-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2 from openconfig/add-revive
Improve basic workflow and add non-basic workflow
- Loading branch information
Showing
7 changed files
with
609 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,179 @@ | ||
|
||
title = "gitleaks config" | ||
|
||
[[rules]] | ||
description = "AWS Access Key" | ||
regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}''' | ||
tags = ["key", "AWS"] | ||
|
||
[[rules]] | ||
description = "AWS Secret Key" | ||
regex = '''(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]''' | ||
tags = ["key", "AWS"] | ||
|
||
[[rules]] | ||
description = "AWS MWS key" | ||
regex = '''amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}''' | ||
tags = ["key", "AWS", "MWS"] | ||
|
||
[[rules]] | ||
description = "Facebook Secret Key" | ||
regex = '''(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]''' | ||
tags = ["key", "Facebook"] | ||
|
||
[[rules]] | ||
description = "Facebook Client ID" | ||
regex = '''(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]''' | ||
tags = ["key", "Facebook"] | ||
|
||
[[rules]] | ||
description = "Twitter Secret Key" | ||
regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}['\"]''' | ||
tags = ["key", "Twitter"] | ||
|
||
[[rules]] | ||
description = "Twitter Client ID" | ||
regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{18,25}['\"]''' | ||
tags = ["client", "Twitter"] | ||
|
||
[[rules]] | ||
description = "Github Personal Access Token" | ||
regex = '''ghp_[0-9a-zA-Z]{36}''' | ||
tags = ["key", "Github"] | ||
[[rules]] | ||
description = "Github OAuth Access Token" | ||
regex = '''gho_[0-9a-zA-Z]{36}''' | ||
tags = ["key", "Github"] | ||
[[rules]] | ||
description = "Github App Token" | ||
regex = '''(ghu|ghs)_[0-9a-zA-Z]{36}''' | ||
tags = ["key", "Github"] | ||
[[rules]] | ||
description = "Github Refresh Token" | ||
regex = '''ghr_[0-9a-zA-Z]{76}''' | ||
tags = ["key", "Github"] | ||
|
||
[[rules]] | ||
description = "LinkedIn Client ID" | ||
regex = '''(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}''' | ||
tags = ["client", "LinkedIn"] | ||
|
||
[[rules]] | ||
description = "LinkedIn Secret Key" | ||
regex = '''(?i)linkedin(.{0,20})?[0-9a-z]{16}''' | ||
tags = ["secret", "LinkedIn"] | ||
|
||
[[rules]] | ||
description = "Slack" | ||
regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})?''' | ||
tags = ["key", "Slack"] | ||
|
||
[[rules]] | ||
description = "Asymmetric Private Key" | ||
regex = '''-----BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----''' | ||
tags = ["key", "AsymmetricPrivateKey"] | ||
|
||
[[rules]] | ||
description = "Google API key" | ||
regex = '''AIza[0-9A-Za-z\\-_]{35}''' | ||
tags = ["key", "Google"] | ||
|
||
[[rules]] | ||
description = "Google (GCP) Service Account" | ||
regex = '''"type": "service_account"''' | ||
tags = ["key", "Google"] | ||
|
||
[[rules]] | ||
description = "Heroku API key" | ||
regex = '''(?i)heroku(.{0,20})?[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}''' | ||
tags = ["key", "Heroku"] | ||
|
||
[[rules]] | ||
description = "MailChimp API key" | ||
regex = '''(?i)(mailchimp|mc)(.{0,20})?[0-9a-f]{32}-us[0-9]{1,2}''' | ||
tags = ["key", "Mailchimp"] | ||
|
||
[[rules]] | ||
description = "Mailgun API key" | ||
regex = '''((?i)(mailgun|mg)(.{0,20})?)?key-[0-9a-z]{32}''' | ||
tags = ["key", "Mailgun"] | ||
|
||
[[rules]] | ||
description = "PayPal Braintree access token" | ||
regex = '''access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}''' | ||
tags = ["key", "Paypal"] | ||
|
||
[[rules]] | ||
description = "Picatic API key" | ||
regex = '''sk_live_[0-9a-z]{32}''' | ||
tags = ["key", "Picatic"] | ||
|
||
[[rules]] | ||
description = "SendGrid API Key" | ||
regex = '''SG\.[\w_]{16,32}\.[\w_]{16,64}''' | ||
tags = ["key", "SendGrid"] | ||
|
||
[[rules]] | ||
description = "Slack Webhook" | ||
regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8,12}/[a-zA-Z0-9_]{24}''' | ||
tags = ["key", "slack"] | ||
|
||
[[rules]] | ||
description = "Stripe API key" | ||
regex = '''(?i)stripe(.{0,20})?[sr]k_live_[0-9a-zA-Z]{24}''' | ||
tags = ["key", "Stripe"] | ||
|
||
[[rules]] | ||
description = "Square access token" | ||
regex = '''sq0atp-[0-9A-Za-z\-_]{22}''' | ||
tags = ["key", "square"] | ||
|
||
[[rules]] | ||
description = "Square OAuth secret" | ||
regex = '''sq0csp-[0-9A-Za-z\\-_]{43}''' | ||
tags = ["key", "square"] | ||
|
||
[[rules]] | ||
description = "Twilio API key" | ||
regex = '''(?i)twilio(.{0,20})?SK[0-9a-f]{32}''' | ||
tags = ["key", "twilio"] | ||
|
||
[[rules]] | ||
description = "Dynatrace ttoken" | ||
regex = '''dt0[a-zA-Z]{1}[0-9]{2}\.[A-Z0-9]{24}\.[A-Z0-9]{64}''' | ||
tags = ["key", "Dynatrace"] | ||
|
||
[[rules]] | ||
description = "Shopify shared secret" | ||
regex = '''shpss_[a-fA-F0-9]{32}''' | ||
tags = ["key", "Shopify"] | ||
|
||
[[rules]] | ||
description = "Shopify access token" | ||
regex = '''shpat_[a-fA-F0-9]{32}''' | ||
tags = ["key", "Shopify"] | ||
|
||
[[rules]] | ||
description = "Shopify custom app access token" | ||
regex = '''shpca_[a-fA-F0-9]{32}''' | ||
tags = ["key", "Shopify"] | ||
|
||
[[rules]] | ||
description = "Shopify private app access token" | ||
regex = '''shppa_[a-fA-F0-9]{32}''' | ||
tags = ["key", "Shopify"] | ||
|
||
[[rules]] | ||
description = "PyPI upload token" | ||
regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}''' | ||
tags = ["key", "pypi"] | ||
|
||
[allowlist] | ||
description = "Allowlisted files" | ||
paths = [ | ||
'''^\.?gitleaks.toml$''', | ||
'''topo/node/srl/generate_certificate_success$''', # exclude dummy test file with random cert | ||
'''(.*?)super-linter.log$''', # exclude linter logs which might contain past errored runs with keys/certs | ||
'''(.*?)(png|jpg|gif|doc|docx|pdf|bin|xls|pyc|zip)$''', | ||
'''(go.mod|go.sum)$''' | ||
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
--- | ||
######################### | ||
######################### | ||
## Golang Linter rules ## | ||
######################### | ||
######################### | ||
|
||
# configure golangci-lint | ||
# see https://github.com/golangci/golangci-lint/blob/master/.golangci.example.yml | ||
run: | ||
timeout: 10m | ||
issues: | ||
exclude-rules: | ||
- path: _test\.go | ||
linters: | ||
- dupl | ||
- gosec | ||
- goconst | ||
new: true | ||
linters: | ||
enable: | ||
- gosec | ||
- unconvert | ||
- goconst | ||
- goimports | ||
- gofmt | ||
- gocritic | ||
- govet | ||
- revive | ||
- staticcheck | ||
- unconvert | ||
- unparam | ||
- unused | ||
- wastedassign | ||
- whitespace | ||
linters-settings: | ||
errcheck: | ||
# report about assignment of errors to blank identifier: `num, _ := strconv.Atoi(numStr)`; | ||
# default is false: such cases aren't reported by default. | ||
check-blank: true | ||
govet: | ||
# report about shadowed variables | ||
check-shadowing: false | ||
maligned: | ||
# print struct with more effective memory layout or not, false by default | ||
suggest-new: true | ||
gocritic: | ||
disabled-checks: | ||
- singleCaseSwitch | ||
- appendAssign | ||
revive: | ||
ignore-generated-header: true | ||
severity: warning |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
--- | ||
########################################### | ||
# These are the rules used for # | ||
# linting all the yaml files in the stack # | ||
# NOTE: # | ||
# You can disable line with: # | ||
# # yamllint disable-line # | ||
########################################### | ||
rules: | ||
braces: | ||
level: warning | ||
min-spaces-inside: 0 | ||
max-spaces-inside: 0 | ||
min-spaces-inside-empty: 1 | ||
max-spaces-inside-empty: 5 | ||
brackets: | ||
level: warning | ||
min-spaces-inside: 0 | ||
max-spaces-inside: 0 | ||
min-spaces-inside-empty: 1 | ||
max-spaces-inside-empty: 5 | ||
colons: | ||
level: warning | ||
max-spaces-before: 0 | ||
max-spaces-after: 1 | ||
commas: | ||
level: warning | ||
max-spaces-before: 0 | ||
min-spaces-after: 1 | ||
max-spaces-after: 1 | ||
comments: disable | ||
comments-indentation: disable | ||
document-end: disable | ||
document-start: | ||
level: warning | ||
present: true | ||
empty-lines: | ||
level: warning | ||
max: 2 | ||
max-start: 0 | ||
max-end: 0 | ||
hyphens: | ||
level: warning | ||
max-spaces-after: 1 | ||
indentation: | ||
level: warning | ||
spaces: consistent | ||
indent-sequences: true | ||
check-multi-line-strings: false | ||
key-duplicates: enable | ||
line-length: | ||
level: warning | ||
max: 120 | ||
allow-non-breakable-words: true | ||
allow-non-breakable-inline-mappings: true | ||
new-line-at-end-of-file: disable | ||
new-lines: | ||
type: unix | ||
trailing-spaces: disable |
Oops, something went wrong.