首頁 探索 說明
登入
LBP
/
gitleaks
镜像来自 https://github.com/gitleaks/gitleaks.git
4
0
複刻 0
檔案 問題管理 0 Wiki
瀏覽代碼

fix(aws-access-token): only match if correct length (#1584)

Previously, the rule matched for any long string
containing e.g. ASIA, ACCA somewhere,
as long as the next 16 chars were also uppercase letters.

This change checks for word boundaries before and after the secret.

Also the prefix (AKIA|ASIA|...) was moved from the non-capturing group
into the secret matching group,
since it is part of the token

fix(aws-access-token): non-capture for prefix

Review findings https://github.com/gitleaks/gitleaks/pull/1584/files#r1807793907
Ben-grmbl 1 年之前
父節點
b6e0eeeb0a
當前提交
a158e4fc15
共有 2 個文件被更改,包括 18 次插入11 次删除
分割檢視 顯示文件統計
  1. 17 10
      cmd/generate/config/rules/aws.go
  2. 1 1
      config/gitleaks.toml

文件差異過大導致無法顯示
+ 17 - 10
cmd/generate/config/rules/aws.go


+ 1 - 1
config/gitleaks.toml
查看文件 

@@ -153,7 +153,7 @@ keywords = [
 
 [[rules]]
 
 id = "aws-access-token"
 
 description = "Identified a pattern that may indicate AWS credentials, risking unauthorized cloud resource access and data breaches on AWS platforms."
 
-regex = '''(?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16}'''
 
+regex = '''\b((?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
 
 entropy = 3
 
 keywords = [
 
     "a3t",

部分文件因文件數量過多而無法顯示