From 2b320cc009ab42dada7c0bcbfc35eb229a5815bc Mon Sep 17 00:00:00 2001 From: "Baruch Odem (Rothkoff)" Date: Thu, 21 Mar 2024 13:15:51 +0200 Subject: [PATCH] fix: unstabe rules and false positives in auth URL (#227) Related: #226 --- docs/list-of-rules.md | 2 -- engine/rules/authenticated_url.go | 5 ++++- engine/rules/rules.go | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/docs/list-of-rules.md b/docs/list-of-rules.md index bb346fd5..eeffddad 100644 --- a/docs/list-of-rules.md +++ b/docs/list-of-rules.md @@ -126,7 +126,6 @@ Here is a complete list of all the rules that are currently implemented. | rapidapi-access-token | Uncovered a RapidAPI Access Token, which could lead to unauthorized access to various APIs and data services. | access-token | | | readme-api-token | Detected a Readme API token, risking unauthorized documentation management and content exposure. | api-token | | | rubygems-api-token | Identified a Rubygem API token, potentially compromising Ruby library distribution and package management. | api-token | | -| scalingo-api-token | Found a Scalingo API token, posing a risk to cloud platform services and application deployment security. | api-token | | | sendbird-access-id | Discovered a Sendbird Access ID, which could compromise chat and messaging platform integrations. | access-id | | | sendbird-access-token | Uncovered a Sendbird Access Token, potentially risking unauthorized access to communication services and user data. | access-token | | | sendgrid-api-token | Detected a SendGrid API token, posing a risk of unauthorized email service operations and data exposure. | api-token | | @@ -151,7 +150,6 @@ Here is a complete list of all the rules that are currently implemented. | stripe-access-token | Found a Stripe Access Token, posing a risk to payment processing services and sensitive financial data. | access-token | | | square-access-token | Detected a Square Access Token, risking unauthorized payment processing and financial transaction exposure. | access-token | | | squarespace-access-token | Identified a Squarespace Access Token, which may compromise website management and content control on Squarespace. | access-token | | -| sumologic-access-id | Discovered a SumoLogic Access ID, potentially compromising log management services and data analytics integrity. | access-id | | | sumologic-access-token | Uncovered a SumoLogic Access Token, which could lead to unauthorized access to log data and analytics insights. | access-token | | | snyk-api-token | Uncovered a Snyk API token, potentially compromising software vulnerability scanning and code security. | api-key | | | microsoft-teams-webhook | Uncovered a Microsoft Teams Webhook, which could lead to unauthorized access to team collaboration tools and data leaks. | webhook | | diff --git a/engine/rules/authenticated_url.go b/engine/rules/authenticated_url.go index 999533f1..db703c45 100644 --- a/engine/rules/authenticated_url.go +++ b/engine/rules/authenticated_url.go @@ -7,7 +7,7 @@ import ( ) func AuthenticatedURL() *config.Rule { - regex, _ := regexp.Compile(`:\/\/(.+:.+)?@`) + regex, _ := regexp.Compile(`:\/\/(\w+:\S+)?@\S+\.\S+`) rule := config.Rule{ Description: "Identify username:password inside URLS", RuleID: "authenticated-url", @@ -25,6 +25,9 @@ func AuthenticatedURL() *config.Rule { fPositives := []string{ "https://google.com", "https://google.com?user=abc&password=123", + `Follow on Threads`, + `my [Linkedin](https://www.linkedin.com/in/rodriguesjeffdev/) or email: rodriguesjeff.dev@gmail.com`, + `[![Gmail Badge](https://img.shields.io/badge/-VaibhavHariramani-d54b3d?style=flat-circle&labelColor=d54b3d&logo=gmail&logoColor=white&link=mailto:vaibhav.hariramani01@gmail.com)](mailto:vaibhav.hariramani01@gmail.com)`, } return validate(rule, tPositives, fPositives) diff --git a/engine/rules/rules.go b/engine/rules/rules.go index 5e360696..a12178d1 100644 --- a/engine/rules/rules.go +++ b/engine/rules/rules.go @@ -175,7 +175,7 @@ func getDefaultRules() *[]Rule { {Rule: *rules.StripeAccessToken(), Tags: []string{TagAccessToken}}, {Rule: *rules.SquareAccessToken(), Tags: []string{TagAccessToken}}, {Rule: *rules.SquareSpaceAccessToken(), Tags: []string{TagAccessToken}}, - {Rule: *rules.SumoLogicAccessID(), Tags: []string{TagAccessId}}, + // {Rule: *rules.SumoLogicAccessID(), Tags: []string{TagAccessId}}, https://github.com/Checkmarx/2ms/issues/226 {Rule: *rules.SumoLogicAccessToken(), Tags: []string{TagAccessToken}}, {Rule: *rules.Snyk(), Tags: []string{TagApiKey}}, {Rule: *rules.TeamsWebhook(), Tags: []string{TagWebhook}},