diff --git a/generic/secrets/gitleaks/1password-service-account-token.yaml b/generic/secrets/gitleaks/1password-service-account-token.yaml new file mode 100644 index 0000000000..afc9765462 --- /dev/null +++ b/generic/secrets/gitleaks/1password-service-account-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: 1password-service-account-token + message: A gitleaks 1password-service-account-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (ops_eyJ[a-zA-Z0-9+/]{250,}={0,3}) diff --git a/generic/secrets/gitleaks/adafruit-api-key.yaml b/generic/secrets/gitleaks/adafruit-api-key.yaml index 7414a57e4a..fad24c3894 100644 --- a/generic/secrets/gitleaks/adafruit-api-key.yaml +++ b/generic/secrets/gitleaks/adafruit-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:adafruit)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:adafruit)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9_-]{32})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/adobe-client-id.yaml b/generic/secrets/gitleaks/adobe-client-id.yaml index e5c30adf39..e71b4a7341 100644 --- a/generic/secrets/gitleaks/adobe-client-id.yaml +++ b/generic/secrets/gitleaks/adobe-client-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:adobe)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:adobe)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-f0-9]{32})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/adobe-client-secret.yaml b/generic/secrets/gitleaks/adobe-client-secret.yaml index 01effd0a9e..b7cc392d7c 100644 --- a/generic/secrets/gitleaks/adobe-client-secret.yaml +++ b/generic/secrets/gitleaks/adobe-client-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b((p8e-)(?i)[a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(p8e-(?i)[a-z0-9]{32})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/age-secret-key.yaml b/generic/secrets/gitleaks/age-secret-key.yaml index fd32bd955a..f3ab7d18ff 100644 --- a/generic/secrets/gitleaks/age-secret-key.yaml +++ b/generic/secrets/gitleaks/age-secret-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58} + - pattern-regex: (AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}) diff --git a/generic/secrets/gitleaks/airtable-api-key.yaml b/generic/secrets/gitleaks/airtable-api-key.yaml index ffc6b5b143..ef5408bee7 100644 --- a/generic/secrets/gitleaks/airtable-api-key.yaml +++ b/generic/secrets/gitleaks/airtable-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:airtable)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{17})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:airtable)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{17})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/algolia-api-key.yaml b/generic/secrets/gitleaks/algolia-api-key.yaml index 0f0a5f0a34..36ef64a258 100644 --- a/generic/secrets/gitleaks/algolia-api-key.yaml +++ b/generic/secrets/gitleaks/algolia-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:algolia)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:algolia)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{32})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/alibaba-access-key-id.yaml b/generic/secrets/gitleaks/alibaba-access-key-id.yaml index 1d1d5cd203..cebb502564 100644 --- a/generic/secrets/gitleaks/alibaba-access-key-id.yaml +++ b/generic/secrets/gitleaks/alibaba-access-key-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b((LTAI)(?i)[a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(LTAI(?i)[a-z0-9]{20})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/alibaba-secret-key.yaml b/generic/secrets/gitleaks/alibaba-secret-key.yaml index 595e513d91..b394609971 100644 --- a/generic/secrets/gitleaks/alibaba-secret-key.yaml +++ b/generic/secrets/gitleaks/alibaba-secret-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:alibaba)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:alibaba)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{30})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/asana-client-id.yaml b/generic/secrets/gitleaks/asana-client-id.yaml index 1f88459c0b..b9eef4eaa2 100644 --- a/generic/secrets/gitleaks/asana-client-id.yaml +++ b/generic/secrets/gitleaks/asana-client-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:asana)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([0-9]{16})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/asana-client-secret.yaml b/generic/secrets/gitleaks/asana-client-secret.yaml index 9bf28eb7a9..c5f86960e6 100644 --- a/generic/secrets/gitleaks/asana-client-secret.yaml +++ b/generic/secrets/gitleaks/asana-client-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:asana)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{32})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/atlassian-api-token.yaml b/generic/secrets/gitleaks/atlassian-api-token.yaml index 1fcebb128f..6d9f67af02 100644 --- a/generic/secrets/gitleaks/atlassian-api-token.yaml +++ b/generic/secrets/gitleaks/atlassian-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:atlassian|confluence|jira)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ([\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:atlassian|confluence|jira)(?:[ \t\w.-]{0,20})[\s'"|]{0,3})(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-zA-Z0-9]{24})(?:[`'"\s;]|$)|\b(ATATT3[A-Za-z0-9_\-=]{186})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/authress-service-client-access-key.yaml b/generic/secrets/gitleaks/authress-service-client-access-key.yaml index 7ffeba74c0..d03b1aa1d0 100644 --- a/generic/secrets/gitleaks/authress-service-client-access-key.yaml +++ b/generic/secrets/gitleaks/authress-service-client-access-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b((?:sc|ext|scauth|authress)_[a-z0-9]{5,30}\.[a-z0-9]{4,6}\.acc[_-][a-z0-9-]{10,32}\.[a-z0-9+/_=-]{30,120})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b((?:sc|ext|scauth|authress)_(?i)[a-z0-9]{5,30}\.[a-z0-9]{4,6}\.(?-i:acc)[_-][a-z0-9-]{10,32}\.[a-z0-9+/_=-]{30,120})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/aws-access-token.yaml b/generic/secrets/gitleaks/aws-access-token.yaml index 8fa251c7d6..39e336a153 100644 --- a/generic/secrets/gitleaks/aws-access-token.yaml +++ b/generic/secrets/gitleaks/aws-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16} + - pattern-regex: (\b((?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16})\b) diff --git a/generic/secrets/gitleaks/azure-ad-client-secret.yaml b/generic/secrets/gitleaks/azure-ad-client-secret.yaml new file mode 100644 index 0000000000..4e74654742 --- /dev/null +++ b/generic/secrets/gitleaks/azure-ad-client-secret.yaml @@ -0,0 +1,26 @@ +rules: +- id: azure-ad-client-secret + message: A gitleaks azure-ad-client-secret was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: ((?:^|[\\'"\x60\s>=:(,)])([a-zA-Z0-9_~.]{3}\dQ~[a-zA-Z0-9_~.-]{31,34})(?:$|[\\'"\x60\s<),])) diff --git a/generic/secrets/gitleaks/beamer-api-token.yaml b/generic/secrets/gitleaks/beamer-api-token.yaml index a55bcee05d..5c95af5d9c 100644 --- a/generic/secrets/gitleaks/beamer-api-token.yaml +++ b/generic/secrets/gitleaks/beamer-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:beamer)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(b_[a-z0-9=_\-]{44})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:beamer)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}(b_[a-z0-9=_\-]{44})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/bitbucket-client-id.yaml b/generic/secrets/gitleaks/bitbucket-client-id.yaml index 80c036617a..15044ef722 100644 --- a/generic/secrets/gitleaks/bitbucket-client-id.yaml +++ b/generic/secrets/gitleaks/bitbucket-client-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:bitbucket)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{32})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/bitbucket-client-secret.yaml b/generic/secrets/gitleaks/bitbucket-client-secret.yaml index b5ede43cda..3ebb3d9be6 100644 --- a/generic/secrets/gitleaks/bitbucket-client-secret.yaml +++ b/generic/secrets/gitleaks/bitbucket-client-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:bitbucket)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9=_\-]{64})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/bittrex-access-key.yaml b/generic/secrets/gitleaks/bittrex-access-key.yaml index a3206ae4e9..4f8d4c1a2b 100644 --- a/generic/secrets/gitleaks/bittrex-access-key.yaml +++ b/generic/secrets/gitleaks/bittrex-access-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:bittrex)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{32})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/bittrex-secret-key.yaml b/generic/secrets/gitleaks/bittrex-secret-key.yaml index c87a9f164b..18870a5b13 100644 --- a/generic/secrets/gitleaks/bittrex-secret-key.yaml +++ b/generic/secrets/gitleaks/bittrex-secret-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:bittrex)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{32})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/clojars-api-token.yaml b/generic/secrets/gitleaks/clojars-api-token.yaml index 1bd151c065..8131050bca 100644 --- a/generic/secrets/gitleaks/clojars-api-token.yaml +++ b/generic/secrets/gitleaks/clojars-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(CLOJARS_)[a-z0-9]{60} + - pattern-regex: ((?i)CLOJARS_[a-z0-9]{60}) diff --git a/generic/secrets/gitleaks/cloudflare-api-key.yaml b/generic/secrets/gitleaks/cloudflare-api-key.yaml index 33e967153a..f68ced380e 100644 --- a/generic/secrets/gitleaks/cloudflare-api-key.yaml +++ b/generic/secrets/gitleaks/cloudflare-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:cloudflare)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:cloudflare)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9_-]{40})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/cloudflare-global-api-key.yaml b/generic/secrets/gitleaks/cloudflare-global-api-key.yaml index 9d014dbdb8..6701e2871e 100644 --- a/generic/secrets/gitleaks/cloudflare-global-api-key.yaml +++ b/generic/secrets/gitleaks/cloudflare-global-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:cloudflare)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{37})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:cloudflare)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-f0-9]{37})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/cloudflare-origin-ca-key.yaml b/generic/secrets/gitleaks/cloudflare-origin-ca-key.yaml index adf4b23b22..c3811a5587 100644 --- a/generic/secrets/gitleaks/cloudflare-origin-ca-key.yaml +++ b/generic/secrets/gitleaks/cloudflare-origin-ca-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: \b(v1\.0-[a-f0-9]{24}-[a-f0-9]{146})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(v1\.0-[a-f0-9]{24}-[a-f0-9]{146})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/codecov-access-token.yaml b/generic/secrets/gitleaks/codecov-access-token.yaml index f9515d316f..93ab6f82e7 100644 --- a/generic/secrets/gitleaks/codecov-access-token.yaml +++ b/generic/secrets/gitleaks/codecov-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:codecov)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:codecov)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{32})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/cohere-api-token.yaml b/generic/secrets/gitleaks/cohere-api-token.yaml new file mode 100644 index 0000000000..29c2313ae4 --- /dev/null +++ b/generic/secrets/gitleaks/cohere-api-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: cohere-api-token + message: A gitleaks cohere-api-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: ([\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:cohere|CO_API_KEY)(?:[ \t\w.-]{0,20})[\s'"|]{0,3})(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-zA-Z0-9]{40})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/coinbase-access-token.yaml b/generic/secrets/gitleaks/coinbase-access-token.yaml index 4fd9aebe89..e4a8010bfb 100644 --- a/generic/secrets/gitleaks/coinbase-access-token.yaml +++ b/generic/secrets/gitleaks/coinbase-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:coinbase)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:coinbase)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9_-]{64})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/confluent-access-token.yaml b/generic/secrets/gitleaks/confluent-access-token.yaml index bbc6ce8f49..67ddef9100 100644 --- a/generic/secrets/gitleaks/confluent-access-token.yaml +++ b/generic/secrets/gitleaks/confluent-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:confluent)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{16})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/confluent-secret-key.yaml b/generic/secrets/gitleaks/confluent-secret-key.yaml index fb7cb1f52d..4687871991 100644 --- a/generic/secrets/gitleaks/confluent-secret-key.yaml +++ b/generic/secrets/gitleaks/confluent-secret-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:confluent)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{64})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/contentful-delivery-api-token.yaml b/generic/secrets/gitleaks/contentful-delivery-api-token.yaml index 8ec12ef026..8dd1d70324 100644 --- a/generic/secrets/gitleaks/contentful-delivery-api-token.yaml +++ b/generic/secrets/gitleaks/contentful-delivery-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:contentful)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{43})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:contentful)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9=_\-]{43})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/curl-auth-header.yaml b/generic/secrets/gitleaks/curl-auth-header.yaml new file mode 100644 index 0000000000..8fab490b5e --- /dev/null +++ b/generic/secrets/gitleaks/curl-auth-header.yaml @@ -0,0 +1,26 @@ +rules: +- id: curl-auth-header + message: A gitleaks curl-auth-header was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (\bcurl\b(?:.*?|.*?(?:[\r\n]{1,2}.*?){1,5})[ \t\n\r](?:-H|--header)(?:=|[ \t]{0,5})(?:"(?i)(?:Authorization:[ \t]{0,5}(?:Basic[ \t]([a-z0-9+/]{8,}={0,3})|(?:Bearer|(?:Api-)?Token)[ \t]([\w=~@.+/-]{8,})|([\w=~@.+/-]{8,}))|(?:(?:X-(?:[a-z]+-)?)?(?:Api-?)?(?:Key|Token)):[ \t]{0,5}([\w=~@.+/-]{8,}))"|'(?i)(?:Authorization:[ \t]{0,5}(?:Basic[ \t]([a-z0-9+/]{8,}={0,3})|(?:Bearer|(?:Api-)?Token)[ \t]([\w=~@.+/-]{8,})|([\w=~@.+/-]{8,}))|(?:(?:X-(?:[a-z]+-)?)?(?:Api-?)?(?:Key|Token)):[ \t]{0,5}([\w=~@.+/-]{8,}))')(?:\B|\s|\z)) diff --git a/generic/secrets/gitleaks/curl-auth-user.yaml b/generic/secrets/gitleaks/curl-auth-user.yaml new file mode 100644 index 0000000000..d06f196384 --- /dev/null +++ b/generic/secrets/gitleaks/curl-auth-user.yaml @@ -0,0 +1,26 @@ +rules: +- id: curl-auth-user + message: A gitleaks curl-auth-user was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (\bcurl\b(?:.*|.*(?:[\r\n]{1,2}.*){1,5})[ \t\n\r](?:-u|--user)(?:=|[ \t]{0,5})(?:"([^:"]{3,}:[^"]{3,})"|'([^:']{3,}:[^']{3,})'|((?:"[^"]{3,}"|'[^']{3,}'|[\w$@.-]+):(?:"[^"]{3,}"|'[^']{3,}'|[\w${}@.-]+)))(?:\s|\z)) diff --git a/generic/secrets/gitleaks/databricks-api-token.yaml b/generic/secrets/gitleaks/databricks-api-token.yaml index ba1e2023de..e9294da57a 100644 --- a/generic/secrets/gitleaks/databricks-api-token.yaml +++ b/generic/secrets/gitleaks/databricks-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(dapi[a-h0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(dapi[a-f0-9]{32}(?:-\d)?)(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/datadog-access-token.yaml b/generic/secrets/gitleaks/datadog-access-token.yaml index 73a332402c..987d8b2887 100644 --- a/generic/secrets/gitleaks/datadog-access-token.yaml +++ b/generic/secrets/gitleaks/datadog-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:datadog)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:datadog)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{40})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/defined-networking-api-token.yaml b/generic/secrets/gitleaks/defined-networking-api-token.yaml index ad67b31107..ef6022cd76 100644 --- a/generic/secrets/gitleaks/defined-networking-api-token.yaml +++ b/generic/secrets/gitleaks/defined-networking-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:dnkey)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(dnkey-[a-z0-9=_\-]{26}-[a-z0-9=_\-]{52})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:dnkey)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}(dnkey-[a-z0-9=_\-]{26}-[a-z0-9=_\-]{52})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/digitalocean-access-token.yaml b/generic/secrets/gitleaks/digitalocean-access-token.yaml index 4d907631dc..f839c2d001 100644 --- a/generic/secrets/gitleaks/digitalocean-access-token.yaml +++ b/generic/secrets/gitleaks/digitalocean-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(doo_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(doo_v1_[a-f0-9]{64})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/digitalocean-pat.yaml b/generic/secrets/gitleaks/digitalocean-pat.yaml index 48cc5bf5d3..7577f0d899 100644 --- a/generic/secrets/gitleaks/digitalocean-pat.yaml +++ b/generic/secrets/gitleaks/digitalocean-pat.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(dop_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(dop_v1_[a-f0-9]{64})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/digitalocean-refresh-token.yaml b/generic/secrets/gitleaks/digitalocean-refresh-token.yaml index c4abd2e6d7..a11ee2a160 100644 --- a/generic/secrets/gitleaks/digitalocean-refresh-token.yaml +++ b/generic/secrets/gitleaks/digitalocean-refresh-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(dor_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)\b(dor_v1_[a-f0-9]{64})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/discord-api-token.yaml b/generic/secrets/gitleaks/discord-api-token.yaml index 10305163a1..fb5879691f 100644 --- a/generic/secrets/gitleaks/discord-api-token.yaml +++ b/generic/secrets/gitleaks/discord-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:discord)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-f0-9]{64})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/discord-client-id.yaml b/generic/secrets/gitleaks/discord-client-id.yaml index 2a3f34c885..f00410cd42 100644 --- a/generic/secrets/gitleaks/discord-client-id.yaml +++ b/generic/secrets/gitleaks/discord-client-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{18})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:discord)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([0-9]{18})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/discord-client-secret.yaml b/generic/secrets/gitleaks/discord-client-secret.yaml index 0dc0a21caf..7e26e1fe78 100644 --- a/generic/secrets/gitleaks/discord-client-secret.yaml +++ b/generic/secrets/gitleaks/discord-client-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:discord)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9=_\-]{32})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/doppler-api-token.yaml b/generic/secrets/gitleaks/doppler-api-token.yaml index 4fa906b50d..9c9366b7bf 100644 --- a/generic/secrets/gitleaks/doppler-api-token.yaml +++ b/generic/secrets/gitleaks/doppler-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (dp\.pt\.)(?i)[a-z0-9]{43} + - pattern-regex: (dp\.pt\.(?i)[a-z0-9]{43}) diff --git a/generic/secrets/gitleaks/droneci-access-token.yaml b/generic/secrets/gitleaks/droneci-access-token.yaml index 87b22f19f6..bc7b69ca5d 100644 --- a/generic/secrets/gitleaks/droneci-access-token.yaml +++ b/generic/secrets/gitleaks/droneci-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:droneci)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:droneci)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{32})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/dropbox-api-token.yaml b/generic/secrets/gitleaks/dropbox-api-token.yaml index 44e072e701..26d31dc702 100644 --- a/generic/secrets/gitleaks/dropbox-api-token.yaml +++ b/generic/secrets/gitleaks/dropbox-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{15})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:dropbox)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{15})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/dropbox-long-lived-api-token.yaml b/generic/secrets/gitleaks/dropbox-long-lived-api-token.yaml index b0edbad230..8a483cf27c 100644 --- a/generic/secrets/gitleaks/dropbox-long-lived-api-token.yaml +++ b/generic/secrets/gitleaks/dropbox-long-lived-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\-_=]{43})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:dropbox)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\-_=]{43})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/dropbox-short-lived-api-token.yaml b/generic/secrets/gitleaks/dropbox-short-lived-api-token.yaml index e6c729aeae..1c7877fc43 100644 --- a/generic/secrets/gitleaks/dropbox-short-lived-api-token.yaml +++ b/generic/secrets/gitleaks/dropbox-short-lived-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(sl\.[a-z0-9\-=_]{135})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:dropbox)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}(sl\.[a-z0-9\-=_]{135})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/duffel-api-token.yaml b/generic/secrets/gitleaks/duffel-api-token.yaml index 93a67e4ea9..7560962e7a 100644 --- a/generic/secrets/gitleaks/duffel-api-token.yaml +++ b/generic/secrets/gitleaks/duffel-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: duffel_(test|live)_(?i)[a-z0-9_\-=]{43} + - pattern-regex: (duffel_(?:test|live)_(?i)[a-z0-9_\-=]{43}) diff --git a/generic/secrets/gitleaks/dynatrace-api-token.yaml b/generic/secrets/gitleaks/dynatrace-api-token.yaml index 1b8632cd81..581a9c78fc 100644 --- a/generic/secrets/gitleaks/dynatrace-api-token.yaml +++ b/generic/secrets/gitleaks/dynatrace-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: dt0c01\.(?i)[a-z0-9]{24}\.[a-z0-9]{64} + - pattern-regex: (dt0c01\.(?i)[a-z0-9]{24}\.[a-z0-9]{64}) diff --git a/generic/secrets/gitleaks/easypost-api-token.yaml b/generic/secrets/gitleaks/easypost-api-token.yaml index bb01dc144e..72e9e69731 100644 --- a/generic/secrets/gitleaks/easypost-api-token.yaml +++ b/generic/secrets/gitleaks/easypost-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: \bEZAK(?i)[a-z0-9]{54} + - pattern-regex: (\bEZAK(?i)[a-z0-9]{54}\b) diff --git a/generic/secrets/gitleaks/easypost-test-api-token.yaml b/generic/secrets/gitleaks/easypost-test-api-token.yaml index c62c3d8f91..2567db2301 100644 --- a/generic/secrets/gitleaks/easypost-test-api-token.yaml +++ b/generic/secrets/gitleaks/easypost-test-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: \bEZTK(?i)[a-z0-9]{54} + - pattern-regex: (\bEZTK(?i)[a-z0-9]{54}\b) diff --git a/generic/secrets/gitleaks/etsy-access-token.yaml b/generic/secrets/gitleaks/etsy-access-token.yaml index 799c2e9a2a..79c00bfa91 100644 --- a/generic/secrets/gitleaks/etsy-access-token.yaml +++ b/generic/secrets/gitleaks/etsy-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:etsy)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:(?-i:ETSY|[Ee]tsy))(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{24})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/facebook-access-token.yaml b/generic/secrets/gitleaks/facebook-access-token.yaml index 2344c7643e..44fc21f8cd 100644 --- a/generic/secrets/gitleaks/facebook-access-token.yaml +++ b/generic/secrets/gitleaks/facebook-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(\d{15,16}(\||%)[0-9a-z\-_]{27,40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)\b(\d{15,16}(\||%)[0-9a-z\-_]{27,40})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/facebook-page-access-token.yaml b/generic/secrets/gitleaks/facebook-page-access-token.yaml index 5e8191f515..1840304a43 100644 --- a/generic/secrets/gitleaks/facebook-page-access-token.yaml +++ b/generic/secrets/gitleaks/facebook-page-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(EAA[MC][a-z0-9]{20,})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(EAA[MC](?i)[a-z0-9]{100,})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/facebook-secret.yaml b/generic/secrets/gitleaks/facebook-secret.yaml index 1d5facc02a..f2c181ee74 100644 --- a/generic/secrets/gitleaks/facebook-secret.yaml +++ b/generic/secrets/gitleaks/facebook-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:facebook)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:facebook)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-f0-9]{32})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/fastly-api-token.yaml b/generic/secrets/gitleaks/fastly-api-token.yaml index b2b539313d..8ac2771331 100644 --- a/generic/secrets/gitleaks/fastly-api-token.yaml +++ b/generic/secrets/gitleaks/fastly-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:fastly)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:fastly)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9=_\-]{32})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/finicity-api-token.yaml b/generic/secrets/gitleaks/finicity-api-token.yaml index 57b97e251e..5b1365f108 100644 --- a/generic/secrets/gitleaks/finicity-api-token.yaml +++ b/generic/secrets/gitleaks/finicity-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:finicity)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:finicity)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-f0-9]{32})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/finicity-client-secret.yaml b/generic/secrets/gitleaks/finicity-client-secret.yaml index 47fdf50289..45f6908cf0 100644 --- a/generic/secrets/gitleaks/finicity-client-secret.yaml +++ b/generic/secrets/gitleaks/finicity-client-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:finicity)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:finicity)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{20})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/finnhub-access-token.yaml b/generic/secrets/gitleaks/finnhub-access-token.yaml index caa2249c36..2d14e1b4fe 100644 --- a/generic/secrets/gitleaks/finnhub-access-token.yaml +++ b/generic/secrets/gitleaks/finnhub-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:finnhub)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:finnhub)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{20})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/flickr-access-token.yaml b/generic/secrets/gitleaks/flickr-access-token.yaml index df72d9b46d..c085992755 100644 --- a/generic/secrets/gitleaks/flickr-access-token.yaml +++ b/generic/secrets/gitleaks/flickr-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:flickr)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:flickr)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{32})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/flutterwave-encryption-key.yaml b/generic/secrets/gitleaks/flutterwave-encryption-key.yaml index 6f443836bd..00a04c0f5a 100644 --- a/generic/secrets/gitleaks/flutterwave-encryption-key.yaml +++ b/generic/secrets/gitleaks/flutterwave-encryption-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: FLWSECK_TEST-(?i)[a-h0-9]{12} + - pattern-regex: (FLWSECK_TEST-(?i)[a-h0-9]{12}) diff --git a/generic/secrets/gitleaks/flutterwave-public-key.yaml b/generic/secrets/gitleaks/flutterwave-public-key.yaml index 3a79099834..cca4cbec42 100644 --- a/generic/secrets/gitleaks/flutterwave-public-key.yaml +++ b/generic/secrets/gitleaks/flutterwave-public-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: FLWPUBK_TEST-(?i)[a-h0-9]{32}-X + - pattern-regex: (FLWPUBK_TEST-(?i)[a-h0-9]{32}-X) diff --git a/generic/secrets/gitleaks/flutterwave-secret-key.yaml b/generic/secrets/gitleaks/flutterwave-secret-key.yaml index cc7bd0d694..565a2cafa7 100644 --- a/generic/secrets/gitleaks/flutterwave-secret-key.yaml +++ b/generic/secrets/gitleaks/flutterwave-secret-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: FLWSECK_TEST-(?i)[a-h0-9]{32}-X + - pattern-regex: (FLWSECK_TEST-(?i)[a-h0-9]{32}-X) diff --git a/generic/secrets/gitleaks/flyio-access-token.yaml b/generic/secrets/gitleaks/flyio-access-token.yaml new file mode 100644 index 0000000000..d7743ea80e --- /dev/null +++ b/generic/secrets/gitleaks/flyio-access-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: flyio-access-token + message: A gitleaks flyio-access-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (\b((?:fo1_[\w-]{43}|fm1[ar]_[a-zA-Z0-9+\/]{100,}={0,3}|fm2_[a-zA-Z0-9+\/]{100,}={0,3}))(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/frameio-api-token.yaml b/generic/secrets/gitleaks/frameio-api-token.yaml index 4daf4c8d92..0b800a708b 100644 --- a/generic/secrets/gitleaks/frameio-api-token.yaml +++ b/generic/secrets/gitleaks/frameio-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: fio-u-(?i)[a-z0-9\-_=]{64} + - pattern-regex: (fio-u-(?i)[a-z0-9\-_=]{64}) diff --git a/generic/secrets/gitleaks/freemius-secret-key.yaml b/generic/secrets/gitleaks/freemius-secret-key.yaml new file mode 100644 index 0000000000..67e3ad2d45 --- /dev/null +++ b/generic/secrets/gitleaks/freemius-secret-key.yaml @@ -0,0 +1,26 @@ +rules: +- id: freemius-secret-key + message: A gitleaks freemius-secret-key was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: ((?i)["']secret_key["']\s*=>\s*["'](sk_[\S]{29})["']) diff --git a/generic/secrets/gitleaks/freshbooks-access-token.yaml b/generic/secrets/gitleaks/freshbooks-access-token.yaml index c2abe89406..b48826a875 100644 --- a/generic/secrets/gitleaks/freshbooks-access-token.yaml +++ b/generic/secrets/gitleaks/freshbooks-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:freshbooks)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:freshbooks)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{64})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/gcp-api-key.yaml b/generic/secrets/gitleaks/gcp-api-key.yaml index 6ceb4d34d1..ee43711dda 100644 --- a/generic/secrets/gitleaks/gcp-api-key.yaml +++ b/generic/secrets/gitleaks/gcp-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(AIza[0-9A-Za-z\\-_]{35})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(AIza[\w-]{35})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/github-app-token.yaml b/generic/secrets/gitleaks/github-app-token.yaml index 269ba4b25a..a10c5b8147 100644 --- a/generic/secrets/gitleaks/github-app-token.yaml +++ b/generic/secrets/gitleaks/github-app-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (ghu|ghs)_[0-9a-zA-Z]{36} + - pattern-regex: ((?:ghu|ghs)_[0-9a-zA-Z]{36}) diff --git a/generic/secrets/gitleaks/github-fine-grained-pat.yaml b/generic/secrets/gitleaks/github-fine-grained-pat.yaml index a8557c8a48..0f9e1c1844 100644 --- a/generic/secrets/gitleaks/github-fine-grained-pat.yaml +++ b/generic/secrets/gitleaks/github-fine-grained-pat.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: github_pat_[0-9a-zA-Z_]{82} + - pattern-regex: (github_pat_\w{82}) diff --git a/generic/secrets/gitleaks/github-oauth.yaml b/generic/secrets/gitleaks/github-oauth.yaml index 0d9a0b10f7..8937240664 100644 --- a/generic/secrets/gitleaks/github-oauth.yaml +++ b/generic/secrets/gitleaks/github-oauth.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: gho_[0-9a-zA-Z]{36} + - pattern-regex: (gho_[0-9a-zA-Z]{36}) diff --git a/generic/secrets/gitleaks/github-pat.yaml b/generic/secrets/gitleaks/github-pat.yaml index c0468682a0..34eabfec47 100644 --- a/generic/secrets/gitleaks/github-pat.yaml +++ b/generic/secrets/gitleaks/github-pat.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: ghp_[0-9a-zA-Z]{36} + - pattern-regex: (ghp_[0-9a-zA-Z]{36}) diff --git a/generic/secrets/gitleaks/github-refresh-token.yaml b/generic/secrets/gitleaks/github-refresh-token.yaml index 4107387505..e5e79751cc 100644 --- a/generic/secrets/gitleaks/github-refresh-token.yaml +++ b/generic/secrets/gitleaks/github-refresh-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: ghr_[0-9a-zA-Z]{36} + - pattern-regex: (ghr_[0-9a-zA-Z]{36}) diff --git a/generic/secrets/gitleaks/gitlab-cicd-job-token.yaml b/generic/secrets/gitleaks/gitlab-cicd-job-token.yaml new file mode 100644 index 0000000000..e48885fa94 --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-cicd-job-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-cicd-job-token + message: A gitleaks gitlab-cicd-job-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (glcbt-[0-9a-zA-Z]{1,5}_[0-9a-zA-Z_-]{20}) diff --git a/generic/secrets/gitleaks/gitlab-deploy-token.yaml b/generic/secrets/gitleaks/gitlab-deploy-token.yaml new file mode 100644 index 0000000000..f6e2bc7bd1 --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-deploy-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-deploy-token + message: A gitleaks gitlab-deploy-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (gldt-[0-9a-zA-Z_\-]{20}) diff --git a/generic/secrets/gitleaks/gitlab-feature-flag-client-token.yaml b/generic/secrets/gitleaks/gitlab-feature-flag-client-token.yaml new file mode 100644 index 0000000000..042a096b10 --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-feature-flag-client-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-feature-flag-client-token + message: A gitleaks gitlab-feature-flag-client-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (glffct-[0-9a-zA-Z_\-]{20}) diff --git a/generic/secrets/gitleaks/gitlab-feed-token.yaml b/generic/secrets/gitleaks/gitlab-feed-token.yaml new file mode 100644 index 0000000000..2b35d0ba96 --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-feed-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-feed-token + message: A gitleaks gitlab-feed-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (glft-[0-9a-zA-Z_\-]{20}) diff --git a/generic/secrets/gitleaks/gitlab-incoming-mail-token.yaml b/generic/secrets/gitleaks/gitlab-incoming-mail-token.yaml new file mode 100644 index 0000000000..87ed533357 --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-incoming-mail-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-incoming-mail-token + message: A gitleaks gitlab-incoming-mail-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (glimt-[0-9a-zA-Z_\-]{25}) diff --git a/generic/secrets/gitleaks/gitlab-kubernetes-agent-token.yaml b/generic/secrets/gitleaks/gitlab-kubernetes-agent-token.yaml new file mode 100644 index 0000000000..1adbfe0bcd --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-kubernetes-agent-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-kubernetes-agent-token + message: A gitleaks gitlab-kubernetes-agent-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (glagent-[0-9a-zA-Z_\-]{50}) diff --git a/generic/secrets/gitleaks/gitlab-oauth-app-secret.yaml b/generic/secrets/gitleaks/gitlab-oauth-app-secret.yaml new file mode 100644 index 0000000000..a69fbe70cf --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-oauth-app-secret.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-oauth-app-secret + message: A gitleaks gitlab-oauth-app-secret was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (gloas-[0-9a-zA-Z_\-]{64}) diff --git a/generic/secrets/gitleaks/gitlab-pat-routable.yaml b/generic/secrets/gitleaks/gitlab-pat-routable.yaml new file mode 100644 index 0000000000..566967d964 --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-pat-routable.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-pat-routable + message: A gitleaks gitlab-pat-routable was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (\bglpat-[0-9a-zA-Z_-]{27,300}\.[0-9a-z]{2}[0-9a-z]{7}\b) diff --git a/generic/secrets/gitleaks/gitlab-pat.yaml b/generic/secrets/gitleaks/gitlab-pat.yaml index 351a2a38fe..d2df589034 100644 --- a/generic/secrets/gitleaks/gitlab-pat.yaml +++ b/generic/secrets/gitleaks/gitlab-pat.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: glpat-[0-9a-zA-Z\-\_]{20} + - pattern-regex: (glpat-[\w-]{20}) diff --git a/generic/secrets/gitleaks/gitlab-ptt.yaml b/generic/secrets/gitleaks/gitlab-ptt.yaml index d915829abe..69694983c7 100644 --- a/generic/secrets/gitleaks/gitlab-ptt.yaml +++ b/generic/secrets/gitleaks/gitlab-ptt.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: glptt-[0-9a-f]{40} + - pattern-regex: (glptt-[0-9a-f]{40}) diff --git a/generic/secrets/gitleaks/gitlab-rrt.yaml b/generic/secrets/gitleaks/gitlab-rrt.yaml index 846100ef4a..63dcc435eb 100644 --- a/generic/secrets/gitleaks/gitlab-rrt.yaml +++ b/generic/secrets/gitleaks/gitlab-rrt.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: GR1348941[0-9a-zA-Z\-\_]{20} + - pattern-regex: (GR1348941[\w-]{20}) diff --git a/generic/secrets/gitleaks/gitlab-runner-authentication-token.yaml b/generic/secrets/gitleaks/gitlab-runner-authentication-token.yaml new file mode 100644 index 0000000000..66db196b4e --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-runner-authentication-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-runner-authentication-token + message: A gitleaks gitlab-runner-authentication-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (glrt-[0-9a-zA-Z_\-]{20}) diff --git a/generic/secrets/gitleaks/gitlab-scim-token.yaml b/generic/secrets/gitleaks/gitlab-scim-token.yaml new file mode 100644 index 0000000000..cdc5d89c93 --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-scim-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-scim-token + message: A gitleaks gitlab-scim-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (glsoat-[0-9a-zA-Z_\-]{20}) diff --git a/generic/secrets/gitleaks/gitlab-session-cookie.yaml b/generic/secrets/gitleaks/gitlab-session-cookie.yaml new file mode 100644 index 0000000000..100b2e1958 --- /dev/null +++ b/generic/secrets/gitleaks/gitlab-session-cookie.yaml @@ -0,0 +1,26 @@ +rules: +- id: gitlab-session-cookie + message: A gitleaks gitlab-session-cookie was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (_gitlab_session=[0-9a-z]{32}) diff --git a/generic/secrets/gitleaks/gitter-access-token.yaml b/generic/secrets/gitleaks/gitter-access-token.yaml index 2cb158da4b..14a865aa53 100644 --- a/generic/secrets/gitleaks/gitter-access-token.yaml +++ b/generic/secrets/gitleaks/gitter-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:gitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:gitter)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9_-]{40})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/gocardless-api-token.yaml b/generic/secrets/gitleaks/gocardless-api-token.yaml index b0ed689af6..b2c6157b70 100644 --- a/generic/secrets/gitleaks/gocardless-api-token.yaml +++ b/generic/secrets/gitleaks/gocardless-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:gocardless)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(live_(?i)[a-z0-9\-_=]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:gocardless)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}(live_(?i)[a-z0-9\-_=]{40})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/grafana-api-key.yaml b/generic/secrets/gitleaks/grafana-api-key.yaml index fa9978b807..25467732f6 100644 --- a/generic/secrets/gitleaks/grafana-api-key.yaml +++ b/generic/secrets/gitleaks/grafana-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(eyJrIjoi[A-Za-z0-9]{70,400}={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)\b(eyJrIjoi[A-Za-z0-9]{70,400}={0,3})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/grafana-cloud-api-token.yaml b/generic/secrets/gitleaks/grafana-cloud-api-token.yaml index a34a991cb7..4df187e48f 100644 --- a/generic/secrets/gitleaks/grafana-cloud-api-token.yaml +++ b/generic/secrets/gitleaks/grafana-cloud-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(glc_[A-Za-z0-9+/]{32,400}={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)\b(glc_[A-Za-z0-9+/]{32,400}={0,3})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/grafana-service-account-token.yaml b/generic/secrets/gitleaks/grafana-service-account-token.yaml index 2b8440df0a..5c0b078b80 100644 --- a/generic/secrets/gitleaks/grafana-service-account-token.yaml +++ b/generic/secrets/gitleaks/grafana-service-account-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(glsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)\b(glsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/harness-api-key.yaml b/generic/secrets/gitleaks/harness-api-key.yaml index c668ea9573..c4931250d2 100644 --- a/generic/secrets/gitleaks/harness-api-key.yaml +++ b/generic/secrets/gitleaks/harness-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: ((?:pat|sat)\.[a-zA-Z0-9]{22}\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{20}) + - pattern-regex: ((?:pat|sat)\.[a-zA-Z0-9_-]{22}\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{20}) diff --git a/generic/secrets/gitleaks/hashicorp-tf-api-token.yaml b/generic/secrets/gitleaks/hashicorp-tf-api-token.yaml index 8e8e8b1e32..3fc094cc50 100644 --- a/generic/secrets/gitleaks/hashicorp-tf-api-token.yaml +++ b/generic/secrets/gitleaks/hashicorp-tf-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)[a-z0-9]{14}\.atlasv1\.[a-z0-9\-_=]{60,70} + - pattern-regex: ((?i)[a-z0-9]{14}\.(?-i:atlasv1)\.[a-z0-9\-_=]{60,70}) diff --git a/generic/secrets/gitleaks/hashicorp-tf-password.yaml b/generic/secrets/gitleaks/hashicorp-tf-password.yaml index 7eb7830803..3c787e9c70 100644 --- a/generic/secrets/gitleaks/hashicorp-tf-password.yaml +++ b/generic/secrets/gitleaks/hashicorp-tf-password.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:administrator_login_password|password)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}("[a-z0-9=_\-]{8,20}")(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:administrator_login_password|password)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}("[a-z0-9=_\-]{8,20}")(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/heroku-api-key.yaml b/generic/secrets/gitleaks/heroku-api-key.yaml index d56827e78b..99d64ebcf1 100644 --- a/generic/secrets/gitleaks/heroku-api-key.yaml +++ b/generic/secrets/gitleaks/heroku-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:heroku)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:heroku)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/hubspot-api-key.yaml b/generic/secrets/gitleaks/hubspot-api-key.yaml index f6e7d8ee93..3179a3ec57 100644 --- a/generic/secrets/gitleaks/hubspot-api-key.yaml +++ b/generic/secrets/gitleaks/hubspot-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:hubspot)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:hubspot)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/huggingface-access-token.yaml b/generic/secrets/gitleaks/huggingface-access-token.yaml index cf18c503b3..c9677eb1ca 100644 --- a/generic/secrets/gitleaks/huggingface-access-token.yaml +++ b/generic/secrets/gitleaks/huggingface-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?:^|[\\'"` >=:])(hf_[a-zA-Z]{34})(?:$|[\\'"` <]) + - pattern-regex: (\b(hf_(?i:[a-z]{34}))(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/huggingface-organization-api-token.yaml b/generic/secrets/gitleaks/huggingface-organization-api-token.yaml index f1d91d9073..fb6c320aa3 100644 --- a/generic/secrets/gitleaks/huggingface-organization-api-token.yaml +++ b/generic/secrets/gitleaks/huggingface-organization-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?:^|[\\'"` >=:\(,)])(api_org_[a-zA-Z]{34})(?:$|[\\'"` <\),]) + - pattern-regex: (\b(api_org_(?i:[a-z]{34}))(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/infracost-api-token.yaml b/generic/secrets/gitleaks/infracost-api-token.yaml index f5575d7734..03e1b88ff1 100644 --- a/generic/secrets/gitleaks/infracost-api-token.yaml +++ b/generic/secrets/gitleaks/infracost-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(ico-[a-zA-Z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(ico-[a-zA-Z0-9]{32})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/intercom-api-key.yaml b/generic/secrets/gitleaks/intercom-api-key.yaml index 3805cd60fe..1c1e88a106 100644 --- a/generic/secrets/gitleaks/intercom-api-key.yaml +++ b/generic/secrets/gitleaks/intercom-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:intercom)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{60})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:intercom)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9=_\-]{60})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/intra42-client-secret.yaml b/generic/secrets/gitleaks/intra42-client-secret.yaml index 08a2cc575d..9d2028a3ed 100644 --- a/generic/secrets/gitleaks/intra42-client-secret.yaml +++ b/generic/secrets/gitleaks/intra42-client-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(s-s4t2(?:ud|af)-[abcdef0123456789]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(s-s4t2(?:ud|af)-(?i)[abcdef0123456789]{64})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/jfrog-api-key.yaml b/generic/secrets/gitleaks/jfrog-api-key.yaml index 126c75fb0e..abdb5ccba5 100644 --- a/generic/secrets/gitleaks/jfrog-api-key.yaml +++ b/generic/secrets/gitleaks/jfrog-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:jfrog|artifactory|bintray|xray)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{73})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:jfrog|artifactory|bintray|xray)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{73})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/jfrog-identity-token.yaml b/generic/secrets/gitleaks/jfrog-identity-token.yaml index 6221dd82de..cc6e84a6f0 100644 --- a/generic/secrets/gitleaks/jfrog-identity-token.yaml +++ b/generic/secrets/gitleaks/jfrog-identity-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:jfrog|artifactory|bintray|xray)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:jfrog|artifactory|bintray|xray)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{64})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/jwt-base64.yaml b/generic/secrets/gitleaks/jwt-base64.yaml index 6dcfda8548..6da25430e4 100644 --- a/generic/secrets/gitleaks/jwt-base64.yaml +++ b/generic/secrets/gitleaks/jwt-base64.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: \bZXlK(?:(?PaGJHY2lPaU)|(?PaGNIVWlPaU)|(?PaGNIWWlPaU)|(?PaGRXUWlPaU)|(?PaU5qUWlP)|(?PamNtbDBJanBi)|(?PamRIa2lPaU)|(?PbGNHc2lPbn)|(?PbGJtTWlPaU)|(?PcWEzVWlPaU)|(?PcWQyc2lPb)|(?PcGMzTWlPaU)|(?PcGRpSTZJ)|(?PcmFXUWlP)|(?PclpYbGZiM0J6SWpwY)|(?PcmRIa2lPaUp)|(?PdWIyNWpaU0k2)|(?Pd01tTWlP)|(?Pd01uTWlPaU)|(?Pd2NIUWlPaU)|(?PemRXSWlPaU)|(?PemRuUWlP)|(?PMFlXY2lPaU)|(?PMGVYQWlPaUp)|(?PMWNtd2l)|(?PMWMyVWlPaUp)|(?PMlpYSWlPaU)|(?PMlpYSnphVzl1SWpv)|(?PNElqb2)|(?PNE5XTWlP)|(?PNE5YUWlPaU)|(?PNE5YUWpVekkxTmlJNkl)|(?PNE5YVWlPaU)|(?PNmFYQWlPaU))[a-zA-Z0-9\/\\_+\-\r\n]{40,}={0,2} + - pattern-regex: (\bZXlK(?:(?PaGJHY2lPaU)|(?PaGNIVWlPaU)|(?PaGNIWWlPaU)|(?PaGRXUWlPaU)|(?PaU5qUWlP)|(?PamNtbDBJanBi)|(?PamRIa2lPaU)|(?PbGNHc2lPbn)|(?PbGJtTWlPaU)|(?PcWEzVWlPaU)|(?PcWQyc2lPb)|(?PcGMzTWlPaU)|(?PcGRpSTZJ)|(?PcmFXUWlP)|(?PclpYbGZiM0J6SWpwY)|(?PcmRIa2lPaUp)|(?PdWIyNWpaU0k2)|(?Pd01tTWlP)|(?Pd01uTWlPaU)|(?Pd2NIUWlPaU)|(?PemRXSWlPaU)|(?PemRuUWlP)|(?PMFlXY2lPaU)|(?PMGVYQWlPaUp)|(?PMWNtd2l)|(?PMWMyVWlPaUp)|(?PMlpYSWlPaU)|(?PMlpYSnphVzl1SWpv)|(?PNElqb2)|(?PNE5XTWlP)|(?PNE5YUWlPaU)|(?PNE5YUWpVekkxTmlJNkl)|(?PNE5YVWlPaU)|(?PNmFYQWlPaU))[a-zA-Z0-9\/\\_+\-\r\n]{40,}={0,2}) diff --git a/generic/secrets/gitleaks/jwt.yaml b/generic/secrets/gitleaks/jwt.yaml index 24888adaef..30e4dfb1c2 100644 --- a/generic/secrets/gitleaks/jwt.yaml +++ b/generic/secrets/gitleaks/jwt.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: \b(ey[a-zA-Z0-9]{17,}\.ey[a-zA-Z0-9\/\\_-]{17,}\.(?:[a-zA-Z0-9\/\\_-]{10,}={0,2})?)(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(ey[a-zA-Z0-9]{17,}\.ey[a-zA-Z0-9\/\\_-]{17,}\.(?:[a-zA-Z0-9\/\\_-]{10,}={0,2})?)(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/kraken-access-token.yaml b/generic/secrets/gitleaks/kraken-access-token.yaml index 77747eac5e..71f8a99337 100644 --- a/generic/secrets/gitleaks/kraken-access-token.yaml +++ b/generic/secrets/gitleaks/kraken-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:kraken)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9\/=_\+\-]{80,90})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:kraken)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9\/=_\+\-]{80,90})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/kubernetes-secret-yaml.yaml b/generic/secrets/gitleaks/kubernetes-secret-yaml.yaml new file mode 100644 index 0000000000..7396e2fea3 --- /dev/null +++ b/generic/secrets/gitleaks/kubernetes-secret-yaml.yaml @@ -0,0 +1,26 @@ +rules: +- id: kubernetes-secret-yaml + message: A gitleaks kubernetes-secret-yaml was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: ((?i)(?:\bkind:[ \t]*["']?\bsecret\b["']?(?:.|\s){0,200}?\bdata:(?:.|\s){0,100}?\s+([\w.-]+:(?:[ \t]*(?:\||>[-+]?)\s+)?[ \t]*(?:["']?[a-z0-9+/]{10,}={0,3}["']?|\{\{[ \t\w"|$:=,.-]+}}|""|''))|\bdata:(?:.|\s){0,100}?\s+([\w.-]+:(?:[ \t]*(?:\||>[-+]?)\s+)?[ \t]*(?:["']?[a-z0-9+/]{10,}={0,3}["']?|\{\{[ \t\w"|$:=,.-]+}}|""|''))(?:.|\s){0,200}?\bkind:[ \t]*["']?\bsecret\b["']?)) diff --git a/generic/secrets/gitleaks/kucoin-access-token.yaml b/generic/secrets/gitleaks/kucoin-access-token.yaml index c7e37dc098..62feefe360 100644 --- a/generic/secrets/gitleaks/kucoin-access-token.yaml +++ b/generic/secrets/gitleaks/kucoin-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:kucoin)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:kucoin)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-f0-9]{24})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/kucoin-secret-key.yaml b/generic/secrets/gitleaks/kucoin-secret-key.yaml index e46fb38c7e..e1ff763a20 100644 --- a/generic/secrets/gitleaks/kucoin-secret-key.yaml +++ b/generic/secrets/gitleaks/kucoin-secret-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:kucoin)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:kucoin)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/launchdarkly-access-token.yaml b/generic/secrets/gitleaks/launchdarkly-access-token.yaml index 744aa245dc..5af200e466 100644 --- a/generic/secrets/gitleaks/launchdarkly-access-token.yaml +++ b/generic/secrets/gitleaks/launchdarkly-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:launchdarkly)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:launchdarkly)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9=_\-]{40})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/linear-api-key.yaml b/generic/secrets/gitleaks/linear-api-key.yaml index 073694c45f..000ada943b 100644 --- a/generic/secrets/gitleaks/linear-api-key.yaml +++ b/generic/secrets/gitleaks/linear-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: lin_api_(?i)[a-z0-9]{40} + - pattern-regex: (lin_api_(?i)[a-z0-9]{40}) diff --git a/generic/secrets/gitleaks/linear-client-secret.yaml b/generic/secrets/gitleaks/linear-client-secret.yaml index 1e81cd9250..e6094fc6b4 100644 --- a/generic/secrets/gitleaks/linear-client-secret.yaml +++ b/generic/secrets/gitleaks/linear-client-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:linear)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:linear)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-f0-9]{32})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/linkedin-client-id.yaml b/generic/secrets/gitleaks/linkedin-client-id.yaml index 5270d87799..18b0b15790 100644 --- a/generic/secrets/gitleaks/linkedin-client-id.yaml +++ b/generic/secrets/gitleaks/linkedin-client-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:linkedin|linked-in)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{14})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:linked[_-]?in)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{14})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/linkedin-client-secret.yaml b/generic/secrets/gitleaks/linkedin-client-secret.yaml index 629c0ff571..97b4b9f839 100644 --- a/generic/secrets/gitleaks/linkedin-client-secret.yaml +++ b/generic/secrets/gitleaks/linkedin-client-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:linkedin|linked-in)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:linked[_-]?in)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{16})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/lob-api-key.yaml b/generic/secrets/gitleaks/lob-api-key.yaml index 39433bd009..93baab3b37 100644 --- a/generic/secrets/gitleaks/lob-api-key.yaml +++ b/generic/secrets/gitleaks/lob-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:lob)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}((live|test)_[a-f0-9]{35})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:lob)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}((live|test)_[a-f0-9]{35})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/lob-pub-api-key.yaml b/generic/secrets/gitleaks/lob-pub-api-key.yaml index f29532b998..a878d82bf7 100644 --- a/generic/secrets/gitleaks/lob-pub-api-key.yaml +++ b/generic/secrets/gitleaks/lob-pub-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:lob)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}((test|live)_pub_[a-f0-9]{31})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:lob)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}((test|live)_pub_[a-f0-9]{31})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/mailchimp-api-key.yaml b/generic/secrets/gitleaks/mailchimp-api-key.yaml index 7f2bcc15d9..6392e6a43b 100644 --- a/generic/secrets/gitleaks/mailchimp-api-key.yaml +++ b/generic/secrets/gitleaks/mailchimp-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:MailchimpSDK.initialize|mailchimp)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32}-us\d\d)(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:MailchimpSDK.initialize|mailchimp)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-f0-9]{32}-us\d\d)(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/mailgun-private-api-token.yaml b/generic/secrets/gitleaks/mailgun-private-api-token.yaml index ed9906de66..00680e558a 100644 --- a/generic/secrets/gitleaks/mailgun-private-api-token.yaml +++ b/generic/secrets/gitleaks/mailgun-private-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:mailgun)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(key-[a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:mailgun)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}(key-[a-f0-9]{32})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/mailgun-pub-key.yaml b/generic/secrets/gitleaks/mailgun-pub-key.yaml index a887bbdf09..e4435c5683 100644 --- a/generic/secrets/gitleaks/mailgun-pub-key.yaml +++ b/generic/secrets/gitleaks/mailgun-pub-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:mailgun)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(pubkey-[a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:mailgun)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}(pubkey-[a-f0-9]{32})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/mailgun-signing-key.yaml b/generic/secrets/gitleaks/mailgun-signing-key.yaml index a5731a6ca5..97ea3c3e12 100644 --- a/generic/secrets/gitleaks/mailgun-signing-key.yaml +++ b/generic/secrets/gitleaks/mailgun-signing-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:mailgun)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:mailgun)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/mapbox-api-token.yaml b/generic/secrets/gitleaks/mapbox-api-token.yaml index 74a4c1c21c..d69d665444 100644 --- a/generic/secrets/gitleaks/mapbox-api-token.yaml +++ b/generic/secrets/gitleaks/mapbox-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:mapbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(pk\.[a-z0-9]{60}\.[a-z0-9]{22})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:mapbox)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}(pk\.[a-z0-9]{60}\.[a-z0-9]{22})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/mattermost-access-token.yaml b/generic/secrets/gitleaks/mattermost-access-token.yaml index b87cc0e61d..5497ea5fa2 100644 --- a/generic/secrets/gitleaks/mattermost-access-token.yaml +++ b/generic/secrets/gitleaks/mattermost-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:mattermost)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{26})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:mattermost)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{26})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/messagebird-api-token.yaml b/generic/secrets/gitleaks/messagebird-api-token.yaml index 24da45e942..8f18b3511b 100644 --- a/generic/secrets/gitleaks/messagebird-api-token.yaml +++ b/generic/secrets/gitleaks/messagebird-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:messagebird|message-bird|message_bird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{25})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:message[_-]?bird)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{25})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/messagebird-client-id.yaml b/generic/secrets/gitleaks/messagebird-client-id.yaml index 8260ab4b02..2cd4053558 100644 --- a/generic/secrets/gitleaks/messagebird-client-id.yaml +++ b/generic/secrets/gitleaks/messagebird-client-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:messagebird|message-bird|message_bird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:message[_-]?bird)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/microsoft-teams-webhook.yaml b/generic/secrets/gitleaks/microsoft-teams-webhook.yaml index 1a4ec87327..83ea47088c 100644 --- a/generic/secrets/gitleaks/microsoft-teams-webhook.yaml +++ b/generic/secrets/gitleaks/microsoft-teams-webhook.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: https:\/\/[a-z0-9]+\.webhook\.office\.com\/webhookb2\/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}@[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}\/IncomingWebhook\/[a-z0-9]{32}\/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12} + - pattern-regex: (https://[a-z0-9]+\.webhook\.office\.com/webhookb2/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}@[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}/IncomingWebhook/[a-z0-9]{32}/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}) diff --git a/generic/secrets/gitleaks/netlify-access-token.yaml b/generic/secrets/gitleaks/netlify-access-token.yaml index b6014f3a8e..dd28556458 100644 --- a/generic/secrets/gitleaks/netlify-access-token.yaml +++ b/generic/secrets/gitleaks/netlify-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:netlify)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{40,46})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:netlify)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9=_\-]{40,46})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/new-relic-browser-api-token.yaml b/generic/secrets/gitleaks/new-relic-browser-api-token.yaml index 909e5a9ac2..057f268d77 100644 --- a/generic/secrets/gitleaks/new-relic-browser-api-token.yaml +++ b/generic/secrets/gitleaks/new-relic-browser-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(NRJS-[a-f0-9]{19})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:new-relic|newrelic|new_relic)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}(NRJS-[a-f0-9]{19})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/new-relic-insert-key.yaml b/generic/secrets/gitleaks/new-relic-insert-key.yaml index 42f411f528..5c5b0445a4 100644 --- a/generic/secrets/gitleaks/new-relic-insert-key.yaml +++ b/generic/secrets/gitleaks/new-relic-insert-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(NRII-[a-z0-9-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:new-relic|newrelic|new_relic)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}(NRII-[a-z0-9-]{32})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/new-relic-user-api-id.yaml b/generic/secrets/gitleaks/new-relic-user-api-id.yaml index f491b7cdec..a0ab388626 100644 --- a/generic/secrets/gitleaks/new-relic-user-api-id.yaml +++ b/generic/secrets/gitleaks/new-relic-user-api-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:new-relic|newrelic|new_relic)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{64})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/new-relic-user-api-key.yaml b/generic/secrets/gitleaks/new-relic-user-api-key.yaml index ff785e97dd..5e8b95d70e 100644 --- a/generic/secrets/gitleaks/new-relic-user-api-key.yaml +++ b/generic/secrets/gitleaks/new-relic-user-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(NRAK-[a-z0-9]{27})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:new-relic|newrelic|new_relic)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}(NRAK-[a-z0-9]{27})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/npm-access-token.yaml b/generic/secrets/gitleaks/npm-access-token.yaml index a26874a970..eed1842220 100644 --- a/generic/secrets/gitleaks/npm-access-token.yaml +++ b/generic/secrets/gitleaks/npm-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(npm_[a-z0-9]{36})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)\b(npm_[a-z0-9]{36})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/nuget-config-password.yaml b/generic/secrets/gitleaks/nuget-config-password.yaml new file mode 100644 index 0000000000..83c2e4bd96 --- /dev/null +++ b/generic/secrets/gitleaks/nuget-config-password.yaml @@ -0,0 +1,26 @@ +rules: +- id: nuget-config-password + message: A gitleaks nuget-config-password was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: ((?i)) diff --git a/generic/secrets/gitleaks/nytimes-access-token.yaml b/generic/secrets/gitleaks/nytimes-access-token.yaml index 72ec958b6a..2ffa6bf443 100644 --- a/generic/secrets/gitleaks/nytimes-access-token.yaml +++ b/generic/secrets/gitleaks/nytimes-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:nytimes|new-york-times,|newyorktimes)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:nytimes|new-york-times,|newyorktimes)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9=_\-]{32})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/octopus-deploy-api-key.yaml b/generic/secrets/gitleaks/octopus-deploy-api-key.yaml new file mode 100644 index 0000000000..53ddae8664 --- /dev/null +++ b/generic/secrets/gitleaks/octopus-deploy-api-key.yaml @@ -0,0 +1,26 @@ +rules: +- id: octopus-deploy-api-key + message: A gitleaks octopus-deploy-api-key was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (\b(API-[A-Z0-9]{26})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/okta-access-token.yaml b/generic/secrets/gitleaks/okta-access-token.yaml index c15e82cab9..a82bc221b6 100644 --- a/generic/secrets/gitleaks/okta-access-token.yaml +++ b/generic/secrets/gitleaks/okta-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:okta)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{42})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ([\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:(?-i:[Oo]kta|OKTA))(?:[ \t\w.-]{0,20})[\s'"|]{0,3})(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}(00[\w=\-]{40})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/openai-api-key.yaml b/generic/secrets/gitleaks/openai-api-key.yaml index 605e39458a..25fe4d24d5 100644 --- a/generic/secrets/gitleaks/openai-api-key.yaml +++ b/generic/secrets/gitleaks/openai-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(sk-[a-zA-Z0-9]{20}T3BlbkFJ[a-zA-Z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(sk-[a-zA-Z0-9]{20}T3BlbkFJ[a-zA-Z0-9]{20})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/openshift-user-token.yaml b/generic/secrets/gitleaks/openshift-user-token.yaml new file mode 100644 index 0000000000..728a57affe --- /dev/null +++ b/generic/secrets/gitleaks/openshift-user-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: openshift-user-token + message: A gitleaks openshift-user-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (\b(sha256~[\w-]{43})(?:[^\w-]|\z)) diff --git a/generic/secrets/gitleaks/plaid-api-token.yaml b/generic/secrets/gitleaks/plaid-api-token.yaml index f32ed3c1fd..fbda5dc2a9 100644 --- a/generic/secrets/gitleaks/plaid-api-token.yaml +++ b/generic/secrets/gitleaks/plaid-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:plaid)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(access-(?:sandbox|development|production)-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:plaid)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}(access-(?:sandbox|development|production)-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/plaid-client-id.yaml b/generic/secrets/gitleaks/plaid-client-id.yaml index 2c5e88b588..21d5473058 100644 --- a/generic/secrets/gitleaks/plaid-client-id.yaml +++ b/generic/secrets/gitleaks/plaid-client-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:plaid)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:plaid)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{24})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/plaid-secret-key.yaml b/generic/secrets/gitleaks/plaid-secret-key.yaml index 20e10e6c7a..1d2c178dd3 100644 --- a/generic/secrets/gitleaks/plaid-secret-key.yaml +++ b/generic/secrets/gitleaks/plaid-secret-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:plaid)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:plaid)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{30})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/planetscale-api-token.yaml b/generic/secrets/gitleaks/planetscale-api-token.yaml index c7a497c326..ad8a3f5bad 100644 --- a/generic/secrets/gitleaks/planetscale-api-token.yaml +++ b/generic/secrets/gitleaks/planetscale-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(pscale_tkn_(?i)[a-z0-9=\-_\.]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(pscale_tkn_(?i)[\w=\.-]{32,64})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/planetscale-oauth-token.yaml b/generic/secrets/gitleaks/planetscale-oauth-token.yaml index 138da665bf..13f05857c5 100644 --- a/generic/secrets/gitleaks/planetscale-oauth-token.yaml +++ b/generic/secrets/gitleaks/planetscale-oauth-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(pscale_oauth_(?i)[a-z0-9=\-_\.]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(pscale_oauth_[\w=\.-]{32,64})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/planetscale-password.yaml b/generic/secrets/gitleaks/planetscale-password.yaml index a3413e1274..aa49586ae0 100644 --- a/generic/secrets/gitleaks/planetscale-password.yaml +++ b/generic/secrets/gitleaks/planetscale-password.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(pscale_pw_(?i)[a-z0-9=\-_\.]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)\b(pscale_pw_(?i)[\w=\.-]{32,64})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/postman-api-token.yaml b/generic/secrets/gitleaks/postman-api-token.yaml index 0cf776d1b1..0dcf257ff9 100644 --- a/generic/secrets/gitleaks/postman-api-token.yaml +++ b/generic/secrets/gitleaks/postman-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(PMAK-(?i)[a-f0-9]{24}\-[a-f0-9]{34})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(PMAK-(?i)[a-f0-9]{24}\-[a-f0-9]{34})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/prefect-api-token.yaml b/generic/secrets/gitleaks/prefect-api-token.yaml index 22406a07e5..83ff8d4649 100644 --- a/generic/secrets/gitleaks/prefect-api-token.yaml +++ b/generic/secrets/gitleaks/prefect-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(pnu_[a-z0-9]{36})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(pnu_[a-zA-Z0-9]{36})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/private-key.yaml b/generic/secrets/gitleaks/private-key.yaml index 13e8f3fef4..b18ef43af9 100644 --- a/generic/secrets/gitleaks/private-key.yaml +++ b/generic/secrets/gitleaks/private-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY( BLOCK)?-----[\s\S-]*KEY( BLOCK)?---- + - pattern-regex: ((?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY(?: BLOCK)?-----[\s\S-]*?KEY(?: BLOCK)?-----) diff --git a/generic/secrets/gitleaks/privateai-api-token.yaml b/generic/secrets/gitleaks/privateai-api-token.yaml new file mode 100644 index 0000000000..d882038299 --- /dev/null +++ b/generic/secrets/gitleaks/privateai-api-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: privateai-api-token + message: A gitleaks privateai-api-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: ([\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:private[_-]?ai)(?:[ \t\w.-]{0,20})[\s'"|]{0,3})(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{32})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/pulumi-api-token.yaml b/generic/secrets/gitleaks/pulumi-api-token.yaml index 9ea594625d..7f30243a99 100644 --- a/generic/secrets/gitleaks/pulumi-api-token.yaml +++ b/generic/secrets/gitleaks/pulumi-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(pul-[a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(pul-[a-f0-9]{40})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/pypi-upload-token.yaml b/generic/secrets/gitleaks/pypi-upload-token.yaml index 00e4539480..11c16a0be0 100644 --- a/generic/secrets/gitleaks/pypi-upload-token.yaml +++ b/generic/secrets/gitleaks/pypi-upload-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000} + - pattern-regex: (pypi-AgEIcHlwaS5vcmc[\w-]{50,1000}) diff --git a/generic/secrets/gitleaks/rapidapi-access-token.yaml b/generic/secrets/gitleaks/rapidapi-access-token.yaml index f461216a3c..b99d6702f3 100644 --- a/generic/secrets/gitleaks/rapidapi-access-token.yaml +++ b/generic/secrets/gitleaks/rapidapi-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:rapidapi)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{50})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:rapidapi)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9_-]{50})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/readme-api-token.yaml b/generic/secrets/gitleaks/readme-api-token.yaml index 8007e54677..35d51dac0a 100644 --- a/generic/secrets/gitleaks/readme-api-token.yaml +++ b/generic/secrets/gitleaks/readme-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(rdme_[a-z0-9]{70})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(rdme_[a-z0-9]{70})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/rubygems-api-token.yaml b/generic/secrets/gitleaks/rubygems-api-token.yaml index 1ab20eb895..62b3006d4f 100644 --- a/generic/secrets/gitleaks/rubygems-api-token.yaml +++ b/generic/secrets/gitleaks/rubygems-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(rubygems_[a-f0-9]{48})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(rubygems_[a-f0-9]{48})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/scalingo-api-token.yaml b/generic/secrets/gitleaks/scalingo-api-token.yaml index c55fccb82a..f29fbbe75c 100644 --- a/generic/secrets/gitleaks/scalingo-api-token.yaml +++ b/generic/secrets/gitleaks/scalingo-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: \b(tk-us-[a-zA-Z0-9-_]{48})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(tk-us-[\w-]{48})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/sendbird-access-id.yaml b/generic/secrets/gitleaks/sendbird-access-id.yaml index 4b51ef976c..f207516d7c 100644 --- a/generic/secrets/gitleaks/sendbird-access-id.yaml +++ b/generic/secrets/gitleaks/sendbird-access-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:sendbird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:sendbird)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/sendbird-access-token.yaml b/generic/secrets/gitleaks/sendbird-access-token.yaml index 7a31e817a4..5d550b16cc 100644 --- a/generic/secrets/gitleaks/sendbird-access-token.yaml +++ b/generic/secrets/gitleaks/sendbird-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:sendbird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:sendbird)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-f0-9]{40})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/sendgrid-api-token.yaml b/generic/secrets/gitleaks/sendgrid-api-token.yaml index 6180651e89..8fdc43dcfd 100644 --- a/generic/secrets/gitleaks/sendgrid-api-token.yaml +++ b/generic/secrets/gitleaks/sendgrid-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(SG\.(?i)[a-z0-9=_\-\.]{66})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(SG\.(?i)[a-z0-9=_\-\.]{66})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/sendinblue-api-token.yaml b/generic/secrets/gitleaks/sendinblue-api-token.yaml index 31647cc7de..7ab3596045 100644 --- a/generic/secrets/gitleaks/sendinblue-api-token.yaml +++ b/generic/secrets/gitleaks/sendinblue-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(xkeysib-[a-f0-9]{64}\-(?i)[a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(xkeysib-[a-f0-9]{64}\-(?i)[a-z0-9]{16})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/sentry-access-token.yaml b/generic/secrets/gitleaks/sentry-access-token.yaml index 52845ac6b5..11a9ad4ce5 100644 --- a/generic/secrets/gitleaks/sentry-access-token.yaml +++ b/generic/secrets/gitleaks/sentry-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:sentry)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:sentry)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-f0-9]{64})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/sentry-org-token.yaml b/generic/secrets/gitleaks/sentry-org-token.yaml new file mode 100644 index 0000000000..ae29263411 --- /dev/null +++ b/generic/secrets/gitleaks/sentry-org-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: sentry-org-token + message: A gitleaks sentry-org-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (\bsntrys_eyJpYXQiO[a-zA-Z0-9+/]{10,200}(?:LCJyZWdpb25fdXJs|InJlZ2lvbl91cmwi|cmVnaW9uX3VybCI6)[a-zA-Z0-9+/]{10,200}={0,2}_[a-zA-Z0-9+/]{43}\b) diff --git a/generic/secrets/gitleaks/sentry-user-token.yaml b/generic/secrets/gitleaks/sentry-user-token.yaml new file mode 100644 index 0000000000..63171d0424 --- /dev/null +++ b/generic/secrets/gitleaks/sentry-user-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: sentry-user-token + message: A gitleaks sentry-user-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (\b(sntryu_[a-f0-9]{64})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/settlemint-application-access-token.yaml b/generic/secrets/gitleaks/settlemint-application-access-token.yaml new file mode 100644 index 0000000000..a4c75aa722 --- /dev/null +++ b/generic/secrets/gitleaks/settlemint-application-access-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: settlemint-application-access-token + message: A gitleaks settlemint-application-access-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (\b(sm_aat_[a-zA-Z0-9]{16})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/settlemint-personal-access-token.yaml b/generic/secrets/gitleaks/settlemint-personal-access-token.yaml new file mode 100644 index 0000000000..5fcb3c202d --- /dev/null +++ b/generic/secrets/gitleaks/settlemint-personal-access-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: settlemint-personal-access-token + message: A gitleaks settlemint-personal-access-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (\b(sm_pat_[a-zA-Z0-9]{16})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/settlemint-service-access-token.yaml b/generic/secrets/gitleaks/settlemint-service-access-token.yaml new file mode 100644 index 0000000000..39d6734cce --- /dev/null +++ b/generic/secrets/gitleaks/settlemint-service-access-token.yaml @@ -0,0 +1,26 @@ +rules: +- id: settlemint-service-access-token + message: A gitleaks settlemint-service-access-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). + languages: + - regex + severity: INFO + metadata: + likelihood: LOW + impact: MEDIUM + confidence: LOW + category: security + cwe: + - "CWE-798: Use of Hard-coded Credentials" + cwe2021-top25: true + cwe2022-top25: true + owasp: + - A07:2021 - Identification and Authentication Failures + references: + - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html + source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules + subcategory: + - vuln + technology: + - gitleaks + patterns: + - pattern-regex: (\b(sm_sat_[a-zA-Z0-9]{16})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/shippo-api-token.yaml b/generic/secrets/gitleaks/shippo-api-token.yaml index 90aacf14ea..13869d9295 100644 --- a/generic/secrets/gitleaks/shippo-api-token.yaml +++ b/generic/secrets/gitleaks/shippo-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(shippo_(live|test)_[a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(shippo_(?:live|test)_[a-fA-F0-9]{40})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/shopify-access-token.yaml b/generic/secrets/gitleaks/shopify-access-token.yaml index d2ef929206..72bad37069 100644 --- a/generic/secrets/gitleaks/shopify-access-token.yaml +++ b/generic/secrets/gitleaks/shopify-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: shpat_[a-fA-F0-9]{32} + - pattern-regex: (shpat_[a-fA-F0-9]{32}) diff --git a/generic/secrets/gitleaks/shopify-custom-access-token.yaml b/generic/secrets/gitleaks/shopify-custom-access-token.yaml index 3023a7e618..b06ac60e37 100644 --- a/generic/secrets/gitleaks/shopify-custom-access-token.yaml +++ b/generic/secrets/gitleaks/shopify-custom-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: shpca_[a-fA-F0-9]{32} + - pattern-regex: (shpca_[a-fA-F0-9]{32}) diff --git a/generic/secrets/gitleaks/shopify-private-app-access-token.yaml b/generic/secrets/gitleaks/shopify-private-app-access-token.yaml index d455bd6879..5e7100b297 100644 --- a/generic/secrets/gitleaks/shopify-private-app-access-token.yaml +++ b/generic/secrets/gitleaks/shopify-private-app-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: shppa_[a-fA-F0-9]{32} + - pattern-regex: (shppa_[a-fA-F0-9]{32}) diff --git a/generic/secrets/gitleaks/shopify-shared-secret.yaml b/generic/secrets/gitleaks/shopify-shared-secret.yaml index 3517d46adf..fa468b18ef 100644 --- a/generic/secrets/gitleaks/shopify-shared-secret.yaml +++ b/generic/secrets/gitleaks/shopify-shared-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: shpss_[a-fA-F0-9]{32} + - pattern-regex: (shpss_[a-fA-F0-9]{32}) diff --git a/generic/secrets/gitleaks/sidekiq-secret.yaml b/generic/secrets/gitleaks/sidekiq-secret.yaml index 718177f2c3..e3d47952f4 100644 --- a/generic/secrets/gitleaks/sidekiq-secret.yaml +++ b/generic/secrets/gitleaks/sidekiq-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:BUNDLE_ENTERPRISE__CONTRIBSYS__COM|BUNDLE_GEMS__CONTRIBSYS__COM)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{8}:[a-f0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:BUNDLE_ENTERPRISE__CONTRIBSYS__COM|BUNDLE_GEMS__CONTRIBSYS__COM)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-f0-9]{8}:[a-f0-9]{8})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/sidekiq-sensitive-url.yaml b/generic/secrets/gitleaks/sidekiq-sensitive-url.yaml index 72d9b8d4e5..c362fee4d6 100644 --- a/generic/secrets/gitleaks/sidekiq-sensitive-url.yaml +++ b/generic/secrets/gitleaks/sidekiq-sensitive-url.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(http(?:s??):\/\/)([a-f0-9]{8}:[a-f0-9]{8})@(?:gems.contribsys.com|enterprise.contribsys.com)(?:[\/|\#|\?|:]|$) + - pattern-regex: ((?i)\bhttps?://([a-f0-9]{8}:[a-f0-9]{8})@(?:gems.contribsys.com|enterprise.contribsys.com)(?:[\/|\#|\?|:]|$)) diff --git a/generic/secrets/gitleaks/slack-app-token.yaml b/generic/secrets/gitleaks/slack-app-token.yaml index 51c5c8c0b8..b7e0a76b2b 100644 --- a/generic/secrets/gitleaks/slack-app-token.yaml +++ b/generic/secrets/gitleaks/slack-app-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(xapp-\d-[A-Z0-9]+-\d+-[a-z0-9]+) + - pattern-regex: ((?i)xapp-\d-[A-Z0-9]+-\d+-[a-z0-9]+) diff --git a/generic/secrets/gitleaks/slack-bot-token.yaml b/generic/secrets/gitleaks/slack-bot-token.yaml index 378efda059..d4a75624bf 100644 --- a/generic/secrets/gitleaks/slack-bot-token.yaml +++ b/generic/secrets/gitleaks/slack-bot-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (xoxb-[0-9]{10,13}\-[0-9]{10,13}[a-zA-Z0-9-]*) + - pattern-regex: (xoxb-[0-9]{10,13}-[0-9]{10,13}[a-zA-Z0-9-]*) diff --git a/generic/secrets/gitleaks/slack-config-access-token.yaml b/generic/secrets/gitleaks/slack-config-access-token.yaml index 3d51c7269d..006616b9a3 100644 --- a/generic/secrets/gitleaks/slack-config-access-token.yaml +++ b/generic/secrets/gitleaks/slack-config-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(xoxe.xox[bp]-\d-[A-Z0-9]{163,166}) + - pattern-regex: ((?i)xoxe.xox[bp]-\d-[A-Z0-9]{163,166}) diff --git a/generic/secrets/gitleaks/slack-config-refresh-token.yaml b/generic/secrets/gitleaks/slack-config-refresh-token.yaml index f76799ee1e..b6c368e758 100644 --- a/generic/secrets/gitleaks/slack-config-refresh-token.yaml +++ b/generic/secrets/gitleaks/slack-config-refresh-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(xoxe-\d-[A-Z0-9]{146}) + - pattern-regex: ((?i)xoxe-\d-[A-Z0-9]{146}) diff --git a/generic/secrets/gitleaks/slack-legacy-bot-token.yaml b/generic/secrets/gitleaks/slack-legacy-bot-token.yaml index 262968f2cf..3ace99f69d 100644 --- a/generic/secrets/gitleaks/slack-legacy-bot-token.yaml +++ b/generic/secrets/gitleaks/slack-legacy-bot-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (xoxb-[0-9]{8,14}\-[a-zA-Z0-9]{18,26}) + - pattern-regex: (xoxb-[0-9]{8,14}-[a-zA-Z0-9]{18,26}) diff --git a/generic/secrets/gitleaks/slack-webhook-url.yaml b/generic/secrets/gitleaks/slack-webhook-url.yaml index a663b4270d..9dbe6c72df 100644 --- a/generic/secrets/gitleaks/slack-webhook-url.yaml +++ b/generic/secrets/gitleaks/slack-webhook-url.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (https?:\/\/)?hooks.slack.com\/(services|workflows)\/[A-Za-z0-9+\/]{43,46} + - pattern-regex: ((?:https?://)?hooks.slack.com/(?:services|workflows)/[A-Za-z0-9+/]{43,46}) diff --git a/generic/secrets/gitleaks/snyk-api-token.yaml b/generic/secrets/gitleaks/snyk-api-token.yaml index 71bb2e3fce..ed43ba967c 100644 --- a/generic/secrets/gitleaks/snyk-api-token.yaml +++ b/generic/secrets/gitleaks/snyk-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:snyk_token|snyk_key|snyk_api_token|snyk_api_key|snyk_oauth_token)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:snyk[_.-]?(?:(?:api|oauth)[_.-]?)?(?:key|token))(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/square-access-token.yaml b/generic/secrets/gitleaks/square-access-token.yaml index b5d503e5df..8e08f5694a 100644 --- a/generic/secrets/gitleaks/square-access-token.yaml +++ b/generic/secrets/gitleaks/square-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b((EAAA|sq0atp-)[0-9A-Za-z\-_]{22,60})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b((?:EAAA|sq0atp-)[\w-]{22,60})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/squarespace-access-token.yaml b/generic/secrets/gitleaks/squarespace-access-token.yaml index 93af76cc90..13224214d9 100644 --- a/generic/secrets/gitleaks/squarespace-access-token.yaml +++ b/generic/secrets/gitleaks/squarespace-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:squarespace)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:squarespace)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/stripe-access-token.yaml b/generic/secrets/gitleaks/stripe-access-token.yaml index 484c7a8093..dfac4a3581 100644 --- a/generic/secrets/gitleaks/stripe-access-token.yaml +++ b/generic/secrets/gitleaks/stripe-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b((sk|rk)_(test|live|prod)_[0-9a-z]{10,99})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b((?:sk|rk)_(?:test|live|prod)_[a-zA-Z0-9]{10,99})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/sumologic-access-id.yaml b/generic/secrets/gitleaks/sumologic-access-id.yaml index 2a21633e6e..cb4c9eceaf 100644 --- a/generic/secrets/gitleaks/sumologic-access-id.yaml +++ b/generic/secrets/gitleaks/sumologic-access-id.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i:(?:sumo)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3})(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(su[a-zA-Z0-9]{12})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ([\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:(?-i:[Ss]umo|SUMO))(?:[ \t\w.-]{0,20})[\s'"|]{0,3})(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}(su[a-zA-Z0-9]{12})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/sumologic-access-token.yaml b/generic/secrets/gitleaks/sumologic-access-token.yaml index 2413409487..e0f842e2b1 100644 --- a/generic/secrets/gitleaks/sumologic-access-token.yaml +++ b/generic/secrets/gitleaks/sumologic-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:sumo)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:(?-i:[Ss]umo|SUMO))(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{64})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/telegram-bot-api-token.yaml b/generic/secrets/gitleaks/telegram-bot-api-token.yaml index a9edae9d57..3374588e61 100644 --- a/generic/secrets/gitleaks/telegram-bot-api-token.yaml +++ b/generic/secrets/gitleaks/telegram-bot-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i:(?:telegr)(?:[0-9a-z\(-_\t .\\]{0,40})(?:[\s|']|[\s|"]){0,3})(?:=|\|\|:|<=|=>|:|\?=|\()(?:'|\"|\s|=|\x60){0,5}([0-9]{5,16}:A[a-z0-9_\-]{34})(?:['|\"|\n|\r|\s|\x60|;|\\]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:telegr)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([0-9]{5,16}:(?-i:A)[a-z0-9_\-]{34})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/travisci-access-token.yaml b/generic/secrets/gitleaks/travisci-access-token.yaml index fa4baab6cc..3713de7cc6 100644 --- a/generic/secrets/gitleaks/travisci-access-token.yaml +++ b/generic/secrets/gitleaks/travisci-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:travis)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{22})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:travis)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{22})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/twilio-api-key.yaml b/generic/secrets/gitleaks/twilio-api-key.yaml index 582846897f..2ded3721dd 100644 --- a/generic/secrets/gitleaks/twilio-api-key.yaml +++ b/generic/secrets/gitleaks/twilio-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: SK[0-9a-fA-F]{32} + - pattern-regex: (SK[0-9a-fA-F]{32}) diff --git a/generic/secrets/gitleaks/twitch-api-token.yaml b/generic/secrets/gitleaks/twitch-api-token.yaml index 5e82d0a25f..e8b922899e 100644 --- a/generic/secrets/gitleaks/twitch-api-token.yaml +++ b/generic/secrets/gitleaks/twitch-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:twitch)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:twitch)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{30})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/twitter-access-secret.yaml b/generic/secrets/gitleaks/twitter-access-secret.yaml index 3d938b6beb..21c4007169 100644 --- a/generic/secrets/gitleaks/twitter-access-secret.yaml +++ b/generic/secrets/gitleaks/twitter-access-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{45})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:twitter)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{45})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/twitter-access-token.yaml b/generic/secrets/gitleaks/twitter-access-token.yaml index 957e82c248..6fcf922af5 100644 --- a/generic/secrets/gitleaks/twitter-access-token.yaml +++ b/generic/secrets/gitleaks/twitter-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{15,25}-[a-zA-Z0-9]{20,40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:twitter)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([0-9]{15,25}-[a-zA-Z0-9]{20,40})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/twitter-api-key.yaml b/generic/secrets/gitleaks/twitter-api-key.yaml index be0e9f5a0c..69da2fb547 100644 --- a/generic/secrets/gitleaks/twitter-api-key.yaml +++ b/generic/secrets/gitleaks/twitter-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{25})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:twitter)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{25})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/twitter-api-secret.yaml b/generic/secrets/gitleaks/twitter-api-secret.yaml index 1233af70d4..e94669d731 100644 --- a/generic/secrets/gitleaks/twitter-api-secret.yaml +++ b/generic/secrets/gitleaks/twitter-api-secret.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{50})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:twitter)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{50})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/twitter-bearer-token.yaml b/generic/secrets/gitleaks/twitter-bearer-token.yaml index 015a8efa94..654bcb5f8f 100644 --- a/generic/secrets/gitleaks/twitter-bearer-token.yaml +++ b/generic/secrets/gitleaks/twitter-bearer-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(A{22}[a-zA-Z0-9%]{80,100})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:twitter)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}(A{22}[a-zA-Z0-9%]{80,100})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/typeform-api-token.yaml b/generic/secrets/gitleaks/typeform-api-token.yaml index d90efbf17e..1a49b4dfbc 100644 --- a/generic/secrets/gitleaks/typeform-api-token.yaml +++ b/generic/secrets/gitleaks/typeform-api-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:typeform)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(tfp_[a-z0-9\-_\.=]{59})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:typeform)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}(tfp_[a-z0-9\-_\.=]{59})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/vault-batch-token.yaml b/generic/secrets/gitleaks/vault-batch-token.yaml index 5ab63bf906..44cb52ef26 100644 --- a/generic/secrets/gitleaks/vault-batch-token.yaml +++ b/generic/secrets/gitleaks/vault-batch-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(hvb\.[a-z0-9_-]{138,212})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b(hvb\.[\w-]{138,300})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/vault-service-token.yaml b/generic/secrets/gitleaks/vault-service-token.yaml index 87e757131c..e3067d8812 100644 --- a/generic/secrets/gitleaks/vault-service-token.yaml +++ b/generic/secrets/gitleaks/vault-service-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)\b(hvs\.[a-z0-9_-]{90,100})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: (\b((?:hvs\.[\w-]{90,120}|s\.(?i:[a-z0-9]{24})))(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/yandex-access-token.yaml b/generic/secrets/gitleaks/yandex-access-token.yaml index e004bb9231..0529d5e84f 100644 --- a/generic/secrets/gitleaks/yandex-access-token.yaml +++ b/generic/secrets/gitleaks/yandex-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:yandex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(t1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:yandex)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}(t1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/yandex-api-key.yaml b/generic/secrets/gitleaks/yandex-api-key.yaml index 7998737c47..7762245fb4 100644 --- a/generic/secrets/gitleaks/yandex-api-key.yaml +++ b/generic/secrets/gitleaks/yandex-api-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:yandex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(AQVN[A-Za-z0-9_\-]{35,38})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:yandex)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}(AQVN[A-Za-z0-9_\-]{35,38})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/yandex-aws-access-token.yaml b/generic/secrets/gitleaks/yandex-aws-access-token.yaml index f0e160e2ac..531c1842fd 100644 --- a/generic/secrets/gitleaks/yandex-aws-access-token.yaml +++ b/generic/secrets/gitleaks/yandex-aws-access-token.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:yandex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(YC[a-zA-Z0-9_\-]{38})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:yandex)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}(YC[a-zA-Z0-9_\-]{38})(?:[`'"\s;]|$)) diff --git a/generic/secrets/gitleaks/zendesk-secret-key.yaml b/generic/secrets/gitleaks/zendesk-secret-key.yaml index 9e2f3440ce..199b2fa31a 100644 --- a/generic/secrets/gitleaks/zendesk-secret-key.yaml +++ b/generic/secrets/gitleaks/zendesk-secret-key.yaml @@ -23,4 +23,4 @@ rules: technology: - gitleaks patterns: - - pattern-regex: (?i)(?:zendesk)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + - pattern-regex: ((?i)[\w.-]{0,50}?(?:zendesk)(?:[ \t\w.-]{0,20})[\s'"|]{0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)[`'"\s=]{0,5}([a-z0-9]{40})(?:[`'"\s;]|$))