fix: github token and Clojars not being caught

.2ms.yml

@@ -88,4 +88,5 @@ ignore-result:
   - f9e5e0b35a39914c67ee1660191a356d3c7ab1db # value used for testing, found at https://github.com/Checkmarx/2ms/commit/07aab5bb214c03fd9e75e46cebe2b407c88d4f73/reporting/report_test.go#diff-31d71ec2c2ba169dce79b1c2de097e30b43f1695ce364054ee7d6b33896c7040R10
   - 777f3d460d69a70e2ce760ca757b18f2aa984392 # value used for testing, found at https://github.com/Checkmarx/2ms/commit/07aab5bb214c03fd9e75e46cebe2b407c88d4f73/reporting/report_test.go#diff-31d71ec2c2ba169dce79b1c2de097e30b43f1695ce364054ee7d6b33896c7040R10
   - e392318c730d4cd0a04340f1e3d41d4c61f6eb20 # value used for testing, found at https://github.com/Checkmarx/2ms/commit/07aab5bb214c03fd9e75e46cebe2b407c88d4f73/reporting/report_test.go#diff-31d71ec2c2ba169dce79b1c2de097e30b43f1695ce364054ee7d6b33896c7040R10
-  - 8f0e0442b01c18b02cfb8e59555103f8233fc7bf # value used for testing, found at https://github.com/Checkmarx/2ms/commit/07aab5bb214c03fd9e75e46cebe2b407c88d4f73/reporting/report_test.go#diff-31d71ec2c2ba169dce79b1c2de097e30b43f1695ce364054ee7d6b33896c7040R10
+  - 8f0e0442b01c18b02cfb8e59555103f8233fc7bf # value used for testing, found at https://github.com/Checkmarx/2ms/commit/07aab5bb214c03fd9e75e46cebe2b407c88d4f73/reporting/report_test.go#diff-31d71ec2c2ba169dce79b1c2de097e30b43f1695ce364054ee7d6b33896c7040R10
+  - 353627158f2e7fa5bb60271cee17da80e5fbba17 # value used as true positive, found at https://github.com/Checkmarx/2ms/pull/292/commits/cc44c8f8bee92250bdcd69bf9fbaffabf0eb442a

engine/rules/clojars.go

@@ -0,0 +1,24 @@
+package rules
+
+import (
+	"regexp"
+
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
+	"github.com/zricethezav/gitleaks/v8/config"
+)
+
+func Clojars() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "Uncovered a possible Clojars API token, risking unauthorized access to Clojure libraries and potential code manipulation.",
+		RuleID:      "clojars-api-token",
+		Regex:       regexp.MustCompile(`(?i)CLOJARS_[a-z0-9]{60}`),
+		Keywords:    []string{"clojars"},
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("clojars", "CLOJARS_"+secrets.NewSecret(alphaNumeric("60"))),
+	}
+	return validate(r, tps, nil)
+}

engine/rules/github.go

@@ -0,0 +1,25 @@
+package rules
+
+import (
+	"regexp"
+
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
+	"github.com/zricethezav/gitleaks/v8/config"
+)
+
+func GitHubApp() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "Identified a GitHub App Token, which may compromise GitHub application integrations and source code security.",
+		RuleID:      "github-app-token",
+		Regex:       regexp.MustCompile(`(?:ghu|ghs)_[0-9a-zA-Z]{36}`),
+		Keywords:    []string{"ghu_", "ghs_"},
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("github", "ghu_"+secrets.NewSecret(alphaNumeric("36"))),
+		generateSampleSecret("github", "ghs_"+secrets.NewSecret(alphaNumeric("36"))),
+	}
+	return validate(r, tps, nil)
+}

engine/rules/rule_test.go

@@ -15,6 +15,9 @@ func Test2msRules(t *testing.T) {
 		validate func() *config.Rule
 	}{
 		{name: "AuthenticatedURL", validate: rules.AuthenticatedURL},
+		{name: "Clojars", validate: rules.Clojars},
+		{name: "GenericCredential", validate: rules.GenericCredential},
+		{name: "GitHubApp", validate: rules.GitHubApp},
 		{name: "HardcodedPassword", validate: rules.HardcodedPassword},
 		{name: "PlaidAccessID", validate: rules.PlaidAccessID},
 		{name: "PrivateKey", validate: rules.PrivateKey},

engine/rules/rules.go

@@ -92,7 +92,7 @@ func getDefaultRules() *[]Rule {
 		{Rule: *rules.Beamer(), Tags: []string{TagApiToken}, ScoreParameters: ScoreParameters{Category: CategoryNewsAndMedia, RuleType: 4}},
 		{Rule: *rules.CodecovAccessToken(), Tags: []string{TagAccessToken}, ScoreParameters: ScoreParameters{Category: CategorySecurity, RuleType: 4}},
 		{Rule: *rules.CoinbaseAccessToken(), Tags: []string{TagAccessToken}, ScoreParameters: ScoreParameters{Category: CategoryCryptocurrencyExchange, RuleType: 4}},
-		{Rule: *rules.Clojars(), Tags: []string{TagApiToken}, ScoreParameters: ScoreParameters{Category: CategoryPackageManagement, RuleType: 4}},
+		{Rule: *Clojars(), Tags: []string{TagApiToken}, ScoreParameters: ScoreParameters{Category: CategoryPackageManagement, RuleType: 4}},
 		{Rule: *rules.ConfluentAccessToken(), Tags: []string{TagAccessToken}, ScoreParameters: ScoreParameters{Category: CategorySocialMedia, RuleType: 4}},
 		{Rule: *rules.ConfluentSecretKey(), Tags: []string{TagSecretKey}, ScoreParameters: ScoreParameters{Category: CategorySocialMedia, RuleType: 4}},
 		{Rule: *rules.Contentful(), Tags: []string{TagApiToken}, ScoreParameters: ScoreParameters{Category: CategoryContentManagementSystem, RuleType: 4}},
@@ -131,7 +131,7 @@ func getDefaultRules() *[]Rule {
 		{Rule: *rules.GitHubPat(), Tags: []string{TagAccessToken}, ScoreParameters: ScoreParameters{Category: CategoryDevelopmentPlatform, RuleType: 4}},
 		{Rule: *rules.GitHubFineGrainedPat(), Tags: []string{TagAccessToken}, ScoreParameters: ScoreParameters{Category: CategoryAPIAccess, RuleType: 4}},
 		{Rule: *rules.GitHubOauth(), Tags: []string{TagAccessToken}, ScoreParameters: ScoreParameters{Category: CategoryAuthenticationAndAuthorization, RuleType: 4}},
-		{Rule: *rules.GitHubApp(), Tags: []string{TagAccessToken}, ScoreParameters: ScoreParameters{Category: CategoryCICD, RuleType: 4}},
+		{Rule: *GitHubApp(), Tags: []string{TagAccessToken}, ScoreParameters: ScoreParameters{Category: CategoryCICD, RuleType: 4}},
 		{Rule: *rules.GitHubRefresh(), Tags: []string{TagRefreshToken}, ScoreParameters: ScoreParameters{Category: CategoryAuthenticationAndAuthorization, RuleType: 4}},
 		{Rule: *rules.GitlabPat(), Tags: []string{TagAccessToken}, ScoreParameters: ScoreParameters{Category: CategorySourceCodeManagement, RuleType: 4}},
 		{Rule: *rules.GitlabPipelineTriggerToken(), Tags: []string{TagTriggerToken}, ScoreParameters: ScoreParameters{Category: CategoryCICD, RuleType: 4}},