diff --git a/credsweeper/rules/config.yaml b/credsweeper/rules/config.yaml index 2750975dd..02045e456 100644 --- a/credsweeper/rules/config.yaml +++ b/credsweeper/rules/config.yaml @@ -1097,57 +1097,28 @@ - code - doc -- name: Gitlab PAT +- name: Gitlab Prefix Token severity: high confidence: strong type: pattern values: - - (?glpat-[0-9A-Za-z_-]{20})(?![0-9A-Za-z_-]) - filter_type: TokenPattern - min_line_len: 26 + - (?(_gitlab_session=|GR1348941|gl(agent|soat|ffct|p[at]t|oas|cbt|imt|[dfr]t)-)[0-9A-Za-z_-]{20,64})(?![0-9A-Za-z_-]) + filter_type: + - ValuePatternCheck + min_line_len: 25 required_substrings: + - _gitlab_session= + - GR1348941 + - glagent- + - glsoat- + - glffct- - glpat- - target: - - code - - doc - -- name: Gitlab Pipeline Trigger Token - severity: high - confidence: strong - type: pattern - values: - - (?glptt-[a-f0-9]{40})(?![0-9A-Za-z_-]) - filter_type: TokenPattern - min_line_len: 46 - required_substrings: + - gloas- - glptt- - target: - - code - - doc - -- name: Gitlab Registration Runner Token - severity: high - confidence: strong - type: pattern - values: - - (?GR1348941[0-9A-Za-z_-]{20})(?![0-9A-Za-z_-]) - filter_type: TokenPattern - min_line_len: 29 - required_substrings: - - GR1348941 - target: - - code - - doc - -- name: Gitlab Registration Runner Token 2023 - severity: high - confidence: strong - type: pattern - values: - - (?glrt-[0-9A-Za-z_-]{20})(?![0-9A-Za-z_-]) - filter_type: TokenPattern - min_line_len: 25 - required_substrings: + - glcbt- + - glimt- + - gldt- + - glft- - glrt- target: - code diff --git a/experiment/requirements.txt b/experiment/requirements.txt index 3fffd21de..27c4c93d4 100644 --- a/experiment/requirements.txt +++ b/experiment/requirements.txt @@ -1,7 +1,7 @@ h5py==3.10.0 keras==2.13.1 numpy==1.23.5 -onnx==1.16.0 +onnx==1.17.0 protobuf==3.20.3 tensorflow==2.13.1 tf2onnx==1.16.0 diff --git a/tests/__init__.py b/tests/__init__.py index beb5e1ac4..b3fedfab4 100644 --- a/tests/__init__.py +++ b/tests/__init__.py @@ -1,20 +1,20 @@ from pathlib import Path # total number of files in test samples -SAMPLES_FILES_COUNT: int = 137 +SAMPLES_FILES_COUNT: int = 134 # the lowest value of ML threshold is used to display possible lowest values NEGLIGIBLE_ML_THRESHOLD = 0.0001 # credentials count after scan -SAMPLES_CRED_COUNT: int = 397 -SAMPLES_CRED_LINE_COUNT: int = 415 +SAMPLES_CRED_COUNT: int = 407 +SAMPLES_CRED_LINE_COUNT: int = 425 # credentials count after post-processing -SAMPLES_POST_CRED_COUNT: int = 354 +SAMPLES_POST_CRED_COUNT: int = 364 # with option --doc -SAMPLES_IN_DOC = 430 +SAMPLES_IN_DOC = 440 # archived credentials that are not found without --depth SAMPLES_IN_DEEP_1 = SAMPLES_POST_CRED_COUNT + 23 diff --git a/tests/data/depth_3.json b/tests/data/depth_3.json index b31ba4164..ec90d3855 100644 --- a/tests/data/depth_3.json +++ b/tests/data/depth_3.json @@ -6980,24 +6980,78 @@ "api_validation": "NOT_AVAILABLE", "ml_validation": "NOT_AVAILABLE", "ml_probability": null, - "rule": "Gitlab PAT", + "rule": "Gitlab Prefix Token", "severity": "high", "confidence": "strong", "line_data_list": [ { - "line": "var pat = 'glpat-a6N2pFAr2L2A6iRsA_mw';", - "line_num": 1, - "path": "./tests/samples/gitlab_pat_api", - "info": "./tests/samples/gitlab_pat_api|RAW", - "value": "glpat-a6N2pFAr2L2A6iRsA_mw", - "value_start": 11, - "value_end": 37, + "line": "glpat-8d5ri2n9g85LAnC9YW85 # Personal access token, Impersonation token, Project access token, Group access token", + "line_num": 2, + "path": "./tests/samples/gitlab_prefix_token", + "info": "./tests/samples/gitlab_prefix_token|RAW", + "value": "glpat-8d5ri2n9g85LAnC9YW85", + "value_start": 0, + "value_end": 26, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 3.0191930522498045, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "gloas-7fc1974b38580e6ceca8c077863cd5e88745895dfcbe1ae3c36eab9c498103dc # OAuth Application Secret", + "line_num": 3, + "path": "./tests/samples/gitlab_prefix_token", + "info": "./tests/samples/gitlab_prefix_token|RAW", + "value": "gloas-7fc1974b38580e6ceca8c077863cd5e88745895dfcbe1ae3c36eab9c498103dc", + "value_start": 0, + "value_end": 70, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 3.9590403170005795, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "gldt-9BeUoeWu2V9uUS3uLoMy # Deploy token", + "line_num": 4, + "path": "./tests/samples/gitlab_prefix_token", + "info": "./tests/samples/gitlab_prefix_token|RAW", + "value": "gldt-9BeUoeWu2V9uUS3uLoMy", + "value_start": 0, + "value_end": 25, "variable": null, "variable_start": -2, "variable_end": -2, "entropy_validation": { "iterator": "BASE64_CHARS", - "entropy": 3.7423376242715105, + "entropy": 3.9479064420971963, "valid": false } } @@ -7007,18 +7061,99 @@ "api_validation": "NOT_AVAILABLE", "ml_validation": "NOT_AVAILABLE", "ml_probability": null, - "rule": "Gitlab Pipeline Trigger Token", + "rule": "Gitlab Prefix Token", "severity": "high", "confidence": "strong", "line_data_list": [ { - "line": "trigger = 'glptt-33276248c9748113e978392e5c074b7f974f8683';", - "line_num": 1, - "path": "./tests/samples/gitlab_pipeline_trigger_token", - "info": "./tests/samples/gitlab_pipeline_trigger_token|RAW", + "line": "glrt-2CR8_eVxiio-1QmzPZwa # Runner authentication token", + "line_num": 5, + "path": "./tests/samples/gitlab_prefix_token", + "info": "./tests/samples/gitlab_prefix_token|RAW", + "value": "glrt-2CR8_eVxiio-1QmzPZwa", + "value_start": 0, + "value_end": 25, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE64_CHARS", + "entropy": 4.006593447001756, + "valid": false + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "glcbt-1375_cgpAsnEmP-79kcfRLyK_", + "line_num": 6, + "path": "./tests/samples/gitlab_prefix_token", + "info": "./tests/samples/gitlab_prefix_token|RAW", + "value": "glcbt-1375_cgpAsnEmP-79kcfRLyK_", + "value_start": 0, + "value_end": 31, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 3.0736527424503515, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "glcbt-0_c1k_AsgyRp4mP-Kcn8fL # CI/CD Job token", + "line_num": 7, + "path": "./tests/samples/gitlab_prefix_token", + "info": "./tests/samples/gitlab_prefix_token|RAW", + "value": "glcbt-0_c1k_AsgyRp4mP-Kcn8fL", + "value_start": 0, + "value_end": 28, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 3.0208877148903928, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "glptt-33276248c9748113e978392e5c074b7f974f8683 # Trigger token", + "line_num": 8, + "path": "./tests/samples/gitlab_prefix_token", + "info": "./tests/samples/gitlab_prefix_token|RAW", "value": "glptt-33276248c9748113e978392e5c074b7f974f8683", - "value_start": 11, - "value_end": 57, + "value_start": 0, + "value_end": 46, "variable": null, "variable_start": -2, "variable_end": -2, @@ -7034,24 +7169,51 @@ "api_validation": "NOT_AVAILABLE", "ml_validation": "NOT_AVAILABLE", "ml_probability": null, - "rule": "Gitlab Registration Runner Token", + "rule": "Gitlab Prefix Token", "severity": "high", "confidence": "strong", "line_data_list": [ { - "line": "gitlab_runner = 'GR1348941jG6xeSsmN8DFVKoyBYu2';", - "line_num": 1, - "path": "./tests/samples/gitlab_registration_runner", - "info": "./tests/samples/gitlab_registration_runner|RAW", - "value": "GR1348941jG6xeSsmN8DFVKoyBYu2", - "value_start": 17, - "value_end": 46, + "line": "glft-Aafqn5A31G-2VipZMh28 # Feed token", + "line_num": 9, + "path": "./tests/samples/gitlab_prefix_token", + "info": "./tests/samples/gitlab_prefix_token|RAW", + "value": "glft-Aafqn5A31G-2VipZMh28", + "value_start": 0, + "value_end": 25, "variable": null, "variable_start": -2, "variable_end": -2, "entropy_validation": { "iterator": "BASE64_CHARS", - "entropy": 4.582118926162056, + "entropy": 4.032347694592746, + "valid": false + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "glimt-1jpqzsnw2n71om0r9kgt06os3 # Incoming mail token", + "line_num": 10, + "path": "./tests/samples/gitlab_prefix_token", + "info": "./tests/samples/gitlab_prefix_token|RAW", + "value": "glimt-1jpqzsnw2n71om0r9kgt06os3", + "value_start": 0, + "value_end": 31, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 4.278254493922782, "valid": true } } @@ -7061,25 +7223,133 @@ "api_validation": "NOT_AVAILABLE", "ml_validation": "NOT_AVAILABLE", "ml_probability": null, - "rule": "Gitlab Registration Runner Token 2023", + "rule": "Gitlab Prefix Token", "severity": "high", "confidence": "strong", "line_data_list": [ { - "line": "return \"glrt-2CR8_eVxiio-1QmzPZwa\"", - "line_num": 1, - "path": "./tests/samples/gitlab_registration_runner_2023", - "info": "./tests/samples/gitlab_registration_runner_2023|RAW", - "value": "glrt-2CR8_eVxiio-1QmzPZwa", - "value_start": 8, - "value_end": 33, + "line": "glagent-ZQmgbRr-Ydu5YehnXCGiiSLxjd53EkFnYapS7A4TwyNE8Y2XVg # GitLab agent for Kubernetes token", + "line_num": 11, + "path": "./tests/samples/gitlab_prefix_token", + "info": "./tests/samples/gitlab_prefix_token|RAW", + "value": "glagent-ZQmgbRr-Ydu5YehnXCGiiSLxjd53EkFnYapS7A4TwyNE8Y2XVg", + "value_start": 0, + "value_end": 58, "variable": null, "variable_start": -2, "variable_end": -2, "entropy_validation": { "iterator": "BASE64_CHARS", - "entropy": 4.006593447001756, - "valid": false + "entropy": 5.022276693534146, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "_gitlab_session=8d2a78c080a3af1e6a4677be474432f2 # GitLab session cookies", + "line_num": 12, + "path": "./tests/samples/gitlab_prefix_token", + "info": "./tests/samples/gitlab_prefix_token|RAW", + "value": "_gitlab_session=8d2a78c080a3af1e6a4677be474432f2", + "value_start": 0, + "value_end": 48, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 4.014460876028361, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "glsoat-971om0ecn5A386r9k481 # SCIM Tokens", + "line_num": 13, + "path": "./tests/samples/gitlab_prefix_token", + "info": "./tests/samples/gitlab_prefix_token|RAW", + "value": "glsoat-971om0ecn5A386r9k481", + "value_start": 0, + "value_end": 27, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 4.106377316818028, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "glffct-AnRWYdo3Si_Xm2Q6n7zu # Feature Flags Client token", + "line_num": 14, + "path": "./tests/samples/gitlab_prefix_token", + "info": "./tests/samples/gitlab_prefix_token|RAW", + "value": "glffct-AnRWYdo3Si_Xm2Q6n7zu", + "value_start": 0, + "value_end": 27, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 3.021776853294165, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "GR1348941jG6xeSsmN8DFVKoyBYu2 # Runner registration token", + "line_num": 17, + "path": "./tests/samples/gitlab_prefix_token", + "info": "./tests/samples/gitlab_prefix_token|RAW", + "value": "GR1348941jG6xeSsmN8DFVKoyBYu2", + "value_start": 0, + "value_end": 29, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE64_CHARS", + "entropy": 4.582118926162056, + "valid": true } } ] diff --git a/tests/data/doc.json b/tests/data/doc.json index ef4686491..abd7f1ccd 100644 --- a/tests/data/doc.json +++ b/tests/data/doc.json @@ -11217,24 +11217,78 @@ "api_validation": "NOT_AVAILABLE", "ml_validation": "NOT_AVAILABLE", "ml_probability": null, - "rule": "Gitlab PAT", + "rule": "Gitlab Prefix Token", "severity": "high", "confidence": "strong", "line_data_list": [ { - "line": "var pat = 'glpat-a6N2pFAr2L2A6iRsA_mw';", - "line_num": 1, - "path": "./tests/samples/gitlab_pat_api", - "info": "./tests/samples/gitlab_pat_api|RAW", - "value": "glpat-a6N2pFAr2L2A6iRsA_mw", - "value_start": 11, - "value_end": 37, + "line": "glpat-8d5ri2n9g85LAnC9YW85 # Personal access token, Impersonation token, Project access token, Group access token", + "line_num": 2, + "path": "./tests/samples/gitlab_prefix_token", + "info": "./tests/samples/gitlab_prefix_token|RAW", + "value": "glpat-8d5ri2n9g85LAnC9YW85", + "value_start": 0, + "value_end": 26, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 3.0191930522498045, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "gloas-7fc1974b38580e6ceca8c077863cd5e88745895dfcbe1ae3c36eab9c498103dc # OAuth Application Secret", + "line_num": 3, + "path": "./tests/samples/gitlab_prefix_token", + "info": "./tests/samples/gitlab_prefix_token|RAW", + "value": "gloas-7fc1974b38580e6ceca8c077863cd5e88745895dfcbe1ae3c36eab9c498103dc", + "value_start": 0, + "value_end": 70, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 3.9590403170005795, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "gldt-9BeUoeWu2V9uUS3uLoMy # Deploy token", + "line_num": 4, + "path": "./tests/samples/gitlab_prefix_token", + "info": "./tests/samples/gitlab_prefix_token|RAW", + "value": "gldt-9BeUoeWu2V9uUS3uLoMy", + "value_start": 0, + "value_end": 25, "variable": null, "variable_start": -2, "variable_end": -2, "entropy_validation": { "iterator": "BASE64_CHARS", - "entropy": 3.7423376242715105, + "entropy": 3.9479064420971963, "valid": false } } @@ -11244,18 +11298,99 @@ "api_validation": "NOT_AVAILABLE", "ml_validation": "NOT_AVAILABLE", "ml_probability": null, - "rule": "Gitlab Pipeline Trigger Token", + "rule": "Gitlab Prefix Token", "severity": "high", "confidence": "strong", "line_data_list": [ { - "line": "trigger = 'glptt-33276248c9748113e978392e5c074b7f974f8683';", - "line_num": 1, - "path": "./tests/samples/gitlab_pipeline_trigger_token", - "info": "./tests/samples/gitlab_pipeline_trigger_token|RAW", + "line": "glrt-2CR8_eVxiio-1QmzPZwa # Runner authentication token", + "line_num": 5, + "path": "./tests/samples/gitlab_prefix_token", + "info": "./tests/samples/gitlab_prefix_token|RAW", + "value": "glrt-2CR8_eVxiio-1QmzPZwa", + "value_start": 0, + "value_end": 25, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE64_CHARS", + "entropy": 4.006593447001756, + "valid": false + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "glcbt-1375_cgpAsnEmP-79kcfRLyK_", + "line_num": 6, + "path": "./tests/samples/gitlab_prefix_token", + "info": "./tests/samples/gitlab_prefix_token|RAW", + "value": "glcbt-1375_cgpAsnEmP-79kcfRLyK_", + "value_start": 0, + "value_end": 31, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 3.0736527424503515, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "glcbt-0_c1k_AsgyRp4mP-Kcn8fL # CI/CD Job token", + "line_num": 7, + "path": "./tests/samples/gitlab_prefix_token", + "info": "./tests/samples/gitlab_prefix_token|RAW", + "value": "glcbt-0_c1k_AsgyRp4mP-Kcn8fL", + "value_start": 0, + "value_end": 28, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 3.0208877148903928, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "glptt-33276248c9748113e978392e5c074b7f974f8683 # Trigger token", + "line_num": 8, + "path": "./tests/samples/gitlab_prefix_token", + "info": "./tests/samples/gitlab_prefix_token|RAW", "value": "glptt-33276248c9748113e978392e5c074b7f974f8683", - "value_start": 11, - "value_end": 57, + "value_start": 0, + "value_end": 46, "variable": null, "variable_start": -2, "variable_end": -2, @@ -11271,24 +11406,51 @@ "api_validation": "NOT_AVAILABLE", "ml_validation": "NOT_AVAILABLE", "ml_probability": null, - "rule": "Gitlab Registration Runner Token", + "rule": "Gitlab Prefix Token", "severity": "high", "confidence": "strong", "line_data_list": [ { - "line": "gitlab_runner = 'GR1348941jG6xeSsmN8DFVKoyBYu2';", - "line_num": 1, - "path": "./tests/samples/gitlab_registration_runner", - "info": "./tests/samples/gitlab_registration_runner|RAW", - "value": "GR1348941jG6xeSsmN8DFVKoyBYu2", - "value_start": 17, - "value_end": 46, + "line": "glft-Aafqn5A31G-2VipZMh28 # Feed token", + "line_num": 9, + "path": "./tests/samples/gitlab_prefix_token", + "info": "./tests/samples/gitlab_prefix_token|RAW", + "value": "glft-Aafqn5A31G-2VipZMh28", + "value_start": 0, + "value_end": 25, "variable": null, "variable_start": -2, "variable_end": -2, "entropy_validation": { "iterator": "BASE64_CHARS", - "entropy": 4.582118926162056, + "entropy": 4.032347694592746, + "valid": false + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "glimt-1jpqzsnw2n71om0r9kgt06os3 # Incoming mail token", + "line_num": 10, + "path": "./tests/samples/gitlab_prefix_token", + "info": "./tests/samples/gitlab_prefix_token|RAW", + "value": "glimt-1jpqzsnw2n71om0r9kgt06os3", + "value_start": 0, + "value_end": 31, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 4.278254493922782, "valid": true } } @@ -11298,25 +11460,133 @@ "api_validation": "NOT_AVAILABLE", "ml_validation": "NOT_AVAILABLE", "ml_probability": null, - "rule": "Gitlab Registration Runner Token 2023", + "rule": "Gitlab Prefix Token", "severity": "high", "confidence": "strong", "line_data_list": [ { - "line": "return \"glrt-2CR8_eVxiio-1QmzPZwa\"", - "line_num": 1, - "path": "./tests/samples/gitlab_registration_runner_2023", - "info": "./tests/samples/gitlab_registration_runner_2023|RAW", - "value": "glrt-2CR8_eVxiio-1QmzPZwa", - "value_start": 8, - "value_end": 33, + "line": "glagent-ZQmgbRr-Ydu5YehnXCGiiSLxjd53EkFnYapS7A4TwyNE8Y2XVg # GitLab agent for Kubernetes token", + "line_num": 11, + "path": "./tests/samples/gitlab_prefix_token", + "info": "./tests/samples/gitlab_prefix_token|RAW", + "value": "glagent-ZQmgbRr-Ydu5YehnXCGiiSLxjd53EkFnYapS7A4TwyNE8Y2XVg", + "value_start": 0, + "value_end": 58, "variable": null, "variable_start": -2, "variable_end": -2, "entropy_validation": { "iterator": "BASE64_CHARS", - "entropy": 4.006593447001756, - "valid": false + "entropy": 5.022276693534146, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "_gitlab_session=8d2a78c080a3af1e6a4677be474432f2 # GitLab session cookies", + "line_num": 12, + "path": "./tests/samples/gitlab_prefix_token", + "info": "./tests/samples/gitlab_prefix_token|RAW", + "value": "_gitlab_session=8d2a78c080a3af1e6a4677be474432f2", + "value_start": 0, + "value_end": 48, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 4.014460876028361, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "glsoat-971om0ecn5A386r9k481 # SCIM Tokens", + "line_num": 13, + "path": "./tests/samples/gitlab_prefix_token", + "info": "./tests/samples/gitlab_prefix_token|RAW", + "value": "glsoat-971om0ecn5A386r9k481", + "value_start": 0, + "value_end": 27, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 4.106377316818028, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "glffct-AnRWYdo3Si_Xm2Q6n7zu # Feature Flags Client token", + "line_num": 14, + "path": "./tests/samples/gitlab_prefix_token", + "info": "./tests/samples/gitlab_prefix_token|RAW", + "value": "glffct-AnRWYdo3Si_Xm2Q6n7zu", + "value_start": 0, + "value_end": 27, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 3.021776853294165, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "GR1348941jG6xeSsmN8DFVKoyBYu2 # Runner registration token", + "line_num": 17, + "path": "./tests/samples/gitlab_prefix_token", + "info": "./tests/samples/gitlab_prefix_token|RAW", + "value": "GR1348941jG6xeSsmN8DFVKoyBYu2", + "value_start": 0, + "value_end": 29, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE64_CHARS", + "entropy": 4.582118926162056, + "valid": true } } ] diff --git a/tests/data/ml_threshold.json b/tests/data/ml_threshold.json index e0645e36f..96bd31aa4 100644 --- a/tests/data/ml_threshold.json +++ b/tests/data/ml_threshold.json @@ -7776,24 +7776,78 @@ "api_validation": "NOT_AVAILABLE", "ml_validation": "NOT_AVAILABLE", "ml_probability": null, - "rule": "Gitlab PAT", + "rule": "Gitlab Prefix Token", "severity": "high", "confidence": "strong", "line_data_list": [ { - "line": "4efd31fe400f2e157fe4d1affc1c5d813f59b65dff0fd79538cf0570b96659cf", - "line_num": 1, - "path": "./tests/samples/gitlab_pat_api", + "line": "a543754d750f53eddb90026d356e93502b43eb262eaf403d34e567ff96cbedbc", + "line_num": 2, + "path": "./tests/samples/gitlab_prefix_token", "info": "", - "value": "648d012ed34343fca453458413f63efc0d1bfca95bd4656086e143d317d79a3b", - "value_start": 11, - "value_end": 37, + "value": "048814f4d4e2ca19f91557f55a7568e388533211f0e62b07b6f878868e5ee7f2", + "value_start": 0, + "value_end": 26, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 3.0191930522498045, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "92bc15279d58fb070bbd9d32d198b71888dc3f6107edfd8351e91d6a88afa2f6", + "line_num": 3, + "path": "./tests/samples/gitlab_prefix_token", + "info": "", + "value": "201c2dfed2c6312e800fb94d6dce832d667d0efde915bfc6a6b24a9b624042cb", + "value_start": 0, + "value_end": 70, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 3.9590403170005795, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "4ec6a7d1f39d3684eee6bd1af43ca0a7caa891fe71a7e9a8bb0bffff78383100", + "line_num": 4, + "path": "./tests/samples/gitlab_prefix_token", + "info": "", + "value": "7fc1974b38580e6ceca8c077863cd5e88745895dfcbe1ae3c36eab9c498103dc", + "value_start": 0, + "value_end": 25, "variable": null, "variable_start": -2, "variable_end": -2, "entropy_validation": { "iterator": "BASE64_CHARS", - "entropy": 3.7423376242715105, + "entropy": 3.9479064420971963, "valid": false } } @@ -7803,18 +7857,99 @@ "api_validation": "NOT_AVAILABLE", "ml_validation": "NOT_AVAILABLE", "ml_probability": null, - "rule": "Gitlab Pipeline Trigger Token", + "rule": "Gitlab Prefix Token", "severity": "high", "confidence": "strong", "line_data_list": [ { - "line": "a121c79a72c3d262b9d44b018157f85a46c613823798f0282bd076062d511a1b", - "line_num": 1, - "path": "./tests/samples/gitlab_pipeline_trigger_token", + "line": "8f93f1708181cbf7f85b291de211cdb9a260e5a1d42f1abff717e9d47ab96891", + "line_num": 5, + "path": "./tests/samples/gitlab_prefix_token", + "info": "", + "value": "ebd146632eab984d838289fa30d2be3252d021556f191a1bc05155753b4b4c1a", + "value_start": 0, + "value_end": 25, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE64_CHARS", + "entropy": 4.006593447001756, + "valid": false + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "18071cb35cbba8b669a2d5a33af98862709a91c4ccf9eefdb0f587480fea1cd4", + "line_num": 6, + "path": "./tests/samples/gitlab_prefix_token", + "info": "", + "value": "18071cb35cbba8b669a2d5a33af98862709a91c4ccf9eefdb0f587480fea1cd4", + "value_start": 0, + "value_end": 31, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 3.0736527424503515, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "ced681e3cd05511bc6832bc55fe3bbfad6eeb187abac531a2a33820ceced5434", + "line_num": 7, + "path": "./tests/samples/gitlab_prefix_token", + "info": "", + "value": "b96c5ed57a0b8fb04574e501b835b0bf53c47af5b76af2ab2a7da37fbae91a37", + "value_start": 0, + "value_end": 28, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 3.0208877148903928, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "1992989a287eac79da53fccb02cfef54e96dd991f9fb884b039737e27b9a6391", + "line_num": 8, + "path": "./tests/samples/gitlab_prefix_token", "info": "", "value": "4f31cfca1d7227cdc0de319f8fa51d4f1d104e7fb1b89e84148496b2c987ce28", - "value_start": 11, - "value_end": 57, + "value_start": 0, + "value_end": 46, "variable": null, "variable_start": -2, "variable_end": -2, @@ -7830,24 +7965,51 @@ "api_validation": "NOT_AVAILABLE", "ml_validation": "NOT_AVAILABLE", "ml_probability": null, - "rule": "Gitlab Registration Runner Token", + "rule": "Gitlab Prefix Token", "severity": "high", "confidence": "strong", "line_data_list": [ { - "line": "24d838eeb8a42daa9a3528db1e5158081372ff632ea6ccd52e45f9fa826022bd", - "line_num": 1, - "path": "./tests/samples/gitlab_registration_runner", + "line": "db1f07425227f9fc2e053f501f8a77bcf00040f8ae2bc447ea4e2e6476bf2a4d", + "line_num": 9, + "path": "./tests/samples/gitlab_prefix_token", "info": "", - "value": "3126874004a349f2e716532973ff72cc99d96842402387b8c950726af328206a", - "value_start": 17, - "value_end": 46, + "value": "d866d6746566d88daa8c185e54c4f3a81a2d2133fd2f2ca02bee7d8ee1727545", + "value_start": 0, + "value_end": 25, "variable": null, "variable_start": -2, "variable_end": -2, "entropy_validation": { "iterator": "BASE64_CHARS", - "entropy": 4.582118926162056, + "entropy": 4.032347694592746, + "valid": false + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "605547a8ee45679daaf36b9af8bc0862f9c88da03b5b69c6a14da8749b6fe9bf", + "line_num": 10, + "path": "./tests/samples/gitlab_prefix_token", + "info": "", + "value": "c67a7ecd3601569f1e3a01548c40a253b13a368984327f9a9a7937716f80d3e1", + "value_start": 0, + "value_end": 31, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 4.278254493922782, "valid": true } } @@ -7857,25 +8019,133 @@ "api_validation": "NOT_AVAILABLE", "ml_validation": "NOT_AVAILABLE", "ml_probability": null, - "rule": "Gitlab Registration Runner Token 2023", + "rule": "Gitlab Prefix Token", "severity": "high", "confidence": "strong", "line_data_list": [ { - "line": "504b8a7279e327ac8044ad61ec3bd7c3fdd7c1db69d9dc8204611cf101c1220e", - "line_num": 1, - "path": "./tests/samples/gitlab_registration_runner_2023", + "line": "210fca8fd643e8c7a3a3baf2d4c9348d64242775b74615d959781b47b16d787d", + "line_num": 11, + "path": "./tests/samples/gitlab_prefix_token", "info": "", - "value": "ebd146632eab984d838289fa30d2be3252d021556f191a1bc05155753b4b4c1a", - "value_start": 8, - "value_end": 33, + "value": "da1978d3d0ec9137d41ad2e5d1e2c715b803b443ac674d15bcda1cc92b8401fb", + "value_start": 0, + "value_end": 58, "variable": null, "variable_start": -2, "variable_end": -2, "entropy_validation": { "iterator": "BASE64_CHARS", - "entropy": 4.006593447001756, - "valid": false + "entropy": 5.022276693534146, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "c738bdf6ce16f46b0ecf0135bbfff8c757a8be546aa01e1043529188b47ad71d", + "line_num": 12, + "path": "./tests/samples/gitlab_prefix_token", + "info": "", + "value": "45386552d02ccc74b4bd573ff2154a569d35c2b08bde6dbb8f26e5dbbfa1818e", + "value_start": 0, + "value_end": 48, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 4.014460876028361, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "71585eb38cc5c4bb176f92508d1a8d147f88456e8d6b2d892e5b710c1af2e456", + "line_num": 13, + "path": "./tests/samples/gitlab_prefix_token", + "info": "", + "value": "a3edeff131268f677ce6cfdd311b3c5590e648b742c50ffe9848c068f711e5bc", + "value_start": 0, + "value_end": 27, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 4.106377316818028, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "66fa11e9f0aba1cd41c8bdb6bee120250b3d2f01e0fe82a1fd7b5bfaec5ee35b", + "line_num": 14, + "path": "./tests/samples/gitlab_prefix_token", + "info": "", + "value": "841024938b69b65818fbc8a340425933dbf0ef96cae799d9908797738e0ac61d", + "value_start": 0, + "value_end": 27, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 3.021776853294165, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "965ae82e6c3df915b63c563d681940fd8c162830c7b4d7ce9f37c2887eebfef8", + "line_num": 17, + "path": "./tests/samples/gitlab_prefix_token", + "info": "", + "value": "3126874004a349f2e716532973ff72cc99d96842402387b8c950726af328206a", + "value_start": 0, + "value_end": 29, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE64_CHARS", + "entropy": 4.582118926162056, + "valid": true } } ] diff --git a/tests/data/output.json b/tests/data/output.json index 6d368516c..f13400ebb 100644 --- a/tests/data/output.json +++ b/tests/data/output.json @@ -6723,24 +6723,78 @@ "api_validation": "NOT_AVAILABLE", "ml_validation": "NOT_AVAILABLE", "ml_probability": null, - "rule": "Gitlab PAT", + "rule": "Gitlab Prefix Token", "severity": "high", "confidence": "strong", "line_data_list": [ { - "line": "var pat = 'glpat-a6N2pFAr2L2A6iRsA_mw';", - "line_num": 1, - "path": "./tests/samples/gitlab_pat_api", + "line": "glpat-8d5ri2n9g85LAnC9YW85 # Personal access token, Impersonation token, Project access token, Group access token", + "line_num": 2, + "path": "./tests/samples/gitlab_prefix_token", "info": "", - "value": "glpat-a6N2pFAr2L2A6iRsA_mw", - "value_start": 11, - "value_end": 37, + "value": "glpat-8d5ri2n9g85LAnC9YW85", + "value_start": 0, + "value_end": 26, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 3.0191930522498045, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "gloas-7fc1974b38580e6ceca8c077863cd5e88745895dfcbe1ae3c36eab9c498103dc # OAuth Application Secret", + "line_num": 3, + "path": "./tests/samples/gitlab_prefix_token", + "info": "", + "value": "gloas-7fc1974b38580e6ceca8c077863cd5e88745895dfcbe1ae3c36eab9c498103dc", + "value_start": 0, + "value_end": 70, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 3.9590403170005795, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "gldt-9BeUoeWu2V9uUS3uLoMy # Deploy token", + "line_num": 4, + "path": "./tests/samples/gitlab_prefix_token", + "info": "", + "value": "gldt-9BeUoeWu2V9uUS3uLoMy", + "value_start": 0, + "value_end": 25, "variable": null, "variable_start": -2, "variable_end": -2, "entropy_validation": { "iterator": "BASE64_CHARS", - "entropy": 3.7423376242715105, + "entropy": 3.9479064420971963, "valid": false } } @@ -6750,18 +6804,99 @@ "api_validation": "NOT_AVAILABLE", "ml_validation": "NOT_AVAILABLE", "ml_probability": null, - "rule": "Gitlab Pipeline Trigger Token", + "rule": "Gitlab Prefix Token", "severity": "high", "confidence": "strong", "line_data_list": [ { - "line": "trigger = 'glptt-33276248c9748113e978392e5c074b7f974f8683';", - "line_num": 1, - "path": "./tests/samples/gitlab_pipeline_trigger_token", + "line": "glrt-2CR8_eVxiio-1QmzPZwa # Runner authentication token", + "line_num": 5, + "path": "./tests/samples/gitlab_prefix_token", + "info": "", + "value": "glrt-2CR8_eVxiio-1QmzPZwa", + "value_start": 0, + "value_end": 25, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE64_CHARS", + "entropy": 4.006593447001756, + "valid": false + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "glcbt-1375_cgpAsnEmP-79kcfRLyK_", + "line_num": 6, + "path": "./tests/samples/gitlab_prefix_token", + "info": "", + "value": "glcbt-1375_cgpAsnEmP-79kcfRLyK_", + "value_start": 0, + "value_end": 31, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 3.0736527424503515, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "glcbt-0_c1k_AsgyRp4mP-Kcn8fL # CI/CD Job token", + "line_num": 7, + "path": "./tests/samples/gitlab_prefix_token", + "info": "", + "value": "glcbt-0_c1k_AsgyRp4mP-Kcn8fL", + "value_start": 0, + "value_end": 28, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 3.0208877148903928, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "glptt-33276248c9748113e978392e5c074b7f974f8683 # Trigger token", + "line_num": 8, + "path": "./tests/samples/gitlab_prefix_token", "info": "", "value": "glptt-33276248c9748113e978392e5c074b7f974f8683", - "value_start": 11, - "value_end": 57, + "value_start": 0, + "value_end": 46, "variable": null, "variable_start": -2, "variable_end": -2, @@ -6777,24 +6912,51 @@ "api_validation": "NOT_AVAILABLE", "ml_validation": "NOT_AVAILABLE", "ml_probability": null, - "rule": "Gitlab Registration Runner Token", + "rule": "Gitlab Prefix Token", "severity": "high", "confidence": "strong", "line_data_list": [ { - "line": "gitlab_runner = 'GR1348941jG6xeSsmN8DFVKoyBYu2';", - "line_num": 1, - "path": "./tests/samples/gitlab_registration_runner", + "line": "glft-Aafqn5A31G-2VipZMh28 # Feed token", + "line_num": 9, + "path": "./tests/samples/gitlab_prefix_token", "info": "", - "value": "GR1348941jG6xeSsmN8DFVKoyBYu2", - "value_start": 17, - "value_end": 46, + "value": "glft-Aafqn5A31G-2VipZMh28", + "value_start": 0, + "value_end": 25, "variable": null, "variable_start": -2, "variable_end": -2, "entropy_validation": { "iterator": "BASE64_CHARS", - "entropy": 4.582118926162056, + "entropy": 4.032347694592746, + "valid": false + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "glimt-1jpqzsnw2n71om0r9kgt06os3 # Incoming mail token", + "line_num": 10, + "path": "./tests/samples/gitlab_prefix_token", + "info": "", + "value": "glimt-1jpqzsnw2n71om0r9kgt06os3", + "value_start": 0, + "value_end": 31, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 4.278254493922782, "valid": true } } @@ -6804,25 +6966,133 @@ "api_validation": "NOT_AVAILABLE", "ml_validation": "NOT_AVAILABLE", "ml_probability": null, - "rule": "Gitlab Registration Runner Token 2023", + "rule": "Gitlab Prefix Token", "severity": "high", "confidence": "strong", "line_data_list": [ { - "line": "return \"glrt-2CR8_eVxiio-1QmzPZwa\"", - "line_num": 1, - "path": "./tests/samples/gitlab_registration_runner_2023", + "line": "glagent-ZQmgbRr-Ydu5YehnXCGiiSLxjd53EkFnYapS7A4TwyNE8Y2XVg # GitLab agent for Kubernetes token", + "line_num": 11, + "path": "./tests/samples/gitlab_prefix_token", "info": "", - "value": "glrt-2CR8_eVxiio-1QmzPZwa", - "value_start": 8, - "value_end": 33, + "value": "glagent-ZQmgbRr-Ydu5YehnXCGiiSLxjd53EkFnYapS7A4TwyNE8Y2XVg", + "value_start": 0, + "value_end": 58, "variable": null, "variable_start": -2, "variable_end": -2, "entropy_validation": { "iterator": "BASE64_CHARS", - "entropy": 4.006593447001756, - "valid": false + "entropy": 5.022276693534146, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "_gitlab_session=8d2a78c080a3af1e6a4677be474432f2 # GitLab session cookies", + "line_num": 12, + "path": "./tests/samples/gitlab_prefix_token", + "info": "", + "value": "_gitlab_session=8d2a78c080a3af1e6a4677be474432f2", + "value_start": 0, + "value_end": 48, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 4.014460876028361, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "glsoat-971om0ecn5A386r9k481 # SCIM Tokens", + "line_num": 13, + "path": "./tests/samples/gitlab_prefix_token", + "info": "", + "value": "glsoat-971om0ecn5A386r9k481", + "value_start": 0, + "value_end": 27, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 4.106377316818028, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "glffct-AnRWYdo3Si_Xm2Q6n7zu # Feature Flags Client token", + "line_num": 14, + "path": "./tests/samples/gitlab_prefix_token", + "info": "", + "value": "glffct-AnRWYdo3Si_Xm2Q6n7zu", + "value_start": 0, + "value_end": 27, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE36_CHARS", + "entropy": 3.021776853294165, + "valid": true + } + } + ] + }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Gitlab Prefix Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "GR1348941jG6xeSsmN8DFVKoyBYu2 # Runner registration token", + "line_num": 17, + "path": "./tests/samples/gitlab_prefix_token", + "info": "", + "value": "GR1348941jG6xeSsmN8DFVKoyBYu2", + "value_start": 0, + "value_end": 29, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE64_CHARS", + "entropy": 4.582118926162056, + "valid": true } } ] diff --git a/tests/samples/gitlab_pat_api b/tests/samples/gitlab_pat_api deleted file mode 100644 index 2425862d3..000000000 --- a/tests/samples/gitlab_pat_api +++ /dev/null @@ -1 +0,0 @@ -var pat = 'glpat-a6N2pFAr2L2A6iRsA_mw'; \ No newline at end of file diff --git a/tests/samples/gitlab_pipeline_trigger_token b/tests/samples/gitlab_pipeline_trigger_token deleted file mode 100644 index 7fc756fb7..000000000 --- a/tests/samples/gitlab_pipeline_trigger_token +++ /dev/null @@ -1 +0,0 @@ -trigger = 'glptt-33276248c9748113e978392e5c074b7f974f8683'; \ No newline at end of file diff --git a/tests/samples/gitlab_prefix_token b/tests/samples/gitlab_prefix_token new file mode 100644 index 000000000..6a0e3718d --- /dev/null +++ b/tests/samples/gitlab_prefix_token @@ -0,0 +1,17 @@ +https://docs.gitlab.com/ee/security/tokens/#token-prefixes +glpat-8d5ri2n9g85LAnC9YW85 # Personal access token, Impersonation token, Project access token, Group access token +gloas-7fc1974b38580e6ceca8c077863cd5e88745895dfcbe1ae3c36eab9c498103dc # OAuth Application Secret +gldt-9BeUoeWu2V9uUS3uLoMy # Deploy token +glrt-2CR8_eVxiio-1QmzPZwa # Runner authentication token +glcbt-1375_cgpAsnEmP-79kcfRLyK_ +glcbt-0_c1k_AsgyRp4mP-Kcn8fL # CI/CD Job token +glptt-33276248c9748113e978392e5c074b7f974f8683 # Trigger token +glft-Aafqn5A31G-2VipZMh28 # Feed token +glimt-1jpqzsnw2n71om0r9kgt06os3 # Incoming mail token +glagent-ZQmgbRr-Ydu5YehnXCGiiSLxjd53EkFnYapS7A4TwyNE8Y2XVg # GitLab agent for Kubernetes token +_gitlab_session=8d2a78c080a3af1e6a4677be474432f2 # GitLab session cookies +glsoat-971om0ecn5A386r9k481 # SCIM Tokens +glffct-AnRWYdo3Si_Xm2Q6n7zu # Feature Flags Client token + + +GR1348941jG6xeSsmN8DFVKoyBYu2 # Runner registration token diff --git a/tests/samples/gitlab_registration_runner b/tests/samples/gitlab_registration_runner deleted file mode 100644 index f496e499e..000000000 --- a/tests/samples/gitlab_registration_runner +++ /dev/null @@ -1 +0,0 @@ -gitlab_runner = 'GR1348941jG6xeSsmN8DFVKoyBYu2'; \ No newline at end of file diff --git a/tests/samples/gitlab_registration_runner_2023 b/tests/samples/gitlab_registration_runner_2023 deleted file mode 100644 index ed0a2aee4..000000000 --- a/tests/samples/gitlab_registration_runner_2023 +++ /dev/null @@ -1 +0,0 @@ -return "glrt-2CR8_eVxiio-1QmzPZwa" \ No newline at end of file