From c2b3039014c5221c1045a5a617216ef1b5bc4a03 Mon Sep 17 00:00:00 2001
From: h13t0ry <49514593+h13t0ry@users.noreply.github.com>
Date: Thu, 24 Apr 2025 16:34:36 +0800
Subject: [PATCH] Add gitleaks Action configuration

---
 .github/workflows/secret-scan.yml | 19 +++++++++
 .gitleaks.toml                    | 67 +++++++++++++++++++++++++++++++
 2 files changed, 86 insertions(+)
 create mode 100644 .github/workflows/secret-scan.yml
 create mode 100644 .gitleaks.toml

diff --git a/.github/workflows/secret-scan.yml b/.github/workflows/secret-scan.yml
new file mode 100644
index 0000000..0c9a263
--- /dev/null
+++ b/.github/workflows/secret-scan.yml
@@ -0,0 +1,19 @@
+name: Secret Scan
+
+on:
+  pull_request:
+  push:
+jobs:
+  gitleaks:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Run Gitleaks to scan for secrets
+        uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITLEAKS_CONFIG: .gitleaks.toml
\ No newline at end of file
diff --git a/.gitleaks.toml b/.gitleaks.toml
new file mode 100644
index 0000000..9b24191
--- /dev/null
+++ b/.gitleaks.toml
@@ -0,0 +1,67 @@
+[extend]
+useDefault = true
+
+[[rules]]
+id = "aklt-key-pattern"
+description = "AKLT key pattern"
+regex = '''AKLT\w{40,70}'''
+
+[[rules]]
+id = "akap-key-pattern"
+description = "AKAP key pattern"
+regex = '''AKAP\w{40,70}'''
+
+[[rules]]
+id = "akip-key-pattern"
+description = "AKIP key pattern"
+regex = '''AKI\w{40,70}'''
+
+[[rules]]
+id = "token-transformer-id-pattern"
+description = "Tokenizer/Transformer/Token ID patterns"
+regex = '''(tokenizer|transformer|token_id|tokenid|attention_head).{0,20}'''
+
+[[rules]]
+id = "aws-style-key-pattern"
+description = "AWS-style key pattern"
+regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
+
+[[rules]]
+id = "alibaba-ltai-pattern"
+description = "Alibaba LTAI key pattern"
+regex = '''(LTAI)[a-z0-9]{20}'''
+
+[[rules]]
+id = "aktp-key-pattern"
+description = "AKTP key pattern"
+regex = '''AKTP\w{40,70}'''
+
+[[rules]]
+id = "app-id-pattern"
+description = "App ID patterns"
+regex = '''([^*<\s|:>]{0,7})(app_id|appid)([^]()!<>;/@&,]{0,10}[(=:]\s{0,6}["']{0,1}[0-9]{6,32}["']{0,1})'''
+
+[[rules]]
+id = "byted-org-domains"
+description = "byted.org domains"
+regex = '''.{0,15}\.?byted.org.{0,20}'''
+
+[[rules]]
+id = "bytedance-net-domains"
+description = "bytedance.net domains"
+regex = '''.{0,15}\.?bytedance.net.{0,20}'''
+
+[[rules]]
+id = "feishu-cn-domains"
+description = "bytedance.feishu.cn domains"
+regex = '''.{0,20}.bytedance\.feishu\.cn.{0,50}'''
+
+[[rules]]
+id = "larkoffice-com-domains"
+description = "bytedance.larkoffice.com domains"
+regex = '''.{0,20}.bytedance\.larkoffice\.com.{0,50}'''
+
+[[rules]]
+id = "private-ip-10-range"
+description = "Private IP address pattern (10.x.x.x)"
+regex = '''(10\.\d{1,3}\.\d{1,3}\.\d{1,3})'''
\ No newline at end of file