From a31d24201c693aaff886cdca4a0826dba70ecaa2 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Mon, 20 May 2024 15:20:06 -0700 Subject: [PATCH 1/9] bump minor version --- lib/version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/version.rb b/lib/version.rb index 8eea37f..13d90ec 100644 --- a/lib/version.rb +++ b/lib/version.rb @@ -2,6 +2,6 @@ module RedactingLogger module Version - VERSION = "1.2.1" + VERSION = "1.3.0" end end From 7e905e03a1789d3d214c6bbdf4a1c801de740d7b Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Mon, 20 May 2024 15:32:14 -0700 Subject: [PATCH 2/9] add slack webhook pattern --- lib/patterns/default.rb | 5 +++-- spec/lib/redacting_logger_spec.rb | 5 +++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/patterns/default.rb b/lib/patterns/default.rb index e3cf6f6..29f06bc 100644 --- a/lib/patterns/default.rb +++ b/lib/patterns/default.rb @@ -6,7 +6,8 @@ module Patterns /ghp_[A-Za-z0-9]{36,}|[0-9A-Fa-f]{40,}/, # GitHub Personal Access Token /github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59}/, # GitHub Personal Access Token (fine-grained) /ghs_[a-zA-Z0-9]{36}/, # Temporary GitHub Actions Tokens - /\b(ey[a-zA-Z0-9]{17,}\.ey[a-zA-Z0-9\/\\_-]{17,}\.(?:[a-zA-Z0-9\/\\_-]{10,}={0,2})?)(?:['|\"|\n|\r|\s|\x60|;]|$)/, # JWT tokens - /(?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY( BLOCK)?-----[\s\S-]*KEY( BLOCK)?----/ # private keys + %r{\b(ey[a-zA-Z0-9]{17,}\.ey[a-zA-Z0-9/\\_-]{17,}\.(?:[a-zA-Z0-9/\\_-]{10,}={0,2})?)(?:['|"|\n|\r|\s|\x60|;]|$)}, # JWT tokens + /(?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY( BLOCK)?-----[\s\S-]*KEY( BLOCK)?----/, # private keys + %r{https://hooks\.slack\.com/services/T[a-zA-Z0-9_]{8,10}/B[a-zA-Z0-9_]{8,10}/[a-zA-Z0-9_]{24}}, # Slack webhook ].freeze end diff --git a/spec/lib/redacting_logger_spec.rb b/spec/lib/redacting_logger_spec.rb index da8e4eb..d789029 100644 --- a/spec/lib/redacting_logger_spec.rb +++ b/spec/lib/redacting_logger_spec.rb @@ -130,6 +130,11 @@ case: "redacts from a Numeric match with extra numbers", message: 123_999_999_999_123, expected_message: "123[REDACTED]123" + }, + { + case: "redacts a Slack webhook", + message: "posting slack message to: https://hooks.slack.com/services/T1BAAA111/B0111AAA111/MMMAAA333CCC222bbbAAA111", + expected_message: "posting slack message to: [REDACTED]" } ].each do |test| it "redacts #{test[:case]}" do From 77a36a97fc968b2a84f9c17c48cbc2d614863bb1 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Mon, 20 May 2024 15:43:15 -0700 Subject: [PATCH 3/9] add regex pattern for slack `xoxb` type tokens (bot tokens) --- lib/patterns/default.rb | 1 + spec/lib/redacting_logger_spec.rb | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/lib/patterns/default.rb b/lib/patterns/default.rb index 29f06bc..532fb25 100644 --- a/lib/patterns/default.rb +++ b/lib/patterns/default.rb @@ -9,5 +9,6 @@ module Patterns %r{\b(ey[a-zA-Z0-9]{17,}\.ey[a-zA-Z0-9/\\_-]{17,}\.(?:[a-zA-Z0-9/\\_-]{10,}={0,2})?)(?:['|"|\n|\r|\s|\x60|;]|$)}, # JWT tokens /(?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY( BLOCK)?-----[\s\S-]*KEY( BLOCK)?----/, # private keys %r{https://hooks\.slack\.com/services/T[a-zA-Z0-9_]{8,10}/B[a-zA-Z0-9_]{8,10}/[a-zA-Z0-9_]{24}}, # Slack webhook + /xox[baprs]-([0-9a-zA-Z-]+)/ # Slack token ].freeze end diff --git a/spec/lib/redacting_logger_spec.rb b/spec/lib/redacting_logger_spec.rb index d789029..c9b4eeb 100644 --- a/spec/lib/redacting_logger_spec.rb +++ b/spec/lib/redacting_logger_spec.rb @@ -135,6 +135,11 @@ case: "redacts a Slack webhook", message: "posting slack message to: https://hooks.slack.com/services/T1BAAA111/B0111AAA111/MMMAAA333CCC222bbbAAA111", expected_message: "posting slack message to: [REDACTED]" + }, + { + case: "redacts a Slack token", + message: "using slack token: xoxb-2444333222111-2444333222111-123456789AbCdEfGHi123456", + expected_message: "using slack token: [REDACTED]" } ].each do |test| it "redacts #{test[:case]}" do From 7f94f7dd4cb5348c104c941557603af43bf23e1e Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Mon, 20 May 2024 15:48:11 -0700 Subject: [PATCH 4/9] make the slack token regex more comprehensive --- lib/patterns/default.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/patterns/default.rb b/lib/patterns/default.rb index 532fb25..64bcc66 100644 --- a/lib/patterns/default.rb +++ b/lib/patterns/default.rb @@ -9,6 +9,6 @@ module Patterns %r{\b(ey[a-zA-Z0-9]{17,}\.ey[a-zA-Z0-9/\\_-]{17,}\.(?:[a-zA-Z0-9/\\_-]{10,}={0,2})?)(?:['|"|\n|\r|\s|\x60|;]|$)}, # JWT tokens /(?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY( BLOCK)?-----[\s\S-]*KEY( BLOCK)?----/, # private keys %r{https://hooks\.slack\.com/services/T[a-zA-Z0-9_]{8,10}/B[a-zA-Z0-9_]{8,10}/[a-zA-Z0-9_]{24}}, # Slack webhook - /xox[baprs]-([0-9a-zA-Z-]+)/ # Slack token + /xoxp-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{6,})|xoxb-(?:[0-9]{7,})-(?:[A-Za-z0-9]{14,})|xoxs-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxa-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxo-(?:[0-9]{7,})-(?:[A-Za-z0-9]{14,})|xoxa-2-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxr-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxb-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[A-Za-z0-9]{14,})/ # Slack tokens ].freeze end From 71f91cd36ad7e2c3bb2e206a1f72b6ed48058cf7 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Mon, 20 May 2024 15:55:19 -0700 Subject: [PATCH 5/9] add a regex pattern for vault tokens --- lib/patterns/default.rb | 3 ++- spec/lib/redacting_logger_spec.rb | 5 +++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/patterns/default.rb b/lib/patterns/default.rb index 64bcc66..d6dceb3 100644 --- a/lib/patterns/default.rb +++ b/lib/patterns/default.rb @@ -9,6 +9,7 @@ module Patterns %r{\b(ey[a-zA-Z0-9]{17,}\.ey[a-zA-Z0-9/\\_-]{17,}\.(?:[a-zA-Z0-9/\\_-]{10,}={0,2})?)(?:['|"|\n|\r|\s|\x60|;]|$)}, # JWT tokens /(?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY( BLOCK)?-----[\s\S-]*KEY( BLOCK)?----/, # private keys %r{https://hooks\.slack\.com/services/T[a-zA-Z0-9_]{8,10}/B[a-zA-Z0-9_]{8,10}/[a-zA-Z0-9_]{24}}, # Slack webhook - /xoxp-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{6,})|xoxb-(?:[0-9]{7,})-(?:[A-Za-z0-9]{14,})|xoxs-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxa-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxo-(?:[0-9]{7,})-(?:[A-Za-z0-9]{14,})|xoxa-2-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxr-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxb-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[A-Za-z0-9]{14,})/ # Slack tokens + /xoxp-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{6,})|xoxb-(?:[0-9]{7,})-(?:[A-Za-z0-9]{14,})|xoxs-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxa-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxo-(?:[0-9]{7,})-(?:[A-Za-z0-9]{14,})|xoxa-2-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxr-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxb-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[A-Za-z0-9]{14,})/, # Slack tokens + /[sb]\.[a-zA-Z0-9]{24,}/ # vault token ].freeze end diff --git a/spec/lib/redacting_logger_spec.rb b/spec/lib/redacting_logger_spec.rb index c9b4eeb..6532022 100644 --- a/spec/lib/redacting_logger_spec.rb +++ b/spec/lib/redacting_logger_spec.rb @@ -140,6 +140,11 @@ case: "redacts a Slack token", message: "using slack token: xoxb-2444333222111-2444333222111-123456789AbCdEfGHi123456", expected_message: "using slack token: [REDACTED]" + }, + { + case: "redacts a vault token", + message: "logging into vault with token: s.FakeToken1234567890123456", + expected_message: "logging into vault with token: [REDACTED]" } ].each do |test| it "redacts #{test[:case]}" do From 30778bbf0e920e148b062860e2970cb7d45371a4 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Mon, 20 May 2024 16:01:35 -0700 Subject: [PATCH 6/9] improve slack webhook regex --- lib/patterns/default.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/patterns/default.rb b/lib/patterns/default.rb index d6dceb3..2a4652f 100644 --- a/lib/patterns/default.rb +++ b/lib/patterns/default.rb @@ -8,7 +8,7 @@ module Patterns /ghs_[a-zA-Z0-9]{36}/, # Temporary GitHub Actions Tokens %r{\b(ey[a-zA-Z0-9]{17,}\.ey[a-zA-Z0-9/\\_-]{17,}\.(?:[a-zA-Z0-9/\\_-]{10,}={0,2})?)(?:['|"|\n|\r|\s|\x60|;]|$)}, # JWT tokens /(?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY( BLOCK)?-----[\s\S-]*KEY( BLOCK)?----/, # private keys - %r{https://hooks\.slack\.com/services/T[a-zA-Z0-9_]{8,10}/B[a-zA-Z0-9_]{8,10}/[a-zA-Z0-9_]{24}}, # Slack webhook + %r{https://hooks\.slack\.com/services/[a-zA-Z0-9]{9,}/[a-zA-Z0-9]{9,}/[a-zA-Z0-9]{24}}, # Slack webhook /xoxp-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{6,})|xoxb-(?:[0-9]{7,})-(?:[A-Za-z0-9]{14,})|xoxs-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxa-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxo-(?:[0-9]{7,})-(?:[A-Za-z0-9]{14,})|xoxa-2-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxr-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxb-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[A-Za-z0-9]{14,})/, # Slack tokens /[sb]\.[a-zA-Z0-9]{24,}/ # vault token ].freeze From 83de906f4bd2789e55edb1ab1426a637a2e91f03 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Mon, 20 May 2024 16:03:56 -0700 Subject: [PATCH 7/9] add a regex for Slack workflow webhook secrets --- lib/patterns/default.rb | 1 + spec/lib/redacting_logger_spec.rb | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/lib/patterns/default.rb b/lib/patterns/default.rb index 2a4652f..cdd08a8 100644 --- a/lib/patterns/default.rb +++ b/lib/patterns/default.rb @@ -9,6 +9,7 @@ module Patterns %r{\b(ey[a-zA-Z0-9]{17,}\.ey[a-zA-Z0-9/\\_-]{17,}\.(?:[a-zA-Z0-9/\\_-]{10,}={0,2})?)(?:['|"|\n|\r|\s|\x60|;]|$)}, # JWT tokens /(?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY( BLOCK)?-----[\s\S-]*KEY( BLOCK)?----/, # private keys %r{https://hooks\.slack\.com/services/[a-zA-Z0-9]{9,}/[a-zA-Z0-9]{9,}/[a-zA-Z0-9]{24}}, # Slack webhook + %r{https://hooks\.slack\.com/workflows/[a-zA-Z0-9]{9,}/[a-zA-Z0-9]{9,}/[0-9]+?/[a-zA-Z0-9]{24}}, # Slack workflow /xoxp-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{6,})|xoxb-(?:[0-9]{7,})-(?:[A-Za-z0-9]{14,})|xoxs-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxa-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxo-(?:[0-9]{7,})-(?:[A-Za-z0-9]{14,})|xoxa-2-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxr-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxb-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[A-Za-z0-9]{14,})/, # Slack tokens /[sb]\.[a-zA-Z0-9]{24,}/ # vault token ].freeze diff --git a/spec/lib/redacting_logger_spec.rb b/spec/lib/redacting_logger_spec.rb index 6532022..0bd2c58 100644 --- a/spec/lib/redacting_logger_spec.rb +++ b/spec/lib/redacting_logger_spec.rb @@ -136,6 +136,11 @@ message: "posting slack message to: https://hooks.slack.com/services/T1BAAA111/B0111AAA111/MMMAAA333CCC222bbbAAA111", expected_message: "posting slack message to: [REDACTED]" }, + { + case: "redacts a Slack workflow webhook", + message: "workflow: https://hooks.slack.com/workflows/abc123XYZ/def456UVW/123456789/abcdefghijklmnopqrstuvwx", + expected_message: "workflow: [REDACTED]" + }, { case: "redacts a Slack token", message: "using slack token: xoxb-2444333222111-2444333222111-123456789AbCdEfGHi123456", From a744a5a9657a413cef5d46e1cd6b17fd9b849713 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Mon, 20 May 2024 16:06:56 -0700 Subject: [PATCH 8/9] add a regex for rubygems tokens --- lib/patterns/default.rb | 3 ++- spec/lib/redacting_logger_spec.rb | 5 +++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/patterns/default.rb b/lib/patterns/default.rb index cdd08a8..4994c3c 100644 --- a/lib/patterns/default.rb +++ b/lib/patterns/default.rb @@ -11,6 +11,7 @@ module Patterns %r{https://hooks\.slack\.com/services/[a-zA-Z0-9]{9,}/[a-zA-Z0-9]{9,}/[a-zA-Z0-9]{24}}, # Slack webhook %r{https://hooks\.slack\.com/workflows/[a-zA-Z0-9]{9,}/[a-zA-Z0-9]{9,}/[0-9]+?/[a-zA-Z0-9]{24}}, # Slack workflow /xoxp-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{6,})|xoxb-(?:[0-9]{7,})-(?:[A-Za-z0-9]{14,})|xoxs-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxa-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxo-(?:[0-9]{7,})-(?:[A-Za-z0-9]{14,})|xoxa-2-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxr-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxb-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[A-Za-z0-9]{14,})/, # Slack tokens - /[sb]\.[a-zA-Z0-9]{24,}/ # vault token + /[sb]\.[a-zA-Z0-9]{24,}/, # vault token + /rubygems_[0-9a-f]{48}/ # RubyGems token ].freeze end diff --git a/spec/lib/redacting_logger_spec.rb b/spec/lib/redacting_logger_spec.rb index 0bd2c58..eea285e 100644 --- a/spec/lib/redacting_logger_spec.rb +++ b/spec/lib/redacting_logger_spec.rb @@ -150,6 +150,11 @@ case: "redacts a vault token", message: "logging into vault with token: s.FakeToken1234567890123456", expected_message: "logging into vault with token: [REDACTED]" + }, + { + case: "redacts a RubyGems token", + message: "using rubygems token: rubygems_0123456789abcdef0123456789abcdef0123456789abcdef", + expected_message: "using rubygems token: rubygems_[REDACTED]" } ].each do |test| it "redacts #{test[:case]}" do From de88d728e2b4e32a682cca6d24e06976aa3ed676 Mon Sep 17 00:00:00 2001 From: Grant Birkinbine Date: Mon, 20 May 2024 16:38:31 -0700 Subject: [PATCH 9/9] Update lib/patterns/default.rb Co-authored-by: nobe4 --- lib/patterns/default.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/patterns/default.rb b/lib/patterns/default.rb index 4994c3c..c824e9b 100644 --- a/lib/patterns/default.rb +++ b/lib/patterns/default.rb @@ -11,7 +11,8 @@ module Patterns %r{https://hooks\.slack\.com/services/[a-zA-Z0-9]{9,}/[a-zA-Z0-9]{9,}/[a-zA-Z0-9]{24}}, # Slack webhook %r{https://hooks\.slack\.com/workflows/[a-zA-Z0-9]{9,}/[a-zA-Z0-9]{9,}/[0-9]+?/[a-zA-Z0-9]{24}}, # Slack workflow /xoxp-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{6,})|xoxb-(?:[0-9]{7,})-(?:[A-Za-z0-9]{14,})|xoxs-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxa-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxo-(?:[0-9]{7,})-(?:[A-Za-z0-9]{14,})|xoxa-2-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxr-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[0-9a-f]{7,})|xoxb-(?:[0-9]{7,})-(?:[0-9]{7,})-(?:[A-Za-z0-9]{14,})/, # Slack tokens - /[sb]\.[a-zA-Z0-9]{24,}/, # vault token + /[sbr]\.[a-zA-Z0-9]{24,}/, # vault token for 1.9.x or earlier + /hv[sbr]\.[a-zA-Z0-9]{24,}/, # vault token for 1.10 and later /rubygems_[0-9a-f]{48}/ # RubyGems token ].freeze end