Skip matches containing strings using blacklisted_strings

[j0k2r]

Hi,

I'm running the SecretScanner in local mode using the docker image:
docker run --rm -v /tmp/vulnerable_repo:/target -v /tmp/test_sec:/artifacts deepfenceio/deepfence_secret_scanner -config-path /artifacts -debug-level DEBUG -multi-match -maximum-file-size 512 -max-multi-match 5 -json-filename report.json -output-path /artifacts -local /target

The tool works perfectly, and it detect all the repository secrets.

But in some cases the target repositories may contain files with meta attributes. For example:

{
    "mariadb": {
        "host": "MARIADB_HOST",
        "port": "MARIADB_PORT",
        "rootMariaPwd": "MYSQL_ROOT_PASSWORD_EXAMPLE",
    },
}

I'm triying to whitelist all the matches containing the string _EXAMPLE with no success:

# Secret Scanner Configuration File

blacklisted_extensions: []
blacklisted_paths: []
blacklisted_strings:
- _EXAMPLE

signatures:
- name: Generic credentials
  part: contents
  regex: (?i)(?:'|"){0,1}(?:[a-z0-9\-_.]{0,25})(?:key|api|apikey|token|secret|client|pass|pwd|passwd|password|auth|cred|authentication)(?:[0-9a-z\-_\s.]{0,20})(?:'|"){0,1}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=){0,5}([0-9a-z\-_\.=:@!]{8,512})['|\"|\n|\r|\s]
  regextype: 'large'
  severity: high
  severityscore: 10

Is there something wrong with my configuration ? or it is a SecretScanner bug ?

[j0k2r]

I tested the configuration file using shhgit and the scan works fine and all the matches containing _EXAMPLE are whitelisted.

[mukuldeepfence]

We have validated this scenario is working fine

please try this in the config file -

Secret Scanner Configuration File

blacklisted_extensions: []
blacklisted_paths: []
blacklisted_strings: ['_EXAMPLE']

and entries in the list object blacklisted_strings is case sensitive.

Please feel free to comment back if you find the issue still

[j0k2r]

Thanks for the answer, but I ended up creating a new secret scanner project: Secrets Hunter