Add detection rules for DigitalOcean tokens (#1002)

* Add detection rules for DigitalOcean tokens

* go fmt correction

cmd/generate/config/main.go

@@ -41,6 +41,9 @@ func main() {
 	configRules = append(configRules, rules.Contentful())
 	configRules = append(configRules, rules.Databricks())
 	configRules = append(configRules, rules.DatadogtokenAccessToken())
+	configRules = append(configRules, rules.DigitalOceanPAT())
+	configRules = append(configRules, rules.DigitalOceanOAuthToken())
+	configRules = append(configRules, rules.DigitalOceanRefreshToken())
 	configRules = append(configRules, rules.DiscordAPIToken())
 	configRules = append(configRules, rules.DiscordClientID())
 	configRules = append(configRules, rules.DiscordClientSecret())

cmd/generate/config/rules/digitalocean.go

@@ -0,0 +1,51 @@
+package rules
+
+import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
+	"github.com/zricethezav/gitleaks/v8/config"
+)
+
+func DigitalOceanPAT() *config.Rule {
+	r := config.Rule{
+		Description: "DigitalOcean Personal Access Token",
+		RuleID:      "digitalocean-pat",
+		SecretGroup: 1,
+		Regex:       generateUniqueTokenRegex(`dop_v1_[a-f0-9]{64}`),
+		Keywords:    []string{"dop_v1_"},
+	}
+
+	tps := []string{
+		generateSampleSecret("do", "dop_v1_"+secrets.NewSecret(hex("64"))),
+	}
+	return validate(r, tps, nil)
+}
+
+func DigitalOceanOAuthToken() *config.Rule {
+	r := config.Rule{
+		Description: "DigitalOcean OAuth Access Token",
+		RuleID:      "digitalocean-access-token",
+		SecretGroup: 1,
+		Regex:       generateUniqueTokenRegex(`doo_v1_[a-f0-9]{64}`),
+		Keywords:    []string{"doo_v1_"},
+	}
+
+	tps := []string{
+		generateSampleSecret("do", "doo_v1_"+secrets.NewSecret(hex("64"))),
+	}
+	return validate(r, tps, nil)
+}
+
+func DigitalOceanRefreshToken() *config.Rule {
+	r := config.Rule{
+		Description: "DigitalOcean OAuth Refresh Token",
+		RuleID:      "digitalocean-refresh-token",
+		SecretGroup: 1,
+		Regex:       generateUniqueTokenRegex(`dor_v1_[a-f0-9]{64}`),
+		Keywords:    []string{"dor_v1_"},
+	}
+
+	tps := []string{
+		generateSampleSecret("do", "dor_v1_"+secrets.NewSecret(hex("64"))),
+	}
+	return validate(r, tps, nil)
+}

cmd/generate/config/rules/slack.go

@@ -44,7 +44,7 @@ func SlackWebHook() *config.Rule {
 
 	// validate
 	tps := []string{
-		"https://hooks.slack.com/services/" + secrets.NewSecret(alphaNumeric("44")), // gitleaks:allow
+		"https://hooks.slack.com/services/" + secrets.NewSecret(alphaNumeric("44")),  // gitleaks:allow
 		"https://hooks.slack.com/workflows/" + secrets.NewSecret(alphaNumeric("44")), // gitleaks:allow
 	}
 	return validate(r, tps, nil)

config/gitleaks.toml

@@ -238,6 +238,33 @@ keywords = [
     "datadog",
 ]
 
+[[rules]]
+description = "DigitalOcean OAuth Access Token"
+id = "digitalocean-access-token"
+regex = '''(?i)\b(doo_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    "doo_v1_",
+]
+
+[[rules]]
+description = "DigitalOcean Personal Access Token"
+id = "digitalocean-pat"
+regex = '''(?i)\b(dop_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    "dop_v1_",
+]
+
+[[rules]]
+description = "DigitalOcean OAuth Refresh Token"
+id = "digitalocean-refresh-token"
+regex = '''(?i)\b(dor_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    "dor_v1_",
+]
+
 [[rules]]
 description = "Discord API key"
 id = "discord-api-token"