Skip to main content

Username Password

Description

General

The username password detector aims at catching any pair of username/password for which username is not an email .

This statement is pretty wide, therefore to avoid raising many false alerts, GitGuardian has come up with a range of validation steps and specifications to refine the perimeter to look at.

Specifications

The two components of the couple that the detector catches are referred as username and password, and should be at a reasonable distance from each other inside a document to be flagged.

For this detector, each element must follow a specific set of rules to be considered as sensitive and therefore valid:

For both matches:

  • Must be part of an assignment, namely of the form {assigned_variable} {assignment_token} {value}, where {assigned_variable} is either username, password, or other similar strings.
  • The username and password must not be the same.

username:

password:

  • Set of rules to filter irrelevant passwords such as password or when the password is an url, date, or file name (see banlist hereunder).

Revoke the secret

This detector catches generic credentials, hence GitGuardian cannot infer the concerned service. To properly revoke the credentials :

  1. Understand what service is impacted.
  2. Refer to the corresponding documentation to know how to revoke and rotate the credentials.

Examples

Examples that WILL be caught

- text: |
username: totolao
password: AStrangeWith1Char

username: totolao
password: AStrangeWith1Char

Examples that WILL NOT be caught

  • The username and the password are too far from each other.
- text: |
username=some.french
A very long text which increases
the distance between the matches.
Of course this text does not mean anything.
password=abuaoentsubaoeub24234$@3!
  • The username is an email.
- text: |
username=whatever@gitguardian.com
pass=@StrongOneThisT1me

Details for Username password

  • High Recall: False

  • Validity Check: False

  • Minimum Number of Matches: 2

  • Occurrences found for one million commits: 473

  • Prefixed: False

  • PreValidators:

- type: ContentWhitelistPreValidator
patterns:
- username
- type: ContentWhitelistPreValidator
patterns:
- password
- passwd
- type: BanMinifiedPreValidator
password:
- type: DictFilterPostValidator
threshold_words_pct_matched: 1.0
- type: ContextWindowBanlistPostValidator
patterns: ['error', 'invalid']
window_width: 40
window_type: 'left'
- type: AssignmentBanlistPostValidator
patterns:
- 'hash'
- 'salt'
- '^(?-i:[a-zA-Z0-9]{1,3}[A-Z0-9](Pwd|PWd|PwD|pWD|pWd|pwD))$'
- type: CommonValueBanlistPostValidator
- type: CommonPasswordBanlistPostValidator
- type: ValueBanlistPostValidator
patterns:
- ^\$[A-Z]{3} # env var
- redacted
- ^local
- ^none
- ^null
- ^empty
- ^user
- pass
- ^root
- ^admin
- ^true
- ^false
- ^and
- ^prompt
- ^final$
- ^string$
- ^self
- ^email
- ^raw
- ^your
- ^new$
- ^temp$
- ^function$
- ^undefined$
- ^auth_email$
- ^false$
- ^request$
- test
- ^req$
- '1234'
- ^\$2a\$10\$ # BCrypt hash
- ^\$2a\$05\$
- ^\$2y\$13\$ # SHA-1
- ^\$2y\$10\$ # SHA-1
- ^#
- ^vault
- ^value$
- ^java
- ^ansible
- ^demo
- '123213123'
- ^guest
- ^visit$
- ^Coffee123$
- ^123bla456bla$
- value
- ^form
- ^request
- ^errors
- ^before
- ^wrong pass
- ^string
- ^await$
- ^foo
- ^change
- ^disabled
- ^required
- ^postgres
- ^django\.
- ^please
- ^validated
- '%s'
- ^cleaned
- \.string$
- ^wrong
- ^args\.
- ^bool(ean)?
- \/run\/
- ^url
- credentialsId
- field
- ^open
- callback
- validator
- placeholder
- anonymous
- class
- ^get
- phone
- swift
- type
- label
- attribute
- ^html
- ^open
- ^attr
- text
- nombre
- ^ask
- config
- input
- ^enter
- ^login
- ^token
- ^throw
- credential
- confirmer
- ^const
- ^new
- ^uid
- type$
- model$
- ^reg
- ^search
- nsstring
- candidate$
- form$
- expression
- ^share
- presence
- mysqli_real_escape
- onchange
- account
- base64
- email$
- create
- ^nil$
- removed
- mystring
- function
- ^-*$
- sha256
- '^[0-9]{1,3}.[0-9]{1,3}s'
- encrypted
- bcrypt
- object
- secure
- ^salt$
- ^emit$
- ^[~^]?[0-9]+\.[0-9]+\.[0-9]+$
- ^[^a-z0-9]+$
- type: EntropyPostValidator
entropy: 1

username:
- type: DictFilterPostValidator
threshold_words_pct_matched: 1.0
- type: ContextWindowBanlistPostValidator
patterns: ['default', 'error', 'invalid']
window_width: 40
window_type: 'left'
- type: CommonValueBanlistPostValidator
- type: CommonUsernameBanlistPostValidator
- type: ValueBanlistPostValidator
patterns:
- '^none'
- '1234'
- ^null
- ^empty
- ^user
- pass
- ^root
- ^admin
- ^true
- ^false
- ^and
- ^self
- ^raw
- ^your
- test
- sample
- dummy
- value
- name
- email
- ^form
- ^\.?request
- ^before
- ^string
- ^await$
- ^this
- ^int
- ^replace
- ^foo
- ^change
- ^disabled
- ^required
- \.string$
- ^django\.
- ^please
- ^validated
- '%s'
- ^cleaned
- ^table\.
- ^driver\.
- ^args\.
- ^bool(ean)?
- ^url
- credentialsId
- field
- ^open
- callback
- validator
- placeholder
- anonymous
- class
- ^get
- phone
- swift
- type
- label
- attribute
- ^html
- ^open
- ^attr
- text
- nombre
- ^ask
- config
- input
- ^enter
- ^login
- ^token
- ^throw
- credential
- confirmer
- ^const
- ^new
- ^uid
- type$
- model$
- ^reg
- ^search
- nsstring
- candidate$
- form$
- expression
- ^share
- presence
- mysqli_real_escape
- onchange
- account
- base64
- email$
- create
- ^nil$
- removed
- mystring
- function
- ^local
- ^[_.-]
- '[_.-]$'
- ^void
- ^from
- ^char$
- ^usr$
- ^no-reply
- ^hash$