secret-scanning-custom-patterns/rsa/patterns.yml at main · advanced-security/secret-scanning-custom-patterns · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
name: RSA Keys

patterns:
  - name: Generic RSA keys
    type: generic_rsa_keys
    regex:
      version: 1.2
      pattern: |
        --BEGIN (?:[A-Z]+ )?PRIVATE KEY--+(\\[nr]|[\r\n])+([a-zA-Z0-9+/=\s]|\\[rn])+(\\[rn]|[\r\n])+--+END (?:[A-Z]+ )?PRIVATE KEY--
    comments:
      - "Basic support for hardcoded strings in code with RSA private key"
      - "Includes keys hardcoded in strings with escaped line breaks"
    expected:
      - name: ssh_rsa
        start_offset: 3
        end_offset: 2631
      - name: rsa.js
        start_offset: 50
        end_offset: 924
      - name: rsa.json
        start_offset: 49
        end_offset: 2715
    test:
      data: |
        --BEGIN PRIVATE KEY--\nAAAA\n--END PRIVATE KEY--
      start_offset: 0
      end_offset: 48

  - name: SSH Private Keys
    type: ssh_private_keys
    regex:
      pattern: |
        --BEGIN OPENSSH PRIVATE KEY--+[a-zA-Z0-9+/=\s]+--+END OPENSSH PRIVATE KEY--
    comments:
      - "*SSH Password:* `MyPassword`"
    expected:
      - name: ssh_rsa
        start_offset: 3
        end_offset: 2631
    test:
      data: |
          --BEGIN OPENSSH PRIVATE KEY--AAAA--END OPENSSH PRIVATE KEY--
      start_offset: 0
      end_offset: 60

  - name: GPG Private Key
    type: gpg_private_key
    regex:
      pattern: |
        --BEGIN PGP PRIVATE KEY BLOCK--+(?:[\r\n]+((Version|Comment|MessageID|Hash|Charset): [^\r\n]+[\r\n]+)+[\r\n]+)?[a-zA-Z0-9+/=\s]+--+END PGP PRIVATE KEY BLOCK--
    expected:
      - name: GeekMasher GPG.asc
        start_offset: 3
        end_offset: 6651
      - name: GeekMasher_GPG_with_headers.asc
        start_offset: 3
        end_offset: 6728
    test:
      data: |
        --BEGIN PGP PRIVATE KEY BLOCK--AAAA--END PGP PRIVATE KEY BLOCK--
      start_offset: 0
      end_offset: 64

  - name: SSH Public Key
    type: ssh_public_key
    experimental: true
    regex:
      version: 0.2
      pattern: |
        ssh-rsa\s+[a-zA-Z0-9/\+=]{20,}
      end: |
        \z|\s+[a-zA-Z0-9@-]+([\r\n]|\z)
    comments:
      - "SSH Public Key (not a secret)"
      - Ignores the name of the public key
    expected:
      - name: ssh_rsa.pub
        start_offset: 0
        end_offset: 552
    test:
      data: |
        ssh-rsa aaaaaaaaaaaaaaaaaaaaa foo
      start_offset: 0
      end_offset: 29