Trang chủ Khám phá Trợ giúp
Đăng nhập
LBP
/
gitleaks
mirror of https://github.com/gitleaks/gitleaks.git
4
0
Fork 0
Các tập tin Các vấn đề 0 Wiki
Browse Source

Add harness PAT and SAT rules (#1406)

* Add Harness PAT rule.

* Add support for Harness PAT and SAT.

* Update comment for Harness SAT.

* Consolidate PAT and SAT into Harness API Key

* add ignore and capture group to match

---------

Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
Dewan Ishtiaque Ahmed 1 năm trước cách đây
mục cha
4c5195b700
commit
b899915813
3 tập tin đã thay đổi với 36 bổ sung0 xóa
Split View Hiển thị tình trạng sai khác
  1. 1 0
      cmd/generate/config/main.go
  2. 27 0
      cmd/generate/config/rules/harness.go
  3. 8 0
      config/gitleaks.toml

+ 1 - 0
cmd/generate/config/main.go
Xem Tập Tin 

@@ -99,6 +99,7 @@ func main() {
 
 		rules.GrafanaApiKey(),
 
 		rules.GrafanaCloudApiToken(),
 
 		rules.GrafanaServiceAccountToken(),
 
+		rules.HarnessApiKey(),
 
 		rules.Hashicorp(),
 
 		rules.HashicorpField(),
 
 		rules.Heroku(),

+ 27 - 0
cmd/generate/config/rules/harness.go
Xem Tập Tin 

@@ -0,0 +1,27 @@
 
+package rules
 
+
 
+import (
 
+	"regexp"
 
+
 
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 
+	"github.com/zricethezav/gitleaks/v8/config"
 
+)
 
+
 
+func HarnessApiKey() *config.Rule {
 
+	// Define rule for Harness Personal Access Token (PAT) and Service Account Token (SAT)
 
+	r := config.Rule{
 
+		Description: "Identified a Harness Access Token (PAT or SAT), risking unauthorized access to a Harness account.",
 
+		RuleID:      "harness-api-key",
 
+		Regex:       regexp.MustCompile(`((?:pat|sat)\.[a-zA-Z0-9]{22}\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{20})`),
 
+		Keywords:    []string{"pat.", "sat."},
 
+	}
 
+
 
+	// Generate a sample secret for validation
 
+	tps := []string{
 
+		generateSampleSecret("harness", "pat."+secrets.NewSecret(alphaNumeric("22"))+"."+secrets.NewSecret(alphaNumeric("24"))+"."+secrets.NewSecret(alphaNumeric("20"))),
 
+		generateSampleSecret("harness", "sat."+secrets.NewSecret(alphaNumeric("22"))+"."+secrets.NewSecret(alphaNumeric("24"))+"."+secrets.NewSecret(alphaNumeric("20"))),
 
+	}
 
+
 
+	// Validate the rule
 
+	return validate(r, tps, nil)
 
+}

+ 8 - 0
config/gitleaks.toml
Xem Tập Tin 

@@ -2093,6 +2093,14 @@ keywords = [
 
     "glsa_",
 
 ]
 
 
+[[rules]]
 
+id = "harness-api-key"
 
+description = "Identified a Harness Access Token (PAT or SAT), risking unauthorized access to a Harness account."
 
+regex = '''((?:pat|sat)\.[a-zA-Z0-9]{22}\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{20})'''
 
+keywords = [
 
+    "pat.","sat.",
 
+]
 
+
 
 [[rules]]
 
 id = "hashicorp-tf-api-token"
 
 description = "Uncovered a HashiCorp Terraform user/org API token, which may lead to unauthorized infrastructure management and security breaches."