API-Examples/.gitleaks.toml at main · AgoraIO/API-Examples · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
title = "gitleaks config"

# Gitleaks rules are defined by regular expressions and entropy ranges.
# Some secrets have unique signatures which make detecting those secrets easy.
# Examples of those secrets would be GitLab Personal Access Tokens, AWS keys, and GitHub Access Tokens.
# All these examples have defined prefixes like `glpat`, `AKIA`, `ghp_`, etc.
#
# Other secrets might just be a hash which means we need to write more complex rules to verify
# that what we are matching is a secret.
#
# Here is an example of a semi-generic secret
#
#   discord_client_secret = "8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ"
#
# We can write a regular expression to capture the variable name (identifier),
# the assignment symbol (like '=' or ':='), and finally the actual secret.
# The structure of a rule to match this example secret is below:
#
#                                                           Beginning string
#                                                               quotation
#                                                                   │            End string quotation
#                                                                   │                      │
#                                                                   ▼                      ▼
#    (?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9=_\-]{32})['\"]
#
#                   ▲                              ▲                                ▲
#                   │                              │                                │
#                   │                              │                                │
#              identifier                  assignment symbol
#                                                                                Secret
#

[extend]
useDefault = true

[[rules]]
id = "chinese-characters"
description = "Detecting Chinese characters"
regex = '''[\p{Han}]+'''
tags = ["chinese"]

[[rules]]
id = "chinese-comments"
description = "Detect Chinese comments"
regex = '''(//|#|/\*|\*).*[\p{Han}]+'''
tags = ["chinese", "comments"]

[[rules]]
id = "agora-app-id-pattern"
description = "Agora App ID Pattern"
regex = '''(?i)(AGORA_APP_ID|AG_APP_ID|static\s+let\s+AppId:\s+String|static\s+let\s+AG_APP_ID:\s+String)(\s*=\s*)(?:['"]?([0-9a-zA-Z]{1,32})['"]?)'''
secretGroup = 3

[[rules]]
id = "agora-app-certificate-pattern"
description = "Agora App Certificate Pattern"
regex = '''(?i)(AGORA_APP_CERTIFICATE|AG_APP_CERTIFICATE|static\s+let\s+Certificate:\s+String\?|static\s+let\s+AG_APP_CERTIFICATE:\s+String)(\s*=\s*)(?:['"]?([0-9a-zA-Z]{1,32})['"]?)'''
secretGroup = 3

[[rules]]
id = "basic-auth-key"
description = "Basic Auth Key"
regex = '''(?i)(BASIC_AUTH_KEY|static\s+let\s+BASIC_AUTH_KEY:\s+String)(\s*=\s*)(?:['"]?([0-9a-zA-Z\-_=]{1,64})['"]?)'''
secretGroup = 3

[[rules]]
id = "basic-auth-secret"
description = "Basic Auth Secret"
regex = '''(?i)(BASIC_AUTH_SECRET|static\s+let\s+BASIC_AUTH_SECRET:\s+String)(\s*=\s*)(?:['"]?([0-9a-zA-Z\-_=]{1,64})['"]?)'''
secretGroup = 3

[[rules]]
id = "llm-api-key"
description = "LLM API Key"
regex = '''(?i)(LLM_API_KEY|static\s+let\s+LLM_API_KEY:\s+String)(\s*=\s*)(?:['"]?([a-zA-Z0-9\-_]{1,100})['"]?)'''
secretGroup = 3

[[rules]]
id = "llm-url-with-key"
description = "LLM URL with API Key"
regex = '''(?i)(LLM_URL|static\s+let\s+LLM_URL:\s+String)(\s*=\s*)['"]?(https?:\/\/[^\s'"]+?(?:api_key|apikey|token|secret|password|key)=[^\s'"&]+)['"]?'''
secretGroup = 3

[[rules]]
id = "tts-key-pattern"
description = "TTS API Key in Parameters"
regex = '''(?i)(TTS_PARAMS|static\s+let\s+TTS_PARAMS)(\s*=\s*)(?:['"]?.*["']key["']:\s*["']([a-zA-Z0-9\-_]{1,64})["'].*['"]?)'''
secretGroup = 3

[[rules]]
id = "im-app-key-pattern"
description = "IM App Key Pattern"
regex = '''(?i)(IM_APP_KEY|static\s+var\s+IMAppKey:\s+String\?)(\s*=\s*)(?:['"]?([0-9a-zA-Z#]{1,64})['"]?)'''
secretGroup = 3

[[rules]]
id = "im-client-id-pattern"
description = "IM Client ID Pattern"
regex = '''(?i)(IM_APP_CLIENT_ID|static\s+var\s+IMClientId:\s+String\?)(\s*=\s*)(?:['"]?([0-9a-zA-Z]{1,64})['"]?)'''
secretGroup = 3

[[rules]]
id = "im-client-secret-pattern"
description = "IM Client Secret Pattern"
regex = '''(?i)(IM_APP_CLIENT_SECRET|static\s+var\s+IMClientSecret:\s+String\?)(\s*=\s*)(?:['"]?([0-9a-zA-Z\-_=]{1,64})['"]?)'''
secretGroup = 3

[[rules]]
id = "restful-api-key-pattern"
description = "Restful API Key Pattern"
regex = '''(?i)(RESTFUL_API_KEY|static\s+let\s+RestfulApiKey:\s+String\?)(\s*=\s*)(?:['"]?([0-9a-zA-Z\-_=]{1,64})['"]?)'''
secretGroup = 3

[[rules]]
id = "restful-api-secret-pattern"
description = "Restful API Secret Pattern"
regex = '''(?i)(RESTFUL_API_SECRET|static\s+let\s+RestfulApiSecret:\s+String\?)(\s*=\s*)(?:['"]?([0-9a-zA-Z\-_=]{1,64})['"]?)'''
secretGroup = 3

[[rules]]
id = "openai-api-key"
description = "OpenAI API Key Pattern"
regex = '''(?i)sk-(live|test|proj)-[0-9a-zA-Z]{24,48}'''

[allowlist]
description = "global allow lists"
regexes = ['''219-09-9999''', '''078-05-1120''', '''(9[0-9]{2}|666)-\d{2}-\d{4}''']
paths = [
    '''gitleaks.toml''',
    '''(.*?)(jpg|gif|doc|pdf|bin|svg|socket)$''',
    '''(go.mod|go.sum)$''',
    '''iOS/.*\.strings''',
    '''iOS/.*\.lproj/.*''',
    '''iOS/Scenes/ConvoAI/.*''',
    '''.*\.strings$''',
    '''.*\.strings''',
    '''.*\/zh-Hans\.lproj\/.*''',
    '''.*\/zh-Hant\.lproj\/.*''',
    '''.*\/zh\.lproj\/.*''',
    '''iOS/Pods/.*''',
    '''.*\.bundle''',
    '''README\.md''',
    '''.*\.md''',
    '''Android/.*/res/values(-zh)?/(strings|arrays)\.xml'''
]