org.sonar.plugins.secrets.configuration.artifactory.yaml Maven / Gradle / Ivy

Go to download
provider:
  metadata:
    name: JFrog
    category: Package Repository
    message: Make sure this Artifactory token gets revoked, changed, and removed from the code.

  rules:
    - id: artifactory-api-key
      rspecKey: S6752
      metadata:
        name: Artifactory API key
      detection:
        pre:
          include:
            content:
              - AKCp
        matching:
          pattern: "\\b(AKCp\\d[A-Za-z0-9_-]{68})\\b"
        post:
          statisticalFilter:
            threshold: 4.8
      examples:
        - text: |
            def ARTIFACTORY_URL = 'https://example.com/artifactory/'
            def ARTIFACTORY_API_KEY = 'AKCp4Lof5Pj0HeFbUzUjpFxHZ1nuZeipBLxt1nyu1VRTVeN8eeqKRb34azhpNcd2l7jWlzoSr'
            def RESOLVE_SNAPSHOT_REPO = 'lib-snapshot'
          containsSecret: true
          match: AKCp4Lof5Pj0HeFbUzUjpFxHZ1nuZeipBLxt1nyu1VRTVeN8eeqKRb34azhpNcd2l7jWlzoSr
        - text: |
            def ARTIFACTORY_URL = 'https://example.com/artifactory/'
            def ARTIFACTORY_API_KEY = 'AKCp4XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
            def RESOLVE_SNAPSHOT_REPO = 'lib-snapshot'
          containsSecret: false
    - id: artifactory-identity-token
      rspecKey: S6752
      metadata:
        name: Artifactory identity token
      detection:
        pre:
          include:
            content:
              - cmVmdGtuO
        matching:
          pattern: "\\b(cmVmdGtuO[A-Za-z0-9_-]{55})\\b"
        post:
          statisticalFilter:
            threshold: 4.6
      examples:
        - text: |
            put("reference-with-user", "admin:cmVmdGtuOjAxOjE3MjY1MDk5NzU6RFZrZzdmMnBxdEJoMFZQTGU3S2I2R1NtUGNZ");
          containsSecret: true
          match: cmVmdGtuOjAxOjE3MjY1MDk5NzU6RFZrZzdmMnBxdEJoMFZQTGU3S2I2R1NtUGNZ
        - text: |
            assertTrue(containsSuspectedSecrets("cmVmdGtuOjAxOjtext with pacewith spacewith spacewith spacewith spacewith space"));
          containsSecret: false
    - id: artifactory-access-token
      rspecKey: S6752
      metadata:
        name: Artifactory access token
      detection:
        pre:
          include:
            content:
              - eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJ
        matching:
          pattern: "\\b(eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJ[A-Za-z0-9_-]{30,}\\.[A-Za-z0-9_-]{100,}\\.[A-Za-z0-9_-]{100,})\\b"
        post:
          statisticalFilter:
            threshold: 5.5
      examples:
        - text: |
            
            eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJ8iS8bCyxBfQS05cyWCRp9ocHCEEdxVmv.dUfROkDghqdUzlFCkNyKjCj0l27SN53KY4MypGytx2HEcjEH8f4bpfVJsF0gJS1iVUImWww61hVPk2H2c4EIVorJGuJlwi75xbldxNnf8BFMCJ0Kc0sn9V69L6jbLbvf2Yp2LXJ3F9EmoPq9OMIZK8UjMTlFCfa3udg84ocZme9UDo8IHZWXYkQihNlNASZll5iuB1ifhdenelZQjAJOKJqMcVRwKpra4D1cD1HnsLd0P9a2IuZ3PJkqibBG1bbkdiPihiRvGYrBFr7roVTc4t20hOceBZd5pRmJgLhCvib3L8GJNXWC.t3iMRUkeX05ofZQNrTRrb0mUWrqnUEqdmyDzJ-1mXp5L-Ov8EnVbulm5ZZJMix2z-ZsADYoBQOcZoO9RFmk3Ge2WJ-mvtO_LLwke-cQwiNT9jGtc4eVA8
            60
          containsSecret: true
          match: eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJ8iS8bCyxBfQS05cyWCRp9ocHCEEdxVmv.dUfROkDghqdUzlFCkNyKjCj0l27SN53KY4MypGytx2HEcjEH8f4bpfVJsF0gJS1iVUImWww61hVPk2H2c4EIVorJGuJlwi75xbldxNnf8BFMCJ0Kc0sn9V69L6jbLbvf2Yp2LXJ3F9EmoPq9OMIZK8UjMTlFCfa3udg84ocZme9UDo8IHZWXYkQihNlNASZll5iuB1ifhdenelZQjAJOKJqMcVRwKpra4D1cD1HnsLd0P9a2IuZ3PJkqibBG1bbkdiPihiRvGYrBFr7roVTc4t20hOceBZd5pRmJgLhCvib3L8GJNXWC.t3iMRUkeX05ofZQNrTRrb0mUWrqnUEqdmyDzJ-1mXp5L-Ov8EnVbulm5ZZJMix2z-ZsADYoBQOcZoO9RFmk3Ge2WJ-mvtO_LLwke-cQwiNT9jGtc4eVA8
        - text: |
            
            eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJ8iS8bCyxBfQS05cyWCRp9ocHCEEdxVmv.body.signature
            60
          containsSecret: false