From b07a61bb408df0058a11886c023c89ca725a518c Mon Sep 17 00:00:00 2001 From: Braxton Date: Mon, 23 Mar 2026 16:49:01 -0400 Subject: [PATCH] Handle placeholders like RAW({{apiKey}}) --- patterns/gitleaks/8.18.2/98-general.toml | 3 ++- patterns/gitleaks/8.27.0/98-general.toml | 3 ++- target/patterns/gitleaks/8.18.2 | 2 +- target/patterns/gitleaks/8.27.0 | 2 +- testdata/fake-leaks | 2 +- 5 files changed, 7 insertions(+), 5 deletions(-) diff --git a/patterns/gitleaks/8.18.2/98-general.toml b/patterns/gitleaks/8.18.2/98-general.toml index 38502828..4f92ff78 100644 --- a/patterns/gitleaks/8.18.2/98-general.toml +++ b/patterns/gitleaks/8.18.2/98-general.toml @@ -306,7 +306,8 @@ # secret = "[%PLACEHOLDER%]" # secret = "$(PLACEHOLDER..." # secret = "\$(PLACEHOLDER..." - '''(?i)(?:(?:password|secret|token)[_-]?(?:access[_-]?)?(?:key)?|api[_-]?key)[\"\']?\s*?\]?\s*?[:=]\s*?[\"\'](?:_.+?_|<.+?>|@.+?@|\).+?\(|%.+?(?:%|\)s)|\$.+?\$|`.+?`|\[.+?\]|\[%.+?%\]|\\?\$\(.*)[\"\']''', + # secret = "SOME_FUNC({{PLACEHOLDER}})" + '''(?i)(?:(?:password|secret|token)[_-]?(?:access[_-]?)?(?:key)?|api[_-]?key)[\"\']?\s*?\]?\s*?[:=]\s*?[\"\'](?:_.+?_|<.+?>|@.+?@|\).+?\(|%.+?(?:%|\)s)|\$.+?\$|`.+?`|\[.+?\]|\[%.+?%\]|[A-Z]+\(\{\{[^\}]{0,32}\}\}\)|\\?\$\(.*)[\"\']''', # secret = "ALL_UPPER_LETTERS_OR_UNDERSCORES" '''(?i)(?:(?:password|secret|token)[_-]?(?:access[_-]?)?(?:key)?|api[_-]?key)[\"\']?\s*?\]?\s*?[:=]\s*?[\"\'](?-i)[A-Z_]{5,}?[\"\']''', # secret = "{PLACEHOLDER}" diff --git a/patterns/gitleaks/8.27.0/98-general.toml b/patterns/gitleaks/8.27.0/98-general.toml index 38502828..4f92ff78 100644 --- a/patterns/gitleaks/8.27.0/98-general.toml +++ b/patterns/gitleaks/8.27.0/98-general.toml @@ -306,7 +306,8 @@ # secret = "[%PLACEHOLDER%]" # secret = "$(PLACEHOLDER..." # secret = "\$(PLACEHOLDER..." - '''(?i)(?:(?:password|secret|token)[_-]?(?:access[_-]?)?(?:key)?|api[_-]?key)[\"\']?\s*?\]?\s*?[:=]\s*?[\"\'](?:_.+?_|<.+?>|@.+?@|\).+?\(|%.+?(?:%|\)s)|\$.+?\$|`.+?`|\[.+?\]|\[%.+?%\]|\\?\$\(.*)[\"\']''', + # secret = "SOME_FUNC({{PLACEHOLDER}})" + '''(?i)(?:(?:password|secret|token)[_-]?(?:access[_-]?)?(?:key)?|api[_-]?key)[\"\']?\s*?\]?\s*?[:=]\s*?[\"\'](?:_.+?_|<.+?>|@.+?@|\).+?\(|%.+?(?:%|\)s)|\$.+?\$|`.+?`|\[.+?\]|\[%.+?%\]|[A-Z]+\(\{\{[^\}]{0,32}\}\}\)|\\?\$\(.*)[\"\']''', # secret = "ALL_UPPER_LETTERS_OR_UNDERSCORES" '''(?i)(?:(?:password|secret|token)[_-]?(?:access[_-]?)?(?:key)?|api[_-]?key)[\"\']?\s*?\]?\s*?[:=]\s*?[\"\'](?-i)[A-Z_]{5,}?[\"\']''', # secret = "{PLACEHOLDER}" diff --git a/target/patterns/gitleaks/8.18.2 b/target/patterns/gitleaks/8.18.2 index c50389dc..033c46f3 100644 --- a/target/patterns/gitleaks/8.18.2 +++ b/target/patterns/gitleaks/8.18.2 @@ -433,7 +433,7 @@ regexes = [ '''#\s*?nosec(?:\s+|$)''', '''#\s*?noqa(?::[\s\w]+)?$''', '''\/\/\s*?nolint:gosec(?:\s+|$)''', -'''(?i)(?:(?:password|secret|token)[_-]?(?:access[_-]?)?(?:key)?|api[_-]?key)[\"\']?\s*?\]?\s*?[:=]\s*?[\"\'](?:_.+?_|<.+?>|@.+?@|\).+?\(|%.+?(?:%|\)s)|\$.+?\$|`.+?`|\[.+?\]|\[%.+?%\]|\\?\$\(.*)[\"\']''', +'''(?i)(?:(?:password|secret|token)[_-]?(?:access[_-]?)?(?:key)?|api[_-]?key)[\"\']?\s*?\]?\s*?[:=]\s*?[\"\'](?:_.+?_|<.+?>|@.+?@|\).+?\(|%.+?(?:%|\)s)|\$.+?\$|`.+?`|\[.+?\]|\[%.+?%\]|[A-Z]+\(\{\{[^\}]{0,32}\}\}\)|\\?\$\(.*)[\"\']''', '''(?i)(?:(?:password|secret|token)[_-]?(?:access[_-]?)?(?:key)?|api[_-]?key)[\"\']?\s*?\]?\s*?[:=]\s*?[\"\'](?-i)[A-Z_]{5,}?[\"\']''', '''(?i)(?:(?:password|secret|token)[_-]?(?:access[_-]?)?(?:key)?|api[_-]?key)[\"\']?\s*?\]?\s*?[:=]\s*?[\"\']\\?[\$%#]?\\?\{.+?\}[\"\']''', '''(?i)(?:(?:password|secret|token)[_-]?(?:access[_-]?)?(?:key)?|api[_-]?key)[\"\']?\s*?\]?\s*?[:=]\s*?[\"\'](?-i)(?:[A-Za-z.]+|[a-z_\.\-]{0,32}|[A-Z_\.\-]{0,32})[\"\']''', diff --git a/target/patterns/gitleaks/8.27.0 b/target/patterns/gitleaks/8.27.0 index c50389dc..033c46f3 100644 --- a/target/patterns/gitleaks/8.27.0 +++ b/target/patterns/gitleaks/8.27.0 @@ -433,7 +433,7 @@ regexes = [ '''#\s*?nosec(?:\s+|$)''', '''#\s*?noqa(?::[\s\w]+)?$''', '''\/\/\s*?nolint:gosec(?:\s+|$)''', -'''(?i)(?:(?:password|secret|token)[_-]?(?:access[_-]?)?(?:key)?|api[_-]?key)[\"\']?\s*?\]?\s*?[:=]\s*?[\"\'](?:_.+?_|<.+?>|@.+?@|\).+?\(|%.+?(?:%|\)s)|\$.+?\$|`.+?`|\[.+?\]|\[%.+?%\]|\\?\$\(.*)[\"\']''', +'''(?i)(?:(?:password|secret|token)[_-]?(?:access[_-]?)?(?:key)?|api[_-]?key)[\"\']?\s*?\]?\s*?[:=]\s*?[\"\'](?:_.+?_|<.+?>|@.+?@|\).+?\(|%.+?(?:%|\)s)|\$.+?\$|`.+?`|\[.+?\]|\[%.+?%\]|[A-Z]+\(\{\{[^\}]{0,32}\}\}\)|\\?\$\(.*)[\"\']''', '''(?i)(?:(?:password|secret|token)[_-]?(?:access[_-]?)?(?:key)?|api[_-]?key)[\"\']?\s*?\]?\s*?[:=]\s*?[\"\'](?-i)[A-Z_]{5,}?[\"\']''', '''(?i)(?:(?:password|secret|token)[_-]?(?:access[_-]?)?(?:key)?|api[_-]?key)[\"\']?\s*?\]?\s*?[:=]\s*?[\"\']\\?[\$%#]?\\?\{.+?\}[\"\']''', '''(?i)(?:(?:password|secret|token)[_-]?(?:access[_-]?)?(?:key)?|api[_-]?key)[\"\']?\s*?\]?\s*?[:=]\s*?[\"\'](?-i)(?:[A-Za-z.]+|[a-z_\.\-]{0,32}|[A-Z_\.\-]{0,32})[\"\']''', diff --git a/testdata/fake-leaks b/testdata/fake-leaks index 56f4ea7f..f15521a2 160000 --- a/testdata/fake-leaks +++ b/testdata/fake-leaks @@ -1 +1 @@ -Subproject commit 56f4ea7fd9fdd670052f7bbc536d2739c5b31f90 +Subproject commit f15521a2b100276d598410a9e1e46a11a397ad7e