From bef854956bc8ec9313bcbcd0f5e1b951ec698677 Mon Sep 17 00:00:00 2001
From: HAHWUL <hahwul@gmail.com>
Date: Mon, 11 Nov 2024 23:03:51 +0900
Subject: [PATCH] feat: Add detection rules for Google Cloud Service Account
 Key

Signed-off-by: HAHWUL <hahwul@gmail.com>
---
 secrets/gcloud-service-account-key.yaml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 secrets/gcloud-service-account-key.yaml

diff --git a/secrets/gcloud-service-account-key.yaml b/secrets/gcloud-service-account-key.yaml
new file mode 100644
index 0000000..913e051
--- /dev/null
+++ b/secrets/gcloud-service-account-key.yaml
@@ -0,0 +1,21 @@
+id: gcloud-service-account-key
+info:
+  name: Detect GCLOUD_SERVICE_ACCOUNT_KEY
+  author: [hahwul]
+  severity: critical
+  description: Detects the presence of Google Cloud Service Account Key JSON in the code
+  reference: ['']
+matchers-condition: or
+matchers:
+  - type: word
+    patterns: [GOOGLE_APPLICATION_CREDENTIALS, GOOGLE_CLOUD_KEY]
+    condition: or
+  - type: regex
+    patterns:
+      - '"type"\s*:\s*"service_account"'
+      - '"project_id"\s*:\s*"[^"]+"'
+      - '"private_key_id"\s*:\s*"[^"]+"'
+      - '"private_key"\s*:\s*"[^"]+"'
+    condition: or
+category: secret
+techs: ['*']
\ No newline at end of file