Strona główna Odkrywaj Pomoc
Zaloguj się
LBP
/
gitleaks
kopia lustrzana https://github.com/gitleaks/gitleaks.git
4
0
Forkuj 0
Pliki Problemy 0 Wiki
Drzewo: 3f4d91fc22
Gałęzie Tagi
gitleaks
/
cmd
/
generate
/
config
/
rules
/
teams.go

teams.go 1.1 KB
Historia Czysty

1234567891011121314151617181920212223242526272829 
  1. package rules
    2. 

  2. 

  3. import (
    4. 

  4. 	"github.com/zricethezav/gitleaks/v8/cmd/generate/config/utils"
    5. 

  5. 	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
    6. 

  6. 	"github.com/zricethezav/gitleaks/v8/config"
    7. 

  7. 	"github.com/zricethezav/gitleaks/v8/regexp"
    8. 

  8. )
    9. 

  9. 

  10. func TeamsWebhook() *config.Rule {
    11. 

  11. 	// define rule
    12. 

  12. 	r := config.Rule{
    13. 

  13. 		RuleID:      "microsoft-teams-webhook",
    14. 

  14. 		Description: "Uncovered a Microsoft Teams Webhook, which could lead to unauthorized access to team collaboration tools and data leaks.",
    15. 

  15. 		Regex: regexp.MustCompile(
    16. 

  16. 			`https://[a-z0-9]+\.webhook\.office\.com/webhookb2/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}@[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}/IncomingWebhook/[a-z0-9]{32}/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}`),
    17. 

  17. 		Keywords: []string{
    18. 

  18. 			"webhook.office.com",
    19. 

  19. 			"webhookb2",
    20. 

  20. 			"IncomingWebhook",
    21. 

  21. 		},
    22. 

  22. 	}
    23. 

  23. 

  24. 	// validate
    25. 

  25. 	tps := []string{
    26. 

  26. 		"https://mycompany.webhook.office.com/webhookb2/" + secrets.NewSecret(`[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}@[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}\/IncomingWebhook\/[a-z0-9]{32}\/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}`), // gitleaks:allow
    27. 

  27. 	}
    28. 

  28. 	return utils.Validate(r, tps, nil)
    29. 

  29. }
    30.