From 405fb06772c19e86e744b4a47e2cc6f57ce1b4df Mon Sep 17 00:00:00 2001 From: Roman Babenko Date: Wed, 8 Jan 2025 13:06:15 +0200 Subject: [PATCH] Azure Storage Account Key (#649) --- credsweeper/rules/config.yaml | 17 +++++++++++++++++ tests/__init__.py | 4 ++-- tests/data/depth_3.json | 26 ++++++++++++++++++++++++++ tests/data/doc.json | 26 ++++++++++++++++++++++++++ tests/data/ml_threshold.json | 26 ++++++++++++++++++++++++++ tests/data/output.json | 26 ++++++++++++++++++++++++++ tests/samples/azure_access_token | 6 +++++- 7 files changed, 128 insertions(+), 3 deletions(-) diff --git a/credsweeper/rules/config.yaml b/credsweeper/rules/config.yaml index aeb42db7f..d97368667 100644 --- a/credsweeper/rules/config.yaml +++ b/credsweeper/rules/config.yaml @@ -953,6 +953,23 @@ - code - doc +- name: Azure Storage Account Key + severity: high + confidence: moderate + type: pattern + values: + - (?:(?[0-9A-Za-z]{52}JQQJ9[9DH][0-9A-Za-z]{26}([0-9A-Za-z=]{4})?)(?![0-9A-Za-z_/+-]) + min_line_len: 80 + filter_type: + - ValuePatternCheck(17) + required_substrings: + - JQQJ99 + - JQQJ9D + - JQQJ9H + target: + - code + - doc + - name: Bitbucket App Password severity: high confidence: strong diff --git a/tests/__init__.py b/tests/__init__.py index 240a55608..8e287ed24 100644 --- a/tests/__init__.py +++ b/tests/__init__.py @@ -7,7 +7,7 @@ NEGLIGIBLE_ML_THRESHOLD = 0.0001 # credentials count after scan with negligible ML threshold -SAMPLES_CRED_COUNT = 429 +SAMPLES_CRED_COUNT = 430 SAMPLES_CRED_LINE_COUNT = SAMPLES_CRED_COUNT + 19 # Number of filtered credentials with ML @@ -17,7 +17,7 @@ SAMPLES_POST_CRED_COUNT = SAMPLES_CRED_COUNT - ML_FILTERED # with option --doc -SAMPLES_IN_DOC = 675 +SAMPLES_IN_DOC = 676 # archived credentials that are not found without --depth SAMPLES_IN_DEEP_1 = SAMPLES_POST_CRED_COUNT + 35 diff --git a/tests/data/depth_3.json b/tests/data/depth_3.json index e483a0fb1..c8096e8aa 100644 --- a/tests/data/depth_3.json +++ b/tests/data/depth_3.json @@ -1218,6 +1218,32 @@ } ] }, + { + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Azure Storage Account Key", + "severity": "high", + "confidence": "moderate", + "line_data_list": [ + { + "line": "t 189shdhgr893rgdg74sdsdfkksdhtg87dyfwegjddshjhsgjsgdhJQQJ99ALACAAAAAAAAAAAAASAZDO1e4drs==", + "line_num": 5, + "path": "./tests/samples/azure_access_token", + "info": "./tests/samples/azure_access_token|RAW", + "value": "189shdhgr893rgdg74sdsdfkksdhtg87dyfwegjddshjhsgjsgdhJQQJ99ALACAAAAAAAAAAAAASAZDO1e4drs==", + "value_start": 2, + "value_end": 90, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE64STDPAD_CHARS", + "entropy": 4.224827040068046, + "valid": false + } + } + ] + }, { "ml_validation": "NOT_AVAILABLE", "ml_probability": null, diff --git a/tests/data/doc.json b/tests/data/doc.json index 625a56e2f..67c435d79 100644 --- a/tests/data/doc.json +++ b/tests/data/doc.json @@ -899,6 +899,32 @@ } ] }, + { + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Azure Storage Account Key", + "severity": "high", + "confidence": "moderate", + "line_data_list": [ + { + "line": "t 189shdhgr893rgdg74sdsdfkksdhtg87dyfwegjddshjhsgjsgdhJQQJ99ALACAAAAAAAAAAAAASAZDO1e4drs==", + "line_num": 5, + "path": "./tests/samples/azure_access_token", + "info": "./tests/samples/azure_access_token|RAW", + "value": "189shdhgr893rgdg74sdsdfkksdhtg87dyfwegjddshjhsgjsgdhJQQJ99ALACAAAAAAAAAAAAASAZDO1e4drs==", + "value_start": 2, + "value_end": 90, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE64STDPAD_CHARS", + "entropy": 4.224827040068046, + "valid": false + } + } + ] + }, { "ml_validation": "NOT_AVAILABLE", "ml_probability": null, diff --git a/tests/data/ml_threshold.json b/tests/data/ml_threshold.json index 8695be545..494001c64 100644 --- a/tests/data/ml_threshold.json +++ b/tests/data/ml_threshold.json @@ -1107,6 +1107,32 @@ } ] }, + { + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Azure Storage Account Key", + "severity": "high", + "confidence": "moderate", + "line_data_list": [ + { + "line": "t 189shdhgr893rgdg74sdsdfkksdhtg87dyfwegjddshjhsgjsgdhJQQJ99ALACAAAAAAAAAAAAASAZDO1e4drs==", + "line_num": 5, + "path": "./tests/samples/azure_access_token", + "info": "", + "value": "189shdhgr893rgdg74sdsdfkksdhtg87dyfwegjddshjhsgjsgdhJQQJ99ALACAAAAAAAAAAAAASAZDO1e4drs==", + "value_start": 2, + "value_end": 90, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE64STDPAD_CHARS", + "entropy": 4.224827040068046, + "valid": false + } + } + ] + }, { "ml_validation": "NOT_AVAILABLE", "ml_probability": null, diff --git a/tests/data/output.json b/tests/data/output.json index e3a47f510..05ee9bf0d 100644 --- a/tests/data/output.json +++ b/tests/data/output.json @@ -1081,6 +1081,32 @@ } ] }, + { + "ml_validation": "NOT_AVAILABLE", + "ml_probability": null, + "rule": "Azure Storage Account Key", + "severity": "high", + "confidence": "moderate", + "line_data_list": [ + { + "line": "t 189shdhgr893rgdg74sdsdfkksdhtg87dyfwegjddshjhsgjsgdhJQQJ99ALACAAAAAAAAAAAAASAZDO1e4drs==", + "line_num": 5, + "path": "./tests/samples/azure_access_token", + "info": "", + "value": "189shdhgr893rgdg74sdsdfkksdhtg87dyfwegjddshjhsgjsgdhJQQJ99ALACAAAAAAAAAAAAASAZDO1e4drs==", + "value_start": 2, + "value_end": 90, + "variable": null, + "variable_start": -2, + "variable_end": -2, + "entropy_validation": { + "iterator": "BASE64STDPAD_CHARS", + "entropy": 4.224827040068046, + "valid": false + } + } + ] + }, { "ml_validation": "NOT_AVAILABLE", "ml_probability": null, diff --git a/tests/samples/azure_access_token b/tests/samples/azure_access_token index d85be0700..42e4932a1 100644 --- a/tests/samples/azure_access_token +++ b/tests/samples/azure_access_token @@ -1,3 +1,7 @@ eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Imk2bEdrM0ZaenhSY1ViMkMzbkVRN3N5SEpsWSIsImtpZCI6Imk2bEdrM0ZaenhSY1ViMkMzbkVRN3N5SEpsWSJ9.eyJhdWQiOiJlZjFkYTlkNC1mZjc3LTRjM2UtYTAwNS04NDBjM2Y4MzA3NDUiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC9mYTE1ZDY5Mi1lOWM3LTQ0NjAtYTc0My0yOWYyOTUyMjIyOS8iLCJpYXQiOjE1MzcyMzMxMDYsIm5iZiI6MTUzNzIzMzEwNiwiZXhwIjoxNTM3MjM3MDA2LCJhY3IiOiIxIiwiYWlvIjoiQVhRQWkvOElBQUFBRm0rRS9RVEcrZ0ZuVnhMaldkdzhLKzYxQUdyU091TU1GNmViYU1qN1hPM0libUQzZkdtck95RCtOdlp5R24yVmFUL2tES1h3NE1JaHJnR1ZxNkJuOHdMWG9UMUxrSVorRnpRVmtKUFBMUU9WNEtjWHFTbENWUERTL0RpQ0RnRTIyMlRJbU12V05hRU1hVU9Uc0lHdlRRPT0iLCJhbXIiOlsid2lhIl0sImFwcGlkIjoiNzVkYmU3N2YtMTBhMy00ZTU5LTg1ZmQtOGMxMjc1NDRmMTdjIiwiYXBwaWRhY3IiOiIwIiwiZW1haWwiOiJBYmVMaUBtaWNyb3NvZnQuY29tIiwiZmFtaWx5X25hbWUiOiJMaW5jb2xuIiwiZ2l2ZW5fbmFtZSI6IkFiZSAoTVNGVCkiLCJpZHAiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC83MmY5ODhiZi04NmYxLTQxYWYtOTFhYi0yZDdjZDAxMjIyNDcvIiwiaXBhZGRyIjoiMjIyLjIyMi4yMjIuMjIiLCJuYW1lIjoiYWJlbGkiLCJvaWQiOiIwMjIyM2I2Yi1hYTFkLTQyZDQtOWVjMC0xYjJiYjkxOTQ0MzgiLCJyaCI6IkkiLCJzY3AiOiJ1c2VyX2ltcGVyc29uYXRpb24iLCJzdWIiOiJsM19yb0lTUVUyMjJiVUxTOXlpMmswWHBxcE9pTXo1SDNaQUNvMUdlWEEiLCJ0aWQiOiJmYTE1ZDY5Mi1lOWM3LTQ0NjAtYTc0My0yOWYyOTU2ZmQ0MjkiLCJ1bmlxdWVfbmFtZSI6ImFiZWxpQG1pY3Jvc29mdC5jb20iLCJ1dGkiOiJGVnNHeFlYSTMwLVR1aWt1dVVvRkFBIiwidmVyIjoiMS4wIn0.D3H6pMUtQnoJAGq6AHd eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Imk2bEdrM0ZaenhSY1ViMkMzbkVRN3N5SEpsWSJ9.eyJhdWQiOiI2ZTc0MTcyYi1iZTU2LTQ4NDMtOWZmNC1lNjZhMzliYjEyZTMiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vNzJmOTg4YmYtODZmMS00MWFmLTkxYWItMmQ3Y2QwMTFkYjQ3L3YyLjAiLCJpYXQiOjE1MzcyMzEwNDgsIm5iZiI6MTUzNzIzMTA0OCwiZXhwIjoxNTM3MjM0OTQ4LCJhaW8iOiJBWFFBaS84SUFBQUF0QWFaTG8zQ2hNaWY2S09udHRSQjdlQnE0L0RjY1F6amNKR3hQWXkvQzNqRGFOR3hYZDZ3TklJVkdSZ2hOUm53SjFsT2NBbk5aY2p2a295ckZ4Q3R0djMzMTQwUmlvT0ZKNGJDQ0dWdW9DYWcxdU9UVDIyMjIyZ0h3TFBZUS91Zjc5UVgrMEtJaWpkcm1wNjlSY3R6bVE9PSIsImF6cCI6IjZlNzQxNzJiLWJlNTYtNDg0My05ZmY0LWU2NmEzOWJiMTJlMyIsImF6cGFjciI6IjAiLCJuYW1lIjoiQWJlIExpbmNvbG4iLCJvaWQiOiI2OTAyMjJiZS1mZjFhLTRkNTYtYWJkMS03ZTRmN2QzOGU0NzQiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhYmVsaUBtaWNyb3NvZnQuY29tIiwicmgiOiJJIiwic2NwIjoiYWNjZXNzX2FzX3VzZXIiLCJzdWIiOiJIS1pwZmFIeVdhZGVPb3VZbGl0anJJLUtmZlRtMjIyWDVyclYzeERxZktRIiwidGlkIjoiNzJmOTg4YmYtODZmMS00MWFmLTkxYWItMmQ3Y2QwMTFkYjQ3IiwidXRpIjoiZnFpQnFYTFBqMGVRYTgyUy1JWUZBQSIsInZlciI6IjIuMCJ9.pj4N-w_3Us9DrBLfpCt -^^^ examples from https://learn.microsoft.com/en-us/entra/identity-platform/access-tokens \ No newline at end of file +^^^ examples from https://learn.microsoft.com/en-us/entra/identity-platform/access-tokens + +t 189shdhgr893rgdg74sdsdfkksdhtg87dyfwegjddshjhsgjsgdhJQQJ99ALACAAAAAAAAAAAAASAZDO1e4drs== + +f ooooooooooooooooooooooooooooooooooooooooooooooooooooJQQJ99AEAAAAAAAAAAAAAAAAAZFURg67