diff --git a/cmd/generate/config/main.go b/cmd/generate/config/main.go index a93ef246a..02f1bfa8b 100644 --- a/cmd/generate/config/main.go +++ b/cmd/generate/config/main.go @@ -90,6 +90,8 @@ func main() { configRules = append(configRules, rules.Heroku()) configRules = append(configRules, rules.HubSpot()) configRules = append(configRules, rules.Intercom()) + configRules = append(configRules, rules.JFrogAPIKey()) + configRules = append(configRules, rules.JFrogIdentityToken()) configRules = append(configRules, rules.JWT()) configRules = append(configRules, rules.KrakenAccessToken()) configRules = append(configRules, rules.KucoinAccessToken()) diff --git a/cmd/generate/config/rules/jfrog.go b/cmd/generate/config/rules/jfrog.go new file mode 100644 index 000000000..282ab735e --- /dev/null +++ b/cmd/generate/config/rules/jfrog.go @@ -0,0 +1,67 @@ +package rules + +import ( + "fmt" + + "github.com/zricethezav/gitleaks/v8/cmd/generate/secrets" + "github.com/zricethezav/gitleaks/v8/config" +) + +func JFrogAPIKey() *config.Rule { + keywords := []string{"jfrog", "artifactory", "bintray", "xray"} + + // Define Rule + r := config.Rule{ + // Human readable description of the rule + Description: "JFrog API Key", + + // Unique ID for the rule + RuleID: "jfrog-api-key", + + // Regex capture group for the actual secret + SecretGroup: 1, + + // Regex used for detecting secrets. See regex section below for more details + Regex: generateSemiGenericRegex(keywords, alphaNumeric("73")), + + // Keywords used for string matching on fragments (think of this as a prefilter) + Keywords: keywords, + } + + // validate + tps := []string{ + fmt.Sprintf("--set imagePullSecretJfrog.password=%s", secrets.NewSecret(alphaNumeric("73"))), + } + return validate(r, tps, nil) +} + +func JFrogIdentityToken() *config.Rule { + keywords := []string{"jfrog", "artifactory", "bintray", "xray"} + + // Define Rule + r := config.Rule{ + // Human readable description of the rule + Description: "JFrog Identity Token", + + // Unique ID for the rule + RuleID: "jfrog-identity-token", + + // Regex capture group for the actual secret + SecretGroup: 1, + + // Regex used for detecting secrets. See regex section below for more details + Regex: generateSemiGenericRegex(keywords, alphaNumeric("64")), + + // Keywords used for string matching on fragments (think of this as a prefilter) + Keywords: keywords, + } + + // validate + tps := []string{ + generateSampleSecret("jfrog", secrets.NewSecret(alphaNumeric("64"))), + generateSampleSecret("artifactory", secrets.NewSecret(alphaNumeric("64"))), + generateSampleSecret("bintray", secrets.NewSecret(alphaNumeric("64"))), + generateSampleSecret("xray", secrets.NewSecret(alphaNumeric("64"))), + } + return validate(r, tps, nil) +} diff --git a/config/gitleaks.toml b/config/gitleaks.toml index ff3f06ba4..4b76f7d36 100644 --- a/config/gitleaks.toml +++ b/config/gitleaks.toml @@ -2131,6 +2131,24 @@ keywords = [ "intercom", ] +[[rules]] +description = "JFrog API Key" +id = "jfrog-api-key" +regex = '''(?i)(?:jfrog|artifactory|bintray|xray)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{73})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +secretGroup = 1 +keywords = [ + "jfrog","artifactory","bintray","xray", +] + +[[rules]] +description = "JFrog Identity Token" +id = "jfrog-identity-token" +regex = '''(?i)(?:jfrog|artifactory|bintray|xray)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)''' +secretGroup = 1 +keywords = [ + "jfrog","artifactory","bintray","xray", +] + [[rules]] description = "JSON Web Token" id = "jwt"