Update regexChecks.py #70
Conversation
|
I've merged the new ones, thanks for the additions. The ['|"] part ensures that the secret is rapped in quotes. This is to improve signal. A simple example with one of your newer ones, a github URL would likely flag on [g|G][i|I][t|T][h|H][u|U][b|B].*[0-9a-zA-Z]{35,40} such as: To prevent this URL from flagging, we ensure only secrets wrapped in quotes will flag. This means we'll miss out on some real secrets, but we increase our signal to noise ratio in doing so. |
|
thanks for the explanation on the ['|"] part. I dont see secrets wrapped in "" too frequently myself. All the ones in that fake repo are ones i found on github or pastebin and they werent matching. I appreciate the merge of the others! |
|
If you can find another way to catch those secrets without increasing noise too much, I'll merge it. Maybe make sure the string is wrapped by an equals or a colon on the left and a newline on the right? |
|
cool. if i find a better way i'll do a PR / issue / or an email. thanks! |
) Bumps [github.com/aws/aws-sdk-go-v2/service/sts](https://github.com/aws/aws-sdk-go-v2) from 1.15.0 to 1.16.0. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md) - [Commits](aws/aws-sdk-go-v2@v1.15.0...service/s3/v1.16.0) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/sts dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
added a few regex additions. The ones with *['|"] weren't working for me but i didnt remove them i just created some additional ones that did work for me
i created a repo with fake secrets to test
https://github.com/carnal0wnage/fake_commited_secrets