hace 9 meses · 6f967cad68
--- a/cmd/generate/config/rules/kubernetes.go
+++ b/cmd/generate/config/rules/kubernetes.go
@@ -17,7 +17,7 @@ func KubernetesSecret() *config.Rule {
 
				 	// - valid base64 characters
			
 
				 	// - longer than 10 characters (no "YmFyCg==")
			
 
				 	//language=regexp
			
 
				-	dataPat := `\bdata:(?:.|\s){0,100}?\s+([\w.-]+:(?:[ \t]*(?:\||>[-+]?)\s+)?[ \t]*(?:["']?[a-z0-9+/]{10,}={0,3}["']?|\{\{[ \t\w"|$:=,.-]+}}|""|''))`
			
 
				+	dataPat := `\bdata:(?s:.){0,100}?\s+([\w.-]+:(?:[ \t]*(?:\||>[-+]?)\s+)?[ \t]*(?:["']?[a-z0-9+/]{10,}={0,3}["']?|\{\{[ \t\w"|$:=,.-]+}}|""|''))`
			
 
				 
			
 
				 	// define rule
			
 
				 	r := config.Rule{
			
@@ -25,7 +25,7 @@ func KubernetesSecret() *config.Rule {
 
				 		Description: "Possible Kubernetes Secret detected, posing a risk of leaking credentials/tokens from your deployments",
			
 
				 		Regex: regexp.MustCompile(fmt.Sprintf(
			
 
				 			//language=regexp
			
 
				-			`(?i)(?:%s(?:.|\s){0,200}?%s|%s(?:.|\s){0,200}?%s)`, kindPat, dataPat, dataPat, kindPat)),
			
 
				+			`(?i)(?:%s(?s:.){0,200}?%s|%s(?s:.){0,200}?%s)`, kindPat, dataPat, dataPat, kindPat)),
			
 
				 		Keywords: []string{
			
 
				 			"secret",
			
 
				 		},
			
@@ -45,7 +45,7 @@ func KubernetesSecret() *config.Rule {
 
				 				// Avoid overreach between directives.
			
 
				 				RegexTarget: "match",
			
 
				 				Regexes: []*regexp.Regexp{
			
 
				-					regexp.MustCompile(`(kind:(?:.|\s)+\n---\n(?:.|\s)+\bdata:|data:(?:.|\s)+\n---\n(?:.|\s)+\bkind:)`),
			
 
				+					regexp.MustCompile(`(kind:(?s:.)+\n---\n(?s:.)+\bdata:|data:(?s:.)+\n---\n(?s:.)+\bkind:)`),
			
 
				 				},
			
 
				 			},
			
 
				 		},
			
--- a/config/gitleaks.toml
+++ b/config/gitleaks.toml
@@ -2384,7 +2384,7 @@ keywords = ["kraken"]
 
				 [[rules]]
			
 
				 id = "kubernetes-secret-yaml"
			
 
				 description = "Possible Kubernetes Secret detected, posing a risk of leaking credentials/tokens from your deployments"
			
 
				-regex = '''(?i)(?:\bkind:[ \t]*["']?\bsecret\b["']?(?:.|\s){0,200}?\bdata:(?:.|\s){0,100}?\s+([\w.-]+:(?:[ \t]*(?:\||>[-+]?)\s+)?[ \t]*(?:["']?[a-z0-9+/]{10,}={0,3}["']?|\{\{[ \t\w"|$:=,.-]+}}|""|''))|\bdata:(?:.|\s){0,100}?\s+([\w.-]+:(?:[ \t]*(?:\||>[-+]?)\s+)?[ \t]*(?:["']?[a-z0-9+/]{10,}={0,3}["']?|\{\{[ \t\w"|$:=,.-]+}}|""|''))(?:.|\s){0,200}?\bkind:[ \t]*["']?\bsecret\b["']?)'''
			
 
				+regex = '''(?i)(?:\bkind:[ \t]*["']?\bsecret\b["']?(?s:.){0,200}?\bdata:(?s:.){0,100}?\s+([\w.-]+:(?:[ \t]*(?:\||>[-+]?)\s+)?[ \t]*(?:["']?[a-z0-9+/]{10,}={0,3}["']?|\{\{[ \t\w"|$:=,.-]+}}|""|''))|\bdata:(?s:.){0,100}?\s+([\w.-]+:(?:[ \t]*(?:\||>[-+]?)\s+)?[ \t]*(?:["']?[a-z0-9+/]{10,}={0,3}["']?|\{\{[ \t\w"|$:=,.-]+}}|""|''))(?s:.){0,200}?\bkind:[ \t]*["']?\bsecret\b["']?)'''
			
 
				 path = '''(?i)\.ya?ml$'''
			
 
				 keywords = ["secret"]
			
 
				 [[rules.allowlists]]
			
@@ -2394,7 +2394,7 @@ regexes = [
 
				 [[rules.allowlists]]
			
 
				 regexTarget = "match"
			
 
				 regexes = [
			
 
				-    '''(kind:(?:.|\s)+\n---\n(?:.|\s)+\bdata:|data:(?:.|\s)+\n---\n(?:.|\s)+\bkind:)''',
			
 
				+    '''(kind:(?s:.)+\n---\n(?s:.)+\bdata:|data:(?s:.)+\n---\n(?s:.)+\bkind:)''',
			
 
				 ]
			
 
				 
			
 
				 [[rules]]