fix(sumologic): improve patterns (#1218)

This fixes #1149.
gitleaks · Aug 23, 2023 · 163ec21 · 163ec21
1 parent 4526655
commit 163ec21
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 7 deletions.
diff --git a/cmd/generate/config/rules/sumologic.go b/cmd/generate/config/rules/sumologic.go
@@ -1,6 +1,8 @@
 package rules
 
 import (
+	"regexp"
+
 	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
 	"github.com/zricethezav/gitleaks/v8/config"
 )
@@ -10,19 +12,42 @@ func SumoLogicAccessID() *config.Rule {
 	r := config.Rule{
 		RuleID:      "sumologic-access-id",
 		Description: "SumoLogic Access ID",
+		// TODO: Make 'su' case-sensitive.
 		Regex: generateSemiGenericRegex([]string{"sumo"},
-			alphaNumeric("14")),
+			"su[a-zA-Z0-9]{12}"),
 		SecretGroup: 1,
+		Entropy:     3,
 		Keywords: []string{
 			"sumo",
 		},
+		Allowlist: config.Allowlist{
+			RegexTarget: "line",
+			Regexes: []*regexp.Regexp{
+				regexp.MustCompile(`sumOf`),
+			},
+		},
 	}
 
 	// validate
 	tps := []string{
-		generateSampleSecret("sumo", secrets.NewSecret(alphaNumeric("14"))),
+		`sumologic.accessId = "su9OL59biWiJu7"`,      // gitleaks:allow
+		`sumologic_access_id = "sug5XpdpaoxtOH"`,     // gitleaks:allow
+		`export SUMOLOGIC_ACCESSID="suDbJw97o9WVo0"`, // gitleaks:allow
+		`SUMO_ACCESS_ID = "suGyI5imvADdvU"`,          // gitleaks:allow
+		generateSampleSecret("sumo", "su"+secrets.NewSecret(alphaNumeric("12"))),
 	}
-	return validate(r, tps, nil)
+	fps := []string{
+		`- (NSNumber *)sumOfProperty:(NSString *)property;`,
+		`- (NSInteger)sumOfValuesInRange:(NSRange)range;`,
+		`+ (unsigned char)byteChecksumOfData:(id)arg1;`,
+		`sumOfExposures = sumOfExposures;`, // gitleaks:allow
+		`.si-sumologic.si--color::before { color: #000099; }`,
+		`/// Based on the SumoLogic keyword syntax:`,
+		`sumologic_access_id         = ""`,
+		`SUMOLOGIC_ACCESSID: ${SUMOLOGIC_ACCESSID}`,
+		`export SUMOLOGIC_ACCESSID=XXXXXXXXXXXXXX`, // gitleaks:allow
+	}
+	return validate(r, tps, fps)
 }
 
 func SumoLogicAccessToken() *config.Rule {
@@ -33,14 +58,27 @@ func SumoLogicAccessToken() *config.Rule {
 		Regex: generateSemiGenericRegex([]string{"sumo"},
 			alphaNumeric("64")),
 		SecretGroup: 1,
+		Entropy:     3,
 		Keywords: []string{
 			"sumo",
 		},
 	}
 
 	// validate
 	tps := []string{
+		`export SUMOLOGIC_ACCESSKEY="3HSa1hQfz6BYzlxf7Yb1WKG3Hyovm56LMFChV2y9LgkRipsXCujcLb5ej3oQUJlx"`, // gitleaks:allow
+		`SUMO_ACCESS_KEY: gxq3rJQkS6qovOg9UY2Q70iH1jFZx0WBrrsiAYv4XHodogAwTKyLzvFK4neRN8Dk`,             // gitleaks:allow
+		`SUMOLOGIC_ACCESSKEY: 9RITWb3I3kAnSyUolcVJq4gwM17JRnQK8ugRaixFfxkdSl8ys17ZtEL3LotESKB7`,         // gitleaks:allow
+		`sumo_access_key = "3Kof2VffNQ0QgYIhXUPJosVlCaQKm2hfpWE6F1fT9YGY74blQBIPsrkCcf1TwKE5"`,          // gitleaks:allow
 		generateSampleSecret("sumo", secrets.NewSecret(alphaNumeric("64"))),
 	}
-	return validate(r, tps, nil)
+	fps := []string{
+		`#   SUMO_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx`, // gitleaks:allow
+		"-e SUMO_ACCESS_KEY=`etcdctl get /sumologic_secret`",
+		`SUMO_ACCESS_KEY={SumoAccessKey}`,
+		`SUMO_ACCESS_KEY=${SUMO_ACCESS_KEY:=$2}`,
+		`sumo_access_key   = "<SUMOLOGIC ACCESS KEY>"`,
+		`SUMO_ACCESS_KEY: AbCeFG123`,
+	}
+	return validate(r, tps, fps)
 }
diff --git a/config/gitleaks.toml b/config/gitleaks.toml
@@ -2414,7 +2414,6 @@ id = "plaid-client-id"
 description = "Plaid Client ID"
 regex = '''(?i)(?:plaid)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
 secretGroup = 1
-entropy = 3.5
 keywords = [
     "plaid",
 ]
@@ -2424,7 +2423,6 @@ id = "plaid-secret-key"
 description = "Plaid Secret key"
 regex = '''(?i)(?:plaid)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
 secretGroup = 1
-entropy = 3.5
 keywords = [
     "plaid",
 ]
@@ -2739,17 +2737,24 @@ keywords = [
 [[rules]]
 id = "sumologic-access-id"
 description = "SumoLogic Access ID"
-regex = '''(?i)(?:sumo)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{14})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+regex = '''(?i)(?:sumo)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(su[a-zA-Z0-9]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
 secretGroup = 1
+entropy = 3
 keywords = [
     "sumo",
 ]
+[rules.allowlist]
+regexTarget = "line"
+regexes = [
+    "sumOf",
+]
 
 [[rules]]
 id = "sumologic-access-token"
 description = "SumoLogic Access Token"
 regex = '''(?i)(?:sumo)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
 secretGroup = 1
+entropy = 3
 keywords = [
     "sumo",
 ]