Acasă Explorează Ajutor
Autentificare
LBP
/
gitleaks
oglindă de https://github.com/gitleaks/gitleaks.git
4
0
Bifurcare 0
Fisiere Probleme 0 Wiki
Arbore: 4e8d7d3790
Ramuri Etichete
gitleaks
/
cmd
/
generate
/
config
/
utils
/
generate.go

generate.go 2.1 KB
Istoric Crud

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071 
  1. // == WARNING ==
    2. 

  2. // These functions are used to generate GitLeak's default config.
    3. 

  3. // You are free to use these in your own project, HOWEVER, no API stability is guaranteed.
    4. 

  4. 

  5. package utils
    6. 

  6. 

  7. import (
    8. 

  8. 	"fmt"
    9. 

  9. 	"regexp"
    10. 

  10. 	"strings"
    11. 

  11. )
    12. 

  12. 

  13. const (
    14. 

  14. 	// case insensitive prefix
    15. 

  15. 	caseInsensitive = `(?i)`
    16. 

  16. 

  17. 	// identifier prefix (just an ignore group)
    18. 

  18. 	identifierCaseInsensitivePrefix = `(?i:`
    19. 

  19. 	identifierCaseInsensitiveSuffix = `)`
    20. 

  20. 	identifierPrefix                = `(?:`
    21. 

  21. 	identifierSuffix                = `)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}`
    22. 

  22. 

  23. 	// commonly used assignment operators or function call
    24. 

  24. 	operator = `(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)`
    25. 

  25. 

  26. 	// boundaries for the secret
    27. 

  27. 	// \x60 = `
    28. 

  28. 	secretPrefixUnique = `\b(`
    29. 

  29. 	secretPrefix       = `(?:'|\"|\s|=|\x60){0,5}(`
    30. 

  30. 	secretSuffix       = `)(?:['|\"|\n|\r|\s|\x60|;]|$)`
    31. 

  31. )
    32. 

  32. 

  33. func GenerateSemiGenericRegex(identifiers []string, secretRegex string, isCaseInsensitive bool) *regexp.Regexp {
    34. 

  34. 	var sb strings.Builder
    35. 

  35. 	// The identifiers should always be case-insensitive.
    36. 

  36. 	// This is inelegant but prevents an extraneous `(?i:)` from being added to the pattern; it could be removed.
    37. 

  37. 	if isCaseInsensitive {
    38. 

  38. 		sb.WriteString(caseInsensitive)
    39. 

  39. 		writeIdentifiers(&sb, identifiers)
    40. 

  40. 	} else {
    41. 

  41. 		sb.WriteString(identifierCaseInsensitivePrefix)
    42. 

  42. 		writeIdentifiers(&sb, identifiers)
    43. 

  43. 		sb.WriteString(identifierCaseInsensitiveSuffix)
    44. 

  44. 	}
    45. 

  45. 	sb.WriteString(operator)
    46. 

  46. 	sb.WriteString(secretPrefix)
    47. 

  47. 	sb.WriteString(secretRegex)
    48. 

  48. 	sb.WriteString(secretSuffix)
    49. 

  49. 	return regexp.MustCompile(sb.String())
    50. 

  50. }
    51. 

  51. 

  52. func writeIdentifiers(sb *strings.Builder, identifiers []string) {
    53. 

  53. 	sb.WriteString(identifierPrefix)
    54. 

  54. 	sb.WriteString(strings.Join(identifiers, "|"))
    55. 

  55. 	sb.WriteString(identifierSuffix)
    56. 

  56. }
    57. 

  57. 

  58. func GenerateUniqueTokenRegex(secretRegex string, isCaseInsensitive bool) *regexp.Regexp {
    59. 

  59. 	var sb strings.Builder
    60. 

  60. 	if isCaseInsensitive {
    61. 

  61. 		sb.WriteString(caseInsensitive)
    62. 

  62. 	}
    63. 

  63. 	sb.WriteString(secretPrefixUnique)
    64. 

  64. 	sb.WriteString(secretRegex)
    65. 

  65. 	sb.WriteString(secretSuffix)
    66. 

  66. 	return regexp.MustCompile(sb.String())
    67. 

  67. }
    68. 

  68. 

  69. func GenerateSampleSecret(identifier string, secret string) string {
    70. 

  70. 	return fmt.Sprintf("%s_api_token = \"%s\"", identifier, secret)
    71. 

  71. }
    72.