github.com/snowflakedb/gosnowflake@v1.9.0/secret_detector.go

github.com/snowflakedb/gosnowflake@v1.9.0/secret_detector.go (about)

     1  // Copyright (c) 2021-2022 Snowflake Computing Inc. All rights reserved.
     2  
     3  package gosnowflake
     4  
     5  import "regexp"
     6  
     7  const (
     8  	awsKeyPattern          = `(?i)(aws_key_id|aws_secret_key|access_key_id|secret_access_key)\s*=\s*'([^']+)'`
     9  	awsTokenPattern        = `(?i)(accessToken|tempToken|keySecret)"\s*:\s*"([a-z0-9/+]{32,}={0,2})"`
    10  	sasTokenPattern        = `(?i)(sig|signature|AWSAccessKeyId|password|passcode)=(?P<secret>[a-z0-9%/+]{16,})`
    11  	privateKeyPattern      = `(?im)-----BEGIN PRIVATE KEY-----\\n([a-z0-9/+=\\n]{32,})\\n-----END PRIVATE KEY-----`
    12  	privateKeyDataPattern  = `(?i)"privateKeyData": "([a-z0-9/+=\\n]{10,})"`
    13  	connectionTokenPattern = `(?i)(token|assertion content)([\'\"\s:=]+)([a-z0-9=/_\-\+]{8,})`
    14  	passwordPattern        = `(?i)(password|pwd)([\'\"\s:=]+)([a-z0-9!\"#\$%&\\\'\(\)\*\+\,-\./:;<=>\?\@\[\]\^_\{\|\}~]{8,})`
    15  )
    16  
    17  var (
    18  	awsKeyRegexp          = regexp.MustCompile(awsKeyPattern)
    19  	awsTokenRegexp        = regexp.MustCompile(awsTokenPattern)
    20  	sasTokenRegexp        = regexp.MustCompile(sasTokenPattern)
    21  	privateKeyRegexp      = regexp.MustCompile(privateKeyPattern)
    22  	privateKeyDataRegexp  = regexp.MustCompile(privateKeyDataPattern)
    23  	connectionTokenRegexp = regexp.MustCompile(connectionTokenPattern)
    24  	passwordRegexp        = regexp.MustCompile(passwordPattern)
    25  )
    26  
    27  func maskConnectionToken(text string) string {
    28  	return connectionTokenRegexp.ReplaceAllString(text, "$1${2}****")
    29  }
    30  
    31  func maskPassword(text string) string {
    32  	return passwordRegexp.ReplaceAllString(text, "$1${2}****")
    33  }
    34  
    35  func maskAwsKey(text string) string {
    36  	return awsKeyRegexp.ReplaceAllString(text, "${1}****$2")
    37  }
    38  
    39  func maskAwsToken(text string) string {
    40  	return awsTokenRegexp.ReplaceAllString(text, "${1}XXXX$2")
    41  }
    42  
    43  func maskSasToken(text string) string {
    44  	return sasTokenRegexp.ReplaceAllString(text, "${1}****$2")
    45  }
    46  
    47  func maskPrivateKey(text string) string {
    48  	return privateKeyRegexp.ReplaceAllString(text, "-----BEGIN PRIVATE KEY-----\\\\\\\\nXXXX\\\\\\\\n-----END PRIVATE KEY-----")
    49  }
    50  
    51  func maskPrivateKeyData(text string) string {
    52  	return privateKeyDataRegexp.ReplaceAllString(text, `"privateKeyData": "XXXX"`)
    53  }
    54  
    55  func maskSecrets(text string) string {
    56  	return maskConnectionToken(
    57  		maskPassword(
    58  			maskPrivateKeyData(
    59  				maskPrivateKey(
    60  					maskAwsToken(
    61  						maskSasToken(
    62  							maskAwsKey(text)))))))
    63  }