Add new rules from shhgit (#17)

* Add new rules from shhgit * Pass CI * Fix rules, bump python
valayDave · Sep 19, 2020 · f10688f · f10688f
1 parent b3a8ab0
commit f10688f
Show file tree

Hide file tree

Showing 4 changed files with 97 additions and 2 deletions.
diff --git a/setup.py b/setup.py
@@ -21,7 +21,7 @@
     long_description_content_type='text/markdown',
     keywords=['Security', 'SSH', 'Secret Keys', 'SysAdmin'],
     install_requires=required,
-    python_requires='>=3.4',
+    python_requires='>=3.6',
     entry_points={
         'console_scripts': ['tell-me-your-secrets=tell_me_your_secrets.__main__:run_service'],
     },

diff --git a/tell_me_your_secrets/__main__.py b/tell_me_your_secrets/__main__.py
@@ -75,7 +75,10 @@ def __str__(self):
 class RegexSignature(Signature):
     def __init__(self, part: str, name: str, signature: str):
         super().__init__(part, name, signature)
-        self.regex = re.compile(self.signature)
+        try:
+            self.regex = re.compile(self.signature)
+        except re.error as e:
+            raise TypeError(f'Failed to compile regex for {self.name} `{self.signature}` - {e}')
 
     def match(self, file_path: str, file_content: str) -> bool:
         compare_variable = None

diff --git a/tell_me_your_secrets/config.yml b/tell_me_your_secrets/config.yml
@@ -369,3 +369,90 @@ signatures:
   - part:  'contents'
     regex: 'hawk\.[0-9A-Za-z\-_]{20}\.[0-9A-Za-z\-_]{20}'
     name: 'StackHawk API Key'
+  - part:  'extension'
+    match: '.ppk'
+    name: 'Potential PuTTYgen private key'
+  - part:  'filename'
+    match: 'heroku.json'
+    name: 'Heroku config file'
+  - part:  'extension'
+    match: '.sqldump'
+    name: 'SQL Data dump file'
+  - part:  'filename'
+    match: 'dump.sql'
+    name: 'MySQL dump w/ bcrypt hashes'
+  - part:  'filename'
+    match: 'id_rsa_pub'
+    name: 'Public ssh key'
+  - part: 'filename'
+    match: 'mongoid.yml'
+    name: 'Mongoid config file'
+  - part: 'filename'
+    match: 'salesforce.js'
+    name: 'Salesforce credentials in a nodejs project'
+  - part: 'extension'
+    match: '.netrc'
+    name: 'netrc with SMTP credentials'
+  - part:  'filename'
+    regex: '.remote-sync.json$'
+    name: 'Created by remote-sync for Atom, contains FTP and/or SCP/SFTP/SSH server details and credentials'
+  - part:  'filename'
+    regex: '.esmtprc$'
+    name: 'esmtp configuration'
+  - part:  'filename'
+    regex: '^deployment-config.json?$'
+    name: 'Created by sftp-deployment for Atom, contains server details and credentials'
+  - part:  'filename'
+    regex: '.ftpconfig$'
+    name: 'Created by sftp-deployment for Atom, contains server details and credentials'
+  - part: 'contents'
+    regex: '-----BEGIN (EC|RSA|DSA|OPENSSH|PGP) PRIVATE KEY'
+    name: 'Contains a private key'
+  - part: 'contents'
+    regex: 'define(.{0,20})?(DB_CHARSET|NONCE_SALT|LOGGED_IN_SALT|AUTH_SALT|NONCE_KEY|DB_HOST|DB_PASSWORD|AUTH_KEY|SECURE_AUTH_KEY|LOGGED_IN_KEY|DB_NAME|DB_USER)(.{0,20})?[''|"].{10,120}[''|"]'
+    name: 'WP-Config'
+  - part: 'contents'
+    regex: '(?i)(aws_access_key_id|aws_secret_access_key)(.{0,20})?=.[0-9a-zA-Z\/+]{20,40}'
+    name: 'AWS cred file info'
+  - part: 'contents'
+    regex: '(?i:(facebook|fb)(.{0,20})?)[''\"][0-9a-f]{32}[''\"]'
+    name: 'Facebook Secret Key'
+  - part: 'contents'
+    regex: '(?i)(facebook|fb)(.{0,20})?[''\"][0-9]{13,17}[''\"]'
+    name: 'Facebook Client ID'
+  - part: 'contents'
+    regex: '(?i)twitter(.{0,20})?[''\"][0-9a-z]{35,44}[''\"]'
+    name: 'Twitter Secret Key'
+  - part: 'contents'
+    regex: '(?i)twitter(.{0,20})?[''\"][0-9a-z]{18,25}[''\"]'
+    name: 'Twitter Client ID'
+  - part: 'contents'
+    regex: '(?i:github(.{0,20})?)[''\"][0-9a-zA-Z]{35,40}[''\"]'
+    name: 'Github Key'
+  - part: 'contents'
+    regex: '(?i)heroku(.{0,20})?[''"][0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}[''"]'
+    name: 'Heroku API key'
+  - part: 'contents'
+    regex: '(?i:linkedin(.{0,20})?)[''\"][0-9a-z]{12}[''\"]'
+    name: 'Linkedin Client ID'
+  - part: 'contents'
+    regex: '(?i)linkedin(.{0,20})?[''\"][0-9a-z]{16}[''\"]'
+    name: 'LinkedIn Secret Key'
+  - part: 'path'
+    regex: '\.?idea[\\\/]WebServers.xml$'
+    name: 'Created by Jetbrains IDEs, contains webserver credentials with encoded passwords (not encrypted!)'
+  - part: 'path'
+    regex: '\.?vscode[\\\/]sftp.json$'
+    name: 'Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentials'
+  - part:  'path'
+    regex: 'web[\\\/]ruby[\\\/]secrets.yml'
+    name: 'Ruby on rails secrets.yml file (contains passwords)'
+  - part:  'path'
+    regex: '\.?docker[\\\/]config.json$'
+    name: 'Docker registry authentication file'
+  - part:  'path'
+    regex: 'ruby[\\\/]config[\\\/]master.key$'
+    name: 'Rails master key (used for decrypting credentials.yml.enc for Rails 5.2+)'
+  - part:  'path'
+    regex: '\.?mozilla[\\\/]firefox[\\\/]logins.json$'
+    name: 'Firefox saved password collection (can be decrypted using keys4.db)'
diff --git a/test/test_regex_signature.py b/test/test_regex_signature.py
@@ -66,3 +66,8 @@ def test_path_no_match(self):
     def test_invalid(self):
         signature = RegexSignature('random', 'Random', '')
         self.assertFalse(signature.match('', ''))
+
+    def test_invalid_regex(self):
+        with self.assertRaises(TypeError):
+            RegexSignature('contents', 'Facebook Secret Key',
+                           '(?i)(facebook|fb)(.{0,20})?(?-i)[''\"][0-9a-f]{32}[''\"]')