diff --git a/.ge_ignore b/.ge_ignore index 1e00058..69189dc 100644 --- a/.ge_ignore +++ b/.ge_ignore @@ -1,50 +1,67 @@ -*go-earlybird* -*.jpg -*.png -*.bmp -*.svg -*.mp3 -*.wav -*.ogg -*.gif -*.tif -*.tiff -*.psd -*.xcf -*.gz -*.tar -*.7z -*.pyc -*.git* -*vendor* -*/bin/* -*/binaries/* -*/pom.xml* -*/release.properties -*/dependency-reduced-pom.xml -*.DS_Store -*/.classpath -*/.checkstyle -*.class -*hs_err_pid* -*/.idea -*.iml -*.vertx -*.swf -*.exe -*.bin -*.min.js -*.ttf -*.eot -*.html -*.woff -*.otf -*.xsd -*.xjb -*.ico -*.pdf -*.docx -*.css -*jquery* -*/node_modules/* -*.lock \ No newline at end of file +**/*go-earlybird* +**/*.jpg +**/*.png +**/*.bmp +**/*.svg +**/*.mp3 +**/*.wav +**/*.ogg +**/*.gif +**/*.tif +**/*.tiff +**/*.psd +**/*.xcf +**/*.gz +**/*.tar +**/*.7z +**/*.pyc +**/*.git* +**/*.svn* +**/*vendor* +**/bin/* +**/binaries/* +**/pom.xml* +**/release.properties +**/dependency-reduced-pom.xml +**/*.DS_Store +**/.classpath +**/.checkstyle +**/*.class +**/*hs_err_pid* +**/.idea +**/*.iml +**/*.vertx +**/*.swf +**/*.exe +**/*.bin +**/*.min.js +**/*.js.map +**/*.debug.js +**/*.bundled.js +**/*.ts.map +**/*.min.map +**/*.ttf +**/*.eot +**/*.html +**/*.woff +**/*.otf +**/*.xsd +**/*.xjb +**/*.ico +**/*.pdf +**/*.docx +**/*.scss +**/*.less +**/*.css +**/*.css.map +**/*.min.css +**/*jquery* +**/node_modules/* +**/*.lock +**/package-lock.json +**/*LICENSE* +**/npm-shrinkwrap.json +**/*.g4 +**/go.sum +**/CHANGELOG* +**/changelog-archive/* diff --git a/LICENSE.txt b/LICENSE.txt index 799441e..9c35075 100644 --- a/LICENSE.txt +++ b/LICENSE.txt @@ -186,7 +186,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. -Copyright 2020 American Express Travel Related Services Company, Inc. +Copyright 2021 American Express Travel Related Services Company, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/README.md b/README.md index c10ff61..2ee94e0 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,7 @@ $ go-earlybird --git=https://github.com/americanexpress/earlybird - [False Positives - How are they managed? How do I filter them?](./docs/FALSEPOSITIVES.md) - [Labels - What are labels? How do I create my own?](./docs/LABELS.md) - [Ignore - How do I skip lines or files intentionally?](./docs/IGNORE.md) + - [Inclusivity - How do I perform an inclusivity scan?](./docs/INCLUSIVITY.md) ## Why Are We Doing This? diff --git a/build.bat b/build.bat index 02c2d94..e8f88ed 100644 --- a/build.bat +++ b/build.bat @@ -1,5 +1,5 @@ :: -:: Copyright 2020 American Express +:: Copyright 2021 American Express :: :: Licensed under the Apache License, Version 2.0 (the "License"); :: you may not use this file except in compliance with the License. diff --git a/build.sh b/build.sh index f88a286..1dc5253 100755 --- a/build.sh +++ b/build.sh @@ -1,7 +1,7 @@ #!/bin/sh # -# Copyright 2020 American Express +# Copyright 2021 American Express # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/config/ccnumber.json b/config/ccnumber.json deleted file mode 100644 index 634a5db..0000000 --- a/config/ccnumber.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "Searcharea":"body", - "rules": [ - { - "Code": 2001, - - "Pattern": "[^\\.](\\b3[47]\\d{13}\\b)", - "Caption": "Potential American Express credit card number in file", - "Category": "cc-number", - "Example": "\"378282246310005\"", - "SolutionID": 7, - "Severity": 2, - "Confidence": 2, - "Postprocess": "mod10", - "CWE": ["CWE-312"] - } - ] -} diff --git a/config/common.json b/config/common.json deleted file mode 100644 index 6bfb7ee..0000000 --- a/config/common.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "Searcharea": "body", - "rules": [ - { - "Code": 1002, - "Pattern": "(?i)\"p[a4@][s$][s$]w[o0]rd([#!@]?(123)?)?\"", - "Caption": "Potential default password in file", - "Category": "password-secret", - "Example": "\"password\"", - "SolutionID": 8, - "Severity": 2, - "Confidence": 3, - "Postprocess": "password", - "CWE": ["CWE-521", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 1061, - "Pattern": "(?i)['\"]ch[a@]ngeme['\"]", - "Caption": "Potential default password in file", - "Category": "password-secret", - "Example": "\"changeme\"", - "SolutionID": 8, - "Severity": 2, - "Confidence": 4, - "Postprocess": "", - "CWE": ["CWE-521", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 1068, - "Pattern": "(?i)1q2w3e4r", - "Caption": "Potential default password in file", - "Category": "password-secret", - "Example": "1q2w3e4r", - "SolutionID": 8, - "Severity": 2, - "Confidence": 3, - "Postprocess": "", - "CWE": ["CWE-521", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 1072, - "Pattern": "(?i)admin[1-3]", - "Caption": "Potential default password in file", - "Category": "password-secret", - "Example": "admin1", - "SolutionID": 8, - "Severity": 2, - "Confidence": 3, - "Postprocess": "", - "CWE": ["CWE-521", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 1073, - "Pattern": "(?i)1qaz@WSX", - "Caption": "Potential default password in file", - "Category": "password-secret", - "Example": "1qaz@WSX", - "SolutionID": 8, - "Severity": 2, - "Confidence": 3, - "Postprocess": "", - "CWE": ["CWE-521", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 1074, - "Pattern": "(?i)letmein", - "Caption": "Potential default password in file", - "Category": "password-secret", - "Example": "letmein", - "SolutionID": 8, - "Severity": 2, - "Confidence": 3, - "Postprocess": "", - "CWE": ["CWE-521", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 1074, - "Pattern": "(?i)w2e3r4t5", - "Caption": "Potential default password in file", - "Category": "password-secret", - "Example": "password = 'w2e3r4t5'", - "SolutionID": 8, - "Severity": 2, - "Confidence": 3, - "Postprocess": "", - "CWE": ["CWE-521", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 1074, - "Pattern": "(?i)password.+winter|spring|summer|autumn|fall", - "Caption": "Potential default password in file", - "Category": "password-secret", - "Example": "password = 'autumn2019'", - "SolutionID": 8, - "Severity": 2, - "Confidence": 3, - "Postprocess": "", - "CWE": ["CWE-521", "CWE-312", "CWE-257", "CWE-259"] - } - ] -} diff --git a/config/content.json b/config/content.json deleted file mode 100644 index 2d73ba6..0000000 --- a/config/content.json +++ /dev/null @@ -1,893 +0,0 @@ -{ - "Searcharea": "body", - "rules": [ - { - "Code": 3001, - "Pattern": "(?i)(['\"]?\\w*password['\"]? ?[:=] ?(['\"][^'\"]{4,}['\"]))", - "Caption": "Potential password in file", - "Category": "password-secret", - "Example": "password = 'foobar'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3003, - "Pattern": "(?i)(['\"]?pw['\"]? ?[:=] ?(['\"][^'\"]{4,}['\"]|[0-9a-z\\-_@#!%\\^\\?\\*&\\$~]{4,}))", - "Caption": "Potential password in file", - "Category": "password-secret", - "Example": "pw='xxxx'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 4, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3004, - "Pattern": "(?i)(['\"]?pass['\"]? ?[:=] ?(['\"][^'\"]{4,}['\"]|[0-9a-z\\-_@#!%\\^\\?\\*&\\$~]{4,}))", - "Caption": "Potential password in file", - "Category": "password-secret", - "Example": "pass='xxxx'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 4, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3005, - "Pattern": "(?i)(['\"]?pword['\"]? ?[:=] ?(['\"][^'\"]{4,}['\"]|[0-9a-z\\-_@#!%\\^\\?\\*&\\$~]{4,}))", - "Caption": "Potential password in file", - "Category": "password-secret", - "Example": "pword='xxxx'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 4, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3006, - "Pattern": "(?i)(['\"]?passphrase['\"]? ?[:=] ?(['\"][^'\"]{4,}['\"]|[0-9a-z\\-_@#!%\\^\\?\\*&\\$~]{4,}))", - "Caption": "Potential passphrase in file", - "Category": "password-secret", - "Example": "passphrase='xxxx'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3007, - "Pattern": "(?i)(<[^(><.)]*password[^(><.)]*>[^(><.)]+<\/[^(><.)]*password[^(><.)]*>)", - "Caption": "Potential password in file", - "Category": "password-secret", - "Example": "foobar<\/password>", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3008, - "Pattern": "(?i)(<[^(><.)]*passphrase[^(><.)]*>[^(><.)]+<\/[^(><.)]*passphrase[^(><.)]*>)", - "Caption": "Potential passphrase in file", - "Category": "password-secret", - "Example": "foobar<\/passphrase>", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3009, - "Pattern": "(?i)([^<\\n]*<\/ConsumerKey>)", - "Caption": "Potential key in file", - "Category": "key", - "Example": "foobar<\/ConsumerKey>", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3010, - "Pattern": "(?i)([^<\\n]*<\/ConsumerSecret>)", - "Caption": "Potential password key in file", - "Category": "key", - "Example": "foobar<\/ConsumerSecret>", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3013, - "Pattern": "\\b(\\+\\d{1,2}[-\\. ])?\\(?\\d{3}\\)?[-\\. ]\\d{3}[-\\. ]\\d{4}\\b", - "Caption": "Potential phone number in file", - "Category": "infrastructure", - "Example": "'480-123-1234'", - "SolutionID": 2, - "Severity": 3, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3014, - "Pattern": "([a-zA-Z0-9_\\-\\.]+)@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.)|(([a-zA-Z0-9\\-]+\\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\\]?)", - "Caption": "Potential email address in file", - "Category": "infrastructure", - "Example": "example@example.com", - "SolutionID": 2, - "Severity": 4, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3015, - "Pattern": "((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))", - "Caption": "Potential IPv4 Address in file", - "Category": "infrastructure", - "Example": "8.8.8.8", - "SolutionID": 3, - "Severity": 4, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3016, - "Pattern": "['\">\\s](([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})['\"<\\s]", - "Caption": "Potential IPv6 Address in file", - "Category": "infrastructure", - "Example": "'2001:0db8:85a3:0000:0000:8a2e:0370:7334'", - "SolutionID": 3, - "Severity": 4, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3017, - "Pattern": "\\b(\\d{3}-\\d{2}-\\d{4})\\b", - "Caption": "Potential SSN in file", - "Category": "pii", - "Example": "123-45-7890", - "SolutionID": 2, - "Severity": 1, - "Confidence": 2, - "Postprocess": "ssn", - "CWE": ["CWE-312"] - }, - { - "Code": 3018, - "Pattern": "[^\\.](?:\\b[A-Z]{2}\\d{2} ?\\d{4} ?\\d{4} ?\\d{4} ?\\d{4} ?[\\d]{0,2}\\b)", - "Caption": "Potential IBAN in file", - "Category": "pii", - "Example": "'DE00 0000 0000 0000 0000 00'", - "SolutionID": 2, - "Severity": 1, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3019, - "Pattern": "([^\\s:/?#]+):\/\/([^/?#\\s]*)([^?#\\s]*)(\\?([^#\\s]*))?(#([^\\s]*))?", - "Caption": "Potential URL in file", - "Category": "infrastructure", - "Example": "http:\/\/example.com\/", - "SolutionID": 3, - "Severity": 4, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3020, - "Pattern": "(\\b[0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2}\\b)", - "Caption": "Potential MAC address in file", - "Category": "infrastructure", - "Example": "00:1B:44:11:3A:B7", - "SolutionID": 3, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3021, - "Pattern": "(?i)(['\"]?passwrd['\"]? ?[:=] ?(['\"][^'\"]{4,}['\"]|[0-9a-z\\-_@#!%\\^\\?\\*&\\$~]{4,}))", - "Caption": "Potential password in file", - "Category": "password-secret", - "Example": "passwrd = 'foobar'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3022, - "Pattern": "(?i)(['\"]?passwd['\"]? ?[:=] ?(['\"][^'\"]{4,}['\"]|[0-9a-z\\-_@#!%\\^\\?\\*&\\$~]{4,}))", - "Caption": "Potential password in file", - "Category": "password-secret", - "Example": "passwd = 'foobar'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3023, - "Pattern": "(BEGIN (RSA|OPENSSH|DSA|EC|PGP) PRIVATE KEY)", - "Caption": "Private key in file", - "Category": "key", - "Example": "BEGIN RSA PRIVATE KEY", - "SolutionID": 1, - "Severity": 1, - "Confidence": 1, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3024, - "Pattern": "(AKIA[0-9A-Z]{16})", - "Caption": "Potential Cloud key in file", - "Category": "key", - "Example": "AKIAIOSFODNN7EXAMPLE", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3025, - "Pattern": "(?i)(\/\/|\/\\*|\\*|#).{0,4}(BUG|HACK|FIXME|TODO|SORRY|TEMPORARY|TMP)", - "Caption": "Suspicious comment", - "Category": "comment", - "Example": "/*TODO FIXME fixed this bug with a temporary hack. TODO rewrite in future*/", - "SolutionID": 4, - "Severity": 3, - "Confidence": 4, - "Postprocess": "", - "CWE": ["CWE-546"] - }, - { - "Code": 3026, - "Pattern": "(?i)(['\"]?secret['\"]? ?[:=] ?(['\"][^'\"]{3,}['\"]|[0-9a-z\\-_@#!%\\^\\?\\*&\\$~]+))", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "secret = 'foobar'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3027, - "Pattern": "(?i)(['\"]?secretkey['\"]? ?[:=] ?(['\"][^'\"]{4,}['\"]|[0-9a-z\\-_@#!%\\^\\?\\*&\\$~]{4,}))", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "secretKey = 'foobar'", - "SolutionID": 1, - "Severity": 1, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3028, - "Pattern": "(BEGIN DSA PRIVATE KEY)", - "Caption": "Private key in file", - "Category": "key", - "Example": "BEGIN DSA PRIVATE KEY", - "SolutionID": 1, - "Severity": 1, - "Confidence": 1, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3029, - "Pattern": "(?i)(oauth.appSecret ?[:=] ?([^\\s]+))", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "oauth.appSecret = 'foobar'", - "SolutionID": 1, - "Severity": 1, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3030, - "Pattern": "(?i)(AWS Secret Access Key [^:]*: ?([^\\s]+))", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKFE", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3031, - "Pattern": "(BEGIN EC PRIVATE KEY)", - "Caption": "Private key in file", - "Category": "key", - "Example": "BEGIN EC PRIVATE KEY", - "SolutionID": 1, - "Severity": 1, - "Confidence": 1, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3032, - "Pattern": "(?i)(appSecret ?[:=] ?(['\"][^'\"]{4,}['\"]|[0-9a-z\\-_@#!%\\^\\?\\*&\\$~]{4,}))", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "appsecret='xxxx'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3033, - "Pattern": "(?i)(clientSecret ?[:=] ?(['\"][^'\"]{4,}['\"]|[0-9a-z\\-_@#!%\\^\\?\\*&\\$~]{4,}))", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "clientsecret='xxxx'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3034, - "Pattern": "(?i)(['\"]client_secret['\"] ?[:=] ?(['\"][^'\"]{4,}['\"]|[0-9a-z\\-_@#!%\\^\\?\\*&\\$~]{4,}))", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "'client_secret': 'foobar'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3035, - "Pattern": "(?i)(['\"]?auth_key['\"]? ?[:=] ?(['\"][^'\"]{4,}['\"]|[0-9a-z\\-_@#!%\\^\\?\\*&\\$~]{4,}))", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "auth_key='xxxx'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3036, - "Pattern": "(?i)(['\"]?secret_key['\"]? ?[:=] ?(['\"][^'\"]{4,}['\"]|[0-9a-z\\-_@#!%\\^\\?\\*&\\$~]{4,}))", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "secret_key='xxxx'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3037, - "Pattern": "(?i)(['\"]?_token['\"]? ?[:=] ?['\"]?[0-9a-zA-Z\\.\\-_]{12,}['\"]?)", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "auth_token='xxx123xxx345xxx678'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3038, - "Pattern": "(BEGIN PGP PRIVATE KEY)", - "Caption": "Private key in file", - "Category": "key", - "Example": "BEGIN PGP PRIVATE KEY", - "SolutionID": 5, - "Severity": 1, - "Confidence": 1, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3039, - "Pattern": "(?i)['\"]?(aws_access_key_id)['\"]? ?[:=] ?['\"][^'\"]{4,}['\"]", - "Caption": "Private key in file", - "Category": "key", - "Example": "aws_access_key_id = \"test\"", - "SolutionID": 5, - "Severity": 1, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3040, - "Pattern": "(?i)['\"]?(google_access_token)['\"]? ?[:=] ?['\"][^'\"]{4,}['\"]", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "google_access_token = \"test\"", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3041, - "Pattern": "(?i)(ya29.[0-9a-zA-Z_\\-]{68})", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "ya29Xaz65xnSOi45O5wyRaaeONDHqenVAMXmxObLMZq-vQihlleznZAbCHHWr6Gz3J7DKuyQf", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3042, - "Pattern": "(?i)['\"]?(google_api)['\"]? ?[:=] ?['\"][^'\"]{4,}['\"]", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "google_api = \"test\"", - "SolutionID": 1, - "Severity": 2, - "Confidence": 3, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3043, - "Pattern": "(?i)(AIzaSy[0-9a-zA-Z_\\-]{33})", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "AIzaSyQ4kHseoBZiO7anxQJ2IzlfzfMLjNU5ma_", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3044, - "Pattern": "(?i)['\"]?(slack_xoxb)['\"]? ?[:=] ?['\"][^'\"]{4,}['\"]", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "slack_xoxb = \"test\"", - "SolutionID": 1, - "Severity": 2, - "Confidence": 3, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3045, - "Pattern": "(?i)(xox[pboa]-\\d+-\\d+-\\d+-[0-9a-f]+)", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "xoxa-123-123-123-012af", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3046, - "Pattern": "(?i)(Mapbox Secure Key)", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "Mapbox Secure Key", - "SolutionID": 1, - "Severity": 2, - "Confidence": 3, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3047, - "Pattern": "(?i)(xox[sp]-[0-9]{10}-[0-9]{10}-[0-9]{12}-[a-z0-9]{32})", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "xoxs-0260321744-0287945347-015035651542-oxtp6n0z7yibj63vndve9gsej96k5k4s", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3048, - "Pattern": "(?i)(\\/\\/registry\\.npmjs\\.org\\/:_authToken=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "\/\/registry.npmjs.org\/:_authToken=77a13b56-f6c9-0294-57b0-b635f6260064", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3049, - "Pattern": "(?i)(['\"]?pwd['\"]? ?[:=] ?(['\"][^'\"]{4,}['\"]|[0-9a-z\\-_@#!%\\^\\?\\*&\\$~]{4,}))", - "Caption": "Potential password in file", - "Category": "password-secret", - "Example": "pwd='xxxx'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 4, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3050, - "Pattern": "[^\\.](?:\\b([1,2][ ]?[0-9]{2}[ ]?[01235][0-9][ ]?[0-9A-Z]{5}[ ]?[0-9]{3}[ ]?[0-9]{2})\\b)", - "Caption": "Potential National ID in file", - "Category": "pii", - "Example": "'2 98 39 FTUT4 270 18'", - "SolutionID": 2, - "Severity": 1, - "Confidence":4, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3051, - "Pattern": "[^\\.](?:\\b([a-zA-Z]){3}([Pp]){1}([a-zA-Z]){1}([0-9]){4}([a-zA-Z]){1}?\\b)", - "Caption": "Potential National ID in file", - "Category": "pii", - "Example": " aaaPa0000a ", - "SolutionID": 2, - "Severity": 1, - "Confidence":4, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3052, - "Pattern": "[^\\.](?:\\b[a-z]{3}[cphfatblj][a-z]\\d{4}[a-z]\\b)", - "Caption": "Potential National ID in file", - "Category": "pii", - "Example": " aaaaa1234a ", - "SolutionID": 2, - "Severity": 1, - "Confidence":4, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3053, - "Pattern": "(?:\\b([A-Z][AEIOUX][A-Z]{2}\\d{2}(?:0[1-9]|1[0-2])(?:0[1-9][12]\\d|3[01])[HM](?:AS|B[CS]|C[CLMSH]|D[FG]|G[TR]|HG|JC|M[CNS]|N[ETL]|OC|PL|Q[TR]|S[PLR]|T[CSL]|VZ|YN|ZS)[B-DF-HJ-NP-TV-Z]{3}[A-Z\\d])(\\d)\\b)", - "Caption": "Potential National ID in file", - "Category": "pii", - "Example": " AAAA11010110HASBBBA0 ", - "SolutionID": 2, - "Severity": 1, - "Confidence":4, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3054, - "Pattern": "[^\\.](?:\\b[A-CEGHJ-PR-TW-Z]{1}[A-CEGHJ-NPR-TW-Z]{1}[0-9]{6}[A-DFM]{0,1}\\b)", - "Caption": "Potential National ID in file", - "Category": "pii", - "Example": " LB692783B ", - "SolutionID": 2, - "Severity": 1, - "Confidence":4, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3055, - "Pattern": "[^\\.](?:\\b[0-9]{10}GBR[0-9]{7}[UMF]{1}[0-9]{9}\\b)", - "Caption": "Potential Passport Number in file", - "Category": "pii", - "Example": " 6205398466GBR5472550F247957610 ", - "SolutionID": 2, - "Severity": 1, - "Confidence":3, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3056, - "Pattern": "[^\\.](?:\\b[A-Z0-9<]{9}[0-9]{1}[A-Z]{3}[0-9]{7}[A-Z]{1}[0-9]{7}[A-Z0-9<]{14}[0-9]{2}\\b)", - "Caption": "Potential Passport Number in file", - "Category": "pii", - "Example": " 3FQ84GBUQ0THN1026257U9982208J24VDKZA1KB15H54 ", - "SolutionID": 2, - "Severity": 1, - "Confidence":3, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3057, - "Pattern": "(?i)(['\"]?\\w*password['\"]? ?[:=] ?[0-9a-z\\-_@#! %\\^\\?\\*&\\$~]{4,})", - "Caption": "Potential password in file", - "Category": "password-secret", - "Example": "password=foobar", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3058, - "Pattern": "(?i)(DESede|3DES|TRIPLEDES)[-_a-zA-Z]*\\(.*\\)", - "Caption": "Potential deprecated cryptographic method in file", - "Category": "insecure-crypto", - "Example": "3DES(password)", - "SolutionID": 6, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-327"] - }, - { - "Code": 3059, - "Pattern": "(?i)(abcdefghijklmnopqrstuvwxyz0?123456789)", - "Caption": "Potential insecure cryptographic method in file", - "Category": "insecure-crypto", - "Example": "abcdefghijklmnopqrstuvwxyz0123456789", - "SolutionID": 6, - "Severity": 2, - "Confidence": 3, - "Postprocess": "", - "CWE": ["CWE-327", "CWE-338"] - }, - { - "Code": 3060, - "Pattern": "(?i)(mysql|oracle|odbc|jdbc|postgresql|mongodb|mongo):\/\/\\w{3,}:\\w{3,}(@[^\/]{3,}\/)", - "Caption": "Potential insecure db connection string", - "Category": "password-secret", - "Example": "mysql://joeblow:mypassword@foo.bar.baz/", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3061, - "Pattern": "[0-9]{2}[0,1][0-9][0-9]{2}-[A-Z]-[0-9]{5}", - "Caption": "Potential National ID in file", - "Category": "pii", - "Example": "500152-R-10396", - "SolutionID": 2, - "Severity": 1, - "Confidence":4, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3062, - "Pattern": "[0-9]{3}/?[0-9]{4}/?[0-9]{4}", - "Caption": "Potential National ID in file", - "Category": "pii", - "Example": "340/4782/5834", - "SolutionID": 2, - "Severity": 1, - "Confidence":4, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3063, - "Pattern": "[0-9]{2}[0-9]{2}[0,1][0-9][0-9]{2}[A-Z][0-9]{2}[0-9]", - "Caption": "Potential National ID in file", - "Category": "pii", - "Example": "92550824E222", - "SolutionID": 2, - "Severity": 1, - "Confidence":4, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3064, - "Pattern": "[A-Z]{6}[0-9]{2}[A-E,H,L,M,P,R-T][0-9]{2}[A-Z0-9]{5}", - "Caption": "Potential National ID in file", - "Category": "pii", - "Example": "EULISU81S08O22BQ", - "SolutionID": 2, - "Severity": 1, - "Confidence":4, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3065, - "Pattern": "heroku.*[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}", - "Caption": "Potential cloud key in file", - "Category": "password-secret", - "Example": "heroku: 'A0AAA0AA-aAaa-AAAA-aaAA-Aa00AaAA0a0A'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3066, - "Pattern": "github.*['\"'\"'\"][a-zA-Z0-9]{35,40}['\"'\"'\"]", - "Caption": "Potential repository key in file", - "Category": "password-secret", - "Example": "github: 'aaaAaA0A0a00aAaA0a0aA0AAaaaAAa0Aa00'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3067, - "Pattern": "facebook.*['\"'\"'\"][0-9a-f]{32,255}['\"'\"'\"]", - "Caption": "Potential social media key in file", - "Category": "password-secret", - "Example": "facebook: 'a00000aa0aaa0aa0a00aa00a00000aaa0a000a0a0aaa0a0a0a00aa00a000aaa0'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3068, - "Pattern": "twitter.*['\"'\"'\"][a-zA-Z0-9]{35,44}['\"'\"'\"]", - "Caption": "Potential social media key in file", - "Category": "password-secret", - "Example": "twitter: '0aaAaA0AAAA0000a0a0A0a0aaa0AaAA0a0a'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3069, - "Pattern": "(?i)(SKIPJACK)[-_a-zA-Z]*\\(.*\\)", - "Caption": "Potential deprecated cryptographic method in file", - "Category": "insecure-crypto", - "Example": "SKIPJACK(password)", - "SolutionID": 6, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-327"] - }, - { - "Code": 3070, - "Pattern": "(?i)(RIPEMD160)[-_a-zA-Z]*\\(.*\\)", - "Caption": "Potential deprecated cryptographic method in file", - "Category": "insecure-crypto", - "Example": "RIPEMD160(password)", - "SolutionID": 6, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-327"] - }, - { - "Code": 3071, - "Pattern": "(?i)(blowfish)[-_a-zA-Z]*\\(.*\\)", - "Caption": "Potential deprecated cryptographic method in file", - "Category": "insecure-crypto", - "Example": "blowfish(password)", - "SolutionID": 6, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-327"] - }, - { - "Code": 3072, - "Pattern": "(?i)(MD5)[-_a-zA-Z]*\\(.*\\)", - "Caption": "Potential deprecated cryptographic method in file", - "Category": "insecure-crypto", - "Example": "MD5(password)", - "SolutionID": 6, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-327"] - }, - { - "Code": 3073, - "Pattern": "(?i)(MD4)[-_a-zA-Z]*\\(.*\\)", - "Caption": "Potential deprecated cryptographic method in file", - "Category": "insecure-crypto", - "Example": "MD4(password)", - "SolutionID": 6, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-327"] - }, - { - "Code": 3074, - "Pattern": "(?i)(MD2)[-_a-zA-Z]*\\(.*\\)", - "Caption": "Potential deprecated cryptographic method in file", - "Category": "insecure-crypto", - "Example": "MD2(password)", - "SolutionID": 6, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-327"] - }, - { - "Code": 3075, - "Pattern": "(?i)(SHA1)[-_a-zA-Z]*\\(.*\\)", - "Caption": "Potential deprecated cryptographic method in file", - "Category": "insecure-crypto", - "Example": "SHA1(password)", - "SolutionID": 6, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-327"] - }, - { - "Code": 3076, - "Pattern": "(?i)(RC2)[-_a-zA-Z]*\\(.*\\)", - "Caption": "Potential deprecated cryptographic method in file", - "Category": "insecure-crypto", - "Example": "RC2(password)", - "SolutionID": 6, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-327"] - }, - { - "Code": 3077, - "Pattern": "(?i)(RC4)[-_a-zA-Z]*\\(.*\\)", - "Caption": "Potential deprecated cryptographic method in file", - "Category": "insecure-crypto", - "Example": "RC4(password)", - "SolutionID": 6, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-327"] - } - ] -} diff --git a/config/earlybird.json b/config/earlybird.json index b8a22a7..8b30d48 100644 --- a/config/earlybird.json +++ b/config/earlybird.json @@ -1,31 +1,5 @@ { - "modules": [ - { - "name": "ccnumber", - "default_enabled": true, - "config_url": "https://raw.githubusercontent.com/americanexpress/earlybird/master/config/ccnumber.json" - }, - { - "name": "common", - "default_enabled": true, - "config_url": "https://raw.githubusercontent.com/americanexpress/earlybird/master/config/common.json" - }, - { - "name": "content", - "default_enabled": true, - "config_url": "https://raw.githubusercontent.com/americanexpress/earlybird/master/config/content.json" - }, - { - "name": "entropy", - "default_enabled": false, - "config_url": "https://raw.githubusercontent.com/americanexpress/earlybird/master/config/entropy.json" - }, - { - "name": "filename", - "default_enabled": true, - "config_url": "https://raw.githubusercontent.com/americanexpress/earlybird/master/config/filename.json" - } - ], + "config_base_url": "https://raw.githubusercontent.com/americanexpress/earlybird/main/config/rules", "finding_levels": [ { "level_name": "critical", @@ -42,13 +16,47 @@ { "level_name": "low", "level_id": 4 + }, + { + "level_name": "info", + "level_id": 5 } ], - "text_ignore_patterns": ["EARLYBIRD-IGNORE","EB-IGNORE"], - "filename_skip_text_scanning_extensions": [".pem",".p12",".pkcs12",".jks",".ppk",".pfx",".asc",".private_key",".keychain",".keystore",".keyring",".pcap",".htpasswd",".kwallet",".tblk",".min.js",".js.map",".css",".min.css",".woff",".ttf",".otf",".png",".gif",".jpg",".jpeg",".svg",".tiff"], + "text_ignore_patterns": ["EARLYBIRD-IGNORE", "EB-IGNORE"], + "filename_skip_text_scanning_extensions": [ + ".pem", + ".p12", + ".pkcs12", + ".jks", + ".ppk", + ".pfx", + ".asc", + ".private_key", + ".keychain", + ".keystore", + ".keyring", + ".pcap", + ".htpasswd", + ".kwallet", + ".tblk", + ".min.js", + ".js.map", + ".css", + ".min.css", + ".woff", + ".ttf", + ".otf", + ".png", + ".gif", + ".jpg", + ".jpeg", + ".svg", + ".tiff" + ], "fail_threshold_level": 2, "display_threshold_level": 3, "display_confidence_threshold_level": 2, - "earlybird_config_url": "https://raw.githubusercontent.com/americanexpress/earlybird/master/config/earlybird.json", - "version": "1.25.0" -} \ No newline at end of file + "earlybird_config_url": "https://raw.githubusercontent.com/americanexpress/earlybird/main/config/earlybird.json", + "version": "2.0.0", + "name": "earlybird" +} diff --git a/config/entropy.json b/config/entropy.json deleted file mode 100644 index 2675f11..0000000 --- a/config/entropy.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "Searcharea": "body", - "rules": [ - { - "Code": 5001, - "Pattern": "('[^'\\s]{12,64}'|\"[^\"\\s]{12,64}\")", - "Caption": "High entropy string -- potential password", - "Category": "password-secret", - "Example": "'b6SxM4UwRm1dBqTG4zIVU6rcBy1QhnfQKmSZOnmR6fS7ZvuCxf1C1uQFNI9CVWzH'", - "SolutionID": 1, - "Severity": 3, - "Confidence": 3, - "Postprocess": "entropy", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - } - ] -} diff --git a/config/false-positives.json b/config/false-positives.json deleted file mode 100644 index 40120d6..0000000 --- a/config/false-positives.json +++ /dev/null @@ -1,440 +0,0 @@ -{ - "rules": [ - { - "Codes": [3013], - "Pattern": "(000-000-0000)", - "FileExtensions": [], - "UseFullLine": false, - "Description": "Ignore a false positive phone number" - }, - { - "Codes": [3058,3069,3070,3071,3072,3073,3074,3075], - "Pattern": ".*", - "FileExtensions": [".md", ".txt", ".doc", ".pdf", ".docx", ".csv", ".html", ".htm"], - "UseFullLine": false, - "Description": "Ignore deprecated crypto in documents" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "\\$\\{.*\\}", - "FileExtensions": [".xml", ".sh", ".gradle"], - "UseFullLine": false, - "Description": "Ignore ENV variable references in XML and SH files" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)password ?[:=] ?none", - "FileExtensions": [], - "UseFullLine": false, - "Description": "Ignore password=None" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "\\['[^']*'\\]", - "FileExtensions": [], - "UseFullLine": false, - "Description": "Ignore array values" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "\\*{4,}", - "FileExtensions": [], - "UseFullLine": false, - "Description": "Ignore password='******', assuming at least 4 * consecutively" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)password ?[:=] ?(string|self|this)", - "FileExtensions": [], - "UseFullLine": false, - "Description": "Ignore field definition" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)\\bX{3,}\\b", - "FileExtensions": [], - "UseFullLine": false, - "Description": "Ignore placeholder values of XXX" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)\\b(true|false)\\b", - "FileExtensions": [], - "UseFullLine": false, - "Description": "Ignore password field definitions using true|false" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)(reset|change|update|forget|forgot|incorrect)[ \\.(password)]", - "FileExtensions": [], - "UseFullLine": true, - "Description": "Ignore password reset|change|update|forgot password strings" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)(['\"]#form\\.)", - "FileExtensions": [], - "UseFullLine": true, - "Description": "Ignore CF form placeholders" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)(['\"]password: ?['\"])", - "FileExtensions": [".js",".html"], - "UseFullLine": false, - "Description": "Ignore password patterns that appear to be script functions" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)(getvalue|setvalue|properties|property|constant| string |function|utils\\.|\\.get|\\(\\)| new | def | static |\\.of\\()", - "FileExtensions": [], - "UseFullLine": true, - "Description": "Ignore password patterns that appear to be script functions" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)({)", - "FileExtensions": [], - "UseFullLine": true, - "Description": "Ignore password patterns that appear to be script functions" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)\\btext\\b", - "FileExtensions": [".json"], - "UseFullLine": false, - "Description": "Ignore password field definition in json files" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "\\b(string|null|int|bool|float)\\b", - "FileExtensions": [], - "UseFullLine": true, - "Description": "Ignore variable types as password values" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)(password ?= ?[a-z]+\\.[a-z]*password)", - "FileExtensions": [], - "UseFullLine": true, - "Description": "Ignore variable definitions as password values" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)(password ?= ?.*password[a-z]*;)", - "FileExtensions": [], - "UseFullLine": true, - "Description": "Ignore variable definitions as password values" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)(\\];)", - "FileExtensions": [], - "UseFullLine": true, - "Description": "Ignore variable definitions as password values" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)(\\(\\))", - "FileExtensions": [".java",".js"], - "UseFullLine": true, - "Description": "Ignore variable definitions as password values" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)(\\);)", - "FileExtensions": [".java",".js"], - "UseFullLine": true, - "Description": "Ignore variable definitions as password values" - }, - { - "Codes": [1002,3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)(\"\\{[^ \\}]+\\}\")", - "FileExtensions": [], - "UseFullLine": true, - "Description": "Ignore variable definitions as password values" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "\\[(PASSWORD)\\]", - "FileExtensions": [".json", ".java", ".xml"], - "UseFullLine": false, - "Description": "Ignore bracketed passwords in XML/Java builds" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)(encrypted)", - "FileExtensions": [], - "UseFullLine": true, - "Description": "Ignore passwords that are likely encrypted values" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)(variable)", - "FileExtensions": [], - "UseFullLine": true, - "Description": "Ignore passwords that are likely variable assignments" - }, - - { - "Codes": [1002], - "Pattern": ".*", - "FileExtensions": [".json", ".xml", ".jsp", ".js", ".html", ".css", ".ftl", ".vm"], - "UseFullLine": false, - "Description": "Ignore default password 'password' in documents" - }, - { - "Codes": [3060], - "Pattern": "(?i)(mysql:\/\/|oracle:\/\/|odbc:\/\/|jdbc:\/\/)(.{0}|\\{\\}|X+)(:)(.{0}|\\{\\}|X+|password)@", - "FileExtensions": [], - "UseFullLine": false, - "Description": "Ignore placeholder proxy URLs, including 'http://:@proxy...', 'http://XXX:XXX@proxy...', and 'http://{}:{}@proxy...'" - }, - { - "Codes": [3017], - "Pattern": "(123-45-6789|078-05-1120|219-09-9999|123-12-1234|111-11-1111|222-22-2222|333-33-3333|444-44-4444|555-55-5555)", - "FileExtensions": [], - "UseFullLine": false, - "Description": "Ignore common test SSNs and invalid SSNs used in advertising" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "[a-zA-Z_$][a-zA-Z_$0-9]*;?$", - "FileExtensions": [".go", ".py", ".php", ".java", ".js", ".yml", ".yaml", ".c", ".cpp", ".rb", ".groovy", "Jenkinsfile",".gradle", ".vb", ".pl1"], - "UseFullLine": false, - "Description": "Ignore variable references in source code (password = var)" - }, - { - "Codes": [2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013], - "Pattern":"(?i)