New patterns & ML update

[babenek]

Description

Please include a summary of the change and which is fixed.

• Refactoring ML features with reducing DC and added regex matching for an attribute
• Retrain ML. summary F1 = 0.952886
• Added new ML features for using regex in an attribute
• ML training produces chart with MD5 sums of config and model in bottom to manage them
• Removed VariableNotAllowedPatternCheck filter but apply the pattern in ML. Variuos case with _ID postfixes and AWS keys.
• Refactored Keyword pattern to deal with escaped quotes in a value. Tests added. Some cases still are not covered.
• Filter ValuePath was extended with morphemes check to reduce FN
• Removed duplicated filters

How has this been tested?

Please describe the tests that you ran to verify your changes.

• UnitTest
• Benchmark

[babenek]

@Samsung/credsweeper_maintainers , please give your opinion about the rules names.

[babenek]

TODO: rollback after Samsung/CredData#167

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 92.30769% with 23 lines in your changes missing coverage. Please review.

Project coverage is 90.57%. Comparing base (a73faaa) to head (355abb2).

Files with missing lines	Patch %	Lines
credsweeper/ml_model/features/has_html_tag.py	77.77%	2 Missing and 2 partials ⚠️
credsweeper/ml_model/features/feature.py	86.95%	2 Missing and 1 partial ⚠️
credsweeper/ml_model/features/word_in.py	92.50%	2 Missing and 1 partial ⚠️
credsweeper/ml_model/features/word_in_path.py	80.00%	2 Missing and 1 partial ⚠️
credsweeper/credentials/line_data.py	90.47%	0 Missing and 2 partials ⚠️
credsweeper/ml_model/features/word_in_line.py	85.71%	1 Missing and 1 partial ⚠️
credsweeper/ml_model/features/word_in_value.py	83.33%	1 Missing and 1 partial ⚠️
credsweeper/utils/util.py	60.00%	1 Missing and 1 partial ⚠️
credsweeper/ml_model/features/file_extension.py	91.66%	1 Missing ⚠️
credsweeper/ml_model/features/rule_name.py	91.66%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #600      +/-   ##
==========================================
- Coverage   90.63%   90.57%   -0.06%     
==========================================
  Files         130      143      +13     
  Lines        4794     4870      +76     
  Branches      783      786       +3     
==========================================
+ Hits         4345     4411      +66     
- Misses        292      298       +6     
- Partials      157      161       +4     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[babenek]

bencmark fails before Samsung/CredData#167

[csh519]

Please check my comments below.

And next time, please separate PR by feature and request review.
As you know huge PR couldn't have good review.

[csh519]

dirty is also good name but IMO it would be good to re-name with like as is_OOO.
How about is_cleared or is_clear?

[csh519]

Is there any FP cases that include function keyword in the value?
I think checking function keyword by search() seems reasonable..

[babenek]

actually, there was FN case in random generated credentials like "12#@5(!)fs", so I refactored the pattern and applied match to use the search from begin of a value

[csh519]

Hmm.. still i can get it clearly.
Do you mean there is a random generated credential value which includes "function" keyword in it?
Like as "12#@5(!)function3w@91"?
If then i think search() method working good.

[babenek]

No, i mean the second part of OR condition in the check only.
The function check does not use regex, so i did not find any FP or FN for function yet.
Otherside, "12#@5(!)fs" - or something like this was set as FN with the filter.

[csh519]

Ah.. I just misunderstood about this.
But in some case like below, search() method still more useful doesn't it?

myPassword = "this_is_not_password"

[babenek]

The filter does not return True for the line. Only if it will be

myPassword = this_is_not_password()

or

myPasswsord=password_function

*depends on file

Otherside, your code line means that a string is assigned for variable with name "password"
So, it may be a password. Even "1234" may be a password, but CredSweeper skips the sequence.

[csh519]

Okay i agree. Let's keep the change then.

[csh519]

Why this filter has been removed?
There is no description for it..

[babenek]

AWS_KEY_ID is filtered often :(
The feature was migrated to ML

[babenek]

VariableNotAllowedPatternCheck mention was added to PR description

[csh519]

Okay I see..
Is there a lot of patterns that do not allowed?
I think if we delegate this filter's role to ML, we will be harder to reasoning and debugging why.
So I'm worry about this.

[babenek]

The filter eliminated a chance for ML to report for a credential like:

PASSWORD_FOR_ID="Th@tHid$mYpDW"

and something sensetive data like AWS ID.

[csh519]

It seems filtering the credentials from ML will be better..
Okay let's move the role to ML.

[babenek]

[Yullia]

Approved