Acasă Explorează Ajutor
Autentificare
LBP
/
gitleaks
oglindă de https://github.com/gitleaks/gitleaks.git
4
0
Bifurcare 0
Fisiere Probleme 0 Wiki
Răsfoiți Sursa

feat: facebook secret, access token, and page access token rules (#1372)

* Add Facebook secret, access token, and page access token rules

* comment
Baruch Odem (Rothkoff) 1 an în urmă
părinte
979f213b93
comite
4b543280a1
3 a modificat fișierele cu 62 adăugiri și 5 ștergeri
Vizualizare divizată Arată Statisticile Diff
  1. 3 1
      cmd/generate/config/main.go
  2. 45 3
      cmd/generate/config/rules/facebook.go
  3. 14 1
      config/gitleaks.toml

+ 3 - 1
cmd/generate/config/main.go
Vizualizați fișierul 

@@ -67,7 +67,9 @@ func main() {
 
 		rules.EasyPost(),
 
 		rules.EasyPostTestAPI(),
 
 		rules.EtsyAccessToken(),
 
-		rules.Facebook(),
 
+		rules.FacebookSecret(),
 
+		rules.FacebookAccessToken(),
 
+		rules.FacebookPageAccessToken(),
 
 		rules.FastlyAPIToken(),
 
 		rules.FinicityClientSecret(),
 
 		rules.FinicityAPIToken(),

+ 45 - 3
cmd/generate/config/rules/facebook.go
Vizualizați fișierul 

@@ -5,11 +5,13 @@ import (
 
 	"github.com/zricethezav/gitleaks/v8/config"
 
 )
 
 
-func Facebook() *config.Rule {
 
+// This rule includes both App Secret and Client Access Token
 
+// https://developers.facebook.com/docs/facebook-login/guides/access-tokens/
 
+func FacebookSecret() *config.Rule {
 
 	// define rule
 
 	r := config.Rule{
 
-		Description: "Discovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure.",
 
-		RuleID:      "facebook",
 
+		Description: "Discovered a Facebook Application secret, posing a risk of unauthorized access to Facebook accounts and personal data exposure.",
 
+		RuleID:      "facebook-secret",
 
 		Regex:       generateSemiGenericRegex([]string{"facebook"}, hex("32"), true),
 
 
 		Keywords: []string{"facebook"},
 
@@ -18,6 +20,46 @@ func Facebook() *config.Rule {
 
 	// validate
 
 	tps := []string{
 
 		generateSampleSecret("facebook", secrets.NewSecret(hex("32"))),
 
+		`facebook_app_secret = "6dca6432e45d933e13650d1882bd5e69"`,       // gitleaks:allow
 
+		`facebook_client_access_token: 26f5fd13099f2c1331aafb86f6489692`, // gitleaks:allow
 
+	}
 
+	return validate(r, tps, nil)
 
+}
 
+
 
+// https://developers.facebook.com/docs/facebook-login/guides/access-tokens/#apptokens
 
+func FacebookAccessToken() *config.Rule {
 
+	// define rule
 
+	r := config.Rule{
 
+		Description: "Discovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure.",
 
+		RuleID:      "facebook-access-token",
 
+		Regex:       generateUniqueTokenRegex(`\d{15,16}\|[0-9a-z\-_]{27}`, true),
 
+	}
 
+
 
+	// validate
 
+	tps := []string{
 
+		`{"access_token":"911602140448729|AY-lRJZq9BoDLobvAiP25L7RcMg","token_type":"bearer"}`, // gitleaks:allow
 
+		`1308742762612587|rhoK1cbv0DOU_RTX_87O4MkX7AI`,                                         // gitleaks:allow
 
+		`1477036645700765|wRPf2v3mt2JfMqCLK8n7oltrEmc`,                                         // gitleaks:allow
 
+	}
 
+	return validate(r, tps, nil)
 
+}
 
+
 
+// https://developers.facebook.com/docs/facebook-login/guides/access-tokens/#pagetokens
 
+func FacebookPageAccessToken() *config.Rule {
 
+	// define rule
 
+	r := config.Rule{
 
+		Description: "Discovered a Facebook Page Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure.",
 
+		RuleID:      "facebook-page-access-token",
 
+		Regex:       generateUniqueTokenRegex("EAA[MC]"+alphaNumeric("20,"), true),
 
+		Keywords:    []string{"EAAM", "EAAC"},
 
+	}
 
+
 
+	// validate
 
+	tps := []string{
 
+		`EAAM9GOnCB9kBO2frzOAWGN2zMnZClQshlWydZCrBNdodesbwimx1mfVJgqZBP5RSpMfUzWhtjTTXHG5I1UlvlwRZCgjm3ZBVGeTYiqAAoxyED6HaUdhpGVNoPUwAuAWWFsi9OvyYBQt22DGLqMIgD7VktuCTTZCWKasz81Q822FPhMTB9VFFyClNzQ0NLZClt9zxpsMMrUZCo1VU1rL3CKavir5QTfBjfCEzHNlWAUDUV2YZD`, // gitleaks:allow
 
+		`EAAM9GOnCB9kBO2zXpAtRBmCrsPPjdA3KeBl4tqsEpcYd09cpjm9MZCBIklZBjIQBKGIJgFwm8IE17G5pipsfRBRBEHMWxvJsL7iHLUouiprxKRQfAagw8BEEDucceqxTiDhVW2IZAQNNbf0d1JhcapAGntx5S1Csm4j0GgZB3DuUfI2HJ9aViTtdfH2vjBy0wtpXm2iamevohGfoF4NgyRHusDLjqy91uYMkfrkc`,          // gitleaks:allow
 
+		`- name: FACEBOOK_TOKEN
 
+		value: "EAACEdEose0cBA1bad3afsf2aew"`, // gitleaks:allow
 
 	}
 
 	return validate(r, tps, nil)
 
 }

+ 14 - 1
config/gitleaks.toml
Vizualizați fișierul 

@@ -370,8 +370,21 @@ keywords = [
 
 ]
 
 
 [[rules]]
 
-id = "facebook"
 
+id = "facebook-access-token"
 
 description = "Discovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure."
 
+regex = '''(?i)\b(\d{15,16}\|[0-9a-z\-_]{27})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
 
+
 
+[[rules]]
 
+id = "facebook-page-access-token"
 
+description = "Discovered a Facebook Page Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure."
 
+regex = '''(?i)\b(EAA[MC][a-z0-9]{20,})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
 
+keywords = [
 
+    "eaam","eaac",
 
+]
 
+
 
+[[rules]]
 
+id = "facebook-secret"
 
+description = "Discovered a Facebook Application secret, posing a risk of unauthorized access to Facebook accounts and personal data exposure."
 
 regex = '''(?i)(?:facebook)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
 
 keywords = [
 
     "facebook",