Skip to content

Commit 0095032

Browse files
sebastianfeldmannsebastianfeldmann
authored
Merge pull request #1 from michieljmmaas
Add Gitlab provider
2 parents 8aa90d5 + 9f0ca29 commit 0095032

File tree

2 files changed

+79
-0
lines changed

2 files changed

+79
-0
lines changed

src/Regex/Supplier/Gitlab.php

Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,50 @@
1+
<?php
2+
3+
/**
4+
* This file is part of CaptainHook Secrets.
5+
*
6+
* (c) Sebastian Feldmann <[email protected]>
7+
*
8+
* For the full copyright and license information, please view the LICENSE
9+
* file that was distributed with this source code.
10+
*/
11+
12+
declare(strict_types=1);
13+
14+
namespace CaptainHook\Secrets\Regex\Supplier;
15+
16+
use CaptainHook\Secrets\Regex\Supplier;
17+
18+
/**
19+
* Gitlab regex
20+
*
21+
* Provides the regex to find Gitlab secrets.
22+
*
23+
* @package CaptainHook-Secrets
24+
* @since Class available since Release 0.9.6
25+
*/
26+
final class Gitlab implements Supplier {
27+
28+
/**
29+
* Sourced from https://github.com/gitlabhq/gitlabhq/blob/master/gems/gitlab-secret_detection/lib/gitleaks.toml#L4-L51
30+
* @return string[]
31+
*/
32+
public function patterns(): array {
33+
return [
34+
// GitLab Personal Access Token
35+
'#' . Util::OPTIONAL_QUOTE . '(glpat-[0-9a-zA-Z_\\-]{20})' . Util::OPTIONAL_QUOTE . '#',
36+
// GitLab Pipeline Trigger Token
37+
'#' . Util::OPTIONAL_QUOTE . '(glptt-[0-9a-zA-Z_\\-]{40})' . Util::OPTIONAL_QUOTE . '#',
38+
// GitLab Runner Registration Token
39+
'#' . Util::OPTIONAL_QUOTE . '(GR1348941[0-9a-zA-Z_\\-]{20})' . Util::OPTIONAL_QUOTE . '#',
40+
// GitLab OAuth Application Secrets
41+
'#' . Util::OPTIONAL_QUOTE . '(gloas-[0-9a-zA-Z_\\-]{64})' . Util::OPTIONAL_QUOTE . '#',
42+
// GitLab Feed token
43+
'#' . Util::OPTIONAL_QUOTE . '(glft-[0-9a-zA-Z_\\-]{20})' . Util::OPTIONAL_QUOTE . '#',
44+
// GitLab Agent for Kubernetes token
45+
'#' . Util::OPTIONAL_QUOTE . '(glagent-[0-9a-zA-Z_\\-]{50})' . Util::OPTIONAL_QUOTE . '#',
46+
// GitLab Incoming email token
47+
'#' . Util::OPTIONAL_QUOTE . '(glimt-[0-9a-zA-Z_\\-]{25})' . Util::OPTIONAL_QUOTE . '#',
48+
];
49+
}
50+
}

tests/Regex/Supplier/GitlabTest.php

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
<?php
2+
3+
namespace CaptainHook\Secrets\Regex\Supplier;
4+
5+
use CaptainHook\Secrets\Detector;
6+
use PHPUnit\Framework\TestCase;
7+
8+
final class GitlabTest extends TestCase
9+
{
10+
public function testDetectSecret(): void
11+
{
12+
$haystack = 'bar glpat-mBvGsDcJUvxvFZktWpzz baz';
13+
$detector = Detector::create()->useSuppliers(new Gitlab());
14+
$result = $detector->detectIn($haystack);
15+
16+
$this->assertTrue($result->wasSecretDetected());
17+
$this->assertCount(1, $result->matches());
18+
}
19+
20+
public function testDontDetectSecret(): void
21+
{
22+
$haystack = 'bar glpat-mBvGsDcJUvx... gitlab glpat-15487234 glpat-mBvG{}_JUvxvFZktWpzz';
23+
$detector = Detector::create()->useSuppliers(new Gitlab());
24+
$result = $detector->detectIn($haystack);
25+
26+
$this->assertFalse($result->wasSecretDetected());
27+
$this->assertCount(0, $result->matches());
28+
}
29+
}

0 commit comments

Comments
 (0)