Fix rule for private keys (gitleaks#1072)

* refactor: fix rule for private keys Wouldn't match old keys which have been created with the BLOCK statement at the beginning and end of the key. * fix: rule for private keys * fix: missing comma Co-authored-by: Fabian F Groß <fabian.f.gross@deutschebahn.com>
AikidoSec · Jan 12, 2023 · e002920 · e002920
1 parent d805fb9
commit e002920
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/cmd/generate/config/rules/privatekey.go b/cmd/generate/config/rules/privatekey.go
@@ -11,7 +11,7 @@ func PrivateKey() *config.Rule {
 	r := config.Rule{
 		Description: "Private Key",
 		RuleID:      "private-key",
-		Regex:       regexp.MustCompile(`(?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY( BLOCK)?-----[\s\S-]*KEY----`),
+		Regex:       regexp.MustCompile(`(?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY( BLOCK)?-----[\s\S-]*KEY( BLOCK)?----`),
 		Keywords:    []string{"-----BEGIN"},
 	}
 
@@ -23,6 +23,9 @@ anything
 abcdefghijklmnopqrstuvwxyz
 -----END RSA PRIVATE KEY-----
 `,
+		`-----BEGIN PRIVATE KEY BLOCK-----
+anything
+-----END PRIVATE KEY BLOCK-----`,
 	} // gitleaks:allow
 	return validate(r, tps, nil)
 }
diff --git a/config/gitleaks.toml b/config/gitleaks.toml
@@ -2411,7 +2411,7 @@ keywords = [
 [[rules]]
 description = "Private Key"
 id = "private-key"
-regex = '''(?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY( BLOCK)?-----[\s\S-]*KEY----'''
+regex = '''(?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY( BLOCK)?-----[\s\S-]*KEY( BLOCK)?----'''
 keywords = [
     "-----begin",
 ]