gitlab-secret_detection 0.39.2 → 0.39.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6a02d0b7c32d26cef1d31095f4e6c6f631af09a5414d9ac66f99c39ef93a9da6
|
|
4
|
+
data.tar.gz: 0b922337af1a13de46f8873da0b8c62bd6cdc3083d72b125ef4ca75dc530f6c6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6114cf030e0762cf444e2c087ef1c65563d5f65948a98db511622d2a575ed422d3ef23cc1b91b7f798135e18039241ad4f585007dc3448d758c2f04d5de8d7db
|
|
7
|
+
data.tar.gz: 1ea5361ad47740f4912a3bfd913e5157ca656190ca107104ed7c12dc186332479b4931a1eb16e57a4a4e227cd17366ff8645ff1deaa632dee0793de5a7c2605c
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# rule-set version: 0.
|
|
1
|
+
# rule-set version: 0.22.1
|
|
2
2
|
# Rules are auto-generated. See https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-rules for instructions on updating the rules.
|
|
3
3
|
[[rules]]
|
|
4
4
|
id = 'AdafruitIOKey'
|
|
@@ -470,7 +470,7 @@ keywords = ['glimt']
|
|
|
470
470
|
|
|
471
471
|
[[rules]]
|
|
472
472
|
id = 'GrafanaCloudAccessPolicyToken'
|
|
473
|
-
regex =
|
|
473
|
+
regex = "\\b(glc_eyJvIjoi[A-Za-z0-9+\\/]{80,220}={0,2})(?:\\\\['\"rn]|['\"\\x60; \\s]|<\\/|$)"
|
|
474
474
|
description = "A Grafana cloud access policy token was identified. Cloud access policy tokens are used for managing the stacks in\nGrafana. Any tokens defined in the Grafana Administration settings are limited to that Grafana's stack. Depending on the\nassigned scope, a malicious actor with access to this token can read or write metrics, logs, traces, alerts, rules, and\naccess policies."
|
|
475
475
|
title = 'Grafana cloud access policy token'
|
|
476
476
|
remediation = "For general guidance on handling security incidents with regards to leaked keys, please see the GitLab documentation on\n[Credential exposure to the internet](https://docs.gitlab.com/ee/security/responding_to_security_incidents.html#credential-exposure-to-public-internet).\n\nTo revoke an access policy token:\n\n- Sign in to your Grafana instance and select \"Administration\" on the left-hand menu\n- Under \"User and access\" select \"Cloud access policies\"\n- Find the token that was identified and select the trash icon.\n\nFor more information, please see [Grafana's documentation on cloud access policies](https://grafana.com/docs/grafana-cloud/account-management/authentication-and-permissions/access-policies/)."
|
|
@@ -5,7 +5,7 @@ module Gitlab
|
|
|
5
5
|
class Gem
|
|
6
6
|
# Ensure to maintain the same version in CHANGELOG file.
|
|
7
7
|
# More details available under 'Release Process' section in the README.md file.
|
|
8
|
-
VERSION = "0.39.
|
|
8
|
+
VERSION = "0.39.3"
|
|
9
9
|
|
|
10
10
|
# SD_ENV env var is used to determine which environment the
|
|
11
11
|
# server is running. This var is defined in `.runway/env-<env>.yml` files.
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: gitlab-secret_detection
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.39.
|
|
4
|
+
version: 0.39.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- group::secret detection
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2026-
|
|
13
|
+
date: 2026-03-10 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: grpc
|