From 37df7c49ed00448dc3fa1b4ee4955e76a07b8ce1 Mon Sep 17 00:00:00 2001 From: Shane Unger Date: Mon, 21 Jun 2021 11:05:10 -0700 Subject: [PATCH 01/10] chore: updaing open source from inner source --- .ge_ignore | 117 +- README.md | 220 ++ config/ccnumber.json | 18 - config/common.json | 101 - config/content.json | 893 ------ config/earlybird.json | 84 +- config/entropy.json | 17 - config/false-positives.json | 440 --- config/falsepositives/false-positives.yaml | 1410 +++++++++ .../inclusivity-false-positives.yaml | 14 + .../infrastructure-false-positives.yaml | 22 + .../internationalization-false-positives.yaml | 30 + .../javascript-false-positives.yaml | 19 + config/filename.json | 725 ----- config/labels.json | 459 --- config/labels/inclusivity-labels.yaml | 72 + config/labels/labels.yaml | 2574 +++++++++++++++++ config/rules/ccnumber.yaml | 80 + config/rules/content.yaml | 451 +++ config/rules/filename.yaml | 677 +++++ config/rules/inclusivity-rules.yaml | 115 + config/rules/password-secret.yaml | 644 +++++ config/solutions.json | 133 - config/solutions/inclusivity-solutions.yaml | 5 + config/solutions/solutions.yaml | 73 + go.mod | 7 + go.sum | 10 +- pkg/api/api.go | 6 +- pkg/api/api_test.go | 32 +- pkg/config/cfgReader.go | 47 +- pkg/config/cfgReader_test.go | 58 +- pkg/config/structures.go | 115 +- pkg/core/const.go | 8 + pkg/core/core.go | 130 +- pkg/core/core_test.go | 56 +- pkg/file/fileUtil.go | 139 +- pkg/file/fileUtil_test.go | 15 +- pkg/git/bbapi.go | 89 + pkg/git/bbapi_test.go | 89 + pkg/git/check_test.go | 2 +- pkg/git/cloner.go | 60 +- pkg/git/cloner_test.go | 21 +- pkg/git/split_test.go | 2 +- pkg/postprocess/const.go | 1 + pkg/postprocess/luhn_test.go | 2 +- pkg/postprocess/skipAccountTokenPassword.go | 29 + pkg/postprocess/validatePassword.go | 80 +- pkg/postprocess/validatePassword_test.go | 223 ++ pkg/scan/const.go | 13 +- pkg/scan/falsePositives_test.go | 692 +++++ pkg/scan/ruleCfgReader.go | 175 +- pkg/scan/ruleCfgReader_test.go | 57 +- pkg/scan/scan.go | 134 +- pkg/scan/scanUtil.go | 31 +- pkg/scan/scanUtil_test.go | 55 +- pkg/scan/scan_test.go | 258 +- pkg/update/update.go | 47 +- pkg/update/update_test.go | 2 +- pkg/utils/utils.go | 108 +- pkg/utils/utils_test.go | 85 +- pkg/wildcard/patternMatch.go | 2 +- pkg/wildcard/patternMatch_test.go | 46 +- pkg/writers/consoleout.go | 2 +- pkg/writers/consoleout_test.go | 2 +- pkg/writers/csvout_test.go | 2 +- pkg/writers/jsonout_test.go | 4 +- 66 files changed, 9004 insertions(+), 3325 deletions(-) delete mode 100644 config/ccnumber.json delete mode 100644 config/common.json delete mode 100644 config/content.json delete mode 100644 config/entropy.json delete mode 100644 config/false-positives.json create mode 100644 config/falsepositives/false-positives.yaml create mode 100644 config/falsepositives/inclusivity-false-positives.yaml create mode 100644 config/falsepositives/infrastructure-false-positives.yaml create mode 100644 config/falsepositives/internationalization-false-positives.yaml create mode 100644 config/falsepositives/javascript-false-positives.yaml delete mode 100644 config/filename.json delete mode 100644 config/labels.json create mode 100644 config/labels/inclusivity-labels.yaml create mode 100644 config/labels/labels.yaml create mode 100644 config/rules/ccnumber.yaml create mode 100644 config/rules/content.yaml create mode 100644 config/rules/filename.yaml create mode 100644 config/rules/inclusivity-rules.yaml create mode 100644 config/rules/password-secret.yaml delete mode 100644 config/solutions.json create mode 100644 config/solutions/inclusivity-solutions.yaml create mode 100644 config/solutions/solutions.yaml create mode 100755 pkg/git/bbapi.go create mode 100644 pkg/git/bbapi_test.go create mode 100644 pkg/postprocess/skipAccountTokenPassword.go create mode 100644 pkg/scan/falsePositives_test.go diff --git a/.ge_ignore b/.ge_ignore index 1e00058..69189dc 100644 --- a/.ge_ignore +++ b/.ge_ignore @@ -1,50 +1,67 @@ -*go-earlybird* -*.jpg -*.png -*.bmp -*.svg -*.mp3 -*.wav -*.ogg -*.gif -*.tif -*.tiff -*.psd -*.xcf -*.gz -*.tar -*.7z -*.pyc -*.git* -*vendor* -*/bin/* -*/binaries/* -*/pom.xml* -*/release.properties -*/dependency-reduced-pom.xml -*.DS_Store -*/.classpath -*/.checkstyle -*.class -*hs_err_pid* -*/.idea -*.iml -*.vertx -*.swf -*.exe -*.bin -*.min.js -*.ttf -*.eot -*.html -*.woff -*.otf -*.xsd -*.xjb -*.ico -*.pdf -*.docx -*.css -*jquery* -*/node_modules/* -*.lock \ No newline at end of file +**/*go-earlybird* +**/*.jpg +**/*.png +**/*.bmp +**/*.svg +**/*.mp3 +**/*.wav +**/*.ogg +**/*.gif +**/*.tif +**/*.tiff +**/*.psd +**/*.xcf +**/*.gz +**/*.tar +**/*.7z +**/*.pyc +**/*.git* +**/*.svn* +**/*vendor* +**/bin/* +**/binaries/* +**/pom.xml* +**/release.properties +**/dependency-reduced-pom.xml +**/*.DS_Store +**/.classpath +**/.checkstyle +**/*.class +**/*hs_err_pid* +**/.idea +**/*.iml +**/*.vertx +**/*.swf +**/*.exe +**/*.bin +**/*.min.js +**/*.js.map +**/*.debug.js +**/*.bundled.js +**/*.ts.map +**/*.min.map +**/*.ttf +**/*.eot +**/*.html +**/*.woff +**/*.otf +**/*.xsd +**/*.xjb +**/*.ico +**/*.pdf +**/*.docx +**/*.scss +**/*.less +**/*.css +**/*.css.map +**/*.min.css +**/*jquery* +**/node_modules/* +**/*.lock +**/package-lock.json +**/*LICENSE* +**/npm-shrinkwrap.json +**/*.g4 +**/go.sum +**/CHANGELOG* +**/changelog-archive/* diff --git a/README.md b/README.md index c10ff61..3a53d98 100644 --- a/README.md +++ b/README.md @@ -64,6 +64,226 @@ Agreement to American Express and to recipients of software distributed by Ameri reserve all right, title, and interest, if any, in and to your contributions. Please [fill out the Agreement](https://cla-assistant.io/americanexpress/earlybird). +## Usage +The executable can be called from the command line with the following syntax: +``` +~/go/src/gearlybird (master ✘)✭ ᐅ go-earlybird --help +Usage of go-earlybird: + -config string + Directory where configuration files are stored (default "/Users/janedoe/.go-earlybird/") + -display-confidence string + Lowest confidence level to display [ critical | high | medium | low ] (default "high") + -display-severity string + Lowest severity level to display [ critical | high | medium | low ] (default "medium") + -enable value + Enable individual scanning modules [ ccnumber | content | filename | password-secret ] + -fail-confidence string + Lowest confidence level at which to fail [ critical | high | medium | low ] (default "high") + -fail-severity string + Lowest severity level at which to fail [ critical | high | medium | low ] (default "high") + -file string + Output file -- e.g., 'go-earlybird --file=/home/jdoe/myfile.csv' + -format string + Output format [ console | json | csv ] (default "console") + -git string + Full URL to a git repo to scan e.g. github.com/user/repo + -git-commit-stream + Use stream IO of Git commit log as input instead of file(s) -- e.g., 'cat secrets.text > go-earlybird' + -git-project string + Full URL to a github organization or bitbucket project to scan e.g. github.com/org + -git-staged + Scan only git staged files + -git-tracked + Scan only git tracked files + -git-user string + If the git repository is private, enter an authorized username + -http string + Listen IP and Port for HTTP API e.g. 127.0.0.1:8080 + -http-config string + Path to webserver config JSON file + -https string + Listen IP and Port for HTTPS/2 API e.g. 127.0.0.1:8080 (Don't forget the https-cert and https-key flags) + -https-cert string + Certificate file for TLS + -https-key string + Private key file for TLS + -ignore-fp-rules + Ignore the false positive post-process rules + -ignorefile string + Patterns File (including wildcards) for files to ignore. (e.g. *.jpg) (default "/Users/jhans12/.ge_ignore") + -max-file-size int + Maximum file size to scan (in bytes) (default 10240000) + -path string + Directory to scan (defaults to CWD) -- ABSOLUTE PATH ONLY (default "/Users/jhans12/go/src/gearlybird") + -show-full-line + Display the full line where the pattern match was found (warning: this can be dangerous with minified script files) + -show-rules-only + Display rules that would be run, but do not execute a scan + -skip-comments + Skip scanning comments in files -- applies only to the 'content' module + -stream + Use stream IO as input instead of file(s) + -suppress + Suppress reporting of the secret found (important if output is going to Slack or other logs) + -update + Update module configurations + -verbose + Reports details about file reads + -workers int + Set number of workers. (default 100) + -worksize int + Set Line Wrap Length. (default 2500) + -module-config-file string + Absolute path to a json or yaml file for per module level config -- {"modules": { "aModule": { "display_severity": "medium" } } } + ``` + +### Creating New Modules: +New modules can be added via json rules files in the user's go-earlybird configuration directory. Simply add a new json file into this directory (e.g. `custom-rules.json`) with the following structure, and Go-EarlyBird will detect and load the rules. Keeping these custom rules in a separate file will ensure they do not get overwritten when Go-EarlyBird is updated. +``` +{ + "Searcharea": "", + "rules": [ + { + "Code": 1, + "Pattern": "", + "Caption": "", + "Solution": "", + "Severity": , + "Confidence": , + "Postprocess": "", + "Example": "password='xxx'", + "CWE": ["CWE-XXX"] + } + ] +} +``` +We recommend using a unique, integer-only approach to defining the `Code` field. + +Custom labels and custom solutions can be added in the same manner. + + +--- +  + + +## False Positive Detection + +EarlyBird has a rules engine for excluding false positives from the results. Each rule in `false-positives.yaml` is tied to one or more scan rules (using the `Codes` field). + +The `Pattern` field is a regular expression that is evaluated against any hit that matches the `Code`, as long as the file containing that hit has an extension matching a value in the `FileExtensions` value (if that value is empty, all file extensions will be considered). + +``` +--- +rules: +- Codes: + - 3013 + Pattern: "(000-000-0000)" + FileExtensions: [] + Description: Ignore a false positive phone number +- Codes: + - 4005 + - 3022 + Pattern: ".*" + FileExtensions: + - ".md" + - ".txt" + - ".doc" + - ".pdf" + - ".docx" + - ".csv" + - ".html" + - ".htm" + Description: Ignore deprecated crypto in documents +``` + +In the examples above: +1. Any hit found with rule 3013 (looking for 10-digit phone number patterns), that matches all zeroes (000-000-0000), in any type of file will be ignored +2. Any hit found with rules 4005 or 3022 (looking for indicators of deprecated crypto method use like 3DES or JUICE) in document files will be ignored + +--- +  + +## Labels + +By modifying `.go-earlybird/labels.yaml`, or adding a separate file, labels can be added to the hits based on context. This can be done either on a same line search or on a scan of context throughout the whole file. For example, the following line will add the `oracle` label to the returned hit: + + + +## Running Go-EarlyBird + +### Standalone +Assuming the setup script was run, you can kick off the application by running 'go-earlybird' / 'go-earlybird.exe' / 'go-earlybird-linux (mac / windows / linux). See the *Usage* section below + +If Go is installed, the project can be downloaded and run with `go run go-earlybird.go` + +### Streamed / Piped input +Using the `-stream` flag, users can stream or pipe file contents to 'go-earlybird'. + +``` +ᐅ go-earlybird -stream < /path/to/file +``` +... or: +``` +ᐅ cat /path/to/file | go-earlybird -stream +``` + +### HTTP API +``` +ᐅ go-earlybird --http 0.0.0.0:3000 +``` +`/scan` will accept a multi-part upload and scan the contents, returning json output. + +The normal HTTP listener will operate on HTTP/1.1. Go-EarlyBird can be run as HTTPS/2 with the `-https [ip:port]` flag. Note that this also requires the `-https-cert [/path/to/cert]` and `-https-key [/path/to/key]` parameters. + +The simple webserver configuration file can be found in the local config directory (`~/.go-earlybird/webserver.json` or `C:\Users\[me]\AppData\go-earlybird\webserver.json`). A separate config file can be specified using the `-http-config [/path/to/configfile]` flag. + + +### Local Git Scanning +With the flag `-git-staged` or `-git-tracked`, Go-EarlyBird can limit its scan to only look at files that are staged or tracked (respectively) by Git. + +### Ignoring Files +Go-EarlyBird can ignore any file pattern listed in the `.ge_ignore` and `.gitignore` files. The `--ignorefile` flag can be used to specify a specific path to a file containing ignore patterns. + +### Adjusting Severity of A Given Category +Go-Earlybird supports adjusting the severity of a particular category of finding based on patterns that can apply to the filename or the detected match. +An example of when this might be useful could be reducing the severity of the password-secret category when these findings are found in a test directory. +This configuration is done via the `earlybird.json` config file, under the property `adjusted_severity_categories_patterns`. An example of a possible +configuration might be + +```json + "adjusted_severity_categories_patterns": [ + { + "category": "password-secret", + "patterns": [ + "(?i)/test/", + "(?i)/tests/", + "(?i)/__tests__/", + ], + "adjusted_display_severity": "medium", + "use_filename": true + } + ] +``` + +`adjusted_severity_categories_patterns` is a list of objects with a required `category` field, required `patterns` which are a list of +regular expressions, the required `adjusted_display_severity`, and finally two optional fields `use_filename` and `use_line_value`. +These two fields determine which part of the hit to apply the regular expression patterns. If `use_filename` is true, the match will +be performed on the filename for the given hit. If `use_line_value` is true the match will be performed against the full line value of the hit. +If neither `use_line_value` or `use_filename` are specified, or they are both false, the match will be performed against the exact match of the hit. + +### Performing a inclusivity scan + +```bash +go-earlybird -path /dir/to/scan -enable inclusivity-rules --display-severity=info +``` + +### Performing a scan with only certain modules enabled: + +```bash +go-earlybird -path /dir/to/scan -enable password-secret -enable content -enable inclusivity-rules +``` + ## License Any contributions made under this project will be governed by the [Apache License 2.0](./LICENSE.txt). diff --git a/config/ccnumber.json b/config/ccnumber.json deleted file mode 100644 index 634a5db..0000000 --- a/config/ccnumber.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "Searcharea":"body", - "rules": [ - { - "Code": 2001, - - "Pattern": "[^\\.](\\b3[47]\\d{13}\\b)", - "Caption": "Potential American Express credit card number in file", - "Category": "cc-number", - "Example": "\"378282246310005\"", - "SolutionID": 7, - "Severity": 2, - "Confidence": 2, - "Postprocess": "mod10", - "CWE": ["CWE-312"] - } - ] -} diff --git a/config/common.json b/config/common.json deleted file mode 100644 index 6bfb7ee..0000000 --- a/config/common.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "Searcharea": "body", - "rules": [ - { - "Code": 1002, - "Pattern": "(?i)\"p[a4@][s$][s$]w[o0]rd([#!@]?(123)?)?\"", - "Caption": "Potential default password in file", - "Category": "password-secret", - "Example": "\"password\"", - "SolutionID": 8, - "Severity": 2, - "Confidence": 3, - "Postprocess": "password", - "CWE": ["CWE-521", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 1061, - "Pattern": "(?i)['\"]ch[a@]ngeme['\"]", - "Caption": "Potential default password in file", - "Category": "password-secret", - "Example": "\"changeme\"", - "SolutionID": 8, - "Severity": 2, - "Confidence": 4, - "Postprocess": "", - "CWE": ["CWE-521", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 1068, - "Pattern": "(?i)1q2w3e4r", - "Caption": "Potential default password in file", - "Category": "password-secret", - "Example": "1q2w3e4r", - "SolutionID": 8, - "Severity": 2, - "Confidence": 3, - "Postprocess": "", - "CWE": ["CWE-521", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 1072, - "Pattern": "(?i)admin[1-3]", - "Caption": "Potential default password in file", - "Category": "password-secret", - "Example": "admin1", - "SolutionID": 8, - "Severity": 2, - "Confidence": 3, - "Postprocess": "", - "CWE": ["CWE-521", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 1073, - "Pattern": "(?i)1qaz@WSX", - "Caption": "Potential default password in file", - "Category": "password-secret", - "Example": "1qaz@WSX", - "SolutionID": 8, - "Severity": 2, - "Confidence": 3, - "Postprocess": "", - "CWE": ["CWE-521", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 1074, - "Pattern": "(?i)letmein", - "Caption": "Potential default password in file", - "Category": "password-secret", - "Example": "letmein", - "SolutionID": 8, - "Severity": 2, - "Confidence": 3, - "Postprocess": "", - "CWE": ["CWE-521", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 1074, - "Pattern": "(?i)w2e3r4t5", - "Caption": "Potential default password in file", - "Category": "password-secret", - "Example": "password = 'w2e3r4t5'", - "SolutionID": 8, - "Severity": 2, - "Confidence": 3, - "Postprocess": "", - "CWE": ["CWE-521", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 1074, - "Pattern": "(?i)password.+winter|spring|summer|autumn|fall", - "Caption": "Potential default password in file", - "Category": "password-secret", - "Example": "password = 'autumn2019'", - "SolutionID": 8, - "Severity": 2, - "Confidence": 3, - "Postprocess": "", - "CWE": ["CWE-521", "CWE-312", "CWE-257", "CWE-259"] - } - ] -} diff --git a/config/content.json b/config/content.json deleted file mode 100644 index 2d73ba6..0000000 --- a/config/content.json +++ /dev/null @@ -1,893 +0,0 @@ -{ - "Searcharea": "body", - "rules": [ - { - "Code": 3001, - "Pattern": "(?i)(['\"]?\\w*password['\"]? ?[:=] ?(['\"][^'\"]{4,}['\"]))", - "Caption": "Potential password in file", - "Category": "password-secret", - "Example": "password = 'foobar'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3003, - "Pattern": "(?i)(['\"]?pw['\"]? ?[:=] ?(['\"][^'\"]{4,}['\"]|[0-9a-z\\-_@#!%\\^\\?\\*&\\$~]{4,}))", - "Caption": "Potential password in file", - "Category": "password-secret", - "Example": "pw='xxxx'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 4, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3004, - "Pattern": "(?i)(['\"]?pass['\"]? ?[:=] ?(['\"][^'\"]{4,}['\"]|[0-9a-z\\-_@#!%\\^\\?\\*&\\$~]{4,}))", - "Caption": "Potential password in file", - "Category": "password-secret", - "Example": "pass='xxxx'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 4, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3005, - "Pattern": "(?i)(['\"]?pword['\"]? ?[:=] ?(['\"][^'\"]{4,}['\"]|[0-9a-z\\-_@#!%\\^\\?\\*&\\$~]{4,}))", - "Caption": "Potential password in file", - "Category": "password-secret", - "Example": "pword='xxxx'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 4, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3006, - "Pattern": "(?i)(['\"]?passphrase['\"]? ?[:=] ?(['\"][^'\"]{4,}['\"]|[0-9a-z\\-_@#!%\\^\\?\\*&\\$~]{4,}))", - "Caption": "Potential passphrase in file", - "Category": "password-secret", - "Example": "passphrase='xxxx'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3007, - "Pattern": "(?i)(<[^(><.)]*password[^(><.)]*>[^(><.)]+<\/[^(><.)]*password[^(><.)]*>)", - "Caption": "Potential password in file", - "Category": "password-secret", - "Example": "foobar<\/password>", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3008, - "Pattern": "(?i)(<[^(><.)]*passphrase[^(><.)]*>[^(><.)]+<\/[^(><.)]*passphrase[^(><.)]*>)", - "Caption": "Potential passphrase in file", - "Category": "password-secret", - "Example": "foobar<\/passphrase>", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3009, - "Pattern": "(?i)([^<\\n]*<\/ConsumerKey>)", - "Caption": "Potential key in file", - "Category": "key", - "Example": "foobar<\/ConsumerKey>", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3010, - "Pattern": "(?i)([^<\\n]*<\/ConsumerSecret>)", - "Caption": "Potential password key in file", - "Category": "key", - "Example": "foobar<\/ConsumerSecret>", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3013, - "Pattern": "\\b(\\+\\d{1,2}[-\\. ])?\\(?\\d{3}\\)?[-\\. ]\\d{3}[-\\. ]\\d{4}\\b", - "Caption": "Potential phone number in file", - "Category": "infrastructure", - "Example": "'480-123-1234'", - "SolutionID": 2, - "Severity": 3, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3014, - "Pattern": "([a-zA-Z0-9_\\-\\.]+)@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.)|(([a-zA-Z0-9\\-]+\\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\\]?)", - "Caption": "Potential email address in file", - "Category": "infrastructure", - "Example": "example@example.com", - "SolutionID": 2, - "Severity": 4, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3015, - "Pattern": "((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))", - "Caption": "Potential IPv4 Address in file", - "Category": "infrastructure", - "Example": "8.8.8.8", - "SolutionID": 3, - "Severity": 4, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3016, - "Pattern": "['\">\\s](([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})['\"<\\s]", - "Caption": "Potential IPv6 Address in file", - "Category": "infrastructure", - "Example": "'2001:0db8:85a3:0000:0000:8a2e:0370:7334'", - "SolutionID": 3, - "Severity": 4, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3017, - "Pattern": "\\b(\\d{3}-\\d{2}-\\d{4})\\b", - "Caption": "Potential SSN in file", - "Category": "pii", - "Example": "123-45-7890", - "SolutionID": 2, - "Severity": 1, - "Confidence": 2, - "Postprocess": "ssn", - "CWE": ["CWE-312"] - }, - { - "Code": 3018, - "Pattern": "[^\\.](?:\\b[A-Z]{2}\\d{2} ?\\d{4} ?\\d{4} ?\\d{4} ?\\d{4} ?[\\d]{0,2}\\b)", - "Caption": "Potential IBAN in file", - "Category": "pii", - "Example": "'DE00 0000 0000 0000 0000 00'", - "SolutionID": 2, - "Severity": 1, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3019, - "Pattern": "([^\\s:/?#]+):\/\/([^/?#\\s]*)([^?#\\s]*)(\\?([^#\\s]*))?(#([^\\s]*))?", - "Caption": "Potential URL in file", - "Category": "infrastructure", - "Example": "http:\/\/example.com\/", - "SolutionID": 3, - "Severity": 4, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3020, - "Pattern": "(\\b[0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2}\\b)", - "Caption": "Potential MAC address in file", - "Category": "infrastructure", - "Example": "00:1B:44:11:3A:B7", - "SolutionID": 3, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3021, - "Pattern": "(?i)(['\"]?passwrd['\"]? ?[:=] ?(['\"][^'\"]{4,}['\"]|[0-9a-z\\-_@#!%\\^\\?\\*&\\$~]{4,}))", - "Caption": "Potential password in file", - "Category": "password-secret", - "Example": "passwrd = 'foobar'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3022, - "Pattern": "(?i)(['\"]?passwd['\"]? ?[:=] ?(['\"][^'\"]{4,}['\"]|[0-9a-z\\-_@#!%\\^\\?\\*&\\$~]{4,}))", - "Caption": "Potential password in file", - "Category": "password-secret", - "Example": "passwd = 'foobar'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3023, - "Pattern": "(BEGIN (RSA|OPENSSH|DSA|EC|PGP) PRIVATE KEY)", - "Caption": "Private key in file", - "Category": "key", - "Example": "BEGIN RSA PRIVATE KEY", - "SolutionID": 1, - "Severity": 1, - "Confidence": 1, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3024, - "Pattern": "(AKIA[0-9A-Z]{16})", - "Caption": "Potential Cloud key in file", - "Category": "key", - "Example": "AKIAIOSFODNN7EXAMPLE", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3025, - "Pattern": "(?i)(\/\/|\/\\*|\\*|#).{0,4}(BUG|HACK|FIXME|TODO|SORRY|TEMPORARY|TMP)", - "Caption": "Suspicious comment", - "Category": "comment", - "Example": "/*TODO FIXME fixed this bug with a temporary hack. TODO rewrite in future*/", - "SolutionID": 4, - "Severity": 3, - "Confidence": 4, - "Postprocess": "", - "CWE": ["CWE-546"] - }, - { - "Code": 3026, - "Pattern": "(?i)(['\"]?secret['\"]? ?[:=] ?(['\"][^'\"]{3,}['\"]|[0-9a-z\\-_@#!%\\^\\?\\*&\\$~]+))", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "secret = 'foobar'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3027, - "Pattern": "(?i)(['\"]?secretkey['\"]? ?[:=] ?(['\"][^'\"]{4,}['\"]|[0-9a-z\\-_@#!%\\^\\?\\*&\\$~]{4,}))", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "secretKey = 'foobar'", - "SolutionID": 1, - "Severity": 1, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3028, - "Pattern": "(BEGIN DSA PRIVATE KEY)", - "Caption": "Private key in file", - "Category": "key", - "Example": "BEGIN DSA PRIVATE KEY", - "SolutionID": 1, - "Severity": 1, - "Confidence": 1, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3029, - "Pattern": "(?i)(oauth.appSecret ?[:=] ?([^\\s]+))", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "oauth.appSecret = 'foobar'", - "SolutionID": 1, - "Severity": 1, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3030, - "Pattern": "(?i)(AWS Secret Access Key [^:]*: ?([^\\s]+))", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKFE", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3031, - "Pattern": "(BEGIN EC PRIVATE KEY)", - "Caption": "Private key in file", - "Category": "key", - "Example": "BEGIN EC PRIVATE KEY", - "SolutionID": 1, - "Severity": 1, - "Confidence": 1, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3032, - "Pattern": "(?i)(appSecret ?[:=] ?(['\"][^'\"]{4,}['\"]|[0-9a-z\\-_@#!%\\^\\?\\*&\\$~]{4,}))", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "appsecret='xxxx'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3033, - "Pattern": "(?i)(clientSecret ?[:=] ?(['\"][^'\"]{4,}['\"]|[0-9a-z\\-_@#!%\\^\\?\\*&\\$~]{4,}))", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "clientsecret='xxxx'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3034, - "Pattern": "(?i)(['\"]client_secret['\"] ?[:=] ?(['\"][^'\"]{4,}['\"]|[0-9a-z\\-_@#!%\\^\\?\\*&\\$~]{4,}))", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "'client_secret': 'foobar'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3035, - "Pattern": "(?i)(['\"]?auth_key['\"]? ?[:=] ?(['\"][^'\"]{4,}['\"]|[0-9a-z\\-_@#!%\\^\\?\\*&\\$~]{4,}))", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "auth_key='xxxx'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3036, - "Pattern": "(?i)(['\"]?secret_key['\"]? ?[:=] ?(['\"][^'\"]{4,}['\"]|[0-9a-z\\-_@#!%\\^\\?\\*&\\$~]{4,}))", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "secret_key='xxxx'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3037, - "Pattern": "(?i)(['\"]?_token['\"]? ?[:=] ?['\"]?[0-9a-zA-Z\\.\\-_]{12,}['\"]?)", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "auth_token='xxx123xxx345xxx678'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3038, - "Pattern": "(BEGIN PGP PRIVATE KEY)", - "Caption": "Private key in file", - "Category": "key", - "Example": "BEGIN PGP PRIVATE KEY", - "SolutionID": 5, - "Severity": 1, - "Confidence": 1, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3039, - "Pattern": "(?i)['\"]?(aws_access_key_id)['\"]? ?[:=] ?['\"][^'\"]{4,}['\"]", - "Caption": "Private key in file", - "Category": "key", - "Example": "aws_access_key_id = \"test\"", - "SolutionID": 5, - "Severity": 1, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3040, - "Pattern": "(?i)['\"]?(google_access_token)['\"]? ?[:=] ?['\"][^'\"]{4,}['\"]", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "google_access_token = \"test\"", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3041, - "Pattern": "(?i)(ya29.[0-9a-zA-Z_\\-]{68})", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "ya29Xaz65xnSOi45O5wyRaaeONDHqenVAMXmxObLMZq-vQihlleznZAbCHHWr6Gz3J7DKuyQf", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3042, - "Pattern": "(?i)['\"]?(google_api)['\"]? ?[:=] ?['\"][^'\"]{4,}['\"]", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "google_api = \"test\"", - "SolutionID": 1, - "Severity": 2, - "Confidence": 3, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3043, - "Pattern": "(?i)(AIzaSy[0-9a-zA-Z_\\-]{33})", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "AIzaSyQ4kHseoBZiO7anxQJ2IzlfzfMLjNU5ma_", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3044, - "Pattern": "(?i)['\"]?(slack_xoxb)['\"]? ?[:=] ?['\"][^'\"]{4,}['\"]", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "slack_xoxb = \"test\"", - "SolutionID": 1, - "Severity": 2, - "Confidence": 3, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3045, - "Pattern": "(?i)(xox[pboa]-\\d+-\\d+-\\d+-[0-9a-f]+)", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "xoxa-123-123-123-012af", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3046, - "Pattern": "(?i)(Mapbox Secure Key)", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "Mapbox Secure Key", - "SolutionID": 1, - "Severity": 2, - "Confidence": 3, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3047, - "Pattern": "(?i)(xox[sp]-[0-9]{10}-[0-9]{10}-[0-9]{12}-[a-z0-9]{32})", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "xoxs-0260321744-0287945347-015035651542-oxtp6n0z7yibj63vndve9gsej96k5k4s", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3048, - "Pattern": "(?i)(\\/\\/registry\\.npmjs\\.org\\/:_authToken=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})", - "Caption": "Potential secret in file", - "Category": "password-secret", - "Example": "\/\/registry.npmjs.org\/:_authToken=77a13b56-f6c9-0294-57b0-b635f6260064", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-321", "CWE-312"] - }, - { - "Code": 3049, - "Pattern": "(?i)(['\"]?pwd['\"]? ?[:=] ?(['\"][^'\"]{4,}['\"]|[0-9a-z\\-_@#!%\\^\\?\\*&\\$~]{4,}))", - "Caption": "Potential password in file", - "Category": "password-secret", - "Example": "pwd='xxxx'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 4, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3050, - "Pattern": "[^\\.](?:\\b([1,2][ ]?[0-9]{2}[ ]?[01235][0-9][ ]?[0-9A-Z]{5}[ ]?[0-9]{3}[ ]?[0-9]{2})\\b)", - "Caption": "Potential National ID in file", - "Category": "pii", - "Example": "'2 98 39 FTUT4 270 18'", - "SolutionID": 2, - "Severity": 1, - "Confidence":4, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3051, - "Pattern": "[^\\.](?:\\b([a-zA-Z]){3}([Pp]){1}([a-zA-Z]){1}([0-9]){4}([a-zA-Z]){1}?\\b)", - "Caption": "Potential National ID in file", - "Category": "pii", - "Example": " aaaPa0000a ", - "SolutionID": 2, - "Severity": 1, - "Confidence":4, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3052, - "Pattern": "[^\\.](?:\\b[a-z]{3}[cphfatblj][a-z]\\d{4}[a-z]\\b)", - "Caption": "Potential National ID in file", - "Category": "pii", - "Example": " aaaaa1234a ", - "SolutionID": 2, - "Severity": 1, - "Confidence":4, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3053, - "Pattern": "(?:\\b([A-Z][AEIOUX][A-Z]{2}\\d{2}(?:0[1-9]|1[0-2])(?:0[1-9][12]\\d|3[01])[HM](?:AS|B[CS]|C[CLMSH]|D[FG]|G[TR]|HG|JC|M[CNS]|N[ETL]|OC|PL|Q[TR]|S[PLR]|T[CSL]|VZ|YN|ZS)[B-DF-HJ-NP-TV-Z]{3}[A-Z\\d])(\\d)\\b)", - "Caption": "Potential National ID in file", - "Category": "pii", - "Example": " AAAA11010110HASBBBA0 ", - "SolutionID": 2, - "Severity": 1, - "Confidence":4, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3054, - "Pattern": "[^\\.](?:\\b[A-CEGHJ-PR-TW-Z]{1}[A-CEGHJ-NPR-TW-Z]{1}[0-9]{6}[A-DFM]{0,1}\\b)", - "Caption": "Potential National ID in file", - "Category": "pii", - "Example": " LB692783B ", - "SolutionID": 2, - "Severity": 1, - "Confidence":4, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3055, - "Pattern": "[^\\.](?:\\b[0-9]{10}GBR[0-9]{7}[UMF]{1}[0-9]{9}\\b)", - "Caption": "Potential Passport Number in file", - "Category": "pii", - "Example": " 6205398466GBR5472550F247957610 ", - "SolutionID": 2, - "Severity": 1, - "Confidence":3, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3056, - "Pattern": "[^\\.](?:\\b[A-Z0-9<]{9}[0-9]{1}[A-Z]{3}[0-9]{7}[A-Z]{1}[0-9]{7}[A-Z0-9<]{14}[0-9]{2}\\b)", - "Caption": "Potential Passport Number in file", - "Category": "pii", - "Example": " 3FQ84GBUQ0THN1026257U9982208J24VDKZA1KB15H54 ", - "SolutionID": 2, - "Severity": 1, - "Confidence":3, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3057, - "Pattern": "(?i)(['\"]?\\w*password['\"]? ?[:=] ?[0-9a-z\\-_@#! %\\^\\?\\*&\\$~]{4,})", - "Caption": "Potential password in file", - "Category": "password-secret", - "Example": "password=foobar", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3058, - "Pattern": "(?i)(DESede|3DES|TRIPLEDES)[-_a-zA-Z]*\\(.*\\)", - "Caption": "Potential deprecated cryptographic method in file", - "Category": "insecure-crypto", - "Example": "3DES(password)", - "SolutionID": 6, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-327"] - }, - { - "Code": 3059, - "Pattern": "(?i)(abcdefghijklmnopqrstuvwxyz0?123456789)", - "Caption": "Potential insecure cryptographic method in file", - "Category": "insecure-crypto", - "Example": "abcdefghijklmnopqrstuvwxyz0123456789", - "SolutionID": 6, - "Severity": 2, - "Confidence": 3, - "Postprocess": "", - "CWE": ["CWE-327", "CWE-338"] - }, - { - "Code": 3060, - "Pattern": "(?i)(mysql|oracle|odbc|jdbc|postgresql|mongodb|mongo):\/\/\\w{3,}:\\w{3,}(@[^\/]{3,}\/)", - "Caption": "Potential insecure db connection string", - "Category": "password-secret", - "Example": "mysql://joeblow:mypassword@foo.bar.baz/", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "password", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3061, - "Pattern": "[0-9]{2}[0,1][0-9][0-9]{2}-[A-Z]-[0-9]{5}", - "Caption": "Potential National ID in file", - "Category": "pii", - "Example": "500152-R-10396", - "SolutionID": 2, - "Severity": 1, - "Confidence":4, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3062, - "Pattern": "[0-9]{3}/?[0-9]{4}/?[0-9]{4}", - "Caption": "Potential National ID in file", - "Category": "pii", - "Example": "340/4782/5834", - "SolutionID": 2, - "Severity": 1, - "Confidence":4, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3063, - "Pattern": "[0-9]{2}[0-9]{2}[0,1][0-9][0-9]{2}[A-Z][0-9]{2}[0-9]", - "Caption": "Potential National ID in file", - "Category": "pii", - "Example": "92550824E222", - "SolutionID": 2, - "Severity": 1, - "Confidence":4, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3064, - "Pattern": "[A-Z]{6}[0-9]{2}[A-E,H,L,M,P,R-T][0-9]{2}[A-Z0-9]{5}", - "Caption": "Potential National ID in file", - "Category": "pii", - "Example": "EULISU81S08O22BQ", - "SolutionID": 2, - "Severity": 1, - "Confidence":4, - "Postprocess": "", - "CWE": ["CWE-312"] - }, - { - "Code": 3065, - "Pattern": "heroku.*[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}", - "Caption": "Potential cloud key in file", - "Category": "password-secret", - "Example": "heroku: 'A0AAA0AA-aAaa-AAAA-aaAA-Aa00AaAA0a0A'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3066, - "Pattern": "github.*['\"'\"'\"][a-zA-Z0-9]{35,40}['\"'\"'\"]", - "Caption": "Potential repository key in file", - "Category": "password-secret", - "Example": "github: 'aaaAaA0A0a00aAaA0a0aA0AAaaaAAa0Aa00'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3067, - "Pattern": "facebook.*['\"'\"'\"][0-9a-f]{32,255}['\"'\"'\"]", - "Caption": "Potential social media key in file", - "Category": "password-secret", - "Example": "facebook: 'a00000aa0aaa0aa0a00aa00a00000aaa0a000a0a0aaa0a0a0a00aa00a000aaa0'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3068, - "Pattern": "twitter.*['\"'\"'\"][a-zA-Z0-9]{35,44}['\"'\"'\"]", - "Caption": "Potential social media key in file", - "Category": "password-secret", - "Example": "twitter: '0aaAaA0AAAA0000a0a0A0a0aaa0AaAA0a0a'", - "SolutionID": 1, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - }, - { - "Code": 3069, - "Pattern": "(?i)(SKIPJACK)[-_a-zA-Z]*\\(.*\\)", - "Caption": "Potential deprecated cryptographic method in file", - "Category": "insecure-crypto", - "Example": "SKIPJACK(password)", - "SolutionID": 6, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-327"] - }, - { - "Code": 3070, - "Pattern": "(?i)(RIPEMD160)[-_a-zA-Z]*\\(.*\\)", - "Caption": "Potential deprecated cryptographic method in file", - "Category": "insecure-crypto", - "Example": "RIPEMD160(password)", - "SolutionID": 6, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-327"] - }, - { - "Code": 3071, - "Pattern": "(?i)(blowfish)[-_a-zA-Z]*\\(.*\\)", - "Caption": "Potential deprecated cryptographic method in file", - "Category": "insecure-crypto", - "Example": "blowfish(password)", - "SolutionID": 6, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-327"] - }, - { - "Code": 3072, - "Pattern": "(?i)(MD5)[-_a-zA-Z]*\\(.*\\)", - "Caption": "Potential deprecated cryptographic method in file", - "Category": "insecure-crypto", - "Example": "MD5(password)", - "SolutionID": 6, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-327"] - }, - { - "Code": 3073, - "Pattern": "(?i)(MD4)[-_a-zA-Z]*\\(.*\\)", - "Caption": "Potential deprecated cryptographic method in file", - "Category": "insecure-crypto", - "Example": "MD4(password)", - "SolutionID": 6, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-327"] - }, - { - "Code": 3074, - "Pattern": "(?i)(MD2)[-_a-zA-Z]*\\(.*\\)", - "Caption": "Potential deprecated cryptographic method in file", - "Category": "insecure-crypto", - "Example": "MD2(password)", - "SolutionID": 6, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-327"] - }, - { - "Code": 3075, - "Pattern": "(?i)(SHA1)[-_a-zA-Z]*\\(.*\\)", - "Caption": "Potential deprecated cryptographic method in file", - "Category": "insecure-crypto", - "Example": "SHA1(password)", - "SolutionID": 6, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-327"] - }, - { - "Code": 3076, - "Pattern": "(?i)(RC2)[-_a-zA-Z]*\\(.*\\)", - "Caption": "Potential deprecated cryptographic method in file", - "Category": "insecure-crypto", - "Example": "RC2(password)", - "SolutionID": 6, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-327"] - }, - { - "Code": 3077, - "Pattern": "(?i)(RC4)[-_a-zA-Z]*\\(.*\\)", - "Caption": "Potential deprecated cryptographic method in file", - "Category": "insecure-crypto", - "Example": "RC4(password)", - "SolutionID": 6, - "Severity": 2, - "Confidence": 2, - "Postprocess": "", - "CWE": ["CWE-327"] - } - ] -} diff --git a/config/earlybird.json b/config/earlybird.json index b8a22a7..be90851 100644 --- a/config/earlybird.json +++ b/config/earlybird.json @@ -1,31 +1,5 @@ { - "modules": [ - { - "name": "ccnumber", - "default_enabled": true, - "config_url": "https://raw.githubusercontent.com/americanexpress/earlybird/master/config/ccnumber.json" - }, - { - "name": "common", - "default_enabled": true, - "config_url": "https://raw.githubusercontent.com/americanexpress/earlybird/master/config/common.json" - }, - { - "name": "content", - "default_enabled": true, - "config_url": "https://raw.githubusercontent.com/americanexpress/earlybird/master/config/content.json" - }, - { - "name": "entropy", - "default_enabled": false, - "config_url": "https://raw.githubusercontent.com/americanexpress/earlybird/master/config/entropy.json" - }, - { - "name": "filename", - "default_enabled": true, - "config_url": "https://raw.githubusercontent.com/americanexpress/earlybird/master/config/filename.json" - } - ], + "config_base_url": "https://raw.githubusercontent.com/americanexpress/earlybird/master/config", "finding_levels": [ { "level_name": "critical", @@ -42,13 +16,61 @@ { "level_name": "low", "level_id": 4 + }, + { + "level_name": "info", + "level_id": 5 } ], - "text_ignore_patterns": ["EARLYBIRD-IGNORE","EB-IGNORE"], - "filename_skip_text_scanning_extensions": [".pem",".p12",".pkcs12",".jks",".ppk",".pfx",".asc",".private_key",".keychain",".keystore",".keyring",".pcap",".htpasswd",".kwallet",".tblk",".min.js",".js.map",".css",".min.css",".woff",".ttf",".otf",".png",".gif",".jpg",".jpeg",".svg",".tiff"], + "text_ignore_patterns": ["EARLYBIRD-IGNORE", "EB-IGNORE"], + "filename_skip_text_scanning_extensions": [ + ".pem", + ".p12", + ".pkcs12", + ".jks", + ".ppk", + ".pfx", + ".asc", + ".private_key", + ".keychain", + ".keystore", + ".keyring", + ".pcap", + ".htpasswd", + ".kwallet", + ".tblk", + ".min.js", + ".js.map", + ".css", + ".min.css", + ".woff", + ".ttf", + ".otf", + ".png", + ".gif", + ".jpg", + ".jpeg", + ".svg", + ".tiff" + ], "fail_threshold_level": 2, "display_threshold_level": 3, "display_confidence_threshold_level": 2, "earlybird_config_url": "https://raw.githubusercontent.com/americanexpress/earlybird/master/config/earlybird.json", - "version": "1.25.0" -} \ No newline at end of file + "version": "2.0.0", + "name": "earlybird", + "adjusted_severity_categories_patterns": [ + { + "category": "password-secret", + "patterns": [ + "(?i)/e0/", + "(?i)/test/", + "(?i)/tests/", + "(?i)/__tests__/", + "(?i)e0\\.(yaml|yml|properties|js|json)" + ], + "adjusted_display_severity": "medium", + "use_filename": true + } + ] +} diff --git a/config/entropy.json b/config/entropy.json deleted file mode 100644 index 2675f11..0000000 --- a/config/entropy.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "Searcharea": "body", - "rules": [ - { - "Code": 5001, - "Pattern": "('[^'\\s]{12,64}'|\"[^\"\\s]{12,64}\")", - "Caption": "High entropy string -- potential password", - "Category": "password-secret", - "Example": "'b6SxM4UwRm1dBqTG4zIVU6rcBy1QhnfQKmSZOnmR6fS7ZvuCxf1C1uQFNI9CVWzH'", - "SolutionID": 1, - "Severity": 3, - "Confidence": 3, - "Postprocess": "entropy", - "CWE": ["CWE-798", "CWE-312", "CWE-257", "CWE-259"] - } - ] -} diff --git a/config/false-positives.json b/config/false-positives.json deleted file mode 100644 index 40120d6..0000000 --- a/config/false-positives.json +++ /dev/null @@ -1,440 +0,0 @@ -{ - "rules": [ - { - "Codes": [3013], - "Pattern": "(000-000-0000)", - "FileExtensions": [], - "UseFullLine": false, - "Description": "Ignore a false positive phone number" - }, - { - "Codes": [3058,3069,3070,3071,3072,3073,3074,3075], - "Pattern": ".*", - "FileExtensions": [".md", ".txt", ".doc", ".pdf", ".docx", ".csv", ".html", ".htm"], - "UseFullLine": false, - "Description": "Ignore deprecated crypto in documents" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "\\$\\{.*\\}", - "FileExtensions": [".xml", ".sh", ".gradle"], - "UseFullLine": false, - "Description": "Ignore ENV variable references in XML and SH files" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)password ?[:=] ?none", - "FileExtensions": [], - "UseFullLine": false, - "Description": "Ignore password=None" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "\\['[^']*'\\]", - "FileExtensions": [], - "UseFullLine": false, - "Description": "Ignore array values" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "\\*{4,}", - "FileExtensions": [], - "UseFullLine": false, - "Description": "Ignore password='******', assuming at least 4 * consecutively" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)password ?[:=] ?(string|self|this)", - "FileExtensions": [], - "UseFullLine": false, - "Description": "Ignore field definition" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)\\bX{3,}\\b", - "FileExtensions": [], - "UseFullLine": false, - "Description": "Ignore placeholder values of XXX" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)\\b(true|false)\\b", - "FileExtensions": [], - "UseFullLine": false, - "Description": "Ignore password field definitions using true|false" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)(reset|change|update|forget|forgot|incorrect)[ \\.(password)]", - "FileExtensions": [], - "UseFullLine": true, - "Description": "Ignore password reset|change|update|forgot password strings" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)(['\"]#form\\.)", - "FileExtensions": [], - "UseFullLine": true, - "Description": "Ignore CF form placeholders" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)(['\"]password: ?['\"])", - "FileExtensions": [".js",".html"], - "UseFullLine": false, - "Description": "Ignore password patterns that appear to be script functions" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)(getvalue|setvalue|properties|property|constant| string |function|utils\\.|\\.get|\\(\\)| new | def | static |\\.of\\()", - "FileExtensions": [], - "UseFullLine": true, - "Description": "Ignore password patterns that appear to be script functions" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)({)", - "FileExtensions": [], - "UseFullLine": true, - "Description": "Ignore password patterns that appear to be script functions" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)\\btext\\b", - "FileExtensions": [".json"], - "UseFullLine": false, - "Description": "Ignore password field definition in json files" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "\\b(string|null|int|bool|float)\\b", - "FileExtensions": [], - "UseFullLine": true, - "Description": "Ignore variable types as password values" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)(password ?= ?[a-z]+\\.[a-z]*password)", - "FileExtensions": [], - "UseFullLine": true, - "Description": "Ignore variable definitions as password values" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)(password ?= ?.*password[a-z]*;)", - "FileExtensions": [], - "UseFullLine": true, - "Description": "Ignore variable definitions as password values" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)(\\];)", - "FileExtensions": [], - "UseFullLine": true, - "Description": "Ignore variable definitions as password values" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)(\\(\\))", - "FileExtensions": [".java",".js"], - "UseFullLine": true, - "Description": "Ignore variable definitions as password values" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)(\\);)", - "FileExtensions": [".java",".js"], - "UseFullLine": true, - "Description": "Ignore variable definitions as password values" - }, - { - "Codes": [1002,3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)(\"\\{[^ \\}]+\\}\")", - "FileExtensions": [], - "UseFullLine": true, - "Description": "Ignore variable definitions as password values" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "\\[(PASSWORD)\\]", - "FileExtensions": [".json", ".java", ".xml"], - "UseFullLine": false, - "Description": "Ignore bracketed passwords in XML/Java builds" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)(encrypted)", - "FileExtensions": [], - "UseFullLine": true, - "Description": "Ignore passwords that are likely encrypted values" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "(?i)(variable)", - "FileExtensions": [], - "UseFullLine": true, - "Description": "Ignore passwords that are likely variable assignments" - }, - - { - "Codes": [1002], - "Pattern": ".*", - "FileExtensions": [".json", ".xml", ".jsp", ".js", ".html", ".css", ".ftl", ".vm"], - "UseFullLine": false, - "Description": "Ignore default password 'password' in documents" - }, - { - "Codes": [3060], - "Pattern": "(?i)(mysql:\/\/|oracle:\/\/|odbc:\/\/|jdbc:\/\/)(.{0}|\\{\\}|X+)(:)(.{0}|\\{\\}|X+|password)@", - "FileExtensions": [], - "UseFullLine": false, - "Description": "Ignore placeholder proxy URLs, including 'http://:@proxy...', 'http://XXX:XXX@proxy...', and 'http://{}:{}@proxy...'" - }, - { - "Codes": [3017], - "Pattern": "(123-45-6789|078-05-1120|219-09-9999|123-12-1234|111-11-1111|222-22-2222|333-33-3333|444-44-4444|555-55-5555)", - "FileExtensions": [], - "UseFullLine": false, - "Description": "Ignore common test SSNs and invalid SSNs used in advertising" - }, - { - "Codes": [3001, 3003, 3004, 3005, 3006, 3007, 3008, 3021, 3022, 3026, 3027, 3029, 3032, 3033, 3034, 3035, 3036, 3037, 3049, 3057, 6001, 6002], - "Pattern": "[a-zA-Z_$][a-zA-Z_$0-9]*;?$", - "FileExtensions": [".go", ".py", ".php", ".java", ".js", ".yml", ".yaml", ".c", ".cpp", ".rb", ".groovy", "Jenkinsfile",".gradle", ".vb", ".pl1"], - "UseFullLine": false, - "Description": "Ignore variable references in source code (password = var)" - }, - { - "Codes": [2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013], - "Pattern":"(?i)