@octocodeai/octocode-engine 16.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +558 -0
- package/dist/lsp/client.d.ts +28 -0
- package/dist/lsp/client.js +98 -0
- package/dist/lsp/config.d.ts +3 -0
- package/dist/lsp/config.js +7 -0
- package/dist/lsp/evidence.d.ts +4 -0
- package/dist/lsp/evidence.js +28 -0
- package/dist/lsp/index.d.ts +7 -0
- package/dist/lsp/index.js +6 -0
- package/dist/lsp/initConstants.d.ts +4 -0
- package/dist/lsp/initConstants.js +27 -0
- package/dist/lsp/lspClientPool.d.ts +27 -0
- package/dist/lsp/lspClientPool.js +87 -0
- package/dist/lsp/lspErrorCodes.d.ts +12 -0
- package/dist/lsp/lspErrorCodes.js +12 -0
- package/dist/lsp/manager.d.ts +23 -0
- package/dist/lsp/manager.js +94 -0
- package/dist/lsp/native.d.ts +35 -0
- package/dist/lsp/native.js +3 -0
- package/dist/lsp/resolver.d.ts +26 -0
- package/dist/lsp/resolver.js +73 -0
- package/dist/lsp/schemas.d.ts +9 -0
- package/dist/lsp/schemas.js +30 -0
- package/dist/lsp/types.d.ts +85 -0
- package/dist/lsp/types.js +1 -0
- package/dist/lsp/uri.d.ts +15 -0
- package/dist/lsp/uri.js +24 -0
- package/dist/lsp/validation.d.ts +6 -0
- package/dist/lsp/validation.js +23 -0
- package/dist/lsp/workspaceRoot.d.ts +2 -0
- package/dist/lsp/workspaceRoot.js +7 -0
- package/dist/security/commandUtils.d.ts +1 -0
- package/dist/security/commandUtils.js +7 -0
- package/dist/security/commandValidator.d.ts +7 -0
- package/dist/security/commandValidator.js +472 -0
- package/dist/security/contentSanitizer.d.ts +2 -0
- package/dist/security/contentSanitizer.js +181 -0
- package/dist/security/filePatterns.d.ts +1 -0
- package/dist/security/filePatterns.js +209 -0
- package/dist/security/ignoredPathFilter.d.ts +3 -0
- package/dist/security/ignoredPathFilter.js +72 -0
- package/dist/security/index.d.ts +16 -0
- package/dist/security/index.js +13 -0
- package/dist/security/mask.d.ts +1 -0
- package/dist/security/mask.js +49 -0
- package/dist/security/maskUtils.d.ts +1 -0
- package/dist/security/maskUtils.js +7 -0
- package/dist/security/native.d.ts +9 -0
- package/dist/security/native.js +161 -0
- package/dist/security/paramExtractors.d.ts +7 -0
- package/dist/security/paramExtractors.js +75 -0
- package/dist/security/pathPatterns.d.ts +1 -0
- package/dist/security/pathPatterns.js +26 -0
- package/dist/security/pathUtils.d.ts +1 -0
- package/dist/security/pathUtils.js +37 -0
- package/dist/security/pathValidator.d.ts +22 -0
- package/dist/security/pathValidator.js +229 -0
- package/dist/security/regexes/ai-providers.d.ts +2 -0
- package/dist/security/regexes/ai-providers.js +177 -0
- package/dist/security/regexes/analytics.d.ts +2 -0
- package/dist/security/regexes/analytics.js +50 -0
- package/dist/security/regexes/auth-crypto.d.ts +6 -0
- package/dist/security/regexes/auth-crypto.js +255 -0
- package/dist/security/regexes/aws.d.ts +2 -0
- package/dist/security/regexes/aws.js +68 -0
- package/dist/security/regexes/cloudProviders.d.ts +2 -0
- package/dist/security/regexes/cloudProviders.js +328 -0
- package/dist/security/regexes/communications.d.ts +4 -0
- package/dist/security/regexes/communications.js +260 -0
- package/dist/security/regexes/databases.d.ts +2 -0
- package/dist/security/regexes/databases.js +135 -0
- package/dist/security/regexes/devTools.d.ts +2 -0
- package/dist/security/regexes/devTools.js +236 -0
- package/dist/security/regexes/index.d.ts +3 -0
- package/dist/security/regexes/index.js +31 -0
- package/dist/security/regexes/monitoring.d.ts +2 -0
- package/dist/security/regexes/monitoring.js +92 -0
- package/dist/security/regexes/payments-commerce.d.ts +3 -0
- package/dist/security/regexes/payments-commerce.js +197 -0
- package/dist/security/regexes/types.d.ts +2 -0
- package/dist/security/regexes/types.js +1 -0
- package/dist/security/regexes/vcs.d.ts +2 -0
- package/dist/security/regexes/vcs.js +105 -0
- package/dist/security/registry.d.ts +48 -0
- package/dist/security/registry.js +156 -0
- package/dist/security/securityConstants.d.ts +3 -0
- package/dist/security/securityConstants.js +12 -0
- package/dist/security/types.d.ts +35 -0
- package/dist/security/types.js +1 -0
- package/dist/security/withSecurityValidation.d.ts +21 -0
- package/dist/security/withSecurityValidation.js +107 -0
- package/index.cjs +97 -0
- package/index.d.ts +934 -0
- package/index.js +652 -0
- package/package.json +311 -0
|
@@ -0,0 +1,135 @@
|
|
|
1
|
+
export const databasePatterns = [
|
|
2
|
+
{
|
|
3
|
+
name: 'postgresqlConnectionString',
|
|
4
|
+
description: 'PostgreSQL connection string with credentials',
|
|
5
|
+
regex: /\bpostgresql:\/\/[^:]+:[^@]+@[^/\s]+\/[^?\s]+\b/gi,
|
|
6
|
+
matchAccuracy: 'high',
|
|
7
|
+
},
|
|
8
|
+
{
|
|
9
|
+
name: 'mysqlConnectionString',
|
|
10
|
+
description: 'MySQL connection string with credentials',
|
|
11
|
+
regex: /\bmysql:\/\/[^:]+:[^@]+@[^/\s]+\/[^?\s]+\b/gi,
|
|
12
|
+
matchAccuracy: 'high',
|
|
13
|
+
},
|
|
14
|
+
{
|
|
15
|
+
name: 'jdbcConnectionStringWithCredentials',
|
|
16
|
+
description: 'JDBC connection string with embedded credentials',
|
|
17
|
+
regex: /\bjdbc:(?:postgresql|mysql):\/\/[^:]+:[^@]+@[^/\s]+\b/gi,
|
|
18
|
+
matchAccuracy: 'medium',
|
|
19
|
+
fileContext: /(?:\.env|config|settings|secrets)/i,
|
|
20
|
+
},
|
|
21
|
+
{
|
|
22
|
+
name: 'mongodbConnectionString',
|
|
23
|
+
description: 'MongoDB connection string with credentials (incl. mongodb+srv://)',
|
|
24
|
+
regex: /\bmongodb(?:\+srv)?:\/\/[a-zA-Z0-9._%-]+:[a-zA-Z0-9._%-]+@[a-zA-Z0-9._-]+(?::[0-9]+)?(?:\/[a-zA-Z0-9._-]*)?\b/g,
|
|
25
|
+
matchAccuracy: 'high',
|
|
26
|
+
},
|
|
27
|
+
{
|
|
28
|
+
name: 'redisConnectionString',
|
|
29
|
+
description: 'Redis connection string with credentials (incl. rediss:// TLS)',
|
|
30
|
+
regex: /\brediss?:\/\/[a-zA-Z0-9._%-]+:[a-zA-Z0-9._%-]+@[a-zA-Z0-9._-]+:[0-9]+\b/g,
|
|
31
|
+
matchAccuracy: 'high',
|
|
32
|
+
},
|
|
33
|
+
{
|
|
34
|
+
name: 'redisAuthPassword',
|
|
35
|
+
description: 'Redis AUTH password command',
|
|
36
|
+
regex: /^[ \t]*(?:(?:redis-cli(?:[ \t]+|>)|[a-zA-Z0-9_.-]+:\d+>[ \t]*))?AUTH[ \t]+(?:[a-zA-Z0-9_.@-]+[ \t]+)?[a-zA-Z0-9_-]{8,}\b/gm,
|
|
37
|
+
matchAccuracy: 'medium',
|
|
38
|
+
},
|
|
39
|
+
{
|
|
40
|
+
name: 'elasticsearchCredentials',
|
|
41
|
+
description: 'Elasticsearch credentials in URL',
|
|
42
|
+
regex: /\bhttps?:\/\/[^:]+:[^@]+@[^/\s]+:9200\b/gi,
|
|
43
|
+
matchAccuracy: 'high',
|
|
44
|
+
},
|
|
45
|
+
{
|
|
46
|
+
name: 'couchdbCredentials',
|
|
47
|
+
description: 'CouchDB credentials in URL',
|
|
48
|
+
regex: /\bhttp[s]?:\/\/[^:]+:[^@]+@[^/\s]+:5984\b/gi,
|
|
49
|
+
matchAccuracy: 'high',
|
|
50
|
+
},
|
|
51
|
+
{
|
|
52
|
+
name: 'neo4jCredentials',
|
|
53
|
+
description: 'Neo4j database credentials in URL',
|
|
54
|
+
regex: /\bbolt[s]?:\/\/[^:]+:[^@]+@[^/\s]+:7687\b/gi,
|
|
55
|
+
matchAccuracy: 'high',
|
|
56
|
+
},
|
|
57
|
+
{
|
|
58
|
+
name: 'timescaledbConnectionString',
|
|
59
|
+
description: 'TimescaleDB connection string with credentials',
|
|
60
|
+
regex: /\btimescaledb:\/\/[^:]+:[^@]+@[^/\s]+\/[^?\s]+\b/gi,
|
|
61
|
+
matchAccuracy: 'high',
|
|
62
|
+
},
|
|
63
|
+
{
|
|
64
|
+
name: 'clickhouseCredentials',
|
|
65
|
+
description: 'ClickHouse connection string with credentials',
|
|
66
|
+
regex: /\bclickhouse:\/\/[^:]+:[^@]+@[^/\s]+:8123\b/gi,
|
|
67
|
+
matchAccuracy: 'high',
|
|
68
|
+
},
|
|
69
|
+
{
|
|
70
|
+
name: 'cassandraConnectionString',
|
|
71
|
+
description: 'Cassandra connection string with credentials',
|
|
72
|
+
regex: /\bcassandra:\/\/[^:]+:[^@]+@[^/\s]+:9042\b/gi,
|
|
73
|
+
matchAccuracy: 'high',
|
|
74
|
+
},
|
|
75
|
+
{
|
|
76
|
+
name: 'faunadbKey',
|
|
77
|
+
description: 'FaunaDB secret key',
|
|
78
|
+
regex: /\bfn[a-zA-Z0-9]{40}\b/g,
|
|
79
|
+
matchAccuracy: 'high',
|
|
80
|
+
},
|
|
81
|
+
{
|
|
82
|
+
name: 'databricksApiToken',
|
|
83
|
+
description: 'Databricks API token',
|
|
84
|
+
regex: /\bdapi[a-f0-9]{32}(?:-\d)?\b/g,
|
|
85
|
+
matchAccuracy: 'high',
|
|
86
|
+
},
|
|
87
|
+
{
|
|
88
|
+
name: 'pineconeApiKey',
|
|
89
|
+
description: 'Pinecone API key',
|
|
90
|
+
regex: /\bpinecone[\s\w]*(?:api|key|env)[\s:=]*["']?[a-zA-Z0-9_-]{32}["']?\b/gi,
|
|
91
|
+
matchAccuracy: 'medium',
|
|
92
|
+
},
|
|
93
|
+
{
|
|
94
|
+
name: 'databaseUrlWithCredentials',
|
|
95
|
+
description: 'Generic database URL with embedded credentials',
|
|
96
|
+
regex: /\b(?:postgres|mysql|mongodb|redis):\/\/[^:]+:[^@]+@[^/\s]+\b/gi,
|
|
97
|
+
matchAccuracy: 'medium',
|
|
98
|
+
},
|
|
99
|
+
{
|
|
100
|
+
name: 'clickhouseCloudApiKey',
|
|
101
|
+
description: 'ClickHouse Cloud API secret key',
|
|
102
|
+
regex: /\b4b1d[A-Za-z0-9]{38}\b/g,
|
|
103
|
+
matchAccuracy: 'high',
|
|
104
|
+
},
|
|
105
|
+
{
|
|
106
|
+
name: 'neonDatabaseConnectionString',
|
|
107
|
+
description: 'Neon database connection string',
|
|
108
|
+
regex: /\bpostgres:\/\/[^:]+:[^@]+@[^/\s]*neon\.tech[^?\s]*\b/gi,
|
|
109
|
+
matchAccuracy: 'high',
|
|
110
|
+
},
|
|
111
|
+
{
|
|
112
|
+
name: 'tursoDatabaseToken',
|
|
113
|
+
description: 'Turso database auth token',
|
|
114
|
+
regex: /\b['"]?(?:turso|libsql)(?:[\s\w.-]{0,20})(?:token|auth)['"]?\s*(?::|=>|=)\s*['"]?[a-zA-Z0-9._-]{50,}['"]?\b/gi,
|
|
115
|
+
matchAccuracy: 'medium',
|
|
116
|
+
},
|
|
117
|
+
{
|
|
118
|
+
name: 'upstashRedisToken',
|
|
119
|
+
description: 'Upstash Redis REST token',
|
|
120
|
+
regex: /\b['"]?(?:upstash)(?:[\s\w.-]{0,20})(?:token|key)['"]?\s*(?::|=>|=)\s*['"]?[a-zA-Z0-9=]{40,}['"]?\b/gi,
|
|
121
|
+
matchAccuracy: 'medium',
|
|
122
|
+
},
|
|
123
|
+
{
|
|
124
|
+
name: 'supabaseJwtKey',
|
|
125
|
+
description: 'Supabase anon or service_role key (JWT format)',
|
|
126
|
+
regex: /\b['"]?(?:SUPABASE|supabase)_?(?:ANON|SERVICE_ROLE|anon|service_role)?_?(?:KEY|key)['"]?\s*(?::|=>|=)\s*['"]?(eyJ[a-zA-Z0-9_-]{100,})['"]?\b/g,
|
|
127
|
+
matchAccuracy: 'high',
|
|
128
|
+
},
|
|
129
|
+
{
|
|
130
|
+
name: 'cockroachdbConnectionString',
|
|
131
|
+
description: 'CockroachDB connection string with credentials',
|
|
132
|
+
regex: /\bpostgresql:\/\/[^:]+:[^@]+@[^/\s]*cockroachlabs\.cloud[^?\s]*\b/gi,
|
|
133
|
+
matchAccuracy: 'high',
|
|
134
|
+
},
|
|
135
|
+
];
|
|
@@ -0,0 +1,236 @@
|
|
|
1
|
+
export const developerToolsPatterns = [
|
|
2
|
+
{
|
|
3
|
+
name: 'npmAccessToken',
|
|
4
|
+
description: 'NPM access token',
|
|
5
|
+
regex: /\bnpm_[a-zA-Z0-9]{36}\b/g,
|
|
6
|
+
matchAccuracy: 'high',
|
|
7
|
+
},
|
|
8
|
+
{
|
|
9
|
+
name: 'nugetApiKey',
|
|
10
|
+
description: 'NuGet API key',
|
|
11
|
+
regex: /\boy2[a-z0-9]{43}\b/g,
|
|
12
|
+
matchAccuracy: 'high',
|
|
13
|
+
},
|
|
14
|
+
{
|
|
15
|
+
name: 'artifactoryApiKey',
|
|
16
|
+
description: 'JFrog Artifactory API key',
|
|
17
|
+
regex: /\bAKCp[A-Za-z0-9]{69}\b/g,
|
|
18
|
+
matchAccuracy: 'high',
|
|
19
|
+
},
|
|
20
|
+
{
|
|
21
|
+
name: 'herokuApiKey',
|
|
22
|
+
description: 'Heroku API key',
|
|
23
|
+
regex: /\bheroku.*[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}\b/gi,
|
|
24
|
+
matchAccuracy: 'high',
|
|
25
|
+
},
|
|
26
|
+
{
|
|
27
|
+
name: 'terraformCloudToken',
|
|
28
|
+
description: 'Terraform Cloud API token',
|
|
29
|
+
regex: /\b[a-zA-Z0-9]{14}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9]{16}\b/g,
|
|
30
|
+
matchAccuracy: 'high',
|
|
31
|
+
},
|
|
32
|
+
{
|
|
33
|
+
name: 'pulumiAccessToken',
|
|
34
|
+
description: 'Pulumi access token',
|
|
35
|
+
regex: /\bpul-[a-f0-9]{40}\b/g,
|
|
36
|
+
matchAccuracy: 'high',
|
|
37
|
+
},
|
|
38
|
+
{
|
|
39
|
+
name: 'atlassianApiToken',
|
|
40
|
+
description: 'Atlassian API token (Jira/Confluence)',
|
|
41
|
+
regex: /\bATATT3[A-Za-z0-9_\-=]{186}\b/g,
|
|
42
|
+
matchAccuracy: 'high',
|
|
43
|
+
},
|
|
44
|
+
{
|
|
45
|
+
name: 'sourcegraphApiKey',
|
|
46
|
+
description: 'Sourcegraph API key',
|
|
47
|
+
regex: /\bsgp_[a-zA-Z0-9]{32}\b/g,
|
|
48
|
+
matchAccuracy: 'high',
|
|
49
|
+
},
|
|
50
|
+
{
|
|
51
|
+
name: 'linearApiKey',
|
|
52
|
+
description: 'Linear API key',
|
|
53
|
+
regex: /\blin_api_[0-9A-Za-z]{40}\b/g,
|
|
54
|
+
matchAccuracy: 'high',
|
|
55
|
+
},
|
|
56
|
+
{
|
|
57
|
+
name: 'notionIntegrationToken',
|
|
58
|
+
description: 'Notion integration token (new ntn_ format, post Sept 2024)',
|
|
59
|
+
regex: /\bntn_[a-zA-Z0-9_-]{43}\b/g,
|
|
60
|
+
matchAccuracy: 'high',
|
|
61
|
+
},
|
|
62
|
+
{
|
|
63
|
+
name: 'notionIntegrationTokenLegacy',
|
|
64
|
+
description: 'Notion integration token (legacy secret_ format, pre Sept 2024)',
|
|
65
|
+
regex: /\bsecret_[a-zA-Z0-9]{43}\b/g,
|
|
66
|
+
matchAccuracy: 'high',
|
|
67
|
+
},
|
|
68
|
+
{
|
|
69
|
+
name: 'stackhawkApiKey',
|
|
70
|
+
description: 'StackHawk API key',
|
|
71
|
+
regex: /\bhawk\.[0-9A-Za-z\-_]{20}\.[0-9A-Za-z\-_]{20}\b/g,
|
|
72
|
+
matchAccuracy: 'high',
|
|
73
|
+
},
|
|
74
|
+
{
|
|
75
|
+
name: 'sentryAuthToken',
|
|
76
|
+
description: 'Sentry authentication token',
|
|
77
|
+
regex: /\bsentry[\s\w]*(?:auth|token)[\s:=]*["']?[a-f0-9]{64}["']?\b/gi,
|
|
78
|
+
matchAccuracy: 'medium',
|
|
79
|
+
},
|
|
80
|
+
{
|
|
81
|
+
name: 'bugsnagApiKey',
|
|
82
|
+
description: 'Bugsnag API key',
|
|
83
|
+
regex: /\bbugsnag[\s\w]*(?:api|key)[\s:=]*["']?[a-f0-9]{32}["']?\b/gi,
|
|
84
|
+
matchAccuracy: 'medium',
|
|
85
|
+
},
|
|
86
|
+
{
|
|
87
|
+
name: 'rollbarAccessToken',
|
|
88
|
+
description: 'Rollbar access token',
|
|
89
|
+
regex: /\brollbar[\s\w]*(?:access|token)[\s:=]*["']?[a-f0-9]{32}["']?\b/gi,
|
|
90
|
+
matchAccuracy: 'medium',
|
|
91
|
+
},
|
|
92
|
+
{
|
|
93
|
+
name: 'postmanApiToken',
|
|
94
|
+
description: 'Postman API token',
|
|
95
|
+
regex: /\bPMAK-[a-f0-9]{24}-[a-f0-9]{34}\b/gi,
|
|
96
|
+
matchAccuracy: 'high',
|
|
97
|
+
},
|
|
98
|
+
{
|
|
99
|
+
name: 'prefectApiToken',
|
|
100
|
+
description: 'Prefect API token',
|
|
101
|
+
regex: /\bpnu_[a-zA-Z0-9]{36}\b/g,
|
|
102
|
+
matchAccuracy: 'high',
|
|
103
|
+
},
|
|
104
|
+
{
|
|
105
|
+
name: 'readmeApiToken',
|
|
106
|
+
description: 'Readme API token',
|
|
107
|
+
regex: /\brdme_[a-z0-9]{70}\b/g,
|
|
108
|
+
matchAccuracy: 'high',
|
|
109
|
+
},
|
|
110
|
+
{
|
|
111
|
+
name: 'rubygemsApiToken',
|
|
112
|
+
description: 'RubyGems API token',
|
|
113
|
+
regex: /\brubygems_[a-f0-9]{48}\b/g,
|
|
114
|
+
matchAccuracy: 'high',
|
|
115
|
+
},
|
|
116
|
+
{
|
|
117
|
+
name: 'clojarsApiToken',
|
|
118
|
+
description: 'Clojars API token',
|
|
119
|
+
regex: /\bCLOJARS_[a-z0-9]{60}\b/gi,
|
|
120
|
+
matchAccuracy: 'high',
|
|
121
|
+
},
|
|
122
|
+
{
|
|
123
|
+
name: 'snykApiToken',
|
|
124
|
+
description: 'Snyk API token',
|
|
125
|
+
regex: /\b['"]?(?:snyk[_.-]?(?:(?:api|oauth)[_.-]?)?(?:key|token))['"]?\s*(?::|=>|=)\s*['"]?[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}['"]?\b/gi,
|
|
126
|
+
matchAccuracy: 'high',
|
|
127
|
+
},
|
|
128
|
+
{
|
|
129
|
+
name: 'sonarqubeToken',
|
|
130
|
+
description: 'SonarQube/SonarCloud token',
|
|
131
|
+
regex: /\b(?:squ_|sqp_|sqa_)[a-z0-9=_-]{40}\b/gi,
|
|
132
|
+
matchAccuracy: 'high',
|
|
133
|
+
},
|
|
134
|
+
{
|
|
135
|
+
name: 'travisciAccessToken',
|
|
136
|
+
description: 'Travis CI access token',
|
|
137
|
+
regex: /\b['"]?(?:travis)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-z0-9]{22}['"]?\b/gi,
|
|
138
|
+
matchAccuracy: 'medium',
|
|
139
|
+
},
|
|
140
|
+
{
|
|
141
|
+
name: 'codecovAccessToken',
|
|
142
|
+
description: 'Codecov access token',
|
|
143
|
+
regex: /\b['"]?(?:codecov)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-z0-9]{32}['"]?\b/gi,
|
|
144
|
+
matchAccuracy: 'medium',
|
|
145
|
+
},
|
|
146
|
+
{
|
|
147
|
+
name: 'droneCiAccessToken',
|
|
148
|
+
description: 'DroneCI access token',
|
|
149
|
+
regex: /\b['"]?(?:droneci|drone)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-z0-9]{32}['"]?\b/gi,
|
|
150
|
+
matchAccuracy: 'medium',
|
|
151
|
+
},
|
|
152
|
+
{
|
|
153
|
+
name: 'octopusDeployApiKey',
|
|
154
|
+
description: 'Octopus Deploy API key',
|
|
155
|
+
regex: /\bAPI-[A-Z0-9]{26}\b/g,
|
|
156
|
+
matchAccuracy: 'high',
|
|
157
|
+
},
|
|
158
|
+
{
|
|
159
|
+
name: 'circleciToken',
|
|
160
|
+
description: 'CircleCI personal API token',
|
|
161
|
+
regex: /\b['"]?(?:circleci|circle)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-f0-9]{40}['"]?\b/gi,
|
|
162
|
+
matchAccuracy: 'medium',
|
|
163
|
+
},
|
|
164
|
+
{
|
|
165
|
+
name: 'buildkiteAgentToken',
|
|
166
|
+
description: 'Buildkite agent token',
|
|
167
|
+
regex: /\bbkagent_[a-f0-9]{40}\b/g,
|
|
168
|
+
matchAccuracy: 'high',
|
|
169
|
+
},
|
|
170
|
+
{
|
|
171
|
+
name: 'launchdarklyAccessToken',
|
|
172
|
+
description: 'LaunchDarkly access token',
|
|
173
|
+
regex: /\b['"]?(?:launchdarkly)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-z0-9=_-]{40}['"]?\b/gi,
|
|
174
|
+
matchAccuracy: 'medium',
|
|
175
|
+
},
|
|
176
|
+
{
|
|
177
|
+
name: 'algoliaApiKey',
|
|
178
|
+
description: 'Algolia API key',
|
|
179
|
+
regex: /\b['"]?(?:algolia)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-z0-9]{32}['"]?\b/gi,
|
|
180
|
+
matchAccuracy: 'medium',
|
|
181
|
+
},
|
|
182
|
+
{
|
|
183
|
+
name: 'clerkSecretKey',
|
|
184
|
+
description: 'Clerk secret key',
|
|
185
|
+
regex: /\bsk_(?:live|test)_[a-zA-Z0-9]{24,}\b/g,
|
|
186
|
+
matchAccuracy: 'high',
|
|
187
|
+
},
|
|
188
|
+
{
|
|
189
|
+
name: 'clerkPublishableKey',
|
|
190
|
+
description: 'Clerk publishable key',
|
|
191
|
+
regex: /\bpk_(?:live|test)_[a-zA-Z0-9]{24,}\b/g,
|
|
192
|
+
matchAccuracy: 'medium',
|
|
193
|
+
},
|
|
194
|
+
{
|
|
195
|
+
name: 'launchdarklySdkKey',
|
|
196
|
+
description: 'LaunchDarkly SDK key',
|
|
197
|
+
regex: /\bsdk-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}\b/g,
|
|
198
|
+
matchAccuracy: 'high',
|
|
199
|
+
},
|
|
200
|
+
{
|
|
201
|
+
name: 'vercelOidcToken',
|
|
202
|
+
description: 'Vercel OIDC token',
|
|
203
|
+
regex: /\b['"]?(?:VERCEL_OIDC_TOKEN)['"]?\s*(?::|=>|=)\s*['"]?eyJ[a-zA-Z0-9_-]{100,}['"]?\b/g,
|
|
204
|
+
matchAccuracy: 'high',
|
|
205
|
+
},
|
|
206
|
+
{
|
|
207
|
+
name: 'novuApiKey',
|
|
208
|
+
description: 'Novu API key',
|
|
209
|
+
regex: /\b['"]?(?:NOVU|novu)_?(?:API|api)?_?(?:KEY|key)['"]?\s*(?::|=>|=)\s*['"]?[a-zA-Z0-9]{32,}['"]?\b/gi,
|
|
210
|
+
matchAccuracy: 'medium',
|
|
211
|
+
},
|
|
212
|
+
{
|
|
213
|
+
name: 'triggerDevApiKey',
|
|
214
|
+
description: 'Trigger.dev API key',
|
|
215
|
+
regex: /\btr_(?:dev|prod)_[a-zA-Z0-9]{20,}\b/g,
|
|
216
|
+
matchAccuracy: 'high',
|
|
217
|
+
},
|
|
218
|
+
{
|
|
219
|
+
name: 'nxCloudAccessToken',
|
|
220
|
+
description: 'Nx Cloud access token',
|
|
221
|
+
regex: /\b['"]?(?:NX_CLOUD_ACCESS_TOKEN|nxCloudAccessToken)['"]?\s*(?::|=>|=)\s*['"]?[a-zA-Z0-9]{36,}['"]?\b/g,
|
|
222
|
+
matchAccuracy: 'medium',
|
|
223
|
+
},
|
|
224
|
+
{
|
|
225
|
+
name: 'depotToken',
|
|
226
|
+
description: 'Depot.dev build token',
|
|
227
|
+
regex: /\bdpt_[a-zA-Z0-9]{40,}\b/g,
|
|
228
|
+
matchAccuracy: 'high',
|
|
229
|
+
},
|
|
230
|
+
{
|
|
231
|
+
name: 'grafbaseApiKey',
|
|
232
|
+
description: 'Grafbase API key',
|
|
233
|
+
regex: /\b['"]?(?:GRAFBASE|grafbase)_?(?:API|api)?_?(?:KEY|key)['"]?\s*(?::|=>|=)\s*['"]?eyJ[a-zA-Z0-9_-]{50,}['"]?\b/gi,
|
|
234
|
+
matchAccuracy: 'medium',
|
|
235
|
+
},
|
|
236
|
+
];
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
import { aiProviderPatterns } from './ai-providers.js';
|
|
2
|
+
import { analyticsModernPatterns } from './analytics.js';
|
|
3
|
+
import { authPatterns, codeConfigPatterns, cryptographicPatterns, privateKeyPatterns, genericSecretPatterns, } from './auth-crypto.js';
|
|
4
|
+
import { awsPatterns } from './aws.js';
|
|
5
|
+
import { cloudProviderPatterns } from './cloudProviders.js';
|
|
6
|
+
import { slackPatterns, socialMediaPatterns, shippingLogisticsPatterns, } from './communications.js';
|
|
7
|
+
import { databasePatterns } from './databases.js';
|
|
8
|
+
import { developerToolsPatterns } from './devTools.js';
|
|
9
|
+
import { mappingMonitoringPatterns } from './monitoring.js';
|
|
10
|
+
import { paymentProviderPatterns, ecommerceContentPatterns, } from './payments-commerce.js';
|
|
11
|
+
import { versionControlPatterns } from './vcs.js';
|
|
12
|
+
export const allRegexPatterns = [
|
|
13
|
+
...aiProviderPatterns,
|
|
14
|
+
...analyticsModernPatterns,
|
|
15
|
+
...authPatterns,
|
|
16
|
+
...awsPatterns,
|
|
17
|
+
...cloudProviderPatterns,
|
|
18
|
+
...codeConfigPatterns,
|
|
19
|
+
...cryptographicPatterns,
|
|
20
|
+
...databasePatterns,
|
|
21
|
+
...developerToolsPatterns,
|
|
22
|
+
...ecommerceContentPatterns,
|
|
23
|
+
...genericSecretPatterns,
|
|
24
|
+
...mappingMonitoringPatterns,
|
|
25
|
+
...paymentProviderPatterns,
|
|
26
|
+
...privateKeyPatterns,
|
|
27
|
+
...shippingLogisticsPatterns,
|
|
28
|
+
...slackPatterns,
|
|
29
|
+
...socialMediaPatterns,
|
|
30
|
+
...versionControlPatterns,
|
|
31
|
+
];
|
|
@@ -0,0 +1,92 @@
|
|
|
1
|
+
export const mappingMonitoringPatterns = [
|
|
2
|
+
{
|
|
3
|
+
name: 'mapboxSecretToken',
|
|
4
|
+
description: 'Mapbox secret access token',
|
|
5
|
+
regex: /\bsk\.eyJ[a-zA-Z0-9._-]{87}\b/g,
|
|
6
|
+
matchAccuracy: 'high',
|
|
7
|
+
},
|
|
8
|
+
{
|
|
9
|
+
name: 'mapboxPublicToken',
|
|
10
|
+
description: 'Mapbox public access token',
|
|
11
|
+
regex: /\bpk\.eyJ[a-zA-Z0-9._-]{80,}\b/g,
|
|
12
|
+
matchAccuracy: 'high',
|
|
13
|
+
},
|
|
14
|
+
{
|
|
15
|
+
name: 'grafanaCloudApiKey',
|
|
16
|
+
description: 'Grafana Cloud API key',
|
|
17
|
+
regex: /\bglc_[a-zA-Z0-9]{32}\b/g,
|
|
18
|
+
matchAccuracy: 'high',
|
|
19
|
+
},
|
|
20
|
+
{
|
|
21
|
+
name: 'newRelicApiKey',
|
|
22
|
+
description: 'New Relic API key',
|
|
23
|
+
regex: /\bNRAK-[A-Z0-9]{27}\b/g,
|
|
24
|
+
matchAccuracy: 'high',
|
|
25
|
+
},
|
|
26
|
+
{
|
|
27
|
+
name: 'newRelicInsightKey',
|
|
28
|
+
description: 'New Relic Insights query key',
|
|
29
|
+
regex: /\bNRIK-[A-Z0-9]{32}\b/g,
|
|
30
|
+
matchAccuracy: 'high',
|
|
31
|
+
},
|
|
32
|
+
{
|
|
33
|
+
name: 'newRelicBrowserApiToken',
|
|
34
|
+
description: 'New Relic browser API token',
|
|
35
|
+
regex: /\bNRJS-[a-f0-9]{19}\b/g,
|
|
36
|
+
matchAccuracy: 'high',
|
|
37
|
+
},
|
|
38
|
+
{
|
|
39
|
+
name: 'newRelicInsertKey',
|
|
40
|
+
description: 'New Relic ingest insert key',
|
|
41
|
+
regex: /\bNRII-[a-z0-9-]{32}\b/gi,
|
|
42
|
+
matchAccuracy: 'high',
|
|
43
|
+
},
|
|
44
|
+
{
|
|
45
|
+
name: 'grafanaApiKey',
|
|
46
|
+
description: 'Grafana API key',
|
|
47
|
+
regex: /\beyJrIjoi[A-Za-z0-9]{70,400}={0,3}\b/gi,
|
|
48
|
+
matchAccuracy: 'high',
|
|
49
|
+
},
|
|
50
|
+
{
|
|
51
|
+
name: 'grafanaServiceAccountToken',
|
|
52
|
+
description: 'Grafana service account token',
|
|
53
|
+
regex: /\bglsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8}\b/g,
|
|
54
|
+
matchAccuracy: 'high',
|
|
55
|
+
},
|
|
56
|
+
{
|
|
57
|
+
name: 'sentryOrgToken',
|
|
58
|
+
description: 'Sentry organization token',
|
|
59
|
+
regex: /\bsntrys_eyJpYXQiO[a-zA-Z0-9+/]{10,200}(?:LCJyZWdpb25fdXJs|InJlZ2lvbl91cmwi|cmVnaW9uX3VybCI6)[a-zA-Z0-9+/]{10,200}={0,2}_[a-zA-Z0-9+/]{43}\b/g,
|
|
60
|
+
matchAccuracy: 'high',
|
|
61
|
+
},
|
|
62
|
+
{
|
|
63
|
+
name: 'sentryUserToken',
|
|
64
|
+
description: 'Sentry user token',
|
|
65
|
+
regex: /\bsntryu_[a-f0-9]{64}\b/g,
|
|
66
|
+
matchAccuracy: 'high',
|
|
67
|
+
},
|
|
68
|
+
{
|
|
69
|
+
name: 'sumoLogicAccessId',
|
|
70
|
+
description: 'SumoLogic access ID',
|
|
71
|
+
regex: /\b['"]?(?:sumo)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?su[a-zA-Z0-9]{12}['"]?\b/gi,
|
|
72
|
+
matchAccuracy: 'high',
|
|
73
|
+
},
|
|
74
|
+
{
|
|
75
|
+
name: 'splunkApiToken',
|
|
76
|
+
description: 'Splunk HEC token',
|
|
77
|
+
regex: /\b['"]?(?:splunk)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}['"]?\b/gi,
|
|
78
|
+
matchAccuracy: 'medium',
|
|
79
|
+
},
|
|
80
|
+
{
|
|
81
|
+
name: 'logdnaApiKey',
|
|
82
|
+
description: 'LogDNA/Mezmo API key',
|
|
83
|
+
regex: /\b['"]?(?:logdna|mezmo)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-f0-9]{32}['"]?\b/gi,
|
|
84
|
+
matchAccuracy: 'medium',
|
|
85
|
+
},
|
|
86
|
+
{
|
|
87
|
+
name: 'logglyToken',
|
|
88
|
+
description: 'Loggly customer token',
|
|
89
|
+
regex: /\b['"]?(?:loggly)(?:[\s\w.-]{0,20})['"]?\s*(?::|=>|=)\s*['"]?[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}['"]?\b/gi,
|
|
90
|
+
matchAccuracy: 'medium',
|
|
91
|
+
},
|
|
92
|
+
];
|