Главная Обзор Помощь
Вход
LBP
/
gitleaks
зеркало из https://github.com/gitleaks/gitleaks.git
4
0
Ответвить 0
Файлы Задачи 0 Вики
Просмотр исходного кода

Improve PlanetScale token detection (#874)

This improves the PlanetScale token detection. It add some flexibility
in length. There is no guarantee that the length is always 43 characters
(in fact, it's very likely to change a bit soon).

Additionally, it adds support for detecting oauth tokens as well.
Dirkjan Bussink 3 лет назад
Родитель
d6c0de7c85
Сommit
865478bcdc
3 измененных файлов с 41 добавлено и 6 удалено
Разделённый вид Показать статистику Diff
  1. 2 1
      cmd/generate/config/main.go
  2. 28 3
      cmd/generate/config/rules/planetscale.go
  3. 11 2
      config/gitleaks.toml

+ 2 - 1
cmd/generate/config/main.go
Просмотреть файл 

@@ -80,7 +80,8 @@ func main() {
 
 	configRules = append(configRules, rules.NewRelicBrowserAPIKey())
 
 	configRules = append(configRules, rules.NPM())
 
 	configRules = append(configRules, rules.PlanetScalePassword())
 
-	configRules = append(configRules, rules.PlanetScaleToken())
 
+	configRules = append(configRules, rules.PlanetScaleAPIToken())
 
+	configRules = append(configRules, rules.PlanetScaleOAuthToken())
 
 	configRules = append(configRules, rules.PostManAPI())
 
 	configRules = append(configRules, rules.PrivateKey())
 
 	configRules = append(configRules, rules.PulumiAPIToken())

+ 28 - 3
cmd/generate/config/rules/planetscale.go
Просмотреть файл 

@@ -10,7 +10,7 @@ func PlanetScalePassword() *config.Rule {
 
 	r := config.Rule{
 
 		RuleID:      "planetscale-password",
 
 		Description: "PlanetScale password",
 
-		Regex:       generateUniqueTokenRegex(`pscale_pw_(?i)[a-z0-9=\-_\.]{43}`),
 
+		Regex:       generateUniqueTokenRegex(`pscale_pw_(?i)[a-z0-9=\-_\.]{32,64}`),
 
 		SecretGroup: 1,
 
 		Keywords: []string{
 
 			"pscale_pw_",
 
@@ -19,17 +19,19 @@ func PlanetScalePassword() *config.Rule {
 
 
 	// validate
 
 	tps := []string{
 
+		generateSampleSecret("planetScalePassword", "pscale_pw_"+secrets.NewSecret(alphaNumericExtended("32"))),
 
 		generateSampleSecret("planetScalePassword", "pscale_pw_"+secrets.NewSecret(alphaNumericExtended("43"))),
 
+		generateSampleSecret("planetScalePassword", "pscale_pw_"+secrets.NewSecret(alphaNumericExtended("64"))),
 
 	}
 
 	return validate(r, tps, nil)
 
 }
 
 
-func PlanetScaleToken() *config.Rule {
 
+func PlanetScaleAPIToken() *config.Rule {
 
 	// define rule
 
 	r := config.Rule{
 
 		RuleID:      "planetscale-api-token",
 
 		Description: "PlanetScale API token",
 
-		Regex:       generateUniqueTokenRegex(`pscale_tkn_(?i)[a-z0-9=\-_\.]{43}`),
 
+		Regex:       generateUniqueTokenRegex(`pscale_tkn_(?i)[a-z0-9=\-_\.]{32,64}`),
 
 		SecretGroup: 1,
 
 		Keywords: []string{
 
 			"pscale_tkn_",
 
@@ -38,7 +40,30 @@ func PlanetScaleToken() *config.Rule {
 
 
 	// validate
 
 	tps := []string{
 
+		generateSampleSecret("planetScalePassword", "pscale_tkn_"+secrets.NewSecret(alphaNumericExtended("32"))),
 
 		generateSampleSecret("planetScalePassword", "pscale_tkn_"+secrets.NewSecret(alphaNumericExtended("43"))),
 
+		generateSampleSecret("planetScalePassword", "pscale_tkn_"+secrets.NewSecret(alphaNumericExtended("64"))),
 
+	}
 
+	return validate(r, tps, nil)
 
+}
 
+
 
+func PlanetScaleOAuthToken() *config.Rule {
 
+	// define rule
 
+	r := config.Rule{
 
+		RuleID:      "planetscale-oauth-token",
 
+		Description: "PlanetScale OAuth token",
 
+		Regex:       generateUniqueTokenRegex(`pscale_oauth_(?i)[a-z0-9=\-_\.]{32,64}`),
 
+		SecretGroup: 1,
 
+		Keywords: []string{
 
+			"pscale_oauth_",
 
+		},
 
+	}
 
+
 
+	// validate
 
+	tps := []string{
 
+		generateSampleSecret("planetScalePassword", "pscale_oauth_"+secrets.NewSecret(alphaNumericExtended("32"))),
 
+		generateSampleSecret("planetScalePassword", "pscale_oauth_"+secrets.NewSecret(alphaNumericExtended("43"))),
 
+		generateSampleSecret("planetScalePassword", "pscale_oauth_"+secrets.NewSecret(alphaNumericExtended("64"))),
 
 	}
 
 	return validate(r, tps, nil)
 
 }

+ 11 - 2
config/gitleaks.toml
Просмотреть файл 

@@ -545,7 +545,7 @@ keywords = [
 
 [[rules]]
 
 description = "PlanetScale password"
 
 id = "planetscale-password"
 
-regex = '''(?i)\b(pscale_pw_(?i)[a-z0-9=\-_\.]{43})(?:['|\"|\n|\r|\s|\x60]|$)'''
 
+regex = '''(?i)\b(pscale_pw_(?i)[a-z0-9=\-_\.]{32,64})(?:['|\"|\n|\r|\s|\x60]|$)'''
 
 secretGroup = 1
 
 keywords = [
 
     "pscale_pw_",
 
@@ -554,12 +554,21 @@ keywords = [
 
 [[rules]]
 
 description = "PlanetScale API token"
 
 id = "planetscale-api-token"
 
-regex = '''(?i)\b(pscale_tkn_(?i)[a-z0-9=\-_\.]{43})(?:['|\"|\n|\r|\s|\x60]|$)'''
 
+regex = '''(?i)\b(pscale_tkn_(?i)[a-z0-9=\-_\.]{32,64})(?:['|\"|\n|\r|\s|\x60]|$)'''
 
 secretGroup = 1
 
 keywords = [
 
     "pscale_tkn_",
 
 ]
 
 
+[[rules]]
 
+description = "PlanetScale OAuth token"
 
+id = "planetscale-oauth-token"
 
+regex = '''(?i)\b(pscale_oauth_(?i)[a-z0-9=\-_\.]{32,64})(?:['|\"|\n|\r|\s|\x60]|$)'''
 
+secretGroup = 1
 
+keywords = [
 
+    "pscale_oauth_",
 
+]
 
+
 
 [[rules]]
 
 description = "Postman API token"
 
 id = "postman-api-token"