crash.software
Projects
Pull Requests
Issues
Builds
bearer
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY bearer Commits b1bbbdcc
🤬

  • fix(policies): Expand encryption detectors (#264)

    * fix: extend encryption detectors

* chore: update snapshots

* fix: update snapshots

Co-authored-by: Cédric Fabianski <[email protected]>
  • Loading...
  • elsapet committed with GitHub 1 year ago
    b1bbbdcc
    1 parent e047f567
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■ ■
    integration/custom_detectors/.snapshots/TestCustomDetectors-ruby_weak_encryption_library
    skipped 41 lines
    42 42   parent:
    43 43   line_number: 3
    44 44   content: Digest::MD5.hexdigest(user.first_name)
     45 + - name: Gender identity
     46 + stored: false
     47 + locations:
     48 + - filename: integration/custom_detectors/testdata/ruby/weak_encryption_library.rb
     49 + line_number: 6
     50 + parent:
     51 + line_number: 6
     52 + content: Crypt::Blowfish.new("insecure").encrypt_block({ |u| user.gender_identity })
     53 + - name: Physical Address
     54 + stored: false
     55 + locations:
     56 + - filename: integration/custom_detectors/testdata/ruby/weak_encryption_library.rb
     57 + line_number: 4
     58 + parent:
     59 + line_number: 4
     60 + content: RC4.new("insecure").encrypt(user.address)
    45 61   - detector_id: encrypt_method_call
    46 62   data_types:
    47 63   - name: Physical Address
    skipped 23 lines
  • ■ ■ ■ ■ ■ ■
    integration/custom_detectors/.snapshots/TestCustomDetectors-ruby_weak_password_encryption
    skipped 61 lines
    62 62   parent:
    63 63   line_number: 20
    64 64   content: Digest::MD5.hexdigest(user.first_name)
     65 + - name: Gender identity
     66 + stored: false
     67 + locations:
     68 + - filename: integration/custom_detectors/testdata/ruby/weak_password_encryption.rb
     69 + line_number: 22
     70 + parent:
     71 + line_number: 22
     72 + content: Crypt::Blowfish.new("insecure").encrypt_block({ |u| user.gender_identity })
    65 73   - name: Passwords
    66 74   stored: false
    67 75   locations:
    skipped 7 lines
    75 83   parent:
    76 84   line_number: 2
    77 85   content: Digest::MD5.hexdigest(user.password)
     86 + - filename: integration/custom_detectors/testdata/ruby/weak_password_encryption.rb
     87 + line_number: 4
     88 + parent:
     89 + line_number: 4
     90 + content: RC4.new("insecure").encrypt(user.password)
     91 + - filename: integration/custom_detectors/testdata/ruby/weak_password_encryption.rb
     92 + line_number: 5
     93 + parent:
     94 + line_number: 5
     95 + content: Crypt::Blowfish.new("insecure").encrypt_block({ |u| user.password })
     96 + - filename: integration/custom_detectors/testdata/ruby/weak_password_encryption.rb
     97 + line_number: 7
     98 + parent:
     99 + line_number: 7
     100 + content: OpenSSL::PKey::RSA.new(File.read('rsa.pem')).private_encrypt(customer.password)
     101 + - name: Physical Address
     102 + stored: false
     103 + locations:
     104 + - filename: integration/custom_detectors/testdata/ruby/weak_password_encryption.rb
     105 + line_number: 21
     106 + parent:
     107 + line_number: 21
     108 + content: RC4.new("insecure").encrypt(user.address)
    78 109   - detector_id: encrypt_method_call
    79 110   data_types:
    80 111   - name: Passwords
    skipped 87 lines
  • ■ ■ ■ ■ ■ ■
    integration/flags/.snapshots/TestInitCommand
    skipped 252 lines
    253 253   minimum: null
    254 254   maximum: null
    255 255   match_violation: false
     256 + - pattern: |
     257 + RC4.new(...).encrypt(<$DATA_TYPE>)
     258 + filters: []
     259 + - pattern: |
     260 + OpenSSL::PKey::RSA.new($_, <$DATA_TYPE>)
     261 + filters: []
     262 + - pattern: |
     263 + OpenSSL::PKey::RSA.new(...).$METHOD(<$DATA_TYPE>)
     264 + filters:
     265 + - variable: METHOD
     266 + values:
     267 + - private_decrypt
     268 + - private_encrypt
     269 + - public_decrypt
     270 + - public_encrypt
     271 + minimum: null
     272 + maximum: null
     273 + match_violation: false
     274 + - pattern: |
     275 + OpenSSL::PKey::DSA.new($_, <$DATA_TYPE>)
     276 + filters: []
     277 + - pattern: |
     278 + OpenSSL::PKey::$LIBRARY.new(...).$METHOD($_, <$DATA_TYPE>)
     279 + filters:
     280 + - variable: $LIBRARY
     281 + values:
     282 + - DSA
     283 + - RSA
     284 + minimum: null
     285 + maximum: null
     286 + match_violation: false
     287 + - variable: METHOD
     288 + values:
     289 + - export
     290 + - to_pem
     291 + - to_s
     292 + minimum: null
     293 + maximum: null
     294 + match_violation: false
     295 + - pattern: |
     296 + Crypt::Blowfish.new(...).encrypt_pair
     297 + filters: []
     298 + - pattern: |
     299 + Crypt::Blowfish.new(...).$METHOD(<$DATA_TYPE>)
     300 + filters:
     301 + - variable: METHOD
     302 + values:
     303 + - encrypt_pair
     304 + - encrypt_string
     305 + - encrypt_block
     306 + - decrypt_pair
     307 + - decrypt_string
     308 + - decrypt_block
     309 + minimum: null
     310 + maximum: null
     311 + match_violation: false
    256 312   root_singularize: false
    257 313   root_lowercase: false
    258 314   metavars: {}
    skipped 126 lines
    385 441   - encrypt_pair
    386 442   - encrypt_string
    387 443   - encrypt_block
     444 + - decrypt_pair
     445 + - decrypt_string
     446 + - decrypt_block
    388 447   minimum: null
    389 448   maximum: null
    390 449   match_violation: false
    skipped 1910 lines
  • ■ ■ ■ ■ ■ ■
    integration/policies/.snapshots/TestPolicies-ruby_weak_password_encryption
    skipped 31 lines
    32 32   - policy_name: Force strong password encryption.
    33 33   policy_display_id: CR-023
    34 34   policy_description: Using a weak encryption or hashing library to encrypt passwords can lead to security breaches and data leaks. This policy checks if weak encryption or hashing libraries are used to encrypt passwords.
     35 + line_number: 5
     36 + filename: integration/policies/testdata/ruby/weak_password_encryption.rb
     37 + category_groups:
     38 + - PII
     39 + parent_line_number: 5
     40 + parent_content: Crypt::Blowfish.new("insecure").encrypt_block({ |u| user.password })
     41 + omit_parent: false
     42 + - policy_name: Force strong password encryption.
     43 + policy_display_id: CR-023
     44 + policy_description: Using a weak encryption or hashing library to encrypt passwords can lead to security breaches and data leaks. This policy checks if weak encryption or hashing libraries are used to encrypt passwords.
     45 + line_number: 7
     46 + filename: integration/policies/testdata/ruby/weak_password_encryption.rb
     47 + category_groups:
     48 + - PII
     49 + parent_line_number: 7
     50 + parent_content: OpenSSL::PKey::RSA.new(File.read('rsa.pem')).private_encrypt(customer.password)
     51 + omit_parent: false
     52 + - policy_name: Force strong password encryption.
     53 + policy_display_id: CR-023
     54 + policy_description: Using a weak encryption or hashing library to encrypt passwords can lead to security breaches and data leaks. This policy checks if weak encryption or hashing libraries are used to encrypt passwords.
    35 55   line_number: 11
    36 56   filename: integration/policies/testdata/ruby/weak_password_encryption.rb
    37 57   category_groups:
    skipped 51 lines
    89 109   - PII
    90 110   parent_line_number: 20
    91 111   parent_content: RC4.new("insecure").encrypt(user.address)
     112 + omit_parent: false
     113 + - policy_name: Avoid weak encryption library.
     114 + policy_display_id: CR-024
     115 + policy_description: A weak encryption or hashing library can lead to data breaches and greater security risk. This policy checks for the use of weak encryption and hashing libraries or algorithms.
     116 + line_number: 21
     117 + filename: integration/policies/testdata/ruby/weak_password_encryption.rb
     118 + category_groups:
     119 + - PII
     120 + - Personal Data (Sensitive)
     121 + parent_line_number: 21
     122 + parent_content: Crypt::Blowfish.new("insecure").encrypt_block({ |u| user.gender_identity })
    92 123   omit_parent: false
    93 124   
    94 125   
    skipped 3 lines
  • ■ ■ ■ ■ ■ ■
    pkg/commands/process/settings/custom_detector.yml
    skipped 310 lines
    311 311   - values:
    312 312   - DSA
    313 313   - RSA
     314 + - pattern: |
     315 + RC4.new(...).encrypt(<$DATA_TYPE>)
     316 + filters: []
     317 + - pattern: |
     318 + OpenSSL::PKey::RSA.new($_, <$DATA_TYPE>)
     319 + filters: []
     320 + - pattern: |
     321 + OpenSSL::PKey::RSA.new(...).$METHOD(<$DATA_TYPE>)
     322 + filters:
     323 + - variable: METHOD
     324 + values:
     325 + - private_decrypt
     326 + - private_encrypt
     327 + - public_decrypt
     328 + - public_encrypt
     329 + - pattern: |
     330 + OpenSSL::PKey::DSA.new($_, <$DATA_TYPE>)
     331 + filters: []
     332 + - pattern: |
     333 + OpenSSL::PKey::$LIBRARY.new(...).$METHOD($_, <$DATA_TYPE>)
     334 + filters:
     335 + - variable: $LIBRARY
     336 + values:
     337 + - DSA
     338 + - RSA
     339 + - variable: METHOD
     340 + values:
     341 + - export
     342 + - to_pem
     343 + - to_s
     344 + - pattern: |
     345 + Crypt::Blowfish.new(...).encrypt_pair
     346 + filters: []
     347 + - pattern: |
     348 + Crypt::Blowfish.new(...).$METHOD(<$DATA_TYPE>)
     349 + filters:
     350 + - variable: METHOD
     351 + values:
     352 + - encrypt_pair
     353 + - encrypt_string
     354 + - encrypt_block
     355 + - decrypt_pair
     356 + - decrypt_string
     357 + - decrypt_block
    314 358   languages:
    315 359   - "ruby"
    316 360  initialize_ruby_rc4_encryption:
    skipped 79 lines
    396 440   - encrypt_pair
    397 441   - encrypt_string
    398 442   - encrypt_block
     443 + - decrypt_pair
     444 + - decrypt_string
     445 + - decrypt_block
    399 446   languages:
    400 447   - "ruby"
    401 448   
Please wait...
Page is in error, reload to recover