You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat: change 2ms version to v5 and other small fixes (#364)
<!--
Thanks for contributing to 2ms by offering a pull request.
-->
Closes #
**Proposed Changes**
Updated version to v5.
Updated README with a better explanation of entropy
Changed jwt rule name to Jwt, now consistent with all other rules
Added test for rule naming convention
<!--
Please describe the big picture of your changes here. If it fixes a bug
or resolves a feature request, be sure to link to that issue.
-->
**Checklist**
- [ ] I covered my changes with tests.
- [ ] I Updated the documentation that is affected by my changes:
- [ ] Change in the CLI arguments
- [ ] Change in the configuration file
I submit this contribution under the Apache-2.0 license.
Copy file name to clipboardExpand all lines: README.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -354,14 +354,14 @@ Other fields are optional and can be seen in the example bellow of a file with a
354
354
```yaml
355
355
- ruleId: 01ab7659-d25a-4a1c-9f98-dee9d0cf2e70 # REQUIRED: unique id, must match default rule id to override that default rule. Rule ids can be used as values in --rule and --ignore-rule flags
356
356
ruleName: Custom-Api-Key # should be human-readable name. If left empty for new rule, ruleName will take the value of ruleId. If left empty for override, default rule name will be considered. Rule names can be used as values in --rule and --ignore-rule flags
357
-
description: Custom rule
358
-
regex: (?i)\b\w*secret\w*\b\s*:?=\s*["']?([A-Za-z0-9/_+=-]{8,150})["']? # REQUIRED: golang regular expression used to find secrets. If capture group is present in regex, it used to find the secret, otherwise whole regex is used. which group is considered the secret can be defined with secretGroup
357
+
description: Custom rule
358
+
regex: (?i)\b\w*secret\w*\b\s*:?=\s*["']?([A-Za-z0-9/_+=-]{8,150})["']? # REQUIRED: golang regular expression used to find secrets. For regexes, if enclosed in "", make sure to escape backslashes (\\, \\b, etc.). If capture group is present in regex, it's used to find the secret, otherwise whole regex is used. Which group is considered the secret can be defined with secretGroup
359
359
keywords: # Keywords are used for pre-regex check filtering. Rules that contain keywords will perform a quick string compare check to make sure the keyword(s) are in the content being scanned.
360
360
- access
361
361
- api
362
-
entropy: 3.5 # shannon entropy, measures how random a string is. The value will be higher the more random a string is. Default rules that use entropy have values between 2.0 and 4.5. Leave empty to consider matches regardless of entropy
362
+
entropy: 3.5 # minimum shannon entropy, which measures how random a string is. The more unique characters a string has, the higher the entropy. The value of entropy will tend to become log2(unique chars), so long as all unique are equally present in the string ('abcd' string has entropy of log2(4)=2, but so does 'aabbccdd'). To test entropy values, use https://textcompare.io/shannon-entropy-calculator. Default rules that use entropy have values between 2.0 and 4.5, though these minimums can sometimes be 1-2 lower than the entropy of a true positive. Leave entropy empty to consider matches regardless of entropy
363
363
secretGroup: 1 # defines which capture group of regex match is considered the secret. Is also used as the group that will have its entropy checked if `entropy` is set. Can be left empty, in which case the first capture group to match will be considered the secret
364
-
path: (?i)\.(?:tf|hcl)$ # regex to limit the rule to specific file paths. For example, only .tf and .hcl files
364
+
path: "(?i)\\.(?:tf|hcl)$"# regex to limit the rule to specific file paths, for example, only .tf and .hcl files. For regexes, if enclosed in "", make sure to escape backslashes (\\, \\b, etc.)
365
365
severity: High # severity, can only be one of [Critical, High, Medium, Low, Info]
366
366
tags: # identifiers for the rule, tags can be used as values of --rule and --ignore-rule flags
367
367
- api-key
@@ -371,8 +371,8 @@ Other fields are optional and can be seen in the example bellow of a file with a
371
371
deprecated: false# if true, the rule will not be used in the scan, regardless of --rule flag
372
372
allowLists: # allowed values to ignore if matched
373
373
- description: Allowlist for Custom Rule
374
-
matchCondition: OR # determines whether all criteria in the allowList must match. Can be AND or OR. Defaults to OR if not specified
375
-
regexTarget: match - #determines whether the regexes in allowList are tested against the rule.Regex match or the full line being scanned. Can be 'match' or 'line'. Defaults to 'match' if not specified
374
+
matchCondition: OR #Can be AND or OR. determines whether all criteria in the allowList must match. Defaults to OR if not specified
375
+
regexTarget: match - #Can be match or line. Determines whether the regexes in allowList are tested against the rule.Regex match or the full line being scanned. Defaults to "match" if not specified
Copy file name to clipboardExpand all lines: docs/list-of-rules.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -115,7 +115,7 @@ Here is a complete list of all the rules that are currently implemented.
115
115
| Intra42-Client-Secret | Found a Intra42 client secret, which could lead to unauthorized access to the 42School API and sensitive data. | client-secret ||
116
116
| Jfrog-Api-Key | Found a JFrog API Key, posing a risk of unauthorized access to software artifact repositories and build pipelines. | api-key ||
117
117
| Jfrog-Identity-Token | Discovered a JFrog Identity Token, potentially compromising access to JFrog services and sensitive software artifacts. | access-token ||
118
-
|jwt| Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. | access-token ||
118
+
|Jwt| Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. | access-token ||
119
119
| Jwt-Base64 | Detected a Base64-encoded JSON Web Token, posing a risk of exposing encoded authentication and data exchange information. | access-token ||
120
120
| Kraken-Access-Token | Identified a Kraken Access Token, potentially compromising cryptocurrency trading accounts and financial security. | access-token ||
121
121
| Kubernetes-Secret-Yaml | Possible Kubernetes Secret detected, posing a risk of leaking credentials/tokens from your deployments | secret-key ||
0 commit comments