From 6b27dc5dcdf5e7d3a8dc4d0bd8cf3d3b2fcecb7b Mon Sep 17 00:00:00 2001 From: Tomoya Amachi Date: Thu, 7 Oct 2021 00:28:06 +0900 Subject: [PATCH] stop to check file extensions that high likelihood of false positives (#158) * stop to check file extensions that high likelihood of false positives * ignore config.json --- pkg/assessor/credential/credential.go | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/pkg/assessor/credential/credential.go b/pkg/assessor/credential/credential.go index 01defbb..3bbcbd9 100644 --- a/pkg/assessor/credential/credential.go +++ b/pkg/assessor/credential/credential.go @@ -61,7 +61,8 @@ func (a CredentialAssessor) RequiredFiles() []string { return []string{ "credentials.json", "credential.json", - "config.json", + // TODO: Only check .docker/config.json + // "config.json", "credentials", "credential", "password.txt", @@ -79,14 +80,18 @@ func (a CredentialAssessor) RequiredFiles() []string { } func (a CredentialAssessor) RequiredExtensions() []string { - // reference: https://github.com/eth0izzle/shhgit/blob/master/config.yaml return []string{ - ".key", + // reference: https://github.com/eth0izzle/shhgit/blob/master/config.yaml + // TODO: potential sensitive data but they have many false-positives. + // Dockle need to analyze each file. + //".pem", + //".key", + //".p12", + //".pkcs12", + //".pfx", + //".asc", + ".secret", - ".p12", - ".pkcs12", - ".pfx", - ".asc", ".ovpn", ".private_key", ".cscfg",