feat: added github tokens pattern

danielc92 · Oct 4, 2023 · f9dd1bd · f9dd1bd
1 parent 70f33ce
commit f9dd1bd
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 4 deletions.
diff --git a/main.js b/main.js
@@ -74,9 +74,15 @@ module.exports = {
 
       // SECURITY: SECRETS (ZERO TOLERANCE)
       'no-secrets/no-secrets': ["error",{
-            // ignore entropy of <4
+            // note: default is 4
             "tolerance":4, 
-            // ignore uuid patterns
+            "additionalRegexes": { 
+               // source https://gist.github.com/magnetikonline/073afe7909ffdd6f10ef06a00bc3bc88#combined-together
+               "Github tokens": "^(gh[ps]_[a-zA-Z0-9]{36}|github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59})$",
+               "Basic Auth": "Authorization: Basic [A-Za-z0-9+/=]*",
+
+            },
+            // ignore uuid pattern
             "ignoreContent": "^[0-9a-fA-F]{8}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{4}\b-[0-9a-fA-F]{12}$"
             }],
 

diff --git a/src/__tests__/index.spec.ts b/src/__tests__/index.spec.ts
@@ -4,7 +4,7 @@ describe('.eslintrc.js suite', () => {
     it.each<{
       testName: string,
       input: Array<string>,
-      output: Array<{ruleId: string, severity: 0 | 1 | 2}>
+      output: Array<{ruleId: string, severity: 0 | 1 | 2, message?: string}>
    }>([
        {
            testName: 'eslint-core',
@@ -171,7 +171,13 @@ describe('.eslintrc.js suite', () => {
                {
                    ruleId: 'no-secrets/no-secrets',
                    severity: 2 
-               } 
+               },
+               {
+                   ruleId: 'no-secrets/no-secrets',
+                   severity: 2,
+                   message: 'Found a string that matches \"Github tokens\" : \"ghp_l7UAFAKYE1x5ydDUpwNUekMCXfmIAi2LCJNo\"'
+
+               }
            ]
        },
        {
@@ -226,6 +232,7 @@ describe('.eslintrc.js suite', () => {
        const res = await cli.lintFiles(input);
 
        // console.log(res[0].messages.map((x) => x.ruleId));
+       console.log(JSON.stringify(res, null, 2));
        expect(res[0].messages).toEqual(
            expect.arrayContaining(
                output.map((obj) => expect.objectContaining(obj))

diff --git a/src/testing-files/secret-plugin/index.ts b/src/testing-files/secret-plugin/index.ts
@@ -1 +1,3 @@
 const myAwsKeyShouldNotBehere = 'AKIAIOSFODNN7EXAMPLE';
+
+const sampleGithubToken = 'ghp_l7UAFAKYE1x5ydDUpwNUekMCXfmIAi2LCJNo';