Merge branch 'master' into bug/kics/865

Checkmarx · Jul 19, 2023 · 1cf7740 · 1cf7740
2 parents cac2831 + 8e2b2c5
commit 1cf7740
Show file tree

Hide file tree

Showing 13 changed files with 1,341 additions and 208 deletions.
diff --git a/assets/queries/common/passwords_and_secrets/regex_rules.json b/assets/queries/common/passwords_and_secrets/regex_rules.json
@@ -50,9 +50,9 @@
     {
       "id": "51b5b840-cd0c-4556-98a7-fe5f4def80cf",
       "name": "Asymmetric private key",
-      "regex": "-----BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----(\\s*([A-Za-z0-9+,:\\-\\/=\\n\\r]+))+\\s*-----END ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----",
+      "regex": "-----BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----\\s*(([A-Za-z0-9+,:\\-\\/=\\n\\r]+\\s*)+)-----END ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----",
       "multiline": {
-        "detectLineGroup": 5
+        "detectLineGroup": 4
       },
       "entropies": [
         {
@@ -65,8 +65,12 @@
     },
     {
       "id": "a007a85e-a2a7-4a81-803a-7a2ca0c65abb",
-      "name": "Putty Private Key",
-      "regex": "PuTTY-User-Key-File-2"
+      "name": "Putty User Key File Content",
+      "regex": "PuTTY-User-Key-File-\\d: ([\\w\\d-:\\n\\s+/=]+Private-MAC: [\\d\\w\"]+)",
+      "multiline": {
+        "detectLineGroup": 1
+      },
+      "specialMask": "all"
     },
     {
       "id": "c4d3b58a-e6d4-450f-9340-04f1e702eaae",

diff --git a/assets/queries/common/passwords_and_secrets/test/positive_expected_result.json b/assets/queries/common/passwords_and_secrets/test/positive_expected_result.json
@@ -312,7 +312,7 @@
     "fileName": "positive35.yaml"
   },
   {
-    "queryName": "Passwords And Secrets - Putty Private Key",
+    "queryName": "Passwords And Secrets - Putty User Key File Content",
     "severity": "HIGH",
     "line": 5,
     "fileName": "positive36.tf"
@@ -350,7 +350,7 @@
   {
     "queryName": "Passwords And Secrets - Asymmetric private key",
     "severity": "HIGH",
-    "line": 7,
+    "line": 6,
     "fileName": "positive41.tf"
   },
   {

diff --git a/e2e/fixtures/samples/panicYamlRef/data.yaml b/e2e/fixtures/samples/panicYamlRef/data.yaml
@@ -0,0 +1,7 @@
+# data.yaml
+# This is a malformed YAML file contains a list of items.
+
+- item1
+item2
+- item3
+- item4
diff --git a/e2e/fixtures/samples/panicYamlRef/file1.yaml b/e2e/fixtures/samples/panicYamlRef/file1.yaml
@@ -0,0 +1,6 @@
+# file1.yaml 
+# This is a simple YAML file that references the second file. 
+
+
+data_file: 
+    $ref: "data.yaml"