Skip to content

Add ec_private_key and generic_private_key to GENERIC_SECRET_TYPES #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
felickz merged 2 commits into from
Dec 19, 2025
Merged

Add ec_private_key and generic_private_key to GENERIC_SECRET_TYPES #13

felickz merged 2 commits into from
Dec 19, 2025
+2 −0

Conversation

Copy link
Contributor

Copilot AI commented Dec 16, 2025
edited
Loading

The GENERIC_SECRET_TYPES constant was missing two high-precision generic secret patterns: ec_private_key (Elliptic Curve private keys) and generic_private_key (private keys with -----BEGIN PRIVATE KEY----- header).

Changes

  • Added ec_private_key and generic_private_key to the GENERIC_SECRET_TYPES list in githubapi.py
  • Maintains alphabetical ordering for consistency

This ensures the --no-default flag in list_secret_scanning_alerts.py correctly filters all non-provider secret patterns when querying the GitHub API.

GENERIC_SECRET_TYPES = ",".join(
    [
        "ec_private_key",           # Added
        "generic_private_key",      # Added
        "http_basic_authentication_header",
        "http_bearer_authentication_header",
        # ... remaining types
    ]
)
Original prompt

On githubapi.py:28-40, Non-provider patterns - Ensure each of these generic secret types are in the list:

Provider Token Description Precision
Generic ec_private_key Elliptic Curve (EC) private keys used for cryptographic operations High
Generic generic_private_key Cryptographic private keys with -----BEGIN PRIVATE KEY----- header High
Generic http_basic_authentication_header HTTP Basic Authentication credentials in request headers Medium
Generic http_bearer_authentication_header HTTP Bearer tokens used for API authentication Medium
Generic mongodb_connection_string Connection strings for MongoDB databases containing credentials High
Generic mysql_connection_string Connection strings for MySQL databases containing credentials High
Generic openssh_private_key OpenSSH format private keys used for SSH authentication High
Generic pgp_private_key PGP (Pretty Good Privacy) private keys used for encryption and signing High
Generic postgres_connection_string Connection strings for PostgreSQL databases containing credentials High
Generic rsa_private_key RSA private keys used for cryptographic operations High

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@felickz
Add ec_private_key and generic_private_key to GENERIC_SECRET_TYPES
f386dba 
Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
Copilot AI changed the title [WIP] Ensure all generic secret types are included in the list Add ec_private_key and generic_private_key to GENERIC_SECRET_TYPES Dec 16, 2025
Copilot AI requested a review from felickz December 16, 2025 20:02
felickz
felickz approved these changes Dec 16, 2025
View reviewed changes
Copy link
Contributor

@felickz felickz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@felickz felickz marked this pull request as ready for review December 16, 2025 20:22
@felickz felickz requested a review from a team as a code owner December 16, 2025 20:22
@felickz felickz requested review from adrienpessu, aegilops and Copilot and removed request for a team December 16, 2025 20:22
Copilot AI reviewed Dec 16, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds missing high-precision generic secret types to the GENERIC_SECRET_TYPES constant to ensure comprehensive secret pattern filtering when using the --no-default flag in the secret scanning alerts tool.

Key Changes:

  • Added ec_private_key and generic_private_key to GENERIC_SECRET_TYPES
  • Maintained alphabetical ordering for consistency

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@felickz felickz merged commit eec2d96 into main Dec 19, 2025
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@adrienpessu adrienpessu Awaiting requested review from adrienpessu adrienpessu is a code owner automatically assigned from advanced-security/oss-maintainers

@aegilops aegilops Awaiting requested review from aegilops aegilops is a code owner automatically assigned from advanced-security/oss-maintainers

+1 more reviewer

@felickz felickz felickz approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@felickz felickz

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@felickz