agent-security-scanner-mcp 3.0.0 → 3.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +398 -754
- package/analyzer.py +51 -7
- package/index.js +173 -431
- package/package.json +3 -6
- package/regex_fallback.py +66 -0
- package/rules/__init__.py +124 -36
- package/rules/generic/secrets/gitleaks/adafruit-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/adobe-client-id.yaml +27 -0
- package/rules/generic/secrets/gitleaks/adobe-client-secret.yaml +27 -0
- package/rules/generic/secrets/gitleaks/age-secret-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/airtable-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/algolia-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/alibaba-access-key-id.yaml +27 -0
- package/rules/generic/secrets/gitleaks/alibaba-secret-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/asana-client-id.yaml +27 -0
- package/rules/generic/secrets/gitleaks/asana-client-secret.yaml +27 -0
- package/rules/generic/secrets/gitleaks/atlassian-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/authress-service-client-access-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/aws-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/beamer-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/bitbucket-client-id.yaml +27 -0
- package/rules/generic/secrets/gitleaks/bitbucket-client-secret.yaml +27 -0
- package/rules/generic/secrets/gitleaks/bittrex-access-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/bittrex-secret-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/clojars-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/cloudflare-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/cloudflare-global-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/cloudflare-origin-ca-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/codecov-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/coinbase-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/confluent-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/confluent-secret-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/contentful-delivery-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/databricks-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/datadog-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/defined-networking-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/digitalocean-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/digitalocean-pat.yaml +27 -0
- package/rules/generic/secrets/gitleaks/digitalocean-refresh-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/discord-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/discord-client-id.yaml +27 -0
- package/rules/generic/secrets/gitleaks/discord-client-secret.yaml +27 -0
- package/rules/generic/secrets/gitleaks/doppler-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/droneci-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/dropbox-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/dropbox-long-lived-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/dropbox-short-lived-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/duffel-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/dynatrace-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/easypost-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/easypost-test-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/etsy-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/facebook-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/facebook-page-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/facebook-secret.yaml +27 -0
- package/rules/generic/secrets/gitleaks/facebook.yaml +27 -0
- package/rules/generic/secrets/gitleaks/fastly-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/finicity-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/finicity-client-secret.yaml +27 -0
- package/rules/generic/secrets/gitleaks/finnhub-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/flickr-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/flutterwave-encryption-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/flutterwave-public-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/flutterwave-secret-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/frameio-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/freshbooks-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/gcp-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/generic-api-key.yaml +76 -0
- package/rules/generic/secrets/gitleaks/github-app-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/github-fine-grained-pat.yaml +27 -0
- package/rules/generic/secrets/gitleaks/github-oauth.yaml +27 -0
- package/rules/generic/secrets/gitleaks/github-pat.yaml +27 -0
- package/rules/generic/secrets/gitleaks/github-refresh-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/gitlab-pat.yaml +27 -0
- package/rules/generic/secrets/gitleaks/gitlab-ptt.yaml +27 -0
- package/rules/generic/secrets/gitleaks/gitlab-rrt.yaml +27 -0
- package/rules/generic/secrets/gitleaks/gitter-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/gocardless-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/grafana-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/grafana-cloud-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/grafana-service-account-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/harness-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/hashicorp-tf-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/hashicorp-tf-password.yaml +31 -0
- package/rules/generic/secrets/gitleaks/heroku-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/hubspot-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/huggingface-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/huggingface-organization-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/infracost-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/intercom-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/intra42-client-secret.yaml +27 -0
- package/rules/generic/secrets/gitleaks/jfrog-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/jfrog-identity-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/jwt-base64.yaml +27 -0
- package/rules/generic/secrets/gitleaks/jwt.yaml +27 -0
- package/rules/generic/secrets/gitleaks/kraken-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/kucoin-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/kucoin-secret-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/launchdarkly-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/linear-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/linear-client-secret.yaml +27 -0
- package/rules/generic/secrets/gitleaks/linkedin-client-id.yaml +27 -0
- package/rules/generic/secrets/gitleaks/linkedin-client-secret.yaml +27 -0
- package/rules/generic/secrets/gitleaks/lob-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/lob-pub-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/mailchimp-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/mailgun-private-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/mailgun-pub-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/mailgun-signing-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/mapbox-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/mattermost-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/messagebird-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/messagebird-client-id.yaml +27 -0
- package/rules/generic/secrets/gitleaks/microsoft-teams-webhook.yaml +27 -0
- package/rules/generic/secrets/gitleaks/netlify-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/new-relic-browser-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/new-relic-insert-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/new-relic-user-api-id.yaml +27 -0
- package/rules/generic/secrets/gitleaks/new-relic-user-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/npm-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/nytimes-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/okta-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/openai-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/plaid-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/plaid-client-id.yaml +27 -0
- package/rules/generic/secrets/gitleaks/plaid-secret-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/planetscale-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/planetscale-oauth-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/planetscale-password.yaml +27 -0
- package/rules/generic/secrets/gitleaks/postman-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/prefect-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/private-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/pulumi-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/pypi-upload-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/rapidapi-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/readme-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/rubygems-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/scalingo-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/sendbird-access-id.yaml +27 -0
- package/rules/generic/secrets/gitleaks/sendbird-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/sendgrid-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/sendinblue-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/sentry-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/shippo-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/shopify-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/shopify-custom-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/shopify-private-app-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/shopify-shared-secret.yaml +27 -0
- package/rules/generic/secrets/gitleaks/sidekiq-secret.yaml +27 -0
- package/rules/generic/secrets/gitleaks/sidekiq-sensitive-url.yaml +27 -0
- package/rules/generic/secrets/gitleaks/slack-app-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/slack-bot-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/slack-config-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/slack-config-refresh-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/slack-legacy-bot-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/slack-legacy-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/slack-legacy-workspace-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/slack-user-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/slack-webhook-url.yaml +27 -0
- package/rules/generic/secrets/gitleaks/snyk-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/square-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/squarespace-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/stripe-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/sumologic-access-id.yaml +27 -0
- package/rules/generic/secrets/gitleaks/sumologic-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/telegram-bot-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/travisci-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/twilio-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/twitch-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/twitter-access-secret.yaml +27 -0
- package/rules/generic/secrets/gitleaks/twitter-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/twitter-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/twitter-api-secret.yaml +27 -0
- package/rules/generic/secrets/gitleaks/twitter-bearer-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/typeform-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/vault-batch-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/vault-service-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/yandex-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/yandex-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/yandex-aws-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/zendesk-secret-key.yaml +27 -0
- package/rules/generic/secrets/security/detected-amazon-mws-auth-token.yaml +26 -0
- package/rules/generic/secrets/security/detected-artifactory-password.yaml +47 -0
- package/rules/generic/secrets/security/detected-artifactory-token.yaml +44 -0
- package/rules/generic/secrets/security/detected-aws-access-key-id-value.yaml +29 -0
- package/rules/generic/secrets/security/detected-aws-account-id.yaml +58 -0
- package/rules/generic/secrets/security/detected-aws-appsync-graphql-key.yaml +27 -0
- package/rules/generic/secrets/security/detected-aws-secret-access-key.yaml +30 -0
- package/rules/generic/secrets/security/detected-aws-session-token.yaml +31 -0
- package/rules/generic/secrets/security/detected-bcrypt-hash.yaml +25 -0
- package/rules/generic/secrets/security/detected-codeclimate.yaml +27 -0
- package/rules/generic/secrets/security/detected-etc-shadow.yaml +27 -0
- package/rules/generic/secrets/security/detected-facebook-access-token.yaml +29 -0
- package/rules/generic/secrets/security/detected-facebook-oauth.yaml +27 -0
- package/rules/generic/secrets/security/detected-generic-api-key.yaml +29 -0
- package/rules/generic/secrets/security/detected-generic-secret.yaml +30 -0
- package/rules/generic/secrets/security/detected-github-token.yaml +47 -0
- package/rules/generic/secrets/security/detected-google-api-key.yaml +29 -0
- package/rules/generic/secrets/security/detected-google-cloud-api-key.yaml +27 -0
- package/rules/generic/secrets/security/detected-google-gcm-service-account.yaml +27 -0
- package/rules/generic/secrets/security/detected-google-oauth-access-token.yaml +26 -0
- package/rules/generic/secrets/security/detected-google-oauth.yaml +26 -0
- package/rules/generic/secrets/security/detected-heroku-api-key.yaml +27 -0
- package/rules/generic/secrets/security/detected-hockeyapp.yaml +27 -0
- package/rules/generic/secrets/security/detected-jwt-token.yaml +25 -0
- package/rules/generic/secrets/security/detected-kolide-api-key.yaml +25 -0
- package/rules/generic/secrets/security/detected-mailchimp-api-key.yaml +26 -0
- package/rules/generic/secrets/security/detected-mailgun-api-key.yaml +26 -0
- package/rules/generic/secrets/security/detected-npm-registry-auth-token.yaml +33 -0
- package/rules/generic/secrets/security/detected-onfido-live-api-token.yaml +20 -0
- package/rules/generic/secrets/security/detected-outlook-team.yaml +27 -0
- package/rules/generic/secrets/security/detected-paypal-braintree-access-token.yaml +27 -0
- package/rules/generic/secrets/security/detected-pgp-private-key-block.yaml +28 -0
- package/rules/generic/secrets/security/detected-picatic-api-key.yaml +26 -0
- package/rules/generic/secrets/security/detected-private-key.yaml +39 -0
- package/rules/generic/secrets/security/detected-sauce-token.yaml +27 -0
- package/rules/generic/secrets/security/detected-sendgrid-api-key.yaml +27 -0
- package/rules/generic/secrets/security/detected-slack-token.yaml +28 -0
- package/rules/generic/secrets/security/detected-slack-webhook.yaml +27 -0
- package/rules/generic/secrets/security/detected-snyk-api-key.yaml +26 -0
- package/rules/generic/secrets/security/detected-softlayer-api-key.yaml +27 -0
- package/rules/generic/secrets/security/detected-sonarqube-docs-api-key.yaml +40 -0
- package/rules/generic/secrets/security/detected-square-access-token.yaml +26 -0
- package/rules/generic/secrets/security/detected-square-oauth-secret.yaml +27 -0
- package/rules/generic/secrets/security/detected-ssh-password.yaml +27 -0
- package/rules/generic/secrets/security/detected-stripe-api-key.yaml +26 -0
- package/rules/generic/secrets/security/detected-stripe-restricted-api-key.yaml +26 -0
- package/rules/generic/secrets/security/detected-telegram-bot-api-key.yaml +30 -0
- package/rules/generic/secrets/security/detected-twilio-api-key.yaml +26 -0
- package/rules/generic/secrets/security/detected-username-and-password-in-uri.yaml +35 -0
- package/rules/generic/secrets/security/google-maps-apikeyleak.yaml +25 -0
- package/rules/prompt-injection.security.yaml +4 -0
- package/rules/python/flask/security/injection/flask-injection-sinks.yaml +352 -0
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: flutterwave-secret-key
|
|
3
|
+
message: A gitleaks flutterwave-secret-key was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
|
|
4
|
+
languages:
|
|
5
|
+
- regex
|
|
6
|
+
severity: INFO
|
|
7
|
+
metadata:
|
|
8
|
+
likelihood: LOW
|
|
9
|
+
impact: MEDIUM
|
|
10
|
+
confidence: LOW
|
|
11
|
+
category: security
|
|
12
|
+
cwe:
|
|
13
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
14
|
+
cwe2021-top25: true
|
|
15
|
+
cwe2022-top25: true
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
|
|
21
|
+
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
|
|
22
|
+
subcategory:
|
|
23
|
+
- vuln
|
|
24
|
+
technology:
|
|
25
|
+
- gitleaks
|
|
26
|
+
patterns:
|
|
27
|
+
- pattern-regex: FLWSECK_TEST-(?i)[a-h0-9]{32}-X
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: frameio-api-token
|
|
3
|
+
message: A gitleaks frameio-api-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
|
|
4
|
+
languages:
|
|
5
|
+
- regex
|
|
6
|
+
severity: INFO
|
|
7
|
+
metadata:
|
|
8
|
+
likelihood: LOW
|
|
9
|
+
impact: MEDIUM
|
|
10
|
+
confidence: LOW
|
|
11
|
+
category: security
|
|
12
|
+
cwe:
|
|
13
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
14
|
+
cwe2021-top25: true
|
|
15
|
+
cwe2022-top25: true
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
|
|
21
|
+
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
|
|
22
|
+
subcategory:
|
|
23
|
+
- vuln
|
|
24
|
+
technology:
|
|
25
|
+
- gitleaks
|
|
26
|
+
patterns:
|
|
27
|
+
- pattern-regex: fio-u-(?i)[a-z0-9\-_=]{64}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: freshbooks-access-token
|
|
3
|
+
message: A gitleaks freshbooks-access-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
|
|
4
|
+
languages:
|
|
5
|
+
- regex
|
|
6
|
+
severity: INFO
|
|
7
|
+
metadata:
|
|
8
|
+
likelihood: LOW
|
|
9
|
+
impact: MEDIUM
|
|
10
|
+
confidence: LOW
|
|
11
|
+
category: security
|
|
12
|
+
cwe:
|
|
13
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
14
|
+
cwe2021-top25: true
|
|
15
|
+
cwe2022-top25: true
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
|
|
21
|
+
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
|
|
22
|
+
subcategory:
|
|
23
|
+
- vuln
|
|
24
|
+
technology:
|
|
25
|
+
- gitleaks
|
|
26
|
+
patterns:
|
|
27
|
+
- pattern-regex: (?i)(?:freshbooks)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: gcp-api-key
|
|
3
|
+
message: A gitleaks gcp-api-key was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
|
|
4
|
+
languages:
|
|
5
|
+
- regex
|
|
6
|
+
severity: INFO
|
|
7
|
+
metadata:
|
|
8
|
+
likelihood: LOW
|
|
9
|
+
impact: MEDIUM
|
|
10
|
+
confidence: LOW
|
|
11
|
+
category: security
|
|
12
|
+
cwe:
|
|
13
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
14
|
+
cwe2021-top25: true
|
|
15
|
+
cwe2022-top25: true
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
|
|
21
|
+
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
|
|
22
|
+
subcategory:
|
|
23
|
+
- vuln
|
|
24
|
+
technology:
|
|
25
|
+
- gitleaks
|
|
26
|
+
patterns:
|
|
27
|
+
- pattern-regex: (?i)\b(AIza[0-9A-Za-z\\-_]{35})(?:['|\"|\n|\r|\s|\x60|;]|$)
|
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: generic-api-key
|
|
3
|
+
message: >-
|
|
4
|
+
A gitleaks generic-api-key was detected which attempts to identify hard-coded credentials.
|
|
5
|
+
It is not recommended to store credentials in source-code, as this risks secrets being leaked
|
|
6
|
+
and used by either an internal or external malicious adversary. It is recommended to use
|
|
7
|
+
environment variables to securely provide credentials or retrieve credentials from a
|
|
8
|
+
secure vault or HSM (Hardware Security Module). This rule can introduce a lot of false positives,
|
|
9
|
+
it is not recommended to be used in PR comments.
|
|
10
|
+
languages:
|
|
11
|
+
- regex
|
|
12
|
+
severity: INFO
|
|
13
|
+
metadata:
|
|
14
|
+
likelihood: LOW
|
|
15
|
+
impact: MEDIUM
|
|
16
|
+
confidence: LOW
|
|
17
|
+
category: security
|
|
18
|
+
cwe:
|
|
19
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
20
|
+
cwe2021-top25: true
|
|
21
|
+
cwe2022-top25: true
|
|
22
|
+
owasp:
|
|
23
|
+
- A07:2021 - Identification and Authentication Failures
|
|
24
|
+
- A07:2025 - Authentication Failures
|
|
25
|
+
references:
|
|
26
|
+
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
|
|
27
|
+
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
|
|
28
|
+
subcategory:
|
|
29
|
+
- vuln
|
|
30
|
+
technology:
|
|
31
|
+
- gitleaks
|
|
32
|
+
paths:
|
|
33
|
+
exclude:
|
|
34
|
+
- "*.svg"
|
|
35
|
+
- "*go.sum"
|
|
36
|
+
- "*cargo.lock"
|
|
37
|
+
- "*package.json"
|
|
38
|
+
- "*package-lock.json"
|
|
39
|
+
- "*bundle.js"
|
|
40
|
+
- "*pnpm-lock*"
|
|
41
|
+
- "*Podfile.lock"
|
|
42
|
+
- "**/*/openssl/*.h"
|
|
43
|
+
- "*.xcscmblueprint"
|
|
44
|
+
patterns:
|
|
45
|
+
# The original regex from gitleaks is in this rule https://semgrep.dev/playground/s/57qk (but its very noisy) even with our entropy analyzer
|
|
46
|
+
# This will likely remove some true positives, but this rule is overly noisy
|
|
47
|
+
# Added (?-s) to prevent multi-lines with . which was causing a lot of FPs
|
|
48
|
+
# The only thing which has changed from the actual regex of gitleaks is adding in (?!([a-z]+\.[a-zA-Z]+)|.*(\d{4}-\d{2}-\d{2}|[a-z]+-[a-z]+.*)|:*(?!("|'))[0-9A-Za-z]+\.[0-9A-Za-z]+,|[A-Z]+_[A-Z]+_)
|
|
49
|
+
# We also added a capture group around the 'content' so we can
|
|
50
|
+
# added negative lookaheads to remove:
|
|
51
|
+
# [a-z]+\.[a-zA-Z]+ (this.valueValue)
|
|
52
|
+
# .*
|
|
53
|
+
# \d{4}-\d{2}-\d{2} (2017/03/12)
|
|
54
|
+
# [a-z]+-[a-z]+.*. abc123-abc123 <- removed this negative lookahead since it was removing legitimate findings. I am not sure why the abc123-abc123 pattern would not be considered a valid secret
|
|
55
|
+
# :*(?!("|'))[0-9A-Za-z]+\.[0-9A-Za-z]+, : 0123.0312abc,
|
|
56
|
+
# [A-Z]+_[A-Z]+_ VALUE_VALUE_
|
|
57
|
+
# Added ~ in the content as a value since a customer said it was missing a finding
|
|
58
|
+
- pattern-regex: (?i)(?:key|api|token|secret|client|passwd|password|auth|access)(?:[0-9a-z\-_\t.]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|@\"|\"|\s|=|\x60){0,5}(?!([a-z]+\.[a-zA-Z]+)|.*(\d{4}-\d{2}-\d{2})|:*(?!("|'))[0-9A-Za-z]+\.[0-9A-Za-z]+,|[A-Z]+_[A-Z]+_)(?P<CONTENT>[0-9a-z\-_.=\~@]{10,150})(?:['|\"|\n|\r|\s|\x60|;]|$)
|
|
59
|
+
- metavariable-analysis:
|
|
60
|
+
analyzer: entropy
|
|
61
|
+
metavariable: $CONTENT
|
|
62
|
+
- focus-metavariable: $CONTENT
|
|
63
|
+
# These remove values from the 'entire line so it could be the PublicKey=Something' could cause false negatives
|
|
64
|
+
- pattern-not-regex: .*((?i)omitted|arn:aws|(?i)(pub.*key|public.*key)|(?i)clientToken|symbol|cache|author\.).*
|
|
65
|
+
# These remove keywords or ip addresses from the content so only inside "PASSWORDEXAMPLE" its generic so anywhere 'inside' the $CONTENT
|
|
66
|
+
- pattern-not-regex: (\d\.\d\.\d-}|([\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3})|(\w)\1{5}|(?i)keywords|xxxx|eeeeeeee|0000|\*\*\*|example|test|author=|author("|')|preview|[A-Z]+_KEY|[.]value|[.]key|-\d\.\d\.)
|
|
67
|
+
# These are start or end checks e.g. starts as a hex code, ends with .json or starts with abcd or 12345 which usually indicates example code.
|
|
68
|
+
- metavariable-regex:
|
|
69
|
+
metavariable: $CONTENT
|
|
70
|
+
regex: (?!(^0x0*|^pub)|.*\.(bin|json|exe)$|.*(?i)(Client|Factory)$|(^__[A-Za-z]+__$)|^(12345|abcd)|^\d+(\.\d+)?$)
|
|
71
|
+
# Remove AAAAA, BBBBB, CCCCC, and .....
|
|
72
|
+
- pattern-not-regex: (\w|\.)\1{5}
|
|
73
|
+
# stopwords from https://github.com/gitleaks/gitleaks/blob/d9f86d6123d9ef2558c4852a522a7a071d6a6fe9/cmd/generate/config/rules/stopwords.go#L4
|
|
74
|
+
- metavariable-regex:
|
|
75
|
+
metavariable: $CONTENT
|
|
76
|
+
regex: (?!(?i).*(client|endpoint|vpn|_ec2_|aws_|authorize|author|define|config|credential|setting|sample|xxxxxx|000000|buffer|delete|aaaaaa|fewfwef|getenv|env_|system|example|ecdsa|sha256|sha1|sha2|md5|alert|wizard|target|onboard|welcome|page|exploit|experiment|expire|rabbitmq|scraper|widget|music|dns_|dns-|yahoo|want|json|action|script|fix_|fix-|develop|compas|stripe|service|master|metric|tech|gitignore|rich|open|stack|irc_|irc-|sublime|kohana|has_|has-|fabric|wordpres|role|osx_|osx-|boost|addres|queue|working|sandbox|internet|print|vision|tracking|being|generator|traffic|world|pull|rust|watcher|small|auth|full|hash|more|install|auto|complete|learn|paper|installer|research|acces|last|binding|spine|into|chat|algorithm|resource|uploader|video|maker|next|proc|lock|robot|snake|patch|matrix|drill|terminal|term|stuff|genetic|generic|identity|audit|pattern|audio|web_|web-|crud|problem|statu|cms-|cms_|arch|coffee|workflow|changelog|another|uiview|content|kitchen|gnu_|gnu-|gnu\.|conf|couchdb|client|opencv|rendering|update|concept|varnish|gui_|gui-|gui\.|version|shared|extra|product|still|not_|not-|not\.|drop|ring|png_|png-|png\.|actively|import|output|backup|start|embedded|registry|pool|semantic|instagram|bash|system|ninja|drupal|jquery|polyfill|physic|league|guide|pack|synopsi|sketch|injection|svg_|svg-|svg\.|friendly|wave|convert|manage|camera|link|slide|timer|wrapper|gallery|url_|url-|url\.|todomvc|requirej|party|http|payment|async|library|home|coco|gaia|display|universal|func|metadata|hipchat|under|room|config|personal|realtime|resume|database|testing|tiny|basic|forum|meetup|yet_|yet-|yet\.|cento|dead|fluentd|editor|utilitie|run_|run-|run\.|box_|box-|box\.|bot_|bot-|bot\.|making|sample|group|monitor|ajax|parallel|cassandra|ultimate|site|get_|get-|get\.|gen_|gen-|gen\.|gem_|gem-|gem\.|extended|image|knife|asset|nested|zero|plugin|bracket|mule|mozilla|number|act_|act-|act\.|map_|map-|map\.|micro|debug|openshift|chart|expres|backend|task|source|translate|jbos|composer|sqlite|profile|mustache|mqtt|yeoman|have|builder|smart|like|oauth|school|guideline|captcha|filter|bitcoin|bridge|color|toolbox|discovery|new_|new-|new\.|dashboard|when|setting|level|post|standard|port|platform|yui_|yui-|yui\.|grunt|animation|haskell|icon|latex|cheat|lua_|lua-|lua\.|gulp|case|author|without|simulator|wifi|directory|lisp|list|flat|adventure|story|storm|gpu_|gpu-|gpu\.|store|caching|attention|solr|logger|demo|shortener|hadoop|finder|phone|pipeline|range|textmate|showcase|app_|app-|app\.|idiomatic|edit|our_|our-|our\.|out_|out-|out\.|sentiment|linked|why_|why-|why\.|local|cube|gmail|job_|job-|job\.|rpc_|rpc-|rpc\.|contest|tcp_|tcp-|tcp\.|usage|buildout|weather|transfer|automated|sphinx|issue|sas_|sas-|sas\.|parallax|jasmine|addon|machine|solution|dsl_|dsl-|dsl\.|episode|menu|theme|best|adapter|debugger|chrome|tutorial|life|step|people|joomla|paypal|developer|solver|team|current|love|visual|date|data|canva|container|future|xml_|xml-|xml\.|twig|nagio|spatial|original|sync|archived|refinery|science|mapping|gitlab|play|ext_|ext-|ext\.|session|impact|set_|set-|set\.|see_|see-|see\.|migration|commit|community|shopify|what'|cucumber|statamic|mysql|location|tower|line|code|amqp|hello|send|index|high|notebook|alloy|python|field|document|soap|edition|email|php_|php-|php\.|command|transport|official|upload|study|secure|angularj|akka|scalable|package|request|con_|con-|con\.|flexible|security|comment|module|flask|graph|flash|apache|change|window|space|lambda|sheet|bookmark|carousel|friend|objective|jekyll|bootstrap|first|article|gwt_|gwt-|gwt\.|classic|media|websocket|touch|desktop|real|read|recorder|moved|storage|validator|add-on|pusher|scs_|scs-|scs\.|inline|asp_|asp-|asp\.|timeline|base|encoding|ffmpeg|kindle|tinymce|pretty|jpa_|jpa-|jpa\.|used|user|required|webhook|download|resque|espresso|cloud|mongo|benchmark|pure|cakephp|modx|mode|reactive|fuel|written|flickr|mail|brunch|meteor|dynamic|neo_|neo-|neo\.|new_|new-|new\.|net_|net-|net\.|typo|type|keyboard|erlang|adobe|logging|ckeditor|message|iso_|iso-|iso\.|hook|ldap|folder|reference|railscast|www_|www-|www\.|tracker|azure|fork|form|digital|exporter|skin|string|template|designer|gollum|fluent|entity|language|alfred|summary|wiki|kernel|calendar|plupload|symfony|foundry|remote|talk|search|dev_|dev-|dev\.|del_|del-|del\.|token|idea|sencha|selector|interface|create|fun_|fun-|fun\.|groovy|query|grail|red_|red-|red\.|laravel|monkey|slack|supported|instant|value|center|latest|work|but_|but-|but\.|bug_|bug-|bug\.|virtual|tweet|statsd|studio|path|real-time|frontend|notifier|coding|tool|firmware|flow|random|mediawiki|bosh|been|beer|lightbox|theory|origin|redmine|hub_|hub-|hub\.|require|pro_|pro-|pro\.|ant_|ant-|ant\.|any_|any-|any\.|recipe|closure|mapper|event|todo|model|redi|provider|rvm_|rvm-|rvm\.|program|memcached|rail|silex|foreman|activity|license|strategy|batch|streaming|fast|use_|use-|use\.|usb_|usb-|usb\.|impres|academy|slider|please|layer|cros|now_|now-|now\.|miner|extension|own_|own-|own\.|app_|app-|app\.|debian|symphony|example|feature|serie|tree|project|runner|entry|leetcode|layout|webrtc|logic|login|worker|toolkit|mocha|support|back|inside|device|jenkin|contact|fake|awesome|ocaml|bit_|bit-|bit\.|drive|screen|prototype|gist|binary|nosql|rest|overview|dart|dark|emac|mongoid|solarized|homepage|emulator|commander|django|yandex|gradle|xcode|writer|crm_|crm-|crm\.|jade|startup|error|using|format|name|spring|parser|scratch|magic|try_|try-|try\.|rack|directive|challenge|slim|counter|element|chosen|doc_|doc-|doc\.|meta|should|button|packet|stream|hardware|android|infinite|password|software|ghost|xamarin|spec|chef|interview|hubot|mvc_|mvc-|mvc\.|exercise|leaflet|launcher|air_|air-|air\.|photo|board|boxen|way_|way-|way\.|computing|welcome|notepad|portfolio|cat_|cat-|cat\.|can_|can-|can\.|magento|yaml|domain|card|yii_|yii-|yii\.|checker|browser|upgrade|only|progres|aura|ruby_|ruby-|ruby\.|polymer|util|lite|hackathon|rule|log_|log-|log\.|opengl|stanford|skeleton|history|inspector|help|soon|selenium|lab_|lab-|lab\.|scheme|schema|look|ready|leveldb|docker|game|minimal|logstash|messaging|within|heroku|mongodb|kata|suite|picker|win_|win-|win\.|wip_|wip-|wip\.|panel|started|starter|front-end|detector|deploy|editing|based|admin|capture|spree|page|bundle|goal|rpg_|rpg-|rpg\.|setup|side|mean|reader|cookbook|mini|modern|seed|dom_|dom-|dom\.|doc_|doc-|doc\.|dot_|dot-|dot\.|syntax|sugar|loader|website|make|kit_|kit-|kit\.|protocol|human|daemon|golang|manager|countdown|connector|swagger|map_|map-|map\.|mac_|mac-|mac\.|man_|man-|man\.|orm_|orm-|orm\.|org_|org-|org\.|little|zsh_|zsh-|zsh\.|shop|show|workshop|money|grid|server|octopres|svn_|svn-|svn\.|ember|embed|general|file|important|dropbox|portable|public|docpad|fish|sbt_|sbt-|sbt\.|done|para|network|common|readme|popup|simple|purpose|mirror|single|cordova|exchange|object|design|gateway|account|lamp|intellij|math|mit_|mit-|mit\.|control|enhanced|emitter|multi|add_|add-|add\.|about|socket|preview|vagrant|cli_|cli-|cli\.|powerful|top_|top-|top\.|radio|watch|fluid|amazon|report|couchbase|automatic|detection|sprite|pyramid|portal|advanced|plu_|plu-|plu\.|runtime|git_|git-|git\.|uri_|uri-|uri\.|haml|node|sql_|sql-|sql\.|cool|core|obsolete|handler|iphone|extractor|array|copy|nlp_|nlp-|nlp\.|reveal|pop_|pop-|pop\.|engine|parse|check|html|nest|all_|all-|all\.|chinese|buildpack|what|tag_|tag-|tag\.|proxy|style|cookie|feed|restful|compiler|creating|prelude|context|java|rspec|mock|backbone|light|spotify|flex|related|shell|which|clas|webapp|swift|ansible|unity|console|tumblr|export|campfire|conway'|made|riak|hero|here|unix|unit|glas|smtp|how_|how-|how\.|hot_|hot-|hot\.|debug|release|diff|player|easy|right|old_|old-|old\.|animate|time|push|explorer|course|training|nette|router|draft|structure|note|salt|where|spark|trello|power|method|social|via_|via-|via\.|vim_|vim-|vim\.|select|webkit|github|ftp_|ftp-|ftp\.|creator|mongoose|led_|led-|led\.|movie|currently|pdf_|pdf-|pdf\.|load|markdown|phalcon|input|custom|atom|oracle|phonegap|ubuntu|great|rdf_|rdf-|rdf\.|popcorn|firefox|zip_|zip-|zip\.|cuda|dotfile|static|openwrt|viewer|powered|graphic|les_|les-|les\.|doe_|doe-|doe\.|maven|word|eclipse|lab_|lab-|lab\.|hacking|steam|analytic|option|abstract|archive|reality|switcher|club|write|kafka|arduino|angular|online|title|don't|contao|notice|analyzer|learning|zend|external|staging|busines|tdd_|tdd-|tdd\.|scanner|building|snippet|modular|bower|stm_|stm-|stm\.|lib_|lib-|lib\.|alpha|mobile|clean|linux|nginx|manifest|some|raspberry|gnome|ide_|ide-|ide\.|block|statistic|info|drag|youtube|koan|facebook|paperclip|art_|art-|art\.|quality|tab_|tab-|tab\.|need|dojo|shield|computer|stat|state|twitter|utility|converter|hosting|devise|liferay|updated|force|tip_|tip-|tip\.|behavior|active|call|answer|deck|better|principle|ches|bar_|bar-|bar\.|reddit|three|haxe|just|plug-in|agile|manual|tetri|super|beta|parsing|doctrine|minecraft|useful|perl|sharing|agent|switch|view|dash|channel|repo|pebble|profiler|warning|cluster|running|markup|evented|mod_|mod-|mod\.|share|csv_|csv-|csv\.|response|good|house|connect|built|build|find|ipython|webgl|big_|big-|big\.|google|scala|sdl_|sdl-|sdl\.|sdk_|sdk-|sdk\.|native|day_|day-|day\.|puppet|text|routing|helper|linkedin|crawler|host|guard|merchant|poker|over|writing|free|classe|component|craft|nodej|phoenix|longer|quick|lazy|memory|clone|hacker|middleman|factory|motion|multiple|tornado|hack|ssh_|ssh-|ssh\.|review|vimrc|driver|driven|blog|particle|table|intro|importer|thrift|xmpp|framework|refresh|react|font|librarie|variou|formatter|analysi|karma|scroll|tut_|tut-|tut\.|apple|tag_|tag-|tag\.|tab_|tab-|tab\.|category|ionic|cache|homebrew|reverse|english|getting|shipping|clojure|boot|book|branch|combination|combo))
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: github-app-token
|
|
3
|
+
message: A gitleaks github-app-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
|
|
4
|
+
languages:
|
|
5
|
+
- regex
|
|
6
|
+
severity: INFO
|
|
7
|
+
metadata:
|
|
8
|
+
likelihood: LOW
|
|
9
|
+
impact: MEDIUM
|
|
10
|
+
confidence: LOW
|
|
11
|
+
category: security
|
|
12
|
+
cwe:
|
|
13
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
14
|
+
cwe2021-top25: true
|
|
15
|
+
cwe2022-top25: true
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
|
|
21
|
+
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
|
|
22
|
+
subcategory:
|
|
23
|
+
- vuln
|
|
24
|
+
technology:
|
|
25
|
+
- gitleaks
|
|
26
|
+
patterns:
|
|
27
|
+
- pattern-regex: (ghu|ghs)_[0-9a-zA-Z]{36}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: github-fine-grained-pat
|
|
3
|
+
message: A gitleaks github-fine-grained-pat was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
|
|
4
|
+
languages:
|
|
5
|
+
- regex
|
|
6
|
+
severity: INFO
|
|
7
|
+
metadata:
|
|
8
|
+
likelihood: LOW
|
|
9
|
+
impact: MEDIUM
|
|
10
|
+
confidence: LOW
|
|
11
|
+
category: security
|
|
12
|
+
cwe:
|
|
13
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
14
|
+
cwe2021-top25: true
|
|
15
|
+
cwe2022-top25: true
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
|
|
21
|
+
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
|
|
22
|
+
subcategory:
|
|
23
|
+
- vuln
|
|
24
|
+
technology:
|
|
25
|
+
- gitleaks
|
|
26
|
+
patterns:
|
|
27
|
+
- pattern-regex: github_pat_[0-9a-zA-Z_]{82}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: github-oauth
|
|
3
|
+
message: A gitleaks github-oauth was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
|
|
4
|
+
languages:
|
|
5
|
+
- regex
|
|
6
|
+
severity: INFO
|
|
7
|
+
metadata:
|
|
8
|
+
likelihood: LOW
|
|
9
|
+
impact: MEDIUM
|
|
10
|
+
confidence: LOW
|
|
11
|
+
category: security
|
|
12
|
+
cwe:
|
|
13
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
14
|
+
cwe2021-top25: true
|
|
15
|
+
cwe2022-top25: true
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
|
|
21
|
+
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
|
|
22
|
+
subcategory:
|
|
23
|
+
- vuln
|
|
24
|
+
technology:
|
|
25
|
+
- gitleaks
|
|
26
|
+
patterns:
|
|
27
|
+
- pattern-regex: gho_[0-9a-zA-Z]{36}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: github-pat
|
|
3
|
+
message: A gitleaks github-pat was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
|
|
4
|
+
languages:
|
|
5
|
+
- regex
|
|
6
|
+
severity: INFO
|
|
7
|
+
metadata:
|
|
8
|
+
likelihood: LOW
|
|
9
|
+
impact: MEDIUM
|
|
10
|
+
confidence: LOW
|
|
11
|
+
category: security
|
|
12
|
+
cwe:
|
|
13
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
14
|
+
cwe2021-top25: true
|
|
15
|
+
cwe2022-top25: true
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
|
|
21
|
+
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
|
|
22
|
+
subcategory:
|
|
23
|
+
- vuln
|
|
24
|
+
technology:
|
|
25
|
+
- gitleaks
|
|
26
|
+
patterns:
|
|
27
|
+
- pattern-regex: ghp_[0-9a-zA-Z]{36}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: github-refresh-token
|
|
3
|
+
message: A gitleaks github-refresh-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
|
|
4
|
+
languages:
|
|
5
|
+
- regex
|
|
6
|
+
severity: INFO
|
|
7
|
+
metadata:
|
|
8
|
+
likelihood: LOW
|
|
9
|
+
impact: MEDIUM
|
|
10
|
+
confidence: LOW
|
|
11
|
+
category: security
|
|
12
|
+
cwe:
|
|
13
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
14
|
+
cwe2021-top25: true
|
|
15
|
+
cwe2022-top25: true
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
|
|
21
|
+
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
|
|
22
|
+
subcategory:
|
|
23
|
+
- vuln
|
|
24
|
+
technology:
|
|
25
|
+
- gitleaks
|
|
26
|
+
patterns:
|
|
27
|
+
- pattern-regex: ghr_[0-9a-zA-Z]{36}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: gitlab-pat
|
|
3
|
+
message: A gitleaks gitlab-pat was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
|
|
4
|
+
languages:
|
|
5
|
+
- regex
|
|
6
|
+
severity: INFO
|
|
7
|
+
metadata:
|
|
8
|
+
likelihood: LOW
|
|
9
|
+
impact: MEDIUM
|
|
10
|
+
confidence: LOW
|
|
11
|
+
category: security
|
|
12
|
+
cwe:
|
|
13
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
14
|
+
cwe2021-top25: true
|
|
15
|
+
cwe2022-top25: true
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
|
|
21
|
+
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
|
|
22
|
+
subcategory:
|
|
23
|
+
- vuln
|
|
24
|
+
technology:
|
|
25
|
+
- gitleaks
|
|
26
|
+
patterns:
|
|
27
|
+
- pattern-regex: glpat-[0-9a-zA-Z\-\_]{20}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: gitlab-ptt
|
|
3
|
+
message: A gitleaks gitlab-ptt was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
|
|
4
|
+
languages:
|
|
5
|
+
- regex
|
|
6
|
+
severity: INFO
|
|
7
|
+
metadata:
|
|
8
|
+
likelihood: LOW
|
|
9
|
+
impact: MEDIUM
|
|
10
|
+
confidence: LOW
|
|
11
|
+
category: security
|
|
12
|
+
cwe:
|
|
13
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
14
|
+
cwe2021-top25: true
|
|
15
|
+
cwe2022-top25: true
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
|
|
21
|
+
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
|
|
22
|
+
subcategory:
|
|
23
|
+
- vuln
|
|
24
|
+
technology:
|
|
25
|
+
- gitleaks
|
|
26
|
+
patterns:
|
|
27
|
+
- pattern-regex: glptt-[0-9a-f]{40}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: gitlab-rrt
|
|
3
|
+
message: A gitleaks gitlab-rrt was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
|
|
4
|
+
languages:
|
|
5
|
+
- regex
|
|
6
|
+
severity: INFO
|
|
7
|
+
metadata:
|
|
8
|
+
likelihood: LOW
|
|
9
|
+
impact: MEDIUM
|
|
10
|
+
confidence: LOW
|
|
11
|
+
category: security
|
|
12
|
+
cwe:
|
|
13
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
14
|
+
cwe2021-top25: true
|
|
15
|
+
cwe2022-top25: true
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
|
|
21
|
+
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
|
|
22
|
+
subcategory:
|
|
23
|
+
- vuln
|
|
24
|
+
technology:
|
|
25
|
+
- gitleaks
|
|
26
|
+
patterns:
|
|
27
|
+
- pattern-regex: GR1348941[0-9a-zA-Z\-\_]{20}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: gitter-access-token
|
|
3
|
+
message: A gitleaks gitter-access-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
|
|
4
|
+
languages:
|
|
5
|
+
- regex
|
|
6
|
+
severity: INFO
|
|
7
|
+
metadata:
|
|
8
|
+
likelihood: LOW
|
|
9
|
+
impact: MEDIUM
|
|
10
|
+
confidence: LOW
|
|
11
|
+
category: security
|
|
12
|
+
cwe:
|
|
13
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
14
|
+
cwe2021-top25: true
|
|
15
|
+
cwe2022-top25: true
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
|
|
21
|
+
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
|
|
22
|
+
subcategory:
|
|
23
|
+
- vuln
|
|
24
|
+
technology:
|
|
25
|
+
- gitleaks
|
|
26
|
+
patterns:
|
|
27
|
+
- pattern-regex: (?i)(?:gitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: gocardless-api-token
|
|
3
|
+
message: A gitleaks gocardless-api-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
|
|
4
|
+
languages:
|
|
5
|
+
- regex
|
|
6
|
+
severity: INFO
|
|
7
|
+
metadata:
|
|
8
|
+
likelihood: LOW
|
|
9
|
+
impact: MEDIUM
|
|
10
|
+
confidence: LOW
|
|
11
|
+
category: security
|
|
12
|
+
cwe:
|
|
13
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
14
|
+
cwe2021-top25: true
|
|
15
|
+
cwe2022-top25: true
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
|
|
21
|
+
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
|
|
22
|
+
subcategory:
|
|
23
|
+
- vuln
|
|
24
|
+
technology:
|
|
25
|
+
- gitleaks
|
|
26
|
+
patterns:
|
|
27
|
+
- pattern-regex: (?i)(?:gocardless)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(live_(?i)[a-z0-9\-_=]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: grafana-api-key
|
|
3
|
+
message: A gitleaks grafana-api-key was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
|
|
4
|
+
languages:
|
|
5
|
+
- regex
|
|
6
|
+
severity: INFO
|
|
7
|
+
metadata:
|
|
8
|
+
likelihood: LOW
|
|
9
|
+
impact: MEDIUM
|
|
10
|
+
confidence: LOW
|
|
11
|
+
category: security
|
|
12
|
+
cwe:
|
|
13
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
14
|
+
cwe2021-top25: true
|
|
15
|
+
cwe2022-top25: true
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
|
|
21
|
+
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
|
|
22
|
+
subcategory:
|
|
23
|
+
- vuln
|
|
24
|
+
technology:
|
|
25
|
+
- gitleaks
|
|
26
|
+
patterns:
|
|
27
|
+
- pattern-regex: (?i)\b(eyJrIjoi[A-Za-z0-9]{70,400}={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$)
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: grafana-cloud-api-token
|
|
3
|
+
message: A gitleaks grafana-cloud-api-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
|
|
4
|
+
languages:
|
|
5
|
+
- regex
|
|
6
|
+
severity: INFO
|
|
7
|
+
metadata:
|
|
8
|
+
likelihood: LOW
|
|
9
|
+
impact: MEDIUM
|
|
10
|
+
confidence: LOW
|
|
11
|
+
category: security
|
|
12
|
+
cwe:
|
|
13
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
14
|
+
cwe2021-top25: true
|
|
15
|
+
cwe2022-top25: true
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
|
|
21
|
+
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
|
|
22
|
+
subcategory:
|
|
23
|
+
- vuln
|
|
24
|
+
technology:
|
|
25
|
+
- gitleaks
|
|
26
|
+
patterns:
|
|
27
|
+
- pattern-regex: (?i)\b(glc_[A-Za-z0-9+/]{32,400}={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$)
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: grafana-service-account-token
|
|
3
|
+
message: A gitleaks grafana-service-account-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
|
|
4
|
+
languages:
|
|
5
|
+
- regex
|
|
6
|
+
severity: INFO
|
|
7
|
+
metadata:
|
|
8
|
+
likelihood: LOW
|
|
9
|
+
impact: MEDIUM
|
|
10
|
+
confidence: LOW
|
|
11
|
+
category: security
|
|
12
|
+
cwe:
|
|
13
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
14
|
+
cwe2021-top25: true
|
|
15
|
+
cwe2022-top25: true
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
|
|
21
|
+
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
|
|
22
|
+
subcategory:
|
|
23
|
+
- vuln
|
|
24
|
+
technology:
|
|
25
|
+
- gitleaks
|
|
26
|
+
patterns:
|
|
27
|
+
- pattern-regex: (?i)\b(glsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$)
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: harness-api-key
|
|
3
|
+
message: A gitleaks harness-api-key was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
|
|
4
|
+
languages:
|
|
5
|
+
- regex
|
|
6
|
+
severity: INFO
|
|
7
|
+
metadata:
|
|
8
|
+
likelihood: LOW
|
|
9
|
+
impact: MEDIUM
|
|
10
|
+
confidence: LOW
|
|
11
|
+
category: security
|
|
12
|
+
cwe:
|
|
13
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
14
|
+
cwe2021-top25: true
|
|
15
|
+
cwe2022-top25: true
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
|
|
21
|
+
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
|
|
22
|
+
subcategory:
|
|
23
|
+
- vuln
|
|
24
|
+
technology:
|
|
25
|
+
- gitleaks
|
|
26
|
+
patterns:
|
|
27
|
+
- pattern-regex: ((?:pat|sat)\.[a-zA-Z0-9]{22}\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{20})
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: hashicorp-tf-api-token
|
|
3
|
+
message: A gitleaks hashicorp-tf-api-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
|
|
4
|
+
languages:
|
|
5
|
+
- regex
|
|
6
|
+
severity: INFO
|
|
7
|
+
metadata:
|
|
8
|
+
likelihood: LOW
|
|
9
|
+
impact: MEDIUM
|
|
10
|
+
confidence: LOW
|
|
11
|
+
category: security
|
|
12
|
+
cwe:
|
|
13
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
14
|
+
cwe2021-top25: true
|
|
15
|
+
cwe2022-top25: true
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
|
|
21
|
+
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
|
|
22
|
+
subcategory:
|
|
23
|
+
- vuln
|
|
24
|
+
technology:
|
|
25
|
+
- gitleaks
|
|
26
|
+
patterns:
|
|
27
|
+
- pattern-regex: (?i)[a-z0-9]{14}\.atlasv1\.[a-z0-9\-_=]{60,70}
|