gitlab-secret_detection 0.8.0 → 0.10.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a05ed2079c4cbdfe4b79681687fa7ac880ba9af384dbf7143374e009eb6e8eac
4
- data.tar.gz: 73f0c96737d1816793c96734541fbe9d1785925fadfa10a622849a74091493f5
3
+ metadata.gz: d8c9973848eb3af18a6877e6d1e9934e69511fb9c41864f4b822791369e97ec0
4
+ data.tar.gz: f3b2679ae7b92b6b926ee2bdbe552bbae3c5ad07670d36d018a812b354fd3a55
5
5
  SHA512:
6
- metadata.gz: 1dd99d867f15ae626ace54f3f30dcc344d4b13d421cbfd61ddefa1afeb6d6f971e6b1700aa789e916eb55d3e76b2b2f956693be42235f28d17b23b9f1ea017bb
7
- data.tar.gz: 3788076e7734be035b63bc64ad59d1d3be1303098cd94d0da27f20bbf4569e5250cbc3f57bb33fd99478c5cdeba214174cef40fd7e095a9f04c12015894dd6d2
6
+ metadata.gz: f5d371430a4c8c6051dadcee41071ac03d5fcd7e39cd726fa6d9ed0f59008813ad3b27efb2ebc185218eeeb15ae747b48a8d053065e64217a55f052505b45174
7
+ data.tar.gz: 807521d0c06bc757eb51dc4536bc335a34fb0606c64b77ad94145dcbb829105a70efef8c606771c0340330f9bb4bb4af00193795165bc38068b6d174614b06d3
data/README.md CHANGED
@@ -42,7 +42,7 @@ the approach:
42
42
  │ ├── core/.. # Secret detection logic (most of it pulled from existing gem)
43
43
  │ └── grpc
44
44
  │ ├── generated/.. # gRPC generated files and secret detection gRPC service
45
- │ ├── client/.. # gRPC client to invoke secret detection service's RPC endpoints
45
+ │ ├── client/.. # gRPC client to invoke secret detection service's RPC endpoints
46
46
  │ └── scanner_service.rb # Secret detection gRPC service implementation
47
47
  ├── examples
48
48
  │ └── sample-client/.. # Sample Ruby RPC client that connects with gRPC server and calls RPC scan
@@ -54,7 +54,8 @@ the approach:
54
54
  ├── spec/.. # Rspec tests and related test helpers
55
55
  ├── gitlab-secret_detection.gemspec # Gemspec file for Ruby Gem
56
56
  ├── Dockerfile # Dockerfile for running gRPC server
57
- └── Makefile # All the CLI commands placed here
57
+ ├── Makefile # All the CLI commands placed here
58
+ └── RULES_VERSION # Current version of secret-detection-rules
58
59
  ```
59
60
 
60
61
  ### Makefile commands
@@ -63,6 +64,7 @@ Usage `make <command>`
63
64
 
64
65
  | Command | Description |
65
66
  |---------------------|---------------------------------------------------------------------------------------------------------------------------------|
67
+ | `install_secret_detection_rules` | Downloads secret-detection-rules based on package version defined in RULES_VERSION |
66
68
  | `install` | Installs ruby gems in the project using Ruby bundler |
67
69
  | `lint_fix` | Fixes all the fixable Rubocop lint offenses |
68
70
  | `gem_clean` | Cleans existing gem file(if any) generated through gem build process |
@@ -75,6 +77,16 @@ Usage `make <command>`
75
77
  | `run_grpc_tests` | Runs RSpec tests for Secret Detection gRPC endpoints |
76
78
  | `run_all_tests` | Runs all the RSpec tests in the project |
77
79
 
80
+
81
+ ## Secret Detection Rules
82
+
83
+ The make target `install_secret_detection_rules` fetches the version of the
84
+ [secret detection rules package](https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-rules/-/packages)
85
+ specified in the `RULES_VERSION` file and extracts the secret_push_protection_rules.toml rule file.
86
+ The command is called when running tests as well as when building the Dockerfile.
87
+ The secret_push_protection_rules.toml file is added to .gitignore to
88
+ avoid checking in changes.
89
+
78
90
  ## Generating a ruby gem
79
91
 
80
92
  In the project directory, run `make gem` command in the terminal that builds a ruby gem(ex: `secret_detection-0.1.0.gem`) in the root of
@@ -8,7 +8,7 @@ module Gitlab
8
8
  module Core
9
9
  class Ruleset
10
10
  # file path where the secrets ruleset file is located
11
- RULESET_FILE_PATH = File.expand_path('gitleaks.toml', __dir__)
11
+ RULESET_FILE_PATH = File.expand_path('secret_push_protection_rules.toml', __dir__)
12
12
 
13
13
  def initialize(path: RULESET_FILE_PATH, logger: Logger.new($stdout))
14
14
  @path = path
@@ -260,6 +260,8 @@ module Gitlab
260
260
  def find_secrets_in_payload(payload:, pattern_matcher:, raw_value_exclusions: [], rule_exclusions: [])
261
261
  findings = []
262
262
 
263
+ payload_offset = payload.respond_to?(:offset) ? payload.offset : 0
264
+
263
265
  payload.data
264
266
  .each_line($INPUT_RECORD_SEPARATOR, chomp: true)
265
267
  .each_with_index do |line, index|
@@ -271,7 +273,11 @@ module Gitlab
271
273
 
272
274
  next if line.empty?
273
275
 
274
- line_no = index + 1
276
+ # If payload offset is given then we will compute absolute line number i.e.,
277
+ # offset + relative_line_number - 1. In this scenario, index is equivalent to relative_line_number - 1.
278
+ # Whereas, when payload offset is not given, we'll set the line number relative to the beginning of the
279
+ # payload. In this scenario it will be index + 1.
280
+ line_no = payload_offset.positive? ? payload_offset + index : index + 1
275
281
 
276
282
  matches = pattern_matcher.match(line, exception: false) # returns indices of matched patterns
277
283
 
@@ -280,7 +286,8 @@ module Gitlab
280
286
 
281
287
  next if rule_exclusions.include?(rule[:id])
282
288
 
283
- findings << Core::Finding.new(payload.id, Core::Status::FOUND, line_no, rule[:id], rule[:description])
289
+ findings << Core::Finding.new(payload.id, Core::Status::FOUND, line_no, rule[:id],
290
+ rule[:description])
284
291
  end
285
292
  end
286
293
 
@@ -5,7 +5,7 @@
5
5
  require 'google/protobuf'
6
6
 
7
7
 
8
- descriptor_data = "\n\x16secret_detection.proto\x12\x17gitlab.secret_detection\"\xfc\x03\n\x0bScanRequest\x12>\n\x08payloads\x18\x01 \x03(\x0b\x32,.gitlab.secret_detection.ScanRequest.Payload\x12\x19\n\x0ctimeout_secs\x18\x02 \x01(\x02H\x00\x88\x01\x01\x12!\n\x14payload_timeout_secs\x18\x03 \x01(\x02H\x01\x88\x01\x01\x12\x42\n\nexclusions\x18\x04 \x03(\x0b\x32..gitlab.secret_detection.ScanRequest.Exclusion\x12\x0c\n\x04tags\x18\x05 \x03(\t\x1a#\n\x07Payload\x12\n\n\x02id\x18\x01 \x01(\t\x12\x0c\n\x04\x64\x61ta\x18\x02 \x01(\t\x1a\x66\n\tExclusion\x12J\n\x0e\x65xclusion_type\x18\x01 \x01(\x0e\x32\x32.gitlab.secret_detection.ScanRequest.ExclusionType\x12\r\n\x05value\x18\x02 \x01(\t\"f\n\rExclusionType\x12\x1e\n\x1a\x45XCLUSION_TYPE_UNSPECIFIED\x10\x00\x12\x17\n\x13\x45XCLUSION_TYPE_RULE\x10\x01\x12\x1c\n\x18\x45XCLUSION_TYPE_RAW_VALUE\x10\x02\x42\x0f\n\r_timeout_secsB\x17\n\x15_payload_timeout_secs\"\xe2\x03\n\x0cScanResponse\x12>\n\x07results\x18\x01 \x03(\x0b\x32-.gitlab.secret_detection.ScanResponse.Finding\x12\x0e\n\x06status\x18\x02 \x01(\x05\x1a\x9d\x01\n\x07\x46inding\x12\x12\n\npayload_id\x18\x01 \x01(\t\x12\x0e\n\x06status\x18\x02 \x01(\x05\x12\x11\n\x04type\x18\x03 \x01(\tH\x00\x88\x01\x01\x12\x18\n\x0b\x64\x65scription\x18\x04 \x01(\tH\x01\x88\x01\x01\x12\x18\n\x0bline_number\x18\x05 \x01(\x05H\x02\x88\x01\x01\x42\x07\n\x05_typeB\x0e\n\x0c_descriptionB\x0e\n\x0c_line_number\"\xe1\x01\n\x06Status\x12\x16\n\x12STATUS_UNSPECIFIED\x10\x00\x12\x10\n\x0cSTATUS_FOUND\x10\x01\x12\x1c\n\x18STATUS_FOUND_WITH_ERRORS\x10\x02\x12\x17\n\x13STATUS_SCAN_TIMEOUT\x10\x03\x12\x1a\n\x16STATUS_PAYLOAD_TIMEOUT\x10\x04\x12\x15\n\x11STATUS_SCAN_ERROR\x10\x05\x12\x16\n\x12STATUS_INPUT_ERROR\x10\x06\x12\x14\n\x10STATUS_NOT_FOUND\x10\x07\x12\x15\n\x11STATUS_AUTH_ERROR\x10\x08\x32\xc1\x01\n\x07Scanner\x12U\n\x04Scan\x12$.gitlab.secret_detection.ScanRequest\x1a%.gitlab.secret_detection.ScanResponse\"\x00\x12_\n\nScanStream\x12$.gitlab.secret_detection.ScanRequest\x1a%.gitlab.secret_detection.ScanResponse\"\x00(\x01\x30\x01\x42 \xea\x02\x1dGitlab::SecretDetection::GRPCb\x06proto3"
8
+ descriptor_data = "\n\x16secret_detection.proto\x12\x17gitlab.secret_detection\"\x9c\x04\n\x0bScanRequest\x12>\n\x08payloads\x18\x01 \x03(\x0b\x32,.gitlab.secret_detection.ScanRequest.Payload\x12\x19\n\x0ctimeout_secs\x18\x02 \x01(\x02H\x00\x88\x01\x01\x12!\n\x14payload_timeout_secs\x18\x03 \x01(\x02H\x01\x88\x01\x01\x12\x42\n\nexclusions\x18\x04 \x03(\x0b\x32..gitlab.secret_detection.ScanRequest.Exclusion\x12\x0c\n\x04tags\x18\x05 \x03(\t\x1a\x43\n\x07Payload\x12\n\n\x02id\x18\x01 \x01(\t\x12\x0c\n\x04\x64\x61ta\x18\x02 \x01(\t\x12\x13\n\x06offset\x18\x03 \x01(\x05H\x00\x88\x01\x01\x42\t\n\x07_offset\x1a\x66\n\tExclusion\x12J\n\x0e\x65xclusion_type\x18\x01 \x01(\x0e\x32\x32.gitlab.secret_detection.ScanRequest.ExclusionType\x12\r\n\x05value\x18\x02 \x01(\t\"f\n\rExclusionType\x12\x1e\n\x1a\x45XCLUSION_TYPE_UNSPECIFIED\x10\x00\x12\x17\n\x13\x45XCLUSION_TYPE_RULE\x10\x01\x12\x1c\n\x18\x45XCLUSION_TYPE_RAW_VALUE\x10\x02\x42\x0f\n\r_timeout_secsB\x17\n\x15_payload_timeout_secs\"\xe2\x03\n\x0cScanResponse\x12>\n\x07results\x18\x01 \x03(\x0b\x32-.gitlab.secret_detection.ScanResponse.Finding\x12\x0e\n\x06status\x18\x02 \x01(\x05\x1a\x9d\x01\n\x07\x46inding\x12\x12\n\npayload_id\x18\x01 \x01(\t\x12\x0e\n\x06status\x18\x02 \x01(\x05\x12\x11\n\x04type\x18\x03 \x01(\tH\x00\x88\x01\x01\x12\x18\n\x0b\x64\x65scription\x18\x04 \x01(\tH\x01\x88\x01\x01\x12\x18\n\x0bline_number\x18\x05 \x01(\x05H\x02\x88\x01\x01\x42\x07\n\x05_typeB\x0e\n\x0c_descriptionB\x0e\n\x0c_line_number\"\xe1\x01\n\x06Status\x12\x16\n\x12STATUS_UNSPECIFIED\x10\x00\x12\x10\n\x0cSTATUS_FOUND\x10\x01\x12\x1c\n\x18STATUS_FOUND_WITH_ERRORS\x10\x02\x12\x17\n\x13STATUS_SCAN_TIMEOUT\x10\x03\x12\x1a\n\x16STATUS_PAYLOAD_TIMEOUT\x10\x04\x12\x15\n\x11STATUS_SCAN_ERROR\x10\x05\x12\x16\n\x12STATUS_INPUT_ERROR\x10\x06\x12\x14\n\x10STATUS_NOT_FOUND\x10\x07\x12\x15\n\x11STATUS_AUTH_ERROR\x10\x08\x32\xc1\x01\n\x07Scanner\x12U\n\x04Scan\x12$.gitlab.secret_detection.ScanRequest\x1a%.gitlab.secret_detection.ScanResponse\"\x00\x12_\n\nScanStream\x12$.gitlab.secret_detection.ScanRequest\x1a%.gitlab.secret_detection.ScanResponse\"\x00(\x01\x30\x01\x42 \xea\x02\x1dGitlab::SecretDetection::GRPCb\x06proto3"
9
9
 
10
10
  pool = Google::Protobuf::DescriptorPool.generated_pool
11
11
  pool.add_serialized_file(descriptor_data)
@@ -12,6 +12,7 @@ message ScanRequest {
12
12
  message Payload {
13
13
  string id = 1;
14
14
  string data = 2;
15
+ optional int32 offset = 3;
15
16
  }
16
17
 
17
18
  // Either provide rule type or a particular value to allow during the scan
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gitlab-secret_detection
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.8.0
4
+ version: 0.10.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - group::secret detection
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2024-10-18 00:00:00.000000000 Z
13
+ date: 2024-11-13 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: grpc
@@ -100,7 +100,6 @@ files:
100
100
  - lib/gitlab/secret_detection.rb
101
101
  - lib/gitlab/secret_detection/core.rb
102
102
  - lib/gitlab/secret_detection/core/finding.rb
103
- - lib/gitlab/secret_detection/core/gitleaks.toml
104
103
  - lib/gitlab/secret_detection/core/response.rb
105
104
  - lib/gitlab/secret_detection/core/ruleset.rb
106
105
  - lib/gitlab/secret_detection/core/scanner.rb
@@ -1,1084 +0,0 @@
1
- # This file contains a subset of rules pulled from the original source file.
2
- # Original Source: https://gitlab.com/gitlab-org/security-products/analyzers/secrets/-/blob/master/gitleaks.toml
3
- # Reference: https://gitlab.com/gitlab-org/gitlab/-/issues/427011
4
- title = "gitleaks config"
5
-
6
- [[rules]]
7
- id = "gitlab_personal_access_token"
8
- description = "GitLab Personal Access Token"
9
- regex = '''\bglpat-[0-9a-zA-Z_\-]{20}\b'''
10
- tags = ["gitlab", "revocation_type", "gitlab_blocking"]
11
- keywords = [
12
- "glpat",
13
- ]
14
-
15
- [[rules]]
16
- id = "gitlab_pipeline_trigger_token"
17
- description = "GitLab Pipeline Trigger Token"
18
- regex = '''\bglptt-[0-9a-zA-Z_\-]{40}\b'''
19
- tags = ["gitlab", "gitlab_blocking"]
20
- keywords = [
21
- "glptt",
22
- ]
23
-
24
- [[rules]]
25
- id = "gitlab_runner_registration_token"
26
- description = "GitLab Runner Registration Token"
27
- regex = '''\bGR1348941[0-9a-zA-Z_\-]{20}\b'''
28
- tags = ["gitlab", "gitlab_blocking"]
29
- keywords = [
30
- "GR1348941",
31
- ]
32
-
33
- [[rules]]
34
- id = "gitlab_runner_auth_token"
35
- description = "GitLab Runner Authentication Token"
36
- regex = '''\bglrt-[0-9a-zA-Z_\-]{20}\b'''
37
- tags = ["gitlab", "gitlab_blocking"]
38
- keywords = [
39
- "glrt",
40
- ]
41
-
42
- [[rules]]
43
- id = "gitlab_feed_token"
44
- description = "GitLab Feed Token"
45
- regex = '''\bfeed_token=[0-9a-zA-Z_\-]{20}\b'''
46
- tags = ["gitlab"]
47
- keywords = [
48
- "feed_token",
49
- ]
50
-
51
- [[rules]]
52
- id = "gitlab_oauth_app_secret"
53
- description = "GitLab OAuth Application Secrets"
54
- regex = '''\bgloas-[0-9a-zA-Z_\-]{64}\b'''
55
- tags = ["gitlab", "gitlab_blocking"]
56
- keywords = [
57
- "gloas",
58
- ]
59
-
60
- [[rules]]
61
- id = "gitlab_feed_token_v2"
62
- description = "GitLab Feed token"
63
- regex = '''\bglft-[0-9a-zA-Z_\-]{20}\b'''
64
- tags = ["gitlab", "gitlab_blocking"]
65
- keywords = [
66
- "glft",
67
- ]
68
-
69
- [[rules]]
70
- id = "gitlab_kubernetes_agent_token"
71
- description = "GitLab Agent for Kubernetes token"
72
- regex = '''\bglagent-[0-9a-zA-Z_\-]{50}\b'''
73
- tags = ["gitlab", "gitlab_blocking"]
74
- keywords = [
75
- "glagent",
76
- ]
77
-
78
- [[rules]]
79
- id = "gitlab_incoming_email_token"
80
- description = "GitLab Incoming email token"
81
- regex = '''\bglimt-[0-9a-zA-Z_\-]{25}\b'''
82
- tags = ["gitlab", "gitlab_blocking"]
83
- keywords = [
84
- "glimt",
85
- ]
86
-
87
- [[rules]]
88
- id = "gitlab_deploy_token"
89
- description = "GitLab Deploy Token"
90
- regex = '''\bgldt-[0-9a-zA-Z_\-]{20}\b'''
91
- tags = ["gitlab"]
92
- keywords = [
93
- "gldt",
94
- ]
95
-
96
- [[rules]]
97
- id = "gitlab_scim_oauth_token"
98
- description = "GitLab SCIM token"
99
- regex = '''\bglsoat-[0-9a-zA-Z_\-]{20}\b'''
100
- tags = ["gitlab"]
101
- keywords = [
102
- "glsoat",
103
- ]
104
-
105
- [[rules]]
106
- id = "gitlab_ci_build_token"
107
- description = "GitLab CI Build (Job) token"
108
- regex = '''\bglcbt-[0-9a-zA-Z]{1,5}_[0-9a-zA-Z_-]{20}\b'''
109
- tags = ["gitlab"]
110
- keywords = [
111
- "glcbt",
112
- ]
113
-
114
- [[rules]]
115
- id = "AWS"
116
- description = "AWS Access Token"
117
- regex = '''\bAKIA[0-9A-Z]{16}\b'''
118
- tags = ["aws", "revocation_type", "gitlab_blocking"]
119
- keywords = [
120
- "AKIA",
121
- ]
122
-
123
- # Cryptographic keys
124
- [[rules]]
125
- id = "PKCS8 private key"
126
- description = "PKCS8 private key"
127
- regex = '''-----BEGIN PRIVATE KEY-----'''
128
- keywords = [
129
- "-----BEGIN PRIVATE KEY-----",
130
- ]
131
-
132
- [[rules]]
133
- id = "RSA private key"
134
- description = "RSA private key"
135
- regex = '''-----BEGIN RSA PRIVATE KEY-----'''
136
- keywords = [
137
- "-----BEGIN RSA PRIVATE KEY-----",
138
- ]
139
-
140
- [[rules]]
141
- id = "SSH private key"
142
- description = "SSH private key"
143
- regex = '''-----BEGIN OPENSSH PRIVATE KEY-----'''
144
- keywords = [
145
- "-----BEGIN OPENSSH PRIVATE KEY-----",
146
- ]
147
-
148
- [[rules]]
149
- id = "PGP private key"
150
- description = "PGP private key"
151
- regex = '''-----BEGIN PGP PRIVATE KEY BLOCK-----'''
152
- keywords = [
153
- "-----BEGIN PGP PRIVATE KEY BLOCK-----",
154
- ]
155
-
156
- [[rules]]
157
- description = "systemd machine-id"
158
- id = "systemd-machine-id"
159
- path = '''^machine-id$'''
160
- regex = '''^[0-9a-f]{32}\n$'''
161
- entropy = 3.5
162
-
163
- [[rules]]
164
- id = "Github Personal Access Token"
165
- description = "Github Personal Access Token"
166
- regex = '''ghp_[0-9a-zA-Z]{36}'''
167
- tags = ["gitlab_blocking"]
168
- keywords = [
169
- "ghp_",
170
- ]
171
-
172
- [[rules]]
173
- id = "Github OAuth Access Token"
174
- description = "Github OAuth Access Token"
175
- regex = '''gho_[0-9a-zA-Z]{36}'''
176
- tags = ["gitlab_blocking"]
177
- keywords = [
178
- "gho_",
179
- ]
180
-
181
- [[rules]]
182
- id = "SSH (DSA) private key"
183
- description = "SSH (DSA) private key"
184
- regex = '''-----BEGIN DSA PRIVATE KEY-----'''
185
- keywords = [
186
- "-----BEGIN DSA PRIVATE KEY-----",
187
- ]
188
-
189
- [[rules]]
190
- id = "SSH (EC) private key"
191
- description = "SSH (EC) private key"
192
- regex = '''-----BEGIN EC PRIVATE KEY-----'''
193
- keywords = [
194
- "-----BEGIN EC PRIVATE KEY-----",
195
- ]
196
-
197
-
198
- [[rules]]
199
- id = "Github App Token"
200
- description = "Github App Token"
201
- regex = '''(ghu|ghs)_[0-9a-zA-Z]{36}'''
202
- tags = ["gitlab_blocking"]
203
- keywords = [
204
- "ghu_",
205
- "ghs_"
206
- ]
207
-
208
- [[rules]]
209
- id = "Github Refresh Token"
210
- description = "Github Refresh Token"
211
- regex = '''ghr_[0-9a-zA-Z]{76}'''
212
- tags = ["gitlab_blocking"]
213
- keywords = [
214
- "ghr_"
215
- ]
216
-
217
- [[rules]]
218
- id = "Shopify shared secret"
219
- description = "Shopify shared secret"
220
- regex = '''shpss_[a-fA-F0-9]{32}'''
221
- tags = ["gitlab_blocking"]
222
- keywords = [
223
- "shpss_"
224
- ]
225
-
226
- [[rules]]
227
- id = "Shopify access token"
228
- description = "Shopify access token"
229
- regex = '''shpat_[a-fA-F0-9]{32}'''
230
- tags = ["gitlab_blocking"]
231
- keywords = [
232
- "shpat_"
233
- ]
234
-
235
- [[rules]]
236
- id = "Shopify custom app access token"
237
- description = "Shopify custom app access token"
238
- regex = '''shpca_[a-fA-F0-9]{32}'''
239
- tags = ["gitlab_blocking"]
240
- keywords = [
241
- "shpca_"
242
- ]
243
-
244
- [[rules]]
245
- id = "Shopify private app access token"
246
- description = "Shopify private app access token"
247
- regex = '''shppa_[a-fA-F0-9]{32}'''
248
- tags = ["gitlab_blocking"]
249
- keywords = [
250
- "shppa_"
251
- ]
252
-
253
- [[rules]]
254
- id = "Slack token"
255
- description = "Slack token"
256
- regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})'''
257
- tags = ["gitlab_blocking"]
258
- keywords = [
259
- "xoxb",
260
- "xoxa",
261
- "xoxp",
262
- "xoxr",
263
- "xoxs",
264
- ]
265
-
266
- [[rules]]
267
- id = "Stripe"
268
- description = "Stripe"
269
- regex = '''(?i)(sk|pk)_(test|live)_[0-9a-z]{10,32}'''
270
- tags = ["gitlab_blocking"]
271
- keywords = [
272
- "sk_test",
273
- "pk_test",
274
- "sk_live",
275
- "pk_live",
276
- ]
277
-
278
- [[rules]]
279
- id = "PyPI upload token"
280
- description = "PyPI upload token"
281
- regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}'''
282
- tags = ["pypi", "revocation_type", "gitlab_blocking"]
283
- keywords = [
284
- "pypi-AgEIcHlwaS5vcmc",
285
- ]
286
-
287
- [[rules]]
288
- id = "Google (GCP) Service-account"
289
- description = "Google (GCP) Service-account"
290
- tags = ["gitlab_partner_token", "revocation_type", "gitlab_blocking"]
291
- regex = '''\"private_key\":\s*\"-{5}BEGIN PRIVATE KEY-{5}[\s\S]*?",'''
292
- keywords = [
293
- "service_account",
294
- ]
295
-
296
- [[rules]]
297
- id = "GCP API key"
298
- description = "GCP API keys can be misused to gain API quota from billed projects"
299
- regex = '''(?i)\b(AIza[0-9A-Za-z-_]{35})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
300
- secretGroup = 1
301
- tags = ["gitlab_partner_token", "revocation_type", "gitlab_blocking"]
302
- keywords = [
303
- "AIza",
304
- ]
305
-
306
- [[rules]]
307
- id = "GCP OAuth client secret"
308
- description = "GCP OAuth client secrets can be misused to spoof your application"
309
- tags = ["gitlab_partner_token", "revocation_type", "gitlab_blocking"]
310
- regex = '''GOCSPX-[a-zA-Z0-9_-]{28}'''
311
- keywords = [
312
- "GOCSPX-",
313
- ]
314
-
315
- [[rules]]
316
- # demo of this regex not matching passwords in urls that contain env vars:
317
- # https://regex101.com/r/rT9Lv9/6
318
- id = "Password in URL"
319
- description = "Password in URL"
320
- regex = '''[a-zA-Z]{3,10}:\/\/[^$][^:@\/\n]{3,20}:[^$][^:@\n\/]{3,40}@.{1,100}'''
321
-
322
-
323
- [[rules]]
324
- id = "Heroku API Key"
325
- description = "Heroku API Key"
326
- regex = '''(?i)(?:heroku)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})(?:['|\"|\n|\r|\s|\x60]|$)'''
327
- secretGroup = 1
328
- keywords = [
329
- "heroku",
330
- ]
331
-
332
- [[rules]]
333
- id = "Slack Webhook"
334
- description = "Slack Webhook"
335
- regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8,12}/[a-zA-Z0-9_]{24}'''
336
- keywords = [
337
- "https://hooks.slack.com/services",
338
- ]
339
-
340
- [[rules]]
341
- id = "Twilio API Key"
342
- description = "Twilio API Key"
343
- regex = '''SK[0-9a-fA-F]{32}'''
344
- keywords = [
345
- "SK",
346
- "twilio"
347
- ]
348
-
349
- [[rules]]
350
- id = "Age secret key"
351
- description = "Age secret key"
352
- regex = '''AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}'''
353
- keywords = [
354
- "AGE-SECRET-KEY-1",
355
- ]
356
-
357
- [[rules]]
358
- id = "Facebook token"
359
- description = "Facebook token"
360
- regex = '''(?i)(facebook[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32})['\"]'''
361
- secretGroup = 3
362
- keywords = [
363
- "facebook",
364
- ]
365
-
366
- [[rules]]
367
- id = "Twitter token"
368
- description = "Twitter token"
369
- regex = '''(?i)(twitter[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{35,44})['\"]'''
370
- secretGroup = 3
371
- keywords = [
372
- "twitter",
373
- ]
374
-
375
- [[rules]]
376
- id = "Adobe Client ID (Oauth Web)"
377
- description = "Adobe Client ID (Oauth Web)"
378
- regex = '''(?i)(adobe[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32})['\"]'''
379
- secretGroup = 3
380
- keywords = [
381
- "adobe",
382
- ]
383
-
384
- [[rules]]
385
- id = "Adobe Client Secret"
386
- description = "Adobe Client Secret"
387
- regex = '''(p8e-)(?i)[a-z0-9]{32}'''
388
- keywords = [
389
- "adobe",
390
- "p8e-,"
391
- ]
392
-
393
- [[rules]]
394
- id = "Alibaba AccessKey ID"
395
- description = "Alibaba AccessKey ID"
396
- regex = '''(LTAI)(?i)[a-z0-9]{20}'''
397
- keywords = [
398
- "LTAI",
399
- ]
400
-
401
- [[rules]]
402
- id = "Alibaba Secret Key"
403
- description = "Alibaba Secret Key"
404
- regex = '''(?i)(alibaba[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{30})['\"]'''
405
- secretGroup = 3
406
- keywords = [
407
- "alibaba",
408
- ]
409
-
410
- [[rules]]
411
- id = "Asana Client ID"
412
- description = "Asana Client ID"
413
- regex = '''(?i)(asana[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9]{16})['\"]'''
414
- secretGroup = 3
415
- keywords = [
416
- "asana",
417
- ]
418
-
419
- [[rules]]
420
- id = "Asana Client Secret"
421
- description = "Asana Client Secret"
422
- regex = '''(?i)(asana[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{32})['\"]'''
423
- secretGroup = 3
424
- keywords = [
425
- "asana",
426
- ]
427
-
428
- [[rules]]
429
- id = "Atlassian API token"
430
- description = "Atlassian API token"
431
- regex = '''(?i)(atlassian[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{24})['\"]'''
432
- secretGroup = 3
433
- keywords = [
434
- "atlassian",
435
- ]
436
-
437
- [[rules]]
438
- id = "Bitbucket client ID"
439
- description = "Bitbucket client ID"
440
- regex = '''(?i)(bitbucket[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{32})['\"]'''
441
- secretGroup = 3
442
- keywords = [
443
- "bitbucket",
444
- ]
445
-
446
- [[rules]]
447
- id = "Bitbucket client secret"
448
- description = "Bitbucket client secret"
449
- regex = '''(?i)(bitbucket[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9_\-]{64})['\"]'''
450
- secretGroup = 3
451
- keywords = [
452
- "bitbucket",
453
- ]
454
-
455
- [[rules]]
456
- id = "Beamer API token"
457
- description = "Beamer API token"
458
- regex = '''(?i)(beamer[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](b_[a-z0-9=_\-]{44})['\"]'''
459
- secretGroup = 3
460
- keywords = [
461
- "beamer",
462
- ]
463
-
464
- [[rules]]
465
- id = "Clojars API token"
466
- description = "Clojars API token"
467
- regex = '''(CLOJARS_)(?i)[a-z0-9]{60}'''
468
- keywords = [
469
- "CLOJARS_",
470
- ]
471
-
472
- [[rules]]
473
- id = "Contentful delivery API token"
474
- description = "Contentful delivery API token"
475
- regex = '''(?i)(contentful[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9\-=_]{43})['\"]'''
476
- secretGroup = 3
477
- keywords = [
478
- "contentful",
479
- ]
480
-
481
- [[rules]]
482
- id = "Contentful preview API token"
483
- description = "Contentful preview API token"
484
- regex = '''(?i)(contentful[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9\-=_]{43})['\"]'''
485
- secretGroup = 3
486
- keywords = [
487
- "contentful",
488
- ]
489
-
490
- [[rules]]
491
- id = "Databricks API token"
492
- description = "Databricks API token"
493
- regex = '''dapi[a-h0-9]{32}'''
494
- keywords = [
495
- "dapi",
496
- "databricks"
497
- ]
498
-
499
- [[rules]]
500
- description = "DigitalOcean OAuth Access Token"
501
- id = "digitalocean-access-token"
502
- regex = '''(?i)\b(doo_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
503
- secretGroup = 1
504
- keywords = [
505
- "doo_v1_",
506
- ]
507
-
508
- [[rules]]
509
- description = "DigitalOcean Personal Access Token"
510
- id = "digitalocean-pat"
511
- regex = '''(?i)\b(dop_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
512
- secretGroup = 1
513
- keywords = [
514
- "dop_v1_",
515
- ]
516
-
517
- [[rules]]
518
- description = "DigitalOcean OAuth Refresh Token"
519
- id = "digitalocean-refresh-token"
520
- regex = '''(?i)\b(dor_v1_[a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
521
- secretGroup = 1
522
- keywords = [
523
- "dor_v1_",
524
- ]
525
-
526
- [[rules]]
527
- id = "Discord API key"
528
- description = "Discord API key"
529
- regex = '''(?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{64})['\"]'''
530
- secretGroup = 3
531
- keywords = [
532
- "discord",
533
- ]
534
-
535
- [[rules]]
536
- id = "Discord client ID"
537
- description = "Discord client ID"
538
- regex = '''(?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9]{18})['\"]'''
539
- secretGroup = 3
540
- keywords = [
541
- "discord",
542
- ]
543
-
544
- [[rules]]
545
- id = "Discord client secret"
546
- description = "Discord client secret"
547
- regex = '''(?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9=_\-]{32})['\"]'''
548
- secretGroup = 3
549
- keywords = [
550
- "discord",
551
- ]
552
-
553
- [[rules]]
554
- id = "Doppler API token"
555
- description = "Doppler API token"
556
- regex = '''['\"](dp\.pt\.)(?i)[a-z0-9]{43}['\"]'''
557
- keywords = [
558
- "doppler",
559
- ]
560
-
561
- [[rules]]
562
- id = "Dropbox API secret/key"
563
- description = "Dropbox API secret/key"
564
- regex = '''(?i)(dropbox[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{15})['\"]'''
565
- keywords = [
566
- "dropbox",
567
- ]
568
-
569
- [[rules]]
570
- id = "Dropbox short lived API token"
571
- description = "Dropbox short lived API token"
572
- regex = '''(?i)(dropbox[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](sl\.[a-z0-9\-=_]{135})['\"]'''
573
- keywords = [
574
- "dropbox",
575
- ]
576
-
577
- [[rules]]
578
- id = "Dropbox long lived API token"
579
- description = "Dropbox long lived API token"
580
- regex = '''(?i)(dropbox[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"][a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\-_=]{43}['\"]'''
581
- keywords = [
582
- "dropbox",
583
- ]
584
-
585
- [[rules]]
586
- id = "Duffel API token"
587
- description = "Duffel API token"
588
- regex = '''['\"]duffel_(test|live)_(?i)[a-z0-9_-]{43}['\"]'''
589
- keywords = [
590
- "duffel",
591
- ]
592
-
593
- [[rules]]
594
- id = "Dynatrace API token"
595
- description = "Dynatrace API token"
596
- regex = '''['\"]dt0c01\.(?i)[a-z0-9]{24}\.[a-z0-9]{64}['\"]'''
597
- keywords = [
598
- "dt0c01",
599
- ]
600
-
601
- [[rules]]
602
- id = "EasyPost API token"
603
- description = "EasyPost API token"
604
- regex = '''['\"]EZAK(?i)[a-z0-9]{54}['\"]'''
605
- keywords = [
606
- "EZAK",
607
- ]
608
-
609
-
610
- [[rules]]
611
- id = "EasyPost test API token"
612
- description = "EasyPost test API token"
613
- regex = '''['\"]EZTK(?i)[a-z0-9]{54}['\"]'''
614
- keywords = [
615
- "EZTK",
616
- ]
617
-
618
- [[rules]]
619
- id = "Fastly API token"
620
- description = "Fastly API token"
621
- regex = '''(?i)(fastly[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9\-=_]{32})['\"]'''
622
- secretGroup = 3
623
- keywords = [
624
- "fastly",
625
- ]
626
-
627
- [[rules]]
628
- id = "Finicity client secret"
629
- description = "Finicity client secret"
630
- regex = '''(?i)(finicity[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{20})['\"]'''
631
- secretGroup = 3
632
- keywords = [
633
- "finicity",
634
- ]
635
-
636
- [[rules]]
637
- id = "Finicity API token"
638
- description = "Finicity API token"
639
- regex = '''(?i)(finicity[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32})['\"]'''
640
- secretGroup = 3
641
- keywords = [
642
- "finicity",
643
- ]
644
-
645
- [[rules]]
646
- id = "Flutterwave public key"
647
- description = "Flutterwave public key"
648
- regex = '''FLWPUBK_TEST-(?i)[a-h0-9]{32}-X'''
649
- keywords = [
650
- "FLWPUBK_TEST",
651
- ]
652
-
653
- [[rules]]
654
- id = "Flutterwave secret key"
655
- description = "Flutterwave secret key"
656
- regex = '''FLWSECK_TEST-(?i)[a-h0-9]{32}-X'''
657
- keywords = [
658
- "FLWSECK_TEST",
659
- ]
660
-
661
- [[rules]]
662
- id = "Flutterwave encrypted key"
663
- description = "Flutterwave encrypted key"
664
- regex = '''FLWSECK_TEST[a-h0-9]{12}'''
665
- keywords = [
666
- "FLWSECK_TEST",
667
- ]
668
-
669
- [[rules]]
670
- id = "Frame.io API token"
671
- description = "Frame.io API token"
672
- regex = '''fio-u-(?i)[a-z0-9-_=]{64}'''
673
- keywords = [
674
- "fio-u-",
675
- ]
676
-
677
- [[rules]]
678
- id = "GoCardless API token"
679
- description = "GoCardless API token"
680
- regex = '''['\"]live_(?i)[a-z0-9-_=]{40}['\"]'''
681
- keywords = [
682
- "gocardless",
683
- ]
684
-
685
- [[rules]]
686
- id = "Grafana API token"
687
- description = "Grafana API token"
688
- regex = '''['\"]eyJrIjoi(?i)[a-z0-9-_=]{72,92}['\"]'''
689
- tags = ["gitlab_blocking"]
690
- keywords = [
691
- "grafana",
692
- ]
693
-
694
- [[rules]]
695
- id = "Hashicorp Terraform user/org API token"
696
- description = "Hashicorp Terraform user/org API token"
697
- regex = '''['\"](?i)[a-z0-9]{14}\.atlasv1\.[a-z0-9-_=]{60,70}['\"]'''
698
- tags = ["gitlab_blocking"]
699
- keywords = [
700
- "atlasv1",
701
- "hashicorp",
702
- "terraform"
703
- ]
704
-
705
- [[rules]]
706
- id = "Hashicorp Vault batch token"
707
- description = "Hashicorp Vault batch token"
708
- regex = '''b\.AAAAAQ[0-9a-zA-Z_-]{156}'''
709
- tags = ["gitlab_blocking"]
710
- keywords = [
711
- "hashicorp",
712
- "AAAAAQ",
713
- "vault"
714
- ]
715
-
716
- [[rules]]
717
- id = "Hubspot API token"
718
- description = "Hubspot API token"
719
- regex = '''(?i)(hubspot[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\"]'''
720
- secretGroup = 3
721
- keywords = [
722
- "hubspot",
723
- ]
724
-
725
- [[rules]]
726
- id = "Intercom API token"
727
- description = "Intercom API token"
728
- regex = '''(?i)(intercom[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9=_]{60})['\"]'''
729
- secretGroup = 3
730
- keywords = [
731
- "intercom",
732
- ]
733
-
734
- [[rules]]
735
- id = "Intercom client secret/ID"
736
- description = "Intercom client secret/ID"
737
- regex = '''(?i)(intercom[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\"]'''
738
- secretGroup = 3
739
- keywords = [
740
- "intercom",
741
- ]
742
-
743
- [[rules]]
744
- id = "Ionic API token"
745
- description = "Ionic API token"
746
- regex = '''\bion_(?i)[a-z0-9]{42}\b'''
747
- keywords = [
748
- "ion_",
749
- ]
750
-
751
- [[rules]]
752
- id = "Linear API token"
753
- description = "Linear API token"
754
- regex = '''lin_api_(?i)[a-z0-9]{40}'''
755
- keywords = [
756
- "lin_api_",
757
- ]
758
-
759
- [[rules]]
760
- id = "Linear client secret/ID"
761
- description = "Linear client secret/ID"
762
- regex = '''(?i)(linear[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32})['\"]'''
763
- secretGroup = 3
764
- keywords = [
765
- "linear",
766
- ]
767
-
768
- [[rules]]
769
- id = "Lob API Key"
770
- description = "Lob API Key"
771
- regex = '''(?i)(lob[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]((live|test)_[a-f0-9]{35})['\"]'''
772
- secretGroup = 3
773
- keywords = [
774
- "lob",
775
- ]
776
-
777
- [[rules]]
778
- id = "Lob Publishable API Key"
779
- description = "Lob Publishable API Key"
780
- regex = '''(?i)(lob[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]((test|live)_pub_[a-f0-9]{31})['\"]'''
781
- secretGroup = 3
782
- keywords = [
783
- "lob",
784
- ]
785
-
786
- [[rules]]
787
- id = "Mailchimp API key"
788
- description = "Mailchimp API key"
789
- regex = '''(?i)(mailchimp[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32}-us20)['\"]'''
790
- secretGroup = 3
791
- tags = ["gitlab_blocking"]
792
- keywords = [
793
- "mailchimp",
794
- ]
795
-
796
- [[rules]]
797
- id = "Mailgun private API token"
798
- description = "Mailgun private API token"
799
- regex = '''(?i)(mailgun[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](key-[a-f0-9]{32})['\"]'''
800
- secretGroup = 3
801
- tags = ["gitlab_blocking"]
802
- keywords = [
803
- "mailgun",
804
- ]
805
-
806
- [[rules]]
807
- id = "Mailgun public validation key"
808
- description = "Mailgun public validation key"
809
- regex = '''(?i)(mailgun[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](pubkey-[a-f0-9]{32})['\"]'''
810
- secretGroup = 3
811
- keywords = [
812
- "mailgun",
813
- ]
814
-
815
- [[rules]]
816
- id = "Mailgun webhook signing key"
817
- description = "Mailgun webhook signing key"
818
- regex = '''(?i)(mailgun[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})['\"]'''
819
- secretGroup = 3
820
- tags = ["gitlab_blocking"]
821
- keywords = [
822
- "mailgun",
823
- ]
824
-
825
- [[rules]]
826
- id = "Mapbox API token"
827
- description = "Mapbox API token"
828
- regex = '''(?i)(pk\.[a-z0-9]{60}\.[a-z0-9]{22})'''
829
- keywords = [
830
- "mapbox",
831
- ]
832
-
833
- [[rules]]
834
- id = "messagebird-api-token"
835
- description = "MessageBird API token"
836
- regex = '''(?i)(messagebird[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{25})['\"]'''
837
- secretGroup = 3
838
- keywords = [
839
- "messagebird",
840
- ]
841
-
842
- [[rules]]
843
- id = "MessageBird API client ID"
844
- description = "MessageBird API client ID"
845
- regex = '''(?i)(messagebird[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\"]'''
846
- secretGroup = 3
847
- keywords = [
848
- "messagebird",
849
- ]
850
-
851
- [[rules]]
852
- id = "New Relic user API Key"
853
- description = "New Relic user API Key"
854
- regex = '''['\"](NRAK-[A-Z0-9]{27})['\"]'''
855
- tags = ["gitlab_blocking"]
856
- keywords = [
857
- "NRAK",
858
- ]
859
-
860
- [[rules]]
861
- id = "New Relic user API ID"
862
- description = "New Relic user API ID"
863
- regex = '''(?i)(newrelic[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([A-Z0-9]{64})['\"]'''
864
- secretGroup = 3
865
- tags = ["gitlab_blocking"]
866
- keywords = [
867
- "newrelic",
868
- ]
869
-
870
- [[rules]]
871
- id = "New Relic ingest browser API token"
872
- description = "New Relic ingest browser API token"
873
- regex = '''['\"](NRJS-[a-f0-9]{19})['\"]'''
874
- keywords = [
875
- "NRJS",
876
- ]
877
-
878
- [[rules]]
879
- id = "npm access token"
880
- description = "npm access token"
881
- regex = '''['\"](npm_(?i)[a-z0-9]{36})['\"]'''
882
- tags = ["gitlab_blocking"]
883
- keywords = [
884
- "npm_",
885
- ]
886
-
887
- [[rules]]
888
- id = "Planetscale password"
889
- description = "Planetscale password"
890
- regex = '''pscale_pw_(?i)[a-z0-9\-_\.]{43}'''
891
- keywords = [
892
- "pscale_pw_",
893
- ]
894
-
895
- [[rules]]
896
- id = "Planetscale API token"
897
- description = "Planetscale API token"
898
- regex = '''pscale_tkn_(?i)[a-z0-9\-_\.]{43}'''
899
- keywords = [
900
- "pscale_tkn_",
901
- ]
902
-
903
- [[rules]]
904
- id = "Postman API token"
905
- description = "Postman API token"
906
- regex = '''PMAK-(?i)[a-f0-9]{24}\-[a-f0-9]{34}'''
907
- keywords = [
908
- "PMAK-",
909
- ]
910
-
911
- [[rules]]
912
- id = "Pulumi API token"
913
- description = "Pulumi API token"
914
- regex = '''pul-[a-f0-9]{40}'''
915
- keywords = [
916
- "pul-",
917
- ]
918
-
919
- [[rules]]
920
- id = "Rubygem API token"
921
- description = "Rubygem API token"
922
- regex = '''rubygems_[a-f0-9]{48}'''
923
- tags = ["gitlab_blocking"]
924
- keywords = [
925
- "rubygems_",
926
- ]
927
-
928
- [[rules]]
929
- id = "Segment Public API token"
930
- description = "Segment Public API token"
931
- regex = '''sgp_[a-zA-Z0-9]{64}'''
932
- tags = ["gitlab_blocking"]
933
- keywords = [
934
- "sgp_",
935
- ]
936
-
937
- [[rules]]
938
- id = "Sendgrid API token"
939
- description = "Sendgrid API token"
940
- regex = '''SG\.(?i)[a-z0-9_\-\.]{66}'''
941
- tags = ["gitlab_blocking"]
942
- keywords = [
943
- "sendgrid",
944
- ]
945
-
946
- [[rules]]
947
- id = "Sendinblue API token"
948
- description = "Sendinblue API token"
949
- regex = '''xkeysib-[a-f0-9]{64}\-(?i)[a-z0-9]{16}'''
950
- keywords = [
951
- "xkeysib-",
952
- ]
953
-
954
- [[rules]]
955
- id = "Sendinblue SMTP token"
956
- description = "Sendinblue SMTP token"
957
- regex = '''xsmtpsib-[a-f0-9]{64}\-(?i)[a-z0-9]{16}'''
958
- keywords = [
959
- "xsmtpsib-",
960
- ]
961
-
962
- [[rules]]
963
- id = "Shippo API token"
964
- description = "Shippo API token"
965
- regex = '''shippo_(live|test)_[a-f0-9]{40}'''
966
- keywords = [
967
- "shippo_",
968
- ]
969
-
970
- [[rules]]
971
- id = "Linkedin Client secret"
972
- description = "Linkedin Client secret"
973
- regex = '''(?i)(linkedin[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z]{16})['\"]'''
974
- secretGroup = 3
975
- keywords = [
976
- "linkedin",
977
- ]
978
-
979
- [[rules]]
980
- id = "Linkedin Client ID"
981
- description = "Linkedin Client ID"
982
- regex = '''(?i)(linkedin[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{14})['\"]'''
983
- secretGroup = 3
984
- keywords = [
985
- "linkedin",
986
- ]
987
-
988
- [[rules]]
989
- id = "Twitch API token"
990
- description = "Twitch API token"
991
- regex = '''(?i)(twitch[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{30})['\"]'''
992
- secretGroup = 3
993
- keywords = [
994
- "twitch",
995
- ]
996
-
997
- [[rules]]
998
- id = "Typeform API token"
999
- description = "Typeform API token"
1000
- regex = '''(?i)(typeform[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}(tfp_[a-z0-9\-_\.=]{59})'''
1001
- secretGroup = 3
1002
- keywords = [
1003
- "typeform",
1004
- ]
1005
-
1006
- [[rules]]
1007
- id = "Yandex.Cloud IAM Cookie v1 - 1"
1008
- description = "Yandex.Cloud IAM Cookie v1"
1009
- regex = '''\bc1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2}['|\"|\n|\r|\s|\x60]'''
1010
- keywords = [
1011
- "yandex",
1012
- ]
1013
-
1014
- [[rules]]
1015
- id = "Yandex.Cloud IAM Cookie v1 - 2"
1016
- description = "Yandex.Cloud IAM Token v1"
1017
- regex = '''\bt1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2}['|\"|\n|\r|\s|\x60]'''
1018
- keywords = [
1019
- "yandex",
1020
- ]
1021
-
1022
- [[rules]]
1023
- id = "Yandex.Cloud IAM Cookie v1 - 3"
1024
- description = "Yandex.Cloud IAM API key v1"
1025
- regex = '''\bAQVN[A-Za-z0-9_\-]{35,38}['|\"|\n|\r|\s|\x60]'''
1026
- keywords = [
1027
- "yandex",
1028
- ]
1029
-
1030
- [[rules]]
1031
- id = "Yandex.Cloud AWS API compatible Access Secret"
1032
- description = "Yandex.Cloud AWS API compatible Access Secret"
1033
- regex = '''\bYC[a-zA-Z0-9_\-]{38}['|\"|\n|\r|\s|\x60]'''
1034
- keywords = [
1035
- "yandex",
1036
- ]
1037
-
1038
- [[rules]]
1039
- id = "Meta access token"
1040
- description = "Meta access token"
1041
- regex = '''\bEA[a-zA-Z0-9]{90,400}['|\"|\n|\r|\s|\x60]'''
1042
- keywords = [
1043
- "EA",
1044
- ]
1045
-
1046
- [[rules]]
1047
- id = "Oculus access token"
1048
- description = "Oculus access token"
1049
- regex = '''\bOC[a-zA-Z0-9]{90,400}['|\"|\n|\r|\s|\x60]'''
1050
- keywords = [
1051
- "OC",
1052
- ]
1053
-
1054
- [[rules]]
1055
- id = "Instagram access token"
1056
- description = "Instagram access token"
1057
- regex = '''\bIG[a-zA-Z0-9]{90,400}['|\"|\n|\r|\s|\x60]'''
1058
- keywords = [
1059
- "IG",
1060
- ]
1061
-
1062
- [[rules]]
1063
- id = "CircleCI access tokens"
1064
- description = "CircleCI access tokens"
1065
- regex = '''\bCCI(?:PAT|PRJ)_[a-zA-Z0-9]{22}_[a-f0-9]{40}'''
1066
- keywords = [
1067
- "CircleCI"
1068
- ]
1069
-
1070
- [[rules]]
1071
- description = "Open AI API key"
1072
- id = "open ai token"
1073
- regex = '''\bsk-[a-zA-Z0-9]{48}\b'''
1074
- keywords = [
1075
- "sk-",
1076
- ]
1077
-
1078
- [[rules]]
1079
- id = "Tailscale key"
1080
- description = "Tailscale keys"
1081
- regex = '''\btskey-\w+-\w+-\w+\b'''
1082
- keywords = [
1083
- "tskey-",
1084
- ]