swisskyrepo
/
Vulny-Code-Static-Analysis
mirror of https://github.com/swisskyrepo/Vulny-Code-Static-Analysis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Vulny-Code-Static-Analysis/semgrep/detected-private-key.yaml

28 lines
864 B
YAML
Raw Blame History

rules:
- id: detected-private-key
patterns:
- pattern-either:
- patterns:
- pattern:
-----BEGIN $TYPE PRIVATE KEY-----
$KEY
- metavariable-regex:
metavariable: $TYPE
regex: (?i)([dr]sa|ec|openssh|encrypted)?
- patterns:
- pattern: |
-----BEGIN PRIVATE KEY-----
$KEY
- metavariable-analysis:
metavariable: $KEY
analyzer: entropy
languages: [generic]
message: Private Key detected. This is a sensitive credential and should not be hardcoded here. Instead, store this in a separate, private file.
severity: ERROR
metadata:
source-rule-url: https://github.com/grab/secret-scanner/blob/master/scanner/signatures/pattern.go
category: security
technology:
- secrets
confidence: MEDIUM
Reference in New Issue View Git Blame Copy Permalink