BM markup scores fix, style

Samsung · Aug 28, 2024 · fbc5388 · fbc5388
1 parent 2eebf31
commit fbc5388
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 7 deletions.
diff --git a/credsweeper/common/constants.py b/credsweeper/common/constants.py
@@ -13,10 +13,10 @@ class KeywordPattern:
                 r"[^:='\"`<>{?!&]*)[`'\"]*)"  # <variable>
     separator = r"\s*\]?\s*" \
                 r"(?P<separator>:( [a-z]{3,9}[?]? )?=" \
-                r"|:|=(>|\\u0026gt;)|!=|===|==|=)" \
+                r"|:|=(>|&gt;|\\u0026gt;)|!=|===|==|=)" \
                 r"(\s|\\[tnr])*"\
                 r"(ConvertTo-SecureString(\s*-String)?\s*)?" \
-                r"(?P<wrap>((new\s*)?\w|\.|->|\(|\[)*[\[\(\{](\w{1,32}=)?\s*)?"
+                r"(?P<wrap>((new\s*)?\w|\.|-(>|&gt;|\\u0026gt;)|\(|\[)*[\[\(\{](\w{1,32}=)?\s*)?"
     # Authentication scheme ( oauth | basic | bearer | apikey ) precedes to credential
     value = r"(?P<value_leftquote>((b|r|br|rb|u|f|rf|fr|\\{0,8})?[`'\"]){1,4})?" \
             r"( ?(oauth|bot|basic|bearer|apikey|accesskey) )?" \

diff --git a/credsweeper/filters/value_allowlist_check.py b/credsweeper/filters/value_allowlist_check.py
@@ -11,8 +11,14 @@ class ValueAllowlistCheck(Filter):
     """Check that patterns from the list is not present in the candidate value."""
 
     ALLOWED = [
-        r"ENC\(.*\)", r"ENC\[.*\]", r"\$\{.*\}", r"#\{.*\}", r"\{\{.+\}\}", r"([.a-z0-9]|->)+\(.*\)(\W|$)", r"\S{0,5}\*{5,}",
-        r".*@@@hl@@@(암호|비번|PW|PASS)@@@endhl@@@.*"
+        r"ENC\(.*\)",  #
+        r"ENC\[.*\]",  #
+        r"\$\{.*\}",  #
+        r"#\{.*\}",  #
+        r"\{\{.+\}\}",  #
+        r"([.a-z0-9]|->)+\(.*\)(\W|$)",  #
+        r"\S{0,5}\*{5,}",  #
+        r".*@@@hl@@@(암호|비번|PW|PASS)@@@endhl@@@.*",  #
     ]
     ALLOWED_PATTERN = re.compile(  #
         Util.get_regex_combine_or(ALLOWED),  #

diff --git a/tests/test_main.py b/tests/test_main.py
@@ -812,8 +812,8 @@ def test_param_n(self) -> None:
     def test_param_p(self) -> None:
         # internal parametrized tests for quick debug
         items = [  #
-            ("win.log",b'$Secure_String_Pwd = ConvertTo-SecureString "P@55w0rD!" -AsPlainText -Force',
-             "$Secure_String_Pwd","P@55w0rD!"),
+            ("win.log", b'$Secure_String_Pwd = ConvertTo-SecureString "P@55w0rD!" -AsPlainText -Force',
+             "$Secure_String_Pwd", "P@55w0rD!"),
             ('tk.java',
              b' final OAuth2AccessToken accessToken = new OAuth2AccessToken("7c9yp7.y513e1t629w7e8f3n1z4m856a05o");',
              "OAuth2AccessToken accessToken", "7c9yp7.y513e1t629w7e8f3n1z4m856a05o"),
@@ -824,7 +824,7 @@ def test_param_p(self) -> None:
             ("log.txt",
              b'json\\nAuthorization: Basic jfhlksadjiu9813ryiuhdfskadjlkjh34\\n\\u003c/code\\u003e\\u003c/pre\\u003e"',
              "Authorization", "jfhlksadjiu9813ryiuhdfskadjlkjh34"),
-            ("pwd.py", b'password = "ji3_8iKgaW_R~0/8"', "password", "ji3_8iKgaW_R~0/8"),
+            ("pwd.html", b'password =&gt; "ji3_8iKgaW_R~0/8"', "password", "ji3_8iKgaW_R~0/8"),
             ("pwd.py", b'password = "/_tcTz<D8sWXsW<E"', "password", "/_tcTz<D8sWXsW<E"),
             ("pwd.py", b'password = "I:FbCnXQc/9E02Il"', "password", "I:FbCnXQc/9E02Il"),
             ("url_part.py", b'39084?token=3487263-2384579834-234732875-345&key=DnBeiGdgy6253fytfdDHGg&hasToBeFound=2',