credsweeper 1.11.4__py3-none-any.whl → 1.11.5__py3-none-any.whl

credsweeper/file_handler/data_content_provider.py

@@ -1,6 +1,5 @@
 import json
 import logging
-import string
 import warnings
 from functools import cached_property
 from typing import List, Optional, Any, Generator, Callable, Tuple
@@ -385,7 +384,7 @@ class DataContentProvider(ContentProvider):
             return False
         try:
             self.decoded = Util.decode_base64(  #
-                self.text.translate(str.maketrans('', '', string.whitespace)),  #
+                text=Util.PEM_CLEANING_PATTERN.sub(r'', self.text).replace('\\', ''),  #
                 padding_safe=True,  #
                 urlsafe_detect=True)  #
         except Exception as exc:

credsweeper/file_handler/patches_provider.py

@@ -3,12 +3,12 @@ import logging
 from pathlib import Path
 from typing import List, Union, Tuple, Sequence
 
-from credsweeper import TextContentProvider
 from credsweeper.common.constants import DiffRowType
 from credsweeper.config import Config
 from credsweeper.file_handler.abstract_provider import AbstractProvider
 from credsweeper.file_handler.diff_content_provider import DiffContentProvider
 from credsweeper.file_handler.file_path_extractor import FilePathExtractor
+from credsweeper.file_handler.text_content_provider import TextContentProvider
 from credsweeper.utils import Util
 
 logger = logging.getLogger(__name__)
@@ -42,6 +42,9 @@ class PatchesProvider(AbstractProvider):
             elif isinstance(file_path, io.BytesIO):
                 the_patch = Util.decode_bytes(file_path.read())
                 raw_patches.append(the_patch)
+            elif isinstance(file_path, tuple) and 1 < len(file_path) and isinstance(file_path[1], io.BytesIO):
+                the_patch = Util.decode_bytes(file_path[1].read())
+                raw_patches.append(the_patch)
             else:
                 logger.error(f"Unknown path type: {file_path}")
 

credsweeper/filters/__init__.py

@@ -27,6 +27,7 @@ from credsweeper.filters.value_grafana_check import ValueGrafanaCheck
 from credsweeper.filters.value_grafana_service_check import ValueGrafanaServiceCheck
 from credsweeper.filters.value_hex_number_check import ValueHexNumberCheck
 from credsweeper.filters.value_jfrog_token_check import ValueJfrogTokenCheck
+from credsweeper.filters.value_json_web_key_check import ValueJsonWebKeyCheck
 from credsweeper.filters.value_json_web_token_check import ValueJsonWebTokenCheck
 from credsweeper.filters.value_last_word_check import ValueLastWordCheck
 from credsweeper.filters.value_method_check import ValueMethodCheck

credsweeper/filters/value_base64_key_check.py

@@ -1,7 +1,4 @@
 import contextlib
-import string
-
-from cryptography.hazmat.primitives import serialization
 
 from credsweeper.config import Config
 from credsweeper.credentials import LineData
@@ -13,6 +10,8 @@ from credsweeper.utils import Util
 class ValueBase64KeyCheck(Filter):
     """Check that candidate contains base64 encoded private key"""
 
+    EXTRA_TRANS_TABLE = str.maketrans('', '', "\",'\\")
+
     def __init__(self, config: Config = None) -> None:
         self.config = config
 
@@ -29,12 +28,10 @@ class ValueBase64KeyCheck(Filter):
         """
 
         with contextlib.suppress(Exception):
-            text = line_data.value
-            # replace to space any escaped sequence except space from string.whitespace
-            for x in ["\\t", "\\n", "\\r", "\\v", "\\f"]:
-                text = text.replace(x, ' ')
-            for x in string.whitespace:
-                text = text.replace(x, '')
+            # remove backslash escaping sequences
+            text = Util.PEM_CLEANING_PATTERN.sub(r'', line_data.value)
+            # remove whitespaces
+            text = text.translate(Util.WHITESPACE_TRANS_TABLE)
             # clean sequence concatenation case:
             text = text.replace("'+'", '')
             text = text.replace('"+"', '')
@@ -43,12 +40,10 @@ class ValueBase64KeyCheck(Filter):
             text = text.replace('%2F', '/')
             text = text.replace('%3D', '=')
             # clean any other chars which should not appear
-            for x in ["'", '"', '\\', ',']:
-                text = text.replace(x, "")
+            text = text.translate(ValueBase64KeyCheck.EXTRA_TRANS_TABLE)
             # only PEM standard encoding supported in regex pattern to cut off ending of the key
             key = Util.decode_base64(text, padding_safe=True, urlsafe_detect=False)
-            private_key = serialization.load_der_private_key(key, password=None)
-            if 0 < private_key.key_size:  # type: ignore
-                # access to size field check - some types have no size
+            private_key = Util.load_pk(key, password=None)
+            if Util.check_pk(private_key):
                 return False
         return True

credsweeper/filters/value_json_web_key_check.py

@@ -0,0 +1,37 @@
+import contextlib
+
+from credsweeper.config import Config
+from credsweeper.credentials import LineData
+from credsweeper.file_handler.analysis_target import AnalysisTarget
+from credsweeper.filters import Filter
+from credsweeper.utils import Util
+
+
+class ValueJsonWebKeyCheck(Filter):
+    """
+    Check that candidate is JWK which starts usually from 'e'
+    and have private parts of the key
+    https://datatracker.ietf.org/doc/html/rfc7517
+    https://datatracker.ietf.org/doc/html/rfc7518
+    """
+
+    def __init__(self, config: Config = None) -> None:
+        pass
+
+    def run(self, line_data: LineData, target: AnalysisTarget) -> bool:
+        """Run filter checks on received key which might be structured.
+
+        Args:
+            line_data: credential candidate data
+            target: multiline target from which line data was obtained
+
+        Return:
+            True, when need to filter candidate and False if left
+
+        """
+        with contextlib.suppress(Exception):
+            if data := Util.decode_base64(line_data.value, padding_safe=True, urlsafe_detect=True):
+                if b'"kty":' in data and (b'"oct"' in data and b'"k":' in data or
+                                          (b'"EC"' in data or b'"RSA"' in data) and b'"d":' in data):
+                    return False
+        return True

credsweeper/rules/config.yaml

@@ -375,16 +375,16 @@
     - code
     - doc
 
-- name: Heroku API Key
+- name: Heroku Credentials
   severity: high
-  confidence: moderate
+  confidence: strong
   type: pattern
   values:
-    - (?i)(?P<value>heroku(.{0,20})?[0-9a-f]{8}(-[0-9a-f]{4})+-[0-9a-f]{12})(?![0-9A-Za-z_-])
+    - (?P<value>HRKU-([0-9A-Za-z_-]{60}|[0-9A-Fa-f]{8}(-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12}))
   filter_type: GeneralPattern
   required_substrings:
-    - heroku
-  min_line_len: 24
+    - HRKU-
+  min_line_len: 41
   target:
     - code
     - doc
@@ -413,7 +413,49 @@
     - ValueJsonWebTokenCheck
   required_substrings:
     - eyJ
-  min_line_len: 18
+  min_line_len: 64
+  target:
+    - code
+    - doc
+
+- name: JSON Web Key
+  severity: medium
+  confidence: strong
+  type: pattern
+  values:
+    - (?P<value>\b(e(yJ|yAi|woi|wog|w0K)|W(yJ|3si|wp7|wog|w0K|3sK))[0-9A-Za-z_+/-]{60,8000})
+  filter_type:
+    - ValueJsonWebKeyCheck
+  required_substrings:
+    - eyJ
+    - eyAi
+    - ewoi
+    - ewog
+    - ew0K
+    - WyJ
+    - W3si
+    - Wwp7
+    - Wwog
+    - Ww0K
+    - W3sK
+  min_line_len: 64
+  target:
+    - code
+    - doc
+
+- name: JWK
+  severity: medium
+  confidence: moderate
+  type: multi
+  values:
+    - (?P<value>['"]?\b(?P<variable>kty)[^0-9A-Za-z_-]{1,8}(RSA|EC|oct)\b['"]?)
+    - (?P<variable>\b[dk])[^0-9A-Za-z_-]{1,8}(?P<value>[0-9A-Za-z_-]{22,8000})(?![=0-9A-Za-z_-])
+  filter_type:
+    - ValuePatternCheck
+    - ValueCoupleKeywordCheck(3)
+  required_substrings:
+    - kty
+  min_line_len: 8
   target:
     - code
     - doc

credsweeper/scanner/scan_type/multi_pattern.py

@@ -37,8 +37,7 @@ class MultiPattern(ScanType):
             "Rules provided to MultiPattern.run should have pattern_type equal to MULTI_PATTERN"
 
         candidates = cls._get_candidates(config, rule, target)
-        if not candidates:
-            return candidates
+
         for candidate in candidates:
             line_pos_margin = 1
             while line_pos_margin <= cls.MAX_SEARCH_MARGIN:

credsweeper/secret/config.json

@@ -5,9 +5,13 @@
             ".aar",
             ".apk",
             ".bz2",
+            ".class",
             ".gz",
+            ".jar",
             ".lzma",
+            ".rpm",
             ".tar",
+            ".war",
             ".xz",
             ".zip"
         ],
@@ -28,7 +32,6 @@
             ".avi",
             ".bin",
             ".bmp",
-            ".class",
             ".css",
             ".dmg",
             ".ear",
@@ -40,7 +43,6 @@
             ".ico",
             ".img",
             ".info",
-            ".jar",
             ".jpeg",
             ".jpg",
             ".map",
@@ -62,10 +64,8 @@
             ".rar",
             ".rc",
             ".rc2",
-            ".rar",
             ".realm",
             ".res",
-            ".rpm",
             ".s7z",
             ".scss",
             ".so",
@@ -76,7 +76,6 @@
             ".ttf",
             ".vcxproj",
             ".vdproj",
-            ".war",
             ".wav",
             ".webm",
             ".webp",
@@ -161,7 +160,8 @@
     "bruteforce_list": [
         "",
         "changeit",
-        "changeme"
+        "changeme",
+        "tizen"
     ],
     "check_for_literals": true,
     "min_pattern_value_length": 12,

credsweeper/utils/pem_key_detector.py

@@ -4,7 +4,7 @@ import re
 import string
 from typing import List
 
-from credsweeper.common.constants import PEM_BEGIN_PATTERN, PEM_END_PATTERN
+from credsweeper.common.constants import PEM_BEGIN_PATTERN, PEM_END_PATTERN, Chars
 from credsweeper.config import Config
 from credsweeper.credentials import LineData
 from credsweeper.file_handler.analysis_target import AnalysisTarget
@@ -17,7 +17,7 @@ ENTROPY_LIMIT_BASE64 = 4.5
 
 class PemKeyDetector:
     """Class to detect PEM PRIVATE keys only"""
-    base64set = set(string.ascii_uppercase) | set(string.ascii_lowercase) | set(string.digits) | {'+', '/', '='}
+    base64set = set(Chars.BASE64STDPAD_CHARS.value)
 
     ignore_starts = [PEM_BEGIN_PATTERN, "Proc-Type", "Version", "DEK-Info"]
     wrap_characters = "\\'\";,[]#*!"

credsweeper/utils/util.py

@@ -1,12 +1,13 @@
 import ast
 import base64
+import contextlib
 import json
 import logging
 import math
 import os
+import random
 import re
 import string
-import struct
 import tarfile
 from dataclasses import dataclass
 from pathlib import Path
@@ -15,6 +16,18 @@ from typing import Any, Dict, List, Tuple, Optional, Union
 import numpy as np
 import whatthepatch
 import yaml
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives.asymmetric import padding
+from cryptography.hazmat.primitives.asymmetric.dh import DHPrivateKey, DHPublicKey
+from cryptography.hazmat.primitives.asymmetric.dsa import DSAPrivateKey, DSAPublicKey
+from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePrivateKey, EllipticCurvePublicKey
+from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey, Ed25519PublicKey
+from cryptography.hazmat.primitives.asymmetric.ed448 import Ed448PrivateKey, Ed448PublicKey
+from cryptography.hazmat.primitives.asymmetric.types import PrivateKeyTypes
+from cryptography.hazmat.primitives.asymmetric.x25519 import X25519PublicKey, X25519PrivateKey
+from cryptography.hazmat.primitives.asymmetric.x448 import X448PublicKey, X448PrivateKey
+from cryptography.hazmat.primitives.serialization import load_der_private_key
+from cryptography.hazmat.primitives.serialization.pkcs12 import load_key_and_certificates
 from lxml import etree
 from typing_extensions import TypedDict
 
@@ -152,11 +165,10 @@ class Util:
     @staticmethod
     def is_known(data: Union[bytes, bytearray]) -> bool:
         """Returns True if any known binary format is found to prevent extra scan a file without an extension."""
-        if isinstance(data, (bytes, bytearray)):
-            if 127 <= len(data) and data.startswith(b"\x7f\x45\x4c\x46"):
-                # https://en.wikipedia.org/wiki/Executable_and_Linkable_Format
-                # minimal ELF is 127 bytes https://github.com/tchajed/minimal-elf
-                return True
+        if isinstance(data, (bytes, bytearray)) and data.startswith(b"\x7f\x45\x4c\x46") and 127 <= len(data):
+            # https://en.wikipedia.org/wiki/Executable_and_Linkable_Format
+            # minimal ELF is 127 bytes https://github.com/tchajed/minimal-elf
+            return True
         return False
 
     @staticmethod
@@ -165,10 +177,9 @@ class Util:
         Returns True when two zeroes sequence is found in begin of data.
         The sequence never exists in text format (UTF-8, UTF-16). UTF-32 is not supported.
         """
-        if 0 <= data.find(b"\0\0", 0, MAX_LINE_LENGTH):
+        if isinstance(data, (bytes, bytearray)) and 0 <= data.find(b"\0\0", 0, MAX_LINE_LENGTH):
             return True
-        else:
-            return False
+        return False
 
     NOT_LATIN1_PRINTABLE_SET = set(range(0, 256)) \
         .difference(set(x for x in string.printable.encode(ASCII))) \
@@ -182,7 +193,7 @@ class Util:
             non_latin1_cnt = sum(1 for x in data[:MAX_LINE_LENGTH] if x in Util.NOT_LATIN1_PRINTABLE_SET)
             # experiment for 255217 binary files shown avg = 0.268264 ± 0.168767, so let choose minimal
             chunk_len = min(MAX_LINE_LENGTH, len(data))
-            result = 0.1 > non_latin1_cnt / chunk_len
+            result = bool(0.1 > non_latin1_cnt / chunk_len)
         return result
 
     @staticmethod
@@ -379,26 +390,31 @@ class Util:
     @staticmethod
     def is_zip(data: Union[bytes, bytearray]) -> bool:
         """According https://en.wikipedia.org/wiki/List_of_file_signatures"""
-        if isinstance(data, (bytes, bytearray)) and 3 < len(data):
-            # PK
-            if data.startswith(b"PK"):
-                if 0x03 == data[2] and 0x04 == data[3]:
-                    return True
-                # empty archive - no sense to scan
-                elif 0x05 == data[2] and 0x06 == data[3]:
-                    return True
+        if isinstance(data, (bytes, bytearray)) and data.startswith(b"PK") and 4 <= len(data):
+            if 0x03 == data[2] and 0x04 == data[3]:
+                # normal PK
+                return True
+            elif 0x05 == data[2] and 0x06 == data[3]:
+                # empty archive - no sense to scan in other scanners, so let it be a zip
+                return True
+            elif 0x07 == data[2] and 0x08 == data[3]:
                 # spanned archive - NOT SUPPORTED
-                elif 0x07 == data[2] and 0x08 == data[3]:
-                    return False
+                return False
         return False
 
     @staticmethod
     def is_com(data: Union[bytes, bytearray]) -> bool:
         """According https://en.wikipedia.org/wiki/List_of_file_signatures"""
-        if isinstance(data, (bytes, bytearray)) and 8 < len(data):
-            if data.startswith(b"\xD0\xCF\x11\xE0\xA1\xB1\x1A\xE1"):
-                # Compound File Binary Format: doc, xls, ppt, msi, msg
-                return True
+        if isinstance(data, (bytes, bytearray)) and data.startswith(b"\xD0\xCF\x11\xE0\xA1\xB1\x1A\xE1"):
+            # Compound File Binary Format: doc, xls, ppt, msi, msg
+            return True
+        return False
+
+    @staticmethod
+    def is_rpm(data: Union[bytes, bytearray]) -> bool:
+        """According https://en.wikipedia.org/wiki/List_of_file_signatures"""
+        if isinstance(data, (bytes, bytearray)) and data.startswith(b"\xED\xAB\xEE\xDB"):
+            return True
         return False
 
     @staticmethod
@@ -411,88 +427,105 @@ class Util:
                     or
                     0x20 == data[262] and 0x20 == data[263] and 0x00 == data[264]
             ):
-                try:
+                with contextlib.suppress(Exception):
                     chksum = tarfile.nti(data[148:156])  # type: ignore
                     unsigned_chksum, signed_chksum = tarfile.calc_chksums(data)  # type: ignore
-                    return bool(chksum == unsigned_chksum or chksum == signed_chksum)
-                except Exception as exc:
-                    logger.exception(f"Corrupted TAR ? {exc}")
+                    if chksum == unsigned_chksum or chksum == signed_chksum:
+                        return True
         return False
 
     @staticmethod
     def is_deb(data: Union[bytes, bytearray]) -> bool:
         """According https://en.wikipedia.org/wiki/Deb_(file_format)"""
-        if isinstance(data, (bytes, bytearray)) and 512 <= len(data) and data.startswith(b"!<arch>\n"):
+        if isinstance(data, (bytes, bytearray)) and data.startswith(b"!<arch>\n"):
             return True
         return False
 
     @staticmethod
     def is_bzip2(data: Union[bytes, bytearray]) -> bool:
         """According https://en.wikipedia.org/wiki/Bzip2"""
-        if isinstance(data, (bytes, bytearray)) and 10 <= len(data):
-            if data.startswith(b"\x42\x5A\x68") \
-                    and 0x31 <= data[3] <= 0x39 \
-                    and 0x31 == data[4] and 0x41 == data[5] and 0x59 == data[6] \
-                    and 0x26 == data[7] and 0x53 == data[8] and 0x59 == data[9]:
-                return True
+        if isinstance(data, (bytes, bytearray)) and data.startswith(b"\x42\x5A\x68") and 10 <= len(data) \
+                and 0x31 <= data[3] <= 0x39 \
+                and 0x31 == data[4] and 0x41 == data[5] and 0x59 == data[6] \
+                and 0x26 == data[7] and 0x53 == data[8] and 0x59 == data[9]:
+            return True
         return False
 
     @staticmethod
     def is_gzip(data: Union[bytes, bytearray]) -> bool:
         """According https://www.rfc-editor.org/rfc/rfc1952"""
-        if isinstance(data, (bytes, bytearray)) and 3 <= len(data):
-            if data.startswith(b"\x1F\x8B\x08"):
-                return True
+        if isinstance(data, (bytes, bytearray)) and data.startswith(b"\x1F\x8B\x08"):
+            return True
         return False
 
     @staticmethod
     def is_pdf(data: Union[bytes, bytearray]) -> bool:
         """According https://en.wikipedia.org/wiki/List_of_file_signatures - pdf"""
-        if isinstance(data, (bytes, bytearray)) and 5 <= len(data):
-            if data.startswith(b"\x25\x50\x44\x46\x2D"):
-                return True
+        if isinstance(data, (bytes, bytearray)) and data.startswith(b"%PDF-"):
+            return True
+        return False
+
+    @staticmethod
+    def is_jclass(data: Union[bytes, bytearray]) -> bool:
+        """According https://en.wikipedia.org/wiki/List_of_file_signatures - java class"""
+        if isinstance(data, (bytes, bytearray)) and data.startswith(b"\xCA\xFE\xBA\xBE"):
+            return True
         return False
 
     @staticmethod
     def is_jks(data: Union[bytes, bytearray]) -> bool:
         """According https://en.wikipedia.org/wiki/List_of_file_signatures - jks"""
-        if isinstance(data, (bytes, bytearray)) and 4 <= len(data):
-            if data.startswith(b"\xFE\xED\xFE\xED"):
-                return True
+        if isinstance(data, (bytes, bytearray)) and data.startswith(b"\xFE\xED\xFE\xED"):
+            return True
         return False
 
     @staticmethod
     def is_lzma(data: Union[bytes, bytearray]) -> bool:
         """According https://en.wikipedia.org/wiki/List_of_file_signatures - lzma also xz"""
-        if isinstance(data, (bytes, bytearray)) and 6 <= len(data):
-            if data.startswith((b"\xFD\x37\x7A\x58\x5A\x00", b"\x5D\x00\x00")):
-                return True
+        if isinstance(data, (bytes, bytearray)) and data.startswith((b"\xFD7zXZ\x00", b"\x5D\x00\x00")):
+            return True
+        return False
+
+    @classmethod
+    def is_sqlite3(cls, data):
+        """According https://en.wikipedia.org/wiki/List_of_file_signatures - SQLite Database"""
+        if isinstance(data, (bytes, bytearray)) and data.startswith(b"SQLite format 3\0"):
+            return True
         return False
 
     @staticmethod
-    def is_asn1(data: Union[bytes, bytearray]) -> bool:
-        """Only sequence type 0x30 and size correctness is checked"""
-        if isinstance(data, (bytes, bytearray)) and 4 <= len(data):
-            # sequence
-            if 0x30 == data[0]:
-                # https://www.oss.com/asn1/resources/asn1-made-simple/asn1-quick-reference/basic-encoding-rules.html#Lengths
-                length = data[1]
+    def is_asn1(data: Union[bytes, bytearray]) -> int:
+        """Only sequence type 0x30 and size correctness are checked
+        Returns size of ASN1 data over 128 bytes or 0 if no interested data
+        """
+        if isinstance(data, (bytes, bytearray)) and 2 <= len(data) and 0x30 == data[0]:
+            # https://www.oss.com/asn1/resources/asn1-made-simple/asn1-quick-reference/basic-encoding-rules.html#Lengths
+            length = data[1]
+            if 0x80 == length:
+                if data.endswith(b"\x00\x00"):
+                    # assume, all data are ASN1 of various size
+                    return len(data)
+                else:
+                    # skip the case where the ASN1 size is smaller than the actual data
+                    return 0
+            elif 0x80 < length:
                 byte_len = 0x7F & length
-                if 0x80 == length and data.endswith(b"\x00\x00"):
-                    return True
-                elif 0x80 < length and 1 < byte_len < len(data):  # additional check
-                    len_bytes = data[2:2 + byte_len]
-                    try:
-                        long_size = struct.unpack(">h", len_bytes)
-                    except struct.error:
-                        long_size = (-1,)  # yapf: disable
-                    length = long_size[0]
-                elif 0x80 < length and 1 == byte_len:  # small size
-                    length = data[2]
+                len_limit = 2 + byte_len
+                if 4 >= byte_len and len(data) >= len_limit:
+                    length = 0
+                    for i in range(2, len_limit):
+                        length <<= 8
+                        length |= data[i]
+                    if len(data) >= length + len_limit:
+                        return length + len_limit
                 else:
-                    byte_len = 0
-                return len(data) == length + 2 + byte_len
-        return False
+                    # unsupported huge size
+                    return 0
+            else:
+                # less than 0x80
+                if len(data) >= length + 2:
+                    return length + 2
+        return 0
 
     @staticmethod
     def is_html(data: Union[bytes, bytearray]) -> bool:
@@ -547,12 +580,12 @@ class Util:
     @staticmethod
     def is_eml(data: Union[bytes, bytearray]) -> bool:
         """According to https://datatracker.ietf.org/doc/html/rfc822 lookup the fields: Date, From, To or Subject"""
-        if isinstance(data, (bytes, bytearray)):
-            if (b"\nDate:" in data or data.startswith(b"Date:")) \
-                    and (b"\nFrom:" in data or data.startswith(b"From:")) \
-                    and (b"\nTo:" in data or data.startswith(b"To:")) \
-                    and (b"\nSubject:" in data or data.startswith(b"Subject:")):
-                return True
+        if isinstance(data, (bytes, bytearray)) \
+                and (b"\nDate:" in data or data.startswith(b"Date:")) \
+                and (b"\nFrom:" in data or data.startswith(b"From:")) \
+                and (b"\nTo:" in data or data.startswith(b"To:")) \
+                and (b"\nSubject:" in data or data.startswith(b"Subject:")):
+            return True
         return False
 
     @staticmethod
@@ -665,10 +698,13 @@ class Util:
         result = ast.unparse(src).splitlines()
         return result
 
+    PEM_CLEANING_PATTERN = re.compile(r"\\[tnrvf]")
+    WHITESPACE_TRANS_TABLE = str.maketrans('', '', string.whitespace)
+
     @staticmethod
     def decode_base64(text: str, padding_safe: bool = False, urlsafe_detect=False) -> bytes:
         """decode text to bytes with / without padding detect and urlsafe symbols"""
-        value = text
+        value = text.translate(Util.WHITESPACE_TRANS_TABLE)
         if padding_safe:
             pad_num = 0x3 & len(value)
             if pad_num:
@@ -679,6 +715,38 @@ class Util:
             decoded = base64.b64decode(value, validate=True)
         return decoded
 
+    @staticmethod
+    def load_pk(data: bytes, password: Optional[bytes] = None) -> Optional[PrivateKeyTypes]:
+        """Try to load private key from PKCS1, PKCS8 and PKCS12 formats"""
+        with contextlib.suppress(Exception):
+            # PKCS1, PKCS8 probes
+            private_key = load_der_private_key(data, password)
+            return private_key
+        with contextlib.suppress(Exception):
+            # PKCS12 probe
+            private_key, _certificate, _additional_certificates = load_key_and_certificates(data, password)
+            return private_key
+        return None
+
+    RANDOM_DATA = random.randbytes(20)
+
+    @staticmethod
+    def check_pk(pkey: PrivateKeyTypes) -> bool:
+        """Check private key with encrypt-decrypt random data"""
+        if isinstance(pkey, (EllipticCurvePrivateKey, DSAPrivateKey, Ed448PrivateKey, Ed25519PrivateKey, DHPrivateKey,
+                             X448PrivateKey, X25519PrivateKey)):
+            # One does not simply perform check the keys
+            return True
+        if isinstance(pkey, (EllipticCurvePublicKey, DSAPublicKey, Ed448PublicKey, Ed25519PublicKey, DHPublicKey,
+                             X448PublicKey, X25519PublicKey)) or not pkey:
+            # These aren't the keys we're looking for
+            return False
+            # DSA, RSA
+        pd = padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA1()), algorithm=hashes.SHA1(), label=None)
+        ciphertext = pkey.public_key().encrypt(Util.RANDOM_DATA, padding=pd)
+        refurb = pkey.decrypt(ciphertext, padding=pd)
+        return bool(refurb == Util.RANDOM_DATA)
+
     @staticmethod
     def get_chunks(line_len: int) -> List[Tuple[int, int]]:
         """Returns chunks positions for given line length"""