module Gitleaks

Defined in:

gitleaks/result.cr
gitleaks/rules.cr
gitleaks/scanner.cr

Constant Summary

BUILTIN_RULES = "[extend]\nuseDefault = true\n\n[[rules]]\nid = \"database-connection-url\"\ndescription = \"Detected a database connection URL with embedded credentials.\"\nregex = '''(?i)(?:postgres(?:ql)?|mysql|mongodb(?:\\+srv)?|redis|amqp|mssql):\\/\\/[^:\\s]+:([^@\\s]+)@[^\\s]+'''\nkeywords = [\"postgres\", \"postgresql\", \"mysql\", \"mongodb\", \"redis\", \"amqp\", \"mssql\"]\n\n[[rules]]\nid = \"generic-password\"\ndescription = \"Generic password assignment.\"\nregex = '''(?i)\\b(pass(word|phrase)?|passwd)\\b\\s*[:=]\\s*[\"'']?([a-zA-Z0-9!@#$%^&*()_+={}\\[\\]:;<>,.?\\/\\\\|~-]{6,})[\"'']?'''\nsecretGroup = 3\nkeywords = [\"password\", \"passwd\", \"passphrase\"]\n\n[[rules]]\nid = \"env-secret\"\ndescription = \"Environment variable style secret.\"\nregex = '''\\b[A-Z0-9_]+_?(PASS|PASSWORD|SECRET|TOKEN)[A-Z0-9_]*\\b\\s*[:=]\\s*[\"'']?([A-Za-z0-9!@#$%^&*()_+={}\\[\\]:;<>,.?\\/\\\\|~-]{6,})[\"'']?'''\nsecretGroup = 2\nkeywords = [\"PASS\", \"PASSWORD\", \"SECRET\", \"TOKEN\"]\n\n[[rules]]\nid = \"jwt-token\"\ndescription = \"JWT token.\"\nregex = '''(eyJ[a-zA-Z0-9\\-_]+\\.[a-zA-Z0-9\\-_]+\\.[a-zA-Z0-9\\-_]+)'''\nkeywords = [\"eyJ\"]"

Embedded gitleaks config with custom rules that extend the defaults.