gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-05 20:40:16 -08:00
Code Issues Packages Projects Releases Wiki Activity

feat(secret): add built-in rule for JWT tokens (#5480)

Browse Source
This commit is contained in:
very-doge-wow
2023-11-09 02:34:52 +01:00
committed by GitHub
parent 91fc8dac92
commit 2f5afa5f29
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/fanal/secret/builtin-rules.go
View File

@@ -49,6 +49,7 @@ var (
CategoryHubSpot = types.SecretRuleCategory("HubSpot")
CategoryIntercom = types.SecretRuleCategory("Intercom")
CategoryIonic = types.SecretRuleCategory("Ionic")
CategoryJWT = types.SecretRuleCategory("JWT")
CategoryLinear = types.SecretRuleCategory("Linear")
CategoryLob = types.SecretRuleCategory("Lob")
CategoryMailchimp = types.SecretRuleCategory("Mailchimp")
@@ -562,6 +563,14 @@ var builtinRules = []Rule{
Regex: MustCompile(`(?i)(ionic[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](ion_[a-z0-9]{42})['\"]`),
Keywords: []string{"ionic"},
},
{
ID: "jwt-token",
Category: CategoryJWT,
Title: "JWT token",
Severity: "MEDIUM",
Regex: MustCompile(`ey[a-zA-Z0-9]{17,}\.ey[a-zA-Z0-9\/\\_-]{17,}\.(?:[a-zA-Z0-9\/\\_-]{10,}={0,2})?`),
Keywords: []string{"jwt"},
},
{
ID: "linear-api-token",
Category: CategoryLinear,