Skip to content

Commit b91053b

Browse files
babenekbabenek
committed
[skip actions] [keyword] 2025-03-16T13:00:48+02:00
1 parent 33e361c commit b91053b

20 files changed

Lines changed: 1334 additions & 1395 deletions

credsweeper/common/keyword_pattern.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ class KeywordPattern:
4040
r"|" \
4141
r"(?(url_esc)[^\s`'\",;\\&]|[^\s`'\",;\\])" \
4242
r")){3,8000}" \
43-
r"|(\{[^}]{3,8000}\})" \
43+
r"|(\$?\{[^}]{3,8000}\})" \
4444
r"|(<[^>]{3,8000}>)" \
4545
r")" # <value>
4646
right_quote = r"(?(value_leftquote)" \

credsweeper/filters/__init__.py

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,6 @@
2222
from credsweeper.filters.value_entropy_base36_check import ValueEntropyBase36Check
2323
from credsweeper.filters.value_entropy_base64_check import ValueEntropyBase64Check
2424
from credsweeper.filters.value_file_path_check import ValueFilePathCheck
25-
from credsweeper.filters.value_first_word_check import ValueFirstWordCheck
2625
from credsweeper.filters.value_github_check import ValueGitHubCheck
2726
from credsweeper.filters.value_grafana_check import ValueGrafanaCheck
2827
from credsweeper.filters.value_grafana_service_check import ValueGrafanaServiceCheck

credsweeper/filters/group/group.py

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
from credsweeper.common.constants import GroupType
55
from credsweeper.config import Config
66
from credsweeper.filters import (Filter, LineSpecificKeyCheck, ValueAllowlistCheck, ValueArrayDictionaryCheck,
7-
ValueBlocklistCheck, ValueCamelCaseCheck, ValueFilePathCheck, ValueFirstWordCheck,
7+
ValueBlocklistCheck, ValueCamelCaseCheck, ValueFilePathCheck,
88
ValueLastWordCheck, ValueMethodCheck, ValueNotAllowedPatternCheck, ValuePatternCheck,
99
ValueSimilarityCheck, ValueStringTypeCheck, ValueTokenCheck, ValueHexNumberCheck)
1010

@@ -39,7 +39,6 @@ def get_keyword_base_filters(config: Config) -> List[Filter]:
3939
ValueBlocklistCheck(),
4040
ValueCamelCaseCheck(),
4141
ValueFilePathCheck(),
42-
ValueFirstWordCheck(),
4342
ValueHexNumberCheck(),
4443
ValueLastWordCheck(),
4544
ValueMethodCheck(),

credsweeper/filters/group/url_credentials_group.py

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
from credsweeper.config import Config
33
from credsweeper.filters import (ValueAllowlistCheck, ValueArrayDictionaryCheck, ValueBlocklistCheck,
44
ValueCamelCaseCheck, ValueDictionaryValueLengthCheck, ValueFilePathCheck,
5-
ValueFirstWordCheck, ValueLastWordCheck, ValueMethodCheck, ValueNotAllowedPatternCheck,
5+
ValueLastWordCheck, ValueMethodCheck, ValueNotAllowedPatternCheck,
66
ValuePatternCheck, ValueStringTypeCheck, ValueTokenCheck)
77
from credsweeper.filters.group import Group
88

@@ -23,7 +23,6 @@ def __init__(self, config: Config) -> None:
2323
ValueBlocklistCheck(),
2424
ValueCamelCaseCheck(),
2525
ValueFilePathCheck(),
26-
ValueFirstWordCheck(),
2726
ValueLastWordCheck(),
2827
ValueMethodCheck(),
2928
ValueStringTypeCheck(config),

credsweeper/filters/value_allowlist_check.py

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -54,14 +54,11 @@ def run(self, line_data: LineData, target: AnalysisTarget) -> bool:
5454
True, if need to filter candidate and False if left
5555
5656
"""
57-
58-
if self.ALLOWED_PATTERN.match(line_data.value):
59-
return True
60-
elif line_data.is_well_quoted_value:
61-
if self.ALLOWED_QUOTED_PATTERN.match(line_data.value):
57+
if line_data.is_well_quoted_value:
58+
if self.ALLOWED_PATTERN.match(line_data.value) or self.ALLOWED_QUOTED_PATTERN.match(line_data.value):
6259
return True
6360
else:
64-
if self.ALLOWED_UNQUOTED_PATTERN.match(line_data.value):
61+
value = line_data.wrap + line_data.value if line_data.wrap else line_data.value
62+
if self.ALLOWED_PATTERN.match(value) or self.ALLOWED_UNQUOTED_PATTERN.match(value):
6563
return True
66-
6764
return False

credsweeper/filters/value_first_word_check.py

Lines changed: 0 additions & 38 deletions
This file was deleted.

credsweeper/rules/config.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -890,7 +890,7 @@
890890
confidence: moderate
891891
type: keyword
892892
values:
893-
- nonce
893+
- (?<!\\)nonce
894894
filter_type: GeneralKeyword
895895
use_ml: true
896896
min_line_len: 13

tests/common/test_keyword_pattern.py

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44
from credsweeper.config import Config
55
from credsweeper.credentials import LineData
66
from credsweeper.utils import Util
7+
from tests.filters.conftest import KEYWORD_PASSWORD_PATTERN
78

89

910
class TestKeywordPattern:
@@ -143,18 +144,19 @@ def test_separator_p(self, config: Config, file_path: pytest.fixture, line: str)
143144
["password=${array[@]:7:2}", "${array[@]:7:2}"],
144145
["password=${1#*=}", "${1#*=}"],
145146
["A2 ID:master,PW:dipPr10Gg!","dipPr10Gg!"],
147+
["pass=get->pass(arg1='seCreT', arg2='secRet2'...","seCreT"]
146148
])
147149
def test_keyword_pattern_p(self, config: Config, file_path: pytest.fixture, line: str, value: str) -> None:
148-
pattern = KeywordPattern.get_keyword_pattern(r"(?<!by)pass(?!ed|ing|es|\s+[a-z]{3,80})|pw(d|\b)")
150+
149151
line_data = LineData(config,
150152
line,
151153
0,
152154
1,
153155
file_path,
154156
Util.get_extension(file_path),
155157
info="dummy",
156-
pattern=pattern)
157-
assert line_data.value == value, pattern.pattern
158+
pattern=KEYWORD_PASSWORD_PATTERN)
159+
assert line_data.value == value, KEYWORD_PASSWORD_PATTERN.pattern
158160

159161
@pytest.mark.parametrize("line", [
160162
"https://fonts.googleapis.com/css2?family=Montserrat:wght@500;700;900&family=Roboto:wght@300;400;500;700;900"

0 commit comments

Comments
 (0)