mirror of
https://github.com/FuzzingLabs/fuzzforge_ai.git
synced 2026-07-14 10:27:17 +02:00
test: Add secret detection benchmark dataset and ground truth
Add comprehensive benchmark dataset with 32 documented secrets for testing secret detection workflows (gitleaks, trufflehog, llm_secret_detection). - Add test_projects/secret_detection_benchmark/ with 19 test files - Add ground truth JSON with precise line-by-line secret mappings - Update .gitignore with exceptions for benchmark files (not real secrets) Dataset breakdown: - 12 Easy secrets (standard patterns) - 10 Medium secrets (obfuscated) - 10 Hard secrets (well hidden)
This commit is contained in:
@@ -0,0 +1,9 @@
|
||||
# Application properties file
|
||||
app.name=SecretDetectionBenchmark
|
||||
app.version=1.0.0
|
||||
|
||||
# EASY SECRET #8: API Key
|
||||
api.key=sk_test_4eC39HqLyjWDarjtT1zdp7dc
|
||||
api.endpoint=https://api.example.com
|
||||
|
||||
logging.level=INFO
|
||||
@@ -0,0 +1,10 @@
|
||||
# Database configuration
|
||||
databases:
|
||||
production:
|
||||
host: prod-db.example.com
|
||||
port: 5432
|
||||
# EASY SECRET #6: Azure connection string
|
||||
connection_string: "DefaultEndpointsProtocol=https;AccountName=prodstore;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;EndpointSuffix=core.windows.net"
|
||||
staging:
|
||||
host: staging-db.example.com
|
||||
port: 5432
|
||||
@@ -0,0 +1,12 @@
|
||||
# Keys configuration
|
||||
api_keys:
|
||||
production:
|
||||
# MEDIUM SECRET #16: Multi-line private key in YAML literal block
|
||||
private_key: |
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEAyLqJZvd5CZxJhLZYLFCqLV9G5k8dFz1LoNwPPfK3qE1k8H4y
|
||||
FQwNyX3WJZNmKJLOPQMfHZQxGhHJPwZYjKQPYHJ1234567890abcdefghijklmno
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
||||
# MEDIUM SECRET #17: Secret with Unicode characters
|
||||
api_token_intl: "tøkęn_śęçrėt_ẃïth_ŭñïçődė_123456"
|
||||
@@ -0,0 +1,8 @@
|
||||
[database]
|
||||
; MEDIUM SECRET #19: Secret in deprecated INI format
|
||||
password = L3g@cy_DB_P@ssw0rd_2023
|
||||
|
||||
[api]
|
||||
; MEDIUM SECRET #20: Commented backup API key
|
||||
; old_api_key = backup_key_xyz789abc123def456ghi
|
||||
endpoint = https://api.legacy.example.com
|
||||
@@ -0,0 +1,11 @@
|
||||
{
|
||||
"oauth_provider": "google",
|
||||
"client_id": "123456789012-abcdefghijklmnopqrstuvwxyz123456.apps.googleusercontent.com",
|
||||
"client_secret": "GOCSPX-Ab12Cd34Ef56Gh78Ij90Kl12",
|
||||
"redirect_uri": "https://example.com/oauth/callback",
|
||||
"scopes": [
|
||||
"openid",
|
||||
"email",
|
||||
"profile"
|
||||
]
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
"""
|
||||
Application settings and configuration
|
||||
"""
|
||||
|
||||
# EASY SECRET #2: GitHub Personal Access Token
|
||||
GITHUB_TOKEN = "ghp_vR8jK2mN4pQ6tX9bC3wY7zA1eF5hI8kL"
|
||||
|
||||
# EASY SECRET #3: Stripe API key
|
||||
STRIPE_SECRET_KEY = "sk_live_51MabcdefghijklmnopqrstuvwxyzABCDEF123456789"
|
||||
|
||||
# Application settings
|
||||
DEBUG = False
|
||||
LOG_LEVEL = "INFO"
|
||||
|
||||
# EASY SECRET #4: Database password
|
||||
DATABASE_CONFIG = {
|
||||
"host": "prod-db.example.com",
|
||||
"port": 5432,
|
||||
"username": "admin",
|
||||
"password": "ProdDB_P@ssw0rd_2024_Secure!"
|
||||
}
|
||||
Reference in New Issue
Block a user