title = "gitleaks config" [[rules]] description = "AWS Manager ID" regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}''' tags = ["key", "AWS"] [[rules]] description = "AWS cred file info" regex = '''(?i)(aws_access_key_id|aws_secret_access_key)(.{0,20})?=.[0-9a-zA-Z\/+]{20,40}''' tags = ["AWS"] [[rules]] description = "AWS Secret Key" regex = '''(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]''' tags = ["key", "AWS"] [[rules]] description = "AWS MWS key" regex = '''amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}''' tags = ["key", "AWS", "MWS"] [[rules]] description = "Facebook Secret Key" regex = '''(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]''' tags = ["key", "Facebook"] [[rules]] description = "Facebook Client ID" regex = '''(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]''' tags = ["key", "Facebook"] [[rules]] description = "Twitter Secret Key" regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}['\"]''' tags = ["key", "Twitter"] [[rules]] description = "Twitter Client ID" regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{18,25}['\"]''' tags = ["client", "Twitter"] [[rules]] description = "Github" regex = '''(?i)github(.{0,20})?(?-i)['\"][0-9a-zA-Z]{35,40}['\"]''' tags = ["key", "Github"] [[rules]] description = "LinkedIn Client ID" regex = '''(?i)linkedin(.{0,20})?(?-i)['\"][0-9a-z]{12}['\"]''' tags = ["client", "LinkedIn"] [[rules]] description = "LinkedIn Secret Key" regex = '''(?i)linkedin(.{0,20})?['\"][0-9a-z]{16}['\"]''' tags = ["secret", "LinkedIn"] [[rules]] description = "Slack" regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})?''' tags = ["key", "Slack"] [[rules]] description = "EC" regex = '''-----BEGIN EC PRIVATE KEY-----''' tags = ["key", "EC"] [[rules]] description = "Google API key" regex = '''AIza[0-9A-Za-z\\-_]{35}''' tags = ["key", "Google"] [[rules]] description = "Heroku API key" regex = '''(?i)heroku(.{0,20})?['"][0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}['"]''' tags = ["key", "Heroku"] [[rules]] description = "MailChimp API key" regex = '''(?i)(mailchimp|mc)(.{0,20})?['"][0-9a-f]{32}-us[0-9]{1,2}['"]''' tags = ["key", "Mailchimp"] [[rules]] description = "Mailgun API key" regex = '''(?i)(mailgun|mg)(.{0,20})?['"][0-9a-z]{32}['"]''' tags = ["key", "Mailgun"] [[rules]] description = "PayPal Braintree access token" regex = '''access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}''' tags = ["key", "Paypal"] [[rules]] description = "Picatic API key" regex = '''sk_live_[0-9a-z]{32}''' tags = ["key", "Picatic"] [[rules]] description = "Slack Webhook" regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}''' tags = ["key", "slack"] [[rules]] description = "Stripe API key" regex = '''(?i)stripe(.{0,20})?['\"][sk|rk]_live_[0-9a-zA-Z]{24}''' tags = ["key", "Stripe"] [[rules]] description = "Square access token" regex = '''sq0atp-[0-9A-Za-z\-_]{22}''' tags = ["key", "square"] [[rules]] description = "Square OAuth secret" regex = '''sq0csp-[0-9A-Za-z\\-_]{43}''' tags = ["key", "square"] [[rules]] description = "Twilio API key" regex = '''(?i)twilio(.{0,20})?['\"][0-9a-f]{32}['\"]''' tags = ["key", "twilio"] [[rules]] description = "Env Var" regex = '''(?i)(apikey|secret|key|api|password|pass|pw|host)=[0-9a-zA-Z-_.{}]{4,120}''' [[rules.whitelist]] regex='''Key\=''' description = "Reference to repo for sonarqube" file = '''(?i)jenkinsfile''' [[rules.whitelist]] regex='''config.s3.aws_secret_access_key''' description = "variable placeholder" file = '''s3_connector.py''' [[rules.whitelist]] regex='''key=os\.path\.dirname''' description = "env var whitelist" [[rules.whitelist]] regex='''.*os\.getenv.*|.*key=os\.environ\.get''' [[rules.whitelist]] regex='''.*(?i)(s3secretkey|ENV_VAR|test_token|test\/key|testkey|Bearer|key.pem|key-specification|hadoop.*|Key=None|HOST=minio|KEY=S3AccessKey|api_url(),data.*|key=_file_mmset_sort_key)''' #[[rules]] # description = "Port" # regex = '''(?i)port(.{0,4})?[0-9]{1,10}''' # [[rules.whitelist]] # regex = '''(?i)port ''' # description = "ignore export " #[[rules]] # description = "Email" # regex = '''[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}''' # tags = ["email"] # [[rules.whitelist]] # file = '''(?i)bashrc''' # description = "ignore bashrc emails" [[rules]] description = "Generic Credential" regex = '''(?i)(dbpasswd|dbuser|dbname|dbhost|api_key|apikey|secret|key|api|password|user|guid|hostname|pw|auth)(.{0,20})?['|"]([0-9a-zA-Z-_\/+!{}/=]{4,120})['|"]''' tags = ["key", "API", "generic"] # ignore leaks with specific identifiers like slack and aws [[rules.whitelist]] regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})''' description = "ignore slack" [[rules.whitelist]] description = "MailChimp API key" regex = '''(?i)(.{0,20})?['"][0-9a-f]{32}-us[0-9]{1,2}['"]''' [[rules.whitelist]] description = "AWS Manager ID" regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}''' [[rules.whitelist]] regex='''(dns_secret_key|dns_access_key)''' description = "Ignore credstash secrets in Terraform files" [[rules.whitelist]] regex='''(linkKey)''' description = "Ignore references to linkkey in scala files" file = '''(?i)\.scala''' [[rules.whitelist]] regex='''(linkNum)''' description = "Ignore references to linknum is input.json. Not sensitive" file = '''(?i)input\.json''' [[rules.whitelist]] regex='''(link_key)''' description = "Ignore references to this in json files. Not sensitive" file = '''(?i)\.json''' [[rules.whitelist]] regex='''keys \"position\", \"category\"''' description = "Config information, not sensitive" file = '''(cost_attribution_rules_from_xlsx.pyi|codes_to_config.py)''' [[rules.whitelist]] regex='''(json_name)''' description = "google protoobuf descriptor" file = '''(protos/google/protobuf/descriptor.proto)''' [[rules.whitelist]] regex='''KEY \=.*''' description = "Delta deleter script, can ignore" file = '''(claims-api-submitter/deletion/delta_deleter.py)''' [[rules.whitelist]] regex = '''secret=os.getenv\(\"AWS_SECRET_ACCESS_KEY\"''' description = "claims deleter key reference" file = '''claims-api-submitter/tests/integration_tests/test_claims_api_deleter.py''' [[rules.whitelist]] regex = '''key\": \"testkey\"''' [[rules.whitelist]] regex='''.*os\.getenv.*''' [[rules.whitelist]] regex='''.*(?i)(s3secretkey|ENV_VAR|test_token|test_cookie|test\/key|testkey|Bearer|helper|max_user_ip|keywords|randomly|sslcert|disable|none|\"api_token\"|dry_run_url|API_TOKEN = \"submissions?_api_token\"|KEY_ID = \"AWS_ACCESS_KEY_ID\".*|key=None|api\(\"test\"|api_url()|key prefix|GET response|bad_format|key=_file_mmset_sort_key|KEYS = \[.*|no_submission_key|)''' [[rules.whitelist]] regex='''.*(?i)(user=\"hadoop\"|key=None)''' [[rules]] description = "High Entropy" regex = '''[0-9a-zA-Z-_!{}/=]{4,120}''' fileNameRegex = '''(?i)(dump.sql|high-entropy-misc.txt)$''' tags = ["entropy"] [[rules.Entropies]] Min = "4.3" Max = "7.0" [[rules.whitelist]] description = "ignore public ssh key and pems" file = '''(pem|ppk|env)$''' path = '''(.*)?ssh''' [[rules]] description = "Potential bash var" regex='''(?i)(=)([0-9a-zA-Z-_!{}=]{4,120})''' tags = ["key", "bash", "API", "generic"] [[rules.Entropies]] Min = "3.5" Max = "4.5" Group = "1" [[rules]] description = "WP-Config" regex='''define(.{0,20})?(DB_CHARSET|NONCE_SALT|LOGGED_IN_SALT|AUTH_SALT|NONCE_KEY|DB_HOST|DB_PASSWORD|AUTH_KEY|SECURE_AUTH_KEY|LOGGED_IN_KEY|DB_NAME|DB_USER)(.{0,20})?['|"].{10,120}['|"]''' tags = ["key", "API", "generic"] [[rules]] description = "Files with keys and credentials" fileNameRegex = '''(?i)(id_rsa|passwd|id_rsa.pub|pgpass|pem|key|shadow)''' [whitelist] description = "image whitelists" files = ['''(.*?)(jpg|gif|doc|pdf|bin|CMS31v4_SimpleXML.xml|CMS31v4.xml|vsac_auth_bad_credentials.yml|swagger_generator.rb|sonar.properties|sonar-project.properties|build.sbt|sonar-project-benelevel-eligibility-filter.properties)$''']