-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update github/super-linter action to v4.9.7 (#243)
* Update github/super-linter action to v4.9.7 * gitleaksをアップデートしてあげたよ! (#244) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
- Loading branch information
1 parent
1602313
commit 9a68019
Showing
2 changed files
with
5 additions
and
173 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -53,7 +53,7 @@ jobs: | |
| # Run Linter against code base # | ||
| ################################ | ||
| - name: Lint Code Base | ||
| uses: github/super-linter/[email protected].6 | ||
| uses: github/super-linter/[email protected].7 | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| LINTER_RULES_PATH: . | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,175 +1,7 @@ | ||
|
|
||
| title = "gitleaks config" | ||
|
|
||
| [[rules]] | ||
| description = "AWS Access Key" | ||
| regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}''' | ||
| tags = ["key", "AWS"] | ||
|
|
||
| [[rules]] | ||
| description = "AWS Secret Key" | ||
| regex = '''(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]''' | ||
| tags = ["key", "AWS"] | ||
|
|
||
| [[rules]] | ||
| description = "AWS MWS key" | ||
| regex = '''amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}''' | ||
| tags = ["key", "AWS", "MWS"] | ||
|
|
||
| [[rules]] | ||
| description = "Facebook Secret Key" | ||
| regex = '''(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]''' | ||
| tags = ["key", "Facebook"] | ||
|
|
||
| [[rules]] | ||
| description = "Facebook Client ID" | ||
| regex = '''(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]''' | ||
| tags = ["key", "Facebook"] | ||
|
|
||
| [[rules]] | ||
| description = "Twitter Secret Key" | ||
| regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}['\"]''' | ||
| tags = ["key", "Twitter"] | ||
|
|
||
| [[rules]] | ||
| description = "Twitter Client ID" | ||
| regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{18,25}['\"]''' | ||
| tags = ["client", "Twitter"] | ||
|
|
||
| [[rules]] | ||
| description = "Github Personal Access Token" | ||
| regex = '''ghp_[0-9a-zA-Z]{36}''' | ||
| tags = ["key", "Github"] | ||
| [[rules]] | ||
| description = "Github OAuth Access Token" | ||
| regex = '''gho_[0-9a-zA-Z]{36}''' | ||
| tags = ["key", "Github"] | ||
| [[rules]] | ||
| description = "Github App Token" | ||
| regex = '''(ghu|ghs)_[0-9a-zA-Z]{36}''' | ||
| tags = ["key", "Github"] | ||
| [[rules]] | ||
| description = "Github Refresh Token" | ||
| regex = '''ghr_[0-9a-zA-Z]{76}''' | ||
| tags = ["key", "Github"] | ||
|
|
||
| [[rules]] | ||
| description = "LinkedIn Client ID" | ||
| regex = '''(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}''' | ||
| tags = ["client", "LinkedIn"] | ||
|
|
||
| [[rules]] | ||
| description = "LinkedIn Secret Key" | ||
| regex = '''(?i)linkedin(.{0,20})?[0-9a-z]{16}''' | ||
| tags = ["secret", "LinkedIn"] | ||
|
|
||
| [[rules]] | ||
| description = "Slack" | ||
| regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})?''' | ||
| tags = ["key", "Slack"] | ||
|
|
||
| [[rules]] | ||
| description = "Asymmetric Private Key" | ||
| regex = '''-----BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----''' | ||
| tags = ["key", "AsymmetricPrivateKey"] | ||
|
|
||
| [[rules]] | ||
| description = "Google API key" | ||
| regex = '''AIza[0-9A-Za-z\\-_]{35}''' | ||
| tags = ["key", "Google"] | ||
|
|
||
| [[rules]] | ||
| description = "Google (GCP) Service Account" | ||
| regex = '''"type": "service_account"''' | ||
| tags = ["key", "Google"] | ||
|
|
||
| [[rules]] | ||
| description = "Heroku API key" | ||
| regex = '''(?i)heroku(.{0,20})?[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}''' | ||
| tags = ["key", "Heroku"] | ||
|
|
||
| [[rules]] | ||
| description = "MailChimp API key" | ||
| regex = '''(?i)(mailchimp|mc)(.{0,20})?[0-9a-f]{32}-us[0-9]{1,2}''' | ||
| tags = ["key", "Mailchimp"] | ||
|
|
||
| [[rules]] | ||
| description = "Mailgun API key" | ||
| regex = '''((?i)(mailgun|mg)(.{0,20})?)?key-[0-9a-z]{32}''' | ||
| tags = ["key", "Mailgun"] | ||
|
|
||
| [[rules]] | ||
| description = "PayPal Braintree access token" | ||
| regex = '''access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}''' | ||
| tags = ["key", "Paypal"] | ||
|
|
||
| [[rules]] | ||
| description = "Picatic API key" | ||
| regex = '''sk_live_[0-9a-z]{32}''' | ||
| tags = ["key", "Picatic"] | ||
|
|
||
| [[rules]] | ||
| description = "SendGrid API Key" | ||
| regex = '''SG\.[\w_]{16,32}\.[\w_]{16,64}''' | ||
| tags = ["key", "SendGrid"] | ||
|
|
||
| [[rules]] | ||
| description = "Slack Webhook" | ||
| regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8,12}/[a-zA-Z0-9_]{24}''' | ||
| tags = ["key", "slack"] | ||
|
|
||
| [[rules]] | ||
| description = "Stripe API key" | ||
| regex = '''(?i)stripe(.{0,20})?[sr]k_live_[0-9a-zA-Z]{24}''' | ||
| tags = ["key", "Stripe"] | ||
|
|
||
| [[rules]] | ||
| description = "Square access token" | ||
| regex = '''sq0atp-[0-9A-Za-z\-_]{22}''' | ||
| tags = ["key", "square"] | ||
|
|
||
| [[rules]] | ||
| description = "Square OAuth secret" | ||
| regex = '''sq0csp-[0-9A-Za-z\\-_]{43}''' | ||
| tags = ["key", "square"] | ||
|
|
||
| [[rules]] | ||
| description = "Twilio API key" | ||
| regex = '''(?i)twilio(.{0,20})?SK[0-9a-f]{32}''' | ||
| tags = ["key", "twilio"] | ||
|
|
||
| [[rules]] | ||
| description = "Dynatrace ttoken" | ||
| regex = '''dt0[a-zA-Z]{1}[0-9]{2}\.[A-Z0-9]{24}\.[A-Z0-9]{64}''' | ||
| tags = ["key", "Dynatrace"] | ||
|
|
||
| [[rules]] | ||
| description = "Shopify shared secret" | ||
| regex = '''shpss_[a-fA-F0-9]{32}''' | ||
| tags = ["key", "Shopify"] | ||
|
|
||
| [[rules]] | ||
| description = "Shopify access token" | ||
| regex = '''shpat_[a-fA-F0-9]{32}''' | ||
| tags = ["key", "Shopify"] | ||
|
|
||
| [[rules]] | ||
| description = "Shopify custom app access token" | ||
| regex = '''shpca_[a-fA-F0-9]{32}''' | ||
| tags = ["key", "Shopify"] | ||
|
|
||
| [[rules]] | ||
| description = "Shopify private app access token" | ||
| regex = '''shppa_[a-fA-F0-9]{32}''' | ||
| tags = ["key", "Shopify"] | ||
|
|
||
| [[rules]] | ||
| description = "PyPI upload token" | ||
| regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}''' | ||
| tags = ["key", "pypi"] | ||
|
|
||
| [allowlist] | ||
| description = "Allowlisted files" | ||
| paths = ['''^\.?gitleaks.toml$''', | ||
| '''(.*?)(png|jpg|gif|doc|docx|pdf|bin|xls|pyc|zip)$''', | ||
| '''(go.mod|go.sum)$'''] | ||
| [extend] | ||
| # useDefault will extend the base configuration with the default gitleaks config: | ||
| # https://github.com/zricethezav/gitleaks/blob/master/config/gitleaks.toml | ||
| useDefault = true |