LBP
/
gitleaks
mirror de https://github.com/gitleaks/gitleaks.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164
							package config

// DefaultConfig is the default gitleaks configuration. If --config={path-to-config} is set than the config located
// at {path-to-config} will be used. Alternatively, if --repo-config is set then gitleaks will attempt to
// use the config set in a gitleaks.toml or .gitleaks.toml file in the repo that is run with --repo-config set.
const DefaultConfig = `
title = "gitleaks config"

[[rules]]
	description = "AWS Access Key"
	regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
	tags = ["key", "AWS"]

[[rules]]
	description = "AWS Secret Key"
	regex = '''(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]'''
	tags = ["key", "AWS"]

[[rules]]
	description = "AWS MWS key"
	regex = '''amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
	tags = ["key", "AWS", "MWS"]

[[rules]]
	description = "Facebook Secret Key"
	regex = '''(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]'''
	tags = ["key", "Facebook"]

[[rules]]
	description = "Facebook Client ID"
	regex = '''(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]'''
	tags = ["key", "Facebook"]

[[rules]]
	description = "Twitter Secret Key"
	regex = '''(?i)twitter(.{0,20})?[0-9a-z]{35,44}'''
	tags = ["key", "Twitter"]

[[rules]]
	description = "Twitter Client ID"
	regex = '''(?i)twitter(.{0,20})?[0-9a-z]{18,25}'''
	tags = ["client", "Twitter"]

[[rules]]
	description = "Github"
	regex = '''(?i)github.{0,3}((?i)token|api|key).{0,10}?(?-i)([0-9a-zA-Z]{35,40})'''
	tags = ["key", "Github"]

[[rules]]
	description = "LinkedIn Client ID"
	regex = '''(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}'''
	tags = ["client", "LinkedIn"]

[[rules]]
	description = "LinkedIn Secret Key"
	regex = '''(?i)linkedin(.{0,20})?[0-9a-z]{16}'''
	tags = ["secret", "LinkedIn"]

[[rules]]
	description = "Slack"
	regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})?'''
	tags = ["key", "Slack"]

[[rules]]
	description = "Asymmetric Private Key"
	regex = '''-----BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----'''
	tags = ["key", "AsymmetricPrivateKey"]

[[rules]]
	description = "Google API key"
	regex = '''AIza[0-9A-Za-z\\-_]{35}'''
	tags = ["key", "Google"]

[[rules]]
	description = "Google (GCP) Service Account"
	regex = '''"type": "service_account"'''
	tags = ["key", "Google"]

[[rules]]
	description = "Heroku API key"
	regex = '''(?i)heroku(.{0,20})?[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
	tags = ["key", "Heroku"]

[[rules]]
	description = "MailChimp API key"
	regex = '''(?i)(mailchimp|mc)(.{0,20})?[0-9a-f]{32}-us[0-9]{1,2}'''
	tags = ["key", "Mailchimp"]

[[rules]]
	description = "Mailgun API key"
	regex = '''((?i)(mailgun|mg)(.{0,20})?)?key-[0-9a-z]{32}'''
	tags = ["key", "Mailgun"]

[[rules]]
	description = "PayPal Braintree access token"
	regex = '''access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'''
	tags = ["key", "Paypal"]

[[rules]]
	description = "Picatic API key"
	regex = '''sk_live_[0-9a-z]{32}'''
	tags = ["key", "Picatic"]

[[rules]]
	description = "SendGrid API Key"
	regex = '''SG\.[\w_]{16,32}\.[\w_]{16,64}'''
	tags = ["key", "SendGrid"]

[[rules]]
	description = "Slack Webhook"
	regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8,12}/[a-zA-Z0-9_]{24}'''
	tags = ["key", "slack"]

[[rules]]
	description = "Stripe API key"
	regex = '''(?i)stripe(.{0,20})?[sr]k_live_[0-9a-zA-Z]{24}'''
	tags = ["key", "Stripe"]

[[rules]]
	description = "Square access token"
	regex = '''sq0atp-[0-9A-Za-z\-_]{22}'''
	tags = ["key", "square"]

[[rules]]
	description = "Square OAuth secret"
	regex = '''sq0csp-[0-9A-Za-z\\-_]{43}'''
	tags = ["key", "square"]

[[rules]]
	description = "Twilio API key"
	regex = '''(?i)twilio(.{0,20})?SK[0-9a-f]{32}'''
	tags = ["key", "twilio"]

[[rules]]
	description = "Dynatrace ttoken"
	regex = '''dt0[a-zA-Z]{1}[0-9]{2}\.[A-Z0-9]{24}\.[A-Z0-9]{64}'''
	tags = ["key", "Dynatrace"]

[[rules]]
	description = "Shopify shared secret"
	regex = '''shpss_[a-fA-F0-9]{32}'''
	tags = ["key", "Shopify"]

[[rules]]
	description = "Shopify access token"
	regex = '''shpat_[a-fA-F0-9]{32}'''
	tags = ["key", "Shopify"]

[[rules]]
	description = "Shopify custom app access token"
	regex = '''shpca_[a-fA-F0-9]{32}'''
	tags = ["key", "Shopify"]

[[rules]]
	description = "Shopify private app access token"
	regex = '''shppa_[a-fA-F0-9]{32}'''
	tags = ["key", "Shopify"]

[allowlist]
	description = "Allowlisted files"
	files = ['''^\.?gitleaks.toml$''',
	'''(.*?)(png|jpg|gif|doc|docx|pdf|bin|xls|pyc|zip)$''',
	'''(go.mod|go.sum)$''']
`