Add human readable description for curl rules (#1625)

amanda-friesen · web-flow · commit 202106a1905d · 2024-11-05T07:40:29.000-06:00
Provides more context to the user than the base rule name.
diff --git a/cmd/generate/config/rules/curl.go b/cmd/generate/config/rules/curl.go
@@ -11,11 +11,11 @@ import (
 // https://curl.se/docs/manpage.html#-u
 func CurlBasicAuth() *config.Rule {
 	r := config.Rule{
-		RuleID: "curl-auth-user",
-		// TODO: Description: "",
-		Regex:    regexp.MustCompile(`\bcurl\b(?:.*|.*(?:[\r\n]{1,2}.*){1,5})[ \t\n\r](?:-u|--user)(?:=|[ \t]{0,5})(?:"([^:"]{3,}:[^"]{3,})"|'([^:']{3,}:[^']{3,})'|((?:"[^"]{3,}"|'[^']{3,}'|[\w$@.-]+):(?:"[^"]{3,}"|'[^']{3,}'|[\w${}@.-]+)))(?:\s|\z)`),
-		Keywords: []string{"curl"},
-		Entropy:  2,
+		RuleID:      "curl-auth-user",
+		Description: "Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.",
+		Regex:       regexp.MustCompile(`\bcurl\b(?:.*|.*(?:[\r\n]{1,2}.*){1,5})[ \t\n\r](?:-u|--user)(?:=|[ \t]{0,5})(?:"([^:"]{3,}:[^"]{3,})"|'([^:']{3,}:[^']{3,})'|((?:"[^"]{3,}"|'[^']{3,}'|[\w$@.-]+):(?:"[^"]{3,}"|'[^']{3,}'|[\w${}@.-]+)))(?:\s|\z)`),
+		Keywords:    []string{"curl"},
+		Entropy:     2,
 		Allowlists: []config.Allowlist{
 			{
 				Regexes: []*regexp.Regexp{
@@ -99,8 +99,8 @@ func CurlHeaderAuth() *config.Rule {
 	// language=regexp
 	authPat := `(?i)(?:Authorization:[ \t]{0,5}(?:Basic[ \t]([a-z0-9+/]{8,}={0,3})|(?:Bearer|(?:Api-)?Token)[ \t]([\w=~@.+/-]{8,})|([\w=~@.+/-]{8,}))|(?:(?:X-(?:[a-z]+-)?)?(?:Api-?)?(?:Key|Token)):[ \t]{0,5}([\w=~@.+/-]{8,}))`
 	r := config.Rule{
-		RuleID: "curl-auth-header",
-		// TODO: Description: "",
+		RuleID:      "curl-auth-header",
+		Description: "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.",
 		Regex: regexp.MustCompile(
 			// language=regexp
 			fmt.Sprintf(`\bcurl\b(?:.*?|.*?(?:[\r\n]{1,2}.*?){1,5})[ \t\n\r](?:-H|--header)(?:=|[ \t]{0,5})(?:"%s"|'%s')(?:\B|\s|\z)`, authPat, authPat)),
diff --git a/config/gitleaks.toml b/config/gitleaks.toml
@@ -280,14 +280,14 @@ keywords = ["contentful"]
 
 [[rules]]
 id = "curl-auth-header"
-description = ""
+description = "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource."
 regex = '''\bcurl\b(?:.*?|.*?(?:[\r\n]{1,2}.*?){1,5})[ \t\n\r](?:-H|--header)(?:=|[ \t]{0,5})(?:"(?i)(?:Authorization:[ \t]{0,5}(?:Basic[ \t]([a-z0-9+/]{8,}={0,3})|(?:Bearer|(?:Api-)?Token)[ \t]([\w=~@.+/-]{8,})|([\w=~@.+/-]{8,}))|(?:(?:X-(?:[a-z]+-)?)?(?:Api-?)?(?:Key|Token)):[ \t]{0,5}([\w=~@.+/-]{8,}))"|'(?i)(?:Authorization:[ \t]{0,5}(?:Basic[ \t]([a-z0-9+/]{8,}={0,3})|(?:Bearer|(?:Api-)?Token)[ \t]([\w=~@.+/-]{8,})|([\w=~@.+/-]{8,}))|(?:(?:X-(?:[a-z]+-)?)?(?:Api-?)?(?:Key|Token)):[ \t]{0,5}([\w=~@.+/-]{8,}))')(?:\B|\s|\z)'''
 entropy = 2.75
 keywords = ["curl"]
 
 [[rules]]
 id = "curl-auth-user"
-description = ""
+description = "Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource."
 regex = '''\bcurl\b(?:.*|.*(?:[\r\n]{1,2}.*){1,5})[ \t\n\r](?:-u|--user)(?:=|[ \t]{0,5})(?:"([^:"]{3,}:[^"]{3,})"|'([^:']{3,}:[^']{3,})'|((?:"[^"]{3,}"|'[^']{3,}'|[\w$@.-]+):(?:"[^"]{3,}"|'[^']{3,}'|[\w${}@.-]+)))(?:\s|\z)'''
 entropy = 2
 keywords = ["curl"]
