gitlab-secret_detection 0.27.1 → 0.28.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 99479e23cc29472b104146c3f33950d876e553d78e59a0018decfa01ef25eb7d
|
|
4
|
+
data.tar.gz: 043fbb440175574c7c337e04e45b6a8817b1686ba1b5386a379367f9d337773a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8d72b4896199b9505c7c8ab72a193d9d7e4dc1e391dd88406c7bc4dee75806fe5bb69bdf9a102c19b7394f2e40fead4ae6723f7fd64c9d88c10f262808103881
|
|
7
|
+
data.tar.gz: bf3438f14f8f73c6bebbb78c44a739d25544cca4933ee2b5869187b73ffcd4ac05f9bc79d90c2ed4b52e464e61af54d3d3c1b2e66f788d8c1ab3ff608947ec21
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# rule-set version: 0.
|
|
1
|
+
# rule-set version: 0.11.0
|
|
2
2
|
# Rules are auto-generated. See https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-rules for instructions on updating the rules.
|
|
3
3
|
[[rules]]
|
|
4
4
|
id = 'Adobe Client Secret'
|
|
@@ -162,6 +162,15 @@ remediation = "For general guidance on handling security incidents with regards
|
|
|
162
162
|
tags = ['gitlab', 'gitlab_blocking', 'client_side_sd']
|
|
163
163
|
keywords = ['glrt']
|
|
164
164
|
|
|
165
|
+
[[rules]]
|
|
166
|
+
id = 'gitlab_runner_auth_token_routable'
|
|
167
|
+
regex = '\bglrt-[0-9a-zA-Z_-]{27,300}\.[0-9a-z]{2}\.[0-9a-z]{2}[0-9a-z]{7}\b'
|
|
168
|
+
description = "A routable GitLab runner authentication token was identified. These tokens allow users to register or authenticate as a runner\nwith the selected project. A malicious actor with access to this token can add a custom runner to the pipeline and\npossibly compromise the repository if the runner was used."
|
|
169
|
+
title = 'GitLab runner authentication token (routable)'
|
|
170
|
+
remediation = "For general guidance on handling security incidents with regards to leaked keys, please see the GitLab documentation on\n[Credential exposure to the internet](https://docs.gitlab.com/ee/security/responding_to_security_incidents.html#credential-exposure-to-public-internet).\n\nTo revoke a runner authentication token, the runner needs to be removed and re-created\n\n- Sign in to your GitLab account and visit the project that created the runner registration token\n- In the left-hand menu, select \"Settings\"\n- Under the \"Settings\" options, select \"CI/CD\"\n- Under the \"Runners\" section, find the runner with the identified token, (you can check the runner `config.toml` if you\n are unsure)\n- Select \"Remove runner\"\n- When prompted, select \"Remove\"\n\nFor more information, please see [GitLabs documentation on registering runners](https://docs.gitlab.com/runner/register/)."
|
|
171
|
+
tags = ['gitlab', 'gitlab_blocking', 'client_side_sd']
|
|
172
|
+
keywords = ['glrt-']
|
|
173
|
+
|
|
165
174
|
[[rules]]
|
|
166
175
|
id = 'gitlab_oauth_app_secret'
|
|
167
176
|
regex = '\b(gloas-[0-9a-zA-Z_\-]{64})(?:[[:punct:]]|[[:space:]]|[[:blank:]]|$)'
|
|
@@ -200,7 +209,7 @@ keywords = ['glimt']
|
|
|
200
209
|
|
|
201
210
|
[[rules]]
|
|
202
211
|
id = 'Grafana API token'
|
|
203
|
-
regex = "['\\\"]eyJrIjoi
|
|
212
|
+
regex = "['\\\"]eyJrIjoi[a-zA-Z0-9-_=]{72,92}['\\\"]"
|
|
204
213
|
description = 'Grafana API token'
|
|
205
214
|
title = 'Grafana API token'
|
|
206
215
|
remediation = "For general guidance on handling security incidents with regards to leaked keys, please see the GitLab documentation on\n[Credential exposure to the internet](https://docs.gitlab.com/ee/security/responding_to_security_incidents.html#credential-exposure-to-public-internet)."
|
|
@@ -209,7 +218,7 @@ keywords = ['eyJrIjoi']
|
|
|
209
218
|
|
|
210
219
|
[[rules]]
|
|
211
220
|
id = 'Hashicorp Terraform user/org API token'
|
|
212
|
-
regex = "['\\\"]
|
|
221
|
+
regex = "['\\\"][a-zA-Z0-9]{14}\\.atlasv1\\.[a-zA-Z0-9-_=]{60,70}['\\\"]"
|
|
213
222
|
description = "A HashiCorp Terraform API token was identified. API tokens can be used to access the HCP Terraform API. A malicious\nactor with access to this token can perform all actions the user account is entitled to."
|
|
214
223
|
title = 'HashiCorp Terraform API token'
|
|
215
224
|
remediation = "For general guidance on handling security incidents with regards to leaked keys, please see the GitLab documentation on\n[Credential exposure to the internet](https://docs.gitlab.com/ee/security/responding_to_security_incidents.html#credential-exposure-to-public-internet).\n\nTo revoke an API token:\n\n- Sign in to the Terraform HCP console and access <https://app.terraform.io/app/settings/tokens>\n- Find the token that was identified\n- Select the trash icon on the right hand side of the token\n- When prompted, select \"Confirm\" in the \"Deleting token ...\" dialog\n\nFor more information, please see [Terraform's documentation on API tokens](https://app.terraform.io/app/settings/tokens)."
|
|
@@ -236,7 +245,7 @@ keywords = ['lin_api_']
|
|
|
236
245
|
|
|
237
246
|
[[rules]]
|
|
238
247
|
id = 'Mailchimp API key'
|
|
239
|
-
regex = "(?i)
|
|
248
|
+
regex = "(?i:mailchimp)[a-zA-Z0-9_ .\\-,]{0,25}(?:=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-f0-9]{32}-us20)['\\\"]"
|
|
240
249
|
description = "A Mailchimp API key was identified. API keys can be used send emails, create and send marketing campaigns, access\ncustomer lists and email addresses. A malicious actor with access to this key can perform any API request to Mailchimp\nwithout restriction."
|
|
241
250
|
title = 'Mailchimp API key'
|
|
242
251
|
remediation = "For general guidance on handling security incidents with regards to leaked keys, please see the GitLab documentation on\n[Credential exposure to the internet](https://docs.gitlab.com/ee/security/responding_to_security_incidents.html#credential-exposure-to-public-internet).\n\nTo revoke an API key:\n\n- Sign in to your Mailchimp account at <https://login.mailchimp.com/>\n- Select your profile icon then select Profile\n- Select the Extras dropdown list then choose \"API keys\"\n- Find the identified key and select \"Revoke\"\n- When prompted, type \"REVOKE\" to confirm and select \"Revoke\" in the \"Revoke API Key\" dialog\n\nFor more information, please see [Mailchimp's documentation on API key security](https://mailchimp.com/help/about-api-keys/#api+key+security)."
|
|
@@ -245,7 +254,7 @@ keywords = ['mailchimp']
|
|
|
245
254
|
|
|
246
255
|
[[rules]]
|
|
247
256
|
id = 'Mailgun private API token'
|
|
248
|
-
regex = "(?i)
|
|
257
|
+
regex = "(?i:mailgun)[a-zA-Z0-9_ .\\-,]{0,25}(?:=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"](key-[a-f0-9]{32})['\\\"]"
|
|
249
258
|
description = "A Mailgun private API token was identified. This key allows you to perform read, write, and delete operations through\nvarious API endpoints and for any of your sending domains. A malicious actor with access to this key can perform any API\nrequest to Mailgun without restriction."
|
|
250
259
|
title = 'Mailgun private API token'
|
|
251
260
|
remediation = "For general guidance on handling security incidents with regards to leaked keys, please see the GitLab documentation on\n[Credential exposure to the internet](https://docs.gitlab.com/ee/security/responding_to_security_incidents.html#credential-exposure-to-public-internet).\n\nTo rotate a private API token:\n\n- Sign in to your Mailgun account and access the dashboard at <https://app.mailgun.com/>\n- On the top right-hand side, select your account profile and then select \"API Security\"\n- Find the identified key and select the trash icon\n - If you cannot select the trash icon, you must first generate a new key by selecting \"Add new key\"\n- When prompted, select \"Delete\" in the \"Delete API Key\" dialog\n\nFor more information, please see [Mailgun's documentation on API keys](https://documentation.mailgun.com/docs/mailgun/user-manual/get-started/#primary-account-api-key)."
|
|
@@ -254,7 +263,7 @@ keywords = ['mailgun']
|
|
|
254
263
|
|
|
255
264
|
[[rules]]
|
|
256
265
|
id = 'Mailgun webhook signing key'
|
|
257
|
-
regex = "(?i)
|
|
266
|
+
regex = "(?i:mailgun)[a-zA-Z0-9_ .\\-,]{0,25}(?:=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})['\\\"]"
|
|
258
267
|
description = "A Mailgun webhook signing key was identified. This key is used by Mailgun to sign all incoming webhook message payloads.\nA malicious actor with access to this key can potentially sign fake webhook events and send it to your service to pass\nvalidation and be processed."
|
|
259
268
|
title = 'Mailgun webhook signing key'
|
|
260
269
|
remediation = "For general guidance on handling security incidents with regards to leaked keys, please see the GitLab documentation on\n[Credential exposure to the internet](https://docs.gitlab.com/ee/security/responding_to_security_incidents.html#credential-exposure-to-public-internet).\n\nTo rotate your HTTP webhook signing key:\n\n- Sign in to your Mailgun account and access the dashboard at <https://app.mailgun.com/>\n- On the top right-hand side, select your account profile and select \"API Security\"\n- In the \"HTTP webhook signing key\" section, select the rotate arrow icon in the right hand side\n- When prompted, select \"Reset Key\" in the \"Reset HTTP webhook signing key\" dialog\n\nFor more information, please see [Mailgun's documentation on webhooks](https://documentation.mailgun.com/docs/mailgun/user-manual/tracking-messages/#securing-webhooks)."
|
|
@@ -281,7 +290,7 @@ keywords = ['NRAK']
|
|
|
281
290
|
|
|
282
291
|
[[rules]]
|
|
283
292
|
id = 'New Relic user API ID'
|
|
284
|
-
regex = "(?i)
|
|
293
|
+
regex = "(?i:newrelic)[a-zA-Z0-9_ .\\-,]{0,25}(?:=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-zA-Z0-9]{64})['\\\"]"
|
|
285
294
|
description = 'New Relic user API ID'
|
|
286
295
|
title = 'New Relic user API ID'
|
|
287
296
|
remediation = "For general guidance on handling security incidents with regards to leaked keys, please see the GitLab documentation on\n[Credential exposure to the internet](https://docs.gitlab.com/ee/security/responding_to_security_incidents.html#credential-exposure-to-public-internet).\n\nFor more information, please see [New Relic's documentation on rotating API keys](https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys/#rotate-keys)."
|
|
@@ -290,7 +299,7 @@ keywords = ['newrelic']
|
|
|
290
299
|
|
|
291
300
|
[[rules]]
|
|
292
301
|
id = 'npm access token'
|
|
293
|
-
regex = "['\\\"](npm_
|
|
302
|
+
regex = "['\\\"](npm_[a-zA-Z0-9]{36})['\\\"]"
|
|
294
303
|
description = "An npm access token was identified. Access tokens can either be classic or granular, both of which allow customization\nof permissions. Depending on the permissions, a malicious actor with access to this token can read packages and package\ninformation, or create new packages and publish them under the account that created them."
|
|
295
304
|
title = 'npm access token'
|
|
296
305
|
remediation = "For general guidance on handling security incidents with regards to leaked keys, please see the GitLab documentation on\n[Credential exposure to the internet](https://docs.gitlab.com/ee/security/responding_to_security_incidents.html#credential-exposure-to-public-internet).\n\nTo revoke an access token from the UI:\n\n- Sign in to your npm account at <https://www.npmjs.com/login>\n- In the top right corner, select your profile picture and then select \"Access Tokens\"\n- Find the token that was identified and select \"x\" in the \"Delete\" column\n- When prompted, select \"OK\" in the dialog\n\nFor more information, please see [npm's documentation on revoking access tokens](https://docs.npmjs.com/revoking-access-tokens)."
|
|
@@ -353,7 +362,7 @@ keywords = ['sgp_']
|
|
|
353
362
|
|
|
354
363
|
[[rules]]
|
|
355
364
|
id = 'Sendgrid API token'
|
|
356
|
-
regex = 'SG\.
|
|
365
|
+
regex = 'SG\.[a-zA-Z0-9_\-\.]{66}'
|
|
357
366
|
description = 'SendGrid API token'
|
|
358
367
|
title = 'SendGrid API token'
|
|
359
368
|
remediation = "For general guidance on handling security incidents with regards to leaked keys, please see the GitLab documentation on\n[Credential exposure to the internet](https://docs.gitlab.com/ee/security/responding_to_security_incidents.html#credential-exposure-to-public-internet)."
|
|
@@ -5,7 +5,7 @@ module Gitlab
|
|
|
5
5
|
class Gem
|
|
6
6
|
# Ensure to maintain the same version in CHANGELOG file.
|
|
7
7
|
# More details available under 'Release Process' section in the README.md file.
|
|
8
|
-
VERSION = "0.
|
|
8
|
+
VERSION = "0.28.0"
|
|
9
9
|
|
|
10
10
|
# SD_ENV env var is used to determine which environment the
|
|
11
11
|
# server is running. This var is defined in `.runway/env-<env>.yml` files.
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: gitlab-secret_detection
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.28.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- group::secret detection
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2025-05-
|
|
13
|
+
date: 2025-05-26 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: grpc
|