Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

added changes for github and slack token #512

Merged
merged 6 commits into from
Sep 2, 2024

Conversation

gr8nishan
Copy link
Collaborator

@gr8nishan gr8nishan commented Aug 28, 2024

Added a new pii for Github Fine Grained Token
"""\b((?:github_pat)[a-zA-Z0-9]{36,255})\b"""

Adding github_pat as mentioned here and based on test data we created.

Slack
Changed from - """(xoxb|xoxp|xapp|xoxa|xoxr)-[0-9]{10,13}-[a-zA-Z0-9-]"""
To - """(xoxb|xoxp|xapp|xoxa|xoxr|xoxo|xoxs|xoxe)-[0-9]{10,13}-[a-zA-Z0-9-]
"""

Adding as mentioned here

Google API
Changed from - """(?i)(?:youtube)(?:.|[\n\r]){0,40}\bAIza[0-9A-Za-z-]{35}\b"""
To - """\bAIza[0-9A-Za-z-
]{35}\b
Changing as mentioned here

Reducing confidence score from 0.8 to 0.4 for
Github token
Github Finegrained Token
Google API Key

This is done to support format like

"Git":"value"
"Pat":"value"
Git:value
Key:value
key-value

Check images
With Confidence = 0.8

Screenshot 2024-08-30 at 5 53 53 PM

With Confidence = 0.4

Screenshot 2024-08-30 at 5 47 37 PM

@gr8nishan gr8nishan requested a review from Raj725 August 30, 2024 05:32
Raj725
Raj725 previously approved these changes Aug 30, 2024
Copy link
Collaborator

@Raj725 Raj725 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM if false positives are acceptable

@@ -5,12 +5,12 @@
"""

regex_secrets_patterns = {
"github-token": r"""\b((?:ghp|gho|ghu|ghs|ghr)_[a-zA-Z0-9]{36,255})\b""",
"slack-token": r"""(xoxb|xoxp|xapp|xoxa|xoxr)\-[0-9]{10,13}\-[a-zA-Z0-9\-]*""",
"github-token": r"""((?:ghp|gho|ghu|ghs|ghr|github_pat)_[a-zA-Z0-9_]{36,255})""",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

False Positives: In addition to matching existing token patterns, the new github-token regex will also match new patterns that include underscores, which could lead to false positives.

For example, it might incorrectly match strings like ghp_1234567890abcdef1234567890abcdef1234_extra or ghp_12345_67890_abcdef_12345_67890_abcdef, which may not be valid tokens.

@gr8nishan gr8nishan merged commit 7680e56 into daxa-ai:main Sep 2, 2024
16 checks passed
@gr8nishan gr8nishan deleted the github_token_range_change branch September 2, 2024 04:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants