kingfisher/data/rules/gitlab.yml

rules:
  - name: GitLab Private Token
    id: kingfisher.gitlab.1
    pattern: |
      (?xi)                     
      \b                       
      (                        
        glpat-
        [0-9A-Z_-]{20}
      )                        
      (?:\b|$)
    min_entropy: 3.5
    confidence: medium
    examples:
      - glpat-kSaPeOD_-T0JxMi3p28B
      - |
        docker build -t tweedledee \
        -f Dockerfile \
        --build-arg 'GO_REPO_TOKEN=glpat-tFrjFXD7soVU2fqxuDMh' \
    references:
      - https://github.com/diffblue/gitlab/blob/39c63ee83369bf5353256a6b95f3116728edd102/doc/api/personal_access_tokens.md
      - https://docs.gitlab.com/api/personal_access_tokens/
    validation:
      type: Http
      content:
        request:
          headers:
            PRIVATE-TOKEN: '{{ TOKEN }}'
          method: GET
          response_matcher:
            - report_response: true
            - type: WordMatch
              words:
                - '"id"'
          url: https://gitlab.com/api/v4/personal_access_tokens/self

  - name: GitLab Runner Registration Token
    id: kingfisher.gitlab.2
    pattern: |
      (?xi)
      \b
      (
        GR1348941[0-9A-Z_-]{20}
      )
      \b
    examples:
      - |
        sudo gitlab-runner register \
        --non-interactive \
        --url "https://gitlab.com/" \
        --registration-token "GR1348941_iAgdMy7a3NhZaa5oNoH" \
        --executor "docker" \
        --docker-image ubuntu:latest \
        --description "docker-runner" \
        --tag-list "docker, CICD, App" \
        --run-untagged="true" \
        --locked="false" \
        --access-level="not_protected"
    references:
      - https://docs.gitlab.com/api/runners/
    validation:
      type: Http
      content:
        request:
          method: POST
          headers:
            Content-Type: application/x-www-form-urlencoded
            Accept: application/json
          body: token={{ TOKEN }}
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status: 200
          url: https://gitlab.com/api/v4/runners/verify

  - name: GitLab Pipeline Trigger Token
    id: kingfisher.gitlab.3
    pattern: |
      (?xi)
      \b
      (
        glptt-[0-9a-f]{40}
      )
      \b
    examples:
      - |
        curl    \
        -X POST \
        --fail  \
        --no-progress-meter \
        -F token=glptt-0d66598d696a02da33fb65e2a041f607c68ea50d \
        -F ref=main
    references:
      - https://docs.gitlab.com/api/pipeline_triggers/
    validation:
      type: Http
      content:
        request:
          headers:
            PRIVATE-TOKEN: '{{ TOKEN }}'
          method: GET
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status: 
                - 200
          url: https://gitlab.com/api/v4/ci/pipeline_triggers/{{ TOKEN }}