Skip to content

Commit

Permalink
fix: unstabe rules and false positives in auth URL (#227)
Browse files Browse the repository at this point in the history
Related: #226
  • Loading branch information
Baruch Odem (Rothkoff) authored Mar 21, 2024
1 parent 364b65c commit 2b320cc
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 4 deletions.
2 changes: 0 additions & 2 deletions docs/list-of-rules.md
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,6 @@ Here is a complete list of all the rules that are currently implemented.
| rapidapi-access-token | Uncovered a RapidAPI Access Token, which could lead to unauthorized access to various APIs and data services. | access-token | |
| readme-api-token | Detected a Readme API token, risking unauthorized documentation management and content exposure. | api-token | |
| rubygems-api-token | Identified a Rubygem API token, potentially compromising Ruby library distribution and package management. | api-token | |
| scalingo-api-token | Found a Scalingo API token, posing a risk to cloud platform services and application deployment security. | api-token | |
| sendbird-access-id | Discovered a Sendbird Access ID, which could compromise chat and messaging platform integrations. | access-id | |
| sendbird-access-token | Uncovered a Sendbird Access Token, potentially risking unauthorized access to communication services and user data. | access-token | |
| sendgrid-api-token | Detected a SendGrid API token, posing a risk of unauthorized email service operations and data exposure. | api-token | |
Expand All @@ -151,7 +150,6 @@ Here is a complete list of all the rules that are currently implemented.
| stripe-access-token | Found a Stripe Access Token, posing a risk to payment processing services and sensitive financial data. | access-token | |
| square-access-token | Detected a Square Access Token, risking unauthorized payment processing and financial transaction exposure. | access-token | |
| squarespace-access-token | Identified a Squarespace Access Token, which may compromise website management and content control on Squarespace. | access-token | |
| sumologic-access-id | Discovered a SumoLogic Access ID, potentially compromising log management services and data analytics integrity. | access-id | |
| sumologic-access-token | Uncovered a SumoLogic Access Token, which could lead to unauthorized access to log data and analytics insights. | access-token | |
| snyk-api-token | Uncovered a Snyk API token, potentially compromising software vulnerability scanning and code security. | api-key | |
| microsoft-teams-webhook | Uncovered a Microsoft Teams Webhook, which could lead to unauthorized access to team collaboration tools and data leaks. | webhook | |
Expand Down
5 changes: 4 additions & 1 deletion engine/rules/authenticated_url.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ import (
)

func AuthenticatedURL() *config.Rule {
regex, _ := regexp.Compile(`:\/\/(.+:.+)?@`)
regex, _ := regexp.Compile(`:\/\/(\w+:\S+)?@\S+\.\S+`)
rule := config.Rule{
Description: "Identify username:password inside URLS",
RuleID: "authenticated-url",
Expand All @@ -25,6 +25,9 @@ func AuthenticatedURL() *config.Rule {
fPositives := []string{
"https://google.com",
"https://google.com?user=abc&password=123",
`<img src="https://img.shields.io/static/v1?label=Threads&message=Follow&color=101010&link=https://threads.net/@mathrunet" alt="Follow on Threads" />`,
`my [Linkedin](https://www.linkedin.com/in/rodriguesjeffdev/) or email: [email protected]`,
`[![Gmail Badge](https://img.shields.io/badge/-VaibhavHariramani-d54b3d?style=flat-circle&labelColor=d54b3d&logo=gmail&logoColor=white&link=mailto:[email protected])](mailto:[email protected])`,
}

return validate(rule, tPositives, fPositives)
Expand Down
2 changes: 1 addition & 1 deletion engine/rules/rules.go
Original file line number Diff line number Diff line change
Expand Up @@ -175,7 +175,7 @@ func getDefaultRules() *[]Rule {
{Rule: *rules.StripeAccessToken(), Tags: []string{TagAccessToken}},
{Rule: *rules.SquareAccessToken(), Tags: []string{TagAccessToken}},
{Rule: *rules.SquareSpaceAccessToken(), Tags: []string{TagAccessToken}},
{Rule: *rules.SumoLogicAccessID(), Tags: []string{TagAccessId}},
// {Rule: *rules.SumoLogicAccessID(), Tags: []string{TagAccessId}}, https://github.com/Checkmarx/2ms/issues/226
{Rule: *rules.SumoLogicAccessToken(), Tags: []string{TagAccessToken}},
{Rule: *rules.Snyk(), Tags: []string{TagApiKey}},
{Rule: *rules.TeamsWebhook(), Tags: []string{TagWebhook}},
Expand Down

0 comments on commit 2b320cc

Please sign in to comment.