Inicio Explorar Ayuda
Iniciar sesión
LBP
/
gitleaks
espejo de https://github.com/gitleaks/gitleaks.git
4
0
Fork 0
Archivos Incidencias 0 Wiki
Explorar el Código

feat: add Anthropic API key detection (#1910)

Add detection rules for Anthropic API keys:
- anthropic-api-key: detects sk-ant-api03-... keys
- anthropic-admin-api-key: detects sk-ant-admin01-... keys

Both key types follow the pattern sk-ant-{type}-{93 chars}AA
and are detected as separate rules to align with gitleaks
patterns for multi-token providers.

The base regex patterns are aligned with what TruffleHog uses here: https://github.com/trufflesecurity/trufflehog/blob/main/pkg/detectors/anthropic/anthropic.go
Hasnain Lakhani hace 7 meses
padre
7b02c98eb4
commit
72977e41b6
Se han modificado 3 ficheros con 83 adiciones y 0 borrados
Dividir vista Mostrar estadísticas de diff
  1. 2 0
      cmd/generate/config/main.go
  2. 69 0
      cmd/generate/config/rules/anthropic.go
  3. 12 0
      config/gitleaks.toml

+ 2 - 0
cmd/generate/config/main.go
Ver fichero 

@@ -35,6 +35,8 @@ func main() {
 
 		rules.AlgoliaApiKey(),
 
 		rules.AlibabaAccessKey(),
 
 		rules.AlibabaSecretKey(),
 
+		rules.AnthropicAdminApiKey(),
 
+		rules.AnthropicApiKey(),
 
 		rules.ArtifactoryApiKey(),
 
 		rules.ArtifactoryReferenceToken(),
 
 		rules.AsanaClientID(),

+ 69 - 0
cmd/generate/config/rules/anthropic.go
Ver fichero 

@@ -0,0 +1,69 @@
 
+package rules
 
+
 
+import (
 
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/config/utils"
 
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 
+	"github.com/zricethezav/gitleaks/v8/config"
 
+)
 
+
 
+func AnthropicApiKey() *config.Rule {
 
+	// define rule
 
+	r := config.Rule{
 
+		RuleID:      "anthropic-api-key",
 
+		Description: "Identified an Anthropic API Key, which may compromise AI assistant integrations and expose sensitive data to unauthorized access.",
 
+		Regex:       utils.GenerateUniqueTokenRegex(`sk-ant-api03-[a-zA-Z0-9_\-]{93}AA`, false),
 
+		Keywords: []string{
 
+			"sk-ant-api03",
 
+		},
 
+	}
 
+
 
+	// validate
 
+	tps := []string{
 
+		// Valid API key example
 
+		"sk-ant-api03-abc123xyz-456def789ghij-klmnopqrstuvwx-3456yza789bcde-1234fghijklmnopby56aaaogaopaaaabc123xyzAA",
 
+		// Generate additional random test keys
 
+		utils.GenerateSampleSecret("anthropic", "sk-ant-api03-"+secrets.NewSecret(utils.AlphaNumericExtendedShort("93"))+"AA"),
 
+	}
 
+
 
+	fps := []string{
 
+		// Too short key (missing characters)
 
+		"sk-ant-api03-abc123xyz-456de-klMnopqrstuvwx-3456yza789bcde-1234fghijklmnopAA",
 
+		// Wrong suffix
 
+		"sk-ant-api03-abc123xyz-456def789ghij-klmnopqrstuvwx-3456yza789bcde-1234fghijklmnopby56aaaogaopaaaabc123xyzBB",
 
+		// Wrong prefix (admin key, not API key)
 
+		"sk-ant-admin01-abc123xyz-456def789ghij-klmnopqrstuvwx-3456yza789bcde-1234fghijklmnopby56aaaogaopaaaabc123xyzAA",
 
+	}
 
+
 
+	return utils.Validate(r, tps, fps)
 
+}
 
+
 
+func AnthropicAdminApiKey() *config.Rule {
 
+	// define rule
 
+	r := config.Rule{
 
+		RuleID:      "anthropic-admin-api-key",
 
+		Description: "Detected an Anthropic Admin API Key, risking unauthorized access to administrative functions and sensitive AI model configurations.",
 
+		Regex:       utils.GenerateUniqueTokenRegex(`sk-ant-admin01-[a-zA-Z0-9_\-]{93}AA`, false),
 
+		Keywords: []string{
 
+			"sk-ant-admin01",
 
+		},
 
+	}
 
+
 
+	// validate
 
+	tps := []string{
 
+		// Valid admin key example
 
+		"sk-ant-admin01-abc12fake-456def789ghij-klmnopqrstuvwx-3456yza789bcde-12fakehijklmnopby56aaaogaopaaaabc123xyzAA",
 
+		// Generate additional random test keys
 
+		utils.GenerateSampleSecret("anthropic", "sk-ant-admin01-"+secrets.NewSecret(utils.AlphaNumericExtendedShort("93"))+"AA"),
 
+	}
 
+
 
+	fps := []string{
 
+		// Too short key (missing characters)
 
+		"sk-ant-admin01-abc123xyz-456de-klMnopqrstuvwx-3456yza789bcde-1234fghijklmnopAA",
 
+		// Wrong suffix
 
+		"sk-ant-admin01-abc123xyz-456def789ghij-klmnopqrstuvwx-3456yza789bcde-1234fghijklmnopby56aaaogaopaaaabc123xyzBB",
 
+		// Wrong prefix (API key, not admin key)
 
+		"sk-ant-api03-abc123xyz-456def789ghij-klmnopqrstuvwx-3456yza789bcde-1234fghijklmnopby56aaaogaopaaaabc123xyzAA",
 
+	}
 
+
 
+	return utils.Validate(r, tps, fps)
 
+}

+ 12 - 0
config/gitleaks.toml
Ver fichero 

@@ -129,6 +129,18 @@ regex = '''(?i)[\w.-]{0,50}?(?:alibaba)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,
 
 entropy = 2
 
 keywords = ["alibaba"]
 
 
+[[rules]]
 
+id = "anthropic-admin-api-key"
 
+description = "Detected an Anthropic Admin API Key, risking unauthorized access to administrative functions and sensitive AI model configurations."
 
+regex = '''\b(sk-ant-admin01-[a-zA-Z0-9_\-]{93}AA)(?:[\x60'"\s;]|\\[nr]|$)'''
 
+keywords = ["sk-ant-admin01"]
 
+
 
+[[rules]]
 
+id = "anthropic-api-key"
 
+description = "Identified an Anthropic API Key, which may compromise AI assistant integrations and expose sensitive data to unauthorized access."
 
+regex = '''\b(sk-ant-api03-[a-zA-Z0-9_\-]{93}AA)(?:[\x60'"\s;]|\\[nr]|$)'''
 
+keywords = ["sk-ant-api03"]
 
+
 
 [[rules]]
 
 id = "artifactory-api-key"
 
 description = "Detected an Artifactory api key, posing a risk unauthorized access to the central repository."