Home Explore Help
Sign In
LBP
/
gitleaks
mirror of https://github.com/gitleaks/gitleaks.git
4
0
Fork 0
Files Issues 0 Wiki
Browse Source

Add support for GitLab routable tokens #1655

This commit adds support for GitLabs routable tokens.

For the specification see:
https://handbook.gitlab.com/handbook/engineering/architecture/design-documents/cells/routable_tokens/#proposal

Issue: https://github.com/gitleaks/gitleaks/issues/1655
Nicholas Wittstruck 1 year ago
parent
7f77987d91
commit
61d2713fb4
3 changed files with 25 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      cmd/generate/config/main.go
  2. 17 0
      cmd/generate/config/rules/gitlab.go
  3. 7 0
      config/gitleaks.toml

+ 1 - 0
cmd/generate/config/main.go
View File 

@@ -108,6 +108,7 @@ func main() {
 
 		rules.GitlabKubernetesAgentToken(),
 
 		rules.GitlabOauthAppSecret(),
 
 		rules.GitlabPat(),
 
+		rules.GitlabPatRoutable(),
 
 		rules.GitlabPipelineTriggerToken(),
 
 		rules.GitlabRunnerRegistrationToken(),
 
 		rules.GitlabRunnerAuthenticationToken(),

+ 17 - 0
cmd/generate/config/rules/gitlab.go
View File 

@@ -115,6 +115,23 @@ func GitlabPat() *config.Rule {
 
 	return utils.Validate(r, tps, fps)
 
 }
 
 
+func GitlabPatRoutable() *config.Rule {
 
+	r := config.Rule{
 
+		RuleID:      "gitlab-pat-routable",
 
+		Description: "Identified a GitLab Personal Access Token (routable), risking unauthorized access to GitLab repositories and codebase exposure.",
 
+		Regex:       regexp.MustCompile(`glpat-[0-9a-zA-Z_-]{27,300}\.[0-9a-z]{2}[0-9a-z]{7}`),
 
+		Entropy:     3,
 
+		Keywords:    []string{"glpat-"},
 
+	}
 
+
 
+	// validate
 
+	tps := utils.GenerateSampleSecrets("gitlab", "glpat-"+secrets.NewSecret(utils.AlphaNumeric("27"))+"."+secrets.NewSecret(utils.AlphaNumeric("2"))+secrets.NewSecret(utils.AlphaNumeric("7")))
 
+	fps := []string{
 
+		"glpat-XXXXXXXXXXXXXXXXXXX",
 
+	}
 
+	return utils.Validate(r, tps, fps)
 
+}
 
+
 
 func GitlabPipelineTriggerToken() *config.Rule {
 
 	r := config.Rule{
 
 		RuleID:      "gitlab-ptt",

+ 7 - 0
config/gitleaks.toml
View File 

@@ -2137,6 +2137,13 @@ regex = '''glpat-[\w-]{20}'''
 
 entropy = 3
 
 keywords = ["glpat-"]
 
 
+[[rules]]
 
+id = "gitlab-pat-routable"
 
+description = "Identified a GitLab Personal Access Token (routable), risking unauthorized access to GitLab repositories and codebase exposure."
 
+regex = '''glpat-[0-9a-zA-Z_-]{27,300}\.[0-9a-z]{2}[0-9a-z]{7}'''
 
+entropy = 3
 
+keywords = ["glpat-"]
 
+
 
 [[rules]]
 
 id = "gitlab-ptt"
 
 description = "Found a GitLab Pipeline Trigger Token, potentially compromising continuous integration workflows and project security."