From 092af1413dc10e12a7d4f1208d4209caa4840c63 Mon Sep 17 00:00:00 2001 From: Carlos Polop Date: Sun, 26 Jan 2025 15:58:48 +0100 Subject: [PATCH] update azure files with tokens --- build_lists/sensitive_files.yaml | 45 +++++++++++++++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/build_lists/sensitive_files.yaml b/build_lists/sensitive_files.yaml index fc86ba2..d4d8c9c 100644 --- a/build_lists/sensitive_files.yaml +++ b/build_lists/sensitive_files.yaml @@ -1271,6 +1271,8 @@ search: value: config: auto_check: True + exec: + - '(pwsh -Command "Save-AzContext -Path /tmp/az-context3489ht.json" && cat /tmp/az-context3489ht.json && rm /tmp/az-context3489ht.json) || echo_not_found "pwsh"' files: #- name: "credentials" @@ -1379,13 +1381,54 @@ search: - common - name: "AzureRMContext.json" + value: + bad_regex: "Id.*|Credential.*" + type: f + search_in: + - common + + - name: "clouds.config" + value: + type: f + search_in: + - common + + - name: "service_principal_entries.json" value: bad_regex: ".*" type: f search_in: - common - - name: "ErrorRecords" #Azure logs can contain creentials + - name: "msal_token_cache.json" + value: + bad_regex: ".*" + type: f + search_in: + - common + + - name: "msal_http_cache.bin" + value: + just_list_file: True + type: f + search_in: + - common + + - name: "service_principal_entries.bin" + value: + just_list_file: True + type: f + search_in: + - common + + - name: "msal_token_cache.bin" + value: + just_list_file: True + type: f + search_in: + - common + + - name: "ErrorRecords" #Azure logs can contain crentials value: type: d search_in: