Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package gitleaks for openSUSE:Factory checked in at 2025-11-27 15:21:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gitleaks (Old) and /work/SRC/openSUSE:Factory/.gitleaks.new.14147 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gitleaks" Thu Nov 27 15:21:06 2025 rev:32 rq:1320279 version:8.30.0 Changes: -------- --- /work/SRC/openSUSE:Factory/gitleaks/gitleaks.changes 2025-11-21 16:55:22.211052780 +0100 +++ /work/SRC/openSUSE:Factory/.gitleaks.new.14147/gitleaks.changes 2025-11-27 15:22:29.239323242 +0100 @@ -1,0 +2,9 @@ +Thu Nov 27 05:51:48 UTC 2025 - Johannes Kastl <[email protected]> + +- Update to version 8.30.0: + * 0 to 5 - notes on recursive decoding (#1994) + * Add new Looker client ID and client secret rules (#1947) + * feat: add Airtable Personnal Access Token detection (#1952) + * build: upgrade Go & alpine version (#1989) + +------------------------------------------------------------------- Old: ---- gitleaks-8.29.1.obscpio New: ---- gitleaks-8.30.0.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gitleaks.spec ++++++ --- /var/tmp/diff_new_pack.LKXQ4C/_old 2025-11-27 15:22:30.371370983 +0100 +++ /var/tmp/diff_new_pack.LKXQ4C/_new 2025-11-27 15:22:30.375371151 +0100 @@ -18,7 +18,7 @@ Name: gitleaks -Version: 8.29.1 +Version: 8.30.0 Release: 0 Summary: Protect and discover secrets using Gitleaks License: MIT @@ -27,7 +27,7 @@ Source1: vendor.tar.gz BuildRequires: bash-completion BuildRequires: fish -BuildRequires: go >= 1.23 +BuildRequires: go1.25 >= 1.25.4 BuildRequires: zsh %description ++++++ _service ++++++ --- /var/tmp/diff_new_pack.LKXQ4C/_old 2025-11-27 15:22:30.427373345 +0100 +++ /var/tmp/diff_new_pack.LKXQ4C/_new 2025-11-27 15:22:30.431373513 +0100 @@ -3,7 +3,7 @@ <param name="url">https://github.com/zricethezav/gitleaks</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v8.29.1</param> + <param name="revision">v8.30.0</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.LKXQ4C/_old 2025-11-27 15:22:30.459374694 +0100 +++ /var/tmp/diff_new_pack.LKXQ4C/_new 2025-11-27 15:22:30.463374863 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/zricethezav/gitleaks</param> - <param name="changesrevision">fb5d707e08fe0d2578b155458fdd53b6782dcab2</param></service></servicedata> + <param name="changesrevision">6eaad039603a4de39fddd1cf5f727391efe9974e</param></service></servicedata> (No newline at EOF) ++++++ gitleaks-8.29.1.obscpio -> gitleaks-8.30.0.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gitleaks-8.29.1/Dockerfile new/gitleaks-8.30.0/Dockerfile --- old/gitleaks-8.29.1/Dockerfile 2025-11-19 22:11:04.000000000 +0100 +++ new/gitleaks-8.30.0/Dockerfile 2025-11-26 17:25:37.000000000 +0100 @@ -1,10 +1,10 @@ -FROM golang:1.23 AS build +FROM golang:1.25 AS build WORKDIR /go/src/github.com/zricethezav/gitleaks COPY . . RUN VERSION=$(git describe --tags --abbrev=0) && \ CGO_ENABLED=0 go build -o bin/gitleaks -ldflags "-X=github.com/zricethezav/gitleaks/v8/version.Version=${VERSION}" -FROM alpine:3.19 +FROM alpine:3.22 RUN apk add --no-cache bash git openssh-client COPY --from=build /go/src/github.com/zricethezav/gitleaks/bin/* /usr/bin/ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gitleaks-8.29.1/cmd/generate/config/main.go new/gitleaks-8.30.0/cmd/generate/config/main.go --- old/gitleaks-8.29.1/cmd/generate/config/main.go 2025-11-19 22:11:04.000000000 +0100 +++ new/gitleaks-8.30.0/cmd/generate/config/main.go 2025-11-26 17:25:37.000000000 +0100 @@ -31,7 +31,8 @@ rules.AdobeClientID(), rules.AdobeClientSecret(), rules.AgeSecretKey(), - rules.Airtable(), + rules.AirtableApiKey(), + rules.AirtablePersonalAccessToken(), rules.AlgoliaApiKey(), rules.AlibabaAccessKey(), rules.AlibabaSecretKey(), @@ -152,6 +153,8 @@ rules.LinkedinClientSecret(), rules.LobAPIToken(), rules.LobPubAPIToken(), + rules.LookerClientID(), + rules.LookerClientSecret(), rules.MailChimp(), rules.MailGunPubAPIToken(), rules.MailGunPrivateAPIToken(), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gitleaks-8.29.1/cmd/generate/config/rules/airtable.go new/gitleaks-8.30.0/cmd/generate/config/rules/airtable.go --- old/gitleaks-8.29.1/cmd/generate/config/rules/airtable.go 2025-11-19 22:11:04.000000000 +0100 +++ new/gitleaks-8.30.0/cmd/generate/config/rules/airtable.go 2025-11-26 17:25:37.000000000 +0100 @@ -1,12 +1,14 @@ package rules import ( + "regexp" + "github.com/zricethezav/gitleaks/v8/cmd/generate/config/utils" "github.com/zricethezav/gitleaks/v8/cmd/generate/secrets" "github.com/zricethezav/gitleaks/v8/config" ) -func Airtable() *config.Rule { +func AirtableApiKey() *config.Rule { // define rule r := config.Rule{ Description: "Uncovered a possible Airtable API Key, potentially compromising database access and leading to data leakage or alteration.", @@ -19,3 +21,17 @@ tps := utils.GenerateSampleSecrets("airtable", secrets.NewSecret(utils.AlphaNumeric("17"))) return utils.Validate(r, tps, nil) } + +func AirtablePersonalAccessToken() *config.Rule { + // define rule + r := config.Rule{ + Description: "Uncovered a possible Airtable Personal AccessToken, potentially compromising database access and leading to data leakage or alteration.", + RuleID: "airtable-personnal-access-token", + Regex: regexp.MustCompile(`\b(pat[[:alnum:]]{14}\.[a-f0-9]{64})\b`), + Keywords: []string{"airtable"}, + } + + // validate + tps := utils.GenerateSampleSecrets("airtable", "pat"+secrets.NewSecret(utils.AlphaNumeric("14")+"\\."+utils.Hex("64"))) + return utils.Validate(r, tps, nil) +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gitleaks-8.29.1/cmd/generate/config/rules/looker.go new/gitleaks-8.30.0/cmd/generate/config/rules/looker.go --- old/gitleaks-8.29.1/cmd/generate/config/rules/looker.go 1970-01-01 01:00:00.000000000 +0100 +++ new/gitleaks-8.30.0/cmd/generate/config/rules/looker.go 2025-11-26 17:25:37.000000000 +0100 @@ -0,0 +1,35 @@ +package rules + +import ( + "github.com/zricethezav/gitleaks/v8/cmd/generate/config/utils" + "github.com/zricethezav/gitleaks/v8/cmd/generate/secrets" + "github.com/zricethezav/gitleaks/v8/config" +) + +func LookerClientID() *config.Rule { + // define rule + r := config.Rule{ + Description: "Found a Looker Client ID, risking unauthorized access to a Looker account and exposing sensitive data.", + RuleID: "looker-client-id", + Regex: utils.GenerateSemiGenericRegex([]string{"looker"}, utils.AlphaNumeric("20"), true), + Keywords: []string{"looker"}, + } + + // validate + tps := utils.GenerateSampleSecrets("looker", secrets.NewSecret(utils.AlphaNumeric("20"))) + return utils.Validate(r, tps, nil) +} + +func LookerClientSecret() *config.Rule { + // define rule + r := config.Rule{ + Description: "Found a Looker Client Secret, risking unauthorized access to a Looker account and exposing sensitive data.", + RuleID: "looker-client-secret", + Regex: utils.GenerateSemiGenericRegex([]string{"looker"}, utils.AlphaNumeric("24"), true), + Keywords: []string{"looker"}, + } + + // validate + tps := utils.GenerateSampleSecrets("looker", secrets.NewSecret(utils.AlphaNumeric("24"))) + return utils.Validate(r, tps, nil) +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gitleaks-8.29.1/cmd/root.go new/gitleaks-8.30.0/cmd/root.go --- old/gitleaks-8.29.1/cmd/root.go 2025-11-19 22:11:04.000000000 +0100 +++ new/gitleaks-8.30.0/cmd/root.go 2025-11-26 17:25:37.000000000 +0100 @@ -88,7 +88,7 @@ rootCmd.PersistentFlags().Bool("no-banner", false, "suppress banner") rootCmd.PersistentFlags().StringSlice("enable-rule", []string{}, "only enable specific rules by id") rootCmd.PersistentFlags().StringP("gitleaks-ignore-path", "i", ".", "path to .gitleaksignore file or folder containing one") - rootCmd.PersistentFlags().Int("max-decode-depth", 0, "allow recursive decoding up to this depth (default \"0\", no decoding is done)") + rootCmd.PersistentFlags().Int("max-decode-depth", 5, "allow recursive decoding up to this depth") rootCmd.PersistentFlags().Int("max-archive-depth", 0, "allow scanning into nested archives up to this depth (default \"0\", no archive traversal is done)") rootCmd.PersistentFlags().Int("timeout", 0, "set a timeout for gitleaks commands in seconds (default \"0\", no timeout is set)") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gitleaks-8.29.1/config/gitleaks.toml new/gitleaks-8.30.0/config/gitleaks.toml --- old/gitleaks-8.29.1/config/gitleaks.toml 2025-11-19 22:11:04.000000000 +0100 +++ new/gitleaks-8.30.0/config/gitleaks.toml 2025-11-26 17:25:37.000000000 +0100 @@ -115,6 +115,12 @@ keywords = ["airtable"] [[rules]] +id = "airtable-personnal-access-token" +description = "Uncovered a possible Airtable Personal AccessToken, potentially compromising database access and leading to data leakage or alteration." +regex = '''\b(pat[[:alnum:]]{14}\.[a-f0-9]{64})\b''' +keywords = ["airtable"] + +[[rules]] id = "algolia-api-key" description = "Identified an Algolia API Key, which could result in unauthorized search operations and data exposure on Algolia-managed platforms." regex = '''(?i)[\w.-]{0,50}?(?:algolia)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{32})(?:[\x60'"\s;]|\\[nr]|$)''' @@ -2524,6 +2530,18 @@ ] [[rules]] +id = "looker-client-id" +description = "Found a Looker Client ID, risking unauthorized access to a Looker account and exposing sensitive data." +regex = '''(?i)[\w.-]{0,50}?(?:looker)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{20})(?:[\x60'"\s;]|\\[nr]|$)''' +keywords = ["looker"] + +[[rules]] +id = "looker-client-secret" +description = "Found a Looker Client Secret, risking unauthorized access to a Looker account and exposing sensitive data." +regex = '''(?i)[\w.-]{0,50}?(?:looker)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-z0-9]{24})(?:[\x60'"\s;]|\\[nr]|$)''' +keywords = ["looker"] + +[[rules]] id = "mailchimp-api-key" description = "Identified a Mailchimp API key, potentially compromising email marketing campaigns and subscriber data." regex = '''(?i)[\w.-]{0,50}?(?:MailchimpSDK.initialize|mailchimp)(?:[ \t\w.-]{0,20})[\s'"]{0,3}(?:=|>|:{1,3}=|\|\||:|=>|\?=|,)[\x60'"\s=]{0,5}([a-f0-9]{32}-us\d\d)(?:[\x60'"\s;]|\\[nr]|$)''' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/gitleaks-8.29.1/go.mod new/gitleaks-8.30.0/go.mod --- old/gitleaks-8.29.1/go.mod 2025-11-19 22:11:04.000000000 +0100 +++ new/gitleaks-8.30.0/go.mod 2025-11-26 17:25:37.000000000 +0100 @@ -1,6 +1,6 @@ module github.com/zricethezav/gitleaks/v8 -go 1.23.8 +go 1.25.4 require ( github.com/BobuSumisu/aho-corasick v1.0.3 ++++++ gitleaks.obsinfo ++++++ --- /var/tmp/diff_new_pack.LKXQ4C/_old 2025-11-27 15:22:31.115402359 +0100 +++ /var/tmp/diff_new_pack.LKXQ4C/_new 2025-11-27 15:22:31.123402697 +0100 @@ -1,5 +1,5 @@ name: gitleaks -version: 8.29.1 -mtime: 1763586664 -commit: fb5d707e08fe0d2578b155458fdd53b6782dcab2 +version: 8.30.0 +mtime: 1764174337 +commit: 6eaad039603a4de39fddd1cf5f727391efe9974e ++++++ vendor.tar.gz ++++++
