Home Explore Help
Sign In
LBP
/
gitleaks
mirror of https://github.com/gitleaks/gitleaks.git
4
0
Fork 0
Files Issues 0 Wiki
Browse Source

Add NewRelic insert key detection (#1417)

danielap-ma 1 year ago
parent
bb4424d454
commit
fe94ef9ca3
3 changed files with 32 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      cmd/generate/config/main.go
  2. 23 0
      cmd/generate/config/rules/newrelic.go
  3. 8 0
      config/gitleaks.toml

+ 1 - 0
cmd/generate/config/main.go
View File 

@@ -133,6 +133,7 @@ func main() {
 
 		rules.NewRelicUserID(),
 
 		rules.NewRelicUserKey(),
 
 		rules.NewRelicBrowserAPIKey(),
 
+		rules.NewRelicInsertKey(),
 
 		rules.NPM(),
 
 		rules.NytimesAccessToken(),
 
 		rules.OktaAccessToken(),

+ 23 - 0
cmd/generate/config/rules/newrelic.go
View File 

@@ -75,3 +75,26 @@ func NewRelicBrowserAPIKey() *config.Rule {
 
 	}
 
 	return validate(r, tps, nil)
 
 }
 
+
 
+func NewRelicInsertKey() *config.Rule {
 
+	// define rule
 
+	r := config.Rule{
 
+		RuleID:      "new-relic-insert-key",
 
+		Description: "Discovered a New Relic insight insert key, compromising data injection into the platform.",
 
+		Regex: generateSemiGenericRegex([]string{
 
+			"new-relic",
 
+			"newrelic",
 
+			"new_relic",
 
+		}, `NRII-[a-z0-9-]{32}`, true),
 
+
 
+		Keywords: []string{
 
+			"NRII-",
 
+		},
 
+	}
 
+
 
+	// validate
 
+	tps := []string{
 
+		generateSampleSecret("new-relic", "NRII-"+secrets.NewSecret(hex("32"))),
 
+	}
 
+	return validate(r, tps, nil)
 
+}

+ 8 - 0
config/gitleaks.toml
View File 

@@ -2367,6 +2367,14 @@ keywords = [
 
     "nrjs-",
 
 ]
 
 
+[[rules]]
 
+id = "new-relic-insert-key"
 
+description = "Discovered a New Relic insight insert key, compromising data injection into the platform."
 
+regex = '''(?i)(?:new-relic|newrelic|new_relic)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(NRII-[a-z0-9-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
 
+keywords = [
 
+    "nrii-",
 
+]
 
+
 
 [[rules]]
 
 id = "new-relic-user-api-id"
 
 description = "Found a New Relic user API ID, posing a risk to application monitoring services and data integrity."