Akamai credential pattern

Author: babenek

credsweeper/rules/config.yaml

@@ -209,6 +209,20 @@
     - code
     - doc
 
+- name: Akamai Credential
+  severity: high
+  confidence: strong
+  type: pattern
+  values:
+    - (?P<value>akab-[0-9a-z]{16}-[0-9a-z]{16})(?!\.[0-9a-z-]{1,80}\.akamaiapis\.net)
+  filter_type: GeneralPattern
+  required_substrings:
+    - akab-
+  min_line_len: 38
+  target:
+    - code
+    - doc
+
 - name: AWS Client ID
   severity: high
   confidence: moderate

tests/__init__.py

@@ -1,13 +1,13 @@
 from pathlib import Path
 
 # total number of files in test samples
-SAMPLES_FILES_COUNT = 162
+SAMPLES_FILES_COUNT = 163
 
 # the lowest value of ML threshold is used to display possible lowest values
 NEGLIGIBLE_ML_THRESHOLD = 0.0001
 
 # credentials count after scan with negligible ML threshold
-SAMPLES_CRED_COUNT = 504
+SAMPLES_CRED_COUNT = 505
 
 # Number of filtered credentials with ML
 ML_FILTERED = 22
@@ -16,7 +16,7 @@
 SAMPLES_POST_CRED_COUNT = SAMPLES_CRED_COUNT - ML_FILTERED
 
 # with option --doc & NEGLIGIBLE_ML_THRESHOLD
-SAMPLES_IN_DOC = 855
+SAMPLES_IN_DOC = 856
 
 # archived credentials that are not found without --depth
 SAMPLES_IN_DEEP_1 = SAMPLES_POST_CRED_COUNT + 129

tests/data/depth_3.json

@@ -177,6 +177,27 @@
             }
         ]
     },
+    {
+        "rule": "Akamai Credential",
+        "severity": "high",
+        "confidence": "strong",
+        "ml_probability": null,
+        "line_data_list": [
+            {
+                "line": "akab-tblc7jkffv3wfxh3-h5stbzeswb3v4kj3",
+                "line_num": 1,
+                "path": "./tests/samples/akamai",
+                "info": "FILE:./tests/samples/akamai|RAW",
+                "variable": null,
+                "variable_start": -2,
+                "variable_end": -2,
+                "value": "akab-tblc7jkffv3wfxh3-h5stbzeswb3v4kj3",
+                "value_start": 0,
+                "value_end": 38,
+                "entropy": 4.15557
+            }
+        ]
+    },
     {
         "rule": "API",
         "severity": "medium",

tests/data/doc.json

@@ -41,6 +41,27 @@
             }
         ]
     },
+    {
+        "rule": "Akamai Credential",
+        "severity": "high",
+        "confidence": "strong",
+        "ml_probability": null,
+        "line_data_list": [
+            {
+                "line": "akab-tblc7jkffv3wfxh3-h5stbzeswb3v4kj3",
+                "line_num": 1,
+                "path": "./tests/samples/akamai",
+                "info": "FILE:./tests/samples/akamai|RAW",
+                "variable": null,
+                "variable_start": -2,
+                "variable_end": -2,
+                "value": "akab-tblc7jkffv3wfxh3-h5stbzeswb3v4kj3",
+                "value_start": 0,
+                "value_end": 38,
+                "entropy": 4.15557
+            }
+        ]
+    },
     {
         "rule": "Atlassian Old PAT token",
         "severity": "info",

tests/data/ml_threshold.json

@@ -41,6 +41,27 @@
             }
         ]
     },
+    {
+        "rule": "Akamai Credential",
+        "severity": "high",
+        "confidence": "strong",
+        "ml_probability": null,
+        "line_data_list": [
+            {
+                "line": "akab-tblc7jkffv3wfxh3-h5stbzeswb3v4kj3",
+                "line_num": 1,
+                "path": "./tests/samples/akamai",
+                "info": "",
+                "variable": null,
+                "variable_start": -2,
+                "variable_end": -2,
+                "value": "akab-tblc7jkffv3wfxh3-h5stbzeswb3v4kj3",
+                "value_start": 0,
+                "value_end": 38,
+                "entropy": 4.15557
+            }
+        ]
+    },
     {
         "rule": "API",
         "severity": "medium",

tests/data/output.json

@@ -41,6 +41,27 @@
             }
         ]
     },
+    {
+        "rule": "Akamai Credential",
+        "severity": "high",
+        "confidence": "strong",
+        "ml_probability": null,
+        "line_data_list": [
+            {
+                "line": "akab-tblc7jkffv3wfxh3-h5stbzeswb3v4kj3",
+                "line_num": 1,
+                "path": "./tests/samples/akamai",
+                "info": "",
+                "variable": null,
+                "variable_start": -2,
+                "variable_end": -2,
+                "value": "akab-tblc7jkffv3wfxh3-h5stbzeswb3v4kj3",
+                "value_start": 0,
+                "value_end": 38,
+                "entropy": 4.15557
+            }
+        ]
+    },
     {
         "rule": "API",
         "severity": "medium",

tests/samples/akamai

@@ -0,0 +1,2 @@
+akab-tblc7jkffv3wfxh3-h5stbzeswb3v4kj3
+F: akab-h5stbzeswb3v4kj3-tblc7jkffv3wfxh3.drain.akamaiapis.net

tests/test_main.py

@@ -426,7 +426,7 @@ def test_multi_jobs_p(self) -> None:
             mocked_logger.assert_has_calls([
                 call(f"Scan in {7} processes for {SAMPLES_FILES_COUNT - 17} providers"),
                 call(f"Grouping {SAMPLES_CRED_COUNT + 5} candidates"),
-                call(f"Run ML Validation for {SAMPLES_CRED_COUNT - 156} groups"),
+                call(f"Run ML Validation for {SAMPLES_CRED_COUNT - 157} groups"),
                 ANY,  # initial ML with various arguments, cannot predict
                 call(f"Exporting {SAMPLES_POST_CRED_COUNT} credentials"),
             ])
@@ -440,7 +440,7 @@ def test_multi_jobs_p(self) -> None:
             mocked_logger.assert_has_calls([
                 call(f"Scan in {7} processes for {SAMPLES_FILES_COUNT - 17} providers"),
                 call(f"Grouping {SAMPLES_CRED_COUNT + 5} candidates"),
-                call(f"Run ML Validation for {SAMPLES_CRED_COUNT - 156} groups"),
+                call(f"Run ML Validation for {SAMPLES_CRED_COUNT - 157} groups"),
                 # no init
                 call(f"Exporting {SAMPLES_POST_CRED_COUNT} credentials"),
             ])