Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: catch secret in XML child #1265

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

feat: catch secret in XML child #1265

wants to merge 2 commits into from
+139 −125

Conversation

baruchiro
Copy link
Contributor

Description:

  • Added generic API key inside an XML element: <password>edf8f16608465858a6c9e3cccb97d3c2</password>
  • Added True-Positives and False-Positives to the Generic API Key rule

Checklist:

  • Does your PR pass tests?
  • Have you written new tests for your changes?
  • Have you lint your code locally prior to submission?

@baruchiro baruchiro mentioned this pull request Sep 11, 2023
Closed
rgmz
rgmz reviewed Sep 11, 2023
View reviewed changes
cmd/generate/config/rules/rule.go
@@ -27,7 +27,7 @@ const (
// \x60 = `
secretPrefixUnique = `\b(`
secretPrefix = `(?:'|\"|\s|=|\x60){0,5}(`
secretSuffix = `)(?:['|\"|\n|\r|\s|\x60|;]|$)`
secretSuffix = `)(?:['|\"|\n|\r|\s|\x60|;|<]|$)`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor nitpic: since this part is enclosed in [], the pipes aren't necessary.

It could simply be: (assuming we don't actually want to match on pipes)

(?:['\"\n\r\s\x60;<]|$)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed it in another PR: #1266

This was referenced Sep 11, 2023
Open
Closed
Merged
This was referenced Mar 28, 2024
Merged
Merged
baruchiro added a commit to Checkmarx/gitleaks that referenced this pull request Mar 28, 2024
@baruchiro
feat: catch secret in XML child (#1)
93df1a4 
### Description:
- Added generic API key inside an XML element:
`<password>edf8f16608465858a6c9e3cccb97d3c2</password>`
- Added True-Positives and False-Positives to the Generic API Key rule

### Checklist:

* [x] Does your PR pass tests?
* [x] Have you written new tests for your changes?
* [x] Have you lint your code locally prior to submission?

Original: gitleaks#1265
baruchiro added a commit to Checkmarx/gitleaks that referenced this pull request Mar 28, 2024
@baruchiro
chore: refactor regex for redundant pipe (#2)
170b7c8 
### Description:
> since this part is enclosed in `[]`, the pipes aren't necessary.

_Originally posted by @rgmz in
gitleaks#1265 (comment)

### Checklist:

* [x] Does your PR pass tests?
* [x] Have you written new tests for your changes?
* [x] Have you lint your code locally prior to submission?

Original: gitleaks#1266
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rgmz rgmz rgmz left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@baruchiro @rgmz