Database connection strings are used to connect to databases, often with embedded credentials. version: v0.1
Comments / Notes:
-
This will spot connection strings for many databases, including MySQL, PostgreSQL, Oracle, SQL Server
-
To cut FPs, we require the start of the string to be a database-specific keyword
Pattern Format
[^;"\x00-\x08]+Start Pattern
("|")(([Ss]erver|[Pp]rovider|[Dd]atabase|[Uu]ser [Ii]d|[Dd]ata [Ss]ource|[Ee]ndpoint|[Dd]efault[Ee]nd[Pp]oints[Pp]rotocol|[Aa]ccountName|[Da]ata[Ss]ource|[Aa]uthentication|[Ll]ogin|[Ii]nitial[Cc]atalog|DB|Trusted_Connection|authenticationType|DSN|[Dd]ata[Ss]ource[Nn]ame|[Ii]ntegrated[Ss]ecurity|[Ll]ocation|[Ee]ncrypt|[Ss]ystem|[Pp]rotocol|[Hh]ost|[Pp]ort|SRVR|[Dd]river|Dbq|[Ss]sl[Mm]ode|SSL|[Uu]id|DBNAME|SystemDB|[Pp]ersist [Ss]ecurity [Ii]nfo|[Cc]onnection [Tt]ype|[Dd]ata[Ss]ource[Nn]ame|[Ee]xcel [Ff]ile|[Ss]erver [Nn]ame|URL)=[^"]+;) ?([Pp]assword|[Pp]wd|[Ss]hared[Ss]ecret[Vv]alue|[Aa]ccount[Kk]ey|PW|pw|[Cc]ipher [Kk]ey|OAuth Access Token Secret)=End Pattern
(;|"|")Additional Matches
Add these additional matches to the Secret Scanning Custom Pattern.
-
Not Match:
^(%(\.\*)?s|\$[a-zA-Z_]+|<[a-zA-Z_]+>|\{[a-zA-Z_]*\}|\[[a-zA-Z_]+\]|%[A-Z_]+%|\.\*|\[\^])$
-
Not Match:
parameters\('[^']+'\)
Database connection strings are used to connect to databases, often with embedded credentials. version: v0.1
Comments / Notes:
-
This will spot connection strings for many databases, including MySQL, PostgreSQL, Oracle, SQL Server
-
To cut FPs, we require part of the string after the password to be a database-specific keyword
Pattern Format
[^;"\x00-\x08]+Start Pattern
(?i)("|")([Pp]assword|[Pp]wd|[Ss]hared[Ss]ecret[Vv]alue|[Aa]ccount[Kk]ey|PW|pw|[Cc]ipher [Kk]ey|OAuth Access Token Secret)=End Pattern
;[^";]* ?([Ss]erver|[Pp]rovider|[Dd]atabase|[Uu]ser [Ii]d|[Dd]ata [Ss]ource|[Ee]ndpoint|[Dd]efault[Ee]nd[Pp]oints[Pp]rotocol|[Aa]ccountName|[Da]ata[Ss]ource|[Aa]uthentication|[Ll]ogin|[Ii]nitial[Cc]atalog|DB|Trusted_Connection|authenticationType|DSN|[Dd]ata[Ss]ource[Nn]ame|[Ii]ntegrated[Ss]ecurity|[Ll]ocation|[Ee]ncrypt|[Ss]ystem|[Pp]rotocol|[Hh]ost|[Pp]ort|SRVR|[Dd]river|Dbq|[Ss]sl[Mm]ode|SSL|[Uu]id|DBNAME|SystemDB|[Pp]ersist [Ss]ecurity [Ii]nfo|[Cc]onnection [Tt]ype|[Dd]ata[Ss]ource[Nn]ame|[Ee]xcel [Ff]ile|[Ss]erver [Nn]ame|URL)=Additional Matches
Add these additional matches to the Secret Scanning Custom Pattern.
-
Not Match:
^(%(\.\*)?s|\$[a-zA-Z_]+|<[a-zA-Z_]+>|\{[a-zA-Z_]+\}|\[[a-zA-Z_]+\]|%[A-Z_]+%|\.\*)$
-
Not Match:
parameters\('[^']+'\)
Database connection strings are used to connect to databases, often with embedded credentials. version: v0.1
Comments / Notes:
- This will spot the ConnectionStrings__Default env var being set with a Password
Pattern Format
[^;\r\n"'\x00-\x08]+Start Pattern
(\A|\b)ConnectionStrings__Default=[^\r\n]*([Pp]assword|[Pp]wd|[Ss]hared[Ss]ecret[Vv]alue|[Aa]ccount[Kk]ey|PW|pw|[Cc]ipher [Kk]ey|OAuth Access Token Secret)=End Pattern
([;\n]|\z)Additional Matches
Add these additional matches to the Secret Scanning Custom Pattern.
-
Not Match:
^(%(\.\*)?s|\$[a-zA-Z_]+|<[a-zA-Z_]+>|\$?\{[a-zA-Z_]+\}|\[[a-zA-Z_]+\]|%[A-Z_]+%|\.\*)$
A TSQL CREATE LOGIN or USER command using a password version: v0.1
Comments / Notes:
- This is specific to Microsoft SQL Server TSQL syntax
Pattern Format
[^'\x00-\x08]{8,128}Start Pattern
(\A|\b)CREATE\s+(LOGIN|USER)\s+[^\s\x00-\x08]+\s+WITH\s+PASSWORD\s+=\s+N?'End Pattern
\'