Inicio Explorar Axuda
Iniciar sesión
LBP
/
gitleaks
réplica de https://github.com/gitleaks/gitleaks.git
4
0
Fork 0
Ficheiros Incidencias 0 Wiki
Explorar o código

fix(aws-access-token): only match if correct length (#1584)

Previously, the rule matched for any long string
containing e.g. ASIA, ACCA somewhere,
as long as the next 16 chars were also uppercase letters.

This change checks for word boundaries before and after the secret.

Also the prefix (AKIA|ASIA|...) was moved from the non-capturing group
into the secret matching group,
since it is part of the token

fix(aws-access-token): non-capture for prefix

Review findings https://github.com/gitleaks/gitleaks/pull/1584/files#r1807793907
Ben-grmbl hai 1 ano
pai
b6e0eeeb0a
achega
a158e4fc15
Modificáronse 2 ficheiros con 18 adicións e 11 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 17 10
      cmd/generate/config/rules/aws.go
  2. 1 1
      config/gitleaks.toml

A diferenza do arquivo foi suprimida porque é demasiado grande
+ 17 - 10
cmd/generate/config/rules/aws.go


+ 1 - 1
config/gitleaks.toml
Ver ficheiro 

@@ -153,7 +153,7 @@ keywords = [
 
 [[rules]]
 
 id = "aws-access-token"
 
 description = "Identified a pattern that may indicate AWS credentials, risking unauthorized cloud resource access and data breaches on AWS platforms."
 
-regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
 
+regex = '''\b((?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
 
 entropy = 3
 
 keywords = [
 
     "a3t",

Algúns arquivos non se mostraron porque demasiados arquivos cambiaron neste cambio