Skip to content

Commit 09a5df7

Browse files
authored
Remove obsolete GitLab token patterns (#781)
* remove obsolete Gitlab tokens * custom ref for BM * fix BM
1 parent 8172bbb commit 09a5df7

File tree

13 files changed

+66
-831
lines changed

13 files changed

+66
-831
lines changed

.ci/benchmark.txt

Lines changed: 53 additions & 55 deletions
Large diffs are not rendered by default.

.github/workflows/benchmark.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ jobs:
3131
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - 2024.10.23
3232
with:
3333
repository: Samsung/CredData
34-
ref: 82bb772f02d9940e5729afd6359502fa44276bad
34+
ref: 0155194e93ec8572bbf3a10ae90e88703ac722e5
3535

3636
- name: Markup hashing
3737
run: |
@@ -87,7 +87,7 @@ jobs:
8787
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - 2024.10.23
8888
with:
8989
repository: Samsung/CredData
90-
ref: 82bb772f02d9940e5729afd6359502fa44276bad
90+
ref: 0155194e93ec8572bbf3a10ae90e88703ac722e5
9191

9292
- name: Markup hashing
9393
run: |
@@ -190,7 +190,7 @@ jobs:
190190
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - 2024.10.23
191191
with:
192192
repository: Samsung/CredData
193-
ref: 82bb772f02d9940e5729afd6359502fa44276bad
193+
ref: 0155194e93ec8572bbf3a10ae90e88703ac722e5
194194

195195
- name: Markup hashing
196196
run: |
@@ -378,7 +378,7 @@ jobs:
378378
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - 2024.10.23
379379
with:
380380
repository: Samsung/CredData
381-
ref: 82bb772f02d9940e5729afd6359502fa44276bad
381+
ref: 0155194e93ec8572bbf3a10ae90e88703ac722e5
382382

383383
- name: Markup hashing
384384
run: |

.github/workflows/check.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -92,7 +92,7 @@ jobs:
9292
run: |
9393
banner="$(python -m credsweeper --banner | head -1)"
9494
echo "banner = '${banner}'"
95-
if [ "CredSweeper 1.13.2 crc32:8a90cc18" != "${banner}" ]; then
95+
if [ "CredSweeper 1.13.2 crc32:ad013eee" != "${banner}" ]; then
9696
echo "Update the check for '${banner}'"
9797
exit 1
9898
fi

credsweeper/rules/config.yaml

Lines changed: 0 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -1121,32 +1121,6 @@
11211121
- code
11221122
- doc
11231123

1124-
- name: Gitlab Incoming Email Token
1125-
severity: info
1126-
confidence: weak
1127-
type: pattern
1128-
values:
1129-
- (?:^|[^0-9A-Za-z_+-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>[a-z0-9]{24,25})(?![=0-9A-Za-z_/+-])
1130-
filter_type: WeirdBase36Token
1131-
min_line_len: 24
1132-
required_regex: "[0-9A-Za-z_/+-]{15}"
1133-
target:
1134-
- code
1135-
- doc
1136-
1137-
- name: Gitlab Feed Token
1138-
severity: info
1139-
confidence: weak
1140-
type: pattern
1141-
values:
1142-
- (?:^|[^0-9A-Za-z_+-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>[0-9A-Za-z_-]{20})(?![=0-9A-Za-z_/+-])
1143-
filter_type: WeirdBase64Token
1144-
min_line_len: 20
1145-
required_regex: "[0-9A-Za-z_/+-]{15}"
1146-
target:
1147-
- code
1148-
- doc
1149-
11501124
- name: Hashicorp Vault Token
11511125
severity: high
11521126
confidence: strong

tests/__init__.py

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,22 +1,22 @@
11
from pathlib import Path
22

33
# total number of files in test samples
4-
SAMPLES_FILES_COUNT = 169
4+
SAMPLES_FILES_COUNT = 167
55

66
# the lowest value of ML threshold is used to display possible lowest values
77
NEGLIGIBLE_ML_THRESHOLD = 0.0001
88

99
# with option --doc & NEGLIGIBLE_ML_THRESHOLD
10-
SAMPLES_IN_DOC = 885
10+
SAMPLES_IN_DOC = 882
1111

1212
# credentials count after scan without filters and ML validations
13-
SAMPLES_REGEX_COUNT = 750
13+
SAMPLES_REGEX_COUNT = 727
1414

1515
# credentials count after scan with filters and without ML validation
16-
SAMPLES_FILTERED_COUNT = 542
16+
SAMPLES_FILTERED_COUNT = 539
1717

1818
# credentials count after default post-processing
19-
SAMPLES_POST_CRED_COUNT = 470
19+
SAMPLES_POST_CRED_COUNT = 467
2020

2121
# archived credentials that are not found without --depth
2222
SAMPLES_IN_DEEP_1 = SAMPLES_POST_CRED_COUNT + 138

tests/data/depth_3_pedantic.json

Lines changed: 1 addition & 64 deletions
Original file line numberDiff line numberDiff line change
@@ -202,7 +202,7 @@
202202
"rule": "API",
203203
"severity": "low",
204204
"confidence": "moderate",
205-
"ml_probability": 0.974,
205+
"ml_probability": 0.974,
206206
"line_data_list": [
207207
{
208208
"line": "gi_reo_gi_api = \"DvMB_glvwjlEQ_uqIyn8k\";",
@@ -5712,48 +5712,6 @@
57125712
}
57135713
]
57145714
},
5715-
{
5716-
"rule": "Gitlab Incoming Email Token",
5717-
"severity": "info",
5718-
"confidence": "weak",
5719-
"ml_probability": null,
5720-
"line_data_list": [
5721-
{
5722-
"line": "var email_t = '7e4v6v5j2nepcc8f5zvatgl9g';",
5723-
"line_num": 1,
5724-
"path": "./tests/samples/gitlab_email_token",
5725-
"info": "FILE:./tests/samples/gitlab_email_token|RAW",
5726-
"variable": null,
5727-
"variable_start": -2,
5728-
"variable_end": -2,
5729-
"value": "7e4v6v5j2nepcc8f5zvatgl9g",
5730-
"value_start": 15,
5731-
"value_end": 40,
5732-
"entropy": 4.13366
5733-
}
5734-
]
5735-
},
5736-
{
5737-
"rule": "Gitlab Feed Token",
5738-
"severity": "info",
5739-
"confidence": "weak",
5740-
"ml_probability": null,
5741-
"line_data_list": [
5742-
{
5743-
"line": "feed_n = 'o9aEaH32LN618KhF7e_L'",
5744-
"line_num": 1,
5745-
"path": "./tests/samples/gitlab_feed_token",
5746-
"info": "FILE:./tests/samples/gitlab_feed_token|RAW",
5747-
"variable": null,
5748-
"variable_start": -2,
5749-
"variable_end": -2,
5750-
"value": "o9aEaH32LN618KhF7e_L",
5751-
"value_start": 10,
5752-
"value_end": 30,
5753-
"entropy": 4.12193
5754-
}
5755-
]
5756-
},
57575715
{
57585716
"rule": "Gitlab Prefix Token",
57595717
"severity": "high",
@@ -13520,27 +13478,6 @@
1352013478
}
1352113479
]
1352213480
},
13523-
{
13524-
"rule": "Gitlab Incoming Email Token",
13525-
"severity": "info",
13526-
"confidence": "weak",
13527-
"ml_probability": null,
13528-
"line_data_list": [
13529-
{
13530-
"line": " \"hook\": \"https://hooks.slack.com/services/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\",",
13531-
"line_num": 1,
13532-
"path": "./tests/samples/slack_webhook.template",
13533-
"info": "FILE:./tests/samples/slack_webhook.template|RAW",
13534-
"variable": null,
13535-
"variable_start": -2,
13536-
"variable_end": -2,
13537-
"value": "sjsbfzowhhqbsgftrvajxzpg",
13538-
"value_start": 69,
13539-
"value_end": 93,
13540-
"entropy": 3.88684
13541-
}
13542-
]
13543-
},
1354413481
{
1354513482
"rule": "Azure Secret Value",
1354613483
"severity": "high",

tests/data/doc.json

Lines changed: 0 additions & 63 deletions
Original file line numberDiff line numberDiff line change
@@ -13986,48 +13986,6 @@
1398613986
}
1398713987
]
1398813988
},
13989-
{
13990-
"rule": "Gitlab Incoming Email Token",
13991-
"severity": "info",
13992-
"confidence": "weak",
13993-
"ml_probability": null,
13994-
"line_data_list": [
13995-
{
13996-
"line": "var email_t = '7e4v6v5j2nepcc8f5zvatgl9g';",
13997-
"line_num": 1,
13998-
"path": "./tests/samples/gitlab_email_token",
13999-
"info": "FILE:./tests/samples/gitlab_email_token|RAW",
14000-
"variable": null,
14001-
"variable_start": -2,
14002-
"variable_end": -2,
14003-
"value": "7e4v6v5j2nepcc8f5zvatgl9g",
14004-
"value_start": 15,
14005-
"value_end": 40,
14006-
"entropy": 4.13366
14007-
}
14008-
]
14009-
},
14010-
{
14011-
"rule": "Gitlab Feed Token",
14012-
"severity": "info",
14013-
"confidence": "weak",
14014-
"ml_probability": null,
14015-
"line_data_list": [
14016-
{
14017-
"line": "feed_n = 'o9aEaH32LN618KhF7e_L'",
14018-
"line_num": 1,
14019-
"path": "./tests/samples/gitlab_feed_token",
14020-
"info": "FILE:./tests/samples/gitlab_feed_token|RAW",
14021-
"variable": null,
14022-
"variable_start": -2,
14023-
"variable_end": -2,
14024-
"value": "o9aEaH32LN618KhF7e_L",
14025-
"value_start": 10,
14026-
"value_end": 30,
14027-
"entropy": 4.12193
14028-
}
14029-
]
14030-
},
1403113989
{
1403213990
"rule": "Gitlab Prefix Token",
1403313991
"severity": "high",
@@ -18504,27 +18462,6 @@
1850418462
}
1850518463
]
1850618464
},
18507-
{
18508-
"rule": "Gitlab Incoming Email Token",
18509-
"severity": "info",
18510-
"confidence": "weak",
18511-
"ml_probability": null,
18512-
"line_data_list": [
18513-
{
18514-
"line": "\"hook\": \"https://hooks.slack.com/services/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\",",
18515-
"line_num": 1,
18516-
"path": "./tests/samples/slack_webhook.template",
18517-
"info": "FILE:./tests/samples/slack_webhook.template|RAW",
18518-
"variable": null,
18519-
"variable_start": -2,
18520-
"variable_end": -2,
18521-
"value": "sjsbfzowhhqbsgftrvajxzpg",
18522-
"value_start": 69,
18523-
"value_end": 93,
18524-
"entropy": 3.88684
18525-
}
18526-
]
18527-
},
1852818465
{
1852918466
"rule": "Azure Secret Value",
1853018467
"severity": "high",

0 commit comments

Comments
 (0)