diff --git a/credsweeper/rules/config.yaml b/credsweeper/rules/config.yaml index b017346d9..4803b900a 100644 --- a/credsweeper/rules/config.yaml +++ b/credsweeper/rules/config.yaml @@ -1182,6 +1182,21 @@ - code - doc +- name: Grafana Service Account Token + severity: high + confidence: strong + type: pattern + values: + - (?glsa_[0-9A-Za-z_-]{32}_[0-9A-Fa-f]{8})(?![0-9A-Za-z_-]) + min_line_len: 46 + filter_type: + - ValueGrafanaServiceCheck + required_substrings: + - glsa_ + target: + - code + - doc + - name: Dropbox API secret (long term) severity: high confidence: weak @@ -1235,6 +1250,24 @@ - code - doc +- name: Hashicorp Vault Token + severity: high + confidence: strong + type: pattern + values: + - (?hv[brs]\.[0-9A-Za-z_-]{80,160}) + filter_type: + - ValuePatternCheck + - ValueEntropyBase64Check + min_line_len: 90 + required_substring: + - hvb. + - hvr. + - hvs. + target: + - code + - doc + - name: Hashicorp Terraform Token severity: high confidence: strong @@ -1243,6 +1276,7 @@ - (?[0-9A-Za-z_-]{14}\.atlasv1\.[0-9A-Za-z_-]{67})(?![0-9A-Za-z_-]) filter_type: - ValuePatternCheck + - ValueEntropyBase64Check min_line_len: 90 required_substring: - .atlasv1. @@ -1351,21 +1385,6 @@ - code - doc -- name: Grafana Service Account Token - severity: high - confidence: strong - type: pattern - values: - - (?glsa_[0-9A-Za-z_-]{32}_[0-9A-Fa-f]{8})(?![0-9A-Za-z_-]) - min_line_len: 46 - filter_type: - - ValueGrafanaServiceCheck - required_substrings: - - glsa_ - target: - - code - - doc - - name: Tencent WeChat API App ID severity: medium confidence: weak diff --git a/tests/__init__.py b/tests/__init__.py index a9ccc6952..8d0f5d19d 100644 --- a/tests/__init__.py +++ b/tests/__init__.py @@ -7,14 +7,14 @@ NEGLIGIBLE_ML_THRESHOLD = 0.0001 # credentials count after scan -SAMPLES_CRED_COUNT: int = 411 -SAMPLES_CRED_LINE_COUNT: int = 429 +SAMPLES_CRED_COUNT: int = 412 +SAMPLES_CRED_LINE_COUNT: int = 430 # credentials count after post-processing -SAMPLES_POST_CRED_COUNT: int = 368 +SAMPLES_POST_CRED_COUNT: int = 369 # with option --doc -SAMPLES_IN_DOC = 447 +SAMPLES_IN_DOC = 448 # archived credentials that are not found without --depth SAMPLES_IN_DEEP_1 = SAMPLES_POST_CRED_COUNT + 29 diff --git a/tests/data/depth_3.json b/tests/data/depth_3.json index eacefc4f2..bbf77268d 100644 --- a/tests/data/depth_3.json +++ b/tests/data/depth_3.json @@ -7831,8 +7831,8 @@ { "line": "Z28P3STmkBQi1Y.atlasv1.YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0", "line_num": 1, - "path": "./tests/samples/hashicorp_terraform", - "info": "./tests/samples/hashicorp_terraform|RAW", + "path": "./tests/samples/hashicorp", + "info": "./tests/samples/hashicorp|RAW", "value": "Z28P3STmkBQi1Y.atlasv1.YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0", "value_start": 0, "value_end": 90, @@ -7847,6 +7847,33 @@ } ] }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Hashicorp Vault Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "hvs.atlasv1-Z28P3STmkBQi1Y-YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0", + "line_num": 2, + "path": "./tests/samples/hashicorp", + "info": "./tests/samples/hashicorp|RAW", + "value": "hvs.atlasv1-Z28P3STmkBQi1Y-YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0", + "value_start": 0, + "value_end": 94, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE64_CHARS", + "entropy": 5.346321090472658, + "valid": true + } + } + ] + }, { "api_validation": "NOT_AVAILABLE", "ml_validation": "NOT_AVAILABLE", diff --git a/tests/data/doc.json b/tests/data/doc.json index 636662b12..40b38f3e3 100644 --- a/tests/data/doc.json +++ b/tests/data/doc.json @@ -11987,8 +11987,8 @@ { "line": "Z28P3STmkBQi1Y.atlasv1.YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0", "line_num": 1, - "path": "./tests/samples/hashicorp_terraform", - "info": "./tests/samples/hashicorp_terraform|RAW", + "path": "./tests/samples/hashicorp", + "info": "./tests/samples/hashicorp|RAW", "value": "Z28P3STmkBQi1Y.atlasv1.YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0", "value_start": 0, "value_end": 90, @@ -12003,6 +12003,33 @@ } ] }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Hashicorp Vault Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "hvs.atlasv1-Z28P3STmkBQi1Y-YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0", + "line_num": 2, + "path": "./tests/samples/hashicorp", + "info": "./tests/samples/hashicorp|RAW", + "value": "hvs.atlasv1-Z28P3STmkBQi1Y-YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0", + "value_start": 0, + "value_end": 94, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE64_CHARS", + "entropy": 5.346321090472658, + "valid": true + } + } + ] + }, { "api_validation": "NOT_AVAILABLE", "ml_validation": "NOT_AVAILABLE", diff --git a/tests/data/ml_threshold.json b/tests/data/ml_threshold.json index 70caba570..f379bc15a 100644 --- a/tests/data/ml_threshold.json +++ b/tests/data/ml_threshold.json @@ -8465,7 +8465,7 @@ { "line": "8d92cc575673b937117a0bc2d9933296bc82695b5edfce134b6f4742d26132c5", "line_num": 1, - "path": "./tests/samples/hashicorp_terraform", + "path": "./tests/samples/hashicorp", "info": "", "value": "8d92cc575673b937117a0bc2d9933296bc82695b5edfce134b6f4742d26132c5", "value_start": 0, @@ -8481,6 +8481,33 @@ } ] }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Hashicorp Vault Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "ab065aa9aa644f0c7b24030e33468fcacd6c7f20140af08249fb744b1bbb7ccc", + "line_num": 2, + "path": "./tests/samples/hashicorp", + "info": "", + "value": "ab065aa9aa644f0c7b24030e33468fcacd6c7f20140af08249fb744b1bbb7ccc", + "value_start": 0, + "value_end": 94, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE64_CHARS", + "entropy": 5.346321090472658, + "valid": true + } + } + ] + }, { "api_validation": "NOT_AVAILABLE", "ml_validation": "NOT_AVAILABLE", diff --git a/tests/data/output.json b/tests/data/output.json index 4c5f0e370..717688b9c 100644 --- a/tests/data/output.json +++ b/tests/data/output.json @@ -7412,7 +7412,7 @@ { "line": "Z28P3STmkBQi1Y.atlasv1.YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0", "line_num": 1, - "path": "./tests/samples/hashicorp_terraform", + "path": "./tests/samples/hashicorp", "info": "", "value": "Z28P3STmkBQi1Y.atlasv1.YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0", "value_start": 0, @@ -7428,6 +7428,33 @@ } ] }, + { + "api_validation": "NOT_AVAILABLE", + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Hashicorp Vault Token", + "severity": "high", + "confidence": "strong", + "line_data_list": [ + { + "line": "hvs.atlasv1-Z28P3STmkBQi1Y-YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0", + "line_num": 2, + "path": "./tests/samples/hashicorp", + "info": "", + "value": "hvs.atlasv1-Z28P3STmkBQi1Y-YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0", + "value_start": 0, + "value_end": 94, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE64_CHARS", + "entropy": 5.346321090472658, + "valid": true + } + } + ] + }, { "api_validation": "NOT_AVAILABLE", "ml_validation": "NOT_AVAILABLE", diff --git a/tests/samples/hashicorp b/tests/samples/hashicorp new file mode 100644 index 000000000..6074766eb --- /dev/null +++ b/tests/samples/hashicorp @@ -0,0 +1,4 @@ +Z28P3STmkBQi1Y.atlasv1.YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0 +hvs.atlasv1-Z28P3STmkBQi1Y-YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0 + +FalseCase:iOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Imk2bEdrM0ZaenhSY1ViMkMzbkVu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0RN3N5SEpsWSIsImtpZCI6Imk2bEdrM0ZaenhSY1ViMkMzbkVRN3N5SEpsWSJ9/hvs.u6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0/iOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Imk2bEdrM0ZaenhSY1ViMu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0kMzbkVRN3N5SEpsWSIsImtpZCI6Imk2bEdrM0ZaenhSY1ViMkMzbkVRN3N5SEpsWSJ9 diff --git a/tests/samples/hashicorp_terraform b/tests/samples/hashicorp_terraform deleted file mode 100644 index 08695a5dd..000000000 --- a/tests/samples/hashicorp_terraform +++ /dev/null @@ -1 +0,0 @@ -Z28P3STmkBQi1Y.atlasv1.YE7RBqu6VVyQIOq9a1eC3YFU5Elt7ToIr6OwzKAWlCTQ7N4gElXaWou6aPpOIwGCoc0 \ No newline at end of file