Главная Обзор Помощь
Вход
LBP
/
gitleaks
зеркало из https://github.com/gitleaks/gitleaks.git
4
0
Ответвить 0
Файлы Задачи 0 Вики
Ветка: master
Ветки Метки
gitleaks
/
cmd
/
generate
/
config
/
rules
/
nuget.go

nuget.go 2.1 KB
Постоянная ссылка История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748 
  1. package rules
    2. 

  2. 

  3. import (
    4. 

  4. 	"github.com/zricethezav/gitleaks/v8/cmd/generate/config/utils"
    5. 

  5. 	"github.com/zricethezav/gitleaks/v8/config"
    6. 

  6. 	"github.com/zricethezav/gitleaks/v8/regexp"
    7. 

  7. )
    8. 

  8. 

  9. func NugetConfigPassword() *config.Rule {
    10. 

  10. 	r := config.Rule{
    11. 

  11. 		Description: "Identified a password within a Nuget config file, potentially compromising package management access.",
    12. 

  12. 		RuleID:      "nuget-config-password",
    13. 

  13. 		Regex:       regexp.MustCompile(`(?i)<add key=\"(?:(?:ClearText)?Password)\"\s*value=\"(.{8,})\"\s*/>`),
    14. 

  14. 		Path:        regexp.MustCompile(`(?i)nuget\.config$`),
    15. 

  15. 		Keywords:    []string{"<add key="},
    16. 

  16. 		Entropy:     1,
    17. 

  17. 		Allowlists: []*config.Allowlist{
    18. 

  18. 			{
    19. 

  19. 				Regexes: []*regexp.Regexp{
    20. 

  20. 					// samples from https://learn.microsoft.com/en-us/nuget/reference/nuget-config-file
    21. 

  21. 					regexp.MustCompile(`33f!!lloppa`),
    22. 

  22. 					regexp.MustCompile(`hal\+9ooo_da!sY`),
    23. 

  23. 					// exclude environment variables
    24. 

  24. 					regexp.MustCompile(`^\%\S.*\%$`),
    25. 

  25. 				},
    26. 

  26. 			},
    27. 

  27. 		},
    28. 

  28. 	}
    29. 

  29. 

  30. 	tps := map[string]string{
    31. 

  31. 		"nuget.config": `<add key="Password" value="CleartextPassword1" />`,
    32. 

  32. 		"Nuget.config": `<add key="ClearTextPassword" value="CleartextPassword1" />`,
    33. 

  33. 		"Nuget.Config": `<add key="ClearTextPassword" value="TestSourcePassword" />`,
    34. 

  34. 		"Nuget.COnfig": `<add key="ClearTextPassword" value="TestSource-Password" />`,
    35. 

  35. 		"Nuget.CONfig": `<add key="ClearTextPassword" value="TestSource%Password" />`,
    36. 

  36. 		"Nuget.CONFig": `<add key="ClearTextPassword" value="TestSource%Password%" />`,
    37. 

  37. 	}
    38. 

  38. 

  39. 	fps := map[string]string{
    40. 

  40. 		"some.xml":     `<add key="Password" value="CleartextPassword1" />`,            // wrong filename
    41. 

  41. 		"nuget.config": `<add key="ClearTextPassword" value="XXXXXXXXXXX" />`,          // low entropy
    42. 

  42. 		"Nuget.config": `<add key="ClearTextPassword" value="abc" />`,                  // too short
    43. 

  43. 		"Nuget.Config": `<add key="ClearTextPassword" value="%TestSourcePassword%" />`, // environment variable
    44. 

  44. 		"NUget.Config": `<add key="ClearTextPassword" value="33f!!lloppa" />`,          // known sample
    45. 

  45. 		"NUGet.Config": `<add key="ClearTextPassword" value="hal+9ooo_da!sY" />`,       // known sample
    46. 

  46. 	}
    47. 

  47. 	return utils.ValidateWithPaths(r, tps, fps)
    48. 

  48. }
    49.