fix(easypost): only detect tokens of correct length (#1628) · gitleaks/gitleaks@4e303d0 (original) (raw)

`@@ -13,27 +13,44 @@ func EasyPost() *config.Rule {

`

13

13

`r := config.Rule{

`

14

14

`RuleID: "easypost-api-token",

`

15

15

`Description: "Identified an EasyPost API token, which could lead to unauthorized postal and shipment service access and data exposure.",

`

16

``

`` -

Regex: regexp.MustCompile(\bEZAK(?i)[a-z0-9]{54}),

``

``

16

`` +

Regex: regexp.MustCompile(\bEZAK(?i)[a-z0-9]{54}\b),

``

17

17

`Entropy: 2,

`

18

18

`Keywords: []string{"EZAK"},

`

19

19

` }

`

20

20

``

21

21

`// validate

`

22

``

`-

tps := utils.GenerateSampleSecrets("EZAK", "EZAK"+secrets.NewSecret(utils.AlphaNumeric("54")))

`

23

``

`-

return utils.Validate(r, tps, nil)

`

``

22

`` +

tps := utils.GenerateSampleSecrets("EZAK", "EZAK"+secrets.NewSecret([a-zA-Z0-9]{54}))

``

``

23

`+

tps = append(tps,

`

``

24

`` +

"EZAK"+secrets.NewSecret([a-zA-Z0-9]{54}),

``

``

25

`` +

"example.com?t=EZAK"+secrets.NewSecret([a-zA-Z0-9]{54})+"&q=1",

``

``

26

`+

)

`

``

27

`+

fps := []string{

`

``

28

`+

// random base64 encoded string

`

``

29

`` +

...6wqX6fNUXA/rYqRvfQ+EZAKGqQRiRyqAFRQshGPWOIAwNWGORfKHSBnVNFtVmWYoW6PH23lkqbbDWep95C/3VmWq/edti6..., // gitleaks:allow

``

``

30

`+

}

`

``

31

`+

return utils.Validate(r, tps, fps)

`

24

32

`}

`

25

33

``

26

34

`func EasyPostTestAPI() *config.Rule {

`

27

35

`// define rule

`

28

36

`r := config.Rule{

`

29

37

`RuleID: "easypost-test-api-token",

`

30

38

`Description: "Detected an EasyPost test API token, risking exposure of test environments and potentially sensitive shipment data.",

`

31

``

`` -

Regex: regexp.MustCompile(\bEZTK(?i)[a-z0-9]{54}),

``

``

39

`` +

Regex: regexp.MustCompile(\bEZTK(?i)[a-z0-9]{54}\b),

``

32

40

`Entropy: 2,

`

33

41

`Keywords: []string{"EZTK"},

`

34

42

` }

`

35

43

``

36

44

`// validate

`

37

``

`-

tps := utils.GenerateSampleSecrets("EZTK", "EZTK"+secrets.NewSecret(utils.AlphaNumeric("54")))

`

38

``

`-

return utils.Validate(r, tps, nil)

`

``

45

`` +

tps := utils.GenerateSampleSecrets("EZTK", secrets.NewSecret(EZTK[a-zA-Z0-9]{54}))

``

``

46

`` +

tps = append(tps, secrets.NewSecret(EZTK[a-zA-Z0-9]{54}))

``

``

47

`+

tps = append(tps,

`

``

48

`` +

"EZTK"+secrets.NewSecret([a-zA-Z0-9]{54}),

``

``

49

`` +

"example.com?t=EZTK"+secrets.NewSecret([a-zA-Z0-9]{54})+"&q=1",

``

``

50

`+

)

`

``

51

`+

fps := []string{

`

``

52

`+

// random base64 encoded string

`

``

53

`` +

...6wqX6fNUXA/rYqRvfQ+EZTKGqQRiRyqAFRQshGPWOIAwNWGORfKHSBnVNFtVmWYoW6PH23lkqbbDWep95C/3VmWq/edti6..., // gitleaks:allow

``

``

54

`+

}

`

``

55

`+

return utils.Validate(r, tps, fps)

`

39

56

`}

`