credsweeper 1.11.5__py3-none-any.whl → 1.13.3__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of credsweeper might be problematic. Click here for more details.
- credsweeper/__init__.py +21 -15
- credsweeper/__main__.py +158 -42
- credsweeper/app.py +18 -13
- credsweeper/common/keyword_pattern.py +19 -18
- credsweeper/common/morpheme_checklist.txt +28 -6
- credsweeper/config/__init__.py +0 -1
- credsweeper/config/config.py +4 -3
- credsweeper/credentials/__init__.py +0 -5
- credsweeper/credentials/augment_candidates.py +1 -1
- credsweeper/credentials/candidate.py +1 -1
- credsweeper/credentials/credential_manager.py +1 -1
- credsweeper/credentials/line_data.py +43 -8
- credsweeper/deep_scanner/__init__.py +0 -1
- credsweeper/deep_scanner/abstract_scanner.py +4 -3
- credsweeper/deep_scanner/byte_scanner.py +1 -1
- credsweeper/deep_scanner/bzip2_scanner.py +2 -2
- credsweeper/deep_scanner/csv_scanner.py +71 -0
- credsweeper/deep_scanner/deb_scanner.py +1 -1
- credsweeper/deep_scanner/deep_scanner.py +22 -12
- credsweeper/deep_scanner/docx_scanner.py +1 -1
- credsweeper/deep_scanner/eml_scanner.py +1 -1
- credsweeper/deep_scanner/encoder_scanner.py +1 -1
- credsweeper/deep_scanner/gzip_scanner.py +2 -2
- credsweeper/deep_scanner/html_scanner.py +1 -1
- credsweeper/deep_scanner/jclass_scanner.py +1 -1
- credsweeper/deep_scanner/jks_scanner.py +12 -3
- credsweeper/deep_scanner/lang_scanner.py +1 -1
- credsweeper/deep_scanner/lzma_scanner.py +2 -2
- credsweeper/deep_scanner/mxfile_scanner.py +1 -1
- credsweeper/deep_scanner/pdf_scanner.py +1 -1
- credsweeper/deep_scanner/pkcs_scanner.py +6 -2
- credsweeper/deep_scanner/pptx_scanner.py +1 -1
- credsweeper/deep_scanner/rpm_scanner.py +1 -1
- credsweeper/deep_scanner/rtf_scanner.py +41 -0
- credsweeper/deep_scanner/strings_scanner.py +52 -0
- credsweeper/deep_scanner/tar_scanner.py +2 -2
- credsweeper/deep_scanner/tmx_scanner.py +2 -2
- credsweeper/deep_scanner/xlsx_scanner.py +2 -2
- credsweeper/deep_scanner/xml_scanner.py +1 -1
- credsweeper/deep_scanner/zip_scanner.py +2 -2
- credsweeper/file_handler/__init__.py +0 -15
- credsweeper/file_handler/abstract_provider.py +3 -4
- credsweeper/file_handler/byte_content_provider.py +11 -2
- credsweeper/file_handler/content_provider.py +1 -1
- credsweeper/file_handler/data_content_provider.py +1 -1
- credsweeper/file_handler/diff_content_provider.py +133 -3
- credsweeper/file_handler/file_path_extractor.py +4 -2
- credsweeper/file_handler/files_provider.py +4 -4
- credsweeper/file_handler/patches_provider.py +7 -8
- credsweeper/file_handler/text_content_provider.py +8 -2
- credsweeper/filters/__init__.py +3 -4
- credsweeper/filters/filter.py +5 -3
- credsweeper/filters/group/__init__.py +0 -2
- credsweeper/filters/group/general_keyword.py +2 -2
- credsweeper/filters/group/general_pattern.py +2 -2
- credsweeper/filters/group/group.py +38 -36
- credsweeper/filters/group/password_keyword.py +9 -8
- credsweeper/filters/group/token_pattern.py +5 -5
- credsweeper/filters/group/url_credentials_group.py +8 -8
- credsweeper/filters/group/weird_base36_token.py +6 -6
- credsweeper/filters/group/weird_base64_token.py +5 -5
- credsweeper/filters/line_git_binary_check.py +5 -4
- credsweeper/filters/line_specific_key_check.py +6 -5
- credsweeper/filters/line_uue_part_check.py +5 -4
- credsweeper/filters/value_allowlist_check.py +6 -5
- credsweeper/filters/value_array_dictionary_check.py +8 -6
- credsweeper/filters/value_atlassian_token_check.py +6 -5
- credsweeper/filters/value_azure_token_check.py +6 -5
- credsweeper/filters/value_base32_data_check.py +8 -5
- credsweeper/filters/value_base64_data_check.py +6 -5
- credsweeper/filters/value_base64_encoded_pem_check.py +6 -5
- credsweeper/filters/value_base64_key_check.py +6 -5
- credsweeper/filters/value_base64_part_check.py +6 -5
- credsweeper/filters/value_basic_auth_check.py +37 -0
- credsweeper/filters/value_blocklist_check.py +6 -4
- credsweeper/filters/value_camel_case_check.py +8 -7
- credsweeper/filters/value_dictionary_keyword_check.py +6 -4
- credsweeper/filters/value_discord_bot_check.py +6 -5
- credsweeper/filters/value_entropy_base_check.py +6 -5
- credsweeper/filters/value_file_path_check.py +13 -8
- credsweeper/filters/value_github_check.py +8 -6
- credsweeper/filters/value_grafana_check.py +6 -5
- credsweeper/filters/value_grafana_service_check.py +5 -4
- credsweeper/filters/value_hex_number_check.py +5 -4
- credsweeper/filters/value_jfrog_token_check.py +6 -5
- credsweeper/filters/value_json_web_key_check.py +6 -5
- credsweeper/filters/value_json_web_token_check.py +6 -5
- credsweeper/filters/value_last_word_check.py +6 -4
- credsweeper/filters/{value_dictionary_value_length_check.py → value_length_check.py} +12 -6
- credsweeper/filters/value_method_check.py +5 -4
- credsweeper/filters/value_morphemes_check.py +43 -0
- credsweeper/filters/value_not_allowed_pattern_check.py +6 -5
- credsweeper/filters/value_not_part_encoded_check.py +4 -4
- credsweeper/filters/value_number_check.py +5 -4
- credsweeper/filters/value_pattern_check.py +61 -41
- credsweeper/filters/value_similarity_check.py +6 -4
- credsweeper/filters/value_split_keyword_check.py +5 -4
- credsweeper/filters/value_string_type_check.py +10 -7
- credsweeper/filters/value_token_base_check.py +5 -4
- credsweeper/filters/value_token_check.py +6 -5
- credsweeper/logger/__init__.py +0 -1
- credsweeper/logger/logger.py +1 -1
- credsweeper/ml_model/__init__.py +0 -1
- credsweeper/ml_model/features/__init__.py +1 -0
- credsweeper/ml_model/features/entropy_evaluation.py +1 -1
- credsweeper/ml_model/features/feature.py +2 -19
- credsweeper/ml_model/features/file_extension.py +2 -2
- credsweeper/ml_model/features/has_html_tag.py +12 -10
- credsweeper/ml_model/features/is_secret_numeric.py +5 -4
- credsweeper/ml_model/features/length_of_attribute.py +1 -1
- credsweeper/ml_model/features/morpheme_dense.py +15 -8
- credsweeper/ml_model/features/rule_name.py +2 -2
- credsweeper/ml_model/features/rule_severity.py +21 -0
- credsweeper/ml_model/features/search_in_attribute.py +1 -1
- credsweeper/ml_model/features/word_in.py +10 -33
- credsweeper/ml_model/features/word_in_path.py +6 -4
- credsweeper/ml_model/features/word_in_postamble.py +2 -5
- credsweeper/ml_model/features/word_in_preamble.py +2 -5
- credsweeper/ml_model/features/word_in_transition.py +2 -5
- credsweeper/ml_model/features/word_in_value.py +3 -4
- credsweeper/ml_model/features/word_in_variable.py +3 -4
- credsweeper/ml_model/ml_config.json +140 -27
- credsweeper/ml_model/ml_model.onnx +0 -0
- credsweeper/ml_model/ml_validator.py +4 -3
- credsweeper/rules/__init__.py +0 -1
- credsweeper/rules/config.yaml +329 -239
- credsweeper/rules/rule.py +4 -3
- credsweeper/scanner/__init__.py +0 -1
- credsweeper/scanner/scan_type/__init__.py +0 -5
- credsweeper/scanner/scan_type/multi_pattern.py +4 -4
- credsweeper/scanner/scan_type/pem_key_pattern.py +4 -4
- credsweeper/scanner/scan_type/scan_type.py +4 -4
- credsweeper/scanner/scan_type/single_pattern.py +4 -4
- credsweeper/scanner/scanner.py +24 -15
- credsweeper/secret/config.json +19 -6
- credsweeper/utils/__init__.py +0 -1
- credsweeper/utils/pem_key_detector.py +3 -3
- credsweeper/utils/util.py +24 -150
- {credsweeper-1.11.5.dist-info → credsweeper-1.13.3.dist-info}/METADATA +7 -7
- credsweeper-1.13.3.dist-info/RECORD +164 -0
- credsweeper/filters/value_couple_keyword_check.py +0 -26
- credsweeper-1.11.5.dist-info/RECORD +0 -159
- {credsweeper-1.11.5.dist-info → credsweeper-1.13.3.dist-info}/WHEEL +0 -0
- {credsweeper-1.11.5.dist-info → credsweeper-1.13.3.dist-info}/entry_points.txt +0 -0
- {credsweeper-1.11.5.dist-info → credsweeper-1.13.3.dist-info}/licenses/LICENSE +0 -0
|
@@ -1,10 +1,11 @@
|
|
|
1
1
|
import re
|
|
2
|
+
from typing import Optional
|
|
2
3
|
|
|
3
|
-
from credsweeper.common.constants import DEFAULT_PATTERN_LEN
|
|
4
|
-
from credsweeper.config import Config
|
|
5
|
-
from credsweeper.credentials import LineData
|
|
4
|
+
from credsweeper.common.constants import DEFAULT_PATTERN_LEN, MAX_LINE_LENGTH
|
|
5
|
+
from credsweeper.config.config import Config
|
|
6
|
+
from credsweeper.credentials.line_data import LineData
|
|
6
7
|
from credsweeper.file_handler.analysis_target import AnalysisTarget
|
|
7
|
-
from credsweeper.filters import Filter
|
|
8
|
+
from credsweeper.filters.filter import Filter
|
|
8
9
|
|
|
9
10
|
|
|
10
11
|
class ValuePatternCheck(Filter):
|
|
@@ -22,36 +23,60 @@ class ValuePatternCheck(Filter):
|
|
|
22
23
|
Default pattern LEN is 4
|
|
23
24
|
"""
|
|
24
25
|
|
|
25
|
-
|
|
26
|
+
MAX_PATTERN_LENGTH = int(MAX_LINE_LENGTH).bit_length()
|
|
27
|
+
|
|
28
|
+
def __init__(self, config: Optional[Config] = None, pattern_len: Optional[int] = None):
|
|
26
29
|
"""Create ValuePatternCheck with a specific pattern_len to check.
|
|
27
30
|
|
|
28
31
|
Args:
|
|
29
32
|
config: pattern len to use during check. DEFAULT_PATTERN_LEN by default
|
|
33
|
+
pattern_len: size of constant pattern length for any value size or None for dynamic pattern size
|
|
30
34
|
|
|
31
35
|
"""
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
36
|
+
patterns_count = 1 + ValuePatternCheck.MAX_PATTERN_LENGTH
|
|
37
|
+
if pattern_len is None:
|
|
38
|
+
self.pattern_len = -1
|
|
39
|
+
# pattern length depends on value length
|
|
40
|
+
self.pattern_lengths = [max(x, DEFAULT_PATTERN_LEN) for x in range(patterns_count)]
|
|
41
|
+
self.patterns = [ValuePatternCheck.get_pattern(x) for x in range(patterns_count)]
|
|
42
|
+
elif isinstance(pattern_len, int) and DEFAULT_PATTERN_LEN <= pattern_len:
|
|
43
|
+
self.pattern_len = pattern_len
|
|
44
|
+
# constant pattern for any value length
|
|
45
|
+
self.pattern_lengths = [pattern_len] * patterns_count
|
|
46
|
+
self.patterns = [ValuePatternCheck.get_pattern(pattern_len)] * patterns_count
|
|
47
|
+
else:
|
|
48
|
+
raise ValueError(f"Wrong type of pattern length {type(pattern_len)} = {repr(pattern_len)}")
|
|
49
|
+
|
|
50
|
+
@staticmethod
|
|
51
|
+
def get_pattern(pattern_len: int) -> re.Pattern:
|
|
52
|
+
"""Creates regex pattern to find N or more identical characters in sequence"""
|
|
53
|
+
if DEFAULT_PATTERN_LEN < pattern_len:
|
|
54
|
+
pattern = fr"(\S)\1{{{str(pattern_len - 1)},}}"
|
|
55
|
+
else:
|
|
56
|
+
pattern = r"(\S)\1{3,}"
|
|
57
|
+
return re.compile(pattern)
|
|
35
58
|
|
|
36
|
-
def equal_pattern_check(self, value: str) -> bool:
|
|
59
|
+
def equal_pattern_check(self, value: str, bit_length: int) -> bool:
|
|
37
60
|
"""Check if candidate value contain 4 and more same chars or numbers sequences.
|
|
38
61
|
|
|
39
62
|
Args:
|
|
40
63
|
value: string variable, credential candidate value
|
|
64
|
+
bit_length: speedup for len(value).bit_length()
|
|
41
65
|
|
|
42
66
|
Return:
|
|
43
67
|
True if contain and False if not
|
|
44
68
|
|
|
45
69
|
"""
|
|
46
|
-
if self.
|
|
70
|
+
if self.patterns[bit_length].findall(value):
|
|
47
71
|
return True
|
|
48
72
|
return False
|
|
49
73
|
|
|
50
|
-
def ascending_pattern_check(self, value: str) -> bool:
|
|
74
|
+
def ascending_pattern_check(self, value: str, bit_length: int) -> bool:
|
|
51
75
|
"""Check if candidate value contain 4 and more ascending chars or numbers sequences.
|
|
52
76
|
|
|
53
77
|
Arg:
|
|
54
78
|
value: credential candidate value
|
|
79
|
+
bit_length: speedup for len(value).bit_length()
|
|
55
80
|
|
|
56
81
|
Return:
|
|
57
82
|
True if contain and False if not
|
|
@@ -64,15 +89,16 @@ class ValuePatternCheck(Filter):
|
|
|
64
89
|
else:
|
|
65
90
|
count = 1
|
|
66
91
|
continue
|
|
67
|
-
if count == self.
|
|
92
|
+
if count == self.pattern_lengths[bit_length]:
|
|
68
93
|
return True
|
|
69
94
|
return False
|
|
70
95
|
|
|
71
|
-
def descending_pattern_check(self, value: str) -> bool:
|
|
96
|
+
def descending_pattern_check(self, value: str, bit_length: int) -> bool:
|
|
72
97
|
"""Check if candidate value contain 4 and more descending chars or numbers sequences.
|
|
73
98
|
|
|
74
99
|
Arg:
|
|
75
100
|
value: string variable, credential candidate value
|
|
101
|
+
bit_length: speedup for len(value).bit_length()
|
|
76
102
|
|
|
77
103
|
Return:
|
|
78
104
|
boolean variable. True if contain and False if not
|
|
@@ -85,59 +111,44 @@ class ValuePatternCheck(Filter):
|
|
|
85
111
|
else:
|
|
86
112
|
count = 1
|
|
87
113
|
continue
|
|
88
|
-
if count == self.
|
|
114
|
+
if count == self.pattern_lengths[bit_length]:
|
|
89
115
|
return True
|
|
90
116
|
return False
|
|
91
117
|
|
|
92
|
-
def check_val(self, value: str) -> bool:
|
|
118
|
+
def check_val(self, value: str, bit_length: int) -> bool:
|
|
93
119
|
"""Cumulative value check.
|
|
94
120
|
|
|
95
121
|
Arg:
|
|
96
122
|
value: string variable, credential candidate value
|
|
123
|
+
bit_length: speedup for len(value).bit_length()
|
|
97
124
|
|
|
98
125
|
Return:
|
|
99
126
|
boolean variable. True if contain and False if not
|
|
100
127
|
|
|
101
128
|
"""
|
|
102
|
-
if self.equal_pattern_check(value):
|
|
129
|
+
if self.equal_pattern_check(value, bit_length):
|
|
103
130
|
return True
|
|
104
|
-
if self.ascending_pattern_check(value):
|
|
131
|
+
if self.ascending_pattern_check(value, bit_length):
|
|
105
132
|
return True
|
|
106
|
-
if self.descending_pattern_check(value):
|
|
133
|
+
if self.descending_pattern_check(value, bit_length):
|
|
107
134
|
return True
|
|
108
135
|
return False
|
|
109
136
|
|
|
110
|
-
def duple_pattern_check(self, value: str) -> bool:
|
|
137
|
+
def duple_pattern_check(self, value: str, bit_length: int) -> bool:
|
|
111
138
|
"""Check if candidate value is a duplet value with possible patterns.
|
|
112
139
|
|
|
113
140
|
Arg:
|
|
114
141
|
value: string variable, credential candidate value
|
|
142
|
+
bit_length: speedup for len(value).bit_length()
|
|
115
143
|
|
|
116
144
|
Return:
|
|
117
145
|
boolean variable. True if contain and False if not
|
|
118
146
|
|
|
119
147
|
"""
|
|
120
|
-
# 001122334455... case
|
|
121
|
-
pair_duple = True
|
|
122
|
-
# 0102030405... case
|
|
123
|
-
even_duple = True
|
|
124
|
-
even_prev = value[0]
|
|
125
148
|
even_value = value[0::2]
|
|
126
|
-
# 1020304050... case
|
|
127
|
-
odd_duple = True
|
|
128
|
-
odd_prev = value[1]
|
|
129
149
|
odd_value = value[1::2]
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
even_duple &= even_i == even_prev
|
|
133
|
-
odd_duple &= odd_i == odd_prev
|
|
134
|
-
if not pair_duple and not even_duple and not odd_duple:
|
|
135
|
-
break
|
|
136
|
-
else:
|
|
137
|
-
if pair_duple or odd_duple:
|
|
138
|
-
return self.check_val(even_value)
|
|
139
|
-
if even_duple:
|
|
140
|
-
return self.check_val(odd_value)
|
|
150
|
+
if self.check_val(even_value, bit_length) and self.check_val(odd_value, bit_length):
|
|
151
|
+
return True
|
|
141
152
|
return False
|
|
142
153
|
|
|
143
154
|
def run(self, line_data: LineData, target: AnalysisTarget) -> bool:
|
|
@@ -151,13 +162,22 @@ class ValuePatternCheck(Filter):
|
|
|
151
162
|
boolean variable. True, if need to filter candidate and False if left
|
|
152
163
|
|
|
153
164
|
"""
|
|
154
|
-
|
|
165
|
+
value_length = len(line_data.value)
|
|
166
|
+
bit_length = max(DEFAULT_PATTERN_LEN, value_length.bit_length())
|
|
167
|
+
|
|
168
|
+
if ValuePatternCheck.MAX_PATTERN_LENGTH < bit_length:
|
|
169
|
+
# huge values may contain anything
|
|
170
|
+
return False
|
|
171
|
+
|
|
172
|
+
if 0 <= value_length < self.pattern_len or value_length < self.pattern_lengths[bit_length]:
|
|
173
|
+
# too short value
|
|
155
174
|
return True
|
|
156
175
|
|
|
157
|
-
if self.check_val(line_data.value):
|
|
176
|
+
if self.check_val(line_data.value, bit_length):
|
|
158
177
|
return True
|
|
159
178
|
|
|
160
|
-
if 2 * self.
|
|
179
|
+
if 2 * self.pattern_lengths[bit_length] <= value_length \
|
|
180
|
+
and self.duple_pattern_check(line_data.value, bit_length):
|
|
161
181
|
return True
|
|
162
182
|
|
|
163
183
|
return False
|
|
@@ -1,13 +1,15 @@
|
|
|
1
|
-
from
|
|
2
|
-
|
|
1
|
+
from typing import Optional
|
|
2
|
+
|
|
3
|
+
from credsweeper.config.config import Config
|
|
4
|
+
from credsweeper.credentials.line_data import LineData
|
|
3
5
|
from credsweeper.file_handler.analysis_target import AnalysisTarget
|
|
4
|
-
from credsweeper.filters import Filter
|
|
6
|
+
from credsweeper.filters.filter import Filter
|
|
5
7
|
|
|
6
8
|
|
|
7
9
|
class ValueSimilarityCheck(Filter):
|
|
8
10
|
"""Check if candidate value is at least 70% same as candidate keyword. Like: `secret = "mysecret"`."""
|
|
9
11
|
|
|
10
|
-
def __init__(self, config: Config = None) -> None:
|
|
12
|
+
def __init__(self, config: Optional[Config] = None) -> None:
|
|
11
13
|
pass
|
|
12
14
|
|
|
13
15
|
def run(self, line_data: LineData, target: AnalysisTarget) -> bool:
|
|
@@ -1,16 +1,17 @@
|
|
|
1
|
+
from typing import Optional
|
|
1
2
|
from typing import Union
|
|
2
3
|
|
|
3
4
|
from credsweeper.common import static_keyword_checklist
|
|
4
|
-
from credsweeper.config import Config
|
|
5
|
-
from credsweeper.credentials import LineData
|
|
5
|
+
from credsweeper.config.config import Config
|
|
6
|
+
from credsweeper.credentials.line_data import LineData
|
|
6
7
|
from credsweeper.file_handler.analysis_target import AnalysisTarget
|
|
7
|
-
from credsweeper.filters import Filter
|
|
8
|
+
from credsweeper.filters.filter import Filter
|
|
8
9
|
|
|
9
10
|
|
|
10
11
|
class ValueSplitKeywordCheck(Filter):
|
|
11
12
|
"""Check value by splitting with standard whitespace separators and any word is not matched in checklist."""
|
|
12
13
|
|
|
13
|
-
def __init__(self, config: Config = None) -> None:
|
|
14
|
+
def __init__(self, config: Optional[Config] = None) -> None:
|
|
14
15
|
pass
|
|
15
16
|
|
|
16
17
|
def run(self, line_data: LineData, target: AnalysisTarget) -> bool:
|
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
import re
|
|
2
|
+
from typing import Optional
|
|
2
3
|
|
|
3
|
-
from credsweeper.config import Config
|
|
4
|
-
from credsweeper.credentials import LineData
|
|
4
|
+
from credsweeper.config.config import Config
|
|
5
|
+
from credsweeper.credentials.line_data import LineData
|
|
5
6
|
from credsweeper.file_handler.analysis_target import AnalysisTarget
|
|
6
|
-
from credsweeper.filters import Filter
|
|
7
|
+
from credsweeper.filters.filter import Filter
|
|
7
8
|
|
|
8
9
|
|
|
9
10
|
class ValueStringTypeCheck(Filter):
|
|
@@ -23,10 +24,11 @@ class ValueStringTypeCheck(Filter):
|
|
|
23
24
|
False otherwise
|
|
24
25
|
"""
|
|
25
26
|
|
|
26
|
-
MULTIBYTE_PATTERN = re.compile(r"(
|
|
27
|
+
MULTIBYTE_PATTERN = re.compile(r"((0x)?[0-9a-f]{1,16}[UL]*)(\s*,\s*((0x)?[0-9a-f]{1,16}[UL]*)){3}",
|
|
28
|
+
flags=re.IGNORECASE)
|
|
27
29
|
|
|
28
|
-
def __init__(self, config: Config) -> None:
|
|
29
|
-
self.check_for_literals =
|
|
30
|
+
def __init__(self, config: Optional[Config] = None, check_for_literals=True) -> None:
|
|
31
|
+
self.check_for_literals = check_for_literals
|
|
30
32
|
|
|
31
33
|
def run(self, line_data: LineData, target: AnalysisTarget) -> bool:
|
|
32
34
|
"""Run filter checks on received credential candidate data 'line_data'.
|
|
@@ -42,13 +44,14 @@ class ValueStringTypeCheck(Filter):
|
|
|
42
44
|
if not self.check_for_literals or line_data.url_part:
|
|
43
45
|
return False
|
|
44
46
|
|
|
45
|
-
if ValueStringTypeCheck.MULTIBYTE_PATTERN.
|
|
47
|
+
if ValueStringTypeCheck.MULTIBYTE_PATTERN.search(line_data.value):
|
|
46
48
|
return False
|
|
47
49
|
|
|
48
50
|
if line_data.is_source_file_with_quotes() \
|
|
49
51
|
and not line_data.is_comment() \
|
|
50
52
|
and not line_data.is_well_quoted_value \
|
|
51
53
|
and not line_data.is_quoted \
|
|
54
|
+
and not '0' <= line_data.value[0] <= '9' \
|
|
52
55
|
and line_data.separator and '=' in line_data.separator:
|
|
53
56
|
# heterogeneous code e.g. YAML in Python uses colon sign instead equals
|
|
54
57
|
return True
|
|
@@ -1,11 +1,12 @@
|
|
|
1
1
|
import contextlib
|
|
2
2
|
from abc import abstractmethod
|
|
3
|
+
from typing import Optional
|
|
3
4
|
from typing import Tuple
|
|
4
5
|
|
|
5
|
-
from credsweeper.config import Config
|
|
6
|
-
from credsweeper.credentials import LineData
|
|
6
|
+
from credsweeper.config.config import Config
|
|
7
|
+
from credsweeper.credentials.line_data import LineData
|
|
7
8
|
from credsweeper.file_handler.analysis_target import AnalysisTarget
|
|
8
|
-
from credsweeper.filters import Filter
|
|
9
|
+
from credsweeper.filters.filter import Filter
|
|
9
10
|
from credsweeper.utils.hop_stat import HopStat
|
|
10
11
|
|
|
11
12
|
|
|
@@ -26,7 +27,7 @@ class ValueTokenBaseCheck(Filter):
|
|
|
26
27
|
64: 2.15981241,
|
|
27
28
|
}
|
|
28
29
|
|
|
29
|
-
def __init__(self, config: Config = None) -> None:
|
|
30
|
+
def __init__(self, config: Optional[Config] = None) -> None:
|
|
30
31
|
self.__hop_stat = HopStat()
|
|
31
32
|
|
|
32
33
|
@staticmethod
|
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
import re
|
|
2
|
+
from typing import Optional
|
|
2
3
|
|
|
3
|
-
from credsweeper.config import Config
|
|
4
|
-
from credsweeper.credentials import LineData
|
|
4
|
+
from credsweeper.config.config import Config
|
|
5
|
+
from credsweeper.credentials.line_data import LineData
|
|
5
6
|
from credsweeper.file_handler.analysis_target import AnalysisTarget
|
|
6
|
-
from credsweeper.filters import Filter
|
|
7
|
+
from credsweeper.filters.filter import Filter
|
|
7
8
|
|
|
8
9
|
|
|
9
10
|
class ValueTokenCheck(Filter):
|
|
@@ -17,9 +18,9 @@ class ValueTokenCheck(Filter):
|
|
|
17
18
|
|
|
18
19
|
"""
|
|
19
20
|
|
|
20
|
-
SPLIT_PATTERN = r"(
|
|
21
|
+
SPLIT_PATTERN = re.compile(r"(?<!\W) (?!\W)|[;(){}<>[\]`]")
|
|
21
22
|
|
|
22
|
-
def __init__(self, config: Config = None) -> None:
|
|
23
|
+
def __init__(self, config: Optional[Config] = None) -> None:
|
|
23
24
|
pass
|
|
24
25
|
|
|
25
26
|
def run(self, line_data: LineData, target: AnalysisTarget) -> bool:
|
credsweeper/logger/__init__.py
CHANGED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
from credsweeper.logger.logger import Logger
|
credsweeper/logger/logger.py
CHANGED
credsweeper/ml_model/__init__.py
CHANGED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
from credsweeper.ml_model.ml_validator import MlValidator
|
|
@@ -5,6 +5,7 @@ from credsweeper.ml_model.features.is_secret_numeric import IsSecretNumeric
|
|
|
5
5
|
from credsweeper.ml_model.features.length_of_attribute import LengthOfAttribute
|
|
6
6
|
from credsweeper.ml_model.features.morpheme_dense import MorphemeDense
|
|
7
7
|
from credsweeper.ml_model.features.rule_name import RuleName
|
|
8
|
+
from credsweeper.ml_model.features.rule_severity import RuleSeverity
|
|
8
9
|
from credsweeper.ml_model.features.search_in_attribute import SearchInAttribute
|
|
9
10
|
from credsweeper.ml_model.features.word_in_path import WordInPath
|
|
10
11
|
from credsweeper.ml_model.features.word_in_postamble import WordInPostamble
|
|
@@ -4,7 +4,7 @@ from typing import Dict, List, Set
|
|
|
4
4
|
import numpy as np
|
|
5
5
|
|
|
6
6
|
from credsweeper.common.constants import Chars, ML_HUNK
|
|
7
|
-
from credsweeper.credentials import Candidate
|
|
7
|
+
from credsweeper.credentials.candidate import Candidate
|
|
8
8
|
from credsweeper.file_handler.data_content_provider import MIN_DATA_LEN
|
|
9
9
|
from credsweeper.ml_model.features.feature import Feature
|
|
10
10
|
|
|
@@ -3,14 +3,14 @@ from typing import List, Any
|
|
|
3
3
|
|
|
4
4
|
import numpy as np
|
|
5
5
|
|
|
6
|
-
from credsweeper.credentials import Candidate
|
|
6
|
+
from credsweeper.credentials.candidate import Candidate
|
|
7
7
|
|
|
8
8
|
|
|
9
9
|
class Feature(ABC):
|
|
10
10
|
"""Base class for features."""
|
|
11
11
|
|
|
12
12
|
def __init__(self):
|
|
13
|
-
|
|
13
|
+
pass
|
|
14
14
|
|
|
15
15
|
def __call__(self, candidates: List[Candidate]) -> np.ndarray:
|
|
16
16
|
"""Call base class for features.
|
|
@@ -25,20 +25,3 @@ class Feature(ABC):
|
|
|
25
25
|
def extract(self, candidate: Candidate) -> Any:
|
|
26
26
|
"""Abstract method of base class"""
|
|
27
27
|
raise NotImplementedError
|
|
28
|
-
|
|
29
|
-
@property
|
|
30
|
-
def words(self) -> List[str]:
|
|
31
|
-
"""getter"""
|
|
32
|
-
return self.__words
|
|
33
|
-
|
|
34
|
-
@words.setter
|
|
35
|
-
def words(self, words: List[str]) -> None:
|
|
36
|
-
"""setter"""
|
|
37
|
-
self.__words = words
|
|
38
|
-
|
|
39
|
-
def any_word_in_(self, a_string: str) -> bool:
|
|
40
|
-
"""Returns true if any words in a string"""
|
|
41
|
-
for i in self.words:
|
|
42
|
-
if i in a_string:
|
|
43
|
-
return True
|
|
44
|
-
return False
|
|
@@ -2,7 +2,7 @@ from typing import List, Any
|
|
|
2
2
|
|
|
3
3
|
import numpy as np
|
|
4
4
|
|
|
5
|
-
from credsweeper.credentials import Candidate
|
|
5
|
+
from credsweeper.credentials.candidate import Candidate
|
|
6
6
|
from credsweeper.ml_model.features.word_in import WordIn
|
|
7
7
|
|
|
8
8
|
|
|
@@ -19,7 +19,7 @@ class FileExtension(WordIn):
|
|
|
19
19
|
|
|
20
20
|
def __call__(self, candidates: List[Candidate]) -> np.ndarray:
|
|
21
21
|
extension_set = set(candidate.line_data_list[0].file_type.lower() for candidate in candidates)
|
|
22
|
-
return self.
|
|
22
|
+
return self.word_in_(extension_set)
|
|
23
23
|
|
|
24
24
|
def extract(self, candidate: Candidate) -> Any:
|
|
25
25
|
raise NotImplementedError
|
|
@@ -1,17 +1,18 @@
|
|
|
1
1
|
from credsweeper.common.constants import CHUNK_SIZE
|
|
2
|
-
from credsweeper.credentials import Candidate
|
|
3
|
-
from credsweeper.ml_model.features.
|
|
4
|
-
from credsweeper.utils import Util
|
|
2
|
+
from credsweeper.credentials.candidate import Candidate
|
|
3
|
+
from credsweeper.ml_model.features.word_in import WordIn
|
|
4
|
+
from credsweeper.utils.util import Util
|
|
5
5
|
|
|
6
6
|
|
|
7
|
-
class HasHtmlTag(
|
|
7
|
+
class HasHtmlTag(WordIn):
|
|
8
8
|
"""Feature is true if line has HTML tags (HTML file)."""
|
|
9
9
|
|
|
10
|
+
HTML_WORDS = [
|
|
11
|
+
'< img', '<img', '< script', '<script', '< p', '<p', '< link', '<link', '< meta', '<meta', '< a', '<a'
|
|
12
|
+
]
|
|
13
|
+
|
|
10
14
|
def __init__(self) -> None:
|
|
11
|
-
super().__init__()
|
|
12
|
-
self.words = [
|
|
13
|
-
'< img', '<img', '< script', '<script', '< p', '<p', '< link', '<link', '< meta', '<meta', '< a', '<a'
|
|
14
|
-
]
|
|
15
|
+
super().__init__(HasHtmlTag.HTML_WORDS)
|
|
15
16
|
|
|
16
17
|
def extract(self, candidate: Candidate) -> bool:
|
|
17
18
|
subtext = Util.subtext(candidate.line_data_list[0].line, candidate.line_data_list[0].value_start, CHUNK_SIZE)
|
|
@@ -19,8 +20,9 @@ class HasHtmlTag(Feature):
|
|
|
19
20
|
if '<' not in candidate_line_data_list_0_line_lower:
|
|
20
21
|
# early check
|
|
21
22
|
return False
|
|
22
|
-
|
|
23
|
-
|
|
23
|
+
for i in self.words:
|
|
24
|
+
if i in candidate_line_data_list_0_line_lower:
|
|
25
|
+
return True
|
|
24
26
|
if "/>" in candidate_line_data_list_0_line_lower or "</" in candidate_line_data_list_0_line_lower:
|
|
25
27
|
# possible closed tag
|
|
26
28
|
return True
|
|
@@ -1,4 +1,6 @@
|
|
|
1
|
-
|
|
1
|
+
import contextlib
|
|
2
|
+
|
|
3
|
+
from credsweeper.credentials.candidate import Candidate
|
|
2
4
|
from credsweeper.ml_model.features.feature import Feature
|
|
3
5
|
|
|
4
6
|
|
|
@@ -6,8 +8,7 @@ class IsSecretNumeric(Feature):
|
|
|
6
8
|
"""Feature is true if candidate value is a numerical value."""
|
|
7
9
|
|
|
8
10
|
def extract(self, candidate: Candidate) -> bool:
|
|
9
|
-
|
|
11
|
+
with contextlib.suppress(ValueError):
|
|
10
12
|
float(candidate.line_data_list[0].value)
|
|
11
13
|
return True
|
|
12
|
-
|
|
13
|
-
return False
|
|
14
|
+
return False
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
from credsweeper.common import static_keyword_checklist
|
|
2
|
-
from credsweeper.credentials import Candidate
|
|
2
|
+
from credsweeper.credentials.candidate import Candidate
|
|
3
3
|
from credsweeper.ml_model.features.feature import Feature
|
|
4
4
|
|
|
5
5
|
|
|
@@ -7,13 +7,20 @@ class MorphemeDense(Feature):
|
|
|
7
7
|
"""Feature calculates morphemes density for a value"""
|
|
8
8
|
|
|
9
9
|
def extract(self, candidate: Candidate) -> float:
|
|
10
|
+
density = 0.0
|
|
10
11
|
if value := candidate.line_data_list[0].value.lower():
|
|
11
|
-
|
|
12
|
+
morphemes_length = 0
|
|
12
13
|
for morpheme in static_keyword_checklist.morpheme_set:
|
|
13
|
-
|
|
14
|
-
|
|
14
|
+
morpheme_pos = value.find(morpheme)
|
|
15
|
+
if 0 <= morpheme_pos:
|
|
16
|
+
morpheme_len = len(morpheme)
|
|
17
|
+
while 0 <= morpheme_pos:
|
|
18
|
+
morphemes_length += morpheme_len
|
|
19
|
+
morpheme_pos += morpheme_len
|
|
20
|
+
morpheme_pos = value.find(morpheme, morpheme_pos)
|
|
15
21
|
# normalization: minimal morpheme length is 3
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
22
|
+
density = morphemes_length / len(value)
|
|
23
|
+
if 1.0 < density:
|
|
24
|
+
# overlap morpheme case
|
|
25
|
+
density = 1.0
|
|
26
|
+
return density
|
|
@@ -2,7 +2,7 @@ from typing import List, Any
|
|
|
2
2
|
|
|
3
3
|
import numpy as np
|
|
4
4
|
|
|
5
|
-
from credsweeper.credentials import Candidate
|
|
5
|
+
from credsweeper.credentials.candidate import Candidate
|
|
6
6
|
from credsweeper.ml_model.features.word_in import WordIn
|
|
7
7
|
|
|
8
8
|
|
|
@@ -19,7 +19,7 @@ class RuleName(WordIn):
|
|
|
19
19
|
|
|
20
20
|
def __call__(self, candidates: List[Candidate]) -> np.ndarray:
|
|
21
21
|
candidate_rule_set = set(x.rule_name for x in candidates)
|
|
22
|
-
return self.
|
|
22
|
+
return self.word_in_(candidate_rule_set)
|
|
23
23
|
|
|
24
24
|
def extract(self, candidate: Candidate) -> Any:
|
|
25
25
|
raise NotImplementedError
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
from credsweeper.common.constants import Severity
|
|
2
|
+
from credsweeper.credentials.candidate import Candidate
|
|
3
|
+
from credsweeper.ml_model.features.feature import Feature
|
|
4
|
+
|
|
5
|
+
|
|
6
|
+
class RuleSeverity(Feature):
|
|
7
|
+
"""Categorical feature that corresponds to rule name."""
|
|
8
|
+
|
|
9
|
+
def extract(self, candidate: Candidate) -> float:
|
|
10
|
+
if Severity.CRITICAL == candidate.severity:
|
|
11
|
+
return 1.0
|
|
12
|
+
elif Severity.HIGH == candidate.severity:
|
|
13
|
+
return 0.75
|
|
14
|
+
elif Severity.MEDIUM == candidate.severity:
|
|
15
|
+
return 0.5
|
|
16
|
+
elif Severity.LOW == candidate.severity:
|
|
17
|
+
return 0.25
|
|
18
|
+
elif Severity.INFO == candidate.severity:
|
|
19
|
+
return 0.0
|
|
20
|
+
else:
|
|
21
|
+
raise ValueError(f"Unknown type of severity: {candidate.severity}")
|
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
from abc import abstractmethod
|
|
2
|
-
from typing import List, Any,
|
|
2
|
+
from typing import List, Any, Set, Union
|
|
3
3
|
|
|
4
4
|
import numpy as np
|
|
5
5
|
|
|
6
|
-
from credsweeper.credentials import Candidate
|
|
6
|
+
from credsweeper.credentials.candidate import Candidate
|
|
7
7
|
from credsweeper.ml_model.features.feature import Feature
|
|
8
8
|
|
|
9
9
|
|
|
@@ -18,42 +18,19 @@ class WordIn(Feature):
|
|
|
18
18
|
if len(self.enumerated_words) != self.dimension:
|
|
19
19
|
raise RuntimeError(f"Check duplicates:{words}")
|
|
20
20
|
|
|
21
|
-
@property
|
|
22
|
-
def enumerated_words(self) -> List[Tuple[int, str]]:
|
|
23
|
-
"""getter for speedup"""
|
|
24
|
-
return self.__enumerated_words
|
|
25
|
-
|
|
26
|
-
@enumerated_words.setter
|
|
27
|
-
def enumerated_words(self, enumerated_words: List[Tuple[int, str]]) -> None:
|
|
28
|
-
"""setter for speedup"""
|
|
29
|
-
self.__enumerated_words = enumerated_words
|
|
30
|
-
|
|
31
|
-
@property
|
|
32
|
-
def dimension(self) -> int:
|
|
33
|
-
"""getter"""
|
|
34
|
-
return self.__dimension
|
|
35
|
-
|
|
36
|
-
@dimension.setter
|
|
37
|
-
def dimension(self, dimension: int) -> None:
|
|
38
|
-
"""setter"""
|
|
39
|
-
self.__dimension = dimension
|
|
40
|
-
|
|
41
21
|
@abstractmethod
|
|
42
22
|
def extract(self, candidate: Candidate) -> Any:
|
|
43
23
|
raise NotImplementedError
|
|
44
24
|
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
if word in a_string:
|
|
50
|
-
result[i] = 1
|
|
51
|
-
return np.array([result])
|
|
25
|
+
@property
|
|
26
|
+
def zero(self) -> np.ndarray:
|
|
27
|
+
"""Returns zero filled array for case of empty input"""
|
|
28
|
+
return np.zeros(shape=[self.dimension], dtype=np.int8)
|
|
52
29
|
|
|
53
|
-
def
|
|
54
|
-
"""Returns array with words
|
|
55
|
-
result: np.ndarray =
|
|
30
|
+
def word_in_(self, iterable_data: Union[str, List[str], Set[str]]) -> np.ndarray:
|
|
31
|
+
"""Returns array with words included in a string"""
|
|
32
|
+
result: np.ndarray = self.zero
|
|
56
33
|
for i, word in self.enumerated_words:
|
|
57
|
-
if word in
|
|
34
|
+
if word in iterable_data:
|
|
58
35
|
result[i] = 1
|
|
59
36
|
return np.array([result])
|