Add Authress access key format: https://authress.io/knowledge-base/do…

…cs/authorization/service-clients/secrets-scanning/ (#1131)
gitleaks · Mar 28, 2023 · 9c6650d · 9c6650d
1 parent 6fa63f4
commit 9c6650d
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 0 deletions.
diff --git a/cmd/generate/config/main.go b/cmd/generate/config/main.go
@@ -27,6 +27,7 @@ func main() {
 	configRules = append(configRules, rules.AsanaClientID())
 	configRules = append(configRules, rules.AsanaClientSecret())
 	configRules = append(configRules, rules.Atlassian())
+	configRules = append(configRules, rules.Authress())
 	configRules = append(configRules, rules.AWS())
 	configRules = append(configRules, rules.BitBucketClientID())
 	configRules = append(configRules, rules.BitBucketClientSecret())

diff --git a/cmd/generate/config/rules/authress.go b/cmd/generate/config/rules/authress.go
@@ -0,0 +1,31 @@
+package rules
+
+import (
+	"fmt"
+
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
+	"github.com/zricethezav/gitleaks/v8/config"
+)
+
+func Authress() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "Authress Service Client Access Key",
+		RuleID:      "authress-service-client-access-key",
+		SecretGroup: 1,
+		Regex: generateUniqueTokenRegex(`(?:sc|ext|scauth|authress)_[a-z0-9]{5,30}\.[a-z0-9]{4,6}\.acc_[a-z0-9-]{10,32}\.[a-z0-9+/_=-]{30,120}`),
+		Keywords:    []string{"sc_", "ext_", "scauth_", "authress_"},
+	}
+
+	// validate
+	// https://authress.io/knowledge-base/docs/authorization/service-clients/secrets-scanning/#1-detection
+	service_client_id := "sc_" + alphaNumeric("10")
+	access_key_id := alphaNumeric("4")
+	account_id := "acc_" + alphaNumeric("10")
+	signature_key := alphaNumericExtendedShort("40")
+
+	tps := []string{
+		generateSampleSecret("authress", secrets.NewSecret(fmt.Sprintf(`%s\.%s\.%s\.%s`, service_client_id, access_key_id, account_id, signature_key))),
+	}
+	return validate(r, tps, nil)
+}
diff --git a/config/gitleaks.toml b/config/gitleaks.toml
@@ -119,6 +119,15 @@ keywords = [
     "atlassian","confluence","jira",
 ]
 
+[[rules]]
+description = "Authress Service Client Access Key"
+id = "authress-service-client-access-key"
+regex = '''(?i)\b((?:sc|ext|scauth|authress)_[a-z0-9]{5,30}\.[a-z0-9]{4,6}\.acc_[a-z0-9-]{10,32}\.[a-z0-9+/_=-]{30,120})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    "sc_","ext_","scauth_","authress_",
+]
+
 [[rules]]
 description = "AWS"
 id = "aws-access-token"