Browse Source

Add harness PAT and SAT rules (#1406)

* Add Harness PAT rule.

* Add support for Harness PAT and SAT.

* Update comment for Harness SAT.

* Consolidate PAT and SAT into Harness API Key

* add ignore and capture group to match

---------

Co-authored-by: Zachary Rice <zachary.rice@trufflesec.com>
Dewan Ishtiaque Ahmed 1 năm trước cách đây
mục cha
commit
b899915813
3 tập tin đã thay đổi với 36 bổ sung0 xóa
  1. 1 0
      cmd/generate/config/main.go
  2. 27 0
      cmd/generate/config/rules/harness.go
  3. 8 0
      config/gitleaks.toml

+ 1 - 0
cmd/generate/config/main.go

@@ -99,6 +99,7 @@ func main() {
 		rules.GrafanaApiKey(),
 		rules.GrafanaCloudApiToken(),
 		rules.GrafanaServiceAccountToken(),
+		rules.HarnessApiKey(),
 		rules.Hashicorp(),
 		rules.HashicorpField(),
 		rules.Heroku(),

+ 27 - 0
cmd/generate/config/rules/harness.go

@@ -0,0 +1,27 @@
+package rules
+
+import (
+	"regexp"
+
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
+	"github.com/zricethezav/gitleaks/v8/config"
+)
+
+func HarnessApiKey() *config.Rule {
+	// Define rule for Harness Personal Access Token (PAT) and Service Account Token (SAT)
+	r := config.Rule{
+		Description: "Identified a Harness Access Token (PAT or SAT), risking unauthorized access to a Harness account.",
+		RuleID:      "harness-api-key",
+		Regex:       regexp.MustCompile(`((?:pat|sat)\.[a-zA-Z0-9]{22}\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{20})`),
+		Keywords:    []string{"pat.", "sat."},
+	}
+
+	// Generate a sample secret for validation
+	tps := []string{
+		generateSampleSecret("harness", "pat."+secrets.NewSecret(alphaNumeric("22"))+"."+secrets.NewSecret(alphaNumeric("24"))+"."+secrets.NewSecret(alphaNumeric("20"))),
+		generateSampleSecret("harness", "sat."+secrets.NewSecret(alphaNumeric("22"))+"."+secrets.NewSecret(alphaNumeric("24"))+"."+secrets.NewSecret(alphaNumeric("20"))),
+	}
+
+	// Validate the rule
+	return validate(r, tps, nil)
+}

+ 8 - 0
config/gitleaks.toml

@@ -2093,6 +2093,14 @@ keywords = [
     "glsa_",
 ]
 
+[[rules]]
+id = "harness-api-key"
+description = "Identified a Harness Access Token (PAT or SAT), risking unauthorized access to a Harness account."
+regex = '''((?:pat|sat)\.[a-zA-Z0-9]{22}\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{20})'''
+keywords = [
+    "pat.","sat.",
+]
+
 [[rules]]
 id = "hashicorp-tf-api-token"
 description = "Uncovered a HashiCorp Terraform user/org API token, which may lead to unauthorized infrastructure management and security breaches."