Add missing GitLab token patterns (gitleaks#1077)

AikidoSec · Jan 22, 2023 · afdccad · afdccad
1 parent e002920
commit afdccad
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 2 deletions.
diff --git a/cmd/generate/config/main.go b/cmd/generate/config/main.go
@@ -77,7 +77,9 @@ func main() {
 	configRules = append(configRules, rules.GitHubOauth())
 	configRules = append(configRules, rules.GitHubApp())
 	configRules = append(configRules, rules.GitHubRefresh())
-	configRules = append(configRules, rules.Gitlab())
+	configRules = append(configRules, rules.GitlabPat())
+	configRules = append(configRules, rules.GitlabPipelineTriggerToken())
+	configRules = append(configRules, rules.GitlabRunnerRegistrationToken())
 	configRules = append(configRules, rules.GitterAccessToken())
 	configRules = append(configRules, rules.GrafanaApiKey())
 	configRules = append(configRules, rules.GrafanaCloudApiToken())

diff --git a/cmd/generate/config/rules/gitlab.go b/cmd/generate/config/rules/gitlab.go
@@ -7,7 +7,7 @@ import (
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
-func Gitlab() *config.Rule {
+func GitlabPat() *config.Rule {
 	// define rule
 	r := config.Rule{
 		Description: "GitLab Personal Access Token",
@@ -22,3 +22,35 @@ func Gitlab() *config.Rule {
 	}
 	return validate(r, tps, nil)
 }
+
+func GitlabPipelineTriggerToken() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "GitLab Pipeline Trigger Token",
+		RuleID:      "gitlab-ptt",
+		Regex:       regexp.MustCompile(`glptt-[0-9a-f]{40}`),
+		Keywords:    []string{"glptt-"},
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("gitlab", "glptt-"+secrets.NewSecret(hex("40"))),
+	}
+	return validate(r, tps, nil)
+}
+
+func GitlabRunnerRegistrationToken() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "GitLab Runner Registration Token",
+		RuleID:      "gitlab-rrt",
+		Regex:       regexp.MustCompile(`GR1348941[0-9a-zA-Z\-\_]{20}`),
+		Keywords:    []string{"GR1348941"},
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("gitlab", "GR1348941"+secrets.NewSecret(alphaNumeric("20"))),
+	}
+	return validate(r, tps, nil)
+}
diff --git a/config/gitleaks.toml b/config/gitleaks.toml
@@ -2016,6 +2016,22 @@ keywords = [
     "glpat-",
 ]
 
+[[rules]]
+description = "GitLab Pipeline Trigger Token"
+id = "gitlab-ptt"
+regex = '''glptt-[0-9a-f]{40}'''
+keywords = [
+    "glptt-",
+]
+
+[[rules]]
+description = "GitLab Runner Registration Token"
+id = "gitlab-rrt"
+regex = '''GR1348941[0-9a-zA-Z\-\_]{20}'''
+keywords = [
+    "gr1348941",
+]
+
 [[rules]]
 description = "Gitter Access Token"
 id = "gitter-access-token"