The source project of this merge request has been removed.
Add systemd 'machine-id' file detection rule
What does this MR do?
This changeset adds support for detection of systemd machine-id
files to the gitleaks
detection rule list.
The systemd documentation indicates that the content of these files is to be considered confidential, and it seems possible that they could accidentally be committed to git
repositories, for example in relation to container filesystem layouts.
Some notes:
- I acknowledge that this isn't a 'well-identifiable' rule (there is no standardized prefix for these files)
- This rule uses a
path
constraint to attempt to both reduce false-positives and to hopefully reduce performance overhead - I've tested this locally using
gitleaks
v8.12.0 (corresponding to the current version used in this repository) -- although not extensively -- and included what I think is a reasonable lower-bound entropy threshold based on that
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Zach Rice