Почетна Преглед Помоћ
Пријавите се
LBP
/
gitleaks
огледало од https://github.com/gitleaks/gitleaks.git
4
0
Креирај огранак 0
Датотеке Дискусије 0 Вики
Преглед изворни кода

tests: scalingo validation consistent test (#1359)

* Refactor Scalingo API token regex and add sample token

* improve docs for allowlist

I didn't know it when I made #1358

---------

Co-authored-by: Baruch Odem <baruch.odem@checkmarx.com>
Baruch Odem (Rothkoff) пре 1 година
родитељ
247f423a39
комит
79cac73f72
3 измењених фајлова са 10 додато и 5 уклоњено
Подељен поглед Покажи статистику Diff
  1. 2 3
      cmd/generate/config/rules/scalingo.go
  2. 7 1
      config/allowlist.go
  3. 1 1
      config/gitleaks.toml

+ 2 - 3
cmd/generate/config/rules/scalingo.go
Прегледај датотеку 

@@ -1,8 +1,6 @@
 
 package rules
 
 
 import (
 
-	"regexp"
 
-
 
 	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 
 	"github.com/zricethezav/gitleaks/v8/config"
 
 )
 
@@ -12,13 +10,14 @@ func ScalingoAPIToken() *config.Rule {
 
 	r := config.Rule{
 
 		Description: "Found a Scalingo API token, posing a risk to cloud platform services and application deployment security.",
 
 		RuleID:      "scalingo-api-token",
 
-		Regex:       regexp.MustCompile(`\btk-us-[a-zA-Z0-9-_]{48}\b`),
 
+		Regex:       generateUniqueTokenRegex(`tk-us-[a-zA-Z0-9-_]{48}`, false),
 
 		Keywords:    []string{"tk-us-"},
 
 	}
 
 
 	// validate
 
 	tps := []string{
 
 		generateSampleSecret("scalingo", "tk-us-"+secrets.NewSecret(alphaNumericExtendedShort("48"))),
 
+		`scalingo_api_token = "tk-us-loys7ib9yrxcys_ta2sq85mjar6lgcsspkd9x61s7h5epf_-"`, // gitleaks:allow
 
 	}
 
 	return validate(r, tps, nil)
 
 }

+ 7 - 1
config/allowlist.go
Прегледај датотеку 

@@ -14,7 +14,13 @@ type Allowlist struct {
 
 	// Regexes is slice of content regular expressions that are allowed to be ignored.
 
 	Regexes []*regexp.Regexp
 
 
-	// RegexTarget
 
+	// Can be `match` or `line`.
 
+	//
 
+	// If `match` the _Regexes_ will be tested against the match of the _Rule.Regex_.
 
+	//
 
+	// If `line` the _Regexes_ will be tested against the entire line.
 
+	//
 
+	// If RegexTarget is empty, it will be tested against the found secret.
 
 	RegexTarget string
 
 
 	// Paths is a slice of path regular expressions that are allowed to be ignored.

+ 1 - 1
config/gitleaks.toml
Прегледај датотеку 

@@ -2524,7 +2524,7 @@ keywords = [
 
 [[rules]]
 
 id = "scalingo-api-token"
 
 description = "Found a Scalingo API token, posing a risk to cloud platform services and application deployment security."
 
-regex = '''\btk-us-[a-zA-Z0-9-_]{48}\b'''
 
+regex = '''\b(tk-us-[a-zA-Z0-9-_]{48})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
 
 keywords = [
 
     "tk-us-",
 
 ]