diff --git a/cmd/generate/config/rules/sumologic.go b/cmd/generate/config/rules/sumologic.go index c9f5d9b86..a85373712 100644 --- a/cmd/generate/config/rules/sumologic.go +++ b/cmd/generate/config/rules/sumologic.go @@ -1,6 +1,8 @@ package rules import ( + "regexp" + "github.com/zricethezav/gitleaks/v8/cmd/generate/secrets" "github.com/zricethezav/gitleaks/v8/config" ) @@ -10,19 +12,42 @@ func SumoLogicAccessID() *config.Rule { r := config.Rule{ RuleID: "sumologic-access-id", Description: "SumoLogic Access ID", + // TODO: Make 'su' case-sensitive. Regex: generateSemiGenericRegex([]string{"sumo"}, - alphaNumeric("14")), + "su[a-zA-Z0-9]{12}"), SecretGroup: 1, + Entropy: 3, Keywords: []string{ "sumo", }, + Allowlist: config.Allowlist{ + RegexTarget: "line", + Regexes: []*regexp.Regexp{ + regexp.MustCompile(`sumOf`), + }, + }, } // validate tps := []string{ - generateSampleSecret("sumo", secrets.NewSecret(alphaNumeric("14"))), + `sumologic.accessId = "su9OL59biWiJu7"`, // gitleaks:allow + `sumologic_access_id = "sug5XpdpaoxtOH"`, // gitleaks:allow + `export SUMOLOGIC_ACCESSID="suDbJw97o9WVo0"`, // gitleaks:allow + `SUMO_ACCESS_ID = "suGyI5imvADdvU"`, // gitleaks:allow + generateSampleSecret("sumo", "su"+secrets.NewSecret(alphaNumeric("12"))), } - return validate(r, tps, nil) + fps := []string{ + `- (NSNumber *)sumOfProperty:(NSString *)property;`, + `- (NSInteger)sumOfValuesInRange:(NSRange)range;`, + `+ (unsigned char)byteChecksumOfData:(id)arg1;`, + `sumOfExposures = sumOfExposures;`, // gitleaks:allow + `.si-sumologic.si--color::before { color: #000099; }`, + `/// Based on the SumoLogic keyword syntax:`, + `sumologic_access_id = ""`, + `SUMOLOGIC_ACCESSID: ${SUMOLOGIC_ACCESSID}`, + `export SUMOLOGIC_ACCESSID=XXXXXXXXXXXXXX`, // gitleaks:allow + } + return validate(r, tps, fps) } func SumoLogicAccessToken() *config.Rule { @@ -33,6 +58,7 @@ func SumoLogicAccessToken() *config.Rule { Regex: generateSemiGenericRegex([]string{"sumo"}, alphaNumeric("64")), SecretGroup: 1, + Entropy: 3, Keywords: []string{ "sumo", }, @@ -40,7 +66,19 @@ func SumoLogicAccessToken() *config.Rule { // validate tps := []string{ + `export SUMOLOGIC_ACCESSKEY="3HSa1hQfz6BYzlxf7Yb1WKG3Hyovm56LMFChV2y9LgkRipsXCujcLb5ej3oQUJlx"`, // gitleaks:allow + `SUMO_ACCESS_KEY: gxq3rJQkS6qovOg9UY2Q70iH1jFZx0WBrrsiAYv4XHodogAwTKyLzvFK4neRN8Dk`, // gitleaks:allow + `SUMOLOGIC_ACCESSKEY: 9RITWb3I3kAnSyUolcVJq4gwM17JRnQK8ugRaixFfxkdSl8ys17ZtEL3LotESKB7`, // gitleaks:allow + `sumo_access_key = "3Kof2VffNQ0QgYIhXUPJosVlCaQKm2hfpWE6F1fT9YGY74blQBIPsrkCcf1TwKE5"`, // gitleaks:allow generateSampleSecret("sumo", secrets.NewSecret(alphaNumeric("64"))), } - return validate(r, tps, nil) + fps := []string{ + `# SUMO_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx`, // gitleaks:allow + "-e SUMO_ACCESS_KEY=`etcdctl get /sumologic_secret`", + `SUMO_ACCESS_KEY={SumoAccessKey}`, + `SUMO_ACCESS_KEY=${SUMO_ACCESS_KEY:=$2}`, + `sumo_access_key = ""`, + `SUMO_ACCESS_KEY: AbCeFG123`, + } + return validate(r, tps, fps) } diff --git a/config/gitleaks.toml b/config/gitleaks.toml index 76af85bac..ebcd5bf5f 100644 --- a/config/gitleaks.toml +++ b/config/gitleaks.toml @@ -2414,7 +2414,6 @@ id = "plaid-client-id" description = "Plaid Client ID" regex = '''(?i)(?:plaid)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)''' secretGroup = 1 -entropy = 3.5 keywords = [ "plaid", ] @@ -2424,7 +2423,6 @@ id = "plaid-secret-key" description = "Plaid Secret key" regex = '''(?i)(?:plaid)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$)''' secretGroup = 1 -entropy = 3.5 keywords = [ "plaid", ] @@ -2739,17 +2737,24 @@ keywords = [ [[rules]] id = "sumologic-access-id" description = "SumoLogic Access ID" -regex = '''(?i)(?:sumo)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{14})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +regex = '''(?i)(?:sumo)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(su[a-zA-Z0-9]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)''' secretGroup = 1 +entropy = 3 keywords = [ "sumo", ] +[rules.allowlist] +regexTarget = "line" +regexes = [ + "sumOf", +] [[rules]] id = "sumologic-access-token" description = "SumoLogic Access Token" regex = '''(?i)(?:sumo)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)''' secretGroup = 1 +entropy = 3 keywords = [ "sumo", ]