Generate comprehensive secret samples (#1484) · gitleaks/gitleaks@c11adc9 (original) (raw)

`@@ -11,8 +11,8 @@ import (

`

11

11

`func AWS() *config.Rule {

`

12

12

`// define rule

`

13

13

`r := config.Rule{

`

14

``

`-

Description: "Identified a pattern that may indicate AWS credentials, risking unauthorized cloud resource access and data breaches on AWS platforms.",

`

15

14

`RuleID: "aws-access-token",

`

``

15

`+

Description: "Identified a pattern that may indicate AWS credentials, risking unauthorized cloud resource access and data breaches on AWS platforms.",

`

16

16

`` Regex: regexp.MustCompile(\b((?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16})\b),

``

17

17

`Entropy: 3,

`

18

18

`Keywords: []string{

`

`@@ -33,18 +33,12 @@ func AWS() *config.Rule {

`

33

33

` }

`

34

34

``

35

35

`// validate

`

36

``

`-

tps := []string{

`

37

``

`-

utils.GenerateSampleSecret("AWS", "AKIALALEMEL33243OLIB"), // gitleaks:allow

`

38

``

-

39

``

`-

// as part of a URL

`

40

``

`` -

https://aws.example.com/test/abc?AWSAccessKeyId=AKIALALEMEL33243OLIB&Signature=test, // gitleaks:allow

``

41

``

-

42

``

`-

// current AWS tokens cannot contain [0,1,8,9], so their entropy is slightly lower than expected.

`

43

``

`-

utils.GenerateSampleSecret("AWS", "AKIA"+secrets.NewSecret("[A-Z2-7]{16}")),

`

44

``

`-

utils.GenerateSampleSecret("AWS", "ASIA"+secrets.NewSecret("[A-Z2-7]{16}")),

`

45

``

`-

utils.GenerateSampleSecret("AWS", "ABIA"+secrets.NewSecret("[A-Z2-7]{16}")),

`

46

``

`-

utils.GenerateSampleSecret("AWS", "ACCA"+secrets.NewSecret("[A-Z2-7]{16}")),

`

47

``

`-

}

`

``

36

`+

tps := utils.GenerateSampleSecrets("AWS", "AKIALALEMEL33243OLIB") // gitleaks:allow

`

``

37

`+

// current AWS tokens cannot contain [0,1,8,9], so their entropy is slightly lower than expected.

`

``

38

`+

tps = append(tps, utils.GenerateSampleSecrets("AWS", "AKIA"+secrets.NewSecret("[A-Z2-7]{16}"))...)

`

``

39

`+

tps = append(tps, utils.GenerateSampleSecrets("AWS", "ASIA"+secrets.NewSecret("[A-Z2-7]{16}"))...)

`

``

40

`+

tps = append(tps, utils.GenerateSampleSecrets("AWS", "ABIA"+secrets.NewSecret("[A-Z2-7]{16}"))...)

`

``

41

`+

tps = append(tps, utils.GenerateSampleSecrets("AWS", "ACCA"+secrets.NewSecret("[A-Z2-7]{16}"))...)

`

48

42

`fps := []string{

`

49

43

`` key = AKIAXXXXXXXXXXXXXXXX, // Low entropy

``

50

44

`` aws_access_key: AKIAIOSFODNN7EXAMPLE, // Placeholder

``