Detect Slack Workflow Webhook URLs (#989)

gitleaks · Sep 27, 2022 · 177e9f4 · 177e9f4
1 parent e93d8cb
commit 177e9f4
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/cmd/generate/config/rules/slack.go b/cmd/generate/config/rules/slack.go
@@ -36,7 +36,7 @@ func SlackWebHook() *config.Rule {
 		Description: "Slack Webhook",
 		RuleID:      "slack-web-hook",
 		Regex: regexp.MustCompile(
-			`https:\/\/hooks.slack.com\/services\/[A-Za-z0-9+\/]{44,46}`),
+			`https:\/\/hooks.slack.com\/(services|workflows)\/[A-Za-z0-9+\/]{44,46}`),
 		Keywords: []string{
 			"hooks.slack.com",
 		},
@@ -45,6 +45,7 @@ func SlackWebHook() *config.Rule {
 	// validate
 	tps := []string{
 		"https://hooks.slack.com/services/" + secrets.NewSecret(alphaNumeric("44")), // gitleaks:allow
+		"https://hooks.slack.com/workflows/" + secrets.NewSecret(alphaNumeric("44")), // gitleaks:allow
 	}
 	return validate(r, tps, nil)
 }
diff --git a/config/gitleaks.toml b/config/gitleaks.toml
@@ -2537,7 +2537,7 @@ keywords = [
 [[rules]]
 description = "Slack Webhook"
 id = "slack-web-hook"
-regex = '''https:\/\/hooks.slack.com\/services\/[A-Za-z0-9+\/]{44,46}'''
+regex = '''https:\/\/hooks.slack.com\/(services|workflows)\/[A-Za-z0-9+\/]{44,46}'''
 keywords = [
     "hooks.slack.com",
 ]