gitlab-secret_detection 0.14.0 → 0.14.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/gitlab/secret_detection/core/secret_push_protection_rules.toml +223 -0
  3. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b011db6024a9386ec45e091c678b4b4ea43986065f846748f9b646caf2232c86
4
- data.tar.gz: 9faabaf1da62a2470bc8c569a766f48867b0b59c701076b0c8e3d4fbd6ac7550
3
+ metadata.gz: b0ab467aac5be2b21d736da1917982e522bb79522d108ae9edeb0ad0b80b0c09
4
+ data.tar.gz: c0bdaee4db1a8d5220333e44c6ca87645c48ba10d838ecfef5fd632eb7169f31
5
5
  SHA512:
6
- metadata.gz: 7bfb7fcda514e6e5baf4d4aac12208629f9034ffea475d815f95644abf385e3d4983d8640524dd297021e5a441b5b9fd0189b26c2aa8db8e0c38f42d59a0e7fd
7
- data.tar.gz: 188e1ceb321ed6b92535b704dc962d37d2f4aec6c67ecbddb64316d7ec2503f29975ef416fca3b792613a5a2be1c74fa7175c0f161122e0d5e485423ea4ea7c7
6
+ metadata.gz: f54376fa5767253bd79e88b826e1a19f79c0222e16f1394b301c801ff61fb1fbb0f27fbbdd6b0c8899f013fdae75c5b5887327e8e7873c17257a2c16968d70f5
7
+ data.tar.gz: 7805cd5cf18f94006d4e0fb6409d79b2b48fed3108f7eb598a6cea64141d2a43065dad5d0cd58867138cd6aaf8ef71bbd17479b992d9853f46c198f468311bf0
data/lib/gitlab/secret_detection/core/secret_push_protection_rules.toml ADDED
@@ -0,0 +1,223 @@
1
+ # rule-set version: 0.3.0
2
+ # Rules are auto-generated. See https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-rules for instructions on updating the rules.
3
+ [[rules]]
4
+ description = "Anthropic keys"
5
+ id = "anthropic_key"
6
+ keywords = ["sk-ant-"]
7
+ regex = "\\b(sk-ant-[a-z]{3}\\d{2}-[A-Za-z0-9\\\\-_]{86}-[A-Za-z0-9\\\\-_]{8})(?:[[:punct:]]|[[:space:]]|[[:blank:]]|$)"
8
+ tags = ["gitlab_blocking"]
9
+ [[rules]]
10
+ description = "AWS Access Token"
11
+ id = "AWS"
12
+ keywords = ["AKIA"]
13
+ regex = "\\bAKIA[0-9A-Z]{16}\\b"
14
+ tags = ["aws", "revocation_type", "gitlab_blocking"]
15
+ [[rules]]
16
+ description = "GCP API keys can be misused to gain API quota from billed projects"
17
+ id = "GCP API key"
18
+ keywords = ["AIza"]
19
+ regex = "(?i)\\b(AIza[0-9A-Za-z-_]{35})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)"
20
+ secretGroup = 1
21
+ tags = ["gitlab_partner_token", "revocation_type", "gitlab_blocking"]
22
+ [[rules]]
23
+ description = "GCP OAuth client secrets can be misused to spoof your application"
24
+ id = "GCP OAuth client secret"
25
+ keywords = ["GOCSPX-"]
26
+ regex = "GOCSPX-[a-zA-Z0-9_-]{28}"
27
+ tags = ["gitlab_partner_token", "revocation_type", "gitlab_blocking"]
28
+ [[rules]]
29
+ description = "Google (GCP) Service-account"
30
+ id = "Google (GCP) Service-account"
31
+ keywords = ["service_account"]
32
+ regex = "\\\"private_key\\\":\\s*\\\"-{5}BEGIN PRIVATE KEY-{5}[\\s\\S]*?\","
33
+ tags = ["gitlab_partner_token", "revocation_type", "gitlab_blocking"]
34
+ [[rules]]
35
+ description = "Github Personal Access Token"
36
+ id = "Github Personal Access Token"
37
+ keywords = ["ghp_"]
38
+ regex = "ghp_[0-9a-zA-Z]{36}"
39
+ tags = ["gitlab_blocking"]
40
+ [[rules]]
41
+ description = "Github OAuth Access Token"
42
+ id = "Github OAuth Access Token"
43
+ keywords = ["gho_"]
44
+ regex = "gho_[0-9a-zA-Z]{36}"
45
+ tags = ["gitlab_blocking"]
46
+ [[rules]]
47
+ description = "Github App Token"
48
+ id = "Github App Token"
49
+ keywords = ["ghu_", "ghs_"]
50
+ regex = "(ghu|ghs)_[0-9a-zA-Z]{36}"
51
+ tags = ["gitlab_blocking"]
52
+ [[rules]]
53
+ description = "Github Refresh Token"
54
+ id = "Github Refresh Token"
55
+ keywords = ["ghr_"]
56
+ regex = "ghr_[0-9a-zA-Z]{76}"
57
+ tags = ["gitlab_blocking"]
58
+ [[rules]]
59
+ description = "GitLab Personal Access Token"
60
+ id = "gitlab_personal_access_token"
61
+ keywords = ["glpat"]
62
+ regex = "\\b(glpat-[0-9a-zA-Z_\\-]{20})(?:[[:punct:]]|[[:space:]]|[[:blank:]]|$)"
63
+ tags = ["gitlab", "revocation_type", "gitlab_blocking"]
64
+ [[rules]]
65
+ description = "GitLab Pipeline Trigger Token"
66
+ id = "gitlab_pipeline_trigger_token"
67
+ keywords = ["glptt"]
68
+ regex = "\\b(glptt-[0-9a-zA-Z_\\-]{40})(?:[[:punct:]]|[[:space:]]|[[:blank:]]|$)"
69
+ tags = ["gitlab", "gitlab_blocking"]
70
+ [[rules]]
71
+ description = "GitLab Runner Registration Token"
72
+ id = "gitlab_runner_registration_token"
73
+ keywords = ["GR1348941"]
74
+ regex = "\\b(GR1348941[0-9a-zA-Z_\\-]{20})(?:[[:punct:]]|[[:space:]]|[[:blank:]]|$)"
75
+ tags = ["gitlab", "gitlab_blocking"]
76
+ [[rules]]
77
+ description = "GitLab Runner Authentication Token"
78
+ id = "gitlab_runner_auth_token"
79
+ keywords = ["glrt"]
80
+ regex = "\\b(glrt-[0-9a-zA-Z_\\-]{20})(?:[[:punct:]]|[[:space:]]|[[:blank:]]|$)"
81
+ tags = ["gitlab", "gitlab_blocking"]
82
+ [[rules]]
83
+ description = "GitLab OAuth Application Secrets"
84
+ id = "gitlab_oauth_app_secret"
85
+ keywords = ["gloas"]
86
+ regex = "\\b(gloas-[0-9a-zA-Z_\\-]{64})(?:[[:punct:]]|[[:space:]]|[[:blank:]]|$)"
87
+ tags = ["gitlab", "gitlab_blocking"]
88
+ [[rules]]
89
+ description = "GitLab Feed token"
90
+ id = "gitlab_feed_token_v2"
91
+ keywords = ["glft"]
92
+ regex = "\\b(glft-[0-9a-zA-Z_\\-]{20})(?:[[:punct:]]|[[:space:]]|[[:blank:]]|$)"
93
+ tags = ["gitlab", "gitlab_blocking"]
94
+ [[rules]]
95
+ description = "GitLab Agent for Kubernetes token"
96
+ id = "gitlab_kubernetes_agent_token"
97
+ keywords = ["glagent"]
98
+ regex = "\\b(glagent-[0-9a-zA-Z_\\-]{50})(?:[[:punct:]]|[[:space:]]|[[:blank:]]|$)"
99
+ tags = ["gitlab", "gitlab_blocking"]
100
+ [[rules]]
101
+ description = "GitLab Incoming email token"
102
+ id = "gitlab_incoming_email_token"
103
+ keywords = ["glimt"]
104
+ regex = "\\b(glimt-[0-9a-zA-Z_\\-]{25})(?:[[:punct:]]|[[:space:]]|[[:blank:]]|$)"
105
+ tags = ["gitlab", "gitlab_blocking"]
106
+ [[rules]]
107
+ description = "Grafana API token"
108
+ id = "Grafana API token"
109
+ keywords = ["grafana"]
110
+ regex = "['\\\"]eyJrIjoi(?i)[a-z0-9-_=]{72,92}['\\\"]"
111
+ tags = ["gitlab_blocking"]
112
+ [[rules]]
113
+ description = "Hashicorp Terraform user/org API token"
114
+ id = "Hashicorp Terraform user/org API token"
115
+ keywords = ["atlasv1", "hashicorp", "terraform"]
116
+ regex = "['\\\"](?i)[a-z0-9]{14}\\.atlasv1\\.[a-z0-9-_=]{60,70}['\\\"]"
117
+ tags = ["gitlab_blocking"]
118
+ [[rules]]
119
+ description = "Hashicorp Vault batch token"
120
+ id = "Hashicorp Vault batch token"
121
+ keywords = ["hashicorp", "AAAAAQ", "vault"]
122
+ regex = "b\\.AAAAAQ[0-9a-zA-Z_-]{156}"
123
+ tags = ["gitlab_blocking"]
124
+ [[rules]]
125
+ description = "Mailchimp API key"
126
+ id = "Mailchimp API key"
127
+ keywords = ["mailchimp"]
128
+ regex = "(?i)(mailchimp[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-f0-9]{32}-us20)['\\\"]"
129
+ secretGroup = 3
130
+ tags = ["gitlab_blocking"]
131
+ [[rules]]
132
+ description = "Mailgun private API token"
133
+ id = "Mailgun private API token"
134
+ keywords = ["mailgun"]
135
+ regex = "(?i)(mailgun[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"](key-[a-f0-9]{32})['\\\"]"
136
+ secretGroup = 3
137
+ tags = ["gitlab_blocking"]
138
+ [[rules]]
139
+ description = "Mailgun webhook signing key"
140
+ id = "Mailgun webhook signing key"
141
+ keywords = ["mailgun"]
142
+ regex = "(?i)(mailgun[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})['\\\"]"
143
+ secretGroup = 3
144
+ tags = ["gitlab_blocking"]
145
+ [[rules]]
146
+ description = "New Relic user API Key"
147
+ id = "New Relic user API Key"
148
+ keywords = ["NRAK"]
149
+ regex = "['\\\"](NRAK-[A-Z0-9]{27})['\\\"]"
150
+ tags = ["gitlab_blocking"]
151
+ [[rules]]
152
+ description = "New Relic user API ID"
153
+ id = "New Relic user API ID"
154
+ keywords = ["newrelic"]
155
+ regex = "(?i)(newrelic[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([A-Z0-9]{64})['\\\"]"
156
+ secretGroup = 3
157
+ tags = ["gitlab_blocking"]
158
+ [[rules]]
159
+ description = "npm access token"
160
+ id = "npm access token"
161
+ keywords = ["npm_"]
162
+ regex = "['\\\"](npm_(?i)[a-z0-9]{36})['\\\"]"
163
+ tags = ["gitlab_blocking"]
164
+ [[rules]]
165
+ description = "PyPI upload token"
166
+ id = "PyPI upload token"
167
+ keywords = ["pypi-AgEIcHlwaS5vcmc"]
168
+ regex = "pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}"
169
+ tags = ["pypi", "revocation_type", "gitlab_blocking"]
170
+ [[rules]]
171
+ description = "Rubygem API token"
172
+ id = "Rubygem API token"
173
+ keywords = ["rubygems_"]
174
+ regex = "rubygems_[a-f0-9]{48}"
175
+ tags = ["gitlab_blocking"]
176
+ [[rules]]
177
+ description = "Segment Public API token"
178
+ id = "Segment Public API token"
179
+ keywords = ["sgp_"]
180
+ regex = "sgp_[a-zA-Z0-9]{64}"
181
+ tags = ["gitlab_blocking"]
182
+ [[rules]]
183
+ description = "Sendgrid API token"
184
+ id = "Sendgrid API token"
185
+ keywords = ["sendgrid"]
186
+ regex = "SG\\.(?i)[a-z0-9_\\-\\.]{66}"
187
+ tags = ["gitlab_blocking"]
188
+ [[rules]]
189
+ description = "Shopify shared secret"
190
+ id = "Shopify shared secret"
191
+ keywords = ["shpss_"]
192
+ regex = "shpss_[a-fA-F0-9]{32}"
193
+ tags = ["gitlab_blocking"]
194
+ [[rules]]
195
+ description = "Shopify access token"
196
+ id = "Shopify access token"
197
+ keywords = ["shpat_"]
198
+ regex = "shpat_[a-fA-F0-9]{32}"
199
+ tags = ["gitlab_blocking"]
200
+ [[rules]]
201
+ description = "Shopify custom app access token"
202
+ id = "Shopify custom app access token"
203
+ keywords = ["shpca_"]
204
+ regex = "shpca_[a-fA-F0-9]{32}"
205
+ tags = ["gitlab_blocking"]
206
+ [[rules]]
207
+ description = "Shopify private app access token"
208
+ id = "Shopify private app access token"
209
+ keywords = ["shppa_"]
210
+ regex = "shppa_[a-fA-F0-9]{32}"
211
+ tags = ["gitlab_blocking"]
212
+ [[rules]]
213
+ description = "Slack token"
214
+ id = "Slack token"
215
+ keywords = ["xoxb", "xoxa", "xoxp", "xoxr", "xoxs"]
216
+ regex = "xox[baprs]-([0-9a-zA-Z]{10,48})"
217
+ tags = ["gitlab_blocking"]
218
+ [[rules]]
219
+ description = "Stripe"
220
+ id = "Stripe"
221
+ keywords = ["sk_test", "pk_test", "sk_live", "pk_live"]
222
+ regex = "(?i)(sk|pk)_(test|live)_[0-9a-z]{10,32}"
223
+ tags = ["gitlab_blocking"]
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gitlab-secret_detection
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.14.0
4
+ version: 0.14.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - group::secret detection
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2024-12-13 00:00:00.000000000 Z
13
+ date: 2024-12-17 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: grpc
@@ -103,6 +103,7 @@ files:
103
103
  - lib/gitlab/secret_detection/core/response.rb
104
104
  - lib/gitlab/secret_detection/core/ruleset.rb
105
105
  - lib/gitlab/secret_detection/core/scanner.rb
106
+ - lib/gitlab/secret_detection/core/secret_push_protection_rules.toml
106
107
  - lib/gitlab/secret_detection/core/status.rb
107
108
  - lib/gitlab/secret_detection/grpc.rb
108
109
  - lib/gitlab/secret_detection/grpc/client/grpc_client.rb