Skip to content

Commit 9708e65

Browse files
A first attempt adding hooks.slack.com/triggers/ (#1792)
As described in issue 1791, the hooks.slack.com/triggers should perhaps also be detected. Reference https://slack.com/help/articles/360041352714-Build-a-workflow--Create-a-workflow-that-starts-outside-of-Slack Feel free to use, change any part of this proposed fix, or to simply discard it. (ps. I did a minor typo in a comment in issue 1791, proposing this change but that was corrected here. ds.)
1 parent 198e410 commit 9708e65

File tree

2 files changed

+3
-2
lines changed

2 files changed

+3
-2
lines changed

cmd/generate/config/rules/slack.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -272,7 +272,7 @@ func SlackWebHookUrl() *config.Rule {
272272
Description: "Discovered a Slack Webhook, which could lead to unauthorized message posting and data leakage in Slack channels.",
273273
// If this generates too many false-positives we should define an allowlist (e.g., "xxxx", "00000").
274274
Regex: regexp.MustCompile(
275-
`(?:https?://)?hooks.slack.com/(?:services|workflows)/[A-Za-z0-9+/]{43,46}`),
275+
`(?:https?://)?hooks.slack.com/(?:services|workflows|triggers)/[A-Za-z0-9+/]{43,56}`),
276276
Keywords: []string{
277277
"hooks.slack.com",
278278
},
@@ -290,6 +290,7 @@ func SlackWebHookUrl() *config.Rule {
290290
"https://hooks.slack.com/workflows/" + secrets.NewSecret(utils.AlphaNumeric("46")),
291291
"https://hooks.slack.com/workflows/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", // gitleaks:allow
292292
"http://hooks.slack.com/workflows/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", // gitleaks:allow
293+
"https://hooks.slack.com/triggers/" + secrets.NewSecret(utils.AlphaNumeric("56")),
293294
}
294295
return utils.Validate(r, tps, nil)
295296
}

config/gitleaks.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2947,7 +2947,7 @@ keywords = [
29472947
[[rules]]
29482948
id = "slack-webhook-url"
29492949
description = "Discovered a Slack Webhook, which could lead to unauthorized message posting and data leakage in Slack channels."
2950-
regex = '''(?:https?://)?hooks.slack.com/(?:services|workflows)/[A-Za-z0-9+/]{43,46}'''
2950+
regex = '''(?:https?://)?hooks.slack.com/(?:services|workflows|triggers)/[A-Za-z0-9+/]{43,56}'''
29512951
keywords = ["hooks.slack.com"]
29522952

29532953
[[rules]]

0 commit comments

Comments
 (0)