-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path.gitallowed
More file actions
93 lines (77 loc) · 2.76 KB
/
.gitallowed
File metadata and controls
93 lines (77 loc) · 2.76 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# Git-secrets allowed patterns for Ephemos
# This file contains regex patterns for legitimate content that should not be flagged as secrets
# SPIFFE URIs in test files and documentation (example.org domain)
spiffe://example\.org/.*
spiffe://example\.org/[^/]*
spiffe://test\.example\.org/.*
# SPIFFE test URIs with test.example.com domain
spiffe://test\.example\.com/.*
# Test SPIFFE patterns with wildcards (for pattern matching tests)
spiffe://test\.com/.*
spiffe://test\.local/.*
spiffe://other\.com/.*
spiffe://different\.org/.*
spiffe://localhost/.*
# Production SPIFFE patterns in documentation (these are examples, not real secrets)
spiffe://prod\.company\.com/.*
spiffe://company\.com/.*
spiffe://production\.company\.com/.*
spiffe://your-company\.com/.*
spiffe://your\.domain/.*
spiffe://your\.production\.domain/.*
spiffe://ecommerce\.com/.*
spiffe://auth\.prod\.example\.com/.*
spiffe://prod\.example\.com/.*
spiffe://example\.com/.*
spiffe://env\.domain\.com/.*
spiffe://other\.org/.*
spiffe://file\.domain\.com/.*
# Specific patterns that were flagged
spiffe://production\.company\.com/echo-server
# SPIFFE annotation patterns in Kubernetes manifests
spiffe-id: spiffe://.*
# SPIRE/SPIFFE infrastructure references (not secrets)
spiffe\.io/.*
gcr\.io/spiffe-io/.*
spire\.spiffe\.io/.*
# Go module checksums in go.sum (these are public checksums, not secrets)
github\.com/[^/]+/[^/]+.*h1:.*
github\.com/[^/]+/[^/]+.*go\.mod.*
# Git configuration with redacted tokens (marked with ***)
AUTHORIZATION:.*\*\*\*
extraheader.*AUTHORIZATION.*\*\*\*
extraheader = AUTHORIZATION: basic \*\*\*
.*AUTHORIZATION: basic \*\*\*
.*extraheader.*AUTHORIZATION.*basic.*\*\*\*
\s*extraheader = AUTHORIZATION: basic \*\*\*
\.git/config.*extraheader.*AUTHORIZATION.*\*\*\*
^\s*extraheader = AUTHORIZATION: basic \*\*\*$
extraheader = AUTHORIZATION: basic [A-Za-z0-9+/=]+
\s+extraheader = AUTHORIZATION: basic \*\*\*
# Test configuration patterns
AuthorizedClients.*spiffe://
AllowedServices.*spiffe://
# Test patterns in direct_test.go
pattern:.*spiffe://
# SPIFFE URI test patterns in spiffe_validation_test.go
spiffe://trust-domain\.org/.*
spiffe://trust-domain\.org/my-service
# Configuration test patterns
ports\.Env.*spiffe://
# Fuzz test SPIFFE URIs (pkg/ephemos/identity_fuzz_test.go)
spiffe://trust\.domain\.com/.*
spiffe://very-very-very-long-trust-domain-name\.example\.com/.*
spiffe://domain\.com/.*
spiffe://domain/.*
spiffe://256\.256\.256\.256/.*
spiffe://domain:8080/.*
spiffe://unicode-域名\.org/.*
spiffe:///.*
spiffe://\./.*
spiffe://env\.com/.*
# Chi middleware test SPIFFE URIs (contrib/middleware/chi/identity_test.go)
spiffe://untrusted\.com/.*
spiffe://any-domain\.com/.*
# Gin middleware test SPIFFE URIs (contrib/middleware/gin/identity_test.go)
spiffe://forbidden\.org/.*
spiffe://test\.org/.*