RubyGems - gitlab-secret_detection - Versions diffs - 0.35.1 → 0.36.0 - Mend

gitlab-secret_detection 0.35.1 → 0.36.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/gitlab/secret_detection/core/secret_push_protection_rules.toml +46 -1
data/lib/gitlab/secret_detection/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3e707b2adfcca14ad8ceef1cb0526ac37beb263a651bf2e68cc26cc3c24fa4e9
-  data.tar.gz: f420f5f314faea11ab9fadeabb41c32bf4f38ad355f6a345b93e9ada84a6adb9
+  metadata.gz: e4f3012454207a549b1a76d4056eb461939939da1464144aedb4b362534227c4
+  data.tar.gz: d001452f5a97941ad46917c4bfd5439f322f4fc6cd96d9ab4a03ef6de7c67363
 SHA512:
-  metadata.gz: cc25aabe9741cbfd1a3788f8310e0058a7f6df60991729d86dcd94015396d30db6b5863b8c6b97562dbb7f9d302b6112e558683e043a0eb8de886fc655a8b20f
-  data.tar.gz: badbbd9b472b6ed7c09718448abea3629713f4516d73a0a3f2c931eace7e8907db365738379b85be416769927b02c6998ec2d954a86abf5fc4c97f73591f84e7
+  metadata.gz: d931a95b9cb870e8bc3657e02bca3d47d611c331162a80e4fe38cb44e587a64f1305374f405cc95e75f8d3c7a0049ee809d53e32ea92c33bb1cd1fd0f0dff073
+  data.tar.gz: 2e24b44772a14fe81d5e4a4886d00b81481af2af31298adb65a3e01479e00df26fc3e8980e7b9162de92954b23fdd18d1d2be3f93108c6912604d005e9e15d98

data/lib/gitlab/secret_detection/core/secret_push_protection_rules.toml CHANGED Viewed

@@ -1,4 +1,4 @@
-# rule-set version: 0.16.0
+# rule-set version: 0.17.0
 # Rules are auto-generated. See https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-rules for instructions on updating the rules.
 [[rules]]
 id = 'AdafruitIOKey'
@@ -135,6 +135,33 @@ remediation = "For general guidance on handling security incidents with regards
 tags = ['gitlab_blocking']
 keywords = ['.azure.com/;accesskey=']
+[[rules]]
+id = 'AzureFunctionsAPIKeyViaURL'
+regex = '\.azurewebsites\.net\/api\/.{3,64}?code=([a-zA-Z0-9\/+_-]{54}==|[a-zA-Z0-9%\/+_-]{54,84}%3[dD]%3[dD])'
+description = "An Azure Functions API Key (also called a function key or host key) is a secret token used to authenticate\nrequests to Azure Functions endpoints. These keys provide access to invoke specific functions or all\nfunctions within a function app. A malicious actor with access to this key could execute your serverless\nfunctions, potentially triggering unauthorized operations, accessing connected resources, or incurring\nsignificant Azure costs through excessive invocations."
+title = 'Azure Functions API Key'
+remediation = "For general guidance on handling security incidents with regards to leaked keys, please see the GitLab\ndocumentation on\n[Credential exposure to the internet](https://docs.gitlab.com/ee/security/responding_to_security_incidents.html#credential-exposure-to-public-internet).\n\nTo rotate your Azure Functions API Key:\n\n1. Log in to the [Azure Portal](https://portal.azure.com)\n2. Navigate to your Function App by searching for \"Function App\" or selecting it from your resources\n3. Select the specific Function App that contains the compromised key\n4. In the left menu, under \"Functions\", select \"App keys\" for host keys or select the individual function\n   and then \"Function Keys\" for function-specific keys\n5. Identify the compromised key by name or value, select the three dots menu next to it, and choose \"Delete\"\n6. Create a new key by selecting \"New function key\" or \"New host key\", provide a name, and save it\n7. Update all applications, scripts, and services that call your Azure Functions with the new key value\n8. Test your applications to verify they can successfully invoke the functions with the new key\n9. Monitor Azure Function logs to ensure no unauthorized access attempts occur with the old key\n\nFor detailed information on managing Azure Functions API Keys, please see the\n[Azure Functions security documentation](https://learn.microsoft.com/en-us/azure/azure-functions/security-concepts)."
+tags = ['gitlab_blocking']
+keywords = ['.azurewebsites.net/api/']
+[[rules]]
+id = 'AzureLogicAppSAS'
+regex = '\.(?:azure|windows)\.net\/.{0,64}\?.{0,128}sig=([a-zA-Z0-9%]{43,73}%3[dD])'
+description = "An Azure Logic App Shared Access Signature (SAS) was detected. This credential provides delegated access to\ntrigger Azure Logic App workflows through HTTP requests without requiring Azure AD authentication. A malicious\nactor with access to this SAS URL could trigger automated workflows, potentially causing unwanted data processing,\nintegration with other services, or execution of business processes."
+title = 'Azure Logic App Shared Access Signature'
+remediation = "For general guidance on handling security incidents with regards to leaked keys, please see the GitLab\ndocumentation on\n[Credential exposure to the internet](https://docs.gitlab.com/ee/security/responding_to_security_incidents.html#credential-exposure-to-public-internet).\n\nTo rotate your Azure Logic App Shared Access Signature:\n\n1. Log in to the [Azure Portal](https://portal.azure.com)\n2. Navigate to your Logic App by searching for \"Logic Apps\" or finding it in your resources\n3. Select the specific Logic App that contains the compromised SAS token\n4. In the Logic App menu, select \"Logic app designer\" to view the workflow\n5. Locate the HTTP trigger or connector that generated the compromised SAS URL\n6. Click on the trigger/connector to expand its settings\n7. Select \"Regenerate URL\" or disable the trigger entirely if no longer needed\n8. Copy the new SAS URL if regenerated\n9. Update all external applications, webhooks, or services that use the old SAS URL\n10. Test the new URL to verify it works correctly\n11. Monitor Logic App run history to ensure no unauthorized triggers occur\n\nFor detailed information on managing Azure Logic App Shared Access Signature, please see the\n[Azure Logic Apps documentation](https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app#access-to-request-based-triggers)."
+tags = ['gitlab_blocking']
+keywords = ['azure.net', 'windows.net']
+[[rules]]
+id = 'AzureSignalRAccessKey'
+regex = '\.signalr\.net;AccessKey=([a-zA-Z0-9\/+]{43}[=]?)'
+description = "An Azure SignalR Access Key was detected. Azure SignalR Access Keys are authentication credentials\nthat provide access to Azure SignalR Service, a real-time messaging service that enables web\napplications with real-time communication capabilities. A malicious actor with access to this key\ncan authenticate to the SignalR service, send messages to connected clients, manage connection\ngroups, and potentially disrupt real-time communication or access sensitive messaging data within\nyour applications."
+title = 'Azure SignalR Access Key'
+remediation = "For general guidance on handling security incidents with regards to leaked keys, please see the GitLab\ndocumentation on\n[Credential exposure to the internet](https://docs.gitlab.com/ee/security/responding_to_security_incidents.html#credential-exposure-to-public-internet).\n\nTo regenerate your Azure SignalR Access Key:\n\n1. Sign in to the [Azure portal](https://portal.azure.com/)\n2. Navigate to your Azure SignalR Service resource\n3. In the left navigation menu, select **Keys** under the **Settings** section\n4. Select either **Regenerate Primary Key** or **Regenerate Secondary Key** (regenerate the\n   compromised key first, then the other key after applications are updated)\n5. Copy the newly generated connection string displayed after regeneration\n6. Update all application configurations, environment variables, and Azure Key Vault secrets that\n   use the old connection string with the new connection string\n7. Restart all applications and services that use the Azure SignalR Service to ensure they pick up\n   the new connection string\n8. Verify successful connections by monitoring your applications and checking the Azure SignalR\n   Service metrics and logs in the Azure portal\n\nFor detailed information on managing Azure SignalR Access Keys, please see the\n[Rotate access keys for Azure SignalR Service](https://learn.microsoft.com/en-us/azure/azure-signalr/signalr-howto-key-rotation)."
+tags = ['gitlab_blocking']
+keywords = ['signalr.net']
 [[rules]]
 id = 'CDSCanadaNotifyAPIKey'
 regex = 'ApiKey-v1 gcntfy-[a-zA-Z0-9_\-]{1,64}-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}'
@@ -468,6 +495,15 @@ remediation = "For general guidance on handling security incidents with regards
 tags = ['gitlab_blocking']
 keywords = ['cmVmd']
+[[rules]]
+id = 'LangChainAPIKey'
+regex = 'lsv2_(?:pt|sk)_[a-f0-9]{32}_[a-f0-9]{10}\b'
+description = "A LangChain API Key (also known as a LangSmith API Key) provides authentication to LangSmith, which is\nLangChain's observability and evaluation platform for LLM applications. These keys enable access to tracing,\nmonitoring, evaluation tools, and usage analytics for applications built with LangChain. A malicious actor with\naccess to this key could view sensitive trace data, access evaluation datasets, monitor application usage and\nperformance metrics, and potentially incur costs on your account through API usage."
+title = 'LangChain API Key'
+remediation = "For general guidance on handling security incidents with regards to leaked keys, please see the GitLab\ndocumentation on\n[Credential exposure to the internet](https://docs.gitlab.com/ee/security/responding_to_security_incidents.html#credential-exposure-to-public-internet).\n\nTo revoke your LangChain API Key:\n\n1. Log in to the LangSmith platform at <https://smith.langchain.com>\n2. Navigate to the Settings page by clicking on your profile menu in the top right corner and selecting \"Settings\"\n3. Scroll down to the \"API Keys\" section\n4. Locate the compromised API key in the list (you may identify it by creation date, last used date, or key name)\n5. Click on the delete or revoke option next to the compromised key to remove it\n6. Create a new API key by clicking \"Create API Key\" and selecting the appropriate key type (Service Key or\n   Personal Access Token)\n7. Update all applications and systems that use this credential by replacing the old `LANGSMITH_API_KEY` or\n   `LANGCHAIN_API_KEY` environment variable with the new key\n8. Verify the change was successful by confirming that your applications can still authenticate and traces are\n   being logged to LangSmith\n\nFor detailed information on managing LangChain API Keys, please see the\n[official LangSmith documentation](https://docs.smith.langchain.com/administration/how_to_guides/organization_management/create_account_api_key)."
+tags = ['gitlab_blocking']
+keywords = ['lsv2']
 [[rules]]
 id = 'Linear API token'
 regex = '\blin_api_[a-zA-Z0-9]{40}\b'
@@ -540,6 +576,15 @@ remediation = "For general guidance on handling security incidents with regards
 tags = ['gitlab_blocking']
 keywords = ['npm_']
+[[rules]]
+id = 'OktaAPITokenHeader'
+regex = '\bSSWS (00[A-Za-z0-9_-]{40})\b'
+description = "An Okta API Token is a credential used to authenticate API requests to an Okta organization. This token provides\nprogrammatic access to Okta's management APIs, allowing operations such as user management, group administration,\nand configuration changes. A malicious actor with access to this token could read sensitive user data, modify\nsecurity policies, create backdoor accounts, or disrupt authentication services for the entire organization."
+title = 'Okta API Token'
+remediation = "For general guidance on handling security incidents with regards to leaked keys, please see the GitLab\ndocumentation on\n[Credential exposure to the internet](https://docs.gitlab.com/ee/security/responding_to_security_incidents.html#credential-exposure-to-public-internet).\n\nTo revoke your Okta API Token:\n\n- Log in to your Okta Admin Console at `https://[your-domain].okta.com/admin`\n- Navigate to **Security** > **API** from the main menu\n- Select the **Tokens** tab to view all API tokens\n- Locate the compromised token by its name, creation date, or last used timestamp\n- Click the **Revoke** button next to the compromised token and confirm the revocation\n- Generate a new API token if needed and update all applications or scripts that use this credential\n- Review API access logs under **Reports** > **System Log** to identify any unauthorized activity\n\nFor detailed information on managing Okta API Tokens, please see the\n[Okta API Token Management Documentation](https://developer.okta.com/docs/guides/create-an-api-token/main/)."
+tags = ['gitlab_blocking']
+keywords = ['SSWS 00']
 [[rules]]
 id = 'Onfido Live API Token'
 regex = '\bapi_live(?:_[a-z]{2})?\.[_a-zA-Z0-9]{11}\.[-_a-zA-Z0-9]{32}\b'

data/lib/gitlab/secret_detection/version.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Gitlab
     class Gem
       # Ensure to maintain the same version in CHANGELOG file.
       # More details available under 'Release Process' section in the README.md file.
-      VERSION = "0.35.1"
+      VERSION = "0.36.0"
       # SD_ENV env var is used to determine which environment the
       # server is running. This var is defined in `.runway/env-<env>.yml` files.

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-secret_detection
 version: !ruby/object:Gem::Version
-  version: 0.35.1
+  version: 0.36.0
 platform: ruby
 authors:
 - group::secret detection
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-10-07 00:00:00.000000000 Z
+date: 2025-10-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: grpc