Skip to content
Snippets Groups Projects

WIP: Update rules from Gitleaks 3.3.0

Closed Takuya Noguchi requested to merge 205172-update-gitleaks-rules-to-3-3-0 into master
4 unresolved threads

What does this MR do?

Updates rules for Gitleaks 3.3.0 with the rules from Gitleaks 3.3.0.

Complements !23 (merged)

Adds

  • AWS Secret Key
  • Amazon Marketplace Web Service key (upstream mentioning as AWS MWS key, which might be incorrect)
  • Facebook Client ID (besides Facebook Secret Key)
  • Twitter Client ID (besides Twitter Secret Key)
  • LinkedIn Client ID and Secret Key
  • Asymmetric Private Key (EC, PGP, DSA, RSA, OpenSSH private keys)
  • Google API key
  • Heroku API key
  • MailChimp API key
  • Mailgun API key
  • PayPal Braintree access token
  • Picatic API key
  • SendGrid API key
  • Slack Webhook URL (besides Slack bot, workspace, user, secret, and legacy token)
  • Square access token
  • Square OAuth secret
  • Twilio API key
  • Environment variables
  • Ports
  • WordPress configurations

Updates

  • AWS Manager ID (sometimes known as Access key ID)
  • Generic credentials (formerly known as Generic API Key)
  • Stripe API key

Removes

  • Entropy-based credential detection

What are the relevant issue numbers?

Closes gitlab-org/gitlab#205172 (closed)

Relates to gitlab-org/gitlab#205171 (closed), gitlab-org/gitlab#12948 (closed)

Does this MR meet the acceptance criteria?

Edited by Takuya Noguchi

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
9 9 ARG GITLEAKS_VERSION
10 10 ARG TRUFFLEHOG_VERSION
11 11
12 ENV GITLEAKS_VERSION ${GITLEAKS_VERSION:-v1.24.0}
12 ENV GITLEAKS_VERSION ${GITLEAKS_VERSION:-v3.3.0}
  • Zach Rice
    Zach Rice @zrice started a thread on the diff
  • 110
    111 [[rules]]
    112 description = "Square OAuth secret"
    113 regex = '''sq0csp-[0-9A-Za-z\\-_]{43}'''
    114 tags = ["key", "square"]
    115
    116 [[rules]]
    117 description = "Twilio API key"
    118 regex = '''(?i)twilio(.{0,20})?['\"][0-9a-f]{32}['\"]'''
    119 tags = ["key", "twilio"]
    120 # end of adaption from Gitleaks's default config (as of v3.3.0) from the following:
    121 # https://github.com/zricethezav/gitleaks/blob/e7fbcf53338e283bd4c92ecb1e59de7a6df5fa14/config/default.go#L7-L137
    122
    123 # Generic Credential including "-", "_", "/" should be detected
    124 [[rules]]
    125 description = "Generic Credential"
    • Contributor

      I think we should remove the generic credential as this would lead to a higher false positive rate. I actually removed this from the default gitleaks config for this reason.

    • Please register or sign in to reply
  • Zach Rice
    Zach Rice @zrice started a thread on the diff
  • 124 [[rules]]
    125 description = "Generic Credential"
    126 regex = '''(?i)(api_key|apikey|secret)(.{0,20})?['|"][0-9a-zA-Z-_/]{16,45}['|"]'''
    127 tags = ["key", "API", "generic"]
    128
    129 # Stripe API key in test mode ("_test_") should be detected as well as ones in live mode
    130 # https://stripe.com/docs/keys#test-live-modes
    131 [[rules]]
    132 description = "Stripe API key"
    133 regex = '''(?i)stripe(.{0,20})?['\"][sk|rk]_(test|live)_[0-9a-zA-Z]{24}'''
    134 tags = ["key", "Stripe"]
    135
    136 # This config is adapted from Gitleaks's config example (as of v3.3.0) from the following:
    137 # https://github.com/zricethezav/gitleaks/blob/e7fbcf53338e283bd4c92ecb1e59de7a6df5fa14/examples/leaky-repo.toml#L149-L161
    138 [[rules]]
    139 description = "Pure Entropy"
  • Zach Rice
    Zach Rice @zrice started a thread on the diff
  • 146 description = "Entropy plus Generic Credential"
    147 regex = '''(?i)(api_key|apikey|secret|key|api|password|pw)'''
    148 entropies = [
    149 "5.2-5.5"
    150 ]
    151 # end of adaption from Gitleaks's config example (as of v3.3.0) from the following:
    152
    153 [Global]
    154 file = '''(?i)(id_rsa|passwd|id_rsa.pub|pgpass|pem|key|shadow)'''
    155
    50 156 [whitelist]
    51 files = [
    52 "(.*?)(jpg|gif|doc|pdf|bin|svg|socket)$"
    53 ]
    157 description = "image whitelists"
    158 file = '''(.*?)(jpg|gif|doc|pdf|bin|svg|socket)$'''
  • unassigned @zrice

  • Contributor

    @tnir sorry for the delay in review. Could you take a look at my comments then reassign to me once addressed. Thanks!

  • Thomas Woodham changed milestone to %13.1

    changed milestone to %13.1

  • @tnir Are you still actively working on this merge request? Is there anything we can do to help?

    We will plan to close this next week if we don't hear anything from you. And of course, you're always welcome to re-open this merge request if we do end up closing and you do want to pick it back up. Thanks!

  • @tnir I'm closing this MR for the time being. Feel free to reopen if you'd like work on this :smile:

  • Please register or sign in to reply
    Loading