-
Notifications
You must be signed in to change notification settings - Fork 118
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: citi hackathon code submission #798
Conversation
✅ Deploy Preview for endearing-brigadeiros-63f9d0 canceled.
|
@JamieSlome this PR can be considered as the official submission for Hackathon. It contains all the feature me and my team members have worked on . Please review it and let us know if any changes are required. |
Gitleaks detects secrets + and any other configured pattern. It doesn't detect vulnerabilities per se.
This looks like a typo. The linked issue is "Detect the usage of Non-Standard Cryptography Implementation". |
gitleaks.toml
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are these rules created for this PR or copied from somewhere? Gitleaks has a number of features, such as keywords
, entropy
, and allowlist(s)
that improve performance and effectiveness.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
these rules are specifically for this PR
we were trying to use it for scanning directories for secrets like AWS access Key which user may write in the code files.
That feature is still in progress as we have written in the comment above as well. Some changes are required.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
these rules are specifically for this PR
What's the rationale for doing so versus using Gitleaks' default config?
@@ -0,0 +1,3 @@ | |||
// File containing sensitive AWS Access Key | |||
const secret = 'AKIAIOSFODNN8EXAMPLE'; // Example AWS access key |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This actually shouldn't be flagged because it's obviously false positive. The default Gitleaks aws-access-token
rule explicitly ignores results that end in EXAMPLE
.
11d8797
to
7121a94
Compare
7121a94
to
50ccb18
Compare
**The code has been moved to #810 **
This PR can be considered as a submission for the FinOS CitiHackathon.
Team members:
This PR solves issue #745 #788 #796 #797 #765
GITPROXY PLUGINS
We have worked on the following features :
.json
,.xlsx
,.csv
).jpg
,.jpeg
,.tiff
)Some Modifications for the Gitleaks and Non-Standard Cryptography Usage are required.
Sensitive Data Detection ( in files like
.json
,.xlsx
,.csv
)Features:
This solves issue #745
proxy.config.json
with the file types for which sensitive data detection is required, for ex:Check EXIF Metadata from Images (
.jpg
,.jpeg
,.tiff
)Features:
This solves issue #796
proxy.config.json
with the file types for which EXIF Metadata needs to be detected.Detection of AI/ML usage (incl. weights, models etc.)
Features:
This solves issue #788
proxy.config.json
with the parameters for which detection needs to be carried out.Vulnerability Detection using GitLeaks
Features:
This solves issue #797
gitleaks.toml
fileproxy.config.json
to enable / disable the plugin.gitleaks_reports.json
Detection of Non-Standard Cryptography Usage
This solves issue #765
Features: