Find plain text secrets
org.openrewrite.java.search.FindSecrets
Find secrets stored in plain text in code.
Tags
security
Recipe source
GitHub, Issue Tracker, Maven Central
groupId: org.openrewrite
artifactId: rewrite-java
version: 8.30.0
Data Tables
Source files that had results
org.openrewrite.table.SourcesFileResults
Source files that were modified by the recipe run.
Column Name | Description |
---|---|
Source path before the run | The source path of the file before the run. |
Source path after the run | A recipe may modify the source path. This is the path after the run. |
Parent of the recipe that made changes | In a hierarchical recipe, the parent of the recipe that made a change. Empty if this is the root of a hierarchy or if the recipe is not hierarchical at all. |
Recipe that made changes | The specific recipe that made a change. |
Estimated time saving | An estimated effort that a developer to fix manually instead of using this recipe, in unit of seconds. |
Cycle | The recipe cycle in which the change was made. |
Source files that errored on a recipe
org.openrewrite.table.SourcesFileErrors
The details of all errors produced by a recipe run.
Column Name | Description |
---|---|
Source path | The file that failed to parse. |
Recipe that made changes | The specific recipe that made a change. |
Stack trace | The stack trace of the failure. |
Recipe performance
org.openrewrite.table.RecipeRunStats
Statistics used in analyzing the performance of recipes.
Column Name | Description |
---|---|
The recipe | The recipe whose stats are being measured both individually and cumulatively. |
Source file count | The number of source files the recipe ran over. |
Source file changed count | The number of source files which were changed in the recipe run. Includes files created, deleted, and edited. |
Cumulative scanning time | The total time spent across the scanning phase of this recipe. |
99th percentile scanning time | 99 out of 100 scans completed in this amount of time. |
Max scanning time | The max time scanning any one source file. |
Cumulative edit time | The total time spent across the editing phase of this recipe. |
99th percentile edit time | 99 out of 100 edits completed in this amount of time. |
Max edit time | The max time editing any one source file. |
Usage
This recipe has no required configuration parameters and comes from a rewrite core library. It can be activated directly without adding any dependencies.
Add the following to your
build.gradle
file:
Run
gradle rewriteRun
to run the recipe.
Definition
Find within comments and literals
patterns:
[(xox[pboa]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32}), -----BEGIN RSA PRIVATE KEY-----, -----BEGIN DSA PRIVATE KEY-----, -----BEGIN EC PRIVATE KEY-----, -----BEGIN PGP PRIVATE KEY BLOCK-----, ((?:A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}), amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}, AKIA[0-9A-Z]{16}, da2-[a-z0-9]{26}, EAACEdEose0cBA[0-9A-Za-z]+, [fF][aA][cC][eE][bB][oO][oO][kK].*['|"][0-9a-f]{32}['|"], [gG][iI][tT][hH][uU][bB].*['|"][0-9a-zA-Z]{35,40}['|"], [aA][pP][iI]_?[kK][eE][yY].*['|"][0-9a-zA-Z]{32,45}['|"], [sS][eE][cC][rR][eE][tT].*['|"][0-9a-zA-Z]{32,45}['|"], AIza[0-9A-Za-z\-_]{35}, AIza[0-9A-Za-z\-_]{35}, [0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com, AIza[0-9A-Za-z\-_]{35}, [0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com, "type": "service_account", AIza[0-9A-Za-z\-_]{35}, [0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com, ya29\.[0-9A-Za-z\-_]+, AIza[0-9A-Za-z\-_]{35}, [0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com, [hH][eE][rR][oO][kK][uU].*[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}, [0-9a-f]{32}-us[0-9]{1,2}, key-[0-9a-zA-Z]{32}, [a-zA-Z]{3,10}://[^/\s:@]{3,20}:[^/\s:@]{3,20}@.{1,100}["'\s], access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}, sk_live_[0-9a-z]{32}, https://hooks\.slack\.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}, sk_live_[0-9a-zA-Z]{24}, rk_live_[0-9a-zA-Z]{24}, sq0atp-[0-9A-Za-z\-_]{22}, sq0csp-[0-9A-Za-z\-_]{43}, [0-9]+:AA[0-9A-Za-z\-_]{33}, SK[0-9a-fA-F]{32}, [tT][wW][iI][tT][tT][eE][rR].*[1-9][0-9]+-[0-9a-zA-Z]{40}, [tT][wW][iI][tT][tT][eE][rR].*['|"][0-9a-zA-Z]{35,44}['|"]]
See how this recipe works across multiple open-source repositories
The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.
Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.
Contributors
Jonathan Schneider, Sam Snyder, Tim te Beek, Jonathan Leitschuh
Last updated