Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge Gitleaks rules 2025-01-27 # 01:30
Browse files Browse the repository at this point in the history
Security Research (r2c-argo) committed Jan 27, 2025
1 parent f82ac94 commit bdad0c3
Showing 199 changed files with 924 additions and 170 deletions.
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/1password-service-account-token.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: 1password-service-account-token
message: A gitleaks 1password-service-account-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: (ops_eyJ[a-zA-Z0-9+/]{250,}={0,3})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/adafruit-api-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:adafruit)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:adafruit)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9_-]{32})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/adobe-client-id.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:adobe)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:adobe)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-f0-9]{32})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/adobe-client-secret.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b((p8e-)(?i)[a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(p8e-(?i)[a-z0-9]{32})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/age-secret-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}
- pattern-regex: (AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/airtable-api-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:airtable)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{17})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:airtable)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{17})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/algolia-api-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:algolia)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:algolia)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{32})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/alibaba-access-key-id.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b((LTAI)(?i)[a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(LTAI(?i)[a-z0-9]{20})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/alibaba-secret-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:alibaba)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:alibaba)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{30})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/asana-client-id.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:asana)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([0-9]{16})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/asana-client-secret.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:asana)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{32})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/atlassian-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:atlassian|confluence|jira)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ([\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:atlassian|confluence|jira)(?:[ \t\w.-]{0,20})[\s'"]{0,3})(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-zA-Z0-9]{24})(?:[\x60'"\s;]|\\[nr]|$)|\b(ATATT3[A-Za-z0-9_\-=]{186})(?:[\x60'"\s;]|\\[nr]|$))
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b((?:sc|ext|scauth|authress)_[a-z0-9]{5,30}\.[a-z0-9]{4,6}\.acc[_-][a-z0-9-]{10,32}\.[a-z0-9+/_=-]{30,120})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b((?:sc|ext|scauth|authress)_(?i)[a-z0-9]{5,30}\.[a-z0-9]{4,6}\.(?-i:acc)[_-][a-z0-9-]{10,32}\.[a-z0-9+/_=-]{30,120})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/aws-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}
- pattern-regex: (\b((?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16})\b)
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/azure-ad-client-secret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: azure-ad-client-secret
message: A gitleaks azure-ad-client-secret was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: ((?:^|[\\'"\x60\s>=:(,)])([a-zA-Z0-9_~.]{3}\dQ~[a-zA-Z0-9_~.-]{31,34})(?:$|[\\'"\x60\s<),]))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/beamer-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:beamer)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(b_[a-z0-9=_\-]{44})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:beamer)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(b_[a-z0-9=_\-]{44})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/bitbucket-client-id.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:bitbucket)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{32})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/bitbucket-client-secret.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:bitbucket)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9=_\-]{64})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/bittrex-access-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:bittrex)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{32})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/bittrex-secret-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:bittrex)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{32})(?:[\x60'"\s;]|\\[nr]|$))
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/cisco-meraki-api-key.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: cisco-meraki-api-key
message: A gitleaks cisco-meraki-api-key was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: ([\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:(?-i:[Mm]eraki|MERAKI))(?:[ \t\w.-]{0,20})[\s'"]{0,3})(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([0-9a-f]{40})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/clojars-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(CLOJARS_)[a-z0-9]{60}
- pattern-regex: ((?i)CLOJARS_[a-z0-9]{60})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/cloudflare-api-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:cloudflare)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:cloudflare)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9_-]{40})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/cloudflare-global-api-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:cloudflare)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{37})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:cloudflare)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-f0-9]{37})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/cloudflare-origin-ca-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: \b(v1\.0-[a-f0-9]{24}-[a-f0-9]{146})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(v1\.0-[a-f0-9]{24}-[a-f0-9]{146})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/codecov-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:codecov)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:codecov)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{32})(?:[\x60'"\s;]|\\[nr]|$))
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/cohere-api-token.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: cohere-api-token
message: A gitleaks cohere-api-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: ([\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:cohere|CO_API_KEY)(?:[ \t\w.-]{0,20})[\s'"]{0,3})(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-zA-Z0-9]{40})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/coinbase-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:coinbase)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:coinbase)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9_-]{64})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/confluent-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:confluent)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{16})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/confluent-secret-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:confluent)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{64})(?:[\x60'"\s;]|\\[nr]|$))
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:contentful)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{43})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:contentful)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9=_\-]{43})(?:[\x60'"\s;]|\\[nr]|$))
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/curl-auth-header.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: curl-auth-header
message: A gitleaks curl-auth-header was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: (\bcurl\b(?:.*?|.*?(?:[\r\n]{1,2}.*?){1,5})[ \t\n\r](?:-H|--header)(?:=|[ \t]{0,5})(?:"(?i)(?:Authorization:[ \t]{0,5}(?:Basic[ \t]([a-z0-9+/]{8,}={0,3})|(?:Bearer|(?:Api-)?Token)[ \t]([\w=~@.+/-]{8,})|([\w=~@.+/-]{8,}))|(?:(?:X-(?:[a-z]+-)?)?(?:Api-?)?(?:Key|Token)):[ \t]{0,5}([\w=~@.+/-]{8,}))"|'(?i)(?:Authorization:[ \t]{0,5}(?:Basic[ \t]([a-z0-9+/]{8,}={0,3})|(?:Bearer|(?:Api-)?Token)[ \t]([\w=~@.+/-]{8,})|([\w=~@.+/-]{8,}))|(?:(?:X-(?:[a-z]+-)?)?(?:Api-?)?(?:Key|Token)):[ \t]{0,5}([\w=~@.+/-]{8,}))')(?:\B|\s|\z))
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/curl-auth-user.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: curl-auth-user
message: A gitleaks curl-auth-user was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: (\bcurl\b(?:.*|.*(?:[\r\n]{1,2}.*){1,5})[ \t\n\r](?:-u|--user)(?:=|[ \t]{0,5})(?:"([^:"]{3,}:[^"]{3,})"|'([^:']{3,}:[^']{3,})'|((?:"[^"]{3,}"|'[^']{3,}'|[\w$@.-]+):(?:"[^"]{3,}"|'[^']{3,}'|[\w${}@.-]+)))(?:\s|\z))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/databricks-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(dapi[a-h0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(dapi[a-f0-9]{32}(?:-\d)?)(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/datadog-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:datadog)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:datadog)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{40})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/defined-networking-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:dnkey)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(dnkey-[a-z0-9=_\-]{26}-[a-z0-9=_\-]{52})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:dnkey)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(dnkey-[a-z0-9=_\-]{26}-[a-z0-9=_\-]{52})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/digitalocean-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(doo_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(doo_v1_[a-f0-9]{64})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/digitalocean-pat.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(dop_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(dop_v1_[a-f0-9]{64})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/digitalocean-refresh-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(dor_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)\b(dor_v1_[a-f0-9]{64})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/discord-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:discord)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-f0-9]{64})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/discord-client-id.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{18})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:discord)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([0-9]{18})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/discord-client-secret.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:discord)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9=_\-]{32})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/doppler-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (dp\.pt\.)(?i)[a-z0-9]{43}
- pattern-regex: (dp\.pt\.(?i)[a-z0-9]{43})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/droneci-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:droneci)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:droneci)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{32})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/dropbox-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{15})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:dropbox)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{15})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/dropbox-long-lived-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\-_=]{43})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:dropbox)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\-_=]{43})(?:[\x60'"\s;]|\\[nr]|$))
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(sl\.[a-z0-9\-=_]{135})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:dropbox)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(sl\.[a-z0-9\-=_]{135})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/duffel-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: duffel_(test|live)_(?i)[a-z0-9_\-=]{43}
- pattern-regex: (duffel_(?:test|live)_(?i)[a-z0-9_\-=]{43})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/dynatrace-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: dt0c01\.(?i)[a-z0-9]{24}\.[a-z0-9]{64}
- pattern-regex: (dt0c01\.(?i)[a-z0-9]{24}\.[a-z0-9]{64})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/easypost-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: \bEZAK(?i)[a-z0-9]{54}
- pattern-regex: (\bEZAK(?i)[a-z0-9]{54}\b)
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/easypost-test-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: \bEZTK(?i)[a-z0-9]{54}
- pattern-regex: (\bEZTK(?i)[a-z0-9]{54}\b)
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/etsy-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:etsy)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:(?-i:ETSY|[Ee]tsy))(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{24})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/facebook-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(\d{15,16}(\||%)[0-9a-z\-_]{27,40})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)\b(\d{15,16}(\||%)[0-9a-z\-_]{27,40})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/facebook-page-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(EAA[MC][a-z0-9]{20,})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(EAA[MC](?i)[a-z0-9]{100,})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/facebook-secret.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:facebook)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:facebook)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-f0-9]{32})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/fastly-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:fastly)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:fastly)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9=_\-]{32})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/finicity-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:finicity)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:finicity)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-f0-9]{32})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/finicity-client-secret.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:finicity)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:finicity)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{20})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/finnhub-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:finnhub)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:finnhub)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{20})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/flickr-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:flickr)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:flickr)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{32})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/flutterwave-encryption-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: FLWSECK_TEST-(?i)[a-h0-9]{12}
- pattern-regex: (FLWSECK_TEST-(?i)[a-h0-9]{12})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/flutterwave-public-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: FLWPUBK_TEST-(?i)[a-h0-9]{32}-X
- pattern-regex: (FLWPUBK_TEST-(?i)[a-h0-9]{32}-X)
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/flutterwave-secret-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: FLWSECK_TEST-(?i)[a-h0-9]{32}-X
- pattern-regex: (FLWSECK_TEST-(?i)[a-h0-9]{32}-X)
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/flyio-access-token.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: flyio-access-token
message: A gitleaks flyio-access-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: (\b((?:fo1_[\w-]{43}|fm1[ar]_[a-zA-Z0-9+\/]{100,}={0,3}|fm2_[a-zA-Z0-9+\/]{100,}={0,3}))(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/frameio-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: fio-u-(?i)[a-z0-9\-_=]{64}
- pattern-regex: (fio-u-(?i)[a-z0-9\-_=]{64})
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/freemius-secret-key.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: freemius-secret-key
message: A gitleaks freemius-secret-key was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: ((?i)["']secret_key["']\s*=>\s*["'](sk_[\S]{29})["'])
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/freshbooks-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:freshbooks)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:freshbooks)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{64})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/gcp-api-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(AIza[0-9A-Za-z\\-_]{35})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(AIza[\w-]{35})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/github-app-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (ghu|ghs)_[0-9a-zA-Z]{36}
- pattern-regex: ((?:ghu|ghs)_[0-9a-zA-Z]{36})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/github-fine-grained-pat.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: github_pat_[0-9a-zA-Z_]{82}
- pattern-regex: (github_pat_\w{82})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/github-oauth.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: gho_[0-9a-zA-Z]{36}
- pattern-regex: (gho_[0-9a-zA-Z]{36})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/github-pat.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: ghp_[0-9a-zA-Z]{36}
- pattern-regex: (ghp_[0-9a-zA-Z]{36})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/github-refresh-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: ghr_[0-9a-zA-Z]{36}
- pattern-regex: (ghr_[0-9a-zA-Z]{36})
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/gitlab-cicd-job-token.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: gitlab-cicd-job-token
message: A gitleaks gitlab-cicd-job-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: (glcbt-[0-9a-zA-Z]{1,5}_[0-9a-zA-Z_-]{20})
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/gitlab-deploy-token.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: gitlab-deploy-token
message: A gitleaks gitlab-deploy-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: (gldt-[0-9a-zA-Z_\-]{20})
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/gitlab-feature-flag-client-token.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: gitlab-feature-flag-client-token
message: A gitleaks gitlab-feature-flag-client-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: (glffct-[0-9a-zA-Z_\-]{20})
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/gitlab-feed-token.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: gitlab-feed-token
message: A gitleaks gitlab-feed-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: (glft-[0-9a-zA-Z_\-]{20})
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/gitlab-incoming-mail-token.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: gitlab-incoming-mail-token
message: A gitleaks gitlab-incoming-mail-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: (glimt-[0-9a-zA-Z_\-]{25})
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/gitlab-kubernetes-agent-token.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: gitlab-kubernetes-agent-token
message: A gitleaks gitlab-kubernetes-agent-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: (glagent-[0-9a-zA-Z_\-]{50})
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/gitlab-oauth-app-secret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: gitlab-oauth-app-secret
message: A gitleaks gitlab-oauth-app-secret was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: (gloas-[0-9a-zA-Z_\-]{64})
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/gitlab-pat-routable.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: gitlab-pat-routable
message: A gitleaks gitlab-pat-routable was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: (\bglpat-[0-9a-zA-Z_-]{27,300}\.[0-9a-z]{2}[0-9a-z]{7}\b)
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/gitlab-pat.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: glpat-[0-9a-zA-Z\-\_]{20}
- pattern-regex: (glpat-[\w-]{20})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/gitlab-ptt.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: glptt-[0-9a-f]{40}
- pattern-regex: (glptt-[0-9a-f]{40})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/gitlab-rrt.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: GR1348941[0-9a-zA-Z\-\_]{20}
- pattern-regex: (GR1348941[\w-]{20})
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/gitlab-runner-authentication-token.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: gitlab-runner-authentication-token
message: A gitleaks gitlab-runner-authentication-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: (glrt-[0-9a-zA-Z_\-]{20})
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/gitlab-scim-token.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: gitlab-scim-token
message: A gitleaks gitlab-scim-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: (glsoat-[0-9a-zA-Z_\-]{20})
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/gitlab-session-cookie.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: gitlab-session-cookie
message: A gitleaks gitlab-session-cookie was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: (_gitlab_session=[0-9a-z]{32})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/gitter-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:gitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:gitter)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9_-]{40})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/gocardless-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:gocardless)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(live_(?i)[a-z0-9\-_=]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:gocardless)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(live_(?i)[a-z0-9\-_=]{40})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/grafana-api-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(eyJrIjoi[A-Za-z0-9]{70,400}={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)\b(eyJrIjoi[A-Za-z0-9]{70,400}={0,3})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/grafana-cloud-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(glc_[A-Za-z0-9+/]{32,400}={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)\b(glc_[A-Za-z0-9+/]{32,400}={0,3})(?:[\x60'"\s;]|\\[nr]|$))
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(glsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)\b(glsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/harness-api-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: ((?:pat|sat)\.[a-zA-Z0-9]{22}\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{20})
- pattern-regex: ((?:pat|sat)\.[a-zA-Z0-9_-]{22}\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{20})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/hashicorp-tf-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)[a-z0-9]{14}\.atlasv1\.[a-z0-9\-_=]{60,70}
- pattern-regex: ((?i)[a-z0-9]{14}\.(?-i:atlasv1)\.[a-z0-9\-_=]{60,70})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/hashicorp-tf-password.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:administrator_login_password|password)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}("[a-z0-9=_\-]{8,20}")(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:administrator_login_password|password)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}("[a-z0-9=_\-]{8,20}")(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/heroku-api-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:heroku)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:heroku)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/hubspot-api-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:hubspot)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:hubspot)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/huggingface-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?:^|[\\'"` >=:])(hf_[a-zA-Z]{34})(?:$|[\\'"` <])
- pattern-regex: (\b(hf_(?i:[a-z]{34}))(?:[\x60'"\s;]|\\[nr]|$))
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?:^|[\\'"` >=:\(,)])(api_org_[a-zA-Z]{34})(?:$|[\\'"` <\),])
- pattern-regex: (\b(api_org_(?i:[a-z]{34}))(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/infracost-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(ico-[a-zA-Z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(ico-[a-zA-Z0-9]{32})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/intercom-api-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:intercom)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{60})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:intercom)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9=_\-]{60})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/intra42-client-secret.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(s-s4t2(?:ud|af)-[abcdef0123456789]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(s-s4t2(?:ud|af)-(?i)[abcdef0123456789]{64})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/jfrog-api-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:jfrog|artifactory|bintray|xray)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{73})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:jfrog|artifactory|bintray|xray)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{73})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/jfrog-identity-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:jfrog|artifactory|bintray|xray)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:jfrog|artifactory|bintray|xray)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{64})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/jwt-base64.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: \bZXlK(?:(?P<alg>aGJHY2lPaU)|(?P<apu>aGNIVWlPaU)|(?P<apv>aGNIWWlPaU)|(?P<aud>aGRXUWlPaU)|(?P<b64>aU5qUWlP)|(?P<crit>amNtbDBJanBi)|(?P<cty>amRIa2lPaU)|(?P<epk>bGNHc2lPbn)|(?P<enc>bGJtTWlPaU)|(?P<jku>cWEzVWlPaU)|(?P<jwk>cWQyc2lPb)|(?P<iss>cGMzTWlPaU)|(?P<iv>cGRpSTZJ)|(?P<kid>cmFXUWlP)|(?P<key_ops>clpYbGZiM0J6SWpwY)|(?P<kty>cmRIa2lPaUp)|(?P<nonce>dWIyNWpaU0k2)|(?P<p2c>d01tTWlP)|(?P<p2s>d01uTWlPaU)|(?P<ppt>d2NIUWlPaU)|(?P<sub>emRXSWlPaU)|(?P<svt>emRuUWlP)|(?P<tag>MFlXY2lPaU)|(?P<typ>MGVYQWlPaUp)|(?P<url>MWNtd2l)|(?P<use>MWMyVWlPaUp)|(?P<ver>MlpYSWlPaU)|(?P<version>MlpYSnphVzl1SWpv)|(?P<x>NElqb2)|(?P<x5c>NE5XTWlP)|(?P<x5t>NE5YUWlPaU)|(?P<x5ts256>NE5YUWpVekkxTmlJNkl)|(?P<x5u>NE5YVWlPaU)|(?P<zip>NmFYQWlPaU))[a-zA-Z0-9\/\\_+\-\r\n]{40,}={0,2}
- pattern-regex: (\bZXlK(?:(?P<alg>aGJHY2lPaU)|(?P<apu>aGNIVWlPaU)|(?P<apv>aGNIWWlPaU)|(?P<aud>aGRXUWlPaU)|(?P<b64>aU5qUWlP)|(?P<crit>amNtbDBJanBi)|(?P<cty>amRIa2lPaU)|(?P<epk>bGNHc2lPbn)|(?P<enc>bGJtTWlPaU)|(?P<jku>cWEzVWlPaU)|(?P<jwk>cWQyc2lPb)|(?P<iss>cGMzTWlPaU)|(?P<iv>cGRpSTZJ)|(?P<kid>cmFXUWlP)|(?P<key_ops>clpYbGZiM0J6SWpwY)|(?P<kty>cmRIa2lPaUp)|(?P<nonce>dWIyNWpaU0k2)|(?P<p2c>d01tTWlP)|(?P<p2s>d01uTWlPaU)|(?P<ppt>d2NIUWlPaU)|(?P<sub>emRXSWlPaU)|(?P<svt>emRuUWlP)|(?P<tag>MFlXY2lPaU)|(?P<typ>MGVYQWlPaUp)|(?P<url>MWNtd2l)|(?P<use>MWMyVWlPaUp)|(?P<ver>MlpYSWlPaU)|(?P<version>MlpYSnphVzl1SWpv)|(?P<x>NElqb2)|(?P<x5c>NE5XTWlP)|(?P<x5t>NE5YUWlPaU)|(?P<x5ts256>NE5YUWpVekkxTmlJNkl)|(?P<x5u>NE5YVWlPaU)|(?P<zip>NmFYQWlPaU))[a-zA-Z0-9\/\\_+\-\r\n]{40,}={0,2})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/jwt.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: \b(ey[a-zA-Z0-9]{17,}\.ey[a-zA-Z0-9\/\\_-]{17,}\.(?:[a-zA-Z0-9\/\\_-]{10,}={0,2})?)(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(ey[a-zA-Z0-9]{17,}\.ey[a-zA-Z0-9\/\\_-]{17,}\.(?:[a-zA-Z0-9\/\\_-]{10,}={0,2})?)(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/kraken-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:kraken)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9\/=_\+\-]{80,90})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:kraken)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9\/=_\+\-]{80,90})(?:[\x60'"\s;]|\\[nr]|$))
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/kubernetes-secret-yaml.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: kubernetes-secret-yaml
message: A gitleaks kubernetes-secret-yaml was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: ((?i)(?:\bkind:[ \t]*["']?\bsecret\b["']?(?:.|\s){0,200}?\bdata:(?:.|\s){0,100}?\s+([\w.-]+:(?:[ \t]*(?:\||>[-+]?)\s+)?[ \t]*(?:["']?[a-z0-9+/]{10,}={0,3}["']?|\{\{[ \t\w"|$:=,.-]+}}|""|''))|\bdata:(?:.|\s){0,100}?\s+([\w.-]+:(?:[ \t]*(?:\||>[-+]?)\s+)?[ \t]*(?:["']?[a-z0-9+/]{10,}={0,3}["']?|\{\{[ \t\w"|$:=,.-]+}}|""|''))(?:.|\s){0,200}?\bkind:[ \t]*["']?\bsecret\b["']?))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/kucoin-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:kucoin)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:kucoin)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-f0-9]{24})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/kucoin-secret-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:kucoin)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:kucoin)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/launchdarkly-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:launchdarkly)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:launchdarkly)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9=_\-]{40})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/linear-api-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: lin_api_(?i)[a-z0-9]{40}
- pattern-regex: (lin_api_(?i)[a-z0-9]{40})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/linear-client-secret.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:linear)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:linear)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-f0-9]{32})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/linkedin-client-id.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:linkedin|linked-in)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{14})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:linked[_-]?in)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{14})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/linkedin-client-secret.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:linkedin|linked-in)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:linked[_-]?in)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{16})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/lob-api-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:lob)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}((live|test)_[a-f0-9]{35})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:lob)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}((live|test)_[a-f0-9]{35})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/lob-pub-api-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:lob)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}((test|live)_pub_[a-f0-9]{31})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:lob)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}((test|live)_pub_[a-f0-9]{31})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/mailchimp-api-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:MailchimpSDK.initialize|mailchimp)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32}-us\d\d)(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:MailchimpSDK.initialize|mailchimp)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-f0-9]{32}-us\d\d)(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/mailgun-private-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:mailgun)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(key-[a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:mailgun)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(key-[a-f0-9]{32})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/mailgun-pub-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:mailgun)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(pubkey-[a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:mailgun)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(pubkey-[a-f0-9]{32})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/mailgun-signing-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:mailgun)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:mailgun)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/mapbox-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:mapbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(pk\.[a-z0-9]{60}\.[a-z0-9]{22})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:mapbox)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(pk\.[a-z0-9]{60}\.[a-z0-9]{22})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/mattermost-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:mattermost)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{26})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:mattermost)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{26})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/messagebird-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:messagebird|message-bird|message_bird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{25})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:message[_-]?bird)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{25})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/messagebird-client-id.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:messagebird|message-bird|message_bird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:message[_-]?bird)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/microsoft-teams-webhook.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: https:\/\/[a-z0-9]+\.webhook\.office\.com\/webhookb2\/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}@[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}\/IncomingWebhook\/[a-z0-9]{32}\/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}
- pattern-regex: (https://[a-z0-9]+\.webhook\.office\.com/webhookb2/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}@[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}/IncomingWebhook/[a-z0-9]{32}/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/netlify-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:netlify)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{40,46})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:netlify)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9=_\-]{40,46})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/new-relic-browser-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(NRJS-[a-f0-9]{19})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:new-relic|newrelic|new_relic)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(NRJS-[a-f0-9]{19})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/new-relic-insert-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(NRII-[a-z0-9-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:new-relic|newrelic|new_relic)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(NRII-[a-z0-9-]{32})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/new-relic-user-api-id.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:new-relic|newrelic|new_relic)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{64})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/new-relic-user-api-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(NRAK-[a-z0-9]{27})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:new-relic|newrelic|new_relic)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(NRAK-[a-z0-9]{27})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/npm-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(npm_[a-z0-9]{36})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)\b(npm_[a-z0-9]{36})(?:[\x60'"\s;]|\\[nr]|$))
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/nuget-config-password.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: nuget-config-password
message: A gitleaks nuget-config-password was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: ((?i)<add key=\"(?:(?:ClearText)?Password)\"\s*value=\"(.{8,})\"\s*/>)
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/nytimes-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:nytimes|new-york-times,|newyorktimes)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:nytimes|new-york-times,|newyorktimes)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9=_\-]{32})(?:[\x60'"\s;]|\\[nr]|$))
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/octopus-deploy-api-key.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: octopus-deploy-api-key
message: A gitleaks octopus-deploy-api-key was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: (\b(API-[A-Z0-9]{26})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/okta-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:okta)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{42})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ([\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:(?-i:[Oo]kta|OKTA))(?:[ \t\w.-]{0,20})[\s'"]{0,3})(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(00[\w=\-]{40})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/openai-api-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(sk-[a-zA-Z0-9]{20}T3BlbkFJ[a-zA-Z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(sk-[a-zA-Z0-9]{20}T3BlbkFJ[a-zA-Z0-9]{20})(?:[\x60'"\s;]|\\[nr]|$))
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/openshift-user-token.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: openshift-user-token
message: A gitleaks openshift-user-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: (\b(sha256~[\w-]{43})(?:[^\w-]|\z))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/plaid-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:plaid)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(access-(?:sandbox|development|production)-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:plaid)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(access-(?:sandbox|development|production)-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/plaid-client-id.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:plaid)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:plaid)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{24})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/plaid-secret-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:plaid)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:plaid)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{30})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/planetscale-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(pscale_tkn_(?i)[a-z0-9=\-_\.]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(pscale_tkn_(?i)[\w=\.-]{32,64})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/planetscale-oauth-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(pscale_oauth_(?i)[a-z0-9=\-_\.]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(pscale_oauth_[\w=\.-]{32,64})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/planetscale-password.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(pscale_pw_(?i)[a-z0-9=\-_\.]{32,64})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)\b(pscale_pw_(?i)[\w=\.-]{32,64})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/postman-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(PMAK-(?i)[a-f0-9]{24}\-[a-f0-9]{34})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(PMAK-(?i)[a-f0-9]{24}\-[a-f0-9]{34})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/prefect-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(pnu_[a-z0-9]{36})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(pnu_[a-zA-Z0-9]{36})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/private-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY( BLOCK)?-----[\s\S-]*KEY( BLOCK)?----
- pattern-regex: ((?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY(?: BLOCK)?-----[\s\S-]*?KEY(?: BLOCK)?-----)
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/privateai-api-token.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: privateai-api-token
message: A gitleaks privateai-api-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: ([\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:private[_-]?ai)(?:[ \t\w.-]{0,20})[\s'"]{0,3})(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{32})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/pulumi-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(pul-[a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(pul-[a-f0-9]{40})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/pypi-upload-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}
- pattern-regex: (pypi-AgEIcHlwaS5vcmc[\w-]{50,1000})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/rapidapi-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:rapidapi)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{50})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:rapidapi)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9_-]{50})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/readme-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(rdme_[a-z0-9]{70})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(rdme_[a-z0-9]{70})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/rubygems-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(rubygems_[a-f0-9]{48})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(rubygems_[a-f0-9]{48})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/scalingo-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: \b(tk-us-[a-zA-Z0-9-_]{48})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(tk-us-[\w-]{48})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/sendbird-access-id.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:sendbird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:sendbird)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/sendbird-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:sendbird)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:sendbird)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-f0-9]{40})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/sendgrid-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(SG\.(?i)[a-z0-9=_\-\.]{66})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(SG\.(?i)[a-z0-9=_\-\.]{66})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/sendinblue-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(xkeysib-[a-f0-9]{64}\-(?i)[a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(xkeysib-[a-f0-9]{64}\-(?i)[a-z0-9]{16})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/sentry-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:sentry)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:sentry)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-f0-9]{64})(?:[\x60'"\s;]|\\[nr]|$))
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/sentry-org-token.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: sentry-org-token
message: A gitleaks sentry-org-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: (\bsntrys_eyJpYXQiO[a-zA-Z0-9+/]{10,200}(?:LCJyZWdpb25fdXJs|InJlZ2lvbl91cmwi|cmVnaW9uX3VybCI6)[a-zA-Z0-9+/]{10,200}={0,2}_[a-zA-Z0-9+/]{43}\b)
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/sentry-user-token.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: sentry-user-token
message: A gitleaks sentry-user-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: (\b(sntryu_[a-f0-9]{64})(?:[\x60'"\s;]|\\[nr]|$))
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/settlemint-application-access-token.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: settlemint-application-access-token
message: A gitleaks settlemint-application-access-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: (\b(sm_aat_[a-zA-Z0-9]{16})(?:[\x60'"\s;]|\\[nr]|$))
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/settlemint-personal-access-token.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: settlemint-personal-access-token
message: A gitleaks settlemint-personal-access-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: (\b(sm_pat_[a-zA-Z0-9]{16})(?:[\x60'"\s;]|\\[nr]|$))
26 changes: 26 additions & 0 deletions generic/secrets/gitleaks/settlemint-service-access-token.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
rules:
- id: settlemint-service-access-token
message: A gitleaks settlemint-service-access-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
languages:
- regex
severity: INFO
metadata:
likelihood: LOW
impact: MEDIUM
confidence: LOW
category: security
cwe:
- "CWE-798: Use of Hard-coded Credentials"
cwe2021-top25: true
cwe2022-top25: true
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
subcategory:
- vuln
technology:
- gitleaks
patterns:
- pattern-regex: (\b(sm_sat_[a-zA-Z0-9]{16})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/shippo-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(shippo_(live|test)_[a-f0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(shippo_(?:live|test)_[a-fA-F0-9]{40})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/shopify-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: shpat_[a-fA-F0-9]{32}
- pattern-regex: (shpat_[a-fA-F0-9]{32})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/shopify-custom-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: shpca_[a-fA-F0-9]{32}
- pattern-regex: (shpca_[a-fA-F0-9]{32})
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: shppa_[a-fA-F0-9]{32}
- pattern-regex: (shppa_[a-fA-F0-9]{32})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/shopify-shared-secret.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: shpss_[a-fA-F0-9]{32}
- pattern-regex: (shpss_[a-fA-F0-9]{32})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/sidekiq-secret.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:BUNDLE_ENTERPRISE__CONTRIBSYS__COM|BUNDLE_GEMS__CONTRIBSYS__COM)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{8}:[a-f0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:BUNDLE_ENTERPRISE__CONTRIBSYS__COM|BUNDLE_GEMS__CONTRIBSYS__COM)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-f0-9]{8}:[a-f0-9]{8})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/sidekiq-sensitive-url.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(http(?:s??):\/\/)([a-f0-9]{8}:[a-f0-9]{8})@(?:gems.contribsys.com|enterprise.contribsys.com)(?:[\/|\#|\?|:]|$)
- pattern-regex: ((?i)\bhttps?://([a-f0-9]{8}:[a-f0-9]{8})@(?:gems.contribsys.com|enterprise.contribsys.com)(?:[\/|\#|\?|:]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/slack-app-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(xapp-\d-[A-Z0-9]+-\d+-[a-z0-9]+)
- pattern-regex: ((?i)xapp-\d-[A-Z0-9]+-\d+-[a-z0-9]+)
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/slack-bot-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (xoxb-[0-9]{10,13}\-[0-9]{10,13}[a-zA-Z0-9-]*)
- pattern-regex: (xoxb-[0-9]{10,13}-[0-9]{10,13}[a-zA-Z0-9-]*)
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/slack-config-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(xoxe.xox[bp]-\d-[A-Z0-9]{163,166})
- pattern-regex: ((?i)xoxe.xox[bp]-\d-[A-Z0-9]{163,166})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/slack-config-refresh-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(xoxe-\d-[A-Z0-9]{146})
- pattern-regex: ((?i)xoxe-\d-[A-Z0-9]{146})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/slack-legacy-bot-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (xoxb-[0-9]{8,14}\-[a-zA-Z0-9]{18,26})
- pattern-regex: (xoxb-[0-9]{8,14}-[a-zA-Z0-9]{18,26})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/slack-webhook-url.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (https?:\/\/)?hooks.slack.com\/(services|workflows)\/[A-Za-z0-9+\/]{43,46}
- pattern-regex: ((?:https?://)?hooks.slack.com/(?:services|workflows)/[A-Za-z0-9+/]{43,46})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/snyk-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:snyk_token|snyk_key|snyk_api_token|snyk_api_key|snyk_oauth_token)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:snyk[_.-]?(?:(?:api|oauth)[_.-]?)?(?:key|token))(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/square-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b((EAAA|sq0atp-)[0-9A-Za-z\-_]{22,60})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b((?:EAAA|sq0atp-)[\w-]{22,60})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/squarespace-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:squarespace)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:squarespace)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/stripe-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b((sk|rk)_(test|live|prod)_[0-9a-z]{10,99})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b((?:sk|rk)_(?:test|live|prod)_[a-zA-Z0-9]{10,99})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/sumologic-access-id.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i:(?:sumo)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3})(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(su[a-zA-Z0-9]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ([\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:(?-i:[Ss]umo|SUMO))(?:[ \t\w.-]{0,20})[\s'"]{0,3})(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(su[a-zA-Z0-9]{12})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/sumologic-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:sumo)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:(?-i:[Ss]umo|SUMO))(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{64})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/telegram-bot-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i:(?:telegr)(?:[0-9a-z\(-_\t .\\]{0,40})(?:[\s|']|[\s|"]){0,3})(?:=|\|\|:|<=|=>|:|\?=|\()(?:'|\"|\s|=|\x60){0,5}([0-9]{5,16}:A[a-z0-9_\-]{34})(?:['|\"|\n|\r|\s|\x60|;|\\]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:telegr)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([0-9]{5,16}:(?-i:A)[a-z0-9_\-]{34})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/travisci-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:travis)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{22})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:travis)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{22})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/twilio-api-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: SK[0-9a-fA-F]{32}
- pattern-regex: (SK[0-9a-fA-F]{32})
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/twitch-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:twitch)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:twitch)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{30})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/twitter-access-secret.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{45})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:twitter)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{45})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/twitter-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9]{15,25}-[a-zA-Z0-9]{20,40})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:twitter)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([0-9]{15,25}-[a-zA-Z0-9]{20,40})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/twitter-api-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{25})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:twitter)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{25})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/twitter-api-secret.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{50})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:twitter)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{50})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/twitter-bearer-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(A{22}[a-zA-Z0-9%]{80,100})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:twitter)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(A{22}[a-zA-Z0-9%]{80,100})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/typeform-api-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:typeform)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(tfp_[a-z0-9\-_\.=]{59})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:typeform)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(tfp_[a-z0-9\-_\.=]{59})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/vault-batch-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(hvb\.[a-z0-9_-]{138,212})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b(hvb\.[\w-]{138,300})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/vault-service-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)\b(hvs\.[a-z0-9_-]{90,100})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: (\b((?:hvs\.[\w-]{90,120}|s\.(?i:[a-z0-9]{24})))(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/yandex-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:yandex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(t1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:yandex)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(t1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/yandex-api-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:yandex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(AQVN[A-Za-z0-9_\-]{35,38})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:yandex)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(AQVN[A-Za-z0-9_\-]{35,38})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/yandex-aws-access-token.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:yandex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(YC[a-zA-Z0-9_\-]{38})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:yandex)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}(YC[a-zA-Z0-9_\-]{38})(?:[\x60'"\s;]|\\[nr]|$))
2 changes: 1 addition & 1 deletion generic/secrets/gitleaks/zendesk-secret-key.yaml
Original file line number Diff line number Diff line change
@@ -23,4 +23,4 @@ rules:
technology:
- gitleaks
patterns:
- pattern-regex: (?i)(?:zendesk)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)
- pattern-regex: ((?i)[\w.-]{0,50}?(?:zendesk)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{40})(?:[\x60'"\s;]|\\[nr]|$))

0 comments on commit bdad0c3

Please sign in to comment.