search

ioBroker / ioBroker.repochecker

Check the ioBroker adapter github repositories if they can be added to public ioBroker repository
MIT License
8 stars 8 forks source link

Add a generic credential checker for native keys #195

Closed mcm1957 closed 3 months ago

mcm1957 commented 6 months ago

Original request from @stevenengland PR see https://github.com/ioBroker/ioBroker.repochecker/pull/159

This checker is intended to identify native keys that contain potentially sensitive information but are neither protected from access by other adapters (have no entry in protectedNative) nor stored in encrypted form (encryptedNative).

The pattern list is based on the example of gitleaks for generic credentials (see also https://github.com/gitleaks/gitleaks/blob/6c52f878cc48a513849900a9aa6f9d68e1c2dbdd/cmd/generate/config/rules/generic.go#L12) and is not particularly restrictive in order to generate as few false positives as possible. Feel free to even prune this list a little further :)

mcm1957 commented 6 months ago

testing example https://github.com/iobroker-community-adapters/ioBroker.mqtt-client

mcm1957 commented 5 months ago

added at 2.4.0