Skip to content

Commit

Permalink
Add context to Artifactory encrypted token (#229)
Browse files Browse the repository at this point in the history
  • Loading branch information
@tsmithv11
tsmithv11 authored Nov 18, 2024
1 parent b6d2e92 commit 09e470f
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 11 deletions.
4 changes: 2 additions & 2 deletions detect_secrets/plugins/artifactory.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,6 @@ class ArtifactoryDetector(RegexBasedDetector):
# API token:
re.compile(r'(?:\s|=|:|"|^)AKC[a-zA-Z0-9]{10,200}(?:\s|"|$)'),
# Artifactory encrypted passwords begin with AP[A-Z]
# Password:
re.compile(r'(?<!AAAA[_\-\w]{7})(?:\s|=|:|"|^)AP[\dABCDEF][a-zA-Z0-9]{8,200}(?:\s|"|$)'),
# Keyword with Password:
re.compile(r'(?<!AAAA[_\-\w]{7})(?i:artif|jfrog|buildkit)(?:.{0,100}\n?){0,2}(?:\s|=|:|"|^)(AP[\dABCDEF][a-zA-Z0-9]{8,200})(?:\s|"|$)'),
]
19 changes: 10 additions & 9 deletions tests/plugins/artifactory_test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,18 +8,19 @@ class TestArtifactoryDetector:
@pytest.mark.parametrize(
'payload, should_flag',
[
('AP6xxxxxxxxxx', True),
('AP2xxxxxxxxxx', True),
('AP3xxxxxxxxxx', True),
('AP5xxxxxxxxxx', True),
('APAxxxxxxxxxx', True),
('APBxxxxxxxxxx', True),
('artifactory = AP6xxxxxxxxxx', True),
('artifactory = ap6xxxxxxxxxx', False),
('artif \n key=AP2xxxxxxxxxx', True),
('jfrog AP3xxxxxxxxxx', True),
('jfrog AP5xxxxxxxxxx', True),
('jfrog APAxxxxxxxxxx', True),
('jfrog APBxxxxxxxxxx', True),
('AKCxxxxxxxxxx', True),
(' AP6xxxxxxxxxx', True),
('jfrog_secret=AP6xxxxxxxxxx', True),
(' AKCxxxxxxxxxx', True),
('=AP6xxxxxxxxxx', True),
('artifactory_secret=AP6xxxxxxxxxx', True),
('=AKCxxxxxxxxxx', True),
('\"AP6xxxxxxxxxx\"', True),
('artif \"AP6xxxxxxxxxx\"', True),
('\"AKCxxxxxxxxxx\"', True),
('artif-key:AP6xxxxxxxxxx', True),
('artif-key:AKCxxxxxxxxxx', True),
Expand Down

0 comments on commit 09e470f

Please sign in to comment.