@aikidosec/mcp 0.0.1 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. package/LICENSE +674 -0
  2. package/README.dev.md +46 -0
  3. package/README.md +82 -2
  4. package/dist/assets/gitleaks.aikido.toml +1668 -0
  5. package/dist/assets/gitleaks_linux_arm64 +0 -0
  6. package/dist/assets/gitleaks_linux_x32 +0 -0
  7. package/dist/assets/gitleaks_linux_x64 +0 -0
  8. package/dist/assets/gitleaks_mac_arm64 +0 -0
  9. package/dist/assets/gitleaks_mac_x64 +0 -0
  10. package/dist/assets/gitleaks_win_arm64.exe +0 -0
  11. package/dist/assets/gitleaks_win_x32.exe +0 -0
  12. package/dist/assets/gitleaks_win_x64.exe +0 -0
  13. package/dist/index.js +458 -0
  14. package/package.json +41 -5
package/dist/assets/gitleaks.aikido.toml ADDED
@@ -0,0 +1,1668 @@
1
+ [extend]
2
+ # useDefault will extend the base configuration with the default gitleaks config:
3
+ # https://github.com/zricethezav/gitleaks/blob/master/config/gitleaks.toml
4
+ useDefault = true
5
+
6
+ # Aikido girleaks rules
7
+ [[rules]]
8
+ id = "json_in_base64"
9
+ description = "Base64 encoded JSON with password field"
10
+ #
11
+ # base64('"password"') == 'InBhc3N3b3JkI'.
12
+ # as encoding depends on index of first letter (mod 3) we provide 3 strings
13
+ # base64('_"password"') ~= JwYXNzd29yZC
14
+ # base64('__"password"') ~= icGFzc3dvcmQi
15
+ #
16
+ regex = '''(?:InBhc3N3b3JkI|JwYXNzd29yZC|icGFzc3dvcmQi)'''
17
+ keywords = [
18
+ "InBhc3N3b3JkI",
19
+ "JwYXNzd29yZC",
20
+ "icGFzc3dvcmQi"
21
+ ]
22
+
23
+
24
+
25
+
26
+ [[rules]]
27
+ # note that the regex has been adjusted to also allow special chars in the password
28
+ # it has a lower entropy than the normal one, so we will catch a lot more cases. That said, we can be more agressive on the allowlist regex
29
+ id = "generic-api-key-sensitive"
30
+ description = "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."
31
+ regex = '''(?i)(?:key-password|key_password|privatekey|apikey|api.key|api-key|api-pass|apim-subscription-key|apimsubscriptionkey|access.token|access-token|access_token|accesstoken|api-token|api_token|jira_token|intercom_token|heroku_token|authentication_token|authorization-token|authorization.token|authorizationtoken|authtoken|apitoken|api.test.token|api.token|apitoken|api_auth_token|grant_token|token_key|tokenkey|tokenprod|tokenauthorization|api_rest_token|secret|client.secret|client-secret|client_secret|clientsecret|passwd|password|authheader|authentication|authkey|auth_key|auth_secret|auth_credential|auth_encryption_key|auth_token|auth-token|authtoken|auth_jwt_secret|auth_passphrase|auth_readwrite|auth_token|auth_apikeys|auth_access_token|auth.token|authkey|authorization_token|authorization.token|authorizationtoken|authorizationkey|authsecret|auth.secret|authtoken|oauth_consumer_key|auth.secret|auth.encryption.key|access.key|access-token|access_key|access_token|accesscode|accesskey|accesstoken|accesskey|password.confirmation|password_confirmation|access_token_salt|auth_token_expiration|passwordanswer)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=|,)(?:'|\"|\s|=|\x60){0,5}([0-9a-z\-_.=@#$%^&*<>!]{10,150})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
32
+ entropy = 3.1
33
+ keywords = [
34
+ "key","api","token","secret","client","passwd","password","auth","access",
35
+ ]
36
+
37
+ [rules.allowlist]
38
+
39
+ regexTarget = "line"
40
+
41
+ # we dont want stuff like 'author' or 'author_email' to trigger the 'auth' regex above
42
+ regexes = [
43
+ '''(?i)(email|author|keytoken|keyword|func|id:|id=|_id|api-version|apiid|apiname|keycode|authnumber|accession|apig|auth-next|key.type|apikeyid|api-services|auth-sdk|apis|keyid|apital|auth0-web|date|region|symbol|display|reference|key_from|key_to|button|agent|society|api-user|domain|user_id|role|first|item|drive|nonce|return|keylines|keypath|again|hash|icon|keep|id.=|access-error|access_ids|access.reg_add|access.r|access_cond|access_iter|access_r|access_pip|access_title|accessat|access_error|accessed.from|accesskey|accessible|accessmode|accessor|accessp|accesstimeout|accessurl|extractor|auth.username|properties|frame|authmode|password.sysname|password_encryption|passwordattempt|passwordcharacters|passwordfield|passwordpolicy|passwordrouting|secret_service|secretname|secret_bucket|token.type|token_rspec|tokenid|tokens|token_id|client_id|token_validation|tokenaddress|tokenclientid|tokendata.guid|tokenhash|tokenid|accessid|key.id|secretariat)'''
44
+ ]
45
+
46
+ paths = [
47
+ '''.*\/(?:lang|language|i18n)\/.*\.json$''',
48
+ ]
49
+
50
+ #note, these apply to the secret, not the line
51
+ stopwords = [
52
+ "000000",
53
+ "aaaaaa",
54
+ ".mac",
55
+ "one",
56
+ "b64",
57
+ "t64",
58
+ "ting",
59
+ "king",
60
+ ".jpg",
61
+ "ment",
62
+ "about",
63
+ "eth1",
64
+ "tv4",
65
+ "abstract",
66
+ "academy",
67
+ "acces",
68
+ "account",
69
+ "act-",
70
+ "act.",
71
+ "act_",
72
+ "action",
73
+ "active",
74
+ "actively",
75
+ "activity",
76
+ "adapter",
77
+ "add-",
78
+ "add.",
79
+ "add_",
80
+ "add-on",
81
+ "addon",
82
+ "addres",
83
+ "admin",
84
+ "adobe",
85
+ "advanced",
86
+ "adventure",
87
+ "agent",
88
+ "agile",
89
+ "air-",
90
+ "air.",
91
+ "air_",
92
+ "ajax",
93
+ "akka",
94
+ "alert",
95
+ "alfred",
96
+ "algorithm",
97
+ "all-",
98
+ "all.",
99
+ "all_",
100
+ "alloy",
101
+ "alpha",
102
+ "amazon",
103
+ "amqp",
104
+ "analysi",
105
+ "analytic",
106
+ "analyzer",
107
+ "android",
108
+ "angular",
109
+ "angularj",
110
+ "animate",
111
+ "animation",
112
+ "another",
113
+ "ansible",
114
+ "answer",
115
+ "ant-",
116
+ "ant.",
117
+ "ant_",
118
+ "any-",
119
+ "any.",
120
+ "any_",
121
+ "apache",
122
+ "app-",
123
+ "app-",
124
+ "app.",
125
+ "app.",
126
+ "app_",
127
+ "app_",
128
+ "app1",
129
+ "app2",
130
+ "apple",
131
+ "arch",
132
+ "archive",
133
+ "archived",
134
+ "arduino",
135
+ "array",
136
+ "art-",
137
+ "art.",
138
+ "art_",
139
+ "article",
140
+ "asp-",
141
+ "asp.",
142
+ "asp_",
143
+ "asset",
144
+ "async",
145
+ "atom",
146
+ "attention",
147
+ "audio",
148
+ "audit",
149
+ "aura",
150
+ "auth",
151
+ "author",
152
+ "author",
153
+ "authorize",
154
+ "auto",
155
+ "automated",
156
+ "automatic",
157
+ "awesome",
158
+ "aws_",
159
+ "azure",
160
+ "back",
161
+ "backbone",
162
+ "backend",
163
+ "backup",
164
+ "bar-",
165
+ "bar.",
166
+ "bar_",
167
+ "base",
168
+ "based",
169
+ "bash",
170
+ "basic",
171
+ "batch",
172
+ "been",
173
+ "beer",
174
+ "behavior",
175
+ "being",
176
+ "benchmark",
177
+ "best",
178
+ "beta",
179
+ "better",
180
+ "big-",
181
+ "big.",
182
+ "big_",
183
+ "binary",
184
+ "binding",
185
+ "bit-",
186
+ "bit.",
187
+ "bit_",
188
+ "bitcoin",
189
+ "block",
190
+ "blog",
191
+ "board",
192
+ "book",
193
+ "bookmark",
194
+ "boost",
195
+ "boot",
196
+ "bootstrap",
197
+ "bosh",
198
+ "bot-",
199
+ "bot.",
200
+ "bot_",
201
+ "bower",
202
+ "box-",
203
+ "box.",
204
+ "box_",
205
+ "boxen",
206
+ "bracket",
207
+ "branch",
208
+ "bridge",
209
+ "browser",
210
+ "brunch",
211
+ "buffer",
212
+ "bug-",
213
+ "bug.",
214
+ "bug_",
215
+ "build",
216
+ "builder",
217
+ "building",
218
+ "buildout",
219
+ "buildpack",
220
+ "built",
221
+ "bundle",
222
+ "busines",
223
+ "but-",
224
+ "but.",
225
+ "but_",
226
+ "button",
227
+ "cache",
228
+ "caching",
229
+ "cakephp",
230
+ "calendar",
231
+ "call",
232
+ "camera",
233
+ "campfire",
234
+ "can-",
235
+ "can.",
236
+ "can_",
237
+ "canva",
238
+ "captcha",
239
+ "capture",
240
+ "card",
241
+ "carousel",
242
+ "case",
243
+ "cassandra",
244
+ "cat-",
245
+ "cat.",
246
+ "cat_",
247
+ "category",
248
+ "center",
249
+ "cento",
250
+ "challenge",
251
+ "change",
252
+ "changelog",
253
+ "channel",
254
+ "chart",
255
+ "chat",
256
+ "cheat",
257
+ "check",
258
+ "checker",
259
+ "chef",
260
+ "ches",
261
+ "chinese",
262
+ "chosen",
263
+ "chrome",
264
+ "ckeditor",
265
+ "clas",
266
+ "classe",
267
+ "classic",
268
+ "clean",
269
+ "cli-",
270
+ "cli.",
271
+ "cli_",
272
+ "client",
273
+ "client",
274
+ "clojure",
275
+ "clone",
276
+ "closure",
277
+ "cloud",
278
+ "club",
279
+ "cluster",
280
+ "cms-",
281
+ "cms_",
282
+ "coco",
283
+ "code",
284
+ "coding",
285
+ "coffee",
286
+ "color",
287
+ "combination",
288
+ "combo",
289
+ "command",
290
+ "commander",
291
+ "comment",
292
+ "commit",
293
+ "common",
294
+ "community",
295
+ "compas",
296
+ "compiler",
297
+ "complete",
298
+ "component",
299
+ "composer",
300
+ "computer",
301
+ "computing",
302
+ "con-",
303
+ "con.",
304
+ "con_",
305
+ "concept",
306
+ "conf",
307
+ "config",
308
+ "config",
309
+ "connect",
310
+ "connector",
311
+ "console",
312
+ "contact",
313
+ "container",
314
+ "contao",
315
+ "content",
316
+ "contest",
317
+ "context",
318
+ "control",
319
+ "convert",
320
+ "converter",
321
+ "conway'",
322
+ "cookbook",
323
+ "cookie",
324
+ "cool",
325
+ "copy",
326
+ "cordova",
327
+ "core",
328
+ "couchbase",
329
+ "couchdb",
330
+ "countdown",
331
+ "counter",
332
+ "course",
333
+ "clause",
334
+ "craft",
335
+ "crawler",
336
+ "create",
337
+ "creating",
338
+ "creator",
339
+ "credential",
340
+ "crm-",
341
+ "crm.",
342
+ "crm_",
343
+ "cros",
344
+ "crud",
345
+ "csv-",
346
+ "csv.",
347
+ "csv_",
348
+ "cube",
349
+ "cucumber",
350
+ "cuda",
351
+ "current",
352
+ "currently",
353
+ "custom",
354
+ "daemon",
355
+ "dark",
356
+ "dart",
357
+ "dash",
358
+ "dashboard",
359
+ "data",
360
+ "database",
361
+ "date",
362
+ "day-",
363
+ "day.",
364
+ "day_",
365
+ "dead",
366
+ "debian",
367
+ "debug",
368
+ "debug",
369
+ "debugger",
370
+ "deck",
371
+ "define",
372
+ "del-",
373
+ "del.",
374
+ "del_",
375
+ "delete",
376
+ "demo",
377
+ "deploy",
378
+ "design",
379
+ "designer",
380
+ "desktop",
381
+ "detection",
382
+ "detector",
383
+ "dev-",
384
+ "dev.",
385
+ "dev_",
386
+ "develop",
387
+ "developer",
388
+ "device",
389
+ "devise",
390
+ "diff",
391
+ "digital",
392
+ "directive",
393
+ "directory",
394
+ "discovery",
395
+ "display",
396
+ "django",
397
+ "dns-",
398
+ "dns_",
399
+ "doc-",
400
+ "doc-",
401
+ "doc.",
402
+ "doc.",
403
+ "doc_",
404
+ "doc_",
405
+ "docker",
406
+ "docpad",
407
+ "doctrine",
408
+ "document",
409
+ "doe-",
410
+ "doe.",
411
+ "doe_",
412
+ "dojo",
413
+ "dom-",
414
+ "dom.",
415
+ "dom_",
416
+ "domain",
417
+ "done",
418
+ "don't",
419
+ "dot-",
420
+ "dot.",
421
+ "dot_",
422
+ "dotfile",
423
+ "download",
424
+ "draft",
425
+ "drag",
426
+ "drill",
427
+ "drive",
428
+ "driven",
429
+ "driver",
430
+ "drop",
431
+ "dropbox",
432
+ "drupal",
433
+ "dsl-",
434
+ "dsl.",
435
+ "dsl_",
436
+ "dynamic",
437
+ "easy",
438
+ "_ec2_",
439
+ "fit",
440
+ "acco",
441
+ "urns",
442
+ "abel",
443
+ "ents",
444
+ "ec2-",
445
+ "ec1-",
446
+ "ecdsa",
447
+ "eclipse",
448
+ "edit",
449
+ "editing",
450
+ "edition",
451
+ "editor",
452
+ "element",
453
+ "emac",
454
+ "email",
455
+ "embed",
456
+ "embedded",
457
+ "ember",
458
+ "emitter",
459
+ "emulator",
460
+ "encoding",
461
+ "endpoint",
462
+ "engine",
463
+ "english",
464
+ "enhanced",
465
+ "entity",
466
+ "entry",
467
+ "env_",
468
+ "episode",
469
+ "erlang",
470
+ "error",
471
+ "espresso",
472
+ "event",
473
+ "evented",
474
+ "example",
475
+ "example",
476
+ "exchange",
477
+ "exercise",
478
+ "experiment",
479
+ "expire",
480
+ "exploit",
481
+ "explorer",
482
+ "export",
483
+ "exporter",
484
+ "expres",
485
+ "ext-",
486
+ "ext.",
487
+ "ext_",
488
+ "extended",
489
+ "extension",
490
+ "external",
491
+ "extra",
492
+ "extractor",
493
+ "fabric",
494
+ "facebook",
495
+ "factory",
496
+ "fake",
497
+ "fast",
498
+ "feature",
499
+ "feed",
500
+ "fewfwef",
501
+ "ffmpeg",
502
+ "field",
503
+ "file",
504
+ "filter",
505
+ "find",
506
+ "finder",
507
+ "firefox",
508
+ "firmware",
509
+ "first",
510
+ "fish",
511
+ "fix-",
512
+ "fix_",
513
+ "flash",
514
+ "flask",
515
+ "flat",
516
+ "flex",
517
+ "flexible",
518
+ "flickr",
519
+ "flow",
520
+ "fluent",
521
+ "fluentd",
522
+ "fluid",
523
+ "folder",
524
+ "font",
525
+ "force",
526
+ "foreman",
527
+ "fork",
528
+ "form",
529
+ "format",
530
+ "formatter",
531
+ "forum",
532
+ "foundry",
533
+ "framework",
534
+ "free",
535
+ "friend",
536
+ "friendly",
537
+ "front-end",
538
+ "frontend",
539
+ "ftp-",
540
+ "ftp.",
541
+ "ftp_",
542
+ "fuel",
543
+ "full",
544
+ "fun-",
545
+ "fun.",
546
+ "fun_",
547
+ "func",
548
+ "future",
549
+ "gaia",
550
+ "gallery",
551
+ "game",
552
+ "gateway",
553
+ "gem-",
554
+ "gem.",
555
+ "gem_",
556
+ "gen-",
557
+ "gen.",
558
+ "gen_",
559
+ "general",
560
+ "generator",
561
+ "generic",
562
+ "genetic",
563
+ "get-",
564
+ "get.",
565
+ "get_",
566
+ "getenv",
567
+ "getting",
568
+ "ghost",
569
+ "gist",
570
+ "git-",
571
+ "git.",
572
+ "git_",
573
+ "github",
574
+ "gitignore",
575
+ "gitlab",
576
+ "glas",
577
+ "gmail",
578
+ "gnome",
579
+ "gnu-",
580
+ "gnu.",
581
+ "gnu_",
582
+ "goal",
583
+ "golang",
584
+ "gollum",
585
+ "good",
586
+ "google",
587
+ "gpu-",
588
+ "gpu.",
589
+ "gpu_",
590
+ "gradle",
591
+ "grail",
592
+ "graph",
593
+ "graphic",
594
+ "great",
595
+ "grid",
596
+ "groovy",
597
+ "group",
598
+ "grunt",
599
+ "guard",
600
+ "gui-",
601
+ "gui.",
602
+ "gui_",
603
+ "guide",
604
+ "guideline",
605
+ "gulp",
606
+ "gwt-",
607
+ "gwt.",
608
+ "gwt_",
609
+ "hack",
610
+ "hackathon",
611
+ "hacker",
612
+ "hacking",
613
+ "hadoop",
614
+ "haml",
615
+ "handler",
616
+ "hardware",
617
+ "has-",
618
+ "has_",
619
+ "hash",
620
+ "haskell",
621
+ "have",
622
+ "haxe",
623
+ "hello",
624
+ "help",
625
+ "helper",
626
+ "here",
627
+ "hero",
628
+ "heroku",
629
+ "high",
630
+ "hipchat",
631
+ "history",
632
+ "home",
633
+ "homebrew",
634
+ "homepage",
635
+ "hook",
636
+ "host",
637
+ "hosting",
638
+ "hot-",
639
+ "hot.",
640
+ "hot_",
641
+ "house",
642
+ "how-",
643
+ "how.",
644
+ "how_",
645
+ "html",
646
+ "http",
647
+ "hub-",
648
+ "hub.",
649
+ "hub_",
650
+ "hubot",
651
+ "human",
652
+ "icon",
653
+ "ide-",
654
+ "ide.",
655
+ "ide_",
656
+ "idea",
657
+ "identity",
658
+ "idiomatic",
659
+ "image",
660
+ "impact",
661
+ "import",
662
+ "important",
663
+ "importer",
664
+ "impres",
665
+ "index",
666
+ "infinite",
667
+ "info",
668
+ "injection",
669
+ "inline",
670
+ "input",
671
+ "inside",
672
+ "inspector",
673
+ "instagram",
674
+ "install",
675
+ "installer",
676
+ "instant",
677
+ "intellij",
678
+ "interface",
679
+ "internet",
680
+ "interview",
681
+ "into",
682
+ "intro",
683
+ "ionic",
684
+ "iphone",
685
+ "ipython",
686
+ "irc-",
687
+ "irc_",
688
+ "iso-",
689
+ "iso.",
690
+ "iso_",
691
+ "issue",
692
+ "jade",
693
+ "jasmine",
694
+ "java",
695
+ "jbos",
696
+ "jekyll",
697
+ "jenkin",
698
+ "job-",
699
+ "job.",
700
+ "job_",
701
+ "joomla",
702
+ "jpa-",
703
+ "jpa.",
704
+ "jpa_",
705
+ "jquery",
706
+ "json",
707
+ "just",
708
+ "kafka",
709
+ "karma",
710
+ "kata",
711
+ "kernel",
712
+ "key",
713
+ "keyboard",
714
+ "keys",
715
+ "kindle",
716
+ "kit-",
717
+ "kit.",
718
+ "kit_",
719
+ "kitchen",
720
+ "knife",
721
+ "koan",
722
+ "kohana",
723
+ "lab-",
724
+ "lab-",
725
+ "lab.",
726
+ "lab.",
727
+ "lab_",
728
+ "lab_",
729
+ "lambda",
730
+ "lamp",
731
+ "language",
732
+ "laravel",
733
+ "last",
734
+ "latest",
735
+ "latex",
736
+ "launcher",
737
+ "layer",
738
+ "layout",
739
+ "lazy",
740
+ "ldap",
741
+ "leaflet",
742
+ "league",
743
+ "learn",
744
+ "learning",
745
+ "led-",
746
+ "led.",
747
+ "led_",
748
+ "leetcode",
749
+ "les-",
750
+ "les.",
751
+ "les_",
752
+ "level",
753
+ "leveldb",
754
+ "lib-",
755
+ "lib.",
756
+ "lib_",
757
+ "librarie",
758
+ "library",
759
+ "license",
760
+ "life",
761
+ "liferay",
762
+ "light",
763
+ "lightbox",
764
+ "like",
765
+ "line",
766
+ "link",
767
+ "linked",
768
+ "linkedin",
769
+ "linux",
770
+ "lisp",
771
+ "list",
772
+ "lite",
773
+ "little",
774
+ "load",
775
+ "loader",
776
+ "local",
777
+ "location",
778
+ "lock",
779
+ "log-",
780
+ "log.",
781
+ "log_",
782
+ "logger",
783
+ "logging",
784
+ "logic",
785
+ "login",
786
+ "logstash",
787
+ "longer",
788
+ "look",
789
+ "love",
790
+ "lua-",
791
+ "lua.",
792
+ "lua_",
793
+ "mac-",
794
+ "mac.",
795
+ "mac_",
796
+ "machine",
797
+ "made",
798
+ "magento",
799
+ "magic",
800
+ "mail",
801
+ "make",
802
+ "maker",
803
+ "making",
804
+ "man-",
805
+ "man.",
806
+ "man_",
807
+ "manage",
808
+ "manager",
809
+ "manifest",
810
+ "manual",
811
+ "map-",
812
+ "map-",
813
+ "map.",
814
+ "map.",
815
+ "map_",
816
+ "map_",
817
+ "mapper",
818
+ "mapping",
819
+ "markdown",
820
+ "markup",
821
+ "master",
822
+ "math",
823
+ "matrix",
824
+ "maven",
825
+ "md5",
826
+ "mean",
827
+ "media",
828
+ "mediawiki",
829
+ "meetup",
830
+ "memcached",
831
+ "memory",
832
+ "menu",
833
+ "merchant",
834
+ "message",
835
+ "messaging",
836
+ "meta",
837
+ "metadata",
838
+ "meteor",
839
+ "method",
840
+ "metric",
841
+ "micro",
842
+ "middleman",
843
+ "migration",
844
+ "minecraft",
845
+ "miner",
846
+ "mini",
847
+ "minimal",
848
+ "mirror",
849
+ "mit-",
850
+ "mit.",
851
+ "mit_",
852
+ "mobile",
853
+ "mocha",
854
+ "mock",
855
+ "mod-",
856
+ "mod.",
857
+ "mod_",
858
+ "mode",
859
+ "model",
860
+ "modern",
861
+ "modular",
862
+ "module",
863
+ "modx",
864
+ "money",
865
+ "mongo",
866
+ "mongodb",
867
+ "mongoid",
868
+ "mongoose",
869
+ "monitor",
870
+ "monkey",
871
+ "more",
872
+ "motion",
873
+ "moved",
874
+ "movie",
875
+ "mozilla",
876
+ "mqtt",
877
+ "mule",
878
+ "multi",
879
+ "multiple",
880
+ "music",
881
+ "mustache",
882
+ "mvc-",
883
+ "mvc.",
884
+ "mvc_",
885
+ "mysql",
886
+ "nagio",
887
+ "name",
888
+ "native",
889
+ "need",
890
+ "neo-",
891
+ "neo.",
892
+ "neo_",
893
+ "nest",
894
+ "nested",
895
+ "net-",
896
+ "net.",
897
+ "net_",
898
+ "nette",
899
+ "network",
900
+ "new-",
901
+ "new-",
902
+ "new.",
903
+ "new.",
904
+ "new_",
905
+ "new_",
906
+ "next",
907
+ "nginx",
908
+ "ninja",
909
+ "nlp-",
910
+ "nlp.",
911
+ "nlp_",
912
+ "node",
913
+ "nodej",
914
+ "nosql",
915
+ "not-",
916
+ "not.",
917
+ "not_",
918
+ "note",
919
+ "notebook",
920
+ "notepad",
921
+ "notice",
922
+ "notifier",
923
+ "now-",
924
+ "now.",
925
+ "now_",
926
+ "number",
927
+ "oauth",
928
+ "object",
929
+ "objective",
930
+ "obsolete",
931
+ "ocaml",
932
+ "octopres",
933
+ "official",
934
+ "old-",
935
+ "old.",
936
+ "old_",
937
+ "onboard",
938
+ "online",
939
+ "only",
940
+ "open",
941
+ "opencv",
942
+ "opengl",
943
+ "openshift",
944
+ "openwrt",
945
+ "option",
946
+ "oracle",
947
+ "org-",
948
+ "org.",
949
+ "org_",
950
+ "origin",
951
+ "original",
952
+ "orm-",
953
+ "orm.",
954
+ "orm_",
955
+ "osx-",
956
+ "osx_",
957
+ "our-",
958
+ "our.",
959
+ "our_",
960
+ "out-",
961
+ "out.",
962
+ "out_",
963
+ "output",
964
+ "over",
965
+ "overview",
966
+ "own-",
967
+ "own.",
968
+ "own_",
969
+ "pack",
970
+ "package",
971
+ "packet",
972
+ "page",
973
+ "page",
974
+ "panel",
975
+ "paper",
976
+ "paperclip",
977
+ "para",
978
+ "parallax",
979
+ "parallel",
980
+ "parse",
981
+ "parser",
982
+ "parsing",
983
+ "particle",
984
+ "party",
985
+ "password",
986
+ "patch",
987
+ "path",
988
+ "pattern",
989
+ "payment",
990
+ "paypal",
991
+ "pdf-",
992
+ "pdf.",
993
+ "pdf_",
994
+ "pebble",
995
+ "people",
996
+ "perl",
997
+ "personal",
998
+ "phalcon",
999
+ "phoenix",
1000
+ "phone",
1001
+ "phonegap",
1002
+ "photo",
1003
+ "php-",
1004
+ "php.",
1005
+ "php_",
1006
+ "physic",
1007
+ "picker",
1008
+ "pipeline",
1009
+ "platform",
1010
+ "play",
1011
+ "player",
1012
+ "please",
1013
+ "plu-",
1014
+ "plu.",
1015
+ "plu_",
1016
+ "plug-in",
1017
+ "plugin",
1018
+ "plupload",
1019
+ "png-",
1020
+ "png.",
1021
+ "png_",
1022
+ "poker",
1023
+ "polyfill",
1024
+ "polymer",
1025
+ "pool",
1026
+ "pop-",
1027
+ "pop.",
1028
+ "pop_",
1029
+ "popcorn",
1030
+ "popup",
1031
+ "port",
1032
+ "portable",
1033
+ "portal",
1034
+ "portfolio",
1035
+ "post",
1036
+ "power",
1037
+ "powered",
1038
+ "powerful",
1039
+ "prelude",
1040
+ "pretty",
1041
+ "preview",
1042
+ "principle",
1043
+ "print",
1044
+ "pro-",
1045
+ "pro.",
1046
+ "pro_",
1047
+ "problem",
1048
+ "proc",
1049
+ "product",
1050
+ "profile",
1051
+ "profiler",
1052
+ "program",
1053
+ "progres",
1054
+ "project",
1055
+ "protocol",
1056
+ "prototype",
1057
+ "provider",
1058
+ "proxy",
1059
+ "public",
1060
+ "pull",
1061
+ "puppet",
1062
+ "pure",
1063
+ "purpose",
1064
+ "push",
1065
+ "pusher",
1066
+ "pyramid",
1067
+ "python",
1068
+ "quality",
1069
+ "query",
1070
+ "queue",
1071
+ "quick",
1072
+ "rabbitmq",
1073
+ "rack",
1074
+ "radio",
1075
+ "rail",
1076
+ "railscast",
1077
+ "random",
1078
+ "range",
1079
+ "raspberry",
1080
+ "rdf-",
1081
+ "rdf.",
1082
+ "rdf_",
1083
+ "react",
1084
+ "reactive",
1085
+ "read",
1086
+ "reader",
1087
+ "readme",
1088
+ "ready",
1089
+ "real",
1090
+ "reality",
1091
+ "real-time",
1092
+ "realtime",
1093
+ "recipe",
1094
+ "recorder",
1095
+ "red-",
1096
+ "red.",
1097
+ "red_",
1098
+ "reddit",
1099
+ "redi",
1100
+ "redmine",
1101
+ "reference",
1102
+ "refinery",
1103
+ "refresh",
1104
+ "registry",
1105
+ "related",
1106
+ "release",
1107
+ "remote",
1108
+ "rendering",
1109
+ "repo",
1110
+ "report",
1111
+ "request",
1112
+ "require",
1113
+ "required",
1114
+ "requirej",
1115
+ "research",
1116
+ "resource",
1117
+ "response",
1118
+ "resque",
1119
+ "rest",
1120
+ "restful",
1121
+ "resume",
1122
+ "reveal",
1123
+ "reverse",
1124
+ "review",
1125
+ "riak",
1126
+ "rich",
1127
+ "right",
1128
+ "ring",
1129
+ "robot",
1130
+ "role",
1131
+ "room",
1132
+ "router",
1133
+ "routing",
1134
+ "rpc-",
1135
+ "rpc.",
1136
+ "rpc_",
1137
+ "rpg-",
1138
+ "rpg.",
1139
+ "rpg_",
1140
+ "rspec",
1141
+ "ruby-",
1142
+ "ruby.",
1143
+ "ruby_",
1144
+ "rule",
1145
+ "run-",
1146
+ "run.",
1147
+ "run_",
1148
+ "runner",
1149
+ "running",
1150
+ "runtime",
1151
+ "rust",
1152
+ "rvm-",
1153
+ "rvm.",
1154
+ "rvm_",
1155
+ "salt",
1156
+ "sample",
1157
+ "sample",
1158
+ "sandbox",
1159
+ "sas-",
1160
+ "sas.",
1161
+ "sas_",
1162
+ "sbt-",
1163
+ "sbt.",
1164
+ "sbt_",
1165
+ "scala",
1166
+ "scalable",
1167
+ "scanner",
1168
+ "schema",
1169
+ "scheme",
1170
+ "school",
1171
+ "science",
1172
+ "scraper",
1173
+ "scratch",
1174
+ "screen",
1175
+ "script",
1176
+ "scroll",
1177
+ "scs-",
1178
+ "scs.",
1179
+ "scs_",
1180
+ "sdk-",
1181
+ "sdk.",
1182
+ "sdk_",
1183
+ "sdl-",
1184
+ "sdl.",
1185
+ "sdl_",
1186
+ "search",
1187
+ "secure",
1188
+ "security",
1189
+ "see-",
1190
+ "see.",
1191
+ "see_",
1192
+ "seed",
1193
+ "select",
1194
+ "selector",
1195
+ "selenium",
1196
+ "semantic",
1197
+ "sencha",
1198
+ "send",
1199
+ "sentiment",
1200
+ "serie",
1201
+ "server",
1202
+ "service",
1203
+ "session",
1204
+ "set-",
1205
+ "set.",
1206
+ "set_",
1207
+ "setting",
1208
+ "setting",
1209
+ "setup",
1210
+ "sha1",
1211
+ "sha2",
1212
+ "sha256",
1213
+ "share",
1214
+ "shared",
1215
+ "sharing",
1216
+ "sheet",
1217
+ "shell",
1218
+ "shield",
1219
+ "shipping",
1220
+ "shop",
1221
+ "shopify",
1222
+ "shortener",
1223
+ "should",
1224
+ "show",
1225
+ "showcase",
1226
+ "side",
1227
+ "silex",
1228
+ "simple",
1229
+ "simulator",
1230
+ "signature",
1231
+ "single",
1232
+ "site",
1233
+ "skeleton",
1234
+ "sketch",
1235
+ "skin",
1236
+ "slack",
1237
+ "slide",
1238
+ "slider",
1239
+ "slim",
1240
+ "small",
1241
+ "smart",
1242
+ "smtp",
1243
+ "snake",
1244
+ "snippet",
1245
+ "soap",
1246
+ "social",
1247
+ "socket",
1248
+ "software",
1249
+ "solarized",
1250
+ "solr",
1251
+ "solution",
1252
+ "solver",
1253
+ "some",
1254
+ "soon",
1255
+ "source",
1256
+ "space",
1257
+ "spark",
1258
+ "spatial",
1259
+ "spec",
1260
+ "sphinx",
1261
+ "spine",
1262
+ "spotify",
1263
+ "spree",
1264
+ "spring",
1265
+ "sprite",
1266
+ "sql-",
1267
+ "sql.",
1268
+ "sql_",
1269
+ "sqlite",
1270
+ "ssh-",
1271
+ "ssh.",
1272
+ "ssh_",
1273
+ "stack",
1274
+ "staging",
1275
+ "standard",
1276
+ "stanford",
1277
+ "start",
1278
+ "started",
1279
+ "starter",
1280
+ "startup",
1281
+ "stat",
1282
+ "statamic",
1283
+ "state",
1284
+ "static",
1285
+ "statistic",
1286
+ "statsd",
1287
+ "statu",
1288
+ "steam",
1289
+ "step",
1290
+ "still",
1291
+ "stm-",
1292
+ "stm.",
1293
+ "stm_",
1294
+ "storage",
1295
+ "store",
1296
+ "storm",
1297
+ "story",
1298
+ "strategy",
1299
+ "stream",
1300
+ "streaming",
1301
+ "string",
1302
+ "stripe",
1303
+ "structure",
1304
+ "studio",
1305
+ "study",
1306
+ "stuff",
1307
+ "style",
1308
+ "sublime",
1309
+ "sugar",
1310
+ "suite",
1311
+ "summary",
1312
+ "super",
1313
+ "support",
1314
+ "supported",
1315
+ "svg-",
1316
+ "svg.",
1317
+ "svg_",
1318
+ "svn-",
1319
+ "svn.",
1320
+ "svn_",
1321
+ "swagger",
1322
+ "swift",
1323
+ "switch",
1324
+ "switcher",
1325
+ "symfony",
1326
+ "symphony",
1327
+ "sync",
1328
+ "synopsi",
1329
+ "syntax",
1330
+ "system",
1331
+ "system",
1332
+ "tab-",
1333
+ "tab-",
1334
+ "tab.",
1335
+ "tab.",
1336
+ "tab_",
1337
+ "tab_",
1338
+ "table",
1339
+ "tag-",
1340
+ "tag-",
1341
+ "tag.",
1342
+ "tag.",
1343
+ "tag_",
1344
+ "tag_",
1345
+ "talk",
1346
+ "target",
1347
+ "task",
1348
+ "tcp-",
1349
+ "tcp.",
1350
+ "tcp_",
1351
+ "tdd-",
1352
+ "tdd.",
1353
+ "tdd_",
1354
+ "team",
1355
+ "tech",
1356
+ "template",
1357
+ "term",
1358
+ "terminal",
1359
+ "testing",
1360
+ "tetri",
1361
+ "text",
1362
+ "textmate",
1363
+ "theme",
1364
+ "theory",
1365
+ "three",
1366
+ "thrift",
1367
+ "time",
1368
+ "timeline",
1369
+ "timer",
1370
+ "tiny",
1371
+ "tinymce",
1372
+ "tip-",
1373
+ "tip.",
1374
+ "tip_",
1375
+ "title",
1376
+ "todo",
1377
+ "todomvc",
1378
+ "token",
1379
+ "tool",
1380
+ "toolbox",
1381
+ "toolkit",
1382
+ "top-",
1383
+ "top.",
1384
+ "top_",
1385
+ "tornado",
1386
+ "touch",
1387
+ "tower",
1388
+ "tracker",
1389
+ "tracking",
1390
+ "traffic",
1391
+ "training",
1392
+ "transfer",
1393
+ "translate",
1394
+ "transport",
1395
+ "tree",
1396
+ "trello",
1397
+ "try-",
1398
+ "try.",
1399
+ "try_",
1400
+ "tumblr",
1401
+ "tut-",
1402
+ "tut.",
1403
+ "tut_",
1404
+ "tutorial",
1405
+ "tweet",
1406
+ "twig",
1407
+ "twitter",
1408
+ "type",
1409
+ "typo",
1410
+ "ubuntu",
1411
+ "uiview",
1412
+ "ultimate",
1413
+ "under",
1414
+ "unit",
1415
+ "unity",
1416
+ "universal",
1417
+ "unix",
1418
+ "update",
1419
+ "updated",
1420
+ "upgrade",
1421
+ "upload",
1422
+ "uploader",
1423
+ "uri-",
1424
+ "uri.",
1425
+ "uri_",
1426
+ "url-",
1427
+ "url.",
1428
+ "url_",
1429
+ "usage",
1430
+ "usb-",
1431
+ "usb.",
1432
+ "usb_",
1433
+ "use-",
1434
+ "use.",
1435
+ "use_",
1436
+ "used",
1437
+ "useful",
1438
+ "user",
1439
+ "using",
1440
+ "util",
1441
+ "utilitie",
1442
+ "utility",
1443
+ "vagrant",
1444
+ "validator",
1445
+ "value",
1446
+ "variou",
1447
+ "varnish",
1448
+ "version",
1449
+ "via-",
1450
+ "via.",
1451
+ "via_",
1452
+ "video",
1453
+ "view",
1454
+ "viewer",
1455
+ "vim-",
1456
+ "vim.",
1457
+ "vim_",
1458
+ "vimrc",
1459
+ "virtual",
1460
+ "vision",
1461
+ "visual",
1462
+ "vpn",
1463
+ "want",
1464
+ "warning",
1465
+ "watch",
1466
+ "watcher",
1467
+ "wave",
1468
+ "way-",
1469
+ "way.",
1470
+ "way_",
1471
+ "weather",
1472
+ "web-",
1473
+ "web_",
1474
+ "webapp",
1475
+ "webgl",
1476
+ "webhook",
1477
+ "webkit",
1478
+ "webrtc",
1479
+ "website",
1480
+ "websocket",
1481
+ "welcome",
1482
+ "welcome",
1483
+ "what",
1484
+ "what'",
1485
+ "when",
1486
+ "where",
1487
+ "which",
1488
+ "why-",
1489
+ "why.",
1490
+ "why_",
1491
+ "widget",
1492
+ "wifi",
1493
+ "wiki",
1494
+ "win-",
1495
+ "win.",
1496
+ "win_",
1497
+ "window",
1498
+ "wip-",
1499
+ "wip.",
1500
+ "wip_",
1501
+ "within",
1502
+ "without",
1503
+ "wizard",
1504
+ "word",
1505
+ "wordpres",
1506
+ "work",
1507
+ "worker",
1508
+ "workflow",
1509
+ "working",
1510
+ "workshop",
1511
+ "world",
1512
+ "wrapper",
1513
+ "write",
1514
+ "writer",
1515
+ "writing",
1516
+ "written",
1517
+ "www-",
1518
+ "www.",
1519
+ "www_",
1520
+ "xamarin",
1521
+ "xcode",
1522
+ "xml-",
1523
+ "xml.",
1524
+ "xml_",
1525
+ "xmpp",
1526
+ "xxxxxx",
1527
+ "yahoo",
1528
+ "yaml",
1529
+ "yandex",
1530
+ "yeoman",
1531
+ "yet-",
1532
+ "yet.",
1533
+ "yet_",
1534
+ "yii-",
1535
+ "yii.",
1536
+ "yii_",
1537
+ "youtube",
1538
+ "yui-",
1539
+ "yui.",
1540
+ "yui_",
1541
+ "zend",
1542
+ "zero",
1543
+ "zip-",
1544
+ "zip.",
1545
+ "zip_",
1546
+ "zsh-",
1547
+ "zsh.",
1548
+ "zsh_",
1549
+ "snmpv3",
1550
+ "logs_",
1551
+ "certificate",
1552
+ "sk_test",
1553
+ "ngtcp2",
1554
+ "0123456789",
1555
+ "1234567890",
1556
+ "column",
1557
+ "section",
1558
+ "seconds",
1559
+ "kubernetes",
1560
+ "prequalInvite_",
1561
+ "s3compatibl",
1562
+ "MCRYPT_RIJNDAEL_128",
1563
+ "HMAC<",
1564
+ "CMAC<",
1565
+ "Poly1305",
1566
+ "scram-"
1567
+ ]
1568
+
1569
+ [[rules]]
1570
+ id = "mongodb-connection-string"
1571
+ description = "Detected a secret in a MongoDB connection string"
1572
+ regex = '''mongodb:\/\/[^:\s]+:([^@\s]+)@[^,\s]+'''
1573
+ entropy = 3.1
1574
+ keywords = ["mongo"]
1575
+
1576
+ [rules.allowlist]
1577
+
1578
+ regexTarget = "secret"
1579
+ regexes = [
1580
+ # strings like PASS, my_password etc
1581
+ '''(?i)(db|my)?_?pass(word|wd)?''',
1582
+ # $db_password, $$db_password
1583
+ '''^(\${1,2}[a-z_]*)?(db|my)?_?pass(word|wd)?''',
1584
+ # [My Password]
1585
+ '''^\[[\w\t -]+\]$''',
1586
+ # <My Password> or <:My Password:>
1587
+ '''<[\w\t -:]+>''',
1588
+ # $password, $$password
1589
+ '''^\${1,2}\w+$''',
1590
+ # ${password}, $${password}
1591
+ '''^\${0,2}\{+[^}]*\}+$''',
1592
+ # $(password)
1593
+ '''^\$\(\w+\)$''',
1594
+ # #{password}, #{password}#
1595
+ '''^#\{([^@/ ]+)\}#?'''
1596
+ ]
1597
+
1598
+ [[rules]]
1599
+ id = "aws-unsafeplaintext-secret"
1600
+ description = "Detected a secret used in AWS CDK SecretValue UnsafePlainText"
1601
+ regex = '''(?i)(?:SecretValue\.UnsafePlainText\(['"])([^"']+)(?:['"]\))'''
1602
+ entropy = 3.1
1603
+
1604
+ keywords = ["aws", "amazon"]
1605
+
1606
+ [[rules]]
1607
+ id = "aws-secret-key"
1608
+ description = "Found an AWS secret key, placing your cloud at risk"
1609
+ regex = '''(?i)(?:aws_secret_access_key|aws_secret|awssecret|aws_sk_key)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60| ){0,5}([0-9A-Z+\/]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
1610
+ keywords = [
1611
+ "aws_secret_access_key","aws_secret","awssecret","aws_sk_key"
1612
+ ]
1613
+
1614
+ [[rules]]
1615
+ id = "generic-api-key-xml-config"
1616
+ description = "Detected a Generic API Key in XML config file"
1617
+ regex = '''(?i)<add\s+key="[^"]*(?:key|token|secret|passwd|password|auth|access)[^"]*"\s+value="([^"]+)"\s+\/>'''
1618
+ entropy = 3.5
1619
+ keywords = [
1620
+ "key","token","secret","passwd","password","auth","access",
1621
+ ]
1622
+
1623
+ [rules.allowlist]
1624
+
1625
+ regexTarget = "line"
1626
+
1627
+ regexes = [
1628
+ '''(?i)(address|url|http|message|authid|local|client-id|clientid|test|accessprovider|accessenginetype|cvvencryptionkeyname|keyid|emailsentfrom|authremarkformat|guidkey)''',
1629
+ ]
1630
+
1631
+ [[rules]]
1632
+ id = "sql-server-connection-string"
1633
+ description = "Detected a secret in a SQL Server connection string"
1634
+ regex = '''(?:Server|Data Source)=[^;\s]+;(?:Database|Initial Catalog)=[^;]+;.*Password=([^;"'\s]+)[;"'\s]'''
1635
+ entropy = 3.1
1636
+ keywords = ["Server", "Data Source", "Database", "Initial Catalog", "Password"]
1637
+
1638
+ [rules.allowlist]
1639
+
1640
+ regexTarget = "secret"
1641
+ regexes = [
1642
+ # strings like PASS, my_password etc
1643
+ '''(?i)(db|my)?_?pass(word|wd)?''',
1644
+ # $db_password, $$db_password
1645
+ '''^(\${1,2}[a-z_]*)?(db|my)?_?pass(word|wd)?''',
1646
+ # [My Password]
1647
+ '''^\[[\w\t -]+\]$''',
1648
+ # <My Password> or <:My Password:>
1649
+ '''<[\w\t -:]+>''',
1650
+ # $password, $$password
1651
+ '''^\${1,2}\w+$''',
1652
+ # ${password}, $${password}
1653
+ '''^\${0,2}\{+[^}]*\}+$''',
1654
+ # $(password)
1655
+ '''^\$\(\w+\)$''',
1656
+ # #{password}, #{password}#
1657
+ '''^#\{([^@/ ]+)\}#?'''
1658
+ ]
1659
+
1660
+ [allowlist]
1661
+ description = "global allow list"
1662
+
1663
+ regexTarget = "line"
1664
+
1665
+ # below is a list of strings that we'd like to allow if they appear in the line
1666
+ regexes = [
1667
+ '''(?i)(inputkey|outputkey|public-key|public_key|publickey)'''
1668
+ ]