gitlab-secret_detection 0.39.1 → 0.39.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a2d441ff24155ccfa823e4cd5d436affd7259f75ea9b1c1f328aa1faf00d4ce1
-  data.tar.gz: 6e20b820ea55dcb912c461e553554c3bbb12a8418d6dd5fc569d8e6e3f9684f6
+  metadata.gz: 73f035d35d4ceca23cc77190ee6acb59e8c26e4a473102a9a56da16d3dc23986
+  data.tar.gz: c6b85135c9f0bd83268bab359efc0b69f33454c371e397fa77be0e5aea5efcb5
 SHA512:
-  metadata.gz: d4da31204dbdf4924e6ed50bb6e6d6aac6f98097709954e609694a15c02e40cb6d91fad679b0a345716ba93112c26276bc2b9373f602ef74bef7c7d22a7284fb
-  data.tar.gz: 35bdcc483d8b28e4f857f0c9341cfe6cb476f031afc16d997d80edae19576a754826b8013d19da0a81ddca840c9f9ffb8234b667c802068dfac49cbf997f716f
+  metadata.gz: 4b127be2b764b05ae628dadfd0de811fa8d6e893b7d843ce2e60f4fc0af2f247580028350fa970fee5cc6980b71f2882bcc842fb6d5cd50ac3995276112714c6
+  data.tar.gz: 4961476f2092a893b11d82c357ea0e2138ddb07490edab4c207f19157f26ec44060f16e744739554bf0e0365cca38fda2813fd7c53dd01c7d8f9956270722e3a

data/lib/gitlab/secret_detection/core/secret_push_protection_rules.toml

@@ -1,4 +1,4 @@
-# rule-set version: 0.21.1
+# rule-set version: 0.21.2
 # Rules are auto-generated. See https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-rules for instructions on updating the rules.
 [[rules]]
 id = 'AdafruitIOKey'
@@ -119,7 +119,7 @@ keywords = ['FwoGZXIvYXdzE', 'IQoJb3JpZ2luX2VjE', 'FQoDYXdzE']
 
 [[rules]]
 id = 'AzureEntraClientSecret'
-regex = '\b[0-9A-Za-z.\-_]{3}8Q~[0-9A-Za-z\-_.~]{34}\b'
+regex = "[\\x60=\"' :>\\],\\t.()\\\\?|]{1,10}([0-9A-Za-z.\\-_~]{3}8Q~[0-9A-Za-z\\-_.~]{34})(?:\\\\['\"rn]|['\"\\x60; \\s]|<\\/|$)"
 description = "An Azure Entra (previously Active Directory) Client Secret is a confidential credential used\nby applications to authenticate with Microsoft Azure services and APIs. This secret is paired\nwith a Client ID to enable application-level access to Azure resources and Microsoft Graph APIs.\nA malicious actor with access to this client secret could impersonate the application, access\nprotected resources, and perform actions with the same permissions granted to the\napplication registration."
 title = 'Azure Entra Client Secret'
 remediation = "For general guidance on handling security incidents with regards to leaked keys, please see the GitLab\ndocumentation on\n[Credential exposure to the internet](https://docs.gitlab.com/ee/security/responding_to_security_incidents.html#credential-exposure-to-public-internet).\n\nTo rotate your Azure Entra Client Secret:\n\n1. Log in to the [Azure Portal](https://portal.azure.com)\n2. Navigate to \"Microsoft Entra ID\" (formerly Azure Active Directory)\n3. Select \"App registrations\" from the left navigation menu\n4. Find and select the application registration associated with the compromised client secret\n5. Go to \"Certificates & secrets\" in the application settings\n6. In the \"Client secrets\" section, create a new client secret before deleting the old one\n7. Update all applications, configuration files, and key vaults that reference the old client secret\n8. Delete the compromised client secret from the \"Client secrets\" section\n9. Test your applications to ensure they are functioning with the new client secret\n\nFor detailed information on managing Azure Entra Client Secrets, please see the\n[Microsoft Entra application registration documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app)."
@@ -426,7 +426,7 @@ keywords = ['glrt']
 [[rules]]
 id = 'gitlab_runner_auth_token_routable'
 regex = '\bglrt-[0-9a-zA-Z_-]{27,300}\.[0-9a-z]{2}\.[0-9a-z]{2}[0-9a-z]{7}\b'
-description = "A routable GitLab runner authentication token was identified. These tokens allow users to register or authenticate as a runner\nwith the selected project. A malicious actor with access to this token can add a custom runner to the pipeline and\npossibly compromise the repository if the runner was used."
+description = "A routable GitLab runner authentication token was identified. These tokens allow users to register or authenticate as\na runner with the selected project. A malicious actor with access to this token can add a custom runner to the pipeline\nand possibly compromise the repository if the runner was used."
 title = 'GitLab runner authentication token (routable)'
 remediation = "For general guidance on handling security incidents with regards to leaked keys, please see the GitLab documentation on\n[Credential exposure to the internet](https://docs.gitlab.com/ee/security/responding_to_security_incidents.html#credential-exposure-to-public-internet).\n\nTo revoke a runner authentication token, the runner needs to be removed and re-created\n\n- Sign in to your GitLab account and visit the project that created the runner registration token\n- In the left-hand menu, select \"Settings\"\n- Under the \"Settings\" options, select \"CI/CD\"\n- Under the \"Runners\" section, find the runner with the identified token, (you can check the runner `config.toml` if you\n  are unsure)\n- Select \"Remove runner\"\n- When prompted, select \"Remove\"\n\nFor more information, please see [GitLabs documentation on registering runners](https://docs.gitlab.com/runner/register/)."
 tags = ['gitlab', 'gitlab_blocking', 'client_side_sd']

data/lib/gitlab/secret_detection/version.rb

@@ -5,7 +5,7 @@ module Gitlab
     class Gem
       # Ensure to maintain the same version in CHANGELOG file.
       # More details available under 'Release Process' section in the README.md file.
-      VERSION = "0.39.1"
+      VERSION = "0.39.2"
 
       # SD_ENV env var is used to determine which environment the
       # server is running. This var is defined in `.runway/env-<env>.yml` files.

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-secret_detection
 version: !ruby/object:Gem::Version
-  version: 0.39.1
+  version: 0.39.2
 platform: ruby
 authors:
 - group::secret detection
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-12-17 00:00:00.000000000 Z
+date: 2026-02-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: grpc