fix: add support for artifactory identity tokens #115
Conversation
Signed-off-by: Daniel Pittner <[email protected]>
dpittner
force-pushed
the
tweak-artifactory
branch
from
4ad9d40 to
a285a86
Compare
| @@ -15,6 +15,8 @@ class ArtifactoryDetector(RegexBasedDetector): | |||
| re.compile(r'(?:(?<==|:|")|(?<=\s)|(?<=^))AKC[a-zA-Z0-9]{10,}'), # api token | |||
| # artifactory encrypted passwords begin with AP[A-Z] | |||
| re.compile(r'(?:(?<==|:|")|(?<=\s)|(?<=^))AP[\dABCDEF][a-zA-Z0-9]{8,}'), # password | |||
| # artifactory identity tokens are different (base64 encoded reftkn:) and 64 chars | |||
| re.compile(r'(?:(?<==|:|")|(?<=\s)|(?<=^))cmVmdGtuOg{54,54}'), #identity token | |||
There was a problem hiding this comment.
I have a couple questions: Where did you get the regex that you included in this PR? Also do all artifactory tokens have "cmVmdGtuOg" literal string?
There was a problem hiding this comment.
IF reading this right:
line 15: says: start with AKC then [any lower or upper case alphabet or number char ] and then 10 or more of the same preceding token (ie lower or upper alphabet or number)
line 17: says: start with AP then [any upper case alphabet A-F or number char ] and then [any lower or upper case alphabet or number char ] 8 or more of the same preceding token (ie lower or upper alphabet or number)
line 19 (your new regex) say: starts with c then m then V then m then d then G then t then u the 0 the g then exactly 54 more characters of preceding (ie g)
1st, correct me if I am understanding this wrong. But if I am correct, then this will not work as a general enough regex and it would only make one very specific value.
What: when using Artifactory identity tokens (https://www.jfrog.com/confluence/display/JFROG/Access+Tokens) which are a recent feature you've the option to make them expiring. So it's desirable to use them instead of pro-active rotation.
However the token format is different from what's currently detected by the plugin, so this PR aims to extend the plugin with the ability to detect identity tokens of artifactory.