Merge pull request #3200 from returntocorp/merge-gitleaks-to-develop

Merge latest Gitleaks rules

generic/secrets/gitleaks/age-secret-key.yaml

@@ -1,6 +1,6 @@
 rules:
 - id: age-secret-key
-  message: A gitleaks age secret key was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
+  message: A gitleaks age-secret-key was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
   languages:
     - regex
   severity: INFO

generic/secrets/gitleaks/huggingface-access-token.yaml

@@ -16,7 +16,7 @@ rules:
       owasp:
         - A07:2021 - Identification and Authentication Failures
       references:
-        - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_CheatSheet.html
+        - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
       source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
       subcategory:
         - vuln

generic/secrets/gitleaks/huggingface-organization-api-token.yaml

@@ -16,7 +16,7 @@ rules:
       owasp:
         - A07:2021 - Identification and Authentication Failures
       references:
-        - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_CheatSheet.html
+        - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
       source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
       subcategory:
         - vuln

generic/secrets/gitleaks/infracost-api-token.yaml

@@ -16,7 +16,7 @@ rules:
       owasp:
         - A07:2021 - Identification and Authentication Failures
       references:
-        - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_CheatSheet.html
+        - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
       source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
       subcategory:
         - vuln

generic/secrets/gitleaks/jwt-base64.yaml

@@ -16,7 +16,7 @@ rules:
       owasp:
         - A07:2021 - Identification and Authentication Failures
       references:
-        - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_CheatSheet.html
+        - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
       source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
       subcategory:
         - vuln

generic/secrets/gitleaks/scalingo-api-token.yaml

@@ -16,7 +16,7 @@ rules:
       owasp:
         - A07:2021 - Identification and Authentication Failures
       references:
-        - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_CheatSheet.html
+        - https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
       source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
       subcategory:
         - vuln

generic/secrets/gitleaks/snyk-api-token.txt

@@ -1,16 +1,18 @@
 // ruleid: snyk-api-token
 const SNYK_TOKEN = "12345678-ABCD-ABCD-ABCD-1234567890AB"
-// ruleid: snyk-api-token 
-const SNYK_KEY = "12345678-ABCD-ABCD-ABCD-1234567890AB" 
 // ruleid: snyk-api-token
-const SNYK = "12345678-ABCD-ABCD-ABCD-1234567890AB" 
+const SNYK_KEY = "12345678-ABCD-ABCD-ABCD-1234567890AB"
 // ruleid: snyk-api-token
-SNYK = "12345678-ABCD-ABCD-ABCD-1234567890AB" 
+SNYK_TOKEN := "12345678-ABCD-ABCD-ABCD-1234567890AB"
 // ruleid: snyk-api-token
-SNYK_TOKEN := "12345678-ABCD-ABCD-ABCD-1234567890AB" 
+SNYK_TOKEN ::= "12345678-ABCD-ABCD-ABCD-1234567890AB"
 // ruleid: snyk-api-token
-SNYK_TOKEN ::= "12345678-ABCD-ABCD-ABCD-1234567890AB" 
+SNYK_TOKEN :::= "12345678-ABCD-ABCD-ABCD-1234567890AB"
 // ruleid: snyk-api-token
-SNYK_TOKEN :::= "12345678-ABCD-ABCD-ABCD-1234567890AB" 
+SNYK_TOKEN ?= "12345678-ABCD-ABCD-ABCD-1234567890AB"
 // ruleid: snyk-api-token
-SNYK_TOKEN ?= "12345678-ABCD-ABCD-ABCD-1234567890AB"
+SNYK_API_KEY ?= "12345678-ABCD-ABCD-ABCD-1234567890AB"
+// ruleid: snyk-api-token
+SNYK_API_TOKEN = "12345678-ABCD-ABCD-ABCD-1234567890AB"
+// ruleid: snyk-api-token
+SNYK_OAUTH_TOKEN = "12345678-ABCD-ABCD-ABCD-1234567890AB"

generic/secrets/gitleaks/snyk-api-token.yaml

@@ -23,4 +23,4 @@ rules:
       technology:
         - gitleaks
   patterns:
-    - pattern-regex: (?i)(?:snyk)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)
+    - pattern-regex: (?i)(?:snyk_token|snyk_key|snyk_api_token|snyk_api_key|snyk_oauth_token)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)

generic/secrets/gitleaks/stripe-access-token.yaml

@@ -23,4 +23,4 @@ rules:
       technology:
         - gitleaks
   patterns:
-    - pattern-regex: (?i)(sk|pk)_(test|live)_[0-9a-z]{10,32}
+    - pattern-regex: (?i)\b((sk|pk)_(test|live)_[0-9a-z]{10,32})(?:['|\"|\n|\r|\s|\x60|;]|$)