dd-trace 4.18.0 → 5.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (209) hide show
  1. package/CONTRIBUTING.md +98 -0
  2. package/LICENSE-3rdparty.csv +4 -5
  3. package/MIGRATING.md +15 -0
  4. package/README.md +20 -140
  5. package/ci/cypress/after-run.js +1 -0
  6. package/ci/cypress/after-spec.js +1 -0
  7. package/ci/init.js +1 -4
  8. package/ext/kinds.d.ts +1 -0
  9. package/ext/kinds.js +2 -1
  10. package/ext/tags.d.ts +2 -1
  11. package/ext/tags.js +6 -1
  12. package/index.d.ts +1523 -1460
  13. package/package.json +19 -19
  14. package/packages/datadog-core/src/storage/async_resource.js +1 -1
  15. package/packages/datadog-core/src/utils/src/get.js +11 -0
  16. package/packages/datadog-core/src/utils/src/has.js +14 -0
  17. package/packages/datadog-core/src/utils/src/kebabcase.js +16 -0
  18. package/packages/datadog-core/src/utils/src/pick.js +11 -0
  19. package/packages/datadog-core/src/utils/src/set.js +16 -0
  20. package/packages/datadog-core/src/utils/src/uniq.js +5 -0
  21. package/packages/datadog-esbuild/index.js +1 -20
  22. package/packages/datadog-instrumentations/src/aerospike.js +47 -0
  23. package/packages/datadog-instrumentations/src/amqplib.js +2 -2
  24. package/packages/datadog-instrumentations/src/apollo-server-core.js +41 -0
  25. package/packages/datadog-instrumentations/src/apollo-server.js +83 -0
  26. package/packages/datadog-instrumentations/src/child_process.js +150 -0
  27. package/packages/datadog-instrumentations/src/couchbase.js +5 -4
  28. package/packages/datadog-instrumentations/src/crypto.js +2 -1
  29. package/packages/datadog-instrumentations/src/cucumber.js +163 -46
  30. package/packages/datadog-instrumentations/src/dns.js +2 -1
  31. package/packages/datadog-instrumentations/src/express.js +20 -0
  32. package/packages/datadog-instrumentations/src/graphql.js +18 -4
  33. package/packages/datadog-instrumentations/src/grpc/client.js +56 -36
  34. package/packages/datadog-instrumentations/src/grpc/server.js +3 -1
  35. package/packages/datadog-instrumentations/src/helpers/bundler-register.js +1 -2
  36. package/packages/datadog-instrumentations/src/helpers/hooks.js +12 -3
  37. package/packages/datadog-instrumentations/src/helpers/instrument.js +9 -4
  38. package/packages/datadog-instrumentations/src/helpers/register.js +19 -3
  39. package/packages/datadog-instrumentations/src/http/client.js +12 -2
  40. package/packages/datadog-instrumentations/src/http/server.js +7 -4
  41. package/packages/datadog-instrumentations/src/http2/client.js +3 -1
  42. package/packages/datadog-instrumentations/src/http2/server.js +3 -1
  43. package/packages/datadog-instrumentations/src/jest.js +239 -52
  44. package/packages/datadog-instrumentations/src/kafkajs.js +27 -0
  45. package/packages/datadog-instrumentations/src/mocha.js +154 -18
  46. package/packages/datadog-instrumentations/src/mongodb-core.js +34 -3
  47. package/packages/datadog-instrumentations/src/mongoose.js +23 -10
  48. package/packages/datadog-instrumentations/src/mquery.js +65 -0
  49. package/packages/datadog-instrumentations/src/net.js +10 -2
  50. package/packages/datadog-instrumentations/src/next.js +35 -9
  51. package/packages/datadog-instrumentations/src/playwright.js +110 -16
  52. package/packages/datadog-instrumentations/src/restify.js +14 -1
  53. package/packages/datadog-instrumentations/src/rhea.js +15 -9
  54. package/packages/datadog-plugin-aerospike/src/index.js +113 -0
  55. package/packages/datadog-plugin-amqplib/src/consumer.js +14 -1
  56. package/packages/datadog-plugin-amqplib/src/producer.js +13 -1
  57. package/packages/datadog-plugin-aws-sdk/src/base.js +3 -2
  58. package/packages/datadog-plugin-aws-sdk/src/services/kinesis.js +163 -27
  59. package/packages/datadog-plugin-aws-sdk/src/services/sns.js +46 -8
  60. package/packages/datadog-plugin-aws-sdk/src/services/sqs.js +129 -22
  61. package/packages/datadog-plugin-child_process/src/index.js +91 -0
  62. package/packages/datadog-plugin-child_process/src/scrub-cmd-params.js +125 -0
  63. package/packages/datadog-plugin-cucumber/src/index.js +70 -13
  64. package/packages/datadog-plugin-cypress/src/after-run.js +3 -0
  65. package/packages/datadog-plugin-cypress/src/after-spec.js +3 -0
  66. package/packages/datadog-plugin-cypress/src/cypress-plugin.js +625 -0
  67. package/packages/datadog-plugin-cypress/src/plugin.js +6 -454
  68. package/packages/datadog-plugin-cypress/src/support.js +50 -3
  69. package/packages/datadog-plugin-google-cloud-pubsub/src/consumer.js +2 -0
  70. package/packages/datadog-plugin-graphql/src/index.js +1 -6
  71. package/packages/datadog-plugin-graphql/src/resolve.js +28 -18
  72. package/packages/datadog-plugin-grpc/src/client.js +16 -2
  73. package/packages/datadog-plugin-grpc/src/util.js +1 -1
  74. package/packages/datadog-plugin-http/src/client.js +19 -2
  75. package/packages/datadog-plugin-jest/src/index.js +118 -12
  76. package/packages/datadog-plugin-jest/src/util.js +38 -16
  77. package/packages/datadog-plugin-kafkajs/src/consumer.js +76 -6
  78. package/packages/datadog-plugin-kafkajs/src/producer.js +64 -8
  79. package/packages/datadog-plugin-mocha/src/index.js +87 -17
  80. package/packages/datadog-plugin-next/src/index.js +40 -14
  81. package/packages/datadog-plugin-playwright/src/index.js +71 -8
  82. package/packages/datadog-plugin-rhea/src/consumer.js +16 -1
  83. package/packages/datadog-plugin-rhea/src/producer.js +10 -0
  84. package/packages/dd-trace/src/appsec/activation.js +29 -0
  85. package/packages/dd-trace/src/appsec/addresses.js +5 -1
  86. package/packages/dd-trace/src/appsec/api_security_sampler.js +61 -0
  87. package/packages/dd-trace/src/appsec/blocked_templates.js +4 -1
  88. package/packages/dd-trace/src/appsec/blocking.js +95 -43
  89. package/packages/dd-trace/src/appsec/channels.js +7 -3
  90. package/packages/dd-trace/src/appsec/graphql.js +146 -0
  91. package/packages/dd-trace/src/appsec/iast/analyzers/analyzers.js +2 -0
  92. package/packages/dd-trace/src/appsec/iast/analyzers/command-injection-analyzer.js +1 -1
  93. package/packages/dd-trace/src/appsec/iast/analyzers/header-injection-analyzer.js +105 -0
  94. package/packages/dd-trace/src/appsec/iast/analyzers/nosql-injection-mongodb-analyzer.js +22 -17
  95. package/packages/dd-trace/src/appsec/iast/analyzers/sql-injection-analyzer.js +7 -28
  96. package/packages/dd-trace/src/appsec/iast/analyzers/vulnerability-analyzer.js +10 -6
  97. package/packages/dd-trace/src/appsec/iast/analyzers/weak-randomness-analyzer.js +19 -0
  98. package/packages/dd-trace/src/appsec/iast/context/context-plugin.js +90 -0
  99. package/packages/dd-trace/src/appsec/iast/context/kafka-ctx-plugin.js +14 -0
  100. package/packages/dd-trace/src/appsec/iast/iast-log.js +1 -1
  101. package/packages/dd-trace/src/appsec/iast/iast-plugin.js +13 -2
  102. package/packages/dd-trace/src/appsec/iast/index.js +15 -5
  103. package/packages/dd-trace/src/appsec/iast/overhead-controller.js +1 -1
  104. package/packages/dd-trace/src/appsec/iast/path-line.js +1 -1
  105. package/packages/dd-trace/src/appsec/iast/taint-tracking/csi-methods.js +2 -0
  106. package/packages/dd-trace/src/appsec/iast/taint-tracking/index.js +10 -0
  107. package/packages/dd-trace/src/appsec/iast/taint-tracking/operations-taint-object.js +53 -0
  108. package/packages/dd-trace/src/appsec/iast/taint-tracking/operations.js +10 -46
  109. package/packages/dd-trace/src/appsec/iast/taint-tracking/plugin.js +13 -9
  110. package/packages/dd-trace/src/appsec/iast/taint-tracking/plugins/kafka.js +47 -0
  111. package/packages/dd-trace/src/appsec/iast/taint-tracking/rewriter.js +19 -6
  112. package/packages/dd-trace/src/appsec/iast/taint-tracking/source-types.js +3 -1
  113. package/packages/dd-trace/src/appsec/iast/taint-tracking/taint-tracking-impl.js +41 -3
  114. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/constants.js +7 -0
  115. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/command-sensitive-analyzer.js +12 -19
  116. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/header-sensitive-analyzer.js +20 -0
  117. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/json-sensitive-analyzer.js +6 -10
  118. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/ldap-sensitive-analyzer.js +18 -25
  119. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/sql-sensitive-analyzer.js +79 -85
  120. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-analyzers/url-sensitive-analyzer.js +27 -36
  121. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/evidence-redaction/sensitive-handler.js +14 -11
  122. package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/utils.js +1 -1
  123. package/packages/dd-trace/src/appsec/iast/vulnerabilities.js +2 -0
  124. package/packages/dd-trace/src/appsec/index.js +49 -33
  125. package/packages/dd-trace/src/appsec/recommended.json +1763 -106
  126. package/packages/dd-trace/src/appsec/remote_config/capabilities.js +7 -1
  127. package/packages/dd-trace/src/appsec/remote_config/index.js +42 -16
  128. package/packages/dd-trace/src/appsec/remote_config/manager.js +9 -8
  129. package/packages/dd-trace/src/appsec/reporter.js +51 -34
  130. package/packages/dd-trace/src/appsec/rule_manager.js +11 -8
  131. package/packages/dd-trace/src/appsec/sdk/user_blocking.js +1 -1
  132. package/packages/dd-trace/src/appsec/waf/waf_context_wrapper.js +28 -13
  133. package/packages/dd-trace/src/appsec/waf/waf_manager.js +0 -1
  134. package/packages/dd-trace/src/ci-visibility/{intelligent-test-runner/get-itr-configuration.js → early-flake-detection/get-known-tests.js} +17 -22
  135. package/packages/dd-trace/src/ci-visibility/exporters/agent-proxy/index.js +25 -6
  136. package/packages/dd-trace/src/ci-visibility/exporters/agentless/coverage-writer.js +30 -1
  137. package/packages/dd-trace/src/ci-visibility/exporters/agentless/index.js +2 -0
  138. package/packages/dd-trace/src/ci-visibility/exporters/agentless/writer.js +30 -1
  139. package/packages/dd-trace/src/ci-visibility/exporters/ci-visibility-exporter.js +95 -37
  140. package/packages/dd-trace/src/ci-visibility/exporters/git/git_metadata.js +134 -61
  141. package/packages/dd-trace/src/ci-visibility/intelligent-test-runner/get-skippable-suites.js +37 -4
  142. package/packages/dd-trace/src/ci-visibility/requests/get-library-configuration.js +131 -0
  143. package/packages/dd-trace/src/ci-visibility/telemetry.js +130 -0
  144. package/packages/dd-trace/src/config.js +561 -470
  145. package/packages/dd-trace/src/data_streams_context.js +1 -1
  146. package/packages/dd-trace/src/datastreams/pathway.js +58 -1
  147. package/packages/dd-trace/src/datastreams/processor.js +196 -27
  148. package/packages/dd-trace/src/datastreams/writer.js +11 -5
  149. package/packages/dd-trace/src/dogstatsd.js +3 -5
  150. package/packages/dd-trace/src/encode/agentless-ci-visibility.js +44 -6
  151. package/packages/dd-trace/src/encode/coverage-ci-visibility.js +14 -0
  152. package/packages/dd-trace/src/exporters/common/agent-info-exporter.js +4 -0
  153. package/packages/dd-trace/src/exporters/common/form-data.js +4 -0
  154. package/packages/dd-trace/src/exporters/common/request.js +21 -3
  155. package/packages/dd-trace/src/format.js +30 -2
  156. package/packages/dd-trace/src/id.js +12 -0
  157. package/packages/dd-trace/src/iitm.js +1 -1
  158. package/packages/dd-trace/src/log/channels.js +1 -1
  159. package/packages/dd-trace/src/noop/proxy.js +4 -0
  160. package/packages/dd-trace/src/noop/span.js +1 -0
  161. package/packages/dd-trace/src/opentelemetry/span.js +104 -4
  162. package/packages/dd-trace/src/opentelemetry/tracer.js +9 -10
  163. package/packages/dd-trace/src/opentracing/propagation/text_map.js +16 -7
  164. package/packages/dd-trace/src/opentracing/span.js +48 -4
  165. package/packages/dd-trace/src/opentracing/span_context.js +15 -6
  166. package/packages/dd-trace/src/opentracing/tracer.js +4 -3
  167. package/packages/dd-trace/src/plugin_manager.js +1 -1
  168. package/packages/dd-trace/src/plugins/ci_plugin.js +78 -19
  169. package/packages/dd-trace/src/plugins/database.js +1 -1
  170. package/packages/dd-trace/src/plugins/index.js +7 -0
  171. package/packages/dd-trace/src/plugins/plugin.js +1 -1
  172. package/packages/dd-trace/src/plugins/util/ci.js +6 -19
  173. package/packages/dd-trace/src/plugins/util/git.js +104 -22
  174. package/packages/dd-trace/src/plugins/util/ip_extractor.js +7 -6
  175. package/packages/dd-trace/src/plugins/util/test.js +60 -10
  176. package/packages/dd-trace/src/plugins/util/url.js +26 -0
  177. package/packages/dd-trace/src/plugins/util/user-provided-git.js +4 -16
  178. package/packages/dd-trace/src/plugins/util/web.js +1 -1
  179. package/packages/dd-trace/src/priority_sampler.js +30 -38
  180. package/packages/dd-trace/src/profiler.js +5 -3
  181. package/packages/dd-trace/src/profiling/config.js +77 -24
  182. package/packages/dd-trace/src/profiling/exporters/agent.js +77 -31
  183. package/packages/dd-trace/src/profiling/exporters/file.js +2 -1
  184. package/packages/dd-trace/src/profiling/profiler.js +33 -22
  185. package/packages/dd-trace/src/profiling/profilers/events.js +270 -0
  186. package/packages/dd-trace/src/profiling/profilers/shared.js +45 -0
  187. package/packages/dd-trace/src/profiling/profilers/space.js +18 -2
  188. package/packages/dd-trace/src/profiling/profilers/wall.js +146 -70
  189. package/packages/dd-trace/src/proxy.js +56 -24
  190. package/packages/dd-trace/src/ritm.js +1 -1
  191. package/packages/dd-trace/src/sampling_rule.js +130 -0
  192. package/packages/dd-trace/src/service-naming/schemas/v0/storage.js +5 -0
  193. package/packages/dd-trace/src/service-naming/schemas/v1/storage.js +4 -0
  194. package/packages/dd-trace/src/span_processor.js +9 -1
  195. package/packages/dd-trace/src/span_sampler.js +6 -64
  196. package/packages/dd-trace/src/spanleak.js +98 -0
  197. package/packages/dd-trace/src/startup-log.js +7 -1
  198. package/packages/dd-trace/src/telemetry/dependencies.js +56 -10
  199. package/packages/dd-trace/src/telemetry/index.js +182 -53
  200. package/packages/dd-trace/src/telemetry/logs/index.js +2 -2
  201. package/packages/dd-trace/src/telemetry/send-data.js +65 -7
  202. package/packages/dd-trace/src/tracer.js +12 -5
  203. package/register.js +4 -0
  204. package/scripts/install_plugin_modules.js +11 -3
  205. package/scripts/st.js +105 -0
  206. package/packages/datadog-instrumentations/src/child-process.js +0 -30
  207. package/packages/dd-trace/src/plugins/util/exec.js +0 -13
  208. package/packages/diagnostics_channel/index.js +0 -3
  209. package/packages/diagnostics_channel/src/index.js +0 -121
package/packages/dd-trace/src/appsec/recommended.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": "2.2",
3
3
  "metadata": {
4
- "rules_version": "1.8.0"
4
+ "rules_version": "1.11.0"
5
5
  },
6
6
  "rules": [
7
7
  {
@@ -118,6 +118,9 @@
118
118
  },
119
119
  {
120
120
  "address": "graphql.server.all_resolvers"
121
+ },
122
+ {
123
+ "address": "graphql.server.resolver"
121
124
  }
122
125
  ],
123
126
  "list": [
@@ -138,7 +141,10 @@
138
141
  "appscan_fingerprint",
139
142
  "w00tw00t.at.isc.sans.dfind",
140
143
  "w00tw00t.at.blackhats.romanian.anti-sec"
141
- ]
144
+ ],
145
+ "options": {
146
+ "enforce_word_boundary": true
147
+ }
142
148
  },
143
149
  "operator": "phrase_match"
144
150
  }
@@ -346,6 +352,9 @@
346
352
  },
347
353
  {
348
354
  "address": "graphql.server.all_resolvers"
355
+ },
356
+ {
357
+ "address": "graphql.server.resolver"
349
358
  }
350
359
  ],
351
360
  "list": [
@@ -1772,7 +1781,10 @@
1772
1781
  "windows\\win.ini",
1773
1782
  "default\\ntuser.dat",
1774
1783
  "/var/run/secrets/kubernetes.io/serviceaccount"
1775
- ]
1784
+ ],
1785
+ "options": {
1786
+ "enforce_word_boundary": true
1787
+ }
1776
1788
  },
1777
1789
  "operator": "phrase_match"
1778
1790
  }
@@ -1839,6 +1851,9 @@
1839
1851
  },
1840
1852
  {
1841
1853
  "address": "graphql.server.all_resolvers"
1854
+ },
1855
+ {
1856
+ "address": "graphql.server.resolver"
1842
1857
  }
1843
1858
  ],
1844
1859
  "regex": "^(?i:file|ftps?)://.*?\\?+$",
@@ -1881,8 +1896,14 @@
1881
1896
  },
1882
1897
  {
1883
1898
  "address": "graphql.server.all_resolvers"
1899
+ },
1900
+ {
1901
+ "address": "graphql.server.resolver"
1884
1902
  }
1885
1903
  ],
1904
+ "options": {
1905
+ "enforce_word_boundary": true
1906
+ },
1886
1907
  "list": [
1887
1908
  "${cdpath}",
1888
1909
  "${dirstack}",
@@ -2391,6 +2412,9 @@
2391
2412
  },
2392
2413
  {
2393
2414
  "address": "graphql.server.all_resolvers"
2415
+ },
2416
+ {
2417
+ "address": "graphql.server.resolver"
2394
2418
  }
2395
2419
  ],
2396
2420
  "regex": "^\\(\\s*\\)\\s+{",
@@ -2456,7 +2480,10 @@
2456
2480
  "settings.local.php",
2457
2481
  "local.xml",
2458
2482
  ".env"
2459
- ]
2483
+ ],
2484
+ "options": {
2485
+ "enforce_word_boundary": true
2486
+ }
2460
2487
  },
2461
2488
  "operator": "phrase_match"
2462
2489
  }
@@ -2547,8 +2574,14 @@
2547
2574
  },
2548
2575
  {
2549
2576
  "address": "graphql.server.all_resolvers"
2577
+ },
2578
+ {
2579
+ "address": "graphql.server.resolver"
2550
2580
  }
2551
2581
  ],
2582
+ "options": {
2583
+ "enforce_word_boundary": true
2584
+ },
2552
2585
  "list": [
2553
2586
  "$globals",
2554
2587
  "$_cookie",
@@ -2608,6 +2641,9 @@
2608
2641
  },
2609
2642
  {
2610
2643
  "address": "graphql.server.all_resolvers"
2644
+ },
2645
+ {
2646
+ "address": "graphql.server.resolver"
2611
2647
  }
2612
2648
  ],
2613
2649
  "regex": "(?:HTTP_(?:ACCEPT(?:_(?:ENCODING|LANGUAGE|CHARSET))?|(?:X_FORWARDED_FO|REFERE)R|(?:USER_AGEN|HOS)T|CONNECTION|KEEP_ALIVE)|PATH_(?:TRANSLATED|INFO)|ORIG_PATH_INFO|QUERY_STRING|REQUEST_URI|AUTH_TYPE)",
@@ -2650,6 +2686,9 @@
2650
2686
  },
2651
2687
  {
2652
2688
  "address": "graphql.server.all_resolvers"
2689
+ },
2690
+ {
2691
+ "address": "graphql.server.resolver"
2653
2692
  }
2654
2693
  ],
2655
2694
  "regex": "php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)",
@@ -2691,6 +2730,9 @@
2691
2730
  },
2692
2731
  {
2693
2732
  "address": "graphql.server.all_resolvers"
2733
+ },
2734
+ {
2735
+ "address": "graphql.server.resolver"
2694
2736
  }
2695
2737
  ],
2696
2738
  "list": [
@@ -2738,7 +2780,10 @@
2738
2780
  "wp_safe_remote_post",
2739
2781
  "wp_safe_remote_request",
2740
2782
  "zlib_decode"
2741
- ]
2783
+ ],
2784
+ "options": {
2785
+ "enforce_word_boundary": true
2786
+ }
2742
2787
  },
2743
2788
  "operator": "phrase_match"
2744
2789
  }
@@ -2775,6 +2820,9 @@
2775
2820
  },
2776
2821
  {
2777
2822
  "address": "graphql.server.all_resolvers"
2823
+ },
2824
+ {
2825
+ "address": "graphql.server.resolver"
2778
2826
  }
2779
2827
  ],
2780
2828
  "regex": "\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create|socket_client)|ipc?slashes|rev)|implexml_load_(?:string|file)|ocket_c(?:onnect|reate)|h(?:ow_sourc|a1_fil)e|pl_autoload_register|ystem)|p(?:r(?:eg_(?:replace(?:_callback(?:_array)?)?|match(?:_all)?|split)|oc_(?:(?:terminat|clos|nic)e|get_status|open)|int_r)|o(?:six_(?:get(?:(?:e[gu]|g)id|login|pwnam)|mk(?:fifo|nod)|ttyname|kill)|pen)|hp(?:_(?:strip_whitespac|unam)e|version|info)|g_(?:(?:execut|prepar)e|connect|query)|a(?:rse_(?:ini_file|str)|ssthru)|utenv)|r(?:unkit_(?:function_(?:re(?:defin|nam)e|copy|add)|method_(?:re(?:defin|nam)e|copy|add)|constant_(?:redefine|add))|e(?:(?:gister_(?:shutdown|tick)|name)_function|ad(?:(?:gz)?file|_exif_data|dir))|awurl(?:de|en)code)|i(?:mage(?:createfrom(?:(?:jpe|pn)g|x[bp]m|wbmp|gif)|(?:jpe|pn)g|g(?:d2?|if)|2?wbmp|xbm)|s_(?:(?:(?:execut|write?|read)ab|fi)le|dir)|ni_(?:get(?:_all)?|set)|terator_apply|ptcembed)|g(?:et(?:_(?:c(?:urrent_use|fg_va)r|meta_tags)|my(?:[gpu]id|inode)|(?:lastmo|cw)d|imagesize|env)|z(?:(?:(?:defla|wri)t|encod|fil)e|compress|open|read)|lob)|a(?:rray_(?:u(?:intersect(?:_u?assoc)?|diff(?:_u?assoc)?)|intersect_u(?:assoc|key)|diff_u(?:assoc|key)|filter|reduce|map)|ssert(?:_options)?|tob)|h(?:tml(?:specialchars(?:_decode)?|_entity_decode|entities)|(?:ash(?:_(?:update|hmac))?|ighlight)_file|e(?:ader_register_callback|x2bin))|f(?:i(?:le(?:(?:[acm]tim|inod)e|(?:_exist|perm)s|group)?|nfo_open)|tp_(?:nb_(?:ge|pu)|connec|ge|pu)t|(?:unction_exis|pu)ts|write|open)|o(?:b_(?:get_(?:c(?:ontents|lean)|flush)|end_(?:clean|flush)|clean|flush|start)|dbc_(?:result(?:_all)?|exec(?:ute)?|connect)|pendir)|m(?:b_(?:ereg(?:_(?:replace(?:_callback)?|match)|i(?:_replace)?)?|parse_str)|(?:ove_uploaded|d5)_file|ethod_exists|ysql_query|kdir)|e(?:x(?:if_(?:t(?:humbnail|agname)|imagetype|read_data)|ec)|scapeshell(?:arg|cmd)|rror_reporting|val)|c(?:url_(?:file_create|exec|init)|onvert_uuencode|reate_function|hr)|u(?:n(?:serialize|pack)|rl(?:de|en)code|[ak]?sort)|b(?:(?:son_(?:de|en)|ase64_en)code|zopen|toa)|(?:json_(?:de|en)cod|debug_backtrac|tmpfil)e|var_dump)(?:\\s|/\\*.*\\*/|//.*|#.*|\\\"|')*\\((?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?,)*(?:(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:\\$\\w+|[A-Z\\d]\\w*|\\w+\\(.*\\)|\\\\?\"(?:[^\"]|\\\\\"|\"\"|\"\\+\")*\\\\?\"|\\\\?'(?:[^']|''|'\\+')*\\\\?')(?:\\s|/\\*.*\\*/|//.*|#.*)*(?:(?:::|\\.|->)(?:\\s|/\\*.*\\*/|//.*|#.*)*\\w+(?:\\(.*\\))?)?)?\\)",
@@ -2820,6 +2868,9 @@
2820
2868
  },
2821
2869
  {
2822
2870
  "address": "graphql.server.all_resolvers"
2871
+ },
2872
+ {
2873
+ "address": "graphql.server.resolver"
2823
2874
  }
2824
2875
  ],
2825
2876
  "regex": "[oOcC]:\\d+:\\\".+?\\\":\\d+:{[\\W\\w]*}",
@@ -2861,6 +2912,9 @@
2861
2912
  },
2862
2913
  {
2863
2914
  "address": "graphql.server.all_resolvers"
2915
+ },
2916
+ {
2917
+ "address": "graphql.server.resolver"
2864
2918
  }
2865
2919
  ],
2866
2920
  "regex": "(?:(?:bzip|ssh)2|z(?:lib|ip)|(?:ph|r)ar|expect|glob|ogg)://",
@@ -2904,6 +2958,9 @@
2904
2958
  },
2905
2959
  {
2906
2960
  "address": "graphql.server.all_resolvers"
2961
+ },
2962
+ {
2963
+ "address": "graphql.server.resolver"
2907
2964
  }
2908
2965
  ],
2909
2966
  "regex": "\\b(?:(?:l(?:(?:utimes|chmod)(?:Sync)?|(?:stat|ink)Sync)|w(?:rite(?:(?:File|v)(?:Sync)?|Sync)|atchFile)|u(?:n(?:watchFile|linkSync)|times(?:Sync)?)|s(?:(?:ymlink|tat)Sync|pawn(?:File|Sync))|ex(?:ec(?:File(?:Sync)?|Sync)|istsSync)|a(?:ppendFile|ccess)(?:Sync)?|(?:Caveat|Inode)s|open(?:dir)?Sync|new\\s+Function|Availability|\\beval)\\s*\\(|m(?:ain(?:Module\\s*(?:\\W*\\s*(?:constructor|require)|\\[)|\\s*(?:\\W*\\s*(?:constructor|require)|\\[))|kd(?:temp(?:Sync)?|irSync)\\s*\\(|odule\\.exports\\s*=)|c(?:(?:(?:h(?:mod|own)|lose)Sync|reate(?:Write|Read)Stream|p(?:Sync)?)\\s*\\(|o(?:nstructor\\s*(?:\\W*\\s*_load|\\[)|pyFile(?:Sync)?\\s*\\())|f(?:(?:(?:s(?:(?:yncS)?|tatS)|datas(?:yncS)?)ync|ch(?:mod|own)(?:Sync)?)\\s*\\(|u(?:nction\\s*\\(\\s*\\)\\s*{|times(?:Sync)?\\s*\\())|r(?:e(?:(?:ad(?:(?:File|link|dir)?Sync|v(?:Sync)?)|nameSync)\\s*\\(|quire\\s*(?:\\W*\\s*main|\\[))|m(?:Sync)?\\s*\\()|process\\s*(?:\\W*\\s*(?:mainModule|binding)|\\[)|t(?:his\\.constructor|runcateSync\\s*\\()|_(?:\\$\\$ND_FUNC\\$\\$_|_js_function)|global\\s*(?:\\W*\\s*process|\\[)|String\\s*\\.\\s*fromCharCode|binding\\s*\\[)",
@@ -2942,10 +2999,10 @@
2942
2999
  "address": "server.request.path_params"
2943
3000
  },
2944
3001
  {
2945
- "address": "grpc.server.request.message"
3002
+ "address": "graphql.server.all_resolvers"
2946
3003
  },
2947
3004
  {
2948
- "address": "graphql.server.all_resolvers"
3005
+ "address": "graphql.server.resolver"
2949
3006
  }
2950
3007
  ],
2951
3008
  "regex": "\\b(?:w(?:atch|rite)|(?:spaw|ope)n|exists|close|fork|read)\\s*\\(",
@@ -2996,14 +3053,15 @@
2996
3053
  "address": "server.request.path_params"
2997
3054
  },
2998
3055
  {
2999
- "address": "grpc.server.request.message"
3056
+ "address": "graphql.server.all_resolvers"
3000
3057
  },
3001
3058
  {
3002
- "address": "graphql.server.all_resolvers"
3059
+ "address": "graphql.server.resolver"
3003
3060
  }
3004
3061
  ],
3005
3062
  "regex": "<script[^>]*>[\\s\\S]*?",
3006
3063
  "options": {
3064
+ "case_sensitive": false,
3007
3065
  "min_length": 8
3008
3066
  }
3009
3067
  },
@@ -3056,6 +3114,9 @@
3056
3114
  },
3057
3115
  {
3058
3116
  "address": "graphql.server.all_resolvers"
3117
+ },
3118
+ {
3119
+ "address": "graphql.server.resolver"
3059
3120
  }
3060
3121
  ],
3061
3122
  "regex": "\\bon(?:d(?:r(?:ag(?:en(?:ter|d)|leave|start|over)?|op)|urationchange|blclick)|s(?:e(?:ek(?:ing|ed)|arch|lect)|u(?:spend|bmit)|talled|croll|how)|m(?:ouse(?:(?:lea|mo)ve|o(?:ver|ut)|enter|down|up)|essage)|p(?:a(?:ge(?:hide|show)|(?:st|us)e)|lay(?:ing)?|rogress|aste|ointer(?:cancel|down|enter|leave|move|out|over|rawupdate|up))|c(?:anplay(?:through)?|o(?:ntextmenu|py)|hange|lick|ut)|a(?:nimation(?:iteration|start|end)|(?:fterprin|bor)t|uxclick|fterscriptexecute)|t(?:o(?:uch(?:cancel|start|move|end)|ggle)|imeupdate)|f(?:ullscreen(?:change|error)|ocus(?:out|in)?|inish)|(?:(?:volume|hash)chang|o(?:ff|n)lin)e|b(?:efore(?:unload|print)|lur)|load(?:ed(?:meta)?data|start|end)?|r(?:es(?:ize|et)|atechange)|key(?:press|down|up)|w(?:aiting|heel)|in(?:valid|put)|e(?:nded|rror)|unload)[\\s\\x0B\\x09\\x0C\\x3B\\x2C\\x28\\x3B]*?=[^=]",
@@ -3112,6 +3173,9 @@
3112
3173
  },
3113
3174
  {
3114
3175
  "address": "graphql.server.all_resolvers"
3176
+ },
3177
+ {
3178
+ "address": "graphql.server.resolver"
3115
3179
  }
3116
3180
  ],
3117
3181
  "regex": "[a-z]+=(?:[^:=]+:.+;)*?[^:=]+:url\\(javascript",
@@ -3168,6 +3232,9 @@
3168
3232
  },
3169
3233
  {
3170
3234
  "address": "graphql.server.all_resolvers"
3235
+ },
3236
+ {
3237
+ "address": "graphql.server.resolver"
3171
3238
  }
3172
3239
  ],
3173
3240
  "regex": "(?:\\W|^)(?:javascript:(?:[\\s\\S]+[=\\x5c\\(\\[\\.<]|[\\s\\S]*?(?:\\bname\\b|\\x5c[ux]\\d)))|@\\W*?i\\W*?m\\W*?p\\W*?o\\W*?r\\W*?t\\W*?(?:/\\*[\\s\\S]*?)?(?:[\\\"']|\\W*?u\\W*?r\\W*?l[\\s\\S]*?\\()|[^-]*?-\\W*?m\\W*?o\\W*?z\\W*?-\\W*?b\\W*?i\\W*?n\\W*?d\\W*?i\\W*?n\\W*?g[^:]*?:\\W*?u\\W*?r\\W*?l[\\s\\S]*?\\(",
@@ -3211,8 +3278,14 @@
3211
3278
  },
3212
3279
  {
3213
3280
  "address": "graphql.server.all_resolvers"
3281
+ },
3282
+ {
3283
+ "address": "graphql.server.resolver"
3214
3284
  }
3215
3285
  ],
3286
+ "options": {
3287
+ "enforce_word_boundary": true
3288
+ },
3216
3289
  "list": [
3217
3290
  "document.cookie",
3218
3291
  "document.write",
@@ -3259,6 +3332,9 @@
3259
3332
  },
3260
3333
  {
3261
3334
  "address": "graphql.server.all_resolvers"
3335
+ },
3336
+ {
3337
+ "address": "graphql.server.resolver"
3262
3338
  }
3263
3339
  ],
3264
3340
  "regex": "(?i:<.*[:]?vmlframe.*?[\\s/+]*?src[\\s/+]*=)",
@@ -3303,6 +3379,9 @@
3303
3379
  },
3304
3380
  {
3305
3381
  "address": "graphql.server.all_resolvers"
3382
+ },
3383
+ {
3384
+ "address": "graphql.server.resolver"
3306
3385
  }
3307
3386
  ],
3308
3387
  "regex": "(?i:(?:j|&#x?0*(?:74|4A|106|6A);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:v|&#x?0*(?:86|56|118|76);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:a|&#x?0*(?:65|41|97|61);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:s|&#x?0*(?:83|53|115|73);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:c|&#x?0*(?:67|43|99|63);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:r|&#x?0*(?:82|52|114|72);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:i|&#x?0*(?:73|49|105|69);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:p|&#x?0*(?:80|50|112|70);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:t|&#x?0*(?:84|54|116|74);?)(?:\\t|\\n|\\r|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?::|&(?:#x?0*(?:58|3A);?|colon;)).)",
@@ -3347,6 +3426,9 @@
3347
3426
  },
3348
3427
  {
3349
3428
  "address": "graphql.server.all_resolvers"
3429
+ },
3430
+ {
3431
+ "address": "graphql.server.resolver"
3350
3432
  }
3351
3433
  ],
3352
3434
  "regex": "(?i:(?:v|&#x?0*(?:86|56|118|76);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:b|&#x?0*(?:66|42|98|62);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:s|&#x?0*(?:83|53|115|73);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:c|&#x?0*(?:67|43|99|63);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:r|&#x?0*(?:82|52|114|72);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:i|&#x?0*(?:73|49|105|69);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:p|&#x?0*(?:80|50|112|70);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?:t|&#x?0*(?:84|54|116|74);?)(?:\\t|&(?:#x?0*(?:9|13|10|A|D);?|tab;|newline;))*(?::|&(?:#x?0*(?:58|3A);?|colon;)).)",
@@ -3391,6 +3473,9 @@
3391
3473
  },
3392
3474
  {
3393
3475
  "address": "graphql.server.all_resolvers"
3476
+ },
3477
+ {
3478
+ "address": "graphql.server.resolver"
3394
3479
  }
3395
3480
  ],
3396
3481
  "regex": "<EMBED[\\s/+].*?(?:src|type).*?=",
@@ -3434,6 +3519,9 @@
3434
3519
  },
3435
3520
  {
3436
3521
  "address": "graphql.server.all_resolvers"
3522
+ },
3523
+ {
3524
+ "address": "graphql.server.resolver"
3437
3525
  }
3438
3526
  ],
3439
3527
  "regex": "<[?]?import[\\s/+\\S]*?implementation[\\s/+]*?=",
@@ -3474,10 +3562,10 @@
3474
3562
  "address": "server.request.path_params"
3475
3563
  },
3476
3564
  {
3477
- "address": "grpc.server.request.message"
3565
+ "address": "graphql.server.all_resolvers"
3478
3566
  },
3479
3567
  {
3480
- "address": "graphql.server.all_resolvers"
3568
+ "address": "graphql.server.resolver"
3481
3569
  }
3482
3570
  ],
3483
3571
  "regex": "<LINK[\\s/+].*?href[\\s/+]*=",
@@ -3521,6 +3609,9 @@
3521
3609
  },
3522
3610
  {
3523
3611
  "address": "graphql.server.all_resolvers"
3612
+ },
3613
+ {
3614
+ "address": "graphql.server.resolver"
3524
3615
  }
3525
3616
  ],
3526
3617
  "regex": "<BASE[\\s/+].*?href[\\s/+]*=",
@@ -3564,6 +3655,9 @@
3564
3655
  },
3565
3656
  {
3566
3657
  "address": "graphql.server.all_resolvers"
3658
+ },
3659
+ {
3660
+ "address": "graphql.server.resolver"
3567
3661
  }
3568
3662
  ],
3569
3663
  "regex": "<APPLET[\\s/+>]",
@@ -3607,6 +3701,9 @@
3607
3701
  },
3608
3702
  {
3609
3703
  "address": "graphql.server.all_resolvers"
3704
+ },
3705
+ {
3706
+ "address": "graphql.server.resolver"
3610
3707
  }
3611
3708
  ],
3612
3709
  "regex": "<OBJECT[\\s/+].*?(?:type|codetype|classid|code|data)[\\s/+]*=",
@@ -3650,6 +3747,9 @@
3650
3747
  },
3651
3748
  {
3652
3749
  "address": "graphql.server.all_resolvers"
3750
+ },
3751
+ {
3752
+ "address": "graphql.server.resolver"
3653
3753
  }
3654
3754
  ],
3655
3755
  "regex": "\\+ADw-.*(?:\\+AD4-|>)|<.*\\+AD4-",
@@ -3691,6 +3791,9 @@
3691
3791
  },
3692
3792
  {
3693
3793
  "address": "graphql.server.all_resolvers"
3794
+ },
3795
+ {
3796
+ "address": "graphql.server.resolver"
3694
3797
  }
3695
3798
  ],
3696
3799
  "regex": "![!+ ]\\[\\]",
@@ -3733,6 +3836,9 @@
3733
3836
  },
3734
3837
  {
3735
3838
  "address": "graphql.server.all_resolvers"
3839
+ },
3840
+ {
3841
+ "address": "graphql.server.resolver"
3736
3842
  }
3737
3843
  ],
3738
3844
  "regex": "\\b(?i:eval|settimeout|setinterval|new\\s+Function|alert|prompt)[\\s+]*\\([^\\)]",
@@ -3770,10 +3876,10 @@
3770
3876
  "address": "server.request.path_params"
3771
3877
  },
3772
3878
  {
3773
- "address": "grpc.server.request.message"
3879
+ "address": "graphql.server.all_resolvers"
3774
3880
  },
3775
3881
  {
3776
- "address": "graphql.server.all_resolvers"
3882
+ "address": "graphql.server.resolver"
3777
3883
  }
3778
3884
  ]
3779
3885
  },
@@ -3813,6 +3919,9 @@
3813
3919
  },
3814
3920
  {
3815
3921
  "address": "graphql.server.all_resolvers"
3922
+ },
3923
+ {
3924
+ "address": "graphql.server.resolver"
3816
3925
  }
3817
3926
  ],
3818
3927
  "regex": "(?i:sleep\\(\\s*?\\d*?\\s*?\\)|benchmark\\(.*?\\,.*?\\))",
@@ -3855,6 +3964,9 @@
3855
3964
  },
3856
3965
  {
3857
3966
  "address": "graphql.server.all_resolvers"
3967
+ },
3968
+ {
3969
+ "address": "graphql.server.resolver"
3858
3970
  }
3859
3971
  ],
3860
3972
  "regex": "(?:[\\\"'`](?:;*?\\s*?waitfor\\s+(?:delay|time)\\s+[\\\"'`]|;.*?:\\s*?goto)|alter\\s*?\\w+.*?cha(?:racte)?r\\s+set\\s+\\w+)",
@@ -3895,6 +4007,9 @@
3895
4007
  },
3896
4008
  {
3897
4009
  "address": "graphql.server.all_resolvers"
4010
+ },
4011
+ {
4012
+ "address": "graphql.server.resolver"
3898
4013
  }
3899
4014
  ],
3900
4015
  "regex": "(?i:merge.*?using\\s*?\\(|execute\\s*?immediate\\s*?[\\\"'`]|match\\s*?[\\w(?:),+-]+\\s*?against\\s*?\\()",
@@ -3936,6 +4051,9 @@
3936
4051
  },
3937
4052
  {
3938
4053
  "address": "graphql.server.all_resolvers"
4054
+ },
4055
+ {
4056
+ "address": "graphql.server.resolver"
3939
4057
  }
3940
4058
  ],
3941
4059
  "regex": "union.*?select.*?from",
@@ -3977,6 +4095,9 @@
3977
4095
  },
3978
4096
  {
3979
4097
  "address": "graphql.server.all_resolvers"
4098
+ },
4099
+ {
4100
+ "address": "graphql.server.resolver"
3980
4101
  }
3981
4102
  ],
3982
4103
  "regex": "(?:;\\s*?shutdown\\s*?(?:[#;{]|\\/\\*|--)|waitfor\\s*?delay\\s?[\\\"'`]+\\s?\\d|select\\s*?pg_sleep)",
@@ -4017,6 +4138,9 @@
4017
4138
  },
4018
4139
  {
4019
4140
  "address": "graphql.server.all_resolvers"
4141
+ },
4142
+ {
4143
+ "address": "graphql.server.resolver"
4020
4144
  }
4021
4145
  ],
4022
4146
  "regex": "(?i:(?:\\[?\\$(?:(?:s(?:lic|iz)|wher)e|e(?:lemMatch|xists|q)|n(?:o[rt]|in?|e)|l(?:ike|te?)|t(?:ext|ype)|a(?:ll|nd)|jsonSchema|between|regex|x?or|div|mod)\\]?)\\b)",
@@ -4060,6 +4184,9 @@
4060
4184
  },
4061
4185
  {
4062
4186
  "address": "graphql.server.all_resolvers"
4187
+ },
4188
+ {
4189
+ "address": "graphql.server.resolver"
4063
4190
  }
4064
4191
  ],
4065
4192
  "regex": "(?:^[\\W\\d]+\\s*?(?:alter\\s*(?:a(?:(?:pplication\\s*rol|ggregat)e|s(?:ymmetric\\s*ke|sembl)y|u(?:thorization|dit)|vailability\\s*group)|c(?:r(?:yptographic\\s*provider|edential)|o(?:l(?:latio|um)|nversio)n|ertificate|luster)|s(?:e(?:rv(?:ice|er)|curity|quence|ssion|arch)|y(?:mmetric\\s*key|nonym)|togroup|chema)|m(?:a(?:s(?:ter\\s*key|k)|terialized)|e(?:ssage\\s*type|thod)|odule)|l(?:o(?:g(?:file\\s*group|in)|ckdown)|a(?:ngua|r)ge|ibrary)|t(?:(?:abl(?:espac)?|yp)e|r(?:igger|usted)|hreshold|ext)|p(?:a(?:rtition|ckage)|ro(?:cedur|fil)e|ermission)|d(?:i(?:mension|skgroup)|atabase|efault|omain)|r(?:o(?:l(?:lback|e)|ute)|e(?:sourc|mot)e)|f(?:u(?:lltext|nction)|lashback|oreign)|e(?:xte(?:nsion|rnal)|(?:ndpoi|ve)nt)|in(?:dex(?:type)?|memory|stance)|b(?:roker\\s*priority|ufferpool)|x(?:ml\\s*schema|srobject)|w(?:ork(?:load)?|rapper)|hi(?:erarchy|stogram)|o(?:perator|utline)|(?:nicknam|queu)e|us(?:age|er)|group|java|view)|union\\s*(?:(?:distin|sele)ct|all))\\b|\\b(?:(?:(?:trunc|cre|upd)at|renam)e|(?:inser|selec)t|de(?:lete|sc)|alter|load)\\s+(?:group_concat|load_file|char)\\b\\s*\\(?|[\\s(]load_file\\s*?\\(|[\\\"'`]\\s+regexp\\W)",
@@ -4100,6 +4227,9 @@
4100
4227
  },
4101
4228
  {
4102
4229
  "address": "graphql.server.all_resolvers"
4230
+ },
4231
+ {
4232
+ "address": "graphql.server.resolver"
4103
4233
  }
4104
4234
  ],
4105
4235
  "regex": "(?i:/\\*[!+](?:[\\w\\s=_\\-(?:)]+)?\\*/)",
@@ -4142,6 +4272,9 @@
4142
4272
  },
4143
4273
  {
4144
4274
  "address": "graphql.server.all_resolvers"
4275
+ },
4276
+ {
4277
+ "address": "graphql.server.resolver"
4145
4278
  }
4146
4279
  ],
4147
4280
  "regex": "(?i:\\.cookie\\b.*?;\\W*?(?:expires|domain)\\W*?=|\\bhttp-equiv\\W+set-cookie\\b)",
@@ -4187,6 +4320,9 @@
4187
4320
  },
4188
4321
  {
4189
4322
  "address": "graphql.server.all_resolvers"
4323
+ },
4324
+ {
4325
+ "address": "graphql.server.resolver"
4190
4326
  }
4191
4327
  ],
4192
4328
  "regex": "java\\.lang\\.(?:runtime|processbuilder)",
@@ -4207,7 +4343,6 @@
4207
4343
  "name": "Remote Command Execution: Java process spawn (CVE-2017-9805)",
4208
4344
  "tags": {
4209
4345
  "type": "java_code_injection",
4210
- "crs_id": "944110",
4211
4346
  "category": "attack_attempt",
4212
4347
  "cwe": "94",
4213
4348
  "capec": "1000/152/242"
@@ -4233,50 +4368,21 @@
4233
4368
  },
4234
4369
  {
4235
4370
  "address": "graphql.server.all_resolvers"
4236
- }
4237
- ],
4238
- "regex": "(?:runtime|processbuilder)",
4239
- "options": {
4240
- "case_sensitive": true,
4241
- "min_length": 7
4242
- }
4243
- },
4244
- "operator": "match_regex"
4245
- },
4246
- {
4247
- "parameters": {
4248
- "inputs": [
4249
- {
4250
- "address": "server.request.query"
4251
- },
4252
- {
4253
- "address": "server.request.body"
4254
- },
4255
- {
4256
- "address": "server.request.path_params"
4257
4371
  },
4258
4372
  {
4259
- "address": "server.request.headers.no_cookies"
4260
- },
4261
- {
4262
- "address": "grpc.server.request.message"
4263
- },
4264
- {
4265
- "address": "graphql.server.all_resolvers"
4373
+ "address": "graphql.server.resolver"
4266
4374
  }
4267
4375
  ],
4268
- "regex": "(?:unmarshaller|base64data|java\\.)",
4376
+ "regex": "(?:unmarshaller|base64data|java\\.).*(?:runtime|processbuilder)",
4269
4377
  "options": {
4270
- "case_sensitive": true,
4271
- "min_length": 5
4378
+ "case_sensitive": false,
4379
+ "min_length": 13
4272
4380
  }
4273
4381
  },
4274
4382
  "operator": "match_regex"
4275
4383
  }
4276
4384
  ],
4277
- "transformers": [
4278
- "lowercase"
4279
- ]
4385
+ "transformers": []
4280
4386
  },
4281
4387
  {
4282
4388
  "id": "crs-944-130",
@@ -4309,6 +4415,9 @@
4309
4415
  },
4310
4416
  {
4311
4417
  "address": "graphql.server.all_resolvers"
4418
+ },
4419
+ {
4420
+ "address": "graphql.server.resolver"
4312
4421
  }
4313
4422
  ],
4314
4423
  "list": [
@@ -4344,6 +4453,7 @@
4344
4453
  "java.lang.object",
4345
4454
  "java.lang.process",
4346
4455
  "java.lang.reflect",
4456
+ "java.lang.runtime",
4347
4457
  "java.lang.string",
4348
4458
  "java.lang.stringbuilder",
4349
4459
  "java.lang.system",
@@ -4353,7 +4463,10 @@
4353
4463
  "org.apache.struts2",
4354
4464
  "org.omg.corba",
4355
4465
  "java.beans.xmldecode"
4356
- ]
4466
+ ],
4467
+ "options": {
4468
+ "enforce_word_boundary": true
4469
+ }
4357
4470
  },
4358
4471
  "operator": "phrase_match"
4359
4472
  }
@@ -4394,6 +4507,9 @@
4394
4507
  },
4395
4508
  {
4396
4509
  "address": "graphql.server.all_resolvers"
4510
+ },
4511
+ {
4512
+ "address": "graphql.server.resolver"
4397
4513
  }
4398
4514
  ],
4399
4515
  "regex": "(?:class\\.module\\.classLoader\\.resources\\.context\\.parent\\.pipeline|springframework\\.context\\.support\\.FileSystemXmlApplicationContext)",
@@ -4435,6 +4551,9 @@
4435
4551
  {
4436
4552
  "address": "graphql.server.all_resolvers"
4437
4553
  },
4554
+ {
4555
+ "address": "graphql.server.resolver"
4556
+ },
4438
4557
  {
4439
4558
  "address": "server.request.headers.no_cookies"
4440
4559
  }
@@ -4475,10 +4594,13 @@
4475
4594
  "address": "server.request.path_params"
4476
4595
  },
4477
4596
  {
4478
- "address": "grpc.server.request.message"
4597
+ "address": "graphql.server.all_resolvers"
4479
4598
  },
4480
4599
  {
4481
- "address": "graphql.server.all_resolvers"
4600
+ "address": "graphql.server.resolver"
4601
+ },
4602
+ {
4603
+ "address": "server.request.headers.no_cookies"
4482
4604
  }
4483
4605
  ],
4484
4606
  "regex": "[#%$]{(?:[^}]+[^\\w\\s}\\-_][^}]+|\\d+-\\d+)}",
@@ -4522,6 +4644,9 @@
4522
4644
  },
4523
4645
  {
4524
4646
  "address": "graphql.server.all_resolvers"
4647
+ },
4648
+ {
4649
+ "address": "graphql.server.resolver"
4525
4650
  }
4526
4651
  ],
4527
4652
  "regex": "[@#]ognl",
@@ -4668,6 +4793,9 @@
4668
4793
  },
4669
4794
  {
4670
4795
  "address": "graphql.server.all_resolvers"
4796
+ },
4797
+ {
4798
+ "address": "graphql.server.resolver"
4671
4799
  }
4672
4800
  ],
4673
4801
  "regex": "#(?:set|foreach|macro|parse|if)\\(.*\\)|<#assign.*>"
@@ -4709,6 +4837,9 @@
4709
4837
  },
4710
4838
  {
4711
4839
  "address": "graphql.server.all_resolvers"
4840
+ },
4841
+ {
4842
+ "address": "graphql.server.resolver"
4712
4843
  }
4713
4844
  ],
4714
4845
  "regex": "\\b(?:burpcollaborator\\.net|oastify\\.com)\\b"
@@ -4750,9 +4881,12 @@
4750
4881
  },
4751
4882
  {
4752
4883
  "address": "graphql.server.all_resolvers"
4884
+ },
4885
+ {
4886
+ "address": "graphql.server.resolver"
4753
4887
  }
4754
4888
  ],
4755
- "regex": "\\bqualysperiscope\\.com\\b"
4889
+ "regex": "\\bqualysperiscope\\.com\\b|\\.oscomm\\."
4756
4890
  },
4757
4891
  "operator": "match_regex"
4758
4892
  }
@@ -4791,6 +4925,9 @@
4791
4925
  },
4792
4926
  {
4793
4927
  "address": "graphql.server.all_resolvers"
4928
+ },
4929
+ {
4930
+ "address": "graphql.server.resolver"
4794
4931
  }
4795
4932
  ],
4796
4933
  "regex": "\\bprbly\\.win\\b"
@@ -4831,9 +4968,12 @@
4831
4968
  },
4832
4969
  {
4833
4970
  "address": "graphql.server.all_resolvers"
4971
+ },
4972
+ {
4973
+ "address": "graphql.server.resolver"
4834
4974
  }
4835
4975
  ],
4836
- "regex": "\\b(?:webhook\\.site|\\.canarytokens\\.com|vii\\.one|act1on3\\.ru|gdsburp\\.com)\\b"
4976
+ "regex": "\\b(?:webhook\\.site|\\.canarytokens\\.com|vii\\.one|act1on3\\.ru|gdsburp\\.com|arcticwolf\\.net|oob\\.li|htbiw\\.com|h4\\.vc|mochan\\.cloud|imshopping\\.com|bootstrapnodejs\\.com|mooo-ng\\.com|securitytrails\\.com|canyouhackit\\.io|7bae\\.xyz)\\b"
4837
4977
  },
4838
4978
  "operator": "match_regex"
4839
4979
  }
@@ -4871,6 +5011,9 @@
4871
5011
  },
4872
5012
  {
4873
5013
  "address": "graphql.server.all_resolvers"
5014
+ },
5015
+ {
5016
+ "address": "graphql.server.resolver"
4874
5017
  }
4875
5018
  ],
4876
5019
  "regex": "\\b(?:\\.ngrok\\.io|requestbin\\.com|requestbin\\.net)\\b"
@@ -4912,6 +5055,9 @@
4912
5055
  },
4913
5056
  {
4914
5057
  "address": "graphql.server.all_resolvers"
5058
+ },
5059
+ {
5060
+ "address": "graphql.server.resolver"
4915
5061
  }
4916
5062
  ],
4917
5063
  "regex": "\\bappspidered\\.rapid7\\."
@@ -4953,9 +5099,12 @@
4953
5099
  },
4954
5100
  {
4955
5101
  "address": "graphql.server.all_resolvers"
5102
+ },
5103
+ {
5104
+ "address": "graphql.server.resolver"
4956
5105
  }
4957
5106
  ],
4958
- "regex": "\\b(?:interact\\.sh|oast\\.(?:pro|live|site|online|fun|me))\\b"
5107
+ "regex": "\\b(?:interact\\.sh|oast\\.(?:pro|live|site|online|fun|me)|indusfacefinder\\.in|where\\.land|syhunt\\.net|tssrt\\.de|boardofcyber\\.io|assetnote-callback\\.com|praetorianlabs\\.dev|netspi\\.sh)\\b"
4959
5108
  },
4960
5109
  "operator": "match_regex"
4961
5110
  }
@@ -4994,9 +5143,12 @@
4994
5143
  },
4995
5144
  {
4996
5145
  "address": "graphql.server.all_resolvers"
5146
+ },
5147
+ {
5148
+ "address": "graphql.server.resolver"
4997
5149
  }
4998
5150
  ],
4999
- "regex": "\\b(?:\\.|(?:\\\\|&#)(?:0*46|x0*2e);)r87(?:\\.|(?:\\\\|&#)(?:0*46|x0*2e);)(?:me|com)\\b",
5151
+ "regex": "\\b(?:\\.|(?:\\\\|&#)(?:0*46|x0*2e);)?r87(?:\\.|(?:\\\\|&#)(?:0*46|x0*2e);)(?:me|com)\\b",
5000
5152
  "options": {
5001
5153
  "case_sensitive": false,
5002
5154
  "min_length": 7
@@ -5008,14 +5160,15 @@
5008
5160
  "transformers": []
5009
5161
  },
5010
5162
  {
5011
- "id": "dog-931-001",
5012
- "name": "RFI: URL Payload to well known RFI target",
5163
+ "id": "dog-913-009",
5164
+ "name": "WhiteHat Security OOB domain",
5013
5165
  "tags": {
5014
- "type": "rfi",
5166
+ "type": "commercial_scanner",
5015
5167
  "category": "attack_attempt",
5016
- "cwe": "98",
5017
- "capec": "1000/152/175/253/193",
5018
- "confidence": "1"
5168
+ "tool_name": "WhiteHatSecurity",
5169
+ "cwe": "200",
5170
+ "capec": "1000/118/169",
5171
+ "confidence": "0"
5019
5172
  },
5020
5173
  "conditions": [
5021
5174
  {
@@ -5030,17 +5183,23 @@
5030
5183
  {
5031
5184
  "address": "server.request.path_params"
5032
5185
  },
5186
+ {
5187
+ "address": "server.request.headers.no_cookies"
5188
+ },
5033
5189
  {
5034
5190
  "address": "grpc.server.request.message"
5035
5191
  },
5036
5192
  {
5037
5193
  "address": "graphql.server.all_resolvers"
5194
+ },
5195
+ {
5196
+ "address": "graphql.server.resolver"
5038
5197
  }
5039
5198
  ],
5040
- "regex": "^(?i:file|ftps?|https?).*/rfiinc\\.txt\\?+$",
5199
+ "regex": "\\bwhsec(?:\\.|(?:\\\\|&#)(?:0*46|x0*2e);)us\\b",
5041
5200
  "options": {
5042
- "case_sensitive": true,
5043
- "min_length": 17
5201
+ "case_sensitive": false,
5202
+ "min_length": 8
5044
5203
  }
5045
5204
  },
5046
5205
  "operator": "match_regex"
@@ -5049,33 +5208,46 @@
5049
5208
  "transformers": []
5050
5209
  },
5051
5210
  {
5052
- "id": "dog-934-001",
5053
- "name": "XXE - XML file loads external entity",
5211
+ "id": "dog-913-010",
5212
+ "name": "Nessus OOB domain",
5054
5213
  "tags": {
5055
- "type": "xxe",
5214
+ "type": "commercial_scanner",
5056
5215
  "category": "attack_attempt",
5057
- "cwe": "91",
5058
- "capec": "1000/152/248/250",
5216
+ "tool_name": "Nessus",
5217
+ "cwe": "200",
5218
+ "capec": "1000/118/169",
5059
5219
  "confidence": "0"
5060
5220
  },
5061
5221
  "conditions": [
5062
5222
  {
5063
5223
  "parameters": {
5064
5224
  "inputs": [
5225
+ {
5226
+ "address": "server.request.query"
5227
+ },
5065
5228
  {
5066
5229
  "address": "server.request.body"
5067
5230
  },
5231
+ {
5232
+ "address": "server.request.path_params"
5233
+ },
5234
+ {
5235
+ "address": "server.request.headers.no_cookies"
5236
+ },
5068
5237
  {
5069
5238
  "address": "grpc.server.request.message"
5070
5239
  },
5071
5240
  {
5072
5241
  "address": "graphql.server.all_resolvers"
5242
+ },
5243
+ {
5244
+ "address": "graphql.server.resolver"
5073
5245
  }
5074
5246
  ],
5075
- "regex": "(?:<\\?xml[^>]*>.*)<!ENTITY[^>]+SYSTEM\\s+[^>]+>",
5247
+ "regex": "\\b\\.nessus\\.org\\b",
5076
5248
  "options": {
5077
5249
  "case_sensitive": false,
5078
- "min_length": 24
5250
+ "min_length": 8
5079
5251
  }
5080
5252
  },
5081
5253
  "operator": "match_regex"
@@ -5084,31 +5256,20 @@
5084
5256
  "transformers": []
5085
5257
  },
5086
5258
  {
5087
- "id": "dog-941-001",
5088
- "name": "XSS in source property",
5259
+ "id": "dog-913-011",
5260
+ "name": "Watchtowr OOB domain",
5089
5261
  "tags": {
5090
- "type": "xss",
5262
+ "type": "commercial_scanner",
5091
5263
  "category": "attack_attempt",
5092
- "cwe": "83",
5093
- "capec": "1000/152/242/63/591/243",
5264
+ "tool_name": "Watchtowr",
5265
+ "cwe": "200",
5266
+ "capec": "1000/118/169",
5094
5267
  "confidence": "0"
5095
5268
  },
5096
5269
  "conditions": [
5097
5270
  {
5098
5271
  "parameters": {
5099
5272
  "inputs": [
5100
- {
5101
- "address": "server.request.headers.no_cookies",
5102
- "key_path": [
5103
- "user-agent"
5104
- ]
5105
- },
5106
- {
5107
- "address": "server.request.headers.no_cookies",
5108
- "key_path": [
5109
- "referer"
5110
- ]
5111
- },
5112
5273
  {
5113
5274
  "address": "server.request.query"
5114
5275
  },
@@ -5118,28 +5279,301 @@
5118
5279
  {
5119
5280
  "address": "server.request.path_params"
5120
5281
  },
5282
+ {
5283
+ "address": "server.request.headers.no_cookies"
5284
+ },
5121
5285
  {
5122
5286
  "address": "grpc.server.request.message"
5123
5287
  },
5124
5288
  {
5125
5289
  "address": "graphql.server.all_resolvers"
5290
+ },
5291
+ {
5292
+ "address": "graphql.server.resolver"
5126
5293
  }
5127
5294
  ],
5128
- "regex": "<(?:iframe|esi:include)(?:(?:\\s|/)*\\w+=[\"'\\w]+)*(?:\\s|/)*src(?:doc)?=[\"']?(?:data:|javascript:|http:|//)[^\\s'\"]+['\"]?",
5295
+ "regex": "\\bwatchtowr\\.com\\b",
5129
5296
  "options": {
5130
- "min_length": 14
5297
+ "case_sensitive": false,
5298
+ "min_length": 8
5131
5299
  }
5132
5300
  },
5133
5301
  "operator": "match_regex"
5134
5302
  }
5135
5303
  ],
5136
- "transformers": [
5137
- "removeNulls",
5138
- "urlDecodeUni"
5139
- ]
5304
+ "transformers": []
5140
5305
  },
5141
5306
  {
5142
- "id": "dog-942-001",
5307
+ "id": "dog-913-012",
5308
+ "name": "AppCheck NG OOB domain",
5309
+ "tags": {
5310
+ "type": "commercial_scanner",
5311
+ "category": "attack_attempt",
5312
+ "tool_name": "AppCheckNG",
5313
+ "cwe": "200",
5314
+ "capec": "1000/118/169",
5315
+ "confidence": "0"
5316
+ },
5317
+ "conditions": [
5318
+ {
5319
+ "parameters": {
5320
+ "inputs": [
5321
+ {
5322
+ "address": "server.request.query"
5323
+ },
5324
+ {
5325
+ "address": "server.request.body"
5326
+ },
5327
+ {
5328
+ "address": "server.request.path_params"
5329
+ },
5330
+ {
5331
+ "address": "server.request.headers.no_cookies"
5332
+ },
5333
+ {
5334
+ "address": "grpc.server.request.message"
5335
+ },
5336
+ {
5337
+ "address": "graphql.server.all_resolvers"
5338
+ },
5339
+ {
5340
+ "address": "graphql.server.resolver"
5341
+ }
5342
+ ],
5343
+ "regex": "\\bptst\\.io\\b",
5344
+ "options": {
5345
+ "case_sensitive": false,
5346
+ "min_length": 7
5347
+ }
5348
+ },
5349
+ "operator": "match_regex"
5350
+ }
5351
+ ],
5352
+ "transformers": []
5353
+ },
5354
+ {
5355
+ "id": "dog-920-001",
5356
+ "name": "JWT authentication bypass",
5357
+ "tags": {
5358
+ "type": "http_protocol_violation",
5359
+ "category": "attack_attempt",
5360
+ "cwe": "287",
5361
+ "capec": "1000/225/115",
5362
+ "confidence": "0"
5363
+ },
5364
+ "conditions": [
5365
+ {
5366
+ "parameters": {
5367
+ "inputs": [
5368
+ {
5369
+ "address": "server.request.cookies"
5370
+ },
5371
+ {
5372
+ "address": "server.request.headers.no_cookies",
5373
+ "key_path": [
5374
+ "authorization"
5375
+ ]
5376
+ }
5377
+ ],
5378
+ "regex": "^(?:Bearer )?ey[A-Za-z0-9+_\\-/]*([QY][UW]x[Hn]Ij([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gOiAi[Tb][km]9[Ou][RZ][Q-Za-f]|[QY][UW]x[Hn]Ij([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ciID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]IDogI[km]5[Pv][Tb][km][U-X]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[QY][UW]x[Hn]IiA6ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]IDoi[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]Ij([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gOiAi[Tb][km]9[Ou][RZ][Q-Za-f]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ciOiAi[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*IDogI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]IDogI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]yIgO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ciIDoi[Tb][km]9[Ou][RZ][Q-Za-f]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*IDogI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]yIgOiJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ciO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]IDoi[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ciID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]IDogI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]yI6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]yI6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]IiA6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*IDogI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]yIgO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]Ij([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6ICJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ciOiJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*IDoi[Tb][km]9[Ou][RZ][Q-Za-f]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gOiJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ciO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]yIgOiAi[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]IDoi[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ciID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6ICJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]IjogI[km]5[Pv][Tb][km][U-X]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ciO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[QY][UW]x[Hn]IiA6I[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ciID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6I[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]yI6I[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]yI6ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ciIDogI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[QY][UW]x[Hn]IiA6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]IiA6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*IDoi[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ciO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6I[km]5[Pv][Tb][km][U-X]|[QY][UW]x[Hn]IiA6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]yI6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]yIgO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gOiJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ID([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gI[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]yIgO([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[\\x2b\\x2f-9A-Za-z]ICJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*ICJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]I([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*IDoi[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]A6I[km]5[Pv][Tb][km][U-X]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]y([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gOiJ[Ou][Tb][02]5[Fl]|[QY][UW]x[Hn]Ijoi[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z]{2}[159BFJNRVZdhlptx][Bh][Tb][EG]ci([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[048AEIMQUYcgkosw]gOiAi[Tb][km]9[Ou][RZ][Q-Za-f]|[\\x2b\\x2f-9A-Za-z][02EGUWkm]F[Ms][RZ]yI6([048ACEIMQSUYcgikoswy]|[\\x2b\\x2f-9A-Za-z]I)*[CSiy]Ai[Tb][km]9[Ou][RZ][Q-Za-f])[A-Za-z0-9+-/]*\\.[A-Za-z0-9+_\\-/]+\\.(?:[A-Za-z0-9+_\\-/]+)?$",
5379
+ "options": {
5380
+ "case_sensitive": true
5381
+ }
5382
+ },
5383
+ "operator": "match_regex"
5384
+ }
5385
+ ],
5386
+ "transformers": []
5387
+ },
5388
+ {
5389
+ "id": "dog-931-001",
5390
+ "name": "RFI: URL Payload to well known RFI target",
5391
+ "tags": {
5392
+ "type": "rfi",
5393
+ "category": "attack_attempt",
5394
+ "cwe": "98",
5395
+ "capec": "1000/152/175/253/193",
5396
+ "confidence": "1"
5397
+ },
5398
+ "conditions": [
5399
+ {
5400
+ "parameters": {
5401
+ "inputs": [
5402
+ {
5403
+ "address": "server.request.query"
5404
+ },
5405
+ {
5406
+ "address": "server.request.body"
5407
+ },
5408
+ {
5409
+ "address": "server.request.path_params"
5410
+ },
5411
+ {
5412
+ "address": "grpc.server.request.message"
5413
+ },
5414
+ {
5415
+ "address": "graphql.server.all_resolvers"
5416
+ },
5417
+ {
5418
+ "address": "graphql.server.resolver"
5419
+ }
5420
+ ],
5421
+ "regex": "^(?i:file|ftps?|https?).*/rfiinc\\.txt\\?+$",
5422
+ "options": {
5423
+ "case_sensitive": true,
5424
+ "min_length": 17
5425
+ }
5426
+ },
5427
+ "operator": "match_regex"
5428
+ }
5429
+ ],
5430
+ "transformers": []
5431
+ },
5432
+ {
5433
+ "id": "dog-932-100",
5434
+ "name": "Shell spawn executing network command",
5435
+ "tags": {
5436
+ "type": "command_injection",
5437
+ "category": "attack_attempt",
5438
+ "cwe": "77",
5439
+ "capec": "1000/152/248/88",
5440
+ "confidence": "0"
5441
+ },
5442
+ "conditions": [
5443
+ {
5444
+ "parameters": {
5445
+ "inputs": [
5446
+ {
5447
+ "address": "server.request.query"
5448
+ },
5449
+ {
5450
+ "address": "server.request.body"
5451
+ },
5452
+ {
5453
+ "address": "server.request.path_params"
5454
+ },
5455
+ {
5456
+ "address": "server.request.headers.no_cookies"
5457
+ },
5458
+ {
5459
+ "address": "grpc.server.request.message"
5460
+ },
5461
+ {
5462
+ "address": "graphql.server.all_resolvers"
5463
+ },
5464
+ {
5465
+ "address": "graphql.server.resolver"
5466
+ }
5467
+ ],
5468
+ "regex": "(?:(?:['\"\\x60({|;&]|(?:^|['\"\\x60({|;&])(?:cmd(?:\\.exe)?\\s+(?:/\\w(?::\\w+)?\\s+)*))(?:ping|curl|wget|telnet)|\\bnslookup)[\\s,]",
5469
+ "options": {
5470
+ "case_sensitive": true,
5471
+ "min_length": 5
5472
+ }
5473
+ },
5474
+ "operator": "match_regex"
5475
+ }
5476
+ ],
5477
+ "transformers": []
5478
+ },
5479
+ {
5480
+ "id": "dog-934-001",
5481
+ "name": "XXE - XML file loads external entity",
5482
+ "tags": {
5483
+ "type": "xxe",
5484
+ "category": "attack_attempt",
5485
+ "cwe": "91",
5486
+ "capec": "1000/152/248/250",
5487
+ "confidence": "1"
5488
+ },
5489
+ "conditions": [
5490
+ {
5491
+ "parameters": {
5492
+ "inputs": [
5493
+ {
5494
+ "address": "server.request.body"
5495
+ },
5496
+ {
5497
+ "address": "grpc.server.request.message"
5498
+ },
5499
+ {
5500
+ "address": "graphql.server.all_resolvers"
5501
+ },
5502
+ {
5503
+ "address": "graphql.server.resolver"
5504
+ }
5505
+ ],
5506
+ "regex": "(?:<\\?xml[^>]*>.*)<!ENTITY[^>]+SYSTEM\\s+[^>]+>",
5507
+ "options": {
5508
+ "case_sensitive": false,
5509
+ "min_length": 24
5510
+ }
5511
+ },
5512
+ "operator": "match_regex"
5513
+ }
5514
+ ],
5515
+ "transformers": []
5516
+ },
5517
+ {
5518
+ "id": "dog-941-001",
5519
+ "name": "XSS in source property",
5520
+ "tags": {
5521
+ "type": "xss",
5522
+ "category": "attack_attempt",
5523
+ "cwe": "83",
5524
+ "capec": "1000/152/242/63/591/243",
5525
+ "confidence": "1"
5526
+ },
5527
+ "conditions": [
5528
+ {
5529
+ "parameters": {
5530
+ "inputs": [
5531
+ {
5532
+ "address": "server.request.headers.no_cookies",
5533
+ "key_path": [
5534
+ "user-agent"
5535
+ ]
5536
+ },
5537
+ {
5538
+ "address": "server.request.headers.no_cookies",
5539
+ "key_path": [
5540
+ "referer"
5541
+ ]
5542
+ },
5543
+ {
5544
+ "address": "server.request.query"
5545
+ },
5546
+ {
5547
+ "address": "server.request.body"
5548
+ },
5549
+ {
5550
+ "address": "server.request.path_params"
5551
+ },
5552
+ {
5553
+ "address": "grpc.server.request.message"
5554
+ },
5555
+ {
5556
+ "address": "graphql.server.all_resolvers"
5557
+ },
5558
+ {
5559
+ "address": "graphql.server.resolver"
5560
+ }
5561
+ ],
5562
+ "regex": "<(?:iframe|esi:include)(?:(?:\\s|/)*\\w+=[\"'\\w]+)*(?:\\s|/)*src(?:doc)?=[\"']?(?:data:|javascript:|http:|dns:|//)[^\\s'\"]+['\"]?",
5563
+ "options": {
5564
+ "min_length": 14
5565
+ }
5566
+ },
5567
+ "operator": "match_regex"
5568
+ }
5569
+ ],
5570
+ "transformers": [
5571
+ "removeNulls",
5572
+ "urlDecodeUni"
5573
+ ]
5574
+ },
5575
+ {
5576
+ "id": "dog-942-001",
5143
5577
  "name": "Blind XSS callback domains",
5144
5578
  "tags": {
5145
5579
  "type": "xss",
@@ -5169,9 +5603,12 @@
5169
5603
  },
5170
5604
  {
5171
5605
  "address": "graphql.server.all_resolvers"
5606
+ },
5607
+ {
5608
+ "address": "graphql.server.resolver"
5172
5609
  }
5173
5610
  ],
5174
- "regex": "https?:\\/\\/(?:.*\\.)?(?:bxss\\.in|xss\\.ht|js\\.rip)",
5611
+ "regex": "https?:\\/\\/(?:.*\\.)?(?:bxss\\.(?:in|me)|xss\\.ht|js\\.rip)",
5175
5612
  "options": {
5176
5613
  "case_sensitive": false
5177
5614
  }
@@ -5209,6 +5646,9 @@
5209
5646
  {
5210
5647
  "operator": "phrase_match",
5211
5648
  "parameters": {
5649
+ "options": {
5650
+ "enforce_word_boundary": true
5651
+ },
5212
5652
  "inputs": [
5213
5653
  {
5214
5654
  "address": "server.request.uri.raw"
@@ -5755,10 +6195,52 @@
5755
6195
  "transformers": []
5756
6196
  },
5757
6197
  {
5758
- "id": "sqr-000-001",
5759
- "name": "SSRF: Try to access the credential manager of the main cloud services",
6198
+ "id": "nfd-000-010",
6199
+ "name": "Detect failed attempts to find API documentation",
5760
6200
  "tags": {
5761
- "type": "ssrf",
6201
+ "type": "security_scanner",
6202
+ "category": "attack_attempt",
6203
+ "cwe": "200",
6204
+ "capec": "1000/118/169",
6205
+ "confidence": "0"
6206
+ },
6207
+ "conditions": [
6208
+ {
6209
+ "operator": "match_regex",
6210
+ "parameters": {
6211
+ "inputs": [
6212
+ {
6213
+ "address": "server.response.status"
6214
+ }
6215
+ ],
6216
+ "regex": "^404$",
6217
+ "options": {
6218
+ "case_sensitive": true
6219
+ }
6220
+ }
6221
+ },
6222
+ {
6223
+ "operator": "match_regex",
6224
+ "parameters": {
6225
+ "inputs": [
6226
+ {
6227
+ "address": "server.request.uri.raw"
6228
+ }
6229
+ ],
6230
+ "regex": "(?:/swagger\\b|/api[-/]docs?\\b)",
6231
+ "options": {
6232
+ "case_sensitive": false
6233
+ }
6234
+ }
6235
+ }
6236
+ ],
6237
+ "transformers": []
6238
+ },
6239
+ {
6240
+ "id": "sqr-000-001",
6241
+ "name": "SSRF: Try to access the credential manager of the main cloud services",
6242
+ "tags": {
6243
+ "type": "ssrf",
5762
6244
  "category": "attack_attempt",
5763
6245
  "cwe": "918",
5764
6246
  "capec": "1000/225/115/664",
@@ -5782,6 +6264,9 @@
5782
6264
  },
5783
6265
  {
5784
6266
  "address": "graphql.server.all_resolvers"
6267
+ },
6268
+ {
6269
+ "address": "graphql.server.resolver"
5785
6270
  }
5786
6271
  ],
5787
6272
  "regex": "(?i)^\\W*((http|ftp)s?://)?\\W*((::f{4}:)?(169|(0x)?0*a9|0+251)\\.?(254|(0x)?0*fe|0+376)[0-9a-fx\\.:]+|metadata\\.google\\.internal|metadata\\.goog)\\W*/",
@@ -5823,6 +6308,9 @@
5823
6308
  },
5824
6309
  {
5825
6310
  "address": "graphql.server.all_resolvers"
6311
+ },
6312
+ {
6313
+ "address": "graphql.server.resolver"
5826
6314
  }
5827
6315
  ],
5828
6316
  "regex": "require\\(['\"][\\w\\.]+['\"]\\)|process\\.\\w+\\([\\w\\.]*\\)|\\.toString\\(\\)",
@@ -5868,6 +6356,9 @@
5868
6356
  },
5869
6357
  {
5870
6358
  "address": "graphql.server.all_resolvers"
6359
+ },
6360
+ {
6361
+ "address": "graphql.server.resolver"
5871
6362
  }
5872
6363
  ],
5873
6364
  "regex": "(?i)[&|]\\s*type\\s+%\\w+%\\\\+\\w+\\.ini\\s*[&|]"
@@ -5908,6 +6399,9 @@
5908
6399
  },
5909
6400
  {
5910
6401
  "address": "graphql.server.all_resolvers"
6402
+ },
6403
+ {
6404
+ "address": "graphql.server.resolver"
5911
6405
  }
5912
6406
  ],
5913
6407
  "regex": "(?i)[&|]\\s*cat\\s*\\/etc\\/[\\w\\.\\/]*passwd\\s*[&|]"
@@ -5950,6 +6444,9 @@
5950
6444
  },
5951
6445
  {
5952
6446
  "address": "graphql.server.all_resolvers"
6447
+ },
6448
+ {
6449
+ "address": "graphql.server.resolver"
5953
6450
  }
5954
6451
  ],
5955
6452
  "regex": "(?i)[&|]\\s*timeout\\s+/t\\s+\\d+\\s*[&|]"
@@ -5987,6 +6484,9 @@
5987
6484
  },
5988
6485
  {
5989
6486
  "address": "graphql.server.all_resolvers"
6487
+ },
6488
+ {
6489
+ "address": "graphql.server.resolver"
5990
6490
  }
5991
6491
  ],
5992
6492
  "regex": "http(s?):\\/\\/([A-Za-z0-9\\.\\-\\_]+|\\[[A-Fa-f0-9\\:]+\\]|):5986\\/wsman",
@@ -6027,6 +6527,9 @@
6027
6527
  },
6028
6528
  {
6029
6529
  "address": "graphql.server.all_resolvers"
6530
+ },
6531
+ {
6532
+ "address": "graphql.server.resolver"
6030
6533
  }
6031
6534
  ],
6032
6535
  "regex": "^(jar:)?(http|https):\\/\\/([0-9oq]{1,5}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}|[0-9]{1,10})(:[0-9]{1,5})?(\\/[^:@]*)?$"
@@ -6066,6 +6569,9 @@
6066
6569
  },
6067
6570
  {
6068
6571
  "address": "graphql.server.all_resolvers"
6572
+ },
6573
+ {
6574
+ "address": "graphql.server.resolver"
6069
6575
  }
6070
6576
  ],
6071
6577
  "regex": "^(jar:)?(http|https):\\/\\/((\\[)?[:0-9a-f\\.x]{2,}(\\])?)(:[0-9]{1,5})?(\\/[^:@]*)?$"
@@ -6108,9 +6614,12 @@
6108
6614
  },
6109
6615
  {
6110
6616
  "address": "graphql.server.all_resolvers"
6617
+ },
6618
+ {
6619
+ "address": "graphql.server.resolver"
6111
6620
  }
6112
6621
  ],
6113
- "regex": "(http|https):\\/\\/(?:.*\\.)?(?:burpcollaborator\\.net|localtest\\.me|mail\\.ebc\\.apple\\.com|bugbounty\\.dod\\.network|.*\\.[nx]ip\\.io|oastify\\.com|oast\\.(?:pro|live|site|online|fun|me)|sslip\\.io|requestbin\\.com|requestbin\\.net|hookbin\\.com|webhook\\.site|canarytokens\\.com|interact\\.sh|ngrok\\.io|bugbounty\\.click|prbly\\.win|qualysperiscope\\.com|vii.one|act1on3.ru)"
6622
+ "regex": "(http|https):\\/\\/(?:.*\\.)?(?:burpcollaborator\\.net|localtest\\.me|mail\\.ebc\\.apple\\.com|bugbounty\\.dod\\.network|.*\\.[nx]ip\\.io|oastify\\.com|oast\\.(?:pro|live|site|online|fun|me)|sslip\\.io|requestbin\\.com|requestbin\\.net|hookbin\\.com|webhook\\.site|canarytokens\\.com|interact\\.sh|ngrok\\.io|bugbounty\\.click|prbly\\.win|qualysperiscope\\.com|vii\\.one|act1on3\\.ru)"
6114
6623
  },
6115
6624
  "operator": "match_regex"
6116
6625
  }
@@ -6144,10 +6653,10 @@
6144
6653
  "address": "server.request.headers.no_cookies"
6145
6654
  },
6146
6655
  {
6147
- "address": "grpc.server.request.message"
6656
+ "address": "graphql.server.all_resolvers"
6148
6657
  },
6149
6658
  {
6150
- "address": "graphql.server.all_resolvers"
6659
+ "address": "graphql.server.resolver"
6151
6660
  }
6152
6661
  ],
6153
6662
  "regex": "^(jar:)?((file|netdoc):\\/\\/[\\\\\\/]+|(dict|gopher|ldap|sftp|tftp):\\/\\/.*:[0-9]{1,5})"
@@ -6189,10 +6698,10 @@
6189
6698
  "address": "server.request.headers.no_cookies"
6190
6699
  },
6191
6700
  {
6192
- "address": "grpc.server.request.message"
6701
+ "address": "graphql.server.all_resolvers"
6193
6702
  },
6194
6703
  {
6195
- "address": "graphql.server.all_resolvers"
6704
+ "address": "graphql.server.resolver"
6196
6705
  }
6197
6706
  ],
6198
6707
  "regex": "\\${[^j]*j[^n]*n[^d]*d[^i]*i[^:]*:[^}]*}"
@@ -7610,6 +8119,35 @@
7610
8119
  ],
7611
8120
  "transformers": []
7612
8121
  },
8122
+ {
8123
+ "id": "ua0-600-63x",
8124
+ "name": "FeroxBuster",
8125
+ "tags": {
8126
+ "type": "attack_tool",
8127
+ "category": "attack_attempt",
8128
+ "cwe": "200",
8129
+ "capec": "1000/118/169",
8130
+ "tool_name": "feroxbuster",
8131
+ "confidence": "1"
8132
+ },
8133
+ "conditions": [
8134
+ {
8135
+ "parameters": {
8136
+ "inputs": [
8137
+ {
8138
+ "address": "server.request.headers.no_cookies",
8139
+ "key_path": [
8140
+ "user-agent"
8141
+ ]
8142
+ }
8143
+ ],
8144
+ "regex": "^feroxbuster/"
8145
+ },
8146
+ "operator": "match_regex"
8147
+ }
8148
+ ],
8149
+ "transformers": []
8150
+ },
7613
8151
  {
7614
8152
  "id": "ua0-600-6xx",
7615
8153
  "name": "Stealthy scanner",
@@ -7631,7 +8169,7 @@
7631
8169
  ]
7632
8170
  }
7633
8171
  ],
7634
- "regex": "mozilla/4\\.0 \\(compatible(; msie (?:6\\.0; win32|4\\.0; Windows NT))?\\)",
8172
+ "regex": "mozilla/4\\.0 \\(compatible(; msie (?:6\\.0; (?:win32|Windows NT 5\\.0)|4\\.0; Windows NT))?\\)",
7635
8173
  "options": {
7636
8174
  "case_sensitive": false
7637
8175
  }
@@ -7699,5 +8237,1124 @@
7699
8237
  ],
7700
8238
  "transformers": []
7701
8239
  }
8240
+ ],
8241
+ "processors": [
8242
+ {
8243
+ "id": "extract-content",
8244
+ "generator": "extract_schema",
8245
+ "conditions": [
8246
+ {
8247
+ "operator": "equals",
8248
+ "parameters": {
8249
+ "inputs": [
8250
+ {
8251
+ "address": "waf.context.processor",
8252
+ "key_path": [
8253
+ "extract-schema"
8254
+ ]
8255
+ }
8256
+ ],
8257
+ "type": "boolean",
8258
+ "value": true
8259
+ }
8260
+ }
8261
+ ],
8262
+ "parameters": {
8263
+ "mappings": [
8264
+ {
8265
+ "inputs": [
8266
+ {
8267
+ "address": "server.request.body"
8268
+ }
8269
+ ],
8270
+ "output": "_dd.appsec.s.req.body"
8271
+ },
8272
+ {
8273
+ "inputs": [
8274
+ {
8275
+ "address": "server.request.cookies"
8276
+ }
8277
+ ],
8278
+ "output": "_dd.appsec.s.req.cookies"
8279
+ },
8280
+ {
8281
+ "inputs": [
8282
+ {
8283
+ "address": "server.request.query"
8284
+ }
8285
+ ],
8286
+ "output": "_dd.appsec.s.req.query"
8287
+ },
8288
+ {
8289
+ "inputs": [
8290
+ {
8291
+ "address": "server.request.path_params"
8292
+ }
8293
+ ],
8294
+ "output": "_dd.appsec.s.req.params"
8295
+ },
8296
+ {
8297
+ "inputs": [
8298
+ {
8299
+ "address": "server.response.body"
8300
+ }
8301
+ ],
8302
+ "output": "_dd.appsec.s.res.body"
8303
+ },
8304
+ {
8305
+ "inputs": [
8306
+ {
8307
+ "address": "graphql.server.all_resolvers"
8308
+ }
8309
+ ],
8310
+ "output": "_dd.appsec.s.graphql.all_resolvers"
8311
+ },
8312
+ {
8313
+ "inputs": [
8314
+ {
8315
+ "address": "graphql.server.resolver"
8316
+ }
8317
+ ],
8318
+ "output": "_dd.appsec.s.graphql.resolver"
8319
+ }
8320
+ ],
8321
+ "scanners": [
8322
+ {
8323
+ "tags": {
8324
+ "category": "payment"
8325
+ }
8326
+ },
8327
+ {
8328
+ "tags": {
8329
+ "category": "pii"
8330
+ }
8331
+ }
8332
+ ]
8333
+ },
8334
+ "evaluate": false,
8335
+ "output": true
8336
+ },
8337
+ {
8338
+ "id": "extract-headers",
8339
+ "generator": "extract_schema",
8340
+ "conditions": [
8341
+ {
8342
+ "operator": "equals",
8343
+ "parameters": {
8344
+ "inputs": [
8345
+ {
8346
+ "address": "waf.context.processor",
8347
+ "key_path": [
8348
+ "extract-schema"
8349
+ ]
8350
+ }
8351
+ ],
8352
+ "type": "boolean",
8353
+ "value": true
8354
+ }
8355
+ }
8356
+ ],
8357
+ "parameters": {
8358
+ "mappings": [
8359
+ {
8360
+ "inputs": [
8361
+ {
8362
+ "address": "server.request.headers.no_cookies"
8363
+ }
8364
+ ],
8365
+ "output": "_dd.appsec.s.req.headers"
8366
+ },
8367
+ {
8368
+ "inputs": [
8369
+ {
8370
+ "address": "server.response.headers.no_cookies"
8371
+ }
8372
+ ],
8373
+ "output": "_dd.appsec.s.res.headers"
8374
+ }
8375
+ ],
8376
+ "scanners": [
8377
+ {
8378
+ "tags": {
8379
+ "category": "credentials"
8380
+ }
8381
+ },
8382
+ {
8383
+ "tags": {
8384
+ "category": "pii"
8385
+ }
8386
+ }
8387
+ ]
8388
+ },
8389
+ "evaluate": false,
8390
+ "output": true
8391
+ }
8392
+ ],
8393
+ "scanners": [
8394
+ {
8395
+ "id": "JU1sRk3mSzqSUJn6GrVn7g",
8396
+ "name": "American Express Card Scanner (4+4+4+3 digits)",
8397
+ "key": {
8398
+ "operator": "match_regex",
8399
+ "parameters": {
8400
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8401
+ "options": {
8402
+ "case_sensitive": false,
8403
+ "min_length": 3
8404
+ }
8405
+ }
8406
+ },
8407
+ "value": {
8408
+ "operator": "match_regex",
8409
+ "parameters": {
8410
+ "regex": "\\b3[47]\\d{2}(?:(?:\\s\\d{4}\\s\\d{4}\\s\\d{3})|(?:\\,\\d{4}\\,\\d{4}\\,\\d{3})|(?:-\\d{4}-\\d{4}-\\d{3})|(?:\\.\\d{4}\\.\\d{4}\\.\\d{3}))\\b",
8411
+ "options": {
8412
+ "case_sensitive": false,
8413
+ "min_length": 16
8414
+ }
8415
+ }
8416
+ },
8417
+ "tags": {
8418
+ "type": "card",
8419
+ "card_type": "amex",
8420
+ "category": "payment"
8421
+ }
8422
+ },
8423
+ {
8424
+ "id": "edmH513UTQWcRiQ9UnzHlw-mod",
8425
+ "name": "American Express Card Scanner (4+6|5+5|6 digits)",
8426
+ "key": {
8427
+ "operator": "match_regex",
8428
+ "parameters": {
8429
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8430
+ "options": {
8431
+ "case_sensitive": false,
8432
+ "min_length": 3
8433
+ }
8434
+ }
8435
+ },
8436
+ "value": {
8437
+ "operator": "match_regex",
8438
+ "parameters": {
8439
+ "regex": "\\b3[47]\\d{2}(?:(?:\\s\\d{5,6}\\s\\d{5,6})|(?:\\.\\d{5,6}\\.\\d{5,6})|(?:-\\d{5,6}-\\d{5,6})|(?:,\\d{5,6},\\d{5,6}))\\b",
8440
+ "options": {
8441
+ "case_sensitive": false,
8442
+ "min_length": 17
8443
+ }
8444
+ }
8445
+ },
8446
+ "tags": {
8447
+ "type": "card",
8448
+ "card_type": "amex",
8449
+ "category": "payment"
8450
+ }
8451
+ },
8452
+ {
8453
+ "id": "e6K4h_7qTLaMiAbaNXoSZA",
8454
+ "name": "American Express Card Scanner (8+7 digits)",
8455
+ "key": {
8456
+ "operator": "match_regex",
8457
+ "parameters": {
8458
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8459
+ "options": {
8460
+ "case_sensitive": false,
8461
+ "min_length": 3
8462
+ }
8463
+ }
8464
+ },
8465
+ "value": {
8466
+ "operator": "match_regex",
8467
+ "parameters": {
8468
+ "regex": "\\b3[47]\\d{6}(?:(?:\\s\\d{7})|(?:\\,\\d{7})|(?:-\\d{7})|(?:\\.\\d{7}))\\b",
8469
+ "options": {
8470
+ "case_sensitive": false,
8471
+ "min_length": 16
8472
+ }
8473
+ }
8474
+ },
8475
+ "tags": {
8476
+ "type": "card",
8477
+ "card_type": "amex",
8478
+ "category": "payment"
8479
+ }
8480
+ },
8481
+ {
8482
+ "id": "K2rZflWzRhGM9HiTc6whyQ",
8483
+ "name": "American Express Card Scanner (1x15 digits)",
8484
+ "key": {
8485
+ "operator": "match_regex",
8486
+ "parameters": {
8487
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8488
+ "options": {
8489
+ "case_sensitive": false,
8490
+ "min_length": 3
8491
+ }
8492
+ }
8493
+ },
8494
+ "value": {
8495
+ "operator": "match_regex",
8496
+ "parameters": {
8497
+ "regex": "\\b3[47]\\d{13}\\b",
8498
+ "options": {
8499
+ "case_sensitive": false,
8500
+ "min_length": 15
8501
+ }
8502
+ }
8503
+ },
8504
+ "tags": {
8505
+ "type": "card",
8506
+ "card_type": "amex",
8507
+ "category": "payment"
8508
+ }
8509
+ },
8510
+ {
8511
+ "id": "9d7756e343cefa22a5c098e1092590f806eb5446",
8512
+ "name": "Basic Authentication Scanner",
8513
+ "key": {
8514
+ "operator": "match_regex",
8515
+ "parameters": {
8516
+ "regex": "\\bauthorization\\b",
8517
+ "options": {
8518
+ "case_sensitive": false,
8519
+ "min_length": 13
8520
+ }
8521
+ }
8522
+ },
8523
+ "value": {
8524
+ "operator": "match_regex",
8525
+ "parameters": {
8526
+ "regex": "^basic\\s+[A-Za-z0-9+/=]+",
8527
+ "options": {
8528
+ "case_sensitive": false,
8529
+ "min_length": 7
8530
+ }
8531
+ }
8532
+ },
8533
+ "tags": {
8534
+ "type": "basic_auth",
8535
+ "category": "credentials"
8536
+ }
8537
+ },
8538
+ {
8539
+ "id": "mZy8XjZLReC9smpERXWnnw",
8540
+ "name": "Bearer Authentication Scanner",
8541
+ "key": {
8542
+ "operator": "match_regex",
8543
+ "parameters": {
8544
+ "regex": "\\bauthorization\\b",
8545
+ "options": {
8546
+ "case_sensitive": false,
8547
+ "min_length": 13
8548
+ }
8549
+ }
8550
+ },
8551
+ "value": {
8552
+ "operator": "match_regex",
8553
+ "parameters": {
8554
+ "regex": "^bearer\\s+[-a-z0-9._~+/]{4,}",
8555
+ "options": {
8556
+ "case_sensitive": false,
8557
+ "min_length": 11
8558
+ }
8559
+ }
8560
+ },
8561
+ "tags": {
8562
+ "type": "bearer_token",
8563
+ "category": "credentials"
8564
+ }
8565
+ },
8566
+ {
8567
+ "id": "450239afc250a19799b6c03dc0e16fd6a4b2a1af",
8568
+ "name": "Canadian Social Insurance Number Scanner",
8569
+ "key": {
8570
+ "operator": "match_regex",
8571
+ "parameters": {
8572
+ "regex": "\\b(?:social[\\s_]?(?:insurance(?:\\s+number)?)?|SIN|Canadian[\\s_]?(?:social[\\s_]?(?:insurance)?|insurance[\\s_]?number)?)\\b",
8573
+ "options": {
8574
+ "case_sensitive": false,
8575
+ "min_length": 3
8576
+ }
8577
+ }
8578
+ },
8579
+ "value": {
8580
+ "operator": "match_regex",
8581
+ "parameters": {
8582
+ "regex": "\\b\\d{3}-\\d{3}-\\d{3}\\b",
8583
+ "options": {
8584
+ "case_sensitive": false,
8585
+ "min_length": 11
8586
+ }
8587
+ }
8588
+ },
8589
+ "tags": {
8590
+ "type": "canadian_sin",
8591
+ "category": "pii"
8592
+ }
8593
+ },
8594
+ {
8595
+ "id": "87a879ff33693b46c8a614d8211f5a2c289beca0",
8596
+ "name": "Digest Authentication Scanner",
8597
+ "key": {
8598
+ "operator": "match_regex",
8599
+ "parameters": {
8600
+ "regex": "\\bauthorization\\b",
8601
+ "options": {
8602
+ "case_sensitive": false,
8603
+ "min_length": 13
8604
+ }
8605
+ }
8606
+ },
8607
+ "value": {
8608
+ "operator": "match_regex",
8609
+ "parameters": {
8610
+ "regex": "^digest\\s+",
8611
+ "options": {
8612
+ "case_sensitive": false,
8613
+ "min_length": 7
8614
+ }
8615
+ }
8616
+ },
8617
+ "tags": {
8618
+ "type": "digest_auth",
8619
+ "category": "credentials"
8620
+ }
8621
+ },
8622
+ {
8623
+ "id": "qWumeP1GQUa_E4ffAnT-Yg",
8624
+ "name": "American Express Card Scanner (1x14 digits)",
8625
+ "key": {
8626
+ "operator": "match_regex",
8627
+ "parameters": {
8628
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8629
+ "options": {
8630
+ "case_sensitive": false,
8631
+ "min_length": 3
8632
+ }
8633
+ }
8634
+ },
8635
+ "value": {
8636
+ "operator": "match_regex",
8637
+ "parameters": {
8638
+ "regex": "(?:30[0-59]\\d|3[689]\\d{2})(?:\\d{10})",
8639
+ "options": {
8640
+ "case_sensitive": false,
8641
+ "min_length": 14
8642
+ }
8643
+ }
8644
+ },
8645
+ "tags": {
8646
+ "type": "card",
8647
+ "card_type": "diners",
8648
+ "category": "payment"
8649
+ }
8650
+ },
8651
+ {
8652
+ "id": "NlTWWM5LS6W0GSqBLuvtRw",
8653
+ "name": "Diners Card Scanner (4+4+4+2 digits)",
8654
+ "key": {
8655
+ "operator": "match_regex",
8656
+ "parameters": {
8657
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8658
+ "options": {
8659
+ "case_sensitive": false,
8660
+ "min_length": 3
8661
+ }
8662
+ }
8663
+ },
8664
+ "value": {
8665
+ "operator": "match_regex",
8666
+ "parameters": {
8667
+ "regex": "\\b(?:30[0-59]\\d|3[689]\\d{2})(?:(?:\\s\\d{4}\\s\\d{4}\\s\\d{2})|(?:\\,\\d{4}\\,\\d{4}\\,\\d{2})|(?:-\\d{4}-\\d{4}-\\d{2})|(?:\\.\\d{4}\\.\\d{4}\\.\\d{2}))\\b",
8668
+ "options": {
8669
+ "case_sensitive": false,
8670
+ "min_length": 17
8671
+ }
8672
+ }
8673
+ },
8674
+ "tags": {
8675
+ "type": "card",
8676
+ "card_type": "diners",
8677
+ "category": "payment"
8678
+ }
8679
+ },
8680
+ {
8681
+ "id": "Xr5VdbQSTXitYGGiTfxBpw",
8682
+ "name": "Diners Card Scanner (4+6+4 digits)",
8683
+ "key": {
8684
+ "operator": "match_regex",
8685
+ "parameters": {
8686
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8687
+ "options": {
8688
+ "case_sensitive": false,
8689
+ "min_length": 3
8690
+ }
8691
+ }
8692
+ },
8693
+ "value": {
8694
+ "operator": "match_regex",
8695
+ "parameters": {
8696
+ "regex": "\\b(?:30[0-59]\\d|3[689]\\d{2})(?:(?:\\s\\d{6}\\s\\d{4})|(?:\\.\\d{6}\\.\\d{4})|(?:-\\d{6}-\\d{4})|(?:,\\d{6},\\d{4}))\\b",
8697
+ "options": {
8698
+ "case_sensitive": false,
8699
+ "min_length": 16
8700
+ }
8701
+ }
8702
+ },
8703
+ "tags": {
8704
+ "type": "card",
8705
+ "card_type": "diners",
8706
+ "category": "payment"
8707
+ }
8708
+ },
8709
+ {
8710
+ "id": "gAbunN_WQNytxu54DjcbAA-mod",
8711
+ "name": "Diners Card Scanner (8+6 digits)",
8712
+ "key": {
8713
+ "operator": "match_regex",
8714
+ "parameters": {
8715
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8716
+ "options": {
8717
+ "case_sensitive": false,
8718
+ "min_length": 3
8719
+ }
8720
+ }
8721
+ },
8722
+ "value": {
8723
+ "operator": "match_regex",
8724
+ "parameters": {
8725
+ "regex": "\\b(?:30[0-59]\\d{5}|3[689]\\d{6})\\s?(?:(?:\\s\\d{6})|(?:\\,\\d{6})|(?:-\\d{6})|(?:\\.\\d{6}))\\b",
8726
+ "options": {
8727
+ "case_sensitive": false,
8728
+ "min_length": 14
8729
+ }
8730
+ }
8731
+ },
8732
+ "tags": {
8733
+ "type": "card",
8734
+ "card_type": "diners",
8735
+ "category": "payment"
8736
+ }
8737
+ },
8738
+ {
8739
+ "id": "9cs4qCfEQBeX17U7AepOvQ",
8740
+ "name": "MasterCard Scanner (2x8 digits)",
8741
+ "key": {
8742
+ "operator": "match_regex",
8743
+ "parameters": {
8744
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8745
+ "options": {
8746
+ "case_sensitive": false,
8747
+ "min_length": 3
8748
+ }
8749
+ }
8750
+ },
8751
+ "value": {
8752
+ "operator": "match_regex",
8753
+ "parameters": {
8754
+ "regex": "\\b(?:6221(?:2[6-9]|[3-9][0-9])\\d{2}(?:,\\d{8}|\\s\\d{8}|-\\d{8}|\\.\\d{8})|6229(?:[01][0-9]|2[0-5])\\d{2}(?:,\\d{8}|\\s\\d{8}|-\\d{8}|\\.\\d{8})|(?:6011|65\\d{2}|64[4-9]\\d|622[2-8])\\d{4}(?:,\\d{8}|\\s\\d{8}|-\\d{8}|\\.\\d{8}))\\b",
8755
+ "options": {
8756
+ "case_sensitive": false,
8757
+ "min_length": 16
8758
+ }
8759
+ }
8760
+ },
8761
+ "tags": {
8762
+ "type": "card",
8763
+ "card_type": "discover",
8764
+ "category": "payment"
8765
+ }
8766
+ },
8767
+ {
8768
+ "id": "YBIDWJIvQWW_TFOyU0CGJg",
8769
+ "name": "Discover Card Scanner (4x4 digits)",
8770
+ "key": {
8771
+ "operator": "match_regex",
8772
+ "parameters": {
8773
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8774
+ "options": {
8775
+ "case_sensitive": false,
8776
+ "min_length": 3
8777
+ }
8778
+ }
8779
+ },
8780
+ "value": {
8781
+ "operator": "match_regex",
8782
+ "parameters": {
8783
+ "regex": "\\b(?:(?:(?:6221(?:2[6-9]|[3-9][0-9])\\d{2}(?:,\\d{4}){2})|(?:6221\\s(?:2[6-9]|[3-9][0-9])\\d{2}(?:\\s\\d{4}){2})|(?:6221\\.(?:2[6-9]|[3-9][0-9])\\d{2}(?:\\.\\d{4}){2})|(?:6221-(?:2[6-9]|[3-9][0-9])\\d{2}(?:-\\d{4}){2}))|(?:(?:6229(?:[01][0-9]|2[0-5])\\d{2}(?:,\\d{4}){2})|(?:6229\\s(?:[01][0-9]|2[0-5])\\d{2}(?:\\s\\d{4}){2})|(?:6229\\.(?:[01][0-9]|2[0-5])\\d{2}(?:\\.\\d{4}){2})|(?:6229-(?:[01][0-9]|2[0-5])\\d{2}(?:-\\d{4}){2}))|(?:(?:6011|65\\d{2}|64[4-9]\\d|622[2-8])(?:(?:\\s\\d{4}){3}|(?:\\.\\d{4}){3}|(?:-\\d{4}){3}|(?:,\\d{4}){3})))\\b",
8784
+ "options": {
8785
+ "case_sensitive": false,
8786
+ "min_length": 16
8787
+ }
8788
+ }
8789
+ },
8790
+ "tags": {
8791
+ "type": "card",
8792
+ "card_type": "discover",
8793
+ "category": "payment"
8794
+ }
8795
+ },
8796
+ {
8797
+ "id": "12cpbjtVTMaMutFhh9sojQ",
8798
+ "name": "Discover Card Scanner (1x16 digits)",
8799
+ "key": {
8800
+ "operator": "match_regex",
8801
+ "parameters": {
8802
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8803
+ "options": {
8804
+ "case_sensitive": false,
8805
+ "min_length": 3
8806
+ }
8807
+ }
8808
+ },
8809
+ "value": {
8810
+ "operator": "match_regex",
8811
+ "parameters": {
8812
+ "regex": "\\b(?:6221(?:2[6-9]|[3-9][0-9])\\d{10}|6229(?:[01][0-9]|2[0-5])\\d{10}|(?:6011|65\\d{2}|64[4-9]\\d|622[2-8])\\d{12})\\b",
8813
+ "options": {
8814
+ "case_sensitive": false,
8815
+ "min_length": 16
8816
+ }
8817
+ }
8818
+ },
8819
+ "tags": {
8820
+ "type": "card",
8821
+ "card_type": "discover",
8822
+ "category": "payment"
8823
+ }
8824
+ },
8825
+ {
8826
+ "id": "PuXiVTCkTHOtj0Yad1ppsw",
8827
+ "name": "Standard E-mail Address",
8828
+ "key": {
8829
+ "operator": "match_regex",
8830
+ "parameters": {
8831
+ "regex": "\\b(?:(?:e[-\\s]?)?mail|address|sender|\\bto\\b|from|recipient)\\b",
8832
+ "options": {
8833
+ "case_sensitive": false,
8834
+ "min_length": 2
8835
+ }
8836
+ }
8837
+ },
8838
+ "value": {
8839
+ "operator": "match_regex",
8840
+ "parameters": {
8841
+ "regex": "\\b[\\w!#$%&'*+/=?`{|}~^-]+(?:\\.[\\w!#$%&'*+/=?`{|}~^-]+)*(%40|@)(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,6}\\b",
8842
+ "options": {
8843
+ "case_sensitive": false,
8844
+ "min_length": 5
8845
+ }
8846
+ }
8847
+ },
8848
+ "tags": {
8849
+ "type": "email",
8850
+ "category": "pii"
8851
+ }
8852
+ },
8853
+ {
8854
+ "id": "8VS2RKxzR8a_95L5fuwaXQ",
8855
+ "name": "IBAN",
8856
+ "key": {
8857
+ "operator": "match_regex",
8858
+ "parameters": {
8859
+ "regex": "\\b(?:iban|account|sender|receiver)\\b",
8860
+ "options": {
8861
+ "case_sensitive": false,
8862
+ "min_length": 3
8863
+ }
8864
+ }
8865
+ },
8866
+ "value": {
8867
+ "operator": "match_regex",
8868
+ "parameters": {
8869
+ "regex": "\\b(?:NO\\d{2}(?:[ \\-]?\\d{4}){2}[ \\-]?\\d{3}|BE\\d{2}(?:[ \\-]?\\d{4}){3}|(?:DK|FO|FI|GL|SD)\\d{2}(?:[ \\-]?\\d{4}){3}[ \\-]?\\d{2}|NL\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?\\d{4}){2}[ \\-]?\\d{2}|MK\\d{2}[ \\-]?\\d{3}[A-Z0-9](?:[ \\-]?[A-Z0-9]{4}){2}[ \\-]?[A-Z0-9]\\d{2}|SI\\d{17}|(?:AT|BA|EE|LT|XK)\\d{18}|(?:LU|KZ|EE|LT)\\d{5}[A-Z0-9]{13}|LV\\d{2}[A-Z]{4}[A-Z0-9]{13}|(?:LI|CH)\\d{2}[ \\-]?\\d{4}[ \\-]?\\d[A-Z0-9]{3}(?:[ \\-]?[A-Z0-9]{4}){2}[ \\-]?[A-Z0-9]|HR\\d{2}(?:[ \\-]?\\d{4}){4}[ \\-]?\\d|GE\\d{2}[ \\-]?[A-Z0-9]{2}\\d{2}\\d{14}|VA\\d{20}|BG\\d{2}[A-Z]{4}\\d{6}[A-Z0-9]{8}|BH\\d{2}[A-Z]{4}[A-Z0-9]{14}|GB\\d{2}[A-Z]{4}(?:[ \\-]?\\d{4}){3}[ \\-]?\\d{2}|IE\\d{2}[ \\-]?[A-Z0-9]{4}(?:[ \\-]?\\d{4}){3}[ \\-]?\\d{2}|(?:CR|DE|ME|RS)\\d{2}(?:[ \\-]?\\d{4}){4}[ \\-]?\\d{2}|(?:AE|TL|IL)\\d{2}(?:[ \\-]?\\d{4}){4}[ \\-]?\\d{3}|GI\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?[A-Z0-9]{4}){3}[ \\-]?[A-Z0-9]{3}|IQ\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?\\d{4}){3}[ \\-]?\\d{3}|MD\\d{2}(?:[ \\-]?[A-Z0-9]{4}){5}|SA\\d{2}[ \\-]?\\d{2}[A-Z0-9]{2}(?:[ \\-]?[A-Z0-9]{4}){4}|RO\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?[A-Z0-9]{4}){4}|(?:PK|VG)\\d{2}[ \\-]?[A-Z0-9]{4}(?:[ \\-]?\\d{4}){4}|AD\\d{2}(?:[ \\-]?\\d{4}){2}(?:[ \\-]?[A-Z0-9]{4}){3}|(?:CZ|SK|ES|SE|TN)\\d{2}(?:[ \\-]?\\d{4}){5}|(?:LY|PT|ST)\\d{2}(?:[ \\-]?\\d{4}){5}[ \\-]?\\d|TR\\d{2}[ \\-]?\\d{4}[ \\-]?\\d[A-Z0-9]{3}(?:[ \\-]?[A-Z0-9]{4}){3}[ \\-]?[A-Z0-9]{2}|IS\\d{2}(?:[ \\-]?\\d{4}){5}[ \\-]?\\d{2}|(?:IT|SM)\\d{2}[ \\-]?[A-Z]\\d{3}[ \\-]?\\d{4}[ \\-]?\\d{3}[A-Z0-9](?:[ \\-]?[A-Z0-9]{4}){2}[ \\-]?[A-Z0-9]{3}|GR\\d{2}[ \\-]?\\d{4}[ \\-]?\\d{3}[A-Z0-9](?:[ \\-]?[A-Z0-9]{4}){3}[A-Z0-9]{3}|(?:FR|MC)\\d{2}(?:[ \\-]?\\d{4}){2}[ \\-]?\\d{2}[A-Z0-9]{2}(?:[ \\-]?[A-Z0-9]{4}){2}[ \\-]?[A-Z0-9]\\d{2}|MR\\d{2}(?:[ \\-]?\\d{4}){5}[ \\-]?\\d{3}|(?:SV|DO)\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?\\d{4}){5}|BY\\d{2}[ \\-]?[A-Z]{4}[ \\-]?\\d{4}(?:[ \\-]?[A-Z0-9]{4}){4}|GT\\d{2}(?:[ \\-]?[A-Z0-9]{4}){6}|AZ\\d{2}[ \\-]?[A-Z0-9]{4}(?:[ \\-]?\\d{5}){4}|LB\\d{2}[ \\-]?\\d{4}(?:[ \\-]?[A-Z0-9]{5}){4}|(?:AL|CY)\\d{2}(?:[ \\-]?\\d{4}){2}(?:[ \\-]?[A-Z0-9]{4}){4}|(?:HU|PL)\\d{2}(?:[ \\-]?\\d{4}){6}|QA\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?[A-Z0-9]{4}){5}[ \\-]?[A-Z0-9]|PS\\d{2}[ \\-]?[A-Z0-9]{4}(?:[ \\-]?\\d{4}){5}[ \\-]?\\d|UA\\d{2}[ \\-]?\\d{4}[ \\-]?\\d{2}[A-Z0-9]{2}(?:[ \\-]?[A-Z0-9]{4}){4}[ \\-]?[A-Z0-9]|BR\\d{2}(?:[ \\-]?\\d{4}){5}[ \\-]?\\d{3}[A-Z0-9][ \\-]?[A-Z0-9]|EG\\d{2}(?:[ \\-]?\\d{4}){6}\\d|MU\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?\\d{4}){4}\\d{3}[A-Z][ \\-]?[A-Z]{2}|(?:KW|JO)\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?[A-Z0-9]{4}){5}[ \\-]?[A-Z0-9]{2}|MT\\d{2}[ \\-]?[A-Z]{4}[ \\-]?\\d{4}[ \\-]?\\d[A-Z0-9]{3}(?:[ \\-]?[A-Z0-9]{3}){4}[ \\-]?[A-Z0-9]{3}|SC\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?\\d{4}){5}[ \\-]?[A-Z]{3}|LC\\d{2}[ \\-]?[A-Z]{4}(?:[ \\-]?[A-Z0-9]{4}){6})\\b",
8870
+ "options": {
8871
+ "case_sensitive": false,
8872
+ "min_length": 15
8873
+ }
8874
+ }
8875
+ },
8876
+ "tags": {
8877
+ "type": "iban",
8878
+ "category": "payment"
8879
+ }
8880
+ },
8881
+ {
8882
+ "id": "h6WJcecQTwqvN9KeEtwDvg",
8883
+ "name": "JCB Card Scanner (1x16 digits)",
8884
+ "key": {
8885
+ "operator": "match_regex",
8886
+ "parameters": {
8887
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8888
+ "options": {
8889
+ "case_sensitive": false,
8890
+ "min_length": 3
8891
+ }
8892
+ }
8893
+ },
8894
+ "value": {
8895
+ "operator": "match_regex",
8896
+ "parameters": {
8897
+ "regex": "\\b35(?:2[89]|[3-9][0-9])(?:\\d{12})\\b",
8898
+ "options": {
8899
+ "case_sensitive": false,
8900
+ "min_length": 16
8901
+ }
8902
+ }
8903
+ },
8904
+ "tags": {
8905
+ "type": "card",
8906
+ "card_type": "jcb",
8907
+ "category": "payment"
8908
+ }
8909
+ },
8910
+ {
8911
+ "id": "gcEaMu_VSJ2-bGCEkgyC0w",
8912
+ "name": "JCB Card Scanner (2x8 digits)",
8913
+ "key": {
8914
+ "operator": "match_regex",
8915
+ "parameters": {
8916
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8917
+ "options": {
8918
+ "case_sensitive": false,
8919
+ "min_length": 3
8920
+ }
8921
+ }
8922
+ },
8923
+ "value": {
8924
+ "operator": "match_regex",
8925
+ "parameters": {
8926
+ "regex": "\\b35(?:2[89]|[3-9][0-9])\\d{4}(?:(?:,\\d{8})|(?:-\\d{8})|(?:\\s\\d{8})|(?:\\.\\d{8}))\\b",
8927
+ "options": {
8928
+ "case_sensitive": false,
8929
+ "min_length": 17
8930
+ }
8931
+ }
8932
+ },
8933
+ "tags": {
8934
+ "type": "card",
8935
+ "card_type": "jcb",
8936
+ "category": "payment"
8937
+ }
8938
+ },
8939
+ {
8940
+ "id": "imTliuhXT5GAeRNhqChXQQ",
8941
+ "name": "JCB Card Scanner (4x4 digits)",
8942
+ "key": {
8943
+ "operator": "match_regex",
8944
+ "parameters": {
8945
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8946
+ "options": {
8947
+ "case_sensitive": false,
8948
+ "min_length": 3
8949
+ }
8950
+ }
8951
+ },
8952
+ "value": {
8953
+ "operator": "match_regex",
8954
+ "parameters": {
8955
+ "regex": "\\b35(?:2[89]|[3-9][0-9])(?:(?:\\s\\d{4}){3}|(?:\\.\\d{4}){3}|(?:-\\d{4}){3}|(?:,\\d{4}){3})\\b",
8956
+ "options": {
8957
+ "case_sensitive": false,
8958
+ "min_length": 16
8959
+ }
8960
+ }
8961
+ },
8962
+ "tags": {
8963
+ "type": "card",
8964
+ "card_type": "jcb",
8965
+ "category": "payment"
8966
+ }
8967
+ },
8968
+ {
8969
+ "id": "9osY3xc9Q7ONAV0zw9Uz4A",
8970
+ "name": "JSON Web Token",
8971
+ "value": {
8972
+ "operator": "match_regex",
8973
+ "parameters": {
8974
+ "regex": "\\bey[I-L][\\w=-]+\\.ey[I-L][\\w=-]+(\\.[\\w.+\\/=-]+)?\\b",
8975
+ "options": {
8976
+ "case_sensitive": false,
8977
+ "min_length": 20
8978
+ }
8979
+ }
8980
+ },
8981
+ "tags": {
8982
+ "type": "json_web_token",
8983
+ "category": "credentials"
8984
+ }
8985
+ },
8986
+ {
8987
+ "id": "d1Q9D3YMRxuVKf6CZInJPw",
8988
+ "name": "Maestro Card Scanner (1x16 digits)",
8989
+ "key": {
8990
+ "operator": "match_regex",
8991
+ "parameters": {
8992
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
8993
+ "options": {
8994
+ "case_sensitive": false,
8995
+ "min_length": 3
8996
+ }
8997
+ }
8998
+ },
8999
+ "value": {
9000
+ "operator": "match_regex",
9001
+ "parameters": {
9002
+ "regex": "\\b(?:5[06-9]\\d{2}|6\\d{3})(?:\\d{12})\\b",
9003
+ "options": {
9004
+ "case_sensitive": false,
9005
+ "min_length": 16
9006
+ }
9007
+ }
9008
+ },
9009
+ "tags": {
9010
+ "type": "card",
9011
+ "card_type": "maestro",
9012
+ "category": "payment"
9013
+ }
9014
+ },
9015
+ {
9016
+ "id": "M3YIQKKjRVmoeQuM3pjzrw",
9017
+ "name": "Maestro Card Scanner (2x8 digits)",
9018
+ "key": {
9019
+ "operator": "match_regex",
9020
+ "parameters": {
9021
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
9022
+ "options": {
9023
+ "case_sensitive": false,
9024
+ "min_length": 3
9025
+ }
9026
+ }
9027
+ },
9028
+ "value": {
9029
+ "operator": "match_regex",
9030
+ "parameters": {
9031
+ "regex": "\\b(?:5[06-9]\\d{6}|6\\d{7})(?:\\s\\d{8}|\\.\\d{8}|-\\d{8}|,\\d{8})\\b",
9032
+ "options": {
9033
+ "case_sensitive": false,
9034
+ "min_length": 17
9035
+ }
9036
+ }
9037
+ },
9038
+ "tags": {
9039
+ "type": "card",
9040
+ "card_type": "maestro",
9041
+ "category": "payment"
9042
+ }
9043
+ },
9044
+ {
9045
+ "id": "hRxiQBlSSVKcjh5U7LZYLA",
9046
+ "name": "Maestro Card Scanner (4x4 digits)",
9047
+ "key": {
9048
+ "operator": "match_regex",
9049
+ "parameters": {
9050
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
9051
+ "options": {
9052
+ "case_sensitive": false,
9053
+ "min_length": 3
9054
+ }
9055
+ }
9056
+ },
9057
+ "value": {
9058
+ "operator": "match_regex",
9059
+ "parameters": {
9060
+ "regex": "\\b(?:5[06-9]\\d{2}|6\\d{3})(?:(?:\\s\\d{4}){3}|(?:\\.\\d{4}){3}|(?:-\\d{4}){3}|(?:,\\d{4}){3})\\b",
9061
+ "options": {
9062
+ "case_sensitive": false,
9063
+ "min_length": 16
9064
+ }
9065
+ }
9066
+ },
9067
+ "tags": {
9068
+ "type": "card",
9069
+ "card_type": "maestro",
9070
+ "category": "payment"
9071
+ }
9072
+ },
9073
+ {
9074
+ "id": "NwhIYNS4STqZys37WlaIKA",
9075
+ "name": "MasterCard Scanner (2x8 digits)",
9076
+ "key": {
9077
+ "operator": "match_regex",
9078
+ "parameters": {
9079
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
9080
+ "options": {
9081
+ "case_sensitive": false,
9082
+ "min_length": 3
9083
+ }
9084
+ }
9085
+ },
9086
+ "value": {
9087
+ "operator": "match_regex",
9088
+ "parameters": {
9089
+ "regex": "\\b(?:(?:5[1-5]\\d{2})|(?:222[1-9])|(?:22[3-9]\\d)|(?:2[3-6]\\d{2})|(?:27[0-1]\\d)|(?:2720))(?:(?:\\d{4}(?:(?:,\\d{8})|(?:-\\d{8})|(?:\\s\\d{8})|(?:\\.\\d{8}))))\\b",
9090
+ "options": {
9091
+ "case_sensitive": false,
9092
+ "min_length": 16
9093
+ }
9094
+ }
9095
+ },
9096
+ "tags": {
9097
+ "type": "card",
9098
+ "card_type": "mastercard",
9099
+ "category": "payment"
9100
+ }
9101
+ },
9102
+ {
9103
+ "id": "axxJkyjhRTOuhjwlsA35Vw",
9104
+ "name": "MasterCard Scanner (4x4 digits)",
9105
+ "key": {
9106
+ "operator": "match_regex",
9107
+ "parameters": {
9108
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
9109
+ "options": {
9110
+ "case_sensitive": false,
9111
+ "min_length": 3
9112
+ }
9113
+ }
9114
+ },
9115
+ "value": {
9116
+ "operator": "match_regex",
9117
+ "parameters": {
9118
+ "regex": "\\b(?:(?:5[1-5]\\d{2})|(?:222[1-9])|(?:22[3-9]\\d)|(?:2[3-6]\\d{2})|(?:27[0-1]\\d)|(?:2720))(?:(?:\\s\\d{4}){3}|(?:\\.\\d{4}){3}|(?:-\\d{4}){3}|(?:,\\d{4}){3})\\b",
9119
+ "options": {
9120
+ "case_sensitive": false,
9121
+ "min_length": 16
9122
+ }
9123
+ }
9124
+ },
9125
+ "tags": {
9126
+ "type": "card",
9127
+ "card_type": "mastercard",
9128
+ "category": "payment"
9129
+ }
9130
+ },
9131
+ {
9132
+ "id": "76EhmoK3TPqJcpM-fK0pLw",
9133
+ "name": "MasterCard Scanner (1x16 digits)",
9134
+ "key": {
9135
+ "operator": "match_regex",
9136
+ "parameters": {
9137
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
9138
+ "options": {
9139
+ "case_sensitive": false,
9140
+ "min_length": 3
9141
+ }
9142
+ }
9143
+ },
9144
+ "value": {
9145
+ "operator": "match_regex",
9146
+ "parameters": {
9147
+ "regex": "\\b(?:(?:5[1-5]\\d{2})|(?:222[1-9])|(?:22[3-9]\\d)|(?:2[3-6]\\d{2})|(?:27[0-1]\\d)|(?:2720))(?:\\d{12})\\b",
9148
+ "options": {
9149
+ "case_sensitive": false,
9150
+ "min_length": 16
9151
+ }
9152
+ }
9153
+ },
9154
+ "tags": {
9155
+ "type": "card",
9156
+ "card_type": "mastercard",
9157
+ "category": "payment"
9158
+ }
9159
+ },
9160
+ {
9161
+ "id": "de0899e0cbaaa812bb624cf04c912071012f616d-mod",
9162
+ "name": "UK National Insurance Number Scanner",
9163
+ "key": {
9164
+ "operator": "match_regex",
9165
+ "parameters": {
9166
+ "regex": "^nin$|\\binsurance\\b",
9167
+ "options": {
9168
+ "case_sensitive": false,
9169
+ "min_length": 3
9170
+ }
9171
+ }
9172
+ },
9173
+ "value": {
9174
+ "operator": "match_regex",
9175
+ "parameters": {
9176
+ "regex": "\\b[A-Z]{2}[\\s-]?\\d{6}[\\s-]?[A-Z]?\\b",
9177
+ "options": {
9178
+ "case_sensitive": false,
9179
+ "min_length": 8
9180
+ }
9181
+ }
9182
+ },
9183
+ "tags": {
9184
+ "type": "uk_nin",
9185
+ "category": "pii"
9186
+ }
9187
+ },
9188
+ {
9189
+ "id": "d962f7ddb3f55041e39195a60ff79d4814a7c331",
9190
+ "name": "US Passport Scanner",
9191
+ "key": {
9192
+ "operator": "match_regex",
9193
+ "parameters": {
9194
+ "regex": "\\bpassport\\b",
9195
+ "options": {
9196
+ "case_sensitive": false,
9197
+ "min_length": 8
9198
+ }
9199
+ }
9200
+ },
9201
+ "value": {
9202
+ "operator": "match_regex",
9203
+ "parameters": {
9204
+ "regex": "\\b[0-9A-Z]{9}\\b|\\b[0-9]{6}[A-Z][0-9]{2}\\b",
9205
+ "options": {
9206
+ "case_sensitive": false,
9207
+ "min_length": 8
9208
+ }
9209
+ }
9210
+ },
9211
+ "tags": {
9212
+ "type": "passport_number",
9213
+ "category": "pii"
9214
+ }
9215
+ },
9216
+ {
9217
+ "id": "7771fc3b-b205-4b93-bcef-28608c5c1b54",
9218
+ "name": "United States Social Security Number Scanner",
9219
+ "key": {
9220
+ "operator": "match_regex",
9221
+ "parameters": {
9222
+ "regex": "\\b(?:SSN|(?:(?:social)?[\\s_]?(?:security)?[\\s_]?(?:number)?)?)\\b",
9223
+ "options": {
9224
+ "case_sensitive": false,
9225
+ "min_length": 3
9226
+ }
9227
+ }
9228
+ },
9229
+ "value": {
9230
+ "operator": "match_regex",
9231
+ "parameters": {
9232
+ "regex": "\\b\\d{3}[-\\s\\.]{1}\\d{2}[-\\s\\.]{1}\\d{4}\\b",
9233
+ "options": {
9234
+ "case_sensitive": false,
9235
+ "min_length": 11
9236
+ }
9237
+ }
9238
+ },
9239
+ "tags": {
9240
+ "type": "us_ssn",
9241
+ "category": "pii"
9242
+ }
9243
+ },
9244
+ {
9245
+ "id": "ac6d683cbac77f6e399a14990793dd8fd0fca333",
9246
+ "name": "US Vehicle Identification Number Scanner",
9247
+ "key": {
9248
+ "operator": "match_regex",
9249
+ "parameters": {
9250
+ "regex": "\\b(?:vehicle[_\\s-]*identification[_\\s-]*number|vin)\\b",
9251
+ "options": {
9252
+ "case_sensitive": false,
9253
+ "min_length": 3
9254
+ }
9255
+ }
9256
+ },
9257
+ "value": {
9258
+ "operator": "match_regex",
9259
+ "parameters": {
9260
+ "regex": "\\b[A-HJ-NPR-Z0-9]{17}\\b",
9261
+ "options": {
9262
+ "case_sensitive": false,
9263
+ "min_length": 17
9264
+ }
9265
+ }
9266
+ },
9267
+ "tags": {
9268
+ "type": "vin",
9269
+ "category": "pii"
9270
+ }
9271
+ },
9272
+ {
9273
+ "id": "wJIgOygRQhKkR69b_9XbRQ",
9274
+ "name": "Visa Card Scanner (2x8 digits)",
9275
+ "key": {
9276
+ "operator": "match_regex",
9277
+ "parameters": {
9278
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
9279
+ "options": {
9280
+ "case_sensitive": false,
9281
+ "min_length": 3
9282
+ }
9283
+ }
9284
+ },
9285
+ "value": {
9286
+ "operator": "match_regex",
9287
+ "parameters": {
9288
+ "regex": "\\b4\\d{3}(?:(?:\\d{4}(?:(?:,\\d{8})|(?:-\\d{8})|(?:\\s\\d{8})|(?:\\.\\d{8}))))\\b",
9289
+ "options": {
9290
+ "case_sensitive": false,
9291
+ "min_length": 16
9292
+ }
9293
+ }
9294
+ },
9295
+ "tags": {
9296
+ "type": "card",
9297
+ "card_type": "visa",
9298
+ "category": "payment"
9299
+ }
9300
+ },
9301
+ {
9302
+ "id": "0o71SJxXQNK7Q6gMbBesFQ",
9303
+ "name": "Visa Card Scanner (4x4 digits)",
9304
+ "key": {
9305
+ "operator": "match_regex",
9306
+ "parameters": {
9307
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
9308
+ "options": {
9309
+ "case_sensitive": false,
9310
+ "min_length": 3
9311
+ }
9312
+ }
9313
+ },
9314
+ "value": {
9315
+ "operator": "match_regex",
9316
+ "parameters": {
9317
+ "regex": "\\b4\\d{3}(?:(?:,\\d{4}){3}|(?:\\s\\d{4}){3}|(?:\\.\\d{4}){3}|(?:-\\d{4}){3})\\b",
9318
+ "options": {
9319
+ "case_sensitive": false,
9320
+ "min_length": 16
9321
+ }
9322
+ }
9323
+ },
9324
+ "tags": {
9325
+ "type": "card",
9326
+ "card_type": "visa",
9327
+ "category": "payment"
9328
+ }
9329
+ },
9330
+ {
9331
+ "id": "QrHD6AfgQm6z-j0wStxTvA",
9332
+ "name": "Visa Card Scanner (1x15 & 1x16 & 1x19 digits)",
9333
+ "key": {
9334
+ "operator": "match_regex",
9335
+ "parameters": {
9336
+ "regex": "\\b(?:card|cc|credit|debit|payment|amex|visa|mastercard|maestro|discover|jcb|diner)\\b",
9337
+ "options": {
9338
+ "case_sensitive": false,
9339
+ "min_length": 3
9340
+ }
9341
+ }
9342
+ },
9343
+ "value": {
9344
+ "operator": "match_regex",
9345
+ "parameters": {
9346
+ "regex": "4[0-9]{12}(?:[0-9]{3})?",
9347
+ "options": {
9348
+ "case_sensitive": false,
9349
+ "min_length": 13
9350
+ }
9351
+ }
9352
+ },
9353
+ "tags": {
9354
+ "type": "card",
9355
+ "card_type": "visa",
9356
+ "category": "payment"
9357
+ }
9358
+ }
7702
9359
  ]
7703
- }
9360
+ }