Skip to content

added sourcegraph token rule #1736

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jan 31, 2025
Merged

added sourcegraph token rule #1736

merged 3 commits into from
Jan 31, 2025

Conversation

kashifkhan0771
Copy link
Contributor

@kashifkhan0771 kashifkhan0771 commented Jan 29, 2025
edited
Loading

Description:

This PR add a new rule for sourcegraph tokens.
Issue: #1697

Checklist:

  • Does your PR pass tests?
  • Have you written new tests for your changes?
  • Have you lint your code locally prior to submission?

rgmz
rgmz suggested changes Jan 29, 2025
View reviewed changes
cmd/generate/config/rules/sourcegraph.go Outdated
}

// validate
tps := utils.GenerateSampleSecrets("sgp_", secrets.NewSecret(`\b(sgp_(?:[a-fA-F0-9]{16}|local)_[a-fA-F0-9]{40}|sgp_[a-fA-F0-9]{40}|[a-fA-F0-9]{40})\b`))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should add separate test cases for each pattern. This will only generate cases for a single pattern, meaning obvious issues could be missed.

kashifkhan0771 and others added 2 commits January 29, 2025 19:08
@kashifkhan0771 @rgmz
updated ruleid
9bfc22b 
Co-authored-by: Richard Gomez <32133502+rgmz@users.noreply.github.com>
@kashifkhan0771
added more true positive test cases
c31c6cd
@zricethezav
Copy link
Collaborator

very nice! Thanks @kashifkhan0771

@zricethezav zricethezav merged commit c6424a6 into gitleaks:master Jan 31, 2025
1 check passed
alayne222 pushed a commit to alayne222/gitleaks that referenced this pull request May 28, 2025
@kashifkhan0771 @rgmz
added sourcegraph token rule (gitleaks#1736)
89df7e2 
* added sourcegraph token rule

* updated ruleid

Co-authored-by: Richard Gomez <32133502+rgmz@users.noreply.github.com>

* added more true positive test cases

---------

Co-authored-by: Richard Gomez <32133502+rgmz@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@rgmz rgmz rgmz requested changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kashifkhan0771 @zricethezav @rgmz