credsweeper 1.10.6__py3-none-any.whl → 1.10.7__py3-none-any.whl

credsweeper/__init__.py

@@ -18,4 +18,4 @@ __all__ = [
     '__version__'
 ]
 
-__version__ = "1.10.6"
+__version__ = "1.10.7"

credsweeper/__main__.py

@@ -205,8 +205,8 @@ def get_arguments() -> Namespace:
                         metavar="POSITIVE_INT")
     parser.add_argument("--thrifty",
                         help="clear objects after scan to reduce memory consumption",
-                        action="store_const",
-                        const=True)
+                        action=BooleanOptionalAction,
+                        default=True)
     parser.add_argument("--skip_ignored",
                         help="parse .gitignore files and skip credentials from ignored objects",
                         dest="skip_ignored",

credsweeper/common/keyword_pattern.py

@@ -3,27 +3,30 @@ import re
 
 class KeywordPattern:
     """Pattern set of keyword types"""
-    key_left = r"(\\[nrt]|%[0-9a-f]{2})?"\
-               r"(?P<variable>(([`'\"]+[^:='\"`}<>\\/&?]*|[^:='\"`}<>\s()\\/&?;,%]*)" \
+    key_left = r"(\\[nrt]|%[0-9a-f]{2})?" \
+               r"(?P<variable>(([`'\"]{1,8}[^:='\"`}<>\\/&?]*|[^:='\"`}<>\s()\\/&?;,%]*)" \
                r"(?P<keyword>"
     # there will be inserted a keyword
     key_right = r")" \
-                r"(&(quot|apos);|[^%:='\"`<>{?!&]*)[`'\"]*))"  # <variable>
-    separator = r"(\s|\\+[tnr])*\]?(\s|\\+[tnr])*" \
-                r"(?P<separator>:( [a-z]{3,9}[?]? )?=|:|=(>|&gt;|\\u0026gt;)|!=|===|==|=|%3d)" \
-                r"(\s|\\+[tnr])*"
+                r"[^%:='\"`<>{?!&]*" \
+                r")" \
+                r"(&(quot|apos);|%[0-9a-f]{2}|[`'\"])*" \
+                r")"  # <variable>
+    separator = r"(\s|\\{1,8}[tnr])*\]?(\s|\\{1,8}[tnr])*" \
+                r"(?P<separator>:(\s[a-z]{3,9}[?]?\s)?=|:|=(>|&gt;|\\u0026gt;)|!==|!=|===|==|=|%3d)" \
+                r"(\s|\\{1,8}[tnr])*"
     # might be curly, square or parenthesis with words before
     wrap = r"(?P<wrap>(" \
-           r"(new(\s|\\+[tnr])+)?" \
+           r"(new(\s|\\{1,8}[tnr]){1,8})?" \
            r"([0-9a-z_.]|-(>|(&|\\\\*u0026)gt;))*" \
-           r"[\[\(\{]"\
-           r"(\s|\\+[tnr])*" \
+           r"[\[\(\{]" \
+           r"(\s|\\{1,8}[tnr])*" \
            r"([0-9a-z_]{1,32}=)?" \
-           r")+)?"
+           r"){1,8})?"
     string_prefix = r"(((b|r|br|rb|u|f|rf|fr|l|@)(?=(\\*[`'\"])))?"
     left_quote = r"(?P<value_leftquote>((?P<esq>\\{1,8})?([`'\"]|&(quot|apos);)){1,4}))?"
     # Authentication scheme ( oauth | basic | bearer | apikey ) precedes to credential
-    auth_keywords = r"( ?(oauth|bot|basic|bearer|apikey|accesskey) )?"
+    auth_keywords = r"(\s?(oauth|bot|basic|bearer|apikey|accesskey)\s)?"
     value = r"(?P<value>" \
             r"(?(value_leftquote)" \
             r"(" \
@@ -31,11 +34,15 @@ class KeywordPattern:
             r"(?(esq)((?!(?P=esq)([`'\"]|&(quot|apos);)).)|((?!(?P=value_leftquote)).)))" \
             r"|" \
             r"(?!&(quot|apos);)" \
-            r"(\\+([ tnr]|[^\s`'\"])|[^\s`'\",;\\])" \
-            r"){3,8000}" \
+            r"(\\{1,8}([ tnr]|[^\s`'\"])" \
+            r"|" \
+            r"(?P<url_esc>%[0-9a-f]{2})" \
+            r"|" \
+            r"(?(url_esc)[^\s`'\",;\\&]|[^\s`'\",;\\])" \
+            r")){3,8000}" \
             r"|(\{[^}]{3,8000}\})" \
             r"|(<[^>]{3,8000}>)" \
-            r")"
+            r")"  # <value>
     right_quote = r"(?(value_leftquote)" \
                   r"(?P<value_rightquote>(?<!\\)(?P=value_leftquote)|\\$|(?<=[0-9a-z+_/-])$)" \
                   r"|" \
@@ -44,7 +51,7 @@ class KeywordPattern:
     @classmethod
     def get_keyword_pattern(cls, keyword: str) -> re.Pattern:
         """Returns compiled regex pattern"""
-        expression = "".join([  #
+        expression = ''.join([  #
             cls.key_left,  #
             keyword,  #
             cls.key_right,  #

credsweeper/filters/value_allowlist_check.py

@@ -8,22 +8,35 @@ from credsweeper.utils import Util
 
 
 class ValueAllowlistCheck(Filter):
-    """Check that patterns from the list is not present in the candidate value."""
+    """Check that the patterns do not MATCH the candidate value."""
 
     ALLOWED = [
         r"ENC\(.*\)",  #
         r"ENC\[.*\]",  #
         r"\$\{(\*|[0-9]+|[a-z_].*)\}",  #
-        r"\$([0-9]+\b|[a-z_]+[0-9a-z_]*)",  #
+        r"\$[0-9]+(\s|$)",  #
         r"\$\$[a-z_]+(\^%[0-9a-z_]+)?",  #
-        r"#\{.*\}",  #
+        r"#\{.+\}",  # Ruby: String Interpolation
         r"\{\{.+\}\}",  #
-        r"\S{0,5}\*{5,}",  #
         r".*@@@hl@@@(암호|비번|PW|PASS)@@@endhl@@@",  #
     ]
 
     ALLOWED_PATTERN = re.compile(Util.get_regex_combine_or(ALLOWED), flags=re.IGNORECASE)
-    ALLOWED_UNQUOTED_PATTERN = re.compile(r"[~a-z0-9_]+((\.|->)[a-z0-9_]+)+\(.*$", flags=re.IGNORECASE)
+
+    ALLOWED_QUOTED = [
+        r"\$[a-z_]+[0-9a-z_]*([$\s]|$)",  #
+        r".*\*\*\*",  #
+    ]
+
+    ALLOWED_QUOTED_PATTERN = re.compile(Util.get_regex_combine_or(ALLOWED_QUOTED), flags=re.IGNORECASE)
+
+    ALLOWED_UNQUOTED = [
+        r"[~a-z0-9_]+((\.|->)[a-z0-9_]+)+\(.*$",  #
+        r"\$[a-z_]+[0-9a-z_]*\b",  #
+        r".*\*\*\*\*\*",  #
+    ]
+
+    ALLOWED_UNQUOTED_PATTERN = re.compile(Util.get_regex_combine_or(ALLOWED_UNQUOTED), flags=re.IGNORECASE)
 
     def __init__(self, config: Config = None) -> None:
         pass
@@ -42,8 +55,11 @@ class ValueAllowlistCheck(Filter):
 
         if self.ALLOWED_PATTERN.match(line_data.value):
             return True
-
-        if not line_data.is_well_quoted_value and self.ALLOWED_UNQUOTED_PATTERN.match(line_data.value):
-            return True
+        elif line_data.is_well_quoted_value:
+            if self.ALLOWED_QUOTED_PATTERN.match(line_data.value):
+                return True
+        else:
+            if self.ALLOWED_UNQUOTED_PATTERN.match(line_data.value):
+                return True
 
         return False

credsweeper/filters/value_blocklist_check.py

@@ -11,8 +11,11 @@ class ValueBlocklistCheck(Filter):
         "true",
         "false",
         "null",
+        "none",
         "bearer",
         "string",
+        "value",
+        "undefined",
     ]
 
     def __init__(self, config: Config = None) -> None:

credsweeper/rules/config.yaml

@@ -1391,6 +1391,22 @@
     - code
     - doc
 
+- name: Tavily API Key
+  severity: high
+  confidence: strong
+  type: pattern
+  values:
+    - (?:(?<![0-9A-Za-z_-])|\\[0abfnrtv]|(%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu]([0-9A-Fa-f]{4}){1,2}|\x1B\[[0-9;]{0,80}m)(?P<value>tvly-[0-9A-Za-z_-]{32,40})(?![0-9A-Za-z_-])
+  min_line_len: 37
+  filter_type:
+    - ValuePatternCheck(5)
+    - ValueEntropyBase64Check
+  required_substrings:
+    - tvly-
+  target:
+    - code
+    - doc
+
 - name: Discord Bot Token
   severity: high
   confidence: strong

credsweeper/utils/hop_stat.py

@@ -25,11 +25,37 @@ class HopStat:
         ')': '0',
         '_': '-',
         '+': '=',
+        'Q': 'q',
+        'W': 'w',
+        'E': 'e',
+        'R': 'r',
+        'T': 't',
+        'Y': 'y',
+        'U': 'u',
+        'I': 'i',
+        'O': 'o',
+        'P': 'p',
         '{': '[',
         '}': ']',
         '|': '\\',
+        'A': 'a',
+        'S': 's',
+        'D': 'd',
+        'F': 'f',
+        'G': 'g',
+        'H': 'h',
+        'J': 'j',
+        'K': 'k',
+        'L': 'l',
         ':': ';',
         '"': "'",
+        'Z': 'z',
+        'X': 'x',
+        'C': 'c',
+        'V': 'v',
+        'B': 'b',
+        'N': 'n',
+        'M': 'm',
         '<': ',',
         '>': '.',
         '?': '/',
@@ -75,7 +101,7 @@ class HopStat:
 
         """
         hops = []
-        value = value.lower().translate(HopStat.TRANSLATION)
+        value = value.translate(HopStat.TRANSLATION)
         for a, b in zip(value[:-1], value[1:]):
             hop = self.__hop_dict.get((a, b))
             if hop is None:

{credsweeper-1.10.6.dist-info → credsweeper-1.10.7.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: credsweeper
-Version: 1.10.6
+Version: 1.10.7
 Summary: Credential Sweeper
 Project-URL: Homepage, https://github.com/Samsung/CredSweeper
 Project-URL: Bug Tracker, https://github.com/Samsung/CredSweeper/issues
@@ -87,7 +87,7 @@ Full documentation can be found here: <https://credsweeper.readthedocs.io/>
 
 ### Main Requirements
 
-- Python 3.8, 3.9, 3.10, 3.11, 3.12
+- Python 3.9, 3.10, 3.11, 3.12
 
 ### Installation
 

{credsweeper-1.10.6.dist-info → credsweeper-1.10.7.dist-info}/RECORD

@@ -1,12 +1,12 @@
-credsweeper/__init__.py,sha256=BflWLa5qIkf9PZdCzePSmph4-nZUR-r4w_KFqNOZKQE,632
-credsweeper/__main__.py,sha256=PfjoCndil_HTNmsruEAuwrBPIUeb2lJhVucbHi9THV0,17177
+credsweeper/__init__.py,sha256=bsu6pMpQo7yoOF3zKYBhzmGZk1Y7W-1miVXpWCkScRc,632
+credsweeper/__main__.py,sha256=jlI83ctJJfF0koMqP6u24JASC7MIPA2g1POx7aeuaQ8,17187
 credsweeper/app.py,sha256=sexUp4Qced22AhvbcVlb5C-QtJRoDmUp5qhc_nwj248,21369
 credsweeper/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 credsweeper/common/__init__.py,sha256=mYiHEDV0hSeWcFx0Wb8oIRDCPR92ben0mCuC9-gCTgI,184
 credsweeper/common/constants.py,sha256=plBHrIVfj4CBpymIgLxTPiYr66_By3QKlgCoHYVKPLc,5534
 credsweeper/common/keyword_checklist.py,sha256=6EKNdMMryZykedAOhEc-MF1byi5oXmAiljq61T_nco4,2258
 credsweeper/common/keyword_checklist.txt,sha256=a8GW-wF6D83uVFYxMWEsUFlth6c1B_KDpF8_Xpj0mE8,7169
-credsweeper/common/keyword_pattern.py,sha256=P5S2kd0Yzchkj9Qlyhe7uahPl7-tySyggQ4xYgv0dMw,2347
+credsweeper/common/keyword_pattern.py,sha256=IUvXQ1BWawzK_H8fkMJWUJBdPmi69RW5-VD36LfZNVE,2608
 credsweeper/common/morpheme_checklist.txt,sha256=yPfBCSlLCHrzMtZELZbco4PFFWgq_cVOLJF4VTA2b9M,8852
 credsweeper/config/__init__.py,sha256=3_lLgF2P-EurNupTYmHvY11Ba8rdjhLJAAfTiMJW4mY,45
 credsweeper/config/config.py,sha256=Rfc8YLa4bcG_AMequbfQ-HggS74jC4OqTtaWOoGxJdA,2630
@@ -56,7 +56,7 @@ credsweeper/filters/filter.py,sha256=CqZbTsIDNVVwQyOjNekgNr_i1nPS4foutm0AvGAjM5M
 credsweeper/filters/line_git_binary_check.py,sha256=G5N-woSLXC1mdiD80AhXbOpJCjGwtvFwFwMmRu87qlY,1595
 credsweeper/filters/line_specific_key_check.py,sha256=rM66tPmUCXPaCUpNokIkJukOyxOL4FB8ig74ezYrbBs,1536
 credsweeper/filters/line_uue_part_check.py,sha256=xmJr2Klz3H8yc-ymlGwPmIjRIoXxvBD9NvW0gW22i9o,1519
-credsweeper/filters/value_allowlist_check.py,sha256=8Wr3T5JrMlSAW-Q6lZt6kVzS1MuuKXQ5pBdJM9w7Sk8,1576
+credsweeper/filters/value_allowlist_check.py,sha256=dRhBKYQiODbAkpJ5pyCqliBdsQO-2qiVXel-wpFw_fo,2022
 credsweeper/filters/value_array_dictionary_check.py,sha256=NaaojsUFjGlk4JzpskG3rdUCN2RXZs8MgX_yTrNHm9c,1251
 credsweeper/filters/value_atlassian_token_check.py,sha256=rAuMC5JUxnXZwPxoKtrwFVKTWCNXf-gf9mv5h6IQC7M,2914
 credsweeper/filters/value_azure_token_check.py,sha256=LGfLPoQxuVN8kReWKTvFpfLGa8oOhUCw95YHBJhF-uE,2022
@@ -65,7 +65,7 @@ credsweeper/filters/value_base64_data_check.py,sha256=J5dMgJsfs13MxijOMqGLYU8PZz
 credsweeper/filters/value_base64_encoded_pem_check.py,sha256=sX80Uo_7b7HQm4KjNkRHqB8FQvxuuvMLhxAUalSQeaU,1607
 credsweeper/filters/value_base64_key_check.py,sha256=6JrIGNphjM9gN8oi1OKyvm4MUvvLxsQPxGP5BkaTC1w,2131
 credsweeper/filters/value_base64_part_check.py,sha256=rguPXjAmLJvwYYvgmzcH1eiDDf-9NkCC8gGNpans7aA,4324
-credsweeper/filters/value_blocklist_check.py,sha256=erMLUDiOPzTZ35RfhzEDqPfnkIpolxN6d_rtdAjAufc,1091
+credsweeper/filters/value_blocklist_check.py,sha256=CSsD68QRF1zFLM2MB5pGRRs95O8IepZ9AUZYdxlBf-c,1145
 credsweeper/filters/value_camel_case_check.py,sha256=cCBogfL5X9ufAbkl5QwqN6qvHz4XYaeaENC6ew4m4Ac,1233
 credsweeper/filters/value_couple_keyword_check.py,sha256=zbY_TqsVHuwcf4ANp83g36wgxNLkHLk_r-Pm7-nmSZ8,1004
 credsweeper/filters/value_dictionary_keyword_check.py,sha256=6-RqiROZJC6g2zD4v0AtFKhlNE4tY-iYhestwTI4vbE,1263
@@ -127,7 +127,7 @@ credsweeper/ml_model/features/word_in_path.py,sha256=FjjzdyPvEsIYwkB94-0bdbHOtKN
 credsweeper/ml_model/features/word_in_value.py,sha256=35GCjCfvpWw4-MiMAZA9YcoaqwBommArSrJ4kEAi5TA,883
 credsweeper/ml_model/features/word_in_variable.py,sha256=d02c1ieUxm1pSyOE-S-HijgliMRV9kMaI0zv-UxFAp4,823
 credsweeper/rules/__init__.py,sha256=alXS8IivUs-AKKbVHiWvSjFpg1urJZLKItuFr61HHyg,40
-credsweeper/rules/config.yaml,sha256=ceUbYaRVXCGgXxTGPUaI-TvDj3iUVoHYLOaDmhoUFUU,38644
+credsweeper/rules/config.yaml,sha256=_RkpDyad8_uJbMdxIQK9F9-B1CER7OHMTuZtKPTsSHE,39065
 credsweeper/rules/rule.py,sha256=rU6vJ4cVoeAZdUMWalRTMuAdRuYgFxeTltvSYUJRHOU,10224
 credsweeper/scanner/__init__.py,sha256=KUh1uUEgZOd12DiXV-TQP3OvByI9tsyqN1KCdw994h8,48
 credsweeper/scanner/scanner.py,sha256=eGwMJSCSqMyDzDN7Kniqeylv3rB2SuuyJmQ5QUb7hsE,9608
@@ -140,11 +140,11 @@ credsweeper/secret/config.json,sha256=GLmo20U9xEJbZ8K0diprxkUYiulWIvD8-jEH8zcycA
 credsweeper/secret/log.yaml,sha256=h29atN5Kvk68oKuTYG2Mi4f2uNO3dvwhOkzCRBKo1rg,952
 credsweeper/utils/__init__.py,sha256=wPdTkrSBAkR3rppFZ68k6MiT_P7tIHuAb3AcwndJCWg,63
 credsweeper/utils/entropy_validator.py,sha256=711xCIBGAy-Pb6wqbMpEToa4dOYj5_CmkbKHygLeQrI,2796
-credsweeper/utils/hop_stat.py,sha256=pzQA8xFxS3gtBAUWViGQBLSPg908ju6vhiwWoR8kPYw,2518
+credsweeper/utils/hop_stat.py,sha256=0D7xB1CVAUhseOZWvLZXxn3MYHKZnfnFJ8hj7tONiyU,2978
 credsweeper/utils/pem_key_detector.py,sha256=Z1LJYm4WAqppF2ooj81-lbhrg2woiNKiMk8Nt4DV-G8,7721
 credsweeper/utils/util.py,sha256=oI4uaMAEoZUVwqPOsjWSp4boKGCQtS6dui0yFbPCsy8,29896
-credsweeper-1.10.6.dist-info/METADATA,sha256=h-_B-ollIA8eY0Dw-9AHqkUk9B2AJUbah15LGsiwZGc,10394
-credsweeper-1.10.6.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-credsweeper-1.10.6.dist-info/entry_points.txt,sha256=SLGNZshvi3zpWPhVmRP-oDXRMRPBS4tzRDy6xYOXwqA,58
-credsweeper-1.10.6.dist-info/licenses/LICENSE,sha256=aU7mGjBKbmRHNLVXXzcPdKmTtBxRwDPtjflQRfN7fFg,1065
-credsweeper-1.10.6.dist-info/RECORD,,
+credsweeper-1.10.7.dist-info/METADATA,sha256=mZ29rR4tboTGU7wO-rs-QxM96g8pIyk6qb5qWrsgaQc,10389
+credsweeper-1.10.7.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+credsweeper-1.10.7.dist-info/entry_points.txt,sha256=SLGNZshvi3zpWPhVmRP-oDXRMRPBS4tzRDy6xYOXwqA,58
+credsweeper-1.10.7.dist-info/licenses/LICENSE,sha256=aU7mGjBKbmRHNLVXXzcPdKmTtBxRwDPtjflQRfN7fFg,1065
+credsweeper-1.10.7.dist-info/RECORD,,