kingfisher/data/rules/gitlab.yml

rules:
  - name: GitLab Private Token
    id: kingfisher.gitlab.1
    pattern: |
      (?x)                     
      \b                       
      (                        
        glpat-
        [0-9a-zA-Z_-]{20}
      )                        
      (?:\b|$)
    min_entropy: 3.5
    confidence: medium
    examples:
      - glpat-kSaPeOD_-T0JxMi3p28B
      - |
        docker build -t tweedledee \
        -f Dockerfile \
        --build-arg 'GO_REPO_TOKEN=glpat-tFrjFXD7soVU2fqxuDMh' \
    references:
      - https://docs.gitlab.com/api/users/#get-your-user-status
    validation:
      type: Http
      content:
        request:
          headers:
            PRIVATE-TOKEN: '{{ TOKEN }}'
          method: GET
          response_matcher:
            - report_response: true
            - type: WordMatch
              words:
                - '"message"'
          url: https://gitlab.com/api/v4/user/status

  - name: GitLab Runner Registration Token
    id: kingfisher.gitlab.2
    pattern: '\b(GR1348941[0-9a-zA-Z_-]{20})(?:\b|$)'
    examples:
      - |
        sudo gitlab-runner register \
        --non-interactive \
        --url "https://gitlab.com/" \
        --registration-token "GR1348941_iAgdMy7a3NhZaa5oNoH" \
        --executor "docker" \
        --docker-image ubuntu:latest \
        --description "docker-runner" \
        --tag-list "docker, CICD, App" \
        --run-untagged="true" \
        --locked="false" \
        --access-level="not_protected"
    validation:
      type: Http
      content:
        request:
          method: POST
          headers:
            Content-Type: application/x-www-form-urlencoded
            Accept: application/json
          body: token={{ TOKEN }}
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status: [200, 201]
          url: https://gitlab.com/api/v4/runners/verify

  - name: GitLab Pipeline Trigger Token
    id: kingfisher.gitlab.3
    pattern: '\b(glptt-[0-9a-f]{40})\b'
    examples:
      - |
        curl    \
        -X POST \
        --fail  \
        --no-progress-meter \
        -F token=glptt-0d66598d696a02da33fb65e2a041f607c68ea50d \
        -F ref=main
    validation:
      type: Http
      content:
        request:
          headers:
            PRIVATE-TOKEN: '{{ TOKEN }}'
          method: GET
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status: [200]
          url: https://gitlab.com/api/v4/ci/pipeline_triggers/{{ TOKEN }}