mirror of
https://github.com/trufflesecurity/trufflehog.git
synced 2024-09-20 14:42:03 +00:00
Update sqlserver redaction, deduplication, and URI redaction (#1369)
* Update sqlserver redaction, deduplication, and URI redaction * don't use pointer
This commit is contained in:
parent
c28c70b399
commit
ca1947291b
4 changed files with 16 additions and 6 deletions
|
@ -2,6 +2,7 @@ package detectors
|
|||
|
||||
import (
|
||||
"context"
|
||||
"net/url"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"runtime"
|
||||
|
@ -153,3 +154,8 @@ func MustGetBenchmarkData() map[string][]byte {
|
|||
"big": big,
|
||||
}
|
||||
}
|
||||
|
||||
func RedactURL(u url.URL) string {
|
||||
u.User = url.UserPassword(u.User.Username(), "********")
|
||||
return strings.TrimSpace(strings.Replace(u.String(), "%2A", "*", -1))
|
||||
}
|
||||
|
|
|
@ -31,22 +31,24 @@ func (s Scanner) Keywords() []string {
|
|||
func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (results []detectors.Result, err error) {
|
||||
matches := pattern.FindAllStringSubmatch(string(data), -1)
|
||||
for _, match := range matches {
|
||||
params, _, err := msdsn.Parse(match[1])
|
||||
paramsUnsafe, _, err := msdsn.Parse(match[1])
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
|
||||
if params.Password == "" {
|
||||
if paramsUnsafe.Password == "" {
|
||||
continue
|
||||
}
|
||||
|
||||
detected := detectors.Result{
|
||||
DetectorType: detectorspb.DetectorType_SQLServer,
|
||||
Raw: []byte(params.Password),
|
||||
Raw: []byte(paramsUnsafe.Password),
|
||||
RawV2: []byte(paramsUnsafe.URL().String()),
|
||||
Redacted: detectors.RedactURL(*paramsUnsafe.URL()),
|
||||
}
|
||||
|
||||
if verify {
|
||||
verified, err := ping(params)
|
||||
verified, err := ping(paramsUnsafe)
|
||||
if err != nil {
|
||||
} else {
|
||||
detected.Verified = verified
|
||||
|
|
|
@ -45,6 +45,7 @@ func TestSQLServer_FromChunk(t *testing.T) {
|
|||
want: []detectors.Result{
|
||||
{
|
||||
DetectorType: detectorspb.DetectorType_SQLServer,
|
||||
Redacted: "sqlserver://sa:********@localhost?database=Demo&disableRetry=false",
|
||||
Verified: true,
|
||||
},
|
||||
},
|
||||
|
@ -66,6 +67,7 @@ func TestSQLServer_FromChunk(t *testing.T) {
|
|||
want: []detectors.Result{
|
||||
{
|
||||
DetectorType: detectorspb.DetectorType_SQLServer,
|
||||
Redacted: "sqlserver://sa:********@localhost?disableRetry=false",
|
||||
Verified: false,
|
||||
},
|
||||
},
|
||||
|
@ -103,6 +105,7 @@ func TestSQLServer_FromChunk(t *testing.T) {
|
|||
want: []detectors.Result{
|
||||
{
|
||||
DetectorType: detectorspb.DetectorType_SQLServer,
|
||||
Redacted: "sqlserver://username:********@server_name?database=testdb&disableRetry=false",
|
||||
Verified: true,
|
||||
},
|
||||
},
|
||||
|
|
|
@ -69,13 +69,12 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
|
|||
rawURLStr := rawURL.String()
|
||||
// Removing the path causes possible deduplication issues if some paths have basic auth and some do not.
|
||||
rawURL.Path = ""
|
||||
redact := strings.TrimSpace(strings.Replace(rawURL.String(), password, "********", -1))
|
||||
|
||||
s := detectors.Result{
|
||||
DetectorType: detectorspb.DetectorType_URI,
|
||||
Raw: []byte(rawURL.String()),
|
||||
RawV2: []byte(rawURLStr),
|
||||
Redacted: redact,
|
||||
Redacted: detectors.RedactURL(*rawURL),
|
||||
}
|
||||
|
||||
if verify {
|
||||
|
|
Loading…
Reference in a new issue