chore(gcp): add firebase example keys to the gcp-api-key allowlists (#1635)

cmd/generate/config/rules/gcp.go

@@ -36,6 +36,29 @@ func GCPAPIKey() *config.Rule {
 		Keywords: []string{
 			"AIza",
 		},
+		Allowlists: []config.Allowlist{
+			{
+				Regexes: []*regexp.Regexp{
+					// example keys from https://github.com/firebase/firebase-android-sdk
+					regexp.MustCompile(`AIzaSyabcdefghijklmnopqrstuvwxyz1234567`),
+					regexp.MustCompile(`AIzaSyAnLA7NfeLquW1tJFpx_eQCxoX-oo6YyIs`),
+					regexp.MustCompile(`AIzaSyCkEhVjf3pduRDt6d1yKOMitrUEke8agEM`),
+					regexp.MustCompile(`AIzaSyDMAScliyLx7F0NPDEJi1QmyCgHIAODrlU`),
+					regexp.MustCompile(`AIzaSyD3asb-2pEZVqMkmL6M9N6nHZRR_znhrh0`),
+					regexp.MustCompile(`AIzayDNSXIbFmlXbIE6mCzDLQAqITYefhixbX4A`),
+					regexp.MustCompile(`AIzaSyAdOS2zB6NCsk1pCdZ4-P6GBdi_UUPwX7c`),
+					regexp.MustCompile(`AIzaSyASWm6HmTMdYWpgMnjRBjxcQ9CKctWmLd4`),
+					regexp.MustCompile(`AIzaSyANUvH9H9BsUccjsu2pCmEkOPjjaXeDQgY`),
+					regexp.MustCompile(`AIzaSyA5_iVawFQ8ABuTZNUdcwERLJv_a_p4wtM`),
+					regexp.MustCompile(`AIzaSyA4UrcGxgwQFTfaI3no3t7Lt1sjmdnP5sQ`),
+					regexp.MustCompile(`AIzaSyDSb51JiIcB6OJpwwMicseKRhhrOq1cS7g`),
+					regexp.MustCompile(`AIzaSyBF2RrAIm4a0mO64EShQfqfd2AFnzAvvuU`),
+					regexp.MustCompile(`AIzaSyBcE-OOIbhjyR83gm4r2MFCu4MJmprNXsw`),
+					regexp.MustCompile(`AIzaSyB8qGxt4ec15vitgn44duC5ucxaOi4FmqE`),
+					regexp.MustCompile(`AIzaSyA8vmApnrHNFE0bApF4hoZ11srVL_n0nvY`),
+				},
+			},
+		},
 	}
 
 	// validate
@@ -49,6 +72,23 @@ func GCPAPIKey() *config.Rule {
 		`AIzaTesb6Tscfcni8vIpWZqNCXFDFslJtVSvFDqabcd123`,                                                                   // text boundary end
 		`apiKey: "AIzaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"`,                                                                // not enough entropy
 		`AIZASYCO2CXRMC9ELSKLHLHRMBSWDEVEDZTLO2O`,                                                                          // incorrect case
+		// example keys from https://github.com/firebase/firebase-android-sdk
+		`AIzaSyabcdefghijklmnopqrstuvwxyz1234567`,
+		`AIzaSyAnLA7NfeLquW1tJFpx_eQCxoX-oo6YyIs`,
+		`AIzaSyCkEhVjf3pduRDt6d1yKOMitrUEke8agEM`,
+		`AIzaSyDMAScliyLx7F0NPDEJi1QmyCgHIAODrlU`,
+		`AIzaSyD3asb-2pEZVqMkmL6M9N6nHZRR_znhrh0`,
+		`AIzayDNSXIbFmlXbIE6mCzDLQAqITYefhixbX4A`,
+		`AIzaSyAdOS2zB6NCsk1pCdZ4-P6GBdi_UUPwX7c`,
+		`AIzaSyASWm6HmTMdYWpgMnjRBjxcQ9CKctWmLd4`,
+		`AIzaSyANUvH9H9BsUccjsu2pCmEkOPjjaXeDQgY`,
+		`AIzaSyA5_iVawFQ8ABuTZNUdcwERLJv_a_p4wtM`,
+		`AIzaSyA4UrcGxgwQFTfaI3no3t7Lt1sjmdnP5sQ`,
+		`AIzaSyDSb51JiIcB6OJpwwMicseKRhhrOq1cS7g`,
+		`AIzaSyBF2RrAIm4a0mO64EShQfqfd2AFnzAvvuU`,
+		`AIzaSyBcE-OOIbhjyR83gm4r2MFCu4MJmprNXsw`,
+		`AIzaSyB8qGxt4ec15vitgn44duC5ucxaOi4FmqE`,
+		`AIzaSyA8vmApnrHNFE0bApF4hoZ11srVL_n0nvY`,
 	}
 	return utils.Validate(r, tps, fps)
 }

config/gitleaks.toml

@@ -532,6 +532,25 @@ description = "Uncovered a GCP API key, which could lead to unauthorized access
 regex = '''\b(AIza[\w-]{35})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
 entropy = 3
 keywords = ["aiza"]
+[[rules.allowlists]]
+regexes = [
+    '''AIzaSyabcdefghijklmnopqrstuvwxyz1234567''',
+    '''AIzaSyAnLA7NfeLquW1tJFpx_eQCxoX-oo6YyIs''',
+    '''AIzaSyCkEhVjf3pduRDt6d1yKOMitrUEke8agEM''',
+    '''AIzaSyDMAScliyLx7F0NPDEJi1QmyCgHIAODrlU''',
+    '''AIzaSyD3asb-2pEZVqMkmL6M9N6nHZRR_znhrh0''',
+    '''AIzayDNSXIbFmlXbIE6mCzDLQAqITYefhixbX4A''',
+    '''AIzaSyAdOS2zB6NCsk1pCdZ4-P6GBdi_UUPwX7c''',
+    '''AIzaSyASWm6HmTMdYWpgMnjRBjxcQ9CKctWmLd4''',
+    '''AIzaSyANUvH9H9BsUccjsu2pCmEkOPjjaXeDQgY''',
+    '''AIzaSyA5_iVawFQ8ABuTZNUdcwERLJv_a_p4wtM''',
+    '''AIzaSyA4UrcGxgwQFTfaI3no3t7Lt1sjmdnP5sQ''',
+    '''AIzaSyDSb51JiIcB6OJpwwMicseKRhhrOq1cS7g''',
+    '''AIzaSyBF2RrAIm4a0mO64EShQfqfd2AFnzAvvuU''',
+    '''AIzaSyBcE-OOIbhjyR83gm4r2MFCu4MJmprNXsw''',
+    '''AIzaSyB8qGxt4ec15vitgn44duC5ucxaOi4FmqE''',
+    '''AIzaSyA8vmApnrHNFE0bApF4hoZ11srVL_n0nvY''',
+]
 
 [[rules]]
 id = "generic-api-key"