Add rules to detect leaked GitLab Deploy Tokens
What does this MR do?
Add rules to detect leaked GitLab Deploy Tokens
In 16.7 GitLab began prefixing Deploy Tokens. This commit updates the secret analyzer with detection rules for this new prefix.
See Add prefix to deploy tokens (gitlab-org/gitlab#376752 - closed)
changelog: added
Output of updating the test
% analyzer-refresh-expected-json
[+] Building 15.7s (15/15) FINISHED docker:rancher-desktop
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 1.14kB 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load metadata for docker.io/library/golang:1.19-alpine 3.7s
=> [internal] load metadata for docker.io/library/alpine:latest 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 286.78kB 0.0s
=> [build 1/4] FROM docker.io/library/golang:1.19-alpine@sha256:0ec0646e208ea58e5d29e558e39f2e59fccf39b7bda306cb53bbaff91919eca5 0.0s
=> [stage-1 1/5] FROM docker.io/library/alpine:latest 0.0s
=> CACHED [build 2/4] WORKDIR /go/src/app 0.0s
=> [build 3/4] COPY . . 0.0s
=> [build 4/4] RUN CHANGELOG_VERSION=$(grep -m 1 '^## v.*$' "CHANGELOG.md" | sed 's/## v//') && PATH_TO_MODULE=`go list -m` && go build -ldflags="-X '$PATH_TO_MODULE/metadata.AnalyzerVer 12.0s
=> CACHED [stage-1 2/5] RUN wget https://github.com/zricethezav/gitleaks/releases/download/v8.18.0/gitleaks_8.18.0_linux_x64.tar.gz && tar -xf gitleaks_8.18.0_linux_x64.tar.gz -C /usr/local/bin/ && 0.0s
=> CACHED [stage-1 3/5] RUN mkdir -p /etc/ssl/certs/ && touch /etc/ssl/certs/ca-certificates.crt && chmod g+w /etc/ssl/certs/ca-certificates.crt 0.0s
=> CACHED [stage-1 4/5] COPY --from=build --chown=root:root /go/src/app/analyzer / 0.0s
=> CACHED [stage-1 5/5] COPY /gitleaks.toml /gitleaks.toml 0.0s
=> exporting to image 0.0s
=> => exporting layers 0.0s
=> => writing image sha256:c3bc362b754f5fdeb07c0338d88e38a812c466e2c07868968782ffb43e91798a 0.0s
=> => naming to docker.io/library/secrets:nmalcolm-master-patch-2373 0.0s
WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested
....................................
Finished in 3.81 seconds (files took 1.47 seconds to load)
36 examples, 0 failuresWhat are the relevant issue numbers?
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests updated/added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Lucas Charles