@octocodeai/octocode-engine 16.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +558 -0
- package/dist/lsp/client.d.ts +28 -0
- package/dist/lsp/client.js +98 -0
- package/dist/lsp/config.d.ts +3 -0
- package/dist/lsp/config.js +7 -0
- package/dist/lsp/evidence.d.ts +4 -0
- package/dist/lsp/evidence.js +28 -0
- package/dist/lsp/index.d.ts +7 -0
- package/dist/lsp/index.js +6 -0
- package/dist/lsp/initConstants.d.ts +4 -0
- package/dist/lsp/initConstants.js +27 -0
- package/dist/lsp/lspClientPool.d.ts +27 -0
- package/dist/lsp/lspClientPool.js +87 -0
- package/dist/lsp/lspErrorCodes.d.ts +12 -0
- package/dist/lsp/lspErrorCodes.js +12 -0
- package/dist/lsp/manager.d.ts +23 -0
- package/dist/lsp/manager.js +94 -0
- package/dist/lsp/native.d.ts +35 -0
- package/dist/lsp/native.js +3 -0
- package/dist/lsp/resolver.d.ts +26 -0
- package/dist/lsp/resolver.js +73 -0
- package/dist/lsp/schemas.d.ts +9 -0
- package/dist/lsp/schemas.js +30 -0
- package/dist/lsp/types.d.ts +85 -0
- package/dist/lsp/types.js +1 -0
- package/dist/lsp/uri.d.ts +15 -0
- package/dist/lsp/uri.js +24 -0
- package/dist/lsp/validation.d.ts +6 -0
- package/dist/lsp/validation.js +23 -0
- package/dist/lsp/workspaceRoot.d.ts +2 -0
- package/dist/lsp/workspaceRoot.js +7 -0
- package/dist/security/commandUtils.d.ts +1 -0
- package/dist/security/commandUtils.js +7 -0
- package/dist/security/commandValidator.d.ts +7 -0
- package/dist/security/commandValidator.js +472 -0
- package/dist/security/contentSanitizer.d.ts +2 -0
- package/dist/security/contentSanitizer.js +181 -0
- package/dist/security/filePatterns.d.ts +1 -0
- package/dist/security/filePatterns.js +209 -0
- package/dist/security/ignoredPathFilter.d.ts +3 -0
- package/dist/security/ignoredPathFilter.js +72 -0
- package/dist/security/index.d.ts +16 -0
- package/dist/security/index.js +13 -0
- package/dist/security/mask.d.ts +1 -0
- package/dist/security/mask.js +49 -0
- package/dist/security/maskUtils.d.ts +1 -0
- package/dist/security/maskUtils.js +7 -0
- package/dist/security/native.d.ts +9 -0
- package/dist/security/native.js +161 -0
- package/dist/security/paramExtractors.d.ts +7 -0
- package/dist/security/paramExtractors.js +75 -0
- package/dist/security/pathPatterns.d.ts +1 -0
- package/dist/security/pathPatterns.js +26 -0
- package/dist/security/pathUtils.d.ts +1 -0
- package/dist/security/pathUtils.js +37 -0
- package/dist/security/pathValidator.d.ts +22 -0
- package/dist/security/pathValidator.js +229 -0
- package/dist/security/regexes/ai-providers.d.ts +2 -0
- package/dist/security/regexes/ai-providers.js +177 -0
- package/dist/security/regexes/analytics.d.ts +2 -0
- package/dist/security/regexes/analytics.js +50 -0
- package/dist/security/regexes/auth-crypto.d.ts +6 -0
- package/dist/security/regexes/auth-crypto.js +255 -0
- package/dist/security/regexes/aws.d.ts +2 -0
- package/dist/security/regexes/aws.js +68 -0
- package/dist/security/regexes/cloudProviders.d.ts +2 -0
- package/dist/security/regexes/cloudProviders.js +328 -0
- package/dist/security/regexes/communications.d.ts +4 -0
- package/dist/security/regexes/communications.js +260 -0
- package/dist/security/regexes/databases.d.ts +2 -0
- package/dist/security/regexes/databases.js +135 -0
- package/dist/security/regexes/devTools.d.ts +2 -0
- package/dist/security/regexes/devTools.js +236 -0
- package/dist/security/regexes/index.d.ts +3 -0
- package/dist/security/regexes/index.js +31 -0
- package/dist/security/regexes/monitoring.d.ts +2 -0
- package/dist/security/regexes/monitoring.js +92 -0
- package/dist/security/regexes/payments-commerce.d.ts +3 -0
- package/dist/security/regexes/payments-commerce.js +197 -0
- package/dist/security/regexes/types.d.ts +2 -0
- package/dist/security/regexes/types.js +1 -0
- package/dist/security/regexes/vcs.d.ts +2 -0
- package/dist/security/regexes/vcs.js +105 -0
- package/dist/security/registry.d.ts +48 -0
- package/dist/security/registry.js +156 -0
- package/dist/security/securityConstants.d.ts +3 -0
- package/dist/security/securityConstants.js +12 -0
- package/dist/security/types.d.ts +35 -0
- package/dist/security/types.js +1 -0
- package/dist/security/withSecurityValidation.d.ts +21 -0
- package/dist/security/withSecurityValidation.js +107 -0
- package/index.cjs +97 -0
- package/index.d.ts +934 -0
- package/index.js +652 -0
- package/package.json +311 -0
|
@@ -0,0 +1,177 @@
|
|
|
1
|
+
export const aiProviderPatterns = [
|
|
2
|
+
{
|
|
3
|
+
name: 'openaiApiKeyLegacy',
|
|
4
|
+
description: 'OpenAI API key (legacy format)',
|
|
5
|
+
regex: /\b(sk-[a-zA-Z0-9_-]+T3BlbkFJ[a-zA-Z0-9_-]+)\b/g,
|
|
6
|
+
matchAccuracy: 'high',
|
|
7
|
+
},
|
|
8
|
+
{
|
|
9
|
+
name: 'openaiProjectApiKey',
|
|
10
|
+
description: 'OpenAI project-scoped API key',
|
|
11
|
+
regex: /\bsk-proj-[a-zA-Z0-9_-]{20,}\b/g,
|
|
12
|
+
matchAccuracy: 'high',
|
|
13
|
+
},
|
|
14
|
+
{
|
|
15
|
+
name: 'openaiServiceAccountKey',
|
|
16
|
+
description: 'OpenAI service account API key',
|
|
17
|
+
regex: /\bsk-svcacct-[a-zA-Z0-9_-]{20,}\b/g,
|
|
18
|
+
matchAccuracy: 'high',
|
|
19
|
+
},
|
|
20
|
+
{
|
|
21
|
+
name: 'openaiAdminKey',
|
|
22
|
+
description: 'OpenAI admin API key',
|
|
23
|
+
regex: /\bsk-admin-[a-zA-Z0-9_-]{20,}\b/g,
|
|
24
|
+
matchAccuracy: 'high',
|
|
25
|
+
},
|
|
26
|
+
{
|
|
27
|
+
name: 'openaiOrgId',
|
|
28
|
+
description: 'OpenAI organization ID',
|
|
29
|
+
regex: /\borg-[a-zA-Z0-9]{20,}\b/g,
|
|
30
|
+
matchAccuracy: 'high',
|
|
31
|
+
},
|
|
32
|
+
{
|
|
33
|
+
name: 'groqApiKey',
|
|
34
|
+
description: 'Groq API key',
|
|
35
|
+
regex: /\bgsk_[a-zA-Z0-9-_]{51,52}\b/g,
|
|
36
|
+
matchAccuracy: 'high',
|
|
37
|
+
},
|
|
38
|
+
{
|
|
39
|
+
name: 'cohereApiKey',
|
|
40
|
+
description: 'Cohere API key',
|
|
41
|
+
regex: /\bco-[a-zA-Z0-9-_]{38,64}\b/g,
|
|
42
|
+
matchAccuracy: 'high',
|
|
43
|
+
},
|
|
44
|
+
{
|
|
45
|
+
name: 'huggingFaceToken',
|
|
46
|
+
description: 'Hugging Face API token',
|
|
47
|
+
regex: /\bhf_[a-zA-Z0-9]{34}\b/g,
|
|
48
|
+
matchAccuracy: 'high',
|
|
49
|
+
},
|
|
50
|
+
{
|
|
51
|
+
name: 'perplexityApiKey',
|
|
52
|
+
description: 'Perplexity AI API key',
|
|
53
|
+
regex: /\bpplx-[a-zA-Z0-9]{30,64}\b/g,
|
|
54
|
+
matchAccuracy: 'high',
|
|
55
|
+
},
|
|
56
|
+
{
|
|
57
|
+
name: 'replicateApiToken',
|
|
58
|
+
description: 'Replicate API token',
|
|
59
|
+
regex: /\br8_[a-zA-Z0-9]{30,}\b/g,
|
|
60
|
+
matchAccuracy: 'high',
|
|
61
|
+
},
|
|
62
|
+
{
|
|
63
|
+
name: 'anthropicApiKey',
|
|
64
|
+
description: 'Anthropic API key',
|
|
65
|
+
regex: /\bsk-ant-(?:admin01|api03|sid01)-[\w-]{80,120}\b/g,
|
|
66
|
+
matchAccuracy: 'high',
|
|
67
|
+
},
|
|
68
|
+
{
|
|
69
|
+
name: 'mistralApiKey',
|
|
70
|
+
description: 'Mistral AI API key',
|
|
71
|
+
regex: /\b(?:mistral-|mist_)[a-zA-Z0-9]{32,}\b/g,
|
|
72
|
+
matchAccuracy: 'high',
|
|
73
|
+
},
|
|
74
|
+
{
|
|
75
|
+
name: 'tavilyApiKey',
|
|
76
|
+
description: 'Tavily API key',
|
|
77
|
+
regex: /\btvly-[a-zA-Z0-9]{30,}\b/g,
|
|
78
|
+
matchAccuracy: 'high',
|
|
79
|
+
},
|
|
80
|
+
{
|
|
81
|
+
name: 'deepseekApiKey',
|
|
82
|
+
description: 'DeepSeek API key',
|
|
83
|
+
regex: /\b['"]?(?:DEEPSEEK|deepseek|DeepSeek)_?(?:API|api)?_?(?:KEY|key)['"]?\s*(?::|=>|=)\s*['"]?sk-[a-zA-Z0-9]{32,64}['"]?\b/g,
|
|
84
|
+
matchAccuracy: 'medium',
|
|
85
|
+
},
|
|
86
|
+
{
|
|
87
|
+
name: 'togetherApiKey',
|
|
88
|
+
description: 'Together AI API key',
|
|
89
|
+
regex: /\b['"]?(?:TOGETHER|together)_?(?:API|api)?_?(?:KEY|key)['"]?\s*(?::|=>|=)\s*['"]?[a-zA-Z0-9]{40,64}['"]?\b/g,
|
|
90
|
+
matchAccuracy: 'medium',
|
|
91
|
+
},
|
|
92
|
+
{
|
|
93
|
+
name: 'fireworksApiKey',
|
|
94
|
+
description: 'Fireworks AI API key',
|
|
95
|
+
regex: /\b['"]?(?:FIREWORKS|fireworks)_?(?:API|api)?_?(?:KEY|key)['"]?\s*(?::|=>|=)\s*['"]?[a-zA-Z0-9]{40,64}['"]?\b/g,
|
|
96
|
+
matchAccuracy: 'medium',
|
|
97
|
+
},
|
|
98
|
+
{
|
|
99
|
+
name: 'xaiApiKey',
|
|
100
|
+
description: 'xAI (Grok) API key',
|
|
101
|
+
regex: /\bxai-[a-zA-Z0-9]{48,}\b/g,
|
|
102
|
+
matchAccuracy: 'high',
|
|
103
|
+
},
|
|
104
|
+
{
|
|
105
|
+
name: 'openRouterApiKey',
|
|
106
|
+
description: 'OpenRouter API key',
|
|
107
|
+
regex: /\bsk-or-v1-[a-zA-Z0-9]{64}\b/g,
|
|
108
|
+
matchAccuracy: 'high',
|
|
109
|
+
},
|
|
110
|
+
{
|
|
111
|
+
name: 'amazonBedrockApiKey',
|
|
112
|
+
description: 'Amazon Bedrock API key',
|
|
113
|
+
regex: /\bABSK[A-Za-z0-9+/]{109,269}={0,2}\b/g,
|
|
114
|
+
matchAccuracy: 'high',
|
|
115
|
+
},
|
|
116
|
+
{
|
|
117
|
+
name: 'ai21ApiKey',
|
|
118
|
+
description: 'AI21 Labs API key',
|
|
119
|
+
regex: /\b['"]?(?:AI21|ai21)_?(?:API|api)?_?(?:KEY|key)['"]?\s*(?::|=>|=)\s*['"]?[a-zA-Z0-9]{40,64}['"]?\b/g,
|
|
120
|
+
matchAccuracy: 'medium',
|
|
121
|
+
},
|
|
122
|
+
{
|
|
123
|
+
name: 'stabilityApiKey',
|
|
124
|
+
description: 'Stability AI API key',
|
|
125
|
+
regex: /\b['"]?(?:STABILITY|stability|Stability)_?(?:AI|ai)?_?(?:API|api)?_?(?:KEY|key)['"]?\s*(?::|=>|=)\s*['"]?sk-[a-zA-Z0-9]{48,}['"]?\b/g,
|
|
126
|
+
matchAccuracy: 'medium',
|
|
127
|
+
},
|
|
128
|
+
{
|
|
129
|
+
name: 'voyageApiKey',
|
|
130
|
+
description: 'Voyage AI API key',
|
|
131
|
+
regex: /\bpa-[a-zA-Z0-9]{40,}\b/g,
|
|
132
|
+
matchAccuracy: 'high',
|
|
133
|
+
},
|
|
134
|
+
{
|
|
135
|
+
name: 'elevenLabsApiKey',
|
|
136
|
+
description: 'ElevenLabs API key (context-based detection)',
|
|
137
|
+
regex: /\b['"]?(?:ELEVENLABS|elevenlabs)_?(?:API|api)?_?(?:KEY|key)['"]?\s*(?::|=>|=)\s*['"]?[a-zA-Z0-9]{32,}['"]?\b/gi,
|
|
138
|
+
matchAccuracy: 'medium',
|
|
139
|
+
},
|
|
140
|
+
{
|
|
141
|
+
name: 'assemblyaiApiKey',
|
|
142
|
+
description: 'AssemblyAI API key',
|
|
143
|
+
regex: /\b['"]?(?:ASSEMBLYAI|assemblyai|AssemblyAI)_?(?:API|api)?_?(?:KEY|key)['"]?\s*(?::|=>|=)\s*['"]?[a-f0-9]{32}['"]?\b/g,
|
|
144
|
+
matchAccuracy: 'medium',
|
|
145
|
+
},
|
|
146
|
+
{
|
|
147
|
+
name: 'pineconeApiKeyPrefixed',
|
|
148
|
+
description: 'Pinecone API key (prefixed format)',
|
|
149
|
+
regex: /\bpcsk_[a-zA-Z0-9_]{50,}\b/g,
|
|
150
|
+
matchAccuracy: 'high',
|
|
151
|
+
},
|
|
152
|
+
{
|
|
153
|
+
name: 'wandbApiKey',
|
|
154
|
+
description: 'Weights & Biases API key',
|
|
155
|
+
regex: /\b[a-f0-9]{40}\b/g,
|
|
156
|
+
matchAccuracy: 'medium',
|
|
157
|
+
fileContext: /wandb/i,
|
|
158
|
+
},
|
|
159
|
+
{
|
|
160
|
+
name: 'cometApiKey',
|
|
161
|
+
description: 'Comet ML API key',
|
|
162
|
+
regex: /\b['"]?(?:COMET|comet)_?(?:API|api)?_?(?:KEY|key)['"]?\s*(?::|=>|=)\s*['"]?[a-zA-Z0-9]{32,64}['"]?\b/g,
|
|
163
|
+
matchAccuracy: 'medium',
|
|
164
|
+
},
|
|
165
|
+
{
|
|
166
|
+
name: 'langchainApiKey',
|
|
167
|
+
description: 'LangChain/LangSmith API key',
|
|
168
|
+
regex: /\blsv2_[a-zA-Z0-9_]{20,}\b/g,
|
|
169
|
+
matchAccuracy: 'high',
|
|
170
|
+
},
|
|
171
|
+
{
|
|
172
|
+
name: 'unstructuredApiKey',
|
|
173
|
+
description: 'Unstructured.io API key',
|
|
174
|
+
regex: /\b['"]?(?:UNSTRUCTURED|unstructured)_?(?:API|api)?_?(?:KEY|key)['"]?\s*(?::|=>|=)\s*['"]?[a-zA-Z0-9]{32,}['"]?\b/g,
|
|
175
|
+
matchAccuracy: 'medium',
|
|
176
|
+
},
|
|
177
|
+
];
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
export const analyticsModernPatterns = [
|
|
2
|
+
{
|
|
3
|
+
name: 'vercelToken',
|
|
4
|
+
description: 'Vercel API token (new prefixed formats: vcp/vci/vca/vcr/vck)',
|
|
5
|
+
regex: /\b(?:vcp|vci|vca|vcr|vck)_[a-zA-Z0-9]{24,}\b/g,
|
|
6
|
+
matchAccuracy: 'high',
|
|
7
|
+
},
|
|
8
|
+
{
|
|
9
|
+
name: 'posthogApiKey',
|
|
10
|
+
description: 'PostHog API key',
|
|
11
|
+
regex: /\bphc_[a-zA-Z0-9_-]{39}\b/g,
|
|
12
|
+
matchAccuracy: 'high',
|
|
13
|
+
},
|
|
14
|
+
{
|
|
15
|
+
name: 'posthogPersonalApiKey',
|
|
16
|
+
description: 'PostHog personal API key',
|
|
17
|
+
regex: /\bphx_[a-zA-Z0-9_-]{39}\b/g,
|
|
18
|
+
matchAccuracy: 'high',
|
|
19
|
+
},
|
|
20
|
+
{
|
|
21
|
+
name: 'posthogFeatureFlagsSecureApiKey',
|
|
22
|
+
description: 'PostHog feature flags secure API key',
|
|
23
|
+
regex: /\bphs_[a-zA-Z0-9_-]{39}\b/g,
|
|
24
|
+
matchAccuracy: 'high',
|
|
25
|
+
},
|
|
26
|
+
{
|
|
27
|
+
name: 'posthogOauthAccessToken',
|
|
28
|
+
description: 'PostHog OAuth access token',
|
|
29
|
+
regex: /\bpha_[a-zA-Z0-9_-]{39}\b/g,
|
|
30
|
+
matchAccuracy: 'high',
|
|
31
|
+
},
|
|
32
|
+
{
|
|
33
|
+
name: 'posthogOauthRefreshToken',
|
|
34
|
+
description: 'PostHog OAuth refresh token',
|
|
35
|
+
regex: /\bphr_[a-zA-Z0-9_-]{39}\b/g,
|
|
36
|
+
matchAccuracy: 'high',
|
|
37
|
+
},
|
|
38
|
+
{
|
|
39
|
+
name: 'datadogApiKey',
|
|
40
|
+
description: 'Datadog API and application keys (with context)',
|
|
41
|
+
regex: /\bdatadog[\s\w]*(?:api|app)[\s\w]*key[\s:=]*["']?[a-fA-F0-9]{32,40}["']?/gi,
|
|
42
|
+
matchAccuracy: 'medium',
|
|
43
|
+
},
|
|
44
|
+
{
|
|
45
|
+
name: 'honeycombApiKey',
|
|
46
|
+
description: 'Honeycomb API key',
|
|
47
|
+
regex: /\bhcaik_[a-zA-Z0-9_-]{32,64}\b/g,
|
|
48
|
+
matchAccuracy: 'high',
|
|
49
|
+
},
|
|
50
|
+
];
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
import type { SensitiveDataPattern } from './types.js';
|
|
2
|
+
export declare const authPatterns: SensitiveDataPattern[];
|
|
3
|
+
export declare const codeConfigPatterns: SensitiveDataPattern[];
|
|
4
|
+
export declare const cryptographicPatterns: SensitiveDataPattern[];
|
|
5
|
+
export declare const privateKeyPatterns: SensitiveDataPattern[];
|
|
6
|
+
export declare const genericSecretPatterns: SensitiveDataPattern[];
|
|
@@ -0,0 +1,255 @@
|
|
|
1
|
+
export const authPatterns = [
|
|
2
|
+
{
|
|
3
|
+
name: 'jwtToken',
|
|
4
|
+
description: 'JWT (JSON Web Token - 3-part)',
|
|
5
|
+
regex: /\b(ey[a-zA-Z0-9]{17,}\.ey[a-zA-Z0-9/_-]{17,}\.(?:[a-zA-Z0-9/_-]{10,}={0,2})?)\b/g,
|
|
6
|
+
matchAccuracy: 'high',
|
|
7
|
+
},
|
|
8
|
+
{
|
|
9
|
+
name: 'sessionIds',
|
|
10
|
+
description: 'Session IDs / Cookies',
|
|
11
|
+
regex: /(?:JSESSIONID|PHPSESSID|ASP\.NET_SessionId|connect\.sid|session_id)=([a-zA-Z0-9%:._-]+)/gi,
|
|
12
|
+
matchAccuracy: 'high',
|
|
13
|
+
},
|
|
14
|
+
{
|
|
15
|
+
name: 'googleOauthToken',
|
|
16
|
+
description: 'Google OAuth token',
|
|
17
|
+
regex: /\bya29\.[a-zA-Z0-9_-]+\b/g,
|
|
18
|
+
matchAccuracy: 'high',
|
|
19
|
+
},
|
|
20
|
+
{
|
|
21
|
+
name: 'googleOauthRefreshToken',
|
|
22
|
+
description: 'Google OAuth refresh token',
|
|
23
|
+
regex: /\b['"]?(?:GOOGLE|google)?_?(?:OAUTH|oauth)?_?(?:REFRESH|refresh)?_?(?:TOKEN|token)['"]?\s*(?::|=>|=)\s*['"]?(1\/\/0[a-zA-Z0-9._-]{40,})['"]?\b/g,
|
|
24
|
+
matchAccuracy: 'high',
|
|
25
|
+
fileContext: /(?:\.env|config|settings|secrets)/i,
|
|
26
|
+
},
|
|
27
|
+
{
|
|
28
|
+
name: 'onePasswordSecretKey',
|
|
29
|
+
description: '1Password secret key',
|
|
30
|
+
regex: /\bA3-[A-Z0-9]{6}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}\b/g,
|
|
31
|
+
matchAccuracy: 'high',
|
|
32
|
+
},
|
|
33
|
+
{
|
|
34
|
+
name: 'onePasswordServiceAccountToken',
|
|
35
|
+
description: '1Password service account token',
|
|
36
|
+
regex: /\bops_eyJ[a-zA-Z0-9+/]+={0,2}\b/g,
|
|
37
|
+
matchAccuracy: 'high',
|
|
38
|
+
},
|
|
39
|
+
{
|
|
40
|
+
name: 'jsonWebTokenEnhanced',
|
|
41
|
+
description: 'JSON Web Token with enhanced detection',
|
|
42
|
+
regex: /\bey[a-zA-Z0-9]+\.ey[a-zA-Z0-9/_-]+\.(?:[a-zA-Z0-9/_-]+={0,2})?\b/g,
|
|
43
|
+
matchAccuracy: 'high',
|
|
44
|
+
},
|
|
45
|
+
{
|
|
46
|
+
name: 'authressServiceClientAccessKey',
|
|
47
|
+
description: 'Authress service client access key',
|
|
48
|
+
regex: /\b(?:sc|ext|scauth|authress)_[a-z0-9]+\.[a-z0-9]+\.acc[_-][a-z0-9-]+\.[a-z0-9+/_=-]+\b/gi,
|
|
49
|
+
matchAccuracy: 'high',
|
|
50
|
+
},
|
|
51
|
+
{
|
|
52
|
+
name: 'auth0ClientSecret',
|
|
53
|
+
description: 'Auth0 client secret',
|
|
54
|
+
regex: /\b['"]?(?:AUTH0|auth0)_?(?:CLIENT|client)?_?(?:SECRET|secret)['"]?\s*(?::|=>|=)\s*['"]?[a-zA-Z0-9_-]{32,64}['"]?\b/gi,
|
|
55
|
+
matchAccuracy: 'medium',
|
|
56
|
+
},
|
|
57
|
+
{
|
|
58
|
+
name: 'auth0ManagementToken',
|
|
59
|
+
description: 'Auth0 Management API token',
|
|
60
|
+
regex: /\b['"]?(?:AUTH0|auth0)_?(?:MANAGEMENT|management|MGMT)?_?(?:API)?_?(?:TOKEN|token)['"]?\s*(?::|=>|=)\s*['"]?eyJ[a-zA-Z0-9_-]{50,}['"]?\b/gi,
|
|
61
|
+
matchAccuracy: 'high',
|
|
62
|
+
},
|
|
63
|
+
{
|
|
64
|
+
name: 'supertokensApiKey',
|
|
65
|
+
description: 'SuperTokens API key',
|
|
66
|
+
regex: /\b['"]?(?:SUPERTOKENS|supertokens)_?(?:API|api)?_?(?:KEY|key)['"]?\s*(?::|=>|=)\s*['"]?[a-zA-Z0-9_-]{30,}['"]?\b/gi,
|
|
67
|
+
matchAccuracy: 'medium',
|
|
68
|
+
},
|
|
69
|
+
{
|
|
70
|
+
name: 'basicAuthHeader',
|
|
71
|
+
description: 'Basic authentication header with credentials',
|
|
72
|
+
regex: /\bBasic\s+[A-Za-z0-9+/]{20,}={0,2}\b/gi,
|
|
73
|
+
matchAccuracy: 'medium',
|
|
74
|
+
},
|
|
75
|
+
{
|
|
76
|
+
name: 'bearerAuthHeader',
|
|
77
|
+
description: 'HTTP Bearer authentication header with token',
|
|
78
|
+
regex: /\bAuthorization\s*:\s*Bearer\s+[A-Za-z0-9._~+/=-]{20,}\b/gi,
|
|
79
|
+
matchAccuracy: 'medium',
|
|
80
|
+
},
|
|
81
|
+
];
|
|
82
|
+
export const codeConfigPatterns = [
|
|
83
|
+
{
|
|
84
|
+
name: 'jwtSecrets',
|
|
85
|
+
description: 'JWT secrets',
|
|
86
|
+
regex: /\bjwt[_-]?secret\s*[:=]\s*['"][^'"]{16,}['"]\b/gi,
|
|
87
|
+
matchAccuracy: 'high',
|
|
88
|
+
},
|
|
89
|
+
{
|
|
90
|
+
name: 'kubernetesSecrets',
|
|
91
|
+
description: 'Kubernetes secrets in YAML',
|
|
92
|
+
regex: /\bkind:\s*["']?Secret["']?[\s\S]{0,2000}?\bdata:\s*[\s\S]{0,2000}?[a-zA-Z0-9_-]+:\s*[a-zA-Z0-9+/]{16,}={0,3}\b/gi,
|
|
93
|
+
matchAccuracy: 'high',
|
|
94
|
+
fileContext: /\.ya?ml$/i,
|
|
95
|
+
},
|
|
96
|
+
{
|
|
97
|
+
name: 'dockerComposeSecrets',
|
|
98
|
+
description: 'Docker Compose secrets',
|
|
99
|
+
regex: /\b(?:MYSQL_ROOT_PASSWORD|POSTGRES_PASSWORD|REDIS_PASSWORD|MONGODB_PASSWORD)\s*[:=]\s*['"][^'"]{4,}['"]\b/gi,
|
|
100
|
+
matchAccuracy: 'medium',
|
|
101
|
+
fileContext: /docker-compose\.ya?ml$/i,
|
|
102
|
+
},
|
|
103
|
+
{
|
|
104
|
+
name: 'springBootSecrets',
|
|
105
|
+
description: 'Spring Boot application secrets',
|
|
106
|
+
regex: /\b(?:spring\.datasource\.password|spring\.security\.oauth2\.client\.registration\..*\.client-secret)\s*[:=]\s*['"][^'"]{4,}['"]\b/gi,
|
|
107
|
+
matchAccuracy: 'medium',
|
|
108
|
+
fileContext: /(?:application|bootstrap)(?:-\w+)?\.(?:properties|ya?ml)$/i,
|
|
109
|
+
},
|
|
110
|
+
{
|
|
111
|
+
name: 'dotnetConnectionStrings',
|
|
112
|
+
description: '.NET connection strings with credentials',
|
|
113
|
+
regex: /\b(?:ConnectionStrings?|connectionString)\s*[:=]\s*['"][^'"]*(?:password|pwd)\s*=\s*[^;'"]{4,}[^'"]*['"]\b/gi,
|
|
114
|
+
matchAccuracy: 'medium',
|
|
115
|
+
fileContext: /(?:appsettings|web\.config).*\.(?:json|config)$/i,
|
|
116
|
+
},
|
|
117
|
+
{
|
|
118
|
+
name: 'base64EncodedSecrets',
|
|
119
|
+
description: 'Base64 encoded secrets in config',
|
|
120
|
+
regex: /\b(?:secret|password|key|token)[_-]?(?:base64|encoded)?\s*[:=]\s*['"][A-Za-z0-9+/]{32,}={0,3}['"]\b/gi,
|
|
121
|
+
matchAccuracy: 'medium',
|
|
122
|
+
},
|
|
123
|
+
];
|
|
124
|
+
export const cryptographicPatterns = [
|
|
125
|
+
{
|
|
126
|
+
name: 'rsaPrivateKey',
|
|
127
|
+
description: 'RSA private key',
|
|
128
|
+
regex: /-----BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY-----[\s\S]*?-----END\s+(?:RSA\s+)?PRIVATE\s+KEY-----/g,
|
|
129
|
+
matchAccuracy: 'high',
|
|
130
|
+
},
|
|
131
|
+
{
|
|
132
|
+
name: 'pkcs8PrivateKey',
|
|
133
|
+
description: 'PKCS#8 private key',
|
|
134
|
+
regex: /\b-----BEGIN (?:ENCRYPTED )?PRIVATE KEY-----\s*[\s\S]*?-----END (?:ENCRYPTED )?PRIVATE KEY-----\b/g,
|
|
135
|
+
matchAccuracy: 'high',
|
|
136
|
+
},
|
|
137
|
+
{
|
|
138
|
+
name: 'ecPrivateKey',
|
|
139
|
+
description: 'Elliptic Curve private key',
|
|
140
|
+
regex: /\b-----BEGIN EC PRIVATE KEY-----\s*[\s\S]*?-----END EC PRIVATE KEY-----\b/g,
|
|
141
|
+
matchAccuracy: 'high',
|
|
142
|
+
},
|
|
143
|
+
{
|
|
144
|
+
name: 'dsaPrivateKey',
|
|
145
|
+
description: 'DSA private key',
|
|
146
|
+
regex: /\b-----BEGIN DSA PRIVATE KEY-----\s*[\s\S]*?-----END DSA PRIVATE KEY-----\b/g,
|
|
147
|
+
matchAccuracy: 'high',
|
|
148
|
+
},
|
|
149
|
+
{
|
|
150
|
+
name: 'opensshPrivateKey',
|
|
151
|
+
description: 'OpenSSH private key',
|
|
152
|
+
regex: /-----BEGIN\s+OPENSSH\s+PRIVATE\s+KEY-----[\s\S]*?-----END\s+OPENSSH\s+PRIVATE\s+KEY-----/g,
|
|
153
|
+
matchAccuracy: 'high',
|
|
154
|
+
},
|
|
155
|
+
{
|
|
156
|
+
name: 'sshPrivateKeyEncrypted',
|
|
157
|
+
description: 'SSH private key (SSH2 encrypted format)',
|
|
158
|
+
regex: /\b-----BEGIN SSH2 ENCRYPTED PRIVATE KEY-----\s*[\s\S]*?-----END SSH2 ENCRYPTED PRIVATE KEY-----\b/g,
|
|
159
|
+
matchAccuracy: 'high',
|
|
160
|
+
},
|
|
161
|
+
{
|
|
162
|
+
name: 'puttyPrivateKey',
|
|
163
|
+
description: 'PuTTY private key file',
|
|
164
|
+
regex: /\bPuTTY-User-Key-File-[23]:\s*[\s\S]*?Private-MAC:\b/g,
|
|
165
|
+
matchAccuracy: 'high',
|
|
166
|
+
},
|
|
167
|
+
{
|
|
168
|
+
name: 'pgpPrivateKey',
|
|
169
|
+
description: 'PGP private key block',
|
|
170
|
+
regex: /\b-----BEGIN PGP PRIVATE KEY BLOCK-----\s*[\s\S]*?-----END PGP PRIVATE KEY BLOCK-----\b/g,
|
|
171
|
+
matchAccuracy: 'high',
|
|
172
|
+
},
|
|
173
|
+
{
|
|
174
|
+
name: 'firebaseServiceAccountPrivateKey',
|
|
175
|
+
description: 'Firebase service account private key (JSON format)',
|
|
176
|
+
regex: /\b"private_key":\s*"-----BEGIN PRIVATE KEY-----\\n[a-zA-Z0-9+/=\\n]+\\n-----END PRIVATE KEY-----"\b/g,
|
|
177
|
+
matchAccuracy: 'high',
|
|
178
|
+
},
|
|
179
|
+
{
|
|
180
|
+
name: 'openvpnClientPrivateKey',
|
|
181
|
+
description: 'OpenVPN client private key',
|
|
182
|
+
regex: /\b<key>\s*-----BEGIN[^<]*-----END[^<]*<\/key>\b/g,
|
|
183
|
+
matchAccuracy: 'high',
|
|
184
|
+
},
|
|
185
|
+
{
|
|
186
|
+
name: 'dhParameters',
|
|
187
|
+
description: 'Diffie-Hellman parameters',
|
|
188
|
+
regex: /\b-----BEGIN DH PARAMETERS-----\s*[\s\S]*?-----END DH PARAMETERS-----\b/g,
|
|
189
|
+
matchAccuracy: 'high',
|
|
190
|
+
},
|
|
191
|
+
{
|
|
192
|
+
name: 'ageSecretKey',
|
|
193
|
+
description: 'Age encryption secret key',
|
|
194
|
+
regex: /\bAGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}\b/g,
|
|
195
|
+
matchAccuracy: 'high',
|
|
196
|
+
},
|
|
197
|
+
{
|
|
198
|
+
name: 'vaultBatchToken',
|
|
199
|
+
description: 'HashiCorp Vault batch token',
|
|
200
|
+
regex: /\bhvb\.[a-zA-Z0-9_-]{20,}\b/g,
|
|
201
|
+
matchAccuracy: 'high',
|
|
202
|
+
},
|
|
203
|
+
{
|
|
204
|
+
name: 'vaultServiceToken',
|
|
205
|
+
description: 'HashiCorp Vault service token',
|
|
206
|
+
regex: /\bhvs\.[a-zA-Z0-9_-]{20,}\b/g,
|
|
207
|
+
matchAccuracy: 'high',
|
|
208
|
+
},
|
|
209
|
+
{
|
|
210
|
+
name: 'vaultPeriodicToken',
|
|
211
|
+
description: 'HashiCorp Vault periodic token',
|
|
212
|
+
regex: /\bhvp\.[a-zA-Z0-9_-]{20,}\b/g,
|
|
213
|
+
matchAccuracy: 'high',
|
|
214
|
+
},
|
|
215
|
+
{
|
|
216
|
+
name: 'base64PrivateKeyContent',
|
|
217
|
+
description: 'Base64 encoded private key content',
|
|
218
|
+
regex: /\b(?:private[_-]?key|secret[_-]?key)\s*[:=]\s*["'][A-Za-z0-9+/]{64,}={0,2}["']\b/gi,
|
|
219
|
+
matchAccuracy: 'medium',
|
|
220
|
+
},
|
|
221
|
+
{
|
|
222
|
+
name: 'hexEncodedKey',
|
|
223
|
+
description: 'Hexadecimal encoded cryptographic key',
|
|
224
|
+
regex: /\b(?:key|secret)\s*[:=]\s*["'][a-fA-F0-9]{32,}["']\b/gi,
|
|
225
|
+
matchAccuracy: 'medium',
|
|
226
|
+
},
|
|
227
|
+
];
|
|
228
|
+
export const privateKeyPatterns = [
|
|
229
|
+
{
|
|
230
|
+
name: 'privateKeyPem',
|
|
231
|
+
description: 'Private key in PEM format (all key types)',
|
|
232
|
+
regex: /-----BEGIN\s+(?:(?:RSA|DSA|EC|OPENSSH|ENCRYPTED)\s+)?PRIVATE\s+KEY(?:\s+BLOCK)?-----[\s\S]*?-----END\s+(?:(?:RSA|DSA|EC|OPENSSH|ENCRYPTED)\s+)?PRIVATE\s+KEY(?:\s+BLOCK)?-----/g,
|
|
233
|
+
matchAccuracy: 'high',
|
|
234
|
+
},
|
|
235
|
+
{
|
|
236
|
+
name: 'pgpPrivateKeyBlock',
|
|
237
|
+
description: 'PGP private key block (BEGIN to END)',
|
|
238
|
+
regex: /-----BEGIN\s+PGP\s+PRIVATE\s+KEY\s+BLOCK-----[\s\S]*?-----END\s+PGP\s+PRIVATE\s+KEY\s+BLOCK-----/g,
|
|
239
|
+
matchAccuracy: 'high',
|
|
240
|
+
},
|
|
241
|
+
];
|
|
242
|
+
export const genericSecretPatterns = [
|
|
243
|
+
{
|
|
244
|
+
name: 'credentialsInUrl',
|
|
245
|
+
description: 'Credentials embedded in URL',
|
|
246
|
+
regex: /\b[a-zA-Z]{3,10}:\/\/[^\\/\s:@]{3,20}:[^\\/\s:@]{3,20}@[^\s'"]+\b/g,
|
|
247
|
+
matchAccuracy: 'high',
|
|
248
|
+
},
|
|
249
|
+
{
|
|
250
|
+
name: 'envVarSecrets',
|
|
251
|
+
description: 'Environment variable secrets (KEY, SECRET, TOKEN, PASSWORD)',
|
|
252
|
+
regex: /\b(?:\w+_)?(?:SECRET|secret|password|key|token|jwt_secret)(?:_\w+)?\s*=\s*["'][^"']{16,}["']/gi,
|
|
253
|
+
matchAccuracy: 'medium',
|
|
254
|
+
},
|
|
255
|
+
];
|
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
export const awsPatterns = [
|
|
2
|
+
{
|
|
3
|
+
name: 'awsAccessKeyId',
|
|
4
|
+
description: 'AWS access key ID',
|
|
5
|
+
regex: /\b((?:AKIA|ABIA|ACCA|ASIA)[A-Z0-9]{16})\b/g,
|
|
6
|
+
matchAccuracy: 'high',
|
|
7
|
+
},
|
|
8
|
+
{
|
|
9
|
+
name: 'awsAccountId',
|
|
10
|
+
description: 'AWS account ID',
|
|
11
|
+
regex: /\b['"]?(?:AWS|aws|Aws)?_?(?:ACCOUNT|account|Account)_?(?:ID|id|Id)?['"]?\s*(?::|=>|=)\s*['"]?[0-9]{12}['"]?\b/g,
|
|
12
|
+
matchAccuracy: 'high',
|
|
13
|
+
},
|
|
14
|
+
{
|
|
15
|
+
name: 'awsAppSyncApiKey',
|
|
16
|
+
description: 'AWS AppSync GraphQL API key',
|
|
17
|
+
regex: /\bda2-[a-z0-9]{26}\b/g,
|
|
18
|
+
matchAccuracy: 'high',
|
|
19
|
+
},
|
|
20
|
+
{
|
|
21
|
+
name: 'awsIamRoleArn',
|
|
22
|
+
description: 'AWS IAM role ARN',
|
|
23
|
+
regex: /\barn:aws:iam::[0-9]{12}:role\/[a-zA-Z0-9_+=,.@-]+\b/g,
|
|
24
|
+
matchAccuracy: 'high',
|
|
25
|
+
},
|
|
26
|
+
{
|
|
27
|
+
name: 'awsLambdaFunctionArn',
|
|
28
|
+
description: 'AWS Lambda function ARN',
|
|
29
|
+
regex: /\barn:aws:lambda:[a-z0-9-]+:[0-9]{12}:function:[a-zA-Z0-9_-]+\b/g,
|
|
30
|
+
matchAccuracy: 'high',
|
|
31
|
+
},
|
|
32
|
+
{
|
|
33
|
+
name: 'awsMwsAuthToken',
|
|
34
|
+
description: 'AWS MWS authentication token',
|
|
35
|
+
regex: /\bamzn\.mws\.[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\b/g,
|
|
36
|
+
matchAccuracy: 'high',
|
|
37
|
+
},
|
|
38
|
+
{
|
|
39
|
+
name: 'awsS3BucketArn',
|
|
40
|
+
description: 'AWS S3 bucket ARN',
|
|
41
|
+
regex: /\barn:aws:s3:::[a-zA-Z0-9._-]+\b/g,
|
|
42
|
+
matchAccuracy: 'high',
|
|
43
|
+
},
|
|
44
|
+
{
|
|
45
|
+
name: 'alibabaAccessKeyId',
|
|
46
|
+
description: 'Alibaba Cloud AccessKey ID',
|
|
47
|
+
regex: /\bLTAI[a-zA-Z0-9]{20}\b/g,
|
|
48
|
+
matchAccuracy: 'high',
|
|
49
|
+
},
|
|
50
|
+
{
|
|
51
|
+
name: 'awsSecretAccessKey',
|
|
52
|
+
description: 'AWS secret access key',
|
|
53
|
+
regex: /\b['"]?(?:AWS|aws|Aws)?_?(?:SECRET|secret|Secret)_?(?:ACCESS|access|Access)_?(?:KEY|key|Key)['"]?\s*(?::|=>|=)\s*['"]?[A-Za-z0-9/+=]{40}['"]?\b/g,
|
|
54
|
+
matchAccuracy: 'high',
|
|
55
|
+
},
|
|
56
|
+
{
|
|
57
|
+
name: 'awsSessionToken',
|
|
58
|
+
description: 'AWS session token',
|
|
59
|
+
regex: /\b['"]?(?:AWS|aws|Aws)?_?(?:SESSION|session|Session)_?(?:TOKEN|token|Token)['"]?\s*(?::|=>|=)\s*['"]?[A-Za-z0-9/+=]{200,}['"]?\b/g,
|
|
60
|
+
matchAccuracy: 'high',
|
|
61
|
+
},
|
|
62
|
+
{
|
|
63
|
+
name: 'awsSecretsManagerArn',
|
|
64
|
+
description: 'AWS Secrets Manager secret ARN',
|
|
65
|
+
regex: /\barn:aws:secretsmanager:[a-z0-9-]+:[0-9]{12}:secret:[a-zA-Z0-9/_+=.@-]+\b/g,
|
|
66
|
+
matchAccuracy: 'high',
|
|
67
|
+
},
|
|
68
|
+
];
|