add update token from square (#1370)

gitleaks · Mar 22, 2024 · db69e82 · db69e82
1 parent 4b54328
commit db69e82
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 4 deletions.
diff --git a/cmd/generate/config/rules/square.go b/cmd/generate/config/rules/square.go
@@ -10,13 +10,15 @@ func SquareAccessToken() *config.Rule {
 	r := config.Rule{
 		RuleID:      "square-access-token",
 		Description: "Detected a Square Access Token, risking unauthorized payment processing and financial transaction exposure.",
-		Regex:       generateUniqueTokenRegex(`sq0atp-[0-9A-Za-z\-_]{22}`, true),
-		Keywords:    []string{"sq0atp-"},
+		Regex:       generateUniqueTokenRegex(`(EAAA|sq0atp-)[0-9A-Za-z\-_]{22,60}`, true),
+		Keywords:    []string{"sq0atp-", "EAAA"},
 	}
 
 	// validate
 	tps := []string{
 		generateSampleSecret("square", secrets.NewSecret(`sq0atp-[0-9A-Za-z\-_]{22}`)),
+		"ARG token=sq0atp-812erere3wewew45678901",                                    // gitleaks:allow
+		"ARG token=EAAAlsBxkkVgvmr7FasTFbM6VUGZ31EJ4jZKTJZySgElBDJ_wyafHuBFquFexY7E", // gitleaks:allow",
 	}
 	return validate(r, tps, nil)
 }
@@ -33,6 +35,7 @@ func SquareSecret() *config.Rule {
 	// validate
 	tps := []string{
 		generateSampleSecret("square", secrets.NewSecret(`sq0csp-[0-9A-Za-z\\-_]{43}`)),
+		`value: "sq0csp-0p9h7g6f4s3s3s3-4a3ardgwa6ADRDJDDKUFYDYDYDY"`, // gitleaks:allow
 	}
 	return validate(r, tps, nil)
 }
diff --git a/config/gitleaks.toml b/config/gitleaks.toml
@@ -2685,9 +2685,9 @@ keywords = [
 [[rules]]
 id = "square-access-token"
 description = "Detected a Square Access Token, risking unauthorized payment processing and financial transaction exposure."
-regex = '''(?i)\b(sq0atp-[0-9A-Za-z\-_]{22})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+regex = '''(?i)\b((EAAA|sq0atp-)[0-9A-Za-z\-_]{22,60})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
 keywords = [
-    "sq0atp-",
+    "sq0atp-","eaaa",
 ]
 
 [[rules]]