Code Review / releng-anteater.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Password regex generating too much false flags
[releng-anteater.git] / master_list.yaml
diff --git a/master_list.yaml b/master_list.yaml
index 5b34af9..001565a 100644 (file)
--- a/master_list.yaml
+++ b/master_list.yaml
@@ -7,37 +7,63 @@
 
 binaries:
   binary_ignore:
-    - \.DS_Store
-    - \.eot
-    - \.gif
     - \.git/(index|objects)
-    - \.ico
-    - \.idx
-    - \.jp(e?)g
-    - \.otf
-    - \.pack
-    - \.pdf
-    - \.png
-    - \.ttf
-    - \.woff
 
 file_audits:
   file_names:
-    - \.asc$
-    - \.gpg$
-    - \.key$
-    - \.md5
-    - \.sig$
+    - \.asc
+    - \.gpg
+    - \.key
+    - \.md(2|3|4|5)
+    - \.sha1
+    - \.sig
+    - \.pcap
+    - \.kdb
+    - \.pypirc
+    - \.pem
+    - \.cer
+    - \.der
+    - \.crt
+    - \.crl
+    - \.p7b
+    - \.p7r
+    - \.spc
+    - \.sst
+    - \.stl
+    - \.pfx
+    - \.p12
+    - _rsa
+    - _dsa
+    - (irb|plsq|mysql|bash|zsh)_history
+    - (zsh|bash)rc-secrets
+    - \.vimrc
+    - \.gem\/credentials
+    - configuration\.user\.xpl
+    - \.dockercfg
+    - \.npmrc
+    - key(store|ring)
+    - ovpn
+    - secret_token\.rb
+    - omniauth\.rb
+    - carrierwave\.rb
+    - schema\.rb
+    - database\.yml
+    - settings\.py
+    - keychain
+    - backup
+    - credentials\.xml
+    - htpasswd
+    - kwallet
     - aws_access_key_id
     - aws_secret_access_key
-    - id_rsa
+
   file_contents:
     - -----BEGIN\sRSA\sPRIVATE\sKEY----
-    - "curl(.*?)bash"
-    - "git(.*?)clone"
-    - "sh(.*?)curl"
+    - (password|passwd)(.*:|.*=.*)
+    - curl
+    - git.*clone
     - dual_ec_drbg
-    - eval
+    - base64_decode
     - gost
     - md[245]
     - panama
@@ -52,6 +78,18 @@ file_audits:
     - streebog
     - tlsv1
     - wget
+    - run_as_root.*=.*True
+    - exec\s*(\"|\().+(\"|\))
+    - \beval\b
+    - app\.run\s*\(.*debug.*=.*True.*\)
+    - autoescape.*=.*False
+    - safestring\.mark_safe.*\(.*\)
+    - shell.*=.*True
+    - \/tmp\/
+    - \yaml\.load
+    - telnet
+    - ftp
+    - finger
 
 licence:
   licence_ext:
@@ -65,8 +103,17 @@ licence:
     - '__init__.py'
 
 project_exceptions:
+  - apex: exceptions/apex.yaml
+  - armband: exceptions/armband.yaml
+  - bamboo: exceptions/bamboo.yaml
+  - barometer: exceptions/barometer.yaml
+  - bottlenecks: exceptions/bottlenecks.yaml
+  - calipso: exceptions/calipso.yaml
+  - compass4nfv: exceptions/compass4nfv.yaml
+  - conductor: exceptions/conductor.yaml
+  - copper: exceptions/copper.yaml
+  - functest: exceptions/functest.yaml
+  - octopus: exceptions/octopus.yaml
+  - pharos: exceptions/pharos.yaml
   - releng: exceptions/releng.yaml
   - sandbox: exceptions/sandbox.yaml
-  - pharos: exceptions/pharos.yaml
-  - octopus: exceptions/octopus.yaml
-  - functest: exceptions/functest.yaml