feat: add JFrog API and Identity keys (gitleaks#1233)

* first commit * feat: add JFrog API and Identity key
AikidoSec · Jul 17, 2023 · f0dcd4d · f0dcd4d
1 parent 06db3b9
commit f0dcd4d
Show file tree

Hide file tree

Showing 3 changed files with 87 additions and 0 deletions.
diff --git a/cmd/generate/config/main.go b/cmd/generate/config/main.go
@@ -90,6 +90,8 @@ func main() {
 	configRules = append(configRules, rules.Heroku())
 	configRules = append(configRules, rules.HubSpot())
 	configRules = append(configRules, rules.Intercom())
+	configRules = append(configRules, rules.JFrogAPIKey())
+	configRules = append(configRules, rules.JFrogIdentityToken())
 	configRules = append(configRules, rules.JWT())
 	configRules = append(configRules, rules.KrakenAccessToken())
 	configRules = append(configRules, rules.KucoinAccessToken())

diff --git a/cmd/generate/config/rules/jfrog.go b/cmd/generate/config/rules/jfrog.go
@@ -0,0 +1,67 @@
+package rules
+
+import (
+	"fmt"
+
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
+	"github.com/zricethezav/gitleaks/v8/config"
+)
+
+func JFrogAPIKey() *config.Rule {
+	keywords := []string{"jfrog", "artifactory", "bintray", "xray"}
+
+	// Define Rule
+	r := config.Rule{
+		// Human readable description of the rule
+		Description: "JFrog API Key",
+
+		// Unique ID for the rule
+		RuleID: "jfrog-api-key",
+
+		// Regex capture group for the actual secret
+		SecretGroup: 1,
+
+		// Regex used for detecting secrets. See regex section below for more details
+		Regex: generateSemiGenericRegex(keywords, alphaNumeric("73")),
+
+		// Keywords used for string matching on fragments (think of this as a prefilter)
+		Keywords: keywords,
+	}
+
+	// validate
+	tps := []string{
+		fmt.Sprintf("--set imagePullSecretJfrog.password=%s", secrets.NewSecret(alphaNumeric("73"))),
+	}
+	return validate(r, tps, nil)
+}
+
+func JFrogIdentityToken() *config.Rule {
+	keywords := []string{"jfrog", "artifactory", "bintray", "xray"}
+
+	// Define Rule
+	r := config.Rule{
+		// Human readable description of the rule
+		Description: "JFrog Identity Token",
+
+		// Unique ID for the rule
+		RuleID: "jfrog-identity-token",
+
+		// Regex capture group for the actual secret
+		SecretGroup: 1,
+
+		// Regex used for detecting secrets. See regex section below for more details
+		Regex: generateSemiGenericRegex(keywords, alphaNumeric("64")),
+
+		// Keywords used for string matching on fragments (think of this as a prefilter)
+		Keywords: keywords,
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("jfrog", secrets.NewSecret(alphaNumeric("64"))),
+		generateSampleSecret("artifactory", secrets.NewSecret(alphaNumeric("64"))),
+		generateSampleSecret("bintray", secrets.NewSecret(alphaNumeric("64"))),
+		generateSampleSecret("xray", secrets.NewSecret(alphaNumeric("64"))),
+	}
+	return validate(r, tps, nil)
+}
diff --git a/config/gitleaks.toml b/config/gitleaks.toml
@@ -2131,6 +2131,24 @@ keywords = [
     "intercom",
 ]
 
+[[rules]]
+description = "JFrog API Key"
+id = "jfrog-api-key"
+regex = '''(?i)(?:jfrog|artifactory|bintray|xray)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{73})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    "jfrog","artifactory","bintray","xray",
+]
+
+[[rules]]
+description = "JFrog Identity Token"
+id = "jfrog-identity-token"
+regex = '''(?i)(?:jfrog|artifactory|bintray|xray)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    "jfrog","artifactory","bintray","xray",
+]
+
 [[rules]]
 description = "JSON Web Token"
 id = "jwt"