Fixed Gitlab rule which was incorrectly identifying certain tokens as valid

2025-07-02 15:20:50 -07:00 · 2025-07-02 15:20:50 -07:00 · b13bdacb2f
commit b13bdacb2f
parent 2280bee6e2
2 changed files with 11 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -4,6 +4,7 @@ All notable changes to this project will be documented in this file.

 ## [1.19.0]
 - JSON output was missing committer name and email
+- Fixed Gitlab rule which was incorrectly identifying certain tokens as valid

 ## [1.18.1]
 - Restored --version cli argument
--- a/data/rules/gitlab.yml
+++ b/data/rules/gitlab.yml
@ -71,6 +71,11 @@ rules:
            - report_response: true
            - type: StatusMatch
              status: 200
+            - type: WordMatch
+              words:
+                - '"token is missing"'
+                - '"403 Forbidden"'
+              negative: true
          url: https://gitlab.com/api/v4/runners/verify

  - name: GitLab Pipeline Trigger Token
@ -104,4 +109,9 @@ rules:
            - type: StatusMatch
              status: 
                - 200
+            - type: WordMatch
+              words:
+                - '"token is missing"'
+                - '"403 Forbidden"'
+              negative: true
          url: https://gitlab.com/api/v4/ci/pipeline_triggers/{{ TOKEN }}