eslint-plugin-no-secrets
Advanced tools
Comparing version 1.0.1-eslint9 to 1.0.2
# CHANGELOG | ||
## 1.0.1 | ||
### Major | ||
- This package has been out long enough for 1.0.0 release | ||
### Minor | ||
- Added support and tests for ESLint "flat config" | ||
### Patch | ||
- Several packages have been updated and patched | ||
## 0.9.1 | ||
### Patch | ||
- Pre-release before adding support for eslint flag config and to fix versioning | ||
## 0.8.9 | ||
### Minor | ||
- Replaced how JSON document scanning worked so it works with other plugins | ||
- Replaced how JSON document scanning worked so it works with other plugins | ||
## 0.7.9 | ||
### Minor | ||
- Add support for linting comments | ||
- Add support for linting comments | ||
## 0.6.9 | ||
### Patch | ||
- Add eslint 7 unit testing | ||
- Add eslint 7 unit testing | ||
## 0.6.8 | ||
### Patch | ||
- Security updates | ||
- Removed eslint 5 testing | ||
- Security updates | ||
- Removed eslint 5 testing | ||
## 0.6.5 | ||
### Patch | ||
- Security updates | ||
- Security updates | ||
## 0.6.4 | ||
### Minor | ||
- Added support for scanning JSON documents | ||
- Added support for scanning JSON documents | ||
## 0.5.4 | ||
### Minor | ||
- Added support for two new options | ||
- `additionalDelimiters`: In addition to splitting the string by whitespace, tokens will be further split by these delimiters | ||
- `ignoreCase`: Ignores character case when calculating entropy. This could lead to some false negatives | ||
- Added support for two new options | ||
- `additionalDelimiters`: In addition to splitting the string by whitespace, tokens will be further split by these delimiters | ||
- `ignoreCase`: Ignores character case when calculating entropy. This could lead to some false negatives | ||
## 0.3.4 | ||
### Patch | ||
- Security updates | ||
- Security updates |
{ | ||
"name": "eslint-plugin-no-secrets", | ||
"version": "1.0.1-eslint9", | ||
"version": "1.0.2", | ||
"description": "An eslint rule that searches for potential secrets/keys in code", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
189
README.md
[![Build Status](https://travis-ci.org/nickdeis/eslint-plugin-no-secrets.svg)](https://travis-ci.org/nickdeis/eslint-plugin-no-secrets) | ||
# eslint-plugin-no-secrets | ||
@@ -9,13 +8,17 @@ | ||
<!-- vscode-markdown-toc --> | ||
* 1. [Usage](#Usage) | ||
* 1.1. [Include JSON files](#IncludeJSONfiles) | ||
* 2. [Config](#Config) | ||
* 3. [When it's really not a secret](#Whenitsreallynotasecret) | ||
* 3.1. [ Either disable it with a comment](#Eitherdisableitwithacomment) | ||
* 3.2. [ use the `ignoreContent` to ignore certain content](#usetheignoreContenttoignorecertaincontent) | ||
* 3.3. [ Use `ignoreIdentifiers` to ignore certain variable/property names](#UseignoreIdentifierstoignorecertainvariablepropertynames) | ||
* 3.4. [ Use `additionalDelimiters` to further split up tokens](#UseadditionalDelimiterstofurthersplituptokens) | ||
* 4. [Options](#Options) | ||
* 5. [Acknowledgements](#Acknowledgements) | ||
- 1. [Usage](#Usage) | ||
- 1.1. [Flat config](#Flatconfig) | ||
- 1.2. [eslintrc](#eslintrc) | ||
- 1.3. [Include JSON files](#IncludeJSONfiles) | ||
- 1.3.1. [Include JSON files with in "flat configs"](#IncludeJSONfileswithinflatconfigs) | ||
- 2. [Config](#Config) | ||
- 3. [When it's really not a secret](#Whenitsreallynotasecret) | ||
- 3.1. [ Either disable it with a comment](#Eitherdisableitwithacomment) | ||
- 3.2. [ use the `ignoreContent` to ignore certain content](#usetheignoreContenttoignorecertaincontent) | ||
- 3.3. [ Use `ignoreIdentifiers` to ignore certain variable/property names](#UseignoreIdentifierstoignorecertainvariablepropertynames) | ||
- 3.4. [ Use `additionalDelimiters` to further split up tokens](#UseadditionalDelimiterstofurthersplituptokens) | ||
- 4. [Options](#Options) | ||
- 5. [Acknowledgements](#Acknowledgements) | ||
<!-- vscode-markdown-toc-config | ||
@@ -27,13 +30,36 @@ numbering=true | ||
## 1. <a name='Usage'></a>Usage | ||
## 1. <a name='Usage'></a>Usage | ||
`npm i -D eslint-plugin-no-secrets` | ||
*.eslintrc* | ||
### 1.1. <a name='Flatconfig'></a>Flat config | ||
_eslint.config.js_ | ||
```js | ||
import noSecrets from "eslint-plugin-no-secrets"; | ||
export default [ | ||
{ | ||
files: ["**/*.js"], | ||
plugins: { | ||
"no-secrets": noSecrets, | ||
}, | ||
rules: { | ||
"no-secrets/no-secrets": "error", | ||
}, | ||
}, | ||
]; | ||
``` | ||
### 1.2. <a name='eslintrc'></a>eslintrc | ||
_.eslintrc_ | ||
```json | ||
{ | ||
"plugins":["no-secrets"], | ||
"rules":{ | ||
"no-secrets/no-secrets":"error" | ||
} | ||
"plugins": ["no-secrets"], | ||
"rules": { | ||
"no-secrets/no-secrets": "error" | ||
} | ||
} | ||
@@ -44,3 +70,4 @@ ``` | ||
//Found a string with entropy 4.3 : "ZWVTjPQSdhwRgl204Hc51YCsritMIzn8B=/p9UyeX7xu6KkAGqfm3FJ+oObLDNEva" | ||
const A_SECRET = "ZWVTjPQSdhwRgl204Hc51YCsritMIzn8B=/p9UyeX7xu6KkAGqfm3FJ+oObLDNEva"; | ||
const A_SECRET = | ||
"ZWVTjPQSdhwRgl204Hc51YCsritMIzn8B=/p9UyeX7xu6KkAGqfm3FJ+oObLDNEva"; | ||
//Found a string that matches "AWS API Key" : "AKIAIUWUUQQN3GNUA88V" | ||
@@ -50,3 +77,3 @@ const AWS_TOKEN = "AKIAIUWUUQQN3GNUA88V"; | ||
### 1.1. <a name='IncludeJSONfiles'></a>Include JSON files | ||
### 1.3. <a name='IncludeJSONfiles'></a>Include JSON files | ||
@@ -57,16 +84,34 @@ To include JSON files, install `eslint-plugin-jsonc` | ||
Then in your `.eslint` configuration file, extend the jsonc base config | ||
Then in your `.eslint` configuration file, extend the jsonc base config | ||
```json | ||
{ | ||
"extends": [ | ||
"plugin:jsonc/base" | ||
] | ||
"extends": ["plugin:jsonc/base"] | ||
} | ||
``` | ||
#### 1.3.1. <a name='IncludeJSONfileswithinflatconfigs'></a>Include JSON files with in "flat configs" | ||
_eslint.config.js_ | ||
## 2. <a name='Config'></a>Config | ||
```js | ||
import noSecrets from "eslint-plugin-no-secrets"; | ||
import jsoncExtend from "eslint-plugin-jsonc"; | ||
export default [ | ||
...jsoncExtend.configs["flat/recommended-with-jsonc"], | ||
{ | ||
languageOptions: { ecmaVersion: 6 }, | ||
plugins: { | ||
"no-secrets": noSecret, | ||
}, | ||
rules: { | ||
"no-secrets/no-secrets": "error", | ||
}, | ||
}, | ||
]; | ||
``` | ||
## 2. <a name='Config'></a>Config | ||
Decrease the tolerance for entropy | ||
@@ -76,6 +121,6 @@ | ||
{ | ||
"plugins":["no-secrets"], | ||
"rules":{ | ||
"no-secrets/no-secrets":["error",{"tolerance":3.2}] | ||
} | ||
"plugins": ["no-secrets"], | ||
"rules": { | ||
"no-secrets/no-secrets": ["error", { "tolerance": 3.2 }] | ||
} | ||
} | ||
@@ -87,22 +132,27 @@ ``` | ||
```json | ||
{ | ||
"plugins": ["no-secrets"], | ||
"rules": { | ||
"no-secrets/no-secrets": [ | ||
"error", | ||
{ "additionalRegexes": { "Basic Auth": "Authorization: Basic [A-Za-z0-9+/=]*" } } | ||
] | ||
} | ||
"plugins": ["no-secrets"], | ||
"rules": { | ||
"no-secrets/no-secrets": [ | ||
"error", | ||
{ | ||
"additionalRegexes": { | ||
"Basic Auth": "Authorization: Basic [A-Za-z0-9+/=]*" | ||
} | ||
} | ||
] | ||
} | ||
} | ||
``` | ||
## 3. <a name='Whenitsreallynotasecret'></a>When it's really not a secret | ||
### 3.1. <a name='Eitherdisableitwithacomment'></a> Either disable it with a comment | ||
## 3. <a name='Whenitsreallynotasecret'></a>When it's really not a secret | ||
### 3.1. <a name='Eitherdisableitwithacomment'></a> Either disable it with a comment | ||
```javascript | ||
// Set of potential base64 characters | ||
// eslint-disable-next-line no-secrets/no-secrets | ||
const BASE64_CHARS = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; | ||
const BASE64_CHARS = | ||
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; | ||
``` | ||
@@ -112,25 +162,28 @@ | ||
### 3.2. <a name='usetheignoreContenttoignorecertaincontent'></a> use the `ignoreContent` to ignore certain content | ||
### 3.2. <a name='usetheignoreContenttoignorecertaincontent'></a> use the `ignoreContent` to ignore certain content | ||
```json | ||
{ | ||
"plugins":["no-secrets"], | ||
"rules":{ | ||
"no-secrets/no-secrets":["error",{"ignoreContent":"^ABCD"}] | ||
} | ||
"plugins": ["no-secrets"], | ||
"rules": { | ||
"no-secrets/no-secrets": ["error", { "ignoreContent": "^ABCD" }] | ||
} | ||
} | ||
``` | ||
### 3.3. <a name='UseignoreIdentifierstoignorecertainvariablepropertynames'></a> Use `ignoreIdentifiers` to ignore certain variable/property names | ||
### 3.3. <a name='UseignoreIdentifierstoignorecertainvariablepropertynames'></a> Use `ignoreIdentifiers` to ignore certain variable/property names | ||
```json | ||
{ | ||
"plugins":["no-secrets"], | ||
"rules":{ | ||
"no-secrets/no-secrets":["error",{"ignoreIdentifiers":["BASE64_CHARS"]}] | ||
} | ||
"plugins": ["no-secrets"], | ||
"rules": { | ||
"no-secrets/no-secrets": [ | ||
"error", | ||
{ "ignoreIdentifiers": ["BASE64_CHARS"] } | ||
] | ||
} | ||
} | ||
``` | ||
### 3.4. <a name='UseadditionalDelimiterstofurthersplituptokens'></a> Use `additionalDelimiters` to further split up tokens | ||
### 3.4. <a name='UseadditionalDelimiterstofurthersplituptokens'></a> Use `additionalDelimiters` to further split up tokens | ||
@@ -143,26 +196,26 @@ Tokens will always be split up by whitespace within a string. However, sometimes words that are delimited by something else (e.g. dashes, periods, camelcase words). You can use `additionalDelimiters` to handle these cases. | ||
{ | ||
"plugins":["no-secrets"], | ||
"rules":{ | ||
"no-secrets/no-secrets":["error",{"additionalDelimiters":[".","(?=[A-Z][a-z])"]}] | ||
} | ||
"plugins": ["no-secrets"], | ||
"rules": { | ||
"no-secrets/no-secrets": [ | ||
"error", | ||
{ "additionalDelimiters": [".", "(?=[A-Z][a-z])"] } | ||
] | ||
} | ||
} | ||
``` | ||
## 4. <a name='Options'></a>Options | ||
## 4. <a name='Options'></a>Options | ||
| Option | Description | Default | Type | | ||
| -------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | ------------------------------------------- | | ||
| tolerance | Minimum "randomness"/entropy allowed. Only strings **above** this threshold will be shown. | `4` | `number` | | ||
| additionalRegexes | Object of additional patterns to check. Key is check name and value is corresponding pattern | `{}` | {\[regexCheckName:string]:string \| RegExp} | | ||
| ignoreContent | Will ignore the _entire_ string if matched. Expects either a pattern or an array of patterns. This option takes precedent over `additionalRegexes` and the default regular expressions | `[]` | string \| RegExp \| (string\|RegExp)[] | | ||
| ignoreModules | Ignores strings that are an argument in `import()` and `require()` or is the path in an `import` statement. | `true` | `boolean` | | ||
| ignoreIdentifiers | Ignores the values of properties and variables that match a pattern or an array of patterns. | `[]` | string \| RegExp \| (string\|RegExp)[] | | ||
| ignoreCase | Ignores character case when calculating entropy. This could lead to some false negatives | `false` | `boolean` | | ||
| additionalDelimiters | In addition to splitting the string by whitespace, tokens will be further split by these delimiters | `[]` | (string\|RegExp)[] | | ||
|Option|Description|Default|Type| | ||
|------|-----------|----------------|----| | ||
|tolerance|Minimum "randomness"/entropy allowed. Only strings **above** this threshold will be shown. |`4`|`number`| | ||
|additionalRegexes|Object of additional patterns to check. Key is check name and value is corresponding pattern |`{}`|{\[regexCheckName:string]:string \| RegExp}| | ||
|ignoreContent|Will ignore the *entire* string if matched. Expects either a pattern or an array of patterns. This option takes precedent over `additionalRegexes` and the default regular expressions|`[]`|string \| RegExp \| (string\|RegExp)[]| | ||
|ignoreModules|Ignores strings that are an argument in `import()` and `require()` or is the path in an `import` statement.|`true`|`boolean`| | ||
|ignoreIdentifiers|Ignores the values of properties and variables that match a pattern or an array of patterns. |`[]`|string \| RegExp \| (string\|RegExp)[]| | ||
|ignoreCase|Ignores character case when calculating entropy. This could lead to some false negatives|`false`|`boolean`| | ||
|additionalDelimiters|In addition to splitting the string by whitespace, tokens will be further split by these delimiters|`[]`|(string\|RegExp)[]| | ||
## 5. <a name='Acknowledgements'></a>Acknowledgements | ||
## 5. <a name='Acknowledgements'></a>Acknowledgements | ||
Huge thanks to [truffleHog](https://github.com/dxa4481/truffleHog) for the inspiration, the regexes, and the measure of entropy. | ||
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
21401
1
213