Skip to content

Commit

Permalink
Remove SINGLE_STR_PAIR rule and modify other rules
Browse files Browse the repository at this point in the history 
- PIN keyword removed
- The verb strings of delimiter are removed
  • Loading branch information
@csh519
csh519 committed Oct 19, 2023
1 parent 3095c7b commit 310c9ec
Showing 1 changed file with 4 additions and 23 deletions.
27 changes: 4 additions & 23 deletions credsweeper/rules/config.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,26 +1,8 @@
- name: SINGLE_STR_PAIR
severity: medium
type: pattern
values:
- (?P<variable>(?i:telnet|root|user|login|계정|비밀번호))[\s:(/]+([\w.-]{3,})?[\s,/]+(?P<value>(?-i:(?P<a>[A-Z])|(?P<b>[a-z])|(?P<c>[0-9])|(?P<d>[~!@#$%^&*;:?])){4,31})(?(a)(?(b)(?(c)(?(d)(\s|\W|$)|(?!x)x)|(?!x)x)|(?!x)x)|(?!x)x)
filter_type:
- ValueAllowlistCheck
- ValueDictionaryKeywordCheck
min_line_len: 10
required_substrings:
- telnet
- root
- user
- login
- 계정
- 비밀번호
doc_only: true

- name: SECRET_PAIR
severity: medium
type: pattern
values:
- (?P<variable>[`'\"]?(?i:token|secret|key|키|암호|암호화|토큰)[`'\"]?)([\s=:]+|\s+is\s+|\s+are\s+|\s+were\s+|\s*는\s*|\s*은\s*|\s*설정은\s*|\s*\(\s*)(?P<quote>[`'\"(])?(?P<value>\S{4,})(?(quote)[)`'\"])
- (?P<variable>[`'\"]?(?i:token|secret|key|키|암호|암호화|토큰)[`'\"]?)((\s)*[=:](\s)*)(?P<quote>[`'\"(])?(?P<value>\S{4,})(?(quote)[)`'\"])
filter_type:
- ValueAllowlistCheck
min_line_len: 10
Expand All @@ -41,7 +23,7 @@
severity: medium
type: pattern
values:
- (?P<variable>[`'\"]?(?i:(?<!id[ :/])pa[as]swo?r?ds?|pwd?|pin|p/w|비밀번호|비번|패스워드|암호)[`'\"]?)([\s=:]+|\s+is\s+|\s+are\s+|\s+were\s+|\s*는\s*|\s*은\s*|\s*설정은\s*|\s*\(\s*)(?P<quote>[`'\"(])?(?P<value>\S{4,})(?(quote)[)`'\"])
- (?P<variable>[`'\"]?(?i:(?<!id[ :/])pa[as]swo?r?ds?|pwd?|p/w|비밀번호|비번|패스워드|암호)[`'\"]?)((\s)*[=:](\s)*)(?P<quote>[`'\"(])?(?P<value>\S{4,})(?(quote)[)`'\"])
filter_type:
- ValueAllowlistCheck
min_line_len: 10
Expand Down Expand Up @@ -73,15 +55,14 @@
severity: medium
type: pattern
values:
- (?P<ddash>--)?(?P<variable>\w*(?i:pa[as]swo?r?ds?|pwd|pin|\bp/w|\bpw|비밀번호|비번|패스워드|암호))\s*?(?(ddash)[ =]|[:=/>-]{1,2})\s*?(?P<quote>[`'\"]+)?(?P<value>\S{3,}?)(?(quote)(?P=quote)|\b)
- (?P<ddash>--)?(?P<variable>\w*(?i:pa[as]swords?|passwd?|pwd|\bp/w|\bpw|비밀번호|비번|패스워드|암호))\s*?(?(ddash)[ =]|[:=/>-]{1,2})\s*?(?P<quote>[`'\"]+)?(?P<value>\S{3,}?)(?(quote)(?P=quote)|\b)
- (?P<ddash>--)?(?P<variable>(?i:user\s*)?(?i:id|login|account|root|admin|user|name|wifi|role|host|default|계정|아이디))\s*?(?(ddash)[ =]|[ :=])\s*?(?P<value>\S+)
filter_type:
- ValueAllowlistCheck
min_line_len: 10
required_substrings:
- pass
- sword
- pin
- p/w
- pw
- 비밀번호
Expand All @@ -94,7 +75,7 @@
severity: medium
type: pattern
values:
- (?P<variable>[\w.-]*(?i:(?P<id>\bid\b)|id\b|user|name|계정|아이디)[\w.-]*(?(id)[ :(/]+|[:(/]+)(?i:pa[as]swo?r?ds?|pwd?|pin|비밀번호|비번|패스워드|암호))\)?(\s*->\s*|[ =:)(/]+|\s+is\s+|\s+are\s+|\s*는\s*|\s*은\s*|\s*설정은\s*)\(?(?P<id_value>[\w.-]{2,31})[ :\(/\"',]+(?P<value>[^\s}\])\"']{4,31})
- (?P<variable>[\w.-]*(?i:(?P<id>\bid\b)|id\b|user|name|계정|아이디)[\w.-]*(?(id)[ :(/]+|[:(/]+)(?i:pa[as]swo?r?ds?|pwd?|비밀번호|비번|패스워드|암호))\)?(\s*->\s*|[ =:)(/]+|\s+is\s+|\s+are\s+|\s*는\s*|\s*은\s*|\s*설정은\s*)\(?(?P<id_value>[\w.-]{2,31})[ :\(/\"',]+(?P<value>[^\s}\])\"']{4,31})
filter_type:
- ValueAllowlistCheck
- ValueDictionaryKeywordCheck
Expand Down

0 comments on commit 310c9ec

Please sign in to comment.