You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
"rules": [
{
"id": "adafruit-api-key",
"name": "Identified a potential Adafruit API Key, which could lead to unauthorized access to Adafruit services and sensitive data exposure.",
"shortDescription": {
"text": "(?i)(?:adafruit)(?:[0-9a-z\\-_\\t .]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|\u003e|:{1,3}=|\\|\\|:|\u003c=|=\u003e|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9_-]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)"
}
},
{
"id": "adobe-client-id",
"name": "Detected a pattern that resembles an Adobe OAuth Web Client ID, posing a risk of compromised Adobe integrations and data breaches.",
"shortDescription": {
"text": "(?i)(?:adobe)(?:[0-9a-z\\-_\\t .]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|\u003e|:{1,3}=|\\|\\|:|\u003c=|=\u003e|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-f0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)"
}
},
...more rules
]
As you can see, the properties are wrong. The name actually changed to be a description.
To Reproduce
Steps to reproduce the behavior:
Simply run gitleaks with SARIF report format on any directory. For instance:
Expected behavior
The name property should have the actual name (like it used to do), and the new name that looks like a description should go into a different SARIF property - fullDescription is a good one, here's an example from KICS's SARIF output:
"rules": [
{
"id": "fd54f200-402c-4333-a5a4-36ef6709af2f",
"name": "Missing User Instruction",
"shortDescription": {
"text": "Missing User Instruction"
},
"fullDescription": {
"text": "A user should be specified in the dockerfile, otherwise the image will run as root"
},
...
}
Describe the bug
GitLeaks pre v8.18.2 used to show the rule IDs in the SARIF output in the following way:
However, in GitLeaks v8.18.2 this was changed to:
As you can see, the properties are wrong. The name actually changed to be a description.
To Reproduce
Steps to reproduce the behavior:
Simply run
gitleaks
with SARIF report format on any directory. For instance:Expected behavior
The
name
property should have the actual name (like it used to do), and the new name that looks like a description should go into a different SARIF property -fullDescription
is a good one, here's an example from KICS's SARIF output:Basic Info:
cc @zricethezav
The text was updated successfully, but these errors were encountered: