|
@@ -11,17 +11,20 @@ func SquareAccessToken() *config.Rule {
|
|
|
r := config.Rule{
|
|
r := config.Rule{
|
|
|
RuleID: "square-access-token",
|
|
RuleID: "square-access-token",
|
|
|
Description: "Detected a Square Access Token, risking unauthorized payment processing and financial transaction exposure.",
|
|
Description: "Detected a Square Access Token, risking unauthorized payment processing and financial transaction exposure.",
|
|
|
- Regex: utils.GenerateUniqueTokenRegex(`(EAAA|sq0atp-)[0-9A-Za-z\-_]{22,60}`, true),
|
|
|
|
|
|
|
+ Regex: utils.GenerateUniqueTokenRegex(`(?:EAAA|sq0atp-)[\w-]{22,60}`, false),
|
|
|
Keywords: []string{"sq0atp-", "EAAA"},
|
|
Keywords: []string{"sq0atp-", "EAAA"},
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
// validate
|
|
// validate
|
|
|
tps := []string{
|
|
tps := []string{
|
|
|
- utils.GenerateSampleSecret("square", secrets.NewSecret(`sq0atp-[0-9A-Za-z\-_]{22}`)),
|
|
|
|
|
|
|
+ utils.GenerateSampleSecret("square", secrets.NewSecret(`(?:EAAA|sq0atp-)[\w-]{22,60}`)),
|
|
|
"ARG token=sq0atp-812erere3wewew45678901", // gitleaks:allow
|
|
"ARG token=sq0atp-812erere3wewew45678901", // gitleaks:allow
|
|
|
"ARG token=EAAAlsBxkkVgvmr7FasTFbM6VUGZ31EJ4jZKTJZySgElBDJ_wyafHuBFquFexY7E", // gitleaks:allow",
|
|
"ARG token=EAAAlsBxkkVgvmr7FasTFbM6VUGZ31EJ4jZKTJZySgElBDJ_wyafHuBFquFexY7E", // gitleaks:allow",
|
|
|
}
|
|
}
|
|
|
- return utils.Validate(r, tps, nil)
|
|
|
|
|
|
|
+ fps := []string{
|
|
|
|
|
+ `aws-cli@sha256:eaaa7b11777babe28e6133a8b19ff71cea687e0d7f05158dee95a71f76ce3d00`,
|
|
|
|
|
+ }
|
|
|
|
|
+ return utils.Validate(r, tps, fps)
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
func SquareSecret() *config.Rule {
|
|
func SquareSecret() *config.Rule {
|
|
@@ -29,13 +32,13 @@ func SquareSecret() *config.Rule {
|
|
|
r := config.Rule{
|
|
r := config.Rule{
|
|
|
RuleID: "square-secret",
|
|
RuleID: "square-secret",
|
|
|
Description: "Square Secret",
|
|
Description: "Square Secret",
|
|
|
- Regex: utils.GenerateUniqueTokenRegex(`sq0csp-[0-9A-Za-z\\-_]{43}`, true),
|
|
|
|
|
|
|
+ Regex: utils.GenerateUniqueTokenRegex(`sq0csp-[\w-]{43}`, false),
|
|
|
Keywords: []string{"sq0csp-"},
|
|
Keywords: []string{"sq0csp-"},
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
// validate
|
|
// validate
|
|
|
tps := []string{
|
|
tps := []string{
|
|
|
- utils.GenerateSampleSecret("square", secrets.NewSecret(`sq0csp-[0-9A-Za-z\\-_]{43}`)),
|
|
|
|
|
|
|
+ utils.GenerateSampleSecret("square", secrets.NewSecret(`sq0csp-[\w-]{43}`)),
|
|
|
`value: "sq0csp-0p9h7g6f4s3s3s3-4a3ardgwa6ADRDJDDKUFYDYDYDY"`, // gitleaks:allow
|
|
`value: "sq0csp-0p9h7g6f4s3s3s3-4a3ardgwa6ADRDJDDKUFYDYDYDY"`, // gitleaks:allow
|
|
|
}
|
|
}
|
|
|
return utils.Validate(r, tps, nil)
|
|
return utils.Validate(r, tps, nil)
|
Richard Gomez