profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/w0rmr1d3r/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Ramon w0rmr1d3r @holaluz Security, is a must :)

zricethezav/gitleaks 8403

Scan git repos (or files) for secrets using regex and entropy 🔑

w0rmr1d3r/tecnoUAB_demo 3

Repository for demo purposes

w0rmr1d3r/cloudmapper 0

CloudMapper helps you analyze your Amazon Web Services (AWS) environments.

w0rmr1d3r/forkyou 0

Android App as a personal project

w0rmr1d3r/gitleaks 0

Scan git repos (or files) for secrets using regex and entropy 🔑

w0rmr1d3r/hackupc2017fall 0

spaghetti code for this hackathon

w0rmr1d3r/personal_assistant 0

Some code for a personal assistant

w0rmr1d3r/prowler 0

Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains all CIS controls listed here https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf and more than 100 additional checks that help on GDPR, HIPAA and other security requirements.

w0rmr1d3r/song_giver 0

Web page for random music

Pull request review commentzricethezav/gitleaks

Update gitleaks.toml

 title = "gitleaks config"     description = "PyPI upload token"     regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}'''     tags = ["key", "pypi"]+    +[[rules]]+    description = "Octopus deploy"+    regex = '''api-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}'''+    tags = ["key", "API"]+    +[[rules]]+    description = "Sonarqube and other scanner tools"+    regex = '''api-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}'''+    tags = ["key", "api"]

Why are the regex duplicated, shouldn't one be starting with API and the other with api ? They only differ on the description and the tags.

ds50421

comment created time in 2 days

PullRequestReviewEvent
PullRequestReviewEvent

issue commentintegrations/terraform-provider-github

resource github_repository: etag: DiffSuppressFunc is for suppressing differences

You are right @ChristophShyper ! It's pointing to 4.15. Sorry for generating any noise :shame-on-me:

eduardchai

comment created time in 2 days

issue commentintegrations/terraform-provider-github

resource github_repository: etag: DiffSuppressFunc is for suppressing differences

It's happening with the provider on other versions:

    github = {
      source  = "integrations/github"
      version = "~> 4.3"
    }
eduardchai

comment created time in 2 days

PullRequestReviewEvent

Pull request review commenttoniblyx/prowler

New check 7154 CloudFormation stack termination protection enabled @ShubhamShah11

+#!/usr/bin/env bash++# Prowler - the handy cloud security tool (copyright 2019) by Toni de la Fuente+#+# Licensed under the Apache License, Version 2.0 (the "License"); you may not+# use this file except in compliance with the License. You may obtain a copy+# of the License at http://www.apache.org/licenses/LICENSE-2.0+#+# Unless required by applicable law or agreed to in writing, software distributed+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR+# CONDITIONS OF ANY KIND, either express or implied. See the License for the+# specific language governing permissions and limitations under the License.+#+# Remediation:+#+#   https://docs.aws.amazon.com/cli/latest/reference/cloudformation/update-termination-protection.html+#+#   aws cloudformation update-termination-protection \+#   --stack-name my-stack \+#   --enable-termination-protection++CHECK_ID_extra7154="7.154"+CHECK_TITLE_extra7154="[extra7154] Enable termination protection for Cloudformation Stacks"+CHECK_SCORED_extra7154="NOT_SCORED"+CHECK_TYPE_extra7154="EXTRA"+CHECK_SEVERITY_extra7154="MEDIUM"+CHECK_ASFF_RESOURCE_TYPE_extra7154="AwsCloudFormationStack"+CHECK_ALTERNATE_check7154="extra7154"+CHECK_SERVICENAME_extra7154="cloudformation"+CHECK_RISK_extra7154='Without termination protection enabled, a critical cloudformation stack can be accidently deleted.'+CHECK_REMEDIATION_extra7154='Ensure termination protection is enabled for the cloudformation stacks'+CHECK_DOC_extra7154='https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-protect-stacks.html'+CHECK_CAF_EPIC_extra7154='Infrastructure Protection'++extra7154() {+  for regx in $REGIONS; do+    CFN_STACKS=$($AWSCLI cloudformation describe-stacks $PROFILE_OPT --region $regx --output json)+    LIST_OF_CFN_STACKS=$(echo $CFN_STACKS | jq -r '.Stacks[].StackName')+    if [[ $LIST_OF_CFN_STACKS ]];then+      for stack in $LIST_OF_CFN_STACKS; do+        CFN_STACK_DETAILS=$($AWSCLI cloudformation describe-stacks $PROFILE_OPT --region $regx --stack-name $stack --output json)+        TERMINATION_ENABLED=$(echo $CFN_STACK_DETAILS | jq -r '.Stacks[].EnableTerminationProtection')+        ROOT_ID=$(echo $CFN_STACK_DETAILS | jq -r '.Stacks[].RootId')+        if [[ $ROOT_ID != null && $TERMINATION_ENABLED == "false" ]]; then+          textFail "$regx: $stack is a nested stack, enable termination protection on the root stack $ROOT_ID" "$regx" "$stack" "$ROOT_ID"

Question here, for a nested stack, this check will output 2 failures, 1 for the root stack and another for the nested one. By fixing the root stack, it will fix both failures at the same time. What if this was an info for nested stacks? Since for the root stack will fail as well, by fixing the root, this will transform from an info to a pass, instead of from a failure to a pass, since only a change on the root stack is needed. @toniblyx any thoughts on this?

ShubhamShah11

comment created time in 2 days

PullRequestReviewEvent

issue commenttoniblyx/prowler

Prowler does not work in the central SecurityHub account (AWS Support confirmed bug)

The Pr has been merged @joerg ! Can you try again to see if it has been fixed?

Thank you!

joerg

comment created time in 3 days

startedaquasecurity/cloudsploit

started time in 4 days

startedaccurics/terrascan

started time in 5 days

issue commentzricethezav/gitleaks

v7.6.0 makes a 'could not generate Patch' error

@zricethezav any help here? I know nothing about that error :/

emmahsax

comment created time in 8 days

issue commentzricethezav/gitleaks

v7.6.0 makes a 'could not generate Patch' error

Thanks @emmahsax :)

What if in the first example, you just put --path='.' instead of --path='./'. Have you tried so? Talking about these lines:

else \
        gitleaks --verbose --additional-config='gitleaks.toml' \
          --path='./' --commits='${{ env.COMMITS }}'; \
      fi \

Or maybe, you won't even need that cd app/, in this section of the readme -> https://github.com/zricethezav/gitleaks#docker It's passing to the docker, the path without needing to do the cd app/ that you are doing.

Can we try that? Those two variants?

Cheers!

emmahsax

comment created time in 9 days

issue commentzricethezav/gitleaks

Dockerfile creation blocker

Great @sojugeorge , that's the very same file I checked within the repo. The thing is, that it needs an argument ldflags , but I don't know which value it should have.

Waiting for @zricethezav to add more info here.

sojugeorge

comment created time in 9 days

issue commentzricethezav/gitleaks

Dockerfile creation blocker

Thanks @sojugeorge ! It seems that you aren't passing the argument ldflags (needed here -> https://github.com/zricethezav/gitleaks/blob/master/Dockerfile#L3).

Can you provide us how are you building the image?

I've checked this section of the readme -> https://github.com/zricethezav/gitleaks#docker @zricethezav , but can't find how to build the docker image, only how to use it once it's been built.

If @zricethezav can provide us an example, I'm happy to add it to the documentation.

Cheers!

sojugeorge

comment created time in 10 days

Pull request review commenttoniblyx/prowler

New Prowler Check 7150 by Manuel Ugarte submitted for review

+#!/usr/bin/env bash++# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente+#+# Licensed under the Apache License, Version 2.0 (the "License"); you may not+# use this file except in compliance with the License. You may obtain a copy+# of the License at http://www.apache.org/licenses/LICENSE-2.0+#+# Unless required by applicable law or agreed to in writing, software distributed+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR+# CONDITIONS OF ANY KIND, either express or implied. See the License for the+# specific language governing permissions and limitations under the License.+CHECK_ID_extra7150="7.150"+CHECK_TITLE_extra7150="[extra7150] Check if Elastic Load Balancers have deletion protection enabled"+CHECK_SCORED_extra7150="NOT_SCORED"+CHECK_TYPE_extra7150="EXTRA"+CHECK_SEVERITY_extra7150="Medium"+CHECK_ASFF_RESOURCE_TYPE_extra7150="AwsElbLoadBalancer"+CHECK_ALTERNATE_check7150="extra7150"+CHECK_SERVICENAME_extra7150="elb"+CHECK_RISK_extra7150='If deletion protection is not enabled, the resource is not protected against deletion.'+CHECK_REMEDIATION_extra7150='Enable deletion protection attribute; this is not enabled by default.'+CHECK_DOC_extra7150='https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html#deletion-protection'+CHECK_CAF_EPIC_extra7150='Data Protection'++extra7150(){+  # "Check if Elastic Load Balancers have delete protection enabled."+  for regx in $REGIONS; do+    LIST_OF_ELBSV2=$($AWSCLI elbv2 describe-load-balancers $PROFILE_OPT --region $regx --query 'LoadBalancers[*].LoadBalancerArn' --output text|xargs -n1)+    if [[ $LIST_OF_ELBSV2 ]]; then+      for elbarn in $LIST_OF_ELBSV2; do+        CHECK_DELETION_PROTECTION_ENABLED=$($AWSCLI elbv2 describe-load-balancer-attributes $PROFILE_OPT --region $regx --load-balancer-arn $elbarn --query Attributes[*] --output text|grep -B 1 "deletion_protection.enabled" | grep true)+        ELBV2_NAME=$(echo $elbarn|cut -d\/ -f3)

Doing this inside the for-loop might take a lot of time, do we have a workaround to do a for-loop but with the data already obtained?

ManuelUgarte

comment created time in 10 days

Pull request review commenttoniblyx/prowler

New Prowler Check 7150 by Manuel Ugarte submitted for review

+#!/usr/bin/env bash++# Prowler - the handy cloud security tool (copyright 2018) by Toni de la Fuente+#+# Licensed under the Apache License, Version 2.0 (the "License"); you may not+# use this file except in compliance with the License. You may obtain a copy+# of the License at http://www.apache.org/licenses/LICENSE-2.0+#+# Unless required by applicable law or agreed to in writing, software distributed+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR+# CONDITIONS OF ANY KIND, either express or implied. See the License for the+# specific language governing permissions and limitations under the License.+CHECK_ID_extra7150="7.150"+CHECK_TITLE_extra7150="[extra7150] Check if Elastic Load Balancers have deletion protection enabled"+CHECK_SCORED_extra7150="NOT_SCORED"+CHECK_TYPE_extra7150="EXTRA"+CHECK_SEVERITY_extra7150="Medium"+CHECK_ASFF_RESOURCE_TYPE_extra7150="AwsElbLoadBalancer"+CHECK_ALTERNATE_check7150="extra7150"+CHECK_SERVICENAME_extra7150="elb"+CHECK_RISK_extra7150='If deletion protection is not enabled, the resource is not protected against deletion.'+CHECK_REMEDIATION_extra7150='Enable deletion protection attribute; this is not enabled by default.'+CHECK_DOC_extra7150='https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html#deletion-protection'+CHECK_CAF_EPIC_extra7150='Data Protection'++extra7150(){+  # "Check if Elastic Load Balancers have delete protection enabled."+  for regx in $REGIONS; do+    LIST_OF_ELBSV2=$($AWSCLI elbv2 describe-load-balancers $PROFILE_OPT --region $regx --query 'LoadBalancers[*].LoadBalancerArn' --output text|xargs -n1)+    if [[ $LIST_OF_ELBSV2 ]]; then+      for elbarn in $LIST_OF_ELBSV2; do+        CHECK_DELETION_PROTECTION_ENABLED=$($AWSCLI elbv2 describe-load-balancer-attributes $PROFILE_OPT --region $regx --load-balancer-arn $elbarn --query Attributes[*] --output text|grep -B 1 "deletion_protection.enabled" | grep true)+        ELBV2_NAME=$(echo $elbarn|cut -d\/ -f3)+        if [[ $CHECK_DELETION_PROTECTION_ENABLED ]]; then+          textPass "$regx: $ELBV2_NAME has the attribute deletion protection enabled" "$regx" "$elb"+        else+          textFail "$regx: $ELBV2_NAME does not have deletion protection enabled." "$regx" "$elb"+        fi+      done+    else+      textInfo "$regx: No ELBs found" "$regx"+    fi+  done+}

EOL

ManuelUgarte

comment created time in 10 days

PullRequestReviewEvent
PullRequestReviewEvent

issue commentzricethezav/gitleaks

Dockerfile creation blocker

Hello @sojugeorge ! Can you provide us more error logs?

Thank you!

sojugeorge

comment created time in 10 days

PullRequestReviewEvent

issue commentzricethezav/gitleaks

v7.6.0 makes a 'could not generate Patch' error

Hello @emmahsax ! Weird situation, can we try if we run Gitleaks inside a GitHub action but using it like this:

docker run -v $(pwd):/app -it --entrypoint /bin/bash zricethezav/gitleaks:v.7.6.1

That is, to run it like that in this step:

- name: Set GitLeaks Config

Can we try that if it gives us the same error?

On the other side, this PR has its build failing -> https://github.com/zricethezav/gitleaks/pull/639 Haven't checked it though

emmahsax

comment created time in 10 days

issue closedaquasecurity/tfsec

Public ECR image instead of DockerHub

Is your feature request related to a problem? Please describe. Is there a public AWS ECR image to pull from instead of DockerHub?

Describe the solution you'd like A public image to pull from ECR instead of pulling it from DockerHub

Describe alternatives you've considered I've search for it in public ECR repos, but can't find it 😕

Additional context Have looked for issues regarding this but found nothing.

closed time in 12 days

w0rmr1d3r

issue commentaquasecurity/tfsec

Public ECR image instead of DockerHub

Thank you @owenrumney ! Tested the new image and it works perfectly!

Closing the issue now 😄

w0rmr1d3r

comment created time in 12 days

issue commentaquasecurity/tfsec

Public ECR image instead of DockerHub

Hello @owenrumney ! A GitHub package to use it with Docker works as well!

Thanks!

w0rmr1d3r

comment created time in 12 days

PullRequestReviewEvent
PullRequestReviewEvent

issue closedzricethezav/gitleaks

Options --files-at-commit and --commit results in error

I am trying to run the scan on our CI using this command:

docker run \
  --tty --rm \
  --name=gitleaks \
  --mount type=bind,source="./",target="/scan" \
  "zricethezav/gitleaks:v7.2.0" \
  --path="/scan" \
  --files-at-commit="latest" \
  --config-path="scan/gitleask-config.toml" \
  --redact \
  --verbose

If I use --files-at-commit or --commit option, gitleaks throws error:

INFO[0000] opening /scan
ERRO[0000] object not found

When I remove --files-at-commit option gitleaks does not throw any error, but it doesn't find any secrets. Locally the same command works just fine.

Basic Info (please complete the following information):

  • Gitleaks Version: v7.2.0

cc @zricethezav

closed time in 15 days

AndrewMasalski

issue commentzricethezav/gitleaks

Options --files-at-commit and --commit results in error

Okai! Closing the issue for now, since it seems that it's been fixed :)

AndrewMasalski

comment created time in 15 days