fix: generic support special character #1371
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
baruchiro
changed the title
added 2 commits
March 14, 2024 12:35
3 tasks
### Description: - Added generic API key inside an XML element: `<password>edf8f16608465858a6c9e3cccb97d3c2</password>` - Added True-Positives and False-Positives to the Generic API Key rule ### Checklist: * [x] Does your PR pass tests? * [x] Have you written new tests for your changes? * [x] Have you lint your code locally prior to submission? Original: gitleaks#1265
### Description: > since this part is enclosed in `[]`, the pipes aren't necessary. _Originally posted by @rgmz in gitleaks#1265 (comment) ### Checklist: * [x] Does your PR pass tests? * [x] Have you written new tests for your changes? * [x] Have you lint your code locally prior to submission? Original: gitleaks#1266
### Description:
I have a code sample when someone writting a hard-coded JSON as string,
and it looks like this:
```java
var json = "{ \"access-key\": \"access key here\" }"
```
### Checklist:
* [x] Does your PR pass tests?
* [x] Have you written new tests for your changes?
* [x] Have you lint your code locally prior to submission?
Original: gitleaks#1267
I found some rules that returns the value ended with `"`. This happened because missing `secretGroup` value. It is an _hot fix_. For the future, I think we need: 1. Refactor the `validate` function or create another suite of tests with declaration of the expected found secret. 1. Fix the suffix regex to not include the `"`, because even with my change, it only fixes the `Secret` but not the `Match` Original: gitleaks#1350
### Description: Sometimes the tp of Scalingo is failing during the Github Actions workflow and after re-triggering it passed. I think the problem was when the generated example secret was ended with `-`, and combined with the `Regex` that expect for a word boundary `\b`, it was failed. I think in any way it is better to use the common `generateUniqueTokenRegex` instead of wrapping the regex with `\b`. ### Checklist: * [x] Does your PR pass tests? * [x] Have you written new tests for your changes? * [x] Have you lint your code locally prior to submission? Original: gitleaks#1359
### Description: I fixes few issues (gitleaks#1049, gitleaks#1324, gitleaks#1337) and added a rule for AWS Secret Key. I renamed the `AWS()` function name to `AWSAccessKey()`, and changed the `RuleID` too, which may lead to breaking changes⚠️ . ### Checklist: * [x] Does your PR pass tests? * [x] Have you written new tests for your changes? * [x] Have you lint your code locally prior to submission? Original: gitleaks#1356
### Description: [PuTTY](https://www.putty.org/) is a common SSH and telnet client for Windows. It installed with a "PuTTY Key Generator, which is generating a regular private/public keys, but saves them in a different format. To support this, I added support for apply the `AllowList.Regexes` on the `fragment.Raw` content. I also added a `validateFragment` to validate a rule that accept the `Path` field. ### Checklist: * [x] Does your PR pass tests? * [x] Have you written new tests for your changes? * [x] Have you lint your code locally prior to submission? Original: gitleaks#1373
### Description: I just generated keys from Stripe and adjusted the rule. ### Checklist: * [x] Does your PR pass tests? * [x] Have you written new tests for your changes? * [x] Have you lint your code locally prior to submission? Original: gitleaks#1375
### Description: Added rules for real (revoked) cloudflare secrets ### Checklist: * [x] Does your PR pass tests? * [x] Have you written new tests for your changes? * [x] Have you lint your code locally prior to submission? Original: gitleaks#1374
### Description: To add this rule I took examples from the official Hashicorp documentation, but now I used this rule and it find too generic cases such as `const TagPassword = "password"`. Using the `Entropy` field is a balance between true/false positives, since with `3.5` it will ignore almost all passwords less then 10 characters length. ### Checklist: * [x] Does your PR pass tests? * [x] Have you written new tests for your changes? * [x] Have you lint your code locally prior to submission? Original: gitleaks#1358
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
I added examples of generic tokens that include
@![].Generic API Key supports any non-space character.
Checklist: