Improving RabbitMQ regex (removing new lines and spaces) from secret#548
Conversation
|
|
||
| ## Unreleased | ||
|
|
||
| - FPC: Improving RabbitMQ regex (removing new lines and spaces) from secret. |
| $SEC101/038.PostgreSqlCredentialsAdoResource=(?i)(?:database|db|dbname)\s*=\s*(?P<resource>[^,;"'<\s\n]+)(?:[,;"'<\s\n]|$) | ||
|
|
||
| $SEC101/041.RabbitMqCredentials=(?i)amqps?:\/\/(?P<id>[^:]+):(?P<secret>[^@]+)@(?P<host>[\w_\-\:]+)\/(?P<resource>[\w]+)(?:[^0-9a-z]|$) | ||
| $SEC101/041.RabbitMqCredentials=(?i)amqps?:\/\/(?P<id>[^:]+):(?P<secret>[^@\s\n]+)@(?P<host>[\w_\-\:]+)\/(?P<resource>[\w]+)(?:[^0-9a-z]|$) |
There was a problem hiding this comment.
just synced my environments and pushed two :)
| $SEC101/038.PostgreSqlCredentialsAdoResource=(?i)(?:database|db|dbname)\s*=\s*(?P<resource>[^,;"'<\s\n]+)(?:[,;"'<\s\n]|$) | ||
|
|
||
| $SEC101/041.RabbitMqCredentials=(?i)amqps?:\/\/(?P<id>[^:]+):(?P<secret>[^@]+)@(?P<host>[\w_\-\:]+)\/(?P<resource>[\w]+)(?:[^0-9a-z]|$) | ||
| $SEC101/041.RabbitMqCredentials=(?i)amqps?:\/\/(?P<id>[^:]+):(?P<secret>[^@\s\n]+)@(?P<host>[\w_\-\:]+)\/(?P<resource>[\w]+)(?:[^0-9a-z]|$) |
There was a problem hiding this comment.
Can we please take a change to the fingerprint class where it throws any exception if anyone introduces newline characters into it? generally, that shouldn't happen, right? this will raise visibility on this class of defect.
remember, spot-fixing a single bug is good. taking a change that allows you to identify every instance of this bug now and moving forward is much better.
There was a problem hiding this comment.
I rather do this in a separate PR because that can break many other things.
Also, i was just thinking about that, like where should we throw the exception.
| $SEC101/038.PostgreSqlCredentialsAdoResource=(?i)(?:database|db|dbname)\s*=\s*(?P<resource>[^,;"'<\s\n]+)(?:[,;"'<\s\n]|$) | ||
|
|
||
| $SEC101/041.RabbitMqCredentials=(?i)amqps?:\/\/(?P<id>[^:]+):(?P<secret>[^@]+)@(?P<host>[\w_\-\:]+)\/(?P<resource>[\w]+)(?:[^0-9a-z]|$) | ||
| $SEC101/041.RabbitMqCredentials=(?i)amqps?:\/\/(?P<id>[^:]+):(?P<secret>[^@\s\n]+)@(?P<host>[\w_\-\:]+)\/(?P<resource>[\w]+)(?:[^0-9a-z]|$) |
There was a problem hiding this comment.
you are write. \s already includes \n.
There was a problem hiding this comment.
I will also create a new new pr refactoring the rules that contains \n and \s.
Changes
Please provide a brief description of the changes here.
For significant contributions please make sure you have completed the following items:
ReleaseHistory.mdupdated for non-trivial changes