feat(EXPOSED_SECRETS): detect common real-world credential formats#37
Open
dmchaledev wants to merge 1 commit into
Open
feat(EXPOSED_SECRETS): detect common real-world credential formats#37dmchaledev wants to merge 1 commit into
dmchaledev wants to merge 1 commit into
Conversation
The EXPOSED_SECRETS rule (CRITICAL) only matched a thin set of vendor prefixes (OpenAI `sk-`, GitHub `ghp_`, AWS `AKIA`) plus an inline `password=` assignment. As a result, a config carrying an Anthropic key, a Slack/Google/Stripe token, a PEM private key, or a connection string with embedded credentials (`postgres://user:pass@host`) produced zero findings and PASSED — a false negative on the tool's headline secret check. Changes (localized to runtime-rules.ts + tests, no new dependencies): - Add patterns for Anthropic (`sk-ant-`), OpenAI project keys (`sk-proj-`), GitHub fine-grained PATs (`github_pat_`), Google API keys (`AIza…`), Slack tokens (`xox[baprs]-`), Stripe live keys (`[sr]k_live_`), PEM private-key blocks, and credentials embedded in connection-string URLs. - Remove the erroneous case-insensitive flag on the AWS pattern (access key IDs are strictly uppercase; `/i` flagged any lowercase "akia…"). - Name the matched credential type in the finding's description/evidence. - Redact matched values (short prefix + length) so the scanner never echoes a full secret into logs or uploaded SARIF. Patterns are anchored on distinctive prefixes/structures, so a high-entropy opaque token without a known prefix and the JWT-style token in examples/secure-config.json stay clean (no false positives). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_014MJLFcbdtKTE6ZG9Mhe3Ki
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The
EXPOSED_SECRETSrule (CRITICAL — the scanner's headline "Potential Secret Exposed" check) only matched a thin set of vendor prefixes: OpenAIsk-, GitHubghp_, AWSAKIA, plus an inlinepassword=assignment. Several credential formats that routinely appear in real MCP configs slipped through entirely, so a config carrying them produced 0 findings and PASSED.Verified against
main(built CLI) — this config scans clean today:{ "transport": { "url": "https://x.example.com", "tls": true, "auth": { "type": "bearer", "token": "sk-ant-api03-…" } }, // Anthropic key "rateLimit": { "enabled": true }, "tools": [ { "name": "db", "description": "postgres://admin:SuperSecret123@db.internal:5432/app" }, { "name": "slack", "description": "xoxb-…" }, { "name": "gcp", "description": "AIzaSy…" } ] }For a tool sold as a CI/CD secret-detection gate, missing an Anthropic key, a Slack/Google/Stripe token, a PEM private key, or credentials embedded in a connection-string URL is a meaningful false negative.
Changes
Localized to
src/rules/runtime-rules.ts+ tests — no new dependencies:sk-ant-), OpenAI project keys (sk-proj-), GitHub fine-grained PATs (github_pat_), Google API keys (AIza…), Slack tokens (xox[baprs]-), Stripe live keys ([sr]k_live_), PEM private-key blocks, and credentials embedded in connection-string URLs (scheme://user:pass@host).AKIAIDs are strictly uppercase;/iwould flag any lowercaseakia…substring).The same config now correctly fails:
False-positive guardrails
Patterns are anchored on distinctive prefixes/structures, so:
https://api.example.com,wss://…) does not match the connection-string pattern.examples/secure-config.jsonstays clean —secure-config.jsonstill PASSES andvulnerable-config.jsonis unchanged (no new findings).Tests
+15 cases covering each new credential format, the redaction behavior, the multi-secret summary, and the no-false-positive guards. Full suite: 133 passing (was 118).
lintandtypecheckclean.🤖 Generated with Claude Code
Generated by Claude Code