org.sonar.plugins.secrets.configuration.ssh.yaml Maven / Gradle / Ivy
provider:
metadata:
name: OpenSSH
category: Authentication Standard
message: Make sure this SSH private key gets revoked, changed, and removed from the code.
rules:
- id: ssh-private-key
rspecKey: S6693
metadata:
name: SSH private keys should not be disclosed
detection:
pre:
include:
content:
- "PRIVATE KEY-----"
reject:
ext:
- .adoc
- .example
- .html
- .md
- .mdx
- .template
matching:
pattern: "(-----BEGIN OPENSSH PRIVATE KEY-----)"
context:
matchEach:
- patternAfter: "b3BlbnNzaC1rZXktdj" # openssh-key-v - always present and future safe
- patternAfter: "-----END OPENSSH PRIVATE KEY-----"
examples:
- text: |
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACDktj2RM1D2wRTQ0H+YZsFqnAuZrqBNEB4PpJ5xm73nWwAAAJgJVPFECVTx
RAAAAAtzc2gtZWQyNTUxOQAAACDktj2RM1D2wRTQ0H+YZsFqnAuZrqBNEB4PpJ5xm73nWw
AAAECQ8Nzp6a1ZJgS3SWh2pMxe90W9tZVDZ+MZT35GjCJK2uS2PZEzUPbBFNDQf5hmwWqc
C5muoE0QHg+knnGbvedbAAAAFGdhZXRhbmZlcnJ5QFBDLUwwMDc3AQ==
-----END OPENSSH PRIVATE KEY-----
containsSecret: true
match: -----BEGIN OPENSSH PRIVATE KEY-----
- text: |
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACDktj2RM1D2wRTQ0H+YZsFqnAuZrqBNEB4PpJ5xm73nWwAAAJgJVPFECVTx
RAAAAAtzc2gtZWQyNTUxOQAAACDktj2RM1D2wRTQ0H+YZsFqnAuZrqBNEB4PpJ5xm73nWw
AAAECQ8Nzp6a1ZJgS3SWh2pMxe90W9tZVDZ+MZT35GjCJK2uS2PZEzUPbBFNDQf5hmwWqc
C5muoE0QHg+knnGbvedbAAAAFGdhZXRhbmZlcnJ5QFBDLUwwMDc3AQ==
-----END OPENSSH PRIVATE KEY-----
fileName: Doc.md
containsSecret: false
- id: putty-private-key
rspecKey: S6693
metadata:
name: SSH private keys should not be disclosed
detection:
pre:
include:
content:
- "PuTTY-User-Key-File-"
reject:
ext:
- .adoc
- .example
- .html
- .md
- .mdx
- .template
matching:
pattern: "(PuTTY-User-Key-File-\\d+:)"
context:
matchEach:
- patternAfter: "Private-Lines: \\d+"
- patternAfter: "Private-MAC: [a-f0-9]{40,}"
examples:
- text: |
PuTTY-User-Key-File-3: ssh-rsa
Encryption: none
Comment: rsa-key-20230614
Public-Lines: 6
AAAAB3NzaC1yc2EAAAADAQABAAABAQCMxcogLWgwfvEc8iJfJTAmKci0XjpKsnjZ
rj5/hQt0aTJDIllZ0mZhyfidZSsplUydrFWU46wO8rknVz9ZyTrPZw9j0gWwU8e5
hz3ZuLSQOpRe0yxWPVQFc09aDIxuExVT42hIJZ5PR3u359LITP7VwUzImvEAbQv0
x59nbDaMR+D4bhEfWoH/nizxiUjCHzem5j7STVxlQbtW30C7JefrkgeZQsZmw9Hm
x/PN6omqJn8K7Ak0PMQusZztooScilN1zaYMd0ab3DfzYHginUC6BItDszg71fGF
7FCIIslY9A8Wka2iUdCRjNQRaibpTtoLV6S0fdTPliHQGLM5paJr
Private-Lines: 14
AAABAG8EPNcLeDNmqPfO7NRkG4i9Qw8bkJUAEtZ418jxP4tausy+9gAkMaHFCk/2
TQfKOlXOZt+4fSR8vxALemZwj/SorjZmlx3rtILX6SsewydLS19M4pZQX0a9HUNC
yiy02AkEOmVLZYHYOfVa2ZwlPIOOoeNCbfWMCfXMyCVj7dDKYf8guYu2TYobciKh
38hs3YSvK+ZgExQ8J0WctdevGZbY9XrOFV6BS0x96B3wsNfpX2C60tq2Wykuxc4B
6II30wB/dAgU9J1WJ2Y85JZAWNB9+EL4FtSwBRxMlGpAL2twfnjw2Pf1zccvknLF
xLUuSOwH4Mvx8l9RgRZ2zCdYaoEAAACBANFqlveaV+tFBKgVG/MqN+6CF30aQtmU
D1NjR1YyZy8HLzuxwAEGE1dX79ODJ+EvHYQs8G4xCF9YzwO2CkJFZVpniObQE1zc
obfdjBByJIk6uLBY9sSpHVxiBrq/oO3x97lX9RiD7l6qscgD7XPFADIuQp0oDZv1
lxZPaoFe2jYRAAAAgQCsFjep2l0vpC/HAWCzogZIcVIm1dbpWK4UVUo7tHJ6BEqk
qBKcQ27ARSKPOWFxdS3qE0m1kuFjoRMf9aPCA0ufFaqU6xL0dE2Od6TC5De8WOKv
gK1OPfzeOkvvGs5nsquwEEhywmyHxSXFw/D2m/sififOzk1SBvjDJZUKGYnkuwAA
AIEAjbslwp9iTZ5yaohaJ2U9GN4viwZ9dEtnpD92kWIrqMyBC68a5neM+UQvdPOt
BUoTyC4US2+14snIs3DPi8rPW7EGKucqPL983YyddN0/fwqi06/CToKAmjKC/oRU
M9HarnEZLowLKsWIPUu70SHcAhXo/fOck6n96xZc5QyFHi4=
Private-MAC: 1c0857bc825e9563c20df675606a3e295ef00cdb291beec9123e52c9efe00e8b
containsSecret: true
match: "PuTTY-User-Key-File-3:"
- text: |
PuTTY-User-Key-File-3: ssh-rsa
Encryption: none
Comment: rsa-key-20230614
Public-Lines: 6
AAAAB3NzaC1yc2EAAAADAQABAAABAQCMxcogLWgwfvEc8iJfJTAmKci0XjpKsnjZ
rj5/hQt0aTJDIllZ0mZhyfidZSsplUydrFWU46wO8rknVz9ZyTrPZw9j0gWwU8e5
hz3ZuLSQOpRe0yxWPVQFc09aDIxuExVT42hIJZ5PR3u359LITP7VwUzImvEAbQv0
x59nbDaMR+D4bhEfWoH/nizxiUjCHzem5j7STVxlQbtW30C7JefrkgeZQsZmw9Hm
x/PN6omqJn8K7Ak0PMQusZztooScilN1zaYMd0ab3DfzYHginUC6BItDszg71fGF
7FCIIslY9A8Wka2iUdCRjNQRaibpTtoLV6S0fdTPliHQGLM5paJr
Private-Lines: 14
AAABAG8EPNcLeDNmqPfO7NRkG4i9Qw8bkJUAEtZ418jxP4tausy+9gAkMaHFCk/2
TQfKOlXOZt+4fSR8vxALemZwj/SorjZmlx3rtILX6SsewydLS19M4pZQX0a9HUNC
yiy02AkEOmVLZYHYOfVa2ZwlPIOOoeNCbfWMCfXMyCVj7dDKYf8guYu2TYobciKh
38hs3YSvK+ZgExQ8J0WctdevGZbY9XrOFV6BS0x96B3wsNfpX2C60tq2Wykuxc4B
6II30wB/dAgU9J1WJ2Y85JZAWNB9+EL4FtSwBRxMlGpAL2twfnjw2Pf1zccvknLF
xLUuSOwH4Mvx8l9RgRZ2zCdYaoEAAACBANFqlveaV+tFBKgVG/MqN+6CF30aQtmU
D1NjR1YyZy8HLzuxwAEGE1dX79ODJ+EvHYQs8G4xCF9YzwO2CkJFZVpniObQE1zc
obfdjBByJIk6uLBY9sSpHVxiBrq/oO3x97lX9RiD7l6qscgD7XPFADIuQp0oDZv1
lxZPaoFe2jYRAAAAgQCsFjep2l0vpC/HAWCzogZIcVIm1dbpWK4UVUo7tHJ6BEqk
qBKcQ27ARSKPOWFxdS3qE0m1kuFjoRMf9aPCA0ufFaqU6xL0dE2Od6TC5De8WOKv
gK1OPfzeOkvvGs5nsquwEEhywmyHxSXFw/D2m/sififOzk1SBvjDJZUKGYnkuwAA
AIEAjbslwp9iTZ5yaohaJ2U9GN4viwZ9dEtnpD92kWIrqMyBC68a5neM+UQvdPOt
BUoTyC4US2+14snIs3DPi8rPW7EGKucqPL983YyddN0/fwqi06/CToKAmjKC/oRU
M9HarnEZLowLKsWIPUu70SHcAhXo/fOck6n96xZc5QyFHi4=
Private-MAC: 1c0857bc825e9563c20df675606a3e295ef00cdb291beec9123e52c9efe00e8b
fileName: Doc.html
containsSecret: false
© 2015 - 2025 Weber Informatics LLC | Privacy Policy