credentials package

Submodules

credentials.candidate module

class credsweeper.credentials.candidate.Candidate(line_data_list, patterns, rule_name, severity, config, validations=None, use_ml=False)

Bases: object

add_line_data(line_data)

Add new line data to the current credential.

Parameters

line_data (LineData) – Line data object to be added

Return type

None

property api_validation: credsweeper.common.constants.KeyValidationOption

Return type

KeyValidationOption

is_api_validation_available()

Check if current credential candidate can be validated with external API.

Return type

bool

Returns

True if any validation available, False otherwise

property line_data_list: List[credsweeper.credentials.line_data.LineData]

Return type

List[LineData]

property ml_validation: credsweeper.common.constants.KeyValidationOption

Return type

KeyValidationOption

property patterns: List[_regex.Pattern]

Return type

List[Pattern]

property rule_name: str

Return type

str

property severity: credsweeper.common.constants.Severity

Return type

Severity

to_json()

Convert credential candidate object to dictionary.

Return type

dict

Returns

Dictionary object generated from current credential candidate

credentials.candidate_group_generator module

class credsweeper.credentials.candidate_group_generator.CandidateGroupGenerator

Bases: object

property grouped_candidates: Dict[credsweeper.credentials.candidate_key.CandidateKey, List[credsweeper.credentials.candidate.Candidate]]

Return type

Dict[CandidateKey, List[Candidate]]

items()

Return type

List[Tuple[CandidateKey, List[Candidate]]]

credentials.candidate_key module

class credsweeper.credentials.candidate_key.CandidateKey(line_data)

Bases: object

Class used to identify credential candidates.

Candidates that detected same value on same string in a same file would have identical CandidateKey

credentials.credential_manager module

class credsweeper.credentials.credential_manager.CredentialManager

Bases: object

The manager allows you to store, add and delete separate credit candidates.

Parameters

candidates – list of credential candidates

add_credential(candidate)

Add credential candidate to the manager.

Parameters

candidate (Candidate) – credential candidate to be added

Return type

None

get_credentials()

Get all credential candidates stored in the manager.

Return type

List[Candidate]

Returns

List with all Candidate objects stored in manager

group_credentials()

Join candidates that references same secret value in the same line.

Candidate can belong to two groups in the same time if it have more than one LineData object inside

Return type

CandidateGroupGenerator

Returns

Contain dictionary of [path, line_num, value] -> credential candidates list

remove_credential(candidate)

Remove credential candidate from the manager.

Parameters

candidate (Candidate) – credential candidate to be removed

Return type

None

set_credentials(candidates)

Remove all current credentials candidates from the manager and add new credentials.

Parameters

candidates (List[Candidate]) – List with candidates to replace current candidates in the manager

Return type

None

credentials.line_data module

class credsweeper.credentials.line_data.LineData(config, line, line_num, path, pattern)

Bases: object

Object to treat and store scanned line related data.

Parameters

• key – Optional[str] = None

• line (str) – string variable, line

• line_num (int) – int variable, number of line in file

• path (str) – string variable, path to file

• pattern (Pattern) – regex pattern, detected pattern in line

• separator – optional string variable, separators between variable and value

• separator_span – optional tuple variable, separator position

• value – optional string variable, detected value in line

• variable – optional string variable, detected variable in line

bash_param_split = regex.Regex('\\s+(\\-|\\||\\>|\\w+?\\>|\\&)', flags=regex.V0)

clean_bash_parameters()

Split variable and value by bash special characters, if line assumed to be CLI command.

Return type

None

clean_url_parameters()

Clean url address from ‘query parameters’.

If line seem to be a URL - split by & character. Variable should be right most value after & or ? ([-1]). And value should be left most before & ([0])

Return type

None

comment_starts = ['//', '*', '#', '/*', '<!––', '%{', '%', '...', '(*', '--', '--[[', '#=']

initialize()

Set all internal fields.

Return type

None

is_comment()

Check if line with credential is a comment.

Return type

bool

Returns

True if line is a comment, False otherwise

is_source_file()

Check if file with credential is a source code file or not (data, log, plain text).

Return type

bool

Returns

True if file is source file, False otherwise

is_source_file_with_quotes()

Check if file with credential require quotation for string literals.

Return type

bool

Returns

True if file require quotation, False otherwise

property key: str

Return type

str

property line: str

Return type

str

property line_num: int

Return type

int

property path: str

Return type

str

property pattern: _regex.Pattern

Return type

Pattern

sanitize_variable()

Remove trailing spaces, dashes and quotations around the variable.

Return type

None

property separator: str

Return type

str

property separator_span: Tuple[int, int]

Return type

Tuple[int, int]

set_pattern_match_groups()

Apply regex to the candidate line and set internal fields based on match.

Return type

None

to_json()

Convert line data object to dictionary.

Return type

dict

Returns

Dictionary object generated from current line data

property value: str

Return type

str

property value_leftquote: str

Return type

str

property value_rightquote: str

Return type

str

property variable: str

Return type

str

Module contents