add Temporal API key to scanner #83
Conversation
mattkim
changed the title
|
I did take a look at this, and a check over GitHub Code Search with the regex revealed the potential for false positives, even without deeper testing. Could you tighten up on length constraints on the two alphanumeric parts of the pattern please? At the moment the lack of a lower limit means it can easily match on variable names in code. Knowing the exact lengths of those alphanumeric parts could really make the FP potential plummet. |
There was a problem hiding this comment.
I did take a look at this, and a check over GitHub Code Search with the regex revealed the potential for false positives, even without deeper testing.
Could you tighten up on length constraints on the two alphanumeric parts of the pattern please? At the moment the lack of a lower limit means it can easily match on variable names in code.
Knowing the exact lengths of those alphanumeric parts could really make the FP potential plummet.
|
@mattkim if you've got time to take a look at the requested changes I asked for then I can look at retesting and merging the pattern |
I added patterns for Temporal API keys.
Every Temporal API key has a prefix "tmprl_" follow by two alphanumeric ids.
Pending tests passing.