SEDATED® Version 1.2.0

Substantially improved and revamped credential pattern matching (See testing/regex_testing/test_cases.txt for a comprehensive set of examples for all pattern matching enhancements listed in this update)

• Added support for XML formatted passwords/secrets
• Added support for Password: notquotedvalue (we already support password followed by equal sign... this was just for colon without quotes)
• Condensed regexes (easier to maintain and keep everything in sync)
• Increased our testing suite to over 1,100 test cases
• Enhanced environment variable detection including increased language support (${variable}, #{variable}, %%variable%%, etc..)
  • Password/secret/key values beginning with $ will not be flagged unless an additional numeric or special character is included in the value: myPwd = $uperStr0ng will be flagged, but myPwd = $password will not be flagged as it is assumed a variable (known limitation: we do not yet process regexes based on file extension)
  • Password/secret/key values wrapped in ${}, #{}, or {} are assumed variables and will not be flagged even if they contain a numeric value i.e. apiKey = $S3_APIKEY will be flagged, but apiKey = ${S3_APIKEY} will not be flagged
  • XML formatted passwords/secrets/keys have an additional environment variable check to consider values wrapped in %% environment variables i.e. <Password>%%variable%%</Password> is considered a variable
• Updated keys regex to look for more characters (matches password chars now)
• A wider range of special characters will now be included to help identify more hard-coded credentials
• Overall reduction in false positives due to new credential character requirements
  • To be flagged as a hard-coded password/secret/key the value must now include at least one special or numeric character

Updated SEDATED® references from ℠ to ®

SEDATED℠ Version 1.1.3

Add Connection String regex user:password@servername to config/regexes.json, fixed typos in README, and added local to local variable declarations in pre-receive.sh.

SEDATED℠ Version 1.1.2

Update ASCII Art displayed via console output.

SEDATED℠ Version 1.1.1

Update SEDATED℠ with performance improvements (specifically targeted at large, one-line files). Discovered very large, minified (one-line) JavaScript files, took excessively long for SEDATED℠ to scan. This improvement appears to allow for up to 10MB one-line files to be processed, up from approx 1.5MB. In addition, the code changes made also improved overall performance.

Bug fix - Commit whitelisted output formatting was inconsistent when first commit ID was whitelisted and subsequent commit ID's were present and contained violations.

Regex grep PCRE error handling. Added grep PCRE error handling for non-zero/one exit codes from grep command. When PCRE backtracking limit exceeded error is now thrown and the push is rejected. Previously, when this limit was reached the push was automatically accepted, regardless of violations.

Additional content added in the README to include local testing.

SEDATED Version 1.1

First version of SEDATED that will go live and be made publicly available on github.com.

SEDATED Version 1.0

This is SEDATED Version 1.0.