Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-11-10 07:04:24 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update Azure secretPatFmt

Browse source 
We had a secret leak through and looks like the existing detector doesn't match Azure docs:

https://learn.microsoft.com/en-us/purview/sit-defn-client-secret-api-key

This changed regex should match what is found in the above docs:

A combination of 24 characters consisting of letters, digits, and special characters.

or

A combination of 32 characters consisting of letters and digits.

or

A combination of 40 characters consisting of letters and digits.

or

A combination of 44 characters consisting of letters, digits, and special characters.

or

A combination of 56 characters consisting of letters, digits, and special characters

or

A combination of 88 characters consisting of letters, digits, and special characters.
This commit is contained in:
Nate 2024-07-02 20:34:16 +02:00 committed by GitHub
parent b883645856
commit 88c24b25c5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pkg/detectors/azure/azure.go
View file

@ -33,7 +33,7 @@ var (
tenantIDPat = mustFmtPat("tenant_id", idPatFmt)
// TODO: support old patterns
secretPatFmt = `(?i)(%s).{0,20}([a-z0-9_\.\-~]{34})`
secretPatFmt = `(?i)(%s)[:=]?\s*([\w\-~]{24}|[\w]{32}|[\w]{40}|[\w\-~]{44}|[\w\-~]{56}|[\w\-~]{88})`
clientSecretPat = mustFmtPat("client_secret", secretPatFmt)
)