From ce9a6f3c1cf5461f68028b0be977de393c4cfcea Mon Sep 17 00:00:00 2001 From: "Security Research (r2c-argo)" Date: Wed, 6 Nov 2024 01:30:41 +0000 Subject: [PATCH] Merge Gitleaks rules 2024-11-06 # 01:30 --- .../1password-service-account-token.yaml | 26 +++++++++++++++++++ .../secrets/gitleaks/adafruit-api-key.yaml | 2 +- generic/secrets/gitleaks/adobe-client-id.yaml | 2 +- .../secrets/gitleaks/adobe-client-secret.yaml | 2 +- .../secrets/gitleaks/airtable-api-key.yaml | 2 +- generic/secrets/gitleaks/algolia-api-key.yaml | 2 +- .../gitleaks/alibaba-access-key-id.yaml | 2 +- .../secrets/gitleaks/alibaba-secret-key.yaml | 2 +- generic/secrets/gitleaks/asana-client-id.yaml | 2 +- .../secrets/gitleaks/asana-client-secret.yaml | 2 +- .../secrets/gitleaks/atlassian-api-token.yaml | 2 +- .../authress-service-client-access-key.yaml | 2 +- .../secrets/gitleaks/aws-access-token.yaml | 2 +- .../gitleaks/azure-ad-client-secret.yaml | 26 +++++++++++++++++++ .../secrets/gitleaks/beamer-api-token.yaml | 2 +- .../secrets/gitleaks/bitbucket-client-id.yaml | 2 +- .../gitleaks/bitbucket-client-secret.yaml | 2 +- .../secrets/gitleaks/bittrex-access-key.yaml | 2 +- .../secrets/gitleaks/bittrex-secret-key.yaml | 2 +- .../secrets/gitleaks/clojars-api-token.yaml | 2 +- .../secrets/gitleaks/cloudflare-api-key.yaml | 2 +- .../gitleaks/cloudflare-global-api-key.yaml | 2 +- .../gitleaks/codecov-access-token.yaml | 2 +- .../secrets/gitleaks/cohere-api-token.yaml | 26 +++++++++++++++++++ .../gitleaks/coinbase-access-token.yaml | 2 +- .../gitleaks/confluent-access-token.yaml | 2 +- .../gitleaks/confluent-secret-key.yaml | 2 +- .../contentful-delivery-api-token.yaml | 2 +- .../secrets/gitleaks/curl-auth-header.yaml | 26 +++++++++++++++++++ generic/secrets/gitleaks/curl-auth-user.yaml | 26 +++++++++++++++++++ .../gitleaks/databricks-api-token.yaml | 2 +- .../gitleaks/datadog-access-token.yaml | 2 +- .../defined-networking-api-token.yaml | 2 +- .../gitleaks/digitalocean-access-token.yaml | 2 +- .../secrets/gitleaks/digitalocean-pat.yaml | 2 +- .../secrets/gitleaks/discord-api-token.yaml | 2 +- .../secrets/gitleaks/discord-client-id.yaml | 2 +- .../gitleaks/discord-client-secret.yaml | 2 +- .../secrets/gitleaks/doppler-api-token.yaml | 2 +- .../gitleaks/droneci-access-token.yaml | 2 +- .../secrets/gitleaks/dropbox-api-token.yaml | 2 +- .../dropbox-long-lived-api-token.yaml | 2 +- .../dropbox-short-lived-api-token.yaml | 2 +- .../secrets/gitleaks/duffel-api-token.yaml | 2 +- .../secrets/gitleaks/easypost-api-token.yaml | 2 +- .../gitleaks/easypost-test-api-token.yaml | 2 +- .../secrets/gitleaks/etsy-access-token.yaml | 2 +- .../gitleaks/facebook-page-access-token.yaml | 2 +- generic/secrets/gitleaks/facebook-secret.yaml | 2 +- .../secrets/gitleaks/fastly-api-token.yaml | 2 +- .../secrets/gitleaks/finicity-api-token.yaml | 2 +- .../gitleaks/finicity-client-secret.yaml | 2 +- .../gitleaks/finnhub-access-token.yaml | 2 +- .../secrets/gitleaks/flickr-access-token.yaml | 2 +- .../secrets/gitleaks/flyio-access-token.yaml | 26 +++++++++++++++++++ .../gitleaks/freshbooks-access-token.yaml | 2 +- generic/secrets/gitleaks/gcp-api-key.yaml | 2 +- .../secrets/gitleaks/github-app-token.yaml | 2 +- .../gitleaks/github-fine-grained-pat.yaml | 2 +- .../gitleaks/gitlab-cicd-job-token.yaml | 26 +++++++++++++++++++ .../secrets/gitleaks/gitlab-deploy-token.yaml | 26 +++++++++++++++++++ .../gitlab-feature-flag-client-token.yaml | 26 +++++++++++++++++++ .../secrets/gitleaks/gitlab-feed-token.yaml | 26 +++++++++++++++++++ .../gitleaks/gitlab-incoming-mail-token.yaml | 26 +++++++++++++++++++ .../gitlab-kubernetes-agent-token.yaml | 26 +++++++++++++++++++ .../gitleaks/gitlab-oauth-app-secret.yaml | 26 +++++++++++++++++++ generic/secrets/gitleaks/gitlab-pat.yaml | 2 +- generic/secrets/gitleaks/gitlab-rrt.yaml | 2 +- .../gitlab-runner-authentication-token.yaml | 26 +++++++++++++++++++ .../secrets/gitleaks/gitlab-scim-token.yaml | 26 +++++++++++++++++++ .../gitleaks/gitlab-session-cookie.yaml | 26 +++++++++++++++++++ .../secrets/gitleaks/gitter-access-token.yaml | 2 +- .../gitleaks/gocardless-api-token.yaml | 2 +- generic/secrets/gitleaks/grafana-api-key.yaml | 2 +- .../gitleaks/grafana-cloud-api-token.yaml | 2 +- generic/secrets/gitleaks/harness-api-key.yaml | 2 +- .../gitleaks/hashicorp-tf-api-token.yaml | 2 +- .../gitleaks/hashicorp-tf-password.yaml | 2 +- generic/secrets/gitleaks/heroku-api-key.yaml | 2 +- generic/secrets/gitleaks/hubspot-api-key.yaml | 2 +- .../gitleaks/huggingface-access-token.yaml | 2 +- .../huggingface-organization-api-token.yaml | 2 +- .../secrets/gitleaks/infracost-api-token.yaml | 2 +- .../secrets/gitleaks/intercom-api-key.yaml | 2 +- .../gitleaks/intra42-client-secret.yaml | 2 +- generic/secrets/gitleaks/jfrog-api-key.yaml | 2 +- .../gitleaks/jfrog-identity-token.yaml | 2 +- .../secrets/gitleaks/kraken-access-token.yaml | 2 +- .../gitleaks/kubernetes-secret-yaml.yaml | 26 +++++++++++++++++++ .../secrets/gitleaks/kucoin-access-token.yaml | 2 +- .../secrets/gitleaks/kucoin-secret-key.yaml | 2 +- .../gitleaks/launchdarkly-access-token.yaml | 2 +- .../gitleaks/linear-client-secret.yaml | 2 +- .../secrets/gitleaks/linkedin-client-id.yaml | 2 +- .../gitleaks/linkedin-client-secret.yaml | 2 +- generic/secrets/gitleaks/lob-api-key.yaml | 2 +- generic/secrets/gitleaks/lob-pub-api-key.yaml | 2 +- .../secrets/gitleaks/mailchimp-api-key.yaml | 2 +- .../gitleaks/mailgun-private-api-token.yaml | 2 +- generic/secrets/gitleaks/mailgun-pub-key.yaml | 2 +- .../secrets/gitleaks/mailgun-signing-key.yaml | 2 +- .../secrets/gitleaks/mapbox-api-token.yaml | 2 +- .../gitleaks/mattermost-access-token.yaml | 2 +- .../gitleaks/messagebird-api-token.yaml | 2 +- .../gitleaks/messagebird-client-id.yaml | 2 +- .../gitleaks/microsoft-teams-webhook.yaml | 2 +- .../gitleaks/netlify-access-token.yaml | 2 +- .../gitleaks/new-relic-browser-api-token.yaml | 2 +- .../gitleaks/new-relic-insert-key.yaml | 2 +- .../gitleaks/new-relic-user-api-id.yaml | 2 +- .../gitleaks/new-relic-user-api-key.yaml | 2 +- .../gitleaks/nuget-config-password.yaml | 26 +++++++++++++++++++ .../gitleaks/nytimes-access-token.yaml | 2 +- .../gitleaks/octopus-deploy-api-key.yaml | 26 +++++++++++++++++++ .../secrets/gitleaks/okta-access-token.yaml | 2 +- generic/secrets/gitleaks/openai-api-key.yaml | 2 +- .../gitleaks/openshift-user-token.yaml | 26 +++++++++++++++++++ generic/secrets/gitleaks/plaid-api-token.yaml | 2 +- generic/secrets/gitleaks/plaid-client-id.yaml | 2 +- .../secrets/gitleaks/plaid-secret-key.yaml | 2 +- .../gitleaks/planetscale-api-token.yaml | 2 +- .../gitleaks/planetscale-oauth-token.yaml | 2 +- .../gitleaks/planetscale-password.yaml | 2 +- .../secrets/gitleaks/postman-api-token.yaml | 2 +- .../secrets/gitleaks/prefect-api-token.yaml | 2 +- generic/secrets/gitleaks/private-key.yaml | 2 +- .../secrets/gitleaks/privateai-api-token.yaml | 26 +++++++++++++++++++ .../secrets/gitleaks/pulumi-api-token.yaml | 2 +- .../secrets/gitleaks/pypi-upload-token.yaml | 2 +- .../gitleaks/rapidapi-access-token.yaml | 2 +- .../secrets/gitleaks/readme-api-token.yaml | 2 +- .../secrets/gitleaks/rubygems-api-token.yaml | 2 +- .../secrets/gitleaks/scalingo-api-token.yaml | 2 +- .../secrets/gitleaks/sendbird-access-id.yaml | 2 +- .../gitleaks/sendbird-access-token.yaml | 2 +- .../secrets/gitleaks/sendgrid-api-token.yaml | 2 +- .../gitleaks/sendinblue-api-token.yaml | 2 +- .../secrets/gitleaks/sentry-access-token.yaml | 2 +- .../secrets/gitleaks/shippo-api-token.yaml | 2 +- generic/secrets/gitleaks/sidekiq-secret.yaml | 2 +- .../gitleaks/sidekiq-sensitive-url.yaml | 2 +- generic/secrets/gitleaks/slack-app-token.yaml | 2 +- generic/secrets/gitleaks/slack-bot-token.yaml | 2 +- .../gitleaks/slack-config-access-token.yaml | 2 +- .../gitleaks/slack-config-refresh-token.yaml | 2 +- .../gitleaks/slack-legacy-bot-token.yaml | 2 +- .../secrets/gitleaks/slack-legacy-token.yaml | 2 +- .../slack-legacy-workspace-token.yaml | 2 +- .../secrets/gitleaks/slack-user-token.yaml | 2 +- .../secrets/gitleaks/slack-webhook-url.yaml | 2 +- generic/secrets/gitleaks/snyk-api-token.yaml | 2 +- .../secrets/gitleaks/square-access-token.yaml | 2 +- .../gitleaks/squarespace-access-token.yaml | 2 +- .../secrets/gitleaks/stripe-access-token.yaml | 2 +- .../secrets/gitleaks/sumologic-access-id.yaml | 2 +- .../gitleaks/sumologic-access-token.yaml | 2 +- .../gitleaks/telegram-bot-api-token.yaml | 2 +- .../gitleaks/travisci-access-token.yaml | 2 +- .../secrets/gitleaks/twitch-api-token.yaml | 2 +- .../gitleaks/twitter-access-secret.yaml | 2 +- .../gitleaks/twitter-access-token.yaml | 2 +- generic/secrets/gitleaks/twitter-api-key.yaml | 2 +- .../secrets/gitleaks/twitter-api-secret.yaml | 2 +- .../gitleaks/twitter-bearer-token.yaml | 2 +- .../secrets/gitleaks/typeform-api-token.yaml | 2 +- .../secrets/gitleaks/vault-batch-token.yaml | 2 +- .../secrets/gitleaks/vault-service-token.yaml | 2 +- .../secrets/gitleaks/yandex-access-token.yaml | 2 +- generic/secrets/gitleaks/yandex-api-key.yaml | 2 +- .../gitleaks/yandex-aws-access-token.yaml | 2 +- .../secrets/gitleaks/zendesk-secret-key.yaml | 2 +- 171 files changed, 696 insertions(+), 150 deletions(-) create mode 100644 generic/secrets/gitleaks/1password-service-account-token.yaml create mode 100644 generic/secrets/gitleaks/azure-ad-client-secret.yaml create mode 100644 generic/secrets/gitleaks/cohere-api-token.yaml create mode 100644 generic/secrets/gitleaks/curl-auth-header.yaml create mode 100644 generic/secrets/gitleaks/curl-auth-user.yaml create mode 100644 generic/secrets/gitleaks/flyio-access-token.yaml create mode 100644 generic/secrets/gitleaks/gitlab-cicd-job-token.yaml create mode 100644 generic/secrets/gitleaks/gitlab-deploy-token.yaml create mode 100644 generic/secrets/gitleaks/gitlab-feature-flag-client-token.yaml create mode 100644 generic/secrets/gitleaks/gitlab-feed-token.yaml create mode 100644 generic/secrets/gitleaks/gitlab-incoming-mail-token.yaml create mode 100644 generic/secrets/gitleaks/gitlab-kubernetes-agent-token.yaml create mode 100644 generic/secrets/gitleaks/gitlab-oauth-app-secret.yaml create mode 100644 generic/secrets/gitleaks/gitlab-runner-authentication-token.yaml create mode 100644 generic/secrets/gitleaks/gitlab-scim-token.yaml create mode 100644 generic/secrets/gitleaks/gitlab-session-cookie.yaml create mode 100644 generic/secrets/gitleaks/kubernetes-secret-yaml.yaml create mode 100644 generic/secrets/gitleaks/nuget-config-password.yaml create mode 100644 generic/secrets/gitleaks/octopus-deploy-api-key.yaml create mode 100644 generic/secrets/gitleaks/openshift-user-token.yaml create mode 100644 generic/secrets/gitleaks/privateai-api-token.yaml diff --git a/generic/secrets/gitleaks/1password-service-account-token.yaml b/generic/secrets/gitleaks/1password-service-account-token.yaml new file mode 100644 index 0000000000..f45ea57eaa --- /dev/null +++ b/generic/secrets/gitleaks/1password-service-account-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: 1password-service-account-token + message: A gitleaks 1password-service-account-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: ops_eyJ[a-zA-Z0-9+/]{250,}={0,3} diff --git a/generic/secrets/gitleaks/adafruit-api-key.yaml b/generic/secrets/gitleaks/adafruit-api-key.yaml index 7414a57e4a..51b349a9a9 100644 --- a/generic/secrets/gitleaks/adafruit-api-key.yaml +++ b/generic/secrets/gitleaks/adafruit-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:adafruit)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:adafruit)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/adobe-client-id.yaml b/generic/secrets/gitleaks/adobe-client-id.yaml index e5c30adf39..c1e12781f1 100644 --- a/generic/secrets/gitleaks/adobe-client-id.yaml +++ b/generic/secrets/gitleaks/adobe-client-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:adobe)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:adobe)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/adobe-client-secret.yaml b/generic/secrets/gitleaks/adobe-client-secret.yaml index 01effd0a9e..71f81117b9 100644 --- a/generic/secrets/gitleaks/adobe-client-secret.yaml +++ b/generic/secrets/gitleaks/adobe-client-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b((p8e-)(?i)[a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: \b(p8e-(?i)[a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/airtable-api-key.yaml b/generic/secrets/gitleaks/airtable-api-key.yaml index ffc6b5b143..3ea3ef4930 100644 --- a/generic/secrets/gitleaks/airtable-api-key.yaml +++ b/generic/secrets/gitleaks/airtable-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:airtable)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{17})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:airtable)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{17})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/algolia-api-key.yaml b/generic/secrets/gitleaks/algolia-api-key.yaml index 0f0a5f0a34..1e4fb97785 100644 --- a/generic/secrets/gitleaks/algolia-api-key.yaml +++ b/generic/secrets/gitleaks/algolia-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:algolia)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:algolia)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/alibaba-access-key-id.yaml b/generic/secrets/gitleaks/alibaba-access-key-id.yaml index 1d1d5cd203..b696dc5e08 100644 --- a/generic/secrets/gitleaks/alibaba-access-key-id.yaml +++ b/generic/secrets/gitleaks/alibaba-access-key-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b((LTAI)(?i)[a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: \b(LTAI(?i)[a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/alibaba-secret-key.yaml b/generic/secrets/gitleaks/alibaba-secret-key.yaml index 595e513d91..5642e3da09 100644 --- a/generic/secrets/gitleaks/alibaba-secret-key.yaml +++ b/generic/secrets/gitleaks/alibaba-secret-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:alibaba)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:alibaba)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/asana-client-id.yaml b/generic/secrets/gitleaks/asana-client-id.yaml index 1f88459c0b..997a6fd880 100644 --- a/generic/secrets/gitleaks/asana-client-id.yaml +++ b/generic/secrets/gitleaks/asana-client-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:asana)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/asana-client-secret.yaml b/generic/secrets/gitleaks/asana-client-secret.yaml index 9bf28eb7a9..2ad67c7f82 100644 --- a/generic/secrets/gitleaks/asana-client-secret.yaml +++ b/generic/secrets/gitleaks/asana-client-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:asana)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/atlassian-api-token.yaml b/generic/secrets/gitleaks/atlassian-api-token.yaml index 1fcebb128f..e438d1f729 100644 --- a/generic/secrets/gitleaks/atlassian-api-token.yaml +++ b/generic/secrets/gitleaks/atlassian-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:atlassian|confluence|jira)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: [\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:atlassian|confluence|jira)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3})(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-zA-Z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)|\b(ATATT3[A-Za-z0-9_\-=]{186})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/authress-service-client-access-key.yaml b/generic/secrets/gitleaks/authress-service-client-access-key.yaml index 7ffeba74c0..f493502f77 100644 --- a/generic/secrets/gitleaks/authress-service-client-access-key.yaml +++ b/generic/secrets/gitleaks/authress-service-client-access-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b((?:sc|ext|scauth|authress)_[a-z0-9]{5,30}\.[a-z0-9]{4,6}\.acc[_-][a-z0-9-]{10,32}\.[a-z0-9+/_=-]{30,120})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: \b((?:sc|ext|scauth|authress)_(?i)[a-z0-9]{5,30}\.[a-z0-9]{4,6}\.(?-i:acc)[_-][a-z0-9-]{10,32}\.[a-z0-9+/_=-]{30,120})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/aws-access-token.yaml b/generic/secrets/gitleaks/aws-access-token.yaml index 8fa251c7d6..a3d53d1f65 100644 --- a/generic/secrets/gitleaks/aws-access-token.yaml +++ b/generic/secrets/gitleaks/aws-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16} + - pattern-regex: \b((?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16})\b diff --git a/generic/secrets/gitleaks/azure-ad-client-secret.yaml b/generic/secrets/gitleaks/azure-ad-client-secret.yaml new file mode 100644 index 0000000000..dc84b78d12 --- /dev/null +++ b/generic/secrets/gitleaks/azure-ad-client-secret.yaml @@ -0,0 +1,26 @@ +rules: +- id: azure-ad-client-secret + message: A gitleaks azure-ad-client-secret was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (?:^|[\\'"\x60\s>=:(,)])([a-zA-Z0-9_~.]{3}\dQ~[a-zA-Z0-9_~.-]{31,34})(?:$|[\\'"\x60\s<),]) diff --git a/generic/secrets/gitleaks/beamer-api-token.yaml b/generic/secrets/gitleaks/beamer-api-token.yaml index a55bcee05d..60aa2510df 100644 --- a/generic/secrets/gitleaks/beamer-api-token.yaml +++ b/generic/secrets/gitleaks/beamer-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:beamer)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(b_[a-z0-9=_\-]{44})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:beamer)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(b_[a-z0-9=_\-]{44})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/bitbucket-client-id.yaml b/generic/secrets/gitleaks/bitbucket-client-id.yaml index 80c036617a..b35a2527a8 100644 --- a/generic/secrets/gitleaks/bitbucket-client-id.yaml +++ b/generic/secrets/gitleaks/bitbucket-client-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:bitbucket)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/bitbucket-client-secret.yaml b/generic/secrets/gitleaks/bitbucket-client-secret.yaml index b5ede43cda..02b2808967 100644 --- a/generic/secrets/gitleaks/bitbucket-client-secret.yaml +++ b/generic/secrets/gitleaks/bitbucket-client-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:bitbucket)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/bittrex-access-key.yaml b/generic/secrets/gitleaks/bittrex-access-key.yaml index a3206ae4e9..6e7fb76fb6 100644 --- a/generic/secrets/gitleaks/bittrex-access-key.yaml +++ b/generic/secrets/gitleaks/bittrex-access-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:bittrex)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/bittrex-secret-key.yaml b/generic/secrets/gitleaks/bittrex-secret-key.yaml index c87a9f164b..0066b10ec4 100644 --- a/generic/secrets/gitleaks/bittrex-secret-key.yaml +++ b/generic/secrets/gitleaks/bittrex-secret-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:bittrex)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/clojars-api-token.yaml b/generic/secrets/gitleaks/clojars-api-token.yaml index 1bd151c065..307b0aacfb 100644 --- a/generic/secrets/gitleaks/clojars-api-token.yaml +++ b/generic/secrets/gitleaks/clojars-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(CLOJARS_)[a-z0-9]{60} + - pattern-regex: (?i)CLOJARS_[a-z0-9]{60} diff --git a/generic/secrets/gitleaks/cloudflare-api-key.yaml b/generic/secrets/gitleaks/cloudflare-api-key.yaml index 33e967153a..d91cbc8673 100644 --- a/generic/secrets/gitleaks/cloudflare-api-key.yaml +++ b/generic/secrets/gitleaks/cloudflare-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:cloudflare)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:cloudflare)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/cloudflare-global-api-key.yaml b/generic/secrets/gitleaks/cloudflare-global-api-key.yaml index 9d014dbdb8..8422e91ea3 100644 --- a/generic/secrets/gitleaks/cloudflare-global-api-key.yaml +++ b/generic/secrets/gitleaks/cloudflare-global-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:cloudflare)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{37})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:cloudflare)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{37})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/codecov-access-token.yaml b/generic/secrets/gitleaks/codecov-access-token.yaml index f9515d316f..0587636fd0 100644 --- a/generic/secrets/gitleaks/codecov-access-token.yaml +++ b/generic/secrets/gitleaks/codecov-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:codecov)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:codecov)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/cohere-api-token.yaml b/generic/secrets/gitleaks/cohere-api-token.yaml new file mode 100644 index 0000000000..18fad990c6 --- /dev/null +++ b/generic/secrets/gitleaks/cohere-api-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: cohere-api-token + message: A gitleaks cohere-api-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: [\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:cohere|CO_API_KEY)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3})(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-zA-Z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/coinbase-access-token.yaml b/generic/secrets/gitleaks/coinbase-access-token.yaml index 4fd9aebe89..eecb6e73b8 100644 --- a/generic/secrets/gitleaks/coinbase-access-token.yaml +++ b/generic/secrets/gitleaks/coinbase-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:coinbase)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:coinbase)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/confluent-access-token.yaml b/generic/secrets/gitleaks/confluent-access-token.yaml index bbc6ce8f49..67f32afb96 100644 --- a/generic/secrets/gitleaks/confluent-access-token.yaml +++ b/generic/secrets/gitleaks/confluent-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:confluent)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/confluent-secret-key.yaml b/generic/secrets/gitleaks/confluent-secret-key.yaml index fb7cb1f52d..bb6867563a 100644 --- a/generic/secrets/gitleaks/confluent-secret-key.yaml +++ b/generic/secrets/gitleaks/confluent-secret-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:confluent)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/contentful-delivery-api-token.yaml b/generic/secrets/gitleaks/contentful-delivery-api-token.yaml index 8ec12ef026..ccdd2403a7 100644 --- a/generic/secrets/gitleaks/contentful-delivery-api-token.yaml +++ b/generic/secrets/gitleaks/contentful-delivery-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:contentful)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{43})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:contentful)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{43})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/curl-auth-header.yaml b/generic/secrets/gitleaks/curl-auth-header.yaml new file mode 100644 index 0000000000..dc6fb65a67 --- /dev/null +++ b/generic/secrets/gitleaks/curl-auth-header.yaml @@ -0,0 +1,26 @@ +rules: +- id: curl-auth-header + message: A gitleaks curl-auth-header was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: \bcurl\b(?:.*?|.*?(?:[\r\n]{1,2}.*?){1,5})[ \t\n\r](?:-H|--header)(?:=|[ \t]{0,5})(?:"(?i)(?:Authorization:[ \t]{0,5}(?:Basic[ \t]([a-z0-9+/]{8,}={0,3})|(?:Bearer|(?:Api-)?Token)[ \t]([\w=~@.+/-]{8,})|([\w=~@.+/-]{8,}))|(?:(?:X-(?:[a-z]+-)?)?(?:Api-?)?(?:Key|Token)):[ \t]{0,5}([\w=~@.+/-]{8,}))"|'(?i)(?:Authorization:[ \t]{0,5}(?:Basic[ \t]([a-z0-9+/]{8,}={0,3})|(?:Bearer|(?:Api-)?Token)[ \t]([\w=~@.+/-]{8,})|([\w=~@.+/-]{8,}))|(?:(?:X-(?:[a-z]+-)?)?(?:Api-?)?(?:Key|Token)):[ \t]{0,5}([\w=~@.+/-]{8,}))')(?:\B|\s|\z) diff --git a/generic/secrets/gitleaks/curl-auth-user.yaml b/generic/secrets/gitleaks/curl-auth-user.yaml new file mode 100644 index 0000000000..73aa6d9baf --- /dev/null +++ b/generic/secrets/gitleaks/curl-auth-user.yaml @@ -0,0 +1,26 @@ +rules: +- id: curl-auth-user + message: A gitleaks curl-auth-user was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: \bcurl\b(?:.*|.*(?:[\r\n]{1,2}.*){1,5})[ \t\n\r](?:-u|--user)(?:=|[ \t]{0,5})(?:"([^:"]{3,}:[^"]{3,})"|'([^:']{3,}:[^']{3,})'|((?:"[^"]{3,}"|'[^']{3,}'|[\w$@.-]+):(?:"[^"]{3,}"|'[^']{3,}'|[\w${}@.-]+)))(?:\s|\z) diff --git a/generic/secrets/gitleaks/databricks-api-token.yaml b/generic/secrets/gitleaks/databricks-api-token.yaml index ba1e2023de..059af4d996 100644 --- a/generic/secrets/gitleaks/databricks-api-token.yaml +++ b/generic/secrets/gitleaks/databricks-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(dapi[a-h0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: \b(dapi[a-f0-9]{32}(?:-\d)?)(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/datadog-access-token.yaml b/generic/secrets/gitleaks/datadog-access-token.yaml index 73a332402c..1908920f2b 100644 --- a/generic/secrets/gitleaks/datadog-access-token.yaml +++ b/generic/secrets/gitleaks/datadog-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:datadog)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:datadog)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/defined-networking-api-token.yaml b/generic/secrets/gitleaks/defined-networking-api-token.yaml index ad67b31107..640633f116 100644 --- a/generic/secrets/gitleaks/defined-networking-api-token.yaml +++ b/generic/secrets/gitleaks/defined-networking-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:dnkey)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(dnkey-[a-z0-9=_\-]{26}-[a-z0-9=_\-]{52})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:dnkey)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(dnkey-[a-z0-9=_\-]{26}-[a-z0-9=_\-]{52})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/digitalocean-access-token.yaml b/generic/secrets/gitleaks/digitalocean-access-token.yaml index 4d907631dc..ef96378551 100644 --- a/generic/secrets/gitleaks/digitalocean-access-token.yaml +++ b/generic/secrets/gitleaks/digitalocean-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(doo_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: \b(doo_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/digitalocean-pat.yaml b/generic/secrets/gitleaks/digitalocean-pat.yaml index 48cc5bf5d3..bb0f35c560 100644 --- a/generic/secrets/gitleaks/digitalocean-pat.yaml +++ b/generic/secrets/gitleaks/digitalocean-pat.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(dop_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: \b(dop_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/discord-api-token.yaml b/generic/secrets/gitleaks/discord-api-token.yaml index 10305163a1..af2f5099da 100644 --- a/generic/secrets/gitleaks/discord-api-token.yaml +++ b/generic/secrets/gitleaks/discord-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:discord)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/discord-client-id.yaml b/generic/secrets/gitleaks/discord-client-id.yaml index 2a3f34c885..af476377df 100644 --- a/generic/secrets/gitleaks/discord-client-id.yaml +++ b/generic/secrets/gitleaks/discord-client-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{18})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:discord)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{18})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/discord-client-secret.yaml b/generic/secrets/gitleaks/discord-client-secret.yaml index 0dc0a21caf..e7b3984279 100644 --- a/generic/secrets/gitleaks/discord-client-secret.yaml +++ b/generic/secrets/gitleaks/discord-client-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:discord)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/doppler-api-token.yaml b/generic/secrets/gitleaks/doppler-api-token.yaml index 4fa906b50d..e0a1bb2a79 100644 --- a/generic/secrets/gitleaks/doppler-api-token.yaml +++ b/generic/secrets/gitleaks/doppler-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (dp\.pt\.)(?i)[a-z0-9]{43} + - pattern-regex: dp\.pt\.(?i)[a-z0-9]{43} diff --git a/generic/secrets/gitleaks/droneci-access-token.yaml b/generic/secrets/gitleaks/droneci-access-token.yaml index 87b22f19f6..569b1470f7 100644 --- a/generic/secrets/gitleaks/droneci-access-token.yaml +++ b/generic/secrets/gitleaks/droneci-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:droneci)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:droneci)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/dropbox-api-token.yaml b/generic/secrets/gitleaks/dropbox-api-token.yaml index 44e072e701..246749fc71 100644 --- a/generic/secrets/gitleaks/dropbox-api-token.yaml +++ b/generic/secrets/gitleaks/dropbox-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{15})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:dropbox)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{15})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/dropbox-long-lived-api-token.yaml b/generic/secrets/gitleaks/dropbox-long-lived-api-token.yaml index b0edbad230..1fd870ffe4 100644 --- a/generic/secrets/gitleaks/dropbox-long-lived-api-token.yaml +++ b/generic/secrets/gitleaks/dropbox-long-lived-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\-_=]{43})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:dropbox)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\-_=]{43})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/dropbox-short-lived-api-token.yaml b/generic/secrets/gitleaks/dropbox-short-lived-api-token.yaml index e6c729aeae..e4c6b99d93 100644 --- a/generic/secrets/gitleaks/dropbox-short-lived-api-token.yaml +++ b/generic/secrets/gitleaks/dropbox-short-lived-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(sl\.[a-z0-9\-=_]{135})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:dropbox)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(sl\.[a-z0-9\-=_]{135})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/duffel-api-token.yaml b/generic/secrets/gitleaks/duffel-api-token.yaml index 93a67e4ea9..0948b07470 100644 --- a/generic/secrets/gitleaks/duffel-api-token.yaml +++ b/generic/secrets/gitleaks/duffel-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: duffel_(test|live)_(?i)[a-z0-9_\-=]{43} + - pattern-regex: duffel_(?:test|live)_(?i)[a-z0-9_\-=]{43} diff --git a/generic/secrets/gitleaks/easypost-api-token.yaml b/generic/secrets/gitleaks/easypost-api-token.yaml index bb01dc144e..eeabb40a31 100644 --- a/generic/secrets/gitleaks/easypost-api-token.yaml +++ b/generic/secrets/gitleaks/easypost-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: \bEZAK(?i)[a-z0-9]{54} + - pattern-regex: \bEZAK(?i)[a-z0-9]{54}\b diff --git a/generic/secrets/gitleaks/easypost-test-api-token.yaml b/generic/secrets/gitleaks/easypost-test-api-token.yaml index c62c3d8f91..ab5ae59851 100644 --- a/generic/secrets/gitleaks/easypost-test-api-token.yaml +++ b/generic/secrets/gitleaks/easypost-test-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: \bEZTK(?i)[a-z0-9]{54} + - pattern-regex: \bEZTK(?i)[a-z0-9]{54}\b diff --git a/generic/secrets/gitleaks/etsy-access-token.yaml b/generic/secrets/gitleaks/etsy-access-token.yaml index 799c2e9a2a..12d1568048 100644 --- a/generic/secrets/gitleaks/etsy-access-token.yaml +++ b/generic/secrets/gitleaks/etsy-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:etsy)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:(?-i:ETSY|[Ee]tsy))(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/facebook-page-access-token.yaml b/generic/secrets/gitleaks/facebook-page-access-token.yaml index 5e8191f515..9aa703c461 100644 --- a/generic/secrets/gitleaks/facebook-page-access-token.yaml +++ b/generic/secrets/gitleaks/facebook-page-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(EAA[MC][a-z0-9]{20,})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: \b(EAA[MC](?i)[a-z0-9]{100,})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/facebook-secret.yaml b/generic/secrets/gitleaks/facebook-secret.yaml index 1d5facc02a..d25943501e 100644 --- a/generic/secrets/gitleaks/facebook-secret.yaml +++ b/generic/secrets/gitleaks/facebook-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:facebook)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:facebook)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/fastly-api-token.yaml b/generic/secrets/gitleaks/fastly-api-token.yaml index b2b539313d..d11196cf66 100644 --- a/generic/secrets/gitleaks/fastly-api-token.yaml +++ b/generic/secrets/gitleaks/fastly-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:fastly)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:fastly)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/finicity-api-token.yaml b/generic/secrets/gitleaks/finicity-api-token.yaml index 57b97e251e..e36dd25653 100644 --- a/generic/secrets/gitleaks/finicity-api-token.yaml +++ b/generic/secrets/gitleaks/finicity-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:finicity)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:finicity)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/finicity-client-secret.yaml b/generic/secrets/gitleaks/finicity-client-secret.yaml index 47fdf50289..f5c08801cb 100644 --- a/generic/secrets/gitleaks/finicity-client-secret.yaml +++ b/generic/secrets/gitleaks/finicity-client-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:finicity)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:finicity)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/finnhub-access-token.yaml b/generic/secrets/gitleaks/finnhub-access-token.yaml index caa2249c36..6fcf6ca320 100644 --- a/generic/secrets/gitleaks/finnhub-access-token.yaml +++ b/generic/secrets/gitleaks/finnhub-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:finnhub)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:finnhub)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/flickr-access-token.yaml b/generic/secrets/gitleaks/flickr-access-token.yaml index df72d9b46d..5084a6b06e 100644 --- a/generic/secrets/gitleaks/flickr-access-token.yaml +++ b/generic/secrets/gitleaks/flickr-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:flickr)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:flickr)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/flyio-access-token.yaml b/generic/secrets/gitleaks/flyio-access-token.yaml new file mode 100644 index 0000000000..378d78ae11 --- /dev/null +++ b/generic/secrets/gitleaks/flyio-access-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: flyio-access-token + message: A gitleaks flyio-access-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: \b((?:fo1_[\w-]{43}|fm1[ar]_[a-zA-Z0-9+\/]{100,}={0,3}|fm2_[a-zA-Z0-9+\/]{100,}={0,3}))(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/freshbooks-access-token.yaml b/generic/secrets/gitleaks/freshbooks-access-token.yaml index c2abe89406..9827f764e9 100644 --- a/generic/secrets/gitleaks/freshbooks-access-token.yaml +++ b/generic/secrets/gitleaks/freshbooks-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:freshbooks)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:freshbooks)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/gcp-api-key.yaml b/generic/secrets/gitleaks/gcp-api-key.yaml index 6ceb4d34d1..abcccd307b 100644 --- a/generic/secrets/gitleaks/gcp-api-key.yaml +++ b/generic/secrets/gitleaks/gcp-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(AIza[0-9A-Za-z\\-_]{35})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: \b(AIza[\w-]{35})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/github-app-token.yaml b/generic/secrets/gitleaks/github-app-token.yaml index 269ba4b25a..05beb4f806 100644 --- a/generic/secrets/gitleaks/github-app-token.yaml +++ b/generic/secrets/gitleaks/github-app-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (ghu|ghs)_[0-9a-zA-Z]{36} + - pattern-regex: (?:ghu|ghs)_[0-9a-zA-Z]{36} diff --git a/generic/secrets/gitleaks/github-fine-grained-pat.yaml b/generic/secrets/gitleaks/github-fine-grained-pat.yaml index a8557c8a48..ba10f3b1c1 100644 --- a/generic/secrets/gitleaks/github-fine-grained-pat.yaml +++ b/generic/secrets/gitleaks/github-fine-grained-pat.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: github_pat_[0-9a-zA-Z_]{82} + - pattern-regex: github_pat_\w{82} diff --git a/generic/secrets/gitleaks/gitlab-cicd-job-token.yaml b/generic/secrets/gitleaks/gitlab-cicd-job-token.yaml new file mode 100644 index 0000000000..161c999797 --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-cicd-job-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-cicd-job-token + message: A gitleaks gitlab-cicd-job-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: glcbt-[0-9a-zA-Z]{1,5}_[0-9a-zA-Z_-]{20} diff --git a/generic/secrets/gitleaks/gitlab-deploy-token.yaml b/generic/secrets/gitleaks/gitlab-deploy-token.yaml new file mode 100644 index 0000000000..b0549356c6 --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-deploy-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-deploy-token + message: A gitleaks gitlab-deploy-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: gldt-[0-9a-zA-Z_\-]{20} diff --git a/generic/secrets/gitleaks/gitlab-feature-flag-client-token.yaml b/generic/secrets/gitleaks/gitlab-feature-flag-client-token.yaml new file mode 100644 index 0000000000..7b38535a05 --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-feature-flag-client-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-feature-flag-client-token + message: A gitleaks gitlab-feature-flag-client-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: glffct-[0-9a-zA-Z_\-]{20} diff --git a/generic/secrets/gitleaks/gitlab-feed-token.yaml b/generic/secrets/gitleaks/gitlab-feed-token.yaml new file mode 100644 index 0000000000..cf6215d9ff --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-feed-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-feed-token + message: A gitleaks gitlab-feed-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: glft-[0-9a-zA-Z_\-]{20} diff --git a/generic/secrets/gitleaks/gitlab-incoming-mail-token.yaml b/generic/secrets/gitleaks/gitlab-incoming-mail-token.yaml new file mode 100644 index 0000000000..a2337432b2 --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-incoming-mail-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-incoming-mail-token + message: A gitleaks gitlab-incoming-mail-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: glimt-[0-9a-zA-Z_\-]{25} diff --git a/generic/secrets/gitleaks/gitlab-kubernetes-agent-token.yaml b/generic/secrets/gitleaks/gitlab-kubernetes-agent-token.yaml new file mode 100644 index 0000000000..4b9593f664 --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-kubernetes-agent-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-kubernetes-agent-token + message: A gitleaks gitlab-kubernetes-agent-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: glagent-[0-9a-zA-Z_\-]{50} diff --git a/generic/secrets/gitleaks/gitlab-oauth-app-secret.yaml b/generic/secrets/gitleaks/gitlab-oauth-app-secret.yaml new file mode 100644 index 0000000000..113c323338 --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-oauth-app-secret.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-oauth-app-secret + message: A gitleaks gitlab-oauth-app-secret was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: gloas-[0-9a-zA-Z_\-]{64} diff --git a/generic/secrets/gitleaks/gitlab-pat.yaml b/generic/secrets/gitleaks/gitlab-pat.yaml index 351a2a38fe..2638deeac2 100644 --- a/generic/secrets/gitleaks/gitlab-pat.yaml +++ b/generic/secrets/gitleaks/gitlab-pat.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: glpat-[0-9a-zA-Z\-\_]{20} + - pattern-regex: glpat-[\w-]{20} diff --git a/generic/secrets/gitleaks/gitlab-rrt.yaml b/generic/secrets/gitleaks/gitlab-rrt.yaml index 846100ef4a..d3e720d296 100644 --- a/generic/secrets/gitleaks/gitlab-rrt.yaml +++ b/generic/secrets/gitleaks/gitlab-rrt.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: GR1348941[0-9a-zA-Z\-\_]{20} + - pattern-regex: GR1348941[\w-]{20} diff --git a/generic/secrets/gitleaks/gitlab-runner-authentication-token.yaml b/generic/secrets/gitleaks/gitlab-runner-authentication-token.yaml new file mode 100644 index 0000000000..2a976b4710 --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-runner-authentication-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-runner-authentication-token + message: A gitleaks gitlab-runner-authentication-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: glrt-[0-9a-zA-Z_\-]{20} diff --git a/generic/secrets/gitleaks/gitlab-scim-token.yaml b/generic/secrets/gitleaks/gitlab-scim-token.yaml new file mode 100644 index 0000000000..f60536d3b2 --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-scim-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-scim-token + message: A gitleaks gitlab-scim-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: glsoat-[0-9a-zA-Z_\-]{20} diff --git a/generic/secrets/gitleaks/gitlab-session-cookie.yaml b/generic/secrets/gitleaks/gitlab-session-cookie.yaml new file mode 100644 index 0000000000..4dbffefe13 --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-session-cookie.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-session-cookie + message: A gitleaks gitlab-session-cookie was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: _gitlab_session=[0-9a-z]{32} diff --git a/generic/secrets/gitleaks/gitter-access-token.yaml b/generic/secrets/gitleaks/gitter-access-token.yaml index 2cb158da4b..2a45678736 100644 --- a/generic/secrets/gitleaks/gitter-access-token.yaml +++ b/generic/secrets/gitleaks/gitter-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:gitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:gitter)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/gocardless-api-token.yaml b/generic/secrets/gitleaks/gocardless-api-token.yaml index b0ed689af6..a9080744c5 100644 --- a/generic/secrets/gitleaks/gocardless-api-token.yaml +++ b/generic/secrets/gitleaks/gocardless-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:gocardless)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(live_(?i)[a-z0-9\-_=]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:gocardless)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(live_(?i)[a-z0-9\-_=]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/grafana-api-key.yaml b/generic/secrets/gitleaks/grafana-api-key.yaml index fa9978b807..0e7d9f4c84 100644 --- a/generic/secrets/gitleaks/grafana-api-key.yaml +++ b/generic/secrets/gitleaks/grafana-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(eyJrIjoi[A-Za-z0-9]{70,400}={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)\b(eyJrIjoi[A-Za-z0-9]{70,400}={0,3})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/grafana-cloud-api-token.yaml b/generic/secrets/gitleaks/grafana-cloud-api-token.yaml index a34a991cb7..ad4d5368c5 100644 --- a/generic/secrets/gitleaks/grafana-cloud-api-token.yaml +++ b/generic/secrets/gitleaks/grafana-cloud-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(glc_[A-Za-z0-9+/]{32,400}={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)\b(glc_[A-Za-z0-9+/]{32,400}={0,3})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/harness-api-key.yaml b/generic/secrets/gitleaks/harness-api-key.yaml index c668ea9573..58700f4061 100644 --- a/generic/secrets/gitleaks/harness-api-key.yaml +++ b/generic/secrets/gitleaks/harness-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: ((?:pat|sat)\.[a-zA-Z0-9]{22}\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{20}) + - pattern-regex: (?:pat|sat)\.[a-zA-Z0-9_-]{22}\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{20} diff --git a/generic/secrets/gitleaks/hashicorp-tf-api-token.yaml b/generic/secrets/gitleaks/hashicorp-tf-api-token.yaml index 8e8e8b1e32..730566458d 100644 --- a/generic/secrets/gitleaks/hashicorp-tf-api-token.yaml +++ b/generic/secrets/gitleaks/hashicorp-tf-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)[a-z0-9]{14}\.atlasv1\.[a-z0-9\-_=]{60,70} + - pattern-regex: (?i)[a-z0-9]{14}\.(?-i:atlasv1)\.[a-z0-9\-_=]{60,70} diff --git a/generic/secrets/gitleaks/hashicorp-tf-password.yaml b/generic/secrets/gitleaks/hashicorp-tf-password.yaml index 7eb7830803..51fdebb92f 100644 --- a/generic/secrets/gitleaks/hashicorp-tf-password.yaml +++ b/generic/secrets/gitleaks/hashicorp-tf-password.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:administrator_login_password|password)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}("[a-z0-9=_\-]{8,20}")(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:administrator_login_password|password)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}("[a-z0-9=_\-]{8,20}")(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/heroku-api-key.yaml b/generic/secrets/gitleaks/heroku-api-key.yaml index d56827e78b..9b8793136e 100644 --- a/generic/secrets/gitleaks/heroku-api-key.yaml +++ b/generic/secrets/gitleaks/heroku-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:heroku)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:heroku)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/hubspot-api-key.yaml b/generic/secrets/gitleaks/hubspot-api-key.yaml index f6e7d8ee93..70cf52241b 100644 --- a/generic/secrets/gitleaks/hubspot-api-key.yaml +++ b/generic/secrets/gitleaks/hubspot-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:hubspot)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:hubspot)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/huggingface-access-token.yaml b/generic/secrets/gitleaks/huggingface-access-token.yaml index cf18c503b3..97fbb7f046 100644 --- a/generic/secrets/gitleaks/huggingface-access-token.yaml +++ b/generic/secrets/gitleaks/huggingface-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?:^|[\\'"` >=:])(hf_[a-zA-Z]{34})(?:$|[\\'"` <]) + - pattern-regex: \b(hf_(?i:[a-z]{34}))(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/huggingface-organization-api-token.yaml b/generic/secrets/gitleaks/huggingface-organization-api-token.yaml index f1d91d9073..880d3a5371 100644 --- a/generic/secrets/gitleaks/huggingface-organization-api-token.yaml +++ b/generic/secrets/gitleaks/huggingface-organization-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?:^|[\\'"` >=:\(,)])(api_org_[a-zA-Z]{34})(?:$|[\\'"` <\),]) + - pattern-regex: \b(api_org_(?i:[a-z]{34}))(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/infracost-api-token.yaml b/generic/secrets/gitleaks/infracost-api-token.yaml index f5575d7734..aa7be2083b 100644 --- a/generic/secrets/gitleaks/infracost-api-token.yaml +++ b/generic/secrets/gitleaks/infracost-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(ico-[a-zA-Z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: \b(ico-[a-zA-Z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/intercom-api-key.yaml b/generic/secrets/gitleaks/intercom-api-key.yaml index 3805cd60fe..9e247cd605 100644 --- a/generic/secrets/gitleaks/intercom-api-key.yaml +++ b/generic/secrets/gitleaks/intercom-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:intercom)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{60})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:intercom)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{60})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/intra42-client-secret.yaml b/generic/secrets/gitleaks/intra42-client-secret.yaml index 08a2cc575d..14e9722348 100644 --- a/generic/secrets/gitleaks/intra42-client-secret.yaml +++ b/generic/secrets/gitleaks/intra42-client-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(s-s4t2(?:ud|af)-[abcdef0123456789]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: \b(s-s4t2(?:ud|af)-(?i)[abcdef0123456789]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/jfrog-api-key.yaml b/generic/secrets/gitleaks/jfrog-api-key.yaml index 126c75fb0e..4ba741b8ac 100644 --- a/generic/secrets/gitleaks/jfrog-api-key.yaml +++ b/generic/secrets/gitleaks/jfrog-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:jfrog|artifactory|bintray|xray)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{73})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:jfrog|artifactory|bintray|xray)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{73})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/jfrog-identity-token.yaml b/generic/secrets/gitleaks/jfrog-identity-token.yaml index 6221dd82de..ae19c11082 100644 --- a/generic/secrets/gitleaks/jfrog-identity-token.yaml +++ b/generic/secrets/gitleaks/jfrog-identity-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:jfrog|artifactory|bintray|xray)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:jfrog|artifactory|bintray|xray)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/kraken-access-token.yaml b/generic/secrets/gitleaks/kraken-access-token.yaml index 77747eac5e..2a986b8483 100644 --- a/generic/secrets/gitleaks/kraken-access-token.yaml +++ b/generic/secrets/gitleaks/kraken-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:kraken)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9\/=_\+\-]{80,90})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:kraken)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9\/=_\+\-]{80,90})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/kubernetes-secret-yaml.yaml b/generic/secrets/gitleaks/kubernetes-secret-yaml.yaml new file mode 100644 index 0000000000..533325b673 --- /dev/null +++ b/generic/secrets/gitleaks/kubernetes-secret-yaml.yaml @@ -0,0 +1,26 @@ +rules: +- id: kubernetes-secret-yaml + message: A gitleaks kubernetes-secret-yaml was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (?i)(?:\bkind:[ \t]*["']?secret["']?(?:.|\s){0,200}?\bdata:(?:.|\s){0,100}?\s+([\w.-]+:(?:[ \t]*(?:\||>[-+]?)\s+)?[ \t]*(?:["']?[a-z0-9+/]{10,}={0,3}["']?|\{\{[ \t\w"|$:=,.-]+}}|""|''))|\bdata:(?:.|\s){0,100}?\s+([\w.-]+:(?:[ \t]*(?:\||>[-+]?)\s+)?[ \t]*(?:["']?[a-z0-9+/]{10,}={0,3}["']?|\{\{[ \t\w"|$:=,.-]+}}|""|''))(?:.|\s){0,200}?\bkind:[ \t]*["']?secret["']?) diff --git a/generic/secrets/gitleaks/kucoin-access-token.yaml b/generic/secrets/gitleaks/kucoin-access-token.yaml index c7e37dc098..080f7d25dc 100644 --- a/generic/secrets/gitleaks/kucoin-access-token.yaml +++ b/generic/secrets/gitleaks/kucoin-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:kucoin)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:kucoin)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/kucoin-secret-key.yaml b/generic/secrets/gitleaks/kucoin-secret-key.yaml index e46fb38c7e..d87bf5da2f 100644 --- a/generic/secrets/gitleaks/kucoin-secret-key.yaml +++ b/generic/secrets/gitleaks/kucoin-secret-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:kucoin)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:kucoin)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/launchdarkly-access-token.yaml b/generic/secrets/gitleaks/launchdarkly-access-token.yaml index 744aa245dc..62704761e3 100644 --- a/generic/secrets/gitleaks/launchdarkly-access-token.yaml +++ b/generic/secrets/gitleaks/launchdarkly-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:launchdarkly)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:launchdarkly)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/linear-client-secret.yaml b/generic/secrets/gitleaks/linear-client-secret.yaml index 1e81cd9250..6aa285e19b 100644 --- a/generic/secrets/gitleaks/linear-client-secret.yaml +++ b/generic/secrets/gitleaks/linear-client-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:linear)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:linear)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/linkedin-client-id.yaml b/generic/secrets/gitleaks/linkedin-client-id.yaml index 5270d87799..5d3f95bac9 100644 --- a/generic/secrets/gitleaks/linkedin-client-id.yaml +++ b/generic/secrets/gitleaks/linkedin-client-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:linkedin|linked-in)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{14})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:linked[_-]?in)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{14})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/linkedin-client-secret.yaml b/generic/secrets/gitleaks/linkedin-client-secret.yaml index 629c0ff571..da59a27c3f 100644 --- a/generic/secrets/gitleaks/linkedin-client-secret.yaml +++ b/generic/secrets/gitleaks/linkedin-client-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:linkedin|linked-in)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:linked[_-]?in)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/lob-api-key.yaml b/generic/secrets/gitleaks/lob-api-key.yaml index 39433bd009..b8b04442c1 100644 --- a/generic/secrets/gitleaks/lob-api-key.yaml +++ b/generic/secrets/gitleaks/lob-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:lob)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}((live|test)_[a-f0-9]{35})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:lob)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}((live|test)_[a-f0-9]{35})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/lob-pub-api-key.yaml b/generic/secrets/gitleaks/lob-pub-api-key.yaml index f29532b998..d54f2e5cab 100644 --- a/generic/secrets/gitleaks/lob-pub-api-key.yaml +++ b/generic/secrets/gitleaks/lob-pub-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:lob)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}((test|live)_pub_[a-f0-9]{31})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:lob)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}((test|live)_pub_[a-f0-9]{31})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/mailchimp-api-key.yaml b/generic/secrets/gitleaks/mailchimp-api-key.yaml index 7f2bcc15d9..13cde7969c 100644 --- a/generic/secrets/gitleaks/mailchimp-api-key.yaml +++ b/generic/secrets/gitleaks/mailchimp-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:MailchimpSDK.initialize|mailchimp)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32}-us\d\d)(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:MailchimpSDK.initialize|mailchimp)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32}-us\d\d)(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/mailgun-private-api-token.yaml b/generic/secrets/gitleaks/mailgun-private-api-token.yaml index ed9906de66..12aeb59435 100644 --- a/generic/secrets/gitleaks/mailgun-private-api-token.yaml +++ b/generic/secrets/gitleaks/mailgun-private-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:mailgun)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(key-[a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:mailgun)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(key-[a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/mailgun-pub-key.yaml b/generic/secrets/gitleaks/mailgun-pub-key.yaml index a887bbdf09..906aa286e2 100644 --- a/generic/secrets/gitleaks/mailgun-pub-key.yaml +++ b/generic/secrets/gitleaks/mailgun-pub-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:mailgun)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(pubkey-[a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:mailgun)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(pubkey-[a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/mailgun-signing-key.yaml b/generic/secrets/gitleaks/mailgun-signing-key.yaml index a5731a6ca5..527fdf8236 100644 --- a/generic/secrets/gitleaks/mailgun-signing-key.yaml +++ b/generic/secrets/gitleaks/mailgun-signing-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:mailgun)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:mailgun)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/mapbox-api-token.yaml b/generic/secrets/gitleaks/mapbox-api-token.yaml index 74a4c1c21c..425a0cf405 100644 --- a/generic/secrets/gitleaks/mapbox-api-token.yaml +++ b/generic/secrets/gitleaks/mapbox-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:mapbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(pk\.[a-z0-9]{60}\.[a-z0-9]{22})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:mapbox)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(pk\.[a-z0-9]{60}\.[a-z0-9]{22})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/mattermost-access-token.yaml b/generic/secrets/gitleaks/mattermost-access-token.yaml index b87cc0e61d..e42d995561 100644 --- a/generic/secrets/gitleaks/mattermost-access-token.yaml +++ b/generic/secrets/gitleaks/mattermost-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:mattermost)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{26})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:mattermost)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{26})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/messagebird-api-token.yaml b/generic/secrets/gitleaks/messagebird-api-token.yaml index 24da45e942..87dff6a767 100644 --- a/generic/secrets/gitleaks/messagebird-api-token.yaml +++ b/generic/secrets/gitleaks/messagebird-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:messagebird|message-bird|message_bird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{25})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:message[_-]?bird)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{25})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/messagebird-client-id.yaml b/generic/secrets/gitleaks/messagebird-client-id.yaml index 8260ab4b02..b15301ed62 100644 --- a/generic/secrets/gitleaks/messagebird-client-id.yaml +++ b/generic/secrets/gitleaks/messagebird-client-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:messagebird|message-bird|message_bird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:message[_-]?bird)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/microsoft-teams-webhook.yaml b/generic/secrets/gitleaks/microsoft-teams-webhook.yaml index 1a4ec87327..8dd21c5b55 100644 --- a/generic/secrets/gitleaks/microsoft-teams-webhook.yaml +++ b/generic/secrets/gitleaks/microsoft-teams-webhook.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: https:\/\/[a-z0-9]+\.webhook\.office\.com\/webhookb2\/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}@[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}\/IncomingWebhook\/[a-z0-9]{32}\/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12} + - pattern-regex: https://[a-z0-9]+\.webhook\.office\.com/webhookb2/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}@[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}/IncomingWebhook/[a-z0-9]{32}/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12} diff --git a/generic/secrets/gitleaks/netlify-access-token.yaml b/generic/secrets/gitleaks/netlify-access-token.yaml index b6014f3a8e..71857b28f2 100644 --- a/generic/secrets/gitleaks/netlify-access-token.yaml +++ b/generic/secrets/gitleaks/netlify-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:netlify)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{40,46})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:netlify)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{40,46})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/new-relic-browser-api-token.yaml b/generic/secrets/gitleaks/new-relic-browser-api-token.yaml index 909e5a9ac2..942d7ad8d0 100644 --- a/generic/secrets/gitleaks/new-relic-browser-api-token.yaml +++ b/generic/secrets/gitleaks/new-relic-browser-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(NRJS-[a-f0-9]{19})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:new-relic|newrelic|new_relic)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(NRJS-[a-f0-9]{19})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/new-relic-insert-key.yaml b/generic/secrets/gitleaks/new-relic-insert-key.yaml index 42f411f528..5a2dcfc09d 100644 --- a/generic/secrets/gitleaks/new-relic-insert-key.yaml +++ b/generic/secrets/gitleaks/new-relic-insert-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(NRII-[a-z0-9-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:new-relic|newrelic|new_relic)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(NRII-[a-z0-9-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/new-relic-user-api-id.yaml b/generic/secrets/gitleaks/new-relic-user-api-id.yaml index f491b7cdec..0944041a5d 100644 --- a/generic/secrets/gitleaks/new-relic-user-api-id.yaml +++ b/generic/secrets/gitleaks/new-relic-user-api-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:new-relic|newrelic|new_relic)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/new-relic-user-api-key.yaml b/generic/secrets/gitleaks/new-relic-user-api-key.yaml index ff785e97dd..796cad2c66 100644 --- a/generic/secrets/gitleaks/new-relic-user-api-key.yaml +++ b/generic/secrets/gitleaks/new-relic-user-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(NRAK-[a-z0-9]{27})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:new-relic|newrelic|new_relic)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(NRAK-[a-z0-9]{27})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/nuget-config-password.yaml b/generic/secrets/gitleaks/nuget-config-password.yaml new file mode 100644 index 0000000000..fa10dc7890 --- /dev/null +++ b/generic/secrets/gitleaks/nuget-config-password.yaml @@ -0,0 +1,26 @@ +rules: +- id: nuget-config-password + message: A gitleaks nuget-config-password was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (?i) diff --git a/generic/secrets/gitleaks/nytimes-access-token.yaml b/generic/secrets/gitleaks/nytimes-access-token.yaml index 72ec958b6a..e95a7ce3f8 100644 --- a/generic/secrets/gitleaks/nytimes-access-token.yaml +++ b/generic/secrets/gitleaks/nytimes-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:nytimes|new-york-times,|newyorktimes)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:nytimes|new-york-times,|newyorktimes)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/octopus-deploy-api-key.yaml b/generic/secrets/gitleaks/octopus-deploy-api-key.yaml new file mode 100644 index 0000000000..d292eefb72 --- /dev/null +++ b/generic/secrets/gitleaks/octopus-deploy-api-key.yaml @@ -0,0 +1,26 @@ +rules: +- id: octopus-deploy-api-key + message: A gitleaks octopus-deploy-api-key was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: \b(API-[A-Z0-9]{26})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/okta-access-token.yaml b/generic/secrets/gitleaks/okta-access-token.yaml index c15e82cab9..fba8416bb3 100644 --- a/generic/secrets/gitleaks/okta-access-token.yaml +++ b/generic/secrets/gitleaks/okta-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:okta)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{42})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: [\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:(?-i:[Oo]kta|OKTA))(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3})(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(00[\w=\-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/openai-api-key.yaml b/generic/secrets/gitleaks/openai-api-key.yaml index 605e39458a..b46d28906d 100644 --- a/generic/secrets/gitleaks/openai-api-key.yaml +++ b/generic/secrets/gitleaks/openai-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(sk-[a-zA-Z0-9]{20}T3BlbkFJ[a-zA-Z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: \b(sk-[a-zA-Z0-9]{20}T3BlbkFJ[a-zA-Z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/openshift-user-token.yaml b/generic/secrets/gitleaks/openshift-user-token.yaml new file mode 100644 index 0000000000..00bcab0a58 --- /dev/null +++ b/generic/secrets/gitleaks/openshift-user-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: openshift-user-token + message: A gitleaks openshift-user-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: \b(sha256~[\w-]{43})(?:[^\w-]|\z) diff --git a/generic/secrets/gitleaks/plaid-api-token.yaml b/generic/secrets/gitleaks/plaid-api-token.yaml index f32ed3c1fd..84bebae51a 100644 --- a/generic/secrets/gitleaks/plaid-api-token.yaml +++ b/generic/secrets/gitleaks/plaid-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:plaid)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(access-(?:sandbox|development|production)-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:plaid)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(access-(?:sandbox|development|production)-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/plaid-client-id.yaml b/generic/secrets/gitleaks/plaid-client-id.yaml index 2c5e88b588..ec359d17d1 100644 --- a/generic/secrets/gitleaks/plaid-client-id.yaml +++ b/generic/secrets/gitleaks/plaid-client-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:plaid)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:plaid)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/plaid-secret-key.yaml b/generic/secrets/gitleaks/plaid-secret-key.yaml index 20e10e6c7a..ed8dc6d1e4 100644 --- a/generic/secrets/gitleaks/plaid-secret-key.yaml +++ b/generic/secrets/gitleaks/plaid-secret-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:plaid)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:plaid)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/planetscale-api-token.yaml b/generic/secrets/gitleaks/planetscale-api-token.yaml index c7a497c326..b2e81ad60e 100644 --- a/generic/secrets/gitleaks/planetscale-api-token.yaml +++ b/generic/secrets/gitleaks/planetscale-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(pscale_tkn_(?i)[a-z0-9=\-_\.]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: \b(pscale_tkn_(?i)[\w=\.-]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/planetscale-oauth-token.yaml b/generic/secrets/gitleaks/planetscale-oauth-token.yaml index 138da665bf..411a759da4 100644 --- a/generic/secrets/gitleaks/planetscale-oauth-token.yaml +++ b/generic/secrets/gitleaks/planetscale-oauth-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(pscale_oauth_(?i)[a-z0-9=\-_\.]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: \b(pscale_oauth_[\w=\.-]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/planetscale-password.yaml b/generic/secrets/gitleaks/planetscale-password.yaml index a3413e1274..f9e91d06b4 100644 --- a/generic/secrets/gitleaks/planetscale-password.yaml +++ b/generic/secrets/gitleaks/planetscale-password.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(pscale_pw_(?i)[a-z0-9=\-_\.]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)\b(pscale_pw_(?i)[\w=\.-]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/postman-api-token.yaml b/generic/secrets/gitleaks/postman-api-token.yaml index 0cf776d1b1..132a313076 100644 --- a/generic/secrets/gitleaks/postman-api-token.yaml +++ b/generic/secrets/gitleaks/postman-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(PMAK-(?i)[a-f0-9]{24}\-[a-f0-9]{34})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: \b(PMAK-(?i)[a-f0-9]{24}\-[a-f0-9]{34})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/prefect-api-token.yaml b/generic/secrets/gitleaks/prefect-api-token.yaml index 22406a07e5..3dd5a5d75e 100644 --- a/generic/secrets/gitleaks/prefect-api-token.yaml +++ b/generic/secrets/gitleaks/prefect-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(pnu_[a-z0-9]{36})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: \b(pnu_[a-zA-Z0-9]{36})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/private-key.yaml b/generic/secrets/gitleaks/private-key.yaml index 13e8f3fef4..4267dcd6f6 100644 --- a/generic/secrets/gitleaks/private-key.yaml +++ b/generic/secrets/gitleaks/private-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY( BLOCK)?-----[\s\S-]*KEY( BLOCK)?---- + - pattern-regex: (?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY(?: BLOCK)?-----[\s\S-]*?KEY(?: BLOCK)?----- diff --git a/generic/secrets/gitleaks/privateai-api-token.yaml b/generic/secrets/gitleaks/privateai-api-token.yaml new file mode 100644 index 0000000000..d3d420cc38 --- /dev/null +++ b/generic/secrets/gitleaks/privateai-api-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: privateai-api-token + message: A gitleaks privateai-api-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: [\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:private[_-]?ai)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3})(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/pulumi-api-token.yaml b/generic/secrets/gitleaks/pulumi-api-token.yaml index 9ea594625d..c271153c20 100644 --- a/generic/secrets/gitleaks/pulumi-api-token.yaml +++ b/generic/secrets/gitleaks/pulumi-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(pul-[a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: \b(pul-[a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/pypi-upload-token.yaml b/generic/secrets/gitleaks/pypi-upload-token.yaml index 00e4539480..767ff6ea3c 100644 --- a/generic/secrets/gitleaks/pypi-upload-token.yaml +++ b/generic/secrets/gitleaks/pypi-upload-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000} + - pattern-regex: pypi-AgEIcHlwaS5vcmc[\w-]{50,1000} diff --git a/generic/secrets/gitleaks/rapidapi-access-token.yaml b/generic/secrets/gitleaks/rapidapi-access-token.yaml index f461216a3c..d5284c1f51 100644 --- a/generic/secrets/gitleaks/rapidapi-access-token.yaml +++ b/generic/secrets/gitleaks/rapidapi-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:rapidapi)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{50})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:rapidapi)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{50})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/readme-api-token.yaml b/generic/secrets/gitleaks/readme-api-token.yaml index 8007e54677..d4ee5d4981 100644 --- a/generic/secrets/gitleaks/readme-api-token.yaml +++ b/generic/secrets/gitleaks/readme-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(rdme_[a-z0-9]{70})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: \b(rdme_[a-z0-9]{70})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/rubygems-api-token.yaml b/generic/secrets/gitleaks/rubygems-api-token.yaml index 1ab20eb895..2e6e3a2168 100644 --- a/generic/secrets/gitleaks/rubygems-api-token.yaml +++ b/generic/secrets/gitleaks/rubygems-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(rubygems_[a-f0-9]{48})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: \b(rubygems_[a-f0-9]{48})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/scalingo-api-token.yaml b/generic/secrets/gitleaks/scalingo-api-token.yaml index c55fccb82a..41087712cb 100644 --- a/generic/secrets/gitleaks/scalingo-api-token.yaml +++ b/generic/secrets/gitleaks/scalingo-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: \b(tk-us-[a-zA-Z0-9-_]{48})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: \b(tk-us-[\w-]{48})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/sendbird-access-id.yaml b/generic/secrets/gitleaks/sendbird-access-id.yaml index 4b51ef976c..2c4d23f5b7 100644 --- a/generic/secrets/gitleaks/sendbird-access-id.yaml +++ b/generic/secrets/gitleaks/sendbird-access-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:sendbird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:sendbird)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/sendbird-access-token.yaml b/generic/secrets/gitleaks/sendbird-access-token.yaml index 7a31e817a4..8b82eb6972 100644 --- a/generic/secrets/gitleaks/sendbird-access-token.yaml +++ b/generic/secrets/gitleaks/sendbird-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:sendbird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:sendbird)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/sendgrid-api-token.yaml b/generic/secrets/gitleaks/sendgrid-api-token.yaml index 6180651e89..eee6586d22 100644 --- a/generic/secrets/gitleaks/sendgrid-api-token.yaml +++ b/generic/secrets/gitleaks/sendgrid-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(SG\.(?i)[a-z0-9=_\-\.]{66})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: \b(SG\.(?i)[a-z0-9=_\-\.]{66})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/sendinblue-api-token.yaml b/generic/secrets/gitleaks/sendinblue-api-token.yaml index 31647cc7de..763c5934be 100644 --- a/generic/secrets/gitleaks/sendinblue-api-token.yaml +++ b/generic/secrets/gitleaks/sendinblue-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(xkeysib-[a-f0-9]{64}\-(?i)[a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: \b(xkeysib-[a-f0-9]{64}\-(?i)[a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/sentry-access-token.yaml b/generic/secrets/gitleaks/sentry-access-token.yaml index 52845ac6b5..989aaee345 100644 --- a/generic/secrets/gitleaks/sentry-access-token.yaml +++ b/generic/secrets/gitleaks/sentry-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:sentry)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:sentry)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/shippo-api-token.yaml b/generic/secrets/gitleaks/shippo-api-token.yaml index 90aacf14ea..14ce448ed2 100644 --- a/generic/secrets/gitleaks/shippo-api-token.yaml +++ b/generic/secrets/gitleaks/shippo-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(shippo_(live|test)_[a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: \b(shippo_(?:live|test)_[a-fA-F0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/sidekiq-secret.yaml b/generic/secrets/gitleaks/sidekiq-secret.yaml index 718177f2c3..dedf793d0c 100644 --- a/generic/secrets/gitleaks/sidekiq-secret.yaml +++ b/generic/secrets/gitleaks/sidekiq-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:BUNDLE_ENTERPRISE__CONTRIBSYS__COM|BUNDLE_GEMS__CONTRIBSYS__COM)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{8}:[a-f0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:BUNDLE_ENTERPRISE__CONTRIBSYS__COM|BUNDLE_GEMS__CONTRIBSYS__COM)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{8}:[a-f0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/sidekiq-sensitive-url.yaml b/generic/secrets/gitleaks/sidekiq-sensitive-url.yaml index 72d9b8d4e5..7e77566c8a 100644 --- a/generic/secrets/gitleaks/sidekiq-sensitive-url.yaml +++ b/generic/secrets/gitleaks/sidekiq-sensitive-url.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(http(?:s??):\/\/)([a-f0-9]{8}:[a-f0-9]{8})@(?:gems.contribsys.com|enterprise.contribsys.com)(?:[\/|\#|\?|:]|$) + - pattern-regex: (?i)\bhttps?://([a-f0-9]{8}:[a-f0-9]{8})@(?:gems.contribsys.com|enterprise.contribsys.com)(?:[\/|\#|\?|:]|$) diff --git a/generic/secrets/gitleaks/slack-app-token.yaml b/generic/secrets/gitleaks/slack-app-token.yaml index 51c5c8c0b8..163fbdd84e 100644 --- a/generic/secrets/gitleaks/slack-app-token.yaml +++ b/generic/secrets/gitleaks/slack-app-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(xapp-\d-[A-Z0-9]+-\d+-[a-z0-9]+) + - pattern-regex: (?i)xapp-\d-[A-Z0-9]+-\d+-[a-z0-9]+ diff --git a/generic/secrets/gitleaks/slack-bot-token.yaml b/generic/secrets/gitleaks/slack-bot-token.yaml index 378efda059..a126be42a0 100644 --- a/generic/secrets/gitleaks/slack-bot-token.yaml +++ b/generic/secrets/gitleaks/slack-bot-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (xoxb-[0-9]{10,13}\-[0-9]{10,13}[a-zA-Z0-9-]*) + - pattern-regex: xoxb-[0-9]{10,13}-[0-9]{10,13}[a-zA-Z0-9-]* diff --git a/generic/secrets/gitleaks/slack-config-access-token.yaml b/generic/secrets/gitleaks/slack-config-access-token.yaml index 3d51c7269d..97615b0f22 100644 --- a/generic/secrets/gitleaks/slack-config-access-token.yaml +++ b/generic/secrets/gitleaks/slack-config-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(xoxe.xox[bp]-\d-[A-Z0-9]{163,166}) + - pattern-regex: (?i)xoxe.xox[bp]-\d-[A-Z0-9]{163,166} diff --git a/generic/secrets/gitleaks/slack-config-refresh-token.yaml b/generic/secrets/gitleaks/slack-config-refresh-token.yaml index f76799ee1e..97233d5573 100644 --- a/generic/secrets/gitleaks/slack-config-refresh-token.yaml +++ b/generic/secrets/gitleaks/slack-config-refresh-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(xoxe-\d-[A-Z0-9]{146}) + - pattern-regex: (?i)xoxe-\d-[A-Z0-9]{146} diff --git a/generic/secrets/gitleaks/slack-legacy-bot-token.yaml b/generic/secrets/gitleaks/slack-legacy-bot-token.yaml index 262968f2cf..2e19e4b928 100644 --- a/generic/secrets/gitleaks/slack-legacy-bot-token.yaml +++ b/generic/secrets/gitleaks/slack-legacy-bot-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (xoxb-[0-9]{8,14}\-[a-zA-Z0-9]{18,26}) + - pattern-regex: xoxb-[0-9]{8,14}-[a-zA-Z0-9]{18,26} diff --git a/generic/secrets/gitleaks/slack-legacy-token.yaml b/generic/secrets/gitleaks/slack-legacy-token.yaml index e5565a553b..e38bc74a8b 100644 --- a/generic/secrets/gitleaks/slack-legacy-token.yaml +++ b/generic/secrets/gitleaks/slack-legacy-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (xox[os]-\d+-\d+-\d+-[a-fA-F\d]+) + - pattern-regex: xox[os]-\d+-\d+-\d+-[a-fA-F\d]+ diff --git a/generic/secrets/gitleaks/slack-legacy-workspace-token.yaml b/generic/secrets/gitleaks/slack-legacy-workspace-token.yaml index 334680d7e9..5808296ef4 100644 --- a/generic/secrets/gitleaks/slack-legacy-workspace-token.yaml +++ b/generic/secrets/gitleaks/slack-legacy-workspace-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (xox[ar]-(?:\d-)?[0-9a-zA-Z]{8,48}) + - pattern-regex: xox[ar]-(?:\d-)?[0-9a-zA-Z]{8,48} diff --git a/generic/secrets/gitleaks/slack-user-token.yaml b/generic/secrets/gitleaks/slack-user-token.yaml index 70c5cb0277..26445b53bd 100644 --- a/generic/secrets/gitleaks/slack-user-token.yaml +++ b/generic/secrets/gitleaks/slack-user-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (xox[pe](?:-[0-9]{10,13}){3}-[a-zA-Z0-9-]{28,34}) + - pattern-regex: xox[pe](?:-[0-9]{10,13}){3}-[a-zA-Z0-9-]{28,34} diff --git a/generic/secrets/gitleaks/slack-webhook-url.yaml b/generic/secrets/gitleaks/slack-webhook-url.yaml index a663b4270d..5b5a1657de 100644 --- a/generic/secrets/gitleaks/slack-webhook-url.yaml +++ b/generic/secrets/gitleaks/slack-webhook-url.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (https?:\/\/)?hooks.slack.com\/(services|workflows)\/[A-Za-z0-9+\/]{43,46} + - pattern-regex: (?:https?://)?hooks.slack.com/(?:services|workflows)/[A-Za-z0-9+/]{43,46} diff --git a/generic/secrets/gitleaks/snyk-api-token.yaml b/generic/secrets/gitleaks/snyk-api-token.yaml index 71bb2e3fce..64fd8b7d34 100644 --- a/generic/secrets/gitleaks/snyk-api-token.yaml +++ b/generic/secrets/gitleaks/snyk-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:snyk_token|snyk_key|snyk_api_token|snyk_api_key|snyk_oauth_token)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:snyk[_.-]?(?:(?:api|oauth)[_.-]?)?(?:key|token))(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/square-access-token.yaml b/generic/secrets/gitleaks/square-access-token.yaml index b5d503e5df..aac623ad64 100644 --- a/generic/secrets/gitleaks/square-access-token.yaml +++ b/generic/secrets/gitleaks/square-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b((EAAA|sq0atp-)[0-9A-Za-z\-_]{22,60})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: \b((?:EAAA|sq0atp-)[\w-]{22,60})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/squarespace-access-token.yaml b/generic/secrets/gitleaks/squarespace-access-token.yaml index 93af76cc90..361c000a63 100644 --- a/generic/secrets/gitleaks/squarespace-access-token.yaml +++ b/generic/secrets/gitleaks/squarespace-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:squarespace)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:squarespace)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/stripe-access-token.yaml b/generic/secrets/gitleaks/stripe-access-token.yaml index 484c7a8093..3342ea62b8 100644 --- a/generic/secrets/gitleaks/stripe-access-token.yaml +++ b/generic/secrets/gitleaks/stripe-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b((sk|rk)_(test|live|prod)_[0-9a-z]{10,99})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: \b((?:sk|rk)_(?:test|live|prod)_[a-zA-Z0-9]{10,99})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/sumologic-access-id.yaml b/generic/secrets/gitleaks/sumologic-access-id.yaml index 2a21633e6e..c0ee723485 100644 --- a/generic/secrets/gitleaks/sumologic-access-id.yaml +++ b/generic/secrets/gitleaks/sumologic-access-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i:(?:sumo)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3})(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(su[a-zA-Z0-9]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: [\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:(?-i:[Ss]umo|SUMO))(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3})(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(su[a-zA-Z0-9]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/sumologic-access-token.yaml b/generic/secrets/gitleaks/sumologic-access-token.yaml index 2413409487..2cf2902947 100644 --- a/generic/secrets/gitleaks/sumologic-access-token.yaml +++ b/generic/secrets/gitleaks/sumologic-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:sumo)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:(?-i:[Ss]umo|SUMO))(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/telegram-bot-api-token.yaml b/generic/secrets/gitleaks/telegram-bot-api-token.yaml index a9edae9d57..8cdb4781da 100644 --- a/generic/secrets/gitleaks/telegram-bot-api-token.yaml +++ b/generic/secrets/gitleaks/telegram-bot-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i:(?:telegr)(?:[0-9a-z\(-_\t .\\]{0,40})(?:[\s|']|[\s|"]){0,3})(?:=|\|\|:|<=|=>|:|\?=|\()(?:'|\"|\s|=|\x60){0,5}([0-9]{5,16}:A[a-z0-9_\-]{34})(?:['|\"|\n|\r|\s|\x60|;|\\]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:telegr)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{5,16}:(?-i:A)[a-z0-9_\-]{34})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/travisci-access-token.yaml b/generic/secrets/gitleaks/travisci-access-token.yaml index fa4baab6cc..d0118f67f8 100644 --- a/generic/secrets/gitleaks/travisci-access-token.yaml +++ b/generic/secrets/gitleaks/travisci-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:travis)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{22})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:travis)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{22})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/twitch-api-token.yaml b/generic/secrets/gitleaks/twitch-api-token.yaml index 5e82d0a25f..a30fd2a3db 100644 --- a/generic/secrets/gitleaks/twitch-api-token.yaml +++ b/generic/secrets/gitleaks/twitch-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:twitch)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:twitch)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/twitter-access-secret.yaml b/generic/secrets/gitleaks/twitter-access-secret.yaml index 3d938b6beb..446d509359 100644 --- a/generic/secrets/gitleaks/twitter-access-secret.yaml +++ b/generic/secrets/gitleaks/twitter-access-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{45})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:twitter)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{45})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/twitter-access-token.yaml b/generic/secrets/gitleaks/twitter-access-token.yaml index 957e82c248..15c7ba0fb8 100644 --- a/generic/secrets/gitleaks/twitter-access-token.yaml +++ b/generic/secrets/gitleaks/twitter-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{15,25}-[a-zA-Z0-9]{20,40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:twitter)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{15,25}-[a-zA-Z0-9]{20,40})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/twitter-api-key.yaml b/generic/secrets/gitleaks/twitter-api-key.yaml index be0e9f5a0c..df88fbd138 100644 --- a/generic/secrets/gitleaks/twitter-api-key.yaml +++ b/generic/secrets/gitleaks/twitter-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{25})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:twitter)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{25})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/twitter-api-secret.yaml b/generic/secrets/gitleaks/twitter-api-secret.yaml index 1233af70d4..9f97d6fbed 100644 --- a/generic/secrets/gitleaks/twitter-api-secret.yaml +++ b/generic/secrets/gitleaks/twitter-api-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{50})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:twitter)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{50})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/twitter-bearer-token.yaml b/generic/secrets/gitleaks/twitter-bearer-token.yaml index 015a8efa94..2f3604d1c4 100644 --- a/generic/secrets/gitleaks/twitter-bearer-token.yaml +++ b/generic/secrets/gitleaks/twitter-bearer-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(A{22}[a-zA-Z0-9%]{80,100})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:twitter)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(A{22}[a-zA-Z0-9%]{80,100})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/typeform-api-token.yaml b/generic/secrets/gitleaks/typeform-api-token.yaml index d90efbf17e..3089b60ece 100644 --- a/generic/secrets/gitleaks/typeform-api-token.yaml +++ b/generic/secrets/gitleaks/typeform-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:typeform)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(tfp_[a-z0-9\-_\.=]{59})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:typeform)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(tfp_[a-z0-9\-_\.=]{59})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/vault-batch-token.yaml b/generic/secrets/gitleaks/vault-batch-token.yaml index 5ab63bf906..ec149753d8 100644 --- a/generic/secrets/gitleaks/vault-batch-token.yaml +++ b/generic/secrets/gitleaks/vault-batch-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(hvb\.[a-z0-9_-]{138,212})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: \b(hvb\.[\w-]{138,300})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/vault-service-token.yaml b/generic/secrets/gitleaks/vault-service-token.yaml index 87e757131c..34f1b706af 100644 --- a/generic/secrets/gitleaks/vault-service-token.yaml +++ b/generic/secrets/gitleaks/vault-service-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(hvs\.[a-z0-9_-]{90,100})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: \b((?:hvs\.[\w-]{90,120}|s\.(?i:[a-z0-9]{24})))(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/yandex-access-token.yaml b/generic/secrets/gitleaks/yandex-access-token.yaml index e004bb9231..da7e7940f0 100644 --- a/generic/secrets/gitleaks/yandex-access-token.yaml +++ b/generic/secrets/gitleaks/yandex-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:yandex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(t1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:yandex)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(t1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/yandex-api-key.yaml b/generic/secrets/gitleaks/yandex-api-key.yaml index 7998737c47..1e7d0500f3 100644 --- a/generic/secrets/gitleaks/yandex-api-key.yaml +++ b/generic/secrets/gitleaks/yandex-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:yandex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(AQVN[A-Za-z0-9_\-]{35,38})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:yandex)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(AQVN[A-Za-z0-9_\-]{35,38})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/yandex-aws-access-token.yaml b/generic/secrets/gitleaks/yandex-aws-access-token.yaml index f0e160e2ac..704c7ae890 100644 --- a/generic/secrets/gitleaks/yandex-aws-access-token.yaml +++ b/generic/secrets/gitleaks/yandex-aws-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:yandex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(YC[a-zA-Z0-9_\-]{38})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:yandex)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(YC[a-zA-Z0-9_\-]{38})(?:['|\"|\n|\r|\s|\x60|;]|$) diff --git a/generic/secrets/gitleaks/zendesk-secret-key.yaml b/generic/secrets/gitleaks/zendesk-secret-key.yaml index 9e2f3440ce..bae72ac046 100644 --- a/generic/secrets/gitleaks/zendesk-secret-key.yaml +++ b/generic/secrets/gitleaks/zendesk-secret-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:zendesk)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (?i)[\w.-]{0,50}?(?:zendesk)(?:[ \t\w.-]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)