Skip to content

Commit

Permalink
feat: Add Cloudflare API and Origin CA keys (#10)
Browse files Browse the repository at this point in the history
### Description:
Added rules for real (revoked) cloudflare secrets

### Checklist:

* [x] Does your PR pass tests?
* [x] Have you written new tests for your changes?
* [x] Have you lint your code locally prior to submission?

Original: gitleaks#1374
  • Loading branch information
baruchiro authored Mar 28, 2024
1 parent b30d2e6 commit b4c1a00
Show file tree
Hide file tree
Showing 4 changed files with 104 additions and 0 deletions.
3 changes: 3 additions & 0 deletions cmd/generate/config/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,9 @@ func main() {
rules.CodecovAccessToken(),
rules.CoinbaseAccessToken(),
rules.Clojars(),
rules.CloudflareAPIKey(),
rules.CloudflareGlobalAPIKey(),
rules.CloudflareOriginCAKey(),
rules.ConfluentAccessToken(),
rules.ConfluentSecretKey(),
rules.Contentful(),
Expand Down
76 changes: 76 additions & 0 deletions cmd/generate/config/rules/cloudflare.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
package rules

import (
"github.com/zricethezav/gitleaks/v8/config"
)

var global_keys = []string{
`cloudflare_global_api_key = "d3d1443e0adc9c24564c6c5676d679d47e2ca"`, // gitleaks:allow
`CLOUDFLARE_GLOBAL_API_KEY: 674538c7ecac77d064958a04a83d9e9db068c`, // gitleaks:allow
`cloudflare: "0574b9f43978174cc2cb9a1068681225433c4"`, // gitleaks:allow
}

var api_keys = []string{
`cloudflare_api_key = "Bu0rrK-lerk6y0Suqo1qSqlDDajOk61wZchCkje4"`, // gitleaks:allow
`CLOUDFLARE_API_KEY: 5oK0U90ME14yU6CVxV90crvfqVlNH2wRKBwcLWDc`, // gitleaks:allow
`cloudflare: "oj9Yoyq0zmOyWmPPob1aoY5YSNNuJ0fbZSOURBlX"`, // gitleaks:allow
}

var origin_ca_keys = []string{
`CLOUDFLARE_ORIGIN_CA: v1.0-aaa334dc886f30631ba0a610-0d98ef66290d7e50aac7c27b5986c99e6f3f1084c881d8ac0eae5de1d1aa0644076ff57022069b3237d19afe60ad045f207ef2b16387ee37b749441b2ae2e9ebe5b4606e846475d4a5`,
`CLOUDFLARE_ORIGIN_CA: v1.0-15d20c7fccb4234ac5cdd756-d5c2630d1b606535cf9320ae7456b090e0896cec64169a92fae4e931ab0f72f111b2e4ffed5b2bb40f6fba6b2214df23b188a23693d59ce3fb0d28f7e89a2206d98271b002dac695ed`,
}

var identifiers = []string{"cloudflare"}

func CloudflareGlobalAPIKey() *config.Rule {
// define rule
r := config.Rule{
Description: "Detected a Cloudflare Global API Key, potentially compromising cloud application deployments and operational security.",
RuleID: "cloudflare-global-api-key",
Regex: generateSemiGenericRegex(identifiers, hex("37"), true),

Keywords: identifiers,
}

// validate
tps := global_keys
fps := append(api_keys, origin_ca_keys...)

return validate(r, tps, fps)
}

func CloudflareAPIKey() *config.Rule {
// define rule
r := config.Rule{
Description: "Detected a Cloudflare API Key, potentially compromising cloud application deployments and operational security.",
RuleID: "cloudflare-api-key",
Regex: generateSemiGenericRegex(identifiers, alphaNumericExtendedShort("40"), true),

Keywords: identifiers,
}

// validate
tps := api_keys
fps := append(global_keys, origin_ca_keys...)

return validate(r, tps, fps)
}

func CloudflareOriginCAKey() *config.Rule {
ca_identifiers := append(identifiers, "v1.0-")
// define rule
r := config.Rule{
Description: "Detected a Cloudflare Origin CA Key, potentially compromising cloud application deployments and operational security.",
RuleID: "cloudflare-origin-ca-key",
Regex: generateUniqueTokenRegex(`v1\.0-`+hex("24")+"-"+hex("146"), false),

Keywords: ca_identifiers,
}

// validate
tps := origin_ca_keys
fps := append(global_keys, api_keys...)

return validate(r, tps, fps)
}
1 change: 1 addition & 0 deletions cmd/generate/config/rules/heroku.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ func Heroku() *config.Rule {
// validate
tps := []string{
`const HEROKU_KEY = "12345678-ABCD-ABCD-ABCD-1234567890AB"`, // gitleaks:allow
`heroku_api_key = "832d2129-a846-4e27-99f4-7004b6ad53ef"`, // gitleaks:allow
}
return validate(r, tps, nil)
}
24 changes: 24 additions & 0 deletions config/gitleaks.toml
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,30 @@ keywords = [
"clojars",
]

[[rules]]
id = "cloudflare-api-key"
description = "Detected a Cloudflare API Key, potentially compromising cloud application deployments and operational security."
regex = '''(?i)(?:cloudflare)(?:[0-9a-z\-_\t .]{0,20})(?:[\s'"\\]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:['\"\\\s=\x60]){0,5}([a-z0-9_-]{40})(?:['\"\\\n\r\s\x60;<]|$)'''
keywords = [
"cloudflare",
]

[[rules]]
id = "cloudflare-global-api-key"
description = "Detected a Cloudflare Global API Key, potentially compromising cloud application deployments and operational security."
regex = '''(?i)(?:cloudflare)(?:[0-9a-z\-_\t .]{0,20})(?:[\s'"\\]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:['\"\\\s=\x60]){0,5}([a-f0-9]{37})(?:['\"\\\n\r\s\x60;<]|$)'''
keywords = [
"cloudflare",
]

[[rules]]
id = "cloudflare-origin-ca-key"
description = "Detected a Cloudflare Origin CA Key, potentially compromising cloud application deployments and operational security."
regex = '''\b(v1\.0-[a-f0-9]{24}-[a-f0-9]{146})(?:['\"\\\n\r\s\x60;<]|$)'''
keywords = [
"cloudflare","v1.0-",
]

[[rules]]
id = "codecov-access-token"
description = "Found a pattern resembling a Codecov Access Token, posing a risk of unauthorized access to code coverage reports and sensitive data."
Expand Down

0 comments on commit b4c1a00

Please sign in to comment.