filters package¶
Subpackages¶
Submodules¶
filters.filter module¶
filters.line_specific_key_check module¶
- class credsweeper.filters.line_specific_key_check.LineSpecificKeyCheck[source]¶
Bases:
Filter
Check that values from list below is not in candidate line.
- NOT_ALLOWED = ['example', 'enc\\(', 'enc\\[', 'true', 'false']¶
- NOT_ALLOWED_PATTERN = regex.Regex('(?:example|enc\\(|enc\\[|true|false)', flags=regex.I | regex.V0)¶
filters.separator_unusual_check module¶
filters.value_allowlist_check module¶
- class credsweeper.filters.value_allowlist_check.ValueAllowlistCheck[source]¶
Bases:
Filter
Check that patterns from the list is not present in the candidate value.
- ALLOWED = ['ENC\\(.*\\)', 'ENC\\[.*\\]', '\\$\\{.*\\}', '#\\{.*\\}', '\\{\\{.+\\}\\}', '(\\w|\\d|\\.|->)+\\(.*\\)', '\\*\\*\\*\\*\\*']¶
- ALLOWED_PATTERN = regex.Regex('(?:ENC\\(.*\\)|ENC\\[.*\\]|\\$\\{.*\\}|#\\{.*\\}|\\{\\{.+\\}\\}|(\\w|\\d|\\.|->)+\\(.*\\)|\\*\\*\\*\\*\\*)', flags=regex.I | regex.V0)¶
filters.value_array_dictionary_check module¶
- class credsweeper.filters.value_array_dictionary_check.ValueArrayDictionaryCheck[source]¶
Bases:
Filter
Match call to dictionary or array element.
- This filter checks only calls, not declarations:
token = values[i] would be filtered token = {‘root’} would be kept
- PATTERN = regex.Regex('\\[(\'|")?.+(\'|")?\\]', flags=regex.V0)¶
filters.value_blocklist_check module¶
filters.value_camel_case_check module¶
- class credsweeper.filters.value_camel_case_check.ValueCamelCaseCheck[source]¶
Bases:
Filter
Check that candidate is not written in camel case.
- CAMEL_CASE = ['^([a-z]+([A-Z][a-z]+)+)$', '^([A-Z][a-z]+([A-Z][a-z]+)+)$']¶
- CAMEL_CASE_PATTERN = regex.Regex('(?:^([a-z]+([A-Z][a-z]+)+)$|^([A-Z][a-z]+([A-Z][a-z]+)+)$)', flags=regex.V0)¶
filters.value_dictionary_keyword_check module¶
filters.value_dictionary_value_length_check module¶
filters.value_entropy_check module¶
filters.value_file_path_check module¶
filters.value_first_word_check module¶
- class credsweeper.filters.value_first_word_check.ValueFirstWordCheck[source]¶
Bases:
Filter
Check that secret doesn’t starts with special character.
- NOT_ALLOWED = ['\\=', '\\{', '\\)', '\\<', '\\>', '\\#', '\\:', '\\\\', '\\/\\/', '\\_', '\\\\[u]', '\\/\\*', '\\%[deflspuvxz]']¶
- NOT_ALLOWED_PATTERN = regex.Regex('^(?:\\=|\\{|\\)|\\<|\\>|\\#|\\:|\\\\|\\/\\/|\\_|\\\\[u]|\\/\\*|\\%[deflspuvxz])', flags=regex.I | regex.V0)¶
filters.value_last_word_check module¶
filters.value_length_check module¶
filters.value_method_check module¶
filters.value_not_allowed_pattern module¶
- class credsweeper.filters.value_not_allowed_pattern.ValueNotAllowedPatternCheck[source]¶
Bases:
Filter
Check that secret doesn’t open or closes brackets or a new line.
- NOT_ALLOWED = ['[,<>{};\\]\\[](\\s)*', '(\\s)+[\\\\]', '(\\\\n)(\\s)*']¶
- NOT_ALLOWED_PATTERN = regex.Regex('(?:[,<>{};\\]\\[](\\s)*|(\\s)+[\\\\]|(\\\\n)(\\s)*)$', flags=regex.I | regex.V0)¶
filters.value_pattern_filter module¶
- class credsweeper.filters.value_pattern_filter.ValuePatternCheck(pattern_len=4)[source]¶
Bases:
Filter
Check if candidate value contain specific pattern.
Similar to linguistic sequences of characters, random strings shouldn’t contain math sequences of characters. Based on “How Bad Can It Git? Characterizing Secret Leakage in Public GitHub Repositories”, details: https://www.ndss-symposium.org/ndss-paper/how-bad-can-it-git-characterizing-secret-leakage-in-public-github-repositories/ PatternCheck checks the occurrence in “line_data.value” of three types of sequence:
N or more identical characters in sequence, example: “AAAA”, “1111” …
N or more increasing characters sequentially, example: “abcd”, “1234” …
N or more decreasing characters sequentially, example: “dcba”, “4321” …
Default pattern LEN is 4
- ascending_pattern_check(line_data_value)[source]¶
Check if candidate value contain 4 and more ascending chars or numbers sequences.
- Arg:
line_data_value: credential candidate value
- Return type:
- Returns:
True if contain and False if not
- descending_pattern_check(line_data_value)[source]¶
Check if candidate value contain 4 and more descending chars or numbers sequences.
- Arg:
line_data_value: string variable, credential candidate value
- Return type:
- Returns:
boolean variable. True if contain and False if not
filters.value_similarity_check module¶
filters.value_string_type_check module¶
- class credsweeper.filters.value_string_type_check.ValueStringTypeCheck(config)[source]¶
Bases:
Filter
Check if line_data is in source code file that require quotes for string declaration.
If it is, then checks if line_data really have string literal declaration. Comment rows in source files (start with //, /*, etc) ignored.
True if:
line_data have no value
line_data have no path
line_data is in source code file (.cpp, .py, etc.) and is not comment and contain no quotes (so no string literal declared)
False otherwise
filters.value_token_check module¶
- class credsweeper.filters.value_token_check.ValueTokenCheck[source]¶
Bases:
Filter
Check if first substring of token is shorter than 5.
Split candidate value into substrings using ` ;`{})(<>[]` separators. Check if first substring is shorter than 5
Examples
“my password” “12);password”
- SPLIT_PATTERN = ' |;|\\)|\\(|{|}|<|>|\\[|\\]|`'¶
filters.value_useless_word_check module¶
- class credsweeper.filters.value_useless_word_check.ValueUselessWordCheck[source]¶
Bases:
Filter
Check is candidate value contains sub-rows with operators (like ->).
- NOT_ALLOWED = ['((\\{)?(0x)+([0-9a-f]|\\%){1}.*)', '(\\-\\>.*)', '(xxxx.*)', '(\\s).*']¶
- NOT_ALLOWED_PATTERN = regex.Regex('(?:((\\{)?(0x)+([0-9a-f]|\\%){1}.*)|(\\-\\>.*)|(xxxx.*)|(\\s).*)', flags=regex.I | regex.V0)¶
filters.variable_check module¶
- class credsweeper.filters.variable_check.VariableCheck[source]¶
Bases:
Filter
Check if candidate variable is a regex placeholder or ends with match character (like + or >).
- NOT_ALLOWED = ['^([<]|\\{\\{).*', '(\\@.*)', '[!><+*/^|)](\\s)?$']¶
- NOT_ALLOWED_PATTERN = regex.Regex('(?:^([<]|\\{\\{).*|(\\@.*)|[!><+*/^|)](\\s)?$)', flags=regex.I | regex.V0)¶