Adding multiple signatures (#58)

* Adding multiple signatures * Adding path formatting for windows user Co-authored-by: git <stanislas.molveau@michelin.com>
eth0izzle · Jul 27, 2020 · c263e06 · c263e06 · Shay-yes · Dec 5, 2020
1 parent 270327c
commit c263e06
Show file tree

Hide file tree

Showing 2 changed files with 88 additions and 4 deletions.
diff --git a/config.yaml b/config.yaml
@@ -281,9 +281,6 @@ signatures:
   - part:  'filename'
     regex: '^\.?env$'
     name: 'Environment configuration file'
-  - part:  'contents'
-    regex: '-----BEGIN [EC|RSA|DSA|OPENSSH] PRIVATE KEY----'
-    name: 'Contains a private key'
   - part: 'contents'
     regex: '(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'
     name: 'AWS Access Key ID Value'
@@ -380,3 +377,90 @@ signatures:
   - part:  'contents'
     regex: 'hawk\.[0-9A-Za-z\-_]{20}\.[0-9A-Za-z\-_]{20}'
     name: 'StackHawk API Key'
+  - part:  'extension'
+    match: '.ppk'
+    name: 'Potential PuTTYgen private key'
+  - part:  'filename'
+    match: 'heroku.json'
+    name: 'Heroku config file'
+  - part:  'extension'
+    match: '.sqldump'
+    name: 'SQL Data dump file'
+  - part:  'filename'
+    match: 'dump.sql'
+    name: 'MySQL dump w/ bcrypt hashes'
+  - part:  'filename'
+    match: 'id_rsa_pub'
+    name: 'Public ssh key'
+  - part: 'filename'
+    match: 'mongoid.yml'
+    name: 'Mongoid config file'
+  - part: 'filename'
+    match: 'salesforce.js'
+    name: 'Salesforce credentials in a nodejs project'
+  - part: 'extension'
+    match: '.netrc'
+    name: 'netrc with SMTP credentials'
+  - part:  'filename'
+    regex: '.remote-sync.json$'
+    name: 'Created by remote-sync for Atom, contains FTP and/or SCP/SFTP/SSH server details and credentials'
+  - part:  'filename'
+    regex: '.esmtprc$'
+    name: 'esmtp configuration'
+  - part:  'filename'
+    regex: '^deployment-config.json?$'
+    name: 'Created by sftp-deployment for Atom, contains server details and credentials'
+  - part:  'filename'
+    regex: '.ftpconfig$'
+    name: 'Created by sftp-deployment for Atom, contains server details and credentials'
+  - part: 'contents'
+    regex: '-----BEGIN (EC|RSA|DSA|OPENSSH|PGP) PRIVATE KEY'
+    name: 'Contains a private key'
+  - part: 'contents'
+    regex: 'define(.{0,20})?(DB_CHARSET|NONCE_SALT|LOGGED_IN_SALT|AUTH_SALT|NONCE_KEY|DB_HOST|DB_PASSWORD|AUTH_KEY|SECURE_AUTH_KEY|LOGGED_IN_KEY|DB_NAME|DB_USER)(.{0,20})?[''|"].{10,120}[''|"]'
+    name: 'WP-Config'
+  - part: 'contents'
+    regex: '(?i)(aws_access_key_id|aws_secret_access_key)(.{0,20})?=.[0-9a-zA-Z\/+]{20,40}'
+    name: 'AWS cred file info'
+  - part: 'contents'
+    regex: '(?i)(facebook|fb)(.{0,20})?(?-i)[''\"][0-9a-f]{32}[''\"]'
+    name: 'Facebook Secret Key'
+  - part: 'contents'
+    regex: '(?i)(facebook|fb)(.{0,20})?[''\"][0-9]{13,17}[''\"]'
+    name: 'Facebook Client ID'
+  - part: 'contents'
+    regex: '(?i)twitter(.{0,20})?[''\"][0-9a-z]{35,44}[''\"]'
+    name: 'Twitter Secret Key'
+  - part: 'contents'
+    regex: '(?i)twitter(.{0,20})?[''\"][0-9a-z]{18,25}[''\"]'
+    name: 'Twitter Client ID'
+  - part: 'contents'
+    regex: '(?i)github(.{0,20})?(?-i)[''\"][0-9a-zA-Z]{35,40}[''\"]'
+    name: 'Github Key'
+  - part: 'contents'
+    regex: '(?i)heroku(.{0,20})?[''"][0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}[''"]'
+    name: 'Heroku API key'
+  - part: 'contents'
+    regex: '(?i)linkedin(.{0,20})?(?-i)[''\"][0-9a-z]{12}[''\"]'
+    name: 'Linkedin Client ID'
+  - part: 'contents'
+    regex: '(?i)linkedin(.{0,20})?[''\"][0-9a-z]{16}[''\"]'
+    name: 'LinkedIn Secret Key'
+  - part: 'path'
+    regex: '\.?idea[\\\/]WebServers.xml$'
+    name: 'Created by Jetbrains IDEs, contains webserver credentials with encoded passwords (not encrypted!)'
+  - part: 'path'
+    regex: '\.?vscode[\\\/]sftp.json$'
+    name: 'Created by vscode-sftp for VSCode, contains SFTP/SSH server details and credentials'
+  - part:  'path'
+    regex: 'web[\\\/]ruby[\\\/]secrets.yml'
+    name: 'Ruby on rails secrets.yml file (contains passwords)'
+  - part:  'path'
+    regex: '\.?docker[\\\/]config.json$'
+    name: 'Docker registry authentication file'
+  - part:  'path'
+    regex: 'ruby[\\\/]config[\\\/]master.key$'
+    name: 'Rails master key (used for decrypting credentials.yml.enc for Rails 5.2+)'
+  - part:  'path'
+    regex: '\.?mozilla[\\\/]firefox[\\\/]logins.json$'
+    name: 'Firefox saved password collection (can be decrypted using keys4.db)'
diff --git a/core/match.go b/core/match.go
@@ -15,6 +15,7 @@ type MatchFile struct {
 }
 
 func NewMatchFile(path string) MatchFile {
+	path = filepath.ToSlash(path)
 	_, filename := filepath.Split(path)
 	extension := filepath.Ext(path)
 	contents, _ := ioutil.ReadFile(path)
@@ -68,7 +69,6 @@ func GetMatchingFiles(dir string) []MatchFile {
 		if err != nil || f.IsDir() || uint(f.Size()) > maxFileSize || IsSkippableFile(path) {
 			return nil
 		}
-
 		fileList = append(fileList, NewMatchFile(path))
 		return nil
 	})