Skip to content

Commit

Permalink
FB token [no ci]
Browse files Browse the repository at this point in the history
  • Loading branch information
@babenek
babenek committed Jul 7, 2024
1 parent d3cf4b8 commit 3344986
Show file tree
Hide file tree
Showing 10 changed files with 169 additions and 68 deletions.
23 changes: 19 additions & 4 deletions credsweeper/rules/config.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -232,11 +232,26 @@
confidence: moderate
type: pattern
values:
- (?<![0-9A-Za-z_+-])(?P<value>EAAC[0-9A-Za-z]{27,80})
- (?<![0-9A-Za-z_+-])(?P<value>EAA[0-9A-Za-z]{80,800})
filter_type: GeneralPattern
required_substrings:
- EAAC
min_line_len: 31
- EAA
min_line_len: 80
target:
- code
- doc

- name: Facebook App Token
severity: high
confidence: moderate
type: pattern
values:
- (?<![0-9A-Za-z_+-])(?P<value>[0-9]{12,18}\|[0-9A-Za-z_-]{24,28})(?![=0-9A-Za-z_+-])
filter_type: GeneralPattern
required_substrings:
- "|"
required_regex: "[0-9A-Za-z_/+-]{15}"
min_line_len: 33
target:
- code
- doc
Expand All @@ -246,7 +261,7 @@
confidence: moderate
type: pattern
values:
- (?i)((git)[0-9A-Za-z_-]{0,80}(token|key|api)[0-9A-Za-z_-]{0,80}(\s)*(=|:|:=)(\s)*(["']?)(?P<value>[a-z|\d]{40})(["']?))
- (?i)((git)[0-9A-Za-z_-]{0,80}(token|key|api)[0-9A-Za-z_-]{0,80}(\s)*(=|:|:=)(\s)*(["']?)(?P<value>[0-9a-z]{40})(["']?))
filter_type: GeneralPattern
use_ml: true
validations:
Expand Down
6 changes: 3 additions & 3 deletions tests/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,11 @@
NEGLIGIBLE_ML_THRESHOLD = 0.0001

# credentials count after scan
SAMPLES_CRED_COUNT: int = 424
SAMPLES_CRED_LINE_COUNT: int = 441
SAMPLES_CRED_COUNT: int = 425
SAMPLES_CRED_LINE_COUNT: int = 442

# credentials count after post-processing
SAMPLES_POST_CRED_COUNT: int = 382
SAMPLES_POST_CRED_COUNT: int = 383

# with option --doc
SAMPLES_IN_DOC = 407
Expand Down
61 changes: 44 additions & 17 deletions tests/data/depth_3.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7670,19 +7670,19 @@
"confidence": "moderate",
"line_data_list": [
{
"line": "GI_REO_GI_FACEBOOK_TOKEN = \"EAACEdEose0cBAlGy7KeQ5Yna9Coup39tiYdoQ4jHF\"",
"line": "GI_REO_GI_FACEBOOK_TOKEN = \"EAACEb00Kse0BAlGy7KeQ5YnaCEd09Eose0cBAlGy7KeQ5Yna9CoDsup39tiYdoQ4jH9Coup39tiYdWoQ4jHFZD\"",
"line_num": 1,
"path": "tests/samples/facebook_key",
"info": "tests/samples/facebook_key|RAW",
"value": "EAACEdEose0cBAlGy7KeQ5Yna9Coup39tiYdoQ4jHF",
"value": "EAACEb00Kse0BAlGy7KeQ5YnaCEd09Eose0cBAlGy7KeQ5Yna9CoDsup39tiYdoQ4jH9Coup39tiYdWoQ4jHFZD",
"value_start": 28,
"value_end": 70,
"value_end": 115,
"variable": null,
"variable_start": -2,
"variable_end": -2,
"entropy_validation": {
"iterator": "BASE64_CHARS",
"entropy": 4.766968315481371,
"entropy": 4.936120692057916,
"valid": true
}
}
Expand All @@ -7691,25 +7691,52 @@
{
"api_validation": "NOT_AVAILABLE",
"ml_validation": "VALIDATED_KEY",
"ml_probability": 0.84,
"ml_probability": 0.999,
"rule": "Token",
"severity": "medium",
"confidence": "moderate",
"line_data_list": [
{
"line": "GI_REO_GI_FACEBOOK_TOKEN = \"EAACEdEose0cBAlGy7KeQ5Yna9Coup39tiYdoQ4jHF\"",
"line": "GI_REO_GI_FACEBOOK_TOKEN = \"EAACEb00Kse0BAlGy7KeQ5YnaCEd09Eose0cBAlGy7KeQ5Yna9CoDsup39tiYdoQ4jH9Coup39tiYdWoQ4jHFZD\"",
"line_num": 1,
"path": "tests/samples/facebook_key",
"info": "tests/samples/facebook_key|RAW",
"value": "EAACEdEose0cBAlGy7KeQ5Yna9Coup39tiYdoQ4jHF",
"value": "EAACEb00Kse0BAlGy7KeQ5YnaCEd09Eose0cBAlGy7KeQ5Yna9CoDsup39tiYdoQ4jH9Coup39tiYdWoQ4jHFZD",
"value_start": 28,
"value_end": 70,
"value_end": 115,
"variable": "GI_REO_GI_FACEBOOK_TOKEN",
"variable_start": 0,
"variable_end": 24,
"entropy_validation": {
"iterator": "BASE64_CHARS",
"entropy": 4.766968315481371,
"entropy": 4.936120692057916,
"valid": true
}
}
]
},
{
"api_validation": "NOT_AVAILABLE",
"ml_validation": "NOT_AVAILABLE",
"ml_probability": null,
"rule": "Facebook App Token",
"severity": "high",
"confidence": "moderate",
"line_data_list": [
{
"line": "1527194624358273|qbBf2-fdB9zZpqLA0_2nNzZDw2M",
"line_num": 2,
"path": "tests/samples/facebook_key",
"info": "tests/samples/facebook_key|RAW",
"value": "1527194624358273|qbBf2-fdB9zZpqLA0_2nNzZDw2M",
"value_start": 0,
"value_end": 44,
"variable": null,
"variable_start": -2,
"variable_end": -2,
"entropy_validation": {
"iterator": "BASE36_CHARS",
"entropy": 3.2089099270924217,
"valid": true
}
}
Expand Down Expand Up @@ -12143,19 +12170,19 @@
"confidence": "moderate",
"line_data_list": [
{
"line": "the line will be found twice # 100 EAACEdEose0cBAlGy7KeQ5Yna9Coup39tiYdoQ4jHF",
"line": "the line will be found twice # 100 EAACEb00Kse0BAlGy7KeQ5YnaCEd09Eose0cBAlGy7KeQ5Yna9CoDsup39tiYdoQ4jH9Coup39tiYdWoQ4jHFZD",
"line_num": 97,
"path": "tests/samples/test.html",
"info": "tests/samples/test.html|HTML",
"value": "EAACEdEose0cBAlGy7KeQ5Yna9Coup39tiYdoQ4jHF",
"value": "EAACEb00Kse0BAlGy7KeQ5YnaCEd09Eose0cBAlGy7KeQ5Yna9CoDsup39tiYdoQ4jH9Coup39tiYdWoQ4jHFZD",
"value_start": 35,
"value_end": 77,
"value_end": 122,
"variable": null,
"variable_start": -2,
"variable_end": -2,
"entropy_validation": {
"iterator": "BASE64_CHARS",
"entropy": 4.766968315481371,
"entropy": 4.936120692057916,
"valid": true
}
}
Expand All @@ -12170,19 +12197,19 @@
"confidence": "moderate",
"line_data_list": [
{
"line": "the line will be found twice # 100 EAACEdEose0cBAlGy7KeQ5Yna9Coup39tiYdoQ4jHF",
"line": "the line will be found twice # 100 EAACEb00Kse0BAlGy7KeQ5YnaCEd09Eose0cBAlGy7KeQ5Yna9CoDsup39tiYdoQ4jH9Coup39tiYdWoQ4jHFZD",
"line_num": 100,
"path": "tests/samples/test.html",
"info": "tests/samples/test.html|HTML",
"value": "EAACEdEose0cBAlGy7KeQ5Yna9Coup39tiYdoQ4jHF",
"value": "EAACEb00Kse0BAlGy7KeQ5YnaCEd09Eose0cBAlGy7KeQ5Yna9CoDsup39tiYdoQ4jH9Coup39tiYdWoQ4jHFZD",
"value_start": 35,
"value_end": 77,
"value_end": 122,
"variable": null,
"variable_start": -2,
"variable_end": -2,
"entropy_validation": {
"iterator": "BASE64_CHARS",
"entropy": 4.766968315481371,
"entropy": 4.936120692057916,
"valid": true
}
}
Expand Down
40 changes: 20 additions & 20 deletions tests/data/doc.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10577,19 +10577,19 @@
"confidence": "moderate",
"line_data_list": [
{
"line": "GI_REO_GI_FACEBOOK_TOKEN = \"EAACEdEose0cBAlGy7KeQ5Yna9Coup39tiYdoQ4jHF\"",
"line": "GI_REO_GI_FACEBOOK_TOKEN = \"EAACEb00Kse0BAlGy7KeQ5YnaCEd09Eose0cBAlGy7KeQ5Yna9CoDsup39tiYdoQ4jH9Coup39tiYdWoQ4jHFZD\"",
"line_num": 1,
"path": "tests/samples/facebook_key",
"info": "tests/samples/facebook_key|RAW",
"value": "EAACEdEose0cBAlGy7KeQ5Yna9Coup39tiYdoQ4jHF",
"value": "EAACEb00Kse0BAlGy7KeQ5YnaCEd09Eose0cBAlGy7KeQ5Yna9CoDsup39tiYdoQ4jH9Coup39tiYdWoQ4jHFZD",
"value_start": 28,
"value_end": 70,
"value_end": 115,
"variable": null,
"variable_start": -2,
"variable_end": -2,
"entropy_validation": {
"iterator": "BASE64_CHARS",
"entropy": 4.766968315481371,
"entropy": 4.936120692057916,
"valid": true
}
}
Expand All @@ -10599,24 +10599,24 @@
"api_validation": "NOT_AVAILABLE",
"ml_validation": "NOT_AVAILABLE",
"ml_probability": null,
"rule": "SECRET_PAIR",
"severity": "medium",
"rule": "Facebook App Token",
"severity": "high",
"confidence": "moderate",
"line_data_list": [
{
"line": "GI_REO_GI_FACEBOOK_TOKEN = \"EAACEdEose0cBAlGy7KeQ5Yna9Coup39tiYdoQ4jHF\"",
"line_num": 1,
"line": "1527194624358273|qbBf2-fdB9zZpqLA0_2nNzZDw2M",
"line_num": 2,
"path": "tests/samples/facebook_key",
"info": "tests/samples/facebook_key|RAW",
"value": "EAACEdEose0cBAlGy7KeQ5Yna9Coup39tiYdoQ4jHF",
"value_start": 28,
"value_end": 70,
"variable": "TOKEN",
"variable_start": 19,
"variable_end": 24,
"value": "1527194624358273|qbBf2-fdB9zZpqLA0_2nNzZDw2M",
"value_start": 0,
"value_end": 44,
"variable": null,
"variable_start": -2,
"variable_end": -2,
"entropy_validation": {
"iterator": "BASE64_CHARS",
"entropy": 4.766968315481371,
"iterator": "BASE36_CHARS",
"entropy": 3.2089099270924217,
"valid": true
}
}
Expand Down Expand Up @@ -12776,19 +12776,19 @@
"confidence": "moderate",
"line_data_list": [
{
"line": "the line will be found twice # 100 EAACEdEose0cBAlGy7KeQ5Yna9Coup39tiYdoQ4jHF",
"line": "the line will be found twice # 100 EAACEb00Kse0BAlGy7KeQ5YnaCEd09Eose0cBAlGy7KeQ5Yna9CoDsup39tiYdoQ4jH9Coup39tiYdWoQ4jHFZD",
"line_num": 97,
"path": "tests/samples/test.html",
"info": "tests/samples/test.html|HTML",
"value": "EAACEdEose0cBAlGy7KeQ5Yna9Coup39tiYdoQ4jHF",
"value": "EAACEb00Kse0BAlGy7KeQ5YnaCEd09Eose0cBAlGy7KeQ5Yna9CoDsup39tiYdoQ4jH9Coup39tiYdWoQ4jHFZD",
"value_start": 35,
"value_end": 77,
"value_end": 122,
"variable": null,
"variable_start": -2,
"variable_end": -2,
"entropy_validation": {
"iterator": "BASE64_CHARS",
"entropy": 4.766968315481371,
"entropy": 4.936120692057916,
"valid": true
}
}
Expand Down
45 changes: 36 additions & 9 deletions tests/data/ml_threshold.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8304,19 +8304,19 @@
"confidence": "moderate",
"line_data_list": [
{
"line": "GI_REO_GI_FACEBOOK_TOKEN = \"EAACEdEose0cBAlGy7KeQ5Yna9Coup39tiYdoQ4jHF\"",
"line": "GI_REO_GI_FACEBOOK_TOKEN = \"EAACEb00Kse0BAlGy7KeQ5YnaCEd09Eose0cBAlGy7KeQ5Yna9CoDsup39tiYdoQ4jH9Coup39tiYdWoQ4jHFZD\"",
"line_num": 1,
"path": "tests/samples/facebook_key",
"info": "",
"value": "EAACEdEose0cBAlGy7KeQ5Yna9Coup39tiYdoQ4jHF",
"value": "EAACEb00Kse0BAlGy7KeQ5YnaCEd09Eose0cBAlGy7KeQ5Yna9CoDsup39tiYdoQ4jH9Coup39tiYdWoQ4jHFZD",
"value_start": 28,
"value_end": 70,
"value_end": 115,
"variable": null,
"variable_start": -2,
"variable_end": -2,
"entropy_validation": {
"iterator": "BASE64_CHARS",
"entropy": 4.766968315481371,
"entropy": 4.936120692057916,
"valid": true
}
}
Expand All @@ -8325,25 +8325,52 @@
{
"api_validation": "NOT_AVAILABLE",
"ml_validation": "VALIDATED_KEY",
"ml_probability": 0.84,
"ml_probability": 0.999,
"rule": "Token",
"severity": "medium",
"confidence": "moderate",
"line_data_list": [
{
"line": "GI_REO_GI_FACEBOOK_TOKEN = \"EAACEdEose0cBAlGy7KeQ5Yna9Coup39tiYdoQ4jHF\"",
"line": "GI_REO_GI_FACEBOOK_TOKEN = \"EAACEb00Kse0BAlGy7KeQ5YnaCEd09Eose0cBAlGy7KeQ5Yna9CoDsup39tiYdoQ4jH9Coup39tiYdWoQ4jHFZD\"",
"line_num": 1,
"path": "tests/samples/facebook_key",
"info": "",
"value": "EAACEdEose0cBAlGy7KeQ5Yna9Coup39tiYdoQ4jHF",
"value": "EAACEb00Kse0BAlGy7KeQ5YnaCEd09Eose0cBAlGy7KeQ5Yna9CoDsup39tiYdoQ4jH9Coup39tiYdWoQ4jHFZD",
"value_start": 28,
"value_end": 70,
"value_end": 115,
"variable": "GI_REO_GI_FACEBOOK_TOKEN",
"variable_start": 0,
"variable_end": 24,
"entropy_validation": {
"iterator": "BASE64_CHARS",
"entropy": 4.766968315481371,
"entropy": 4.936120692057916,
"valid": true
}
}
]
},
{
"api_validation": "NOT_AVAILABLE",
"ml_validation": "NOT_AVAILABLE",
"ml_probability": null,
"rule": "Facebook App Token",
"severity": "high",
"confidence": "moderate",
"line_data_list": [
{
"line": "1527194624358273|qbBf2-fdB9zZpqLA0_2nNzZDw2M",
"line_num": 2,
"path": "tests/samples/facebook_key",
"info": "",
"value": "1527194624358273|qbBf2-fdB9zZpqLA0_2nNzZDw2M",
"value_start": 0,
"value_end": 44,
"variable": null,
"variable_start": -2,
"variable_end": -2,
"entropy_validation": {
"iterator": "BASE36_CHARS",
"entropy": 3.2089099270924217,
"valid": true
}
}
Expand Down
Loading

0 comments on commit 3344986

Please sign in to comment.