1 an în urmă · 818e32f7a4
--- a/cmd/generate/config/main.go
+++ b/cmd/generate/config/main.go
@@ -206,6 +206,7 @@ func main() {
 
															 		rules.SlackLegacyToken(),
														
 
															 		rules.SlackWebHookUrl(),
														
 
															 		rules.Snyk(),
														
 
															+		rules.Sonar(),
														
 
															 		rules.SourceGraph(),
														
 
															 		rules.StripeAccessToken(),
														
 
															 		rules.SquareAccessToken(),
														
--- a/cmd/generate/config/rules/sonar.go
+++ b/cmd/generate/config/rules/sonar.go
@@ -0,0 +1,27 @@
 
															+package rules
														
 
															+
														
 
															+import (
														
 
															+	"github.com/zricethezav/gitleaks/v8/cmd/generate/config/utils"
														
 
															+	"github.com/zricethezav/gitleaks/v8/config"
														
 
															+)
														
 
															+
														
 
															+func Sonar() *config.Rule {
														
 
															+	// define rule
														
 
															+	r := config.Rule{
														
 
															+		Description: "Uncovered a Sonar API token, potentially compromising software vulnerability scanning and code security.",
														
 
															+		RuleID:      "sonar-api-token",
														
 
															+		Regex:       utils.GenerateSemiGenericRegex([]string{"sonar[_.-]?(login|token)"}, utils.AlphaNumericExtended("40"), true),
														
 
															+		Keywords:    []string{"sonar"},
														
 
															+	}
														
 
															+
														
 
															+	// validate
														
 
															+	tps := utils.GenerateSampleSecrets("sonar", "12345678ABCDEFH1234567890ABCDEFH12345678")
														
 
															+	tps = append(tps,
														
 
															+		`const SONAR_LOGIN = "12345678ABCDEFH1234567890ABCDEFH12345678"`, // gitleaks:allow
														
 
															+		`SONAR_LOGIN := "12345678ABCDEFH1234567890ABCDEFH12345678"`,      // gitleaks:allow
														
 
															+		`SONAR.LOGIN ::= "12345678ABCDEFH1234567890ABCDEFH12345678"`,     // gitleaks:allow
														
 
															+		`SONAR.LOGIN :::= "12345678ABCDEFH1234567890ABCDEFH12345678"`,    // gitleaks:allow
														
 
															+		`SONAR.LOGIN ?= "12345678ABCDEFH1234567890ABCDEFH12345678"`,      // gitleaks:allow
														
 
															+	)
														
 
															+	return utils.Validate(r, tps, nil)
														
 
															+}
														
--- a/config/gitleaks.toml
+++ b/config/gitleaks.toml
@@ -2941,6 +2941,12 @@ description = "Uncovered a Snyk API token, potentially compromising software vul
 
															 regex = '''(?i)[\w.-]{0,50}?(?:snyk[_.-]?(?:(?:api|oauth)[_.-]?)?(?:key|token))(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:[\x60'"\s;]|\\[nr]|$)'''
														
 
															 keywords = ["snyk"]
														
 
															+[[rules]]
														
 
															+id = "sonar-api-token"
														
 
															+description = "Uncovered a Sonar API token, potentially compromising software vulnerability scanning and code security."
														
 
															+regex = '''(?i)[\w.-]{0,50}?(?:sonar[_.-]?(login|token))(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9=_\-]{40})(?:[\x60'"\s;]|\\[nr]|$)'''
														
 
															+keywords = ["sonar"]
														
 
															+
														
 
															 [[rules]]
														
 
															 id = "sourcegraph-access-token"
														
 
															 description = "Sourcegraph is a code search and navigation engine."