Password store Arc, metadata files

aegilops · aegilops · commit 934c8db609f6 · 2023-04-28T16:52:48.000Z
diff --git a/password_store/README.md b/password_store/README.md
@@ -0,0 +1,46 @@
+<!-- WARNING: This README is generated automatically
+-->
+# Password stores
+
+## Arc
+
+Arc password stores are created by the Arc open source software (https://github.com/evilsocket/arc). They are AES encrypted, but should not be stored in shared repositories.
+
+<details>
+<summary>Pattern Format</summary>
+<p>
+
+```regex
+{"id":[0-9]+,"title":"[^"]+","encryption":"[^"]+","created_at":"[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{6}(Z|[+-][0-9]{2}:[0-9]{2})","updated_at":"[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{6}(Z|[+-][0-9]{2}:[0-9]{2})","expired_at":"[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}(\.[0-9]{6})?(Z|[+-][0-9]{2}:[0-9]{2})","prune":(true|false),"notified":(true|false),"compressed":(true|false),"pinned":(true|false),"size":[0-9]+,"next_id":[0-9]+}
+```
+
+**Comments / Notes:**
+
+- Current Version: v0.1
+- This spots `meta.json` files created by Arc, not the secrets themselves
+- The encrypted secrets will be in a numbered directory below the detected `meta.json` file
+- This can also spot uncompressed tar file backups created by Arc
+</p>
+</details>
+
+
+<details>
+<summary>Start Pattern</summary>
+<p>
+
+```regex
+\A|\x00
+```
+
+</p>
+</details>
+<details>
+<summary>End Pattern</summary>
+<p>
+
+```regex
+\Z|\x00
+```
+
+</p>
+</details>
diff --git a/password_store/meta.json b/password_store/meta.json
@@ -0,0 +1 @@
+{"id":2,"title":"Foo","encryption":"aes","created_at":"2023-04-28T14:33:09.863337+01:00","updated_at":"2023-04-28T14:33:09.863337+01:00","expired_at":"0001-01-01T00:00:00Z","prune":false,"notified":false,"compressed":false,"pinned":false,"size":199,"next_id":1}
diff --git a/password_store/patterns.yml b/password_store/patterns.yml
@@ -0,0 +1,25 @@
+
+name: Password stores
+
+patterns:
+  - name: Arc
+    type: arc
+    description: "Arc password stores are created by the Arc open source software (https://github.com/evilsocket/arc). They are AES encrypted, but should not be stored in shared repositories."
+    regex:
+      pattern: |
+        {"id":[0-9]+,"title":"[^"]+","encryption":"[^"]+","created_at":"[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{6}(Z|[+-][0-9]{2}:[0-9]{2})","updated_at":"[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{6}(Z|[+-][0-9]{2}:[0-9]{2})","expired_at":"[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}(\.[0-9]{6})?(Z|[+-][0-9]{2}:[0-9]{2})","prune":(true|false),"notified":(true|false),"compressed":(true|false),"pinned":(true|false),"size":[0-9]+,"next_id":[0-9]+}
+      start: |
+        \A|\x00
+      end: |
+        \Z|\x00
+
+    expected:
+      - name: meta.json
+        start_offset: 0
+        end_offset: 261
+
+    comments:
+      - This spots `meta.json` files created by Arc, not the secrets themselves
+      - The encrypted secrets will be in a numbered directory below the detected `meta.json` file
+      - This can also spot uncompressed tar file backups created by Arc
+ 

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+{"id":2,"title":"Foo","encryption":"aes","created_at":"2023-04-28T14:33:09.863337+01:00","updated_at":"2023-04-28T14:33:09.863337+01:00","expired_at":"0001-01-01T00:00:00Z","prune":false,"notified":false,"compressed":false,"pinned":false,"size":199,"next_id":1}`