dd-trace 4.18.0 → 4.22.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (110) hide show
  1. package/LICENSE-3rdparty.csv +3 -2
  2. package/README.md +3 -3
  3. package/ext/kinds.d.ts +1 -0
  4. package/ext/kinds.js +2 -1
  5. package/ext/tags.d.ts +2 -1
  6. package/ext/tags.js +6 -1
  7. package/index.d.ts +29 -0
  8. package/package.json +11 -10
  9. package/packages/datadog-core/src/storage/async_resource.js +1 -1
  10. package/packages/datadog-esbuild/index.js +1 -20
  11. package/packages/datadog-instrumentations/src/aerospike.js +47 -0
  12. package/packages/datadog-instrumentations/src/apollo-server-core.js +41 -0
  13. package/packages/datadog-instrumentations/src/apollo-server.js +83 -0
  14. package/packages/datadog-instrumentations/src/graphql.js +18 -4
  15. package/packages/datadog-instrumentations/src/helpers/bundler-register.js +1 -2
  16. package/packages/datadog-instrumentations/src/helpers/hooks.js +3 -0
  17. package/packages/datadog-instrumentations/src/helpers/instrument.js +1 -1
  18. package/packages/datadog-instrumentations/src/helpers/register.js +1 -1
  19. package/packages/datadog-instrumentations/src/http/client.js +10 -0
  20. package/packages/datadog-instrumentations/src/jest.js +11 -5
  21. package/packages/datadog-instrumentations/src/kafkajs.js +27 -0
  22. package/packages/datadog-instrumentations/src/next.js +18 -6
  23. package/packages/datadog-instrumentations/src/restify.js +14 -1
  24. package/packages/datadog-instrumentations/src/rhea.js +15 -9
  25. package/packages/datadog-plugin-aerospike/src/index.js +113 -0
  26. package/packages/datadog-plugin-graphql/src/resolve.js +26 -18
  27. package/packages/datadog-plugin-http/src/client.js +19 -2
  28. package/packages/datadog-plugin-kafkajs/src/consumer.js +59 -6
  29. package/packages/datadog-plugin-kafkajs/src/producer.js +64 -6
  30. package/packages/datadog-plugin-next/src/index.js +40 -14
  31. package/packages/dd-trace/src/appsec/activation.js +29 -0
  32. package/packages/dd-trace/src/appsec/addresses.js +3 -1
  33. package/packages/dd-trace/src/appsec/api_security_sampler.js +48 -0
  34. package/packages/dd-trace/src/appsec/blocked_templates.js +4 -1
  35. package/packages/dd-trace/src/appsec/blocking.js +95 -43
  36. package/packages/dd-trace/src/appsec/channels.js +5 -2
  37. package/packages/dd-trace/src/appsec/graphql.js +146 -0
  38. package/packages/dd-trace/src/appsec/iast/analyzers/analyzers.js +1 -0
  39. package/packages/dd-trace/src/appsec/iast/analyzers/header-injection-analyzer.js +105 -0
  40. package/packages/dd-trace/src/appsec/iast/iast-log.js +1 -1
  41. package/packages/dd-trace/src/appsec/iast/iast-plugin.js +1 -1
  42. package/packages/dd-trace/src/appsec/iast/index.js +1 -1
  43. package/packages/dd-trace/src/appsec/iast/path-line.js +1 -1
  44. package/packages/dd-trace/src/appsec/iast/taint-tracking/rewriter.js +1 -1
  45. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/constants.js +7 -0
  46. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/command-sensitive-analyzer.js +12 -19
  47. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/header-sensitive-analyzer.js +20 -0
  48. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/json-sensitive-analyzer.js +6 -10
  49. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/ldap-sensitive-analyzer.js +18 -25
  50. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/sql-sensitive-analyzer.js +79 -85
  51. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/url-sensitive-analyzer.js +27 -36
  52. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-handler.js +14 -11
  53. package/packages/dd-trace/src/appsec/iast/vulnerabilities.js +1 -0
  54. package/packages/dd-trace/src/appsec/index.js +33 -32
  55. package/packages/dd-trace/src/appsec/recommended.json +1737 -120
  56. package/packages/dd-trace/src/appsec/remote_config/capabilities.js +2 -1
  57. package/packages/dd-trace/src/appsec/remote_config/index.js +36 -15
  58. package/packages/dd-trace/src/appsec/reporter.js +50 -34
  59. package/packages/dd-trace/src/appsec/rule_manager.js +9 -6
  60. package/packages/dd-trace/src/appsec/sdk/user_blocking.js +1 -1
  61. package/packages/dd-trace/src/appsec/waf/waf_context_wrapper.js +28 -13
  62. package/packages/dd-trace/src/appsec/waf/waf_manager.js +0 -1
  63. package/packages/dd-trace/src/ci-visibility/exporters/ci-visibility-exporter.js +17 -1
  64. package/packages/dd-trace/src/ci-visibility/exporters/git/git_metadata.js +75 -56
  65. package/packages/dd-trace/src/ci-visibility/intelligent-test-runner/get-itr-configuration.js +22 -6
  66. package/packages/dd-trace/src/config.js +48 -7
  67. package/packages/dd-trace/src/datastreams/processor.js +166 -26
  68. package/packages/dd-trace/src/format.js +6 -1
  69. package/packages/dd-trace/src/id.js +12 -0
  70. package/packages/dd-trace/src/iitm.js +1 -1
  71. package/packages/dd-trace/src/log/channels.js +1 -1
  72. package/packages/dd-trace/src/noop/proxy.js +4 -0
  73. package/packages/dd-trace/src/opentelemetry/span.js +95 -2
  74. package/packages/dd-trace/src/opentelemetry/tracer.js +9 -10
  75. package/packages/dd-trace/src/opentracing/propagation/text_map.js +14 -5
  76. package/packages/dd-trace/src/opentracing/span.js +6 -0
  77. package/packages/dd-trace/src/opentracing/span_context.js +5 -2
  78. package/packages/dd-trace/src/plugin_manager.js +1 -1
  79. package/packages/dd-trace/src/plugins/ci_plugin.js +2 -1
  80. package/packages/dd-trace/src/plugins/database.js +1 -1
  81. package/packages/dd-trace/src/plugins/index.js +1 -0
  82. package/packages/dd-trace/src/plugins/plugin.js +1 -1
  83. package/packages/dd-trace/src/plugins/util/ci.js +6 -19
  84. package/packages/dd-trace/src/plugins/util/git.js +4 -3
  85. package/packages/dd-trace/src/plugins/util/ip_extractor.js +7 -6
  86. package/packages/dd-trace/src/plugins/util/test.js +3 -2
  87. package/packages/dd-trace/src/plugins/util/url.js +26 -0
  88. package/packages/dd-trace/src/plugins/util/user-provided-git.js +4 -16
  89. package/packages/dd-trace/src/profiler.js +5 -3
  90. package/packages/dd-trace/src/profiling/config.js +26 -2
  91. package/packages/dd-trace/src/profiling/profiler.js +17 -10
  92. package/packages/dd-trace/src/profiling/profilers/events.js +264 -0
  93. package/packages/dd-trace/src/profiling/profilers/shared.js +39 -0
  94. package/packages/dd-trace/src/profiling/profilers/space.js +2 -1
  95. package/packages/dd-trace/src/profiling/profilers/wall.js +121 -58
  96. package/packages/dd-trace/src/proxy.js +25 -1
  97. package/packages/dd-trace/src/ritm.js +1 -1
  98. package/packages/dd-trace/src/service-naming/schemas/v0/storage.js +5 -0
  99. package/packages/dd-trace/src/service-naming/schemas/v1/storage.js +4 -0
  100. package/packages/dd-trace/src/span_processor.js +4 -0
  101. package/packages/dd-trace/src/spanleak.js +98 -0
  102. package/packages/dd-trace/src/startup-log.js +7 -1
  103. package/packages/dd-trace/src/telemetry/dependencies.js +56 -10
  104. package/packages/dd-trace/src/telemetry/index.js +136 -44
  105. package/packages/dd-trace/src/telemetry/logs/index.js +2 -2
  106. package/packages/dd-trace/src/telemetry/send-data.js +47 -5
  107. package/packages/dd-trace/src/tracer.js +8 -2
  108. package/scripts/install_plugin_modules.js +11 -3
  109. package/packages/diagnostics_channel/index.js +0 -3
  110. package/packages/diagnostics_channel/src/index.js +0 -121
package/packages/dd-trace/src/appsec/recommended.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": "2.2",
3
3
  "metadata": {
4
- "rules_version": "1.8.0"
4
+ "rules_version": "1.10.0"
5
5
  },
6
6
  "rules": [
7
7
  {
@@ -118,6 +118,9 @@
118
118
  },
119
119
  {
120
120
  "address": "graphql.server.all_resolvers"
121
+ },
122
+ {
123
+ "address": "graphql.server.resolver"
121
124
  }
122
125
  ],
123
126
  "list": [
@@ -346,6 +349,9 @@
346
349
  },
347
350
  {
348
351
  "address": "graphql.server.all_resolvers"
352
+ },
353
+ {
354
+ "address": "graphql.server.resolver"
349
355
  }
350
356
  ],
351
357
  "list": [
@@ -1839,6 +1845,9 @@
1839
1845
  },
1840
1846
  {
1841
1847
  "address": "graphql.server.all_resolvers"
1848
+ },
1849
+ {
1850
+ "address": "graphql.server.resolver"
1842
1851
  }
1843
1852
  ],
1844
1853
  "regex": "^(?i:file|ftps?)://.*?\\?+$",
@@ -1881,6 +1890,9 @@
1881
1890
  },
1882
1891
  {
1883
1892
  "address": "graphql.server.all_resolvers"
1893
+ },
1894
+ {
1895
+ "address": "graphql.server.resolver"
1884
1896
  }
1885
1897
  ],
1886
1898
  "list": [
@@ -2391,6 +2403,9 @@
2391
2403
  },
2392
2404
  {
2393
2405
  "address": "graphql.server.all_resolvers"
2406
+ },
2407
+ {
2408
+ "address": "graphql.server.resolver"
2394
2409
  }
2395
2410
  ],
2396
2411
  "regex": "^\\(\\s*\\)\\s+{",
@@ -2547,6 +2562,9 @@
2547
2562
  },
2548
2563
  {
2549
2564
  "address": "graphql.server.all_resolvers"
2565
+ },
2566
+ {
2567
+ "address": "graphql.server.resolver"
2550
2568
  }
2551
2569
  ],
2552
2570
  "list": [
@@ -2608,6 +2626,9 @@
2608
2626
  },
2609
2627
  {
2610
2628
  "address": "graphql.server.all_resolvers"
2629
+ },
2630
+ {
2631
+ "address": "graphql.server.resolver"
2611
2632
  }
2612
2633
  ],
2613
2634
  "regex": "(?:HTTP_(?:ACCEPT(?:_(?:ENCODING|LANGUAGE|CHARSET))?|(?:X_FORWARDED_FO|REFERE)R|(?:USER_AGEN|HOS)T|CONNECTION|KEEP_ALIVE)|PATH_(?:TRANSLATED|INFO)|ORIG_PATH_INFO|QUERY_STRING|REQUEST_URI|AUTH_TYPE)",
@@ -2650,6 +2671,9 @@
2650
2671
  },
2651
2672
  {
2652
2673
  "address": "graphql.server.all_resolvers"
2674
+ },
2675
+ {
2676
+ "address": "graphql.server.resolver"
2653
2677
  }
2654
2678
  ],
2655
2679
  "regex": "php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)",
@@ -2691,6 +2715,9 @@
2691
2715
  },
2692
2716
  {
2693
2717
  "address": "graphql.server.all_resolvers"
2718
+ },
2719
+ {
2720
+ "address": "graphql.server.resolver"
2694
2721
  }
2695
2722
  ],
2696
2723
  "list": [
@@ -2775,6 +2802,9 @@
2775
2802
  },
2776
2803
  {
2777
2804
  "address": "graphql.server.all_resolvers"
2805
+ },
2806
+ {
2807
+ "address": "graphql.server.resolver"
2778
2808
  }
2779
2809
  ],
2780
2810
  "regex": "\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create|socket_client)|ipc?slashes|rev)|implexml_load_(?:string|file)|ocket_c(?:onnect|reate)|h(?:ow_sourc|a1_fil)e|pl_autoload_register|ystem)|p(?:r(?:eg_(?:replace(?:_callback(?:_array)?)?|match(?:_all)?|split)|oc_(?:(?:terminat|clos|nic)e|get_status|open)|int_r)|o(?:six_(?:get(?:(?:e[gu]|g)id|login|pwnam)|mk(?:fifo|nod)|ttyname|kill)|pen)|hp(?:_(?:strip_whitespac|unam)e|version|info)|g_(?:(?:execut|prepar)e|connect|query)|a(?:rse_(?:ini_file|str)|ssthru)|utenv)|r(?:unkit_(?:function_(?:re(?:defin|nam)e|copy|add)|method_(?:re(?:defin|nam)e|copy|add)|constant_(?:redefine|add))|e(?:(?:gister_(?:shutdown|tick)|name)_function|ad(?:(?:gz)?file|_exif_data|dir))|awurl(?:de|en)code)|i(?:mage(?:createfrom(?:(?:jpe|pn)g|x[bp]m|wbmp|gif)|(?:jpe|pn)g|g(?:d2?|if)|2?wbmp|xbm)|s_(?:(?:(?:execut|write?|read)ab|fi)le|dir)|ni_(?:get(?:_all)?|set)|terator_apply|ptcembed)|g(?:et(?:_(?:c(?:urrent_use|fg_va)r|meta_tags)|my(?:[gpu]id|inode)|(?:lastmo|cw)d|imagesize|env)|z(?:(?:(?:defla|wri)t|encod|fil)e|compress|open|read)|lob)|a(?:rray_(?:u(?:intersect(?:_u?assoc)?|diff(?:_u?assoc)?)|intersect_u(?:assoc|key)|diff_u(?:assoc|key)|filter|reduce|map)|ssert(?:_options)?|tob)|h(?:tml(?:specialchars(?:_decode)?|_entity_decode|entities)|(?:ash(?:_(?:update|hmac))?|ighlight)_file|e(?:ader_register_callback|x2bin))|f(?:i(?:le(?:(?:[acm]tim|inod)e|(?:_exist|perm)s|group)?|nfo_open)|tp_(?:nb_(?:ge|pu)|connec|ge|pu)t|(?:unction_exis|pu)ts|write|open)|o(?:b_(?:get_(?:c(?:ontents|lean)|flush)|end_(?:clean|flush)|clean|flush|start)|dbc_(?:result(?:_all)?|exec(?:ute)?|connect)|pendir)|m(?:b_(?:ereg(?:_(?:replace(?:_callback)?|match)|i(?:_replace)?)?|parse_str)|(?:ove_uploaded|d5)_file|ethod_exists|ysql_query|kdir)|e(?:x(?:if_(?:t(?:humbnail|agname)|imagetype|read_data)|ec)|scapeshell(?:arg|cmd)|rror_reporting|val)|c(?:url_(?:file_create|exec|init)|onvert_uuencode|reate_function|hr)|u(?:n(?:serialize|pack)|rl(?:de|en)code|[ak]?sort)|b(?:(?:son_(?:de|en)|ase64_en)code|zopen|toa)|(?:json_(?:de|en)cod|debug_backtrac|tmpfil)e|var_dump)(?:\\s|/\\*.*\\*/|//.*|#.*|\\\"|')*\\((?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?,)*(?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?)?\\)",
@@ -2820,6 +2850,9 @@
2820
2850
  },
2821
2851
  {
2822
2852
  "address": "graphql.server.all_resolvers"
2853
+ },
2854
+ {
2855
+ "address": "graphql.server.resolver"
2823
2856
  }
2824
2857
  ],
2825
2858
  "regex": "[oOcC]:\\d+:\\\".+?\\\":\\d+:{[\\W\\w]*}",
@@ -2861,6 +2894,9 @@
2861
2894
  },
2862
2895
  {
2863
2896
  "address": "graphql.server.all_resolvers"
2897
+ },
2898
+ {
2899
+ "address": "graphql.server.resolver"
2864
2900
  }
2865
2901
  ],
2866
2902
  "regex": "(?:(?:bzip|ssh)2|z(?:lib|ip)|(?:ph|r)ar|expect|glob|ogg)://",
@@ -2904,6 +2940,9 @@
2904
2940
  },
2905
2941
  {
2906
2942
  "address": "graphql.server.all_resolvers"
2943
+ },
2944
+ {
2945
+ "address": "graphql.server.resolver"
2907
2946
  }
2908
2947
  ],
2909
2948
  "regex": "\\b(?:(?:l(?:(?:utimes|chmod)(?:Sync)?|(?:stat|ink)Sync)|w(?:rite(?:(?:File|v)(?:Sync)?|Sync)|atchFile)|u(?:n(?:watchFile|linkSync)|times(?:Sync)?)|s(?:(?:ymlink|tat)Sync|pawn(?:File|Sync))|ex(?:ec(?:File(?:Sync)?|Sync)|istsSync)|a(?:ppendFile|ccess)(?:Sync)?|(?:Caveat|Inode)s|open(?:dir)?Sync|new\\s+Function|Availability|\\beval)\\s*\\(|m(?:ain(?:Module\\s*(?:\\W*\\s*(?:constructor|require)|\\[)|\\s*(?:\\W*\\s*(?:constructor|require)|\\[))|kd(?:temp(?:Sync)?|irSync)\\s*\\(|odule\\.exports\\s*=)|c(?:(?:(?:h(?:mod|own)|lose)Sync|reate(?:Write|Read)Stream|p(?:Sync)?)\\s*\\(|o(?:nstructor\\s*(?:\\W*\\s*_load|\\[)|pyFile(?:Sync)?\\s*\\())|f(?:(?:(?:s(?:(?:yncS)?|tatS)|datas(?:yncS)?)ync|ch(?:mod|own)(?:Sync)?)\\s*\\(|u(?:nction\\s*\\(\\s*\\)\\s*{|times(?:Sync)?\\s*\\())|r(?:e(?:(?:ad(?:(?:File|link|dir)?Sync|v(?:Sync)?)|nameSync)\\s*\\(|quire\\s*(?:\\W*\\s*main|\\[))|m(?:Sync)?\\s*\\()|process\\s*(?:\\W*\\s*(?:mainModule|binding)|\\[)|t(?:his\\.constructor|runcateSync\\s*\\()|_(?:\\$\\$ND_FUNC\\$\\$_|_js_function)|global\\s*(?:\\W*\\s*process|\\[)|String\\s*\\.\\s*fromCharCode|binding\\s*\\[)",
@@ -2946,6 +2985,9 @@
2946
2985
  },
2947
2986
  {
2948
2987
  "address": "graphql.server.all_resolvers"
2988
+ },
2989
+ {
2990
+ "address": "graphql.server.resolver"
2949
2991
  }
2950
2992
  ],
2951
2993
  "regex": "\\b(?:w(?:atch|rite)|(?:spaw|ope)n|exists|close|fork|read)\\s*\\(",
@@ -3000,10 +3042,14 @@
3000
3042
  },
3001
3043
  {
3002
3044
  "address": "graphql.server.all_resolvers"
3045
+ },
3046
+ {
3047
+ "address": "graphql.server.resolver"
3003
3048
  }
3004
3049
  ],
3005
3050
  "regex": "<script[^>]*>[\\s\\S]*?",
3006
3051
  "options": {
3052
+ "case_sensitive": false,
3007
3053
  "min_length": 8
3008
3054
  }
3009
3055
  },
@@ -3056,6 +3102,9 @@
3056
3102
  },
3057
3103
  {
3058
3104
  "address": "graphql.server.all_resolvers"
3105
+ },
3106
+ {
3107
+ "address": "graphql.server.resolver"
3059
3108
  }
3060
3109
  ],
3061
3110
  "regex": "\\bon(?:d(?:r(?:ag(?:en(?:ter|d)|leave|start|over)?|op)|urationchange|blclick)|s(?:e(?:ek(?:ing|ed)|arch|lect)|u(?:spend|bmit)|talled|croll|how)|m(?:ouse(?:(?:lea|mo)ve|o(?:ver|ut)|enter|down|up)|essage)|p(?:a(?:ge(?:hide|show)|(?:st|us)e)|lay(?:ing)?|rogress|aste|ointer(?:cancel|down|enter|leave|move|out|over|rawupdate|up))|c(?:anplay(?:through)?|o(?:ntextmenu|py)|hange|lick|ut)|a(?:nimation(?:iteration|start|end)|(?:fterprin|bor)t|uxclick|fterscriptexecute)|t(?:o(?:uch(?:cancel|start|move|end)|ggle)|imeupdate)|f(?:ullscreen(?:change|error)|ocus(?:out|in)?|inish)|(?:(?:volume|hash)chang|o(?:ff|n)lin)e|b(?:efore(?:unload|print)|lur)|load(?:ed(?:meta)?data|start|end)?|r(?:es(?:ize|et)|atechange)|key(?:press|down|up)|w(?:aiting|heel)|in(?:valid|put)|e(?:nded|rror)|unload)[\\s\\x0B\\x09\\x0C\\x3B\\x2C\\x28\\x3B]*?=[^=]",
@@ -3112,6 +3161,9 @@
3112
3161
  },
3113
3162
  {
3114
3163
  "address": "graphql.server.all_resolvers"
3164
+ },
3165
+ {
3166
+ "address": "graphql.server.resolver"
3115
3167
  }
3116
3168
  ],
3117
3169
  "regex": "[a-z]+=(?:[^:=]+:.+;)*?[^:=]+:url\\(javascript",
@@ -3168,6 +3220,9 @@
3168
3220
  },
3169
3221
  {
3170
3222
  "address": "graphql.server.all_resolvers"
3223
+ },
3224
+ {
3225
+ "address": "graphql.server.resolver"
3171
3226
  }
3172
3227
  ],
3173
3228
  "regex": "(?:\\W|^)(?:javascript:(?:[\\s\\S]+[=\\x5c\\(\\[\\.<]|[\\s\\S]*?(?:\\bname\\b|\\x5c[ux]\\d)))|@\\W*?i\\W*?m\\W*?p\\W*?o\\W*?r\\W*?t\\W*?(?:/\\*[\\s\\S]*?)?(?:[\\\"']|\\W*?u\\W*?r\\W*?l[\\s\\S]*?\\()|[^-]*?-\\W*?m\\W*?o\\W*?z\\W*?-\\W*?b\\W*?i\\W*?n\\W*?d\\W*?i\\W*?n\\W*?g[^:]*?:\\W*?u\\W*?r\\W*?l[\\s\\S]*?\\(",
@@ -3211,6 +3266,9 @@
3211
3266
  },
3212
3267
  {
3213
3268
  "address": "graphql.server.all_resolvers"
3269
+ },
3270
+ {
3271
+ "address": "graphql.server.resolver"
3214
3272
  }
3215
3273
  ],
3216
3274
  "list": [
@@ -3259,6 +3317,9 @@
3259
3317
  },
3260
3318
  {
3261
3319
  "address": "graphql.server.all_resolvers"
3320
+ },
3321
+ {
3322
+ "address": "graphql.server.resolver"
3262
3323
  }
3263
3324
  ],
3264
3325
  "regex": "(?i:<.*[:]?vmlframe.*?[\\s/+]*?src[\\s/+]*=)",
@@ -3303,6 +3364,9 @@
3303
3364
  },
3304
3365
  {
3305
3366
  "address": "graphql.server.all_resolvers"
3367
+ },
3368
+ {
3369
+ "address": "graphql.server.resolver"
3306
3370
  }
3307
3371
  ],
3308
3372
  "regex": "(?i:(?:j|&#x?0*(?:74|4A|106|6A);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:v|&#x?0*(?:86|56|118|76);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:s|&#x?0*(?:83|53|115|73);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:c|&#x?0*(?:67|43|99|63);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:r|&#x?0*(?:82|52|114|72);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:i|&#x?0*(?:73|49|105|69);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:p|&#x?0*(?:80|50|112|70);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:t|&#x?0*(?:84|54|116|74);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?::|&(?:#x?0*(?:58|3A);?|colon;)).)",
@@ -3347,6 +3411,9 @@
3347
3411
  },
3348
3412
  {
3349
3413
  "address": "graphql.server.all_resolvers"
3414
+ },
3415
+ {
3416
+ "address": "graphql.server.resolver"
3350
3417
  }
3351
3418
  ],
3352
3419
  "regex": "(?i:(?:v|&#x?0*(?:86|56|118|76);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:b|&#x?0*(?:66|42|98|62);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:s|&#x?0*(?:83|53|115|73);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:c|&#x?0*(?:67|43|99|63);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:r|&#x?0*(?:82|52|114|72);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:i|&#x?0*(?:73|49|105|69);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:p|&#x?0*(?:80|50|112|70);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:t|&#x?0*(?:84|54|116|74);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?::|&(?:#x?0*(?:58|3A);?|colon;)).)",
@@ -3391,6 +3458,9 @@
3391
3458
  },
3392
3459
  {
3393
3460
  "address": "graphql.server.all_resolvers"
3461
+ },
3462
+ {
3463
+ "address": "graphql.server.resolver"
3394
3464
  }
3395
3465
  ],
3396
3466
  "regex": "<EMBED[\\s/+].*?(?:src|type).*?=",
@@ -3434,6 +3504,9 @@
3434
3504
  },
3435
3505
  {
3436
3506
  "address": "graphql.server.all_resolvers"
3507
+ },
3508
+ {
3509
+ "address": "graphql.server.resolver"
3437
3510
  }
3438
3511
  ],
3439
3512
  "regex": "<[?]?import[\\s/+\\S]*?implementation[\\s/+]*?=",
@@ -3478,6 +3551,9 @@
3478
3551
  },
3479
3552
  {
3480
3553
  "address": "graphql.server.all_resolvers"
3554
+ },
3555
+ {
3556
+ "address": "graphql.server.resolver"
3481
3557
  }
3482
3558
  ],
3483
3559
  "regex": "<LINK[\\s/+].*?href[\\s/+]*=",
@@ -3521,6 +3597,9 @@
3521
3597
  },
3522
3598
  {
3523
3599
  "address": "graphql.server.all_resolvers"
3600
+ },
3601
+ {
3602
+ "address": "graphql.server.resolver"
3524
3603
  }
3525
3604
  ],
3526
3605
  "regex": "<BASE[\\s/+].*?href[\\s/+]*=",
@@ -3564,6 +3643,9 @@
3564
3643
  },
3565
3644
  {
3566
3645
  "address": "graphql.server.all_resolvers"
3646
+ },
3647
+ {
3648
+ "address": "graphql.server.resolver"
3567
3649
  }
3568
3650
  ],
3569
3651
  "regex": "<APPLET[\\s/+>]",
@@ -3607,6 +3689,9 @@
3607
3689
  },
3608
3690
  {
3609
3691
  "address": "graphql.server.all_resolvers"
3692
+ },
3693
+ {
3694
+ "address": "graphql.server.resolver"
3610
3695
  }
3611
3696
  ],
3612
3697
  "regex": "<OBJECT[\\s/+].*?(?:type|codetype|classid|code|data)[\\s/+]*=",
@@ -3650,6 +3735,9 @@
3650
3735
  },
3651
3736
  {
3652
3737
  "address": "graphql.server.all_resolvers"
3738
+ },
3739
+ {
3740
+ "address": "graphql.server.resolver"
3653
3741
  }
3654
3742
  ],
3655
3743
  "regex": "\\+ADw-.*(?:\\+AD4-|>)|<.*\\+AD4-",
@@ -3691,6 +3779,9 @@
3691
3779
  },
3692
3780
  {
3693
3781
  "address": "graphql.server.all_resolvers"
3782
+ },
3783
+ {
3784
+ "address": "graphql.server.resolver"
3694
3785
  }
3695
3786
  ],
3696
3787
  "regex": "![!+ ]\\[\\]",
@@ -3733,6 +3824,9 @@
3733
3824
  },
3734
3825
  {
3735
3826
  "address": "graphql.server.all_resolvers"
3827
+ },
3828
+ {
3829
+ "address": "graphql.server.resolver"
3736
3830
  }
3737
3831
  ],
3738
3832
  "regex": "\\b(?i:eval|settimeout|setinterval|new\\s+Function|alert|prompt)[\\s+]*\\([^\\)]",
@@ -3774,6 +3868,9 @@
3774
3868
  },
3775
3869
  {
3776
3870
  "address": "graphql.server.all_resolvers"
3871
+ },
3872
+ {
3873
+ "address": "graphql.server.resolver"
3777
3874
  }
3778
3875
  ]
3779
3876
  },
@@ -3813,6 +3910,9 @@
3813
3910
  },
3814
3911
  {
3815
3912
  "address": "graphql.server.all_resolvers"
3913
+ },
3914
+ {
3915
+ "address": "graphql.server.resolver"
3816
3916
  }
3817
3917
  ],
3818
3918
  "regex": "(?i:sleep\\(\\s*?\\d*?\\s*?\\)|benchmark\\(.*?\\,.*?\\))",
@@ -3855,6 +3955,9 @@
3855
3955
  },
3856
3956
  {
3857
3957
  "address": "graphql.server.all_resolvers"
3958
+ },
3959
+ {
3960
+ "address": "graphql.server.resolver"
3858
3961
  }
3859
3962
  ],
3860
3963
  "regex": "(?:[\\\"'`](?:;*?\\s*?waitfor\\s+(?:delay|time)\\s+[\\\"'`]|;.*?:\\s*?goto)|alter\\s*?\\w+.*?cha(?:racte)?r\\s+set\\s+\\w+)",
@@ -3895,6 +3998,9 @@
3895
3998
  },
3896
3999
  {
3897
4000
  "address": "graphql.server.all_resolvers"
4001
+ },
4002
+ {
4003
+ "address": "graphql.server.resolver"
3898
4004
  }
3899
4005
  ],
3900
4006
  "regex": "(?i:merge.*?using\\s*?\\(|execute\\s*?immediate\\s*?[\\\"'`]|match\\s*?[\\w(?:),+-]+\\s*?against\\s*?\\()",
@@ -3936,6 +4042,9 @@
3936
4042
  },
3937
4043
  {
3938
4044
  "address": "graphql.server.all_resolvers"
4045
+ },
4046
+ {
4047
+ "address": "graphql.server.resolver"
3939
4048
  }
3940
4049
  ],
3941
4050
  "regex": "union.*?select.*?from",
@@ -3977,6 +4086,9 @@
3977
4086
  },
3978
4087
  {
3979
4088
  "address": "graphql.server.all_resolvers"
4089
+ },
4090
+ {
4091
+ "address": "graphql.server.resolver"
3980
4092
  }
3981
4093
  ],
3982
4094
  "regex": "(?:;\\s*?shutdown\\s*?(?:[#;{]|\\/\\*|--)|waitfor\\s*?delay\\s?[\\\"'`]+\\s?\\d|select\\s*?pg_sleep)",
@@ -4017,6 +4129,9 @@
4017
4129
  },
4018
4130
  {
4019
4131
  "address": "graphql.server.all_resolvers"
4132
+ },
4133
+ {
4134
+ "address": "graphql.server.resolver"
4020
4135
  }
4021
4136
  ],
4022
4137
  "regex": "(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)",
@@ -4060,6 +4175,9 @@
4060
4175
  },
4061
4176
  {
4062
4177
  "address": "graphql.server.all_resolvers"
4178
+ },
4179
+ {
4180
+ "address": "graphql.server.resolver"
4063
4181
  }
4064
4182
  ],
4065
4183
  "regex": "(?:^[\\W\\d]+\\s*?(?:alter\\s*(?:a(?:(?:pplication\\s*rol|ggregat)e|s(?:ymmetric\\s*ke|sembl)y|u(?:thorization|dit)|vailability\\s*group)|c(?:r(?:yptographic\\s*provider|edential)|o(?:l(?:latio|um)|nversio)n|ertificate|luster)|s(?:e(?:rv(?:ice|er)|curity|quence|ssion|arch)|y(?:mmetric\\s*key|nonym)|togroup|chema)|m(?:a(?:s(?:ter\\s*key|k)|terialized)|e(?:ssage\\s*type|thod)|odule)|l(?:o(?:g(?:file\\s*group|in)|ckdown)|a(?:ngua|r)ge|ibrary)|t(?:(?:abl(?:espac)?|yp)e|r(?:igger|usted)|hreshold|ext)|p(?:a(?:rtition|ckage)|ro(?:cedur|fil)e|ermission)|d(?:i(?:mension|skgroup)|atabase|efault|omain)|r(?:o(?:l(?:lback|e)|ute)|e(?:sourc|mot)e)|f(?:u(?:lltext|nction)|lashback|oreign)|e(?:xte(?:nsion|rnal)|(?:ndpoi|ve)nt)|in(?:dex(?:type)?|memory|stance)|b(?:roker\\s*priority|ufferpool)|x(?:ml\\s*schema|srobject)|w(?:ork(?:load)?|rapper)|hi(?:erarchy|stogram)|o(?:perator|utline)|(?:nicknam|queu)e|us(?:age|er)|group|java|view)|union\\s*(?:(?:distin|sele)ct|all))\\b|\\b(?:(?:(?:trunc|cre|upd)at|renam)e|(?:inser|selec)t|de(?:lete|sc)|alter|load)\\s+(?:group_concat|load_file|char)\\b\\s*\\(?|[\\s(]load_file\\s*?\\(|[\\\"'`]\\s+regexp\\W)",
@@ -4100,6 +4218,9 @@
4100
4218
  },
4101
4219
  {
4102
4220
  "address": "graphql.server.all_resolvers"
4221
+ },
4222
+ {
4223
+ "address": "graphql.server.resolver"
4103
4224
  }
4104
4225
  ],
4105
4226
  "regex": "(?i:/\\*[!+](?:[\\w\\s=_\\-(?:)]+)?\\*/)",
@@ -4142,6 +4263,9 @@
4142
4263
  },
4143
4264
  {
4144
4265
  "address": "graphql.server.all_resolvers"
4266
+ },
4267
+ {
4268
+ "address": "graphql.server.resolver"
4145
4269
  }
4146
4270
  ],
4147
4271
  "regex": "(?i:\\.cookie\\b.*?;\\W*?(?:expires|domain)\\W*?=|\\bhttp-equiv\\W+set-cookie\\b)",
@@ -4187,6 +4311,9 @@
4187
4311
  },
4188
4312
  {
4189
4313
  "address": "graphql.server.all_resolvers"
4314
+ },
4315
+ {
4316
+ "address": "graphql.server.resolver"
4190
4317
  }
4191
4318
  ],
4192
4319
  "regex": "java\\.lang\\.(?:runtime|processbuilder)",
@@ -4207,7 +4334,6 @@
4207
4334
  "name": "Remote Command Execution: Java process spawn (CVE-2017-9805)",
4208
4335
  "tags": {
4209
4336
  "type": "java_code_injection",
4210
- "crs_id": "944110",
4211
4337
  "category": "attack_attempt",
4212
4338
  "cwe": "94",
4213
4339
  "capec": "1000/152/242"
@@ -4233,50 +4359,21 @@
4233
4359
  },
4234
4360
  {
4235
4361
  "address": "graphql.server.all_resolvers"
4236
- }
4237
- ],
4238
- "regex": "(?:runtime|processbuilder)",
4239
- "options": {
4240
- "case_sensitive": true,
4241
- "min_length": 7
4242
- }
4243
- },
4244
- "operator": "match_regex"
4245
- },
4246
- {
4247
- "parameters": {
4248
- "inputs": [
4249
- {
4250
- "address": "server.request.query"
4251
- },
4252
- {
4253
- "address": "server.request.body"
4254
- },
4255
- {
4256
- "address": "server.request.path_params"
4257
- },
4258
- {
4259
- "address": "server.request.headers.no_cookies"
4260
4362
  },
4261
4363
  {
4262
- "address": "grpc.server.request.message"
4263
- },
4264
- {
4265
- "address": "graphql.server.all_resolvers"
4364
+ "address": "graphql.server.resolver"
4266
4365
  }
4267
4366
  ],
4268
- "regex": "(?:unmarshaller|base64data|java\\.)",
4367
+ "regex": "(?:unmarshaller|base64data|java\\.).*(?:runtime|processbuilder)",
4269
4368
  "options": {
4270
- "case_sensitive": true,
4271
- "min_length": 5
4369
+ "case_sensitive": false,
4370
+ "min_length": 13
4272
4371
  }
4273
4372
  },
4274
4373
  "operator": "match_regex"
4275
4374
  }
4276
4375
  ],
4277
- "transformers": [
4278
- "lowercase"
4279
- ]
4376
+ "transformers": []
4280
4377
  },
4281
4378
  {
4282
4379
  "id": "crs-944-130",
@@ -4309,6 +4406,9 @@
4309
4406
  },
4310
4407
  {
4311
4408
  "address": "graphql.server.all_resolvers"
4409
+ },
4410
+ {
4411
+ "address": "graphql.server.resolver"
4312
4412
  }
4313
4413
  ],
4314
4414
  "list": [
@@ -4344,6 +4444,7 @@
4344
4444
  "java.lang.object",
4345
4445
  "java.lang.process",
4346
4446
  "java.lang.reflect",
4447
+ "java.lang.runtime",
4347
4448
  "java.lang.string",
4348
4449
  "java.lang.stringbuilder",
4349
4450
  "java.lang.system",
@@ -4394,6 +4495,9 @@
4394
4495
  },
4395
4496
  {
4396
4497
  "address": "graphql.server.all_resolvers"
4498
+ },
4499
+ {
4500
+ "address": "graphql.server.resolver"
4397
4501
  }
4398
4502
  ],
4399
4503
  "regex": "(?:class\\.module\\.classLoader\\.resources\\.context\\.parent\\.pipeline|springframework\\.context\\.support\\.FileSystemXmlApplicationContext)",
@@ -4435,6 +4539,9 @@
4435
4539
  {
4436
4540
  "address": "graphql.server.all_resolvers"
4437
4541
  },
4542
+ {
4543
+ "address": "graphql.server.resolver"
4544
+ },
4438
4545
  {
4439
4546
  "address": "server.request.headers.no_cookies"
4440
4547
  }
@@ -4479,6 +4586,12 @@
4479
4586
  },
4480
4587
  {
4481
4588
  "address": "graphql.server.all_resolvers"
4589
+ },
4590
+ {
4591
+ "address": "graphql.server.resolver"
4592
+ },
4593
+ {
4594
+ "address": "server.request.headers.no_cookies"
4482
4595
  }
4483
4596
  ],
4484
4597
  "regex": "[#%$]{(?:[^}]+[^\\w\\s}\\-_][^}]+|\\d+-\\d+)}",
@@ -4522,6 +4635,9 @@
4522
4635
  },
4523
4636
  {
4524
4637
  "address": "graphql.server.all_resolvers"
4638
+ },
4639
+ {
4640
+ "address": "graphql.server.resolver"
4525
4641
  }
4526
4642
  ],
4527
4643
  "regex": "[@#]ognl",
@@ -4668,6 +4784,9 @@
4668
4784
  },
4669
4785
  {
4670
4786
  "address": "graphql.server.all_resolvers"
4787
+ },
4788
+ {
4789
+ "address": "graphql.server.resolver"
4671
4790
  }
4672
4791
  ],
4673
4792
  "regex": "#(?:set|foreach|macro|parse|if)\\(.*\\)|<#assign.*>"
@@ -4709,6 +4828,9 @@
4709
4828
  },
4710
4829
  {
4711
4830
  "address": "graphql.server.all_resolvers"
4831
+ },
4832
+ {
4833
+ "address": "graphql.server.resolver"
4712
4834
  }
4713
4835
  ],
4714
4836
  "regex": "\\b(?:burpcollaborator\\.net|oastify\\.com)\\b"
@@ -4750,9 +4872,12 @@
4750
4872
  },
4751
4873
  {
4752
4874
  "address": "graphql.server.all_resolvers"
4875
+ },
4876
+ {
4877
+ "address": "graphql.server.resolver"
4753
4878
  }
4754
4879
  ],
4755
- "regex": "\\bqualysperiscope\\.com\\b"
4880
+ "regex": "\\bqualysperiscope\\.com\\b|\\.oscomm\\."
4756
4881
  },
4757
4882
  "operator": "match_regex"
4758
4883
  }
@@ -4791,6 +4916,9 @@
4791
4916
  },
4792
4917
  {
4793
4918
  "address": "graphql.server.all_resolvers"
4919
+ },
4920
+ {
4921
+ "address": "graphql.server.resolver"
4794
4922
  }
4795
4923
  ],
4796
4924
  "regex": "\\bprbly\\.win\\b"
@@ -4831,9 +4959,12 @@
4831
4959
  },
4832
4960
  {
4833
4961
  "address": "graphql.server.all_resolvers"
4962
+ },
4963
+ {
4964
+ "address": "graphql.server.resolver"
4834
4965
  }
4835
4966
  ],
4836
- "regex": "\\b(?:webhook\\.site|\\.canarytokens\\.com|vii\\.one|act1on3\\.ru|gdsburp\\.com)\\b"
4967
+ "regex": "\\b(?:webhook\\.site|\\.canarytokens\\.com|vii\\.one|act1on3\\.ru|gdsburp\\.com|arcticwolf\\.net|oob\\.li|htbiw\\.com|h4\\.vc|mochan\\.cloud|imshopping\\.com|bootstrapnodejs\\.com|mooo-ng\\.com|securitytrails\\.com|canyouhackit\\.io|7bae\\.xyz)\\b"
4837
4968
  },
4838
4969
  "operator": "match_regex"
4839
4970
  }
@@ -4871,6 +5002,9 @@
4871
5002
  },
4872
5003
  {
4873
5004
  "address": "graphql.server.all_resolvers"
5005
+ },
5006
+ {
5007
+ "address": "graphql.server.resolver"
4874
5008
  }
4875
5009
  ],
4876
5010
  "regex": "\\b(?:\\.ngrok\\.io|requestbin\\.com|requestbin\\.net)\\b"
@@ -4912,6 +5046,9 @@
4912
5046
  },
4913
5047
  {
4914
5048
  "address": "graphql.server.all_resolvers"
5049
+ },
5050
+ {
5051
+ "address": "graphql.server.resolver"
4915
5052
  }
4916
5053
  ],
4917
5054
  "regex": "\\bappspidered\\.rapid7\\."
@@ -4953,9 +5090,12 @@
4953
5090
  },
4954
5091
  {
4955
5092
  "address": "graphql.server.all_resolvers"
5093
+ },
5094
+ {
5095
+ "address": "graphql.server.resolver"
4956
5096
  }
4957
5097
  ],
4958
- "regex": "\\b(?:interact\\.sh|oast\\.(?:pro|live|site|online|fun|me))\\b"
5098
+ "regex": "\\b(?:interact\\.sh|oast\\.(?:pro|live|site|online|fun|me)|indusfacefinder\\.in|where\\.land|syhunt\\.net|tssrt\\.de|boardofcyber\\.io|assetnote-callback\\.com|praetorianlabs\\.dev|netspi\\.sh)\\b"
4959
5099
  },
4960
5100
  "operator": "match_regex"
4961
5101
  }
@@ -4994,9 +5134,12 @@
4994
5134
  },
4995
5135
  {
4996
5136
  "address": "graphql.server.all_resolvers"
5137
+ },
5138
+ {
5139
+ "address": "graphql.server.resolver"
4997
5140
  }
4998
5141
  ],
4999
- "regex": "\\b(?:\\.|(?:\\\\|&#)(?:0*46|x0*2e);)r87(?:\\.|(?:\\\\|&#)(?:0*46|x0*2e);)(?:me|com)\\b",
5142
+ "regex": "\\b(?:\\.|(?:\\\\|&#)(?:0*46|x0*2e);)?r87(?:\\.|(?:\\\\|&#)(?:0*46|x0*2e);)(?:me|com)\\b",
5000
5143
  "options": {
5001
5144
  "case_sensitive": false,
5002
5145
  "min_length": 7
@@ -5008,14 +5151,15 @@
5008
5151
  "transformers": []
5009
5152
  },
5010
5153
  {
5011
- "id": "dog-931-001",
5012
- "name": "RFI: URL Payload to well known RFI target",
5154
+ "id": "dog-913-009",
5155
+ "name": "WhiteHat Security OOB domain",
5013
5156
  "tags": {
5014
- "type": "rfi",
5157
+ "type": "commercial_scanner",
5015
5158
  "category": "attack_attempt",
5016
- "cwe": "98",
5017
- "capec": "1000/152/175/253/193",
5018
- "confidence": "1"
5159
+ "tool_name": "WhiteHatSecurity",
5160
+ "cwe": "200",
5161
+ "capec": "1000/118/169",
5162
+ "confidence": "0"
5019
5163
  },
5020
5164
  "conditions": [
5021
5165
  {
@@ -5030,17 +5174,23 @@
5030
5174
  {
5031
5175
  "address": "server.request.path_params"
5032
5176
  },
5177
+ {
5178
+ "address": "server.request.headers.no_cookies"
5179
+ },
5033
5180
  {
5034
5181
  "address": "grpc.server.request.message"
5035
5182
  },
5036
5183
  {
5037
5184
  "address": "graphql.server.all_resolvers"
5185
+ },
5186
+ {
5187
+ "address": "graphql.server.resolver"
5038
5188
  }
5039
5189
  ],
5040
- "regex": "^(?i:file|ftps?|https?).*/rfiinc\\.txt\\?+$",
5190
+ "regex": "\\bwhsec(?:\\.|(?:\\\\|&#)(?:0*46|x0*2e);)us\\b",
5041
5191
  "options": {
5042
- "case_sensitive": true,
5043
- "min_length": 17
5192
+ "case_sensitive": false,
5193
+ "min_length": 8
5044
5194
  }
5045
5195
  },
5046
5196
  "operator": "match_regex"
@@ -5049,33 +5199,46 @@
5049
5199
  "transformers": []
5050
5200
  },
5051
5201
  {
5052
- "id": "dog-934-001",
5053
- "name": "XXE - XML file loads external entity",
5202
+ "id": "dog-913-010",
5203
+ "name": "Nessus OOB domain",
5054
5204
  "tags": {
5055
- "type": "xxe",
5205
+ "type": "commercial_scanner",
5056
5206
  "category": "attack_attempt",
5057
- "cwe": "91",
5058
- "capec": "1000/152/248/250",
5207
+ "tool_name": "Nessus",
5208
+ "cwe": "200",
5209
+ "capec": "1000/118/169",
5059
5210
  "confidence": "0"
5060
5211
  },
5061
5212
  "conditions": [
5062
5213
  {
5063
5214
  "parameters": {
5064
5215
  "inputs": [
5216
+ {
5217
+ "address": "server.request.query"
5218
+ },
5065
5219
  {
5066
5220
  "address": "server.request.body"
5067
5221
  },
5222
+ {
5223
+ "address": "server.request.path_params"
5224
+ },
5225
+ {
5226
+ "address": "server.request.headers.no_cookies"
5227
+ },
5068
5228
  {
5069
5229
  "address": "grpc.server.request.message"
5070
5230
  },
5071
5231
  {
5072
5232
  "address": "graphql.server.all_resolvers"
5233
+ },
5234
+ {
5235
+ "address": "graphql.server.resolver"
5073
5236
  }
5074
5237
  ],
5075
- "regex": "(?:<\\?xml[^>]*>.*)<!ENTITY[^>]+SYSTEM\\s+[^>]+>",
5238
+ "regex": "\\b\\.nessus\\.org\\b",
5076
5239
  "options": {
5077
5240
  "case_sensitive": false,
5078
- "min_length": 24
5241
+ "min_length": 8
5079
5242
  }
5080
5243
  },
5081
5244
  "operator": "match_regex"
@@ -5084,31 +5247,20 @@
5084
5247
  "transformers": []
5085
5248
  },
5086
5249
  {
5087
- "id": "dog-941-001",
5088
- "name": "XSS in source property",
5250
+ "id": "dog-913-011",
5251
+ "name": "Watchtowr OOB domain",
5089
5252
  "tags": {
5090
- "type": "xss",
5253
+ "type": "commercial_scanner",
5091
5254
  "category": "attack_attempt",
5092
- "cwe": "83",
5093
- "capec": "1000/152/242/63/591/243",
5255
+ "tool_name": "Watchtowr",
5256
+ "cwe": "200",
5257
+ "capec": "1000/118/169",
5094
5258
  "confidence": "0"
5095
5259
  },
5096
5260
  "conditions": [
5097
5261
  {
5098
5262
  "parameters": {
5099
5263
  "inputs": [
5100
- {
5101
- "address": "server.request.headers.no_cookies",
5102
- "key_path": [
5103
- "user-agent"
5104
- ]
5105
- },
5106
- {
5107
- "address": "server.request.headers.no_cookies",
5108
- "key_path": [
5109
- "referer"
5110
- ]
5111
- },
5112
5264
  {
5113
5265
  "address": "server.request.query"
5114
5266
  },
@@ -5118,35 +5270,40 @@
5118
5270
  {
5119
5271
  "address": "server.request.path_params"
5120
5272
  },
5273
+ {
5274
+ "address": "server.request.headers.no_cookies"
5275
+ },
5121
5276
  {
5122
5277
  "address": "grpc.server.request.message"
5123
5278
  },
5124
5279
  {
5125
5280
  "address": "graphql.server.all_resolvers"
5281
+ },
5282
+ {
5283
+ "address": "graphql.server.resolver"
5126
5284
  }
5127
5285
  ],
5128
- "regex": "<(?:iframe|esi:include)(?:(?:\\s|/)*\\w+=[\"'\\w]+)*(?:\\s|/)*src(?:doc)?=[\"']?(?:data:|javascript:|http:|//)[^\\s'\"]+['\"]?",
5286
+ "regex": "\\bwatchtowr\\.com\\b",
5129
5287
  "options": {
5130
- "min_length": 14
5288
+ "case_sensitive": false,
5289
+ "min_length": 8
5131
5290
  }
5132
5291
  },
5133
5292
  "operator": "match_regex"
5134
5293
  }
5135
5294
  ],
5136
- "transformers": [
5137
- "removeNulls",
5138
- "urlDecodeUni"
5139
- ]
5295
+ "transformers": []
5140
5296
  },
5141
5297
  {
5142
- "id": "dog-942-001",
5143
- "name": "Blind XSS callback domains",
5298
+ "id": "dog-913-012",
5299
+ "name": "AppCheck NG OOB domain",
5144
5300
  "tags": {
5145
- "type": "xss",
5301
+ "type": "commercial_scanner",
5146
5302
  "category": "attack_attempt",
5147
- "cwe": "83",
5148
- "capec": "1000/152/242/63/591/243",
5149
- "confidence": "1"
5303
+ "tool_name": "AppCheckNG",
5304
+ "cwe": "200",
5305
+ "capec": "1000/118/169",
5306
+ "confidence": "0"
5150
5307
  },
5151
5308
  "conditions": [
5152
5309
  {
@@ -5169,11 +5326,15 @@
5169
5326
  },
5170
5327
  {
5171
5328
  "address": "graphql.server.all_resolvers"
5329
+ },
5330
+ {
5331
+ "address": "graphql.server.resolver"
5172
5332
  }
5173
5333
  ],
5174
- "regex": "https?:\\/\\/(?:.*\\.)?(?:bxss\\.in|xss\\.ht|js\\.rip)",
5334
+ "regex": "\\bptst\\.io\\b",
5175
5335
  "options": {
5176
- "case_sensitive": false
5336
+ "case_sensitive": false,
5337
+ "min_length": 7
5177
5338
  }
5178
5339
  },
5179
5340
  "operator": "match_regex"
@@ -5182,24 +5343,257 @@
5182
5343
  "transformers": []
5183
5344
  },
5184
5345
  {
5185
- "id": "nfd-000-001",
5186
- "name": "Detect common directory discovery scans",
5346
+ "id": "dog-931-001",
5347
+ "name": "RFI: URL Payload to well known RFI target",
5187
5348
  "tags": {
5188
- "type": "security_scanner",
5349
+ "type": "rfi",
5189
5350
  "category": "attack_attempt",
5190
- "cwe": "200",
5191
- "capec": "1000/118/169",
5351
+ "cwe": "98",
5352
+ "capec": "1000/152/175/253/193",
5192
5353
  "confidence": "1"
5193
5354
  },
5194
5355
  "conditions": [
5195
5356
  {
5196
- "operator": "match_regex",
5197
5357
  "parameters": {
5198
5358
  "inputs": [
5199
5359
  {
5200
- "address": "server.response.status"
5201
- }
5202
- ],
5360
+ "address": "server.request.query"
5361
+ },
5362
+ {
5363
+ "address": "server.request.body"
5364
+ },
5365
+ {
5366
+ "address": "server.request.path_params"
5367
+ },
5368
+ {
5369
+ "address": "grpc.server.request.message"
5370
+ },
5371
+ {
5372
+ "address": "graphql.server.all_resolvers"
5373
+ },
5374
+ {
5375
+ "address": "graphql.server.resolver"
5376
+ }
5377
+ ],
5378
+ "regex": "^(?i:file|ftps?|https?).*/rfiinc\\.txt\\?+$",
5379
+ "options": {
5380
+ "case_sensitive": true,
5381
+ "min_length": 17
5382
+ }
5383
+ },
5384
+ "operator": "match_regex"
5385
+ }
5386
+ ],
5387
+ "transformers": []
5388
+ },
5389
+ {
5390
+ "id": "dog-932-100",
5391
+ "name": "Shell spawn executing network command",
5392
+ "tags": {
5393
+ "type": "command_injection",
5394
+ "category": "attack_attempt",
5395
+ "cwe": "77",
5396
+ "capec": "1000/152/248/88",
5397
+ "confidence": "0"
5398
+ },
5399
+ "conditions": [
5400
+ {
5401
+ "parameters": {
5402
+ "inputs": [
5403
+ {
5404
+ "address": "server.request.query"
5405
+ },
5406
+ {
5407
+ "address": "server.request.body"
5408
+ },
5409
+ {
5410
+ "address": "server.request.path_params"
5411
+ },
5412
+ {
5413
+ "address": "server.request.headers.no_cookies"
5414
+ },
5415
+ {
5416
+ "address": "grpc.server.request.message"
5417
+ },
5418
+ {
5419
+ "address": "graphql.server.all_resolvers"
5420
+ },
5421
+ {
5422
+ "address": "graphql.server.resolver"
5423
+ }
5424
+ ],
5425
+ "regex": "(?:(?:['\"\\x60({|;&]|(?:^|['\"\\x60({|;&])(?:cmd(?:\\.exe)?\\s+(?:/\\w(?::\\w+)?\\s+)*))(?:ping|curl|wget|telnet)|\\bnslookup)[\\s,]",
5426
+ "options": {
5427
+ "case_sensitive": true,
5428
+ "min_length": 5
5429
+ }
5430
+ },
5431
+ "operator": "match_regex"
5432
+ }
5433
+ ],
5434
+ "transformers": []
5435
+ },
5436
+ {
5437
+ "id": "dog-934-001",
5438
+ "name": "XXE - XML file loads external entity",
5439
+ "tags": {
5440
+ "type": "xxe",
5441
+ "category": "attack_attempt",
5442
+ "cwe": "91",
5443
+ "capec": "1000/152/248/250",
5444
+ "confidence": "1"
5445
+ },
5446
+ "conditions": [
5447
+ {
5448
+ "parameters": {
5449
+ "inputs": [
5450
+ {
5451
+ "address": "server.request.body"
5452
+ },
5453
+ {
5454
+ "address": "grpc.server.request.message"
5455
+ },
5456
+ {
5457
+ "address": "graphql.server.all_resolvers"
5458
+ },
5459
+ {
5460
+ "address": "graphql.server.resolver"
5461
+ }
5462
+ ],
5463
+ "regex": "(?:<\\?xml[^>]*>.*)<!ENTITY[^>]+SYSTEM\\s+[^>]+>",
5464
+ "options": {
5465
+ "case_sensitive": false,
5466
+ "min_length": 24
5467
+ }
5468
+ },
5469
+ "operator": "match_regex"
5470
+ }
5471
+ ],
5472
+ "transformers": []
5473
+ },
5474
+ {
5475
+ "id": "dog-941-001",
5476
+ "name": "XSS in source property",
5477
+ "tags": {
5478
+ "type": "xss",
5479
+ "category": "attack_attempt",
5480
+ "cwe": "83",
5481
+ "capec": "1000/152/242/63/591/243",
5482
+ "confidence": "1"
5483
+ },
5484
+ "conditions": [
5485
+ {
5486
+ "parameters": {
5487
+ "inputs": [
5488
+ {
5489
+ "address": "server.request.headers.no_cookies",
5490
+ "key_path": [
5491
+ "user-agent"
5492
+ ]
5493
+ },
5494
+ {
5495
+ "address": "server.request.headers.no_cookies",
5496
+ "key_path": [
5497
+ "referer"
5498
+ ]
5499
+ },
5500
+ {
5501
+ "address": "server.request.query"
5502
+ },
5503
+ {
5504
+ "address": "server.request.body"
5505
+ },
5506
+ {
5507
+ "address": "server.request.path_params"
5508
+ },
5509
+ {
5510
+ "address": "grpc.server.request.message"
5511
+ },
5512
+ {
5513
+ "address": "graphql.server.all_resolvers"
5514
+ },
5515
+ {
5516
+ "address": "graphql.server.resolver"
5517
+ }
5518
+ ],
5519
+ "regex": "<(?:iframe|esi:include)(?:(?:\\s|/)*\\w+=[\"'\\w]+)*(?:\\s|/)*src(?:doc)?=[\"']?(?:data:|javascript:|http:|dns:|//)[^\\s'\"]+['\"]?",
5520
+ "options": {
5521
+ "min_length": 14
5522
+ }
5523
+ },
5524
+ "operator": "match_regex"
5525
+ }
5526
+ ],
5527
+ "transformers": [
5528
+ "removeNulls",
5529
+ "urlDecodeUni"
5530
+ ]
5531
+ },
5532
+ {
5533
+ "id": "dog-942-001",
5534
+ "name": "Blind XSS callback domains",
5535
+ "tags": {
5536
+ "type": "xss",
5537
+ "category": "attack_attempt",
5538
+ "cwe": "83",
5539
+ "capec": "1000/152/242/63/591/243",
5540
+ "confidence": "1"
5541
+ },
5542
+ "conditions": [
5543
+ {
5544
+ "parameters": {
5545
+ "inputs": [
5546
+ {
5547
+ "address": "server.request.query"
5548
+ },
5549
+ {
5550
+ "address": "server.request.body"
5551
+ },
5552
+ {
5553
+ "address": "server.request.path_params"
5554
+ },
5555
+ {
5556
+ "address": "server.request.headers.no_cookies"
5557
+ },
5558
+ {
5559
+ "address": "grpc.server.request.message"
5560
+ },
5561
+ {
5562
+ "address": "graphql.server.all_resolvers"
5563
+ },
5564
+ {
5565
+ "address": "graphql.server.resolver"
5566
+ }
5567
+ ],
5568
+ "regex": "https?:\\/\\/(?:.*\\.)?(?:bxss\\.(?:in|me)|xss\\.ht|js\\.rip)",
5569
+ "options": {
5570
+ "case_sensitive": false
5571
+ }
5572
+ },
5573
+ "operator": "match_regex"
5574
+ }
5575
+ ],
5576
+ "transformers": []
5577
+ },
5578
+ {
5579
+ "id": "nfd-000-001",
5580
+ "name": "Detect common directory discovery scans",
5581
+ "tags": {
5582
+ "type": "security_scanner",
5583
+ "category": "attack_attempt",
5584
+ "cwe": "200",
5585
+ "capec": "1000/118/169",
5586
+ "confidence": "1"
5587
+ },
5588
+ "conditions": [
5589
+ {
5590
+ "operator": "match_regex",
5591
+ "parameters": {
5592
+ "inputs": [
5593
+ {
5594
+ "address": "server.response.status"
5595
+ }
5596
+ ],
5203
5597
  "regex": "^404$",
5204
5598
  "options": {
5205
5599
  "case_sensitive": true
@@ -5755,38 +6149,83 @@
5755
6149
  "transformers": []
5756
6150
  },
5757
6151
  {
5758
- "id": "sqr-000-001",
5759
- "name": "SSRF: Try to access the credential manager of the main cloud services",
6152
+ "id": "nfd-000-010",
6153
+ "name": "Detect failed attempts to find API documentation",
5760
6154
  "tags": {
5761
- "type": "ssrf",
6155
+ "type": "security_scanner",
5762
6156
  "category": "attack_attempt",
5763
- "cwe": "918",
5764
- "capec": "1000/225/115/664",
5765
- "confidence": "1"
6157
+ "cwe": "200",
6158
+ "capec": "1000/118/169",
6159
+ "confidence": "0"
5766
6160
  },
5767
6161
  "conditions": [
5768
6162
  {
6163
+ "operator": "match_regex",
5769
6164
  "parameters": {
5770
6165
  "inputs": [
5771
6166
  {
5772
- "address": "server.request.query"
5773
- },
5774
- {
5775
- "address": "server.request.body"
5776
- },
5777
- {
5778
- "address": "server.request.path_params"
5779
- },
5780
- {
5781
- "address": "grpc.server.request.message"
5782
- },
5783
- {
5784
- "address": "graphql.server.all_resolvers"
6167
+ "address": "server.response.status"
5785
6168
  }
5786
6169
  ],
5787
- "regex": "(?i)^\\W*((http|ftp)s?://)?\\W*((::f{4}:)?(169|(0x)?0*a9|0+251)\\.?(254|(0x)?0*fe|0+376)[0-9a-fx\\.:]+|metadata\\.google\\.internal|metadata\\.goog)\\W*/",
6170
+ "regex": "^404$",
5788
6171
  "options": {
5789
- "min_length": 4
6172
+ "case_sensitive": true
6173
+ }
6174
+ }
6175
+ },
6176
+ {
6177
+ "operator": "match_regex",
6178
+ "parameters": {
6179
+ "inputs": [
6180
+ {
6181
+ "address": "server.request.uri.raw"
6182
+ }
6183
+ ],
6184
+ "regex": "(?:/swagger\\b|/api[-/]docs?\\b)",
6185
+ "options": {
6186
+ "case_sensitive": false
6187
+ }
6188
+ }
6189
+ }
6190
+ ],
6191
+ "transformers": []
6192
+ },
6193
+ {
6194
+ "id": "sqr-000-001",
6195
+ "name": "SSRF: Try to access the credential manager of the main cloud services",
6196
+ "tags": {
6197
+ "type": "ssrf",
6198
+ "category": "attack_attempt",
6199
+ "cwe": "918",
6200
+ "capec": "1000/225/115/664",
6201
+ "confidence": "1"
6202
+ },
6203
+ "conditions": [
6204
+ {
6205
+ "parameters": {
6206
+ "inputs": [
6207
+ {
6208
+ "address": "server.request.query"
6209
+ },
6210
+ {
6211
+ "address": "server.request.body"
6212
+ },
6213
+ {
6214
+ "address": "server.request.path_params"
6215
+ },
6216
+ {
6217
+ "address": "grpc.server.request.message"
6218
+ },
6219
+ {
6220
+ "address": "graphql.server.all_resolvers"
6221
+ },
6222
+ {
6223
+ "address": "graphql.server.resolver"
6224
+ }
6225
+ ],
6226
+ "regex": "(?i)^\\W*((http|ftp)s?://)?\\W*((::f{4}:)?(169|(0x)?0*a9|0+251)\\.?(254|(0x)?0*fe|0+376)[0-9a-fx\\.:]+|metadata\\.google\\.internal|metadata\\.goog)\\W*/",
6227
+ "options": {
6228
+ "min_length": 4
5790
6229
  }
5791
6230
  },
5792
6231
  "operator": "match_regex"
@@ -5823,6 +6262,9 @@
5823
6262
  },
5824
6263
  {
5825
6264
  "address": "graphql.server.all_resolvers"
6265
+ },
6266
+ {
6267
+ "address": "graphql.server.resolver"
5826
6268
  }
5827
6269
  ],
5828
6270
  "regex": "require\\(['\"][\\w\\.]+['\"]\\)|process\\.\\w+\\([\\w\\.]*\\)|\\.toString\\(\\)",
@@ -5868,6 +6310,9 @@
5868
6310
  },
5869
6311
  {
5870
6312
  "address": "graphql.server.all_resolvers"
6313
+ },
6314
+ {
6315
+ "address": "graphql.server.resolver"
5871
6316
  }
5872
6317
  ],
5873
6318
  "regex": "(?i)[&|]\\s*type\\s+%\\w+%\\\\+\\w+\\.ini\\s*[&|]"
@@ -5908,6 +6353,9 @@
5908
6353
  },
5909
6354
  {
5910
6355
  "address": "graphql.server.all_resolvers"
6356
+ },
6357
+ {
6358
+ "address": "graphql.server.resolver"
5911
6359
  }
5912
6360
  ],
5913
6361
  "regex": "(?i)[&|]\\s*cat\\s*\\/etc\\/[\\w\\.\\/]*passwd\\s*[&|]"
@@ -5950,6 +6398,9 @@
5950
6398
  },
5951
6399
  {
5952
6400
  "address": "graphql.server.all_resolvers"
6401
+ },
6402
+ {
6403
+ "address": "graphql.server.resolver"
5953
6404
  }
5954
6405
  ],
5955
6406
  "regex": "(?i)[&|]\\s*timeout\\s+/t\\s+\\d+\\s*[&|]"
@@ -5987,6 +6438,9 @@
5987
6438
  },
5988
6439
  {
5989
6440
  "address": "graphql.server.all_resolvers"
6441
+ },
6442
+ {
6443
+ "address": "graphql.server.resolver"
5990
6444
  }
5991
6445
  ],
5992
6446
  "regex": "http(s?):\\/\\/([A-Za-z0-9\\.\\-\\_]+|\\[[A-Fa-f0-9\\:]+\\]|):5986\\/wsman",
@@ -6027,6 +6481,9 @@
6027
6481
  },
6028
6482
  {
6029
6483
  "address": "graphql.server.all_resolvers"
6484
+ },
6485
+ {
6486
+ "address": "graphql.server.resolver"
6030
6487
  }
6031
6488
  ],
6032
6489
  "regex": "^(jar:)?(http|https):\\/\\/([0-9oq]{1,5}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}|[0-9]{1,10})(:[0-9]{1,5})?(\\/[^:@]*)?$"
@@ -6066,6 +6523,9 @@
6066
6523
  },
6067
6524
  {
6068
6525
  "address": "graphql.server.all_resolvers"
6526
+ },
6527
+ {
6528
+ "address": "graphql.server.resolver"
6069
6529
  }
6070
6530
  ],
6071
6531
  "regex": "^(jar:)?(http|https):\\/\\/((\\[)?[:0-9a-f\\.x]{2,}(\\])?)(:[0-9]{1,5})?(\\/[^:@]*)?$"
@@ -6108,9 +6568,12 @@
6108
6568
  },
6109
6569
  {
6110
6570
  "address": "graphql.server.all_resolvers"
6571
+ },
6572
+ {
6573
+ "address": "graphql.server.resolver"
6111
6574
  }
6112
6575
  ],
6113
- "regex": "(http|https):\\/\\/(?:.*\\.)?(?:burpcollaborator\\.net|localtest\\.me|mail\\.ebc\\.apple\\.com|bugbounty\\.dod\\.network|.*\\.[nx]ip\\.io|oastify\\.com|oast\\.(?:pro|live|site|online|fun|me)|sslip\\.io|requestbin\\.com|requestbin\\.net|hookbin\\.com|webhook\\.site|canarytokens\\.com|interact\\.sh|ngrok\\.io|bugbounty\\.click|prbly\\.win|qualysperiscope\\.com|vii.one|act1on3.ru)"
6576
+ "regex": "(http|https):\\/\\/(?:.*\\.)?(?:burpcollaborator\\.net|localtest\\.me|mail\\.ebc\\.apple\\.com|bugbounty\\.dod\\.network|.*\\.[nx]ip\\.io|oastify\\.com|oast\\.(?:pro|live|site|online|fun|me)|sslip\\.io|requestbin\\.com|requestbin\\.net|hookbin\\.com|webhook\\.site|canarytokens\\.com|interact\\.sh|ngrok\\.io|bugbounty\\.click|prbly\\.win|qualysperiscope\\.com|vii\\.one|act1on3\\.ru)"
6114
6577
  },
6115
6578
  "operator": "match_regex"
6116
6579
  }
@@ -6148,6 +6611,9 @@
6148
6611
  },
6149
6612
  {
6150
6613
  "address": "graphql.server.all_resolvers"
6614
+ },
6615
+ {
6616
+ "address": "graphql.server.resolver"
6151
6617
  }
6152
6618
  ],
6153
6619
  "regex": "^(jar:)?((file|netdoc):\\/\\/[\\\\\\/]+|(dict|gopher|ldap|sftp|tftp):\\/\\/.*:[0-9]{1,5})"
@@ -6193,6 +6659,9 @@
6193
6659
  },
6194
6660
  {
6195
6661
  "address": "graphql.server.all_resolvers"
6662
+ },
6663
+ {
6664
+ "address": "graphql.server.resolver"
6196
6665
  }
6197
6666
  ],
6198
6667
  "regex": "\\${[^j]*j[^n]*n[^d]*d[^i]*i[^:]*:[^}]*}"
@@ -7610,6 +8079,35 @@
7610
8079
  ],
7611
8080
  "transformers": []
7612
8081
  },
8082
+ {
8083
+ "id": "ua0-600-63x",
8084
+ "name": "FeroxBuster",
8085
+ "tags": {
8086
+ "type": "attack_tool",
8087
+ "category": "attack_attempt",
8088
+ "cwe": "200",
8089
+ "capec": "1000/118/169",
8090
+ "tool_name": "feroxbuster",
8091
+ "confidence": "1"
8092
+ },
8093
+ "conditions": [
8094
+ {
8095
+ "parameters": {
8096
+ "inputs": [
8097
+ {
8098
+ "address": "server.request.headers.no_cookies",
8099
+ "key_path": [
8100
+ "user-agent"
8101
+ ]
8102
+ }
8103
+ ],
8104
+ "regex": "^feroxbuster/"
8105
+ },
8106
+ "operator": "match_regex"
8107
+ }
8108
+ ],
8109
+ "transformers": []
8110
+ },
7613
8111
  {
7614
8112
  "id": "ua0-600-6xx",
7615
8113
  "name": "Stealthy scanner",
@@ -7631,7 +8129,7 @@
7631
8129
  ]
7632
8130
  }
7633
8131
  ],
7634
- "regex": "mozilla/4\\.0 \\(compatible(; msie (?:6\\.0; win32|4\\.0; Windows NT))?\\)",
8132
+ "regex": "mozilla/4\\.0 \\(compatible(; msie (?:6\\.0; (?:win32|Windows NT 5\\.0)|4\\.0; Windows NT))?\\)",
7635
8133
  "options": {
7636
8134
  "case_sensitive": false
7637
8135
  }
@@ -7699,5 +8197,1124 @@
7699
8197
  ],
7700
8198
  "transformers": []
7701
8199
  }
8200
+ ],
8201
+ "processors": [
8202
+ {
8203
+ "id": "extract-content",
8204
+ "generator": "extract_schema",
8205
+ "conditions": [
8206
+ {
8207
+ "operator": "equals",
8208
+ "parameters": {
8209
+ "inputs": [
8210
+ {
8211
+ "address": "waf.context.processor",
8212
+ "key_path": [
8213
+ "extract-schema"
8214
+ ]
8215
+ }
8216
+ ],
8217
+ "type": "boolean",
8218
+ "value": true
8219
+ }
8220
+ }
8221
+ ],
8222
+ "parameters": {
8223
+ "mappings": [
8224
+ {
8225
+ "inputs": [
8226
+ {
8227
+ "address": "server.request.body"
8228
+ }
8229
+ ],
8230
+ "output": "_dd.appsec.s.req.body"
8231
+ },
8232
+ {
8233
+ "inputs": [
8234
+ {
8235
+ "address": "server.request.cookies"
8236
+ }
8237
+ ],
8238
+ "output": "_dd.appsec.s.req.cookies"
8239
+ },
8240
+ {
8241
+ "inputs": [
8242
+ {
8243
+ "address": "server.request.query"
8244
+ }
8245
+ ],
8246
+ "output": "_dd.appsec.s.req.query"
8247
+ },
8248
+ {
8249
+ "inputs": [
8250
+ {
8251
+ "address": "server.request.path_params"
8252
+ }
8253
+ ],
8254
+ "output": "_dd.appsec.s.req.params"
8255
+ },
8256
+ {
8257
+ "inputs": [
8258
+ {
8259
+ "address": "server.response.body"
8260
+ }
8261
+ ],
8262
+ "output": "_dd.appsec.s.res.body"
8263
+ },
8264
+ {
8265
+ "inputs": [
8266
+ {
8267
+ "address": "graphql.server.all_resolvers"
8268
+ }
8269
+ ],
8270
+ "output": "_dd.appsec.s.graphql.all_resolvers"
8271
+ },
8272
+ {
8273
+ "inputs": [
8274
+ {
8275
+ "address": "graphql.server.resolver"
8276
+ }
8277
+ ],
8278
+ "output": "_dd.appsec.s.graphql.resolver"
8279
+ }
8280
+ ],
8281
+ "scanners": [
8282
+ {
8283
+ "tags": {
8284
+ "category": "payment"
8285
+ }
8286
+ },
8287
+ {
8288
+ "tags": {
8289
+ "category": "pii"
8290
+ }
8291
+ }
8292
+ ]
8293
+ },
8294
+ "evaluate": false,
8295
+ "output": true
8296
+ },
8297
+ {
8298
+ "id": "extract-headers",
8299
+ "generator": "extract_schema",
8300
+ "conditions": [
8301
+ {
8302
+ "operator": "equals",
8303
+ "parameters": {
8304
+ "inputs": [
8305
+ {
8306
+ "address": "waf.context.processor",
8307
+ "key_path": [
8308
+ "extract-schema"
8309
+ ]
8310
+ }
8311
+ ],
8312
+ "type": "boolean",
8313
+ "value": true
8314
+ }
8315
+ }
8316
+ ],
8317
+ "parameters": {
8318
+ "mappings": [
8319
+ {
8320
+ "inputs": [
8321
+ {
8322
+ "address": "server.request.headers.no_cookies"
8323
+ }
8324
+ ],
8325
+ "output": "_dd.appsec.s.req.headers"
8326
+ },
8327
+ {
8328
+ "inputs": [
8329
+ {
8330
+ "address": "server.response.headers.no_cookies"
8331
+ }
8332
+ ],
8333
+ "output": "_dd.appsec.s.res.headers"
8334
+ }
8335
+ ],
8336
+ "scanners": [
8337
+ {
8338
+ "tags": {
8339
+ "category": "credentials"
8340
+ }
8341
+ },
8342
+ {
8343
+ "tags": {
8344
+ "category": "pii"
8345
+ }
8346
+ }
8347
+ ]
8348
+ },
8349
+ "evaluate": false,
8350
+ "output": true
8351
+ }
8352
+ ],
8353
+ "scanners": [
8354
+ {
8355
+ "id": "JU1sRk3mSzqSUJn6GrVn7g",
8356
+ "name": "American Express Card Scanner (4+4+4+3 digits)",
8357
+ "key": {
8358
+ "operator": "match_regex",
8359
+ "parameters": {
8360
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8361
+ "options": {
8362
+ "case_sensitive": false,
8363
+ "min_length": 3
8364
+ }
8365
+ }
8366
+ },
8367
+ "value": {
8368
+ "operator": "match_regex",
8369
+ "parameters": {
8370
+ "regex": "\\b3[47]\\d{2}(?:(?:\\s\\d{4}\\s\\d{4}\\s\\d{3})|(?:\\,\\d{4}\\,\\d{4}\\,\\d{3})|(?:-\\d{4}-\\d{4}-\\d{3})|(?:\\.\\d{4}\\.\\d{4}\\.\\d{3}))\\b",
8371
+ "options": {
8372
+ "case_sensitive": false,
8373
+ "min_length": 16
8374
+ }
8375
+ }
8376
+ },
8377
+ "tags": {
8378
+ "type": "card",
8379
+ "card_type": "amex",
8380
+ "category": "payment"
8381
+ }
8382
+ },
8383
+ {
8384
+ "id": "edmH513UTQWcRiQ9UnzHlw-mod",
8385
+ "name": "American Express Card Scanner (4+6|5+5|6 digits)",
8386
+ "key": {
8387
+ "operator": "match_regex",
8388
+ "parameters": {
8389
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8390
+ "options": {
8391
+ "case_sensitive": false,
8392
+ "min_length": 3
8393
+ }
8394
+ }
8395
+ },
8396
+ "value": {
8397
+ "operator": "match_regex",
8398
+ "parameters": {
8399
+ "regex": "\\b3[47]\\d{2}(?:(?:\\s\\d{5,6}\\s\\d{5,6})|(?:\\.\\d{5,6}\\.\\d{5,6})|(?:-\\d{5,6}-\\d{5,6})|(?:,\\d{5,6},\\d{5,6}))\\b",
8400
+ "options": {
8401
+ "case_sensitive": false,
8402
+ "min_length": 17
8403
+ }
8404
+ }
8405
+ },
8406
+ "tags": {
8407
+ "type": "card",
8408
+ "card_type": "amex",
8409
+ "category": "payment"
8410
+ }
8411
+ },
8412
+ {
8413
+ "id": "e6K4h_7qTLaMiAbaNXoSZA",
8414
+ "name": "American Express Card Scanner (8+7 digits)",
8415
+ "key": {
8416
+ "operator": "match_regex",
8417
+ "parameters": {
8418
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8419
+ "options": {
8420
+ "case_sensitive": false,
8421
+ "min_length": 3
8422
+ }
8423
+ }
8424
+ },
8425
+ "value": {
8426
+ "operator": "match_regex",
8427
+ "parameters": {
8428
+ "regex": "\\b3[47]\\d{6}(?:(?:\\s\\d{7})|(?:\\,\\d{7})|(?:-\\d{7})|(?:\\.\\d{7}))\\b",
8429
+ "options": {
8430
+ "case_sensitive": false,
8431
+ "min_length": 16
8432
+ }
8433
+ }
8434
+ },
8435
+ "tags": {
8436
+ "type": "card",
8437
+ "card_type": "amex",
8438
+ "category": "payment"
8439
+ }
8440
+ },
8441
+ {
8442
+ "id": "K2rZflWzRhGM9HiTc6whyQ",
8443
+ "name": "American Express Card Scanner (1x15 digits)",
8444
+ "key": {
8445
+ "operator": "match_regex",
8446
+ "parameters": {
8447
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8448
+ "options": {
8449
+ "case_sensitive": false,
8450
+ "min_length": 3
8451
+ }
8452
+ }
8453
+ },
8454
+ "value": {
8455
+ "operator": "match_regex",
8456
+ "parameters": {
8457
+ "regex": "\\b3[47]\\d{13}\\b",
8458
+ "options": {
8459
+ "case_sensitive": false,
8460
+ "min_length": 15
8461
+ }
8462
+ }
8463
+ },
8464
+ "tags": {
8465
+ "type": "card",
8466
+ "card_type": "amex",
8467
+ "category": "payment"
8468
+ }
8469
+ },
8470
+ {
8471
+ "id": "9d7756e343cefa22a5c098e1092590f806eb5446",
8472
+ "name": "Basic Authentication Scanner",
8473
+ "key": {
8474
+ "operator": "match_regex",
8475
+ "parameters": {
8476
+ "regex": "\\bauthorization\\b",
8477
+ "options": {
8478
+ "case_sensitive": false,
8479
+ "min_length": 13
8480
+ }
8481
+ }
8482
+ },
8483
+ "value": {
8484
+ "operator": "match_regex",
8485
+ "parameters": {
8486
+ "regex": "^basic\\s+[A-Za-z0-9+/=]+",
8487
+ "options": {
8488
+ "case_sensitive": false,
8489
+ "min_length": 7
8490
+ }
8491
+ }
8492
+ },
8493
+ "tags": {
8494
+ "type": "basic_auth",
8495
+ "category": "credentials"
8496
+ }
8497
+ },
8498
+ {
8499
+ "id": "mZy8XjZLReC9smpERXWnnw",
8500
+ "name": "Bearer Authentication Scanner",
8501
+ "key": {
8502
+ "operator": "match_regex",
8503
+ "parameters": {
8504
+ "regex": "\\bauthorization\\b",
8505
+ "options": {
8506
+ "case_sensitive": false,
8507
+ "min_length": 13
8508
+ }
8509
+ }
8510
+ },
8511
+ "value": {
8512
+ "operator": "match_regex",
8513
+ "parameters": {
8514
+ "regex": "^bearer\\s+[-a-z0-9._~+/]{4,}",
8515
+ "options": {
8516
+ "case_sensitive": false,
8517
+ "min_length": 11
8518
+ }
8519
+ }
8520
+ },
8521
+ "tags": {
8522
+ "type": "bearer_token",
8523
+ "category": "credentials"
8524
+ }
8525
+ },
8526
+ {
8527
+ "id": "450239afc250a19799b6c03dc0e16fd6a4b2a1af",
8528
+ "name": "Canadian Social Insurance Number Scanner",
8529
+ "key": {
8530
+ "operator": "match_regex",
8531
+ "parameters": {
8532
+ "regex": "\\b(?:social[\\s_]?(?:insurance(?:\\s+number)?)?|SIN|Canadian[\\s_]?(?:social[\\s_]?(?:insurance)?|insurance[\\s_]?number)?)\\b",
8533
+ "options": {
8534
+ "case_sensitive": false,
8535
+ "min_length": 3
8536
+ }
8537
+ }
8538
+ },
8539
+ "value": {
8540
+ "operator": "match_regex",
8541
+ "parameters": {
8542
+ "regex": "\\b\\d{3}-\\d{3}-\\d{3}\\b",
8543
+ "options": {
8544
+ "case_sensitive": false,
8545
+ "min_length": 11
8546
+ }
8547
+ }
8548
+ },
8549
+ "tags": {
8550
+ "type": "canadian_sin",
8551
+ "category": "pii"
8552
+ }
8553
+ },
8554
+ {
8555
+ "id": "87a879ff33693b46c8a614d8211f5a2c289beca0",
8556
+ "name": "Digest Authentication Scanner",
8557
+ "key": {
8558
+ "operator": "match_regex",
8559
+ "parameters": {
8560
+ "regex": "\\bauthorization\\b",
8561
+ "options": {
8562
+ "case_sensitive": false,
8563
+ "min_length": 13
8564
+ }
8565
+ }
8566
+ },
8567
+ "value": {
8568
+ "operator": "match_regex",
8569
+ "parameters": {
8570
+ "regex": "^digest\\s+",
8571
+ "options": {
8572
+ "case_sensitive": false,
8573
+ "min_length": 7
8574
+ }
8575
+ }
8576
+ },
8577
+ "tags": {
8578
+ "type": "digest_auth",
8579
+ "category": "credentials"
8580
+ }
8581
+ },
8582
+ {
8583
+ "id": "qWumeP1GQUa_E4ffAnT-Yg",
8584
+ "name": "American Express Card Scanner (1x14 digits)",
8585
+ "key": {
8586
+ "operator": "match_regex",
8587
+ "parameters": {
8588
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8589
+ "options": {
8590
+ "case_sensitive": false,
8591
+ "min_length": 3
8592
+ }
8593
+ }
8594
+ },
8595
+ "value": {
8596
+ "operator": "match_regex",
8597
+ "parameters": {
8598
+ "regex": "(?:30[0-59]\\d|3[689]\\d{2})(?:\\d{10})",
8599
+ "options": {
8600
+ "case_sensitive": false,
8601
+ "min_length": 14
8602
+ }
8603
+ }
8604
+ },
8605
+ "tags": {
8606
+ "type": "card",
8607
+ "card_type": "diners",
8608
+ "category": "payment"
8609
+ }
8610
+ },
8611
+ {
8612
+ "id": "NlTWWM5LS6W0GSqBLuvtRw",
8613
+ "name": "Diners Card Scanner (4+4+4+2 digits)",
8614
+ "key": {
8615
+ "operator": "match_regex",
8616
+ "parameters": {
8617
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8618
+ "options": {
8619
+ "case_sensitive": false,
8620
+ "min_length": 3
8621
+ }
8622
+ }
8623
+ },
8624
+ "value": {
8625
+ "operator": "match_regex",
8626
+ "parameters": {
8627
+ "regex": "\\b(?:30[0-59]\\d|3[689]\\d{2})(?:(?:\\s\\d{4}\\s\\d{4}\\s\\d{2})|(?:\\,\\d{4}\\,\\d{4}\\,\\d{2})|(?:-\\d{4}-\\d{4}-\\d{2})|(?:\\.\\d{4}\\.\\d{4}\\.\\d{2}))\\b",
8628
+ "options": {
8629
+ "case_sensitive": false,
8630
+ "min_length": 17
8631
+ }
8632
+ }
8633
+ },
8634
+ "tags": {
8635
+ "type": "card",
8636
+ "card_type": "diners",
8637
+ "category": "payment"
8638
+ }
8639
+ },
8640
+ {
8641
+ "id": "Xr5VdbQSTXitYGGiTfxBpw",
8642
+ "name": "Diners Card Scanner (4+6+4 digits)",
8643
+ "key": {
8644
+ "operator": "match_regex",
8645
+ "parameters": {
8646
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8647
+ "options": {
8648
+ "case_sensitive": false,
8649
+ "min_length": 3
8650
+ }
8651
+ }
8652
+ },
8653
+ "value": {
8654
+ "operator": "match_regex",
8655
+ "parameters": {
8656
+ "regex": "\\b(?:30[0-59]\\d|3[689]\\d{2})(?:(?:\\s\\d{6}\\s\\d{4})|(?:\\.\\d{6}\\.\\d{4})|(?:-\\d{6}-\\d{4})|(?:,\\d{6},\\d{4}))\\b",
8657
+ "options": {
8658
+ "case_sensitive": false,
8659
+ "min_length": 16
8660
+ }
8661
+ }
8662
+ },
8663
+ "tags": {
8664
+ "type": "card",
8665
+ "card_type": "diners",
8666
+ "category": "payment"
8667
+ }
8668
+ },
8669
+ {
8670
+ "id": "gAbunN_WQNytxu54DjcbAA-mod",
8671
+ "name": "Diners Card Scanner (8+6 digits)",
8672
+ "key": {
8673
+ "operator": "match_regex",
8674
+ "parameters": {
8675
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8676
+ "options": {
8677
+ "case_sensitive": false,
8678
+ "min_length": 3
8679
+ }
8680
+ }
8681
+ },
8682
+ "value": {
8683
+ "operator": "match_regex",
8684
+ "parameters": {
8685
+ "regex": "\\b(?:30[0-59]\\d{5}|3[689]\\d{6})\\s?(?:(?:\\s\\d{6})|(?:\\,\\d{6})|(?:-\\d{6})|(?:\\.\\d{6}))\\b",
8686
+ "options": {
8687
+ "case_sensitive": false,
8688
+ "min_length": 14
8689
+ }
8690
+ }
8691
+ },
8692
+ "tags": {
8693
+ "type": "card",
8694
+ "card_type": "diners",
8695
+ "category": "payment"
8696
+ }
8697
+ },
8698
+ {
8699
+ "id": "9cs4qCfEQBeX17U7AepOvQ",
8700
+ "name": "MasterCard Scanner (2x8 digits)",
8701
+ "key": {
8702
+ "operator": "match_regex",
8703
+ "parameters": {
8704
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8705
+ "options": {
8706
+ "case_sensitive": false,
8707
+ "min_length": 3
8708
+ }
8709
+ }
8710
+ },
8711
+ "value": {
8712
+ "operator": "match_regex",
8713
+ "parameters": {
8714
+ "regex": "\\b(?:6221(?:2[6-9]|[3-9][0-9])\\d{2}(?:,\\d{8}|\\s\\d{8}|-\\d{8}|\\.\\d{8})|6229(?:[01][0-9]|2[0-5])\\d{2}(?:,\\d{8}|\\s\\d{8}|-\\d{8}|\\.\\d{8})|(?:6011|65\\d{2}|64[4-9]\\d|622[2-8])\\d{4}(?:,\\d{8}|\\s\\d{8}|-\\d{8}|\\.\\d{8}))\\b",
8715
+ "options": {
8716
+ "case_sensitive": false,
8717
+ "min_length": 16
8718
+ }
8719
+ }
8720
+ },
8721
+ "tags": {
8722
+ "type": "card",
8723
+ "card_type": "discover",
8724
+ "category": "payment"
8725
+ }
8726
+ },
8727
+ {
8728
+ "id": "YBIDWJIvQWW_TFOyU0CGJg",
8729
+ "name": "Discover Card Scanner (4x4 digits)",
8730
+ "key": {
8731
+ "operator": "match_regex",
8732
+ "parameters": {
8733
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8734
+ "options": {
8735
+ "case_sensitive": false,
8736
+ "min_length": 3
8737
+ }
8738
+ }
8739
+ },
8740
+ "value": {
8741
+ "operator": "match_regex",
8742
+ "parameters": {
8743
+ "regex": "\\b(?:(?:(?:6221(?:2[6-9]|[3-9][0-9])\\d{2}(?:,\\d{4}){2})|(?:6221\\s(?:2[6-9]|[3-9][0-9])\\d{2}(?:\\s\\d{4}){2})|(?:6221\\.(?:2[6-9]|[3-9][0-9])\\d{2}(?:\\.\\d{4}){2})|(?:6221-(?:2[6-9]|[3-9][0-9])\\d{2}(?:-\\d{4}){2}))|(?:(?:6229(?:[01][0-9]|2[0-5])\\d{2}(?:,\\d{4}){2})|(?:6229\\s(?:[01][0-9]|2[0-5])\\d{2}(?:\\s\\d{4}){2})|(?:6229\\.(?:[01][0-9]|2[0-5])\\d{2}(?:\\.\\d{4}){2})|(?:6229-(?:[01][0-9]|2[0-5])\\d{2}(?:-\\d{4}){2}))|(?:(?:6011|65\\d{2}|64[4-9]\\d|622[2-8])(?:(?:\\s\\d{4}){3}|(?:\\.\\d{4}){3}|(?:-\\d{4}){3}|(?:,\\d{4}){3})))\\b",
8744
+ "options": {
8745
+ "case_sensitive": false,
8746
+ "min_length": 16
8747
+ }
8748
+ }
8749
+ },
8750
+ "tags": {
8751
+ "type": "card",
8752
+ "card_type": "discover",
8753
+ "category": "payment"
8754
+ }
8755
+ },
8756
+ {
8757
+ "id": "12cpbjtVTMaMutFhh9sojQ",
8758
+ "name": "Discover Card Scanner (1x16 digits)",
8759
+ "key": {
8760
+ "operator": "match_regex",
8761
+ "parameters": {
8762
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8763
+ "options": {
8764
+ "case_sensitive": false,
8765
+ "min_length": 3
8766
+ }
8767
+ }
8768
+ },
8769
+ "value": {
8770
+ "operator": "match_regex",
8771
+ "parameters": {
8772
+ "regex": "\\b(?:6221(?:2[6-9]|[3-9][0-9])\\d{10}|6229(?:[01][0-9]|2[0-5])\\d{10}|(?:6011|65\\d{2}|64[4-9]\\d|622[2-8])\\d{12})\\b",
8773
+ "options": {
8774
+ "case_sensitive": false,
8775
+ "min_length": 16
8776
+ }
8777
+ }
8778
+ },
8779
+ "tags": {
8780
+ "type": "card",
8781
+ "card_type": "discover",
8782
+ "category": "payment"
8783
+ }
8784
+ },
8785
+ {
8786
+ "id": "PuXiVTCkTHOtj0Yad1ppsw",
8787
+ "name": "Standard E-mail Address",
8788
+ "key": {
8789
+ "operator": "match_regex",
8790
+ "parameters": {
8791
+ "regex": "\\b(?:(?:e[-\\s]?)?mail|address|sender|\\bto\\b|from|recipient)\\b",
8792
+ "options": {
8793
+ "case_sensitive": false,
8794
+ "min_length": 2
8795
+ }
8796
+ }
8797
+ },
8798
+ "value": {
8799
+ "operator": "match_regex",
8800
+ "parameters": {
8801
+ "regex": "\\b[\\w!#$%&'*+/=?`{|}~^-]+(?:\\.[\\w!#$%&'*+/=?`{|}~^-]+)*(%40|@)(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,6}\\b",
8802
+ "options": {
8803
+ "case_sensitive": false,
8804
+ "min_length": 5
8805
+ }
8806
+ }
8807
+ },
8808
+ "tags": {
8809
+ "type": "email",
8810
+ "category": "pii"
8811
+ }
8812
+ },
8813
+ {
8814
+ "id": "8VS2RKxzR8a_95L5fuwaXQ",
8815
+ "name": "IBAN",
8816
+ "key": {
8817
+ "operator": "match_regex",
8818
+ "parameters": {
8819
+ "regex": "\\b(?:iban|account|sender|receiver)\\b",
8820
+ "options": {
8821
+ "case_sensitive": false,
8822
+ "min_length": 3
8823
+ }
8824
+ }
8825
+ },
8826
+ "value": {
8827
+ "operator": "match_regex",
8828
+ "parameters": {
8829
+ "regex": "\\b(?:NO\\d{2}(?:[ \\-]?\\d{4}){2}[ \\-]?\\d{3}|BE\\d{2}(?:[ \\-]?\\d{4}){3}|(?:DK|FO|FI|GL|SD)\\d{2}(?:[ \\-]?\\d{4}){3}[ \\-]?\\d{2}|NL\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?\\d{4}){2}[ \\-]?\\d{2}|MK\\d{2}[ \\-]?\\d{3}[A-Z0-9](?:[ \\-]?[A-Z0-9]{4}){2}[ \\-]?[A-Z0-9]\\d{2}|SI\\d{17}|(?:AT|BA|EE|LT|XK)\\d{18}|(?:LU|KZ|EE|LT)\\d{5}[A-Z0-9]{13}|LV\\d{2}[A-Z]{4}[A-Z0-9]{13}|(?:LI|CH)\\d{2}[ \\-]?\\d{4}[ \\-]?\\d[A-Z0-9]{3}(?:[ \\-]?[A-Z0-9]{4}){2}[ \\-]?[A-Z0-9]|HR\\d{2}(?:[ \\-]?\\d{4}){4}[ \\-]?\\d|GE\\d{2}[ \\-]?[A-Z0-9]{2}\\d{2}\\d{14}|VA\\d{20}|BG\\d{2}[A-Z]{4}\\d{6}[A-Z0-9]{8}|BH\\d{2}[A-Z]{4}[A-Z0-9]{14}|GB\\d{2}[A-Z]{4}(?:[ \\-]?\\d{4}){3}[ \\-]?\\d{2}|IE\\d{2}[ \\-]?[A-Z0-9]{4}(?:[ \\-]?\\d{4}){3}[ \\-]?\\d{2}|(?:CR|DE|ME|RS)\\d{2}(?:[ \\-]?\\d{4}){4}[ \\-]?\\d{2}|(?:AE|TL|IL)\\d{2}(?:[ \\-]?\\d{4}){4}[ \\-]?\\d{3}|GI\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?[A-Z0-9]{4}){3}[ \\-]?[A-Z0-9]{3}|IQ\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?\\d{4}){3}[ \\-]?\\d{3}|MD\\d{2}(?:[ \\-]?[A-Z0-9]{4}){5}|SA\\d{2}[ \\-]?\\d{2}[A-Z0-9]{2}(?:[ \\-]?[A-Z0-9]{4}){4}|RO\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?[A-Z0-9]{4}){4}|(?:PK|VG)\\d{2}[ \\-]?[A-Z0-9]{4}(?:[ \\-]?\\d{4}){4}|AD\\d{2}(?:[ \\-]?\\d{4}){2}(?:[ \\-]?[A-Z0-9]{4}){3}|(?:CZ|SK|ES|SE|TN)\\d{2}(?:[ \\-]?\\d{4}){5}|(?:LY|PT|ST)\\d{2}(?:[ \\-]?\\d{4}){5}[ \\-]?\\d|TR\\d{2}[ \\-]?\\d{4}[ \\-]?\\d[A-Z0-9]{3}(?:[ \\-]?[A-Z0-9]{4}){3}[ \\-]?[A-Z0-9]{2}|IS\\d{2}(?:[ \\-]?\\d{4}){5}[ \\-]?\\d{2}|(?:IT|SM)\\d{2}[ \\-]?[A-Z]\\d{3}[ \\-]?\\d{4}[ \\-]?\\d{3}[A-Z0-9](?:[ \\-]?[A-Z0-9]{4}){2}[ \\-]?[A-Z0-9]{3}|GR\\d{2}[ \\-]?\\d{4}[ \\-]?\\d{3}[A-Z0-9](?:[ \\-]?[A-Z0-9]{4}){3}[A-Z0-9]{3}|(?:FR|MC)\\d{2}(?:[ \\-]?\\d{4}){2}[ \\-]?\\d{2}[A-Z0-9]{2}(?:[ \\-]?[A-Z0-9]{4}){2}[ \\-]?[A-Z0-9]\\d{2}|MR\\d{2}(?:[ \\-]?\\d{4}){5}[ \\-]?\\d{3}|(?:SV|DO)\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?\\d{4}){5}|BY\\d{2}[ \\-]?[A-Z]{4}[ \\-]?\\d{4}(?:[ \\-]?[A-Z0-9]{4}){4}|GT\\d{2}(?:[ \\-]?[A-Z0-9]{4}){6}|AZ\\d{2}[ \\-]?[A-Z0-9]{4}(?:[ \\-]?\\d{5}){4}|LB\\d{2}[ \\-]?\\d{4}(?:[ \\-]?[A-Z0-9]{5}){4}|(?:AL|CY)\\d{2}(?:[ \\-]?\\d{4}){2}(?:[ \\-]?[A-Z0-9]{4}){4}|(?:HU|PL)\\d{2}(?:[ \\-]?\\d{4}){6}|QA\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?[A-Z0-9]{4}){5}[ \\-]?[A-Z0-9]|PS\\d{2}[ \\-]?[A-Z0-9]{4}(?:[ \\-]?\\d{4}){5}[ \\-]?\\d|UA\\d{2}[ \\-]?\\d{4}[ \\-]?\\d{2}[A-Z0-9]{2}(?:[ \\-]?[A-Z0-9]{4}){4}[ \\-]?[A-Z0-9]|BR\\d{2}(?:[ \\-]?\\d{4}){5}[ \\-]?\\d{3}[A-Z0-9][ \\-]?[A-Z0-9]|EG\\d{2}(?:[ \\-]?\\d{4}){6}\\d|MU\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?\\d{4}){4}\\d{3}[A-Z][ \\-]?[A-Z]{2}|(?:KW|JO)\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?[A-Z0-9]{4}){5}[ \\-]?[A-Z0-9]{2}|MT\\d{2}[ \\-]?[A-Z]{4}[ \\-]?\\d{4}[ \\-]?\\d[A-Z0-9]{3}(?:[ \\-]?[A-Z0-9]{3}){4}[ \\-]?[A-Z0-9]{3}|SC\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?\\d{4}){5}[ \\-]?[A-Z]{3}|LC\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?[A-Z0-9]{4}){6})\\b",
8830
+ "options": {
8831
+ "case_sensitive": false,
8832
+ "min_length": 15
8833
+ }
8834
+ }
8835
+ },
8836
+ "tags": {
8837
+ "type": "iban",
8838
+ "category": "payment"
8839
+ }
8840
+ },
8841
+ {
8842
+ "id": "h6WJcecQTwqvN9KeEtwDvg",
8843
+ "name": "JCB Card Scanner (1x16 digits)",
8844
+ "key": {
8845
+ "operator": "match_regex",
8846
+ "parameters": {
8847
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8848
+ "options": {
8849
+ "case_sensitive": false,
8850
+ "min_length": 3
8851
+ }
8852
+ }
8853
+ },
8854
+ "value": {
8855
+ "operator": "match_regex",
8856
+ "parameters": {
8857
+ "regex": "\\b35(?:2[89]|[3-9][0-9])(?:\\d{12})\\b",
8858
+ "options": {
8859
+ "case_sensitive": false,
8860
+ "min_length": 16
8861
+ }
8862
+ }
8863
+ },
8864
+ "tags": {
8865
+ "type": "card",
8866
+ "card_type": "jcb",
8867
+ "category": "payment"
8868
+ }
8869
+ },
8870
+ {
8871
+ "id": "gcEaMu_VSJ2-bGCEkgyC0w",
8872
+ "name": "JCB Card Scanner (2x8 digits)",
8873
+ "key": {
8874
+ "operator": "match_regex",
8875
+ "parameters": {
8876
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8877
+ "options": {
8878
+ "case_sensitive": false,
8879
+ "min_length": 3
8880
+ }
8881
+ }
8882
+ },
8883
+ "value": {
8884
+ "operator": "match_regex",
8885
+ "parameters": {
8886
+ "regex": "\\b35(?:2[89]|[3-9][0-9])\\d{4}(?:(?:,\\d{8})|(?:-\\d{8})|(?:\\s\\d{8})|(?:\\.\\d{8}))\\b",
8887
+ "options": {
8888
+ "case_sensitive": false,
8889
+ "min_length": 17
8890
+ }
8891
+ }
8892
+ },
8893
+ "tags": {
8894
+ "type": "card",
8895
+ "card_type": "jcb",
8896
+ "category": "payment"
8897
+ }
8898
+ },
8899
+ {
8900
+ "id": "imTliuhXT5GAeRNhqChXQQ",
8901
+ "name": "JCB Card Scanner (4x4 digits)",
8902
+ "key": {
8903
+ "operator": "match_regex",
8904
+ "parameters": {
8905
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8906
+ "options": {
8907
+ "case_sensitive": false,
8908
+ "min_length": 3
8909
+ }
8910
+ }
8911
+ },
8912
+ "value": {
8913
+ "operator": "match_regex",
8914
+ "parameters": {
8915
+ "regex": "\\b35(?:2[89]|[3-9][0-9])(?:(?:\\s\\d{4}){3}|(?:\\.\\d{4}){3}|(?:-\\d{4}){3}|(?:,\\d{4}){3})\\b",
8916
+ "options": {
8917
+ "case_sensitive": false,
8918
+ "min_length": 16
8919
+ }
8920
+ }
8921
+ },
8922
+ "tags": {
8923
+ "type": "card",
8924
+ "card_type": "jcb",
8925
+ "category": "payment"
8926
+ }
8927
+ },
8928
+ {
8929
+ "id": "9osY3xc9Q7ONAV0zw9Uz4A",
8930
+ "name": "JSON Web Token",
8931
+ "value": {
8932
+ "operator": "match_regex",
8933
+ "parameters": {
8934
+ "regex": "\\bey[I-L][\\w=-]+\\.ey[I-L][\\w=-]+(\\.[\\w.+\\/=-]+)?\\b",
8935
+ "options": {
8936
+ "case_sensitive": false,
8937
+ "min_length": 20
8938
+ }
8939
+ }
8940
+ },
8941
+ "tags": {
8942
+ "type": "json_web_token",
8943
+ "category": "credentials"
8944
+ }
8945
+ },
8946
+ {
8947
+ "id": "d1Q9D3YMRxuVKf6CZInJPw",
8948
+ "name": "Maestro Card Scanner (1x16 digits)",
8949
+ "key": {
8950
+ "operator": "match_regex",
8951
+ "parameters": {
8952
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8953
+ "options": {
8954
+ "case_sensitive": false,
8955
+ "min_length": 3
8956
+ }
8957
+ }
8958
+ },
8959
+ "value": {
8960
+ "operator": "match_regex",
8961
+ "parameters": {
8962
+ "regex": "\\b(?:5[06-9]\\d{2}|6\\d{3})(?:\\d{12})\\b",
8963
+ "options": {
8964
+ "case_sensitive": false,
8965
+ "min_length": 16
8966
+ }
8967
+ }
8968
+ },
8969
+ "tags": {
8970
+ "type": "card",
8971
+ "card_type": "maestro",
8972
+ "category": "payment"
8973
+ }
8974
+ },
8975
+ {
8976
+ "id": "M3YIQKKjRVmoeQuM3pjzrw",
8977
+ "name": "Maestro Card Scanner (2x8 digits)",
8978
+ "key": {
8979
+ "operator": "match_regex",
8980
+ "parameters": {
8981
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8982
+ "options": {
8983
+ "case_sensitive": false,
8984
+ "min_length": 3
8985
+ }
8986
+ }
8987
+ },
8988
+ "value": {
8989
+ "operator": "match_regex",
8990
+ "parameters": {
8991
+ "regex": "\\b(?:5[06-9]\\d{6}|6\\d{7})(?:\\s\\d{8}|\\.\\d{8}|-\\d{8}|,\\d{8})\\b",
8992
+ "options": {
8993
+ "case_sensitive": false,
8994
+ "min_length": 17
8995
+ }
8996
+ }
8997
+ },
8998
+ "tags": {
8999
+ "type": "card",
9000
+ "card_type": "maestro",
9001
+ "category": "payment"
9002
+ }
9003
+ },
9004
+ {
9005
+ "id": "hRxiQBlSSVKcjh5U7LZYLA",
9006
+ "name": "Maestro Card Scanner (4x4 digits)",
9007
+ "key": {
9008
+ "operator": "match_regex",
9009
+ "parameters": {
9010
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
9011
+ "options": {
9012
+ "case_sensitive": false,
9013
+ "min_length": 3
9014
+ }
9015
+ }
9016
+ },
9017
+ "value": {
9018
+ "operator": "match_regex",
9019
+ "parameters": {
9020
+ "regex": "\\b(?:5[06-9]\\d{2}|6\\d{3})(?:(?:\\s\\d{4}){3}|(?:\\.\\d{4}){3}|(?:-\\d{4}){3}|(?:,\\d{4}){3})\\b",
9021
+ "options": {
9022
+ "case_sensitive": false,
9023
+ "min_length": 16
9024
+ }
9025
+ }
9026
+ },
9027
+ "tags": {
9028
+ "type": "card",
9029
+ "card_type": "maestro",
9030
+ "category": "payment"
9031
+ }
9032
+ },
9033
+ {
9034
+ "id": "NwhIYNS4STqZys37WlaIKA",
9035
+ "name": "MasterCard Scanner (2x8 digits)",
9036
+ "key": {
9037
+ "operator": "match_regex",
9038
+ "parameters": {
9039
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
9040
+ "options": {
9041
+ "case_sensitive": false,
9042
+ "min_length": 3
9043
+ }
9044
+ }
9045
+ },
9046
+ "value": {
9047
+ "operator": "match_regex",
9048
+ "parameters": {
9049
+ "regex": "\\b(?:(?:5[1-5]\\d{2})|(?:222[1-9])|(?:22[3-9]\\d)|(?:2[3-6]\\d{2})|(?:27[0-1]\\d)|(?:2720))(?:(?:\\d{4}(?:(?:,\\d{8})|(?:-\\d{8})|(?:\\s\\d{8})|(?:\\.\\d{8}))))\\b",
9050
+ "options": {
9051
+ "case_sensitive": false,
9052
+ "min_length": 16
9053
+ }
9054
+ }
9055
+ },
9056
+ "tags": {
9057
+ "type": "card",
9058
+ "card_type": "mastercard",
9059
+ "category": "payment"
9060
+ }
9061
+ },
9062
+ {
9063
+ "id": "axxJkyjhRTOuhjwlsA35Vw",
9064
+ "name": "MasterCard Scanner (4x4 digits)",
9065
+ "key": {
9066
+ "operator": "match_regex",
9067
+ "parameters": {
9068
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
9069
+ "options": {
9070
+ "case_sensitive": false,
9071
+ "min_length": 3
9072
+ }
9073
+ }
9074
+ },
9075
+ "value": {
9076
+ "operator": "match_regex",
9077
+ "parameters": {
9078
+ "regex": "\\b(?:(?:5[1-5]\\d{2})|(?:222[1-9])|(?:22[3-9]\\d)|(?:2[3-6]\\d{2})|(?:27[0-1]\\d)|(?:2720))(?:(?:\\s\\d{4}){3}|(?:\\.\\d{4}){3}|(?:-\\d{4}){3}|(?:,\\d{4}){3})\\b",
9079
+ "options": {
9080
+ "case_sensitive": false,
9081
+ "min_length": 16
9082
+ }
9083
+ }
9084
+ },
9085
+ "tags": {
9086
+ "type": "card",
9087
+ "card_type": "mastercard",
9088
+ "category": "payment"
9089
+ }
9090
+ },
9091
+ {
9092
+ "id": "76EhmoK3TPqJcpM-fK0pLw",
9093
+ "name": "MasterCard Scanner (1x16 digits)",
9094
+ "key": {
9095
+ "operator": "match_regex",
9096
+ "parameters": {
9097
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
9098
+ "options": {
9099
+ "case_sensitive": false,
9100
+ "min_length": 3
9101
+ }
9102
+ }
9103
+ },
9104
+ "value": {
9105
+ "operator": "match_regex",
9106
+ "parameters": {
9107
+ "regex": "\\b(?:(?:5[1-5]\\d{2})|(?:222[1-9])|(?:22[3-9]\\d)|(?:2[3-6]\\d{2})|(?:27[0-1]\\d)|(?:2720))(?:\\d{12})\\b",
9108
+ "options": {
9109
+ "case_sensitive": false,
9110
+ "min_length": 16
9111
+ }
9112
+ }
9113
+ },
9114
+ "tags": {
9115
+ "type": "card",
9116
+ "card_type": "mastercard",
9117
+ "category": "payment"
9118
+ }
9119
+ },
9120
+ {
9121
+ "id": "de0899e0cbaaa812bb624cf04c912071012f616d-mod",
9122
+ "name": "UK National Insurance Number Scanner",
9123
+ "key": {
9124
+ "operator": "match_regex",
9125
+ "parameters": {
9126
+ "regex": "^nin$|\\binsurance\\b",
9127
+ "options": {
9128
+ "case_sensitive": false,
9129
+ "min_length": 3
9130
+ }
9131
+ }
9132
+ },
9133
+ "value": {
9134
+ "operator": "match_regex",
9135
+ "parameters": {
9136
+ "regex": "\\b[A-Z]{2}[\\s-]?\\d{6}[\\s-]?[A-Z]?\\b",
9137
+ "options": {
9138
+ "case_sensitive": false,
9139
+ "min_length": 8
9140
+ }
9141
+ }
9142
+ },
9143
+ "tags": {
9144
+ "type": "uk_nin",
9145
+ "category": "pii"
9146
+ }
9147
+ },
9148
+ {
9149
+ "id": "d962f7ddb3f55041e39195a60ff79d4814a7c331",
9150
+ "name": "US Passport Scanner",
9151
+ "key": {
9152
+ "operator": "match_regex",
9153
+ "parameters": {
9154
+ "regex": "\\bpassport\\b",
9155
+ "options": {
9156
+ "case_sensitive": false,
9157
+ "min_length": 8
9158
+ }
9159
+ }
9160
+ },
9161
+ "value": {
9162
+ "operator": "match_regex",
9163
+ "parameters": {
9164
+ "regex": "\\b[0-9A-Z]{9}\\b|\\b[0-9]{6}[A-Z][0-9]{2}\\b",
9165
+ "options": {
9166
+ "case_sensitive": false,
9167
+ "min_length": 8
9168
+ }
9169
+ }
9170
+ },
9171
+ "tags": {
9172
+ "type": "passport_number",
9173
+ "category": "pii"
9174
+ }
9175
+ },
9176
+ {
9177
+ "id": "7771fc3b-b205-4b93-bcef-28608c5c1b54",
9178
+ "name": "United States Social Security Number Scanner",
9179
+ "key": {
9180
+ "operator": "match_regex",
9181
+ "parameters": {
9182
+ "regex": "\\b(?:SSN|(?:(?:social)?[\\s_]?(?:security)?[\\s_]?(?:number)?)?)\\b",
9183
+ "options": {
9184
+ "case_sensitive": false,
9185
+ "min_length": 3
9186
+ }
9187
+ }
9188
+ },
9189
+ "value": {
9190
+ "operator": "match_regex",
9191
+ "parameters": {
9192
+ "regex": "\\b\\d{3}[-\\s\\.]{1}\\d{2}[-\\s\\.]{1}\\d{4}\\b",
9193
+ "options": {
9194
+ "case_sensitive": false,
9195
+ "min_length": 11
9196
+ }
9197
+ }
9198
+ },
9199
+ "tags": {
9200
+ "type": "us_ssn",
9201
+ "category": "pii"
9202
+ }
9203
+ },
9204
+ {
9205
+ "id": "ac6d683cbac77f6e399a14990793dd8fd0fca333",
9206
+ "name": "US Vehicle Identification Number Scanner",
9207
+ "key": {
9208
+ "operator": "match_regex",
9209
+ "parameters": {
9210
+ "regex": "\\b(?:vehicle[_\\s-]*identification[_\\s-]*number|vin)\\b",
9211
+ "options": {
9212
+ "case_sensitive": false,
9213
+ "min_length": 3
9214
+ }
9215
+ }
9216
+ },
9217
+ "value": {
9218
+ "operator": "match_regex",
9219
+ "parameters": {
9220
+ "regex": "\\b[A-HJ-NPR-Z0-9]{17}\\b",
9221
+ "options": {
9222
+ "case_sensitive": false,
9223
+ "min_length": 17
9224
+ }
9225
+ }
9226
+ },
9227
+ "tags": {
9228
+ "type": "vin",
9229
+ "category": "pii"
9230
+ }
9231
+ },
9232
+ {
9233
+ "id": "wJIgOygRQhKkR69b_9XbRQ",
9234
+ "name": "Visa Card Scanner (2x8 digits)",
9235
+ "key": {
9236
+ "operator": "match_regex",
9237
+ "parameters": {
9238
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
9239
+ "options": {
9240
+ "case_sensitive": false,
9241
+ "min_length": 3
9242
+ }
9243
+ }
9244
+ },
9245
+ "value": {
9246
+ "operator": "match_regex",
9247
+ "parameters": {
9248
+ "regex": "\\b4\\d{3}(?:(?:\\d{4}(?:(?:,\\d{8})|(?:-\\d{8})|(?:\\s\\d{8})|(?:\\.\\d{8}))))\\b",
9249
+ "options": {
9250
+ "case_sensitive": false,
9251
+ "min_length": 16
9252
+ }
9253
+ }
9254
+ },
9255
+ "tags": {
9256
+ "type": "card",
9257
+ "card_type": "visa",
9258
+ "category": "payment"
9259
+ }
9260
+ },
9261
+ {
9262
+ "id": "0o71SJxXQNK7Q6gMbBesFQ",
9263
+ "name": "Visa Card Scanner (4x4 digits)",
9264
+ "key": {
9265
+ "operator": "match_regex",
9266
+ "parameters": {
9267
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
9268
+ "options": {
9269
+ "case_sensitive": false,
9270
+ "min_length": 3
9271
+ }
9272
+ }
9273
+ },
9274
+ "value": {
9275
+ "operator": "match_regex",
9276
+ "parameters": {
9277
+ "regex": "\\b4\\d{3}(?:(?:,\\d{4}){3}|(?:\\s\\d{4}){3}|(?:\\.\\d{4}){3}|(?:-\\d{4}){3})\\b",
9278
+ "options": {
9279
+ "case_sensitive": false,
9280
+ "min_length": 16
9281
+ }
9282
+ }
9283
+ },
9284
+ "tags": {
9285
+ "type": "card",
9286
+ "card_type": "visa",
9287
+ "category": "payment"
9288
+ }
9289
+ },
9290
+ {
9291
+ "id": "QrHD6AfgQm6z-j0wStxTvA",
9292
+ "name": "Visa Card Scanner (1x15 & 1x16 & 1x19 digits)",
9293
+ "key": {
9294
+ "operator": "match_regex",
9295
+ "parameters": {
9296
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
9297
+ "options": {
9298
+ "case_sensitive": false,
9299
+ "min_length": 3
9300
+ }
9301
+ }
9302
+ },
9303
+ "value": {
9304
+ "operator": "match_regex",
9305
+ "parameters": {
9306
+ "regex": "4[0-9]{12}(?:[0-9]{3})?",
9307
+ "options": {
9308
+ "case_sensitive": false,
9309
+ "min_length": 13
9310
+ }
9311
+ }
9312
+ },
9313
+ "tags": {
9314
+ "type": "card",
9315
+ "card_type": "visa",
9316
+ "category": "payment"
9317
+ }
9318
+ }
7702
9319
  ]
7703
- }
9320
+ }