Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
LBP
/
gitleaks
-ын хуулбар https://github.com/gitleaks/gitleaks.git
4
0
Салаа 0
Файлууд Асуудлууд 0 Мэдлэгийн сан
Эх сурвалжийг харах

feat(rules): Add Perplexity AI API key detection (#1825)

* feat(rules): Add Perplexity AI API key detection

* Fix generation

* Fix imports

* Update cmd/generate/config/rules/perplexity.go

Co-authored-by: Richard Gomez <32133502+rgmz@users.noreply.github.com>

* Update cmd/generate/config/rules/perplexity.go

Co-authored-by: Richard Gomez <32133502+rgmz@users.noreply.github.com>

* Update cmd/generate/config/rules/perplexity.go

Co-authored-by: Richard Gomez <32133502+rgmz@users.noreply.github.com>

* Adjust regex, add imports

* Generate config

---------

Co-authored-by: vno <vno@serity.io>
Co-authored-by: Richard Gomez <32133502+rgmz@users.noreply.github.com>
sirakav 9 сар өмнө
parent
f6193bc92c
commit
7fb21a4e61
3 өөрчлөгдсөн 35 нэмэгдсэн , 0 устгасан
Өөрчлөлтийг ялгаж харах Өөрчлөлтийн статистик харах
  1. 1 0
      cmd/generate/config/main.go
  2. 27 0
      cmd/generate/config/rules/perplexity.go
  3. 7 0
      config/gitleaks.toml

+ 1 - 0
cmd/generate/config/main.go
Файл харах 

@@ -167,6 +167,7 @@ func main() {
 
 		rules.OktaAccessToken(),
 
 		rules.OpenAI(),
 
 		rules.OpenshiftUserToken(),
 
+		rules.PerplexityAPIKey(),
 
 		rules.PlaidAccessID(),
 
 		rules.PlaidSecretKey(),
 
 		rules.PlaidAccessToken(),

+ 27 - 0
cmd/generate/config/rules/perplexity.go
Файл харах 

@@ -0,0 +1,27 @@
 
+package rules
 
+
 
+import (
 
+	"regexp"
 
+
 
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/config/utils"
 
+
 
+	"github.com/zricethezav/gitleaks/v8/config"
 
+)
 
+
 
+func PerplexityAPIKey() *config.Rule {
 
+	// Define Rule
 
+	r := config.Rule{
 
+		RuleID:      "perplexity-api-key",
 
+		Description: "Detected a Perplexity API key, which could lead to unauthorized access to Perplexity AI services and data exposure.",
 
+		Regex:       regexp.MustCompile(`\b(pplx-[a-zA-Z0-9]{48})(?:[\x60'"\s;]|\\[nr]|$|\b)`),
 
+		Keywords:    []string{"pplx-"},
 
+		Entropy:     4.0,
 
+	}
 
+
 
+	// validate
 
+	tps := utils.GenerateSampleSecrets("perplexity", "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'")
 
+	fps := []string{
 
+		"PERPLEXITY_API_KEY=pplx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
 
+	}
 
+	return utils.Validate(r, tps, fps)
 
+}

+ 7 - 0
config/gitleaks.toml
Файл харах 

@@ -2627,6 +2627,13 @@ regex = '''\b(sha256~[\w-]{43})(?:[^\w-]|\z)'''
 
 entropy = 3.5
 
 keywords = ["sha256~"]
 
 
+[[rules]]
 
+id = "perplexity-api-key"
 
+description = "Detected a Perplexity API key, which could lead to unauthorized access to Perplexity AI services and data exposure."
 
+regex = '''\b(pplx-[a-zA-Z0-9]{48})(?:[\x60'"\s;]|\\[nr]|$|\b)'''
 
+entropy = 4
 
+keywords = ["pplx-"]
 
+
 
 [[rules]]
 
 id = "pkcs12-file"
 
 description = "Found a PKCS #12 file, which commonly contain bundled private keys."