feat: facebook secret, access token, and page access token rules (#1372)

* Add Facebook secret, access token, and page access token rules * comment
gitleaks · Mar 22, 2024 · 4b54328 · 4b54328
1 parent 979f213
commit 4b54328
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 5 deletions.
diff --git a/cmd/generate/config/main.go b/cmd/generate/config/main.go
@@ -67,7 +67,9 @@ func main() {
 		rules.EasyPost(),
 		rules.EasyPostTestAPI(),
 		rules.EtsyAccessToken(),
-		rules.Facebook(),
+		rules.FacebookSecret(),
+		rules.FacebookAccessToken(),
+		rules.FacebookPageAccessToken(),
 		rules.FastlyAPIToken(),
 		rules.FinicityClientSecret(),
 		rules.FinicityAPIToken(),

diff --git a/cmd/generate/config/rules/facebook.go b/cmd/generate/config/rules/facebook.go
@@ -5,11 +5,13 @@ import (
 	"github.com/zricethezav/gitleaks/v8/config"
 )
 
-func Facebook() *config.Rule {
+// This rule includes both App Secret and Client Access Token
+// https://developers.facebook.com/docs/facebook-login/guides/access-tokens/
+func FacebookSecret() *config.Rule {
 	// define rule
 	r := config.Rule{
-		Description: "Discovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure.",
-		RuleID:      "facebook",
+		Description: "Discovered a Facebook Application secret, posing a risk of unauthorized access to Facebook accounts and personal data exposure.",
+		RuleID:      "facebook-secret",
 		Regex:       generateSemiGenericRegex([]string{"facebook"}, hex("32"), true),
 
 		Keywords: []string{"facebook"},
@@ -18,6 +20,46 @@ func Facebook() *config.Rule {
 	// validate
 	tps := []string{
 		generateSampleSecret("facebook", secrets.NewSecret(hex("32"))),
+		`facebook_app_secret = "6dca6432e45d933e13650d1882bd5e69"`,       // gitleaks:allow
+		`facebook_client_access_token: 26f5fd13099f2c1331aafb86f6489692`, // gitleaks:allow
+	}
+	return validate(r, tps, nil)
+}
+
+// https://developers.facebook.com/docs/facebook-login/guides/access-tokens/#apptokens
+func FacebookAccessToken() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "Discovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure.",
+		RuleID:      "facebook-access-token",
+		Regex:       generateUniqueTokenRegex(`\d{15,16}\|[0-9a-z\-_]{27}`, true),
+	}
+
+	// validate
+	tps := []string{
+		`{"access_token":"911602140448729|AY-lRJZq9BoDLobvAiP25L7RcMg","token_type":"bearer"}`, // gitleaks:allow
+		`1308742762612587|rhoK1cbv0DOU_RTX_87O4MkX7AI`,                                         // gitleaks:allow
+		`1477036645700765|wRPf2v3mt2JfMqCLK8n7oltrEmc`,                                         // gitleaks:allow
+	}
+	return validate(r, tps, nil)
+}
+
+// https://developers.facebook.com/docs/facebook-login/guides/access-tokens/#pagetokens
+func FacebookPageAccessToken() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "Discovered a Facebook Page Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure.",
+		RuleID:      "facebook-page-access-token",
+		Regex:       generateUniqueTokenRegex("EAA[MC]"+alphaNumeric("20,"), true),
+		Keywords:    []string{"EAAM", "EAAC"},
+	}
+
+	// validate
+	tps := []string{
+		`EAAM9GOnCB9kBO2frzOAWGN2zMnZClQshlWydZCrBNdodesbwimx1mfVJgqZBP5RSpMfUzWhtjTTXHG5I1UlvlwRZCgjm3ZBVGeTYiqAAoxyED6HaUdhpGVNoPUwAuAWWFsi9OvyYBQt22DGLqMIgD7VktuCTTZCWKasz81Q822FPhMTB9VFFyClNzQ0NLZClt9zxpsMMrUZCo1VU1rL3CKavir5QTfBjfCEzHNlWAUDUV2YZD`, // gitleaks:allow
+		`EAAM9GOnCB9kBO2zXpAtRBmCrsPPjdA3KeBl4tqsEpcYd09cpjm9MZCBIklZBjIQBKGIJgFwm8IE17G5pipsfRBRBEHMWxvJsL7iHLUouiprxKRQfAagw8BEEDucceqxTiDhVW2IZAQNNbf0d1JhcapAGntx5S1Csm4j0GgZB3DuUfI2HJ9aViTtdfH2vjBy0wtpXm2iamevohGfoF4NgyRHusDLjqy91uYMkfrkc`,          // gitleaks:allow
+		`- name: FACEBOOK_TOKEN
+		value: "EAACEdEose0cBA1bad3afsf2aew"`, // gitleaks:allow
 	}
 	return validate(r, tps, nil)
 }
diff --git a/config/gitleaks.toml b/config/gitleaks.toml
@@ -370,8 +370,21 @@ keywords = [
 ]
 
 [[rules]]
-id = "facebook"
+id = "facebook-access-token"
 description = "Discovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure."
+regex = '''(?i)\b(\d{15,16}\|[0-9a-z\-_]{27})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+
+[[rules]]
+id = "facebook-page-access-token"
+description = "Discovered a Facebook Page Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure."
+regex = '''(?i)\b(EAA[MC][a-z0-9]{20,})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+keywords = [
+    "eaam","eaac",
+]
+
+[[rules]]
+id = "facebook-secret"
+description = "Discovered a Facebook Application secret, posing a risk of unauthorized access to Facebook accounts and personal data exposure."
 regex = '''(?i)(?:facebook)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
 keywords = [
     "facebook",