Update and rename low-severity-token.bcheck to tentative.bcheck and Change else if to if

[xElkomy]

We implemented a minor adjustment using 'else if', as 'else if' ceases execution upon discovering the first secret. Conversely, using 'if' allows the process to continue, enabling the identification of any additional exposed secrets.

Thanks to @xhzeem for the advice and his note about it.

BCheck Contributions

• BCheck compiles and executes as expected
• BCheck contains appropriate metadata (name, version, author, description and appropriate tags)
• Only .bcheck files have been added or modified
• BCheck is in the appropriate folder
• PR contains single or limited number of BChecks (Multiple PRs are preferred)
• BCheck attempts to minimize false positives

[ps-porpoise]

Hey @xElkomy, I believe you'd also want to use the 'and continue' (docs here) to achieve the behaviour you're looking for. If you don't use that, then your BCheck will stop executing after it's reported its first issue. Note that to do this you'll have to update your language version to 'v2-beta'.

[Hannah-PortSwigger]

Hi.

Thank you very much for the update.

You mention that you would like the BCheck to continue through the full list of checks, reporting multiple potential issues.

Once an issue has been reported, a BCheck will terminate, so this behavior will not change.

You can implement this behavior by upgrading your language version to v2-beta and using report issue and continue: in your BCheck. This will allow your BCheck to report multiple issues.

[xElkomy]

Thank you for your advice, I did it now.

[xElkomy]

The Script I used for create those bchecks by this python script:

import yaml
import requests
import os

bcheck_templates = {}

def download_rules(url):
    response = requests.get(url)
    if response.status_code == 200:
        return yaml.safe_load(response.text)
    else:
        raise Exception("Failed to download rules")

def create_bcheck_template(name, regex, confidence):
    bcheck_templates[str(confidence)] = f"""metadata:
 language: v2-beta
 name: "Information Disclosure Secret Finder - {confidence}"
 description: "Detects secret patterns in responses."
 author: "bugswagger, xelkomy, juba0x00, xhzeem"
 tags: "secret, bugswagger"

given response then
"""
    
def append_condition(name: str, confidence: str, regex: str)-> None:
    value = f"""
 if {{latest.response}} matches "{regex}" then
      report issue and continue:
        severity: medium
        confidence: {confidence}
        detail: "{name} secret pattern detected in the response."
        remediation: "Review and remove unnecessary exposure of secrets."
 end if
"""
    bcheck_templates[confidence] += value

def save_bcheck_file(name, content):
    filename = f"{name.replace(' ', '_').lower()}.bcheck"
    with open(filename, 'w') as file:
        file.write(content)

def main():
    url = "https://raw.githubusercontent.com/mazen160/secrets-patterns-db/master/db/rules-stable.yml"
    rules = download_rules(url)

    if not os.path.exists('bcheckskeys'):
        os.makedirs('bcheckskeys')
    os.chdir('bcheckskeys')

    patterns = rules['patterns']
    for pattern in patterns:
        regex = pattern['pattern']['regex'].replace(r'\"','"').replace('"', r'\"')
        name = pattern['pattern']['name']
        confidence = pattern['pattern']['confidence'].lower()

        # Replace confidence levels
        if confidence == 'high':
            confidence = 'certain'
        elif confidence == 'medium':
            confidence = 'firm'
        elif confidence == 'low':
            confidence = 'tentative'

        if name and regex and confidence:
            if confidence in bcheck_templates.keys():
                append_condition(name, confidence, regex)
            else:
                create_bcheck_template(name, regex, confidence)
    
    for key, value in bcheck_templates.items():
        print(f'saving {key}.bcheck')
        save_bcheck_file(key, value)
    
if __name__ == "__main__":
    main()

[Hannah-PortSwigger]

Thanks for making those changes.

Could you please rename your BCheck files so that they have a name that is more descriptive of your BCheck's functionality?

[xElkomy]

I made a small change on the names and you can suggets the name do you want as you want.

[Hannah-PortSwigger]

Thank you for making those changes!

[PortSwiggerWiener]

Thanks for making the suggested changes.

Looks good 👍