fix: generic support special character #1371
Open
+2,404
−505
Commits on Mar 13, 2024
Commits on Mar 14, 2024
Commits on Mar 28, 2024
-
feat: catch secret in XML child (#1)
### Description: - Added generic API key inside an XML element: `<password>edf8f16608465858a6c9e3cccb97d3c2</password>` - Added True-Positives and False-Positives to the Generic API Key rule ### Checklist: * [x] Does your PR pass tests? * [x] Have you written new tests for your changes? * [x] Have you lint your code locally prior to submission? Original: gitleaks#1265
-
chore: refactor regex for redundant pipe (#2)
### Description: > since this part is enclosed in `[]`, the pipes aren't necessary. _Originally posted by @rgmz in gitleaks#1265 (comment) ### Checklist: * [x] Does your PR pass tests? * [x] Have you written new tests for your changes? * [x] Have you lint your code locally prior to submission? Original: gitleaks#1266
-
feat: catch JSON stringified (#3)
### Description: I have a code sample when someone writting a hard-coded JSON as string, and it looks like this: ```java var json = "{ \"access-key\": \"access key here\" }" ``` ### Checklist: * [x] Does your PR pass tests? * [x] Have you written new tests for your changes? * [x] Have you lint your code locally prior to submission? Original: gitleaks#1267 -
fix: secrets found with quotas (#4)
I found some rules that returns the value ended with `"`. This happened because missing `secretGroup` value. It is an _hot fix_. For the future, I think we need: 1. Refactor the `validate` function or create another suite of tests with declaration of the expected found secret. 1. Fix the suffix regex to not include the `"`, because even with my change, it only fixes the `Secret` but not the `Match` Original: gitleaks#1350
-
tests: scalingo validation consistent test (#7)
### Description: Sometimes the tp of Scalingo is failing during the Github Actions workflow and after re-triggering it passed. I think the problem was when the generated example secret was ended with `-`, and combined with the `Regex` that expect for a word boundary `\b`, it was failed. I think in any way it is better to use the common `generateUniqueTokenRegex` instead of wrapping the regex with `\b`. ### Checklist: * [x] Does your PR pass tests? * [x] Have you written new tests for your changes? * [x] Have you lint your code locally prior to submission? Original: gitleaks#1359
-
feat: add aws-secret-key rule (#5)
### Description: I fixes few issues (gitleaks#1049, gitleaks#1324, gitleaks#1337) and added a rule for AWS Secret Key. I renamed the `AWS()` function name to `AWSAccessKey()`, and changed the `RuleID` too, which may lead to breaking changes
⚠️ . ### Checklist: * [x] Does your PR pass tests? * [x] Have you written new tests for your changes? * [x] Have you lint your code locally prior to submission? Original: gitleaks#1356 -
feat: Add PuttyPrivateKey rule and allowlist for raw content (#9)
### Description: [PuTTY](https://www.putty.org/) is a common SSH and telnet client for Windows. It installed with a "PuTTY Key Generator, which is generating a regular private/public keys, but saves them in a different format. To support this, I added support for apply the `AllowList.Regexes` on the `fragment.Raw` content. I also added a `validateFragment` to validate a rule that accept the `Path` field. ### Checklist: * [x] Does your PR pass tests? * [x] Have you written new tests for your changes? * [x] Have you lint your code locally prior to submission? Original: gitleaks#1373
-
add real (test) standard and restricted keys (#11)
### Description: I just generated keys from Stripe and adjusted the rule. ### Checklist: * [x] Does your PR pass tests? * [x] Have you written new tests for your changes? * [x] Have you lint your code locally prior to submission? Original: gitleaks#1375
-
feat: Add Cloudflare API and Origin CA keys (#10)
### Description: Added rules for real (revoked) cloudflare secrets ### Checklist: * [x] Does your PR pass tests? * [x] Have you written new tests for your changes? * [x] Have you lint your code locally prior to submission? Original: gitleaks#1374
-
fix: reduce false positives by hashicorp (#6)
### Description: To add this rule I took examples from the official Hashicorp documentation, but now I used this rule and it find too generic cases such as `const TagPassword = "password"`. Using the `Entropy` field is a balance between true/false positives, since with `3.5` it will ignore almost all passwords less then 10 characters length. ### Checklist: * [x] Does your PR pass tests? * [x] Have you written new tests for your changes? * [x] Have you lint your code locally prior to submission? Original: gitleaks#1358
-
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.