@runsec/mcp 1.0.71 → 1.0.73

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/data/trufflehog-config.yaml +1 -213
  2. package/package.json +1 -1
package/dist/data/trufflehog-config.yaml CHANGED
@@ -12,7 +12,7 @@
12
12
  # Дополнительно в этом файле (расширения репозитория):
13
13
  # - ITS-002 Keycloak Client Secret Policy Violation
14
14
  # - ITS-002 Vault Token Policy Violation
15
- # Для assignment-детекторов (key:=value) exclude_regexes_match отсекает ${VAR}, $VAR, getenv и т.п.
15
+ # Env/placeholder filtering for assignment-style matches: cognitiveEngine.ts (not TruffleHog schema).
16
16
  # PCI-DSS / SOC2: криптография, object storage, telemetry — см. секцию COMPLIANCE в конце файла.
17
17
  # OAuth Client ID удалён (публичный идентификатор, не секрет).
18
18
 
@@ -47,14 +47,6 @@ detectors:
47
47
  - yandex-service-token
48
48
  regex:
49
49
  pattern: '(?i)(yandex[_-]?cloud[_-]?token|yc[_-]?iam[_-]?token|yandex[_-]?service[_-]?token)\s*[:=]\s*[''"]?[A-Za-z0-9_\-]{40,}[''"]?'
50
- exclude_regexes_match:
51
- - '\$\{[^}]+\}'
52
- - '\$[A-Z_][A-Z0-9_]*'
53
- - '%\([^)]+\)s'
54
- - 'process\.env\.'
55
- - 'os\.getenv\('
56
- - 'getenv\('
57
- - 'environ\['
58
50
 
59
51
  - name: Yandex 360 API Token
60
52
  keywords:
@@ -62,14 +54,6 @@ detectors:
62
54
  - y360-api-token
63
55
  regex:
64
56
  pattern: '(?i)(yandex[_-]?360[_-]?token|y360[_-]?api[_-]?token)\s*[:=]\s*[''"]?[A-Za-z0-9_\-]{32,}[''"]?'
65
- exclude_regexes_match:
66
- - '\$\{[^}]+\}'
67
- - '\$[A-Z_][A-Z0-9_]*'
68
- - '%\([^)]+\)s'
69
- - 'process\.env\.'
70
- - 'os\.getenv\('
71
- - 'getenv\('
72
- - 'environ\['
73
57
 
74
58
  - name: VK Cloud API Token
75
59
  keywords:
@@ -77,14 +61,6 @@ detectors:
77
61
  - vcloud-api-token
78
62
  regex:
79
63
  pattern: '(?i)(vk[_-]?cloud[_-]?token|vcloud[_-]?api[_-]?token)\s*[:=]\s*[''"]?[A-Za-z0-9_\-]{40,}[''"]?'
80
- exclude_regexes_match:
81
- - '\$\{[^}]+\}'
82
- - '\$[A-Z_][A-Z0-9_]*'
83
- - '%\([^)]+\)s'
84
- - 'process\.env\.'
85
- - 'os\.getenv\('
86
- - 'getenv\('
87
- - 'environ\['
88
64
 
89
65
  - name: VK OAuth Token
90
66
  keywords:
@@ -92,14 +68,6 @@ detectors:
92
68
  - vk-access-token
93
69
  regex:
94
70
  pattern: '(?i)(vk[_-]?oauth[_-]?token|vk[_-]?access[_-]?token)\s*[:=]\s*[''"]?[A-Za-z0-9_\-]{20,}[''"]?'
95
- exclude_regexes_match:
96
- - '\$\{[^}]+\}'
97
- - '\$[A-Z_][A-Z0-9_]*'
98
- - '%\([^)]+\)s'
99
- - 'process\.env\.'
100
- - 'os\.getenv\('
101
- - 'getenv\('
102
- - 'environ\['
103
71
 
104
72
  - name: SberCloud API Token
105
73
  keywords:
@@ -107,14 +75,6 @@ detectors:
107
75
  - sber-cloud-api-token
108
76
  regex:
109
77
  pattern: '(?i)(sbercloud[_-]?token|sber[_-]?cloud[_-]?api[_-]?token)\s*[:=]\s*[''"]?[A-Za-z0-9_\-]{40,}[''"]?'
110
- exclude_regexes_match:
111
- - '\$\{[^}]+\}'
112
- - '\$[A-Z_][A-Z0-9_]*'
113
- - '%\([^)]+\)s'
114
- - 'process\.env\.'
115
- - 'os\.getenv\('
116
- - 'getenv\('
117
- - 'environ\['
118
78
 
119
79
  - name: 1C HTTP API Token
120
80
  keywords:
@@ -123,14 +83,6 @@ detectors:
123
83
  - 1c-basic-auth
124
84
  regex:
125
85
  pattern: '(?i)(1c[_-]?api[_-]?token|1c[_-]?http[_-]?auth|1c[_-]?basic[_-]?auth)\s*[:=]\s*[''"]?[A-Za-z0-9_\-+/=]{20,}[''"]?'
126
- exclude_regexes_match:
127
- - '\$\{[^}]+\}'
128
- - '\$[A-Z_][A-Z0-9_]*'
129
- - '%\([^)]+\)s'
130
- - 'process\.env\.'
131
- - 'os\.getenv\('
132
- - 'getenv\('
133
- - 'environ\['
134
86
 
135
87
  - name: Bitrix24 REST Token
136
88
  keywords:
@@ -139,14 +91,6 @@ detectors:
139
91
  - bx24-token
140
92
  regex:
141
93
  pattern: '(?i)(bitrix24[_-]?token|bitrix[_-]?rest[_-]?token|bx24[_-]?token)\s*[:=]\s*[''"]?[A-Za-z0-9]{32,}[''"]?'
142
- exclude_regexes_match:
143
- - '\$\{[^}]+\}'
144
- - '\$[A-Z_][A-Z0-9_]*'
145
- - '%\([^)]+\)s'
146
- - 'process\.env\.'
147
- - 'os\.getenv\('
148
- - 'getenv\('
149
- - 'environ\['
150
94
 
151
95
  # ============================================================================
152
96
  # CREDENTIALS IN URL (BASIC AUTH)
@@ -187,14 +131,6 @@ detectors:
187
131
  - client_secret
188
132
  regex:
189
133
  pattern: '(?i)(client_secret)\s*[:=]\s*[''"]?[0-9A-Za-z\-._~]{16,}[''"]?'
190
- exclude_regexes_match:
191
- - '\$\{[^}]+\}'
192
- - '\$[A-Z_][A-Z0-9_]*'
193
- - '%\([^)]+\)s'
194
- - 'process\.env\.'
195
- - 'os\.getenv\('
196
- - 'getenv\('
197
- - 'environ\['
198
134
 
199
135
  # OAuth Client ID — removed: public identifier, not a secret (PCI-DSS/SOC2 noise reduction).
200
136
 
@@ -205,14 +141,6 @@ detectors:
205
141
  - KEYCLOAK_CLIENT_SECRET
206
142
  regex:
207
143
  pattern: '(?i)(oidc|oauth2|keycloak).*client[_-]?secret.*[:=]\s*[''"]?[0-9A-Za-z\-._~]{16,}[''"]?'
208
- exclude_regexes_match:
209
- - '\$\{[^}]+\}'
210
- - '\$[A-Z_][A-Z0-9_]*'
211
- - '%\([^)]+\)s'
212
- - 'process\.env\.'
213
- - 'os\.getenv\('
214
- - 'getenv\('
215
- - 'environ\['
216
144
 
217
145
  - name: ITS-002 Keycloak Client Secret Policy Violation
218
146
  keywords:
@@ -221,14 +149,6 @@ detectors:
221
149
  - keycloak_client_secret
222
150
  regex:
223
151
  pattern: '(?i)(keycloak[_\.-]?client[_-]?secret|KEYCLOAK_CLIENT_SECRET)\s*[:=]\s*[''"]?[0-9A-Za-z\-._~]{12,}[''"]?'
224
- exclude_regexes_match:
225
- - '\$\{[^}]+\}'
226
- - '\$[A-Z_][A-Z0-9_]*'
227
- - '%\([^)]+\)s'
228
- - 'process\.env\.'
229
- - 'os\.getenv\('
230
- - 'getenv\('
231
- - 'environ\['
232
152
 
233
153
  - name: Spring OAuth2 Client Secret
234
154
  keywords:
@@ -236,14 +156,6 @@ detectors:
236
156
  - client-secret
237
157
  regex:
238
158
  pattern: '(?i)spring\.security\.oauth2\.client\.registration\.[^.\s]+\.client-secret\s*=\s*[''"]?[0-9A-Za-z\-._~]{16,}[''"]?'
239
- exclude_regexes_match:
240
- - '\$\{[^}]+\}'
241
- - '\$[A-Z_][A-Z0-9_]*'
242
- - '%\([^)]+\)s'
243
- - 'process\.env\.'
244
- - 'os\.getenv\('
245
- - 'getenv\('
246
- - 'environ\['
247
159
 
248
160
  # ============================================================================
249
161
  # GITLAB / GITHUB TOKENS (Custom - keep for consistency)
@@ -285,14 +197,6 @@ detectors:
285
197
  - openvpn-key
286
198
  regex:
287
199
  pattern: '(?i)(vpn[_-]?user|vpn[_-]?login|vpn[_-]?password|vpn[_-]?cert|openvpn[_-]?key)\s*[:=]\s*[''"]?[A-Za-z0-9_\-+/=]{16,}[''"]?'
288
- exclude_regexes_match:
289
- - '\$\{[^}]+\}'
290
- - '\$[A-Z_][A-Z0-9_]*'
291
- - '%\([^)]+\)s'
292
- - 'process\.env\.'
293
- - 'os\.getenv\('
294
- - 'getenv\('
295
- - 'environ\['
296
200
 
297
201
  - name: Proxy Credentials
298
202
  keywords:
@@ -302,14 +206,6 @@ detectors:
302
206
  - proxy-auth
303
207
  regex:
304
208
  pattern: '(?i)(proxy[_-]?user|proxy[_-]?login|proxy[_-]?password|proxy[_-]?auth)\s*[:=]\s*[''"]?[A-Za-z0-9_\-]{8,}[''"]?'
305
- exclude_regexes_match:
306
- - '\$\{[^}]+\}'
307
- - '\$[A-Z_][A-Z0-9_]*'
308
- - '%\([^)]+\)s'
309
- - 'process\.env\.'
310
- - 'os\.getenv\('
311
- - 'getenv\('
312
- - 'environ\['
313
209
 
314
210
  - name: GitLab Runner Token
315
211
  keywords:
@@ -318,14 +214,6 @@ detectors:
318
214
  - runner-registration-token
319
215
  regex:
320
216
  pattern: '(?i)(gitlab[_-]?runner[_-]?token|ci[_-]?cd[_-]?token|runner[_-]?registration[_-]?token)\s*[:=]\s*[''"]?[A-Za-z0-9_\-]{20,}[''"]?'
321
- exclude_regexes_match:
322
- - '\$\{[^}]+\}'
323
- - '\$[A-Z_][A-Z0-9_]*'
324
- - '%\([^)]+\)s'
325
- - 'process\.env\.'
326
- - 'os\.getenv\('
327
- - 'getenv\('
328
- - 'environ\['
329
217
 
330
218
  - name: Self-Hosted CI/CD Token
331
219
  keywords:
@@ -335,14 +223,6 @@ detectors:
335
223
  - self-hosted-ci-token
336
224
  regex:
337
225
  pattern: '(?i)(jenkins[_-]?token|teamcity[_-]?token|bamboo[_-]?token|self[_-]?hosted[_-]?ci[_-]?token)\s*[:=]\s*[''"]?[A-Za-z0-9_\-]{20,}[''"]?'
338
- exclude_regexes_match:
339
- - '\$\{[^}]+\}'
340
- - '\$[A-Z_][A-Z0-9_]*'
341
- - '%\([^)]+\)s'
342
- - 'process\.env\.'
343
- - 'os\.getenv\('
344
- - 'getenv\('
345
- - 'environ\['
346
226
 
347
227
  # ============================================================================
348
228
  # INFRASTRUCTURE (Vault, Atlassian, Grafana, Nexus/NPM, Elastic, 1C, Kafka)
@@ -363,14 +243,6 @@ detectors:
363
243
  - vault-token
364
244
  regex:
365
245
  pattern: '(?i)(vault[_-]?token|VAULT_TOKEN)\s*[:=]\s*[''"]?(hvs\.CAES[A-Za-z0-9_\-]+|hvc\.CAES[A-Za-z0-9_\-]+|s\.[A-Za-z0-9_\-]{8,})[''"]?'
366
- exclude_regexes_match:
367
- - '\$\{[^}]+\}'
368
- - '\$[A-Z_][A-Z0-9_]*'
369
- - '%\([^)]+\)s'
370
- - 'process\.env\.'
371
- - 'os\.getenv\('
372
- - 'getenv\('
373
- - 'environ\['
374
246
 
375
247
  - name: Atlassian API Token
376
248
  keywords:
@@ -397,14 +269,6 @@ detectors:
397
269
  - registry.npmjs.org_auth
398
270
  regex:
399
271
  pattern: '(?i)(_authToken|_auth|registry\.npmjs\.org[_-]?auth)\s*=\s*[A-Za-z0-9_\-=]{20,}'
400
- exclude_regexes_match:
401
- - '\$\{[^}]+\}'
402
- - '\$[A-Z_][A-Z0-9_]*'
403
- - '%\([^)]+\)s'
404
- - 'process\.env\.'
405
- - 'os\.getenv\('
406
- - 'getenv\('
407
- - 'environ\['
408
272
 
409
273
  - name: Elasticsearch OpenSearch Auth
410
274
  keywords:
@@ -414,14 +278,6 @@ detectors:
414
278
  - elasticsearch.password
415
279
  regex:
416
280
  pattern: '(?i)(xpack\.security\.(user|password)|cloud\.auth|api_key|elasticsearch\.password)\s*[:=]\s*[''"]?[A-Za-z0-9_\-=]{16,}[''"]?'
417
- exclude_regexes_match:
418
- - '\$\{[^}]+\}'
419
- - '\$[A-Z_][A-Z0-9_]*'
420
- - '%\([^)]+\)s'
421
- - 'process\.env\.'
422
- - 'os\.getenv\('
423
- - 'getenv\('
424
- - 'environ\['
425
281
 
426
282
  - name: 1C Base Connection String
427
283
  keywords:
@@ -438,14 +294,6 @@ detectors:
438
294
  - sasl.password
439
295
  regex:
440
296
  pattern: '(?i)(sasl\.(jaas\.config|username|password)|org\.apache\.kafka\.common\.security\.plain\.(username|password))\s*[:=]\s*[''"]?[^''"\s]{8,}[''"]?'
441
- exclude_regexes_match:
442
- - '\$\{[^}]+\}'
443
- - '\$[A-Z_][A-Z0-9_]*'
444
- - '%\([^)]+\)s'
445
- - 'process\.env\.'
446
- - 'os\.getenv\('
447
- - 'getenv\('
448
- - 'environ\['
449
297
 
450
298
  - name: Generic Header API Key
451
299
  keywords:
@@ -454,14 +302,6 @@ detectors:
454
302
  - x-api-token
455
303
  regex:
456
304
  pattern: '(?i)(x-api-key|x-auth-token|x-api-token)\s*[:=]\s*[''"]?[0-9A-Za-z\-._~]{24,}[''"]?'
457
- exclude_regexes_match:
458
- - '\$\{[^}]+\}'
459
- - '\$[A-Z_][A-Z0-9_]*'
460
- - '%\([^)]+\)s'
461
- - 'process\.env\.'
462
- - 'os\.getenv\('
463
- - 'getenv\('
464
- - 'environ\['
465
305
 
466
306
  # ============================================================================
467
307
  # GENERIC TOKENS / API KEYS
@@ -487,14 +327,6 @@ detectors:
487
327
  - apikey
488
328
  regex:
489
329
  pattern: '(?i)(password|passwd|pwd|secret|key|token|salt|api_key|apikey)\s*[:=]\s*[''"][^''"]{8,}[''"]'
490
- exclude_regexes_match:
491
- - '\$\{[^}]+\}'
492
- - '\$[A-Z_][A-Z0-9_]*'
493
- - '%\([^)]+\)s'
494
- - 'process\.env\.'
495
- - 'os\.getenv\('
496
- - 'getenv\('
497
- - 'environ\['
498
330
 
499
331
  - name: Generic API Key
500
332
  keywords:
@@ -503,14 +335,6 @@ detectors:
503
335
  - apikey
504
336
  regex:
505
337
  pattern: '(?i)(api[_-]?key|apikey)\s*[:=]\s*[''"]?[0-9A-Za-z_\-]{32,}[''"]?'
506
- exclude_regexes_match:
507
- - '\$\{[^}]+\}'
508
- - '\$[A-Z_][A-Z0-9_]*'
509
- - '%\([^)]+\)s'
510
- - 'process\.env\.'
511
- - 'os\.getenv\('
512
- - 'getenv\('
513
- - 'environ\['
514
338
 
515
339
  - name: Generic Secret Token
516
340
  keywords:
@@ -519,14 +343,6 @@ detectors:
519
343
  - password
520
344
  regex:
521
345
  pattern: '(?i)(secret|token|password|passwd)\s*[:=]\s*[''"]?[0-9A-Za-z_\-]{40,}[''"]?'
522
- exclude_regexes_match:
523
- - '\$\{[^}]+\}'
524
- - '\$[A-Z_][A-Z0-9_]*'
525
- - '%\([^)]+\)s'
526
- - 'process\.env\.'
527
- - 'os\.getenv\('
528
- - 'getenv\('
529
- - 'environ\['
530
346
 
531
347
  # ============================================================================
532
348
  # PII (PERSONAL IDENTIFIABLE INFORMATION) - GDPR/COMPLIANCE
@@ -538,18 +354,6 @@ detectors:
538
354
  - e-mail
539
355
  regex:
540
356
  pattern: '(?i)(?:email|e-mail)\s*[:=]\s*[\x27"]?(?!.*@(example\.(com|org|net)|test\.|mock\.|localhost|invalid|\.test|\.example|noreply\.|no-reply\.|fixture\.|sample\.|dummy\.|placeholder\.))[a-z0-9._%+-]+@[a-z0-9][a-z0-9.-]*\.[a-z]{2,}[\x27"]?'
541
- exclude_regexes_match:
542
- - '@example\.(com|org|net)'
543
- - '@test\.'
544
- - '@mock\.'
545
- - '@localhost'
546
- - 'noreply@'
547
- - 'no-reply@'
548
- - 'fixture@'
549
- - 'sample@'
550
- - 'test@'
551
- - 'user@example'
552
- - '\$\{[^}]+\}'
553
357
 
554
358
  - name: PII Phone RU
555
359
  keywords:
@@ -622,14 +426,6 @@ detectors:
622
426
  - secret_salt
623
427
  regex:
624
428
  pattern: '(?i)(aes[_-]?key|encryption[_-]?key|secret[_-]?salt)\s*[:=]\s*[''"][A-Za-z0-9+/=]{32,}[''"]'
625
- exclude_regexes_match:
626
- - '\$\{[^}]+\}'
627
- - '\$[A-Z_][A-Z0-9_]*'
628
- - '%\([^)]+\)s'
629
- - 'process\.env\.'
630
- - 'os\.getenv\('
631
- - 'getenv\('
632
- - 'environ\['
633
429
 
634
430
  - name: AWS S3 / MinIO Access Key ID
635
431
  keywords:
@@ -657,14 +453,6 @@ detectors:
657
453
  - redis_pass
658
454
  regex:
659
455
  pattern: '(?i)(redis[_-]?(password|pass|pwd))\s*[:=]\s*[\x27"][^\x27"\s]{8,}[\x27"]'
660
- exclude_regexes_match:
661
- - '\$\{[^}]+\}'
662
- - '\$[A-Z_][A-Z0-9_]*'
663
- - '%\([^)]+\)s'
664
- - 'process\.env\.'
665
- - 'os\.getenv\('
666
- - 'getenv\('
667
- - 'environ\['
668
456
 
669
457
  - name: Payment Gateway Secret Key (Yookassa/Stripe)
670
458
  keywords:
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@runsec/mcp",
3
- "version": "1.0.71",
3
+ "version": "1.0.73",
4
4
  "main": "dist/index.js",
5
5
  "files": [
6
6
  "dist",