NOTE
- The syntax for Semgrep Secrets validators is experimental and subject to change.
- Semgrep currently supports validation using HTTP and HTTPS.
Sample validator
See a validator in the context of a full rule.
See a validator in the context of a full rule.
Syntax
validator
type
NOTESemgrep only supports web services with HTTP(S).
request
Subkeys for headers
The following keys are for use with headers:
Example
response
The response key is used to determine the validation state. It accepts a list of objects with the Subkeysmatch and result.
Subkeys for match
Match accepts a list of objects. No specific key is required, but at least one key must be present.
Subkeys for result
Use
severity in the result to set finding severity based on validation status. For example, if the secret is invalid, the severity may be MEDIUM or LOW.
Subkeys for content
Example
Sample rules with validators
Sample POST request
Sample POST request
All fields
All fields
Base64 encoding
You can use Base64 encoding by leveraging the__semgrep_internal_encode_64(...) utility. Base64 encoding can be applied to the following fields:
urlbodyheadervalues
NOTEThe Base64 encoding of fields is experimental and can change at any time.
Sample Semgrep rule with validator using Base64 encoding
Sample Semgrep rule with validator using Base64 encoding