Halaman utama Jelajahi Bantuan
Masuk
LBP
/
gitleaks
cermin dari https://github.com/gitleaks/gitleaks.git
4
0
Fork 0
Berkas Masalah 0 Wiki
Jelajahi Sumber

feat: add artifactory reference token and api key detection (#1906)

* feat: add artifactory reference token and api key detection

* fix: match word boundary, add false positive tests

* fix: increase minimum entropy and fix tests
Christophe Goessen 7 bulan lalu
induk
bf380d4767
melakukan
a044b815b3
3 mengubah file dengan 74 tambahan dan 0 penghapusan
Tampilan Split Tampilkan Statistik Diff
  1. 2 0
      cmd/generate/config/main.go
  2. 58 0
      cmd/generate/config/rules/artifactory.go
  3. 14 0
      config/gitleaks.toml

+ 2 - 0
cmd/generate/config/main.go
Tampilan Berkas 

@@ -35,6 +35,8 @@ func main() {
 
 		rules.AlgoliaApiKey(),
 
 		rules.AlibabaAccessKey(),
 
 		rules.AlibabaSecretKey(),
 
+		rules.ArtifactoryApiKey(),
 
+		rules.ArtifactoryReferenceToken(),
 
 		rules.AsanaClientID(),
 
 		rules.AsanaClientSecret(),
 
 		rules.Atlassian(),

+ 58 - 0
cmd/generate/config/rules/artifactory.go
Tampilan Berkas 

@@ -0,0 +1,58 @@
 
+package rules
 
+
 
+import (
 
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/config/utils"
 
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 
+	"github.com/zricethezav/gitleaks/v8/config"
 
+	"github.com/zricethezav/gitleaks/v8/regexp"
 
+)
 
+
 
+func ArtifactoryApiKey() *config.Rule {
 
+	// define rule
 
+	r := config.Rule{
 
+		RuleID:      "artifactory-api-key",
 
+		Description: "Detected an Artifactory api key, posing a risk unauthorized access to the central repository.",
 
+		Regex:       regexp.MustCompile(`\bAKCp[A-Za-z0-9]{69}\b`),
 
+		Entropy:     4.5,
 
+		Keywords:    []string{"AKCp"},
 
+	}
 
+
 
+	// validate
 
+	tps := []string{
 
+		"artifactoryApiKey := \"AKCp" + secrets.NewSecret(utils.AlphaNumeric("69")) + "\"",
 
+	}
 
+	// false positives
 
+	fps := []string{
 
+		`lowEntropy := AKCpXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX`,
 
+		"wrongStart := \"AkCp" + secrets.NewSecret(utils.AlphaNumeric("69")) + "\"",
 
+		"wrongLength := \"AkCp" + secrets.NewSecret(utils.AlphaNumeric("59")) + "\"",
 
+		"partOfAlongUnrelatedBlob gYnkgAkCp" + secrets.NewSecret(utils.AlphaNumeric("69")) + "VyZSB2",
 
+	}
 
+
 
+	return utils.Validate(r, tps, fps)
 
+}
 
+
 
+func ArtifactoryReferenceToken() *config.Rule {
 
+	// define rule
 
+	r := config.Rule{
 
+		RuleID:      "artifactory-reference-token",
 
+		Description: "Detected an Artifactory reference token, posing a risk of impersonation and unauthorized access to the central repository.",
 
+		Regex:       regexp.MustCompile(`\bcmVmd[A-Za-z0-9]{59}\b`),
 
+		Entropy:     4.5,
 
+		Keywords:    []string{"cmVmd"},
 
+	}
 
+
 
+	// validate
 
+	tps := []string{
 
+		"artifactoryRefToken := \"cmVmd" + secrets.NewSecret(utils.AlphaNumeric("59")) + "\"",
 
+	}
 
+	// false positives
 
+	fps := []string{
 
+		`lowEntropy := cmVmdXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX`,
 
+		"wrongStart := \"cmVMd" + secrets.NewSecret(utils.AlphaNumeric("59")) + "\"",
 
+		"wrongLength := \"cmVmd" + secrets.NewSecret(utils.AlphaNumeric("49")) + "\"",
 
+		"partOfAlongUnrelatedBlob gYnkgcmVmd" + secrets.NewSecret(utils.AlphaNumeric("59")) + "VyZSB2",
 
+	}
 
+
 
+	return utils.Validate(r, tps, fps)
 
+}

+ 14 - 0
config/gitleaks.toml
Tampilan Berkas 

@@ -129,6 +129,20 @@ regex = '''(?i)[\w.-]{0,50}?(?:alibaba)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,
 
 entropy = 2
 
 keywords = ["alibaba"]
 
 
+[[rules]]
 
+id = "artifactory-api-key"
 
+description = "Detected an Artifactory api key, posing a risk unauthorized access to the central repository."
 
+regex = '''\bAKCp[A-Za-z0-9]{69}\b'''
 
+entropy = 4.5
 
+keywords = ["akcp"]
 
+
 
+[[rules]]
 
+id = "artifactory-reference-token"
 
+description = "Detected an Artifactory reference token, posing a risk of impersonation and unauthorized access to the central repository."
 
+regex = '''\bcmVmd[A-Za-z0-9]{59}\b'''
 
+entropy = 4.5
 
+keywords = ["cmvmd"]
 
+
 
 [[rules]]
 
 id = "asana-client-id"
 
 description = "Discovered a potential Asana Client ID, risking unauthorized access to Asana projects and sensitive task information."