avana-cli 2.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +32 -0
- package/LICENSE +21 -0
- package/README.md +584 -0
- package/dist/cli.d.ts +7 -0
- package/dist/cli.d.ts.map +1 -0
- package/dist/cli.js +153 -0
- package/dist/cli.js.map +1 -0
- package/dist/commands/install.d.ts +6 -0
- package/dist/commands/install.d.ts.map +1 -0
- package/dist/commands/install.js +101 -0
- package/dist/commands/install.js.map +1 -0
- package/dist/commands/scan.d.ts +19 -0
- package/dist/commands/scan.d.ts.map +1 -0
- package/dist/commands/scan.js +383 -0
- package/dist/commands/scan.js.map +1 -0
- package/dist/commands/uninstall.d.ts +6 -0
- package/dist/commands/uninstall.d.ts.map +1 -0
- package/dist/commands/uninstall.js +80 -0
- package/dist/commands/uninstall.js.map +1 -0
- package/dist/index.d.ts +97 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +475 -0
- package/dist/index.js.map +1 -0
- package/dist/rules/additional-patterns.d.ts +12 -0
- package/dist/rules/additional-patterns.d.ts.map +1 -0
- package/dist/rules/additional-patterns.js +170 -0
- package/dist/rules/additional-patterns.js.map +1 -0
- package/dist/rules/code-patterns.d.ts +26 -0
- package/dist/rules/code-patterns.d.ts.map +1 -0
- package/dist/rules/code-patterns.js +220 -0
- package/dist/rules/code-patterns.js.map +1 -0
- package/dist/rules/secret-patterns.d.ts +28 -0
- package/dist/rules/secret-patterns.d.ts.map +1 -0
- package/dist/rules/secret-patterns.js +1729 -0
- package/dist/rules/secret-patterns.js.map +1 -0
- package/dist/scanners/secret-scanner.d.ts +34 -0
- package/dist/scanners/secret-scanner.d.ts.map +1 -0
- package/dist/scanners/secret-scanner.js +281 -0
- package/dist/scanners/secret-scanner.js.map +1 -0
- package/dist/types/index.d.ts +116 -0
- package/dist/types/index.d.ts.map +1 -0
- package/dist/types/index.js +7 -0
- package/dist/types/index.js.map +1 -0
- package/dist/utils/error-handler.d.ts +126 -0
- package/dist/utils/error-handler.d.ts.map +1 -0
- package/dist/utils/error-handler.js +222 -0
- package/dist/utils/error-handler.js.map +1 -0
- package/dist/utils/exit-codes.d.ts +52 -0
- package/dist/utils/exit-codes.d.ts.map +1 -0
- package/dist/utils/exit-codes.js +89 -0
- package/dist/utils/exit-codes.js.map +1 -0
- package/dist/utils/file-stream-scanner.d.ts +31 -0
- package/dist/utils/file-stream-scanner.d.ts.map +1 -0
- package/dist/utils/file-stream-scanner.js +159 -0
- package/dist/utils/file-stream-scanner.js.map +1 -0
- package/dist/utils/file-type-detector.d.ts +45 -0
- package/dist/utils/file-type-detector.d.ts.map +1 -0
- package/dist/utils/file-type-detector.js +237 -0
- package/dist/utils/file-type-detector.js.map +1 -0
- package/dist/utils/ignore-pattern-manager.d.ts +61 -0
- package/dist/utils/ignore-pattern-manager.d.ts.map +1 -0
- package/dist/utils/ignore-pattern-manager.js +204 -0
- package/dist/utils/ignore-pattern-manager.js.map +1 -0
- package/dist/utils/json-output-formatter.d.ts +232 -0
- package/dist/utils/json-output-formatter.d.ts.map +1 -0
- package/dist/utils/json-output-formatter.js +367 -0
- package/dist/utils/json-output-formatter.js.map +1 -0
- package/dist/utils/logger.d.ts +181 -0
- package/dist/utils/logger.d.ts.map +1 -0
- package/dist/utils/logger.js +414 -0
- package/dist/utils/logger.js.map +1 -0
- package/dist/utils/markdown-output-formatter.d.ts +65 -0
- package/dist/utils/markdown-output-formatter.d.ts.map +1 -0
- package/dist/utils/markdown-output-formatter.js +316 -0
- package/dist/utils/markdown-output-formatter.js.map +1 -0
- package/dist/utils/memory-manager.d.ts +77 -0
- package/dist/utils/memory-manager.d.ts.map +1 -0
- package/dist/utils/memory-manager.js +157 -0
- package/dist/utils/memory-manager.js.map +1 -0
- package/dist/utils/parallel-scanner-worker.d.ts +19 -0
- package/dist/utils/parallel-scanner-worker.d.ts.map +1 -0
- package/dist/utils/parallel-scanner-worker.js +51 -0
- package/dist/utils/parallel-scanner-worker.js.map +1 -0
- package/dist/utils/parallel-scanner.d.ts +82 -0
- package/dist/utils/parallel-scanner.d.ts.map +1 -0
- package/dist/utils/parallel-scanner.js +229 -0
- package/dist/utils/parallel-scanner.js.map +1 -0
- package/dist/utils/pattern-validator.d.ts +108 -0
- package/dist/utils/pattern-validator.d.ts.map +1 -0
- package/dist/utils/pattern-validator.js +315 -0
- package/dist/utils/pattern-validator.js.map +1 -0
- package/dist/utils/progress-reporter.d.ts +68 -0
- package/dist/utils/progress-reporter.d.ts.map +1 -0
- package/dist/utils/progress-reporter.js +194 -0
- package/dist/utils/progress-reporter.js.map +1 -0
- package/dist/utils/result-cache.d.ts +99 -0
- package/dist/utils/result-cache.d.ts.map +1 -0
- package/dist/utils/result-cache.js +335 -0
- package/dist/utils/result-cache.js.map +1 -0
- package/package.json +80 -0
|
@@ -0,0 +1,1729 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Avana - Secret Patterns
|
|
4
|
+
* Comprehensive database of 100+ patterns for detecting secrets in code
|
|
5
|
+
*/
|
|
6
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
7
|
+
exports.SECRET_PATTERNS = void 0;
|
|
8
|
+
exports.getAllSecretPatterns = getAllSecretPatterns;
|
|
9
|
+
exports.getSecretPatternsBySeverity = getSecretPatternsBySeverity;
|
|
10
|
+
exports.getSecretPatternById = getSecretPatternById;
|
|
11
|
+
exports.getPatternCount = getPatternCount;
|
|
12
|
+
/**
|
|
13
|
+
* Comprehensive list of secret patterns to detect
|
|
14
|
+
* Covers major cloud providers, payment processors, communication tools, Web3/blockchain networks,
|
|
15
|
+
* DeFi protocols, NFT platforms, blockchain analytics services, and more
|
|
16
|
+
*/
|
|
17
|
+
exports.SECRET_PATTERNS = [
|
|
18
|
+
// ============================================
|
|
19
|
+
// AI/ML API Keys
|
|
20
|
+
// ============================================
|
|
21
|
+
{
|
|
22
|
+
id: 'openai-api-key',
|
|
23
|
+
name: 'OpenAI API Key',
|
|
24
|
+
pattern: /sk-[a-zA-Z0-9\-]{20,}/g,
|
|
25
|
+
severity: 'critical',
|
|
26
|
+
description: 'OpenAI API key detected',
|
|
27
|
+
suggestion: 'Move to environment variable: OPENAI_API_KEY',
|
|
28
|
+
},
|
|
29
|
+
{
|
|
30
|
+
id: 'anthropic-api-key',
|
|
31
|
+
name: 'Anthropic API Key',
|
|
32
|
+
pattern: /sk-ant-[a-zA-Z0-9\-]{95}/g,
|
|
33
|
+
severity: 'critical',
|
|
34
|
+
description: 'Anthropic (Claude) API key detected',
|
|
35
|
+
suggestion: 'Move to environment variable: ANTHROPIC_API_KEY',
|
|
36
|
+
},
|
|
37
|
+
{
|
|
38
|
+
id: 'huggingface-token',
|
|
39
|
+
name: 'Hugging Face Token',
|
|
40
|
+
pattern: /hf_[a-zA-Z0-9]{34}/g,
|
|
41
|
+
severity: 'high',
|
|
42
|
+
description: 'Hugging Face API token detected',
|
|
43
|
+
suggestion: 'Move to environment variable: HUGGINGFACE_TOKEN',
|
|
44
|
+
},
|
|
45
|
+
// ============================================
|
|
46
|
+
// AWS (Amazon Web Services)
|
|
47
|
+
// ============================================
|
|
48
|
+
{
|
|
49
|
+
id: 'aws-access-key',
|
|
50
|
+
name: 'AWS Access Key',
|
|
51
|
+
pattern: /AKIA[0-9A-Z]{16}/g,
|
|
52
|
+
severity: 'critical',
|
|
53
|
+
description: 'AWS Access Key ID detected',
|
|
54
|
+
suggestion: 'Move to AWS credentials file or environment variable',
|
|
55
|
+
},
|
|
56
|
+
{
|
|
57
|
+
id: 'aws-secret-key',
|
|
58
|
+
name: 'AWS Secret Key',
|
|
59
|
+
pattern: /aws_secret_access_key\s*=\s*['"]?([A-Za-z0-9/+=]{40})['"]?/gi,
|
|
60
|
+
severity: 'critical',
|
|
61
|
+
description: 'AWS Secret Access Key detected',
|
|
62
|
+
suggestion: 'Move to AWS credentials file or environment variable',
|
|
63
|
+
},
|
|
64
|
+
{
|
|
65
|
+
id: 'aws-session-token',
|
|
66
|
+
name: 'AWS Session Token',
|
|
67
|
+
pattern: /aws_session_token\s*=\s*['"]?([A-Za-z0-9/+=]+)['"]?/gi,
|
|
68
|
+
severity: 'high',
|
|
69
|
+
description: 'AWS Session Token detected',
|
|
70
|
+
suggestion: 'Use IAM roles instead of hardcoded session tokens',
|
|
71
|
+
},
|
|
72
|
+
// ============================================
|
|
73
|
+
// Azure (Microsoft)
|
|
74
|
+
// ============================================
|
|
75
|
+
{
|
|
76
|
+
id: 'azure-storage-key',
|
|
77
|
+
name: 'Azure Storage Key',
|
|
78
|
+
pattern: /DefaultEndpointsProtocol=https;AccountName=[^;]+;AccountKey=[^;]+/gi,
|
|
79
|
+
severity: 'critical',
|
|
80
|
+
description: 'Azure Storage connection string detected',
|
|
81
|
+
suggestion: 'Move to environment variable: AZURE_STORAGE_CONNECTION_STRING',
|
|
82
|
+
},
|
|
83
|
+
// ============================================
|
|
84
|
+
// Google Cloud Platform
|
|
85
|
+
// ============================================
|
|
86
|
+
{
|
|
87
|
+
id: 'google-api-key',
|
|
88
|
+
name: 'Google API Key',
|
|
89
|
+
pattern: /AIza[0-9A-Za-z\-_]{35}/g,
|
|
90
|
+
severity: 'high',
|
|
91
|
+
description: 'Google API key detected',
|
|
92
|
+
suggestion: 'Move to environment variable and restrict API key usage',
|
|
93
|
+
},
|
|
94
|
+
{
|
|
95
|
+
id: 'gcp-service-account',
|
|
96
|
+
name: 'GCP Service Account Key',
|
|
97
|
+
pattern: /"type":\s*"service_account"/g,
|
|
98
|
+
severity: 'critical',
|
|
99
|
+
description: 'GCP Service Account JSON key detected',
|
|
100
|
+
suggestion: 'Remove JSON key file and add to .gitignore',
|
|
101
|
+
},
|
|
102
|
+
{
|
|
103
|
+
id: 'google-oauth-token',
|
|
104
|
+
name: 'Google OAuth Token',
|
|
105
|
+
pattern: /ya29\.[0-9A-Za-z\-_]+/g,
|
|
106
|
+
severity: 'critical',
|
|
107
|
+
description: 'Google OAuth access token detected',
|
|
108
|
+
suggestion: 'Do not hardcode OAuth tokens, generate them dynamically',
|
|
109
|
+
},
|
|
110
|
+
// ============================================
|
|
111
|
+
// Payment Processors
|
|
112
|
+
// ============================================
|
|
113
|
+
{
|
|
114
|
+
id: 'stripe-api-key',
|
|
115
|
+
name: 'Stripe API Key',
|
|
116
|
+
pattern: /sk_live_[0-9a-zA-Z]{24,}/g,
|
|
117
|
+
severity: 'critical',
|
|
118
|
+
description: 'Stripe Live API key detected',
|
|
119
|
+
suggestion: 'Move to environment variable: STRIPE_SECRET_KEY',
|
|
120
|
+
},
|
|
121
|
+
{
|
|
122
|
+
id: 'stripe-restricted-key',
|
|
123
|
+
name: 'Stripe Restricted Key',
|
|
124
|
+
pattern: /rk_live_[0-9a-zA-Z]{24,}/g,
|
|
125
|
+
severity: 'critical',
|
|
126
|
+
description: 'Stripe Restricted API key detected',
|
|
127
|
+
suggestion: 'Move to environment variable',
|
|
128
|
+
},
|
|
129
|
+
{
|
|
130
|
+
id: 'stripe-publishable-key',
|
|
131
|
+
name: 'Stripe Publishable Key',
|
|
132
|
+
pattern: /pk_live_[0-9a-zA-Z]{24,}/g,
|
|
133
|
+
severity: 'high',
|
|
134
|
+
description: 'Stripe Live Publishable key detected',
|
|
135
|
+
suggestion: 'Move to environment variable: STRIPE_PUBLISHABLE_KEY',
|
|
136
|
+
},
|
|
137
|
+
{
|
|
138
|
+
id: 'paypal-token',
|
|
139
|
+
name: 'PayPal Token',
|
|
140
|
+
pattern: /access_token\$production\$[a-z0-9]{16}\$[a-f0-9]{32}/gi,
|
|
141
|
+
severity: 'critical',
|
|
142
|
+
description: 'PayPal access token detected',
|
|
143
|
+
suggestion: 'Move to environment variable: PAYPAL_ACCESS_TOKEN',
|
|
144
|
+
},
|
|
145
|
+
{
|
|
146
|
+
id: 'square-token',
|
|
147
|
+
name: 'Square Access Token',
|
|
148
|
+
pattern: /sq0atp-[0-9A-Za-z\-_]{22}/g,
|
|
149
|
+
severity: 'critical',
|
|
150
|
+
description: 'Square access token detected',
|
|
151
|
+
suggestion: 'Move to environment variable: SQUARE_ACCESS_TOKEN',
|
|
152
|
+
},
|
|
153
|
+
{
|
|
154
|
+
id: 'plaid-api-key',
|
|
155
|
+
name: 'Plaid API Key',
|
|
156
|
+
pattern: /plaid[^a-zA-Z0-9]*[a-f0-9]{32}/gi,
|
|
157
|
+
severity: 'critical',
|
|
158
|
+
description: 'Plaid API key detected',
|
|
159
|
+
suggestion: 'Move to environment variable: PLAID_CLIENT_ID',
|
|
160
|
+
},
|
|
161
|
+
{
|
|
162
|
+
id: 'plaid-secret',
|
|
163
|
+
name: 'Plaid Secret',
|
|
164
|
+
pattern: /plaid[^a-zA-Z0-9]*secret[^a-zA-Z0-9]*[a-f0-9]{32}/gi,
|
|
165
|
+
severity: 'critical',
|
|
166
|
+
description: 'Plaid secret key detected',
|
|
167
|
+
suggestion: 'Move to environment variable: PLAID_SECRET',
|
|
168
|
+
},
|
|
169
|
+
{
|
|
170
|
+
id: 'dwolla-key',
|
|
171
|
+
name: 'Dwolla API Key',
|
|
172
|
+
pattern: /dwolla[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
173
|
+
severity: 'critical',
|
|
174
|
+
description: 'Dwolla API key detected',
|
|
175
|
+
suggestion: 'Move to environment variable: DWOLLA_KEY',
|
|
176
|
+
},
|
|
177
|
+
{
|
|
178
|
+
id: 'wise-api-key',
|
|
179
|
+
name: 'Wise (TransferWise) API Key',
|
|
180
|
+
pattern: /wise[^a-zA-Z0-9]*[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/gi,
|
|
181
|
+
severity: 'critical',
|
|
182
|
+
description: 'Wise (TransferWise) API key detected',
|
|
183
|
+
suggestion: 'Move to environment variable: WISE_API_KEY',
|
|
184
|
+
},
|
|
185
|
+
{
|
|
186
|
+
id: 'revolut-api-key',
|
|
187
|
+
name: 'Revolut API Key',
|
|
188
|
+
pattern: /revolut[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
189
|
+
severity: 'critical',
|
|
190
|
+
description: 'Revolut API key detected',
|
|
191
|
+
suggestion: 'Move to environment variable: REVOLUT_API_KEY',
|
|
192
|
+
},
|
|
193
|
+
// ============================================
|
|
194
|
+
// On/Off Ramp Providers
|
|
195
|
+
// ============================================
|
|
196
|
+
{
|
|
197
|
+
id: 'moonpay-api-key',
|
|
198
|
+
name: 'MoonPay API Key',
|
|
199
|
+
pattern: /moonpay[^a-zA-Z0-9]*[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/gi,
|
|
200
|
+
severity: 'critical',
|
|
201
|
+
description: 'MoonPay API key detected',
|
|
202
|
+
suggestion: 'Move to environment variable: MOONPAY_API_KEY',
|
|
203
|
+
},
|
|
204
|
+
{
|
|
205
|
+
id: 'simplex-api-key',
|
|
206
|
+
name: 'Simplex API Key',
|
|
207
|
+
pattern: /simplex[^a-zA-Z0-9]*[a-f0-9]{32}/gi,
|
|
208
|
+
severity: 'critical',
|
|
209
|
+
description: 'Simplex API key detected',
|
|
210
|
+
suggestion: 'Move to environment variable: SIMPLEX_API_KEY',
|
|
211
|
+
},
|
|
212
|
+
{
|
|
213
|
+
id: 'ramp-network-key',
|
|
214
|
+
name: 'Ramp Network API Key',
|
|
215
|
+
pattern: /ramp[^a-zA-Z0-9]*network[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
216
|
+
severity: 'critical',
|
|
217
|
+
description: 'Ramp Network API key detected',
|
|
218
|
+
suggestion: 'Move to environment variable: RAMP_API_KEY',
|
|
219
|
+
},
|
|
220
|
+
{
|
|
221
|
+
id: 'transak-api-key',
|
|
222
|
+
name: 'Transak API Key',
|
|
223
|
+
pattern: /transak[^a-zA-Z0-9]*[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/gi,
|
|
224
|
+
severity: 'critical',
|
|
225
|
+
description: 'Transak API key detected',
|
|
226
|
+
suggestion: 'Move to environment variable: TRANSAK_API_KEY',
|
|
227
|
+
},
|
|
228
|
+
{
|
|
229
|
+
id: 'wyre-api-key',
|
|
230
|
+
name: 'Wyre API Key',
|
|
231
|
+
pattern: /wyre[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
232
|
+
severity: 'critical',
|
|
233
|
+
description: 'Wyre API key detected',
|
|
234
|
+
suggestion: 'Move to environment variable: WYRE_API_KEY',
|
|
235
|
+
},
|
|
236
|
+
{
|
|
237
|
+
id: 'banxa-api-key',
|
|
238
|
+
name: 'Banxa API Key',
|
|
239
|
+
pattern: /banxa[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
240
|
+
severity: 'critical',
|
|
241
|
+
description: 'Banxa API key detected',
|
|
242
|
+
suggestion: 'Move to environment variable: BANXA_API_KEY',
|
|
243
|
+
},
|
|
244
|
+
{
|
|
245
|
+
id: 'mercuryo-api-key',
|
|
246
|
+
name: 'Mercuryo API Key',
|
|
247
|
+
pattern: /mercuryo[^a-zA-Z0-9]*[a-f0-9]{32}/gi,
|
|
248
|
+
severity: 'critical',
|
|
249
|
+
description: 'Mercuryo API key detected',
|
|
250
|
+
suggestion: 'Move to environment variable: MERCURYO_API_KEY',
|
|
251
|
+
},
|
|
252
|
+
// ============================================
|
|
253
|
+
// Version Control (GitHub, GitLab, Bitbucket)
|
|
254
|
+
// ============================================
|
|
255
|
+
{
|
|
256
|
+
id: 'github-token',
|
|
257
|
+
name: 'GitHub Token',
|
|
258
|
+
pattern: /ghp_[a-zA-Z0-9]{36}/g,
|
|
259
|
+
severity: 'critical',
|
|
260
|
+
description: 'GitHub Personal Access Token detected',
|
|
261
|
+
suggestion: 'Revoke token and use GitHub Secrets for CI/CD',
|
|
262
|
+
},
|
|
263
|
+
{
|
|
264
|
+
id: 'github-oauth',
|
|
265
|
+
name: 'GitHub OAuth Token',
|
|
266
|
+
pattern: /gho_[a-zA-Z0-9]{36}/g,
|
|
267
|
+
severity: 'critical',
|
|
268
|
+
description: 'GitHub OAuth token detected',
|
|
269
|
+
suggestion: 'Revoke token immediately',
|
|
270
|
+
},
|
|
271
|
+
{
|
|
272
|
+
id: 'github-app-token',
|
|
273
|
+
name: 'GitHub App Token',
|
|
274
|
+
pattern: /ghs_[a-zA-Z0-9]{36}/g,
|
|
275
|
+
severity: 'critical',
|
|
276
|
+
description: 'GitHub App token detected',
|
|
277
|
+
suggestion: 'Revoke token and regenerate',
|
|
278
|
+
},
|
|
279
|
+
{
|
|
280
|
+
id: 'github-refresh-token',
|
|
281
|
+
name: 'GitHub Refresh Token',
|
|
282
|
+
pattern: /ghr_[a-zA-Z0-9]{36}/g,
|
|
283
|
+
severity: 'critical',
|
|
284
|
+
description: 'GitHub Refresh token detected',
|
|
285
|
+
suggestion: 'Revoke token immediately',
|
|
286
|
+
},
|
|
287
|
+
{
|
|
288
|
+
id: 'gitlab-token',
|
|
289
|
+
name: 'GitLab Token',
|
|
290
|
+
pattern: /glpat-[a-zA-Z0-9\-_]{20}/g,
|
|
291
|
+
severity: 'critical',
|
|
292
|
+
description: 'GitLab Personal Access Token detected',
|
|
293
|
+
suggestion: 'Revoke token and use GitLab CI/CD variables',
|
|
294
|
+
},
|
|
295
|
+
{
|
|
296
|
+
id: 'bitbucket-token',
|
|
297
|
+
name: 'Bitbucket Token',
|
|
298
|
+
pattern: /BBDC-[a-zA-Z0-9\-_]{40}/g,
|
|
299
|
+
severity: 'critical',
|
|
300
|
+
description: 'Bitbucket access token detected',
|
|
301
|
+
suggestion: 'Revoke token and use Bitbucket Pipelines variables',
|
|
302
|
+
},
|
|
303
|
+
// ============================================
|
|
304
|
+
// Communication & Messaging
|
|
305
|
+
// ============================================
|
|
306
|
+
{
|
|
307
|
+
id: 'slack-token',
|
|
308
|
+
name: 'Slack Token',
|
|
309
|
+
pattern: /xox[baprs]-[0-9]{10,13}-[0-9]{10,13}-[a-zA-Z0-9]{24,}/g,
|
|
310
|
+
severity: 'critical',
|
|
311
|
+
description: 'Slack API token detected',
|
|
312
|
+
suggestion: 'Revoke token and move to environment variable',
|
|
313
|
+
},
|
|
314
|
+
{
|
|
315
|
+
id: 'slack-webhook',
|
|
316
|
+
name: 'Slack Webhook',
|
|
317
|
+
pattern: /https:\/\/hooks\.slack\.com\/services\/T[a-zA-Z0-9_]+\/B[a-zA-Z0-9_]+\/[a-zA-Z0-9_]+/g,
|
|
318
|
+
severity: 'high',
|
|
319
|
+
description: 'Slack Webhook URL detected',
|
|
320
|
+
suggestion: 'Move to environment variable: SLACK_WEBHOOK_URL',
|
|
321
|
+
},
|
|
322
|
+
{
|
|
323
|
+
id: 'discord-webhook',
|
|
324
|
+
name: 'Discord Webhook',
|
|
325
|
+
pattern: /https:\/\/discord\.com\/api\/webhooks\/[0-9]+\/[a-zA-Z0-9_-]+/g,
|
|
326
|
+
severity: 'high',
|
|
327
|
+
description: 'Discord Webhook URL detected',
|
|
328
|
+
suggestion: 'Move to environment variable: DISCORD_WEBHOOK_URL',
|
|
329
|
+
},
|
|
330
|
+
{
|
|
331
|
+
id: 'discord-bot-token',
|
|
332
|
+
name: 'Discord Bot Token',
|
|
333
|
+
pattern: /[MN][a-zA-Z0-9]{23,25}\.[a-zA-Z0-9]{6}\.[a-zA-Z0-9_\-]{27}/g,
|
|
334
|
+
severity: 'critical',
|
|
335
|
+
description: 'Discord Bot token detected',
|
|
336
|
+
suggestion: 'Revoke token and move to environment variable',
|
|
337
|
+
},
|
|
338
|
+
{
|
|
339
|
+
id: 'telegram-bot-token',
|
|
340
|
+
name: 'Telegram Bot Token',
|
|
341
|
+
pattern: /[0-9]{8,10}:[a-zA-Z0-9_-]{35}/g,
|
|
342
|
+
severity: 'critical',
|
|
343
|
+
description: 'Telegram Bot token detected',
|
|
344
|
+
suggestion: 'Revoke token via @BotFather and move to environment variable',
|
|
345
|
+
},
|
|
346
|
+
{
|
|
347
|
+
id: 'twilio-api-key',
|
|
348
|
+
name: 'Twilio API Key',
|
|
349
|
+
pattern: /SK[a-z0-9]{32}/g,
|
|
350
|
+
severity: 'critical',
|
|
351
|
+
description: 'Twilio API Key detected',
|
|
352
|
+
suggestion: 'Move to environment variable: TWILIO_API_KEY',
|
|
353
|
+
},
|
|
354
|
+
{
|
|
355
|
+
id: 'twilio-account-sid',
|
|
356
|
+
name: 'Twilio Account SID',
|
|
357
|
+
pattern: /AC[a-z0-9]{32}/g,
|
|
358
|
+
severity: 'high',
|
|
359
|
+
description: 'Twilio Account SID detected',
|
|
360
|
+
suggestion: 'Move to environment variable: TWILIO_ACCOUNT_SID',
|
|
361
|
+
},
|
|
362
|
+
// ============================================
|
|
363
|
+
// Email Services
|
|
364
|
+
// ============================================
|
|
365
|
+
{
|
|
366
|
+
id: 'sendgrid-api-key',
|
|
367
|
+
name: 'SendGrid API Key',
|
|
368
|
+
pattern: /SG\.[a-zA-Z0-9_-]{22}\.[a-zA-Z0-9_-]{43}/g,
|
|
369
|
+
severity: 'critical',
|
|
370
|
+
description: 'SendGrid API key detected',
|
|
371
|
+
suggestion: 'Move to environment variable: SENDGRID_API_KEY',
|
|
372
|
+
},
|
|
373
|
+
{
|
|
374
|
+
id: 'mailgun-api-key',
|
|
375
|
+
name: 'Mailgun API Key',
|
|
376
|
+
pattern: /key-[a-zA-Z0-9]{32}/g,
|
|
377
|
+
severity: 'critical',
|
|
378
|
+
description: 'Mailgun API key detected',
|
|
379
|
+
suggestion: 'Move to environment variable: MAILGUN_API_KEY',
|
|
380
|
+
},
|
|
381
|
+
{
|
|
382
|
+
id: 'mailchimp-api-key',
|
|
383
|
+
name: 'Mailchimp API Key',
|
|
384
|
+
pattern: /[a-f0-9]{32}-us[0-9]{1,2}/g,
|
|
385
|
+
severity: 'critical',
|
|
386
|
+
description: 'Mailchimp API key detected',
|
|
387
|
+
suggestion: 'Move to environment variable: MAILCHIMP_API_KEY',
|
|
388
|
+
},
|
|
389
|
+
{
|
|
390
|
+
id: 'postmark-api-key',
|
|
391
|
+
name: 'Postmark API Key',
|
|
392
|
+
pattern: /postmark[^a-zA-Z0-9]*[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/gi,
|
|
393
|
+
severity: 'critical',
|
|
394
|
+
description: 'Postmark API key detected',
|
|
395
|
+
suggestion: 'Move to environment variable: POSTMARK_API_KEY',
|
|
396
|
+
},
|
|
397
|
+
{
|
|
398
|
+
id: 'aws-ses-key',
|
|
399
|
+
name: 'AWS SES API Key',
|
|
400
|
+
pattern: /ses[^a-zA-Z0-9]*[A-Z0-9]{20}/gi,
|
|
401
|
+
severity: 'critical',
|
|
402
|
+
description: 'AWS SES API key detected',
|
|
403
|
+
suggestion: 'Move to environment variable: AWS_SES_ACCESS_KEY',
|
|
404
|
+
},
|
|
405
|
+
{
|
|
406
|
+
id: 'resend-api-key',
|
|
407
|
+
name: 'Resend API Key',
|
|
408
|
+
pattern: /re_[a-zA-Z0-9]{24}/g,
|
|
409
|
+
severity: 'critical',
|
|
410
|
+
description: 'Resend API key detected',
|
|
411
|
+
suggestion: 'Move to environment variable: RESEND_API_KEY',
|
|
412
|
+
},
|
|
413
|
+
{
|
|
414
|
+
id: 'convertkit-api-key',
|
|
415
|
+
name: 'ConvertKit API Key',
|
|
416
|
+
pattern: /convertkit[^a-zA-Z0-9]*[a-zA-Z0-9]{32}/gi,
|
|
417
|
+
severity: 'critical',
|
|
418
|
+
description: 'ConvertKit API key detected',
|
|
419
|
+
suggestion: 'Move to environment variable: CONVERTKIT_API_KEY',
|
|
420
|
+
},
|
|
421
|
+
{
|
|
422
|
+
id: 'emailjs-key',
|
|
423
|
+
name: 'EmailJS API Key',
|
|
424
|
+
pattern: /emailjs[^a-zA-Z0-9]*[a-zA-Z0-9_-]{20,}/gi,
|
|
425
|
+
severity: 'high',
|
|
426
|
+
description: 'EmailJS API key detected',
|
|
427
|
+
suggestion: 'Move to environment variable: EMAILJS_API_KEY',
|
|
428
|
+
},
|
|
429
|
+
{
|
|
430
|
+
id: 'brevo-api-key',
|
|
431
|
+
name: 'Brevo (Sendinblue) API Key',
|
|
432
|
+
pattern: /brevo[^a-zA-Z0-9]*[a-zA-Z0-9_-]{64}/gi,
|
|
433
|
+
severity: 'critical',
|
|
434
|
+
description: 'Brevo (Sendinblue) API key detected',
|
|
435
|
+
suggestion: 'Move to environment variable: BREVO_API_KEY',
|
|
436
|
+
},
|
|
437
|
+
// ============================================
|
|
438
|
+
// Database Connection Strings
|
|
439
|
+
// ============================================
|
|
440
|
+
{
|
|
441
|
+
id: 'database-url',
|
|
442
|
+
name: 'Database Connection String',
|
|
443
|
+
pattern: /(postgres|mysql|mongodb):\/\/[^:]+:[^@]+@[^\/]+/gi,
|
|
444
|
+
severity: 'critical',
|
|
445
|
+
description: 'Database connection string with credentials detected',
|
|
446
|
+
suggestion: 'Move to environment variable: DATABASE_URL',
|
|
447
|
+
},
|
|
448
|
+
{
|
|
449
|
+
id: 'mongodb-connection',
|
|
450
|
+
name: 'MongoDB Connection String',
|
|
451
|
+
pattern: /mongodb(\+srv)?:\/\/[^:]+:[^@]+@/gi,
|
|
452
|
+
severity: 'critical',
|
|
453
|
+
description: 'MongoDB connection string with credentials detected',
|
|
454
|
+
suggestion: 'Move to environment variable: MONGODB_URI',
|
|
455
|
+
},
|
|
456
|
+
{
|
|
457
|
+
id: 'redis-url',
|
|
458
|
+
name: 'Redis Connection String',
|
|
459
|
+
pattern: /redis:\/\/[^:]*:[^@]+@[^\/]+/gi,
|
|
460
|
+
severity: 'critical',
|
|
461
|
+
description: 'Redis connection string with password detected',
|
|
462
|
+
suggestion: 'Move to environment variable: REDIS_URL',
|
|
463
|
+
},
|
|
464
|
+
{
|
|
465
|
+
id: 'supabase-key',
|
|
466
|
+
name: 'Supabase API Key',
|
|
467
|
+
pattern: /supabase[^a-zA-Z0-9]*[a-zA-Z0-9_-]{64}/gi,
|
|
468
|
+
severity: 'critical',
|
|
469
|
+
description: 'Supabase API key detected',
|
|
470
|
+
suggestion: 'Move to environment variable: SUPABASE_ANON_KEY',
|
|
471
|
+
},
|
|
472
|
+
{
|
|
473
|
+
id: 'supabase-service-key',
|
|
474
|
+
name: 'Supabase Service Key',
|
|
475
|
+
pattern: /eyJ[a-zA-Z0-9_-]*\.eyJ[a-zA-Z0-9_-]*\.[a-zA-Z0-9_-]*.*supabase/gi,
|
|
476
|
+
severity: 'critical',
|
|
477
|
+
description: 'Supabase service role key detected',
|
|
478
|
+
suggestion: 'Move to environment variable: SUPABASE_SERVICE_ROLE_KEY',
|
|
479
|
+
},
|
|
480
|
+
{
|
|
481
|
+
id: 'planetscale-password',
|
|
482
|
+
name: 'PlanetScale Password',
|
|
483
|
+
pattern: /planetscale[^a-zA-Z0-9]*[a-zA-Z0-9_-]{20,}/gi,
|
|
484
|
+
severity: 'critical',
|
|
485
|
+
description: 'PlanetScale database password detected',
|
|
486
|
+
suggestion: 'Move to environment variable: PLANETSCALE_PASSWORD',
|
|
487
|
+
},
|
|
488
|
+
{
|
|
489
|
+
id: 'neon-api-key',
|
|
490
|
+
name: 'Neon API Key',
|
|
491
|
+
pattern: /neon[^a-zA-Z0-9]*[a-zA-Z0-9_-]{64}/gi,
|
|
492
|
+
severity: 'critical',
|
|
493
|
+
description: 'Neon database API key detected',
|
|
494
|
+
suggestion: 'Move to environment variable: NEON_API_KEY',
|
|
495
|
+
},
|
|
496
|
+
{
|
|
497
|
+
id: 'upstash-token',
|
|
498
|
+
name: 'Upstash Redis Token',
|
|
499
|
+
pattern: /upstash[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
500
|
+
severity: 'critical',
|
|
501
|
+
description: 'Upstash Redis token detected',
|
|
502
|
+
suggestion: 'Move to environment variable: UPSTASH_REDIS_REST_TOKEN',
|
|
503
|
+
},
|
|
504
|
+
{
|
|
505
|
+
id: 'railway-token',
|
|
506
|
+
name: 'Railway API Token',
|
|
507
|
+
pattern: /railway[^a-zA-Z0-9]*[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/gi,
|
|
508
|
+
severity: 'critical',
|
|
509
|
+
description: 'Railway API token detected',
|
|
510
|
+
suggestion: 'Move to environment variable: RAILWAY_TOKEN',
|
|
511
|
+
},
|
|
512
|
+
{
|
|
513
|
+
id: 'cockroachdb-url',
|
|
514
|
+
name: 'CockroachDB Connection String',
|
|
515
|
+
pattern: /cockroachdb:\/\/[^:]+:[^@]+@[^\/]+/gi,
|
|
516
|
+
severity: 'critical',
|
|
517
|
+
description: 'CockroachDB connection string detected',
|
|
518
|
+
suggestion: 'Move to environment variable: COCKROACH_DATABASE_URL',
|
|
519
|
+
},
|
|
520
|
+
// ============================================
|
|
521
|
+
// Private Keys & Certificates
|
|
522
|
+
// ============================================
|
|
523
|
+
{
|
|
524
|
+
id: 'rsa-private-key',
|
|
525
|
+
name: 'RSA Private Key',
|
|
526
|
+
pattern: /-----BEGIN RSA PRIVATE KEY-----/g,
|
|
527
|
+
severity: 'critical',
|
|
528
|
+
description: 'RSA Private Key detected',
|
|
529
|
+
suggestion: 'Remove private key and add to .gitignore',
|
|
530
|
+
},
|
|
531
|
+
{
|
|
532
|
+
id: 'ssh-private-key',
|
|
533
|
+
name: 'SSH Private Key',
|
|
534
|
+
pattern: /-----BEGIN OPENSSH PRIVATE KEY-----/g,
|
|
535
|
+
severity: 'critical',
|
|
536
|
+
description: 'SSH Private Key detected',
|
|
537
|
+
suggestion: 'Remove private key and add to .gitignore',
|
|
538
|
+
},
|
|
539
|
+
{
|
|
540
|
+
id: 'pgp-private-key',
|
|
541
|
+
name: 'PGP Private Key',
|
|
542
|
+
pattern: /-----BEGIN PGP PRIVATE KEY BLOCK-----/g,
|
|
543
|
+
severity: 'critical',
|
|
544
|
+
description: 'PGP Private Key detected',
|
|
545
|
+
suggestion: 'Remove private key and add to .gitignore',
|
|
546
|
+
},
|
|
547
|
+
{
|
|
548
|
+
id: 'dsa-private-key',
|
|
549
|
+
name: 'DSA Private Key',
|
|
550
|
+
pattern: /-----BEGIN DSA PRIVATE KEY-----/g,
|
|
551
|
+
severity: 'critical',
|
|
552
|
+
description: 'DSA Private Key detected',
|
|
553
|
+
suggestion: 'Remove private key and add to .gitignore',
|
|
554
|
+
},
|
|
555
|
+
{
|
|
556
|
+
id: 'ec-private-key',
|
|
557
|
+
name: 'EC Private Key',
|
|
558
|
+
pattern: /-----BEGIN EC PRIVATE KEY-----/g,
|
|
559
|
+
severity: 'critical',
|
|
560
|
+
description: 'EC Private Key detected',
|
|
561
|
+
suggestion: 'Remove private key and add to .gitignore',
|
|
562
|
+
},
|
|
563
|
+
// ============================================
|
|
564
|
+
// JWT & OAuth Tokens
|
|
565
|
+
// ============================================
|
|
566
|
+
{
|
|
567
|
+
id: 'jwt-token',
|
|
568
|
+
name: 'JWT Token',
|
|
569
|
+
pattern: /eyJ[a-zA-Z0-9_-]*\.eyJ[a-zA-Z0-9_-]*\.[a-zA-Z0-9_-]*/g,
|
|
570
|
+
severity: 'high',
|
|
571
|
+
description: 'JWT token detected',
|
|
572
|
+
suggestion: 'Do not hardcode JWT tokens, generate them dynamically',
|
|
573
|
+
},
|
|
574
|
+
{
|
|
575
|
+
id: 'oauth-client-secret',
|
|
576
|
+
name: 'OAuth Client Secret',
|
|
577
|
+
pattern: /client_secret\s*[:=]\s*['"]([a-zA-Z0-9_\-]{20,})['"]/gi,
|
|
578
|
+
severity: 'critical',
|
|
579
|
+
description: 'OAuth client secret detected',
|
|
580
|
+
suggestion: 'Move to environment variable: OAUTH_CLIENT_SECRET',
|
|
581
|
+
},
|
|
582
|
+
// ============================================
|
|
583
|
+
// Web3/Blockchain/Cryptocurrency
|
|
584
|
+
// ============================================
|
|
585
|
+
{
|
|
586
|
+
id: 'evm-private-key',
|
|
587
|
+
name: 'EVM-Compatible Private Key',
|
|
588
|
+
pattern: /0x[a-fA-F0-9]{64}/g,
|
|
589
|
+
severity: 'critical',
|
|
590
|
+
description: 'EVM-compatible private key detected (Ethereum, Polygon, BSC, Arbitrum, Optimism, Fantom, etc.)',
|
|
591
|
+
suggestion: 'Remove private key immediately and use secure key management',
|
|
592
|
+
},
|
|
593
|
+
{
|
|
594
|
+
id: 'bitcoin-private-key-wif',
|
|
595
|
+
name: 'Bitcoin Private Key (WIF)',
|
|
596
|
+
pattern: /[5KL][1-9A-HJ-NP-Za-km-z]{50,51}/g,
|
|
597
|
+
severity: 'critical',
|
|
598
|
+
description: 'Bitcoin private key in WIF format detected',
|
|
599
|
+
suggestion: 'Remove private key immediately and use secure wallet management',
|
|
600
|
+
},
|
|
601
|
+
{
|
|
602
|
+
id: 'mnemonic-seed-phrase',
|
|
603
|
+
name: 'Mnemonic Seed Phrase',
|
|
604
|
+
pattern: /\b(?:abandon|ability|able|about|above|absent|absorb|abstract|absurd|abuse|access|accident|account|accuse|achieve|acid|acoustic|acquire|across|act|action|actor|actress|actual|adapt|add|addict|address|adjust|admit|adult|advance|advice|aerobic|affair|afford|afraid|again|age|agent|agree|ahead|aim|air|airport|aisle|alarm|album|alcohol|alert|alien|all|alley|allow|almost|alone|alpha|already|also|alter|always|amateur|amazing|among|amount|amused|analyst|anchor|ancient|anger|angle|angry|animal|ankle|announce|annual|another|answer|antenna|antique|anxiety|any|apart|apology|appear|apple|approve|april|arch|arctic|area|arena|argue|arm|armed|armor|army|around|arrange|arrest|arrive|arrow|art|artefact|artist|artwork|ask|aspect|assault|asset|assist|assume|asthma|athlete|atom|attack|attend|attitude|attract|auction|audit|august|aunt|author|auto|autumn|average|avocado|avoid|awake|aware|away|awesome|awful|awkward|axis|baby|bachelor|bacon|badge|bag|balance|balcony|ball|bamboo|banana|banner|bar|barely|bargain|barrel|base|basic|basket|battle|beach|bean|beauty|because|become|beef|before|begin|behave|behind|believe|below|belt|bench|benefit|best|betray|better|between|beyond|bicycle|bid|bike|bind|biology|bird|birth|bitter|black|blade|blame|blanket|blast|bleak|bless|blind|blood|blossom|blow|blue|blur|blush|board|boat|body|boil|bomb|bone|bonus|book|boost|border|boring|borrow|boss|bottom|bounce|box|boy|bracket|brain|brand|brass|brave|bread|breeze|brick|bridge|brief|bright|bring|brisk|broccoli|broken|bronze|broom|brother|brown|brush|bubble|buddy|budget|buffalo|build|bulb|bulk|bullet|bundle|bunker|burden|burger|burst|bus|business|busy|butter|buyer|buzz|cabbage|cabin|cable|cactus|cage|cake|call|calm|camera|camp|can|canal|cancel|candy|cannon|canoe|canvas|canyon|capable|capital|captain|car|carbon|card|care|career|careful|careless|cargo|carpet|carry|cart|case|cash|casino|castle|casual|cat|catalog|catch|category|cattle|caught|cause|caution|cave|ceiling|celery|cement|census|century|cereal|certain|chair|chalk|champion|change|chaos|chapter|charge|chase|chat|cheap|check|cheese|chef|cherry|chest|chicken|chief|child|chimney|choice|choose|chronic|chuckle|chunk|churn|cigar|cinnamon|circle|citizen|city|civil|claim|clamp|clarify|clash|classic|clean|clear|click|client|cliff|climb|clinic|clip|clock|clog|close|cloth|cloud|clown|club|clump|cluster|clutch|coach|coast|coconut|code|coffee|coil|coin|collect|color|column|combine|come|comfort|comic|common|company|concert|conduct|confirm|congress|connect|consider|control|convince|cook|cool|copper|copy|coral|core|corn|correct|cost|cotton|couch|country|couple|course|cousin|cover|coyote|crack|cradle|craft|cram|crane|crash|crater|crawl|crazy|cream|credit|creek|crew|cricket|crime|crisp|critic|crop|cross|crouch|crowd|crucial|cruel|cruise|crumble|crunch|crush|cry|crystal|cube|culture|cup|cupboard|curious|current|curtain|curve|cushion|custom|cute|cycle|dad|damage|damp|dance|danger|daring|dash|daughter|dawn|day|deal|debate|debris|decade|december|decide|decline|decorate|decrease|deer|defense|define|defy|degree|delay|deliver|demand|demise|denial|dentist|deny|depart|depend|deposit|depth|deputy|derive|describe|desert|design|desk|despair|destroy|detail|detect|device|devote|diagram|dial|diamond|diary|dice|diesel|diet|differ|digital|dignity|dilemma|dinner|dinosaur|direct|dirt|disagree|discover|disease|dish|dismiss|disorder|display|distance|divert|divide|divorce|dizzy|doctor|document|dog|doll|dolphin|domain|donate|donkey|donor|door|dose|double|dove|draft|dragon|drama|drape|draw|dream|dress|drift|drill|drink|drip|drive|drop|drum|dry|duck|dumb|dune|during|dust|dutch|duty|dwarf|dynamic|eager|eagle|early|earn|earth|easily|east|easy|echo|ecology|economy|edge|edit|educate|effort|egg|eight|either|elbow|elder|electric|elegant|element|elephant|elevator|elite|else|embark|embody|embrace|emerge|emotion|employ|empower|empty|enable|enact|end|endless|endorse|enemy|energy|enforce|engage|engine|enhance|enjoy|enlist|enough|enrich|enroll|ensure|enter|entire|entry|envelope|episode|equal|equip|era|erase|erode|erosion|error|erupt|escape|essay|essence|estate|eternal|ethics|evidence|evil|evoke|evolve|exact|example|excess|exchange|excite|exclude|excuse|execute|exercise|exhaust|exhibit|exile|exist|exit|exotic|expand|expect|expire|explain|expose|express|extend|extra|eye|eyebrow|fabric|face|faculty|fade|faint|faith|fall|false|fame|family|famous|fan|fancy|fantasy|farm|fashion|fat|fatal|father|fatigue|fault|favorite|feature|february|federal|fee|feed|feel|female|fence|festival|fetch|fever|few|fiber|fiction|field|figure|file|fill|film|filter|final|find|fine|finger|finish|fire|firm|first|fiscal|fish|fit|fitness|fix|flag|flame|flat|flavor|flee|flight|flip|float|flock|floor|flower|fluid|flush|fly|foam|focus|fog|foil|fold|follow|food|foot|force|forest|forget|fork|fortune|forum|forward|fossil|foster|found|fox|frame|frequent|fresh|friend|fringe|frog|front|frost|frown|frozen|fruit|fuel|fun|funny|furnace|fury|future|gadget|gain|galaxy|gallery|game|gap|garage|garbage|garden|garlic|garment|gas|gasp|gate|gather|gauge|gaze|general|genius|genre|gentle|genuine|gesture|ghost|giant|gift|giggle|ginger|giraffe|girl|give|glad|glance|glare|glass|glide|glimpse|globe|gloom|glory|glove|glow|glue|goat|goddess|gold|good|goose|gorilla|gospel|gossip|govern|gown|grab|grace|grain|grant|grape|grass|gravity|great|green|grid|grief|grit|grocery|group|grow|grunt|guard|guess|guide|guilt|guitar|gun|gym|habit|hair|half|hammer|hamster|hand|happy|harbor|hard|harsh|harvest|hat|have|hawk|hazard|head|healthy|hear|heart|heavy|hedgehog|height|held|hello|helmet|help|hen|hero|hidden|high|hill|hint|hip|hire|history|hobby|hockey|hold|hole|holiday|hollow|home|honey|hood|hope|horn|horror|horse|hospital|host|hotel|hour|hover|hub|huge|human|humble|humor|hundred|hungry|hunt|hurdle|hurry|hurt|husband|hybrid|ice|icon|idea|identify|idle|ignore|ill|illegal|illness|image|imitate|immense|immune|impact|impose|improve|impulse|inch|include|income|increase|index|indicate|indoor|industry|infant|inflict|inform|inhale|inherit|initial|inject|injury|inmate|inner|innocent|input|inquiry|insane|insect|inside|inspire|install|intact|interest|into|invest|invite|involve|iron|island|isolate|issue|item|ivory|jacket|jaguar|jar|jazz|jealous|jeans|jelly|jewel|job|join|joke|journey|joy|judge|juice|jump|jungle|junior|junk|just|kangaroo|keen|keep|ketchup|key|kick|kid|kidney|kind|kingdom|kiss|kit|kitchen|kite|kitten|kiwi|knee|knife|knock|know|lab|label|labor|ladder|lady|lake|lamp|language|laptop|large|later|latin|laugh|laundry|lava|law|lawn|lawsuit|layer|lazy|leader|leaf|learn|leave|lecture|left|leg|legal|legend|leisure|lemon|lend|length|lens|leopard|lesson|letter|level|liar|liberty|library|license|life|lift|light|like|limb|limit|link|lion|liquid|list|little|live|lizard|load|loan|lobster|local|lock|logic|lonely|long|loop|lottery|loud|lounge|love|loyal|lucky|luggage|lumber|lunar|lunch|luxury|lying|machine|mad|magic|magnet|maid|mail|main|major|make|mammal|man|manage|mandate|mango|mansion|manual|maple|marble|march|margin|marine|market|marriage|mask|mass|master|match|material|math|matrix|matter|maximum|maze|meadow|mean|measure|meat|mechanic|medal|media|melody|melt|member|memory|mention|menu|mercy|merge|merit|merry|mesh|message|metal|method|middle|midnight|milk|million|mimic|mind|minimum|minor|minute|miracle|mirror|misery|miss|mistake|mix|mixed|mixture|mobile|model|modify|mom|moment|monitor|monkey|monster|month|moon|moral|more|morning|mosquito|mother|motion|motor|mountain|mouse|move|movie|much|muffin|mule|multiply|muscle|museum|mushroom|music|must|mutual|myself|mystery|myth|naive|name|napkin|narrow|nasty|nation|nature|near|neck|need|needle|neglect|neighbor|neither|nephew|nerve|nest|net|network|neutral|never|news|next|nice|night|noble|noise|nominee|noodle|normal|north|nose|notable|note|nothing|notice|novel|now|nuclear|number|nurse|nut|oak|obey|object|oblige|obscure|observe|obtain|obvious|occur|ocean|october|odor|off|offer|office|often|oil|okay|old|olive|olympic|omit|once|one|onion|online|only|open|opera|opinion|oppose|option|orange|orbit|orchard|order|ordinary|organ|orient|original|orphan|ostrich|other|outdoor|outer|output|outside|oval|oven|over|own|owner|oxygen|oyster|ozone|pact|paddle|page|pair|palace|palm|panda|panel|panic|panther|paper|parade|parent|park|parrot|part|party|pass|patch|path|patient|patrol|pattern|pause|pave|payment|peace|peanut|pear|peasant|pelican|pen|penalty|pencil|people|pepper|perfect|permit|person|pet|phone|photo|phrase|physical|piano|picnic|picture|piece|pig|pigeon|pill|pilot|pink|pioneer|pipe|pistol|pitch|pizza|place|planet|plastic|plate|play|please|pledge|pluck|plug|plunge|poem|poet|point|polar|pole|police|pond|pony|pool|popular|portion|position|possible|post|potato|pottery|poverty|powder|power|practice|praise|predict|prefer|prepare|present|pretty|prevent|price|pride|primary|print|priority|prison|private|prize|problem|process|produce|profit|program|project|promote|proof|property|prosper|protect|proud|provide|public|pudding|pull|pulp|pulse|pumpkin|punch|pupil|puppy|purchase|purity|purpose|purse|push|put|puzzle|pyramid|quality|quantum|quarter|question|quick|quiet|quilt|quit|quiz|quote|rabbit|raccoon|race|rack|radar|radio|rail|rain|raise|rally|ramp|ranch|random|range|rapid|rare|rate|rather|raven|raw|razor|ready|real|reason|rebel|rebuild|recall|receive|recipe|record|recycle|reduce|reflect|reform|refuse|region|regret|regular|reject|relax|release|relief|rely|remain|remember|remind|remove|render|renew|rent|reopen|repair|repeat|replace|report|require|rescue|resemble|resist|resource|response|result|retire|retreat|return|reunion|reveal|review|reward|rhythm|rib|ribbon|rice|rich|ride|ridge|rifle|right|rigid|ring|riot|ripple|rise|risk|ritual|rival|river|road|roast|rob|robot|robust|rocket|romance|roof|rookie|room|rose|rotate|rough|round|route|royal|rubber|rude|rug|rule|run|runway|rural|sad|saddle|sadness|safe|sail|salad|salmon|salon|salt|salute|same|sample|sand|satisfy|satoshi|sauce|sausage|save|say|scale|scan|scare|scatter|scene|scheme|school|science|scissors|scorpion|scout|scrap|screen|script|scrub|sea|search|season|seat|second|secret|section|security|seed|seek|segment|select|sell|seminar|senior|sense|sentence|series|service|session|settle|setup|seven|shadow|shaft|shallow|share|shed|shell|sheriff|shield|shift|shine|ship|shirt|shock|shoe|shoot|shop|short|shoulder|shove|shrimp|shrug|shuffle|shy|sibling|sick|side|siege|sight|sign|silent|silk|silly|silver|similar|simple|since|sing|siren|sister|situate|six|size|skate|sketch|ski|skill|skin|skirt|skull|slab|slam|sleep|slender|slice|slide|slight|slim|slogan|slot|slow|slush|small|smart|smile|smoke|smooth|snack|snake|snap|sniff|snow|soap|soccer|social|sock|soda|soft|solar|sold|soldier|solid|solution|solve|someone|song|soon|sorry|sort|soul|sound|soup|source|south|space|spare|spatial|spawn|speak|special|speed|spell|spend|sphere|spice|spider|spike|spin|spirit|split|spoil|sponsor|spoon|sport|spot|spray|spread|spring|spy|square|squeeze|squirrel|stable|stadium|staff|stage|stairs|stamp|stand|start|state|stay|steak|steel|stem|step|stereo|stick|still|sting|stock|stomach|stone|stool|story|stove|strategy|street|strike|strong|struggle|student|stuff|stumble|style|subject|submit|subway|success|such|sudden|suffer|sugar|suggest|suit|summer|sun|sunny|sunset|super|supply|supreme|sure|surface|surge|surprise|surround|survey|suspect|sustain|swallow|swamp|swap|swear|sweet|swift|swim|swing|switch|sword|symbol|symptom|syrup|system|table|tackle|tag|tail|talent|talk|tank|tape|target|task|taste|tattoo|taxi|teach|team|tell|ten|tenant|tennis|tent|term|test|text|thank|that|theme|then|theory|there|they|thing|this|thought|three|thrive|throw|thumb|thunder|ticket|tide|tiger|tilt|timber|time|tiny|tip|tired|tissue|title|toast|tobacco|today|toddler|toe|together|toilet|token|tomato|tomorrow|tone|tongue|tonight|tool|tooth|top|topic|topple|torch|tornado|tortoise|toss|total|tourist|toward|tower|town|toy|track|trade|traffic|tragic|train|transfer|trap|trash|travel|tray|treat|tree|trend|trial|tribe|trick|trigger|trim|trip|trophy|trouble|truck|true|truly|trumpet|trust|truth|try|tube|tuition|tumble|tuna|tunnel|turkey|turn|turtle|twelve|twenty|twice|twin|twist|two|type|typical|ugly|umbrella|unable|unaware|uncle|uncover|under|undo|unfair|unfold|unhappy|uniform|unique|unit|universe|unknown|unlock|until|unusual|unveil|update|upgrade|uphold|upon|upper|upset|urban|urge|usage|use|used|useful|useless|usual|utility|vacant|vacuum|vague|valid|valley|valve|van|vanish|vapor|various|vast|vault|vehicle|velvet|vendor|venture|venue|verb|verify|version|very|vessel|veteran|viable|vibe|vicious|victory|video|view|village|vintage|violin|virtual|virus|visa|visit|visual|vital|vivid|vocal|voice|void|volcano|volume|vote|voyage|wage|wagon|wait|walk|wall|walnut|want|warfare|warm|warrior|wash|wasp|waste|water|wave|way|wealth|weapon|wear|weasel|weather|web|wedding|weekend|weird|welcome|west|wet|what|wheat|wheel|when|where|whip|whisper|wide|width|wife|wild|will|win|window|wine|wing|wink|winner|winter|wire|wisdom|wise|wish|witness|wolf|woman|wonder|wood|wool|word|work|world|worry|worth|wrap|wreck|wrestle|wrist|write|wrong|yard|year|yellow|you|young|youth|zebra|zero|zone|zoo)\b(?:\s+\b(?:abandon|ability|able|about|above|absent|absorb|abstract|absurd|abuse|access|accident|account|accuse|achieve|acid|acoustic|acquire|across|act|action|actor|actress|actual|adapt|add|addict|address|adjust|admit|adult|advance|advice|aerobic|affair|afford|afraid|again|age|agent|agree|ahead|aim|air|airport|aisle|alarm|album|alcohol|alert|alien|all|alley|allow|almost|alone|alpha|already|also|alter|always|amateur|amazing|among|amount|amused|analyst|anchor|ancient|anger|angle|angry|animal|ankle|announce|annual|another|answer|antenna|antique|anxiety|any|apart|apology|appear|apple|approve|april|arch|arctic|area|arena|argue|arm|armed|armor|army|around|arrange|arrest|arrive|arrow|art|artefact|artist|artwork|ask|aspect|assault|asset|assist|assume|asthma|athlete|atom|attack|attend|attitude|attract|auction|audit|august|aunt|author|auto|autumn|average|avocado|avoid|awake|aware|away|awesome|awful|awkward|axis|baby|bachelor|bacon|badge|bag|balance|balcony|ball|bamboo|banana|banner|bar|barely|bargain|barrel|base|basic|basket|battle|beach|bean|beauty|because|become|beef|before|begin|behave|behind|believe|below|belt|bench|benefit|best|betray|better|between|beyond|bicycle|bid|bike|bind|biology|bird|birth|bitter|black|blade|blame|blanket|blast|bleak|bless|blind|blood|blossom|blow|blue|blur|blush|board|boat|body|boil|bomb|bone|bonus|book|boost|border|boring|borrow|boss|bottom|bounce|box|boy|bracket|brain|brand|brass|brave|bread|breeze|brick|bridge|brief|bright|bring|brisk|broccoli|broken|bronze|broom|brother|brown|brush|bubble|buddy|budget|buffalo|build|bulb|bulk|bullet|bundle|bunker|burden|burger|burst|bus|business|busy|butter|buyer|buzz|cabbage|cabin|cable|cactus|cage|cake|call|calm|camera|camp|can|canal|cancel|candy|cannon|canoe|canvas|canyon|capable|capital|captain|car|carbon|card|care|career|careful|careless|cargo|carpet|carry|cart|case|cash|casino|castle|casual|cat|catalog|catch|category|cattle|caught|cause|caution|cave|ceiling|celery|cement|census|century|cereal|certain|chair|chalk|champion|change|chaos|chapter|charge|chase|chat|cheap|check|cheese|chef|cherry|chest|chicken|chief|child|chimney|choice|choose|chronic|chuckle|chunk|churn|cigar|cinnamon|circle|citizen|city|civil|claim|clamp|clarify|clash|classic|clean|clear|click|client|cliff|climb|clinic|clip|clock|clog|close|cloth|cloud|clown|club|clump|cluster|clutch|coach|coast|coconut|code|coffee|coil|coin|collect|color|column|combine|come|comfort|comic|common|company|concert|conduct|confirm|congress|connect|consider|control|convince|cook|cool|copper|copy|coral|core|corn|correct|cost|cotton|couch|country|couple|course|cousin|cover|coyote|crack|cradle|craft|cram|crane|crash|crater|crawl|crazy|cream|credit|creek|crew|cricket|crime|crisp|critic|crop|cross|crouch|crowd|crucial|cruel|cruise|crumble|crunch|crush|cry|crystal|cube|culture|cup|cupboard|curious|current|curtain|curve|cushion|custom|cute|cycle|dad|damage|damp|dance|danger|daring|dash|daughter|dawn|day|deal|debate|debris|decade|december|decide|decline|decorate|decrease|deer|defense|define|defy|degree|delay|deliver|demand|demise|denial|dentist|deny|depart|depend|deposit|depth|deputy|derive|describe|desert|design|desk|despair|destroy|detail|detect|device|devote|diagram|dial|diamond|diary|dice|diesel|diet|differ|digital|dignity|dilemma|dinner|dinosaur|direct|dirt|disagree|discover|disease|dish|dismiss|disorder|display|distance|divert|divide|divorce|dizzy|doctor|document|dog|doll|dolphin|domain|donate|donkey|donor|door|dose|double|dove|draft|dragon|drama|drape|draw|dream|dress|drift|drill|drink|drip|drive|drop|drum|dry|duck|dumb|dune|during|dust|dutch|duty|dwarf|dynamic|eager|eagle|early|earn|earth|easily|east|easy|echo|ecology|economy|edge|edit|educate|effort|egg|eight|either|elbow|elder|electric|elegant|element|elephant|elevator|elite|else|embark|embody|embrace|emerge|emotion|employ|empower|empty|enable|enact|end|endless|endorse|enemy|energy|enforce|engage|engine|enhance|enjoy|enlist|enough|enrich|enroll|ensure|enter|entire|entry|envelope|episode|equal|equip|era|erase|erode|erosion|error|erupt|escape|essay|essence|estate|eternal|ethics|evidence|evil|evoke|evolve|exact|example|excess|exchange|excite|exclude|excuse|execute|exercise|exhaust|exhibit|exile|exist|exit|exotic|expand|expect|expire|explain|expose|express|extend|extra|eye|eyebrow|fabric|face|faculty|fade|faint|faith|fall|false|fame|family|famous|fan|fancy|fantasy|farm|fashion|fat|fatal|father|fatigue|fault|favorite|feature|february|federal|fee|feed|feel|female|fence|festival|fetch|fever|few|fiber|fiction|field|figure|file|fill|film|filter|final|find|fine|finger|finish|fire|firm|first|fiscal|fish|fit|fitness|fix|flag|flame|flat|flavor|flee|flight|flip|float|flock|floor|flower|fluid|flush|fly|foam|focus|fog|foil|fold|follow|food|foot|force|forest|forget|fork|fortune|forum|forward|fossil|foster|found|fox|frame|frequent|fresh|friend|fringe|frog|front|frost|frown|frozen|fruit|fuel|fun|funny|furnace|fury|future|gadget|gain|galaxy|gallery|game|gap|garage|garbage|garden|garlic|garment|gas|gasp|gate|gather|gauge|gaze|general|genius|genre|gentle|genuine|gesture|ghost|giant|gift|giggle|ginger|giraffe|girl|give|glad|glance|glare|glass|glide|glimpse|globe|gloom|glory|glove|glow|glue|goat|goddess|gold|good|goose|gorilla|gospel|gossip|govern|gown|grab|grace|grain|grant|grape|grass|gravity|great|green|grid|grief|grit|grocery|group|grow|grunt|guard|guess|guide|guilt|guitar|gun|gym|habit|hair|half|hammer|hamster|hand|happy|harbor|hard|harsh|harvest|hat|have|hawk|hazard|head|healthy|hear|heart|heavy|hedgehog|height|held|hello|helmet|help|hen|hero|hidden|high|hill|hint|hip|hire|history|hobby|hockey|hold|hole|holiday|hollow|home|honey|hood|hope|horn|horror|horse|hospital|host|hotel|hour|hover|hub|huge|human|humble|humor|hundred|hungry|hunt|hurdle|hurry|hurt|husband|hybrid|ice|icon|idea|identify|idle|ignore|ill|illegal|illness|image|imitate|immense|immune|impact|impose|improve|impulse|inch|include|income|increase|index|indicate|indoor|industry|infant|inflict|inform|inhale|inherit|initial|inject|injury|inmate|inner|innocent|input|inquiry|insane|insect|inside|inspire|install|intact|interest|into|invest|invite|involve|iron|island|isolate|issue|item|ivory|jacket|jaguar|jar|jazz|jealous|jeans|jelly|jewel|job|join|joke|journey|joy|judge|juice|jump|jungle|junior|junk|just|kangaroo|keen|keep|ketchup|key|kick|kid|kidney|kind|kingdom|kiss|kit|kitchen|kite|kitten|kiwi|knee|knife|knock|know|lab|label|labor|ladder|lady|lake|lamp|language|laptop|large|later|latin|laugh|laundry|lava|law|lawn|lawsuit|layer|lazy|leader|leaf|learn|leave|lecture|left|leg|legal|legend|leisure|lemon|lend|length|lens|leopard|lesson|letter|level|liar|liberty|library|license|life|lift|light|like|limb|limit|link|lion|liquid|list|little|live|lizard|load|loan|lobster|local|lock|logic|lonely|long|loop|lottery|loud|lounge|love|loyal|lucky|luggage|lumber|lunar|lunch|luxury|lying|machine|mad|magic|magnet|maid|mail|main|major|make|mammal|man|manage|mandate|mango|mansion|manual|maple|marble|march|margin|marine|market|marriage|mask|mass|master|match|material|math|matrix|matter|maximum|maze|meadow|mean|measure|meat|mechanic|medal|media|melody|melt|member|memory|mention|menu|mercy|merge|merit|merry|mesh|message|metal|method|middle|midnight|milk|million|mimic|mind|minimum|minor|minute|miracle|mirror|misery|miss|mistake|mix|mixed|mixture|mobile|model|modify|mom|moment|monitor|monkey|monster|month|moon|moral|more|morning|mosquito|mother|motion|motor|mountain|mouse|move|movie|much|muffin|mule|multiply|muscle|museum|mushroom|music|must|mutual|myself|mystery|myth|naive|name|napkin|narrow|nasty|nation|nature|near|neck|need|needle|neglect|neighbor|neither|nephew|nerve|nest|net|network|neutral|never|news|next|nice|night|noble|noise|nominee|noodle|normal|north|nose|notable|note|nothing|notice|novel|now|nuclear|number|nurse|nut|oak|obey|object|oblige|obscure|observe|obtain|obvious|occur|ocean|october|odor|off|offer|office|often|oil|okay|old|olive|olympic|omit|once|one|onion|online|only|open|opera|opinion|oppose|option|orange|orbit|orchard|order|ordinary|organ|orient|original|orphan|ostrich|other|outdoor|outer|output|outside|oval|oven|over|own|owner|oxygen|oyster|ozone|pact|paddle|page|pair|palace|palm|panda|panel|panic|panther|paper|parade|parent|park|parrot|part|party|pass|patch|path|patient|patrol|pattern|pause|pave|payment|peace|peanut|pear|peasant|pelican|pen|penalty|pencil|people|pepper|perfect|permit|person|pet|phone|photo|phrase|physical|piano|picnic|picture|piece|pig|pigeon|pill|pilot|pink|pioneer|pipe|pistol|pitch|pizza|place|planet|plastic|plate|play|please|pledge|pluck|plug|plunge|poem|poet|point|polar|pole|police|pond|pony|pool|popular|portion|position|possible|post|potato|pottery|poverty|powder|power|practice|praise|predict|prefer|prepare|present|pretty|prevent|price|pride|primary|print|priority|prison|private|prize|problem|process|produce|profit|program|project|promote|proof|property|prosper|protect|proud|provide|public|pudding|pull|pulp|pulse|pumpkin|punch|pupil|puppy|purchase|purity|purpose|purse|push|put|puzzle|pyramid|quality|quantum|quarter|question|quick|quiet|quilt|quit|quiz|quote|rabbit|raccoon|race|rack|radar|radio|rail|rain|raise|rally|ramp|ranch|random|range|rapid|rare|rate|rather|raven|raw|razor|ready|real|reason|rebel|rebuild|recall|receive|recipe|record|recycle|reduce|reflect|reform|refuse|region|regret|regular|reject|relax|release|relief|rely|remain|remember|remind|remove|render|renew|rent|reopen|repair|repeat|replace|report|require|rescue|resemble|resist|resource|response|result|retire|retreat|return|reunion|reveal|review|reward|rhythm|rib|ribbon|rice|rich|ride|ridge|rifle|right|rigid|ring|riot|ripple|rise|risk|ritual|rival|river|road|roast|rob|robot|robust|rocket|romance|roof|rookie|room|rose|rotate|rough|round|route|royal|rubber|rude|rug|rule|run|runway|rural|sad|saddle|sadness|safe|sail|salad|salmon|salon|salt|salute|same|sample|sand|satisfy|satoshi|sauce|sausage|save|say|scale|scan|scare|scatter|scene|scheme|school|science|scissors|scorpion|scout|scrap|screen|script|scrub|sea|search|season|seat|second|secret|section|security|seed|seek|segment|select|sell|seminar|senior|sense|sentence|series|service|session|settle|setup|seven|shadow|shaft|shallow|share|shed|shell|sheriff|shield|shift|shine|ship|shirt|shock|shoe|shoot|shop|short|shoulder|shove|shrimp|shrug|shuffle|shy|sibling|sick|side|siege|sight|sign|silent|silk|silly|silver|similar|simple|since|sing|siren|sister|situate|six|size|skate|sketch|ski|skill|skin|skirt|skull|slab|slam|sleep|slender|slice|slide|slight|slim|slogan|slot|slow|slush|small|smart|smile|smoke|smooth|snack|snake|snap|sniff|snow|soap|soccer|social|sock|soda|soft|solar|sold|soldier|solid|solution|solve|someone|song|soon|sorry|sort|soul|sound|soup|source|south|space|spare|spatial|spawn|speak|special|speed|spell|spend|sphere|spice|spider|spike|spin|spirit|split|spoil|sponsor|spoon|sport|spot|spray|spread|spring|spy|square|squeeze|squirrel|stable|stadium|staff|stage|stairs|stamp|stand|start|state|stay|steak|steel|stem|step|stereo|stick|still|sting|stock|stomach|stone|stool|story|stove|strategy|street|strike|strong|struggle|student|stuff|stumble|style|subject|submit|subway|success|such|sudden|suffer|sugar|suggest|suit|summer|sun|sunny|sunset|super|supply|supreme|sure|surface|surge|surprise|surround|survey|suspect|sustain|swallow|swamp|swap|swear|sweet|swift|swim|swing|switch|sword|symbol|symptom|syrup|system|table|tackle|tag|tail|talent|talk|tank|tape|target|task|taste|tattoo|taxi|teach|team|tell|ten|tenant|tennis|tent|term|test|text|thank|that|theme|then|theory|there|they|thing|this|thought|three|thrive|throw|thumb|thunder|ticket|tide|tiger|tilt|timber|time|tiny|tip|tired|tissue|title|toast|tobacco|today|toddler|toe|together|toilet|token|tomato|tomorrow|tone|tongue|tonight|tool|tooth|top|topic|topple|torch|tornado|tortoise|toss|total|tourist|toward|tower|town|toy|track|trade|traffic|tragic|train|transfer|trap|trash|travel|tray|treat|tree|trend|trial|tribe|trick|trigger|trim|trip|trophy|trouble|truck|true|truly|trumpet|trust|truth|try|tube|tuition|tumble|tuna|tunnel|turkey|turn|turtle|twelve|twenty|twice|twin|twist|two|type|typical|ugly|umbrella|unable|unaware|uncle|uncover|under|undo|unfair|unfold|unhappy|uniform|unique|unit|universe|unknown|unlock|until|unusual|unveil|update|upgrade|uphold|upon|upper|upset|urban|urge|usage|use|used|useful|useless|usual|utility|vacant|vacuum|vague|valid|valley|valve|van|vanish|vapor|various|vast|vault|vehicle|velvet|vendor|venture|venue|verb|verify|version|very|vessel|veteran|viable|vibe|vicious|victory|video|view|village|vintage|violin|virtual|virus|visa|visit|visual|vital|vivid|vocal|voice|void|volcano|volume|vote|voyage|wage|wagon|wait|walk|wall|walnut|want|warfare|warm|warrior|wash|wasp|waste|water|wave|way|wealth|weapon|wear|weasel|weather|web|wedding|weekend|weird|welcome|west|wet|what|wheat|wheel|when|where|whip|whisper|wide|width|wife|wild|will|win|window|wine|wing|wink|winner|winter|wire|wisdom|wise|wish|witness|wolf|woman|wonder|wood|wool|word|work|world|worry|worth|wrap|wreck|wrestle|wrist|write|wrong|yard|year|yellow|you|young|youth|zebra|zero|zone|zoo)\b){11,23}/gi,
|
|
605
|
+
severity: 'critical',
|
|
606
|
+
description: 'BIP39 mnemonic seed phrase detected (12-24 words)',
|
|
607
|
+
suggestion: 'Remove seed phrase immediately and use secure wallet management',
|
|
608
|
+
},
|
|
609
|
+
{
|
|
610
|
+
id: 'solana-private-key',
|
|
611
|
+
name: 'Solana Private Key',
|
|
612
|
+
pattern: /[1-9A-HJ-NP-Za-km-z]{87,88}/g,
|
|
613
|
+
severity: 'critical',
|
|
614
|
+
description: 'Solana private key detected',
|
|
615
|
+
suggestion: 'Remove private key immediately and use secure key management',
|
|
616
|
+
},
|
|
617
|
+
{
|
|
618
|
+
id: 'metamask-vault',
|
|
619
|
+
name: 'MetaMask Vault',
|
|
620
|
+
pattern: /"vault"\s*:\s*"[^"]+"/g,
|
|
621
|
+
severity: 'critical',
|
|
622
|
+
description: 'MetaMask vault data detected',
|
|
623
|
+
suggestion: 'Remove MetaMask vault data and add to .gitignore',
|
|
624
|
+
},
|
|
625
|
+
{
|
|
626
|
+
id: 'infura-api-key',
|
|
627
|
+
name: 'Infura API Key',
|
|
628
|
+
pattern: /infura[^a-zA-Z0-9]*[a-f0-9]{32}/gi,
|
|
629
|
+
severity: 'high',
|
|
630
|
+
description: 'Infura API key detected',
|
|
631
|
+
suggestion: 'Move to environment variable: INFURA_API_KEY',
|
|
632
|
+
},
|
|
633
|
+
{
|
|
634
|
+
id: 'alchemy-api-key',
|
|
635
|
+
name: 'Alchemy API Key',
|
|
636
|
+
pattern: /alchemy[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32}/gi,
|
|
637
|
+
severity: 'high',
|
|
638
|
+
description: 'Alchemy API key detected',
|
|
639
|
+
suggestion: 'Move to environment variable: ALCHEMY_API_KEY',
|
|
640
|
+
},
|
|
641
|
+
{
|
|
642
|
+
id: 'moralis-api-key',
|
|
643
|
+
name: 'Moralis API Key',
|
|
644
|
+
pattern: /moralis[^a-zA-Z0-9]*[a-zA-Z0-9]{64}/gi,
|
|
645
|
+
severity: 'high',
|
|
646
|
+
description: 'Moralis API key detected',
|
|
647
|
+
suggestion: 'Move to environment variable: MORALIS_API_KEY',
|
|
648
|
+
},
|
|
649
|
+
{
|
|
650
|
+
id: 'web3-storage-token',
|
|
651
|
+
name: 'Web3.Storage Token',
|
|
652
|
+
pattern: /eyJ[a-zA-Z0-9_-]*\.eyJ[a-zA-Z0-9_-]*\.[a-zA-Z0-9_-]*/g,
|
|
653
|
+
severity: 'high',
|
|
654
|
+
description: 'Web3.Storage API token detected',
|
|
655
|
+
suggestion: 'Move to environment variable: WEB3_STORAGE_TOKEN',
|
|
656
|
+
},
|
|
657
|
+
{
|
|
658
|
+
id: 'pinata-api-key',
|
|
659
|
+
name: 'Pinata API Key',
|
|
660
|
+
pattern: /pinata[^a-zA-Z0-9]*[a-f0-9]{64}/gi,
|
|
661
|
+
severity: 'high',
|
|
662
|
+
description: 'Pinata API key detected',
|
|
663
|
+
suggestion: 'Move to environment variable: PINATA_API_KEY',
|
|
664
|
+
},
|
|
665
|
+
{
|
|
666
|
+
id: 'coinbase-api-key',
|
|
667
|
+
name: 'Coinbase API Key',
|
|
668
|
+
pattern: /coinbase[^a-zA-Z0-9]*[a-f0-9]{32}/gi,
|
|
669
|
+
severity: 'critical',
|
|
670
|
+
description: 'Coinbase API key detected',
|
|
671
|
+
suggestion: 'Move to environment variable: COINBASE_API_KEY',
|
|
672
|
+
},
|
|
673
|
+
{
|
|
674
|
+
id: 'binance-api-key',
|
|
675
|
+
name: 'Binance API Key',
|
|
676
|
+
pattern: /binance[^a-zA-Z0-9]*[a-zA-Z0-9]{64}/gi,
|
|
677
|
+
severity: 'critical',
|
|
678
|
+
description: 'Binance API key detected',
|
|
679
|
+
suggestion: 'Move to environment variable: BINANCE_API_KEY',
|
|
680
|
+
},
|
|
681
|
+
{
|
|
682
|
+
id: 'next-public-warning',
|
|
683
|
+
name: 'NEXT_PUBLIC Environment Variable Warning',
|
|
684
|
+
pattern: /NEXT_PUBLIC_[A-Z_]*(?:SECRET|KEY|TOKEN|PASSWORD|PRIVATE)[A-Z_]*\s*=\s*['"]/gi,
|
|
685
|
+
severity: 'high',
|
|
686
|
+
description: 'NEXT_PUBLIC variable with sensitive name detected - this will be exposed to the browser',
|
|
687
|
+
suggestion: 'Remove NEXT_PUBLIC prefix for sensitive data or use server-side environment variables',
|
|
688
|
+
},
|
|
689
|
+
{
|
|
690
|
+
id: 'hardhat-private-key',
|
|
691
|
+
name: 'Hardhat Private Key',
|
|
692
|
+
pattern: /PRIVATE_KEY\s*[:=]\s*['"]0x[a-fA-F0-9]{64}['"]/gi,
|
|
693
|
+
severity: 'critical',
|
|
694
|
+
description: 'Hardhat private key configuration detected',
|
|
695
|
+
suggestion: 'Move to environment variable and add to .gitignore',
|
|
696
|
+
},
|
|
697
|
+
{
|
|
698
|
+
id: 'truffle-mnemonic',
|
|
699
|
+
name: 'Truffle Mnemonic',
|
|
700
|
+
pattern: /mnemonic\s*[:=]\s*['"][^'"]*['"]/gi,
|
|
701
|
+
severity: 'critical',
|
|
702
|
+
description: 'Truffle mnemonic configuration detected',
|
|
703
|
+
suggestion: 'Move to environment variable and add to .gitignore',
|
|
704
|
+
},
|
|
705
|
+
{
|
|
706
|
+
id: 'web3-provider-url',
|
|
707
|
+
name: 'Web3 Provider URL with API Key',
|
|
708
|
+
pattern: /https:\/\/[^\/]*\.infura\.io\/v3\/[a-f0-9]{32}/gi,
|
|
709
|
+
severity: 'high',
|
|
710
|
+
description: 'Web3 provider URL with API key detected',
|
|
711
|
+
suggestion: 'Move API key to environment variable',
|
|
712
|
+
},
|
|
713
|
+
{
|
|
714
|
+
id: 'ethereum-keystore',
|
|
715
|
+
name: 'Ethereum Keystore File',
|
|
716
|
+
pattern: /"crypto"\s*:\s*\{[^}]*"cipher"\s*:\s*"aes-128-ctr"/gi,
|
|
717
|
+
severity: 'critical',
|
|
718
|
+
description: 'Ethereum keystore file detected',
|
|
719
|
+
suggestion: 'Remove keystore file and add to .gitignore',
|
|
720
|
+
},
|
|
721
|
+
{
|
|
722
|
+
id: 'wallet-connect-project-id',
|
|
723
|
+
name: 'WalletConnect Project ID',
|
|
724
|
+
pattern: /walletconnect[^a-zA-Z0-9]*[a-f0-9]{32}/gi,
|
|
725
|
+
severity: 'medium',
|
|
726
|
+
description: 'WalletConnect project ID detected',
|
|
727
|
+
suggestion: 'Move to environment variable: WALLETCONNECT_PROJECT_ID',
|
|
728
|
+
},
|
|
729
|
+
// ============================================
|
|
730
|
+
// Additional Blockchain Networks
|
|
731
|
+
// ============================================
|
|
732
|
+
{
|
|
733
|
+
id: 'generic-blockchain-private-key',
|
|
734
|
+
name: 'Generic Blockchain Private Key',
|
|
735
|
+
pattern: /[a-fA-F0-9]{64}/g,
|
|
736
|
+
severity: 'critical',
|
|
737
|
+
description: 'Generic blockchain private key detected (64-character hex - Tron, Cosmos, Chainlink, etc.)',
|
|
738
|
+
suggestion: 'Remove private key immediately and use secure key management',
|
|
739
|
+
},
|
|
740
|
+
{
|
|
741
|
+
id: 'near-private-key',
|
|
742
|
+
name: 'NEAR Private Key',
|
|
743
|
+
pattern: /ed25519:[1-9A-HJ-NP-Za-km-z]{87,88}/g,
|
|
744
|
+
severity: 'critical',
|
|
745
|
+
description: 'NEAR Protocol private key detected',
|
|
746
|
+
suggestion: 'Remove private key immediately and use secure key management',
|
|
747
|
+
},
|
|
748
|
+
{
|
|
749
|
+
id: 'cardano-private-key',
|
|
750
|
+
name: 'Cardano Private Key',
|
|
751
|
+
pattern: /[a-fA-F0-9]{128}/g,
|
|
752
|
+
severity: 'critical',
|
|
753
|
+
description: 'Cardano extended private key detected',
|
|
754
|
+
suggestion: 'Remove private key immediately and use secure key management',
|
|
755
|
+
},
|
|
756
|
+
{
|
|
757
|
+
id: 'avalanche-private-key',
|
|
758
|
+
name: 'Avalanche Private Key',
|
|
759
|
+
pattern: /PrivateKey-[1-9A-HJ-NP-Za-km-z]{51}/g,
|
|
760
|
+
severity: 'critical',
|
|
761
|
+
description: 'Avalanche private key detected',
|
|
762
|
+
suggestion: 'Remove private key immediately and use secure key management',
|
|
763
|
+
},
|
|
764
|
+
{
|
|
765
|
+
id: 'algorand-private-key',
|
|
766
|
+
name: 'Algorand Private Key',
|
|
767
|
+
pattern: /[A-Z2-7]{88}/g,
|
|
768
|
+
severity: 'critical',
|
|
769
|
+
description: 'Algorand private key detected (base32 encoded)',
|
|
770
|
+
suggestion: 'Remove private key immediately and use secure key management',
|
|
771
|
+
},
|
|
772
|
+
{
|
|
773
|
+
id: 'stellar-private-key',
|
|
774
|
+
name: 'Stellar Private Key',
|
|
775
|
+
pattern: /S[A-Z2-7]{55}/g,
|
|
776
|
+
severity: 'critical',
|
|
777
|
+
description: 'Stellar private key detected',
|
|
778
|
+
suggestion: 'Remove private key immediately and use secure key management',
|
|
779
|
+
},
|
|
780
|
+
{
|
|
781
|
+
id: 'ripple-private-key',
|
|
782
|
+
name: 'Ripple (XRP) Private Key',
|
|
783
|
+
pattern: /[a-fA-F0-9]{66}/g,
|
|
784
|
+
severity: 'critical',
|
|
785
|
+
description: 'Ripple (XRP) private key detected',
|
|
786
|
+
suggestion: 'Remove private key immediately and use secure key management',
|
|
787
|
+
},
|
|
788
|
+
// ============================================
|
|
789
|
+
// Blockchain Service API Keys
|
|
790
|
+
// ============================================
|
|
791
|
+
{
|
|
792
|
+
id: 'quicknode-api-key',
|
|
793
|
+
name: 'QuickNode API Key',
|
|
794
|
+
pattern: /quicknode[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
795
|
+
severity: 'high',
|
|
796
|
+
description: 'QuickNode API key detected',
|
|
797
|
+
suggestion: 'Move to environment variable: QUICKNODE_API_KEY',
|
|
798
|
+
},
|
|
799
|
+
{
|
|
800
|
+
id: 'ankr-api-key',
|
|
801
|
+
name: 'Ankr API Key',
|
|
802
|
+
pattern: /ankr[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
803
|
+
severity: 'high',
|
|
804
|
+
description: 'Ankr API key detected',
|
|
805
|
+
suggestion: 'Move to environment variable: ANKR_API_KEY',
|
|
806
|
+
},
|
|
807
|
+
{
|
|
808
|
+
id: 'getblock-api-key',
|
|
809
|
+
name: 'GetBlock API Key',
|
|
810
|
+
pattern: /getblock[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
811
|
+
severity: 'high',
|
|
812
|
+
description: 'GetBlock API key detected',
|
|
813
|
+
suggestion: 'Move to environment variable: GETBLOCK_API_KEY',
|
|
814
|
+
},
|
|
815
|
+
{
|
|
816
|
+
id: 'nodereal-api-key',
|
|
817
|
+
name: 'NodeReal API Key',
|
|
818
|
+
pattern: /nodereal[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
819
|
+
severity: 'high',
|
|
820
|
+
description: 'NodeReal API key detected',
|
|
821
|
+
suggestion: 'Move to environment variable: NODEREAL_API_KEY',
|
|
822
|
+
},
|
|
823
|
+
{
|
|
824
|
+
id: 'pokt-api-key',
|
|
825
|
+
name: 'Pocket Network API Key',
|
|
826
|
+
pattern: /pokt[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
827
|
+
severity: 'high',
|
|
828
|
+
description: 'Pocket Network API key detected',
|
|
829
|
+
suggestion: 'Move to environment variable: POKT_API_KEY',
|
|
830
|
+
},
|
|
831
|
+
{
|
|
832
|
+
id: 'thegraph-api-key',
|
|
833
|
+
name: 'The Graph API Key',
|
|
834
|
+
pattern: /thegraph[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
835
|
+
severity: 'high',
|
|
836
|
+
description: 'The Graph API key detected',
|
|
837
|
+
suggestion: 'Move to environment variable: THEGRAPH_API_KEY',
|
|
838
|
+
},
|
|
839
|
+
// ============================================
|
|
840
|
+
// DeFi Protocol Keys
|
|
841
|
+
// ============================================
|
|
842
|
+
{
|
|
843
|
+
id: 'uniswap-api-key',
|
|
844
|
+
name: 'Uniswap API Key',
|
|
845
|
+
pattern: /uniswap[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
846
|
+
severity: 'high',
|
|
847
|
+
description: 'Uniswap API key detected',
|
|
848
|
+
suggestion: 'Move to environment variable: UNISWAP_API_KEY',
|
|
849
|
+
},
|
|
850
|
+
{
|
|
851
|
+
id: 'compound-api-key',
|
|
852
|
+
name: 'Compound API Key',
|
|
853
|
+
pattern: /compound[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
854
|
+
severity: 'high',
|
|
855
|
+
description: 'Compound API key detected',
|
|
856
|
+
suggestion: 'Move to environment variable: COMPOUND_API_KEY',
|
|
857
|
+
},
|
|
858
|
+
{
|
|
859
|
+
id: 'aave-api-key',
|
|
860
|
+
name: 'Aave API Key',
|
|
861
|
+
pattern: /aave[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
862
|
+
severity: 'high',
|
|
863
|
+
description: 'Aave API key detected',
|
|
864
|
+
suggestion: 'Move to environment variable: AAVE_API_KEY',
|
|
865
|
+
},
|
|
866
|
+
// ============================================
|
|
867
|
+
// NFT Platform Keys
|
|
868
|
+
// ============================================
|
|
869
|
+
{
|
|
870
|
+
id: 'opensea-api-key',
|
|
871
|
+
name: 'OpenSea API Key',
|
|
872
|
+
pattern: /opensea[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
873
|
+
severity: 'high',
|
|
874
|
+
description: 'OpenSea API key detected',
|
|
875
|
+
suggestion: 'Move to environment variable: OPENSEA_API_KEY',
|
|
876
|
+
},
|
|
877
|
+
{
|
|
878
|
+
id: 'rarible-api-key',
|
|
879
|
+
name: 'Rarible API Key',
|
|
880
|
+
pattern: /rarible[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
881
|
+
severity: 'high',
|
|
882
|
+
description: 'Rarible API key detected',
|
|
883
|
+
suggestion: 'Move to environment variable: RARIBLE_API_KEY',
|
|
884
|
+
},
|
|
885
|
+
{
|
|
886
|
+
id: 'nftport-api-key',
|
|
887
|
+
name: 'NFTPort API Key',
|
|
888
|
+
pattern: /nftport[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
889
|
+
severity: 'high',
|
|
890
|
+
description: 'NFTPort API key detected',
|
|
891
|
+
suggestion: 'Move to environment variable: NFTPORT_API_KEY',
|
|
892
|
+
},
|
|
893
|
+
// ============================================
|
|
894
|
+
// Blockchain Analytics Keys
|
|
895
|
+
// ============================================
|
|
896
|
+
{
|
|
897
|
+
id: 'etherscan-api-key',
|
|
898
|
+
name: 'Etherscan API Key',
|
|
899
|
+
pattern: /etherscan[^a-zA-Z0-9]*[A-Z0-9]{34}/gi,
|
|
900
|
+
severity: 'high',
|
|
901
|
+
description: 'Etherscan API key detected',
|
|
902
|
+
suggestion: 'Move to environment variable: ETHERSCAN_API_KEY',
|
|
903
|
+
},
|
|
904
|
+
{
|
|
905
|
+
id: 'bscscan-api-key',
|
|
906
|
+
name: 'BscScan API Key',
|
|
907
|
+
pattern: /bscscan[^a-zA-Z0-9]*[A-Z0-9]{34}/gi,
|
|
908
|
+
severity: 'high',
|
|
909
|
+
description: 'BscScan API key detected',
|
|
910
|
+
suggestion: 'Move to environment variable: BSCSCAN_API_KEY',
|
|
911
|
+
},
|
|
912
|
+
{
|
|
913
|
+
id: 'polygonscan-api-key',
|
|
914
|
+
name: 'PolygonScan API Key',
|
|
915
|
+
pattern: /polygonscan[^a-zA-Z0-9]*[A-Z0-9]{34}/gi,
|
|
916
|
+
severity: 'high',
|
|
917
|
+
description: 'PolygonScan API key detected',
|
|
918
|
+
suggestion: 'Move to environment variable: POLYGONSCAN_API_KEY',
|
|
919
|
+
},
|
|
920
|
+
{
|
|
921
|
+
id: 'dune-api-key',
|
|
922
|
+
name: 'Dune Analytics API Key',
|
|
923
|
+
pattern: /dune[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
924
|
+
severity: 'high',
|
|
925
|
+
description: 'Dune Analytics API key detected',
|
|
926
|
+
suggestion: 'Move to environment variable: DUNE_API_KEY',
|
|
927
|
+
},
|
|
928
|
+
// ============================================
|
|
929
|
+
// Trading Platform API Keys
|
|
930
|
+
// ============================================
|
|
931
|
+
{
|
|
932
|
+
id: 'binance-trading-key',
|
|
933
|
+
name: 'Binance Trading API Key',
|
|
934
|
+
pattern: /[a-zA-Z0-9]{64}/g,
|
|
935
|
+
severity: 'critical',
|
|
936
|
+
description: 'Binance trading API key detected',
|
|
937
|
+
suggestion: 'Move to environment variable: BINANCE_API_KEY and restrict IP access',
|
|
938
|
+
},
|
|
939
|
+
{
|
|
940
|
+
id: 'coinbase-pro-key',
|
|
941
|
+
name: 'Coinbase Pro API Key',
|
|
942
|
+
pattern: /[a-f0-9]{32}/g,
|
|
943
|
+
severity: 'critical',
|
|
944
|
+
description: 'Coinbase Pro API key detected',
|
|
945
|
+
suggestion: 'Move to environment variable: COINBASE_PRO_API_KEY',
|
|
946
|
+
},
|
|
947
|
+
{
|
|
948
|
+
id: 'kraken-api-key',
|
|
949
|
+
name: 'Kraken API Key',
|
|
950
|
+
pattern: /kraken[^a-zA-Z0-9]*[a-zA-Z0-9+/=]{56}/gi,
|
|
951
|
+
severity: 'critical',
|
|
952
|
+
description: 'Kraken API key detected',
|
|
953
|
+
suggestion: 'Move to environment variable: KRAKEN_API_KEY',
|
|
954
|
+
},
|
|
955
|
+
{
|
|
956
|
+
id: 'bitfinex-api-key',
|
|
957
|
+
name: 'Bitfinex API Key',
|
|
958
|
+
pattern: /bitfinex[^a-zA-Z0-9]*[a-zA-Z0-9]{43}/gi,
|
|
959
|
+
severity: 'critical',
|
|
960
|
+
description: 'Bitfinex API key detected',
|
|
961
|
+
suggestion: 'Move to environment variable: BITFINEX_API_KEY',
|
|
962
|
+
},
|
|
963
|
+
{
|
|
964
|
+
id: 'huobi-api-key',
|
|
965
|
+
name: 'Huobi API Key',
|
|
966
|
+
pattern: /huobi[^a-zA-Z0-9]*[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/gi,
|
|
967
|
+
severity: 'critical',
|
|
968
|
+
description: 'Huobi API key detected',
|
|
969
|
+
suggestion: 'Move to environment variable: HUOBI_API_KEY',
|
|
970
|
+
},
|
|
971
|
+
{
|
|
972
|
+
id: 'okx-api-key',
|
|
973
|
+
name: 'OKX API Key',
|
|
974
|
+
pattern: /okx[^a-zA-Z0-9]*[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/gi,
|
|
975
|
+
severity: 'critical',
|
|
976
|
+
description: 'OKX (OKEx) API key detected',
|
|
977
|
+
suggestion: 'Move to environment variable: OKX_API_KEY',
|
|
978
|
+
},
|
|
979
|
+
{
|
|
980
|
+
id: 'kucoin-api-key',
|
|
981
|
+
name: 'KuCoin API Key',
|
|
982
|
+
pattern: /kucoin[^a-zA-Z0-9]*[a-f0-9]{24}/gi,
|
|
983
|
+
severity: 'critical',
|
|
984
|
+
description: 'KuCoin API key detected',
|
|
985
|
+
suggestion: 'Move to environment variable: KUCOIN_API_KEY',
|
|
986
|
+
},
|
|
987
|
+
{
|
|
988
|
+
id: 'bybit-api-key',
|
|
989
|
+
name: 'Bybit API Key',
|
|
990
|
+
pattern: /bybit[^a-zA-Z0-9]*[a-zA-Z0-9]{20}/gi,
|
|
991
|
+
severity: 'critical',
|
|
992
|
+
description: 'Bybit API key detected',
|
|
993
|
+
suggestion: 'Move to environment variable: BYBIT_API_KEY',
|
|
994
|
+
},
|
|
995
|
+
{
|
|
996
|
+
id: 'ftx-api-key',
|
|
997
|
+
name: 'FTX API Key',
|
|
998
|
+
pattern: /ftx[^a-zA-Z0-9]*[a-zA-Z0-9_-]{43}/gi,
|
|
999
|
+
severity: 'critical',
|
|
1000
|
+
description: 'FTX API key detected',
|
|
1001
|
+
suggestion: 'Move to environment variable: FTX_API_KEY',
|
|
1002
|
+
},
|
|
1003
|
+
{
|
|
1004
|
+
id: 'gate-io-api-key',
|
|
1005
|
+
name: 'Gate.io API Key',
|
|
1006
|
+
pattern: /gate[^a-zA-Z0-9]*[a-f0-9]{64}/gi,
|
|
1007
|
+
severity: 'critical',
|
|
1008
|
+
description: 'Gate.io API key detected',
|
|
1009
|
+
suggestion: 'Move to environment variable: GATE_IO_API_KEY',
|
|
1010
|
+
},
|
|
1011
|
+
// ============================================
|
|
1012
|
+
// DEX and DeFi Trading APIs
|
|
1013
|
+
// ============================================
|
|
1014
|
+
{
|
|
1015
|
+
id: '1inch-api-key',
|
|
1016
|
+
name: '1inch API Key',
|
|
1017
|
+
pattern: /1inch[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1018
|
+
severity: 'high',
|
|
1019
|
+
description: '1inch DEX API key detected',
|
|
1020
|
+
suggestion: 'Move to environment variable: ONEINCH_API_KEY',
|
|
1021
|
+
},
|
|
1022
|
+
{
|
|
1023
|
+
id: 'paraswap-api-key',
|
|
1024
|
+
name: 'ParaSwap API Key',
|
|
1025
|
+
pattern: /paraswap[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1026
|
+
severity: 'high',
|
|
1027
|
+
description: 'ParaSwap API key detected',
|
|
1028
|
+
suggestion: 'Move to environment variable: PARASWAP_API_KEY',
|
|
1029
|
+
},
|
|
1030
|
+
{
|
|
1031
|
+
id: 'matcha-api-key',
|
|
1032
|
+
name: 'Matcha API Key',
|
|
1033
|
+
pattern: /matcha[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1034
|
+
severity: 'high',
|
|
1035
|
+
description: 'Matcha (0x) API key detected',
|
|
1036
|
+
suggestion: 'Move to environment variable: MATCHA_API_KEY',
|
|
1037
|
+
},
|
|
1038
|
+
{
|
|
1039
|
+
id: 'coingecko-api-key',
|
|
1040
|
+
name: 'CoinGecko API Key',
|
|
1041
|
+
pattern: /coingecko[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1042
|
+
severity: 'high',
|
|
1043
|
+
description: 'CoinGecko API key detected',
|
|
1044
|
+
suggestion: 'Move to environment variable: COINGECKO_API_KEY',
|
|
1045
|
+
},
|
|
1046
|
+
{
|
|
1047
|
+
id: 'coinmarketcap-api-key',
|
|
1048
|
+
name: 'CoinMarketCap API Key',
|
|
1049
|
+
pattern: /coinmarketcap[^a-zA-Z0-9]*[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/gi,
|
|
1050
|
+
severity: 'high',
|
|
1051
|
+
description: 'CoinMarketCap API key detected',
|
|
1052
|
+
suggestion: 'Move to environment variable: COINMARKETCAP_API_KEY',
|
|
1053
|
+
},
|
|
1054
|
+
// ============================================
|
|
1055
|
+
// IPFS and Decentralized Storage
|
|
1056
|
+
// ============================================
|
|
1057
|
+
{
|
|
1058
|
+
id: 'ipfs-api-key',
|
|
1059
|
+
name: 'IPFS API Key',
|
|
1060
|
+
pattern: /ipfs[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1061
|
+
severity: 'high',
|
|
1062
|
+
description: 'IPFS API key detected',
|
|
1063
|
+
suggestion: 'Move to environment variable: IPFS_API_KEY',
|
|
1064
|
+
},
|
|
1065
|
+
{
|
|
1066
|
+
id: 'filecoin-api-key',
|
|
1067
|
+
name: 'Filecoin API Key',
|
|
1068
|
+
pattern: /filecoin[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1069
|
+
severity: 'high',
|
|
1070
|
+
description: 'Filecoin API key detected',
|
|
1071
|
+
suggestion: 'Move to environment variable: FILECOIN_API_KEY',
|
|
1072
|
+
},
|
|
1073
|
+
{
|
|
1074
|
+
id: 'arweave-key',
|
|
1075
|
+
name: 'Arweave Key',
|
|
1076
|
+
pattern: /arweave[^a-zA-Z0-9]*[a-zA-Z0-9_-]{43}/gi,
|
|
1077
|
+
severity: 'high',
|
|
1078
|
+
description: 'Arweave API key detected',
|
|
1079
|
+
suggestion: 'Move to environment variable: ARWEAVE_KEY',
|
|
1080
|
+
},
|
|
1081
|
+
{
|
|
1082
|
+
id: 'storj-api-key',
|
|
1083
|
+
name: 'Storj API Key',
|
|
1084
|
+
pattern: /storj[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1085
|
+
severity: 'high',
|
|
1086
|
+
description: 'Storj API key detected',
|
|
1087
|
+
suggestion: 'Move to environment variable: STORJ_API_KEY',
|
|
1088
|
+
},
|
|
1089
|
+
{
|
|
1090
|
+
id: 'sia-api-key',
|
|
1091
|
+
name: 'Sia API Key',
|
|
1092
|
+
pattern: /sia[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1093
|
+
severity: 'high',
|
|
1094
|
+
description: 'Sia API key detected',
|
|
1095
|
+
suggestion: 'Move to environment variable: SIA_API_KEY',
|
|
1096
|
+
},
|
|
1097
|
+
// ============================================
|
|
1098
|
+
// Telegram Integration Keys
|
|
1099
|
+
// ============================================
|
|
1100
|
+
{
|
|
1101
|
+
id: 'telegram-trading-bot-token',
|
|
1102
|
+
name: 'Telegram Trading Bot Token',
|
|
1103
|
+
pattern: /[0-9]{8,10}:[a-zA-Z0-9_-]{35}/g,
|
|
1104
|
+
severity: 'critical',
|
|
1105
|
+
description: 'Telegram trading bot token detected',
|
|
1106
|
+
suggestion: 'Revoke token via @BotFather and move to environment variable',
|
|
1107
|
+
},
|
|
1108
|
+
{
|
|
1109
|
+
id: 'telegram-webhook-secret',
|
|
1110
|
+
name: 'Telegram Webhook Secret',
|
|
1111
|
+
pattern: /telegram[^a-zA-Z0-9]*webhook[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1112
|
+
severity: 'high',
|
|
1113
|
+
description: 'Telegram webhook secret detected',
|
|
1114
|
+
suggestion: 'Move to environment variable: TELEGRAM_WEBHOOK_SECRET',
|
|
1115
|
+
},
|
|
1116
|
+
// ============================================
|
|
1117
|
+
// WhatsApp Business API
|
|
1118
|
+
// ============================================
|
|
1119
|
+
{
|
|
1120
|
+
id: 'whatsapp-business-token',
|
|
1121
|
+
name: 'WhatsApp Business API Token',
|
|
1122
|
+
pattern: /whatsapp[^a-zA-Z0-9]*[a-zA-Z0-9_-]{100,}/gi,
|
|
1123
|
+
severity: 'critical',
|
|
1124
|
+
description: 'WhatsApp Business API token detected',
|
|
1125
|
+
suggestion: 'Move to environment variable: WHATSAPP_TOKEN',
|
|
1126
|
+
},
|
|
1127
|
+
{
|
|
1128
|
+
id: 'whatsapp-webhook-secret',
|
|
1129
|
+
name: 'WhatsApp Webhook Secret',
|
|
1130
|
+
pattern: /whatsapp[^a-zA-Z0-9]*webhook[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1131
|
+
severity: 'high',
|
|
1132
|
+
description: 'WhatsApp webhook secret detected',
|
|
1133
|
+
suggestion: 'Move to environment variable: WHATSAPP_WEBHOOK_SECRET',
|
|
1134
|
+
},
|
|
1135
|
+
// ============================================
|
|
1136
|
+
// Oracle and Price Feed APIs
|
|
1137
|
+
// ============================================
|
|
1138
|
+
{
|
|
1139
|
+
id: 'chainlink-oracle-key',
|
|
1140
|
+
name: 'Chainlink Oracle API Key',
|
|
1141
|
+
pattern: /chainlink[^a-zA-Z0-9]*oracle[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1142
|
+
severity: 'critical',
|
|
1143
|
+
description: 'Chainlink Oracle API key detected',
|
|
1144
|
+
suggestion: 'Move to environment variable: CHAINLINK_ORACLE_KEY',
|
|
1145
|
+
},
|
|
1146
|
+
{
|
|
1147
|
+
id: 'band-protocol-key',
|
|
1148
|
+
name: 'Band Protocol API Key',
|
|
1149
|
+
pattern: /band[^a-zA-Z0-9]*protocol[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1150
|
+
severity: 'high',
|
|
1151
|
+
description: 'Band Protocol API key detected',
|
|
1152
|
+
suggestion: 'Move to environment variable: BAND_PROTOCOL_KEY',
|
|
1153
|
+
},
|
|
1154
|
+
{
|
|
1155
|
+
id: 'pyth-network-key',
|
|
1156
|
+
name: 'Pyth Network API Key',
|
|
1157
|
+
pattern: /pyth[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1158
|
+
severity: 'high',
|
|
1159
|
+
description: 'Pyth Network API key detected',
|
|
1160
|
+
suggestion: 'Move to environment variable: PYTH_NETWORK_KEY',
|
|
1161
|
+
},
|
|
1162
|
+
// ============================================
|
|
1163
|
+
// Cross-Chain Bridge APIs
|
|
1164
|
+
// ============================================
|
|
1165
|
+
{
|
|
1166
|
+
id: 'multichain-api-key',
|
|
1167
|
+
name: 'Multichain API Key',
|
|
1168
|
+
pattern: /multichain[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1169
|
+
severity: 'high',
|
|
1170
|
+
description: 'Multichain bridge API key detected',
|
|
1171
|
+
suggestion: 'Move to environment variable: MULTICHAIN_API_KEY',
|
|
1172
|
+
},
|
|
1173
|
+
{
|
|
1174
|
+
id: 'hop-protocol-key',
|
|
1175
|
+
name: 'Hop Protocol API Key',
|
|
1176
|
+
pattern: /hop[^a-zA-Z0-9]*protocol[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1177
|
+
severity: 'high',
|
|
1178
|
+
description: 'Hop Protocol API key detected',
|
|
1179
|
+
suggestion: 'Move to environment variable: HOP_PROTOCOL_KEY',
|
|
1180
|
+
},
|
|
1181
|
+
{
|
|
1182
|
+
id: 'synapse-bridge-key',
|
|
1183
|
+
name: 'Synapse Bridge API Key',
|
|
1184
|
+
pattern: /synapse[^a-zA-Z0-9]*bridge[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1185
|
+
severity: 'high',
|
|
1186
|
+
description: 'Synapse Bridge API key detected',
|
|
1187
|
+
suggestion: 'Move to environment variable: SYNAPSE_BRIDGE_KEY',
|
|
1188
|
+
},
|
|
1189
|
+
// ============================================
|
|
1190
|
+
// Wallet Infrastructure APIs
|
|
1191
|
+
// ============================================
|
|
1192
|
+
{
|
|
1193
|
+
id: 'magic-link-key',
|
|
1194
|
+
name: 'Magic Link API Key',
|
|
1195
|
+
pattern: /magic[^a-zA-Z0-9]*link[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1196
|
+
severity: 'critical',
|
|
1197
|
+
description: 'Magic Link API key detected',
|
|
1198
|
+
suggestion: 'Move to environment variable: MAGIC_LINK_KEY',
|
|
1199
|
+
},
|
|
1200
|
+
{
|
|
1201
|
+
id: 'web3auth-key',
|
|
1202
|
+
name: 'Web3Auth API Key',
|
|
1203
|
+
pattern: /web3auth[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1204
|
+
severity: 'critical',
|
|
1205
|
+
description: 'Web3Auth API key detected',
|
|
1206
|
+
suggestion: 'Move to environment variable: WEB3AUTH_KEY',
|
|
1207
|
+
},
|
|
1208
|
+
{
|
|
1209
|
+
id: 'fortmatic-key',
|
|
1210
|
+
name: 'Fortmatic API Key',
|
|
1211
|
+
pattern: /fortmatic[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1212
|
+
severity: 'critical',
|
|
1213
|
+
description: 'Fortmatic API key detected',
|
|
1214
|
+
suggestion: 'Move to environment variable: FORTMATIC_KEY',
|
|
1215
|
+
},
|
|
1216
|
+
{
|
|
1217
|
+
id: 'portis-key',
|
|
1218
|
+
name: 'Portis API Key',
|
|
1219
|
+
pattern: /portis[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1220
|
+
severity: 'critical',
|
|
1221
|
+
description: 'Portis API key detected',
|
|
1222
|
+
suggestion: 'Move to environment variable: PORTIS_KEY',
|
|
1223
|
+
},
|
|
1224
|
+
// ============================================
|
|
1225
|
+
// Blockchain Gaming APIs
|
|
1226
|
+
// ============================================
|
|
1227
|
+
{
|
|
1228
|
+
id: 'immutable-x-key',
|
|
1229
|
+
name: 'Immutable X API Key',
|
|
1230
|
+
pattern: /immutable[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1231
|
+
severity: 'high',
|
|
1232
|
+
description: 'Immutable X API key detected',
|
|
1233
|
+
suggestion: 'Move to environment variable: IMMUTABLE_X_KEY',
|
|
1234
|
+
},
|
|
1235
|
+
{
|
|
1236
|
+
id: 'enjin-api-key',
|
|
1237
|
+
name: 'Enjin API Key',
|
|
1238
|
+
pattern: /enjin[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1239
|
+
severity: 'high',
|
|
1240
|
+
description: 'Enjin API key detected',
|
|
1241
|
+
suggestion: 'Move to environment variable: ENJIN_API_KEY',
|
|
1242
|
+
},
|
|
1243
|
+
{
|
|
1244
|
+
id: 'flow-api-key',
|
|
1245
|
+
name: 'Flow Blockchain API Key',
|
|
1246
|
+
pattern: /flow[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1247
|
+
severity: 'high',
|
|
1248
|
+
description: 'Flow blockchain API key detected',
|
|
1249
|
+
suggestion: 'Move to environment variable: FLOW_API_KEY',
|
|
1250
|
+
},
|
|
1251
|
+
// ============================================
|
|
1252
|
+
// MEV and Arbitrage Tools
|
|
1253
|
+
// ============================================
|
|
1254
|
+
{
|
|
1255
|
+
id: 'flashbots-key',
|
|
1256
|
+
name: 'Flashbots API Key',
|
|
1257
|
+
pattern: /flashbots[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1258
|
+
severity: 'critical',
|
|
1259
|
+
description: 'Flashbots API key detected',
|
|
1260
|
+
suggestion: 'Move to environment variable: FLASHBOTS_KEY',
|
|
1261
|
+
},
|
|
1262
|
+
{
|
|
1263
|
+
id: 'eden-network-key',
|
|
1264
|
+
name: 'Eden Network API Key',
|
|
1265
|
+
pattern: /eden[^a-zA-Z0-9]*network[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1266
|
+
severity: 'critical',
|
|
1267
|
+
description: 'Eden Network API key detected',
|
|
1268
|
+
suggestion: 'Move to environment variable: EDEN_NETWORK_KEY',
|
|
1269
|
+
},
|
|
1270
|
+
{
|
|
1271
|
+
id: 'bloXroute-key',
|
|
1272
|
+
name: 'bloXroute API Key',
|
|
1273
|
+
pattern: /bloxroute[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1274
|
+
severity: 'critical',
|
|
1275
|
+
description: 'bloXroute API key detected',
|
|
1276
|
+
suggestion: 'Move to environment variable: BLOXROUTE_KEY',
|
|
1277
|
+
},
|
|
1278
|
+
// ============================================
|
|
1279
|
+
// OAuth & Authentication Providers
|
|
1280
|
+
// ============================================
|
|
1281
|
+
{
|
|
1282
|
+
id: 'google-oauth-client-id',
|
|
1283
|
+
name: 'Google OAuth Client ID',
|
|
1284
|
+
pattern: /[0-9]+-[a-zA-Z0-9_]{32}\.apps\.googleusercontent\.com/g,
|
|
1285
|
+
severity: 'medium',
|
|
1286
|
+
description: 'Google OAuth Client ID detected',
|
|
1287
|
+
suggestion: 'Move to environment variable: GOOGLE_CLIENT_ID',
|
|
1288
|
+
},
|
|
1289
|
+
{
|
|
1290
|
+
id: 'google-oauth-client-secret',
|
|
1291
|
+
name: 'Google OAuth Client Secret',
|
|
1292
|
+
pattern: /GOCSPX-[a-zA-Z0-9_-]{28}/g,
|
|
1293
|
+
severity: 'critical',
|
|
1294
|
+
description: 'Google OAuth Client Secret detected',
|
|
1295
|
+
suggestion: 'Move to environment variable: GOOGLE_CLIENT_SECRET',
|
|
1296
|
+
},
|
|
1297
|
+
{
|
|
1298
|
+
id: 'apple-app-id',
|
|
1299
|
+
name: 'Apple App ID',
|
|
1300
|
+
pattern: /[A-Z0-9]{10}\.[a-zA-Z0-9.-]+/g,
|
|
1301
|
+
severity: 'medium',
|
|
1302
|
+
description: 'Apple App ID detected',
|
|
1303
|
+
suggestion: 'Move to environment variable: APPLE_APP_ID',
|
|
1304
|
+
},
|
|
1305
|
+
{
|
|
1306
|
+
id: 'apple-team-id',
|
|
1307
|
+
name: 'Apple Team ID',
|
|
1308
|
+
pattern: /(?:team[_-]?id|apple[_-]?team|TEAM_ID|APPLE_TEAM_ID)[\s=:'"]*([A-Z0-9]{10})\b/gi,
|
|
1309
|
+
severity: 'medium',
|
|
1310
|
+
description: 'Apple Team ID detected',
|
|
1311
|
+
suggestion: 'Move to environment variable: APPLE_TEAM_ID',
|
|
1312
|
+
},
|
|
1313
|
+
{
|
|
1314
|
+
id: 'apple-private-key',
|
|
1315
|
+
name: 'Apple Private Key',
|
|
1316
|
+
pattern: /-----BEGIN PRIVATE KEY-----[^-]+-----END PRIVATE KEY-----/gs,
|
|
1317
|
+
severity: 'critical',
|
|
1318
|
+
description: 'Apple private key detected',
|
|
1319
|
+
suggestion: 'Remove private key and add to .gitignore',
|
|
1320
|
+
},
|
|
1321
|
+
{
|
|
1322
|
+
id: 'facebook-app-id',
|
|
1323
|
+
name: 'Facebook App ID',
|
|
1324
|
+
pattern: /facebook[^a-zA-Z0-9]*app[^a-zA-Z0-9]*id[^a-zA-Z0-9]*[0-9]{15,16}/gi,
|
|
1325
|
+
severity: 'medium',
|
|
1326
|
+
description: 'Facebook App ID detected',
|
|
1327
|
+
suggestion: 'Move to environment variable: FACEBOOK_APP_ID',
|
|
1328
|
+
},
|
|
1329
|
+
{
|
|
1330
|
+
id: 'facebook-app-secret',
|
|
1331
|
+
name: 'Facebook App Secret',
|
|
1332
|
+
pattern: /facebook[^a-zA-Z0-9]*app[^a-zA-Z0-9]*secret[^a-zA-Z0-9]*[a-f0-9]{32}/gi,
|
|
1333
|
+
severity: 'critical',
|
|
1334
|
+
description: 'Facebook App Secret detected',
|
|
1335
|
+
suggestion: 'Move to environment variable: FACEBOOK_APP_SECRET',
|
|
1336
|
+
},
|
|
1337
|
+
{
|
|
1338
|
+
id: 'twitter-api-key',
|
|
1339
|
+
name: 'Twitter API Key',
|
|
1340
|
+
pattern: /twitter[^a-zA-Z0-9]*api[^a-zA-Z0-9]*key[^a-zA-Z0-9]*[a-zA-Z0-9]{25}/gi,
|
|
1341
|
+
severity: 'critical',
|
|
1342
|
+
description: 'Twitter API Key detected',
|
|
1343
|
+
suggestion: 'Move to environment variable: TWITTER_API_KEY',
|
|
1344
|
+
},
|
|
1345
|
+
{
|
|
1346
|
+
id: 'twitter-api-secret',
|
|
1347
|
+
name: 'Twitter API Secret',
|
|
1348
|
+
pattern: /twitter[^a-zA-Z0-9]*api[^a-zA-Z0-9]*secret[^a-zA-Z0-9]*[a-zA-Z0-9]{50}/gi,
|
|
1349
|
+
severity: 'critical',
|
|
1350
|
+
description: 'Twitter API Secret detected',
|
|
1351
|
+
suggestion: 'Move to environment variable: TWITTER_API_SECRET',
|
|
1352
|
+
},
|
|
1353
|
+
{
|
|
1354
|
+
id: 'twitter-bearer-token',
|
|
1355
|
+
name: 'Twitter Bearer Token',
|
|
1356
|
+
pattern: /twitter[^a-zA-Z0-9]*bearer[^a-zA-Z0-9]*[a-zA-Z0-9%]{112}/gi,
|
|
1357
|
+
severity: 'critical',
|
|
1358
|
+
description: 'Twitter Bearer Token detected',
|
|
1359
|
+
suggestion: 'Move to environment variable: TWITTER_BEARER_TOKEN',
|
|
1360
|
+
},
|
|
1361
|
+
{
|
|
1362
|
+
id: 'linkedin-client-id',
|
|
1363
|
+
name: 'LinkedIn Client ID',
|
|
1364
|
+
pattern: /linkedin[^a-zA-Z0-9]*client[^a-zA-Z0-9]*id[^a-zA-Z0-9]*[a-zA-Z0-9]{14}/gi,
|
|
1365
|
+
severity: 'medium',
|
|
1366
|
+
description: 'LinkedIn Client ID detected',
|
|
1367
|
+
suggestion: 'Move to environment variable: LINKEDIN_CLIENT_ID',
|
|
1368
|
+
},
|
|
1369
|
+
{
|
|
1370
|
+
id: 'linkedin-client-secret',
|
|
1371
|
+
name: 'LinkedIn Client Secret',
|
|
1372
|
+
pattern: /linkedin[^a-zA-Z0-9]*client[^a-zA-Z0-9]*secret[^a-zA-Z0-9]*[a-zA-Z0-9]{16}/gi,
|
|
1373
|
+
severity: 'critical',
|
|
1374
|
+
description: 'LinkedIn Client Secret detected',
|
|
1375
|
+
suggestion: 'Move to environment variable: LINKEDIN_CLIENT_SECRET',
|
|
1376
|
+
},
|
|
1377
|
+
{
|
|
1378
|
+
id: 'microsoft-client-id',
|
|
1379
|
+
name: 'Microsoft Client ID',
|
|
1380
|
+
pattern: /microsoft[^a-zA-Z0-9]*client[^a-zA-Z0-9]*id[^a-zA-Z0-9]*[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/gi,
|
|
1381
|
+
severity: 'medium',
|
|
1382
|
+
description: 'Microsoft Client ID detected',
|
|
1383
|
+
suggestion: 'Move to environment variable: MICROSOFT_CLIENT_ID',
|
|
1384
|
+
},
|
|
1385
|
+
{
|
|
1386
|
+
id: 'microsoft-client-secret',
|
|
1387
|
+
name: 'Microsoft Client Secret',
|
|
1388
|
+
pattern: /microsoft[^a-zA-Z0-9]*client[^a-zA-Z0-9]*secret[^a-zA-Z0-9]*[a-zA-Z0-9_~.-]{34}/gi,
|
|
1389
|
+
severity: 'critical',
|
|
1390
|
+
description: 'Microsoft Client Secret detected',
|
|
1391
|
+
suggestion: 'Move to environment variable: MICROSOFT_CLIENT_SECRET',
|
|
1392
|
+
},
|
|
1393
|
+
// ============================================
|
|
1394
|
+
// Web3 Authentication & Wallet Services
|
|
1395
|
+
// ============================================
|
|
1396
|
+
{
|
|
1397
|
+
id: 'privy-app-id',
|
|
1398
|
+
name: 'Privy App ID',
|
|
1399
|
+
pattern: /privy[^a-zA-Z0-9]*app[^a-zA-Z0-9]*id[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1400
|
+
severity: 'medium',
|
|
1401
|
+
description: 'Privy App ID detected',
|
|
1402
|
+
suggestion: 'Move to environment variable: PRIVY_APP_ID',
|
|
1403
|
+
},
|
|
1404
|
+
{
|
|
1405
|
+
id: 'privy-app-secret',
|
|
1406
|
+
name: 'Privy App Secret',
|
|
1407
|
+
pattern: /privy[^a-zA-Z0-9]*app[^a-zA-Z0-9]*secret[^a-zA-Z0-9]*[a-zA-Z0-9_-]{64,}/gi,
|
|
1408
|
+
severity: 'critical',
|
|
1409
|
+
description: 'Privy App Secret detected',
|
|
1410
|
+
suggestion: 'Move to environment variable: PRIVY_APP_SECRET',
|
|
1411
|
+
},
|
|
1412
|
+
{
|
|
1413
|
+
id: 'circle-api-key',
|
|
1414
|
+
name: 'Circle API Key',
|
|
1415
|
+
pattern: /circle[^a-zA-Z0-9]*api[^a-zA-Z0-9]*key[^a-zA-Z0-9]*[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/gi,
|
|
1416
|
+
severity: 'critical',
|
|
1417
|
+
description: 'Circle API Key detected',
|
|
1418
|
+
suggestion: 'Move to environment variable: CIRCLE_API_KEY',
|
|
1419
|
+
},
|
|
1420
|
+
{
|
|
1421
|
+
id: 'circle-entity-secret',
|
|
1422
|
+
name: 'Circle Entity Secret',
|
|
1423
|
+
pattern: /circle[^a-zA-Z0-9]*entity[^a-zA-Z0-9]*secret[^a-zA-Z0-9]*[a-f0-9]{64}/gi,
|
|
1424
|
+
severity: 'critical',
|
|
1425
|
+
description: 'Circle Entity Secret detected',
|
|
1426
|
+
suggestion: 'Move to environment variable: CIRCLE_ENTITY_SECRET',
|
|
1427
|
+
},
|
|
1428
|
+
{
|
|
1429
|
+
id: 'auth0-domain',
|
|
1430
|
+
name: 'Auth0 Domain',
|
|
1431
|
+
pattern: /[a-zA-Z0-9_-]+\.auth0\.com/g,
|
|
1432
|
+
severity: 'medium',
|
|
1433
|
+
description: 'Auth0 domain detected',
|
|
1434
|
+
suggestion: 'Move to environment variable: AUTH0_DOMAIN',
|
|
1435
|
+
},
|
|
1436
|
+
{
|
|
1437
|
+
id: 'auth0-client-id',
|
|
1438
|
+
name: 'Auth0 Client ID',
|
|
1439
|
+
pattern: /auth0[^a-zA-Z0-9]*client[^a-zA-Z0-9]*id[^a-zA-Z0-9]*[a-zA-Z0-9]{32}/gi,
|
|
1440
|
+
severity: 'medium',
|
|
1441
|
+
description: 'Auth0 Client ID detected',
|
|
1442
|
+
suggestion: 'Move to environment variable: AUTH0_CLIENT_ID',
|
|
1443
|
+
},
|
|
1444
|
+
{
|
|
1445
|
+
id: 'auth0-client-secret',
|
|
1446
|
+
name: 'Auth0 Client Secret',
|
|
1447
|
+
pattern: /auth0[^a-zA-Z0-9]*client[^a-zA-Z0-9]*secret[^a-zA-Z0-9]*[a-zA-Z0-9_-]{64}/gi,
|
|
1448
|
+
severity: 'critical',
|
|
1449
|
+
description: 'Auth0 Client Secret detected',
|
|
1450
|
+
suggestion: 'Move to environment variable: AUTH0_CLIENT_SECRET',
|
|
1451
|
+
},
|
|
1452
|
+
{
|
|
1453
|
+
id: 'firebase-api-key',
|
|
1454
|
+
name: 'Firebase API Key',
|
|
1455
|
+
pattern: /firebase[^a-zA-Z0-9]*api[^a-zA-Z0-9]*key[^a-zA-Z0-9]*AIza[0-9A-Za-z\-_]{35}/gi,
|
|
1456
|
+
severity: 'high',
|
|
1457
|
+
description: 'Firebase API Key detected',
|
|
1458
|
+
suggestion: 'Move to environment variable: FIREBASE_API_KEY',
|
|
1459
|
+
},
|
|
1460
|
+
{
|
|
1461
|
+
id: 'firebase-private-key',
|
|
1462
|
+
name: 'Firebase Private Key',
|
|
1463
|
+
pattern: /firebase[^a-zA-Z0-9]*private[^a-zA-Z0-9]*key[^a-zA-Z0-9]*-----BEGIN PRIVATE KEY-----/gi,
|
|
1464
|
+
severity: 'critical',
|
|
1465
|
+
description: 'Firebase Private Key detected',
|
|
1466
|
+
suggestion: 'Remove private key and add to .gitignore',
|
|
1467
|
+
},
|
|
1468
|
+
{
|
|
1469
|
+
id: 'supabase-anon-key',
|
|
1470
|
+
name: 'Supabase Anonymous Key',
|
|
1471
|
+
pattern: /eyJ[a-zA-Z0-9_-]*\.eyJ[a-zA-Z0-9_-]*\.[a-zA-Z0-9_-]*.*supabase/gi,
|
|
1472
|
+
severity: 'medium',
|
|
1473
|
+
description: 'Supabase Anonymous Key detected',
|
|
1474
|
+
suggestion: 'Move to environment variable: SUPABASE_ANON_KEY',
|
|
1475
|
+
},
|
|
1476
|
+
{
|
|
1477
|
+
id: 'clerk-publishable-key',
|
|
1478
|
+
name: 'Clerk Publishable Key',
|
|
1479
|
+
pattern: /pk_test_[a-zA-Z0-9_-]{26}|pk_live_[a-zA-Z0-9_-]{26}/g,
|
|
1480
|
+
severity: 'medium',
|
|
1481
|
+
description: 'Clerk Publishable Key detected',
|
|
1482
|
+
suggestion: 'Move to environment variable: CLERK_PUBLISHABLE_KEY',
|
|
1483
|
+
},
|
|
1484
|
+
{
|
|
1485
|
+
id: 'clerk-secret-key',
|
|
1486
|
+
name: 'Clerk Secret Key',
|
|
1487
|
+
pattern: /sk_test_[a-zA-Z0-9_-]{26}|sk_live_[a-zA-Z0-9_-]{26}/g,
|
|
1488
|
+
severity: 'critical',
|
|
1489
|
+
description: 'Clerk Secret Key detected',
|
|
1490
|
+
suggestion: 'Move to environment variable: CLERK_SECRET_KEY',
|
|
1491
|
+
},
|
|
1492
|
+
// ============================================
|
|
1493
|
+
// Additional On/Off Ramp & Financial Services
|
|
1494
|
+
// ============================================
|
|
1495
|
+
{
|
|
1496
|
+
id: 'ramp-api-key',
|
|
1497
|
+
name: 'Ramp API Key',
|
|
1498
|
+
pattern: /ramp[^a-zA-Z0-9]*api[^a-zA-Z0-9]*key[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1499
|
+
severity: 'critical',
|
|
1500
|
+
description: 'Ramp API Key detected',
|
|
1501
|
+
suggestion: 'Move to environment variable: RAMP_API_KEY',
|
|
1502
|
+
},
|
|
1503
|
+
{
|
|
1504
|
+
id: 'onramper-api-key',
|
|
1505
|
+
name: 'Onramper API Key',
|
|
1506
|
+
pattern: /onramper[^a-zA-Z0-9]*api[^a-zA-Z0-9]*key[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1507
|
+
severity: 'critical',
|
|
1508
|
+
description: 'Onramper API Key detected',
|
|
1509
|
+
suggestion: 'Move to environment variable: ONRAMPER_API_KEY',
|
|
1510
|
+
},
|
|
1511
|
+
{
|
|
1512
|
+
id: 'changelly-api-key',
|
|
1513
|
+
name: 'Changelly API Key',
|
|
1514
|
+
pattern: /changelly[^a-zA-Z0-9]*api[^a-zA-Z0-9]*key[^a-zA-Z0-9]*[a-f0-9]{32}/gi,
|
|
1515
|
+
severity: 'critical',
|
|
1516
|
+
description: 'Changelly API Key detected',
|
|
1517
|
+
suggestion: 'Move to environment variable: CHANGELLY_API_KEY',
|
|
1518
|
+
},
|
|
1519
|
+
{
|
|
1520
|
+
id: 'changelly-secret',
|
|
1521
|
+
name: 'Changelly Secret',
|
|
1522
|
+
pattern: /changelly[^a-zA-Z0-9]*secret[^a-zA-Z0-9]*[a-f0-9]{64}/gi,
|
|
1523
|
+
severity: 'critical',
|
|
1524
|
+
description: 'Changelly Secret detected',
|
|
1525
|
+
suggestion: 'Move to environment variable: CHANGELLY_SECRET',
|
|
1526
|
+
},
|
|
1527
|
+
{
|
|
1528
|
+
id: 'coingate-api-key',
|
|
1529
|
+
name: 'CoinGate API Key',
|
|
1530
|
+
pattern: /coingate[^a-zA-Z0-9]*api[^a-zA-Z0-9]*key[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1531
|
+
severity: 'critical',
|
|
1532
|
+
description: 'CoinGate API Key detected',
|
|
1533
|
+
suggestion: 'Move to environment variable: COINGATE_API_KEY',
|
|
1534
|
+
},
|
|
1535
|
+
{
|
|
1536
|
+
id: 'bitpay-token',
|
|
1537
|
+
name: 'BitPay Token',
|
|
1538
|
+
pattern: /bitpay[^a-zA-Z0-9]*token[^a-zA-Z0-9]*[a-zA-Z0-9]{52}/gi,
|
|
1539
|
+
severity: 'critical',
|
|
1540
|
+
description: 'BitPay Token detected',
|
|
1541
|
+
suggestion: 'Move to environment variable: BITPAY_TOKEN',
|
|
1542
|
+
},
|
|
1543
|
+
{
|
|
1544
|
+
id: 'coinbase-commerce-key',
|
|
1545
|
+
name: 'Coinbase Commerce API Key',
|
|
1546
|
+
pattern: /coinbase[^a-zA-Z0-9]*commerce[^a-zA-Z0-9]*[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/gi,
|
|
1547
|
+
severity: 'critical',
|
|
1548
|
+
description: 'Coinbase Commerce API Key detected',
|
|
1549
|
+
suggestion: 'Move to environment variable: COINBASE_COMMERCE_API_KEY',
|
|
1550
|
+
},
|
|
1551
|
+
{
|
|
1552
|
+
id: 'coinbase-wallet-key',
|
|
1553
|
+
name: 'Coinbase Wallet API Key',
|
|
1554
|
+
pattern: /coinbase[^a-zA-Z0-9]*wallet[^a-zA-Z0-9]*[a-zA-Z0-9_-]{32,}/gi,
|
|
1555
|
+
severity: 'critical',
|
|
1556
|
+
description: 'Coinbase Wallet API Key detected',
|
|
1557
|
+
suggestion: 'Move to environment variable: COINBASE_WALLET_API_KEY',
|
|
1558
|
+
},
|
|
1559
|
+
// ============================================
|
|
1560
|
+
// Security Tokens and JWT Secrets
|
|
1561
|
+
// ============================================
|
|
1562
|
+
{
|
|
1563
|
+
id: 'jwt-secret',
|
|
1564
|
+
name: 'JWT Secret Key',
|
|
1565
|
+
pattern: /jwt[_-]?secret\s*[:=]\s*['"]([a-zA-Z0-9_\-+/=]{32,})['"]/gi,
|
|
1566
|
+
severity: 'critical',
|
|
1567
|
+
description: 'JWT secret key detected',
|
|
1568
|
+
suggestion: 'Move to environment variable: JWT_SECRET',
|
|
1569
|
+
},
|
|
1570
|
+
{
|
|
1571
|
+
id: 'session-secret',
|
|
1572
|
+
name: 'Session Secret',
|
|
1573
|
+
pattern: /session[_-]?secret\s*[:=]\s*['"]([a-zA-Z0-9_\-+/=]{32,})['"]/gi,
|
|
1574
|
+
severity: 'critical',
|
|
1575
|
+
description: 'Session secret key detected',
|
|
1576
|
+
suggestion: 'Move to environment variable: SESSION_SECRET',
|
|
1577
|
+
},
|
|
1578
|
+
{
|
|
1579
|
+
id: 'cookie-secret',
|
|
1580
|
+
name: 'Cookie Secret',
|
|
1581
|
+
pattern: /cookie[_-]?secret\s*[:=]\s*['"]([a-zA-Z0-9_\-+/=]{8,})['"]/gi,
|
|
1582
|
+
severity: 'critical',
|
|
1583
|
+
description: 'Cookie secret key detected',
|
|
1584
|
+
suggestion: 'Move to environment variable: COOKIE_SECRET',
|
|
1585
|
+
},
|
|
1586
|
+
{
|
|
1587
|
+
id: 'csrf-token',
|
|
1588
|
+
name: 'CSRF Token',
|
|
1589
|
+
pattern: /csrf[_-]?token\s*[:=]\s*['"]([a-zA-Z0-9_\-+/=]{32,})['"]/gi,
|
|
1590
|
+
severity: 'high',
|
|
1591
|
+
description: 'CSRF token detected',
|
|
1592
|
+
suggestion: 'Generate CSRF tokens dynamically, do not hardcode',
|
|
1593
|
+
},
|
|
1594
|
+
{
|
|
1595
|
+
id: 'api-signature-key',
|
|
1596
|
+
name: 'API Signature Key',
|
|
1597
|
+
pattern: /signature[_-]?key\s*[:=]\s*['"]([a-zA-Z0-9_\-+/=]{32,})['"]/gi,
|
|
1598
|
+
severity: 'critical',
|
|
1599
|
+
description: 'API signature key detected',
|
|
1600
|
+
suggestion: 'Move to environment variable: API_SIGNATURE_KEY',
|
|
1601
|
+
},
|
|
1602
|
+
{
|
|
1603
|
+
id: 'webhook-secret',
|
|
1604
|
+
name: 'Webhook Secret',
|
|
1605
|
+
pattern: /webhook[_-]?secret\s*[:=]\s*['"]([a-zA-Z0-9_\-+/=]{8,})['"]/gi,
|
|
1606
|
+
severity: 'high',
|
|
1607
|
+
description: 'Webhook secret detected',
|
|
1608
|
+
suggestion: 'Move to environment variable: WEBHOOK_SECRET',
|
|
1609
|
+
},
|
|
1610
|
+
// ============================================
|
|
1611
|
+
// Secret File Patterns (Files that should be in .gitignore)
|
|
1612
|
+
// ============================================
|
|
1613
|
+
{
|
|
1614
|
+
id: 'env-file-content',
|
|
1615
|
+
name: '.env File Content',
|
|
1616
|
+
pattern: /^[A-Z_][A-Z0-9_]*\s*=\s*.+$/gm,
|
|
1617
|
+
severity: 'medium',
|
|
1618
|
+
description: 'Environment variable assignment detected (possible .env file content)',
|
|
1619
|
+
suggestion: 'Ensure .env files are in .gitignore and not committed',
|
|
1620
|
+
},
|
|
1621
|
+
{
|
|
1622
|
+
id: 'config-json-secrets',
|
|
1623
|
+
name: 'Config File Secrets',
|
|
1624
|
+
pattern: /"(apiKey|secretKey|password|token|secret|key)"\s*:\s*"[^"]{8,}"/gi,
|
|
1625
|
+
severity: 'high',
|
|
1626
|
+
description: 'Secret in JSON configuration detected',
|
|
1627
|
+
suggestion: 'Move secrets to environment variables and add config files to .gitignore',
|
|
1628
|
+
},
|
|
1629
|
+
{
|
|
1630
|
+
id: 'yaml-secrets',
|
|
1631
|
+
name: 'YAML Configuration Secrets',
|
|
1632
|
+
pattern: /(apiKey|secretKey|password|token|secret|key):\s*['"]*[a-zA-Z0-9_\-+/=]{8,}['"]*$/gmi,
|
|
1633
|
+
severity: 'high',
|
|
1634
|
+
description: 'Secret in YAML configuration detected',
|
|
1635
|
+
suggestion: 'Move secrets to environment variables and add config files to .gitignore',
|
|
1636
|
+
},
|
|
1637
|
+
{
|
|
1638
|
+
id: 'docker-env-secrets',
|
|
1639
|
+
name: 'Docker Environment Secrets',
|
|
1640
|
+
pattern: /ENV\s+[A-Z_][A-Z0-9_]*\s*=\s*[a-zA-Z0-9_\-+/=]{8,}/gi,
|
|
1641
|
+
severity: 'high',
|
|
1642
|
+
description: 'Secret in Dockerfile ENV instruction detected',
|
|
1643
|
+
suggestion: 'Use Docker secrets or build-time arguments instead',
|
|
1644
|
+
},
|
|
1645
|
+
{
|
|
1646
|
+
id: 'kubernetes-secret',
|
|
1647
|
+
name: 'Kubernetes Secret',
|
|
1648
|
+
pattern: /data:\s*\n\s*[a-zA-Z0-9_\-]+:\s*[a-zA-Z0-9+/=]+/g,
|
|
1649
|
+
severity: 'critical',
|
|
1650
|
+
description: 'Kubernetes secret data detected',
|
|
1651
|
+
suggestion: 'Use Kubernetes secret management instead of hardcoded values',
|
|
1652
|
+
},
|
|
1653
|
+
// ============================================
|
|
1654
|
+
// Generic Patterns (Catch-all)
|
|
1655
|
+
// ============================================
|
|
1656
|
+
{
|
|
1657
|
+
id: 'generic-api-key',
|
|
1658
|
+
name: 'Generic API Key',
|
|
1659
|
+
pattern: /api[_-]?key\s*[:=]\s*['"]([a-zA-Z0-9_\-]{20,})['"]/gi,
|
|
1660
|
+
severity: 'high',
|
|
1661
|
+
description: 'Potential API key detected',
|
|
1662
|
+
suggestion: 'Move to environment variable',
|
|
1663
|
+
},
|
|
1664
|
+
{
|
|
1665
|
+
id: 'generic-secret',
|
|
1666
|
+
name: 'Generic Secret',
|
|
1667
|
+
pattern: /secret\s*[:=]\s*['"]([a-zA-Z0-9_\-]{20,})['"]/gi,
|
|
1668
|
+
severity: 'high',
|
|
1669
|
+
description: 'Potential secret detected',
|
|
1670
|
+
suggestion: 'Move to environment variable',
|
|
1671
|
+
},
|
|
1672
|
+
{
|
|
1673
|
+
id: 'generic-password',
|
|
1674
|
+
name: 'Generic Password',
|
|
1675
|
+
pattern: /password\s*[:=]\s*['"]([^'"]{8,})['"]/gi,
|
|
1676
|
+
severity: 'high',
|
|
1677
|
+
description: 'Hardcoded password detected',
|
|
1678
|
+
suggestion: 'Move to environment variable or secure vault',
|
|
1679
|
+
},
|
|
1680
|
+
{
|
|
1681
|
+
id: 'generic-token',
|
|
1682
|
+
name: 'Generic Token',
|
|
1683
|
+
pattern: /token\s*[:=]\s*['"]([a-zA-Z0-9_\-]{20,})['"]/gi,
|
|
1684
|
+
severity: 'high',
|
|
1685
|
+
description: 'Potential token detected',
|
|
1686
|
+
suggestion: 'Move to environment variable',
|
|
1687
|
+
},
|
|
1688
|
+
{
|
|
1689
|
+
id: 'encryption-key',
|
|
1690
|
+
name: 'Encryption Key',
|
|
1691
|
+
pattern: /encryption[_-]?key\s*[:=]\s*['"]([a-zA-Z0-9+/=]{32,})['"]/gi,
|
|
1692
|
+
severity: 'critical',
|
|
1693
|
+
description: 'Encryption key detected',
|
|
1694
|
+
suggestion: 'Move to environment variable or secure key management system',
|
|
1695
|
+
},
|
|
1696
|
+
{
|
|
1697
|
+
id: 'bearer-token',
|
|
1698
|
+
name: 'Bearer Token',
|
|
1699
|
+
pattern: /Bearer\s+[a-zA-Z0-9\-._~+\/]+=*/gi,
|
|
1700
|
+
severity: 'high',
|
|
1701
|
+
description: 'Bearer token detected',
|
|
1702
|
+
suggestion: 'Do not hardcode bearer tokens',
|
|
1703
|
+
},
|
|
1704
|
+
];
|
|
1705
|
+
/**
|
|
1706
|
+
* Get all secret patterns
|
|
1707
|
+
*/
|
|
1708
|
+
function getAllSecretPatterns() {
|
|
1709
|
+
return exports.SECRET_PATTERNS;
|
|
1710
|
+
}
|
|
1711
|
+
/**
|
|
1712
|
+
* Get secret patterns by severity
|
|
1713
|
+
*/
|
|
1714
|
+
function getSecretPatternsBySeverity(severity) {
|
|
1715
|
+
return exports.SECRET_PATTERNS.filter(p => p.severity === severity);
|
|
1716
|
+
}
|
|
1717
|
+
/**
|
|
1718
|
+
* Get secret pattern by ID
|
|
1719
|
+
*/
|
|
1720
|
+
function getSecretPatternById(id) {
|
|
1721
|
+
return exports.SECRET_PATTERNS.find(p => p.id === id);
|
|
1722
|
+
}
|
|
1723
|
+
/**
|
|
1724
|
+
* Get pattern count
|
|
1725
|
+
*/
|
|
1726
|
+
function getPatternCount() {
|
|
1727
|
+
return exports.SECRET_PATTERNS.length;
|
|
1728
|
+
}
|
|
1729
|
+
//# sourceMappingURL=secret-patterns.js.map
|