fix(secret): use .eyJ keyword for JWT secret (#7410)

DmitriyLewen · web-flow · commit bf64003ac8b2 · 2024-08-30T07:15:10.000Z
diff --git a/pkg/fanal/secret/builtin-rules.go b/pkg/fanal/secret/builtin-rules.go
@@ -604,7 +604,7 @@ var builtinRules = []Rule{
 		Title:    "JWT token",
 		Severity: "MEDIUM",
 		Regex:    MustCompile(`ey[a-zA-Z0-9]{17,}\.ey[a-zA-Z0-9\/\\_-]{17,}\.(?:[a-zA-Z0-9\/\\_-]{10,}={0,2})?`),
-		Keywords: []string{"jwt"},
+		Keywords: []string{".eyJ"},
 	},
 	{
 		ID:       "linear-api-token",

Original file line number	Diff line number	Diff line change
`@@ -604,7 +604,7 @@ var builtinRules = []Rule{`
`604`	`604`	`Title: "JWT token",`
`605`	`605`	`Severity: "MEDIUM",`
`606`	`606`	Regex: MustCompile(`ey[a-zA-Z0-9]{17,}\.ey[a-zA-Z0-9\/\\_-]{17,}\.(?:[a-zA-Z0-9\/\\_-]{10,}={0,2})?`),
`607`		`- Keywords: []string{"jwt"},`
	`607`	`+ Keywords: []string{".eyJ"},`
`608`	`608`	`},`
`609`	`609`	`{`
`610`	`610`	`ID: "linear-api-token",`