RubyGems - gitlab-secret_detection - Versions diffs - 0.34.0 → 0.35.1 - Mend

gitlab-secret_detection 0.34.0 → 0.35.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/gitlab/secret_detection/core/secret_push_protection_rules.toml +30 -12
data/lib/gitlab/secret_detection/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8558c035ae55ad1b3adea5106c857176618c8077394093becee9d8706b41685f
-  data.tar.gz: 96af12dda6a1b4c9a4898705879bb487d1434197894c331d45c05aa008c0e0dd
+  metadata.gz: 3e707b2adfcca14ad8ceef1cb0526ac37beb263a651bf2e68cc26cc3c24fa4e9
+  data.tar.gz: f420f5f314faea11ab9fadeabb41c32bf4f38ad355f6a345b93e9ada84a6adb9
 SHA512:
-  metadata.gz: eb2fa2babef91230b6baf9ab1b263afc59a8080cb589ac481cacd6741330e64bc8c37235a40eb9d838bfd5bb995722eadd245cae42272ac1db334b84213b5a66
-  data.tar.gz: c257856d080344cd5c237da7828688b52bea940482299f458592106f97cc195f2fd45e043ac698f937cc6feebef17a73f03ae41e78371b58b623cbd95a74bffb
+  metadata.gz: cc25aabe9741cbfd1a3788f8310e0058a7f6df60991729d86dcd94015396d30db6b5863b8c6b97562dbb7f9d302b6112e558683e043a0eb8de886fc655a8b20f
+  data.tar.gz: badbbd9b472b6ed7c09718448abea3629713f4516d73a0a3f2c931eace7e8907db365738379b85be416769927b02c6998ec2d954a86abf5fc4c97f73591f84e7

data/lib/gitlab/secret_detection/core/secret_push_protection_rules.toml CHANGED Viewed

@@ -1,4 +1,4 @@
-# rule-set version: 0.14.0
+# rule-set version: 0.16.0
 # Rules are auto-generated. See https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-rules for instructions on updating the rules.
 [[rules]]
 id = 'AdafruitIOKey'
@@ -83,19 +83,28 @@ keywords = ['ATCTT3xFfGN0']
 [[rules]]
 id = 'AWS'
-regex = '\bAKIA[0-9A-Z]{16}\b'
+regex = '\bAKIA[2-7A-Z]{16}\b'
 description = "An AWS Access Token was detected. AWS Access Tokens are usually paired along with their secret key values. A malicious\nactor with access to this token can access AWS services with the same permissions as the user which generated the key,\nprovided they have access to both values."
 title = 'AWS access token'
 remediation = "For general guidance on handling security incidents with regards to leaked keys, please see the GitLab documentation on\n[Credential exposure to the internet](https://docs.gitlab.com/ee/security/responding_to_security_incidents.html#credential-exposure-to-public-internet).\n\nTo delete an access key:\n\n- In the \"Access keys\" section, find the key that was identified\n- Select \"Actions\"\n- Select \"Delete\"\n- Follow the instructions in the dialog to first deactivate and then confirm the deletion\n\nFor information on how to manage and revoke access keys for AWS please see their [documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#Using_CreateAccessKey)."
 tags = ['aws', 'revocation_type', 'gitlab_blocking']
 keywords = ['AKIA']
+[[rules]]
+id = 'AWSSTSKey'
+regex = '\bASIA[2-7A-Z]{16}\b'
+description = "An AWS Security Token Service (STS) Key is a temporary security credential that provides short-term access to\nAWS services. These tokens are created when an IAM role is assumed and typically expire within 1-12 hours. A\nmalicious actor with access to this token can perform any actions allowed by the assumed role's permissions\nuntil the token expires. STS tokens are often associated with the permanent credentials (IAM user or service)\nthat originally assumed the role."
+title = 'AWSSTSKey'
+remediation = "For general guidance on handling security incidents with regards to leaked keys, please see the GitLab\ndocumentation on\n[Credential exposure to the internet](https://docs.gitlab.com/ee/security/responding_to_security_incidents.html#credential-exposure-to-public-internet).\n\n**Important**: STS tokens cannot be directly revoked or rotated. They will expire automatically, but immediate\naction is required to limit potential damage.\n\nFor detailed information on managing AWS STS Keys and IAM roles, please see the\n[AWS IAM User Guide](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html).\n\n**Note**: STS tokens expire automatically and cannot be directly revoked. Response efforts must focus on\nmonitoring, damage assessment, and preventing future unauthorized assumptions of the associated IAM role."
+tags = ['gitlab_blocking']
+keywords = ['ASIA']
 [[rules]]
 id = 'AzureEntraClientSecret'
-regex = '\b[0-9A-Za-z]{3}8Q~[0-9A-Za-z_.~]{34}\b'
-description = 'Azure Entra Client Secret'
+regex = '\b[0-9A-Za-z.\-_]{3}8Q~[0-9A-Za-z\-_.~]{34}\b'
+description = "An Azure Entra (previously Active Directory) Client Secret is a confidential credential used\nby applications to authenticate with Microsoft Azure services and APIs. This secret is paired\nwith a Client ID to enable application-level access to Azure resources and Microsoft Graph APIs.\nA malicious actor with access to this client secret could impersonate the application, access\nprotected resources, and perform actions with the same permissions granted to the\napplication registration."
 title = 'Azure Entra Client Secret'
-remediation = "For general guidance on handling security incidents with regards to leaked keys, please see the GitLab documentation on\n[Credential exposure to the internet](https://docs.gitlab.com/ee/security/responding_to_security_incidents.html#credential-exposure-to-public-internet)."
+remediation = "For general guidance on handling security incidents with regards to leaked keys, please see the GitLab\ndocumentation on\n[Credential exposure to the internet](https://docs.gitlab.com/ee/security/responding_to_security_incidents.html#credential-exposure-to-public-internet).\n\nTo rotate your Azure Entra Client Secret:\n\n1. Log in to the [Azure Portal](https://portal.azure.com)\n2. Navigate to \"Microsoft Entra ID\" (formerly Azure Active Directory)\n3. Select \"App registrations\" from the left navigation menu\n4. Find and select the application registration associated with the compromised client secret\n5. Go to \"Certificates & secrets\" in the application settings\n6. In the \"Client secrets\" section, create a new client secret before deleting the old one\n7. Update all applications, configuration files, and key vaults that reference the old client secret\n8. Delete the compromised client secret from the \"Client secrets\" section\n9. Test your applications to ensure they are functioning with the new client secret\n\nFor detailed information on managing Azure Entra Client Secrets, please see the\n[Microsoft Entra application registration documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app)."
 tags = ['gitlab_blocking']
 keywords = ['8Q~']
@@ -103,19 +112,28 @@ keywords = ['8Q~']
 id = 'AzureAPIManagementGatewayKey'
 regex = 'GatewayKey [A-Za-z0-9_-]{3,64}&[0-9]{12}&[A-Za-z0-9+\/]{60,90}=='
 description = "An Azure API Management Gateway Key was detected. These keys provide access to APIs\npublished through Azure API Management services and are tied to specific subscriptions and products. A\nmalicious actor with access to this key can consume APIs within the configured rate limits and access\npolicies, potentially leading to unauthorized data access, service abuse, or unexpected charges."
-title = 'AzureAPIManagementGatewayKey'
+title = 'Azure API Management Gateway Key'
 remediation = "For general guidance on handling security incidents with regards to leaked keys, please see the GitLab\ndocumentation on\n[Credential exposure to the internet](https://docs.gitlab.com/ee/security/responding_to_security_incidents.html#credential-exposure-to-public-internet).\n\nTo regenerate your Azure API Management Gateway Key:\n\n1. Log in to the [Azure Portal](https://portal.azure.com)\n2. Navigate to your API Management service instance\n3. In the left menu, select \"Subscriptions\" under the \"APIs\" section\n4. Locate the compromised subscription by matching the key prefix or subscription name\n5. Click on the subscription name to open its details\n6. In the subscription details, click \"Regenerate primary key\" or \"Regenerate secondary key\"\n   (regenerate the compromised key)\n7. Update all applications and clients that use this subscription key with the new key value\n8. Monitor API usage logs to verify the old key is no longer being used\n9. Consider temporarily disabling the subscription if immediate key rotation isn't possible\n\nFor detailed information on managing Azure API Management subscriptions and keys, please see the\n[Azure API Management documentation](https://docs.microsoft.com/en-us/azure/api-management/api-management-subscriptions)."
 tags = ['gitlab_blocking']
 keywords = ['GatewayKey']
 [[rules]]
-id = 'AzureAPIManagementDirectKey'
-regex = '(?:[Oo]cp-Apim-Subscription-Key).{0,4}[:=].{0,4}([0-9a-fA-F]{32})\b'
-description = "An Azure API Management Direct Key is a subscription key that provides direct access to APIs managed by Azure\nAPI Management service. These keys authenticate and authorize access to published APIs and can be configured with\ndifferent access levels and rate limits. A malicious actor with access to this key could consume your APIs,\npotentially causing service degradation, data exposure, or unexpected charges based on the permissions and quotas\nassociated with the compromised key."
-title = 'AzureAPIManagementDirectKey'
-remediation = "For general guidance on handling security incidents with regards to leaked keys, please see the GitLab\ndocumentation on\n[Credential exposure to the internet](https://docs.gitlab.com/ee/security/responding_to_security_incidents.html#credential-exposure-to-public-internet).\n\nTo revoke your Azure API Management Direct Key:\n\n1. Log in to the Azure portal at <https://portal.azure.com>\n2. Navigate to your API Management service instance by searching for \"API Management\" or accessing it through\n   your resource groups\n3. In the left navigation pane, select \"Subscriptions\" under the \"APIs\" section\n4. Locate the compromised subscription key by reviewing the subscription names, key values, or creation dates\n5. Click on the subscription containing the compromised key, then select \"Regenerate primary key\" or\n   \"Regenerate secondary key\" as appropriate, or delete the subscription entirely if no longer needed\n6. Update all applications, services, and clients that use this subscription key with the new key value and\n   verify API calls are functioning correctly\n\nFor detailed information on managing Azure API Management Direct Key, please see the\n[Azure API Management subscription documentation](https://docs.microsoft.com/en-us/azure/api-management/api-management-subscriptions)."
+id = 'AzureAppConfigConnectionString'
+regex = '\.azconfig\.io;Id=[A-Za-z0-9+\/=:_-]{8,100};Secret=([A-Za-z0-9+\/~=]{32,88})'
+description = "An Azure App Configuration Connection String was detected. This connection string provides access to an Azure\nApp Configuration store, which contains application settings and feature flags. A malicious actor with access to\nthis connection string could read sensitive configuration data, modify application settings, or manipulate\nfeature flags, potentially compromising application functionality and security."
+title = 'Azure App Config Connection String'
+remediation = "For general guidance on handling security incidents with regards to leaked keys, please see the GitLab\ndocumentation on\n[Credential exposure to the internet](https://docs.gitlab.com/ee/security/responding_to_security_incidents.html#credential-exposure-to-public-internet).\n\nTo rotate your Azure App Configuration Connection String:\n\n1. Log in to the [Azure Portal](https://portal.azure.com)\n2. Navigate to \"Azure App Configuration\" from the left-hand menu or search for it in the search bar\n3. Select the specific App Configuration store that contains the compromised connection string\n4. In the left-hand menu, select \"Access keys\" under the \"Settings\" section\n5. Identify the compromised key (Primary or Secondary) and select \"Regenerate\" next to the appropriate key\n6. Copy the new connection string and update all applications, services, and configuration files that use this\n   connection string\n7. Test your applications to ensure they can successfully connect using the new connection string\n8. Once verified, consider regenerating the other key as well for complete security\n\nFor detailed information on managing Azure App Configuration access keys, please see the\n[Azure App Configuration documentation](https://docs.microsoft.com/en-us/azure/azure-app-configuration/howto-disable-access-key-authentication)."
+tags = ['gitlab_blocking']
+keywords = ['.azconfig.io;Id=']
+[[rules]]
+id = 'AzureCommServicesConnectionString'
+regex = '\.azure\.com\/;accesskey=([A-Za-z0-9+\/]{80,140}={0,2})'
+description = "An Azure Communication Services connection string was detected. This connection string provides access to Azure\nCommunication Services resources including SMS, email, chat, voice calling, and video calling capabilities. A\nmalicious actor with access to this connection string could send unauthorized communications, access conversation\ndata, make unauthorized calls, or incur charges on your Azure account."
+title = 'Azure Communication Services Connection String'
+remediation = "For general guidance on handling security incidents with regards to leaked keys, please see the GitLab\ndocumentation on\n[Credential exposure to the internet](https://docs.gitlab.com/ee/security/responding_to_security_incidents.html#credential-exposure-to-public-internet).\n\nTo rotate your Azure Communication Services Connection String:\n\n1. Log in to the [Azure Portal](https://portal.azure.com)\n2. Navigate to your Communication Services resource by searching for \"Communication Services\" in the top search bar\n3. Select your specific Communication Services resource from the list\n4. In the left navigation menu, select \"Keys\" under the \"Settings\" section\n5. Click \"Regenerate\" for either the Primary or Secondary key (regenerate the compromised key first)\n6. Copy the new connection string and update all applications, configuration files, and environment variables that\n   use this credential\n7. Test your applications to ensure they can successfully connect with the new connection string\n8. After confirming everything works, regenerate the other key for complete security\n\nFor detailed information on managing Azure Communication Services Connection Strings, please see the\n[Azure Communication Services Keys documentation](https://docs.microsoft.com/en-us/azure/communication-services/quickstarts/create-communication-resource?tabs=windows&pivots=platform-azp#access-your-connection-strings-and-service-endpoints)."
 tags = ['gitlab_blocking']
-keywords = ['Ocp-Apim-Subscription-Key', 'ocp-Apim-Subscription-Key']
+keywords = ['.azure.com/;accesskey=']
 [[rules]]
 id = 'CDSCanadaNotifyAPIKey'

data/lib/gitlab/secret_detection/version.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Gitlab
     class Gem
       # Ensure to maintain the same version in CHANGELOG file.
       # More details available under 'Release Process' section in the README.md file.
-      VERSION = "0.34.0"
+      VERSION = "0.35.1"
       # SD_ENV env var is used to determine which environment the
       # server is running. This var is defined in `.runway/env-<env>.yml` files.

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-secret_detection
 version: !ruby/object:Gem::Version
-  version: 0.34.0
+  version: 0.35.1
 platform: ruby
 authors:
 - group::secret detection
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-09-15 00:00:00.000000000 Z
+date: 2025-10-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: grpc