From 0eaacbd4ec7ca2d9341105e2c9361035aa1cb24e Mon Sep 17 00:00:00 2001 From: Wilian Gabriel Date: Thu, 17 Mar 2022 08:33:50 -0300 Subject: [PATCH] leaks:chore - Adding improvements on leaks rules In this commit I changed to add Safe and Unsafe code in all rules of the leaks. Reference from issue #630 and #1020. Signed-off-by: Wilian Gabriel --- internal/services/engines/leaks/rules.go | 336 +++++++------ internal/services/engines/leaks/rules_test.go | 171 ++++--- .../leaks/{samples_test.go => samples.go} | 447 ++++++++---------- 3 files changed, 478 insertions(+), 476 deletions(-) rename internal/services/engines/leaks/{samples_test.go => samples.go} (92%) diff --git a/internal/services/engines/leaks/rules.go b/internal/services/engines/leaks/rules.go index 4df42df18..f69b5786b 100644 --- a/internal/services/engines/leaks/rules.go +++ b/internal/services/engines/leaks/rules.go @@ -26,11 +26,13 @@ import ( func NewAWSManagerID() *text.Rule { return &text.Rule{ Metadata: engine.Metadata{ - ID: "HS-LEAKS-1", - Name: "AWS Manager ID", - Description: "When use AWS Manager ID is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-798 (https://cwe.mitre.org/data/definitions/798.html) advisory.", - Severity: severities.Critical.ToString(), - Confidence: confidence.Medium.ToString(), + ID: "HS-LEAKS-1", + Name: "AWS Manager ID", + Description: "When use AWS Manager ID is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-798 (https://cwe.mitre.org/data/definitions/798.html) advisory.", + Severity: severities.Critical.ToString(), + Confidence: confidence.Medium.ToString(), + SafeExample: SampleSafeHSLEAKS1, + UnsafeExample: SampleVulnerableHSLEAKS1, }, Type: text.Regular, Expressions: []*regexp.Regexp{ @@ -42,11 +44,13 @@ func NewAWSManagerID() *text.Rule { func NewAWSSecretKey() *text.Rule { return &text.Rule{ Metadata: engine.Metadata{ - ID: "HS-LEAKS-2", - Name: "AWS Secret Key", - Description: "When use AWS Secret Key is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-798 (https://cwe.mitre.org/data/definitions/798.html) advisory.", - Severity: severities.Critical.ToString(), - Confidence: confidence.Medium.ToString(), + ID: "HS-LEAKS-2", + Name: "AWS Secret Key", + Description: "When use AWS Secret Key is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-798 (https://cwe.mitre.org/data/definitions/798.html) advisory.", + Severity: severities.Critical.ToString(), + Confidence: confidence.Medium.ToString(), + SafeExample: SampleSafeHSLEAKS2, + UnsafeExample: SampleVulnerableHSLEAKS2, }, Type: text.Regular, Expressions: []*regexp.Regexp{ @@ -59,11 +63,13 @@ func NewAWSSecretKey() *text.Rule { func NewAWSMWSKey() *text.Rule { return &text.Rule{ Metadata: engine.Metadata{ - ID: "HS-LEAKS-3", - Name: "AWS MWS key", - Description: "When use AWS MWS key is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-798 (https://cwe.mitre.org/data/definitions/798.html) advisory.", - Severity: severities.Critical.ToString(), - Confidence: confidence.Medium.ToString(), + ID: "HS-LEAKS-3", + Name: "AWS MWS key", + Description: "When use AWS MWS key is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-798 (https://cwe.mitre.org/data/definitions/798.html) advisory.", + Severity: severities.Critical.ToString(), + Confidence: confidence.Medium.ToString(), + SafeExample: SampleSafeHSLEAKS3, + UnsafeExample: SampleVulnerableHSLEAKS3, }, Type: text.Regular, Expressions: []*regexp.Regexp{ @@ -75,11 +81,13 @@ func NewAWSMWSKey() *text.Rule { func NewFacebookSecretKey() *text.Rule { return &text.Rule{ Metadata: engine.Metadata{ - ID: "HS-LEAKS-4", - Name: "Facebook Secret Key", - Description: "When use Facebook Secret Key is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", - Severity: severities.Critical.ToString(), - Confidence: confidence.Medium.ToString(), + ID: "HS-LEAKS-4", + Name: "Facebook Secret Key", + Description: "When use Facebook Secret Key is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", + Severity: severities.Critical.ToString(), + Confidence: confidence.Medium.ToString(), + SafeExample: SampleSafeHSLEAKS4, + UnsafeExample: SampleVulnerableHSLEAKS4, }, Type: text.Regular, Expressions: []*regexp.Regexp{ @@ -91,11 +99,13 @@ func NewFacebookSecretKey() *text.Rule { func NewFacebookClientID() *text.Rule { return &text.Rule{ Metadata: engine.Metadata{ - ID: "HS-LEAKS-5", - Name: "Facebook Client ID", - Description: "When use Facebook Client ID is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", - Severity: severities.Critical.ToString(), - Confidence: confidence.Medium.ToString(), + ID: "HS-LEAKS-5", + Name: "Facebook Client ID", + Description: "When use Facebook Client ID is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", + Severity: severities.Critical.ToString(), + Confidence: confidence.Medium.ToString(), + SafeExample: SampleSafeHSLEAKS5, + UnsafeExample: SampleVulnerableHSLEAKS5, }, Type: text.Regular, Expressions: []*regexp.Regexp{ @@ -107,11 +117,13 @@ func NewFacebookClientID() *text.Rule { func NewTwitterSecretKey() *text.Rule { return &text.Rule{ Metadata: engine.Metadata{ - ID: "HS-LEAKS-6", - Name: "Twitter Secret Key", - Description: "When use Twitter Secret Key is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", - Severity: severities.Critical.ToString(), - Confidence: confidence.Medium.ToString(), + ID: "HS-LEAKS-6", + Name: "Twitter Secret Key", + Description: "When use Twitter Secret Key is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", + Severity: severities.Critical.ToString(), + Confidence: confidence.Medium.ToString(), + SafeExample: SampleSafeHSLEAKS6, + UnsafeExample: SampleVulnerableHSLEAKS6, }, Type: text.Regular, Expressions: []*regexp.Regexp{ @@ -123,11 +135,13 @@ func NewTwitterSecretKey() *text.Rule { func NewTwitterClientID() *text.Rule { return &text.Rule{ Metadata: engine.Metadata{ - ID: "HS-LEAKS-7", - Name: "Twitter Client ID", - Description: "When use Twitter Client ID is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", - Severity: severities.Critical.ToString(), - Confidence: confidence.Medium.ToString(), + ID: "HS-LEAKS-7", + Name: "Twitter Client ID", + Description: "When use Twitter Client ID is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", + Severity: severities.Critical.ToString(), + Confidence: confidence.Medium.ToString(), + SafeExample: SampleSafeHSLEAKS7, + UnsafeExample: SampleVulnerableHSLEAKS7, }, Type: text.Regular, Expressions: []*regexp.Regexp{ @@ -139,11 +153,13 @@ func NewTwitterClientID() *text.Rule { func NewGithub() *text.Rule { return &text.Rule{ Metadata: engine.Metadata{ - ID: "HS-LEAKS-8", - Name: "Github", - Description: "A GitHub access token was found. This pose a critical threat against your organization since it can give access not only to the platform itself and all the members of your (perhaps private) organization to feed more accurate spear phishing attacks but also to actual source code from your applications. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", - Severity: severities.Critical.ToString(), - Confidence: confidence.Medium.ToString(), + ID: "HS-LEAKS-8", + Name: "Github", + Description: "A GitHub access token was found. This pose a critical threat against your organization since it can give access not only to the platform itself and all the members of your (perhaps private) organization to feed more accurate spear phishing attacks but also to actual source code from your applications. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", + Severity: severities.Critical.ToString(), + Confidence: confidence.Medium.ToString(), + SafeExample: SampleSafeHSLEAKS8, + UnsafeExample: SampleVulnerableHSLEAKS8, }, Type: text.Regular, Expressions: []*regexp.Regexp{ @@ -155,11 +171,13 @@ func NewGithub() *text.Rule { func NewLinkedInClientID() *text.Rule { return &text.Rule{ Metadata: engine.Metadata{ - ID: "HS-LEAKS-9", - Name: "LinkedIn Client ID", - Description: "When use LinkedIn Client ID is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", - Severity: severities.Critical.ToString(), - Confidence: confidence.Medium.ToString(), + ID: "HS-LEAKS-9", + Name: "LinkedIn Client ID", + Description: "When use LinkedIn Client ID is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", + Severity: severities.Critical.ToString(), + Confidence: confidence.Medium.ToString(), + SafeExample: SampleSafeHSLEAKS9, + UnsafeExample: SampleVulnerableHSLEAKS9, }, Type: text.Regular, Expressions: []*regexp.Regexp{ @@ -171,11 +189,13 @@ func NewLinkedInClientID() *text.Rule { func NewLinkedInSecretKey() *text.Rule { return &text.Rule{ Metadata: engine.Metadata{ - ID: "HS-LEAKS-10", - Name: "LinkedIn Secret Key", - Description: "When use LinkedIn Secret Key is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", - Severity: severities.Critical.ToString(), - Confidence: confidence.Medium.ToString(), + ID: "HS-LEAKS-10", + Name: "LinkedIn Secret Key", + Description: "When use LinkedIn Secret Key is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", + Severity: severities.Critical.ToString(), + Confidence: confidence.Medium.ToString(), + SafeExample: SampleSafeHSLEAKS10, + UnsafeExample: SampleVulnerableHSLEAKS10, }, Type: text.Regular, Expressions: []*regexp.Regexp{ @@ -187,11 +207,13 @@ func NewLinkedInSecretKey() *text.Rule { func NewSlack() *text.Rule { return &text.Rule{ Metadata: engine.Metadata{ - ID: "HS-LEAKS-11", - Name: "Slack", - Description: "A hardcoded credential for your company's Slack can pose a huge threat to the safety and image of your company, since, in the wrong hands, this could lead to data leaking, a high chance of a successful spear phishing attacks and even access to logs and other development related conversations that could leverage a more critical attack. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", - Severity: severities.Critical.ToString(), - Confidence: confidence.Medium.ToString(), + ID: "HS-LEAKS-11", + Name: "Slack", + Description: "A hardcoded credential for your company's Slack can pose a huge threat to the safety and image of your company, since, in the wrong hands, this could lead to data leaking, a high chance of a successful spear phishing attacks and even access to logs and other development related conversations that could leverage a more critical attack. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", + Severity: severities.Critical.ToString(), + Confidence: confidence.Medium.ToString(), + SafeExample: SampleSafeHSLEAKS11, + UnsafeExample: SampleVulnerableHSLEAKS11, }, Type: text.Regular, Expressions: []*regexp.Regexp{ @@ -204,11 +226,13 @@ func NewSlack() *text.Rule { func NewAsymmetricPrivateKey() *text.Rule { return &text.Rule{ Metadata: engine.Metadata{ - ID: "HS-LEAKS-12", - Name: "Asymmetric Private Key", - Description: "Found SSH and/or x.509 Cerficates among the files of your project, make sure you want this kind of information inside your Git repo, since it can be missused by someone with access to any kind of copy. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", - Severity: severities.Critical.ToString(), - Confidence: confidence.Medium.ToString(), + ID: "HS-LEAKS-12", + Name: "Asymmetric Private Key", + Description: "Found SSH and/or x.509 Cerficates among the files of your project, make sure you want this kind of information inside your Git repo, since it can be missused by someone with access to any kind of copy. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", + Severity: severities.Critical.ToString(), + Confidence: confidence.Medium.ToString(), + SafeExample: SampleSafeHSLEAKS12, + UnsafeExample: SampleVulnerableHSLEAKS12, }, Type: text.Regular, Expressions: []*regexp.Regexp{ @@ -221,11 +245,13 @@ func NewAsymmetricPrivateKey() *text.Rule { func NewGoogleAPIKey() *text.Rule { return &text.Rule{ Metadata: engine.Metadata{ - ID: "HS-LEAKS-13", - Name: "Google API key", - Description: "When use Google API key is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", - Severity: severities.Critical.ToString(), - Confidence: confidence.Medium.ToString(), + ID: "HS-LEAKS-13", + Name: "Google API key", + Description: "When use Google API key is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", + Severity: severities.Critical.ToString(), + Confidence: confidence.Medium.ToString(), + SafeExample: SampleSafeHSLEAKS13, + UnsafeExample: SampleVulnerableHSLEAKS13, }, Type: text.Regular, Expressions: []*regexp.Regexp{ @@ -238,11 +264,13 @@ func NewGoogleAPIKey() *text.Rule { func NewGoogleGCPServiceAccount() *text.Rule { return &text.Rule{ Metadata: engine.Metadata{ - ID: "HS-LEAKS-14", - Name: "Google (GCP) Service Account", - Description: "When use Google (GCP) Service Account is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", - Severity: severities.Critical.ToString(), - Confidence: confidence.Medium.ToString(), + ID: "HS-LEAKS-14", + Name: "Google (GCP) Service Account", + Description: "When use Google (GCP) Service Account is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", + Severity: severities.Critical.ToString(), + Confidence: confidence.Medium.ToString(), + SafeExample: SampleSafeHSLEAKS14, + UnsafeExample: SampleVulnerableHSLEAKS14, }, Type: text.Regular, Expressions: []*regexp.Regexp{ @@ -256,11 +284,13 @@ func NewGoogleGCPServiceAccount() *text.Rule { func NewHerokuAPIKey() *text.Rule { return &text.Rule{ Metadata: engine.Metadata{ - ID: "HS-LEAKS-15", - Name: "Heroku API key", - Description: "Hardcoded credentials pose a huge threat to your cloud provider account since you can lose control over who can access some resources, which can lead not only to data access violation but also to improper usage of resources leading to a financial loss. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", - Severity: severities.Critical.ToString(), - Confidence: confidence.Medium.ToString(), + ID: "HS-LEAKS-15", + Name: "Heroku API key", + Description: "Hardcoded credentials pose a huge threat to your cloud provider account since you can lose control over who can access some resources, which can lead not only to data access violation but also to improper usage of resources leading to a financial loss. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", + Severity: severities.Critical.ToString(), + Confidence: confidence.Medium.ToString(), + SafeExample: SampleSafeHSLEAKS15, + UnsafeExample: SampleVulnerableHSLEAKS15, }, Type: text.Regular, Expressions: []*regexp.Regexp{ @@ -272,11 +302,13 @@ func NewHerokuAPIKey() *text.Rule { func NewMailChimpAPIKey() *text.Rule { return &text.Rule{ Metadata: engine.Metadata{ - ID: "HS-LEAKS-16", - Name: "MailChimp API key", - Description: "Mail and/or SMS providers are a huge entrypoint for more sophisticated attacks or even attacks focused on damaging a brand's reputation. Leaving them in your source code will lead your team to lost track of who can access and personificate your company or application. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", - Severity: severities.Critical.ToString(), - Confidence: confidence.Medium.ToString(), + ID: "HS-LEAKS-16", + Name: "MailChimp API key", + Description: "Mail and/or SMS providers are a huge entrypoint for more sophisticated attacks or even attacks focused on damaging a brand's reputation. Leaving them in your source code will lead your team to lost track of who can access and personificate your company or application. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", + Severity: severities.Critical.ToString(), + Confidence: confidence.Medium.ToString(), + SafeExample: SampleSafeHSLEAKS16, + UnsafeExample: SampleVulnerableHSLEAKS16, }, Type: text.Regular, Expressions: []*regexp.Regexp{ @@ -288,11 +320,13 @@ func NewMailChimpAPIKey() *text.Rule { func NewMailgunAPIKey() *text.Rule { return &text.Rule{ Metadata: engine.Metadata{ - ID: "HS-LEAKS-17", - Name: "Mailgun API key", - Description: "Mail and/or SMS providers are a huge entrypoint for more sophisticated attacks or even attacks focused on damaging a brand's reputation. Leaving them in your source code will lead your team to lost track of who can access and personificate your company or application. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", - Severity: severities.Critical.ToString(), - Confidence: confidence.Medium.ToString(), + ID: "HS-LEAKS-17", + Name: "Mailgun API key", + Description: "Mail and/or SMS providers are a huge entrypoint for more sophisticated attacks or even attacks focused on damaging a brand's reputation. Leaving them in your source code will lead your team to lost track of who can access and personificate your company or application. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", + Severity: severities.Critical.ToString(), + Confidence: confidence.Medium.ToString(), + SafeExample: SampleSafeHSLEAKS17, + UnsafeExample: SampleVulnerableHSLEAKS17, }, Type: text.Regular, Expressions: []*regexp.Regexp{ @@ -304,11 +338,13 @@ func NewMailgunAPIKey() *text.Rule { func NewPayPalBraintreeAccessToken() *text.Rule { return &text.Rule{ Metadata: engine.Metadata{ - ID: "HS-LEAKS-18", - Name: "PayPal Braintree access token", - Description: "Payment providers are the barebones of your companies monetization so it is a absolutely disaster if any of this tokens fall in wrong hands since they can provide access to crucial information about your company, and in worst case scenarios even lead to big financial loss. It's important to keep this kind of info in some form of secret manager, e.g Hashicorp's Vault. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", - Severity: severities.Critical.ToString(), - Confidence: confidence.Medium.ToString(), + ID: "HS-LEAKS-18", + Name: "PayPal Braintree access token", + Description: "Payment providers are the barebones of your companies monetization so it is a absolutely disaster if any of this tokens fall in wrong hands since they can provide access to crucial information about your company, and in worst case scenarios even lead to big financial loss. It's important to keep this kind of info in some form of secret manager, e.g Hashicorp's Vault. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", + Severity: severities.Critical.ToString(), + Confidence: confidence.Medium.ToString(), + SafeExample: SampleSafeHSLEAKS18, + UnsafeExample: SampleVulnerableHSLEAKS18, }, Type: text.Regular, Expressions: []*regexp.Regexp{ @@ -320,11 +356,13 @@ func NewPayPalBraintreeAccessToken() *text.Rule { func NewPicaticAPIKey() *text.Rule { return &text.Rule{ Metadata: engine.Metadata{ - ID: "HS-LEAKS-19", - Name: "Picatic API key", - Description: "When use Picatic API key is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", - Severity: severities.Critical.ToString(), - Confidence: confidence.Medium.ToString(), + ID: "HS-LEAKS-19", + Name: "Picatic API key", + Description: "When use Picatic API key is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", + Severity: severities.Critical.ToString(), + Confidence: confidence.Medium.ToString(), + SafeExample: SampleSafeHSLEAKS19, + UnsafeExample: SampleVulnerableHSLEAKS19, }, Type: text.Regular, Expressions: []*regexp.Regexp{ @@ -336,11 +374,13 @@ func NewPicaticAPIKey() *text.Rule { func NewSendGridAPIKey() *text.Rule { return &text.Rule{ Metadata: engine.Metadata{ - ID: "HS-LEAKS-20", - Name: "SendGrid API Key", - Description: "When use SendGrid API Key is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", - Severity: severities.Critical.ToString(), - Confidence: confidence.Medium.ToString(), + ID: "HS-LEAKS-20", + Name: "SendGrid API Key", + Description: "When use SendGrid API Key is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", + Severity: severities.Critical.ToString(), + Confidence: confidence.Medium.ToString(), + SafeExample: SampleSafeHSLEAKS20, + UnsafeExample: SampleVulnerableHSLEAKS20, }, Type: text.Regular, Expressions: []*regexp.Regexp{ @@ -352,11 +392,13 @@ func NewSendGridAPIKey() *text.Rule { func NewStripeAPIKey() *text.Rule { return &text.Rule{ Metadata: engine.Metadata{ - ID: "HS-LEAKS-21", - Name: "Stripe API key", - Description: "When use Stripe API key is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", - Severity: severities.Critical.ToString(), - Confidence: confidence.Medium.ToString(), + ID: "HS-LEAKS-21", + Name: "Stripe API key", + Description: "When use Stripe API key is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", + Severity: severities.Critical.ToString(), + Confidence: confidence.Medium.ToString(), + SafeExample: SampleSafeHSLEAKS21, + UnsafeExample: SampleVulnerableHSLEAKS21, }, Type: text.Regular, Expressions: []*regexp.Regexp{ @@ -368,11 +410,13 @@ func NewStripeAPIKey() *text.Rule { func NewSquareAccessToken() *text.Rule { return &text.Rule{ Metadata: engine.Metadata{ - ID: "HS-LEAKS-22", - Name: "Square access token", - Description: "When use Square access token is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", - Severity: severities.Critical.ToString(), - Confidence: confidence.Medium.ToString(), + ID: "HS-LEAKS-22", + Name: "Square access token", + Description: "When use Square access token is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", + Severity: severities.Critical.ToString(), + Confidence: confidence.Medium.ToString(), + SafeExample: SampleSafeHSLEAKS22, + UnsafeExample: SampleVulnerableHSLEAKS22, }, Type: text.Regular, Expressions: []*regexp.Regexp{ @@ -384,11 +428,13 @@ func NewSquareAccessToken() *text.Rule { func NewSquareOAuthSecret() *text.Rule { return &text.Rule{ Metadata: engine.Metadata{ - ID: "HS-LEAKS-23", - Name: "Square OAuth secret", - Description: "When use Square OAuth secret is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", - Severity: severities.Critical.ToString(), - Confidence: confidence.Medium.ToString(), + ID: "HS-LEAKS-23", + Name: "Square OAuth secret", + Description: "When use Square OAuth secret is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", + Severity: severities.Critical.ToString(), + Confidence: confidence.Medium.ToString(), + SafeExample: SampleSafeHSLEAKS23, + UnsafeExample: SampleVulnerableHSLEAKS23, }, Type: text.Regular, Expressions: []*regexp.Regexp{ @@ -400,11 +446,13 @@ func NewSquareOAuthSecret() *text.Rule { func NewTwilioAPIKey() *text.Rule { return &text.Rule{ Metadata: engine.Metadata{ - ID: "HS-LEAKS-24", - Name: "Twilio API key", - Description: "When use Twilio API key is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", - Severity: severities.High.ToString(), - Confidence: confidence.Medium.ToString(), + ID: "HS-LEAKS-24", + Name: "Twilio API key", + Description: "When use Twilio API key is recommended use vault or environment variable encrypted for the best security. For more information checkout the CWE-312 (https://cwe.mitre.org/data/definitions/312.html) advisory.", + Severity: severities.High.ToString(), + Confidence: confidence.Medium.ToString(), + SafeExample: SampleSafeHSLEAKS24, + UnsafeExample: SampleVulnerableHSLEAKS24, }, Type: text.Regular, Expressions: []*regexp.Regexp{ @@ -416,11 +464,13 @@ func NewTwilioAPIKey() *text.Rule { func NewHardCodedCredentialGeneric() *text.Rule { return &text.Rule{ Metadata: engine.Metadata{ - ID: "HS-LEAKS-25", - Name: "Potential Hard-coded credential", - Description: "The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. For more information checkout the CWE-798 (https://cwe.mitre.org/data/definitions/798.html) advisory.", - Severity: severities.Critical.ToString(), - Confidence: confidence.Medium.ToString(), + ID: "HS-LEAKS-25", + Name: "Potential Hard-coded credential", + Description: "The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. For more information checkout the CWE-798 (https://cwe.mitre.org/data/definitions/798.html) advisory.", + Severity: severities.Critical.ToString(), + Confidence: confidence.Medium.ToString(), + SafeExample: SampleSafeHSLEAKS25, + UnsafeExample: SampleVulnerableHSLEAKS25, }, Type: text.Regular, Expressions: []*regexp.Regexp{ @@ -432,11 +482,13 @@ func NewHardCodedCredentialGeneric() *text.Rule { func NewHardCodedPassword() *text.Rule { return &text.Rule{ Metadata: engine.Metadata{ - ID: "HS-LEAKS-26", - Name: "Hard-coded password", - Description: "The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. For more information checkout the CWE-798 (https://cwe.mitre.org/data/definitions/798.html) advisory.", - Severity: severities.Critical.ToString(), - Confidence: confidence.Medium.ToString(), + ID: "HS-LEAKS-26", + Name: "Hard-coded password", + Description: "The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. For more information checkout the CWE-798 (https://cwe.mitre.org/data/definitions/798.html) advisory.", + Severity: severities.Critical.ToString(), + Confidence: confidence.Medium.ToString(), + SafeExample: SampleSafeHSLEAKS26, + UnsafeExample: SampleVulnerableHSLEAKS26, }, Type: text.Regular, Expressions: []*regexp.Regexp{ @@ -452,11 +504,13 @@ func NewHardCodedPassword() *text.Rule { func NewPasswordExposedInHardcodedURL() *text.Rule { return &text.Rule{ Metadata: engine.Metadata{ - ID: "HS-LEAKS-27", - Name: "Password found in a hardcoded URL", - Description: "A password was found in a hardcoded URL, this can lead to not only the leak of this password but also a failure point to some more sophisticated CSRF and SSRF attacks. Check CWE-352 (https://cwe.mitre.org/data/definitions/352.html) and CWE-918 (https://cwe.mitre.org/data/definitions/918.html) for more details.", - Severity: severities.Critical.ToString(), - Confidence: confidence.Medium.ToString(), + ID: "HS-LEAKS-27", + Name: "Password found in a hardcoded URL", + Description: "A password was found in a hardcoded URL, this can lead to not only the leak of this password but also a failure point to some more sophisticated CSRF and SSRF attacks. Check CWE-352 (https://cwe.mitre.org/data/definitions/352.html) and CWE-918 (https://cwe.mitre.org/data/definitions/918.html) for more details.", + Severity: severities.Critical.ToString(), + Confidence: confidence.Medium.ToString(), + SafeExample: SampleSafeHSLEAKS27, + UnsafeExample: SampleVulnerableHSLEAKS27, }, Type: text.Regular, Expressions: []*regexp.Regexp{ @@ -468,11 +522,13 @@ func NewPasswordExposedInHardcodedURL() *text.Rule { func NewWPConfig() *text.Rule { return &text.Rule{ Metadata: engine.Metadata{ - ID: "HS-LEAKS-28", - Name: "Wordpress configuration file disclosure", - Description: "Wordpress configuration file exposed, this can lead to the leak of admin passwords, database credentials and a lot of sensitive data about the system. Check CWE-200 (https://cwe.mitre.org/data/definitions/200.html) for more details.", - Severity: severities.High.ToString(), - Confidence: confidence.Medium.ToString(), + ID: "HS-LEAKS-28", + Name: "Wordpress configuration file disclosure", + Description: "Wordpress configuration file exposed, this can lead to the leak of admin passwords, database credentials and a lot of sensitive data about the system. Check CWE-200 (https://cwe.mitre.org/data/definitions/200.html) for more details.", + Severity: severities.High.ToString(), + Confidence: confidence.Medium.ToString(), + SafeExample: SampleSafeHSLEAKS28, + UnsafeExample: SampleVulnerableHSLEAKS28, }, Type: text.Regular, Expressions: []*regexp.Regexp{ diff --git a/internal/services/engines/leaks/rules_test.go b/internal/services/engines/leaks/rules_test.go index 79c790d1b..2a0da770c 100644 --- a/internal/services/engines/leaks/rules_test.go +++ b/internal/services/engines/leaks/rules_test.go @@ -15,7 +15,6 @@ package leaks import ( - "fmt" "path/filepath" "testing" @@ -31,12 +30,12 @@ func TestRulesVulnerableCode(t *testing.T) { Name: "HS-LEAKS-1", Rule: NewAWSManagerID(), Src: SampleVulnerableHSLEAKS1, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-1", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-1.test"), Findings: []engine.Finding{ { CodeSample: "ACCESS_KEY: 'AKIAJSIE27KKMHXI3BJQ'", SourceLocation: engine.Location{ - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-1", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-1.test"), Line: 7, Column: 18, }, @@ -47,12 +46,12 @@ func TestRulesVulnerableCode(t *testing.T) { Name: "HS-LEAKS-2", Rule: NewAWSSecretKey(), Src: SampleVulnerableHSLEAKS2, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-2", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-2.test"), Findings: []engine.Finding{ { CodeSample: `AWS_SECRET_KEY: 'doc5eRXFpsWllGC5yKJV/Ymm5KwF+IRZo95EudOm'`, SourceLocation: engine.Location{ - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-2", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-2.test"), Line: 7, Column: 6, }, @@ -63,12 +62,12 @@ func TestRulesVulnerableCode(t *testing.T) { Name: "HS-LEAKS-3", Rule: NewAWSMWSKey(), Src: SampleVulnerableHSLEAKS3, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-3", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-3.test"), Findings: []engine.Finding{ { CodeSample: `AWS_WMS_KEY: 'amzn.mws.986478f0-9775-eabc-2af4-e499a8496828'`, SourceLocation: engine.Location{ - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-3", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-3.test"), Line: 7, Column: 20, }, @@ -79,12 +78,12 @@ func TestRulesVulnerableCode(t *testing.T) { Name: "HS-LEAKS-4", Rule: NewFacebookSecretKey(), Src: SampleVulnerableHSLEAKS4, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-4", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-4.test"), Findings: []engine.Finding{ { CodeSample: `FB_SECRET_KEY: 'cb6f53505911332d30867f44a1c1b9b5'`, SourceLocation: engine.Location{ - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-4", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-4.test"), Line: 7, Column: 6, }, @@ -95,12 +94,12 @@ func TestRulesVulnerableCode(t *testing.T) { Name: "HS-LEAKS-5", Rule: NewFacebookClientID(), Src: SampleVulnerableHSLEAKS5, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-5", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-5.test"), Findings: []engine.Finding{ { CodeSample: `FB_CLIENT_ID: '148695999071979'`, SourceLocation: engine.Location{ - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-5", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-5.test"), Line: 7, Column: 6, }, @@ -111,12 +110,12 @@ func TestRulesVulnerableCode(t *testing.T) { Name: "HS-LEAKS-6", Rule: NewTwitterSecretKey(), Src: SampleVulnerableHSLEAKS6, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-6", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-6.test"), Findings: []engine.Finding{ { CodeSample: `TWITTER_SECRET_KEY: 'ej64cqk9k8px9ae3e47ip89l7if58tqhpxi1r'`, SourceLocation: engine.Location{ - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-6", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-6.test"), Line: 7, Column: 6, }, @@ -127,12 +126,12 @@ func TestRulesVulnerableCode(t *testing.T) { Name: "HS-LEAKS-7", Rule: NewTwitterClientID(), Src: SampleVulnerableHSLEAKS7, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-7", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-7.test"), Findings: []engine.Finding{ { CodeSample: `TWITTER_CLIENT_ID: '1h6433fsvygnyre5a40'`, SourceLocation: engine.Location{ - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-7", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-7.test"), Line: 7, Column: 6, }, @@ -143,12 +142,12 @@ func TestRulesVulnerableCode(t *testing.T) { Name: "HS-LEAKS-8", Rule: NewGithub(), Src: SampleVulnerableHSLEAKS8, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-8", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-8.test"), Findings: []engine.Finding{ { CodeSample: `GITHUB_SECRET_KEY: 'edzvPbU3SYUc7pFc9le20lzIRErTOaxCABQ1'`, SourceLocation: engine.Location{ - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-8", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-8.test"), Line: 7, Column: 6, }, @@ -159,12 +158,12 @@ func TestRulesVulnerableCode(t *testing.T) { Name: "HS-LEAKS-9", Rule: NewLinkedInClientID(), Src: SampleVulnerableHSLEAKS9, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-9", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-9.test"), Findings: []engine.Finding{ { CodeSample: `LINKEDIN_CLIENT_ID: 'g309xttlaw25'`, SourceLocation: engine.Location{ - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-9", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-9.test"), Line: 7, Column: 6, }, @@ -175,12 +174,12 @@ func TestRulesVulnerableCode(t *testing.T) { Name: "HS-LEAKS-10", Rule: NewLinkedInSecretKey(), Src: SampleVulnerableHSLEAKS10, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-10", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-10.test"), Findings: []engine.Finding{ { CodeSample: `LINKEDIN_SECRET_KEY: '0d16kcnjyfzmcmjp'`, SourceLocation: engine.Location{ - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-10", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-10.test"), Line: 7, Column: 6, }, @@ -191,12 +190,12 @@ func TestRulesVulnerableCode(t *testing.T) { Name: "HS-LEAKS-11", Rule: NewSlack(), Src: SampleVulnerableHSLEAKS11, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-11", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-11.test"), Findings: []engine.Finding{ { CodeSample: `SLACK_WEBHOOK: 'https://hooks.slack.com/services/TNeqvYPeO/BncTJ74Hf/NlvFFKKAKPkd6h7FlQCz1Blu'`, SourceLocation: engine.Location{ - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-11", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-11.test"), Line: 7, Column: 22, }, @@ -207,12 +206,12 @@ func TestRulesVulnerableCode(t *testing.T) { Name: "HS-LEAKS-12", Rule: NewAsymmetricPrivateKey(), Src: SampleVulnerableHSLEAKS12, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-12", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-12.test"), Findings: []engine.Finding{ { CodeSample: `SSH_PRIVATE_KEY: '-----BEGIN PRIVATE KEY-----MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDBj08sp5++4anGcmQxJjAkBgNVBAoTHVByb2dyZXNzIFNvZnR3YXJlIENvcnBvcmF0aW9uMSAwHgYDVQQDDBcqLmF3cy10ZXN0LnByb2dyZXNzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD...bml6YXRpb252YWxzaGEyZzIuY3JsMIGgBggrBgEFBQcBAQSBkzCBkDBNBggrBgEFBQcwAoZBaHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvZ3Nvcmdhz3P668YfhUbKdRF6S42Cg6zn-----END PRIVATE KEY-----'`, SourceLocation: engine.Location{ - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-12", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-12.test"), Line: 7, Column: 24, }, @@ -223,12 +222,12 @@ func TestRulesVulnerableCode(t *testing.T) { Name: "HS-LEAKS-13", Rule: NewGoogleAPIKey(), Src: SampleVulnerableHSLEAKS13, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-13", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-13.test"), Findings: []engine.Finding{ { CodeSample: `GCP_API_KEY: 'AIzaMPZHYiu1RdzE1nG2SaVyOoz244TuacQIR6m'`, SourceLocation: engine.Location{ - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-13", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-13.test"), Line: 7, Column: 20, }, @@ -239,12 +238,12 @@ func TestRulesVulnerableCode(t *testing.T) { Name: "HS-LEAKS-14", Rule: NewGoogleGCPServiceAccount(), Src: SampleVulnerableHSLEAKS14, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-14", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-14.test"), Findings: []engine.Finding{ { CodeSample: `GCP_SERVICE_ACCOUNT: '18256698220617903267772185514630273595-oy8_uzouz8tyy46y84ckrwei9_6rq_pb.apps.googleusercontent.com'`, SourceLocation: engine.Location{ - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-14", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-14.test"), Line: 7, Column: 6, }, @@ -255,12 +254,12 @@ func TestRulesVulnerableCode(t *testing.T) { Name: "HS-LEAKS-15", Rule: NewHerokuAPIKey(), Src: SampleVulnerableHSLEAKS15, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-15", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-15.test"), Findings: []engine.Finding{ { CodeSample: `HEROKU_API_KEY: '3623f8e9-2d05-c9bb-2209082d6b5c'`, SourceLocation: engine.Location{ - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-15", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-15.test"), Line: 7, Column: 6, }, @@ -271,12 +270,12 @@ func TestRulesVulnerableCode(t *testing.T) { Name: "HS-LEAKS-16", Rule: NewMailChimpAPIKey(), Src: SampleVulnerableHSLEAKS16, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-16", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-16.test"), Findings: []engine.Finding{ { CodeSample: `MAILCHIMP_API_KEY: 'f7e9c13c10d0b19c3bb003a9f635d488-us72'`, SourceLocation: engine.Location{ - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-16", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-16.test"), Line: 7, Column: 6, }, @@ -287,12 +286,12 @@ func TestRulesVulnerableCode(t *testing.T) { Name: "HS-LEAKS-17", Rule: NewMailgunAPIKey(), Src: SampleVulnerableHSLEAKS17, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-17", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-17.test"), Findings: []engine.Finding{ { CodeSample: `MAILGUN_API_KEY: 'key-xke9nbc2i5po5cjw3ngyxiz450zxpapu'`, SourceLocation: engine.Location{ - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-17", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-17.test"), Line: 7, Column: 6, }, @@ -303,12 +302,12 @@ func TestRulesVulnerableCode(t *testing.T) { Name: "HS-LEAKS-18", Rule: NewPayPalBraintreeAccessToken(), Src: SampleVulnerableHSLEAKS18, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-18", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-18.test"), Findings: []engine.Finding{ { CodeSample: `PAY_PAL_ACCESS_TOKEN: 'access_token$production$mk0sech2v7qqsol3$db651af2221c22b4ca2f0f583798135e'`, SourceLocation: engine.Location{ - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-18", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-18.test"), Line: 7, Column: 29, }, @@ -319,12 +318,12 @@ func TestRulesVulnerableCode(t *testing.T) { Name: "HS-LEAKS-19", Rule: NewPicaticAPIKey(), Src: SampleVulnerableHSLEAKS19, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-19", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-19.test"), Findings: []engine.Finding{ { CodeSample: `PICATIC_API_KEY: 'sk_live_voy1p9k7r9g9j8ezmif488nk2p8310nl'`, SourceLocation: engine.Location{ - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-19", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-19.test"), Line: 7, Column: 24, }, @@ -335,12 +334,12 @@ func TestRulesVulnerableCode(t *testing.T) { Name: "HS-LEAKS-20", Rule: NewSendGridAPIKey(), Src: SampleVulnerableHSLEAKS20, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-20", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-20.test"), Findings: []engine.Finding{ { CodeSample: `SEND_GRID_API_KEY: 'SG.44b7kq3FurdH0bSHBGjPSWhE8vJ.1evu4Un0TXFIb1_6zW4YOdjTMeE'`, SourceLocation: engine.Location{ - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-20", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-20.test"), Line: 7, Column: 26, }, @@ -351,12 +350,12 @@ func TestRulesVulnerableCode(t *testing.T) { Name: "HS-LEAKS-21", Rule: NewStripeAPIKey(), Src: SampleVulnerableHSLEAKS21, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-21", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-21.test"), Findings: []engine.Finding{ { CodeSample: `STRIPE_API_KEY: 'rk_live_8qSZpoI9t0BOGkOLVzvesc6K'`, SourceLocation: engine.Location{ - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-21", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-21.test"), Line: 7, Column: 6, }, @@ -367,12 +366,12 @@ func TestRulesVulnerableCode(t *testing.T) { Name: "HS-LEAKS-22", Rule: NewSquareAccessToken(), Src: SampleVulnerableHSLEAKS22, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-22", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-22.test"), Findings: []engine.Finding{ { CodeSample: `SQUARE_ACCESS_TOKEN: 'sq0atp-clYRBSht6oefa7w_2R56ra'`, SourceLocation: engine.Location{ - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-22", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-22.test"), Line: 7, Column: 28, }, @@ -383,12 +382,12 @@ func TestRulesVulnerableCode(t *testing.T) { Name: "HS-LEAKS-23", Rule: NewSquareOAuthSecret(), Src: SampleVulnerableHSLEAKS23, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-23", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-23.test"), Findings: []engine.Finding{ { CodeSample: `SQUARE_SECRET: 'sq0csp-LsEBYQNja]OgT3hRxjJV5cWX^XjpT12n3QkRY_vep2z'`, SourceLocation: engine.Location{ - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-23", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-23.test"), Line: 7, Column: 22, }, @@ -399,12 +398,12 @@ func TestRulesVulnerableCode(t *testing.T) { Name: "HS-LEAKS-24", Rule: NewTwilioAPIKey(), Src: SampleVulnerableHSLEAKS24, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-24", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-24.test"), Findings: []engine.Finding{ { CodeSample: `TWILIO_API_KEY: '^SK9ae6bd84ccd091eb6bfad8e2a474af95'`, SourceLocation: engine.Location{ - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-24", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-24.test"), Line: 7, Column: 6, }, @@ -415,12 +414,12 @@ func TestRulesVulnerableCode(t *testing.T) { Name: "HS-LEAKS-25", Rule: NewHardCodedCredentialGeneric(), Src: SampleVulnerableHSLEAKS25, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-25", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-25.test"), Findings: []engine.Finding{ { CodeSample: `POSTGRES_DBPASSWD: 'Ch@ng3m3'`, SourceLocation: engine.Location{ - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-25", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-25.test"), Line: 7, Column: 15, }, @@ -431,12 +430,12 @@ func TestRulesVulnerableCode(t *testing.T) { Name: "HS-LEAKS-26", Rule: NewHardCodedPassword(), Src: SampleVulnerableHSLEAKS26, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-26", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-26.test"), Findings: []engine.Finding{ { CodeSample: `DB_PASSWORD="gorm"`, SourceLocation: engine.Location{ - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-26", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-26.test"), Line: 13, Column: 4, }, @@ -447,12 +446,12 @@ func TestRulesVulnerableCode(t *testing.T) { Name: "HS-LEAKS-27", Rule: NewPasswordExposedInHardcodedURL(), Src: SampleVulnerableHSLEAKS27, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-27", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-27.test"), Findings: []engine.Finding{ { CodeSample: `dsn := "postgresql://gorm:gorm@127.0.0.1:5432/gorm?sslmode=disable"`, SourceLocation: engine.Location{ - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-27", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-27.test"), Line: 10, Column: 9, }, @@ -463,12 +462,12 @@ func TestRulesVulnerableCode(t *testing.T) { Name: "HS-LEAKS-28", Rule: NewWPConfig(), Src: SampleVulnerableHSLEAKS28, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-28", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-28.test"), Findings: []engine.Finding{ { CodeSample: `define('AUTH_KEY', 'put your unique phrase here');`, SourceLocation: engine.Location{ - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-28", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-28.test"), Line: 3, Column: 0, }, @@ -476,7 +475,7 @@ func TestRulesVulnerableCode(t *testing.T) { { CodeSample: `define('DB_PASSWORD', 'wen0221!');`, SourceLocation: engine.Location{ - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-28", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-28.test"), Line: 4, Column: 0, }, @@ -495,169 +494,169 @@ func TestRulesSafeCode(t *testing.T) { Name: "HS-LEAKS-1", Rule: NewAWSManagerID(), Src: SampleSafeHSLEAKS1, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-1", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-1.test"), }, { Name: "HS-LEAKS-2", Rule: NewAWSSecretKey(), Src: SampleSafeHSLEAKS2, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-2", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-2.test"), }, { Name: "HS-LEAKS-3", Rule: NewAWSMWSKey(), Src: SampleSafeHSLEAKS3, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-3", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-3.test"), }, { Name: "HS-LEAKS-4", Rule: NewFacebookSecretKey(), Src: SampleSafeHSLEAKS4, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-4", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-4.test"), }, { Name: "HS-LEAKS-5", Rule: NewFacebookClientID(), Src: SampleSafeHSLEAKS5, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-5", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-5.test"), }, { Name: "HS-LEAKS-6", Rule: NewTwitterSecretKey(), Src: SampleSafeHSLEAKS6, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-6", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-6.test"), }, { Name: "HS-LEAKS-7", Rule: NewTwitterClientID(), Src: SampleSafeHSLEAKS7, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-7", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-7.test"), }, { Name: "HS-LEAKS-8", Rule: NewGithub(), Src: SampleSafeHSLEAKS8, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-8", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-8.test"), }, { Name: "HS-LEAKS-9", Rule: NewLinkedInClientID(), Src: SampleSafeHSLEAKS9, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-9", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-9.test"), }, { Name: "HS-LEAKS-10", Rule: NewLinkedInSecretKey(), Src: SampleSafeHSLEAKS10, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-10", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-10.test"), }, { Name: "HS-LEAKS-11", Rule: NewSlack(), Src: SampleSafeHSLEAKS11, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-11", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-11.test"), }, { Name: "HS-LEAKS-12", Rule: NewAsymmetricPrivateKey(), Src: SampleSafeHSLEAKS12, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-12", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-12.test"), }, { Name: "HS-LEAKS-13", Rule: NewGoogleAPIKey(), Src: SampleSafeHSLEAKS13, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-13", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-13.test"), }, { Name: "HS-LEAKS-14", Rule: NewGoogleGCPServiceAccount(), Src: SampleSafeHSLEAKS14, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-14", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-14.test"), }, { Name: "HS-LEAKS-15", Rule: NewHerokuAPIKey(), Src: SampleSafeHSLEAKS15, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-15", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-15.test"), }, { Name: "HS-LEAKS-16", Rule: NewMailChimpAPIKey(), Src: SampleSafeHSLEAKS16, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-16", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-16.test"), }, { Name: "HS-LEAKS-17", Rule: NewMailgunAPIKey(), Src: SampleSafeHSLEAKS17, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-17", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-17.test"), }, { Name: "HS-LEAKS-18", Rule: NewPayPalBraintreeAccessToken(), Src: SampleSafeHSLEAKS18, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-18", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-18.test"), }, { Name: "HS-LEAKS-19", Rule: NewPicaticAPIKey(), Src: SampleSafeHSLEAKS19, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-19", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-19.test"), }, { Name: "HS-LEAKS-20", Rule: NewSendGridAPIKey(), Src: SampleSafeHSLEAKS20, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-20", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-20.test"), }, { Name: "HS-LEAKS-21", Rule: NewStripeAPIKey(), Src: SampleSafeHSLEAKS21, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-21", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-21.test"), }, { Name: "HS-LEAKS-22", Rule: NewSquareAccessToken(), Src: SampleSafeHSLEAKS22, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-22", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-22.test"), }, { Name: "HS-LEAKS-23", Rule: NewSquareOAuthSecret(), Src: SampleSafeHSLEAKS23, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-23", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-23.test"), }, { Name: "HS-LEAKS-24", Rule: NewTwilioAPIKey(), Src: SampleSafeHSLEAKS24, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-24", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-24.test"), }, { Name: "HS-LEAKS-25", Rule: NewHardCodedCredentialGeneric(), Src: SampleSafeHSLEAKS25, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-25", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-25.test"), }, { Name: "HS-LEAKS-26", Rule: NewHardCodedPassword(), Src: SampleSafeHSLEAKS26, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-26", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-26.test"), }, { Name: "HS-LEAKS-27", Rule: NewPasswordExposedInHardcodedURL(), Src: SampleSafeHSLEAKS27, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-27", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-27.test"), }, { Name: "HS-LEAKS-28", Rule: NewWPConfig(), Src: SampleSafeHSLEAKS28, - Filename: filepath.Join(tempDir, fmt.Sprintf("%s%s", "HS-LEAKS-28", ".test")), + Filename: filepath.Join(tempDir, "HS-LEAKS-28.test"), }, } testutil.TestSafeCode(t, testcases) diff --git a/internal/services/engines/leaks/samples_test.go b/internal/services/engines/leaks/samples.go similarity index 92% rename from internal/services/engines/leaks/samples_test.go rename to internal/services/engines/leaks/samples.go index 499455b88..fccf4f75e 100644 --- a/internal/services/engines/leaks/samples_test.go +++ b/internal/services/engines/leaks/samples.go @@ -22,513 +22,415 @@ services: image: image/my-backend:latest environment: ACCESS_KEY: 'AKIAJSIE27KKMHXI3BJQ' - ` - - SampleVulnerableHSLEAKS2 = ` +` + SampleSafeHSLEAKS1 = ` version: '3' services: backend: image: image/my-backend:latest environment: - AWS_SECRET_KEY: 'doc5eRXFpsWllGC5yKJV/Ymm5KwF+IRZo95EudOm' - ` + ACCESS_KEY: ${SECRET_KEY} +` - SampleVulnerableHSLEAKS3 = ` -version: '3' -services: - backend: - image: image/my-backend:latest - environment: - AWS_WMS_KEY: 'amzn.mws.986478f0-9775-eabc-2af4-e499a8496828' - ` - SampleVulnerableHSLEAKS4 = ` + SampleVulnerableHSLEAKS2 = ` version: '3' services: backend: image: image/my-backend:latest environment: - FB_SECRET_KEY: 'cb6f53505911332d30867f44a1c1b9b5' + AWS_SECRET_KEY: 'doc5eRXFpsWllGC5yKJV/Ymm5KwF+IRZo95EudOm' ` + SampleSafeHSLEAKS2 = ` + version: '3' + services: + backend: + image: image/my-backend:latest + environment: + SECRET_KEY: ${SECRET_KEY} +` - SampleVulnerableHSLEAKS5 = ` + SampleVulnerableHSLEAKS3 = ` version: '3' services: backend: image: image/my-backend:latest environment: - FB_CLIENT_ID: '148695999071979' - ` - - SampleVulnerableHSLEAKS7 = ` + AWS_WMS_KEY: 'amzn.mws.986478f0-9775-eabc-2af4-e499a8496828' +` + SampleSafeHSLEAKS3 = ` version: '3' services: backend: image: image/my-backend:latest environment: - TWITTER_CLIENT_ID: '1h6433fsvygnyre5a40' - ` + WMS_KEY: ${SECRET_KEY} +` - SampleVulnerableHSLEAKS6 = ` + SampleVulnerableHSLEAKS4 = ` version: '3' services: backend: image: image/my-backend:latest environment: - TWITTER_SECRET_KEY: 'ej64cqk9k8px9ae3e47ip89l7if58tqhpxi1r' - ` - - SampleVulnerableHSLEAKS8 = ` + FB_SECRET_KEY: 'cb6f53505911332d30867f44a1c1b9b5' +` + SampleSafeHSLEAKS4 = ` version: '3' services: backend: image: image/my-backend:latest environment: - GITHUB_SECRET_KEY: 'edzvPbU3SYUc7pFc9le20lzIRErTOaxCABQ1' - ` + FB_SECRET_KEY: ${SECRET_KEY} +` - SampleVulnerableHSLEAKS9 = ` + SampleVulnerableHSLEAKS5 = ` version: '3' services: backend: image: image/my-backend:latest environment: - LINKEDIN_CLIENT_ID: 'g309xttlaw25' - ` - - SampleVulnerableHSLEAKS10 = ` + FB_CLIENT_ID: '148695999071979' +` + SampleSafeHSLEAKS5 = ` version: '3' services: backend: image: image/my-backend:latest environment: - LINKEDIN_SECRET_KEY: '0d16kcnjyfzmcmjp' - ` + FB_CLIENT_ID: ${SECRET_KEY} +` - SampleVulnerableHSLEAKS11 = ` + SampleVulnerableHSLEAKS6 = ` version: '3' services: backend: image: image/my-backend:latest environment: - SLACK_WEBHOOK: 'https://hooks.slack.com/services/TNeqvYPeO/BncTJ74Hf/NlvFFKKAKPkd6h7FlQCz1Blu' - ` - - SampleVulnerableHSLEAKS12 = ` + TWITTER_SECRET_KEY: 'ej64cqk9k8px9ae3e47ip89l7if58tqhpxi1r' +` + SampleSafeHSLEAKS6 = ` version: '3' services: backend: image: image/my-backend:latest environment: - SSH_PRIVATE_KEY: '-----BEGIN PRIVATE KEY-----MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDBj08sp5++4anGcmQxJjAkBgNVBAoTHVByb2dyZXNzIFNvZnR3YXJlIENvcnBvcmF0aW9uMSAwHgYDVQQDDBcqLmF3cy10ZXN0LnByb2dyZXNzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD...bml6YXRpb252YWxzaGEyZzIuY3JsMIGgBggrBgEFBQcBAQSBkzCBkDBNBggrBgEFBQcwAoZBaHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvZ3Nvcmdhz3P668YfhUbKdRF6S42Cg6zn-----END PRIVATE KEY-----' - ` + TWITTER_SECRET_KEY: ${SECRET_KEY} +` - SampleVulnerableHSLEAKS13 = ` + SampleVulnerableHSLEAKS7 = ` version: '3' services: backend: image: image/my-backend:latest environment: - GCP_API_KEY: 'AIzaMPZHYiu1RdzE1nG2SaVyOoz244TuacQIR6m' - ` - - SampleVulnerableHSLEAKS14 = ` + TWITTER_CLIENT_ID: '1h6433fsvygnyre5a40' +` + SampleSafeHSLEAKS7 = ` version: '3' services: backend: image: image/my-backend:latest environment: - GCP_SERVICE_ACCOUNT: '18256698220617903267772185514630273595-oy8_uzouz8tyy46y84ckrwei9_6rq_pb.apps.googleusercontent.com' - ` + TWITTER_CLIENT_ID: ${SECRET_KEY} +` - SampleVulnerableHSLEAKS15 = ` + SampleVulnerableHSLEAKS8 = ` version: '3' services: backend: image: image/my-backend:latest environment: - HEROKU_API_KEY: '3623f8e9-2d05-c9bb-2209082d6b5c' - ` - - SampleVulnerableHSLEAKS16 = ` + GITHUB_SECRET_KEY: 'edzvPbU3SYUc7pFc9le20lzIRErTOaxCABQ1' +` + SampleSafeHSLEAKS8 = ` version: '3' services: backend: image: image/my-backend:latest environment: - MAILCHIMP_API_KEY: 'f7e9c13c10d0b19c3bb003a9f635d488-us72' - ` + GITHUB_SECRET_KEY: ${SECRET_KEY} +` - SampleVulnerableHSLEAKS17 = ` + SampleVulnerableHSLEAKS9 = ` version: '3' services: backend: image: image/my-backend:latest environment: - MAILGUN_API_KEY: 'key-xke9nbc2i5po5cjw3ngyxiz450zxpapu' - ` - - SampleVulnerableHSLEAKS18 = ` + LINKEDIN_CLIENT_ID: 'g309xttlaw25' +` + SampleSafeHSLEAKS9 = ` version: '3' services: backend: image: image/my-backend:latest environment: - PAY_PAL_ACCESS_TOKEN: 'access_token$production$mk0sech2v7qqsol3$db651af2221c22b4ca2f0f583798135e' - ` + LINKEDIN_CLIENT_ID: ${SECRET_KEY} +` - SampleVulnerableHSLEAKS19 = ` + SampleVulnerableHSLEAKS10 = ` version: '3' services: backend: image: image/my-backend:latest environment: - PICATIC_API_KEY: 'sk_live_voy1p9k7r9g9j8ezmif488nk2p8310nl' - ` - - SampleVulnerableHSLEAKS20 = ` + LINKEDIN_SECRET_KEY: '0d16kcnjyfzmcmjp' +` + SampleSafeHSLEAKS10 = ` version: '3' services: backend: image: image/my-backend:latest environment: - SEND_GRID_API_KEY: 'SG.44b7kq3FurdH0bSHBGjPSWhE8vJ.1evu4Un0TXFIb1_6zW4YOdjTMeE' - ` + LINKEDIN_SECRET_KEY: ${SECRET_KEY} +` - SampleVulnerableHSLEAKS21 = ` + SampleVulnerableHSLEAKS11 = ` version: '3' services: backend: image: image/my-backend:latest environment: - STRIPE_API_KEY: 'rk_live_8qSZpoI9t0BOGkOLVzvesc6K' - ` - - SampleVulnerableHSLEAKS22 = ` + SLACK_WEBHOOK: 'https://hooks.slack.com/services/TNeqvYPeO/BncTJ74Hf/NlvFFKKAKPkd6h7FlQCz1Blu' +` + SampleSafeHSLEAKS11 = ` version: '3' services: backend: image: image/my-backend:latest environment: - SQUARE_ACCESS_TOKEN: 'sq0atp-clYRBSht6oefa7w_2R56ra' - ` + SLACK_WEBHOOK: ${SECRET_KEY} +` - SampleVulnerableHSLEAKS23 = ` + SampleVulnerableHSLEAKS12 = ` version: '3' services: backend: image: image/my-backend:latest environment: - SQUARE_SECRET: 'sq0csp-LsEBYQNja]OgT3hRxjJV5cWX^XjpT12n3QkRY_vep2z' - ` - - SampleVulnerableHSLEAKS24 = ` + SSH_PRIVATE_KEY: '-----BEGIN PRIVATE KEY-----MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDBj08sp5++4anGcmQxJjAkBgNVBAoTHVByb2dyZXNzIFNvZnR3YXJlIENvcnBvcmF0aW9uMSAwHgYDVQQDDBcqLmF3cy10ZXN0LnByb2dyZXNzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD...bml6YXRpb252YWxzaGEyZzIuY3JsMIGgBggrBgEFBQcBAQSBkzCBkDBNBggrBgEFBQcwAoZBaHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvZ3Nvcmdhz3P668YfhUbKdRF6S42Cg6zn-----END PRIVATE KEY-----' +` + SampleSafeHSLEAKS12 = ` version: '3' services: backend: image: image/my-backend:latest environment: - TWILIO_API_KEY: '^SK9ae6bd84ccd091eb6bfad8e2a474af95' - ` + SSH_PRIVATE_KEY: ${SECRET_KEY} +` - SampleVulnerableHSLEAKS25 = ` + SampleVulnerableHSLEAKS13 = ` version: '3' services: backend: image: image/my-backend:latest environment: - POSTGRES_DBPASSWD: 'Ch@ng3m3' - ` - - SampleVulnerableHSLEAKS26 = ` -package main - -import ( - "fmt" - - "gorm.io/driver/postgres" - "gorm.io/gorm" -) - -func main() { - DB_USER="gorm" - DB_PASSWORD="gorm" - DB_NAME="gorm" - DB_PORT="9920" - dsn := fmt.Sprintf("user=%s password=%s dbname=%s port=%s sslmode=disable TimeZone=Asia/Shanghai", DB_USER, DB_PASSWORD, DB_NAME, DB_PORT) - db, err := gorm.Open(postgres.Open(dsn), &gorm.Config{}) - if err != nil { - panic(err) - } - print(db) -} - ` - - SampleVulnerableHSLEAKS27 = ` -package main - -import ( - "gorm.io/gorm" - "gorm.io/driver/postgres" -) - -func main() { - dsn := "postgresql://gorm:gorm@127.0.0.1:5432/gorm?sslmode=disable" - db, err := gorm.Open(postgres.Open(dsn), &gorm.Config{}) - if err != nil { - panic(err) - } - print(db) -} - ` - - SampleVulnerableHSLEAKS28 = ` -