fix: unstabe rules and false positives in auth URL (#227)

Related: #226

docs/list-of-rules.md

@@ -126,7 +126,6 @@ Here is a complete list of all the rules that are currently implemented.
 | rapidapi-access-token | Uncovered a RapidAPI Access Token, which could lead to unauthorized access to various APIs and data services. | access-token |  |
 | readme-api-token | Detected a Readme API token, risking unauthorized documentation management and content exposure. | api-token |  |
 | rubygems-api-token | Identified a Rubygem API token, potentially compromising Ruby library distribution and package management. | api-token |  |
-| scalingo-api-token | Found a Scalingo API token, posing a risk to cloud platform services and application deployment security. | api-token |  |
 | sendbird-access-id | Discovered a Sendbird Access ID, which could compromise chat and messaging platform integrations. | access-id |  |
 | sendbird-access-token | Uncovered a Sendbird Access Token, potentially risking unauthorized access to communication services and user data. | access-token |  |
 | sendgrid-api-token | Detected a SendGrid API token, posing a risk of unauthorized email service operations and data exposure. | api-token |  |
@@ -151,7 +150,6 @@ Here is a complete list of all the rules that are currently implemented.
 | stripe-access-token | Found a Stripe Access Token, posing a risk to payment processing services and sensitive financial data. | access-token |  |
 | square-access-token | Detected a Square Access Token, risking unauthorized payment processing and financial transaction exposure. | access-token |  |
 | squarespace-access-token | Identified a Squarespace Access Token, which may compromise website management and content control on Squarespace. | access-token |  |
-| sumologic-access-id | Discovered a SumoLogic Access ID, potentially compromising log management services and data analytics integrity. | access-id |  |
 | sumologic-access-token | Uncovered a SumoLogic Access Token, which could lead to unauthorized access to log data and analytics insights. | access-token |  |
 | snyk-api-token | Uncovered a Snyk API token, potentially compromising software vulnerability scanning and code security. | api-key |  |
 | microsoft-teams-webhook | Uncovered a Microsoft Teams Webhook, which could lead to unauthorized access to team collaboration tools and data leaks. | webhook |  |

engine/rules/authenticated_url.go

@@ -7,7 +7,7 @@ import (
 )
 
 func AuthenticatedURL() *config.Rule {
-	regex, _ := regexp.Compile(`:\/\/(.+:.+)?@`)
+	regex, _ := regexp.Compile(`:\/\/(\w+:\S+)?@\S+\.\S+`)
 	rule := config.Rule{
 		Description: "Identify username:password inside URLS",
 		RuleID:      "authenticated-url",
@@ -25,6 +25,9 @@ func AuthenticatedURL() *config.Rule {
 	fPositives := []string{
 		"https://google.com",
 		"https://google.com?user=abc&password=123",
+		`<img src="https://img.shields.io/static/v1?label=Threads&message=Follow&color=101010&link=https://threads.net/@mathrunet" alt="Follow on Threads" />`,
+		`my [Linkedin](https://www.linkedin.com/in/rodriguesjeffdev/) or email: rodriguesjeff.dev@gmail.com`,
+		`[![Gmail Badge](https://img.shields.io/badge/-VaibhavHariramani-d54b3d?style=flat-circle&labelColor=d54b3d&logo=gmail&logoColor=white&link=mailto:vaibhav.hariramani01@gmail.com)](mailto:vaibhav.hariramani01@gmail.com)`,
 	}
 
 	return validate(rule, tPositives, fPositives)

engine/rules/rules.go

@@ -175,7 +175,7 @@ func getDefaultRules() *[]Rule {
 		{Rule: *rules.StripeAccessToken(), Tags: []string{TagAccessToken}},
 		{Rule: *rules.SquareAccessToken(), Tags: []string{TagAccessToken}},
 		{Rule: *rules.SquareSpaceAccessToken(), Tags: []string{TagAccessToken}},
-		{Rule: *rules.SumoLogicAccessID(), Tags: []string{TagAccessId}},
+		// {Rule: *rules.SumoLogicAccessID(), Tags: []string{TagAccessId}}, https://github.com/Checkmarx/2ms/issues/226
 		{Rule: *rules.SumoLogicAccessToken(), Tags: []string{TagAccessToken}},
 		{Rule: *rules.Snyk(), Tags: []string{TagApiKey}},
 		{Rule: *rules.TeamsWebhook(), Tags: []string{TagWebhook}},