Feature/intercom token detection#2
Merged
Merged
Conversation
- Add Slack token pattern (xoxb, xoxa, xoxp, xoxr, xoxs) - Add Discord webhook URL pattern - Add Telegram bot token pattern - Add Azure Key Vault pattern - Add personal access token pattern - Add corresponding test cases for all new patterns
- Add hardcoded password pattern detection - Add connection string pattern detection - Add API key header pattern detection - Add authorization header pattern detection - Add webhook URL pattern detection - Add corresponding test cases for all new patterns
- Add SARIFReporter struct implementing Reporter interface - Add SARIF format structures (Report, Run, Tool, Rule, Result, Location) - Update main.go to support sarif output format option - Add test for SARIF reporter
- Add support for .env, .env.local, .env.production, .env.development, .env.test - Add .envrc file detection - Add secure-push config file detection - Add test cases for new config file patterns
- Add .envrc file detection - Add .env.sample file detection - Add test cases for new env file patterns
- Add Redis, MSSQL, Oracle database URL tests - Add password with double quotes and without quotes tests - Add pwd and passwd pattern tests
- Add multiple slack tokens test - Add more edge case tests for auth patterns
- Add .env.sample, .envrc uppercase, and mixed case tests - Add more config file pattern tests
- Add .envrc mixed case and uppercase tests - Add .envrc.production test - Add .env.example and .env.sample tests
- Add .envrc.development and .envrc.test tests - Add secure-push config uppercase tests - Add config yaml in nested path test
- Add BenchmarkAuthDetector - Add BenchmarkSecretsDetector - Add BenchmarkEnvDetector - Add BenchmarkConfigDetector - Update integration test for multiple detectors
- Add Formula/secure-push.rb for Homebrew installation - Support for darwin amd64, darwin arm64, linux amd64, linux arm64
- Add package.json with extension configuration - Add extension.ts with scan workspace command - Add tsconfig.json for TypeScript compilation
- Add Slack, Discord, Telegram, Azure, PAT token detectors - Add hardcoded password and connection string patterns - Add SARIF reporter, Homebrew formula, VS Code extension
- Add Slack, Discord, Telegram, Azure, PAT token patterns - Add hardcoded password and connection string patterns - Add database URL patterns (Redis, MSSQL, Oracle)
- Add SARIF output example - Add list of supported tools (GitHub, Azure DevOps, GitLab, VS Code)
- Add scanner.yml workflow for CI/CD integration - Support SARIF output for GitHub Code Scanning
- Add release.yml for automated releases - Support for linux, darwin, and windows platforms - Support for amd64 and arm64 architectures
- Document console, json, csv, and sarif output formats - Add examples for each format type
- Add release workflow to Changed section - Add Fixed section for bug fixes - Add Security section for test coverage
- Add wsl linter for whitespace rules - Add wrapcheck linter for error wrapping - Add zerologlint for logging best practices
- Prevent resource exhaustion with max 100 concurrent file scans - Improve memory usage for large codebases
- Reduce memory allocations for binary file checks - Improve performance for large codebases with many files
- Add GetFileInfo function to reduce code duplication - Enable better file info caching in future optimizations
- Add test cases for existing and nonexistent files - Ensure proper error handling for file info retrieval
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
+10
to
+55
| runs-on: ubuntu-latest | ||
| strategy: | ||
| matrix: | ||
| os: [ubuntu-latest, macos-latest, windows-latest] | ||
| goarch: [amd64, arm64] | ||
| goos: [linux, darwin, windows] | ||
| exclude: | ||
| - goos: windows | ||
| goarch: arm64 | ||
| - goos: darwin | ||
| goarch: arm64 | ||
| os: ubuntu-latest | ||
| - goos: linux | ||
| goarch: arm64 | ||
| os: macos-latest | ||
| - goos: darwin | ||
| goarch: amd64 | ||
| os: ubuntu-latest | ||
| - goos: linux | ||
| goarch: amd64 | ||
| os: macos-latest | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - name: Setup Go | ||
| uses: actions/setup-go@v5 | ||
| with: | ||
| go-version-file: 'go.mod' | ||
| with-cache: true | ||
|
|
||
| - name: Build | ||
| run: | | ||
| EXT='' | ||
| if [ "${{ matrix.goos }}" = "windows" ]; then | ||
| EXT='.exe' | ||
| fi | ||
| go build -o secure-push${EXT} ./cmd/secure-push | ||
|
|
||
| - name: Upload Artifact | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: secure-push-${{ matrix.goos }}-${{ matrix.goarch }} | ||
| path: secure-push${{ matrix.goos === 'windows' && '.exe' || '' }} | ||
|
|
||
| release: |
Comment on lines
+11
to
+28
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Run Secure Push Scanner | ||
| uses: secure-push/secure-push-action@v1 | ||
| with: | ||
| path: '.' | ||
| output: 'sarif' | ||
| sarif_file: 'results.sarif' | ||
|
|
||
| - name: Upload SARIF to GitHub Code Scanning | ||
| uses: github/codeql-action/upload-sarif@v3 | ||
| with: | ||
| sarif_file: 'results.sarif' | ||
| category: 'secure-push' No newline at end of file |
| stripeApiKeyPattern = regexp.MustCompile(`(sk|pk)_(live|test)_[0-9a-zA-Z]{24,}`) | ||
| sendgridApiKeyPattern = regexp.MustCompile(`SG\.[0-9A-Za-z\-_]{22}\.[0-9A-Za-z\-_]{43}`) | ||
| slackTokenPattern = regexp.MustCompile(`xox[baprs]-[A-Za-z0-9\-_]{10,}`) | ||
| discordWebhookPattern = regexp.MustCompile(`https://discord\.com/api/webhooks/[0-9]+/[A-Za-z0-9\-_]+`) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Describe the changes in this PR.
Which detectors does it affect?
Testing done
Checklist
Screenshots (if applicable)
Add screenshots to help explain your changes.