添加链接 注册    登录
link管理
链接快照平台
  • 输入网页链接,自动生成快照
  • 标签化管理网页链接
相关文章推荐
英勇无比的脸盆  ·  Javascript ...·  1 月前    · 
单身的皮带  ·  PHP实现图片base64编码与解码_php ...·  1 月前    · 
踏实的风衣  ·  php接收base64数据生成图片并保存_p ...·  1 月前    · 
豪情万千的洋葱  ·  php怎么把base64数据流文件转成图片文 ...·  1 月前    · 
帅呆的茴香  ·  php文件包含漏洞 | Chybeta·  1 月前    · 
爱运动的咖啡  ·  机器人、PLC 和离线编程 - ...·  5 月前    · 
酷酷的鸭蛋  ·  深情緬懷Lamy 先生與反抄襲之父·  5 月前    · 
仗义的伏特加  ·  “佛系青年”是什么意思? - 知乎·  1 年前    · 
帅呆的黑框眼镜  ·  不要再拿运动相机,当行车记录仪了·  1 年前    · 
飘逸的野马  ·  2022年秋季入学自主招生简章·  1 年前    · 
link管理  ›  Base64 Generic high entropy secret | GitGuardian documentation
base64
https://docs.gitguardian.com/secrets-detection/secrets-detection-engine/detectors/generics/base64_generic_high_entropy_secret
高大的火龙果
1 年前
Skip to main content
Sign Up

Base64 Generic high entropy secret

Description

General

The base64 generic high entropy detector aims at catching any high entropy strings being assigned to a sensitive variable in base64-encoded text . It is applying similar validation steps and specifications as the generic high entropy detector but adapts them to be applied in base64-encoded text.

Specifications

About Base64-encoded text

Base64 is a binary-to-text encoding scheme . It is mainly used to send binary data across channels that only reliably support text content. Base64 is also applied on text, for example in JSON Web Token or to obfuscate it.

Base64 is not an encryption algorithm, encoding and decoding do not rely on a secret key but Base64 is commonly used to encode to text the results of encryption algorithms. This detector will only look for generic secrets inside Base64 encoded-text representing unicode text.

Revoke the secret

This detector catches generic secrets, hence GitGuardian cannot infer the concerned service. To properly revoke the secret :

  1. Understand what service is impacted. Decoding the whole Base64 text may be required.
  2. Refer to the corresponding documentation to know how to revoke and rotate the secret.

Examples

Examples that WILL be caught 

# base64(api_key = rca.pibsaorcibu234lbu43)
- text: |
    YXBpX2tleSA9IHJjYS5waWJzYW9yY2lidTIzNGxidTQz
  apikey: HJjYS5waWJzYW9yY2lidTIzNGxidTQz

# base64({"api-key": "asnbtueaorueobu435nstau"})
- text: |
    eyJhcGkta2V5IjogImFzbmJ0dWVhb3J1ZW9idTQzNW5zdGF1In0K
  apikey: mFzbmJ0dWVhb3J1ZW9idTQzNW5zdGF1

# base64(token: asnbtueaorueobu435nstau)
- text: |
    dG9rZW46IGFzbmJ0dWVhb3J1ZW9idTQzNW5zdGF1Cg==
  apikey: GFzbmJ0dWVhb3J1ZW9idTQzNW5zdGF1

# base64(authorization = asnbtueaorueobu435nstau)
- text: |
    YXV0aG9yaXphdGlvbiA9IGFzbmJ0dWVhb3J1ZW9idTQzNW5zdGF1
  apikey: GFzbmJ0dWVhb3J1ZW9idTQzNW5zdGF1

Examples that WILL NOT be caught

  • The high entropy string is too short : 
# base64(api_key = hj65_klhz/trlu)
- text: |
    YXBpX2tleSA9IGhqNjVfa2xoei90cmx1
  • The entropy of the string is not high enough 
# base64(secret = xob1xob1xob1xob1xob1xob1xob1)
- text: |
    c2VjcmV0ID0geG9iMXhvYjF4b2IxeG9iMXhvYjF4b2IxeG9iMQ==
  • The assigned variable is not considered sensitive 
# base64(object_id = hj65_klhz/trlupok76)
- text: |
    b2JqZWN0X2lkID0gaGo2NV9rbGh6L3RybHVwb2s3Ng==

For more examples, see the examples of the generic high entropy detector encoded in Base64 [.

Details for Base64 Generic high entropy secret

  • High Recall: False

  • Validity Check: False

  • Minimum Number of Matches: 1

  • Occurrences found for one million commits: 70

  • Prefixed: False

  • PreValidators :

 
推荐文章
英勇无比的脸盆  ·  Javascript 如何实现base64转文件下载保存到本地_js base64下载
1 月前
单身的皮带  ·  PHP实现图片base64编码与解码_php base64 图片前缀
1 月前
踏实的风衣  ·  php接收base64数据生成图片并保存_post base64 php保存图片
1 月前
豪情万千的洋葱  ·  php怎么把base64数据流文件转成图片文件 | 跟志博学编程
1 月前
帅呆的茴香  ·  php文件包含漏洞 | Chybeta
1 月前
爱运动的咖啡  ·  机器人、PLC 和离线编程 - BizLink Factory Automation & Machinery
5 月前
酷酷的鸭蛋  ·  深情緬懷Lamy 先生與反抄襲之父
5 月前
仗义的伏特加  ·  “佛系青年”是什么意思? - 知乎
1 年前
帅呆的黑框眼镜  ·  不要再拿运动相机,当行车记录仪了
1 年前
飘逸的野马  ·  2022年秋季入学自主招生简章
1 年前
Link管理   ·   51好读   ·   Sov5搜索   ·   小百科
link管理 - 链接快照平台