Skip to content

Commit

Permalink
SQL Password pattern
Browse files Browse the repository at this point in the history
  • Loading branch information
@babenek
babenek committed Jan 16, 2025
1 parent 17e3bd8 commit 511a554
Show file tree
Hide file tree
Showing 6 changed files with 76 additions and 27 deletions.
28 changes: 14 additions & 14 deletions .ci/benchmark.txt
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
META MD5 d0a224099b6f47bb8948c372b8fc6144
DATA MD5 0c336686c107937f85997d599484de04
META MD5 984f912263c0c337a1672296aa759cbc
DATA MD5 6db3f0cb94aad9db85077fb00a1ae6bf
DATA: 16329853 interested lines. MARKUP: 59550 items
FileType FileNumber ValidLines Positives Negatives Templates
--------------- ------------ ------------ ----------- ----------- -----------
Expand Down Expand Up @@ -82,10 +82,10 @@ FileType FileNumber ValidLines Positives Negatives Templat
.ipynb 1 134 6
.j 1 241 4
.j2 30 5530 6 174 10
.java 613 133184 345 1325 171
.java 613 133184 347 1323 171
.jenkinsfile 1 58 2 6
.jinja2 1 64 2
.js 653 532652 527 2450 316
.js 653 532652 512 2450 331
.json 843 13045846 1076 10012 139
.jsp 13 3202 1 37
.jsx 7 857 19
Expand Down Expand Up @@ -159,7 +159,7 @@ FileType FileNumber ValidLines Positives Negatives Templat
.pyx 2 1094 23
.r 4 62 4 2 1
.rake 2 51 2
.rb 834 128817 270 2456 615
.rb 834 128817 269 2457 615
.re 1 31 1
.red 1 159 1
.release 1 13 4
Expand All @@ -179,7 +179,7 @@ FileType FileNumber ValidLines Positives Negatives Templat
.scala 39 5028 22 99
.scss 16 8553 32 1
.secrets 1 11 1
.sh 142 21518 58 464 23
.sh 142 21518 57 464 24
.slim 1 153 1 2
.smali 1 775 18
.snap 3 1708 9 29 2
Expand Down Expand Up @@ -219,19 +219,19 @@ FileType FileNumber ValidLines Positives Negatives Templat
.xib 11 503 164
.xsl 1 311 1
.yaml 136 18591 123 341 42
.yml 418 36057 523 910 375
.yml 418 36057 522 910 376
.zsh 6 872 12
.zsh-theme 1 97 1
TOTAL: 10003 16329853 11874 46613 5067
credsweeper result_cnt : 11643, lost_cnt : 0, true_cnt : 11409, false_cnt : 234
TOTAL: 10003 16329853 11858 46612 5084
credsweeper result_cnt : 11626, lost_cnt : 0, true_cnt : 11393, false_cnt : 233
Rules Positives Negatives Templates Reported TP FP TN FN FPR FNR ACC PRC RCL F1
------------------------------ ----------- ----------- ----------- ---------- ----- ---- ----- ---- -------- -------- -------- -------- -------- --------
API 130 3166 188 126 125 1 3353 5 0.000298 0.038462 0.998278 0.992063 0.961538 0.976562
AWS Client ID 168 21 0 160 160 0 21 8 0.000000 0.047619 0.957672 1.000000 0.952381 0.975610
AWS Multi 82 10 0 84 82 1 9 0 0.100000 0.000000 0.989130 0.987952 1.000000 0.993939
AWS S3 Bucket 67 23 0 92 67 23 0 0 1.000000 0.000000 0.744444 0.744444 1.000000 0.853503
Atlassian Old PAT token 3 7 0 10 3 7 0 0 1.000000 0.000000 0.300000 0.300000 1.000000 0.461538
Auth 415 2743 82 391 385 6 2819 30 0.002124 0.072289 0.988889 0.984655 0.927711 0.955335
Auth 417 2741 82 392 387 5 2818 30 0.001771 0.071942 0.989198 0.987245 0.928058 0.956737
Azure Access Token 19 0 0 12 12 0 0 7 0.368421 0.631579 1.000000 0.631579 0.774194
BASE64 Private Key 12 4 0 12 12 0 4 0 0.000000 0.000000 1.000000 1.000000 1.000000 1.000000
BASE64 encoded PEM Private Key 7 0 0 5 5 0 0 2 0.285714 0.714286 1.000000 0.714286 0.833333
Expand All @@ -257,20 +257,20 @@ Grafana Provisioned API Key 22 1 0
JSON Web Token 170 61 0 131 131 0 61 39 0.000000 0.229412 0.831169 1.000000 0.770588 0.870432
Jira / Confluence PAT token 0 4 0 0 0 4 0 0.000000 1.000000
Jira 2FA 15 6 1 12 12 0 7 3 0.000000 0.200000 0.863636 1.000000 0.800000 0.888889
Key 3912 15714 485 3922 3897 25 16174 15 0.001543 0.003834 0.998011 0.993626 0.996166 0.994894
Key 3911 15715 485 3921 3896 25 16175 15 0.001543 0.003835 0.998011 0.993624 0.996165 0.994893
Nonce 93 49 0 91 91 0 49 2 0.000000 0.021505 0.985915 1.000000 0.978495 0.989130
Other 9 7447 5 0 0 7452 9 0.000000 1.000000 0.998794 0.000000
PEM Private Key 1019 1483 0 1023 1019 4 1479 0 0.002697 0.000000 0.998401 0.996090 1.000000 0.998041
Password 1887 7535 2663 1813 1800 13 10185 87 0.001275 0.046105 0.991725 0.992830 0.953895 0.972973
Password 1869 7536 2680 1795 1782 13 10203 87 0.001273 0.046549 0.991725 0.992758 0.953451 0.972707
Salesforce Credentials 2 0 0 2 2 0 0 0 0.000000 1.000000 1.000000 1.000000 1.000000
Salt 47 76 1 45 45 0 77 2 0.000000 0.042553 0.983871 1.000000 0.957447 0.978261
Secret 1297 1576 802 1292 1288 4 2374 9 0.001682 0.006939 0.996463 0.996904 0.993061 0.994979
Seed 1 6 0 0 0 6 1 0.000000 1.000000 0.857143 0.000000
Slack Token 4 1 0 4 4 0 1 0 0.000000 0.000000 1.000000 1.000000 1.000000 1.000000
Stripe Credentials 2 0 0 2 2 0 0 0 0.000000 1.000000 1.000000 1.000000 1.000000
Tencent WeChat API App ID 6 0 0 6 6 0 0 0 0.000000 1.000000 1.000000 1.000000 1.000000
Token 643 4171 454 617 616 1 4624 27 0.000216 0.041991 0.994685 0.998379 0.958009 0.977778
Token 644 4170 454 618 617 1 4623 27 0.000216 0.041925 0.994685 0.998382 0.958075 0.977813
Twilio Credentials 30 39 0 30 30 0 39 0 0.000000 0.000000 1.000000 1.000000 1.000000 1.000000
URL Credentials 210 157 215 209 208 1 371 2 0.002688 0.009524 0.994845 0.995215 0.990476 0.992840
UUID 1075 265 0 1074 1073 1 264 2 0.003774 0.001860 0.997761 0.999069 0.998140 0.998604
11874 46613 5067 11656 11409 234 46379 465 0.005020 0.039161 0.988049 0.979902 0.960839 0.970277
11858 46612 5084 11639 11393 233 46379 465 0.004999 0.039214 0.988062 0.979959 0.960786 0.970278
16 changes: 8 additions & 8 deletions .github/workflows/benchmark.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,8 @@ jobs:
- name: Checkout CredData
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
repository: Samsung/CredData
ref: main
repository: babenek/CredData
ref: sqlpass

- name: Markup hashing
run: |
Expand Down Expand Up @@ -86,8 +86,8 @@ jobs:
- name: Checkout CredData
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
repository: Samsung/CredData
ref: main
repository: babenek/CredData
ref: sqlpass

- name: Markup hashing
run: |
Expand Down Expand Up @@ -189,8 +189,8 @@ jobs:
- name: Checkout CredData
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
repository: Samsung/CredData
ref: main
repository: babenek/CredData
ref: sqlpass

- name: Markup hashing
run: |
Expand Down Expand Up @@ -377,8 +377,8 @@ jobs:
- name: Checkout CredData
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
repository: Samsung/CredData
ref: main
repository: babenek/CredData
ref: sqlpass

- name: Markup hashing
run: |
Expand Down
2 changes: 1 addition & 1 deletion credsweeper/credentials/candidate.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ class Candidate:
severity: critical/high/medium/low
confidence: strong/moderate/weak
config: user configs
use_ml: Whether the candidate should be validated with ML. If not - ml_probability is set to -1
use_ml: Whether the candidate should be validated with ML. If not - ml_probability is None
"""

def __init__(self,
Expand Down
18 changes: 18 additions & 0 deletions credsweeper/rules/config.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,24 @@
target:
- doc

- name: SQL Password
severity: info
confidence: weak
type: pattern
values:
- (\\[nrt]|\b)(?i:(?P<variable>(CREATE|ALTER|SET\s{1,8}PASSWORD|INSERT(\s{1,8}IGNORE)?|UPDATE\s{1,8}[^\s;]{1,80})\s{1,8}(LOGIN|USER|ROLE|FOR|INTO|SET)\s{1,8}([^\s;]{1,80}\s{1,8}|VALUES\s*\(){1,8}(IDENTIFIED((\s{1,8}WITH\s{1,8}\S{1,80})?\s{1,8}(BY|AS))|(=|WITH)?\s*PASSWORD\b(\s*=)?)))\s*(?P<wrap>[(]\s*)?(?P<value_leftquote>((?P<esq>\\{1,8})?([`'\"]|&(quot|apos);)){1,4})?(?P<value>(?(value_leftquote)((?!(?P=value_leftquote))(?(esq)((?!(?P=esq)([`'\"]|&(quot|apos);)).)|((?!(?P=value_leftquote)).)))|(?!&(quot|apos);)(\\+([ tnr]|[^\s`'\"])|[^\s`'\",;\\])){3,80})(?(value_leftquote)(?P<value_rightquote>(?<!\\)(?P=value_leftquote))|(?(wrap)[)]|[\s`'\",;]))
filter_type:
- ValueAllowlistCheck
- ValuePatternCheck
min_line_len: 8
required_substrings:
- password
- identified
target:
- doc
- code
use_ml: true

- name: API
severity: medium
confidence: moderate
Expand Down
8 changes: 4 additions & 4 deletions tests/__init__.py
View file
Original file line number Diff line number Diff line change
@@ -1,23 +1,23 @@
from pathlib import Path

# total number of files in test samples
SAMPLES_FILES_COUNT = 145
SAMPLES_FILES_COUNT = 146

# the lowest value of ML threshold is used to display possible lowest values
NEGLIGIBLE_ML_THRESHOLD = 0.0001

# credentials count after scan with negligible ML threshold
SAMPLES_CRED_COUNT = 436
SAMPLES_CRED_COUNT = 467
SAMPLES_CRED_LINE_COUNT = SAMPLES_CRED_COUNT + 19

# Number of filtered credentials with ML
ML_FILTERED = 34
ML_FILTERED = 55

# credentials count after post-processing
SAMPLES_POST_CRED_COUNT = SAMPLES_CRED_COUNT - ML_FILTERED

# with option --doc
SAMPLES_IN_DOC = 694
SAMPLES_IN_DOC = 708

# archived credentials that are not found without --depth
SAMPLES_IN_DEEP_1 = SAMPLES_POST_CRED_COUNT + 44
Expand Down
31 changes: 31 additions & 0 deletions tests/samples/sql_password
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'SqLpa5sW0rD';
'create user name identified by 'SqLpa5sW0rD' --
exec("CREATE USER ExposedTest ACCOUNT UNLOCK IDENTIFIED BY SqLpa5sW0rD");
:`CREATE USER 'haproxy'@'%' IDENTIFIED BY 'SqLpa5sW0rD';`
exec("CREATE USER ExposedTest ACCOUNT UNLOCK IDENTIFIED BY SqLpa5sW0rD");
expected_statement = """CREATE USER foo WITH ENCRYPTED PASSWORD 'SqLpa5sW0rD' CREATEDB;
CREATE USER $TEST_USER_NAME WITH SUPERUSER LOGIN NOINHERIT PASSWORD '$TEST_USER_PASS' CREATEROLE; -- todo filter
CREATE USER foo WITH ENCRYPTED PASSWORD 'SqLpa5sW0rD' CREATEDB;
ALTER LOGIN username WITH PASSWORD = 'SqLpa5sW0rD';
ALTER ROLE postgres PASSWORD 'SqLpa5sW0rD'; SELECT pg_reload_conf()"
ALTER USER username WITH PASSWORD 'SqLpa5sW0rD';
CREATE LOGIN username WITH PASSWORD = 'SqLpa5sW0rD';
CREATE USER chuck WITH PASSWORD 'SqLpa5sW0rD' SUPERUSER;
CREATE USER IF NOT EXISTS sandy WITH PASSWORD 'SqLpa5sW0rD' NOSUPERUSER;
CREATE USER myuser WITH PASSWORD 'SqLpa5sW0rD';
CREATE USER username WITH PASSWORD 'SqLpa5sW0rD';
ALTER USER 'username'@'localhost' IDENTIFIED BY 'SqLpa5sW0rD';
ALTER USER username IDENTIFIED BY SqLpa5sW0rD;
CREATE USER username IDENTIFIED BY SqLpa5sW0rD;
CREATE USER 'username'@'localhost' IDENTIFIED BY 'SqLpa5sW0rD';
mysql -u root -pdbadmin -e "CREATE USER 'cactiuser'@'localhost' IDENTIFIED BY 'SqLpa5sW0rD';"–
-c "CREATE ROLE scram_test login password 'SqLpa5sW0rD'"
CREATE ROLE app_admin WITH LOGIN PASSWORD SqLpa5sW0rD;
CREATE ROLE flask_admin_geo LOGIN PASSWORD 'SqLpa5sW0rD';
create role forum_example_postgraphile_demo login password 'SqLpa5sW0rD';
create role forum_example_postgraphile login password 'SqLpa5sW0rD';
SET PASSWORD FOR 'username'@'localhost' = PASSWORD('SqLpa5sW0rD');
insert into mysql.user values(PASSWORD('SqLpa5sW0rD') );
UPDATE mysql.user SET authentication_string = PASSWORD ('SqLpa5sW0rD') WHERE User = 'username';
"ALTER USER 'test'@'1.1.1.1' IDENTIFIED WITH 'mysql_native_password' AS '*SqLpa5sW0rD' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK;",
sh -c 'echo CREATE USER typeorm_mg IDENTIFIED BY SqLpa5sW0rD\; >>tmp.sql;'

0 comments on commit 511a554

Please sign in to comment.