secret-scanning-custom-patterns icon indicating copy to clipboard operation
secret-scanning-custom-patterns copied to clipboard

Published 20 hours ago verified publisher icon advanced-security

add Temporal API key to scanner

Open mattkim opened this issue 2 years ago • 2 comments
trafficstars

I added patterns for Temporal API keys.

Every Temporal API key has a prefix "tmprl_" follow by two alphanumeric ids.

Pending tests passing.

mattkim avatar Nov 03 '23 20:11 mattkim

I did take a look at this, and a check over GitHub Code Search with the regex revealed the potential for false positives, even without deeper testing.

Could you tighten up on length constraints on the two alphanumeric parts of the pattern please? At the moment the lack of a lower limit means it can easily match on variable names in code.

Knowing the exact lengths of those alphanumeric parts could really make the FP potential plummet.

aegilops avatar Nov 09 '23 21:11 aegilops

@mattkim if you've got time to take a look at the requested changes I asked for then I can look at retesting and merging the pattern

aegilops avatar Jan 15 '24 15:01 aegilops