credsweeper.scanner.scan_type package

Submodules

credsweeper.scanner.scan_type.multi_pattern module

class credsweeper.scanner.scan_type.multi_pattern.MultiPattern[source]

Bases: ScanType

Check if line is a part of a multi-line credential and second part is present within MAX_SEARCH_MARGIN lines.

Parameters:

MAX_SEARCH_MARGIN – Int constant. Number of lines around current to perform search for the second part

MAX_SEARCH_MARGIN = 10
classmethod run(config, rule, target)[source]

Check if multiline credential present if the file within MAX_SEARCH_MARGIN range from current line_num.

Parameters:

  • config (Config) – user configs

  • rule (Rule) – Rule object to check current line. Should be a multi-pattern rule

  • target (AnalysisTarget) – Analysis target

Return type:

List[Candidate]

Returns:

List of Candidates if pattern defined in a rule is present in a line and second part of multi-pattern rule is present within MAX_SEARCH_MARGIN from the line. Empty list (False) - otherwise.

credsweeper.scanner.scan_type.pem_key_pattern module

class credsweeper.scanner.scan_type.pem_key_pattern.PemKeyPattern[source]

Bases: ScanType

Check if line is a start of a PEM key.

Parameters:

  • ignore_starts – Leading lines in pem file that should be ignored

  • remove_characters – This characters would be striped from PEM lines before entropy check

classmethod detect_pem_key(config, rule, target)[source]

Detects PEM key in single line and with iterative for next lines according https://www.rfc-editor.org/rfc/rfc7468

Parameters:
Return type:

List[LineData]

Returns:

List of LineData with found PEM

ignore_starts = ['-----BEGIN', 'Proc-Type', 'Version', 'DEK-Info']
classmethod is_leading_config_line(line)[source]

Remove non-key lines from the beginning of a list.

Example lines with non-key leading lines:

Proc-Type: 4,ENCRYPTED
DEK-Info: DEK-Info: AES-256-CBC,2AA219GG746F88F6DDA0D852A0FD3211

ZZAWarrA1...
Parameters:

line (str) – Line to be checked

Return type:

bool

Returns:

True if the line is not a part of encoded data but leading config

pem_pattern_check: Optional[ValuePatternCheck] = None
re_value_pem = re.compile('(?P<value>([^-]*-----END[^-]+-----)|(([a-zA-Z0-9/+=]{64}.*)?[a-zA-Z0-9/+=]{4})+)')
remove_characters = ' \t\n\r\x0b\x0c\\\'";,[]#*'
remove_characters_plus = ' \t\n\r\x0b\x0c\\\'";,[]#*+'
classmethod run(config, rule, target)[source]

Check if target is a PEM key

Parameters:

  • config (Config) – user configs

  • rule (Rule) – Rule object to check current line. Should be a pem-pattern rule

  • target (AnalysisTarget) – Analysis target

Return type:

List[Candidate]

Returns:

List of Candidate objects if pattern defined in a rule is present in a line and filters defined in rule do not remove current line. Empty list - otherwise

classmethod sanitize_line(line, recurse_level=5)[source]

Remove common symbols that can surround PEM keys inside code.

Examples:

`# ZZAWarrA1`
`* ZZAWarrA1`
`  "ZZAWarrA1\n" + `
Parameters:

  • line (str) – Line to be cleaned

  • recurse_level (int) – to avoid infinite loop in case when removed symbol inside base64 encoded

Return type:

str

Returns:

line with special characters removed from both ends

wrap_characters = '\\\'";,[]#*'

credsweeper.scanner.scan_type.scan_type module

class credsweeper.scanner.scan_type.scan_type.ScanType[source]

Bases: ABC

Base class for all Scanners.

Scanner allow to check if regex pattern defined in a rule is present in a line.

classmethod filtering(config, target, line_data, filters)[source]

Check if line data should be removed based on filters.

If use_filters option is false, always return False

Parameters:

  • config (Config) – dict of credsweeper configuration

  • target (AnalysisTarget) – AnalysisTarget from which line_data was obtained

  • line_data (LineData) – Line data to check with filters

  • filters (List[Filter]) – Filters to use

Returns:

True if line_data should be removed. False otherwise. If use_filters option is false, always return False

Return type:

boolean

classmethod get_line_data_list(config, target, pattern, filters)[source]

Check if regex pattern is present in line, and line should not be removed by filters.

Parameters:

  • config (Config) – dict of credsweeper configuration

  • target (AnalysisTarget) – AnalysisTarget with all necessary data

  • pattern (Pattern) – Compiled regex object to be searched in line

  • filters (List[Filter]) – Filters to use

Return type:

List[LineData]

Returns:

List of LineData objects if pattern a line and filters do not remove current line. Empty otherwise

abstract classmethod run(config, rule, target)[source]

Check if regex pattern defined in a rule is present in a line.

Parameters:

  • config (Config) – user configs

  • rule (Rule) – Rule object to check current line

  • target (AnalysisTarget) – Analysis target

Return type:

List[Candidate]

Returns:

List of Candidate objects if pattern defined in a rule is present in a line and filters defined in rule do not remove current line. Empty list - otherwise

credsweeper.scanner.scan_type.single_pattern module

class credsweeper.scanner.scan_type.single_pattern.SinglePattern[source]

Bases: ScanType

Check if single line rule present in the line.

classmethod run(config, rule, target)[source]

Check if regex pattern defined in a rule is present in a line.

Parameters:

  • config (Config) – config object of user configs

  • rule (Rule) – Rule object to check current line

  • target (AnalysisTarget) – Analysis target

Return type:

List[Candidate]

Returns:

List of Candidate objects if pattern defined in a rule is present in a line and filters defined in rule do not remove current line. Empty list - otherwise

Module contents