Merge pull request #3 from github/Shaeli-patch-1

Update default rules to add JWT and private keys

README.md

@@ -76,6 +76,8 @@ A few examples of these patterns are:
 
 - GitHub Personal Access Tokens
 - GitHub Temporary Actions Tokens
+- RSA Private Keys
+- JWT Tokens
 
 You can disable these default patterns with:
 

lib/patterns/default.rb

@@ -5,6 +5,8 @@ module Patterns
   DEFAULT = [
     /ghp_[A-Za-z0-9]{36,}|[0-9A-Fa-f]{40,}/, # GitHub Personal Access Token
     /github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59}/, # GitHub Personal Access Token (fine-grained)
-    /ghs_[a-zA-Z0-9]{36}/ # Temporary GitHub Actions Tokens
+    /ghs_[a-zA-Z0-9]{36}/, # Temporary GitHub Actions Tokens
+    /\b(ey[a-zA-Z0-9]{17,}\.ey[a-zA-Z0-9\/\\_-]{17,}\.(?:[a-zA-Z0-9\/\\_-]{10,}={0,2})?)(?:['|\"|\n|\r|\s|\x60|;]|$)/, # JWT tokens
+    /(?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY( BLOCK)?-----[\s\S-]*KEY( BLOCK)?----/ # private keys
   ].freeze
 end

lib/version.rb

@@ -2,6 +2,6 @@
 
 module RedactingLogger
   module Version
-    VERSION = "0.3.0"
+    VERSION = "1.0.0"
   end
 end

spec/fixtures/fake.private_key

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWgIBAAKBgGoYIuq9HddnNIqkdZODTLvo/XACp39SprGGpG3DdozcKr9f3Zyg
+AOrF898TvUaxjIPp7roLpNKH6uyK/mHGwESiM1hVT/KK2YUb0Urwc2hNSCoN9nn4
+hN5tSXRh1P0PCjYC8oJhHfvrgEUrAvBnLx1RKJ6cG0OSbBk+y16lEZSbAgMBAAEC
+gYBovuu6Vnzf7kUxnK14tmlMHPwbWoOEcVWicAxnUlP5PmX2C/AAcvh00nu0Awkc
+gq74jj3j8RsJwKdwYspEPrYTx6Qi+mtTfDAwXkJNWFQCKI3RtGF51fbvj3GL/tcZ
+mdMdhSMqZFgOgPcaYxpRIx+q2NDj8wBdSnEsmlidcH/2AQJBAKUpFqGI2oG4y9Ed
+hw1V9XyLna1wNZq96Ua9k+YW/Y6MO/pEzEgUxNgF5/tSIVoAgHqw41Y7mWwt1yP/
+jkTC+c0CQQCkcmmW2sokdeF+6ssgAf8cIZqMYZ8ND9yQQlYJZ01MZ/s0OpBWz4jD
+8kePMoBP1nBNPgLq03IlbSNrjQya78AHAkAdRBujghmeFP3gz0eoIExAxoipPBHz
+mqVkiKFVi0tg4A6cuWYte6ip0toZmaMZTK93jjKqjCMSnUjbMySloJsdAkBWu9mh
+LUiMrnf+vsvf1+274qVnAV4oP4Nvuu0yDIAimn1N8M2MW+2gm7rOdi5i7ZFRzDEx
+tdBwmP2jjkNlvKolAkBa/x6jUiLhPMlypTpJvwJdYd7E/w8zEctSSXq6xbrZjUfT
+who52YgHVfGnCNkgrjnCSAswsFbJ8d5vLijGFcXM
+-----END RSA PRIVATE KEY-----

spec/lib/redacting_logger_spec.rb

@@ -132,5 +132,27 @@
 
       expect(log_output).to match(/Custom token: token_ABCD/)
     end
+
+    it "redacts a JWT token" do
+      # this is a dummy JWT token, but it is the correct length and format
+      token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
+
+      logger.info("JWT token: #{token}")
+
+      logdev.rewind
+      log_output = logdev.read
+
+      expect(log_output).to match(/JWT token: \[REDACTED\]/)
+    end
+
+    it "redacts a RSA private key" do
+      fake_private_key = File.read("spec/fixtures/fake.private_key")
+
+      logger.info("RSA private key: #{fake_private_key}")
+
+      logdev.rewind
+      log_output = logdev.read
+      expect(log_output).to match(/RSA private key: \[REDACTED\]/)
+    end
   end
 end