Skip to content

Commit 459fc7b

Browse files
committed
[enh] make sensitive patterns configurable
1 parent a688a22 commit 459fc7b

3 files changed

Lines changed: 23 additions & 53 deletions

File tree

config/config.go

Lines changed: 14 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -23,11 +23,12 @@ import (
2323
)
2424

2525
type Config struct {
26-
fname string
27-
App App `yaml:"app"`
28-
Server Server `yaml:"server"`
29-
Hotkeys Hotkeys `yaml:"hotkeys"`
30-
Rules *Rules `yaml:"-"`
26+
fname string
27+
App App `yaml:"app"`
28+
Server Server `yaml:"server"`
29+
Hotkeys Hotkeys `yaml:"hotkeys"`
30+
SensitiveContentPatterns map[string]string `yaml:"sensitive_content_patterns"`
31+
Rules *Rules `yaml:"-"`
3132
}
3233

3334
type App struct {
@@ -132,6 +133,14 @@ func CreateDefaultConfig() *Config {
132133
"tab": "autocomplete",
133134
"?": "show_hotkeys",
134135
},
136+
SensitiveContentPatterns: map[string]string{
137+
"aws_access_key": `AKIA[0-9A-Z]{16}`,
138+
"aws_secret_key": `(?i)aws(.{0,20})?(secret)?(.{0,20})?['"][0-9a-zA-Z\/+]{40}['"]`,
139+
"generic_private_key": `-----BEGIN ((RSA|EC|DSA) )?PRIVATE KEY-----`,
140+
"github_token": `(ghp|gho|ghu|ghs|ghr)_[a-zA-Z0-9]{36}`,
141+
"ssh_private_key": `-----BEGIN OPENSSH PRIVATE KEY-----`,
142+
"pgp_private_key": `-----BEGIN PGP PRIVATE KEY BLOCK-----`,
143+
},
135144
}
136145
}
137146

hister.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -305,7 +305,7 @@ func initDB() {
305305
}
306306

307307
func initIndex() {
308-
err := indexer.Init(cfg.IndexPath())
308+
err := indexer.Init(cfg)
309309
if err != nil {
310310
exit(1, err.Error())
311311
}

server/indexer/indexer.go

Lines changed: 8 additions & 47 deletions
Original file line numberDiff line numberDiff line change
@@ -76,57 +76,18 @@ type Results struct {
7676
var i *indexer
7777
var allFields []string = []string{"url", "title", "text", "favicon", "html", "domain", "added"}
7878
var ErrSensitiveContent = errors.New("document contains sensitive data")
79-
var sensitiveContentPatterns = []string{
80-
// AWS Access Key
81-
`AKIA[0-9A-Z]{16}`,
82-
// AWS Secret Key
83-
`(?i)aws(.{0,20})?(secret)?(.{0,20})?['"][0-9a-zA-Z\/+]{40}['"]`,
84-
// Private Key
85-
`-----BEGIN (RSA|EC|DSA)? PRIVATE KEY-----`,
86-
// Generic API Key
87-
`(?i)(api|token|secret)[\s:=]+['"]?[a-z0-9]{32,}['"]?`,
88-
// Slack Token
89-
`xox[baprs]-[0-9a-zA-Z]{10,48}`,
90-
// GitHub Token
91-
`(ghp|gho|ghu|ghs|ghr)_[a-zA-Z0-9]{36}`,
92-
// Google API Key
93-
`AIza[0-9A-Za-z\-_]{35}`,
94-
// Heroku API Key
95-
`[hH][eE][rR][oO][kK][uU].{0,30}[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}`,
96-
// SSH Private Key
97-
`-----BEGIN OPENSSH PRIVATE KEY-----`,
98-
// PGP Private Key
99-
`-----BEGIN PGP PRIVATE KEY BLOCK-----`,
100-
// JWT Token
101-
`eyJ[a-zA-Z0-9\/_-]{10,}\.[a-zA-Z0-9\/_-]{10,}\.[a-zA-Z0-9\/_-]{10,}`,
102-
// Credit Card Number - disabled, too many false positives - TODO refine regexp
103-
//`\b(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|6(?:011|5[0-9]{2})[0-9]{12}|(?:2131|1800|35\d{3})\d{11})\b`,
104-
// Basic Auth Credentials - disabled, too many false positives
105-
//`(?i)basic [a-z0-9=:_\+\/-]{5,100}`,
106-
// Docker Registry Auth
107-
`"auth"\s*:\s*"[a-z0-9=:_\+\/-]{5,100}"`,
108-
// Azure Storage Key
109-
`DefaultEndpointsProtocol=https;AccountName=[a-z0-9]{3,24};AccountKey=[a-z0-9\/+]{88}==`,
110-
// Google OAuth Token
111-
`ya29\.[a-zA-Z0-9\-_]+`,
112-
// Facebook Access Token
113-
`EAACEdEose0cBA[0-9A-Za-z]+`,
114-
// Twitter API Key
115-
`(?i)twitter(.{0,20})?['"][0-9a-z]{35,44}['"]`,
116-
// Database Connection String
117-
//`(?i)(jdbc:|mongodb:\/\/|postgresql:\/\/|mysql:\/\/).+:[^@]+@[a-z0-9\.-]+`,
118-
}
11979
var sensitiveContentRe *regexp.Regexp
12080

121-
func init() {
122-
sensitiveContentRe = regexp.MustCompile(fmt.Sprintf("(%s)", strings.Join(sensitiveContentPatterns, "|")))
123-
}
124-
125-
func Init(idxPath string) error {
126-
idx, err := bleve.Open(idxPath)
81+
func Init(cfg *config.Config) error {
82+
sp := make([]string, 0, len(cfg.SensitiveContentPatterns))
83+
for _, v := range cfg.SensitiveContentPatterns {
84+
sp = append(sp, v)
85+
}
86+
sensitiveContentRe = regexp.MustCompile(fmt.Sprintf("(%s)", strings.Join(sp, "|")))
87+
idx, err := bleve.Open(cfg.IndexPath())
12788
if err != nil {
12889
mapping := createMapping()
129-
idx, err = bleve.New(idxPath, mapping)
90+
idx, err = bleve.New(cfg.IndexPath(), mapping)
13091
if err != nil {
13192
return err
13293
}

0 commit comments

Comments
 (0)