Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to exclude paths? #77

Open
Chan9390 opened this issue Oct 22, 2022 · 3 comments
Open

How to exclude paths? #77

Chan9390 opened this issue Oct 22, 2022 · 3 comments
Assignees

Comments

@Chan9390
Copy link

Chan9390 commented Oct 22, 2022

I read the documentation and found that I can exclude certain paths by appending them to exclude_paths.

Trying to evaluate this tool, I found the following false positive:

    {
      "Image Layer ID": "xxxxxxxxxxx",
      "Matched Rule ID": 135,
      "Matched Rule Name": "Contains a private key",
      "Matched Part": "contents",
      "String to Match": "",
      "Signature to Match": "-----BEGIN (EC|RSA|DSA|OPENSSH|PGP) PRIVATE KEY",
      "Severity": "medium",
      "Severity Score": 5.08,
      "Starting Index of Match in Original Content": 0,
      "Relative Starting Index of Match in Displayed Substring": 0,
      "Relative Ending Index of Match in Displayed Substring": 26,
      "Full File Name": "usr/local/share/.cache/yarn/v6/npm-proxy-agent-5.0.0-d31405c10d6e8431fde96cba7a0c027ce01d633b-integrity/node_modules/proxy-agent/test/ssl-cert-snakeoil.key",
      "Matched Contents": "-----BEGIN RSA PRIVATE KEY-----"
    },

While there's a private key in the path, it's added to the container by the repo's dependencies. So inorder to remove any detection of secrets in the usr/local/share/.cache path, I appended it to exclude_paths list:

Snippet:

# Secret Scanner Configuration File

blacklisted_strings: ["node_modules"] # skip matches containing any of these strings (case sensitive)
blacklisted_extensions: [".exe", ".jpg", ".jpeg", ".png", ".gif", ".bmp", ".tiff", ".tif", ".psd", ".xcf", ".zip", ".tar.gz", ".ttf", ".lock", ".pem"]
blacklisted_paths: ["{sep}var{sep}lib{sep}docker", "{sep}var{sep}lib{sep}containerd", "{sep}var{sep}lib{sep}containers", "{sep}var{sep}lib{sep}crio", "{sep}var{sep}run{sep}containers", "{sep}bin", "{sep}boot", "{sep}dev", "{sep}lib", "{sep}lib64", "{sep}media", "{sep}proc", "{sep}run", "{sep}sbin", "{sep}usr{sep}lib", "{sep}sys", "{sep}home{sep}kubernetes"]
exclude_paths: ["{sep}var{sep}lib{sep}docker", "{sep}var{name_sep}lib{name_sep}docker","{sep}var{sep}lib{sep}containerd", "{sep}var{name_sep}lib{name_sep}containerd", "{sep}usr{sep}local{sep}share{sep}.cache"] # use {sep} for the OS' path seperator and {name_sep} for -  (i.e. / or \)

signatures:
  - part:  'extension'

And ran the command: docker run -it --rm --name=deepfence-secretscanner -v $(pwd):/home/deepfence/output -v /var/run/docker.sock:/var/run/docker.sock deepfenceio/deepfence_secret_scanner:latest -image-name <image>:latest --config-path secretscanner (where the config.yaml is saved in secretscanner directory).

SecretScanner still detects this path and the false positive.

PS: I tried using {name_sep} instead of {sep}, and tried adding the path to blacklisted_strings and blacklisted_paths. Nothing worked so far.

@ibreakthecloud
Copy link
Contributor

@deviprasad303 please take a look

@deviprasad303
Copy link
Contributor

@Chan9390 please add usr{sep}local{sep}share{sep}.cache inside blacklist path. There should not be {sep} at the start of the path. please also add usr{sep}local{sep}share{sep}.cache in the exclude path . the exclude path removes everything that contains the given subpath

@ibreakthecloud
Copy link
Contributor

@Chan9390 can you check if it works out for you?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants