def parse_assignment(self, line: str): line = line.replace("=>", "=") key, value = line.split("=") key = strip_string(key.replace("$", "")) if "[" in key and "]" in key: key = key.split("[")[-1].replace("]", "") value = strip_string(value.replace(";", "")) if not string_is_function(value): yield key, value
def detect_secrets(self, key: str, value: str, filepath: Path, breadcrumbs: list = []) -> Optional[Secret]: if not key: key = "" else: key = strip_string(key) if isinstance(value, str): value = strip_string(value) elif isinstance(value, int): value = str(value) else: return None # Neither text nor digits if not self.is_static(key, value): return None # Not static if self.is_excluded(breadcrumbs): return None # Excluded via config return self.rules.check(key, value, filepath, self.foundlines[filepath.as_posix()])
def pairs(self, filepath: Path): for line in filepath.open("r").readlines(): if ":" not in line: continue creds = line.split(":") value = strip_string(creds[1]) if value: yield "htpasswd Hash", value
def pairs(self, filepath: Path): lines = filepath.open("r").readlines() for idx in range(len(lines)): line = lines[idx] if not strip_string(line): continue for value in line.split(): if self.rules.match("uri", value): yield from Uri().pairs(value)
def curl(self, cmd): indicators_combined = [ "-u", "--user", "-U", "--proxy-user", "-E", "--cert" ] indicators_single = ["--tlspassword", "--proxy-tlspassword"] indicators = indicators_combined + indicators_single for indicator in indicators: if indicator not in cmd: continue idx = cmd.index(indicator) if len(cmd) == idx + 1: continue # End of command credentials = strip_string(cmd[idx + 1]) if indicator in indicators_single: yield "cURL_Password", credentials else: if ":" not in credentials: continue # Password not specified yield "cURL_Password", credentials.split(":")[1]
def test_strip_string(rawstr): assert strip_string(rawstr) == "whispers"
def parse_assignment(self, line: str): key, value = line.split("=") key = strip_string(key).split(" ")[-1] value = value.replace(";", "").strip() if string_is_quoted(value) and not string_is_function(value): yield key, value
def parse_define(self, line: str): line = line.replace("define(", "").replace(")", ",").split(",") key = strip_string(line[0]) value = line[1].strip() if not string_is_function(value): yield key, value