credsweeper 1.11.1__py3-none-any.whl → 1.11.2__py3-none-any.whl

credsweeper/__init__.py

@@ -18,4 +18,4 @@ __all__ = [
     '__version__'
 ]
 
-__version__ = "1.11.1"
+__version__ = "1.11.2"

credsweeper/common/keyword_pattern.py

@@ -8,20 +8,20 @@ class KeywordPattern:
                r"(?P<keyword>"
     # there will be inserted a keyword
     key_right = r")" \
-                r"[^%:='\"`<>{?!&]*" \
+                r"[^%:='\"`<>{?!&;\n]*" \
                 r")" \
                 r"(&(quot|apos);|%[0-9a-f]{2}|[`'\"])*" \
                 r")"  # <variable>
     separator = r"(\s|\\{1,8}[tnr])*\]?(\s|\\{1,8}[tnr])*" \
-                r"(?P<separator>:(\s[a-z]{3,9}[?]?\s)?=|:|=(>|&gt;|\\u0026gt;)|!==|!=|===|==|=|%3d)" \
+                r"(?P<separator>:(\s[a-z]{3,9}[?]?\s)?=|:(?!:)|=(>|&gt;|(\\\\*u00|%)26gt;)|!==|!=|===|==|=|%3d)" \
                 r"(\s|\\{1,8}[tnr])*"
     # might be curly, square or parenthesis with words before
     wrap = r"(?P<wrap>(" \
-           r"(new(\s|\\{1,8}[tnr]){1,8})?" \
-           r"([0-9a-z_.]|-(>|(&|\\\\*u0026)gt;))*" \
+           r"(new(\s|\\{1,8}[tnr]|byte|char|string|\[\]){1,8})?" \
+           r"([0-9a-z_.]|::|-(>|&gt;))*" \
            r"[\[\(\{]" \
            r"(\s|\\{1,8}[tnr])*" \
-           r"([0-9a-z_]{1,32}=)?" \
+           r"([0-9a-z_]{1,32}[:=]\s*)?" \
            r"){1,8})?"
     string_prefix = r"(((b|r|br|rb|u|f|rf|fr|l|@)(?=(\\*[`'\"])))?"
     left_quote = r"(?P<value_leftquote>((?P<esq>\\{1,8})?([`'\"]|&(quot|apos);)){1,4}))?"
@@ -39,14 +39,22 @@ class KeywordPattern:
             r"(?P<url_esc>%[0-9a-f]{2})" \
             r"|" \
             r"(?(url_esc)[^\s`'\",;\\&]|[^\s`'\",;\\])" \
-            r")){3,8000}" \
-            r"|(\{[^}]{3,8000}\})" \
-            r"|(<[^>]{3,8000}>)" \
+            r")"\
+            r"){4,8000}" \
+            r"|" \
+            r"(<[^>]{4,8000}>)" \
+            r"|" \
+            r"(\$?\({1,3}[^)]{4,8000}\){1,3})" \
+            r"|" \
+            r"(\$?\{{1,3}[^}]{4,8000}\}{1,3})" \
+            r"|" \
+            r"(?(wrap)(?(value_leftquote)(?!\\(?P=value_leftquote))|[^\]\)\}]){16,8000})"\
             r")"  # <value>
     right_quote = r"(?(value_leftquote)" \
                   r"(?P<value_rightquote>(?<!\\)(?P=value_leftquote)|\\$|(?<=[0-9a-z+_/-])$)" \
                   r"|" \
-                  r"(?(wrap)[\]\)\},;]))"
+                  r"(?(wrap)(\]|\)|\}|,|;|\\|$))" \
+                  r")"
 
     @classmethod
     def get_keyword_pattern(cls, keyword: str) -> re.Pattern:

credsweeper/filters/__init__.py

@@ -22,7 +22,6 @@ from credsweeper.filters.value_entropy_base32_check import ValueEntropyBase32Che
 from credsweeper.filters.value_entropy_base36_check import ValueEntropyBase36Check
 from credsweeper.filters.value_entropy_base64_check import ValueEntropyBase64Check
 from credsweeper.filters.value_file_path_check import ValueFilePathCheck
-from credsweeper.filters.value_first_word_check import ValueFirstWordCheck
 from credsweeper.filters.value_github_check import ValueGitHubCheck
 from credsweeper.filters.value_grafana_check import ValueGrafanaCheck
 from credsweeper.filters.value_grafana_service_check import ValueGrafanaServiceCheck

credsweeper/filters/group/group.py

@@ -4,9 +4,9 @@ from typing import List
 from credsweeper.common.constants import GroupType
 from credsweeper.config import Config
 from credsweeper.filters import (Filter, LineSpecificKeyCheck, ValueAllowlistCheck, ValueArrayDictionaryCheck,
-                                 ValueBlocklistCheck, ValueCamelCaseCheck, ValueFilePathCheck, ValueFirstWordCheck,
-                                 ValueLastWordCheck, ValueMethodCheck, ValueNotAllowedPatternCheck, ValuePatternCheck,
-                                 ValueSimilarityCheck, ValueStringTypeCheck, ValueTokenCheck, ValueHexNumberCheck)
+                                 ValueBlocklistCheck, ValueCamelCaseCheck, ValueFilePathCheck, ValueLastWordCheck,
+                                 ValueMethodCheck, ValueNotAllowedPatternCheck, ValuePatternCheck, ValueSimilarityCheck,
+                                 ValueStringTypeCheck, ValueTokenCheck, ValueHexNumberCheck)
 
 
 class Group(ABC):
@@ -39,7 +39,6 @@ class Group(ABC):
             ValueBlocklistCheck(),
             ValueCamelCaseCheck(),
             ValueFilePathCheck(),
-            ValueFirstWordCheck(),
             ValueHexNumberCheck(),
             ValueLastWordCheck(),
             ValueMethodCheck(),

credsweeper/filters/group/url_credentials_group.py

@@ -2,8 +2,8 @@ from credsweeper.common.constants import GroupType
 from credsweeper.config import Config
 from credsweeper.filters import (ValueAllowlistCheck, ValueArrayDictionaryCheck, ValueBlocklistCheck,
                                  ValueCamelCaseCheck, ValueDictionaryValueLengthCheck, ValueFilePathCheck,
-                                 ValueFirstWordCheck, ValueLastWordCheck, ValueMethodCheck, ValueNotAllowedPatternCheck,
-                                 ValuePatternCheck, ValueStringTypeCheck, ValueTokenCheck)
+                                 ValueLastWordCheck, ValueMethodCheck, ValueNotAllowedPatternCheck, ValuePatternCheck,
+                                 ValueStringTypeCheck, ValueTokenCheck)
 from credsweeper.filters.group import Group
 
 
@@ -23,7 +23,6 @@ class UrlCredentialsGroup(Group):
             ValueBlocklistCheck(),
             ValueCamelCaseCheck(),
             ValueFilePathCheck(),
-            ValueFirstWordCheck(),
             ValueLastWordCheck(),
             ValueMethodCheck(),
             ValueStringTypeCheck(config),

credsweeper/filters/value_allowlist_check.py

@@ -25,6 +25,7 @@ class ValueAllowlistCheck(Filter):
 
     ALLOWED_QUOTED = [
         r"\$[a-z_]+[0-9a-z_]*([$\s]|$)",  #
+        r"\$\([^)]+\)",  #
         r".*\*\*\*",  #
     ]
 
@@ -33,6 +34,7 @@ class ValueAllowlistCheck(Filter):
     ALLOWED_UNQUOTED = [
         r"[~a-z0-9_]+((\.|->)[a-z0-9_]+)+\(.*$",  #
         r"\$[a-z_]+[0-9a-z_]*\b",  #
+        r"\$\([.0-9a-z_-]+",  #
         r".*\*\*\*\*\*",  #
     ]
 
@@ -52,14 +54,11 @@ class ValueAllowlistCheck(Filter):
             True, if need to filter candidate and False if left
 
         """
-
-        if self.ALLOWED_PATTERN.match(line_data.value):
-            return True
-        elif line_data.is_well_quoted_value:
-            if self.ALLOWED_QUOTED_PATTERN.match(line_data.value):
+        if line_data.is_well_quoted_value:
+            if self.ALLOWED_PATTERN.match(line_data.value) or self.ALLOWED_QUOTED_PATTERN.match(line_data.value):
                 return True
         else:
-            if self.ALLOWED_UNQUOTED_PATTERN.match(line_data.value):
+            value = line_data.wrap + line_data.value if line_data.wrap else line_data.value
+            if self.ALLOWED_PATTERN.match(value) or self.ALLOWED_UNQUOTED_PATTERN.match(value):
                 return True
-
         return False

credsweeper/rules/config.yaml

@@ -448,7 +448,7 @@
   confidence: moderate
   type: keyword
   values:
-    - (?<!by)pass(?!ed|ing|es|\s+[a-z]{3,80})|pw(d|\b)
+    - (?<!by)pass(?!ed|ing|es|age|\s+[a-z]{3,80})|pw(d|\b)
   filter_type: PasswordKeyword
   use_ml: true
   min_line_len: 10
@@ -890,7 +890,7 @@
   confidence: moderate
   type: keyword
   values:
-    - nonce
+    - (?<!\\)nonce
   filter_type: GeneralKeyword
   use_ml: true
   min_line_len: 13

{credsweeper-1.11.1.dist-info → credsweeper-1.11.2.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: credsweeper
-Version: 1.11.1
+Version: 1.11.2
 Summary: Credential Sweeper
 Project-URL: Homepage, https://github.com/Samsung/CredSweeper
 Project-URL: Bug Tracker, https://github.com/Samsung/CredSweeper/issues

{credsweeper-1.11.1.dist-info → credsweeper-1.11.2.dist-info}/RECORD

@@ -1,4 +1,4 @@
-credsweeper/__init__.py,sha256=DNgFBLOXoBUXL0IvKDJswX-CEJfApajSHSuJq_FhRtg,632
+credsweeper/__init__.py,sha256=31n6VGpjxTnUopRT_gkDzt_Udpt7Hesw1QtJUiK2C9U,632
 credsweeper/__main__.py,sha256=jlI83ctJJfF0koMqP6u24JASC7MIPA2g1POx7aeuaQ8,17187
 credsweeper/app.py,sha256=sexUp4Qced22AhvbcVlb5C-QtJRoDmUp5qhc_nwj248,21369
 credsweeper/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -6,7 +6,7 @@ credsweeper/common/__init__.py,sha256=mYiHEDV0hSeWcFx0Wb8oIRDCPR92ben0mCuC9-gCTg
 credsweeper/common/constants.py,sha256=plBHrIVfj4CBpymIgLxTPiYr66_By3QKlgCoHYVKPLc,5534
 credsweeper/common/keyword_checklist.py,sha256=6EKNdMMryZykedAOhEc-MF1byi5oXmAiljq61T_nco4,2258
 credsweeper/common/keyword_checklist.txt,sha256=a8GW-wF6D83uVFYxMWEsUFlth6c1B_KDpF8_Xpj0mE8,7169
-credsweeper/common/keyword_pattern.py,sha256=JYwIrtMFzQhHSRJWudnbFLgE2i9dOEY4_EFYsgbIBzg,2618
+credsweeper/common/keyword_pattern.py,sha256=d-Mk9VPNg68wazcofcAZxwYxUCIEredTYIn061knDmM,2928
 credsweeper/common/morpheme_checklist.txt,sha256=Q-vc60F05Y-DiZP9rYahouPRf7kxEyy9gsXQTWE0pc4,8862
 credsweeper/config/__init__.py,sha256=3_lLgF2P-EurNupTYmHvY11Ba8rdjhLJAAfTiMJW4mY,45
 credsweeper/config/config.py,sha256=Rfc8YLa4bcG_AMequbfQ-HggS74jC4OqTtaWOoGxJdA,2630
@@ -52,12 +52,12 @@ credsweeper/file_handler/patches_provider.py,sha256=BWIxWsEYwwWGPweA6BrKP3q412kz
 credsweeper/file_handler/string_content_provider.py,sha256=OlLF-c40zGkCulPZwzHfTElF65Z7G3XKQfpCe5aBKLw,2477
 credsweeper/file_handler/struct_content_provider.py,sha256=_RfQ_JEJprn5haOLlzAYwabCHT4Pdm8VXc3KhTwaQ40,1593
 credsweeper/file_handler/text_content_provider.py,sha256=FHzwtlPsRHBJwHW0p9AumPe-iTv671K-N7A5QlSolDM,2999
-credsweeper/filters/__init__.py,sha256=6UV9kMNPUApukDkEvqQaM5V53JzvzTBh6TpYWcVMs7A,3342
+credsweeper/filters/__init__.py,sha256=EwLbbc2pXwAhSSJx0QXBcujRkP4Py6Fnf3MNm6ZkngQ,3267
 credsweeper/filters/filter.py,sha256=CqZbTsIDNVVwQyOjNekgNr_i1nPS4foutm0AvGAjM5M,826
 credsweeper/filters/line_git_binary_check.py,sha256=G5N-woSLXC1mdiD80AhXbOpJCjGwtvFwFwMmRu87qlY,1595
 credsweeper/filters/line_specific_key_check.py,sha256=rM66tPmUCXPaCUpNokIkJukOyxOL4FB8ig74ezYrbBs,1536
 credsweeper/filters/line_uue_part_check.py,sha256=xmJr2Klz3H8yc-ymlGwPmIjRIoXxvBD9NvW0gW22i9o,1519
-credsweeper/filters/value_allowlist_check.py,sha256=dRhBKYQiODbAkpJ5pyCqliBdsQO-2qiVXel-wpFw_fo,2022
+credsweeper/filters/value_allowlist_check.py,sha256=WS1yokEUp-ikcZWr4WLOhKsRNCqgLHh8Qvm6pt4wJvg,2163
 credsweeper/filters/value_array_dictionary_check.py,sha256=NaaojsUFjGlk4JzpskG3rdUCN2RXZs8MgX_yTrNHm9c,1251
 credsweeper/filters/value_atlassian_token_check.py,sha256=rAuMC5JUxnXZwPxoKtrwFVKTWCNXf-gf9mv5h6IQC7M,2914
 credsweeper/filters/value_azure_token_check.py,sha256=LGfLPoQxuVN8kReWKTvFpfLGa8oOhUCw95YHBJhF-uE,2022
@@ -76,7 +76,6 @@ credsweeper/filters/value_entropy_base32_check.py,sha256=XAIEcT8a6eJrDDDvBO6EsOb
 credsweeper/filters/value_entropy_base36_check.py,sha256=4BdDP6P_3UQwzpITMJ2S8SWjlCzfKVuEmB7SXcJhx4s,1548
 credsweeper/filters/value_entropy_base64_check.py,sha256=uIlm7F9xaIKLwmP1d2K092sQSgwe4t5Klm9J6qA_qjA,2184
 credsweeper/filters/value_file_path_check.py,sha256=azBFnFfK-4KjogeJkCH5rV13TVPW_wGx5ow1vSlArYA,3544
-credsweeper/filters/value_first_word_check.py,sha256=y4Lxh7hnEwDpP7S9mDsudJR5CjGrhxn0asMwnXmzUP0,1229
 credsweeper/filters/value_github_check.py,sha256=nRYvTxvhFo2PCMwneg5K4I7gJ3tBNzOOYDEhun0pxwg,1441
 credsweeper/filters/value_grafana_check.py,sha256=4wagCuVCSDoO5Kc0-U4Y7eUvBlYUAJffMXmTD79FcnU,1506
 credsweeper/filters/value_grafana_service_check.py,sha256=fL8v4pXS-GopeE_WKNB6rlm9XFzdNapCxO5dH0Z14B4,1133
@@ -100,10 +99,10 @@ credsweeper/filters/value_token_check.py,sha256=50Yye9NwaznmU7qH2ZLc9oUkwiZ5XiOW
 credsweeper/filters/group/__init__.py,sha256=_a_XEmFbEA4kumIF2bAN3oHl3R6uLTJj7G2EjZWAfr0,567
 credsweeper/filters/group/general_keyword.py,sha256=mnd4cNG5GgnXx-i9wGRSbYvaUTVGQOC0Of9KGUg2d3g,411
 credsweeper/filters/group/general_pattern.py,sha256=dGneD7HSnVm1qO807uKwzonUAvIJ6TPh3WJMq2CnyjE,290
-credsweeper/filters/group/group.py,sha256=Nmz30MfLKdq3ViHOrrSvvwZsr7pxa808jh2WIyXgFCg,2298
+credsweeper/filters/group/group.py,sha256=yCfb02PdqfOL1WbdaB26xUSgpeywvpFT6AXMc89_-zc,2242
 credsweeper/filters/group/password_keyword.py,sha256=XrJWnqHUhvAXs5-kTU-Td9HKsVw0vp3DMprP0M4V4GI,685
 credsweeper/filters/group/token_pattern.py,sha256=_UPyuAxaAPJu04oU8OTHmDcUQPSwq_y4qxmAAlr8CXU,604
-credsweeper/filters/group/url_credentials_group.py,sha256=Hy6J6NCZsIpekyD-Lq4Ot-7qq_4YjoDNKEbAnKjBd9A,1490
+credsweeper/filters/group/url_credentials_group.py,sha256=NH_piLoqXNBKtzzRr6xgXSuDPhLqKlCGNqT--WKTvQs,1434
 credsweeper/filters/group/weird_base36_token.py,sha256=N20PZecEEqEyVdlIw1DhFplA7jCG0fMEw7nkaHIZDCE,661
 credsweeper/filters/group/weird_base64_token.py,sha256=nMAmhwMzBZ-La1pJnZHVOavPak8_q1cqkzLxG-Y7dwo,850
 credsweeper/logger/__init__.py,sha256=qoRn8hBnzjqDMSPAmavHbpsuyC0dmxuKqbO_v50EcDU,45
@@ -130,7 +129,7 @@ credsweeper/ml_model/features/word_in_transition.py,sha256=owpXQOWD4OzCXTWypYr3H
 credsweeper/ml_model/features/word_in_value.py,sha256=35GCjCfvpWw4-MiMAZA9YcoaqwBommArSrJ4kEAi5TA,883
 credsweeper/ml_model/features/word_in_variable.py,sha256=d02c1ieUxm1pSyOE-S-HijgliMRV9kMaI0zv-UxFAp4,823
 credsweeper/rules/__init__.py,sha256=alXS8IivUs-AKKbVHiWvSjFpg1urJZLKItuFr61HHyg,40
-credsweeper/rules/config.yaml,sha256=NFwzEqK1SjrN_mVbjA8Vzs7ECfY_uTOuBRaeXHnRVYA,39931
+credsweeper/rules/config.yaml,sha256=R8EOlqK2LLBqbZFo8-NpBttdoxySiGYYGAmsiMjKYFs,39942
 credsweeper/rules/rule.py,sha256=rU6vJ4cVoeAZdUMWalRTMuAdRuYgFxeTltvSYUJRHOU,10224
 credsweeper/scanner/__init__.py,sha256=KUh1uUEgZOd12DiXV-TQP3OvByI9tsyqN1KCdw994h8,48
 credsweeper/scanner/scanner.py,sha256=7I2H2qTs5ONwLi7K5wFOqc4WZtpaQGi-MhjkThc0FpM,9846
@@ -146,8 +145,8 @@ credsweeper/utils/entropy_validator.py,sha256=711xCIBGAy-Pb6wqbMpEToa4dOYj5_Cmkb
 credsweeper/utils/hop_stat.py,sha256=0D7xB1CVAUhseOZWvLZXxn3MYHKZnfnFJ8hj7tONiyU,2978
 credsweeper/utils/pem_key_detector.py,sha256=Z1LJYm4WAqppF2ooj81-lbhrg2woiNKiMk8Nt4DV-G8,7721
 credsweeper/utils/util.py,sha256=p8Chj7VWJrAP8q_jQhssfm1xoiIN_iCN1uMViq-1JrA,31102
-credsweeper-1.11.1.dist-info/METADATA,sha256=W39T66V_XQYHdIx91-XgGi48QJiiZN7CwGndeUN98FA,10504
-credsweeper-1.11.1.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-credsweeper-1.11.1.dist-info/entry_points.txt,sha256=SLGNZshvi3zpWPhVmRP-oDXRMRPBS4tzRDy6xYOXwqA,58
-credsweeper-1.11.1.dist-info/licenses/LICENSE,sha256=aU7mGjBKbmRHNLVXXzcPdKmTtBxRwDPtjflQRfN7fFg,1065
-credsweeper-1.11.1.dist-info/RECORD,,
+credsweeper-1.11.2.dist-info/METADATA,sha256=2tH2XVbl8zhq-s8CqLDDFmybPL6p5IKaHTBGQWEX04w,10504
+credsweeper-1.11.2.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+credsweeper-1.11.2.dist-info/entry_points.txt,sha256=SLGNZshvi3zpWPhVmRP-oDXRMRPBS4tzRDy6xYOXwqA,58
+credsweeper-1.11.2.dist-info/licenses/LICENSE,sha256=aU7mGjBKbmRHNLVXXzcPdKmTtBxRwDPtjflQRfN7fFg,1065
+credsweeper-1.11.2.dist-info/RECORD,,

credsweeper/filters/value_first_word_check.py

@@ -1,38 +0,0 @@
-import re
-
-from credsweeper.config import Config
-from credsweeper.credentials import LineData
-from credsweeper.file_handler.analysis_target import AnalysisTarget
-from credsweeper.filters import Filter
-from credsweeper.utils import Util
-
-
-class ValueFirstWordCheck(Filter):
-    """Check that secret doesn't starts with special character."""
-
-    NOT_ALLOWED = [
-        r"\=", r"\{", r"\)", r"\<", r"\>", r"\#", r"\:", r"\\\\", r"\\/\\/", r"\_", r"\/\*", r"\%[deflspuvxz]"
-    ]
-    NOT_ALLOWED_PATTERN = re.compile(  #
-        f"^{Util.get_regex_combine_or(NOT_ALLOWED)}",  #
-        flags=re.IGNORECASE)
-
-    def __init__(self, config: Config = None) -> None:
-        pass
-
-    def run(self, line_data: LineData, target: AnalysisTarget) -> bool:
-        """Run filter checks on received credential candidate data 'line_data'.
-
-        Args:
-            line_data: credential candidate data
-            target: multiline target from which line data was obtained
-
-        Return:
-            True, if need to filter candidate and False if left
-
-        """
-        if line_data.is_well_quoted_value:
-            return False
-        if self.NOT_ALLOWED_PATTERN.match(line_data.value):
-            return True
-        return False