@runsec/mcp 1.0.71 → 1.0.72

package/dist/data/trufflehog-config.yaml

@@ -12,7 +12,7 @@
 # Дополнительно в этом файле (расширения репозитория):
 #   - ITS-002 Keycloak Client Secret Policy Violation
 #   - ITS-002 Vault Token Policy Violation
-# Для assignment-детекторов (key:=value) — exclude_regexes_match отсекает ${VAR}, $VAR, getenv и т.п.
+# Для assignment-детекторов (key:=value) — exclude_regexes отсекает ${VAR}, $VAR, getenv и т.п.
 # PCI-DSS / SOC2: криптография, object storage, telemetry — см. секцию COMPLIANCE в конце файла.
 # OAuth Client ID удалён (публичный идентификатор, не секрет).
 
@@ -47,7 +47,7 @@ detectors:
       - yandex-service-token
     regex:
       pattern: '(?i)(yandex[_-]?cloud[_-]?token|yc[_-]?iam[_-]?token|yandex[_-]?service[_-]?token)\s*[:=]\s*[''"]?[A-Za-z0-9_\-]{40,}[''"]?'
-    exclude_regexes_match:
+    exclude_regexes:
       - '\$\{[^}]+\}'
       - '\$[A-Z_][A-Z0-9_]*'
       - '%\([^)]+\)s'
@@ -62,7 +62,7 @@ detectors:
       - y360-api-token
     regex:
       pattern: '(?i)(yandex[_-]?360[_-]?token|y360[_-]?api[_-]?token)\s*[:=]\s*[''"]?[A-Za-z0-9_\-]{32,}[''"]?'
-    exclude_regexes_match:
+    exclude_regexes:
       - '\$\{[^}]+\}'
       - '\$[A-Z_][A-Z0-9_]*'
       - '%\([^)]+\)s'
@@ -77,7 +77,7 @@ detectors:
       - vcloud-api-token
     regex:
       pattern: '(?i)(vk[_-]?cloud[_-]?token|vcloud[_-]?api[_-]?token)\s*[:=]\s*[''"]?[A-Za-z0-9_\-]{40,}[''"]?'
-    exclude_regexes_match:
+    exclude_regexes:
       - '\$\{[^}]+\}'
       - '\$[A-Z_][A-Z0-9_]*'
       - '%\([^)]+\)s'
@@ -92,7 +92,7 @@ detectors:
       - vk-access-token
     regex:
       pattern: '(?i)(vk[_-]?oauth[_-]?token|vk[_-]?access[_-]?token)\s*[:=]\s*[''"]?[A-Za-z0-9_\-]{20,}[''"]?'
-    exclude_regexes_match:
+    exclude_regexes:
       - '\$\{[^}]+\}'
       - '\$[A-Z_][A-Z0-9_]*'
       - '%\([^)]+\)s'
@@ -107,7 +107,7 @@ detectors:
       - sber-cloud-api-token
     regex:
       pattern: '(?i)(sbercloud[_-]?token|sber[_-]?cloud[_-]?api[_-]?token)\s*[:=]\s*[''"]?[A-Za-z0-9_\-]{40,}[''"]?'
-    exclude_regexes_match:
+    exclude_regexes:
       - '\$\{[^}]+\}'
       - '\$[A-Z_][A-Z0-9_]*'
       - '%\([^)]+\)s'
@@ -123,7 +123,7 @@ detectors:
       - 1c-basic-auth
     regex:
       pattern: '(?i)(1c[_-]?api[_-]?token|1c[_-]?http[_-]?auth|1c[_-]?basic[_-]?auth)\s*[:=]\s*[''"]?[A-Za-z0-9_\-+/=]{20,}[''"]?'
-    exclude_regexes_match:
+    exclude_regexes:
       - '\$\{[^}]+\}'
       - '\$[A-Z_][A-Z0-9_]*'
       - '%\([^)]+\)s'
@@ -139,7 +139,7 @@ detectors:
       - bx24-token
     regex:
       pattern: '(?i)(bitrix24[_-]?token|bitrix[_-]?rest[_-]?token|bx24[_-]?token)\s*[:=]\s*[''"]?[A-Za-z0-9]{32,}[''"]?'
-    exclude_regexes_match:
+    exclude_regexes:
       - '\$\{[^}]+\}'
       - '\$[A-Z_][A-Z0-9_]*'
       - '%\([^)]+\)s'
@@ -187,7 +187,7 @@ detectors:
       - client_secret
     regex:
       pattern: '(?i)(client_secret)\s*[:=]\s*[''"]?[0-9A-Za-z\-._~]{16,}[''"]?'
-    exclude_regexes_match:
+    exclude_regexes:
       - '\$\{[^}]+\}'
       - '\$[A-Z_][A-Z0-9_]*'
       - '%\([^)]+\)s'
@@ -205,7 +205,7 @@ detectors:
       - KEYCLOAK_CLIENT_SECRET
     regex:
       pattern: '(?i)(oidc|oauth2|keycloak).*client[_-]?secret.*[:=]\s*[''"]?[0-9A-Za-z\-._~]{16,}[''"]?'
-    exclude_regexes_match:
+    exclude_regexes:
       - '\$\{[^}]+\}'
       - '\$[A-Z_][A-Z0-9_]*'
       - '%\([^)]+\)s'
@@ -221,7 +221,7 @@ detectors:
       - keycloak_client_secret
     regex:
       pattern: '(?i)(keycloak[_\.-]?client[_-]?secret|KEYCLOAK_CLIENT_SECRET)\s*[:=]\s*[''"]?[0-9A-Za-z\-._~]{12,}[''"]?'
-    exclude_regexes_match:
+    exclude_regexes:
       - '\$\{[^}]+\}'
       - '\$[A-Z_][A-Z0-9_]*'
       - '%\([^)]+\)s'
@@ -236,7 +236,7 @@ detectors:
       - client-secret
     regex:
       pattern: '(?i)spring\.security\.oauth2\.client\.registration\.[^.\s]+\.client-secret\s*=\s*[''"]?[0-9A-Za-z\-._~]{16,}[''"]?'
-    exclude_regexes_match:
+    exclude_regexes:
       - '\$\{[^}]+\}'
       - '\$[A-Z_][A-Z0-9_]*'
       - '%\([^)]+\)s'
@@ -285,7 +285,7 @@ detectors:
       - openvpn-key
     regex:
       pattern: '(?i)(vpn[_-]?user|vpn[_-]?login|vpn[_-]?password|vpn[_-]?cert|openvpn[_-]?key)\s*[:=]\s*[''"]?[A-Za-z0-9_\-+/=]{16,}[''"]?'
-    exclude_regexes_match:
+    exclude_regexes:
       - '\$\{[^}]+\}'
       - '\$[A-Z_][A-Z0-9_]*'
       - '%\([^)]+\)s'
@@ -302,7 +302,7 @@ detectors:
       - proxy-auth
     regex:
       pattern: '(?i)(proxy[_-]?user|proxy[_-]?login|proxy[_-]?password|proxy[_-]?auth)\s*[:=]\s*[''"]?[A-Za-z0-9_\-]{8,}[''"]?'
-    exclude_regexes_match:
+    exclude_regexes:
       - '\$\{[^}]+\}'
       - '\$[A-Z_][A-Z0-9_]*'
       - '%\([^)]+\)s'
@@ -318,7 +318,7 @@ detectors:
       - runner-registration-token
     regex:
       pattern: '(?i)(gitlab[_-]?runner[_-]?token|ci[_-]?cd[_-]?token|runner[_-]?registration[_-]?token)\s*[:=]\s*[''"]?[A-Za-z0-9_\-]{20,}[''"]?'
-    exclude_regexes_match:
+    exclude_regexes:
       - '\$\{[^}]+\}'
       - '\$[A-Z_][A-Z0-9_]*'
       - '%\([^)]+\)s'
@@ -335,7 +335,7 @@ detectors:
       - self-hosted-ci-token
     regex:
       pattern: '(?i)(jenkins[_-]?token|teamcity[_-]?token|bamboo[_-]?token|self[_-]?hosted[_-]?ci[_-]?token)\s*[:=]\s*[''"]?[A-Za-z0-9_\-]{20,}[''"]?'
-    exclude_regexes_match:
+    exclude_regexes:
       - '\$\{[^}]+\}'
       - '\$[A-Z_][A-Z0-9_]*'
       - '%\([^)]+\)s'
@@ -363,7 +363,7 @@ detectors:
       - vault-token
     regex:
       pattern: '(?i)(vault[_-]?token|VAULT_TOKEN)\s*[:=]\s*[''"]?(hvs\.CAES[A-Za-z0-9_\-]+|hvc\.CAES[A-Za-z0-9_\-]+|s\.[A-Za-z0-9_\-]{8,})[''"]?'
-    exclude_regexes_match:
+    exclude_regexes:
       - '\$\{[^}]+\}'
       - '\$[A-Z_][A-Z0-9_]*'
       - '%\([^)]+\)s'
@@ -397,7 +397,7 @@ detectors:
       - registry.npmjs.org_auth
     regex:
       pattern: '(?i)(_authToken|_auth|registry\.npmjs\.org[_-]?auth)\s*=\s*[A-Za-z0-9_\-=]{20,}'
-    exclude_regexes_match:
+    exclude_regexes:
       - '\$\{[^}]+\}'
       - '\$[A-Z_][A-Z0-9_]*'
       - '%\([^)]+\)s'
@@ -414,7 +414,7 @@ detectors:
       - elasticsearch.password
     regex:
       pattern: '(?i)(xpack\.security\.(user|password)|cloud\.auth|api_key|elasticsearch\.password)\s*[:=]\s*[''"]?[A-Za-z0-9_\-=]{16,}[''"]?'
-    exclude_regexes_match:
+    exclude_regexes:
       - '\$\{[^}]+\}'
       - '\$[A-Z_][A-Z0-9_]*'
       - '%\([^)]+\)s'
@@ -438,7 +438,7 @@ detectors:
       - sasl.password
     regex:
       pattern: '(?i)(sasl\.(jaas\.config|username|password)|org\.apache\.kafka\.common\.security\.plain\.(username|password))\s*[:=]\s*[''"]?[^''"\s]{8,}[''"]?'
-    exclude_regexes_match:
+    exclude_regexes:
       - '\$\{[^}]+\}'
       - '\$[A-Z_][A-Z0-9_]*'
       - '%\([^)]+\)s'
@@ -454,7 +454,7 @@ detectors:
       - x-api-token
     regex:
       pattern: '(?i)(x-api-key|x-auth-token|x-api-token)\s*[:=]\s*[''"]?[0-9A-Za-z\-._~]{24,}[''"]?'
-    exclude_regexes_match:
+    exclude_regexes:
       - '\$\{[^}]+\}'
       - '\$[A-Z_][A-Z0-9_]*'
       - '%\([^)]+\)s'
@@ -487,7 +487,7 @@ detectors:
       - apikey
     regex:
       pattern: '(?i)(password|passwd|pwd|secret|key|token|salt|api_key|apikey)\s*[:=]\s*[''"][^''"]{8,}[''"]'
-    exclude_regexes_match:
+    exclude_regexes:
       - '\$\{[^}]+\}'
       - '\$[A-Z_][A-Z0-9_]*'
       - '%\([^)]+\)s'
@@ -503,7 +503,7 @@ detectors:
       - apikey
     regex:
       pattern: '(?i)(api[_-]?key|apikey)\s*[:=]\s*[''"]?[0-9A-Za-z_\-]{32,}[''"]?'
-    exclude_regexes_match:
+    exclude_regexes:
       - '\$\{[^}]+\}'
       - '\$[A-Z_][A-Z0-9_]*'
       - '%\([^)]+\)s'
@@ -519,7 +519,7 @@ detectors:
       - password
     regex:
       pattern: '(?i)(secret|token|password|passwd)\s*[:=]\s*[''"]?[0-9A-Za-z_\-]{40,}[''"]?'
-    exclude_regexes_match:
+    exclude_regexes:
       - '\$\{[^}]+\}'
       - '\$[A-Z_][A-Z0-9_]*'
       - '%\([^)]+\)s'
@@ -538,7 +538,7 @@ detectors:
       - e-mail
     regex:
       pattern: '(?i)(?:email|e-mail)\s*[:=]\s*[\x27"]?(?!.*@(example\.(com|org|net)|test\.|mock\.|localhost|invalid|\.test|\.example|noreply\.|no-reply\.|fixture\.|sample\.|dummy\.|placeholder\.))[a-z0-9._%+-]+@[a-z0-9][a-z0-9.-]*\.[a-z]{2,}[\x27"]?'
-    exclude_regexes_match:
+    exclude_regexes:
       - '@example\.(com|org|net)'
       - '@test\.'
       - '@mock\.'
@@ -622,7 +622,7 @@ detectors:
       - secret_salt
     regex:
       pattern: '(?i)(aes[_-]?key|encryption[_-]?key|secret[_-]?salt)\s*[:=]\s*[''"][A-Za-z0-9+/=]{32,}[''"]'
-    exclude_regexes_match:
+    exclude_regexes:
       - '\$\{[^}]+\}'
       - '\$[A-Z_][A-Z0-9_]*'
       - '%\([^)]+\)s'
@@ -657,7 +657,7 @@ detectors:
       - redis_pass
     regex:
       pattern: '(?i)(redis[_-]?(password|pass|pwd))\s*[:=]\s*[\x27"][^\x27"\s]{8,}[\x27"]'
-    exclude_regexes_match:
+    exclude_regexes:
       - '\$\{[^}]+\}'
       - '\$[A-Z_][A-Z0-9_]*'
       - '%\([^)]+\)s'

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@runsec/mcp",
-  "version": "1.0.71",
+  "version": "1.0.72",
   "main": "dist/index.js",
   "files": [
     "dist",