Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

catch username:password inside URLS #165

Closed
Tracked by #111
baruchiro opened this issue Aug 7, 2023 · 1 comment · Fixed by #169
Closed
Tracked by #111

catch username:password inside URLS #165

baruchiro opened this issue Aug 7, 2023 · 1 comment · Fixed by #169
Assignees
Labels
enhancement New feature or request good first issue Good for newcomers internal requirement Requirements from Checkmarx internally

Comments

@baruchiro
Copy link
Contributor

baruchiro commented Aug 7, 2023

Example: mongodb+srv://radar:mytoken@io.dbb.mongodb.net/?retryWrites=true&w=majority.

By default gitleaks does not detect passwords in URLs, you can use a custom rule if you want to detect that
from gitleaks/gitleaks#1094 (comment)

We need to create a custom rule on our side. I still don't know what is a "Custom Rule" in gitleaks, I know it can be configured by .toml, but don't know how to configure it from our code.

@baruchiro baruchiro changed the title catch username:password inside URLS: mongodb+srv://radar:mytoken@io.dbb.mongodb.net/?retryWrites=true&w=majority. gitleaks reference catch username:password inside URLS Aug 7, 2023
@baruchiro baruchiro added enhancement New feature or request good first issue Good for newcomers internal requirement Requirements from Checkmarx internally labels Aug 7, 2023
@github-project-automation github-project-automation bot moved this to Todo in 2ms Aug 7, 2023
@hagarfisher
Copy link
Contributor

assign to me please

@baruchiro baruchiro moved this from Todo to Review in 2ms Aug 21, 2023
github-merge-queue bot pushed a commit that referenced this issue Aug 23, 2023
Closes #165 

After researching the Gitleaks docs, I concluded that adding a toml file
won't extend the current rules. This is due to the way this project
extends Gitleaks.

**Proposed Changes**
- added a secrets/custom_rules.go that includes custom rules
configuration.
- a test to validate custom rules were added to the all rules array.
- added a function to append the custom rules to all rules array.

I submit this contribution under the Apache-2.0 license.

---------

Co-authored-by: Baruch Odem (Rothkoff) <baruchiro@gmail.com>
Co-authored-by: Baruch Odem <baruch.odem@checkmarx.com>
@github-project-automation github-project-automation bot moved this from Review to Done in 2ms Aug 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request good first issue Good for newcomers internal requirement Requirements from Checkmarx internally
Projects
Archived in project
Development

Successfully merging a pull request may close this issue.

2 participants