-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
/
main.go
210 lines (200 loc) Β· 10.7 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
package main
import (
"os"
"text/template"
"github.com/rs/zerolog/log"
"github.com/zricethezav/gitleaks/v8/cmd/generate/config/rules"
"github.com/zricethezav/gitleaks/v8/config"
)
const (
templatePath = "rules/config.tmpl"
)
func main() {
var configRules []*config.Rule
configRules = append(configRules, rules.AdafruitAPIKey())
configRules = append(configRules, rules.AdobeClientID())
configRules = append(configRules, rules.AdobeClientSecret())
configRules = append(configRules, rules.AgeSecretKey())
configRules = append(configRules, rules.Airtable())
configRules = append(configRules, rules.AlgoliaApiKey())
configRules = append(configRules, rules.AlibabaAccessKey())
configRules = append(configRules, rules.AlibabaSecretKey())
configRules = append(configRules, rules.AsanaClientID())
configRules = append(configRules, rules.AsanaClientSecret())
configRules = append(configRules, rules.Atlassian())
configRules = append(configRules, rules.Authress())
configRules = append(configRules, rules.AWS())
configRules = append(configRules, rules.BitBucketClientID())
configRules = append(configRules, rules.BitBucketClientSecret())
configRules = append(configRules, rules.BittrexAccessKey())
configRules = append(configRules, rules.BittrexSecretKey())
configRules = append(configRules, rules.Beamer())
configRules = append(configRules, rules.CodecovAccessToken())
configRules = append(configRules, rules.CoinbaseAccessToken())
configRules = append(configRules, rules.Clojars())
configRules = append(configRules, rules.ConfluentAccessToken())
configRules = append(configRules, rules.ConfluentSecretKey())
configRules = append(configRules, rules.Contentful())
configRules = append(configRules, rules.Databricks())
configRules = append(configRules, rules.DatadogtokenAccessToken())
configRules = append(configRules, rules.DefinedNetworkingAPIToken())
configRules = append(configRules, rules.DigitalOceanPAT())
configRules = append(configRules, rules.DigitalOceanOAuthToken())
configRules = append(configRules, rules.DigitalOceanRefreshToken())
configRules = append(configRules, rules.DiscordAPIToken())
configRules = append(configRules, rules.DiscordClientID())
configRules = append(configRules, rules.DiscordClientSecret())
configRules = append(configRules, rules.Doppler())
configRules = append(configRules, rules.DropBoxAPISecret())
configRules = append(configRules, rules.DropBoxLongLivedAPIToken())
configRules = append(configRules, rules.DropBoxShortLivedAPIToken())
configRules = append(configRules, rules.DroneciAccessToken())
configRules = append(configRules, rules.Duffel())
configRules = append(configRules, rules.Dynatrace())
configRules = append(configRules, rules.EasyPost())
configRules = append(configRules, rules.EasyPostTestAPI())
configRules = append(configRules, rules.EtsyAccessToken())
configRules = append(configRules, rules.Facebook())
configRules = append(configRules, rules.FastlyAPIToken())
configRules = append(configRules, rules.FinicityClientSecret())
configRules = append(configRules, rules.FinicityAPIToken())
configRules = append(configRules, rules.FlickrAccessToken())
configRules = append(configRules, rules.FinnhubAccessToken())
configRules = append(configRules, rules.FlutterwavePublicKey())
configRules = append(configRules, rules.FlutterwaveSecretKey())
configRules = append(configRules, rules.FlutterwaveEncKey())
configRules = append(configRules, rules.FrameIO())
configRules = append(configRules, rules.FreshbooksAccessToken())
configRules = append(configRules, rules.GoCardless())
// TODO figure out what makes sense for GCP
// configRules = append(configRules, rules.GCPServiceAccount())
configRules = append(configRules, rules.GCPAPIKey())
configRules = append(configRules, rules.GitHubPat())
configRules = append(configRules, rules.GitHubFineGrainedPat())
configRules = append(configRules, rules.GitHubOauth())
configRules = append(configRules, rules.GitHubApp())
configRules = append(configRules, rules.GitHubRefresh())
configRules = append(configRules, rules.GitlabPat())
configRules = append(configRules, rules.GitlabPipelineTriggerToken())
configRules = append(configRules, rules.GitlabRunnerRegistrationToken())
configRules = append(configRules, rules.GitterAccessToken())
configRules = append(configRules, rules.GrafanaApiKey())
configRules = append(configRules, rules.GrafanaCloudApiToken())
configRules = append(configRules, rules.GrafanaServiceAccountToken())
configRules = append(configRules, rules.Hashicorp())
configRules = append(configRules, rules.Heroku())
configRules = append(configRules, rules.HubSpot())
configRules = append(configRules, rules.HuggingFaceAccessToken())
configRules = append(configRules, rules.HuggingFaceOrganizationApiToken())
configRules = append(configRules, rules.Intercom())
configRules = append(configRules, rules.JFrogAPIKey())
configRules = append(configRules, rules.JFrogIdentityToken())
configRules = append(configRules, rules.JWT())
configRules = append(configRules, rules.KrakenAccessToken())
configRules = append(configRules, rules.KucoinAccessToken())
configRules = append(configRules, rules.KucoinSecretKey())
configRules = append(configRules, rules.LaunchDarklyAccessToken())
configRules = append(configRules, rules.LinearAPIToken())
configRules = append(configRules, rules.LinearClientSecret())
configRules = append(configRules, rules.LinkedinClientID())
configRules = append(configRules, rules.LinkedinClientSecret())
configRules = append(configRules, rules.LobAPIToken())
configRules = append(configRules, rules.LobPubAPIToken())
configRules = append(configRules, rules.MailChimp())
configRules = append(configRules, rules.MailGunPubAPIToken())
configRules = append(configRules, rules.MailGunPrivateAPIToken())
configRules = append(configRules, rules.MailGunSigningKey())
configRules = append(configRules, rules.MapBox())
configRules = append(configRules, rules.MattermostAccessToken())
configRules = append(configRules, rules.MessageBirdAPIToken())
configRules = append(configRules, rules.MessageBirdClientID())
configRules = append(configRules, rules.NetlifyAccessToken())
configRules = append(configRules, rules.NewRelicUserID())
configRules = append(configRules, rules.NewRelicUserKey())
configRules = append(configRules, rules.NewRelicBrowserAPIKey())
configRules = append(configRules, rules.NPM())
configRules = append(configRules, rules.NytimesAccessToken())
configRules = append(configRules, rules.OktaAccessToken())
configRules = append(configRules, rules.OpenAI())
configRules = append(configRules, rules.PlaidAccessID())
configRules = append(configRules, rules.PlaidSecretKey())
configRules = append(configRules, rules.PlaidAccessToken())
configRules = append(configRules, rules.PlanetScalePassword())
configRules = append(configRules, rules.PlanetScaleAPIToken())
configRules = append(configRules, rules.PlanetScaleOAuthToken())
configRules = append(configRules, rules.PostManAPI())
configRules = append(configRules, rules.Prefect())
configRules = append(configRules, rules.PrivateKey())
configRules = append(configRules, rules.PulumiAPIToken())
configRules = append(configRules, rules.PyPiUploadToken())
configRules = append(configRules, rules.RapidAPIAccessToken())
configRules = append(configRules, rules.ReadMe())
configRules = append(configRules, rules.RubyGemsAPIToken())
configRules = append(configRules, rules.SendbirdAccessID())
configRules = append(configRules, rules.SendbirdAccessToken())
configRules = append(configRules, rules.SendGridAPIToken())
configRules = append(configRules, rules.SendInBlueAPIToken())
configRules = append(configRules, rules.SentryAccessToken())
configRules = append(configRules, rules.ShippoAPIToken())
configRules = append(configRules, rules.ShopifyAccessToken())
configRules = append(configRules, rules.ShopifyCustomAccessToken())
configRules = append(configRules, rules.ShopifyPrivateAppAccessToken())
configRules = append(configRules, rules.ShopifySharedSecret())
configRules = append(configRules, rules.SidekiqSecret())
configRules = append(configRules, rules.SidekiqSensitiveUrl())
configRules = append(configRules, rules.SlackBotToken())
configRules = append(configRules, rules.SlackUserToken())
configRules = append(configRules, rules.SlackAppLevelToken())
configRules = append(configRules, rules.SlackConfigurationToken())
configRules = append(configRules, rules.SlackConfigurationRefreshToken())
configRules = append(configRules, rules.SlackLegacyBotToken())
configRules = append(configRules, rules.SlackLegacyWorkspaceToken())
configRules = append(configRules, rules.SlackLegacyToken())
configRules = append(configRules, rules.SlackWebHookUrl())
configRules = append(configRules, rules.Snyk())
configRules = append(configRules, rules.StripeAccessToken())
configRules = append(configRules, rules.SquareAccessToken())
configRules = append(configRules, rules.SquareSpaceAccessToken())
configRules = append(configRules, rules.SumoLogicAccessID())
configRules = append(configRules, rules.SumoLogicAccessToken())
configRules = append(configRules, rules.TeamsWebhook())
configRules = append(configRules, rules.TelegramBotToken())
configRules = append(configRules, rules.TravisCIAccessToken())
configRules = append(configRules, rules.Twilio())
configRules = append(configRules, rules.TwitchAPIToken())
configRules = append(configRules, rules.TwitterAPIKey())
configRules = append(configRules, rules.TwitterAPISecret())
configRules = append(configRules, rules.TwitterAccessToken())
configRules = append(configRules, rules.TwitterAccessSecret())
configRules = append(configRules, rules.TwitterBearerToken())
configRules = append(configRules, rules.Typeform())
configRules = append(configRules, rules.VaultBatchToken())
configRules = append(configRules, rules.VaultServiceToken())
configRules = append(configRules, rules.YandexAPIKey())
configRules = append(configRules, rules.YandexAWSAccessToken())
configRules = append(configRules, rules.YandexAccessToken())
configRules = append(configRules, rules.ZendeskSecretKey())
configRules = append(configRules, rules.GenericCredential())
// ensure rules have unique ids
ruleLookUp := make(map[string]config.Rule)
for _, rule := range configRules {
// check if rule is in ruleLookUp
if _, ok := ruleLookUp[rule.RuleID]; ok {
log.Fatal().Msgf("rule id %s is not unique", rule.RuleID)
}
// TODO: eventually change all the signatures to get ride of this
// nasty dereferencing.
ruleLookUp[rule.RuleID] = *rule
}
tmpl, err := template.ParseFiles(templatePath)
if err != nil {
log.Fatal().Err(err).Msg("Failed to parse template")
}
f, err := os.Create("../../../config/gitleaks.toml")
if err != nil {
log.Fatal().Err(err).Msg("Failed to create rules.toml")
}
if err = tmpl.Execute(f, config.Config{Rules: ruleLookUp}); err != nil {
log.Fatal().Err(err).Msg("could not execute template")
}
}