Startseite Erkunden Hilfe
Anmelden
LBP
/
gitleaks
Mirror von https://github.com/gitleaks/gitleaks.git
4
0
Fork 0
Dateien Issues 0 Wiki
Struktur: a42b32bdf1
Branches Tags
gitleaks
/
cmd
/
generate
/
config
/
rules
/
rule.go

rule.go 2.2 KB
Verlauf Originalformat

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091 
  1. package rules
    2. 

  2. 

  3. import (
    4. 

  4. 	"fmt"
    5. 

  5. 	"regexp"
    6. 

  6. 	"strings"
    7. 

  7. 

  8. 	"github.com/rs/zerolog/log"
    9. 

  9. 	"github.com/zricethezav/gitleaks/v8/config"
    10. 

  10. 	"github.com/zricethezav/gitleaks/v8/detect"
    11. 

  11. )
    12. 

  12. 

  13. const (
    14. 

  14. 	// case insensitive prefix
    15. 

  15. 	caseInsensitive = `(?i)`
    16. 

  16. 

  17. 	// identifier prefix (just an ignore group)
    18. 

  18. 	identifierPrefix = `(?:`
    19. 

  19. 	identifierSuffix = `)(?:[0-9a-z\-_\s.]{0,20})(?:[\s|']|[\s|"]){0,3}`
    20. 

  20. 

  21. 	// commonly used assignment operators or function call
    22. 

  22. 	operator = `(?:=|>|:=|\|\|:|<=|=>|:)`
    23. 

  23. 

  24. 	// boundaries for the secret
    25. 

  25. 	// \x60 = `
    26. 

  26. 	secretPrefixUnique = `\b(`
    27. 

  27. 	secretPrefix       = `(?:'|\"|\s|=|\x60){0,5}(`
    28. 

  28. 	secretSuffix       = `)(?:['|\"|\n|\r|\s|\x60]|$)`
    29. 

  29. )
    30. 

  30. 

  31. func generateSemiGenericRegex(identifiers []string, secretRegex string) *regexp.Regexp {
    32. 

  32. 	var sb strings.Builder
    33. 

  33. 	sb.WriteString(caseInsensitive)
    34. 

  34. 	sb.WriteString(identifierPrefix)
    35. 

  35. 	sb.WriteString(strings.Join(identifiers, "|"))
    36. 

  36. 	sb.WriteString(identifierSuffix)
    37. 

  37. 	sb.WriteString(operator)
    38. 

  38. 	sb.WriteString(secretPrefix)
    39. 

  39. 	sb.WriteString(secretRegex)
    40. 

  40. 	sb.WriteString(secretSuffix)
    41. 

  41. 	return regexp.MustCompile(sb.String())
    42. 

  42. }
    43. 

  43. 

  44. func generateUniqueTokenRegex(secretRegex string) *regexp.Regexp {
    45. 

  45. 	var sb strings.Builder
    46. 

  46. 	sb.WriteString(caseInsensitive)
    47. 

  47. 	sb.WriteString(secretPrefixUnique)
    48. 

  48. 	sb.WriteString(secretRegex)
    49. 

  49. 	sb.WriteString(secretSuffix)
    50. 

  50. 	return regexp.MustCompile(sb.String())
    51. 

  51. }
    52. 

  52. 

  53. func generateSampleSecret(identifier string, secret string) string {
    54. 

  54. 	return fmt.Sprintf("%s_api_token = \"%s\"", identifier, secret)
    55. 

  55. }
    56. 

  56. 

  57. func validate(r config.Rule, truePositives []string) *config.Rule {
    58. 

  58. 	// normalize keywords like in the config package
    59. 

  59. 	var keywords []string
    60. 

  60. 	for _, k := range r.Keywords {
    61. 

  61. 		keywords = append(keywords, strings.ToLower(k))
    62. 

  62. 	}
    63. 

  63. 	r.Keywords = keywords
    64. 

  64. 

  65. 	d := detect.NewDetector(config.Config{
    66. 

  66. 		Rules:    []*config.Rule{&r},
    67. 

  67. 		Keywords: keywords,
    68. 

  68. 	})
    69. 

  69. 	for _, tp := range truePositives {
    70. 

  70. 		if len(d.DetectString(tp)) != 1 {
    71. 

  71. 			log.Fatal().Msgf("Failed to validate %s", r.RuleID)
    72. 

  72. 		}
    73. 

  73. 	}
    74. 

  74. 	return &r
    75. 

  75. }
    76. 

  76. 

  77. func numeric(size string) string {
    78. 

  78. 	return fmt.Sprintf(`[0-9]{%s}`, size)
    79. 

  79. }
    80. 

  80. 

  81. func hex(size string) string {
    82. 

  82. 	return fmt.Sprintf(`[a-f0-9]{%s}`, size)
    83. 

  83. }
    84. 

  84. 

  85. func alphaNumeric(size string) string {
    86. 

  86. 	return fmt.Sprintf(`[a-z0-9]{%s}`, size)
    87. 

  87. }
    88. 

  88. 

  89. func alphaNumericExtended(size string) string {
    90. 

  90. 	return fmt.Sprintf(`[a-z0-9=_\-]{%s}`, size)
    91. 

  91. }
    92.