Skip to content

Commit

Permalink
#404 Add comma separator in password detection pattern
Browse files Browse the repository at this point in the history
  • Loading branch information
Suhas Vishwanath authored and jmatias committed Feb 3, 2023
1 parent 7dbcd0b commit 7abe34d
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 3 deletions.
2 changes: 1 addition & 1 deletion .talismanrc
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ fileignoreconfig:
- filename: detector/pattern/match_pattern_test.go
checksum: c95b8106ced5ad34ec1d00773a05f8789715034a734197c93cdaa4ed5036c177
- filename: detector/pattern/pattern_detector.go
checksum: 98c4edddc95b4b974ed9b3e4f48079f2503b5c85309fadf37878a3d28de31e72
checksum: 78cddc944d4092ae2e88535d04f05281784848a990fb55a9d38339f29080a239
- filename: detector/pattern/pattern_detector_test.go
checksum: 4d70b790f28f2d23d506f808d489aa43f1efd2514549ae6a83a535e1223382e3
- filename: detector/pattern_detector_test.go
Expand Down
2 changes: 1 addition & 1 deletion detector/pattern/pattern_detector.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ type PatternDetector struct {

var (
detectorPatterns = []*severity.PatternSeverity{
{Pattern: regexp.MustCompile(`(?i)((.*)(password|passphrase|secret|key|pwd|pword|pass)(.*) *[:=>][^,;\n]{8,})`), Severity: severity.SeverityConfiguration["PasswordPhrasePattern"]},
{Pattern: regexp.MustCompile(`(?i)((.*)(password|passphrase|secret|key|pwd|pword|pass)(.*) *[:=>,][^,;\n]{8,})`), Severity: severity.SeverityConfiguration["PasswordPhrasePattern"]},
{Pattern: regexp.MustCompile(`(?i)((:)(password|passphrase|secret|key|pwd|pword|pass)(.*) *[ ][^,;\n]{8,})`), Severity: severity.SeverityConfiguration["PasswordPhrasePattern"]},
{Pattern: regexp.MustCompile(`(?i)(['"_]?pw['"]? *[:=][^,;\n]{8,})`), Severity: severity.SeverityConfiguration["PasswordPhrasePattern"]},
{Pattern: regexp.MustCompile(`(?i)(<ConsumerKey>\S*</ConsumerKey>)`), Severity: severity.SeverityConfiguration["ConsumerKeyPattern"]},
Expand Down
5 changes: 4 additions & 1 deletion detector/pattern/pattern_detector_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,9 @@ func TestShouldDetectPasswordPatterns(t *testing.T) {
shouldPassDetectionOfSecretPattern(filename, []byte(values[i]+"=UnsafeString"), t)
shouldPassDetectionOfSecretPattern(filename, []byte("."+values[i]+"=randomStringGoesHere}"), t)
shouldPassDetectionOfSecretPattern(filename, []byte(":"+values[i]+" randomStringGoesHere"), t)
shouldPassDetectionOfSecretPattern(filename, []byte(values[i]+" ,\"randomStringGoesHere\""), t)
shouldPassDetectionOfSecretPattern(filename, []byte("'" + values[i]+"' ,\"randomStringGoesHere\""), t)
shouldPassDetectionOfSecretPattern(filename, []byte("\"" + values[i]+"\" ,\"randomStringGoesHere\""), t)
shouldPassDetectionOfSecretPattern(filename,
[]byte("\"SERVER_"+strings.ToUpper(values[i])+"\" : UnsafeString"),
t)
Expand All @@ -55,7 +58,7 @@ func TestShouldDetectPasswordPatterns(t *testing.T) {

shouldFailDetectionOfSecretPattern(filename, []byte("\"pAsSWoRD\" :1234567"), t)
shouldFailDetectionOfSecretPattern(filename, []byte(`setPassword("12345678")`), t)
shouldFailDetectionOfSecretPattern(filename, []byte(`setenv(password, "12345678")`), t)
shouldFailDetectionOfSecretPattern(filename, []byte(`setenv(password,123456)`), t)
shouldFailDetectionOfSecretPattern(filename, []byte(`random=12345678)`), t)
}

Expand Down

0 comments on commit 7abe34d

Please sign in to comment.