Strona główna Odkrywaj Pomoc
Zaloguj się
LBP
/
gitleaks
kopia lustrzana https://github.com/gitleaks/gitleaks.git
4
0
Forkuj 0
Pliki Problemy 0 Wiki
Przeglądaj źródła

feat: improve regex to detect Sonar tokens with prefixes (#1931)

Since Sonar 9.5, a prefix was added to the tokens.

See: https://www.sonarsource.com/products/sonarqube/whats-new/sonarqube-9-5/
Bruno Guimarães 6 miesięcy temu
rodzic
4fb43823ef
commit
a82bc53d89
2 zmienionych plików z 12 dodań i 7 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 10 6
      cmd/generate/config/rules/sonar.go
  2. 2 1
      config/gitleaks.toml

+ 10 - 6
cmd/generate/config/rules/sonar.go
Wyświetl plik 

@@ -10,18 +10,22 @@ func Sonar() *config.Rule {
 
 	r := config.Rule{
 
 		Description: "Uncovered a Sonar API token, potentially compromising software vulnerability scanning and code security.",
 
 		RuleID:      "sonar-api-token",
 
-		Regex:       utils.GenerateSemiGenericRegex([]string{"sonar[_.-]?(login|token)"}, utils.AlphaNumericExtended("40"), true),
 
+		Regex:       utils.GenerateSemiGenericRegex([]string{"sonar[_.-]?(login|token)"}, "(?:squ_|sqp_|sqa_)?"+utils.AlphaNumericExtended("40"), true),
 
 		Keywords:    []string{"sonar"},
 
+		SecretGroup: 2,
 
 	}
 
 
 	// validate
 
 	tps := utils.GenerateSampleSecrets("sonar", "12345678ABCDEFH1234567890ABCDEFH12345678")
 
 	tps = append(tps,
 
-		`const SONAR_LOGIN = "12345678ABCDEFH1234567890ABCDEFH12345678"`, // gitleaks:allow
 
-		`SONAR_LOGIN := "12345678ABCDEFH1234567890ABCDEFH12345678"`,      // gitleaks:allow
 
-		`SONAR.LOGIN ::= "12345678ABCDEFH1234567890ABCDEFH12345678"`,     // gitleaks:allow
 
-		`SONAR.LOGIN :::= "12345678ABCDEFH1234567890ABCDEFH12345678"`,    // gitleaks:allow
 
-		`SONAR.LOGIN ?= "12345678ABCDEFH1234567890ABCDEFH12345678"`,      // gitleaks:allow
 
+		`const SONAR_LOGIN = "12345678ABCDEFH1234567890ABCDEFH12345678"`,     // gitleaks:allow
 
+		`SONAR_LOGIN := "12345678ABCDEFH1234567890ABCDEFH12345678"`,          // gitleaks:allow
 
+		`SONAR.LOGIN ::= "12345678ABCDEFH1234567890ABCDEFH12345678"`,         // gitleaks:allow
 
+		`SONAR.LOGIN :::= "12345678ABCDEFH1234567890ABCDEFH12345678"`,        // gitleaks:allow
 
+		`SONAR.LOGIN ?= "12345678ABCDEFH1234567890ABCDEFH12345678"`,          // gitleaks:allow
 
+		`const SONAR_TOKEN = "squ_12345678ABCDEFH1234567890ABCDEFH12345678"`, // gitleaks:allow
 
+		`SONAR_LOGIN := "sqp_12345678ABCDEFH1234567890ABCDEFH12345678"`,      // gitleaks:allow
 
+		`SONAR.TOKEN = "sqa_12345678ABCDEFH1234567890ABCDEFH12345678"`,       // gitleaks:allow
 
 	)
 
 	return utils.Validate(r, tps, nil)
 
 }

+ 2 - 1
config/gitleaks.toml
Wyświetl plik 

@@ -3006,7 +3006,8 @@ keywords = ["snyk"]
 
 [[rules]]
 
 id = "sonar-api-token"
 
 description = "Uncovered a Sonar API token, potentially compromising software vulnerability scanning and code security."
 
-regex = '''(?i)[\w.-]{0,50}?(?:sonar[_.-]?(login|token))(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9=_\-]{40})(?:[\x60'"\s;]|\\[nr]|$)'''
 
+regex = '''(?i)[\w.-]{0,50}?(?:sonar[_.-]?(login|token))(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}((?:squ_|sqp_|sqa_)?[a-z0-9=_\-]{40})(?:[\x60'"\s;]|\\[nr]|$)'''
 
+secretGroup = 2
 
 keywords = ["sonar"]
 
 
 [[rules]]