|(?PbGJtTWlPaU)|(?PcWEzVWlPaU)|(?PcWQyc2lPb)|(?PcGMzTWlPaU)|(?PcGRpSTZJ)|(?PcmFXUWlP)|(?PclpYbGZiM0J6SWpwY)|(?PcmRIa2lPaUp)|(?PdWIyNWpaU0k2)|(?Pd01tTWlP)|(?Pd01uTWlPaU)|(?Pd2NIUWlPaU)|(?PemRXSWlPaU)|(?PemRuUWlP)|(?PMFlXY2lPaU)|(?PMGVYQWlPaUp)|(?PMWNtd2l)|(?PMWMyVWlPaUp)|(?PMlpYSWlPaU)|(?PMlpYSnphVzl1SWpv)|(?PNElqb2)|(?PNE5XTWlP)|(?PNE5YUWlPaU)|(?PNE5YUWpVekkxTmlJNkl)|(?PNE5YVWlPaU)|(?PNmFYQWlPaU))[a-zA-Z0-9\/\\_+\-\r\n]{40,}={0,2}) diff --git a/generic/secrets/gitleaks/jwt.yaml b/generic/secrets/gitleaks/jwt.yaml index 24888adaef..7743d7a7e2 100644 --- a/generic/secrets/gitleaks/jwt.yaml +++ b/generic/secrets/gitleaks/jwt.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: \b(ey[a-zA-Z0-9]{17,}\.ey[a-zA-Z0-9\/\\_-]{17,}\.(?:[a-zA-Z0-9\/\\_-]{10,}={0,2})?)(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(ey[a-zA-Z0-9]{17,}\.ey[a-zA-Z0-9\/\\_-]{17,}\.(?:[a-zA-Z0-9\/\\_-]{10,}={0,2})?)(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/kraken-access-token.yaml b/generic/secrets/gitleaks/kraken-access-token.yaml index 77747eac5e..bc91617626 100644 --- a/generic/secrets/gitleaks/kraken-access-token.yaml +++ b/generic/secrets/gitleaks/kraken-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:kraken)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9\/=_\+\-]{80,90})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:kraken)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9\/=_\+\-]{80,90})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/kubernetes-secret-yaml.yaml b/generic/secrets/gitleaks/kubernetes-secret-yaml.yaml new file mode 100644 index 0000000000..7396e2fea3 --- /dev/null +++ b/generic/secrets/gitleaks/kubernetes-secret-yaml.yaml @@ -0,0 +1,26 @@ +rules: +- id: kubernetes-secret-yaml + message: A gitleaks kubernetes-secret-yaml was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: ((?i)(?:\bkind:[ \t]*["']?\bsecret\b["']?(?:.|\s){0,200}?\bdata:(?:.|\s){0,100}?\s+([\w.-]+:(?:[ \t]*(?:\||>[-+]?)\s+)?[ \t]*(?:["']?[a-z0-9+/]{10,}={0,3}["']?|\{\{[ \t\w"|$:=,.-]+}}|""|''))|\bdata:(?:.|\s){0,100}?\s+([\w.-]+:(?:[ \t]*(?:\||>[-+]?)\s+)?[ \t]*(?:["']?[a-z0-9+/]{10,}={0,3}["']?|\{\{[ \t\w"|$:=,.-]+}}|""|''))(?:.|\s){0,200}?\bkind:[ \t]*["']?\bsecret\b["']?)) diff --git a/generic/secrets/gitleaks/kucoin-access-token.yaml b/generic/secrets/gitleaks/kucoin-access-token.yaml index c7e37dc098..292ddb9b23 100644 --- a/generic/secrets/gitleaks/kucoin-access-token.yaml +++ b/generic/secrets/gitleaks/kucoin-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:kucoin)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:kucoin)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/kucoin-secret-key.yaml b/generic/secrets/gitleaks/kucoin-secret-key.yaml index e46fb38c7e..dfaadb95ed 100644 --- a/generic/secrets/gitleaks/kucoin-secret-key.yaml +++ b/generic/secrets/gitleaks/kucoin-secret-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:kucoin)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:kucoin)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/launchdarkly-access-token.yaml b/generic/secrets/gitleaks/launchdarkly-access-token.yaml index 744aa245dc..08be2d8aeb 100644 --- a/generic/secrets/gitleaks/launchdarkly-access-token.yaml +++ b/generic/secrets/gitleaks/launchdarkly-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:launchdarkly)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:launchdarkly)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/linear-api-key.yaml b/generic/secrets/gitleaks/linear-api-key.yaml index 073694c45f..000ada943b 100644 --- a/generic/secrets/gitleaks/linear-api-key.yaml +++ b/generic/secrets/gitleaks/linear-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: lin_api_(?i)[a-z0-9]{40} + - pattern-regex: (lin_api_(?i)[a-z0-9]{40}) diff --git a/generic/secrets/gitleaks/linear-client-secret.yaml b/generic/secrets/gitleaks/linear-client-secret.yaml index 1e81cd9250..7e47d029c1 100644 --- a/generic/secrets/gitleaks/linear-client-secret.yaml +++ b/generic/secrets/gitleaks/linear-client-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:linear)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:linear)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/linkedin-client-id.yaml b/generic/secrets/gitleaks/linkedin-client-id.yaml index 5270d87799..f2053afdb0 100644 --- a/generic/secrets/gitleaks/linkedin-client-id.yaml +++ b/generic/secrets/gitleaks/linkedin-client-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:linkedin|linked-in)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{14})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:linked[_-]?in)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{14})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/linkedin-client-secret.yaml b/generic/secrets/gitleaks/linkedin-client-secret.yaml index 629c0ff571..fcd3febb56 100644 --- a/generic/secrets/gitleaks/linkedin-client-secret.yaml +++ b/generic/secrets/gitleaks/linkedin-client-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:linkedin|linked-in)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:linked[_-]?in)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/lob-api-key.yaml b/generic/secrets/gitleaks/lob-api-key.yaml index 39433bd009..e2d96b251b 100644 --- a/generic/secrets/gitleaks/lob-api-key.yaml +++ b/generic/secrets/gitleaks/lob-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:lob)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}((live|test)_[a-f0-9]{35})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:lob)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}((live|test)_[a-f0-9]{35})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/lob-pub-api-key.yaml b/generic/secrets/gitleaks/lob-pub-api-key.yaml index f29532b998..cd4b1b1608 100644 --- a/generic/secrets/gitleaks/lob-pub-api-key.yaml +++ b/generic/secrets/gitleaks/lob-pub-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:lob)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}((test|live)_pub_[a-f0-9]{31})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:lob)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}((test|live)_pub_[a-f0-9]{31})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/mailchimp-api-key.yaml b/generic/secrets/gitleaks/mailchimp-api-key.yaml index 7f2bcc15d9..1462af5c45 100644 --- a/generic/secrets/gitleaks/mailchimp-api-key.yaml +++ b/generic/secrets/gitleaks/mailchimp-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:MailchimpSDK.initialize|mailchimp)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32}-us\d\d)(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:MailchimpSDK.initialize|mailchimp)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32}-us\d\d)(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/mailgun-private-api-token.yaml b/generic/secrets/gitleaks/mailgun-private-api-token.yaml index ed9906de66..429b8a73af 100644 --- a/generic/secrets/gitleaks/mailgun-private-api-token.yaml +++ b/generic/secrets/gitleaks/mailgun-private-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:mailgun)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(key-[a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:mailgun)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(key-[a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/mailgun-pub-key.yaml b/generic/secrets/gitleaks/mailgun-pub-key.yaml index a887bbdf09..f24d9f0bb8 100644 --- a/generic/secrets/gitleaks/mailgun-pub-key.yaml +++ b/generic/secrets/gitleaks/mailgun-pub-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:mailgun)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(pubkey-[a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:mailgun)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(pubkey-[a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/mailgun-signing-key.yaml b/generic/secrets/gitleaks/mailgun-signing-key.yaml index a5731a6ca5..1498287d43 100644 --- a/generic/secrets/gitleaks/mailgun-signing-key.yaml +++ b/generic/secrets/gitleaks/mailgun-signing-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:mailgun)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:mailgun)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/mapbox-api-token.yaml b/generic/secrets/gitleaks/mapbox-api-token.yaml index 74a4c1c21c..d46301fef5 100644 --- a/generic/secrets/gitleaks/mapbox-api-token.yaml +++ b/generic/secrets/gitleaks/mapbox-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:mapbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(pk\.[a-z0-9]{60}\.[a-z0-9]{22})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:mapbox)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(pk\.[a-z0-9]{60}\.[a-z0-9]{22})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/mattermost-access-token.yaml b/generic/secrets/gitleaks/mattermost-access-token.yaml index b87cc0e61d..58a5eb2ce7 100644 --- a/generic/secrets/gitleaks/mattermost-access-token.yaml +++ b/generic/secrets/gitleaks/mattermost-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:mattermost)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{26})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:mattermost)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{26})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/messagebird-api-token.yaml b/generic/secrets/gitleaks/messagebird-api-token.yaml index 24da45e942..3ba680df9e 100644 --- a/generic/secrets/gitleaks/messagebird-api-token.yaml +++ b/generic/secrets/gitleaks/messagebird-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:messagebird|message-bird|message_bird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{25})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:message[_-]?bird)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{25})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/messagebird-client-id.yaml b/generic/secrets/gitleaks/messagebird-client-id.yaml index 8260ab4b02..094fe845cf 100644 --- a/generic/secrets/gitleaks/messagebird-client-id.yaml +++ b/generic/secrets/gitleaks/messagebird-client-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:messagebird|message-bird|message_bird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:message[_-]?bird)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/microsoft-teams-webhook.yaml b/generic/secrets/gitleaks/microsoft-teams-webhook.yaml index 1a4ec87327..83ea47088c 100644 --- a/generic/secrets/gitleaks/microsoft-teams-webhook.yaml +++ b/generic/secrets/gitleaks/microsoft-teams-webhook.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: https:\/\/[a-z0-9]+\.webhook\.office\.com\/webhookb2\/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}@[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}\/IncomingWebhook\/[a-z0-9]{32}\/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12} + - pattern-regex: (https://[a-z0-9]+\.webhook\.office\.com/webhookb2/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}@[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}/IncomingWebhook/[a-z0-9]{32}/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}) diff --git a/generic/secrets/gitleaks/netlify-access-token.yaml b/generic/secrets/gitleaks/netlify-access-token.yaml index b6014f3a8e..47965e6b00 100644 --- a/generic/secrets/gitleaks/netlify-access-token.yaml +++ b/generic/secrets/gitleaks/netlify-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:netlify)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{40,46})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:netlify)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{40,46})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/new-relic-browser-api-token.yaml b/generic/secrets/gitleaks/new-relic-browser-api-token.yaml index 909e5a9ac2..0ca2be6ced 100644 --- a/generic/secrets/gitleaks/new-relic-browser-api-token.yaml +++ b/generic/secrets/gitleaks/new-relic-browser-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(NRJS-[a-f0-9]{19})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:new-relic|newrelic|new_relic)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(NRJS-[a-f0-9]{19})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/new-relic-insert-key.yaml b/generic/secrets/gitleaks/new-relic-insert-key.yaml index 42f411f528..5a2dc5a7ae 100644 --- a/generic/secrets/gitleaks/new-relic-insert-key.yaml +++ b/generic/secrets/gitleaks/new-relic-insert-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(NRII-[a-z0-9-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:new-relic|newrelic|new_relic)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(NRII-[a-z0-9-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/new-relic-user-api-id.yaml b/generic/secrets/gitleaks/new-relic-user-api-id.yaml index f491b7cdec..cde9c49758 100644 --- a/generic/secrets/gitleaks/new-relic-user-api-id.yaml +++ b/generic/secrets/gitleaks/new-relic-user-api-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:new-relic|newrelic|new_relic)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/new-relic-user-api-key.yaml b/generic/secrets/gitleaks/new-relic-user-api-key.yaml index ff785e97dd..6cdfefd146 100644 --- a/generic/secrets/gitleaks/new-relic-user-api-key.yaml +++ b/generic/secrets/gitleaks/new-relic-user-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(NRAK-[a-z0-9]{27})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:new-relic|newrelic|new_relic)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(NRAK-[a-z0-9]{27})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/npm-access-token.yaml b/generic/secrets/gitleaks/npm-access-token.yaml index a26874a970..7e573e928b 100644 --- a/generic/secrets/gitleaks/npm-access-token.yaml +++ b/generic/secrets/gitleaks/npm-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(npm_[a-z0-9]{36})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)\b(npm_[a-z0-9]{36})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/nuget-config-password.yaml b/generic/secrets/gitleaks/nuget-config-password.yaml new file mode 100644 index 0000000000..83c2e4bd96 --- /dev/null +++ b/generic/secrets/gitleaks/nuget-config-password.yaml @@ -0,0 +1,26 @@ +rules: +- id: nuget-config-password + message: A gitleaks nuget-config-password was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: ((?i)) diff --git a/generic/secrets/gitleaks/nytimes-access-token.yaml b/generic/secrets/gitleaks/nytimes-access-token.yaml index 72ec958b6a..972efd90a3 100644 --- a/generic/secrets/gitleaks/nytimes-access-token.yaml +++ b/generic/secrets/gitleaks/nytimes-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:nytimes|new-york-times,|newyorktimes)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:nytimes|new-york-times,|newyorktimes)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/octopus-deploy-api-key.yaml b/generic/secrets/gitleaks/octopus-deploy-api-key.yaml new file mode 100644 index 0000000000..d917ecbd59 --- /dev/null +++ b/generic/secrets/gitleaks/octopus-deploy-api-key.yaml @@ -0,0 +1,26 @@ +rules: +- id: octopus-deploy-api-key + message: A gitleaks octopus-deploy-api-key was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (\b(API-[A-Z0-9]{26})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/okta-access-token.yaml b/generic/secrets/gitleaks/okta-access-token.yaml index c15e82cab9..51ae45eb40 100644 --- a/generic/secrets/gitleaks/okta-access-token.yaml +++ b/generic/secrets/gitleaks/okta-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:okta)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{42})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ([\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:(?-i:[Oo]kta|OKTA))(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3})(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(00[\w=\-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/openai-api-key.yaml b/generic/secrets/gitleaks/openai-api-key.yaml index 605e39458a..a88a271b36 100644 --- a/generic/secrets/gitleaks/openai-api-key.yaml +++ b/generic/secrets/gitleaks/openai-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(sk-[a-zA-Z0-9]{20}T3BlbkFJ[a-zA-Z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(sk-[a-zA-Z0-9]{20}T3BlbkFJ[a-zA-Z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/openshift-user-token.yaml b/generic/secrets/gitleaks/openshift-user-token.yaml new file mode 100644 index 0000000000..728a57affe --- /dev/null +++ b/generic/secrets/gitleaks/openshift-user-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: openshift-user-token + message: A gitleaks openshift-user-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (\b(sha256~[\w-]{43})(?:[^\w-]|\z)) diff --git a/generic/secrets/gitleaks/plaid-api-token.yaml b/generic/secrets/gitleaks/plaid-api-token.yaml index f32ed3c1fd..9f41649b82 100644 --- a/generic/secrets/gitleaks/plaid-api-token.yaml +++ b/generic/secrets/gitleaks/plaid-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:plaid)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(access-(?:sandbox|development|production)-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:plaid)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(access-(?:sandbox|development|production)-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/plaid-client-id.yaml b/generic/secrets/gitleaks/plaid-client-id.yaml index 2c5e88b588..acb5d8c445 100644 --- a/generic/secrets/gitleaks/plaid-client-id.yaml +++ b/generic/secrets/gitleaks/plaid-client-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:plaid)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:plaid)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/plaid-secret-key.yaml b/generic/secrets/gitleaks/plaid-secret-key.yaml index 20e10e6c7a..ee0a02b4a3 100644 --- a/generic/secrets/gitleaks/plaid-secret-key.yaml +++ b/generic/secrets/gitleaks/plaid-secret-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:plaid)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:plaid)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/planetscale-api-token.yaml b/generic/secrets/gitleaks/planetscale-api-token.yaml index c7a497c326..5b5995b11a 100644 --- a/generic/secrets/gitleaks/planetscale-api-token.yaml +++ b/generic/secrets/gitleaks/planetscale-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(pscale_tkn_(?i)[a-z0-9=\-_\.]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(pscale_tkn_(?i)[\w=\.-]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/planetscale-oauth-token.yaml b/generic/secrets/gitleaks/planetscale-oauth-token.yaml index 138da665bf..b98ed4038c 100644 --- a/generic/secrets/gitleaks/planetscale-oauth-token.yaml +++ b/generic/secrets/gitleaks/planetscale-oauth-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(pscale_oauth_(?i)[a-z0-9=\-_\.]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(pscale_oauth_[\w=\.-]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/planetscale-password.yaml b/generic/secrets/gitleaks/planetscale-password.yaml index a3413e1274..790c25516e 100644 --- a/generic/secrets/gitleaks/planetscale-password.yaml +++ b/generic/secrets/gitleaks/planetscale-password.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(pscale_pw_(?i)[a-z0-9=\-_\.]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)\b(pscale_pw_(?i)[\w=\.-]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/postman-api-token.yaml b/generic/secrets/gitleaks/postman-api-token.yaml index 0cf776d1b1..20653138e8 100644 --- a/generic/secrets/gitleaks/postman-api-token.yaml +++ b/generic/secrets/gitleaks/postman-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(PMAK-(?i)[a-f0-9]{24}\-[a-f0-9]{34})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(PMAK-(?i)[a-f0-9]{24}\-[a-f0-9]{34})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/prefect-api-token.yaml b/generic/secrets/gitleaks/prefect-api-token.yaml index 22406a07e5..5eceede568 100644 --- a/generic/secrets/gitleaks/prefect-api-token.yaml +++ b/generic/secrets/gitleaks/prefect-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(pnu_[a-z0-9]{36})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(pnu_[a-zA-Z0-9]{36})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/private-key.yaml b/generic/secrets/gitleaks/private-key.yaml index 13e8f3fef4..b18ef43af9 100644 --- a/generic/secrets/gitleaks/private-key.yaml +++ b/generic/secrets/gitleaks/private-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY( BLOCK)?-----[\s\S-]*KEY( BLOCK)?---- + - pattern-regex: ((?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY(?: BLOCK)?-----[\s\S-]*?KEY(?: BLOCK)?-----) diff --git a/generic/secrets/gitleaks/privateai-api-token.yaml b/generic/secrets/gitleaks/privateai-api-token.yaml new file mode 100644 index 0000000000..8eacd90771 --- /dev/null +++ b/generic/secrets/gitleaks/privateai-api-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: privateai-api-token + message: A gitleaks privateai-api-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: ([\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:private[_-]?ai)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3})(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/pulumi-api-token.yaml b/generic/secrets/gitleaks/pulumi-api-token.yaml index 9ea594625d..26c53acf09 100644 --- a/generic/secrets/gitleaks/pulumi-api-token.yaml +++ b/generic/secrets/gitleaks/pulumi-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(pul-[a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(pul-[a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/pypi-upload-token.yaml b/generic/secrets/gitleaks/pypi-upload-token.yaml index 00e4539480..11c16a0be0 100644 --- a/generic/secrets/gitleaks/pypi-upload-token.yaml +++ b/generic/secrets/gitleaks/pypi-upload-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000} + - pattern-regex: (pypi-AgEIcHlwaS5vcmc[\w-]{50,1000}) diff --git a/generic/secrets/gitleaks/rapidapi-access-token.yaml b/generic/secrets/gitleaks/rapidapi-access-token.yaml index f461216a3c..67a89f5309 100644 --- a/generic/secrets/gitleaks/rapidapi-access-token.yaml +++ b/generic/secrets/gitleaks/rapidapi-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:rapidapi)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{50})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:rapidapi)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{50})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/readme-api-token.yaml b/generic/secrets/gitleaks/readme-api-token.yaml index 8007e54677..004978941b 100644 --- a/generic/secrets/gitleaks/readme-api-token.yaml +++ b/generic/secrets/gitleaks/readme-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(rdme_[a-z0-9]{70})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(rdme_[a-z0-9]{70})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/rubygems-api-token.yaml b/generic/secrets/gitleaks/rubygems-api-token.yaml index 1ab20eb895..46b19062e4 100644 --- a/generic/secrets/gitleaks/rubygems-api-token.yaml +++ b/generic/secrets/gitleaks/rubygems-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(rubygems_[a-f0-9]{48})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(rubygems_[a-f0-9]{48})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/scalingo-api-token.yaml b/generic/secrets/gitleaks/scalingo-api-token.yaml index c55fccb82a..ac720c5e20 100644 --- a/generic/secrets/gitleaks/scalingo-api-token.yaml +++ b/generic/secrets/gitleaks/scalingo-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: \b(tk-us-[a-zA-Z0-9-_]{48})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(tk-us-[\w-]{48})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/sendbird-access-id.yaml b/generic/secrets/gitleaks/sendbird-access-id.yaml index 4b51ef976c..f3df510645 100644 --- a/generic/secrets/gitleaks/sendbird-access-id.yaml +++ b/generic/secrets/gitleaks/sendbird-access-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:sendbird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:sendbird)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/sendbird-access-token.yaml b/generic/secrets/gitleaks/sendbird-access-token.yaml index 7a31e817a4..b3cf830a2b 100644 --- a/generic/secrets/gitleaks/sendbird-access-token.yaml +++ b/generic/secrets/gitleaks/sendbird-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:sendbird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:sendbird)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/sendgrid-api-token.yaml b/generic/secrets/gitleaks/sendgrid-api-token.yaml index 6180651e89..08a862158a 100644 --- a/generic/secrets/gitleaks/sendgrid-api-token.yaml +++ b/generic/secrets/gitleaks/sendgrid-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(SG\.(?i)[a-z0-9=_\-\.]{66})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(SG\.(?i)[a-z0-9=_\-\.]{66})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/sendinblue-api-token.yaml b/generic/secrets/gitleaks/sendinblue-api-token.yaml index 31647cc7de..111a853d22 100644 --- a/generic/secrets/gitleaks/sendinblue-api-token.yaml +++ b/generic/secrets/gitleaks/sendinblue-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(xkeysib-[a-f0-9]{64}\-(?i)[a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(xkeysib-[a-f0-9]{64}\-(?i)[a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/sentry-access-token.yaml b/generic/secrets/gitleaks/sentry-access-token.yaml index 52845ac6b5..5564eacf1b 100644 --- a/generic/secrets/gitleaks/sentry-access-token.yaml +++ b/generic/secrets/gitleaks/sentry-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:sentry)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:sentry)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/sentry-org-token.yaml b/generic/secrets/gitleaks/sentry-org-token.yaml new file mode 100644 index 0000000000..ae29263411 --- /dev/null +++ b/generic/secrets/gitleaks/sentry-org-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: sentry-org-token + message: A gitleaks sentry-org-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (\bsntrys_eyJpYXQiO[a-zA-Z0-9+/]{10,200}(?:LCJyZWdpb25fdXJs|InJlZ2lvbl91cmwi|cmVnaW9uX3VybCI6)[a-zA-Z0-9+/]{10,200}={0,2}_[a-zA-Z0-9+/]{43}\b) diff --git a/generic/secrets/gitleaks/sentry-user-token.yaml b/generic/secrets/gitleaks/sentry-user-token.yaml new file mode 100644 index 0000000000..8fe57b9850 --- /dev/null +++ b/generic/secrets/gitleaks/sentry-user-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: sentry-user-token + message: A gitleaks sentry-user-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (\b(sntryu_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/settlemint-application-access-token.yaml b/generic/secrets/gitleaks/settlemint-application-access-token.yaml new file mode 100644 index 0000000000..fae18307fb --- /dev/null +++ b/generic/secrets/gitleaks/settlemint-application-access-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: settlemint-application-access-token + message: A gitleaks settlemint-application-access-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (\b(sm_aat_[a-zA-Z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/settlemint-personal-access-token.yaml b/generic/secrets/gitleaks/settlemint-personal-access-token.yaml new file mode 100644 index 0000000000..14127a8bb3 --- /dev/null +++ b/generic/secrets/gitleaks/settlemint-personal-access-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: settlemint-personal-access-token + message: A gitleaks settlemint-personal-access-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (\b(sm_pat_[a-zA-Z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/settlemint-service-access-token.yaml b/generic/secrets/gitleaks/settlemint-service-access-token.yaml new file mode 100644 index 0000000000..a74dc00421 --- /dev/null +++ b/generic/secrets/gitleaks/settlemint-service-access-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: settlemint-service-access-token + message: A gitleaks settlemint-service-access-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (\b(sm_sat_[a-zA-Z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/shippo-api-token.yaml b/generic/secrets/gitleaks/shippo-api-token.yaml index 90aacf14ea..44fcc3171e 100644 --- a/generic/secrets/gitleaks/shippo-api-token.yaml +++ b/generic/secrets/gitleaks/shippo-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(shippo_(live|test)_[a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(shippo_(?:live|test)_[a-fA-F0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/shopify-access-token.yaml b/generic/secrets/gitleaks/shopify-access-token.yaml index d2ef929206..72bad37069 100644 --- a/generic/secrets/gitleaks/shopify-access-token.yaml +++ b/generic/secrets/gitleaks/shopify-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: shpat_[a-fA-F0-9]{32} + - pattern-regex: (shpat_[a-fA-F0-9]{32}) diff --git a/generic/secrets/gitleaks/shopify-custom-access-token.yaml b/generic/secrets/gitleaks/shopify-custom-access-token.yaml index 3023a7e618..b06ac60e37 100644 --- a/generic/secrets/gitleaks/shopify-custom-access-token.yaml +++ b/generic/secrets/gitleaks/shopify-custom-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: shpca_[a-fA-F0-9]{32} + - pattern-regex: (shpca_[a-fA-F0-9]{32}) diff --git a/generic/secrets/gitleaks/shopify-private-app-access-token.yaml b/generic/secrets/gitleaks/shopify-private-app-access-token.yaml index d455bd6879..5e7100b297 100644 --- a/generic/secrets/gitleaks/shopify-private-app-access-token.yaml +++ b/generic/secrets/gitleaks/shopify-private-app-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: shppa_[a-fA-F0-9]{32} + - pattern-regex: (shppa_[a-fA-F0-9]{32}) diff --git a/generic/secrets/gitleaks/shopify-shared-secret.yaml b/generic/secrets/gitleaks/shopify-shared-secret.yaml index 3517d46adf..fa468b18ef 100644 --- a/generic/secrets/gitleaks/shopify-shared-secret.yaml +++ b/generic/secrets/gitleaks/shopify-shared-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: shpss_[a-fA-F0-9]{32} + - pattern-regex: (shpss_[a-fA-F0-9]{32}) diff --git a/generic/secrets/gitleaks/sidekiq-secret.yaml b/generic/secrets/gitleaks/sidekiq-secret.yaml index 718177f2c3..bc5b623962 100644 --- a/generic/secrets/gitleaks/sidekiq-secret.yaml +++ b/generic/secrets/gitleaks/sidekiq-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:BUNDLE_ENTERPRISE__CONTRIBSYS__COM|BUNDLE_GEMS__CONTRIBSYS__COM)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{8}:[a-f0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:BUNDLE_ENTERPRISE__CONTRIBSYS__COM|BUNDLE_GEMS__CONTRIBSYS__COM)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{8}:[a-f0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/sidekiq-sensitive-url.yaml b/generic/secrets/gitleaks/sidekiq-sensitive-url.yaml index 72d9b8d4e5..c362fee4d6 100644 --- a/generic/secrets/gitleaks/sidekiq-sensitive-url.yaml +++ b/generic/secrets/gitleaks/sidekiq-sensitive-url.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(http(?:s??):\/\/)([a-f0-9]{8}:[a-f0-9]{8})@(?:gems.contribsys.com|enterprise.contribsys.com)(?:[\/|\#|\?|:]|$) + - pattern-regex: ((?i)\bhttps?://([a-f0-9]{8}:[a-f0-9]{8})@(?:gems.contribsys.com|enterprise.contribsys.com)(?:[\/|\#|\?|:]|$)) diff --git a/generic/secrets/gitleaks/slack-app-token.yaml b/generic/secrets/gitleaks/slack-app-token.yaml index 51c5c8c0b8..b7e0a76b2b 100644 --- a/generic/secrets/gitleaks/slack-app-token.yaml +++ b/generic/secrets/gitleaks/slack-app-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(xapp-\d-[A-Z0-9]+-\d+-[a-z0-9]+) + - pattern-regex: ((?i)xapp-\d-[A-Z0-9]+-\d+-[a-z0-9]+) diff --git a/generic/secrets/gitleaks/slack-bot-token.yaml b/generic/secrets/gitleaks/slack-bot-token.yaml index 378efda059..d4a75624bf 100644 --- a/generic/secrets/gitleaks/slack-bot-token.yaml +++ b/generic/secrets/gitleaks/slack-bot-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (xoxb-[0-9]{10,13}\-[0-9]{10,13}[a-zA-Z0-9-]*) + - pattern-regex: (xoxb-[0-9]{10,13}-[0-9]{10,13}[a-zA-Z0-9-]*) diff --git a/generic/secrets/gitleaks/slack-config-access-token.yaml b/generic/secrets/gitleaks/slack-config-access-token.yaml index 3d51c7269d..006616b9a3 100644 --- a/generic/secrets/gitleaks/slack-config-access-token.yaml +++ b/generic/secrets/gitleaks/slack-config-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(xoxe.xox[bp]-\d-[A-Z0-9]{163,166}) + - pattern-regex: ((?i)xoxe.xox[bp]-\d-[A-Z0-9]{163,166}) diff --git a/generic/secrets/gitleaks/slack-config-refresh-token.yaml b/generic/secrets/gitleaks/slack-config-refresh-token.yaml index f76799ee1e..b6c368e758 100644 --- a/generic/secrets/gitleaks/slack-config-refresh-token.yaml +++ b/generic/secrets/gitleaks/slack-config-refresh-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(xoxe-\d-[A-Z0-9]{146}) + - pattern-regex: ((?i)xoxe-\d-[A-Z0-9]{146}) diff --git a/generic/secrets/gitleaks/slack-legacy-bot-token.yaml b/generic/secrets/gitleaks/slack-legacy-bot-token.yaml index 262968f2cf..3ace99f69d 100644 --- a/generic/secrets/gitleaks/slack-legacy-bot-token.yaml +++ b/generic/secrets/gitleaks/slack-legacy-bot-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (xoxb-[0-9]{8,14}\-[a-zA-Z0-9]{18,26}) + - pattern-regex: (xoxb-[0-9]{8,14}-[a-zA-Z0-9]{18,26}) diff --git a/generic/secrets/gitleaks/slack-webhook-url.yaml b/generic/secrets/gitleaks/slack-webhook-url.yaml index a663b4270d..9dbe6c72df 100644 --- a/generic/secrets/gitleaks/slack-webhook-url.yaml +++ b/generic/secrets/gitleaks/slack-webhook-url.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (https?:\/\/)?hooks.slack.com\/(services|workflows)\/[A-Za-z0-9+\/]{43,46} + - pattern-regex: ((?:https?://)?hooks.slack.com/(?:services|workflows)/[A-Za-z0-9+/]{43,46}) diff --git a/generic/secrets/gitleaks/snyk-api-token.yaml b/generic/secrets/gitleaks/snyk-api-token.yaml index 71bb2e3fce..4d2925458f 100644 --- a/generic/secrets/gitleaks/snyk-api-token.yaml +++ b/generic/secrets/gitleaks/snyk-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:snyk_token|snyk_key|snyk_api_token|snyk_api_key|snyk_oauth_token)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:snyk[_.-]?(?:(?:api|oauth)[_.-]?)?(?:key|token))(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/square-access-token.yaml b/generic/secrets/gitleaks/square-access-token.yaml index b5d503e5df..2e1694535d 100644 --- a/generic/secrets/gitleaks/square-access-token.yaml +++ b/generic/secrets/gitleaks/square-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b((EAAA|sq0atp-)[0-9A-Za-z\-_]{22,60})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b((?:EAAA|sq0atp-)[\w-]{22,60})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/squarespace-access-token.yaml b/generic/secrets/gitleaks/squarespace-access-token.yaml index 93af76cc90..38c135f3b8 100644 --- a/generic/secrets/gitleaks/squarespace-access-token.yaml +++ b/generic/secrets/gitleaks/squarespace-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:squarespace)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:squarespace)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/stripe-access-token.yaml b/generic/secrets/gitleaks/stripe-access-token.yaml index 484c7a8093..156da06dfc 100644 --- a/generic/secrets/gitleaks/stripe-access-token.yaml +++ b/generic/secrets/gitleaks/stripe-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b((sk|rk)_(test|live|prod)_[0-9a-z]{10,99})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b((?:sk|rk)_(?:test|live|prod)_[a-zA-Z0-9]{10,99})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/sumologic-access-id.yaml b/generic/secrets/gitleaks/sumologic-access-id.yaml index 2a21633e6e..495e859648 100644 --- a/generic/secrets/gitleaks/sumologic-access-id.yaml +++ b/generic/secrets/gitleaks/sumologic-access-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i:(?:sumo)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3})(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(su[a-zA-Z0-9]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ([\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:(?-i:[Ss]umo|SUMO))(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3})(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(su[a-zA-Z0-9]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/sumologic-access-token.yaml b/generic/secrets/gitleaks/sumologic-access-token.yaml index 2413409487..cbf5e2e86d 100644 --- a/generic/secrets/gitleaks/sumologic-access-token.yaml +++ b/generic/secrets/gitleaks/sumologic-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:sumo)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:(?-i:[Ss]umo|SUMO))(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/telegram-bot-api-token.yaml b/generic/secrets/gitleaks/telegram-bot-api-token.yaml index a9edae9d57..43ff598f54 100644 --- a/generic/secrets/gitleaks/telegram-bot-api-token.yaml +++ b/generic/secrets/gitleaks/telegram-bot-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i:(?:telegr)(?:[0-9a-z\(-_\t .\\]{0,40})(?:[\s|']|[\s|"]){0,3})(?:=|\|\|:|<=|=>|:|\?=|\()(?:'|\"|\s|=|\x60){0,5}([0-9]{5,16}:A[a-z0-9_\-]{34})(?:['|\"|\n|\r|\s|\x60|;|\\]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:telegr)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{5,16}:(?-i:A)[a-z0-9_\-]{34})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/travisci-access-token.yaml b/generic/secrets/gitleaks/travisci-access-token.yaml index fa4baab6cc..97424b8aba 100644 --- a/generic/secrets/gitleaks/travisci-access-token.yaml +++ b/generic/secrets/gitleaks/travisci-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:travis)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{22})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:travis)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{22})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/twilio-api-key.yaml b/generic/secrets/gitleaks/twilio-api-key.yaml index 582846897f..2ded3721dd 100644 --- a/generic/secrets/gitleaks/twilio-api-key.yaml +++ b/generic/secrets/gitleaks/twilio-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: SK[0-9a-fA-F]{32} + - pattern-regex: (SK[0-9a-fA-F]{32}) diff --git a/generic/secrets/gitleaks/twitch-api-token.yaml b/generic/secrets/gitleaks/twitch-api-token.yaml index 5e82d0a25f..2d93e85322 100644 --- a/generic/secrets/gitleaks/twitch-api-token.yaml +++ b/generic/secrets/gitleaks/twitch-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:twitch)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:twitch)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/twitter-access-secret.yaml b/generic/secrets/gitleaks/twitter-access-secret.yaml index 3d938b6beb..420dd404c7 100644 --- a/generic/secrets/gitleaks/twitter-access-secret.yaml +++ b/generic/secrets/gitleaks/twitter-access-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{45})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:twitter)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{45})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/twitter-access-token.yaml b/generic/secrets/gitleaks/twitter-access-token.yaml index 957e82c248..067bc4aac3 100644 --- a/generic/secrets/gitleaks/twitter-access-token.yaml +++ b/generic/secrets/gitleaks/twitter-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{15,25}-[a-zA-Z0-9]{20,40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:twitter)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{15,25}-[a-zA-Z0-9]{20,40})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/twitter-api-key.yaml b/generic/secrets/gitleaks/twitter-api-key.yaml index be0e9f5a0c..5778bb892a 100644 --- a/generic/secrets/gitleaks/twitter-api-key.yaml +++ b/generic/secrets/gitleaks/twitter-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{25})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:twitter)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{25})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/twitter-api-secret.yaml b/generic/secrets/gitleaks/twitter-api-secret.yaml index 1233af70d4..81300d7799 100644 --- a/generic/secrets/gitleaks/twitter-api-secret.yaml +++ b/generic/secrets/gitleaks/twitter-api-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{50})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:twitter)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{50})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/twitter-bearer-token.yaml b/generic/secrets/gitleaks/twitter-bearer-token.yaml index 015a8efa94..243b36cb05 100644 --- a/generic/secrets/gitleaks/twitter-bearer-token.yaml +++ b/generic/secrets/gitleaks/twitter-bearer-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(A{22}[a-zA-Z0-9%]{80,100})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:twitter)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(A{22}[a-zA-Z0-9%]{80,100})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/typeform-api-token.yaml b/generic/secrets/gitleaks/typeform-api-token.yaml index d90efbf17e..ea5f52a8ca 100644 --- a/generic/secrets/gitleaks/typeform-api-token.yaml +++ b/generic/secrets/gitleaks/typeform-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:typeform)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(tfp_[a-z0-9\-_\.=]{59})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:typeform)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(tfp_[a-z0-9\-_\.=]{59})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/vault-batch-token.yaml b/generic/secrets/gitleaks/vault-batch-token.yaml index 5ab63bf906..394acdc3a6 100644 --- a/generic/secrets/gitleaks/vault-batch-token.yaml +++ b/generic/secrets/gitleaks/vault-batch-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(hvb\.[a-z0-9_-]{138,212})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(hvb\.[\w-]{138,300})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/vault-service-token.yaml b/generic/secrets/gitleaks/vault-service-token.yaml index 87e757131c..847a615bc6 100644 --- a/generic/secrets/gitleaks/vault-service-token.yaml +++ b/generic/secrets/gitleaks/vault-service-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(hvs\.[a-z0-9_-]{90,100})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b((?:hvs\.[\w-]{90,120}|s\.(?i:[a-z0-9]{24})))(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/yandex-access-token.yaml b/generic/secrets/gitleaks/yandex-access-token.yaml index e004bb9231..4576db3b93 100644 --- a/generic/secrets/gitleaks/yandex-access-token.yaml +++ b/generic/secrets/gitleaks/yandex-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:yandex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(t1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:yandex)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(t1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/yandex-api-key.yaml b/generic/secrets/gitleaks/yandex-api-key.yaml index 7998737c47..acf5e95ab5 100644 --- a/generic/secrets/gitleaks/yandex-api-key.yaml +++ b/generic/secrets/gitleaks/yandex-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:yandex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(AQVN[A-Za-z0-9_\-]{35,38})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:yandex)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(AQVN[A-Za-z0-9_\-]{35,38})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/yandex-aws-access-token.yaml b/generic/secrets/gitleaks/yandex-aws-access-token.yaml index f0e160e2ac..0c430dd779 100644 --- a/generic/secrets/gitleaks/yandex-aws-access-token.yaml +++ b/generic/secrets/gitleaks/yandex-aws-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:yandex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(YC[a-zA-Z0-9_\-]{38})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:yandex)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(YC[a-zA-Z0-9_\-]{38})(?:['|\"|\n|\r|\s|\x60|;]|$)) diff --git a/generic/secrets/gitleaks/zendesk-secret-key.yaml b/generic/secrets/gitleaks/zendesk-secret-key.yaml index 9e2f3440ce..0c8c51afe5 100644 --- a/generic/secrets/gitleaks/zendesk-secret-key.yaml +++ b/generic/secrets/gitleaks/zendesk-secret-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:zendesk)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:zendesk)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$))