Generic database assignment (attached port)
Description
General
This detector is equivalent to the Generic database assignment detector except that it aims at catching only cases where the port is attached to the host.
Revoke the secret
This detector catches generic database credentials, hence GitGuardian cannot infer the type of database concerned. To properly revoke the secret:
- Understand what type of database is concerned.
- Refer to the corresponding database documentation to know how to revoke and rotate the credentials.
Examples
- text: |
DB CONTEXT
host=my.mongo.com:27017
username=root
password=m42ploz2wd
host: my.mongo.com
port: '27017'
username: root
password: m42ploz2wd
- text: |
dbhost=my.mongo.com:27017
dbuser=root
dbpwd=m42ploz2wd
host: my.mongo.com
port: '27017'
username: root
password: m42ploz2wd
Details for Generic database assignment attached port
High Recall: False
Validity Check: False
Minimum Number of Matches: 4
Occurrences found for one million commits: 14
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator
banlist_extensions:
- html
- css
- md
- lock
- storyboard
- xib
banlist_filenames:
- node_modules(/|\\)
- vendors?(/|\\)
- top-1000\.txt$
- \.sops$
- \.sops\.yaml$
check_binaries: false
- type: ContentWhitelistPreValidator
patterns:
- db
- database
- type: ContentWhitelistPreValidator
patterns:
- pwd
- pass
- type: ContentWhitelistPreValidator
patterns:
- host
- type: ContentWhitelistPreValidator
patterns:
- user
- PostValidators
host:
- type: CommonValueBanlistPostValidator
- type: CommonHostBanlistPostValidator
- type: ValueBanlistPostValidator
patterns:
- 'smtp\.'
- localhost
- 'this\.'
- 'example\.com$'
- 'mail\.'
- 'self\.'
- '\.java'
- 'local\.'
- 'process\.env'
- 'config'
- 'test'
- '\.hostname'
- 'host\.'
- '\.host$'
- '\.env'
- 'env\.'
- 'settings'
- 'string'
- 'default'
- 'args\.'
- '^com\.'
- 'error'
- 'request'
- '(\d{1,3}).\1.\1.\1' # Rejects dummy IPs like 1.1.1.1
- '\.ip$'
- 'grafana'
- '^api.weixin'
- 'foobar'
- 'x{1,3}\.x{1,3}\.x{1,3}\.x{1,3}'
- '1\.2\.3\.4'
- 'www\.google\.com'
- 'bing\.com'
- type: AssignmentBanlistPostValidator
patterns:
- 'allowed_hosts'
- '\.localhost'
- '^localhost$'
- 'trusted[_.-]?host'
- 'http'
- 'proxy'
- 'redis'
- 'mongo'
- 'm[sy]sql'
- 'postgres'
- 'ftp'
- 'smtp'
- 'zookeeper'
- 'ldap'
- 'mail'
- 'callback'
- 'repourl'
- 'urllib3'
- 'rpc'
password:
- type: CommonValueBanlistPostValidator
- type: CommonPasswordBanlistPostValidator
- type: ValueBanlistPostValidator
patterns:
- 'encrypted'
- 'false'
- 'true'
- 'self'
- '__vault__'
- 'test1234'
- 'abcd1234'
- 'nil'
- 'hidden'
- 'string'
- '(\d)\1{4,}' #repeating digit 5 times or more
- 'get_env'
- '\.env'
- 'env[.(]'
- '^test$'
- 'args\.'
- 'error'
- 'request'
- '\.pem$'
- '^buf$'
- 'pg[_.-]?pass'
- 'fs\.read'
- 'required'
- '^masked$'
- '^hashed$'
- '^secured'
- 'removed$'
- '^None'
- '^The$'
- '^\.\.\.$'
- 'models\.'
- 'sha256'
- 'md5'
- '^some-?pass$'
- '^getpass\.'
- 'password'
- '^array$'
- 'crypted'
- 'credential'
- '^_?pwd,?$'
- '^null,?$'
- '^isnull'
- 'username'
- '^user$'
- '^host[,=]'
- 'dbhost'
- 'config'
- 'noreply'
- '\*\*\*\*'
- 'optional'
- 'database'
- 'await'
- 'function'
- 'encode'
- '[,:\(\)]$'
- '\);$'
- '^,'
- '(?-i:^[A-Z_]*$)'
- type: HeuristicPostValidator
filters:
- file_path
- file_name
- type: AssignmentBanlistPostValidator
patterns:
- 'proxy'
- 'redis'
- 'mongo'
- 'm[sy]sql'
- 'postgres'
- 'ftp'
- 'smtp'
- 'zookeeper'
- 'ldap'
- 'mail'
- 'getpass\.'
username:
- type: CommonValueBanlistPostValidator
- type: CommonUsernameBanlistPostValidator
- type: ValueBanlistPostValidator
patterns:
- 'db_user'
- 'self'
- 'true'
- 'false'
- '__vault__'
- '^[\*x]+$'
- '^null$'
- 'userinfo'
- 'test'
- 'nil'
- 'string'
- '^str$'
- 'args\.'
- 'error'
- 'request'
- 'pg[_.-]?user'
- 'fs\.read'
- '^masked$'
- '^blank$'
- '^flask_user$'
- '^someone$'
- '^some-?user$'
- '^return$'
- '^grafana$'
- '^err$'
- '^choose$'
- '^pwd$'
- '^mozilla$'
- 'portal'
- type: AssignmentBanlistPostValidator
patterns:
- 'user[_-]?agent'
- 'proxy'
- 'redis'
- 'mongo'
- 'm[sy]sql'
- 'postgres'
- 'ftp'
- 'smtp'
- 'zookeeper'
- 'ldap'
- 'mail'
