1079

[StephenHogg]

Description:

Closes #539 - adds Azure rules

Checklist:

• Does your PR pass tests?
• Have you written new tests for your changes?
• Have you lint your code locally prior to submission?

[rgmz]

I've tested both these out and they're far too noisy as-is. I'm not sure how they can be improved beyond adding a prefix for "accountkey", though that may overlap with an existing pattern.

[StephenHogg]

Down the bottom of this link you see the keywords that Microsoft recommends. So perhaps we could get at least partial coverage even if we don't use accountkey itself? I think these two rules are probably two of the highest value rules in the Azure set so at least some effort to include them is likely worthwhile in my opinion. Let me know what you think? https://learn.microsoft.com/en-us/purview/sit-defn-azure-storage-account-access-key Edit: apologies, didn't realise that email reply would create a separate comment instead of just replying to the review @rgmz

…

On Fri, 17 Nov 2023, 15:15 Richard Gomez, ***@***.***> wrote: ***@***.**** commented on this pull request. ------------------------------ In cmd/generate/config/rules/azure.go <#1291 (comment)>: > +func AzureStorageCredential86char() *config.Rule { + // define rule + r := config.Rule{ + Description: "CSCAN0030, CSCAN0090, CSCAN0150 - Found Azure storage credential in source code file.", + RuleID: "azure-storage-credential-86char", + SecretGroup: 1, + Regex: generateUniqueTokenRegex(`[ \t]{0,10}[a-zA-Z0-9/+]{86}==`, true), + Keywords: []string{"=="}, + } + + // validate + tps := []string{ + generateSampleSecret("azure-storage-credential-86char", + secrets.NewSecret(alphaNumeric("86")+"==")), + } + return validate(r, tps, nil) +} + +func AzureStorageCredential43char() *config.Rule { I've tested both these out and they're far too noisy as-is. I'm not sure how they can be improved beyond adding a prefix for "accountkey", though that may overlap with an existing pattern. — Reply to this email directly, view it on GitHub <#1291 (review)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ADFQOPRHTNRLWV3ANP2GICLYE3XH7AVCNFSM6AAAAAA7O64O4CVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMYTOMZWGA2TONJTGM> . You are receiving this because you authored the thread.Message ID: ***@***.***>