Merge pull request #132 from NHSDigital/ab-mesh-2025-add-check-secret-patterns

davidhallam4-nhs · web-flow · commit 17dcca33efcb · 2024-02-14T13:45:33.000Z
mesh-2025: added additional secret patterns
diff --git a/.gitallowed b/.gitallowed
@@ -4,4 +4,18 @@ password: str = field\(default=""\)
 "password": "password"
 password=_PASSWORD
 password="BAD"
-Mailbox\(mailbox_id=mailbox_id, mailbox_name="Unknown", password="password"\)
+Mailbox\(mailbox_id=mailbox_id, mailbox_name="Unknown", password="password"\)
+
+.github/actions/coverage-and-sonar/action.yml:.*(GITHUB|SONAR)_TOKEN: \$\{\{ inputs.(github|sonar)-token \}\}
+.*(GITHUB|SONAR)_TOKEN: \$\{\{ secrets.(GITHUB|SONAR)_TOKEN \}\}
+poetry.lock:.*asttokens = ">=2.1.0"
+
+.*[Pp][Aa][Ss][Ss][Ww][Oo][Rr][Dd]("|'?)\s*(:|=|!=|==)\s*("|'?)(password|helloworld|str = "password")("|'?)
+.*[Pp][Aa][Ss][Ss][Ww][Oo][Rr][Dd]("|'?)\s*(:|=|!=|==)\s*(""|'')
+.*("|'?)[Tt][Oo][Kk][Ee][Nn]("|'?)\s*(:|=|!=|==)\s*("|'?)(Final = "Invalid Authentication Token"|Final = "Error Duplicated Authentication Token"|auth_token.strip\(\))("|'?)
+.*("|'?)[Tt][Oo][Kk][Ee][Nn]("|'?)\s*(:|=|!=|==)\s*(:|=|!=|==)\s*(""|'')
+
+.*secret_key: str, mailbox_id: str, mailbox_password: str, timestamp: str, nonce: str, nonce_count: str
+
+src/mesh_sandbox/common/messaging.py:.*def try_parse_authorisation_token\(auth_token: str\) -> Optional\[AuthoriseHeaderParts\]:
+src/mesh_sandbox/common/messaging.py:.*auth_token = auth_token.*
diff --git a/.gitdisallowed b/.gitdisallowed
@@ -15,7 +15,8 @@ AIza[0-9A-Za-z\\-_]{35}
 -----BEGIN[[:blank:]]CERTIFICATE-----
 [0-9a-fA-F]{1,4}:[0-9a-fA-F]{1,4}:[0-9a-fA-F]{1,4}:[0-9a-fA-F]{1,4}:[0-9a-fA-F]{1,4}:[0-9a-fA-F]{1,4}:[0-9a-fA-F]{1,4}:[0-9a-fA-F]{1,4}
 (CLIENT|client|Client)(_|\s)(SECRET|secret|Secret)\s*(:|=>|=)\s*("|')?(\{)?[0-9a-fA-F]{8}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{12}(\})?("|')?
-("|'?)[Pp][Aa][Ss][Ss][Ww][Oo][Rr][Dd]("|'?)\s*(=|:)\s*.+
-("|'?)[Tt][Oo][Kk][Ee][Nn]("|'?)\s*(=|:)\s*.+
+.*("|'?)[Pp][Aa][Ss][Ss][Ww][Oo][Rr][Dd](S|s?)("|'?)\s*(=|:)\s*.+
+.*("|'?)[Tt][Oo][Kk][Ee][Nn]("|'?)(S|s?)\s*(=|:)\s*.+
+.*("|'?)[Ss][Ee][Cc][Rr][Ee][Tt](S|s?)("|'?)\s*(=|:)\s*.+
 
 ###_NOTE_REMOVED_PREVIOUS_IP_RULE_:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}###
