Merge pull request #82 from NHSDigital/mesh-2025-add-check-secret-patterns

davidhallam4-nhs · web-flow · commit 1248df51169d · 2024-02-14T13:41:31.000Z
mesh-2025: added additional secret patterns
diff --git a/.gitallowed b/.gitallowed
@@ -2,3 +2,6 @@
 token: \$\{\{ secrets.GITHUB_TOKEN \}\}
 "token": response.get\("SessionToken"\)
 token=credentials\["token"\]
+
+.*(GITHUB|SONAR)_TOKEN: \$\{\{ secrets.(GITHUB|SONAR)_TOKEN \}\}
+.*asttokens = ">=2.1.0"
diff --git a/.gitdisallowed b/.gitdisallowed
@@ -15,7 +15,8 @@ AIza[0-9A-Za-z\\-_]{35}
 -----BEGIN[[:blank:]]CERTIFICATE-----
 [0-9a-fA-F]{1,4}:[0-9a-fA-F]{1,4}:[0-9a-fA-F]{1,4}:[0-9a-fA-F]{1,4}:[0-9a-fA-F]{1,4}:[0-9a-fA-F]{1,4}:[0-9a-fA-F]{1,4}:[0-9a-fA-F]{1,4}
 (CLIENT|client|Client)(_|\s)(SECRET|secret|Secret)\s*(:|=>|=)\s*("|')?(\{)?[0-9a-fA-F]{8}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{12}(\})?("|')?
-("|'?)[Pp][Aa][Ss][Ss][Ww][Oo][Rr][Dd]("|'?)\s*(=|:)\s*.+
-("|'?)[Tt][Oo][Kk][Ee][Nn]("|'?)\s*(=|:)\s*.+
+.*("|'?)[Pp][Aa][Ss][Ss][Ww][Oo][Rr][Dd](S|s?)("|'?)\s*(=|:)\s*.+
+.*("|'?)[Tt][Oo][Kk][Ee][Nn]("|'?)(S|s?)\s*(=|:)\s*.+
+.*("|'?)[Ss][Ee][Cc][Rr][Ee][Tt](S|s?)("|'?)\s*(=|:)\s*.+
 
 ###_NOTE_REMOVED_PREVIOUS_IP_RULE_:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}###
