gitlab-secret_detection 0.8.0 → 0.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a05ed2079c4cbdfe4b79681687fa7ac880ba9af384dbf7143374e009eb6e8eac
4
- data.tar.gz: 73f0c96737d1816793c96734541fbe9d1785925fadfa10a622849a74091493f5
3
+ metadata.gz: d8c9973848eb3af18a6877e6d1e9934e69511fb9c41864f4b822791369e97ec0
4
+ data.tar.gz: f3b2679ae7b92b6b926ee2bdbe552bbae3c5ad07670d36d018a812b354fd3a55
5
5
  SHA512:
6
- metadata.gz: 1dd99d867f15ae626ace54f3f30dcc344d4b13d421cbfd61ddefa1afeb6d6f971e6b1700aa789e916eb55d3e76b2b2f956693be42235f28d17b23b9f1ea017bb
7
- data.tar.gz: 3788076e7734be035b63bc64ad59d1d3be1303098cd94d0da27f20bbf4569e5250cbc3f57bb33fd99478c5cdeba214174cef40fd7e095a9f04c12015894dd6d2
6
+ metadata.gz: f5d371430a4c8c6051dadcee41071ac03d5fcd7e39cd726fa6d9ed0f59008813ad3b27efb2ebc185218eeeb15ae747b48a8d053065e64217a55f052505b45174
7
+ data.tar.gz: 807521d0c06bc757eb51dc4536bc335a34fb0606c64b77ad94145dcbb829105a70efef8c606771c0340330f9bb4bb4af00193795165bc38068b6d174614b06d3
data/README.md CHANGED
@@ -42,7 +42,7 @@ the approach:
42
42
  │ ├── core/.. # Secret detection logic (most of it pulled from existing gem)
43
43
  │ └── grpc
44
44
  │ ├── generated/.. # gRPC generated files and secret detection gRPC service
45
- │ ├── client/.. # gRPC client to invoke secret detection service's RPC endpoints
45
+ │ ├── client/.. # gRPC client to invoke secret detection service's RPC endpoints
46
46
  │ └── scanner_service.rb # Secret detection gRPC service implementation
47
47
  ├── examples
48
48
  │ └── sample-client/.. # Sample Ruby RPC client that connects with gRPC server and calls RPC scan
@@ -54,7 +54,8 @@ the approach:
54
54
  ├── spec/.. # Rspec tests and related test helpers
55
55
  ├── gitlab-secret_detection.gemspec # Gemspec file for Ruby Gem
56
56
  ├── Dockerfile # Dockerfile for running gRPC server
57
- └── Makefile # All the CLI commands placed here
57
+ ├── Makefile # All the CLI commands placed here
58
+ └── RULES_VERSION # Current version of secret-detection-rules
58
59
  ```
59
60
 
60
61
  ### Makefile commands
@@ -63,6 +64,7 @@ Usage `make <command>`
63
64
 
64
65
  | Command | Description |
65
66
  |---------------------|---------------------------------------------------------------------------------------------------------------------------------|
67
+ | `install_secret_detection_rules` | Downloads secret-detection-rules based on package version defined in RULES_VERSION |
66
68
  | `install` | Installs ruby gems in the project using Ruby bundler |
67
69
  | `lint_fix` | Fixes all the fixable Rubocop lint offenses |
68
70
  | `gem_clean` | Cleans existing gem file(if any) generated through gem build process |
@@ -75,6 +77,16 @@ Usage `make <command>`
75
77
  | `run_grpc_tests` | Runs RSpec tests for Secret Detection gRPC endpoints |
76
78
  | `run_all_tests` | Runs all the RSpec tests in the project |
77
79
 
80
+
81
+ ## Secret Detection Rules
82
+
83
+ The make target `install_secret_detection_rules` fetches the version of the
84
+ [secret detection rules package](https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-rules/-/packages)
85
+ specified in the `RULES_VERSION` file and extracts the secret_push_protection_rules.toml rule file.
86
+ The command is called when running tests as well as when building the Dockerfile.
87
+ The secret_push_protection_rules.toml file is added to .gitignore to
88
+ avoid checking in changes.
89
+
78
90
  ## Generating a ruby gem
79
91
 
80
92
  In the project directory, run `make gem` command in the terminal that builds a ruby gem(ex: `secret_detection-0.1.0.gem`) in the root of
@@ -8,7 +8,7 @@ module Gitlab
8
8
  module Core
9
9
  class Ruleset
10
10
  # file path where the secrets ruleset file is located
11
- RULESET_FILE_PATH = File.expand_path('gitleaks.toml', __dir__)
11
+ RULESET_FILE_PATH = File.expand_path('secret_push_protection_rules.toml', __dir__)
12
12
 
13
13
  def initialize(path: RULESET_FILE_PATH, logger: Logger.new($stdout))
14
14
  @path = path
@@ -260,6 +260,8 @@ module Gitlab
260
260
  def find_secrets_in_payload(payload:, pattern_matcher:, raw_value_exclusions: [], rule_exclusions: [])
261
261
  findings = []
262
262
 
263
+ payload_offset = payload.respond_to?(:offset) ? payload.offset : 0
264
+
263
265
  payload.data
264
266
  .each_line($INPUT_RECORD_SEPARATOR, chomp: true)
265
267
  .each_with_index do |line, index|
@@ -271,7 +273,11 @@ module Gitlab
271
273
 
272
274
  next if line.empty?
273
275
 
274
- line_no = index + 1
276
+ # If payload offset is given then we will compute absolute line number i.e.,
277
+ # offset + relative_line_number - 1. In this scenario, index is equivalent to relative_line_number - 1.
278
+ # Whereas, when payload offset is not given, we'll set the line number relative to the beginning of the
279
+ # payload. In this scenario it will be index + 1.
280
+ line_no = payload_offset.positive? ? payload_offset + index : index + 1
275
281
 
276
282
  matches = pattern_matcher.match(line, exception: false) # returns indices of matched patterns
277
283
 
@@ -280,7 +286,8 @@ module Gitlab
280
286
 
281
287
  next if rule_exclusions.include?(rule[:id])
282
288
 
283
- findings << Core::Finding.new(payload.id, Core::Status::FOUND, line_no, rule[:id], rule[:description])
289
+ findings << Core::Finding.new(payload.id, Core::Status::FOUND, line_no, rule[:id],
290
+ rule[:description])
284
291
  end
285
292
  end
286
293
 
@@ -5,7 +5,7 @@
5
5
  require 'google/protobuf'
6
6
 
7
7
 
8
- descriptor_data = "\n\x16secret_detection.proto\x12\x17gitlab.secret_detection\"\xfc\x03\n\x0bScanRequest\x12>\n\x08payloads\x18\x01 \x03(\x0b\x32,.gitlab.secret_detection.ScanRequest.Payload\x12\x19\n\x0ctimeout_secs\x18\x02 \x01(\x02H\x00\x88\x01\x01\x12!\n\x14payload_timeout_secs\x18\x03 \x01(\x02H\x01\x88\x01\x01\x12\x42\n\nexclusions\x18\x04 \x03(\x0b\x32..gitlab.secret_detection.ScanRequest.Exclusion\x12\x0c\n\x04tags\x18\x05 \x03(\t\x1a#\n\x07Payload\x12\n\n\x02id\x18\x01 \x01(\t\x12\x0c\n\x04\x64\x61ta\x18\x02 \x01(\t\x1a\x66\n\tExclusion\x12J\n\x0e\x65xclusion_type\x18\x01 \x01(\x0e\x32\x32.gitlab.secret_detection.ScanRequest.ExclusionType\x12\r\n\x05value\x18\x02 \x01(\t\"f\n\rExclusionType\x12\x1e\n\x1a\x45XCLUSION_TYPE_UNSPECIFIED\x10\x00\x12\x17\n\x13\x45XCLUSION_TYPE_RULE\x10\x01\x12\x1c\n\x18\x45XCLUSION_TYPE_RAW_VALUE\x10\x02\x42\x0f\n\r_timeout_secsB\x17\n\x15_payload_timeout_secs\"\xe2\x03\n\x0cScanResponse\x12>\n\x07results\x18\x01 \x03(\x0b\x32-.gitlab.secret_detection.ScanResponse.Finding\x12\x0e\n\x06status\x18\x02 \x01(\x05\x1a\x9d\x01\n\x07\x46inding\x12\x12\n\npayload_id\x18\x01 \x01(\t\x12\x0e\n\x06status\x18\x02 \x01(\x05\x12\x11\n\x04type\x18\x03 \x01(\tH\x00\x88\x01\x01\x12\x18\n\x0b\x64\x65scription\x18\x04 \x01(\tH\x01\x88\x01\x01\x12\x18\n\x0bline_number\x18\x05 \x01(\x05H\x02\x88\x01\x01\x42\x07\n\x05_typeB\x0e\n\x0c_descriptionB\x0e\n\x0c_line_number\"\xe1\x01\n\x06Status\x12\x16\n\x12STATUS_UNSPECIFIED\x10\x00\x12\x10\n\x0cSTATUS_FOUND\x10\x01\x12\x1c\n\x18STATUS_FOUND_WITH_ERRORS\x10\x02\x12\x17\n\x13STATUS_SCAN_TIMEOUT\x10\x03\x12\x1a\n\x16STATUS_PAYLOAD_TIMEOUT\x10\x04\x12\x15\n\x11STATUS_SCAN_ERROR\x10\x05\x12\x16\n\x12STATUS_INPUT_ERROR\x10\x06\x12\x14\n\x10STATUS_NOT_FOUND\x10\x07\x12\x15\n\x11STATUS_AUTH_ERROR\x10\x08\x32\xc1\x01\n\x07Scanner\x12U\n\x04Scan\x12$.gitlab.secret_detection.ScanRequest\x1a%.gitlab.secret_detection.ScanResponse\"\x00\x12_\n\nScanStream\x12$.gitlab.secret_detection.ScanRequest\x1a%.gitlab.secret_detection.ScanResponse\"\x00(\x01\x30\x01\x42 \xea\x02\x1dGitlab::SecretDetection::GRPCb\x06proto3"
8
+ descriptor_data = "\n\x16secret_detection.proto\x12\x17gitlab.secret_detection\"\x9c\x04\n\x0bScanRequest\x12>\n\x08payloads\x18\x01 \x03(\x0b\x32,.gitlab.secret_detection.ScanRequest.Payload\x12\x19\n\x0ctimeout_secs\x18\x02 \x01(\x02H\x00\x88\x01\x01\x12!\n\x14payload_timeout_secs\x18\x03 \x01(\x02H\x01\x88\x01\x01\x12\x42\n\nexclusions\x18\x04 \x03(\x0b\x32..gitlab.secret_detection.ScanRequest.Exclusion\x12\x0c\n\x04tags\x18\x05 \x03(\t\x1a\x43\n\x07Payload\x12\n\n\x02id\x18\x01 \x01(\t\x12\x0c\n\x04\x64\x61ta\x18\x02 \x01(\t\x12\x13\n\x06offset\x18\x03 \x01(\x05H\x00\x88\x01\x01\x42\t\n\x07_offset\x1a\x66\n\tExclusion\x12J\n\x0e\x65xclusion_type\x18\x01 \x01(\x0e\x32\x32.gitlab.secret_detection.ScanRequest.ExclusionType\x12\r\n\x05value\x18\x02 \x01(\t\"f\n\rExclusionType\x12\x1e\n\x1a\x45XCLUSION_TYPE_UNSPECIFIED\x10\x00\x12\x17\n\x13\x45XCLUSION_TYPE_RULE\x10\x01\x12\x1c\n\x18\x45XCLUSION_TYPE_RAW_VALUE\x10\x02\x42\x0f\n\r_timeout_secsB\x17\n\x15_payload_timeout_secs\"\xe2\x03\n\x0cScanResponse\x12>\n\x07results\x18\x01 \x03(\x0b\x32-.gitlab.secret_detection.ScanResponse.Finding\x12\x0e\n\x06status\x18\x02 \x01(\x05\x1a\x9d\x01\n\x07\x46inding\x12\x12\n\npayload_id\x18\x01 \x01(\t\x12\x0e\n\x06status\x18\x02 \x01(\x05\x12\x11\n\x04type\x18\x03 \x01(\tH\x00\x88\x01\x01\x12\x18\n\x0b\x64\x65scription\x18\x04 \x01(\tH\x01\x88\x01\x01\x12\x18\n\x0bline_number\x18\x05 \x01(\x05H\x02\x88\x01\x01\x42\x07\n\x05_typeB\x0e\n\x0c_descriptionB\x0e\n\x0c_line_number\"\xe1\x01\n\x06Status\x12\x16\n\x12STATUS_UNSPECIFIED\x10\x00\x12\x10\n\x0cSTATUS_FOUND\x10\x01\x12\x1c\n\x18STATUS_FOUND_WITH_ERRORS\x10\x02\x12\x17\n\x13STATUS_SCAN_TIMEOUT\x10\x03\x12\x1a\n\x16STATUS_PAYLOAD_TIMEOUT\x10\x04\x12\x15\n\x11STATUS_SCAN_ERROR\x10\x05\x12\x16\n\x12STATUS_INPUT_ERROR\x10\x06\x12\x14\n\x10STATUS_NOT_FOUND\x10\x07\x12\x15\n\x11STATUS_AUTH_ERROR\x10\x08\x32\xc1\x01\n\x07Scanner\x12U\n\x04Scan\x12$.gitlab.secret_detection.ScanRequest\x1a%.gitlab.secret_detection.ScanResponse\"\x00\x12_\n\nScanStream\x12$.gitlab.secret_detection.ScanRequest\x1a%.gitlab.secret_detection.ScanResponse\"\x00(\x01\x30\x01\x42 \xea\x02\x1dGitlab::SecretDetection::GRPCb\x06proto3"
9
9
 
10
10
  pool = Google::Protobuf::DescriptorPool.generated_pool
11
11
  pool.add_serialized_file(descriptor_data)
@@ -12,6 +12,7 @@ message ScanRequest {
12
12
  message Payload {
13
13
  string id = 1;
14
14
  string data = 2;
15
+ optional int32 offset = 3;
15
16
  }
16
17
 
17
18
  // Either provide rule type or a particular value to allow during the scan
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gitlab-secret_detection
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.8.0
4
+ version: 0.10.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - group::secret detection
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2024-10-18 00:00:00.000000000 Z
13
+ date: 2024-11-13 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: grpc
@@ -100,7 +100,6 @@ files:
100
100
  - lib/gitlab/secret_detection.rb
101
101
  - lib/gitlab/secret_detection/core.rb
102
102
  - lib/gitlab/secret_detection/core/finding.rb
103
- - lib/gitlab/secret_detection/core/gitleaks.toml
104
103
  - lib/gitlab/secret_detection/core/response.rb
105
104
  - lib/gitlab/secret_detection/core/ruleset.rb
106
105
  - lib/gitlab/secret_detection/core/scanner.rb
@@ -1,1084 +0,0 @@
1
- # This file contains a subset of rules pulled from the original source file.
2
- # Original Source: https://gitlab.com/gitlab-org/security-products/analyzers/secrets/-/blob/master/gitleaks.toml
3
- # Reference: https://gitlab.com/gitlab-org/gitlab/-/issues/427011
4
- title = "gitleaks config"
5
-
6
- [[rules]]
7
- id = "gitlab_personal_access_token"
8
- description = "GitLab Personal Access Token"
9
- regex = '''\bglpat-[0-9a-zA-Z_\-]{20}\b'''
10
- tags = ["gitlab", "revocation_type", "gitlab_blocking"]
11
- keywords = [
12
- "glpat",
13
- ]
14
-
15
- [[rules]]
16
- id = "gitlab_pipeline_trigger_token"
17
- description = "GitLab Pipeline Trigger Token"
18
- regex = '''\bglptt-[0-9a-zA-Z_\-]{40}\b'''
19
- tags = ["gitlab", "gitlab_blocking"]
20
- keywords = [
21
- "glptt",
22
- ]
23
-
24
- [[rules]]
25
- id = "gitlab_runner_registration_token"
26
- description = "GitLab Runner Registration Token"
27
- regex = '''\bGR1348941[0-9a-zA-Z_\-]{20}\b'''
28
- tags = ["gitlab", "gitlab_blocking"]
29
- keywords = [
30
- "GR1348941",
31
- ]
32
-
33
- [[rules]]
34
- id = "gitlab_runner_auth_token"
35
- description = "GitLab Runner Authentication Token"
36
- regex = '''\bglrt-[0-9a-zA-Z_\-]{20}\b'''
37
- tags = ["gitlab", "gitlab_blocking"]
38
- keywords = [
39
- "glrt",
40
- ]
41
-
42
- [[rules]]
43
- id = "gitlab_feed_token"
44
- description = "GitLab Feed Token"
45
- regex = '''\bfeed_token=[0-9a-zA-Z_\-]{20}\b'''
46
- tags = ["gitlab"]
47
- keywords = [
48
- "feed_token",
49
- ]
50
-
51
- [[rules]]
52
- id = "gitlab_oauth_app_secret"
53
- description = "GitLab OAuth Application Secrets"
54
- regex = '''\bgloas-[0-9a-zA-Z_\-]{64}\b'''
55
- tags = ["gitlab", "gitlab_blocking"]
56
- keywords = [
57
- "gloas",
58
- ]
59
-
60
- [[rules]]
61
- id = "gitlab_feed_token_v2"
62
- description = "GitLab Feed token"
63
- regex = '''\bglft-[0-9a-zA-Z_\-]{20}\b'''
64
- tags = ["gitlab", "gitlab_blocking"]
65
- keywords = [
66
- "glft",
67
- ]
68
-
69
- [[rules]]
70
- id = "gitlab_kubernetes_agent_token"
71
- description = "GitLab Agent for Kubernetes token"
72
- regex = '''\bglagent-[0-9a-zA-Z_\-]{50}\b'''
73
- tags = ["gitlab", "gitlab_blocking"]
74
- keywords = [
75
- "glagent",
76
- ]
77
-
78
- [[rules]]
79
- id = "gitlab_incoming_email_token"
80
- description = "GitLab Incoming email token"
81
- regex = '''\bglimt-[0-9a-zA-Z_\-]{25}\b'''
82
- tags = ["gitlab", "gitlab_blocking"]
83
- keywords = [
84
- "glimt",
85
- ]
86
-
87
- [[rules]]
88
- id = "gitlab_deploy_token"
89
- description = "GitLab Deploy Token"
90
- regex = '''\bgldt-[0-9a-zA-Z_\-]{20}\b'''
91
- tags = ["gitlab"]
92
- keywords = [
93
- "gldt",
94
- ]
95
-
96
- [[rules]]
97
- id = "gitlab_scim_oauth_token"
98
- description = "GitLab SCIM token"
99
- regex = '''\bglsoat-[0-9a-zA-Z_\-]{20}\b'''
100
- tags = ["gitlab"]
101
- keywords = [
102
- "glsoat",
103
- ]
104
-
105
- [[rules]]
106
- id = "gitlab_ci_build_token"
107
- description = "GitLab CI Build (Job) token"
108
- regex = '''\bglcbt-[0-9a-zA-Z]{1,5}_[0-9a-zA-Z_-]{20}\b'''
109
- tags = ["gitlab"]
110
- keywords = [
111
- "glcbt",
112
- ]
113
-
114
- [[rules]]
115
- id = "AWS"
116
- description = "AWS Access Token"
117
- regex = '''\bAKIA[0-9A-Z]{16}\b'''
118
- tags = ["aws", "revocation_type", "gitlab_blocking"]
119
- keywords = [
120
- "AKIA",
121
- ]
122
-
123
- # Cryptographic keys
124
- [[rules]]
125
- id = "PKCS8 private key"
126
- description = "PKCS8 private key"
127
- regex = '''-----BEGIN PRIVATE KEY-----'''
128
- keywords = [
129
- "-----BEGIN PRIVATE KEY-----",
130
- ]
131
-
132
- [[rules]]
133
- id = "RSA private key"
134
- description = "RSA private key"
135
- regex = '''-----BEGIN RSA PRIVATE KEY-----'''
136
- keywords = [
137
- "-----BEGIN RSA PRIVATE KEY-----",
138
- ]
139
-
140
- [[rules]]
141
- id = "SSH private key"
142
- description = "SSH private key"
143
- regex = '''-----BEGIN OPENSSH PRIVATE KEY-----'''
144
- keywords = [
145
- "-----BEGIN OPENSSH PRIVATE KEY-----",
146
- ]
147
-
148
- [[rules]]
149
- id = "PGP private key"
150
- description = "PGP private key"
151
- regex = '''-----BEGIN PGP PRIVATE KEY BLOCK-----'''
152
- keywords = [
153
- "-----BEGIN PGP PRIVATE KEY BLOCK-----",
154
- ]
155
-
156
- [[rules]]
157
- description = "systemd machine-id"
158
- id = "systemd-machine-id"
159
- path = '''^machine-id$'''
160
- regex = '''^[0-9a-f]{32}\n$'''
161
- entropy = 3.5
162
-
163
- [[rules]]
164
- id = "Github Personal Access Token"
165
- description = "Github Personal Access Token"
166
- regex = '''ghp_[0-9a-zA-Z]{36}'''
167
- tags = ["gitlab_blocking"]
168
- keywords = [
169
- "ghp_",
170
- ]
171
-
172
- [[rules]]
173
- id = "Github OAuth Access Token"
174
- description = "Github OAuth Access Token"
175
- regex = '''gho_[0-9a-zA-Z]{36}'''
176
- tags = ["gitlab_blocking"]
177
- keywords = [
178
- "gho_",
179
- ]
180
-
181
- [[rules]]
182
- id = "SSH (DSA) private key"
183
- description = "SSH (DSA) private key"
184
- regex = '''-----BEGIN DSA PRIVATE KEY-----'''
185
- keywords = [
186
- "-----BEGIN DSA PRIVATE KEY-----",
187
- ]
188
-
189
- [[rules]]
190
- id = "SSH (EC) private key"
191
- description = "SSH (EC) private key"
192
- regex = '''-----BEGIN EC PRIVATE KEY-----'''
193
- keywords = [
194
- "-----BEGIN EC PRIVATE KEY-----",
195
- ]
196
-
197
-
198
- [[rules]]
199
- id = "Github App Token"
200
- description = "Github App Token"
201
- regex = '''(ghu|ghs)_[0-9a-zA-Z]{36}'''
202
- tags = ["gitlab_blocking"]
203
- keywords = [
204
- "ghu_",
205
- "ghs_"
206
- ]
207
-
208
- [[rules]]
209
- id = "Github Refresh Token"
210
- description = "Github Refresh Token"
211
- regex = '''ghr_[0-9a-zA-Z]{76}'''
212
- tags = ["gitlab_blocking"]
213
- keywords = [
214
- "ghr_"
215
- ]
216
-
217
- [[rules]]
218
- id = "Shopify shared secret"
219
- description = "Shopify shared secret"
220
- regex = '''shpss_[a-fA-F0-9]{32}'''
221
- tags = ["gitlab_blocking"]
222
- keywords = [
223
- "shpss_"
224
- ]
225
-
226
- [[rules]]
227
- id = "Shopify access token"
228
- description = "Shopify access token"
229
- regex = '''shpat_[a-fA-F0-9]{32}'''
230
- tags = ["gitlab_blocking"]
231
- keywords = [
232
- "shpat_"
233
- ]
234
-
235
- [[rules]]
236
- id = "Shopify custom app access token"
237
- description = "Shopify custom app access token"
238
- regex = '''shpca_[a-fA-F0-9]{32}'''
239
- tags = ["gitlab_blocking"]
240
- keywords = [
241
- "shpca_"
242
- ]
243
-
244
- [[rules]]
245
- id = "Shopify private app access token"
246
- description = "Shopify private app access token"
247
- regex = '''shppa_[a-fA-F0-9]{32}'''
248
- tags = ["gitlab_blocking"]
249
- keywords = [
250
- "shppa_"
251
- ]
252
-
253
- [[rules]]
254
- id = "Slack token"
255
- description = "Slack token"
256
- regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})'''
257
- tags = ["gitlab_blocking"]
258
- keywords = [
259
- "xoxb",
260
- "xoxa",
261
- "xoxp",
262
- "xoxr",
263
- "xoxs",
264
- ]
265
-
266
- [[rules]]
267
- id = "Stripe"
268
- description = "Stripe"
269
- regex = '''(?i)(sk|pk)_(test|live)_[0-9a-z]{10,32}'''
270
- tags = ["gitlab_blocking"]
271
- keywords = [
272
- "sk_test",
273
- "pk_test",
274
- "sk_live",
275
- "pk_live",
276
- ]
277
-
278
- [[rules]]
279
- id = "PyPI upload token"
280
- description = "PyPI upload token"
281
- regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}'''
282
- tags = ["pypi", "revocation_type", "gitlab_blocking"]
283
- keywords = [
284
- "pypi-AgEIcHlwaS5vcmc",
285
- ]
286
-
287
- [[rules]]
288
- id = "Google (GCP) Service-account"
289
- description = "Google (GCP) Service-account"
290
- tags = ["gitlab_partner_token", "revocation_type", "gitlab_blocking"]
291
- regex = '''\"private_key\":\s*\"-{5}BEGIN PRIVATE KEY-{5}[\s\S]*?",'''
292
- keywords = [
293
- "service_account",
294
- ]
295
-
296
- [[rules]]
297
- id = "GCP API key"
298
- description = "GCP API keys can be misused to gain API quota from billed projects"
299
- regex = '''(?i)\b(AIza[0-9A-Za-z-_]{35})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
300
- secretGroup = 1
301
- tags = ["gitlab_partner_token", "revocation_type", "gitlab_blocking"]
302
- keywords = [
303
- "AIza",
304
- ]
305
-
306
- [[rules]]
307
- id = "GCP OAuth client secret"
308
- description = "GCP OAuth client secrets can be misused to spoof your application"
309
- tags = ["gitlab_partner_token", "revocation_type", "gitlab_blocking"]
310
- regex = '''GOCSPX-[a-zA-Z0-9_-]{28}'''
311
- keywords = [
312
- "GOCSPX-",
313
- ]
314
-
315
- [[rules]]
316
- # demo of this regex not matching passwords in urls that contain env vars:
317
- # https://regex101.com/r/rT9Lv9/6
318
- id = "Password in URL"
319
- description = "Password in URL"
320
- regex = '''[a-zA-Z]{3,10}:\/\/[^$][^:@\/\n]{3,20}:[^$][^:@\n\/]{3,40}@.{1,100}'''
321
-
322
-
323
- [[rules]]
324
- id = "Heroku API Key"
325
- description = "Heroku API Key"
326
- regex = '''(?i)(?:heroku)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})(?:['|\"|\n|\r|\s|\x60]|$)'''
327
- secretGroup = 1
328
- keywords = [
329
- "heroku",
330
- ]
331
-
332
- [[rules]]
333
- id = "Slack Webhook"
334
- description = "Slack Webhook"
335
- regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8,12}/[a-zA-Z0-9_]{24}'''
336
- keywords = [
337
- "https://hooks.slack.com/services",
338
- ]
339
-
340
- [[rules]]
341
- id = "Twilio API Key"
342
- description = "Twilio API Key"
343
- regex = '''SK[0-9a-fA-F]{32}'''
344
- keywords = [
345
- "SK",
346
- "twilio"
347
- ]
348
-
349
- [[rules]]
350
- id = "Age secret key"
351
- description = "Age secret key"
352
- regex = '''AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}'''
353
- keywords = [
354
- "AGE-SECRET-KEY-1",
355
- ]
356
-
357
- [[rules]]
358
- id = "Facebook token"
359
- description = "Facebook token"
360
- regex = '''(?i)(facebook[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32})['\"]'''
361
- secretGroup = 3
362
- keywords = [
363
- "facebook",
364
- ]
365
-
366
- [[rules]]
367
- id = "Twitter token"
368
- description = "Twitter token"
369
- regex = '''(?i)(twitter[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{35,44})['\"]'''
370
- secretGroup = 3
371
- keywords = [
372
- "twitter",
373
- ]
374
-
375
- [[rules]]
376
- id = "Adobe Client ID (Oauth Web)"
377
- description = "Adobe Client ID (Oauth Web)"
378
- regex = '''(?i)(adobe[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32})['\"]'''
379
- secretGroup = 3
380
- keywords = [
381
- "adobe",
382
- ]
383
-
384
- [[rules]]
385
- id = "Adobe Client Secret"
386
- description = "Adobe Client Secret"
387
- regex = '''(p8e-)(?i)[a-z0-9]{32}'''
388
- keywords = [
389
- "adobe",
390
- "p8e-,"
391
- ]
392
-
393
- [[rules]]
394
- id = "Alibaba AccessKey ID"
395
- description = "Alibaba AccessKey ID"
396
- regex = '''(LTAI)(?i)[a-z0-9]{20}'''
397
- keywords = [
398
- "LTAI",
399
- ]
400
-
401
- [[rules]]
402
- id = "Alibaba Secret Key"
403
- description = "Alibaba Secret Key"
404
- regex = '''(?i)(alibaba[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{30})['\"]'''
405
- secretGroup = 3
406
- keywords = [
407
- "alibaba",
408
- ]
409
-
410
- [[rules]]
411
- id = "Asana Client ID"
412
- description = "Asana Client ID"
413
- regex = '''(?i)(asana[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9]{16})['\"]'''
414
- secretGroup = 3
415
- keywords = [
416
- "asana",
417
- ]
418
-
419
- [[rules]]
420
- id = "Asana Client Secret"
421
- description = "Asana Client Secret"
422
- regex = '''(?i)(asana[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{32})['\"]'''
423
- secretGroup = 3
424
- keywords = [
425
- "asana",
426
- ]
427
-
428
- [[rules]]
429
- id = "Atlassian API token"
430
- description = "Atlassian API token"
431
- regex = '''(?i)(atlassian[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{24})['\"]'''
432
- secretGroup = 3
433
- keywords = [
434
- "atlassian",
435
- ]
436
-
437
- [[rules]]
438
- id = "Bitbucket client ID"
439
- description = "Bitbucket client ID"
440
- regex = '''(?i)(bitbucket[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{32})['\"]'''
441
- secretGroup = 3
442
- keywords = [
443
- "bitbucket",
444
- ]
445
-
446
- [[rules]]
447
- id = "Bitbucket client secret"
448
- description = "Bitbucket client secret"
449
- regex = '''(?i)(bitbucket[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9_\-]{64})['\"]'''
450
- secretGroup = 3
451
- keywords = [
452
- "bitbucket",
453
- ]
454
-
455
- [[rules]]
456
- id = "Beamer API token"
457
- description = "Beamer API token"
458
- regex = '''(?i)(beamer[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](b_[a-z0-9=_\-]{44})['\"]'''
459
- secretGroup = 3
460
- keywords = [
461
- "beamer",
462
- ]
463
-
464
- [[rules]]
465
- id = "Clojars API token"
466
- description = "Clojars API token"
467
- regex = '''(CLOJARS_)(?i)[a-z0-9]{60}'''
468
- keywords = [
469
- "CLOJARS_",
470
- ]
471
-
472
- [[rules]]
473
- id = "Contentful delivery API token"
474
- description = "Contentful delivery API token"
475
- regex = '''(?i)(contentful[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9\-=_]{43})['\"]'''
476
- secretGroup = 3
477
- keywords = [
478
- "contentful",
479
- ]
480
-
481
- [[rules]]
482
- id = "Contentful preview API token"
483
- description = "Contentful preview API token"
484
- regex = '''(?i)(contentful[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9\-=_]{43})['\"]'''
485
- secretGroup = 3
486
- keywords = [
487
- "contentful",
488
- ]
489
-
490
- [[rules]]
491
- id = "Databricks API token"
492
- description = "Databricks API token"
493
- regex = '''dapi[a-h0-9]{32}'''
494
- keywords = [
495
- "dapi",
496
- "databricks"
497
- ]
498
-
499
- [[rules]]
500
- description = "DigitalOcean OAuth Access Token"
501
- id = "digitalocean-access-token"
502
- regex = '''(?i)\b(doo_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
503
- secretGroup = 1
504
- keywords = [
505
- "doo_v1_",
506
- ]
507
-
508
- [[rules]]
509
- description = "DigitalOcean Personal Access Token"
510
- id = "digitalocean-pat"
511
- regex = '''(?i)\b(dop_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
512
- secretGroup = 1
513
- keywords = [
514
- "dop_v1_",
515
- ]
516
-
517
- [[rules]]
518
- description = "DigitalOcean OAuth Refresh Token"
519
- id = "digitalocean-refresh-token"
520
- regex = '''(?i)\b(dor_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
521
- secretGroup = 1
522
- keywords = [
523
- "dor_v1_",
524
- ]
525
-
526
- [[rules]]
527
- id = "Discord API key"
528
- description = "Discord API key"
529
- regex = '''(?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{64})['\"]'''
530
- secretGroup = 3
531
- keywords = [
532
- "discord",
533
- ]
534
-
535
- [[rules]]
536
- id = "Discord client ID"
537
- description = "Discord client ID"
538
- regex = '''(?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9]{18})['\"]'''
539
- secretGroup = 3
540
- keywords = [
541
- "discord",
542
- ]
543
-
544
- [[rules]]
545
- id = "Discord client secret"
546
- description = "Discord client secret"
547
- regex = '''(?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9=_\-]{32})['\"]'''
548
- secretGroup = 3
549
- keywords = [
550
- "discord",
551
- ]
552
-
553
- [[rules]]
554
- id = "Doppler API token"
555
- description = "Doppler API token"
556
- regex = '''['\"](dp\.pt\.)(?i)[a-z0-9]{43}['\"]'''
557
- keywords = [
558
- "doppler",
559
- ]
560
-
561
- [[rules]]
562
- id = "Dropbox API secret/key"
563
- description = "Dropbox API secret/key"
564
- regex = '''(?i)(dropbox[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{15})['\"]'''
565
- keywords = [
566
- "dropbox",
567
- ]
568
-
569
- [[rules]]
570
- id = "Dropbox short lived API token"
571
- description = "Dropbox short lived API token"
572
- regex = '''(?i)(dropbox[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](sl\.[a-z0-9\-=_]{135})['\"]'''
573
- keywords = [
574
- "dropbox",
575
- ]
576
-
577
- [[rules]]
578
- id = "Dropbox long lived API token"
579
- description = "Dropbox long lived API token"
580
- regex = '''(?i)(dropbox[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"][a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\-_=]{43}['\"]'''
581
- keywords = [
582
- "dropbox",
583
- ]
584
-
585
- [[rules]]
586
- id = "Duffel API token"
587
- description = "Duffel API token"
588
- regex = '''['\"]duffel_(test|live)_(?i)[a-z0-9_-]{43}['\"]'''
589
- keywords = [
590
- "duffel",
591
- ]
592
-
593
- [[rules]]
594
- id = "Dynatrace API token"
595
- description = "Dynatrace API token"
596
- regex = '''['\"]dt0c01\.(?i)[a-z0-9]{24}\.[a-z0-9]{64}['\"]'''
597
- keywords = [
598
- "dt0c01",
599
- ]
600
-
601
- [[rules]]
602
- id = "EasyPost API token"
603
- description = "EasyPost API token"
604
- regex = '''['\"]EZAK(?i)[a-z0-9]{54}['\"]'''
605
- keywords = [
606
- "EZAK",
607
- ]
608
-
609
-
610
- [[rules]]
611
- id = "EasyPost test API token"
612
- description = "EasyPost test API token"
613
- regex = '''['\"]EZTK(?i)[a-z0-9]{54}['\"]'''
614
- keywords = [
615
- "EZTK",
616
- ]
617
-
618
- [[rules]]
619
- id = "Fastly API token"
620
- description = "Fastly API token"
621
- regex = '''(?i)(fastly[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9\-=_]{32})['\"]'''
622
- secretGroup = 3
623
- keywords = [
624
- "fastly",
625
- ]
626
-
627
- [[rules]]
628
- id = "Finicity client secret"
629
- description = "Finicity client secret"
630
- regex = '''(?i)(finicity[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{20})['\"]'''
631
- secretGroup = 3
632
- keywords = [
633
- "finicity",
634
- ]
635
-
636
- [[rules]]
637
- id = "Finicity API token"
638
- description = "Finicity API token"
639
- regex = '''(?i)(finicity[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32})['\"]'''
640
- secretGroup = 3
641
- keywords = [
642
- "finicity",
643
- ]
644
-
645
- [[rules]]
646
- id = "Flutterwave public key"
647
- description = "Flutterwave public key"
648
- regex = '''FLWPUBK_TEST-(?i)[a-h0-9]{32}-X'''
649
- keywords = [
650
- "FLWPUBK_TEST",
651
- ]
652
-
653
- [[rules]]
654
- id = "Flutterwave secret key"
655
- description = "Flutterwave secret key"
656
- regex = '''FLWSECK_TEST-(?i)[a-h0-9]{32}-X'''
657
- keywords = [
658
- "FLWSECK_TEST",
659
- ]
660
-
661
- [[rules]]
662
- id = "Flutterwave encrypted key"
663
- description = "Flutterwave encrypted key"
664
- regex = '''FLWSECK_TEST[a-h0-9]{12}'''
665
- keywords = [
666
- "FLWSECK_TEST",
667
- ]
668
-
669
- [[rules]]
670
- id = "Frame.io API token"
671
- description = "Frame.io API token"
672
- regex = '''fio-u-(?i)[a-z0-9-_=]{64}'''
673
- keywords = [
674
- "fio-u-",
675
- ]
676
-
677
- [[rules]]
678
- id = "GoCardless API token"
679
- description = "GoCardless API token"
680
- regex = '''['\"]live_(?i)[a-z0-9-_=]{40}['\"]'''
681
- keywords = [
682
- "gocardless",
683
- ]
684
-
685
- [[rules]]
686
- id = "Grafana API token"
687
- description = "Grafana API token"
688
- regex = '''['\"]eyJrIjoi(?i)[a-z0-9-_=]{72,92}['\"]'''
689
- tags = ["gitlab_blocking"]
690
- keywords = [
691
- "grafana",
692
- ]
693
-
694
- [[rules]]
695
- id = "Hashicorp Terraform user/org API token"
696
- description = "Hashicorp Terraform user/org API token"
697
- regex = '''['\"](?i)[a-z0-9]{14}\.atlasv1\.[a-z0-9-_=]{60,70}['\"]'''
698
- tags = ["gitlab_blocking"]
699
- keywords = [
700
- "atlasv1",
701
- "hashicorp",
702
- "terraform"
703
- ]
704
-
705
- [[rules]]
706
- id = "Hashicorp Vault batch token"
707
- description = "Hashicorp Vault batch token"
708
- regex = '''b\.AAAAAQ[0-9a-zA-Z_-]{156}'''
709
- tags = ["gitlab_blocking"]
710
- keywords = [
711
- "hashicorp",
712
- "AAAAAQ",
713
- "vault"
714
- ]
715
-
716
- [[rules]]
717
- id = "Hubspot API token"
718
- description = "Hubspot API token"
719
- regex = '''(?i)(hubspot[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\"]'''
720
- secretGroup = 3
721
- keywords = [
722
- "hubspot",
723
- ]
724
-
725
- [[rules]]
726
- id = "Intercom API token"
727
- description = "Intercom API token"
728
- regex = '''(?i)(intercom[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9=_]{60})['\"]'''
729
- secretGroup = 3
730
- keywords = [
731
- "intercom",
732
- ]
733
-
734
- [[rules]]
735
- id = "Intercom client secret/ID"
736
- description = "Intercom client secret/ID"
737
- regex = '''(?i)(intercom[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\"]'''
738
- secretGroup = 3
739
- keywords = [
740
- "intercom",
741
- ]
742
-
743
- [[rules]]
744
- id = "Ionic API token"
745
- description = "Ionic API token"
746
- regex = '''\bion_(?i)[a-z0-9]{42}\b'''
747
- keywords = [
748
- "ion_",
749
- ]
750
-
751
- [[rules]]
752
- id = "Linear API token"
753
- description = "Linear API token"
754
- regex = '''lin_api_(?i)[a-z0-9]{40}'''
755
- keywords = [
756
- "lin_api_",
757
- ]
758
-
759
- [[rules]]
760
- id = "Linear client secret/ID"
761
- description = "Linear client secret/ID"
762
- regex = '''(?i)(linear[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32})['\"]'''
763
- secretGroup = 3
764
- keywords = [
765
- "linear",
766
- ]
767
-
768
- [[rules]]
769
- id = "Lob API Key"
770
- description = "Lob API Key"
771
- regex = '''(?i)(lob[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]((live|test)_[a-f0-9]{35})['\"]'''
772
- secretGroup = 3
773
- keywords = [
774
- "lob",
775
- ]
776
-
777
- [[rules]]
778
- id = "Lob Publishable API Key"
779
- description = "Lob Publishable API Key"
780
- regex = '''(?i)(lob[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]((test|live)_pub_[a-f0-9]{31})['\"]'''
781
- secretGroup = 3
782
- keywords = [
783
- "lob",
784
- ]
785
-
786
- [[rules]]
787
- id = "Mailchimp API key"
788
- description = "Mailchimp API key"
789
- regex = '''(?i)(mailchimp[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32}-us20)['\"]'''
790
- secretGroup = 3
791
- tags = ["gitlab_blocking"]
792
- keywords = [
793
- "mailchimp",
794
- ]
795
-
796
- [[rules]]
797
- id = "Mailgun private API token"
798
- description = "Mailgun private API token"
799
- regex = '''(?i)(mailgun[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](key-[a-f0-9]{32})['\"]'''
800
- secretGroup = 3
801
- tags = ["gitlab_blocking"]
802
- keywords = [
803
- "mailgun",
804
- ]
805
-
806
- [[rules]]
807
- id = "Mailgun public validation key"
808
- description = "Mailgun public validation key"
809
- regex = '''(?i)(mailgun[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](pubkey-[a-f0-9]{32})['\"]'''
810
- secretGroup = 3
811
- keywords = [
812
- "mailgun",
813
- ]
814
-
815
- [[rules]]
816
- id = "Mailgun webhook signing key"
817
- description = "Mailgun webhook signing key"
818
- regex = '''(?i)(mailgun[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})['\"]'''
819
- secretGroup = 3
820
- tags = ["gitlab_blocking"]
821
- keywords = [
822
- "mailgun",
823
- ]
824
-
825
- [[rules]]
826
- id = "Mapbox API token"
827
- description = "Mapbox API token"
828
- regex = '''(?i)(pk\.[a-z0-9]{60}\.[a-z0-9]{22})'''
829
- keywords = [
830
- "mapbox",
831
- ]
832
-
833
- [[rules]]
834
- id = "messagebird-api-token"
835
- description = "MessageBird API token"
836
- regex = '''(?i)(messagebird[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{25})['\"]'''
837
- secretGroup = 3
838
- keywords = [
839
- "messagebird",
840
- ]
841
-
842
- [[rules]]
843
- id = "MessageBird API client ID"
844
- description = "MessageBird API client ID"
845
- regex = '''(?i)(messagebird[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\"]'''
846
- secretGroup = 3
847
- keywords = [
848
- "messagebird",
849
- ]
850
-
851
- [[rules]]
852
- id = "New Relic user API Key"
853
- description = "New Relic user API Key"
854
- regex = '''['\"](NRAK-[A-Z0-9]{27})['\"]'''
855
- tags = ["gitlab_blocking"]
856
- keywords = [
857
- "NRAK",
858
- ]
859
-
860
- [[rules]]
861
- id = "New Relic user API ID"
862
- description = "New Relic user API ID"
863
- regex = '''(?i)(newrelic[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([A-Z0-9]{64})['\"]'''
864
- secretGroup = 3
865
- tags = ["gitlab_blocking"]
866
- keywords = [
867
- "newrelic",
868
- ]
869
-
870
- [[rules]]
871
- id = "New Relic ingest browser API token"
872
- description = "New Relic ingest browser API token"
873
- regex = '''['\"](NRJS-[a-f0-9]{19})['\"]'''
874
- keywords = [
875
- "NRJS",
876
- ]
877
-
878
- [[rules]]
879
- id = "npm access token"
880
- description = "npm access token"
881
- regex = '''['\"](npm_(?i)[a-z0-9]{36})['\"]'''
882
- tags = ["gitlab_blocking"]
883
- keywords = [
884
- "npm_",
885
- ]
886
-
887
- [[rules]]
888
- id = "Planetscale password"
889
- description = "Planetscale password"
890
- regex = '''pscale_pw_(?i)[a-z0-9\-_\.]{43}'''
891
- keywords = [
892
- "pscale_pw_",
893
- ]
894
-
895
- [[rules]]
896
- id = "Planetscale API token"
897
- description = "Planetscale API token"
898
- regex = '''pscale_tkn_(?i)[a-z0-9\-_\.]{43}'''
899
- keywords = [
900
- "pscale_tkn_",
901
- ]
902
-
903
- [[rules]]
904
- id = "Postman API token"
905
- description = "Postman API token"
906
- regex = '''PMAK-(?i)[a-f0-9]{24}\-[a-f0-9]{34}'''
907
- keywords = [
908
- "PMAK-",
909
- ]
910
-
911
- [[rules]]
912
- id = "Pulumi API token"
913
- description = "Pulumi API token"
914
- regex = '''pul-[a-f0-9]{40}'''
915
- keywords = [
916
- "pul-",
917
- ]
918
-
919
- [[rules]]
920
- id = "Rubygem API token"
921
- description = "Rubygem API token"
922
- regex = '''rubygems_[a-f0-9]{48}'''
923
- tags = ["gitlab_blocking"]
924
- keywords = [
925
- "rubygems_",
926
- ]
927
-
928
- [[rules]]
929
- id = "Segment Public API token"
930
- description = "Segment Public API token"
931
- regex = '''sgp_[a-zA-Z0-9]{64}'''
932
- tags = ["gitlab_blocking"]
933
- keywords = [
934
- "sgp_",
935
- ]
936
-
937
- [[rules]]
938
- id = "Sendgrid API token"
939
- description = "Sendgrid API token"
940
- regex = '''SG\.(?i)[a-z0-9_\-\.]{66}'''
941
- tags = ["gitlab_blocking"]
942
- keywords = [
943
- "sendgrid",
944
- ]
945
-
946
- [[rules]]
947
- id = "Sendinblue API token"
948
- description = "Sendinblue API token"
949
- regex = '''xkeysib-[a-f0-9]{64}\-(?i)[a-z0-9]{16}'''
950
- keywords = [
951
- "xkeysib-",
952
- ]
953
-
954
- [[rules]]
955
- id = "Sendinblue SMTP token"
956
- description = "Sendinblue SMTP token"
957
- regex = '''xsmtpsib-[a-f0-9]{64}\-(?i)[a-z0-9]{16}'''
958
- keywords = [
959
- "xsmtpsib-",
960
- ]
961
-
962
- [[rules]]
963
- id = "Shippo API token"
964
- description = "Shippo API token"
965
- regex = '''shippo_(live|test)_[a-f0-9]{40}'''
966
- keywords = [
967
- "shippo_",
968
- ]
969
-
970
- [[rules]]
971
- id = "Linkedin Client secret"
972
- description = "Linkedin Client secret"
973
- regex = '''(?i)(linkedin[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z]{16})['\"]'''
974
- secretGroup = 3
975
- keywords = [
976
- "linkedin",
977
- ]
978
-
979
- [[rules]]
980
- id = "Linkedin Client ID"
981
- description = "Linkedin Client ID"
982
- regex = '''(?i)(linkedin[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{14})['\"]'''
983
- secretGroup = 3
984
- keywords = [
985
- "linkedin",
986
- ]
987
-
988
- [[rules]]
989
- id = "Twitch API token"
990
- description = "Twitch API token"
991
- regex = '''(?i)(twitch[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{30})['\"]'''
992
- secretGroup = 3
993
- keywords = [
994
- "twitch",
995
- ]
996
-
997
- [[rules]]
998
- id = "Typeform API token"
999
- description = "Typeform API token"
1000
- regex = '''(?i)(typeform[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}(tfp_[a-z0-9\-_\.=]{59})'''
1001
- secretGroup = 3
1002
- keywords = [
1003
- "typeform",
1004
- ]
1005
-
1006
- [[rules]]
1007
- id = "Yandex.Cloud IAM Cookie v1 - 1"
1008
- description = "Yandex.Cloud IAM Cookie v1"
1009
- regex = '''\bc1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2}['|\"|\n|\r|\s|\x60]'''
1010
- keywords = [
1011
- "yandex",
1012
- ]
1013
-
1014
- [[rules]]
1015
- id = "Yandex.Cloud IAM Cookie v1 - 2"
1016
- description = "Yandex.Cloud IAM Token v1"
1017
- regex = '''\bt1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2}['|\"|\n|\r|\s|\x60]'''
1018
- keywords = [
1019
- "yandex",
1020
- ]
1021
-
1022
- [[rules]]
1023
- id = "Yandex.Cloud IAM Cookie v1 - 3"
1024
- description = "Yandex.Cloud IAM API key v1"
1025
- regex = '''\bAQVN[A-Za-z0-9_\-]{35,38}['|\"|\n|\r|\s|\x60]'''
1026
- keywords = [
1027
- "yandex",
1028
- ]
1029
-
1030
- [[rules]]
1031
- id = "Yandex.Cloud AWS API compatible Access Secret"
1032
- description = "Yandex.Cloud AWS API compatible Access Secret"
1033
- regex = '''\bYC[a-zA-Z0-9_\-]{38}['|\"|\n|\r|\s|\x60]'''
1034
- keywords = [
1035
- "yandex",
1036
- ]
1037
-
1038
- [[rules]]
1039
- id = "Meta access token"
1040
- description = "Meta access token"
1041
- regex = '''\bEA[a-zA-Z0-9]{90,400}['|\"|\n|\r|\s|\x60]'''
1042
- keywords = [
1043
- "EA",
1044
- ]
1045
-
1046
- [[rules]]
1047
- id = "Oculus access token"
1048
- description = "Oculus access token"
1049
- regex = '''\bOC[a-zA-Z0-9]{90,400}['|\"|\n|\r|\s|\x60]'''
1050
- keywords = [
1051
- "OC",
1052
- ]
1053
-
1054
- [[rules]]
1055
- id = "Instagram access token"
1056
- description = "Instagram access token"
1057
- regex = '''\bIG[a-zA-Z0-9]{90,400}['|\"|\n|\r|\s|\x60]'''
1058
- keywords = [
1059
- "IG",
1060
- ]
1061
-
1062
- [[rules]]
1063
- id = "CircleCI access tokens"
1064
- description = "CircleCI access tokens"
1065
- regex = '''\bCCI(?:PAT|PRJ)_[a-zA-Z0-9]{22}_[a-f0-9]{40}'''
1066
- keywords = [
1067
- "CircleCI"
1068
- ]
1069
-
1070
- [[rules]]
1071
- description = "Open AI API key"
1072
- id = "open ai token"
1073
- regex = '''\bsk-[a-zA-Z0-9]{48}\b'''
1074
- keywords = [
1075
- "sk-",
1076
- ]
1077
-
1078
- [[rules]]
1079
- id = "Tailscale key"
1080
- description = "Tailscale keys"
1081
- regex = '''\btskey-\w+-\w+-\w+\b'''
1082
- keywords = [
1083
- "tskey-",
1084
- ]