Skip to content

Commit 1f33957

Browse files
rgmzrgmz
authored
feat(detectors): create azure refresh token (#2978)
1 parent 6d3ba1f commit 1f33957

File tree

8 files changed

+691
-11
lines changed

8 files changed

+691
-11
lines changed

pkg/detectors/azure_entra/common.go

+8-1
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,8 @@ var (
2424
// https://learn.microsoft.com/en-us/microsoft-365/admin/setup/domains-faq?view=o365-worldwide#why-do-i-have-an--onmicrosoft-com--domain
2525
tenantIdPat = regexp.MustCompile(fmt.Sprintf(
2626
//language=regexp
27-
`(?i)(?:(?:login\.microsoftonline\.com/|(?:login|sts)\.windows\.net/|(?:t[ae]n[ae]nt(?:[ ._-]?id)?|\btid)(?:.|\s){0,60}?)(%s)|https?://(%s)|X-AnchorMailbox(?:.|\s){0,60}?@(%s))`,
27+
`(?i)(?:(?:login\.microsoftonline\.com/|(?:login|sts)\.windows\.net/|(?:t[ae]n[ae]nt(?:[ ._-]?id)?|\btid)(?:.|\s){0,60}?)(%s)|https?://(%s)|X-AnchorMailbox(?:.|\s){0,60}?@(%s)|/(%s)/(?:oauth2/v2\.0|B2C_1\w+|common|discovery|federationmetadata|kerberos|login|openid/|reprocess|resume|saml2|token|uxlogout|v2\.0|wsfed))`,
28+
uuidStr,
2829
uuidStr,
2930
uuidStr,
3031
uuidStr,
@@ -47,9 +48,13 @@ func FindTenantIdMatches(data string) map[string]struct{} {
4748
m = strings.ToLower(match[2])
4849
} else if match[3] != "" {
4950
m = strings.ToLower(match[3])
51+
} else if match[4] != "" {
52+
m = strings.ToLower(match[4])
5053
}
5154
if _, ok := detectors.UuidFalsePositives[detectors.FalsePositive(m)]; ok {
5255
continue
56+
} else if detectors.StringShannonEntropy(m) < 3 {
57+
continue
5358
}
5459
uniqueMatches[m] = struct{}{}
5560
}
@@ -66,6 +71,8 @@ func FindClientIdMatches(data string) map[string]struct{} {
6671
m := strings.ToLower(match[1])
6772
if _, ok := detectors.UuidFalsePositives[detectors.FalsePositive(m)]; ok {
6873
continue
74+
} else if detectors.StringShannonEntropy(m) < 3 {
75+
continue
6976
}
7077
uniqueMatches[m] = struct{}{}
7178
}

pkg/detectors/azure_entra/common_test.go

+36
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ type testCase struct {
1212
}
1313

1414
func runPatTest(t *testing.T, tests map[string]testCase, matchFunc func(data string) map[string]struct{}) {
15+
t.Helper()
1516
for name, test := range tests {
1617
t.Run(name, func(t *testing.T) {
1718
matches := matchFunc(test.Input)
@@ -122,6 +123,41 @@ tenant_id = "57aabdfc-6ce0-4828-94a2-9abe277892ec"`,
122123
"974fde14-c3a4-481b-9b03-cfce182c3a07": {},
123124
},
124125
},
126+
"oauth paths": {
127+
Input: ` "authPath": "/9b4bfaea-dd1c-4add-b1de-e10f51c65fd3/oauth2/v2.0/authorize",
128+
/32896ed7-d559-401b-85cf-167143d61be0/B2C_1A_Tapio_Signin/v2.0
129+
/461858f4-9c0d-46e0-a9e6-aefc4889aad6/B2C_1_sign_up_or_sign_in/SelfAsserted?tx=S
130+
-ArgumentList "/3f548be2-31e9-4681-839e-bc80d461f367/common/oauth2/authorize"
131+
"jwks_uri": "/6babcaad-604b-40ac-a9d7-9fd97c0b779f/discovery/keys",
132+
MetadataLocation = "/b55f0c51-61a7-45c3-84df-33569b247796/federationmetadata/2007-06/federationmetadata.xml?appid=3245199b-1a5d-42df-93ce-e64ac7f5b938
133+
"kerberos_endpoint": "/a4067d12-2fc0-4367-a213-9e4031cbc173/kerberos",
134+
/b2326b8a-059d-48ca-96ac-8d8d5d841860/login
135+
"userinfo_endpoint": "/6ba4caad-604b-40ac-a9d7-9fd97c0b779f/openid/userinfo"
136+
…en-US","urlLogin":"/9673e9a8-aa57-4461-9336-5fd3f0034e18/reprocess?ctx=rQIIAZ2QvWvbQA…
137+
/6c912b97-d9f0-4472-a96a-d82de2f1d438/resume?ctx=rQIIAZVTP
138+
// /aa8306d8-5417-43cc-b8e8-7e77b918682c/v2.0/.well-known/openid-configuration
139+
// /051aeb51-408b-403b-b95c-4ff3b303a08a/token
140+
"/4a5378f9-29f4-4d3e-be89-669d03ada9d8/uxlogout"
141+
/dc38a67a-f981-4e24-ba16-4443ada44484/wsfed
142+
`,
143+
Expected: map[string]struct{}{
144+
"051aeb51-408b-403b-b95c-4ff3b303a08a": {},
145+
"32896ed7-d559-401b-85cf-167143d61be0": {},
146+
"3f548be2-31e9-4681-839e-bc80d461f367": {},
147+
"461858f4-9c0d-46e0-a9e6-aefc4889aad6": {},
148+
"4a5378f9-29f4-4d3e-be89-669d03ada9d8": {},
149+
"6ba4caad-604b-40ac-a9d7-9fd97c0b779f": {},
150+
"6babcaad-604b-40ac-a9d7-9fd97c0b779f": {},
151+
"6c912b97-d9f0-4472-a96a-d82de2f1d438": {},
152+
"9673e9a8-aa57-4461-9336-5fd3f0034e18": {},
153+
"9b4bfaea-dd1c-4add-b1de-e10f51c65fd3": {},
154+
"a4067d12-2fc0-4367-a213-9e4031cbc173": {},
155+
"aa8306d8-5417-43cc-b8e8-7e77b918682c": {},
156+
"b2326b8a-059d-48ca-96ac-8d8d5d841860": {},
157+
"b55f0c51-61a7-45c3-84df-33569b247796": {},
158+
"dc38a67a-f981-4e24-ba16-4443ada44484": {},
159+
},
160+
},
125161
"x-anchor-mailbox": {
126162
// The tenantID can be encoded in this parameter.
127163
// https://github.com/AzureAD/microsoft-authentication-library-for-python/blob/95a63a7fe97d91b99979e5bf78e03f6acf40a286/msal/application.py#L185-L186

0 commit comments

Comments
 (0)