Skip to content

Commit

Permalink
Merge Gitleaks rules 2024-09-30 # 00:31
Browse files Browse the repository at this point in the history
  • Loading branch information
Security Research (r2c-argo) committed Sep 30, 2024
1 parent ecba02c commit af57473
Show file tree
Hide file tree
Showing 22 changed files with 97 additions and 19 deletions.
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/clojars-api-token.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(CLOJARS_)[a-z0-9]{60}
- pattern-regex: (?i)CLOJARS_[a-z0-9]{60}
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/doppler-api-token.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (dp\.pt\.)(?i)[a-z0-9]{43}
- pattern-regex: dp\.pt\.(?i)[a-z0-9]{43}
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/duffel-api-token.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: duffel_(test|live)_(?i)[a-z0-9_\-=]{43}
- pattern-regex: duffel_(?:test|live)_(?i)[a-z0-9_\-=]{43}
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/etsy-access-token.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:etsy)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (?i)(?:(?-i:ETSY|[Ee]tsy))(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/flyio-access-token.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: flyio-access-token
message: A gitleaks flyio-access-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: \b((?:fo1_[\w-]{43}|fm1[ar]_[a-zA-Z0-9+\/]{100,}={0,3}|fm2_[a-zA-Z0-9+\/]{100,}={0,3}))(?:['|\"|\n|\r|\s|\x60|;]|$)
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/gcp-api-key.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(AIza[0-9A-Za-z\\-_]{35})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: \b(AIza[\w-]{35})(?:['|\"|\n|\r|\s|\x60|;]|$)
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/github-app-token.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (ghu|ghs)_[0-9a-zA-Z]{36}
- pattern-regex: (?:ghu|ghs)_[0-9a-zA-Z]{36}
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/github-fine-grained-pat.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: github_pat_[0-9a-zA-Z_]{82}
- pattern-regex: github_pat_\w{82}
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/harness-api-key.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: ((?:pat|sat)\.[a-zA-Z0-9]{22}\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{20})
- pattern-regex: (?:pat|sat)\.[a-zA-Z0-9_-]{22}\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{20}
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/hashicorp-tf-api-token.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)[a-z0-9]{14}\.atlasv1\.[a-z0-9\-_=]{60,70}
- pattern-regex: (?i)[a-z0-9]{14}\.(?-i:atlasv1)\.[a-z0-9\-_=]{60,70}
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/kubernetes-secret-yaml.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: kubernetes-secret-yaml
message: A gitleaks kubernetes-secret-yaml was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:\bkind:[ \t]*["']?secret["']?(?:.|\s){0,200}?\bdata:(?:.|\s){0,100}?\s+([\w.-]+:(?:[ \t]*(?:\||>[-+]?)\s+)?[ \t]*(?:["']?[a-z0-9]{10,}={0,3}["']?|\{\{[ \t\w"|$:=,.-]+}}|""|''))|\bdata:(?:.|\s){0,100}?\s+([\w.-]+:(?:[ \t]*(?:\||>[-+]?)\s+)?[ \t]*(?:["']?[a-z0-9]{10,}={0,3}["']?|\{\{[ \t\w"|$:=,.-]+}}|""|''))(?:.|\s){0,200}?\bkind:[ \t]*["']?secret["']?)
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/openshift-user-token.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: openshift-user-token
message: A gitleaks openshift-user-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: \b(sha256~[\w-]{43})(?:[^\w-]|\z)
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/private-key.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY( BLOCK)?-----[\s\S-]*KEY( BLOCK)?----
- pattern-regex: (?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY(?: BLOCK)?-----[\s\S-]*KEY(?: BLOCK)?----
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/sidekiq-sensitive-url.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(http(?:s??):\/\/)([a-f0-9]{8}:[a-f0-9]{8})@(?:gems.contribsys.com|enterprise.contribsys.com)(?:[\/|\#|\?|:]|$)
- pattern-regex: (?i)\bhttps?://([a-f0-9]{8}:[a-f0-9]{8})@(?:gems.contribsys.com|enterprise.contribsys.com)(?:[\/|\#|\?|:]|$)
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/slack-app-token.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(xapp-\d-[A-Z0-9]+-\d+-[a-z0-9]+)
- pattern-regex: (?i)xapp-\d-[A-Z0-9]+-\d+-[a-z0-9]+
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/slack-config-access-token.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(xoxe.xox[bp]-\d-[A-Z0-9]{163,166})
- pattern-regex: (?i)xoxe.xox[bp]-\d-[A-Z0-9]{163,166}
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/slack-config-refresh-token.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(xoxe-\d-[A-Z0-9]{146})
- pattern-regex: (?i)xoxe-\d-[A-Z0-9]{146}
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/slack-legacy-token.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (xox[os]-\d+-\d+-\d+-[a-fA-F\d]+)
- pattern-regex: xox[os]-\d+-\d+-\d+-[a-fA-F\d]+
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/slack-user-token.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (xox[pe](?:-[0-9]{10,13}){3}-[a-zA-Z0-9-]{28,34})
- pattern-regex: xox[pe](?:-[0-9]{10,13}){3}-[a-zA-Z0-9-]{28,34}
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/square-access-token.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b((EAAA|sq0atp-)[0-9A-Za-z\-_]{22,60})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: \b((?:EAAA|sq0atp-)[\w-]{22,60})(?:['|\"|\n|\r|\s|\x60|;]|$)
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/telegram-bot-api-token.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i:(?:telegr)(?:[0-9a-z\(-_\t .\\]{0,40})(?:[\s|']|[\s|"]){0,3})(?:=|\|\|:|<=|=>|:|\?=|\()(?:'|\"|\s|=|\x60){0,5}([0-9]{5,16}:A[a-z0-9_\-]{34})(?:['|\"|\n|\r|\s|\x60|;|\\]|$)
- pattern-regex: (?i:telegr(?:[0-9a-z\(-_\t .\\]{0,40})(?:[\s|']|[\s|"]){0,3})(?:=|\|\|:|<=|=>|:|\?=|\()(?:'|\"|\s|=|\x60){0,5}([0-9]{5,16}:A[a-z0-9_\-]{34})(?:['|\"|\n|\r|\s|\x60|;|\\]|$)
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/vault-service-token.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(hvs\.[a-z0-9_-]{90,100})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: \b((?:hvs\.[\w-]{90,120}|s\.(?i:[a-z0-9]{24})))(?:['|\"|\n|\r|\s|\x60|;]|$)

0 comments on commit af57473

Please sign in to comment.