Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update default rules to add JWT and private keys #3

Merged
merged 7 commits into from
Nov 15, 2023
Merged

Update default rules to add JWT and private keys #3

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
524fdc5
Update default rules to add JWT and private keys
Shaeli Nov 15, 2023
c7b0bed
add JWT test
GrantBirki Nov 15, 2023
03bab6e
add a fake RSA key
GrantBirki Nov 15, 2023
2a6f92f
add tests against fake RSA key
GrantBirki Nov 15, 2023
bd9a1ab
update docs
GrantBirki Nov 15, 2023
b4b917c
add JWT Tokens to the docs
GrantBirki Nov 15, 2023
12d20de
v1.0.0 ready! 🚀
GrantBirki Nov 15, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,8 @@ A few examples of these patterns are:

- GitHub Personal Access Tokens
- GitHub Temporary Actions Tokens
- RSA Private Keys
- JWT Tokens

You can disable these default patterns with:

Expand Down
4 changes: 3 additions & 1 deletion lib/patterns/default.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ module Patterns
DEFAULT = [
/ghp_[A-Za-z0-9]{36,}|[0-9A-Fa-f]{40,}/, # GitHub Personal Access Token
/github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59}/, # GitHub Personal Access Token (fine-grained)
/ghs_[a-zA-Z0-9]{36}/ # Temporary GitHub Actions Tokens
/ghs_[a-zA-Z0-9]{36}/, # Temporary GitHub Actions Tokens
/\b(ey[a-zA-Z0-9]{17,}\.ey[a-zA-Z0-9\/\\_-]{17,}\.(?:[a-zA-Z0-9\/\\_-]{10,}={0,2})?)(?:['|\"|\n|\r|\s|\x60|;]|$)/, # JWT tokens
/(?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY( BLOCK)?-----[\s\S-]*KEY( BLOCK)?----/ # private keys
].freeze
end
2 changes: 1 addition & 1 deletion lib/version.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,6 @@

module RedactingLogger
module Version
VERSION = "0.3.0"
VERSION = "1.0.0"
end
end
15 changes: 15 additions & 0 deletions spec/fixtures/fake.private_key
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIICWgIBAAKBgGoYIuq9HddnNIqkdZODTLvo/XACp39SprGGpG3DdozcKr9f3Zyg
AOrF898TvUaxjIPp7roLpNKH6uyK/mHGwESiM1hVT/KK2YUb0Urwc2hNSCoN9nn4
hN5tSXRh1P0PCjYC8oJhHfvrgEUrAvBnLx1RKJ6cG0OSbBk+y16lEZSbAgMBAAEC
gYBovuu6Vnzf7kUxnK14tmlMHPwbWoOEcVWicAxnUlP5PmX2C/AAcvh00nu0Awkc
gq74jj3j8RsJwKdwYspEPrYTx6Qi+mtTfDAwXkJNWFQCKI3RtGF51fbvj3GL/tcZ
mdMdhSMqZFgOgPcaYxpRIx+q2NDj8wBdSnEsmlidcH/2AQJBAKUpFqGI2oG4y9Ed
hw1V9XyLna1wNZq96Ua9k+YW/Y6MO/pEzEgUxNgF5/tSIVoAgHqw41Y7mWwt1yP/
jkTC+c0CQQCkcmmW2sokdeF+6ssgAf8cIZqMYZ8ND9yQQlYJZ01MZ/s0OpBWz4jD
8kePMoBP1nBNPgLq03IlbSNrjQya78AHAkAdRBujghmeFP3gz0eoIExAxoipPBHz
mqVkiKFVi0tg4A6cuWYte6ip0toZmaMZTK93jjKqjCMSnUjbMySloJsdAkBWu9mh
LUiMrnf+vsvf1+274qVnAV4oP4Nvuu0yDIAimn1N8M2MW+2gm7rOdi5i7ZFRzDEx
tdBwmP2jjkNlvKolAkBa/x6jUiLhPMlypTpJvwJdYd7E/w8zEctSSXq6xbrZjUfT
who52YgHVfGnCNkgrjnCSAswsFbJ8d5vLijGFcXM
-----END RSA PRIVATE KEY-----
22 changes: 22 additions & 0 deletions spec/lib/redacting_logger_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,5 +132,27 @@

expect(log_output).to match(/Custom token: token_ABCD/)
end

it "redacts a JWT token" do
# this is a dummy JWT token, but it is the correct length and format
token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"

logger.info("JWT token: #{token}")

logdev.rewind
log_output = logdev.read

expect(log_output).to match(/JWT token: \[REDACTED\]/)
end

it "redacts a RSA private key" do
fake_private_key = File.read("spec/fixtures/fake.private_key")

logger.info("RSA private key: #{fake_private_key}")

logdev.rewind
log_output = logdev.read
expect(log_output).to match(/RSA private key: \[REDACTED\]/)
end
end
end