From 4790471523cd97f375b07f8fc83c98daa73733f6 Mon Sep 17 00:00:00 2001 From: Eddy Nakamura Date: Wed, 8 Sep 2021 16:45:54 -0300 Subject: [PATCH 1/3] Improving MongoDB regular expression --- .../Security/Security.SharedStrings.txt | 2 +- .../SEC101_033.MongoDbCredentials.sarif | 51 +++++++++++++++++-- .../Inputs/SEC101_033.MongoDbCredentials.ps1 | 11 ++-- 3 files changed, 56 insertions(+), 8 deletions(-) diff --git a/Src/Plugins/Security/Security.SharedStrings.txt b/Src/Plugins/Security/Security.SharedStrings.txt index 40cfea2a..fa01416a 100644 --- a/Src/Plugins/Security/Security.SharedStrings.txt +++ b/Src/Plugins/Security/Security.SharedStrings.txt @@ -90,7 +90,7 @@ $SEC101/025.SendGridApiKey=(?:[^S]|^)(?PSG\.(?i)[0-9a-z\-_]{22}\.(?i)[0-9a-z\-_]{43})(?:[^0-9a-z\-_]|$) $SEC101/027.MailChimpApiKey=(?:[^0-9a-f]|^)(?P[0-9a-f]{32}-us[0-9]{12}) $SEC101/029.AlibabaCloudCredentials=(?:[^L]|^)(?PLTAI(?i)(?:[0-9a-z]{12}|[0-9a-z]{20}))(?:[^0-9a-z]|$)(?s).{0,50}(?-s)(?:[^\w]|^)(?P[\w]{30})(?:[^\w]|$) - $SEC101/033.MongoDbCredentials=(?i)mongodb(?:[^:]{0,50})?:\/\/(?P[0-9a-z]+):(?P[^@\s]{1,200})@(?P[^\/;"<]+) + $SEC101/033.MongoDbCredentials=(?i)mongodb(?:[^:]{0,50})?:\/\/(?P[0-9a-z]+):(?P[^@\s]{1,200})@(?P[^\/;"<\s,]+) $SEC101/035.CloudantCredentialsPython=(?si)cloudant\s*\(\s*"(?P[\w-]+)"\s*\,\s*"(?P[\w]{64})"\s*\,\s*.{0,200}url=\s*"https:\/\/(?P[\w.-]+)\.(?Pcloudantnosqldb\.appdomain\.cloud|cloudant\.com) $SEC101/035.CloudantCredentialsJson=(?si)apiKey"[^"]+"(?P[\w-]+)".{1,100}[^0-9a-z\.-](?P[0-9a-z\.-]{32,44})\.(?Pcloudantnosqldb\.appdomain\.cloud|cloudant\.com) $SEC101/035.CloudantCredentialsUrl=(?i)https:\/\/(?P[^:]+):(?P[\w]{64}|[a-z]{24})@[\w-]+\.(?Pcloudantnosqldb\.appdomain\.cloud|cloudant\.com) diff --git a/Src/Plugins/Tests.Security/TestData/SecurePlaintextSecrets/ExpectedOutputs/SEC101_033.MongoDbCredentials.sarif b/Src/Plugins/Tests.Security/TestData/SecurePlaintextSecrets/ExpectedOutputs/SEC101_033.MongoDbCredentials.sarif index eae1a4b3..17a1e643 100644 --- a/Src/Plugins/Tests.Security/TestData/SecurePlaintextSecrets/ExpectedOutputs/SEC101_033.MongoDbCredentials.sarif +++ b/Src/Plugins/Tests.Security/TestData/SecurePlaintextSecrets/ExpectedOutputs/SEC101_033.MongoDbCredentials.sarif @@ -244,10 +244,10 @@ }, "region": { "startLine": 12, - "startColumn": 77, + "startColumn": 73, "endLine": 12, - "endColumn": 85, - "charOffset": 521, + "endColumn": 81, + "charOffset": 509, "charLength": 8, "snippet": { "text": "password" @@ -264,6 +264,51 @@ "ValidationFingerprint/v2": "{\"host\":\"localhost:55555\",\"id\":\"dbuser5\",\"secret\":\"password\"}" }, "rank": 39.29 + }, + { + "ruleId": "SEC101/033", + "ruleIndex": 0, + "level": "note", + "message": { + "id": "Default", + "arguments": [ + "passwo…", + "an apparent ", + "", + "MongoDb credential", + "", + "" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "src/Plugins/Tests.Security/TestData/SecurePlaintextSecrets/Inputs/SEC101_033.MongoDbCredentials.ps1", + "uriBaseId": "SRC_ROOT" + }, + "region": { + "startLine": 15, + "startColumn": 19, + "endLine": 15, + "endColumn": 27, + "charOffset": 635, + "charLength": 8, + "snippet": { + "text": "password" + } + } + } + } + ], + "fingerprints": { + "AssetFingerprint/v1": "[host=localhost:66666][id=dbuser6]", + "ValidationFingerprint/v1": "[host=localhost:66666][id=dbuser6][secret=password]", + "ValidationFingerprintHash/v1": "b41667ffee48a881da9e8d951d3ffa05738ffabd3fca2ee2ee55622f649d1318", + "AssetFingerprint/v2": "{\"host\":\"localhost:66666\",\"id\":\"dbuser6\"}", + "ValidationFingerprint/v2": "{\"host\":\"localhost:66666\",\"id\":\"dbuser6\",\"secret\":\"password\"}" + }, + "rank": 39.29 } ], "columnKind": "utf16CodeUnits" diff --git a/Src/Plugins/Tests.Security/TestData/SecurePlaintextSecrets/Inputs/SEC101_033.MongoDbCredentials.ps1 b/Src/Plugins/Tests.Security/TestData/SecurePlaintextSecrets/Inputs/SEC101_033.MongoDbCredentials.ps1 index 2c33c19d..e94f71f8 100644 --- a/Src/Plugins/Tests.Security/TestData/SecurePlaintextSecrets/Inputs/SEC101_033.MongoDbCredentials.ps1 +++ b/Src/Plugins/Tests.Security/TestData/SecurePlaintextSecrets/Inputs/SEC101_033.MongoDbCredentials.ps1 @@ -7,7 +7,10 @@ mongodb+srv://dbuser2:@database.com/ mongodb+srv://dbuser4:@database.com - - - - \ No newline at end of file + + + + + +mongodb://dbuser6:password@localhost:66666, +mongodb://localhost:77777, \ No newline at end of file From 90b4f9e548a7f27f229c27ab3e8a46467e95c773 Mon Sep 17 00:00:00 2001 From: Eddy Nakamura Date: Wed, 8 Sep 2021 16:52:07 -0300 Subject: [PATCH 2/3] Updating releaseHistory --- Src/ReleaseHistory.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Src/ReleaseHistory.md b/Src/ReleaseHistory.md index 066d97fb..1f1fb41f 100644 --- a/Src/ReleaseHistory.md +++ b/Src/ReleaseHistory.md @@ -18,10 +18,13 @@ - FPC: Improving RabbitMQ regex (removing new lines and spaces) from secret. [#548](https://github.com/microsoft/sarif-pattern-matcher/pull/548) -- FPC: Normalizing regular expressions (`\s\n` got replaced by `\s`). Rules +- FPC: Normalizing regular expressions (`\s\n` got replaced by `\s`). Rules `SEC101/036.MySqlCredential`, `SEC101/037.SqlCredentials`, `SEC101/038.PostgreSqlCredentials` won't accept spaces in `id` and `secret`. [#550](https://github.com/microsoft/sarif-pattern-matcher/pull/550) +- FPC: Improving MongoDB regular expression removing hosts that contain `\s` or + `,` characters. + [#554](https://github.com/microsoft/sarif-pattern-matcher/pull/554) ## v1.5.0-alpha-0117-g136d47026e From 273b90c9e72addd2d4904f2913c810fcf9487f78 Mon Sep 17 00:00:00 2001 From: Eddy Nakamura Date: Wed, 8 Sep 2021 16:54:35 -0300 Subject: [PATCH 3/3] Updating releaseHistory --- Src/ReleaseHistory.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Src/ReleaseHistory.md b/Src/ReleaseHistory.md index 1f1fb41f..29646184 100644 --- a/Src/ReleaseHistory.md +++ b/Src/ReleaseHistory.md @@ -22,8 +22,8 @@ `SEC101/036.MySqlCredential`, `SEC101/037.SqlCredentials`, `SEC101/038.PostgreSqlCredentials` won't accept spaces in `id` and `secret`. [#550](https://github.com/microsoft/sarif-pattern-matcher/pull/550) -- FPC: Improving MongoDB regular expression removing hosts that contain `\s` or - `,` characters. +- FPC: Eliminate whitespace and commas from MongoDB match candidates (and + resulting fingerprints). [#554](https://github.com/microsoft/sarif-pattern-matcher/pull/554) ## v1.5.0-alpha-0117-g136d47026e