Change an existing Rule to find more candy.

Changing the rule identifying client secrets to identify unquoted secrets as well.
SnaffCon · Oct 11, 2024 · a4809a2 · a4809a2
1 parent 429ad8b
commit a4809a2
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/Snaffler/SnaffRules/DefaultRules/FileRules/Keep/Code/KeepPassOrKeyInCode.toml b/Snaffler/SnaffRules/DefaultRules/FileRules/Keep/Code/KeepPassOrKeyInCode.toml
@@ -12,7 +12,7 @@ WordList = ["passw?o?r?d\\s*=\\s*[\\'\\\"][^\\'\\\"]....",
 "passw?o?r?d?>.{3,2000}</pass",
 "api[kK]ey>\\s*[^\\s<]+\\s*<",
 "[_\\-\\.]oauth\\s*=\\s*[\\'\\\"][^\\'\\\"]....",
-"client_secret\\s*=\\s*[\\'\\\"][^\\'\\\"]....",
+"client_secret\\s*=*\\s*",
 "<ExtendedMatchKey>ClientAuth",
 "GIUserPassword"
 ]