gitleaks · zricethezav · Jun 15, 2023 · Jan 17, 2023 · Jan 17, 2023 · Jan 18, 2023
diff --git a/.gitignore b/.gitignore
@@ -17,4 +17,4 @@ cmd/generate/config/gitleaks.toml
 # Test binary
 *.out
 
-dist/
+dist/
diff --git a/cmd/generate/config/main.go b/cmd/generate/config/main.go
@@ -24,10 +24,37 @@ func main() {
 	configRules = append(configRules, rules.AlgoliaApiKey())
 	configRules = append(configRules, rules.AlibabaAccessKey())
 	configRules = append(configRules, rules.AlibabaSecretKey())
+	configRules = append(configRules, rules.AnsibleVaultToken())
 	configRules = append(configRules, rules.AsanaClientID())
 	configRules = append(configRules, rules.AsanaClientSecret())
 	configRules = append(configRules, rules.Atlassian())
 	configRules = append(configRules, rules.AWS())
+	configRules = append(configRules, rules.AzureAppServiceDeploymentSecrets())
+	configRules = append(configRules, rules.AzureDevTFVCSecrets())
+	configRules = append(configRules, rules.AzureDevopsPAT())
+	configRules = append(configRules, rules.AzureNetworkCredential())
+	configRules = append(configRules, rules.AzureNetworkCredentialSchtasks())
+	configRules = append(configRules, rules.AzureNetworkCredentialDotNet())
+	configRules = append(configRules, rules.AzurePasswordDecryptionkey())
+	configRules = append(configRules, rules.AzurePasswordAddKey())
+	configRules = append(configRules, rules.AzurePasswordConnString())
+	configRules = append(configRules, rules.AzurePasswordValueString())
+	configRules = append(configRules, rules.AzurePassworduidpw())
+	configRules = append(configRules, rules.AzureStorageCredential43char())
+	configRules = append(configRules, rules.AzureStorageCredential86char())
+	configRules = append(configRules, rules.AzureStorageCredentialAccountKey())
+	configRules = append(configRules, rules.AzureStorageCredentialBlobURL())
+	configRules = append(configRules, rules.AzureStorageCredentialMonikerKey())
+	configRules = append(configRules, rules.AzureStorageCredentialServiceBus())
+	configRules = append(configRules, rules.AzureStorageCredentialSig53())
+	configRules = append(configRules, rules.AzureStorageCredentialUserIDPW())
+	configRules = append(configRules, rules.AzureStorageCredentialXStore())
+
+	// Below work on Regex.com but something about the internal conversion to generateUniqueTokenRegex is breaking them
+	//configRules = append(configRules, rules.AzurePowershellTokenCache())
+	//configRules = append(configRules, rules.AzurePasswordXMLCredential())
+	//configRules = append(configRules, rules.AzurePasswordXMLValue())
+	//configRules = append(configRules, rules.AzurePasswordSSISProperty())
 	configRules = append(configRules, rules.BitBucketClientID())
 	configRules = append(configRules, rules.BitBucketClientSecret())
 	configRules = append(configRules, rules.BittrexAccessKey())

diff --git a/cmd/generate/config/rules/ansible.go b/cmd/generate/config/rules/ansible.go
@@ -0,0 +1,24 @@
+package rules
+
+import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
+	"github.com/zricethezav/gitleaks/v8/config"
+)
+
+func AnsibleVaultToken() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "CSCAN0270 - Found Azure Subscription Token Cache.",
+		RuleID:      "ansible-vault-token",
+		SecretGroup: 1,
+		Regex:       generateUniqueTokenRegex(`ANSIBLE_VAULT;[0-9]\.[0-9];AES256;[\r\n]+[0-9]+`),
+		Keywords:    []string{"ANSIBLE_VAULT;", "AES256;"},
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("ansible-vault-token",
+			"ANSIBLE_VAULT;1.0;AES256;\n" + secrets.NewSecret(numeric("32"))),
+	}
+	return validate(r, tps, nil)
+}