akto icon indicating copy to clipboard operation
akto copied to clipboard

Published 20 hours ago verified publisher icon akto-api-security

⚡️ Add sensitive data secrets types for products

Open Ankita28g opened this issue 2 years ago • 13 comments

💭 Introduction

Akto allows users to find sensitive params in request and response of APIs. These sensitive params include PII data such as SSN, Credit card number, phone number etc. You can check how it works in the docs.

Your task is to add secret types sensitive params.

👀 Impact

Your task will give users the ability to detect secret types sensitive data types.

🎯 Requirements

  • Understanding of regex
  • Understanding of unit test

✅ Task summary:

  • [ ] Ask to be assigned to the issue.
  • [ ] Wait to be assigned. We will try to assign in less than 2 hours.
  • [ ] Make regular expressions for secret types for below products. Feel free to add your own too.
  • [ ] Please provide the reference URL that mentions the nature of the number.
  • [ ] Add an entry in fintech.json file
  • [ ] Add a test case entry in TestFintechTypes.java
  • [ ] Submit a pull request here
Github, 
AWS, 
GCP, 
Docker

🙋🏼‍♂️ Questions:

If you have questions, need any help, or just want to hang out, make sure to join us on our Discord server.

Ankita28g avatar Mar 04 '23 11:03 Ankita28g

can you assign me this issue

PrateekKrishna avatar Mar 24 '23 06:03 PrateekKrishna

Sure @PrateekKrishna . I'll assign this to you.

Happy hacking.

notshivansh avatar Mar 24 '23 06:03 notshivansh

Hi @PrateekKrishna thanks for your submission in Hackfest. 🔥 We are reviewing your work. Do these two below:

Join this group on discord for discussions around prizes? 🚀 🏆 Please fill this form your PR to be considered for prizes!

Ankita28g avatar Apr 11 '23 09:04 Ankita28g

@Ankita28g @ankush-jain-akto could you please assign this to me. I can work on this.

rashmibharambe avatar Oct 20 '23 13:10 rashmibharambe

Question regarding the issue. You mention that the regex for secrets for the "below" products must be created. Then there's list containing (GitHub, AWS, GCP, Docker). My question is what type of secret are you referring to. In case of say PAN the secret structure is defined. But I do not get for what entities do we need to create the secret regex for. And also I would like to be assigned to this issue.

atharvamalji avatar Oct 21 '23 19:10 atharvamalji

@Ankita28g Can you assign me this issue? Also when we talk about secrets, is it something like access key secret that we use for AWS logins?

syedzubeen avatar Oct 22 '23 00:10 syedzubeen

@atharvamalji For example, when we consider Github, it has various secrets like access tokens, API keys, and more, each with a specific pattern. Your task is to add these secret patterns to the fintech.json file. This applies similarly to other products like AWS, GCP, and Docker, where each has its own set of secrets with identifiable patterns.

avneesh-akto avatar Oct 22 '23 13:10 avneesh-akto

I've assigned it to you, @syedzubeen. Happy hacking! Feel free to join our Discord if you need assistance.

avneesh-akto avatar Oct 22 '23 13:10 avneesh-akto

@avneesh-akto / @Ankita28g This is ready for review.

syedzubeen avatar Oct 23 '23 19:10 syedzubeen

Did you guys get a chance to have a look at the linked PR?

syedzubeen avatar Oct 26 '23 18:10 syedzubeen

Not valid regex @syedzubeen . You need to escape characters

avneesh-akto avatar Oct 27 '23 10:10 avneesh-akto

@avneesh-akto fixed!

syedzubeen avatar Oct 30 '23 00:10 syedzubeen

I can still see unescaped regex. Attached image below

image

avneesh-akto avatar Oct 30 '23 10:10 avneesh-akto