Skip to content

Commit

Permalink
feat: config files, contributing and gitleaks
Browse files Browse the repository at this point in the history
  • Loading branch information
Lucca Pessoa committed Aug 16, 2021
1 parent 57f08d5 commit 5c184e6
Show file tree
Hide file tree
Showing 4 changed files with 434 additions and 0 deletions.
191 changes: 191 additions & 0 deletions .gitleaks.toml
View file
@@ -0,0 +1,191 @@
title = "gitleaks config"

[[rules]]
description = "AWS Access Key"
regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
tags = ["key", "AWS"]

[[rules]]
description = "AWS cred file info"
regex = '''(?i)(aws_access_key_id|aws_secret_access_key)(.{0,20})?=.[0-9a-zA-Z\/+]{20,40}'''
tags = ["AWS"]

[[rules]]
description = "AWS Secret Key"
regex = '''(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]'''
tags = ["key", "AWS"]

[[rules]]
description = "AWS MWS key"
regex = '''amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
tags = ["key", "AWS", "MWS"]

[[rules]]
description = "Facebook Secret Key"
regex = '''(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]'''
tags = ["key", "Facebook"]

[[rules]]
description = "Facebook Client ID"
regex = '''(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]'''
tags = ["key", "Facebook"]

[[rules]]
description = "Facebook access token"
regex = '''EAACEdEose0cBA[0-9A-Za-z]+'''
tags = ["key", "Facebook"]

[[rules]]
description = "Twitter Secret Key"
regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}['\"]'''
tags = ["key", "Twitter"]

[[rules]]
description = "Twitter Client ID"
regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{18,25}['\"]'''
tags = ["client", "Twitter"]

[[rules]]
description = "Github"
regex = '''(?i)github(.{0,20})?(?-i)['\"][0-9a-zA-Z]{35,40}['\"]'''
tags = ["key", "Github"]

[[rules]]
description = "LinkedIn Client ID"
regex = '''(?i)linkedin(.{0,20})?(?-i)['\"][0-9a-z]{12}['\"]'''
tags = ["client", "LinkedIn"]

[[rules]]
description = "LinkedIn Secret Key"
regex = '''(?i)linkedin(.{0,20})?['\"][0-9a-z]{16}['\"]'''
tags = ["secret", "LinkedIn"]

[[rules]]
description = "Slack"
regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})?'''
tags = ["key", "Slack"]

[[rules]]
description = "Google API key"
regex = '''AIza[0-9A-Za-z\\-_]{35}'''
tags = ["key", "Google"]

[[rules]]
description = "Google Cloud Platform API key"
regex = '''(?i)(google|gcp|youtube|drive|yt)(.{0,20})?['\"][AIza[0-9a-z\\-_]{35}]['\"]'''
tags = ["key", "Google", "GCP"]

[[rules]]
description = "Google OAuth"
regex = '''(?i)(google|gcp|auth)(.{0,20})?['"][0-9]+-[0-9a-z_]{32}\.apps\.googleusercontent\.com['"]'''
tags = ["key", "Google", "OAuth"]

[[rules]]
description = "Google OAuth access token"
regex = '''ya29\.[0-9A-Za-z\-_]+'''
tags = ["key", "Google", "OAuth"]

[[rules]]
description = "Heroku API key"
regex = '''(?i)heroku(.{0,20})?['"][0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}['"]'''
tags = ["key", "Heroku"]

[[rules]]
description = "MailChimp API key"
regex = '''(?i)(mailchimp|mc)(.{0,20})?['"][0-9a-f]{32}-us[0-9]{1,2}['"]'''
tags = ["key", "Mailchimp"]

[[rules]]
description = "Mailgun API key"
regex = '''(?i)(mailgun|mg)(.{0,20})?['"][0-9a-z]{32}['"]'''
tags = ["key", "Mailgun"]

[[rules]]
description = "PayPal Braintree access token"
regex = '''access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'''
tags = ["key", "Paypal"]

[[rules]]
description = "Picatic API key"
regex = '''sk_live_[0-9a-z]{32}'''
tags = ["key", "Picatic"]

[[rules]]
description = "Slack Webhook"
regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}'''
tags = ["key", "slack"]

[[rules]]
description = "Stripe API key"
regex = '''(?i)stripe(.{0,20})?['\"][sk|rk]_live_[0-9a-zA-Z]{24}'''
tags = ["key", "Stripe"]

[[rules]]
description = "Square access token"
regex = '''sq0atp-[0-9A-Za-z\-_]{22}'''
tags = ["key", "square"]

[[rules]]
description = "Square OAuth secret"
regex = '''sq0csp-[0-9A-Za-z\\-_]{43}'''
tags = ["key", "square"]

[[rules]]
description = "Twilio API key"
regex = '''(?i)twilio(.{0,20})?['\"][0-9a-f]{32}['\"]'''
tags = ["key", "twilio"]

[[rules]]
description = "Password in URL"
regex = '''[a-zA-Z]{3,10}:\/\/[^\/\s:@]{3,20}:[^\/\s:@]{3,20}@.{1,100}\/?.?'''
tags = ["key", "URL", "generic"]

[[rules]]
description = "High Entropy"
regex = '''[0-9a-zA-Z-_!{}/=]{4,120}'''
file = '''(?i)(dump.sql|high-entropy-misc.txt)$'''
tags = ["entropy"]
[[rules.Entropies]]
Min = "4.3"
Max = "7.0"
[rules.allowlist]
description = "ignore ssh key and pems"
files = ['''(pem|ppk|env)$''']
paths = ['''(.*)?ssh''']

[[rules]]
description = "Potential bash var"
regex='''(?i)(=)([0-9a-zA-Z-_!{}=]{4,120})'''
tags = ["key", "bash", "API", "generic"]
[[rules.Entropies]]
Min = "3.5"
Max = "4.5"
Group = "1"

[[rules]]
description = "WP-Config"
regex = '''define(.{0,20})?(DB_CHARSET|NONCE_SALT|LOGGED_IN_SALT|AUTH_SALT|NONCE_KEY|DB_HOST|DB_PASSWORD|AUTH_KEY|SECURE_AUTH_KEY|LOGGED_IN_KEY|DB_NAME|DB_USER)(.{0,20})?['|"].{10,120}['|"]'''
tags = ["key", "API", "generic"]

[[rules]]
description = "Generic API Key"
regex = '''[a|A][p|P][i|I][_]?[k|K][e|E][y|Y].*['|\"][0-9a-zA-Z]{32,45}['|\"]'''

[[rules]]
description = "Generic Secret"
regex = '''[s|S][e|E][c|C][r|R][e|E][t|T].*['|\"][0-9a-zA-Z]{32,45}['|\"]'''

[whitelist]
description = "Whitelisted files"
files = [
'''^vendor/(.*?)$''',
'''^node_modules/(.*?)$''',
'''^\.gitleaks.toml$''',
]

[allowlist]
description = "image and html allowlists"
files = [
'''(.*?)(jpg|gif|doc|pdf|bin|svg|html|md)$''',
'''^\.gitleaks.toml$''',
]
61 changes: 61 additions & 0 deletions .releaserc.json
View file
@@ -0,0 +1,61 @@
{
"branches": [
"master", "main",
{ "name": "release", "prerelease": "rc" }
],
"tagFormat": "${version}",
"plugins": [
["@semantic-release/commit-analyzer", {
"preset": "conventionalcommits",
"releaseRules": [
{ "type": "build", "release": "patch" },
{ "type": "docs", "release": "patch"},
{ "type": "ci", "release": "patch" },
{ "type": "feat", "release": "minor" },
{ "type": "fix", "release": "patch" },
{ "type": "perf", "release": "patch" },
{ "type": "refactor", "release": "patch" },
{ "type": "style", "release": "patch"},
{ "type": "test", "release": "patch" },
{ "type": "chore", "release": "patch", "scope": "deps" },
{ "type": "chore", "release": "patch", "scope": "deps-dev" },
{ "revert": true, "release": "patch" },
{ "breaking": true, "release": "major" }
],
"parserOpts": {
"noteKeywords": ["BREAKING CHANGE", "BREAKING CHANGES", "BREAKING"]
}
}],
["@semantic-release/release-notes-generator", {
"preset": "conventionalcommits",
"presetConfig": {
"types": [
{ "type": "build", "section": ":nut_and_bolt: Construção", "hidden": false },
{ "type": "chore", "section": ":package: Atualizações", "hidden": false },
{ "type": "ci", "section": ":repeat: CI", "hidden": false },
{ "type": "docs", "section": ":memo: Documentação", "hidden": false },
{ "type": "feat", "section": ":sparkles: Novidades", "hidden": false },
{ "type": "fix", "section": ":bug: Correções", "hidden": false },
{ "type": "perf", "section": ":fast_forward: Desempenho", "hidden": false },
{ "type": "refactor", "section": ":zap: Refatoração", "hidden": false },
{ "type": "revert", "section": ":flashlight: Reverter", "hidden": false },
{ "type": "style", "section": ":barber: Estilização", "hidden": false },
{ "type": "test", "section": ":white_check_mark: Testes", "hidden": false }
]}
}],
["@semantic-release/exec", {
"verifyReleaseCmd": "echo ${nextRelease.version} > VERSION"
}],
["@semantic-release/github", {
"addReleases": "top"
}],
["@semantic-release/changelog", {
"changelogFile": "CHANGELOG.md",
"changelogTitle": "# Semantic Versioning Changelog"
}],
["@semantic-release/git", {
"assets": ["CHANGELOG.md", "README.md"],
"message": "chore(release): version <%= nextRelease.version %> - <%= new Date().toLocaleDateString('en-US', {year: 'numeric', month: 'short', day: 'numeric', hour: 'numeric', minute: 'numeric' }) %>"
}]
]
}

0 comments on commit 5c184e6

Please sign in to comment.