rules: - name: GitLab Private Token id: kingfisher.gitlab.1 pattern: | (?x) \b ( glpat- [0-9a-zA-Z_-]{20} ) (?:\b|$) min_entropy: 3.5 confidence: medium examples: - glpat-kSaPeOD_-T0JxMi3p28B - | docker build -t tweedledee \ -f Dockerfile \ --build-arg 'GO_REPO_TOKEN=glpat-tFrjFXD7soVU2fqxuDMh' \ references: - https://docs.gitlab.com/api/users/#get-your-user-status validation: type: Http content: request: headers: PRIVATE-TOKEN: '{{ TOKEN }}' method: GET response_matcher: - report_response: true - type: WordMatch words: - '"message"' url: https://gitlab.com/api/v4/user/status - name: GitLab Runner Registration Token id: kingfisher.gitlab.2 pattern: '\b(GR1348941[0-9a-zA-Z_-]{20})(?:\b|$)' examples: - | sudo gitlab-runner register \ --non-interactive \ --url "https://gitlab.com/" \ --registration-token "GR1348941_iAgdMy7a3NhZaa5oNoH" \ --executor "docker" \ --docker-image ubuntu:latest \ --description "docker-runner" \ --tag-list "docker, CICD, App" \ --run-untagged="true" \ --locked="false" \ --access-level="not_protected" validation: type: Http content: request: method: POST headers: Content-Type: application/x-www-form-urlencoded Accept: application/json body: token={{ TOKEN }} response_matcher: - report_response: true - type: StatusMatch status: [200, 201] url: https://gitlab.com/api/v4/runners/verify - name: GitLab Pipeline Trigger Token id: kingfisher.gitlab.3 pattern: '\b(glptt-[0-9a-f]{40})\b' examples: - | curl \ -X POST \ --fail \ --no-progress-meter \ -F token=glptt-0d66598d696a02da33fb65e2a041f607c68ea50d \ -F ref=main validation: type: Http content: request: headers: PRIVATE-TOKEN: '{{ TOKEN }}' method: GET response_matcher: - report_response: true - type: StatusMatch status: [200] url: https://gitlab.com/api/v4/ci/pipeline_triggers/{{ TOKEN }}