diff --git a/generic/secrets/gitleaks/generic-api-key.go b/generic/secrets/gitleaks/generic-api-key.go
deleted file mode 100644
index 35e98e0fe0..0000000000
--- a/generic/secrets/gitleaks/generic-api-key.go
+++ /dev/null
@@ -1,15 +0,0 @@
-// ruleid: generic-api-key
-generic_api_token = "CLOJARS_34bf0e88955ff5a1c328d6a7491acc4f48e865a7b8dd4d70a70749037443"
-// ruleid: generic-api-key
-generic_api_token = "Zf3D0LXCM3EIMbgJpUNnkRtOfOueHznB"
-// ruleid: generic-api-key
-"client_id" : "0afae57f3ccfd9d7f5767067bc48b30f719e271ba470488056e37ab35d4b6506"
-// ruleid: generic-api-key
-"client_secret" : "6da89121079f83b2eb6acccf8219ea982c3d79bccc3e9c6a85856480661f8fde"
-
-// ok: generic-api-key
-newPassword=this.mPassword
-// ok: generic-api-key
-client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.client-vpn-endpoint.id
-// ok: generic-api-key
-password combination. R5: Regulatory--21
\ No newline at end of file
diff --git a/generic/secrets/gitleaks/generic-api-key.txt b/generic/secrets/gitleaks/generic-api-key.txt
new file mode 100644
index 0000000000..6df0fc05f4
--- /dev/null
+++ b/generic/secrets/gitleaks/generic-api-key.txt
@@ -0,0 +1,142 @@
+// ruleid: generic-api-key
+generic_api_token = "CLOJARS_34bf0e88955ff5a1c328d6a7491acc4f48e865a7b8dd4d70a70749037443"
+// ruleid: generic-api-key
+generic_api_token = "Zf3D0LXCM3EIMbgJpUNnkRtOfOueHznB"
+// ruleid: generic-api-key
+"client_id" : "0afae57f3ccfd9d7f5767067bc48b30f719e271ba470488056e37ab35d4b6506"
+// ruleid: generic-api-key
+"client_secret" : "6da89121079f83b2eb6acccf8219ea982c3d79bccc3e9c6a85856480661f8fde"
+
+// ok: generic-api-key
+newPassword=this.mPassword
+// ok: generic-api-key
+client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.client-vpn-endpoint.id
+// ok: generic-api-key
+password combination. R5: Regulatory--21
+
+/ ok: generic-api-key
+newPassword=this.mPassword
+// ok: generic-api-key
+client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.client-vpn-endpoint.id
+// ok: generic-api-key
+password combination. R5: Regulatory--21
+
+// ok: generic-api-key
+SLACK_BOT_TOKEN=xoxb-0000000000-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+
+// ok: generic-api-key
+{
+ "oauth": {
+ "clientId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com",
+ "clientSecret": "xxxxxxxxxxxxxxxxxxxxxxxx",
+ "callback": "http://localhost:8080/oauth2callback"
+ },
+ "port": 8081
+}
+
+// todook: generic-api-key
+github.com/Azure/go-autorest/autorest/azure/auth v0.5.11 h1:P6bYXFoao05z5uhOQzbC3Qd8JqF3jUoocoTeIxkp2cA=
+
+// ok: generic-api-key
+
+
+// ok: generic-api-key
+export const NATIVE_TOKEN_ADDRESS = "0xeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee";
+
+// ok: generic-api-key
+tokenId: erc1155.tokenId,
+
+ "pubkey": "TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA",
+// ok: generic-api-key
+'@vue/devtools-api': 'vue-devtools-stub'
+
+// ok: generic-api-key
+
+
+// ok: generic-api-key
+IMAGER_S3_KEY=AWS_S3_KEY
+
+// ok: generic-api-key
+'@vue/devtools-api': 'vue-devtools-stub'
+
+
+// ok
+x.MaxKey = mongodb.MaxKey;
+
+
+// ok
+User.findOne({ 'token': req.query.token }).exec(function(err, user)
+
+// ok
+```
+SLACK_VERIFICATION_TOKEN=xxxxxxxxxxxxxxxxxxx
+SLACK_BOT_TOKEN=xoxb-0000000000-example
+SLACK_WEBHOOK_URL=https://hooks.slack.com/services/xxxxxxxxx/yyyyyyyyy/zzzzzzzzzzzzzzzzzzzzzzzz
+```
+
+// ok: generic-api-key
+ stripe: {
+ host: 'api.stripe.com',
+ secretKey: 'sk_test_XXXXXXXXXXXXXXXXXXXXXX',
+ },
+
+// ok: generic-api-key
+qs: {
+ 'api-version': '2017-11-11-Preview'
+},
+
+// ok: generic-api-key
+GOOGLE_SECRET=
+IMAGER_S3_KEY=AWS_S3_KEY
+
+
+// ok: generic-api-key
+export const stackInputsV1: StackInputs = {
+ gitHubAppWebHookSecret: 'arn:aws:secretsmanager:us-west-2:12321321:secret:fosoodsaeGitHubAppWebHookSecret-21321321',
+
+}
+
+// ok: generic-api-key
+authors: [someSuperC00lauthor]
+
+// ok: generic-api-key
+key = axis._maxTicksKey,
+// ok: generic-api-key
+"capitalization": 607352.81238977,
+// ok: generic-api-key
+tokenId: erc1155.tokenId
+// ok: generic-api-key
+key: "pricing.FAQ.link"
+// ok: generic-api-key
+tokenId: erc1155.tokenId,
+
+// ok: generic-api-key
+SHOPIFY_API_KEY=
+SHOPIFY_API_SECRET=
+SHOPIFY_API_SCOPES=
+SHOPIFY_APP_URL= # Ensure it starts with `https://`
+SHOPIFY_API_VERSION="2023-01"
+MONGO_URL=
+ENCRYPTION_STRING= # Required
+PORT=
+NPM_CONFIG_FORCE=true #Set to true if deploying to a server, so it runs `npm i --force` instead of `npm i`
+
+// ok: generic-api-key
+"pubkey": "asdsadsadsadsadsadsadsawAJbNbGKPFXCWuBvf9Ss623VQ5DA",
+
+// ok: generic-api-key
+# Installation URL:
+# https://ngrok-url.io/auth?shop=storename-myshopify.com;
+
+// ok: generic-api-key
+MAX_API_ISSUE_PAGE_SIZE = MAX_ISSUE_PAGE_SIZE
+
+// ok: generic-api-key
+clientToken: "pub4306832bdc5f2b8b980c492ec2c11ef3",
+// ok: generic-api-key
+some person — view contributions
+// ok: generic-api-key
+keys: 'privkey1.json',
+// ok: generic-api-key
+"Keywords": "asdsadsadsaUSAdusadusadsa",
\ No newline at end of file
diff --git a/generic/secrets/gitleaks/generic-api-key.yaml b/generic/secrets/gitleaks/generic-api-key.yaml
index bb8905df75..d4fff564c9 100644
--- a/generic/secrets/gitleaks/generic-api-key.yaml
+++ b/generic/secrets/gitleaks/generic-api-key.yaml
@@ -1,6 +1,6 @@
rules:
- id: generic-api-key
- message: A gitleaks generic-api-key was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
+ message: A gitleaks generic-api-key was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). This rule can introduce a lot of false positives, it is not recommended to be used in PR comments.
languages:
- regex
severity: INFO
@@ -22,9 +22,35 @@ rules:
- vuln
technology:
- gitleaks
+ paths:
+ exclude:
+ - "*go.sum"
+ - "*package.json"
+ - "*package-lock.json"
+ - "*bundle.js"
+ - "*pnpm-lock*"
+ - "*Podfile.lock"
+ - "*/openssl/*.h"
+ - "*.xcscmblueprint"
patterns:
- - pattern-regex: (?i)(?:key|api|token|secret|client|passwd|password|auth|access)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9a-z\-_.=]{10,150})(?:['|\"|\n|\r|\s|\x60|;]|$)
+ # This will likely remove some true positives, but this rule is overly noisy
+ # Added (?-s) to prevent multi-lines with . which was causing a lot of FPs
+ # added negative lookaheads to remove:
+ # [a-z]+\.[a-zA-Z]+ (this.valueValue)
+ # .*
+ # \d{4}-\d{2}-\d{2} (2017/03/12)
+ # [a-z]+-[a-z]+.*. abc123-abc123
+ # :*(?!("|'))[0-9A-Za-z]+\.[0-9A-Za-z]+, : 0123.0312abc,
+ # [A-Z]+_[A-Z]+_ VALUE_VALUE_
+ - pattern-regex: (?i)(?-s)(?:key|api|token|secret|client|passwd|password|auth|access).(?:[0-9a-z\-_\t
+ .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:).(?:'|\"|\s|=|\x60){0,5}(?!([a-z]+\.[a-zA-Z]+)|.*(\d{4}-\d{2}-\d{2}|[a-z]+-[a-z]+.*)|:*(?!("|'))[0-9A-Za-z]+\.[0-9A-Za-z]+,|[A-Z]+_[A-Z]+_)([0-9a-z\-_.=]{10,150})(?:['|\"|\n|\r|\s|\x60|;]|$)
- metavariable-analysis:
- metavariable: $1
analyzer: entropy
- - focus-metavariable: $1
+ metavariable: $4
+ - focus-metavariable: $4
+ # These remove test examples in addition to public keys, author= etc.
+ - pattern-not-regex: (?i)publickeytoken=.*
+ - pattern-not-regex: (?i)(?:"|')pub
+ - pattern-not-regex: pubkey.*
+ - pattern-not-regex: ((token-drop|asset_key)("|'):.*0x)
+ - pattern-not-regex: (?i)(keywords|xxxx|eeeeeeee|0000|\*\*\*|example|test|public.*key|\.json|author=|author("|'))
\ No newline at end of file