Home Explore Help
Sign In
LBP
/
gitleaks
mirror of https://github.com/gitleaks/gitleaks.git
4
0
Fork 0
Files Issues 0 Wiki
Browse Source

Add Defined Networking API Tokens (#1096)

Adds detection support for Defined Networking tokens (https://docs.defined.net/guides/automating-host-creation/)

I added a fixture in addition to the generator, I think I may be able to use the `generateUniqueToken` instead of the semi-generic option? Let me know if I should update accordingly.

Remove testing fixture
Caleb Jasik 2 years ago
parent
1fb3a77eb8
commit
6b0c303b26
3 changed files with 42 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      cmd/generate/config/main.go
  2. 32 0
      cmd/generate/config/rules/definednetworking.go
  3. 9 0
      config/gitleaks.toml

+ 1 - 0
cmd/generate/config/main.go
View File 

@@ -41,6 +41,7 @@ func main() {
 
 	configRules = append(configRules, rules.Contentful())
 
 	configRules = append(configRules, rules.Databricks())
 
 	configRules = append(configRules, rules.DatadogtokenAccessToken())
 
+	configRules = append(configRules, rules.DefinedNetworkingAPIToken())
 
 	configRules = append(configRules, rules.DigitalOceanPAT())
 
 	configRules = append(configRules, rules.DigitalOceanOAuthToken())
 
 	configRules = append(configRules, rules.DigitalOceanRefreshToken())

+ 32 - 0
cmd/generate/config/rules/definednetworking.go
View File 

@@ -0,0 +1,32 @@
 
+package rules
 
+
 
+import (
 
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 
+	"github.com/zricethezav/gitleaks/v8/config"
 
+)
 
+
 
+func DefinedNetworkingAPIToken() *config.Rule {
 
+	// Define Rule
 
+	r := config.Rule{
 
+		// Human redable description of the rule
 
+		Description: "Defined Networking API token",
 
+
 
+		// Unique ID for the rule
 
+		RuleID: "defined-networking-api-token",
 
+
 
+		// Regex capture group for the actual secret
 
+		SecretGroup: 1,
 
+
 
+		// Regex used for detecting secrets. See regex section below for more details
 
+		Regex: generateSemiGenericRegex([]string{"dnkey"}, `dnkey-[a-z0-9=_\-]{26}-[a-z0-9=_\-]{52}`),
 
+
 
+		// Keywords used for string matching on fragments (think of this as a prefilter)
 
+		Keywords: []string{"dnkey"},
 
+	}
 
+
 
+	// validate
 
+	tps := []string{
 
+		generateSampleSecret("dnkey", "dnkey-"+secrets.NewSecret(alphaNumericExtended("26"))+"-"+secrets.NewSecret(alphaNumericExtended("52"))),
 
+	}
 
+	return validate(r, tps, nil)
 
+}

+ 9 - 0
config/gitleaks.toml
View File 

@@ -242,6 +242,15 @@ keywords = [
 
     "datadog",
 
 ]
 
 
+[[rules]]
 
+description = "Defined Networking API token"
 
+id = "defined-networking-api-token"
 
+regex = '''(?i)(?:dnkey)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(dnkey-[a-z0-9=_\-]{26}-[a-z0-9=_\-]{52})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
 
+secretGroup = 1
 
+keywords = [
 
+    "dnkey",
 
+]
 
+
 
 [[rules]]
 
 description = "DigitalOcean OAuth Access Token"
 
 id = "digitalocean-access-token"