-
Notifications
You must be signed in to change notification settings - Fork 409
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge Gitleaks rules 2024-08-13 # 00:30
- Loading branch information
Security Research (r2c-argo)
committed
Aug 13, 2024
1 parent
57cb8aa
commit bd85d3b
Showing
16 changed files
with
91 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
26 changes: 26 additions & 0 deletions
26
generic/secrets/gitleaks/kubernetes-secret-with-data-after.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
rules: | ||
- id: kubernetes-secret-with-data-after | ||
message: A gitleaks kubernetes-secret-with-data-after was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). | ||
languages: | ||
- regex | ||
severity: INFO | ||
metadata: | ||
likelihood: LOW | ||
impact: MEDIUM | ||
confidence: LOW | ||
category: security | ||
cwe: | ||
- "CWE-798: Use of Hard-coded Credentials" | ||
cwe2021-top25: true | ||
cwe2022-top25: true | ||
owasp: | ||
- A07:2021 - Identification and Authentication Failures | ||
references: | ||
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html | ||
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules | ||
subcategory: | ||
- vuln | ||
technology: | ||
- gitleaks | ||
patterns: | ||
- pattern-regex: (?i)\b((?i)(?:\bkind:.{0,10}Secret\b)(?:.|\s){0,200}?\b(?:data:)\s*(.+))(?:['|\"|\n|\r|\s|\x60|;]|$) |
26 changes: 26 additions & 0 deletions
26
generic/secrets/gitleaks/kubernetes-secret-with-data-before.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
rules: | ||
- id: kubernetes-secret-with-data-before | ||
message: A gitleaks kubernetes-secret-with-data-before was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). | ||
languages: | ||
- regex | ||
severity: INFO | ||
metadata: | ||
likelihood: LOW | ||
impact: MEDIUM | ||
confidence: LOW | ||
category: security | ||
cwe: | ||
- "CWE-798: Use of Hard-coded Credentials" | ||
cwe2021-top25: true | ||
cwe2022-top25: true | ||
owasp: | ||
- A07:2021 - Identification and Authentication Failures | ||
references: | ||
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html | ||
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules | ||
subcategory: | ||
- vuln | ||
technology: | ||
- gitleaks | ||
patterns: | ||
- pattern-regex: (?i)\b((?i)(?:\b(?:data:))(\W+(?:\w+\W+){0,200}?)\bkind:.{0,10}Secret\b)(?:['|\"|\n|\r|\s|\x60|;]|$) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
rules: | ||
- id: openshift-user-token | ||
message: A gitleaks openshift-user-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module). | ||
languages: | ||
- regex | ||
severity: INFO | ||
metadata: | ||
likelihood: LOW | ||
impact: MEDIUM | ||
confidence: LOW | ||
category: security | ||
cwe: | ||
- "CWE-798: Use of Hard-coded Credentials" | ||
cwe2021-top25: true | ||
cwe2022-top25: true | ||
owasp: | ||
- A07:2021 - Identification and Authentication Failures | ||
references: | ||
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html | ||
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules | ||
subcategory: | ||
- vuln | ||
technology: | ||
- gitleaks | ||
patterns: | ||
- pattern-regex: \b(sha256~[\w-]{43})(?:[^\w-]|\z) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters