credentials package¶
Submodules¶
credentials.candidate module¶
- class credsweeper.credentials.candidate.Candidate(line_data_list, patterns, rule_name, severity, config, validations=None, use_ml=False)[source]¶
Bases:
object
Candidates that can be credentials.
Class contains list of LineData, some attributes from Rule object, and config
- Parameters:
patterns (
List
[Pattern
]) – Regular expressions that can be used for detectionrule_name (
str
) – Name of Ruleseverity (
Severity
) – critical/high/medium/lowconfig (
Config
) – user configsvalidations (
Optional
[List
[Validation
]]) – List of Validation objects that can check this credential using external APIuse_ml (
bool
) – Should ML work on this credential or not. If not prediction based on regular expression and filter only
- property api_validation: KeyValidationOption¶
api_validation getter
- Return type:
- classmethod get_dummy_candidate(config, file_path)[source]¶
Create dummy instance to use in searching file by extension
- is_api_validation_available()[source]¶
Check if current credential candidate can be validated with external API.
- Return type:
- Returns:
True if any validation available, False otherwise
- property ml_validation: KeyValidationOption¶
ml_validation getter
- Return type:
credentials.candidate_group_generator module¶
credentials.candidate_key module¶
credentials.credential_manager module¶
- class credsweeper.credentials.credential_manager.CredentialManager[source]¶
Bases:
object
The manager allows you to store, add and delete separate credit candidates.
- Parameters:
candidates – list of credential candidates
- group_credentials()[source]¶
Join candidates that reference same secret value in the same line.
Candidate can belong to two groups in the same time if it has more than one LineData object inside
- Return type:
- Returns:
Contain dictionary of [path, line_num, value] -> credential candidates list
credentials.line_data module¶
- class credsweeper.credentials.line_data.LineData(config, line, line_num, path, pattern)[source]¶
Bases:
object
Object to treat and store scanned line related data.
- Parameters:
key – Optional[str] = None
line (
str
) – string variable, lineline_num (
int
) – int variable, number of line in filepath (
str
) – string variable, path to filepattern (
Pattern
) – regex pattern, detected pattern in lineseparator – optional string variable, separators between variable and value
separator_span – optional tuple variable, separator position
value – optional string variable, detected value in line
variable – optional string variable, detected variable in line
- bash_param_split = regex.Regex('\\s+(\\-|\\||\\>|\\w+?\\>|\\&)', flags=regex.V0)¶
- clean_bash_parameters()[source]¶
Split variable and value by bash special characters, if line assumed to be CLI command.
- Return type:
- clean_url_parameters()[source]¶
Clean url address from ‘query parameters’.
If line seem to be a URL - split by & character. Variable should be right most value after & or ? ([-1]). And value should be left most before & ([0])
- Return type:
- comment_starts = ['//', '*', '#', '/*', '<!––', '%{', '%', '...', '(*', '--', '--[[', '#=']¶
- is_comment()[source]¶
Check if line with credential is a comment.
- Return type:
- Returns:
True if line is a comment, False otherwise
- is_source_file()[source]¶
Check if file with credential is a source code file or not (data, log, plain text).
- Return type:
- Returns:
True if file is source file, False otherwise
- is_source_file_with_quotes()[source]¶
Check if file with credential require quotation for string literals.
- Return type:
- Returns:
True if file require quotation, False otherwise
- property pattern: Pattern¶
pattern getter
- Return type:
Pattern
- sanitize_variable()[source]¶
Remove trailing spaces, dashes and quotations around the variable.
- Return type:
- set_pattern_match_groups()[source]¶
Apply regex to the candidate line and set internal fields based on match.
- Return type: