Skip to content

Commit

Permalink
Merge Gitleaks rules 2024-09-06 # 00:30
Browse files Browse the repository at this point in the history
  • Loading branch information
Security Research (r2c-argo) committed Sep 6, 2024
1 parent f1f6dc5 commit faf54c8
Show file tree
Hide file tree
Showing 18 changed files with 93 additions and 15 deletions.
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/clojars-api-token.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(CLOJARS_)[a-z0-9]{60}
- pattern-regex: (?i)CLOJARS_[a-z0-9]{60}
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/doppler-api-token.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (dp\.pt\.)(?i)[a-z0-9]{43}
- pattern-regex: dp\.pt\.(?i)[a-z0-9]{43}
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/duffel-api-token.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: duffel_(test|live)_(?i)[a-z0-9_\-=]{43}
- pattern-regex: duffel_(?:test|live)_(?i)[a-z0-9_\-=]{43}
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/github-app-token.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (ghu|ghs)_[0-9a-zA-Z]{36}
- pattern-regex: (?:ghu|ghs)_[0-9a-zA-Z]{36}
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/harness-api-key.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: ((?:pat|sat)\.[a-zA-Z0-9]{22}\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{20})
- pattern-regex: (?:pat|sat)\.[a-zA-Z0-9]{22}\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{20}
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/hashicorp-tf-api-token.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)[a-z0-9]{14}\.atlasv1\.[a-z0-9\-_=]{60,70}
- pattern-regex: (?i)[a-z0-9]{14}\.(?-i:atlasv1)\.[a-z0-9\-_=]{60,70}
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/kubernetes-secret-with-data-after.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: kubernetes-secret-with-data-after
message: A gitleaks kubernetes-secret-with-data-after was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b((?i)(?:\bkind:.{0,10}Secret\b)(?:.|\s){0,200}?\b(?:data:)\s*(.+))(?:['|\"|\n|\r|\s|\x60|;]|$)
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/kubernetes-secret-with-data-before.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: kubernetes-secret-with-data-before
message: A gitleaks kubernetes-secret-with-data-before was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b((?i)(?:\b(?:data:))(\W+(?:\w+\W+){0,200}?)\bkind:.{0,10}Secret\b)(?:['|\"|\n|\r|\s|\x60|;]|$)
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/openshift-user-token.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: openshift-user-token
message: A gitleaks openshift-user-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: \b(sha256~[\w-]{43})(?:[^\w-]|\z)
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/private-key.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY( BLOCK)?-----[\s\S-]*KEY( BLOCK)?----
- pattern-regex: (?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY(?: BLOCK)?-----[\s\S-]*KEY(?: BLOCK)?----
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/sidekiq-sensitive-url.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(http(?:s??):\/\/)([a-f0-9]{8}:[a-f0-9]{8})@(?:gems.contribsys.com|enterprise.contribsys.com)(?:[\/|\#|\?|:]|$)
- pattern-regex: (?i)\bhttps?://([a-f0-9]{8}:[a-f0-9]{8})@(?:gems.contribsys.com|enterprise.contribsys.com)(?:[\/|\#|\?|:]|$)
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/slack-app-token.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(xapp-\d-[A-Z0-9]+-\d+-[a-z0-9]+)
- pattern-regex: (?i)xapp-\d-[A-Z0-9]+-\d+-[a-z0-9]+
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/slack-config-access-token.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(xoxe.xox[bp]-\d-[A-Z0-9]{163,166})
- pattern-regex: (?i)xoxe.xox[bp]-\d-[A-Z0-9]{163,166}
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/slack-config-refresh-token.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(xoxe-\d-[A-Z0-9]{146})
- pattern-regex: (?i)xoxe-\d-[A-Z0-9]{146}
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/slack-legacy-token.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (xox[os]-\d+-\d+-\d+-[a-fA-F\d]+)
- pattern-regex: xox[os]-\d+-\d+-\d+-[a-fA-F\d]+
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/slack-user-token.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (xox[pe](?:-[0-9]{10,13}){3}-[a-zA-Z0-9-]{28,34})
- pattern-regex: xox[pe](?:-[0-9]{10,13}){3}-[a-zA-Z0-9-]{28,34}
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/telegram-bot-api-token.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i:(?:telegr)(?:[0-9a-z\(-_\t .\\]{0,40})(?:[\s|']|[\s|"]){0,3})(?:=|\|\|:|<=|=>|:|\?=|\()(?:'|\"|\s|=|\x60){0,5}([0-9]{5,16}:A[a-z0-9_\-]{34})(?:['|\"|\n|\r|\s|\x60|;|\\]|$)
- pattern-regex: (?i:telegr(?:[0-9a-z\(-_\t .\\]{0,40})(?:[\s|']|[\s|"]){0,3})(?:=|\|\|:|<=|=>|:|\?=|\()(?:'|\"|\s|=|\x60){0,5}([0-9]{5,16}:A[a-z0-9_\-]{34})(?:['|\"|\n|\r|\s|\x60|;|\\]|$)
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/vault-service-token.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(hvs\.[a-z0-9_-]{90,100})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: \b((?:hvs\.[\w-]{90,120}|s\.(?i:[a-z0-9]{24})))(?:['|\"|\n|\r|\s|\x60|;]|$)

0 comments on commit faf54c8

Please sign in to comment.