Add rule for microsoft teams webhooks#918
Add rule for microsoft teams webhooks#918maltemorgenstern wants to merge 19 commits intogitleaks:masterfrom
Conversation
|
Hi, I’m Jit, a friendly security platform designed to help developers build secure applications from day zero with an MVS (Minimal viable security) mindset. All security workflows are defined in a centralized repository named .jit. Hope you’ll enjoy using Jit. Questions? Comments? Want to learn more? Get in touch with us. |
|
I don't know why the |
|
Hey @zricethezav, could you give this PR a review? |
* Add sidekiq rules * Added two new rules for sidekiq * Other: Add keywords to square rules per Zach's instructions * Validate now works, but test suite is failing * Tests are now passing * Add Sidekiq Rules: Ran go fmt * * After resolving conflicts, had to rerun the rule generator to add back the semicolon char * After running tests, had to fix one line in testdata/expected/report/sarif_simple.sarif * * Added keywords to simple.toml for sidekiq-sensitive-url so that the rule matches what is in gitleaks.toml Co-authored-by: Andrew Weiner <aweiner@frontrush.com>
* add new rules for vault tokens * Configure max length for vault rules
* gitleaks allow docs * reorder
* add jwt support * ignore sample secrets
* no-git support fingerprint support * updating gitleaksignore w/ no-git false positives * fix test
…#954) * bump gitdiff, add git.Err state, better log messages * remove cmd.Start * forgot to start...
* Add grafana tokens rules * Adding upper bound limits to Grafana tokens
…/maltemorgenstern/gitleaks into add-microsoft-teams-webhook-rule
| secretPrefixUnique = `\b(` | ||
| secretPrefix = `(?:'|\"|\s|=|\x60){0,5}(` | ||
| secretSuffix = `)(?:['|\"|\n|\r|\s|\x60]|$)` | ||
| secretSuffix = `)(?:['|\"|\n|\r|\s|\x60|;]|$)` |
There was a problem hiding this comment.
Security control: Static Code Analysis Go
Type: Potential Hardcoded Credentials
Description: Potential hardcoded credentials
Severity: HIGH
Jit Bot commands and options (e.g., ignore issue)
You can trigger Jit actions by commenting on this PR review:
#jit_ignore_findingIgnore this specific single instance of finding#jit_undo_ignoreUndo ignore command
|
Closing this in favour of #970 - the pipeline in this PR does not pass. |
Description:
This MR adds a new rule for Microsoft Teams Webhooks.
The regex is based on the one suggested in #626. The only other information about the URL format I was able to find is from this stackoverflow article.
I confirmed the format locally in our Teams instance and tested the new rule:
$ gitleaks detect --config gitleaks.toml --no-gitLog
This closes #626
Checklist: