Version Up 1.14.0, Notion token (#798)

babenek · web-flow · commit 59c5995dc6b8 · 2025-12-17T17:33:51.000+02:00
* Notion

* doc fix

* pkg upd
diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
@@ -92,7 +92,7 @@ jobs:
         run: |
           banner="$(python -m credsweeper --banner | head -1)"
           echo "banner = '${banner}'"
-          if [ "CredSweeper 1.13.4 crc32:b78e43ec" != "${banner}" ]; then
+          if [ "CredSweeper 1.14.0 crc32:a52f81a3" != "${banner}" ]; then
             echo "Update the check for '${banner}'"
             exit 1
           fi
diff --git a/SECURITY.md b/SECURITY.md
@@ -4,8 +4,8 @@
 
 | Version | Supported          |
 |---------|--------------------|
-| 1.13.x  | :white_check_mark: |
-| <1.13.x | :x:                |
+| 1.14.x  | :white_check_mark: |
+| <1.14.x | :x:                |
 
 ## Reporting a Vulnerability
 
diff --git a/credsweeper/__init__.py b/credsweeper/__init__.py
@@ -24,4 +24,4 @@
     "__version__"
 ]
 
-__version__ = "1.13.4"
+__version__ = "1.14.0"
diff --git a/credsweeper/rules/config.yaml b/credsweeper/rules/config.yaml
@@ -1272,6 +1272,22 @@
     - code
     - doc
 
+- name: Notion Integration Token
+  severity: high
+  confidence: strong
+  type: pattern
+  values:
+    - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>ntn_[0-9]{9}[0-9A-Za-z_-]{36,255})
+  filter_type:
+    - ValuePatternCheck
+    - ValueEntropyBase64Check
+  required_substrings:
+    - ntn_
+  min_line_len: 50
+  target:
+    - code
+    - doc
+
 - name: Hugging Face User Access Token
   severity: high
   confidence: moderate
diff --git a/requirements.txt b/requirements.txt
@@ -3,15 +3,15 @@
 
 # build requirement
 build==1.3.0
-hatchling==1.27.0
+hatchling==1.28.0
 # 1.27.0 creates Metadata-Version: 2.4 which is not supported fully by publish github action
 #hatchling==1.26.3
 # check build
 twine==6.2.0
 
 # Common requirements
 base58==2.1.1
-beautifulsoup4==4.14.2
+beautifulsoup4==4.14.3
 colorama==0.4.6
 cryptography==46.0.3
 GitPython==3.1.45
diff --git a/tests/__init__.py b/tests/__init__.py
@@ -1,22 +1,22 @@
 from pathlib import Path
 
 # total number of files in test samples
-SAMPLES_FILES_COUNT = 167
+SAMPLES_FILES_COUNT = 168
 
 # the lowest value of ML threshold is used to display possible lowest values
 NEGLIGIBLE_ML_THRESHOLD = 0.0001
 
 # with option --doc & NEGLIGIBLE_ML_THRESHOLD
-SAMPLES_IN_DOC = 880
+SAMPLES_IN_DOC = 881
 
 # credentials count after scan without filters and ML validations
-SAMPLES_REGEX_COUNT = 647
+SAMPLES_REGEX_COUNT = 649
 
 # credentials count after scan with filters and without ML validation
-SAMPLES_FILTERED_COUNT = 537
+SAMPLES_FILTERED_COUNT = 538
 
 # credentials count after default post-processing
-SAMPLES_POST_CRED_COUNT = 490
+SAMPLES_POST_CRED_COUNT = 491
 
 # archived credentials that are not found without --depth
 SAMPLES_IN_DEEP_1 = SAMPLES_POST_CRED_COUNT + 138
diff --git a/tests/data/depth_3_pedantic.json b/tests/data/depth_3_pedantic.json
@@ -8119,6 +8119,27 @@
             }
         ]
     },
+    {
+        "rule": "Notion Integration Token",
+        "severity": "high",
+        "confidence": "strong",
+        "ml_probability": null,
+        "line_data_list": [
+            {
+                "line": "ntn_123465789l62YMNJKXLKpjiCVEXbx4CBxkfprOA96Y15wZ",
+                "line_num": 1,
+                "path": "./tests/samples/notion",
+                "info": "FILE:./tests/samples/notion|RAW",
+                "variable": null,
+                "variable_start": -2,
+                "variable_end": -2,
+                "value": "ntn_123465789l62YMNJKXLKpjiCVEXbx4CBxkfprOA96Y15wZ",
+                "value_start": 0,
+                "value_end": 50,
+                "entropy": 5.06876
+            }
+        ]
+    },
     {
         "rule": "NPM Token",
         "severity": "high",
diff --git a/tests/data/doc.json b/tests/data/doc.json
@@ -15724,6 +15724,27 @@
             }
         ]
     },
+    {
+        "rule": "Notion Integration Token",
+        "severity": "high",
+        "confidence": "strong",
+        "ml_probability": null,
+        "line_data_list": [
+            {
+                "line": "ntn_123465789l62YMNJKXLKpjiCVEXbx4CBxkfprOA96Y15wZ",
+                "line_num": 1,
+                "path": "./tests/samples/notion",
+                "info": "FILE:./tests/samples/notion|RAW",
+                "variable": null,
+                "variable_start": -2,
+                "variable_end": -2,
+                "value": "ntn_123465789l62YMNJKXLKpjiCVEXbx4CBxkfprOA96Y15wZ",
+                "value_start": 0,
+                "value_end": 50,
+                "entropy": 5.06876
+            }
+        ]
+    },
     {
         "rule": "NPM Token",
         "severity": "high",
diff --git a/tests/data/no_filters_no_ml.json b/tests/data/no_filters_no_ml.json
@@ -9257,6 +9257,48 @@
             }
         ]
     },
+    {
+        "rule": "Notion Integration Token",
+        "severity": "high",
+        "confidence": "strong",
+        "ml_probability": null,
+        "line_data_list": [
+            {
+                "line": "ntn_123465789l62YMNJKXLKpjiCVEXbx4CBxkfprOA96Y15wZ",
+                "line_num": 1,
+                "path": "./tests/samples/notion",
+                "info": "",
+                "variable": null,
+                "variable_start": -2,
+                "variable_end": -2,
+                "value": "ntn_123465789l62YMNJKXLKpjiCVEXbx4CBxkfprOA96Y15wZ",
+                "value_start": 0,
+                "value_end": 50,
+                "entropy": 5.06876
+            }
+        ]
+    },
+    {
+        "rule": "Notion Integration Token",
+        "severity": "high",
+        "confidence": "strong",
+        "ml_probability": null,
+        "line_data_list": [
+            {
+                "line": "ntn_123465789l62EXAMPLEKpjiCVEXbx4CBxkftestEXAMPLE",
+                "line_num": 2,
+                "path": "./tests/samples/notion",
+                "info": "",
+                "variable": null,
+                "variable_start": -2,
+                "variable_end": -2,
+                "value": "ntn_123465789l62EXAMPLEKpjiCVEXbx4CBxkftestEXAMPLE",
+                "value_start": 0,
+                "value_end": 50,
+                "entropy": 4.82147
+            }
+        ]
+    },
     {
         "rule": "NPM Token",
         "severity": "high",
diff --git a/tests/data/no_ml.json b/tests/data/no_ml.json
@@ -8050,6 +8050,27 @@
             }
         ]
     },
+    {
+        "rule": "Notion Integration Token",
+        "severity": "high",
+        "confidence": "strong",
+        "ml_probability": null,
+        "line_data_list": [
+            {
+                "line": "ntn_123465789l62YMNJKXLKpjiCVEXbx4CBxkfprOA96Y15wZ",
+                "line_num": 1,
+                "path": "./tests/samples/notion",
+                "info": "",
+                "variable": null,
+                "variable_start": -2,
+                "variable_end": -2,
+                "value": "ntn_123465789l62YMNJKXLKpjiCVEXbx4CBxkfprOA96Y15wZ",
+                "value_start": 0,
+                "value_end": 50,
+                "entropy": 5.06876
+            }
+        ]
+    },
     {
         "rule": "NPM Token",
         "severity": "high",
diff --git a/tests/data/output.json b/tests/data/output.json
@@ -7462,6 +7462,27 @@
             }
         ]
     },
+    {
+        "rule": "Notion Integration Token",
+        "severity": "high",
+        "confidence": "strong",
+        "ml_probability": null,
+        "line_data_list": [
+            {
+                "line": "ntn_123465789l62YMNJKXLKpjiCVEXbx4CBxkfprOA96Y15wZ",
+                "line_num": 1,
+                "path": "./tests/samples/notion",
+                "info": "",
+                "variable": null,
+                "variable_start": -2,
+                "variable_end": -2,
+                "value": "ntn_123465789l62YMNJKXLKpjiCVEXbx4CBxkfprOA96Y15wZ",
+                "value_start": 0,
+                "value_end": 50,
+                "entropy": 5.06876
+            }
+        ]
+    },
     {
         "rule": "NPM Token",
         "severity": "high",
diff --git a/tests/samples/notion b/tests/samples/notion
@@ -0,0 +1,2 @@
+ntn_123465789l62YMNJKXLKpjiCVEXbx4CBxkfprOA96Y15wZ
+ntn_123465789l62EXAMPLEKpjiCVEXbx4CBxkftestEXAMPLE
diff --git a/tests/test_app.py b/tests/test_app.py
@@ -492,7 +492,7 @@ def test_depth_p(self) -> None:
                     cvs_checksum = hashlib.md5(f.read()).digest()
                 checksum = bytes(a ^ b for a, b in zip(checksum, cvs_checksum))
         # update the checksum manually and keep line endings in the samples as is (git config core.autocrlf false)
-        self.assertEqual("3936e714da53ec788c8cd62f23c688d8", binascii.hexlify(checksum).decode())
+        self.assertEqual("bffe4dc7750fc983b31c33fc0f67bbb2", binascii.hexlify(checksum).decode())
         normal_report = []
         sorted_report = []
         with tempfile.TemporaryDirectory() as tmp_dir:
@@ -603,7 +603,7 @@ def test_rules_ml_p(self) -> None:
             rules_text = yaml.dump_all(rules, sort_keys=True)
             checksum = hashlib.md5(rules_text.encode()).hexdigest()
             # update the expected value manually if some changes
-            self.assertEqual("ce1f376648d2cfe37fd0f86f253fb4c4", checksum)
+            self.assertEqual("16b4ce509d628b47a4b227c71d22cc68", checksum)
             rules_set = set([i["name"] for i in rules if "code" in i["target"]])
             self.assertSetEqual(rules_set, report_set)
             self.assertEqual(SAMPLES_POST_CRED_COUNT, len(report))

Original file line number	Diff line number	Diff line change
`@@ -24,4 +24,4 @@`
`24`	`24`	`"__version__"`
`25`	`25`	`]`
`26`	`26`
`27`		`-__version__ = "1.13.4"`
	`27`	`+__version__ = "1.14.0"`