credsweeper.credentials package¶
Submodules¶
credsweeper.credentials.augment_candidates module¶
credsweeper.credentials.candidate module¶
- class credsweeper.credentials.candidate.Candidate(line_data_list, patterns, rule_name, severity, config=None, validations=None, use_ml=False, confidence=Confidence.MODERATE)[source]¶
Bases:
object
Candidates that can be credentials.
Class contains list of LineData, some attributes from Rule object, and config
- Parameters:
patterns (
List
[Pattern
]) – Regular expressions that can be used for detectionrule_name (
str
) – Name of Ruleseverity (
Severity
) – critical/high/medium/lowconfidence (
Confidence
) – strong/moderate/weakvalidations (
Optional
[List
[Validation
]]) – List of Validation objects that can check this credential using external APIuse_ml (
bool
) – Should ML work on this credential or not. If not prediction based on regular expression and filter only
- classmethod get_dummy_candidate(config, file_path, file_type, info)[source]¶
Create dummy instance to use in searching file by extension
- is_api_validation_available()[source]¶
Check if current credential candidate can be validated with external API.
- Return type:
- Returns:
True if any validation available, False otherwise
credsweeper.credentials.candidate_group_generator module¶
credsweeper.credentials.candidate_key module¶
credsweeper.credentials.credential_manager module¶
- class credsweeper.credentials.credential_manager.CredentialManager[source]¶
Bases:
object
The manager allows you to store, add and delete separate credit candidates.
- Parameters:
candidates – list of credential candidates
- group_credentials()[source]¶
Join candidates that reference same secret value in the same line.
Candidate can belong to two groups in the same time if it has more than one LineData object inside
- Return type:
- Returns:
Contain dictionary of [path, line_num, value] -> credential candidates list
credsweeper.credentials.line_data module¶
- class credsweeper.credentials.line_data.LineData(config, line, line_pos, line_num, path, file_type, info, pattern, match_obj=None)[source]¶
Bases:
object
Object to treat and store scanned line related data.
- Parameters:
key – Optional[str] = None
line (
str
) – string variable, lineline_num (
int
) – int variable, number of line in filepath (
str
) – string variable, path to filefile_type (
str
) – string variable, extension of file ‘.txt’info (
str
) – additional info about how the data was detectedpattern (
Pattern
) – regex pattern, detected pattern in lineseparator – optional string variable, separators between variable and value
separator_start – optional variable, separator position start
value – optional string variable, detected value in line
variable – optional string variable, detected variable in line
- EXCEPTION_POSITION = -2¶
- INITIAL_WRONG_POSITION = -3¶
- bash_param_split = re.compile('\\s+(\\-|\\||\\>|\\w+?\\>|\\&)')¶
- check_value_pos(value)[source]¶
checks and corrects value_start, value_end in case of self.value was shrink
- Return type:
- clean_bash_parameters()[source]¶
Split variable and value by bash special characters, if line assumed to be CLI command.
- Return type:
- clean_url_parameters()[source]¶
Clean url address from ‘query parameters’.
If line seem to be a URL - split by & character. Variable should be right most value after & or ? ([-1]). And value should be left most before & ([0])
- Return type:
- comment_starts = ['//', '*', '#', '/*', '<!––', '%{', '%', '...', '(*', '--', '--[[', '#=']¶
- initialize(match_obj=None)[source]¶
Apply regex to the candidate line and set internal fields based on match.
- Return type:
- is_comment()[source]¶
Check if line with credential is a comment.
- Return type:
- Returns:
True if line is a comment, False otherwise
- is_source_file()[source]¶
Check if file with credential is a source code file or not (data, log, plain text).
- Return type:
- Returns:
True if file is source file, False otherwise
- is_source_file_with_quotes()[source]¶
Check if file with credential require quotation for string literals.
- Return type:
- Returns:
True if file require quotation, False otherwise
- sanitize_variable()[source]¶
Remove trailing spaces, dashes and quotations around the variable.
- Return type:
- to_json()[source]¶
Convert line data object to dictionary.
- Return type:
- Returns:
Dictionary object generated from current line data
- url_detect_regex = re.compile(".*\\w{3,33}://[\\w;,/?:@&=+$%.!~*'()#\\\\-]+$")¶