From 7abe34da84760b81a860023658e44e944d13b944 Mon Sep 17 00:00:00 2001 From: Suhas Vishwanath Date: Wed, 2 Nov 2022 19:27:07 +0530 Subject: [PATCH] #404 Add comma separator in password detection pattern --- .talismanrc | 2 +- detector/pattern/pattern_detector.go | 2 +- detector/pattern/pattern_detector_test.go | 5 ++++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.talismanrc b/.talismanrc index afac5cf3..b3446c1c 100644 --- a/.talismanrc +++ b/.talismanrc @@ -21,7 +21,7 @@ fileignoreconfig: - filename: detector/pattern/match_pattern_test.go checksum: c95b8106ced5ad34ec1d00773a05f8789715034a734197c93cdaa4ed5036c177 - filename: detector/pattern/pattern_detector.go - checksum: 98c4edddc95b4b974ed9b3e4f48079f2503b5c85309fadf37878a3d28de31e72 + checksum: 78cddc944d4092ae2e88535d04f05281784848a990fb55a9d38339f29080a239 - filename: detector/pattern/pattern_detector_test.go checksum: 4d70b790f28f2d23d506f808d489aa43f1efd2514549ae6a83a535e1223382e3 - filename: detector/pattern_detector_test.go diff --git a/detector/pattern/pattern_detector.go b/detector/pattern/pattern_detector.go index 3a428b0a..cb134823 100644 --- a/detector/pattern/pattern_detector.go +++ b/detector/pattern/pattern_detector.go @@ -18,7 +18,7 @@ type PatternDetector struct { var ( detectorPatterns = []*severity.PatternSeverity{ - {Pattern: regexp.MustCompile(`(?i)((.*)(password|passphrase|secret|key|pwd|pword|pass)(.*) *[:=>][^,;\n]{8,})`), Severity: severity.SeverityConfiguration["PasswordPhrasePattern"]}, + {Pattern: regexp.MustCompile(`(?i)((.*)(password|passphrase|secret|key|pwd|pword|pass)(.*) *[:=>,][^,;\n]{8,})`), Severity: severity.SeverityConfiguration["PasswordPhrasePattern"]}, {Pattern: regexp.MustCompile(`(?i)((:)(password|passphrase|secret|key|pwd|pword|pass)(.*) *[ ][^,;\n]{8,})`), Severity: severity.SeverityConfiguration["PasswordPhrasePattern"]}, {Pattern: regexp.MustCompile(`(?i)(['"_]?pw['"]? *[:=][^,;\n]{8,})`), Severity: severity.SeverityConfiguration["PasswordPhrasePattern"]}, {Pattern: regexp.MustCompile(`(?i)(\S*)`), Severity: severity.SeverityConfiguration["ConsumerKeyPattern"]}, diff --git a/detector/pattern/pattern_detector_test.go b/detector/pattern/pattern_detector_test.go index adc69812..36bfd02d 100644 --- a/detector/pattern/pattern_detector_test.go +++ b/detector/pattern/pattern_detector_test.go @@ -29,6 +29,9 @@ func TestShouldDetectPasswordPatterns(t *testing.T) { shouldPassDetectionOfSecretPattern(filename, []byte(values[i]+"=UnsafeString"), t) shouldPassDetectionOfSecretPattern(filename, []byte("."+values[i]+"=randomStringGoesHere}"), t) shouldPassDetectionOfSecretPattern(filename, []byte(":"+values[i]+" randomStringGoesHere"), t) + shouldPassDetectionOfSecretPattern(filename, []byte(values[i]+" ,\"randomStringGoesHere\""), t) + shouldPassDetectionOfSecretPattern(filename, []byte("'" + values[i]+"' ,\"randomStringGoesHere\""), t) + shouldPassDetectionOfSecretPattern(filename, []byte("\"" + values[i]+"\" ,\"randomStringGoesHere\""), t) shouldPassDetectionOfSecretPattern(filename, []byte("\"SERVER_"+strings.ToUpper(values[i])+"\" : UnsafeString"), t) @@ -55,7 +58,7 @@ func TestShouldDetectPasswordPatterns(t *testing.T) { shouldFailDetectionOfSecretPattern(filename, []byte("\"pAsSWoRD\" :1234567"), t) shouldFailDetectionOfSecretPattern(filename, []byte(`setPassword("12345678")`), t) - shouldFailDetectionOfSecretPattern(filename, []byte(`setenv(password, "12345678")`), t) + shouldFailDetectionOfSecretPattern(filename, []byte(`setenv(password,123456)`), t) shouldFailDetectionOfSecretPattern(filename, []byte(`random=12345678)`), t) }