GitLab Prefix Tokens (#613)

* GitLab Prefix Tokens * Skip some checks due prefix is not rndom * _gitlab_session * GR1348941 prefix sample * GR1348941 prefix sample
Samsung · Oct 24, 2024 · 27e5047 · 27e5047
1 parent dba5eb3
commit 27e5047
Show file tree

Hide file tree

Showing 11 changed files with 1,249 additions and 185 deletions.
diff --git a/credsweeper/rules/config.yaml b/credsweeper/rules/config.yaml
@@ -1097,57 +1097,28 @@
     - code
     - doc
 
-- name: Gitlab PAT
+- name: Gitlab Prefix Token
   severity: high
   confidence: strong
   type: pattern
   values:
-    - (?<![0-9A-Za-z_-])(?P<value>glpat-[0-9A-Za-z_-]{20})(?![0-9A-Za-z_-])
-  filter_type: TokenPattern
-  min_line_len: 26
+    - (?<![0-9A-Za-z_-])(?P<value>(_gitlab_session=|GR1348941|gl(agent|soat|ffct|p[at]t|oas|cbt|imt|[dfr]t)-)[0-9A-Za-z_-]{20,64})(?![0-9A-Za-z_-])
+  filter_type:
+    - ValuePatternCheck
+  min_line_len: 25
   required_substrings:
+    - _gitlab_session=
+    - GR1348941
+    - glagent-
+    - glsoat-
+    - glffct-
     - glpat-
-  target:
-    - code
-    - doc
-
-- name: Gitlab Pipeline Trigger Token
-  severity: high
-  confidence: strong
-  type: pattern
-  values:
-    - (?<![0-9A-Za-z_-])(?P<value>glptt-[a-f0-9]{40})(?![0-9A-Za-z_-])
-  filter_type: TokenPattern
-  min_line_len: 46
-  required_substrings:
+    - gloas-
     - glptt-
-  target:
-    - code
-    - doc
-
-- name: Gitlab Registration Runner Token
-  severity: high
-  confidence: strong
-  type: pattern
-  values:
-    - (?<![0-9A-Za-z_-])(?P<value>GR1348941[0-9A-Za-z_-]{20})(?![0-9A-Za-z_-])
-  filter_type: TokenPattern
-  min_line_len: 29
-  required_substrings:
-    - GR1348941
-  target:
-    - code
-    - doc
-
-- name: Gitlab Registration Runner Token 2023
-  severity: high
-  confidence: strong
-  type: pattern
-  values:
-    - (?<![0-9A-Za-z_-])(?P<value>glrt-[0-9A-Za-z_-]{20})(?![0-9A-Za-z_-])
-  filter_type: TokenPattern
-  min_line_len: 25
-  required_substrings:
+    - glcbt-
+    - glimt-
+    - gldt-
+    - glft-
     - glrt-
   target:
     - code

diff --git a/tests/__init__.py b/tests/__init__.py
@@ -1,20 +1,20 @@
 from pathlib import Path
 
 # total number of files in test samples
-SAMPLES_FILES_COUNT: int = 137
+SAMPLES_FILES_COUNT: int = 134
 
 # the lowest value of ML threshold is used to display possible lowest values
 NEGLIGIBLE_ML_THRESHOLD = 0.0001
 
 # credentials count after scan
-SAMPLES_CRED_COUNT: int = 397
-SAMPLES_CRED_LINE_COUNT: int = 415
+SAMPLES_CRED_COUNT: int = 407
+SAMPLES_CRED_LINE_COUNT: int = 425
 
 # credentials count after post-processing
-SAMPLES_POST_CRED_COUNT: int = 354
+SAMPLES_POST_CRED_COUNT: int = 364
 
 # with option --doc
-SAMPLES_IN_DOC = 430
+SAMPLES_IN_DOC = 440
 
 # archived credentials that are not found without --depth
 SAMPLES_IN_DEEP_1 = SAMPLES_POST_CRED_COUNT + 23