首頁 探索 說明
登入
LBP
/
gitleaks
镜像来自 https://github.com/gitleaks/gitleaks.git
4
0
複刻 0
檔案 問題管理 0 Wiki
瀏覽代碼

Add support for GitLab Runner Tokens (Routable) (#1820)

This commit adds support for GitLabs routable runner tokens.

For the specification see:
https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/cells/routable_tokens/#proposal

Issue: https://github.com/gitleaks/gitleaks/issues/1819

Co-authored-by: Nicholas Wittstruck <1283061+nwittstruck@users.noreply.github.com>
Nicholas 10 月之前
父節點
7fac002325
當前提交
107a41827b
共有 3 個文件被更改,包括 25 次插入0 次删除
分割檢視 顯示文件統計
  1. 1 0
      cmd/generate/config/main.go
  2. 17 0
      cmd/generate/config/rules/gitlab.go
  3. 7 0
      config/gitleaks.toml

+ 1 - 0
cmd/generate/config/main.go
查看文件 

@@ -111,6 +111,7 @@ func main() {
 
 		rules.GitlabPipelineTriggerToken(),
 
 		rules.GitlabRunnerRegistrationToken(),
 
 		rules.GitlabRunnerAuthenticationToken(),
 
+		rules.GitlabRunnerAuthenticationTokenRoutable(),
 
 		rules.GitlabScimToken(),
 
 		rules.GitlabSessionCookie(),
 
 		rules.GitterAccessToken(),

+ 17 - 0
cmd/generate/config/rules/gitlab.go
查看文件 

@@ -177,6 +177,23 @@ func GitlabRunnerAuthenticationToken() *config.Rule {
 
 	return utils.Validate(r, tps, nil)
 
 }
 
 
+func GitlabRunnerAuthenticationTokenRoutable() *config.Rule {
 
+	r := config.Rule{
 
+		RuleID:      "gitlab-runner-authentication-token-routable",
 
+		Description: "Discovered a GitLab Runner Authentication Token (Routable), posing a risk to CI/CD pipeline integrity and unauthorized access.",
 
+		Regex:       regexp.MustCompile(`\bglrt-t\d_[0-9a-zA-Z_\-]{27,300}\.[0-9a-z]{2}[0-9a-z]{7}\b`),
 
+		Entropy:     4,
 
+		Keywords:    []string{"glrt-"},
 
+	}
 
+
 
+	tps := utils.GenerateSampleSecrets("gitlab", "glrt-t"+secrets.NewSecret(utils.Numeric("1"))+"_"+secrets.NewSecret(utils.AlphaNumeric("27"))+"."+secrets.NewSecret(utils.AlphaNumeric("2"))+secrets.NewSecret(utils.AlphaNumeric("7")))
 
+	fps := []string{
 
+		"glrt-tx_xxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxx",
 
+	}
 
+
 
+	return utils.Validate(r, tps, fps)
 
+}
 
+
 
 func GitlabScimToken() *config.Rule {
 
 	r := config.Rule{
 
 		RuleID:      "gitlab-scim-token",

+ 7 - 0
config/gitleaks.toml
查看文件 

@@ -2220,6 +2220,13 @@ regex = '''glrt-[0-9a-zA-Z_\-]{20}'''
 
 entropy = 3
 
 keywords = ["glrt-"]
 
 
+[[rules]]
 
+id = "gitlab-runner-authentication-token-routable"
 
+description = "Discovered a GitLab Runner Authentication Token (Routable), posing a risk to CI/CD pipeline integrity and unauthorized access."
 
+regex = '''\bglrt-t\d_[0-9a-zA-Z_\-]{27,300}\.[0-9a-z]{2}[0-9a-z]{7}\b'''
 
+entropy = 4
 
+keywords = ["glrt-"]
 
+
 
 [[rules]]
 
 id = "gitlab-scim-token"
 
 description = "Discovered a GitLab SCIM Token, posing a risk to unauthorized access for a organization or instance."