Skip to content

Commit

Permalink
hashicorp terraform token (#590)
Browse files Browse the repository at this point in the history
  • Loading branch information
@babenek
babenek authored Aug 5, 2024
1 parent 5f05701 commit d5ca6b5
Show file tree
Hide file tree
Showing 7 changed files with 129 additions and 5 deletions.
15 changes: 15 additions & 0 deletions credsweeper/rules/config.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1190,6 +1190,21 @@
- code
- doc

- name: Hashicorp Terraform Token
severity: high
confidence: strong
type: pattern
values:
- (?<![.0-9A-Za-z_/+-])(?P<value>[0-9A-Za-z_-]{14}\.atlasv1\.[0-9A-Za-z_-]{67})(?![=0-9A-Za-z_/+-])
filter_type:
- ValuePatternCheck
min_line_len: 90
required_substring:
- .atlasv1.
target:
- code
- doc

- name: Jira 2FA
severity: info
confidence: weak
Expand Down
10 changes: 5 additions & 5 deletions tests/__init__.py
View file
Original file line number Diff line number Diff line change
@@ -1,20 +1,20 @@
from pathlib import Path

# total number of files in test samples
SAMPLES_FILES_COUNT: int = 130
SAMPLES_FILES_COUNT: int = 131

# the lowest value of ML threshold is used to display possible lowest values
NEGLIGIBLE_ML_THRESHOLD = 0.0001

# credentials count after scan
SAMPLES_CRED_COUNT: int = 429
SAMPLES_CRED_LINE_COUNT: int = 446
SAMPLES_CRED_COUNT: int = 430
SAMPLES_CRED_LINE_COUNT: int = 447

# credentials count after post-processing
SAMPLES_POST_CRED_COUNT: int = 387
SAMPLES_POST_CRED_COUNT: int = 388

# with option --doc
SAMPLES_IN_DOC = 410
SAMPLES_IN_DOC = 411

# archived credentials that are not found without --depth
SAMPLES_IN_DEEP_1 = SAMPLES_POST_CRED_COUNT + 25
Expand Down
27 changes: 27 additions & 0 deletions tests/data/depth_3.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8451,6 +8451,33 @@
}
]
},
{
"api_validation": "NOT_AVAILABLE",
"ml_validation": "NOT_AVAILABLE",
"ml_probability": null,
"rule": "Hashicorp Terraform Token",
"severity": "high",
"confidence": "strong",
"line_data_list": [
{
"line": "Z28P3STmkBQi1Y.atlasv1.YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0",
"line_num": 1,
"path": "tests/samples/hashicorp_terraform",
"info": "tests/samples/hashicorp_terraform|RAW",
"value": "Z28P3STmkBQi1Y.atlasv1.YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0",
"value_start": 0,
"value_end": 90,
"variable": null,
"variable_start": -2,
"variable_end": -2,
"entropy_validation": {
"iterator": "BASE64_CHARS",
"entropy": 5.348551883097512,
"valid": true
}
}
]
},
{
"api_validation": "NOT_AVAILABLE",
"ml_validation": "NOT_AVAILABLE",
Expand Down
27 changes: 27 additions & 0 deletions tests/data/doc.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11250,6 +11250,33 @@
}
]
},
{
"api_validation": "NOT_AVAILABLE",
"ml_validation": "NOT_AVAILABLE",
"ml_probability": null,
"rule": "Hashicorp Terraform Token",
"severity": "high",
"confidence": "strong",
"line_data_list": [
{
"line": "Z28P3STmkBQi1Y.atlasv1.YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0",
"line_num": 1,
"path": "tests/samples/hashicorp_terraform",
"info": "tests/samples/hashicorp_terraform|RAW",
"value": "Z28P3STmkBQi1Y.atlasv1.YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0",
"value_start": 0,
"value_end": 90,
"variable": null,
"variable_start": -2,
"variable_end": -2,
"entropy_validation": {
"iterator": "BASE64_CHARS",
"entropy": 5.348551883097512,
"valid": true
}
}
]
},
{
"api_validation": "NOT_AVAILABLE",
"ml_validation": "NOT_AVAILABLE",
Expand Down
27 changes: 27 additions & 0 deletions tests/data/ml_threshold.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9085,6 +9085,33 @@
}
]
},
{
"api_validation": "NOT_AVAILABLE",
"ml_validation": "NOT_AVAILABLE",
"ml_probability": null,
"rule": "Hashicorp Terraform Token",
"severity": "high",
"confidence": "strong",
"line_data_list": [
{
"line": "Z28P3STmkBQi1Y.atlasv1.YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0",
"line_num": 1,
"path": "tests/samples/hashicorp_terraform",
"info": "",
"value": "Z28P3STmkBQi1Y.atlasv1.YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0",
"value_start": 0,
"value_end": 90,
"variable": null,
"variable_start": -2,
"variable_end": -2,
"entropy_validation": {
"iterator": "BASE64_CHARS",
"entropy": 5.348551883097512,
"valid": true
}
}
]
},
{
"api_validation": "NOT_AVAILABLE",
"ml_validation": "NOT_AVAILABLE",
Expand Down
27 changes: 27 additions & 0 deletions tests/data/output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8194,6 +8194,33 @@
}
]
},
{
"api_validation": "NOT_AVAILABLE",
"ml_validation": "NOT_AVAILABLE",
"ml_probability": null,
"rule": "Hashicorp Terraform Token",
"severity": "high",
"confidence": "strong",
"line_data_list": [
{
"line": "Z28P3STmkBQi1Y.atlasv1.YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0",
"line_num": 1,
"path": "tests/samples/hashicorp_terraform",
"info": "",
"value": "Z28P3STmkBQi1Y.atlasv1.YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0",
"value_start": 0,
"value_end": 90,
"variable": null,
"variable_start": -2,
"variable_end": -2,
"entropy_validation": {
"iterator": "BASE64_CHARS",
"entropy": 5.348551883097512,
"valid": true
}
}
]
},
{
"api_validation": "NOT_AVAILABLE",
"ml_validation": "NOT_AVAILABLE",
Expand Down
1 change: 1 addition & 0 deletions tests/samples/hashicorp_terraform
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Z28P3STmkBQi1Y.atlasv1.YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0

0 comments on commit d5ca6b5

Please sign in to comment.