Merge pull request #8 from AikidoSec/feat/add-settlemint-token-identi…

…fiers add settlemint identifiers
AikidoSec · Dec 9, 2024 · 9623250 · 9623250
2 parents d9caa07 + ec1f252
commit 9623250
Show file tree

Hide file tree

Showing 3 changed files with 84 additions and 0 deletions.
diff --git a/cmd/generate/config/main.go b/cmd/generate/config/main.go
@@ -152,6 +152,9 @@ func main() {
 		rules.SendGridAPIToken(),
 		rules.SendInBlueAPIToken(),
 		rules.SentryAccessToken(),
+		rules.SettlemintApplicationAccessToken(),
+		rules.SettlemintPersonalAccessToken(),
+		rules.SettlemintServiceAccessToken(),
 		rules.ShippoAPIToken(),
 		rules.ShopifyAccessToken(),
 		rules.ShopifyCustomAccessToken(),

diff --git a/cmd/generate/config/rules/settlemint.go b/cmd/generate/config/rules/settlemint.go
@@ -0,0 +1,63 @@
+package rules
+
+import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
+	"github.com/zricethezav/gitleaks/v8/config"
+)
+
+func SettlemintPersonalAccessToken() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "Found a Settlemint Personal Access Token.",
+		RuleID:      "settlemint-personal-access-token",
+		Regex:       generateUniqueTokenRegex(`(sm_pat_)[a-zA-Z0-9]+`, false),
+		Keywords: []string{
+			"sm_pat",
+		},
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("settlemintToken", "sm_pat_"+secrets.NewSecret(alphaNumeric("16"))),
+	}
+	fps := []string{"nonMatchingToken := \"" + secrets.NewSecret(alphaNumeric("16")) + "\""}
+	return validate(r, tps, fps)
+}
+
+func SettlemintApplicationAccessToken() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "Found a Settlemint Application Access Token.",
+		RuleID:      "settlemint-application-access-token",
+		Regex:       generateUniqueTokenRegex(`(sm_aat_)[a-zA-Z0-9]+`, false),
+		Keywords: []string{
+			"sm_aat",
+		},
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("settlemintToken", "sm_aat_"+secrets.NewSecret(alphaNumeric("16"))),
+	}
+	fps := []string{"nonMatchingToken := \"" + secrets.NewSecret(alphaNumeric("16")) + "\""}
+	return validate(r, tps, fps)
+}
+
+func SettlemintServiceAccessToken() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "Found a Settlemint Service Access Token.",
+		RuleID:      "settlemint-service-access-token",
+		Regex:       generateUniqueTokenRegex(`(sm_sat_)[a-zA-Z0-9]+`, false),
+		Keywords: []string{
+			"sm_sat",
+		},
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("settlemintToken", "sm_sat_"+secrets.NewSecret(alphaNumeric("16"))),
+	}
+	fps := []string{"nonMatchingToken := \"" + secrets.NewSecret(alphaNumeric("16")) + "\""}
+	return validate(r, tps, fps)
+}
diff --git a/config/gitleaks.toml b/config/gitleaks.toml
@@ -2541,6 +2541,24 @@ keywords = [
     "sentry",
 ]
 
+[[rules]]
+id = "settlemint-application-access-token"
+description = "Found a Settlemint Application Access Token."
+regex = '''\b((sm_aat_)[a-zA-Z0-9]+)(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+keywords = ["sm_aat"]
+
+[[rules]]
+id = "settlemint-personal-access-token"
+description = "Found a Settlemint Personal Access Token."
+regex = '''\b((sm_pat_)[a-zA-Z0-9]+)(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+keywords = ["sm_pat"]
+
+[[rules]]
+id = "settlemint-service-access-token"
+description = "Found a Settlemint Service Access Token."
+regex = '''\b((sm_sat_)[a-zA-Z0-9]+)(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+keywords = ["sm_sat"]
+
 [[rules]]
 id = "shippo-api-token"
 description = "Discovered a Shippo API token, potentially compromising shipping services and customer order data."