generic.secrets.security.detected-aws-secret-access-key.detected-aws-secret-access-key
Community Favorite
semgrepAuthor
37,965
Download Count*
License
AWS Secret Access Key detected
Run Locally
Run in CI
Defintion
rules:
- id: detected-aws-secret-access-key
patterns:
- pattern-regex: (("|'|`)?((?i)aws)_?\w*((?i)secret)_?\w*("|'|`)?\s{0,50}(:|=>|=)\s{0,50}("|'|`)?[A-Za-z0-9/+=]{40}("|'|`)?)
- pattern-not-regex: (?i)example|sample|test|fake|xxxxxx
languages:
- regex
message: AWS Secret Access Key detected
severity: ERROR
metadata:
cwe:
- "CWE-798: Use of Hard-coded Credentials"
source-rule-url: https://github.com/grab/secret-scanner/blob/master/scanner/signatures/pattern.go
category: security
technology:
- secrets
- aws
confidence: LOW
owasp:
- A07:2021 - Identification and Authentication Failures
references:
- https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures
cwe2022-top25: true
cwe2021-top25: true
subcategory:
- audit
likelihood: LOW
impact: HIGH
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
vulnerability_class:
- Hard-coded Secrets
Examples
detected-aws-secret-access-key.txt
# ruleid: detected-aws-secret-access-key
aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEFUCDlEKEY
# ruleid: detected-aws-secret-access-key
aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEFUCDlEKEY
# ok: detected-aws-secret-access-key
aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
# ok: detected-aws-secret-access-key
aws_secret_access_key:wJalrXUtnFEMI/K7MDENG/bPxRfiCYESAMPLEKEY
# ok: detected-aws-secret-access-key
aws_secret_access_key:SAMPLEUtnFEMI/K7MDENG/bPxRfiCYEXXXXXXKEY
# ok: detected-aws-secret-access-key
aws_secret_access_key:wJalrXUtnFEMI/K7MDENG/bPxRfiCYESATESTKEY
# ok: detected-aws-secret-access-key
aws_secret_access_key:wJalrXUtnFEMI/K7MDENG/bPxRfiCYESAFAKEKEY
# ok: detected-aws-secret-access-key
AWS_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxShort Link: https://sg.run/Bk39