Skip to content

Commit 9e95aed

Browse files
luismaytaluismayta
committed
refactor: structure project (#12)
1 parent bf3a172 commit 9e95aed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

84 files changed

+2482
-788
lines changed

.github/linters/.commitlintrc.json renamed to .ci/linters/.commitlintrc.json

File renamed without changes.

.github/linters/.eslintignore renamed to .ci/linters/.eslintignore

File renamed without changes.

.github/linters/.eslintrc.js renamed to .ci/linters/.eslintrc.js

File renamed without changes.

.ci/linters/.gitleaks.toml

Lines changed: 282 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,282 @@
1+
title = "gitleaks config"
2+
3+
[[rules]]
4+
description = "AWS Access Key"
5+
regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
6+
tags = ["key", "AWS"]
7+
[rules.allowlist]
8+
description = "ignore value fake"
9+
regexes = [
10+
'''AIDAQEAAAAAAAAAAAAAA''',
11+
]
12+
13+
[[rules]]
14+
description = "AWS cred file info"
15+
regex = '''(?i)(aws_access_key_id|aws_secret_access_key)(.{0,20})?=.[0-9a-zA-Z\/+]{20,40}'''
16+
tags = ["AWS"]
17+
18+
[[rules]]
19+
description = "AWS Secret Key"
20+
regex = '''(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]'''
21+
tags = ["key", "AWS"]
22+
23+
[[rules]]
24+
description = "AWS MWS key"
25+
regex = '''amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
26+
tags = ["key", "AWS", "MWS"]
27+
28+
[[rules]]
29+
description = "Facebook Secret Key"
30+
regex = '''(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]'''
31+
tags = ["key", "Facebook"]
32+
33+
[[rules]]
34+
description = "Facebook Client ID"
35+
regex = '''(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]'''
36+
tags = ["key", "Facebook"]
37+
38+
[[rules]]
39+
description = "Facebook access token"
40+
regex = '''EAACEdEose0cBA[0-9A-Za-z]+'''
41+
tags = ["key", "Facebook"]
42+
43+
[[rules]]
44+
description = "Twitter Secret Key"
45+
regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}['\"]'''
46+
tags = ["key", "Twitter"]
47+
48+
[[rules]]
49+
description = "Twitter Client ID"
50+
51+
regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{18,25}['\"]'''
52+
tags = ["client", "Twitter"]
53+
54+
[[rules]]
55+
description = "Github"
56+
regex = '''(?i)github(.{0,20})?(?-i)['\"][0-9a-zA-Z]{35,40}['\"]'''
57+
tags = ["key", "Github"]
58+
59+
[[rules]]
60+
description = "LinkedIn Client ID"
61+
regex = '''(?i)linkedin(.{0,20})?(?-i)['\"][0-9a-z]{12}['\"]'''
62+
tags = ["client", "LinkedIn"]
63+
64+
[[rules]]
65+
description = "LinkedIn Secret Key"
66+
regex = '''(?i)linkedin(.{0,20})?['\"][0-9a-z]{16}['\"]'''
67+
tags = ["secret", "LinkedIn"]
68+
69+
[[rules]]
70+
description = "Slack"
71+
regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})?'''
72+
tags = ["key", "Slack"]
73+
74+
[[rules]]
75+
description = "EC"
76+
regex = '''-----BEGIN EC PRIVATE KEY-----'''
77+
tags = ["key", "EC"]
78+
79+
[[rules]]
80+
description = "Google API key"
81+
regex = '''AIza[0-9A-Za-z\\-_]{35}'''
82+
tags = ["key", "Google"]
83+
84+
[[rules]]
85+
description = "Google Cloud Platform API key"
86+
regex = '''(?i)(google|gcp|youtube|drive|yt)(.{0,20})?['\"][AIza[0-9a-z\\-_]{35}]['\"]'''
87+
tags = ["key", "Google", "GCP"]
88+
89+
[[rules]]
90+
description = "Google OAuth"
91+
regex = '''(?i)(google|gcp|auth)(.{0,20})?['"][0-9]+-[0-9a-z_]{32}\.apps\.googleusercontent\.com['"]'''
92+
tags = ["key", "Google", "OAuth"]
93+
94+
[[rules]]
95+
description = "Google OAuth access token"
96+
regex = '''ya29\.[0-9A-Za-z\-_]+'''
97+
tags = ["key", "Google", "OAuth"]
98+
99+
[[rules]]
100+
description = "Heroku API key"
101+
regex = '''(?i)heroku(.{0,20})?['"][0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}['"]'''
102+
tags = ["key", "Heroku"]
103+
104+
[[rules]]
105+
description = "MailChimp API key"
106+
regex = '''(?i)(mailchimp|mc)(.{0,20})?['"][0-9a-f]{32}-us[0-9]{1,2}['"]'''
107+
tags = ["key", "Mailchimp"]
108+
109+
[[rules]]
110+
description = "Mailgun API key"
111+
regex = '''(?i)(mailgun|mg)(.{0,20})?['"][0-9a-z]{32}['"]'''
112+
tags = ["key", "Mailgun"]
113+
114+
[[rules]]
115+
description = "PayPal Braintree access token"
116+
regex = '''access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'''
117+
tags = ["key", "Paypal"]
118+
119+
[[rules]]
120+
description = "Picatic API key"
121+
regex = '''sk_live_[0-9a-z]{32}'''
122+
tags = ["key", "Picatic"]
123+
124+
[[rules]]
125+
description = "Slack Webhook"
126+
regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}'''
127+
tags = ["key", "slack"]
128+
129+
[[rules]]
130+
description = "Stripe API key"
131+
regex = '''(?i)stripe(.{0,20})?['\"'][sk|rk]_live_[0-9a-zA-Z]{24}'''
132+
tags = ["key", "Stripe"]
133+
134+
[[rules]]
135+
description = "Square access token"
136+
regex = '''sq0atp-[0-9A-Za-z\-_]{22}'''
137+
tags = ["key", "square"]
138+
139+
[[rules]]
140+
description = "Square OAuth secret"
141+
regex = '''sq0csp-[0-9A-Za-z\\-_]{43}'''
142+
tags = ["key", "square"]
143+
144+
[[rules]]
145+
description = "Twilio API key"
146+
regex = '''(?i)twilio(.{0,20})?['\"][0-9a-f]{32}['\"]'''
147+
tags = ["key", "twilio"]
148+
149+
[[rules]]
150+
description = "Password in URL"
151+
regex = '''[a-zA-Z]{3,10}:\/\/[^\/\s:@]{3,20}:[^\/\s:@]{3,20}@.{1,100}\/?.?'''
152+
tags = ["key", "URL", "generic"]
153+
154+
155+
[[rules]]
156+
description = "Env Var"
157+
regex = '''(?i)(apikey|secret|key|api|password|pass)=[0-9a-zA-Z-_.{}]{4,120}'''
158+
tags = ["env"]
159+
[rules.allowlist]
160+
description = "ignore value fake"
161+
regexes = [
162+
'''host=HOST''',
163+
'''--private-key={{.PRIVATE_KEY_FILE}}''',
164+
]
165+
166+
[[rules]]
167+
description = "Email"
168+
regex = '''[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}'''
169+
tags = ["email"]
170+
[rules.allowlist]
171+
description = "ignore emails"
172+
regexes = [
173+
'''[a-zA-Z0-9._%+-]+@users.noreply.github.com''',
174+
'''[a-zA-Z0-9._%+-]+@yopmail.com''',
175+
'''[a-zA-Z0-9._%+-]+@pre-commit-hooks-test.com''',
176+
'''security@hadenlabs.com''',
177+
'''git@github.com''',
178+
'''git@gitlab.com''',
179+
'''slovacus@gmail.com''',
180+
'''luis@hadenlabs.com''',
181+
'''security@hadenlabs.com''',
182+
'''hola@hadenlabs.com''',
183+
'''hello@hadenlabs.com''',
184+
'''support@hadenlbas.com''',
185+
'''support@hadenlabs.com''',
186+
'''dum-u@hadenlabs.com''',
187+
]
188+
189+
[[rules]]
190+
description = "High Entropy"
191+
regex = '''[0-9a-zA-Z-_!{}/=]{4,120}'''
192+
file = '''(?i)(dump.sql|high-entropy-misc.txt)$'''
193+
tags = ["entropy"]
194+
[[rules.Entropies]]
195+
Min = "4.3"
196+
Max = "7.0"
197+
[rules.allowlist]
198+
description = "ignore some"
199+
files = ['''(.*pub|env)$''']
200+
paths = ['''(security.*)''']
201+
202+
[[rules]]
203+
description = "Potential bash var"
204+
regex='''(?i)(=)([0-9a-zA-Z-_!{}=]{4,120})'''
205+
tags = ["key", "bash", "API", "generic"]
206+
[[rules.Entropies]]
207+
Min = "3.5"
208+
Max = "4.5"
209+
Group = "1"
210+
211+
[[rules]]
212+
description = "WP-Config"
213+
regex='''define(.{0,20})?(DB_CHARSET|NONCE_SALT|LOGGED_IN_SALT|AUTH_SALT|NONCE_KEY|DB_HOST|DB_PASSWORD|AUTH_KEY|SECURE_AUTH_KEY|LOGGED_IN_KEY|DB_NAME|DB_USER)(.{0,20})?['|"'].{10,120}['|"']'''
214+
tags = ["key", "API", "generic"]
215+
216+
[[rules]]
217+
description = "Generic API Key"
218+
regex = '''[a|A][p|P][i|I][_]?[k|K][e|E][y|Y].*['|\"][0-9a-zA-Z]{32,45}['|\"]'''
219+
220+
[[rules]]
221+
description = "Generic Secret"
222+
regex = '''[s|S][e|E][c|C][r|R][e|E][t|T].*['|\"][0-9a-zA-Z]{32,45}['|\"]'''
223+
224+
225+
[[rules]]
226+
description = "Files with keys and credentials"
227+
file = '''(?i)(id_rsa|passwd|id_rsa.pub|pgpass)$'''
228+
tags = ["key", "files"]
229+
[rules.allowlist]
230+
description = "ignore some"
231+
files = ['''(.*pub|env)$''']
232+
233+
[[rules]]
234+
description = "Extension Files with keys and credentials"
235+
file = '''(.*?)(pub|pem|ppk|key)$'''
236+
tags = ["key", "files"]
237+
[rules.allowlist]
238+
description = "ignore file test"
239+
files = [
240+
'''.*-test.*$''',
241+
]
242+
243+
# Global allowlist
244+
[allowlist]
245+
description = "Whitelisted files"
246+
paths = [
247+
'''^vendor/''',
248+
'''^bower_components/''',
249+
'''^public/''',
250+
'''^node_modules/''',
251+
'''^theme/''',
252+
]
253+
files = [
254+
'''(.*?)(jpg|gif|png|doc|pdf|bin|mp3|mp4|mov|ttf|woff|woff2|eot|lock)$''',
255+
'''^\.gitignore$''',
256+
'''^\.gitleaks.toml$''',
257+
'''^yarn.lock$''',
258+
'''^vendor/(.*?)$''',
259+
'''^sonar-project.properties$''',
260+
'''^node_modules/(.*?)$''',
261+
]
262+
commits = [
263+
'''5530b41269a24a0a680e78f0281eb28ef7cee591''',
264+
]
265+
266+
[whitelist]
267+
description = "image and html allowlists"
268+
paths = [
269+
'''^vendor/(.*?)$''',
270+
'''^node_modules/(.*?)$''',
271+
'''^test/fixtures/keys/(.*?)$''',
272+
]
273+
274+
files = [
275+
'''(.*?)(jpg|gif|png|doc|pdf|bin|mp3|mp4|mov|ttf|woff|woff2|eot|lock)$''',
276+
'''^\.gitignore$''',
277+
'''^\.gitleaks.toml$''',
278+
'''^\.gitignore$''',
279+
'''^yarn.lock$''',
280+
'''^sonar-project.properties$''',
281+
'''^test/fixtures/keys/.*-test.*$''',
282+
]

0 commit comments

Comments
 (0)