Used new process to gen gitleaks.toml

Used the new process to generate the gitleaks.toml. The rules themselves are unchanged, but the formatting is completely different. Changelog: changed

Used new process to gen gitleaks.toml
bc1ca822 · rossfuhrman · GitLab · 2771842d · bc1ca822 · bc1ca822
--- a/gems/gitlab-secret_detection/lib/gitleaks.toml
+++ b/gems/gitlab-secret_detection/lib/gitleaks.toml
-# This file contains a subset of rules pulled from the original source file.
+# This file is auto-generated, do not edit.
-# Original Source: https://gitlab.com/gitlab-org/security-products/analyzers/secrets/-/blob/master/gitleaks.toml
+# See the README.md of the secrets analyzer for more info: https://gitlab.com/gitlab-org/security-products/analyzers/secrets/-/blob/master/README.md#syncing-tags
-# Reference: https://gitlab.com/gitlab-org/gitlab/-/issues/427011
 title = "gitleaks config"
 [[rules]]
-id = "gitlab_personal_access_token"
 description = "GitLab Personal Access Token"
-regex = '''\bglpat-[0-9a-zA-Z_\-]{20}\b'''
+id = "gitlab_personal_access_token"
-tags = ["gitlab", "revocation_type"]
+keywords = ["glpat"]
-keywords = [
+regex = "\\bglpat-[0-9a-zA-Z_\\-]{20}\\b"
-    "glpat",
+tags = ["gitlab", "revocation_type", "gitlab_blocking"]
-]
 [[rules]]
-id = "gitlab_pipeline_trigger_token"
 description = "GitLab Pipeline Trigger Token"
-regex = '''\bglptt-[0-9a-zA-Z_\-]{40}\b'''
+id = "gitlab_pipeline_trigger_token"
-tags = ["gitlab"]
+keywords = ["glptt"]
-keywords = [
+regex = "\\bglptt-[0-9a-zA-Z_\\-]{40}\\b"
-    "glptt",
+tags = ["gitlab", "gitlab_blocking"]
-]
 [[rules]]
-id = "gitlab_runner_registration_token"
 description = "GitLab Runner Registration Token"
-regex = '''\bGR1348941[0-9a-zA-Z_\-]{20}\b'''
+id = "gitlab_runner_registration_token"
-tags = ["gitlab"]
+keywords = ["GR1348941"]
-keywords = [
+regex = "\\bGR1348941[0-9a-zA-Z_\\-]{20}\\b"
-    "GR1348941",
+tags = ["gitlab", "gitlab_blocking"]
-]
 [[rules]]
-id = "gitlab_runner_auth_token"
 description = "GitLab Runner Authentication Token"
-regex = '''\bglrt-[0-9a-zA-Z_\-]{20}\b'''
+id = "gitlab_runner_auth_token"
-tags = ["gitlab"]
+keywords = ["glrt"]
-keywords = [
+regex = "\\bglrt-[0-9a-zA-Z_\\-]{20}\\b"
-    "glrt",
+tags = ["gitlab", "gitlab_blocking"]
-]
 [[rules]]
-id = "gitlab_oauth_app_secret"
 description = "GitLab OAuth Application Secrets"
-regex = '''\bgloas-[0-9a-zA-Z_\-]{64}\b'''
+id = "gitlab_oauth_app_secret"
-tags = ["gitlab"]
+keywords = ["gloas"]
-keywords = [
+regex = "\\bgloas-[0-9a-zA-Z_\\-]{64}\\b"
-    "gloas",
+tags = ["gitlab", "gitlab_blocking"]
-]
 [[rules]]
+description = "GitLab Feed token"
 id = "gitlab_feed_token_v2"
-description = "GitLab Feed Token"
+keywords = ["glft"]
-regex = '''\bglft-[0-9a-zA-Z_\-]{20}\b'''
+regex = "\\bglft-[0-9a-zA-Z_\\-]{20}\\b"
-tags = ["gitlab"]
+tags = ["gitlab", "gitlab_blocking"]
-keywords = [
-    "glft",
-]
 [[rules]]
-id = "gitlab_kubernetes_agent_token"
 description = "GitLab Agent for Kubernetes token"
-regex = '''\bglagent-[0-9a-zA-Z_\-]{50}\b'''
+id = "gitlab_kubernetes_agent_token"
-tags = ["gitlab"]
+keywords = ["glagent"]
-keywords = [
+regex = "\\bglagent-[0-9a-zA-Z_\\-]{50}\\b"
-    "glagent",
+tags = ["gitlab", "gitlab_blocking"]
-]
 [[rules]]
-id = "gitlab_incoming_email_token"
 description = "GitLab Incoming email token"
-regex = '''\bglimt-[0-9a-zA-Z_\-]{25}\b'''
+id = "gitlab_incoming_email_token"
-tags = ["gitlab"]
+keywords = ["glimt"]
-keywords = [
+regex = "\\bglimt-[0-9a-zA-Z_\\-]{25}\\b"
-    "glimt",
+tags = ["gitlab", "gitlab_blocking"]
-]
 [[rules]]
-id = "AWS"
 description = "AWS Access Token"
-regex = '''\bAKIA[0-9A-Z]{16}\b'''
+id = "AWS"
-tags = ["aws", "revocation_type"]
+keywords = ["AKIA"]
-keywords = [
+regex = "\\bAKIA[0-9A-Z]{16}\\b"
-    "AKIA",
+tags = ["aws", "revocation_type", "gitlab_blocking"]
-]
 [[rules]]
-id = "Github Personal Access Token"
 description = "Github Personal Access Token"
-regex = '''ghp_[0-9a-zA-Z]{36}'''
+id = "Github Personal Access Token"
-keywords = [
+keywords = ["ghp_"]
-    "ghp_",
+regex = "ghp_[0-9a-zA-Z]{36}"
-]
+tags = ["gitlab_blocking"]
 [[rules]]
-id = "Github OAuth Access Token"
 description = "Github OAuth Access Token"
-regex = '''gho_[0-9a-zA-Z]{36}'''
+id = "Github OAuth Access Token"
-keywords = [
+keywords = ["gho_"]
-    "gho_",
+regex = "gho_[0-9a-zA-Z]{36}"
-]
+tags = ["gitlab_blocking"]
 [[rules]]
-id = "Github App Token"
 description = "Github App Token"
-regex = '''(ghu|ghs)_[0-9a-zA-Z]{36}'''
+id = "Github App Token"
-keywords = [
+keywords = ["ghu_", "ghs_"]
-    "ghu_",
+regex = "(ghu|ghs)_[0-9a-zA-Z]{36}"
-    "ghs_"
+tags = ["gitlab_blocking"]
-]
 [[rules]]
-id = "Github Refresh Token"
 description = "Github Refresh Token"
-regex = '''ghr_[0-9a-zA-Z]{76}'''
+id = "Github Refresh Token"
-keywords = [
+keywords = ["ghr_"]
-    "ghr_"
+regex = "ghr_[0-9a-zA-Z]{76}"
-]
+tags = ["gitlab_blocking"]
 [[rules]]
-id = "Shopify shared secret"
 description = "Shopify shared secret"
-regex = '''shpss_[a-fA-F0-9]{32}'''
+id = "Shopify shared secret"
-keywords = [
+keywords = ["shpss_"]
-    "shpss_"
+regex = "shpss_[a-fA-F0-9]{32}"
-]
+tags = ["gitlab_blocking"]
 [[rules]]
-id = "Shopify access token"
 description = "Shopify access token"
-regex = '''shpat_[a-fA-F0-9]{32}'''
+id = "Shopify access token"
-keywords = [
+keywords = ["shpat_"]
-    "shpat_"
+regex = "shpat_[a-fA-F0-9]{32}"
-]
+tags = ["gitlab_blocking"]
 [[rules]]
-id = "Shopify custom app access token"
 description = "Shopify custom app access token"
-regex = '''shpca_[a-fA-F0-9]{32}'''
+id = "Shopify custom app access token"
-keywords = [
+keywords = ["shpca_"]
-    "shpca_"
+regex = "shpca_[a-fA-F0-9]{32}"
-]
+tags = ["gitlab_blocking"]
 [[rules]]
-id = "Shopify private app access token"
 description = "Shopify private app access token"
-regex = '''shppa_[a-fA-F0-9]{32}'''
+id = "Shopify private app access token"
-keywords = [
+keywords = ["shppa_"]
-    "shppa_"
+regex = "shppa_[a-fA-F0-9]{32}"
-]
+tags = ["gitlab_blocking"]
 [[rules]]
-id = "Slack token"
 description = "Slack token"
-regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})'''
+id = "Slack token"
-keywords = [
+keywords = ["xoxb", "xoxa", "xoxp", "xoxr", "xoxs"]
-    "xoxb","xoxa","xoxp","xoxr","xoxs",
+regex = "xox[baprs]-([0-9a-zA-Z]{10,48})"
-]
+tags = ["gitlab_blocking"]
 [[rules]]
-id = "Stripe"
 description = "Stripe"
-regex = '''(?i)(sk|pk)_(test|live)_[0-9a-z]{10,32}'''
+id = "Stripe"
-keywords = [
+keywords = ["sk_test", "pk_test", "sk_live", "pk_live"]
-    "sk_test","pk_test","sk_live","pk_live",
+regex = "(?i)(sk|pk)_(test|live)_[0-9a-z]{10,32}"
-]
+tags = ["gitlab_blocking"]
 [[rules]]
-id = "PyPI upload token"
 description = "PyPI upload token"
-regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}'''
+id = "PyPI upload token"
-tags = ["pypi", "revocation_type"]
+keywords = ["pypi-AgEIcHlwaS5vcmc"]
-keywords = [
+regex = "pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}"
-    "pypi-AgEIcHlwaS5vcmc",
+tags = ["pypi", "revocation_type", "gitlab_blocking"]
-]
 [[rules]]
-id = "Google (GCP) Service-account"
 description = "Google (GCP) Service-account"
-tags = ["gitlab_partner_token", "revocation_type"]
+id = "Google (GCP) Service-account"
-regex = '''\"private_key\":\s*\"-{5}BEGIN PRIVATE KEY-{5}[\s\S]*?",'''
+keywords = ["service_account"]
-keywords = [
+regex = "\\\"private_key\\\":\\s*\\\"-{5}BEGIN PRIVATE KEY-{5}[\\s\\S]*?\","
-    "service_account",
+tags = ["gitlab_partner_token", "revocation_type", "gitlab_blocking"]
-]
 [[rules]]
-id = "GCP API key"
 description = "GCP API keys can be misused to gain API quota from billed projects"
-tags = ["gitlab_partner_token", "revocation_type"]
+id = "GCP API key"
-regex = '''(?i)\b(AIza[0-9A-Za-z-_]{35})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+keywords = ["AIza"]
+regex = "(?i)\\b(AIza[0-9A-Za-z-_]{35})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)"
 secretGroup = 1
-keywords = [
+tags = ["gitlab_partner_token", "revocation_type", "gitlab_blocking"]
-    "AIza",
-]
 [[rules]]
-id = "GCP OAuth client secret"
 description = "GCP OAuth client secrets can be misused to spoof your application"
-tags = ["gitlab_partner_token", "revocation_type"]
+id = "GCP OAuth client secret"
-regex = '''GOCSPX-[a-zA-Z0-9_-]{28}'''
+keywords = ["GOCSPX-"]
-keywords = [
+regex = "GOCSPX-[a-zA-Z0-9_-]{28}"
-    "GOCSPX-",
+tags = ["gitlab_partner_token", "revocation_type", "gitlab_blocking"]
-]
 [[rules]]
-id = "Grafana API token"
 description = "Grafana API token"
-regex = '''['\"]eyJrIjoi(?i)[a-z0-9-_=]{72,92}['\"]'''
+id = "Grafana API token"
-keywords = [
+keywords = ["grafana"]
-    "grafana",
+regex = "['\\\"]eyJrIjoi(?i)[a-z0-9-_=]{72,92}['\\\"]"
-]
+tags = ["gitlab_blocking"]
 [[rules]]
-id = "Hashicorp Terraform user/org API token"
 description = "Hashicorp Terraform user/org API token"
-regex = '''['\"](?i)[a-z0-9]{14}\.atlasv1\.[a-z0-9-_=]{60,70}['\"]'''
+id = "Hashicorp Terraform user/org API token"
-keywords = [
+keywords = ["atlasv1", "hashicorp", "terraform"]
-    "atlasv1",
+regex = "['\\\"](?i)[a-z0-9]{14}\\.atlasv1\\.[a-z0-9-_=]{60,70}['\\\"]"
-    "hashicorp",
+tags = ["gitlab_blocking"]
-    "terraform"
-]
 [[rules]]
-id = "Hashicorp Vault batch token"
 description = "Hashicorp Vault batch token"
-regex = '''b\.AAAAAQ[0-9a-zA-Z_-]{156}'''
+id = "Hashicorp Vault batch token"
-keywords = [
+keywords = ["hashicorp", "AAAAAQ", "vault"]
-    "hashicorp",
+regex = "b\\.AAAAAQ[0-9a-zA-Z_-]{156}"
-    "AAAAAQ",
+tags = ["gitlab_blocking"]
-    "vault"
-]
 [[rules]]
-id = "Mailchimp API key"
 description = "Mailchimp API key"
-regex = '''(?i)(mailchimp[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32}-us20)['\"]'''
+id = "Mailchimp API key"
+keywords = ["mailchimp"]
+regex = "(?i)(mailchimp[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-f0-9]{32}-us20)['\\\"]"
 secretGroup = 3
-keywords = [
+tags = ["gitlab_blocking"]
-    "mailchimp",
-]
 [[rules]]
-id = "Mailgun private API token"
 description = "Mailgun private API token"
-regex = '''(?i)(mailgun[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](key-[a-f0-9]{32})['\"]'''
+id = "Mailgun private API token"
+keywords = ["mailgun"]
+regex = "(?i)(mailgun[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"](key-[a-f0-9]{32})['\\\"]"
 secretGroup = 3
-keywords = [
+tags = ["gitlab_blocking"]
-    "mailgun",
-]
 [[rules]]
-id = "Mailgun webhook signing key"
 description = "Mailgun webhook signing key"
-regex = '''(?i)(mailgun[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})['\"]'''
+id = "Mailgun webhook signing key"
+keywords = ["mailgun"]
+regex = "(?i)(mailgun[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})['\\\"]"
 secretGroup = 3
-keywords = [
+tags = ["gitlab_blocking"]
-    "mailgun",
-]
 [[rules]]
-id = "New Relic user API Key"
 description = "New Relic user API Key"
-regex = '''['\"](NRAK-[A-Z0-9]{27})['\"]'''
+id = "New Relic user API Key"
-keywords = [
+keywords = ["NRAK"]
-    "NRAK",
+regex = "['\\\"](NRAK-[A-Z0-9]{27})['\\\"]"
-]
+tags = ["gitlab_blocking"]
 [[rules]]
-id = "New Relic user API ID"
 description = "New Relic user API ID"
-regex = '''(?i)(newrelic[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([A-Z0-9]{64})['\"]'''
+id = "New Relic user API ID"
+keywords = ["newrelic"]
+regex = "(?i)(newrelic[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([A-Z0-9]{64})['\\\"]"
 secretGroup = 3
-keywords = [
+tags = ["gitlab_blocking"]
-    "newrelic",
-]
 [[rules]]
-id = "npm access token"
 description = "npm access token"
-regex = '''['\"](npm_(?i)[a-z0-9]{36})['\"]'''
+id = "npm access token"
-keywords = [
+keywords = ["npm_"]
-    "npm_",
+regex = "['\\\"](npm_(?i)[a-z0-9]{36})['\\\"]"
-]
+tags = ["gitlab_blocking"]
 [[rules]]
-id = "Rubygem API token"
 description = "Rubygem API token"
-regex = '''rubygems_[a-f0-9]{48}'''
+id = "Rubygem API token"
-keywords = [
+keywords = ["rubygems_"]
-    "rubygems_",
+regex = "rubygems_[a-f0-9]{48}"
-]
+tags = ["gitlab_blocking"]
 [[rules]]
-id = "Segment Public API token"
 description = "Segment Public API token"
-regex = '''sgp_[a-zA-Z0-9]{64}'''
+id = "Segment Public API token"
-keywords = [
+keywords = ["sgp_"]
-    "sgp_",
+regex = "sgp_[a-zA-Z0-9]{64}"
-]
+tags = ["gitlab_blocking"]
 [[rules]]
-id = "Sendgrid API token"
 description = "Sendgrid API token"
-regex = '''SG\.(?i)[a-z0-9_\-\.]{66}'''
+id = "Sendgrid API token"
-keywords = [
+keywords = ["sendgrid"]
-    "sendgrid",
+regex = "SG\\.(?i)[a-z0-9_\\-\\.]{66}"
-]
+tags = ["gitlab_blocking"]
--- a/gems/gitlab-secret_detection/spec/lib/gitlab/secret_detection/scan_spec.rb
+++ b/gems/gitlab-secret_detection/spec/lib/gitlab/secret_detection/scan_spec.rb
@@ -36,7 +36,7 @@ def new_blob(id:, data:)
        },
        {
          "id" => "gitlab_feed_token_v2",
-          "description" => "GitLab Feed Token",
+          "description" => "GitLab Feed token",
          "regex" => "\bglft-[0-9a-zA-Z_-]{20}\b",
          "tags" => ["gitlab"],
          "keywords" => ["glft"]