-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Fix text * Fix false positives * Add git URL tests * Fix path * Detect certificates * Rollback cert detection * Exclude known keys * Improve AWS account detection * Add Elixir config detection * Improve secrets rule * Add Elixir tests * Update fixture test * Fix config exclusions for relative paths * Improve AWS account rule * Bump version * Improve find_line_number test coverage
- Loading branch information
Showing
27 changed files
with
166 additions
and
54 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,13 +1,24 @@ | ||
{ | ||
"compliant": { | ||
"aws_id": "{{ AWS ID }}", | ||
"aws_key": "${AWS_KEY}", | ||
"commit_id": "912ec803b2ce49e4a541068d495ab57000000000", | ||
"role": "arn:aws:iam::123456789000:role/role-name" | ||
}, | ||
"noncompliant": { | ||
"aws_id": "AKIAHI38FAKE1IWUQEEN", | ||
"aws_key": "PA3XsxZ8d8cPQLmnZzFAKEdzC6ND2a8vhbyXU/Dw", | ||
"aws_token": "FakeYXdzELv//////////wEldj3948yOJRO84jgpoip239232hEOHhfkjhefkwue97jorhfiuh+XjFC9Je/YG7JCqKjrspab2lB+7/Fb1NJFjgwur47Dbhs/L7nh+/VGnwLoAo8CIqoPBLRmXItaoiuuofZnr+ktihZk1Yi55sYZ12hfRMPVbDmhf9Ke683+e9bJirhUEghw9424JOhgwrgqq99MvzCEFe4eXPOSgAcQcD2xqnnKO738tjhoh23HFqjflhefibWegfqefgqUF12hvgfwegqf" | ||
} | ||
"compliant": [ | ||
{ | ||
"aws_id": "{{ AWS ID }}", | ||
"aws_key": "${AWS_KEY}", | ||
"commit_id": "912ec803b2ce49e4a541068d495ab57000000000", | ||
"role": "arn:aws:iam::123456789000:role/role-name" | ||
}, | ||
{ | ||
"aws_account01": "000000000000", | ||
"aws_account02": "111111111111" | ||
} | ||
], | ||
"noncompliant": [ | ||
{ | ||
"aws_id": "AKIAHI38FAKE1IWUQEEN", | ||
"aws_key": "PA3XsxZ8d8cPQLmnZzFAKEdzC6ND2a8vhbyXU/Dw", | ||
"aws_token": "FakeYXdzELv//////////wEldj3948yOJRO84jgpoip239232hEOHhfkjhefkwue97jorhfiuh+XjFC9Je/YG7JCqKjrspab2lB+7/Fb1NJFjgwur47Dbhs/L7nh+/VGnwLoAo8CIqoPBLRmXItaoiuuofZnr+ktihZk1Yi55sYZ12hfRMPVbDmhf9Ke683+e9bJirhUEghw9424JOhgwrgqq99MvzCEFe4eXPOSgAcQcD2xqnnKO738tjhoh23HFqjflhefibWegfqefgqUF12hvgfwegqf" | ||
}, | ||
{ | ||
"aws_account01": "123456789123" | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,10 +1,13 @@ | ||
# Compliant | ||
aws_id: "{{ AWS ID }}" | ||
aws_key: "${AWS_KEY}" | ||
commit_id: 912ec803b2ce49e4a541068d495ab57000000000 | ||
role: arn:aws:iam::123456789000:role/role-name | ||
compliant: | ||
aws_id: "{{ AWS ID }}" | ||
aws_key: "${AWS_KEY}" | ||
commit_id: 912ec803b2ce49e4a541068d495ab57000000000 | ||
role: arn:aws:iam::123456789000:role/role-name | ||
aws_account01: '000000000000' | ||
aws_account02: '111111111111' | ||
|
||
# Noncompliant | ||
aws_id: AKIAHI38FAKE1IWUQEEN | ||
aws_key: PA3XsxZ8d8cPQLmnZzFAKEdzC6ND2a8vhbyXU/Dw | ||
aws_token: FakeYXdzELv//////////wEldj3948yOJRO84jgpoip239232hEOHhfkjhefkwue97jorhfiuh+XjFC9Je/YG7JCqKjrspab2lB+7/Fb1NJFjgwur47Dbhs/L7nh+/VGnwLoAo8CIqoPBLRmXItaoiuuofZnr+ktihZk1Yi55sYZ12hfRMPVbDmhf9Ke683+e9bJirhUEghw9424JOhgwrgqq99MvzCEFe4eXPOSgAcQcD2xqnnKO738tjhoh23HFqjflhefibWegfqefgqUF12hvgfwegqf | ||
noncompliant: | ||
aws_id: AKIAHI38FAKE1IWUQEEN | ||
aws_key: PA3XsxZ8d8cPQLmnZzFAKEdzC6ND2a8vhbyXU/Dw | ||
aws_token: FakeYXdzELv//////////wEldj3948yOJRO84jgpoip239232hEOHhfkjhefkwue97jorhfiuh+XjFC9Je/YG7JCqKjrspab2lB+7/Fb1NJFjgwur47Dbhs/L7nh+/VGnwLoAo8CIqoPBLRmXItaoiuuofZnr+ktihZk1Yi55sYZ12hfRMPVbDmhf9Ke683+e9bJirhUEghw9424JOhgwrgqq99MvzCEFe4eXPOSgAcQcD2xqnnKO738tjhoh23HFqjflhefibWegfqefgqUF12hvgfwegqf | ||
aws_account: '123456789123' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
------------------------------------------------------------ | ||
this is not a privatekey | ||
-------------- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
compliant: | ||
public_key: h4rdc0dedOkay01 | ||
ProjectKey: h4rdc0dedOkay02 | ||
translationKey: h4rdc0dedOkay03 | ||
rowIDkey: h4rdc0dedOkay04 | ||
colKey: h4rdc0dedOkay05 | ||
columnkey: h4rdc0dedOkay06 | ||
uniq_key: h4rdc0dedOkay07 | ||
uniqueKey: h4rdc0dedOkay08 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
{ | ||
"getpass": "^1.2.3" | ||
} |
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
use Mix.Config | ||
|
||
config :pxblog, Pxblog.Endpoint, | ||
secret_key_base: "HardCodedaGFyZGNvZGVkVG9rZW4xMjM0Cg+/aGFyZGNvZGVkVG9rZW4xMjM0Cg" | ||
|
||
# Configure your database | ||
config :pxblog, Pxblog.Repo, | ||
adapter: Ecto.Adapters.Postgres, | ||
username: "pxblog", | ||
password: "h4rdc0d3dp@$$w0rd", | ||
database: "pxblog_prod", | ||
pool_size: 20 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -8,4 +8,5 @@ compliant: | |
noncompliant: | ||
- "jdbc:mysql://localhost/authority?user=admin&userpass=hardcoded0" | ||
- "https://admin:hardcoded1@localhost:8000/admin" | ||
- 'amqp://root:[email protected]:5434/topic' | ||
- "amqp://root:[email protected]:5434/topic" | ||
- "git+https://token:[email protected]/org/repo.git" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
VERSION = (2, 2, 1) | ||
VERSION = (2, 2, 2) | ||
|
||
__version__ = ".".join(map(str, VERSION)) | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,14 +1,15 @@ | ||
import re | ||
from pathlib import Path | ||
from re import IGNORECASE, compile | ||
|
||
DEFAULT_PATH = Path(__file__).parents[1] | ||
|
||
DEFAULT_SEVERITY = ["Critical", "High", "Medium", "Low", "Info"] | ||
|
||
ESCAPED_CHARS = str.maketrans({"'": r"\'", '"': r"\""}) | ||
|
||
REGEX_URI = re.compile(r"[:\w\d]+://.+", flags=re.IGNORECASE) | ||
REGEX_PATH = re.compile(r"^((([A-Z]|file|root):)?(\.+)?[/\\]+).*$", flags=re.IGNORECASE) | ||
REGEX_IAC = re.compile(r"\![A-Za-z]+ .+", flags=re.IGNORECASE) | ||
REGEX_PRIVKEY_FILE = re.compile(r"(rsa|dsa|ed25519|ecdsa|pem|crt|cer|ca-bundle|p7b|p7c|p7s|ppk|pkcs12|pfx|p12)") | ||
REGEX_ENVVAR = re.compile(r"^\$\$?\{?[A-Z0-9_]+\}?$") | ||
REGEX_URI = compile(r"[:\w\d]+://.+", flags=IGNORECASE) | ||
REGEX_PATH = compile(r"^((([A-Z]|file|root):)?(\.+)?[/\\]+).*$", flags=IGNORECASE) | ||
REGEX_IAC = compile(r"\![A-Za-z]+ .+", flags=IGNORECASE) | ||
REGEX_PRIVKEY_FILE = compile(r"(rsa|dsa|ed25519|ecdsa|pem|crt|cer|ca-bundle|p7b|p7c|p7s|ppk|pkcs12|pfx|p12)") | ||
REGEX_ENVVAR = compile(r"^\$\$?\{?[A-Z0-9_]+\}?$") | ||
REGEX_SEMVER = compile(r"^[\^~\-=vV<>]{0,3}([0-9]+\.){1,2}[0-9]+(\-.*)?$") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
from pathlib import Path | ||
from typing import Iterator | ||
|
||
from whispers.models.pair import KeyValuePair | ||
|
||
|
||
class Elixir: | ||
def pairs(self, filepath: Path) -> Iterator[KeyValuePair]: | ||
for lineno, line in enumerate(filepath.open(), 1): | ||
for statement in line.split(","): | ||
if ": " not in statement: | ||
continue | ||
|
||
key, value = statement.split(": ") | ||
yield KeyValuePair(key, value, line=lineno) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.