New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[plugins] make pem certificate regexp stricter #3631
base: main
Are you sure you want to change the base?
Conversation
Congratulations! One of the builds has completed. 🍾 You can install the built RPMs by following these steps:
Please note that the RPMs should be used only in a testing environment. |
Actually SSH keys syntax is a bit different: |
False alarm, greping through RFCs, it's only for |
Well, we do actually care about those. And the change was made to account for different counts of |
Right now this match even without any '-', and the RFCs are extremely strict, it's 5 '-', not a variable number, do you have an exemple of cert that we would not scrub anymore ? My idea was to make the match more precise, and then in a follow up PR make it run by default for all plugins under some conditions (with possibility to opt out). I'll fix this PR in a bit. |
This allow to apply do_*_private_sub() without fearing false positive. Going through RFCs, PEM and OpenPGP use `-----BEGIN`, and only RFC4716 has a sligtly different syntax `---- BEGIN SSH2 PUBLIC KEY ----`. Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
Updated to match SSH2 public key |
This allow to apply do_*_private_sub() without fearing false positive.
Going through RFCs, PEM and OpenPGP use
-----BEGIN
, and only RFC4716has a sligtly different syntax
---- BEGIN SSH2 PUBLIC KEY ----
.Please place an 'X' inside each '[]' to confirm you adhere to our Contributor Guidelines