Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make case insensitivity optional for generateSemiGenericRegex and generateUniqueTokenRegex #1215

Merged
merged 1 commit into from Aug 24, 2023
Merged

Make case insensitivity optional for generateSemiGenericRegex and generateUniqueTokenRegex #1215

merged 1 commit into from Aug 24, 2023

Conversation

rgmz
Copy link
Contributor

@rgmz rgmz commented Jun 29, 2023
edited

Description:

This makes it possible to toggle whether generateSemiGenericRegex and generateUniqueTokenRegex inserts the case-insensitivity flag. There should be no functional or config changes introduced by this PR.

Context: #1204 (comment)

Checklist:

  • Does your PR pass tests?
  • Have you written new tests for your changes?
  • Have you lint your code locally prior to submission?

@rgmz rgmz mentioned this pull request Jun 29, 2023
Merged
3 tasks
@rgmz
Copy link
Contributor Author

rgmz commented Jun 30, 2023
edited

For generateSemiGenericRegex it might be useful to make the identifiers and secretRegex independently case-insensitive.

e.g.,
Pattern

# simplified pattern
(?i:snyk.+?)=(abc123)

Detections

# Match the identifier regardless of case
SNYK_TOKEN=abc123
snyk_token=abc123
# Don't match the secret if it's uppercase
SNYK_TOKEN=ABC123
snyk_token=ABC123

https://pkg.go.dev/regexp/syntax

@rgmz rgmz force-pushed the feat/toggle-case-insensitivity branch 3 times, most recently from 13007aa to c64e57b Compare August 20, 2023 00:10
@zricethezav
Copy link
Collaborator

@rgmz I agree with these changes -- they're simple enough and it's a drop in addition that might help folks tweak their rules a little better. At first I thought supporting this might be more work since we have a keyword check that is case insensitive since we're converting the values ToLower, but, after reviewing

gitleaks/detect/detect.go

Line 260 in 3cbcda2

matchIndices := rule.Regex.FindAllStringIndex(fragment.Raw, -1)
it looks like fragment.Raw is not converted ToLower.

If you can resolve the merge conflicts, I'm happy to merge this :)

@rgmz rgmz force-pushed the feat/toggle-case-insensitivity branch from c64e57b to 034272f Compare August 24, 2023 15:33
@rgmz rgmz force-pushed the feat/toggle-case-insensitivity branch from 034272f to 08c6d3c Compare August 24, 2023 15:37
@rgmz
Copy link
Contributor Author

rgmz commented Aug 24, 2023

@zricethezav done.

@zricethezav zricethezav merged commit 18283bb into gitleaks:master Aug 24, 2023
1 check passed
quotengrote pushed a commit to quotengrote/miniflux-filter that referenced this pull request Jan 26, 2024
@quotengrote
chore(deps): update zricethezav/gitleaks docker tag to v8.18.1 (#13)
6976f6f 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [zricethezav/gitleaks](https://github.com/gitleaks/gitleaks) | patch | `v8.18.0` -> `v8.18.1` |

---

### Release Notes

<details>
<summary>gitleaks/gitleaks (zricethezav/gitleaks)</summary>

### [`v8.18.1`](https://github.com/gitleaks/gitleaks/releases/tag/v8.18.1)

[Compare Source](gitleaks/gitleaks@v8.18.0...v8.18.1)

#### Changelog

-   [`dab7d02`](gitleaks/gitleaks@dab7d02) dont crash on 100gb files pls ([#&#8203;1292](gitleaks/gitleaks#1292))
-   [`e63b657`](gitleaks/gitleaks@e63b657) remove secretgroup from default config ([#&#8203;1288](gitleaks/gitleaks#1288))
-   [`20fcf50`](gitleaks/gitleaks@20fcf50) feat: Hashicorp Terraform fields for password ([#&#8203;1237](gitleaks/gitleaks#1237))
-   [`b496677`](gitleaks/gitleaks@b496677) perf: avoid allocations with `(*regexp.Regexp).MatchString` ([#&#8203;1283](gitleaks/gitleaks#1283))
-   [`a3ab4e8`](gitleaks/gitleaks@a3ab4e8) refactor: more explicit rules ([#&#8203;1280](gitleaks/gitleaks#1280))
-   [`bd9a25a`](gitleaks/gitleaks@bd9a25a) bugfix: reduce false positives for stripe tokens by using word boundaries in regex ([#&#8203;1278](gitleaks/gitleaks#1278))
-   [`6d0d8b5`](gitleaks/gitleaks@6d0d8b5) add Infracost API rule ([#&#8203;1273](gitleaks/gitleaks#1273))
-   [`2959fc0`](gitleaks/gitleaks@2959fc0) refactor: simplify test asserts ([#&#8203;1271](gitleaks/gitleaks#1271))
-   [`d37b38f`](gitleaks/gitleaks@d37b38f) Update Makefile
-   [`14b1ca9`](gitleaks/gitleaks@14b1ca9) refactor: change detect tests to t.Fatal instead of log.Fatal ([#&#8203;1270](gitleaks/gitleaks#1270))
-   [`d9f86d6`](gitleaks/gitleaks@d9f86d6) feat(rules): Add detection for Scalingo API Token ([#&#8203;1262](gitleaks/gitleaks#1262))
-   [`ed34259`](gitleaks/gitleaks@ed34259) feat(jwt): detect base64-encoded tokens ([#&#8203;1256](gitleaks/gitleaks#1256))
-   [`0d5e46f`](gitleaks/gitleaks@0d5e46f) feat: add --ignore-gitleaks-allow cmd flag ([#&#8203;1260](gitleaks/gitleaks#1260))
-   [`a82ac29`](gitleaks/gitleaks@a82ac29) switch out libs ([#&#8203;1259](gitleaks/gitleaks#1259))
-   [`0b84afa`](gitleaks/gitleaks@0b84afa) fix: no-color option should also affect zerolog output ([#&#8203;1242](gitleaks/gitleaks#1242))
-   [`8976539`](gitleaks/gitleaks@8976539) Fixed lineEnd indexing if the match is the whole line ([#&#8203;1223](gitleaks/gitleaks#1223))
-   [`30c6117`](gitleaks/gitleaks@30c6117) feat: Add optional redaction value, default 100 ([#&#8203;1229](gitleaks/gitleaks#1229))
-   [`e9135cf`](gitleaks/gitleaks@e9135cf) fix(jwt): longer segment lengths ([#&#8203;1214](gitleaks/gitleaks#1214))
-   [`f65f915`](gitleaks/gitleaks@f65f915) Added yarn.lock file to default allowlist paths ([#&#8203;1258](gitleaks/gitleaks#1258))
-   [`abfd0f3`](gitleaks/gitleaks@abfd0f3) Update README.md
-   [`18283bb`](gitleaks/gitleaks@18283bb) feat(rules): make case insensitivity optional ([#&#8203;1215](gitleaks/gitleaks#1215))
-   [`9fb36b2`](gitleaks/gitleaks@9fb36b2) feat(rules): detect Hugging Face access tokens ([#&#8203;1204](gitleaks/gitleaks#1204))
-   [`db4bc0f`](gitleaks/gitleaks@db4bc0f) Resolve [#&#8203;1170](gitleaks/gitleaks#1170) - Enable selection of a single rule  ([#&#8203;1183](gitleaks/gitleaks#1183))
-   [`3cbcda2`](gitleaks/gitleaks@3cbcda2) Update authress.go to include alternate form account dash (-) ([#&#8203;1224](gitleaks/gitleaks#1224))
-   [`46c6272`](gitleaks/gitleaks@46c6272) refactor: remove unnecessary removing temp files in tests ([#&#8203;1255](gitleaks/gitleaks#1255))
-   [`963a697`](gitleaks/gitleaks@963a697) refactor: use os.ReadFile instead of os.Open + io.ReadAll ([#&#8203;1254](gitleaks/gitleaks#1254))
-   [`163ec21`](gitleaks/gitleaks@163ec21) fix(sumologic): improve patterns ([#&#8203;1218](gitleaks/gitleaks#1218))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTIuMSIsInVwZGF0ZWRJblZlciI6IjM3LjE1Mi4xIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=-->

Reviewed-on: https://git.mgrote.net/container-images/miniflux-filter/pulls/13
Co-authored-by: Renovate Bot <renovate@mgrote.net>
Co-committed-by: Renovate Bot <renovate@mgrote.net>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Blissful304 Blissful304 Blissful304 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@rgmz @zricethezav @Blissful304