agent-security-scanner-mcp 3.0.0 → 3.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +451 -739
- package/analyzer.py +51 -7
- package/index.js +42 -2697
- package/package.json +7 -6
- package/regex_fallback.py +66 -0
- package/rules/__init__.py +124 -36
- package/rules/generic/secrets/gitleaks/adafruit-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/adobe-client-id.yaml +27 -0
- package/rules/generic/secrets/gitleaks/adobe-client-secret.yaml +27 -0
- package/rules/generic/secrets/gitleaks/age-secret-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/airtable-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/algolia-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/alibaba-access-key-id.yaml +27 -0
- package/rules/generic/secrets/gitleaks/alibaba-secret-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/asana-client-id.yaml +27 -0
- package/rules/generic/secrets/gitleaks/asana-client-secret.yaml +27 -0
- package/rules/generic/secrets/gitleaks/atlassian-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/authress-service-client-access-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/aws-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/beamer-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/bitbucket-client-id.yaml +27 -0
- package/rules/generic/secrets/gitleaks/bitbucket-client-secret.yaml +27 -0
- package/rules/generic/secrets/gitleaks/bittrex-access-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/bittrex-secret-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/clojars-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/cloudflare-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/cloudflare-global-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/cloudflare-origin-ca-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/codecov-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/coinbase-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/confluent-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/confluent-secret-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/contentful-delivery-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/databricks-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/datadog-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/defined-networking-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/digitalocean-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/digitalocean-pat.yaml +27 -0
- package/rules/generic/secrets/gitleaks/digitalocean-refresh-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/discord-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/discord-client-id.yaml +27 -0
- package/rules/generic/secrets/gitleaks/discord-client-secret.yaml +27 -0
- package/rules/generic/secrets/gitleaks/doppler-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/droneci-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/dropbox-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/dropbox-long-lived-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/dropbox-short-lived-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/duffel-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/dynatrace-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/easypost-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/easypost-test-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/etsy-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/facebook-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/facebook-page-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/facebook-secret.yaml +27 -0
- package/rules/generic/secrets/gitleaks/facebook.yaml +27 -0
- package/rules/generic/secrets/gitleaks/fastly-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/finicity-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/finicity-client-secret.yaml +27 -0
- package/rules/generic/secrets/gitleaks/finnhub-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/flickr-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/flutterwave-encryption-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/flutterwave-public-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/flutterwave-secret-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/frameio-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/freshbooks-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/gcp-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/generic-api-key.yaml +76 -0
- package/rules/generic/secrets/gitleaks/github-app-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/github-fine-grained-pat.yaml +27 -0
- package/rules/generic/secrets/gitleaks/github-oauth.yaml +27 -0
- package/rules/generic/secrets/gitleaks/github-pat.yaml +27 -0
- package/rules/generic/secrets/gitleaks/github-refresh-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/gitlab-pat.yaml +27 -0
- package/rules/generic/secrets/gitleaks/gitlab-ptt.yaml +27 -0
- package/rules/generic/secrets/gitleaks/gitlab-rrt.yaml +27 -0
- package/rules/generic/secrets/gitleaks/gitter-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/gocardless-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/grafana-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/grafana-cloud-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/grafana-service-account-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/harness-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/hashicorp-tf-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/hashicorp-tf-password.yaml +31 -0
- package/rules/generic/secrets/gitleaks/heroku-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/hubspot-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/huggingface-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/huggingface-organization-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/infracost-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/intercom-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/intra42-client-secret.yaml +27 -0
- package/rules/generic/secrets/gitleaks/jfrog-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/jfrog-identity-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/jwt-base64.yaml +27 -0
- package/rules/generic/secrets/gitleaks/jwt.yaml +27 -0
- package/rules/generic/secrets/gitleaks/kraken-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/kucoin-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/kucoin-secret-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/launchdarkly-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/linear-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/linear-client-secret.yaml +27 -0
- package/rules/generic/secrets/gitleaks/linkedin-client-id.yaml +27 -0
- package/rules/generic/secrets/gitleaks/linkedin-client-secret.yaml +27 -0
- package/rules/generic/secrets/gitleaks/lob-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/lob-pub-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/mailchimp-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/mailgun-private-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/mailgun-pub-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/mailgun-signing-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/mapbox-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/mattermost-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/messagebird-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/messagebird-client-id.yaml +27 -0
- package/rules/generic/secrets/gitleaks/microsoft-teams-webhook.yaml +27 -0
- package/rules/generic/secrets/gitleaks/netlify-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/new-relic-browser-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/new-relic-insert-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/new-relic-user-api-id.yaml +27 -0
- package/rules/generic/secrets/gitleaks/new-relic-user-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/npm-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/nytimes-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/okta-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/openai-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/plaid-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/plaid-client-id.yaml +27 -0
- package/rules/generic/secrets/gitleaks/plaid-secret-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/planetscale-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/planetscale-oauth-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/planetscale-password.yaml +27 -0
- package/rules/generic/secrets/gitleaks/postman-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/prefect-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/private-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/pulumi-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/pypi-upload-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/rapidapi-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/readme-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/rubygems-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/scalingo-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/sendbird-access-id.yaml +27 -0
- package/rules/generic/secrets/gitleaks/sendbird-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/sendgrid-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/sendinblue-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/sentry-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/shippo-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/shopify-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/shopify-custom-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/shopify-private-app-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/shopify-shared-secret.yaml +27 -0
- package/rules/generic/secrets/gitleaks/sidekiq-secret.yaml +27 -0
- package/rules/generic/secrets/gitleaks/sidekiq-sensitive-url.yaml +27 -0
- package/rules/generic/secrets/gitleaks/slack-app-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/slack-bot-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/slack-config-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/slack-config-refresh-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/slack-legacy-bot-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/slack-legacy-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/slack-legacy-workspace-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/slack-user-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/slack-webhook-url.yaml +27 -0
- package/rules/generic/secrets/gitleaks/snyk-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/square-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/squarespace-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/stripe-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/sumologic-access-id.yaml +27 -0
- package/rules/generic/secrets/gitleaks/sumologic-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/telegram-bot-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/travisci-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/twilio-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/twitch-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/twitter-access-secret.yaml +27 -0
- package/rules/generic/secrets/gitleaks/twitter-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/twitter-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/twitter-api-secret.yaml +27 -0
- package/rules/generic/secrets/gitleaks/twitter-bearer-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/typeform-api-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/vault-batch-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/vault-service-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/yandex-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/yandex-api-key.yaml +27 -0
- package/rules/generic/secrets/gitleaks/yandex-aws-access-token.yaml +27 -0
- package/rules/generic/secrets/gitleaks/zendesk-secret-key.yaml +27 -0
- package/rules/generic/secrets/security/detected-amazon-mws-auth-token.yaml +26 -0
- package/rules/generic/secrets/security/detected-artifactory-password.yaml +47 -0
- package/rules/generic/secrets/security/detected-artifactory-token.yaml +44 -0
- package/rules/generic/secrets/security/detected-aws-access-key-id-value.yaml +29 -0
- package/rules/generic/secrets/security/detected-aws-account-id.yaml +58 -0
- package/rules/generic/secrets/security/detected-aws-appsync-graphql-key.yaml +27 -0
- package/rules/generic/secrets/security/detected-aws-secret-access-key.yaml +30 -0
- package/rules/generic/secrets/security/detected-aws-session-token.yaml +31 -0
- package/rules/generic/secrets/security/detected-bcrypt-hash.yaml +25 -0
- package/rules/generic/secrets/security/detected-codeclimate.yaml +27 -0
- package/rules/generic/secrets/security/detected-etc-shadow.yaml +27 -0
- package/rules/generic/secrets/security/detected-facebook-access-token.yaml +29 -0
- package/rules/generic/secrets/security/detected-facebook-oauth.yaml +27 -0
- package/rules/generic/secrets/security/detected-generic-api-key.yaml +29 -0
- package/rules/generic/secrets/security/detected-generic-secret.yaml +30 -0
- package/rules/generic/secrets/security/detected-github-token.yaml +47 -0
- package/rules/generic/secrets/security/detected-google-api-key.yaml +29 -0
- package/rules/generic/secrets/security/detected-google-cloud-api-key.yaml +27 -0
- package/rules/generic/secrets/security/detected-google-gcm-service-account.yaml +27 -0
- package/rules/generic/secrets/security/detected-google-oauth-access-token.yaml +26 -0
- package/rules/generic/secrets/security/detected-google-oauth.yaml +26 -0
- package/rules/generic/secrets/security/detected-heroku-api-key.yaml +27 -0
- package/rules/generic/secrets/security/detected-hockeyapp.yaml +27 -0
- package/rules/generic/secrets/security/detected-jwt-token.yaml +25 -0
- package/rules/generic/secrets/security/detected-kolide-api-key.yaml +25 -0
- package/rules/generic/secrets/security/detected-mailchimp-api-key.yaml +26 -0
- package/rules/generic/secrets/security/detected-mailgun-api-key.yaml +26 -0
- package/rules/generic/secrets/security/detected-npm-registry-auth-token.yaml +33 -0
- package/rules/generic/secrets/security/detected-onfido-live-api-token.yaml +20 -0
- package/rules/generic/secrets/security/detected-outlook-team.yaml +27 -0
- package/rules/generic/secrets/security/detected-paypal-braintree-access-token.yaml +27 -0
- package/rules/generic/secrets/security/detected-pgp-private-key-block.yaml +28 -0
- package/rules/generic/secrets/security/detected-picatic-api-key.yaml +26 -0
- package/rules/generic/secrets/security/detected-private-key.yaml +39 -0
- package/rules/generic/secrets/security/detected-sauce-token.yaml +27 -0
- package/rules/generic/secrets/security/detected-sendgrid-api-key.yaml +27 -0
- package/rules/generic/secrets/security/detected-slack-token.yaml +28 -0
- package/rules/generic/secrets/security/detected-slack-webhook.yaml +27 -0
- package/rules/generic/secrets/security/detected-snyk-api-key.yaml +26 -0
- package/rules/generic/secrets/security/detected-softlayer-api-key.yaml +27 -0
- package/rules/generic/secrets/security/detected-sonarqube-docs-api-key.yaml +40 -0
- package/rules/generic/secrets/security/detected-square-access-token.yaml +26 -0
- package/rules/generic/secrets/security/detected-square-oauth-secret.yaml +27 -0
- package/rules/generic/secrets/security/detected-ssh-password.yaml +27 -0
- package/rules/generic/secrets/security/detected-stripe-api-key.yaml +26 -0
- package/rules/generic/secrets/security/detected-stripe-restricted-api-key.yaml +26 -0
- package/rules/generic/secrets/security/detected-telegram-bot-api-key.yaml +30 -0
- package/rules/generic/secrets/security/detected-twilio-api-key.yaml +26 -0
- package/rules/generic/secrets/security/detected-username-and-password-in-uri.yaml +35 -0
- package/rules/generic/secrets/security/google-maps-apikeyleak.yaml +25 -0
- package/rules/prompt-injection.security.yaml +4 -0
- package/rules/python/flask/security/injection/flask-injection-sinks.yaml +352 -0
- package/src/analyzer.py +119 -0
- package/src/cli/demo.js +238 -0
- package/src/cli/doctor.js +273 -0
- package/src/cli/init.js +288 -0
- package/src/fix-patterns.js +698 -0
- package/src/tools/check-package.js +169 -0
- package/src/tools/fix-security.js +115 -0
- package/src/tools/scan-packages.js +154 -0
- package/src/tools/scan-prompt.js +570 -0
- package/src/tools/scan-security.js +117 -0
- package/src/utils.js +153 -0
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: twitter-bearer-token
|
|
3
|
+
message: A gitleaks twitter-bearer-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
|
|
4
|
+
languages:
|
|
5
|
+
- regex
|
|
6
|
+
severity: INFO
|
|
7
|
+
metadata:
|
|
8
|
+
likelihood: LOW
|
|
9
|
+
impact: MEDIUM
|
|
10
|
+
confidence: LOW
|
|
11
|
+
category: security
|
|
12
|
+
cwe:
|
|
13
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
14
|
+
cwe2021-top25: true
|
|
15
|
+
cwe2022-top25: true
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
|
|
21
|
+
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
|
|
22
|
+
subcategory:
|
|
23
|
+
- vuln
|
|
24
|
+
technology:
|
|
25
|
+
- gitleaks
|
|
26
|
+
patterns:
|
|
27
|
+
- pattern-regex: (?i)(?:twitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(A{22}[a-zA-Z0-9%]{80,100})(?:['|\"|\n|\r|\s|\x60|;]|$)
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: typeform-api-token
|
|
3
|
+
message: A gitleaks typeform-api-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
|
|
4
|
+
languages:
|
|
5
|
+
- regex
|
|
6
|
+
severity: INFO
|
|
7
|
+
metadata:
|
|
8
|
+
likelihood: LOW
|
|
9
|
+
impact: MEDIUM
|
|
10
|
+
confidence: LOW
|
|
11
|
+
category: security
|
|
12
|
+
cwe:
|
|
13
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
14
|
+
cwe2021-top25: true
|
|
15
|
+
cwe2022-top25: true
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
|
|
21
|
+
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
|
|
22
|
+
subcategory:
|
|
23
|
+
- vuln
|
|
24
|
+
technology:
|
|
25
|
+
- gitleaks
|
|
26
|
+
patterns:
|
|
27
|
+
- pattern-regex: (?i)(?:typeform)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(tfp_[a-z0-9\-_\.=]{59})(?:['|\"|\n|\r|\s|\x60|;]|$)
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: vault-batch-token
|
|
3
|
+
message: A gitleaks vault-batch-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
|
|
4
|
+
languages:
|
|
5
|
+
- regex
|
|
6
|
+
severity: INFO
|
|
7
|
+
metadata:
|
|
8
|
+
likelihood: LOW
|
|
9
|
+
impact: MEDIUM
|
|
10
|
+
confidence: LOW
|
|
11
|
+
category: security
|
|
12
|
+
cwe:
|
|
13
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
14
|
+
cwe2021-top25: true
|
|
15
|
+
cwe2022-top25: true
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
|
|
21
|
+
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
|
|
22
|
+
subcategory:
|
|
23
|
+
- vuln
|
|
24
|
+
technology:
|
|
25
|
+
- gitleaks
|
|
26
|
+
patterns:
|
|
27
|
+
- pattern-regex: (?i)\b(hvb\.[a-z0-9_-]{138,212})(?:['|\"|\n|\r|\s|\x60|;]|$)
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: vault-service-token
|
|
3
|
+
message: A gitleaks vault-service-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
|
|
4
|
+
languages:
|
|
5
|
+
- regex
|
|
6
|
+
severity: INFO
|
|
7
|
+
metadata:
|
|
8
|
+
likelihood: LOW
|
|
9
|
+
impact: MEDIUM
|
|
10
|
+
confidence: LOW
|
|
11
|
+
category: security
|
|
12
|
+
cwe:
|
|
13
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
14
|
+
cwe2021-top25: true
|
|
15
|
+
cwe2022-top25: true
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
|
|
21
|
+
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
|
|
22
|
+
subcategory:
|
|
23
|
+
- vuln
|
|
24
|
+
technology:
|
|
25
|
+
- gitleaks
|
|
26
|
+
patterns:
|
|
27
|
+
- pattern-regex: (?i)\b(hvs\.[a-z0-9_-]{90,100})(?:['|\"|\n|\r|\s|\x60|;]|$)
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: yandex-access-token
|
|
3
|
+
message: A gitleaks yandex-access-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
|
|
4
|
+
languages:
|
|
5
|
+
- regex
|
|
6
|
+
severity: INFO
|
|
7
|
+
metadata:
|
|
8
|
+
likelihood: LOW
|
|
9
|
+
impact: MEDIUM
|
|
10
|
+
confidence: LOW
|
|
11
|
+
category: security
|
|
12
|
+
cwe:
|
|
13
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
14
|
+
cwe2021-top25: true
|
|
15
|
+
cwe2022-top25: true
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
|
|
21
|
+
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
|
|
22
|
+
subcategory:
|
|
23
|
+
- vuln
|
|
24
|
+
technology:
|
|
25
|
+
- gitleaks
|
|
26
|
+
patterns:
|
|
27
|
+
- pattern-regex: (?i)(?:yandex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(t1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2})(?:['|\"|\n|\r|\s|\x60|;]|$)
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: yandex-api-key
|
|
3
|
+
message: A gitleaks yandex-api-key was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
|
|
4
|
+
languages:
|
|
5
|
+
- regex
|
|
6
|
+
severity: INFO
|
|
7
|
+
metadata:
|
|
8
|
+
likelihood: LOW
|
|
9
|
+
impact: MEDIUM
|
|
10
|
+
confidence: LOW
|
|
11
|
+
category: security
|
|
12
|
+
cwe:
|
|
13
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
14
|
+
cwe2021-top25: true
|
|
15
|
+
cwe2022-top25: true
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
|
|
21
|
+
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
|
|
22
|
+
subcategory:
|
|
23
|
+
- vuln
|
|
24
|
+
technology:
|
|
25
|
+
- gitleaks
|
|
26
|
+
patterns:
|
|
27
|
+
- pattern-regex: (?i)(?:yandex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(AQVN[A-Za-z0-9_\-]{35,38})(?:['|\"|\n|\r|\s|\x60|;]|$)
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: yandex-aws-access-token
|
|
3
|
+
message: A gitleaks yandex-aws-access-token was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
|
|
4
|
+
languages:
|
|
5
|
+
- regex
|
|
6
|
+
severity: INFO
|
|
7
|
+
metadata:
|
|
8
|
+
likelihood: LOW
|
|
9
|
+
impact: MEDIUM
|
|
10
|
+
confidence: LOW
|
|
11
|
+
category: security
|
|
12
|
+
cwe:
|
|
13
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
14
|
+
cwe2021-top25: true
|
|
15
|
+
cwe2022-top25: true
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
|
|
21
|
+
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
|
|
22
|
+
subcategory:
|
|
23
|
+
- vuln
|
|
24
|
+
technology:
|
|
25
|
+
- gitleaks
|
|
26
|
+
patterns:
|
|
27
|
+
- pattern-regex: (?i)(?:yandex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}(YC[a-zA-Z0-9_\-]{38})(?:['|\"|\n|\r|\s|\x60|;]|$)
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: zendesk-secret-key
|
|
3
|
+
message: A gitleaks zendesk-secret-key was detected which attempts to identify hard-coded credentials. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).
|
|
4
|
+
languages:
|
|
5
|
+
- regex
|
|
6
|
+
severity: INFO
|
|
7
|
+
metadata:
|
|
8
|
+
likelihood: LOW
|
|
9
|
+
impact: MEDIUM
|
|
10
|
+
confidence: LOW
|
|
11
|
+
category: security
|
|
12
|
+
cwe:
|
|
13
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
14
|
+
cwe2021-top25: true
|
|
15
|
+
cwe2022-top25: true
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html
|
|
21
|
+
source-rule-url: https://github.com/zricethezav/gitleaks/tree/master/cmd/generate/config/rules
|
|
22
|
+
subcategory:
|
|
23
|
+
- vuln
|
|
24
|
+
technology:
|
|
25
|
+
- gitleaks
|
|
26
|
+
patterns:
|
|
27
|
+
- pattern-regex: (?i)(?:zendesk)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$)
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: detected-amazon-mws-auth-token
|
|
3
|
+
pattern-regex: amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}
|
|
4
|
+
languages: [regex]
|
|
5
|
+
message: Amazon MWS Auth Token detected
|
|
6
|
+
severity: ERROR
|
|
7
|
+
metadata:
|
|
8
|
+
cwe:
|
|
9
|
+
- 'CWE-798: Use of Hard-coded Credentials'
|
|
10
|
+
source-rule-url: https://github.com/dxa4481/truffleHogRegexes/blob/master/truffleHogRegexes/regexes.json
|
|
11
|
+
category: security
|
|
12
|
+
technology:
|
|
13
|
+
- secrets
|
|
14
|
+
- aws
|
|
15
|
+
confidence: LOW
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures
|
|
21
|
+
cwe2022-top25: true
|
|
22
|
+
cwe2021-top25: true
|
|
23
|
+
subcategory:
|
|
24
|
+
- audit
|
|
25
|
+
likelihood: LOW
|
|
26
|
+
impact: HIGH
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: detected-artifactory-password
|
|
3
|
+
patterns:
|
|
4
|
+
- pattern-regex: (?<ITEM>\bAP[\dABCDEF][a-zA-Z0-9]{8,})
|
|
5
|
+
- pattern-regex: .*(?i)arti[-_]?factory.*
|
|
6
|
+
- pattern-not-regex: .*(?i)sha(1|2|3|118|256|512).*
|
|
7
|
+
- pattern-not-regex: (?i)-----\s*?BEGIN[ A-Z0-9_-]*? KEY( BLOCK)?-----[\s\S]*?-----\s*?END[ A-Z0-9_-]*?\s*?-----
|
|
8
|
+
- metavariable-analysis:
|
|
9
|
+
analyzer: entropy
|
|
10
|
+
metavariable: $ITEM
|
|
11
|
+
- pattern-not-regex: (\w|\.|\*)\1{4}
|
|
12
|
+
languages:
|
|
13
|
+
- regex
|
|
14
|
+
paths:
|
|
15
|
+
exclude:
|
|
16
|
+
- "*.svg"
|
|
17
|
+
- "*go.sum"
|
|
18
|
+
- "*package.json"
|
|
19
|
+
- "*cargo.lock"
|
|
20
|
+
- "*package-lock.json"
|
|
21
|
+
- "*bundle.js"
|
|
22
|
+
- "*pnpm-lock*"
|
|
23
|
+
- "*Podfile.lock"
|
|
24
|
+
- "**/*/openssl/*.h"
|
|
25
|
+
- "*.xcscmblueprint"
|
|
26
|
+
message: Artifactory token detected
|
|
27
|
+
severity: ERROR
|
|
28
|
+
metadata:
|
|
29
|
+
cwe:
|
|
30
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
31
|
+
source-rule-url: https://github.com/Yelp/detect-secrets/blob/master/detect_secrets/plugins/artifactory.py
|
|
32
|
+
category: security
|
|
33
|
+
technology:
|
|
34
|
+
- secrets
|
|
35
|
+
- artifactory
|
|
36
|
+
confidence: LOW
|
|
37
|
+
owasp:
|
|
38
|
+
- A07:2021 - Identification and Authentication Failures
|
|
39
|
+
- A07:2025 - Authentication Failures
|
|
40
|
+
references:
|
|
41
|
+
- https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures
|
|
42
|
+
cwe2022-top25: true
|
|
43
|
+
cwe2021-top25: true
|
|
44
|
+
subcategory:
|
|
45
|
+
- audit
|
|
46
|
+
likelihood: LOW
|
|
47
|
+
impact: HIGH
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: detected-artifactory-token
|
|
3
|
+
patterns:
|
|
4
|
+
- pattern-regex: |
|
|
5
|
+
\bAKC[a-zA-Z0-9]{10,}
|
|
6
|
+
- pattern-not-regex: |
|
|
7
|
+
sha(128|256|512).*
|
|
8
|
+
- pattern-not-regex: (?s)---BEGIN.*---\Z
|
|
9
|
+
languages: [regex]
|
|
10
|
+
paths:
|
|
11
|
+
exclude:
|
|
12
|
+
- "*.svg"
|
|
13
|
+
- "*go.sum"
|
|
14
|
+
- "*package.json"
|
|
15
|
+
- "*package-lock.json"
|
|
16
|
+
- "*bundle.js"
|
|
17
|
+
- "*pnpm-lock*"
|
|
18
|
+
- "*Podfile.lock"
|
|
19
|
+
- "**/*/openssl/*.h"
|
|
20
|
+
- "*.xcscmblueprint"
|
|
21
|
+
- "*cargo.lock"
|
|
22
|
+
message: Artifactory token detected
|
|
23
|
+
severity: ERROR
|
|
24
|
+
metadata:
|
|
25
|
+
cwe:
|
|
26
|
+
- 'CWE-798: Use of Hard-coded Credentials'
|
|
27
|
+
source-rule-url: https://github.com/Yelp/detect-secrets/blob/master/detect_secrets/plugins/artifactory.py
|
|
28
|
+
category: security
|
|
29
|
+
technology:
|
|
30
|
+
- secrets
|
|
31
|
+
- artifactory
|
|
32
|
+
confidence: LOW
|
|
33
|
+
owasp:
|
|
34
|
+
- A07:2021 - Identification and Authentication Failures
|
|
35
|
+
- A07:2025 - Authentication Failures
|
|
36
|
+
references:
|
|
37
|
+
- https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures
|
|
38
|
+
cwe2022-top25: true
|
|
39
|
+
cwe2021-top25: true
|
|
40
|
+
subcategory:
|
|
41
|
+
- audit
|
|
42
|
+
likelihood: LOW
|
|
43
|
+
impact: HIGH
|
|
44
|
+
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: detected-aws-access-key-id-value
|
|
3
|
+
patterns:
|
|
4
|
+
- pattern-regex: \b(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}\b
|
|
5
|
+
- pattern-not-regex: (?i)example|sample|test|fake
|
|
6
|
+
languages: [regex]
|
|
7
|
+
message: AWS Access Key ID Value detected. This is a sensitive credential and should not be hardcoded
|
|
8
|
+
here. Instead, read this value from an environment variable or keep it in a separate, private file.
|
|
9
|
+
severity: ERROR
|
|
10
|
+
metadata:
|
|
11
|
+
cwe:
|
|
12
|
+
- 'CWE-798: Use of Hard-coded Credentials'
|
|
13
|
+
source-rule-url: https://github.com/grab/secret-scanner/blob/master/scanner/signatures/pattern.go
|
|
14
|
+
category: security
|
|
15
|
+
technology:
|
|
16
|
+
- secrets
|
|
17
|
+
- aws
|
|
18
|
+
confidence: LOW
|
|
19
|
+
owasp:
|
|
20
|
+
- A07:2021 - Identification and Authentication Failures
|
|
21
|
+
- A07:2025 - Authentication Failures
|
|
22
|
+
references:
|
|
23
|
+
- https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures
|
|
24
|
+
cwe2022-top25: true
|
|
25
|
+
cwe2021-top25: true
|
|
26
|
+
subcategory:
|
|
27
|
+
- audit
|
|
28
|
+
likelihood: LOW
|
|
29
|
+
impact: HIGH
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: detected-aws-account-id
|
|
3
|
+
patterns:
|
|
4
|
+
- pattern-either:
|
|
5
|
+
- pattern: |
|
|
6
|
+
$ACCOUNT_ID = $SECRET
|
|
7
|
+
- pattern: |
|
|
8
|
+
$ACCOUNT_ID : $SECRET
|
|
9
|
+
- pattern: |
|
|
10
|
+
$ACCOUNT_ID => $SECRET
|
|
11
|
+
- pattern: |
|
|
12
|
+
$ACCOUNT_ID = "$SECRET"
|
|
13
|
+
- pattern: |
|
|
14
|
+
$ACCOUNT_ID : "$SECRET"
|
|
15
|
+
- pattern: |
|
|
16
|
+
$ACCOUNT_ID => "$SECRET"
|
|
17
|
+
- pattern: |
|
|
18
|
+
"$ACCOUNT_ID" = "$SECRET"
|
|
19
|
+
- pattern: |
|
|
20
|
+
"$ACCOUNT_ID" : "$SECRET"
|
|
21
|
+
- pattern: |
|
|
22
|
+
"$ACCOUNT_ID" => "$SECRET"
|
|
23
|
+
- metavariable-analysis:
|
|
24
|
+
metavariable: $SECRET
|
|
25
|
+
analyzer: entropy
|
|
26
|
+
- metavariable-regex:
|
|
27
|
+
metavariable: $SECRET
|
|
28
|
+
regex: ^((?!(12345|0000).*)[0-9]{12})$
|
|
29
|
+
- metavariable-regex:
|
|
30
|
+
metavariable: $ACCOUNT_ID
|
|
31
|
+
regex: (AWS|aws|Aws)?_?(ACCOUNT|account|Account)_?(ID|id|Id)?("|')?
|
|
32
|
+
languages:
|
|
33
|
+
- generic
|
|
34
|
+
message: AWS Account ID detected. While not considered sensitive information, it is important
|
|
35
|
+
to use them and share them carefully. For that reason it would be preferrable avoiding to
|
|
36
|
+
hardcoded it here. Instead, read the value from an environment variable or
|
|
37
|
+
keep the value in a separate, private file.
|
|
38
|
+
severity: INFO
|
|
39
|
+
metadata:
|
|
40
|
+
cwe:
|
|
41
|
+
- "CWE-798: Use of Hard-coded Credentials"
|
|
42
|
+
source-rule-url: https://github.com/grab/secret-scanner/blob/master/scanner/signatures/pattern.go
|
|
43
|
+
category: security
|
|
44
|
+
technology:
|
|
45
|
+
- secrets
|
|
46
|
+
- aws
|
|
47
|
+
confidence: LOW
|
|
48
|
+
owasp:
|
|
49
|
+
- A07:2021 - Identification and Authentication Failures
|
|
50
|
+
- A07:2025 - Authentication Failures
|
|
51
|
+
references:
|
|
52
|
+
- https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures
|
|
53
|
+
cwe2022-top25: true
|
|
54
|
+
cwe2021-top25: true
|
|
55
|
+
subcategory:
|
|
56
|
+
- audit
|
|
57
|
+
likelihood: LOW
|
|
58
|
+
impact: LOW
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: detected-aws-appsync-graphql-key
|
|
3
|
+
pattern-regex: da2-[a-z0-9]{26}
|
|
4
|
+
languages: [regex]
|
|
5
|
+
message: AWS AppSync GraphQL Key detected
|
|
6
|
+
severity: ERROR
|
|
7
|
+
metadata:
|
|
8
|
+
cwe:
|
|
9
|
+
- 'CWE-798: Use of Hard-coded Credentials'
|
|
10
|
+
source-rule-url: https://github.com/dxa4481/truffleHogRegexes/blob/master/truffleHogRegexes/regexes.json
|
|
11
|
+
category: security
|
|
12
|
+
technology:
|
|
13
|
+
- secrets
|
|
14
|
+
- appsync
|
|
15
|
+
confidence: LOW
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures
|
|
21
|
+
cwe2022-top25: true
|
|
22
|
+
cwe2021-top25: true
|
|
23
|
+
subcategory:
|
|
24
|
+
- audit
|
|
25
|
+
likelihood: LOW
|
|
26
|
+
impact: HIGH
|
|
27
|
+
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: detected-aws-secret-access-key
|
|
3
|
+
patterns:
|
|
4
|
+
- pattern-regex: |-
|
|
5
|
+
(("|'|`)?((?i)aws)_?\w*((?i)secret)_?\w*("|'|`)?\s{0,50}(:|=>|=)\s{0,50}("|'|`)?[A-Za-z0-9/+=]{40}("|'|`)?)
|
|
6
|
+
- pattern-not-regex: (?i)example|sample|test|fake|xxxxxx
|
|
7
|
+
languages: [regex]
|
|
8
|
+
message: AWS Secret Access Key detected
|
|
9
|
+
severity: ERROR
|
|
10
|
+
metadata:
|
|
11
|
+
cwe:
|
|
12
|
+
- 'CWE-798: Use of Hard-coded Credentials'
|
|
13
|
+
source-rule-url: https://github.com/grab/secret-scanner/blob/master/scanner/signatures/pattern.go
|
|
14
|
+
category: security
|
|
15
|
+
technology:
|
|
16
|
+
- secrets
|
|
17
|
+
- aws
|
|
18
|
+
confidence: LOW
|
|
19
|
+
owasp:
|
|
20
|
+
- A07:2021 - Identification and Authentication Failures
|
|
21
|
+
- A07:2025 - Authentication Failures
|
|
22
|
+
references:
|
|
23
|
+
- https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures
|
|
24
|
+
cwe2022-top25: true
|
|
25
|
+
cwe2021-top25: true
|
|
26
|
+
subcategory:
|
|
27
|
+
- audit
|
|
28
|
+
likelihood: LOW
|
|
29
|
+
impact: HIGH
|
|
30
|
+
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: detected-aws-session-token
|
|
3
|
+
patterns:
|
|
4
|
+
- pattern-regex: ((?i)AWS_SESSION_TOKEN)\s*(:|=>|=)\s*(?P<TOKEN>[A-Za-z0-9/+=]{16,})
|
|
5
|
+
- pattern-not-regex: (?i)example|sample|test|fake
|
|
6
|
+
- metavariable-analysis:
|
|
7
|
+
analyzer: entropy
|
|
8
|
+
metavariable: $TOKEN
|
|
9
|
+
languages: [regex]
|
|
10
|
+
message: AWS Session Token detected
|
|
11
|
+
severity: ERROR
|
|
12
|
+
metadata:
|
|
13
|
+
cwe:
|
|
14
|
+
- 'CWE-798: Use of Hard-coded Credentials'
|
|
15
|
+
source-rule-url: https://github.com/grab/secret-scanner/blob/master/scanner/signatures/pattern.go
|
|
16
|
+
category: security
|
|
17
|
+
technology:
|
|
18
|
+
- secrets
|
|
19
|
+
- aws
|
|
20
|
+
confidence: LOW
|
|
21
|
+
owasp:
|
|
22
|
+
- A07:2021 - Identification and Authentication Failures
|
|
23
|
+
- A07:2025 - Authentication Failures
|
|
24
|
+
references:
|
|
25
|
+
- https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures
|
|
26
|
+
cwe2022-top25: true
|
|
27
|
+
cwe2021-top25: true
|
|
28
|
+
subcategory:
|
|
29
|
+
- audit
|
|
30
|
+
likelihood: LOW
|
|
31
|
+
impact: HIGH
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: detected-bcrypt-hash
|
|
3
|
+
pattern-regex: \$2[aby]?\$[\d]+\$[./A-Za-z0-9]{53}
|
|
4
|
+
languages: [regex]
|
|
5
|
+
message: bcrypt hash detected
|
|
6
|
+
severity: ERROR
|
|
7
|
+
metadata:
|
|
8
|
+
cwe:
|
|
9
|
+
- 'CWE-798: Use of Hard-coded Credentials'
|
|
10
|
+
category: security
|
|
11
|
+
technology:
|
|
12
|
+
- secrets
|
|
13
|
+
- bcrypt
|
|
14
|
+
confidence: LOW
|
|
15
|
+
owasp:
|
|
16
|
+
- A07:2021 - Identification and Authentication Failures
|
|
17
|
+
- A07:2025 - Authentication Failures
|
|
18
|
+
references:
|
|
19
|
+
- https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures
|
|
20
|
+
cwe2022-top25: true
|
|
21
|
+
cwe2021-top25: true
|
|
22
|
+
subcategory:
|
|
23
|
+
- audit
|
|
24
|
+
likelihood: LOW
|
|
25
|
+
impact: HIGH
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: detected-codeclimate
|
|
3
|
+
pattern-regex: |-
|
|
4
|
+
(?i)codeclima.{0,50}["|'|`]?[0-9a-f]{64}["|'|`]?
|
|
5
|
+
languages: [regex]
|
|
6
|
+
message: CodeClimate detected
|
|
7
|
+
severity: ERROR
|
|
8
|
+
metadata:
|
|
9
|
+
cwe:
|
|
10
|
+
- 'CWE-798: Use of Hard-coded Credentials'
|
|
11
|
+
source-rule-url: https://github.com/grab/secret-scanner/blob/master/scanner/signatures/pattern.go
|
|
12
|
+
category: security
|
|
13
|
+
technology:
|
|
14
|
+
- secrets
|
|
15
|
+
- codeclimate
|
|
16
|
+
confidence: LOW
|
|
17
|
+
owasp:
|
|
18
|
+
- A07:2021 - Identification and Authentication Failures
|
|
19
|
+
- A07:2025 - Authentication Failures
|
|
20
|
+
references:
|
|
21
|
+
- https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures
|
|
22
|
+
cwe2022-top25: true
|
|
23
|
+
cwe2021-top25: true
|
|
24
|
+
subcategory:
|
|
25
|
+
- audit
|
|
26
|
+
likelihood: LOW
|
|
27
|
+
impact: HIGH
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: detected-etc-shadow
|
|
3
|
+
patterns:
|
|
4
|
+
- pattern-regex: ^(\s*)(?P<ROOT>root:[x!*]*:[0-9]*:[0-9]*)
|
|
5
|
+
- focus-metavariable: $ROOT
|
|
6
|
+
languages: [regex]
|
|
7
|
+
message: linux shadow file detected
|
|
8
|
+
severity: ERROR
|
|
9
|
+
metadata:
|
|
10
|
+
cwe:
|
|
11
|
+
- 'CWE-798: Use of Hard-coded Credentials'
|
|
12
|
+
category: security
|
|
13
|
+
technology:
|
|
14
|
+
- secrets
|
|
15
|
+
confidence: LOW
|
|
16
|
+
owasp:
|
|
17
|
+
- A07:2021 - Identification and Authentication Failures
|
|
18
|
+
- A07:2025 - Authentication Failures
|
|
19
|
+
references:
|
|
20
|
+
- https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures
|
|
21
|
+
cwe2022-top25: true
|
|
22
|
+
cwe2021-top25: true
|
|
23
|
+
subcategory:
|
|
24
|
+
- audit
|
|
25
|
+
likelihood: LOW
|
|
26
|
+
impact: MEDIUM
|
|
27
|
+
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: detected-facebook-access-token
|
|
3
|
+
pattern-either:
|
|
4
|
+
- pattern-regex: EAACEdEose0cBA[0-9A-Za-z]+
|
|
5
|
+
- pattern-regex: EAAAACZAVC6ygB[0-9A-Za-z]+
|
|
6
|
+
- pattern-regex: EAAAAZAw4[0-9A-Za-z]+
|
|
7
|
+
languages: [regex]
|
|
8
|
+
message: Facebook Access Token detected
|
|
9
|
+
severity: ERROR
|
|
10
|
+
metadata:
|
|
11
|
+
cwe:
|
|
12
|
+
- 'CWE-798: Use of Hard-coded Credentials'
|
|
13
|
+
source-rule-url: https://github.com/grab/secret-scanner/blob/master/scanner/signatures/pattern.go
|
|
14
|
+
category: security
|
|
15
|
+
technology:
|
|
16
|
+
- secrets
|
|
17
|
+
- facebook
|
|
18
|
+
confidence: LOW
|
|
19
|
+
owasp:
|
|
20
|
+
- A07:2021 - Identification and Authentication Failures
|
|
21
|
+
- A07:2025 - Authentication Failures
|
|
22
|
+
references:
|
|
23
|
+
- https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures
|
|
24
|
+
cwe2022-top25: true
|
|
25
|
+
cwe2021-top25: true
|
|
26
|
+
subcategory:
|
|
27
|
+
- audit
|
|
28
|
+
likelihood: LOW
|
|
29
|
+
impact: MEDIUM
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
rules:
|
|
2
|
+
- id: detected-facebook-oauth
|
|
3
|
+
pattern-regex: |-
|
|
4
|
+
[fF][aA][cC][eE][bB][oO][oO][kK].*[tT][oO][kK][eE][nN].*['|"]?[0-9a-f]{32}['|"]?
|
|
5
|
+
languages: [regex]
|
|
6
|
+
message: Facebook OAuth detected
|
|
7
|
+
severity: ERROR
|
|
8
|
+
metadata:
|
|
9
|
+
cwe:
|
|
10
|
+
- 'CWE-798: Use of Hard-coded Credentials'
|
|
11
|
+
source-rule-url: https://github.com/dxa4481/truffleHogRegexes/blob/master/truffleHogRegexes/regexes.json
|
|
12
|
+
category: security
|
|
13
|
+
technology:
|
|
14
|
+
- secrets
|
|
15
|
+
- facebook
|
|
16
|
+
confidence: LOW
|
|
17
|
+
owasp:
|
|
18
|
+
- A07:2021 - Identification and Authentication Failures
|
|
19
|
+
- A07:2025 - Authentication Failures
|
|
20
|
+
references:
|
|
21
|
+
- https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures
|
|
22
|
+
cwe2022-top25: true
|
|
23
|
+
cwe2021-top25: true
|
|
24
|
+
subcategory:
|
|
25
|
+
- audit
|
|
26
|
+
likelihood: LOW
|
|
27
|
+
impact: MEDIUM
|