fix(secrets): AsymmetricPrivateKeys use only base64 characters

aquasecurity / fanal

Static Analysis Library for Containers

Apache License 2.0

199 stars 100 forks source link

fix(secrets): AsymmetricPrivateKeys use only base64 characters #539

Closed DmitriyLewen closed 2 years ago

DmitriyLewen commented 2 years ago

Description

Asymmetric private key can be obtained from any function. For example(phpseclib/Crypt/RSA.php):

...
 return "-----BEGIN OPENSSH PRIVATE KEY-----\r\n" .
             chunk_split(base64_encode($key), 70) .
        "-----END OPENSSH PRIVATE KEY-----";
...

Only base64 characters (with =) should be used to avoid false positives.

Related Issues

aquasecurity/trivy/issues/2190