-
Notifications
You must be signed in to change notification settings - Fork 34
Expand file tree
/
Copy pathgithub.go
More file actions
89 lines (77 loc) · 2.6 KB
/
Copy pathgithub.go
File metadata and controls
89 lines (77 loc) · 2.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
package rules
import (
"regexp"
"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
"github.com/zricethezav/gitleaks/v8/config"
)
func GitHubPat() *config.Rule {
// define rule
r := config.Rule{
Description: "Uncovered a GitHub Personal Access Token, potentially leading to unauthorized repository access and sensitive content exposure.",
RuleID: "github-pat",
Regex: regexp.MustCompile(`ghp_[0-9a-zA-Z]{36}`),
Keywords: []string{"ghp_"},
}
// validate
tps := []string{
generateSampleSecret("github", "ghp_"+secrets.NewSecret(alphaNumeric("36"))),
}
return validate(r, tps, nil)
}
func GitHubFineGrainedPat() *config.Rule {
// define rule
r := config.Rule{
Description: "Found a GitHub Fine-Grained Personal Access Token, risking unauthorized repository access and code manipulation.",
RuleID: "github-fine-grained-pat",
Regex: regexp.MustCompile(`github_pat_[0-9a-zA-Z_]{82}`),
Keywords: []string{"github_pat_"},
}
// validate
tps := []string{
generateSampleSecret("github", "github_pat_"+secrets.NewSecret(alphaNumeric("82"))),
}
return validate(r, tps, nil)
}
func GitHubOauth() *config.Rule {
// define rule
r := config.Rule{
Description: "Discovered a GitHub OAuth Access Token, posing a risk of compromised GitHub account integrations and data leaks.",
RuleID: "github-oauth",
Regex: regexp.MustCompile(`gho_[0-9a-zA-Z]{36}`),
Keywords: []string{"gho_"},
}
// validate
tps := []string{
generateSampleSecret("github", "gho_"+secrets.NewSecret(alphaNumeric("36"))),
}
return validate(r, tps, nil)
}
func GitHubApp() *config.Rule {
// define rule
r := config.Rule{
Description: "Identified a GitHub App Token, which may compromise GitHub application integrations and source code security.",
RuleID: "github-app-token",
Regex: regexp.MustCompile(`ghu_[0-9a-zA-Z]{36}|ghs_[0-9a-zA-Z]{36}`),
Keywords: []string{"ghu_", "ghs_"},
}
// validate
tps := []string{
generateSampleSecret("github", "ghu_"+secrets.NewSecret(alphaNumeric("36"))),
generateSampleSecret("github", "ghs_"+secrets.NewSecret(alphaNumeric("36"))),
}
return validate(r, tps, nil)
}
func GitHubRefresh() *config.Rule {
// define rule
r := config.Rule{
Description: "Detected a GitHub Refresh Token, which could allow prolonged unauthorized access to GitHub services.",
RuleID: "github-refresh-token",
Regex: regexp.MustCompile(`ghr_[0-9a-zA-Z]{36}`),
Keywords: []string{"ghr_"},
}
// validate
tps := []string{
generateSampleSecret("github", "ghr_"+secrets.NewSecret(alphaNumeric("36"))),
}
return validate(r, tps, nil)
}