MCPcopy
hub / github.com/BishopFox/jsluice / AllSecretMatchers

Function AllSecretMatchers

secret-matchers.go:91–166  ·  view source on GitHub ↗

AllSecretMatchers returns the default list of SecretMatchers

()

Source from the content-addressed store, hash-verified

89
90// AllSecretMatchers returns the default list of SecretMatchers
91func AllSecretMatchers() []SecretMatcher {
92
93 return []SecretMatcher{
94 awsMatcher(),
95 gcpKeyMatcher(),
96 firebaseMatcher(),
97 githubKeyMatcher(),
98
99 // REACT_APP_... containing objects
100 {"(object) @matches", func(n *Node) *Secret {
101
102 // disabled due to high false positive rate
103 return nil
104
105 o := n.AsObject()
106
107 hasReactAppKeys := false
108 for _, k := range o.GetKeys() {
109 if strings.HasPrefix(k, "REACT_APP_") {
110 hasReactAppKeys = true
111 break
112 }
113 }
114
115 if !hasReactAppKeys {
116 return nil
117 }
118
119 return &Secret{
120 Kind: "reactApp",
121 Data: o.AsMap(),
122 }
123 }},
124
125 // generic secrets
126 {"(pair) @matches", func(n *Node) *Secret {
127
128 // disabled due to very high false positive rate
129 // but left easy to enable for research purposes
130 return nil
131
132 key := n.ChildByFieldName("key")
133 if key == nil {
134 return nil
135 }
136
137 keyStr := strings.ToLower(key.RawString())
138 if !strings.Contains(keyStr, "secret") {
139 return nil
140 }
141
142 value := n.ChildByFieldName("value")
143 if value == nil || value.Type() != "string" {
144 return nil
145 }
146
147 data := map[string]string{
148 "key": value.RawString(),

Callers 1

GetSecretsMethod · 0.85

Calls 12

awsMatcherFunction · 0.85
gcpKeyMatcherFunction · 0.85
firebaseMatcherFunction · 0.85
githubKeyMatcherFunction · 0.85
AsObjectMethod · 0.80
GetKeysMethod · 0.80
ChildByFieldNameMethod · 0.80
RawStringMethod · 0.80
ContainsMethod · 0.80
ParentMethod · 0.80
AsMapMethod · 0.45
TypeMethod · 0.45

Tested by

no test coverage detected