-
Notifications
You must be signed in to change notification settings - Fork 409
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge Gitleaks rules 2024-09-05 # 00:31
- Loading branch information
Security Research (r2c-argo)
committed
Sep 5, 2024
1 parent
b3fd95a
commit 8ca3e89
Showing
18 changed files
with
93 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
26 changes: 26 additions & 0 deletions
26
generic/secrets/gitleaks/kubernetes-secret-with-data-after.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
rules: | ||
- id: kubernetes-secret-with-data-after | ||
message: A gitleaks kubernetes-secret-with-data-after was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). | ||
languages: | ||
- regex | ||
severity: INFO | ||
metadata: | ||
likelihood: LOW | ||
impact: MEDIUM | ||
confidence: LOW | ||
category: security | ||
cwe: | ||
- "CWE-798: Use of Hard-coded Credentials" | ||
cwe2021-top25: true | ||
cwe2022-top25: true | ||
owasp: | ||
- A07:2021 - Identification and Authentication Failures | ||
references: | ||
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html | ||
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules | ||
subcategory: | ||
- vuln | ||
technology: | ||
- gitleaks | ||
patterns: | ||
- pattern-regex: (?i)\b((?i)(?:\bkind:.{0,10}Secret\b)(?:.|\s){0,200}?\b(?:data:)\s*(.+))(?:['|\"|\n|\r|\s|\x60|;]|$) |
26 changes: 26 additions & 0 deletions
26
generic/secrets/gitleaks/kubernetes-secret-with-data-before.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
rules: | ||
- id: kubernetes-secret-with-data-before | ||
message: A gitleaks kubernetes-secret-with-data-before was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). | ||
languages: | ||
- regex | ||
severity: INFO | ||
metadata: | ||
likelihood: LOW | ||
impact: MEDIUM | ||
confidence: LOW | ||
category: security | ||
cwe: | ||
- "CWE-798: Use of Hard-coded Credentials" | ||
cwe2021-top25: true | ||
cwe2022-top25: true | ||
owasp: | ||
- A07:2021 - Identification and Authentication Failures | ||
references: | ||
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html | ||
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules | ||
subcategory: | ||
- vuln | ||
technology: | ||
- gitleaks | ||
patterns: | ||
- pattern-regex: (?i)\b((?i)(?:\b(?:data:))(\W+(?:\w+\W+){0,200}?)\bkind:.{0,10}Secret\b)(?:['|\"|\n|\r|\s|\x60|;]|$) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
rules: | ||
- id: openshift-user-token | ||
message: A gitleaks openshift-user-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). | ||
languages: | ||
- regex | ||
severity: INFO | ||
metadata: | ||
likelihood: LOW | ||
impact: MEDIUM | ||
confidence: LOW | ||
category: security | ||
cwe: | ||
- "CWE-798: Use of Hard-coded Credentials" | ||
cwe2021-top25: true | ||
cwe2022-top25: true | ||
owasp: | ||
- A07:2021 - Identification and Authentication Failures | ||
references: | ||
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html | ||
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules | ||
subcategory: | ||
- vuln | ||
technology: | ||
- gitleaks | ||
patterns: | ||
- pattern-regex: \b(sha256~[\w-]{43})(?:[^\w-]|\z) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters