AustinSanders
commented
11 months ago Internal host names / ip addresses ✅
grep -rE "\b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.|$)){4}\b" . (standard grep for ip addresses) yields no results.
grep -rE "://" and grep -rlni "host" " . results in several matches, none of which contain any hostnames.
Personally Identifiable Information (PII) ✅
grep -rE "\b((\+|\b)[1l][\-\. ])?\(?\b[\dOlZSB]{3,5}([\-\. ]|\) ?)[\dOlZSB]{3}[\-\. ][\dOlZSB]{4}\b" . (grep for phone numbers) yields no results
grep -rE "\b\d{1,8}\b[\s\S]{10,100}?\b(AK|AL|AR|AZ|CA|CO|CT|DC|DE|FL|GA|HI|IA|ID|IL|IN|KS|KY|LA|MA|MD|ME|MI|MN|MO|MS|MT|NC|ND|NE|NH|NJ|NM|NV|NY|OH|OK|OR|PA|RI|SC|SD|TN|TX|UT|VA|VT|WA|WI|WV|WY)\b\s\d{5}\b" . (grep for US addresses) yields no results
`grep -rE '^[A-Za-z0-9+._-]+@([a-zA-Z0-9-]+.)+[a-zA-Z]{2,6}$' . (grep for email addresses) yields no results
grep -rE "\b(birth|birthdate|birthday|dob|born)\W+(?:\w+\W+){0,5}?(?<REDACT>(\d{4}|\d{1,2})[\/\-]\d{1,2}[\/\-](\d{4}|\d{1,2}))\b" . (grep for birth date) yields no results
Usernames / passwords ✅
grep -rE "(user|username)" . (search for username) yields multiple results that were manually checked to ensure that no usernames were included
grep -rE "(password|passwd|pwd|pswd|pswrd)" . yields no results
Absolute file system paths ✅
grep -rE "^(\/[^\/]+){3,}$" . results in multiple absolute file system paths that reveal the location of kernels. While these kernels are publicly available, it is unclear whether the inclusion of the path within USGS file system is necessary. It is worth noting that all absolute file paths are contained within a single file -- isisKernelList.txt
Appears that this has been remediated, and now passes absolute file system path check
Kelvinrr
chkim-usgs
An administrative code review must be concluded as part of this repository's release process. Per DOI policy, the administrative review should determine that the repository is free of:
This issue and subsequent discussion will serve as an archive of the review conducted on 9/13/2023.