ci: gitleaks allowlist — InnerTube public API key + SharedPreferences key constants. Refs #300
Some checks failed
gitleaks / scan (push) Failing after 34s
Some checks failed
gitleaks / scan (push) Failing after 34s
This commit is contained in:
parent
beb994b6e2
commit
05521b487d
1 changed files with 22 additions and 0 deletions
22
.gitleaks.toml
Normal file
22
.gitleaks.toml
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
# gitleaks config — straw
|
||||
#
|
||||
# Straw is a YouTube Android client. Patterns flagged:
|
||||
# - SharedPreferences key constants (KEY_SB_CATS, REQUEST_KEY) — identifier
|
||||
# strings, not credentials
|
||||
# - GOOGLE_API_KEY in PoTokenWebView.kt — the InnerTube public API key
|
||||
# every YouTube client (web, Android, iOS, NewPipe, all forks) ships
|
||||
# hardcoded. Public-by-design; YouTube enforces auth via other channels
|
||||
# (visitor data, po_token).
|
||||
|
||||
[extend]
|
||||
useDefault = true
|
||||
|
||||
[allowlist]
|
||||
description = "Public InnerTube API key + SharedPreferences key-name constants"
|
||||
regexTarget = "line"
|
||||
regexes = [
|
||||
# InnerTube hardcoded key, public on every YouTube client
|
||||
'''GOOGLE_API_KEY\s*=\s*"AIza[A-Za-z0-9_-]{35}"''',
|
||||
# SharedPreferences keys — identifier string, not a credential
|
||||
'''(private\s+)?(const\s+val|val|var|final\s+(static\s+)?String)\s+(KEY|REQUEST_KEY|PREF_KEY)_[A-Z_]+\s*=''',
|
||||
]
|
||||
Loading…
Add table
Add a link
Reference in a new issue