Przeglądaj źródła

feat(rules): Add detection for Scalingo API Token (#1262)

* feat(rules): Add detection for Scalingo API Token

* fix(rules): Add boundary on both ends of Scalingo API Token regex to avoid falve positives
Brandon Welsch 2 lat temu
rodzic
commit
d9f86d6123

+ 1 - 0
cmd/generate/config/main.go

@@ -136,6 +136,7 @@ func main() {
 	configRules = append(configRules, rules.RapidAPIAccessToken())
 	configRules = append(configRules, rules.ReadMe())
 	configRules = append(configRules, rules.RubyGemsAPIToken())
+	configRules = append(configRules, rules.ScalingoAPIToken())
 	configRules = append(configRules, rules.SendbirdAccessID())
 	configRules = append(configRules, rules.SendbirdAccessToken())
 	configRules = append(configRules, rules.SendGridAPIToken())

+ 24 - 0
cmd/generate/config/rules/scalingo.go

@@ -0,0 +1,24 @@
+package rules
+
+import (
+	"regexp"
+
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
+	"github.com/zricethezav/gitleaks/v8/config"
+)
+
+func ScalingoAPIToken() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "Scalingo API token",
+		RuleID:      "scalingo-api-token",
+		Regex:       regexp.MustCompile(`\btk-us-[a-zA-Z0-9-_]{48}\b`),
+		Keywords:    []string{"tk-us-"},
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("scalingo", "tk-us-"+secrets.NewSecret(alphaNumericExtendedShort("48"))),
+	}
+	return validate(r, tps, nil)
+}

+ 8 - 0
config/gitleaks.toml

@@ -2555,6 +2555,14 @@ keywords = [
     "rubygems_",
 ]
 
+[[rules]]
+id = "scalingo-api-token"
+description = "Scalingo API token"
+regex = '''\btk-us-[a-zA-Z0-9-_]{48}\b'''
+keywords = [
+    "tk-us-",
+]
+
 [[rules]]
 id = "sendbird-access-id"
 description = "Sendbird Access ID"