hardstop-patterns 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +144 -0
- package/index.d.ts +66 -0
- package/index.js +262 -0
- package/package.json +44 -0
- package/patterns/bash-dangerous.json +228 -0
- package/patterns/bash-safe.json +91 -0
- package/patterns/meta.json +21 -0
- package/patterns/read-dangerous.json +79 -0
- package/patterns/read-safe.json +100 -0
- package/patterns/read-sensitive.json +19 -0
|
@@ -0,0 +1,100 @@
|
|
|
1
|
+
{
|
|
2
|
+
"version": "1.0.0",
|
|
3
|
+
"scope": "read",
|
|
4
|
+
"type": "safe",
|
|
5
|
+
"match_mode": "search",
|
|
6
|
+
"patterns": [
|
|
7
|
+
{"id": "SAFE-DOC-001", "pattern": "README\\.md$", "category": "documentation", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
8
|
+
{"id": "SAFE-DOC-002", "pattern": "README\\.rst$", "category": "documentation", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
9
|
+
{"id": "SAFE-DOC-003", "pattern": "README\\.txt$", "category": "documentation", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
10
|
+
{"id": "SAFE-DOC-004", "pattern": "README$", "category": "documentation", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
11
|
+
{"id": "SAFE-DOC-005", "pattern": "CHANGELOG\\.md$", "category": "documentation", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
12
|
+
{"id": "SAFE-DOC-006", "pattern": "CHANGELOG$", "category": "documentation", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
13
|
+
{"id": "SAFE-DOC-007", "pattern": "HISTORY\\.md$", "category": "documentation", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
14
|
+
{"id": "SAFE-DOC-008", "pattern": "LICENSE$", "category": "documentation", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
15
|
+
{"id": "SAFE-DOC-009", "pattern": "LICENSE\\.md$", "category": "documentation", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
16
|
+
{"id": "SAFE-DOC-010", "pattern": "LICENSE\\.txt$", "category": "documentation", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
17
|
+
{"id": "SAFE-DOC-011", "pattern": "CONTRIBUTING\\.md$", "category": "documentation", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
18
|
+
{"id": "SAFE-DOC-012", "pattern": "CODE_OF_CONDUCT\\.md$", "category": "documentation", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
19
|
+
{"id": "SAFE-DOC-013", "pattern": "\\.md$", "category": "documentation", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
20
|
+
{"id": "SAFE-DOC-014", "pattern": "\\.rst$", "category": "documentation", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
21
|
+
{"id": "SAFE-DOC-015", "pattern": "\\.txt$", "category": "documentation", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
22
|
+
{"id": "SAFE-SRC-001", "pattern": "\\.py$", "category": "source_code", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
23
|
+
{"id": "SAFE-SRC-002", "pattern": "\\.pyi$", "category": "source_code", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
24
|
+
{"id": "SAFE-SRC-003", "pattern": "\\.js$", "category": "source_code", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
25
|
+
{"id": "SAFE-SRC-004", "pattern": "\\.mjs$", "category": "source_code", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
26
|
+
{"id": "SAFE-SRC-005", "pattern": "\\.cjs$", "category": "source_code", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
27
|
+
{"id": "SAFE-SRC-006", "pattern": "\\.ts$", "category": "source_code", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
28
|
+
{"id": "SAFE-SRC-007", "pattern": "\\.tsx$", "category": "source_code", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
29
|
+
{"id": "SAFE-SRC-008", "pattern": "\\.jsx$", "category": "source_code", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
30
|
+
{"id": "SAFE-SRC-009", "pattern": "\\.go$", "category": "source_code", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
31
|
+
{"id": "SAFE-SRC-010", "pattern": "\\.rs$", "category": "source_code", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
32
|
+
{"id": "SAFE-SRC-011", "pattern": "\\.java$", "category": "source_code", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
33
|
+
{"id": "SAFE-SRC-012", "pattern": "\\.kt$", "category": "source_code", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
34
|
+
{"id": "SAFE-SRC-013", "pattern": "\\.scala$", "category": "source_code", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
35
|
+
{"id": "SAFE-SRC-014", "pattern": "\\.c$", "category": "source_code", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
36
|
+
{"id": "SAFE-SRC-015", "pattern": "\\.cpp$", "category": "source_code", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
37
|
+
{"id": "SAFE-SRC-016", "pattern": "\\.cc$", "category": "source_code", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
38
|
+
{"id": "SAFE-SRC-017", "pattern": "\\.h$", "category": "source_code", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
39
|
+
{"id": "SAFE-SRC-018", "pattern": "\\.hpp$", "category": "source_code", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
40
|
+
{"id": "SAFE-SRC-019", "pattern": "\\.cs$", "category": "source_code", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
41
|
+
{"id": "SAFE-SRC-020", "pattern": "\\.rb$", "category": "source_code", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
42
|
+
{"id": "SAFE-SRC-021", "pattern": "\\.php$", "category": "source_code", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
43
|
+
{"id": "SAFE-SRC-022", "pattern": "\\.swift$", "category": "source_code", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
44
|
+
{"id": "SAFE-SRC-023", "pattern": "\\.m$", "category": "source_code", "platforms": ["macos"], "added": "1.0.0"},
|
|
45
|
+
{"id": "SAFE-SRC-024", "pattern": "\\.mm$", "category": "source_code", "platforms": ["macos"], "added": "1.0.0"},
|
|
46
|
+
{"id": "SAFE-SRC-025", "pattern": "\\.lua$", "category": "source_code", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
47
|
+
{"id": "SAFE-SRC-026", "pattern": "\\.pl$", "category": "source_code", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
48
|
+
{"id": "SAFE-SRC-027", "pattern": "\\.sh$", "category": "source_code", "platforms": ["linux", "macos"], "added": "1.0.0"},
|
|
49
|
+
{"id": "SAFE-SRC-028", "pattern": "\\.bash$", "category": "source_code", "platforms": ["linux", "macos"], "added": "1.0.0"},
|
|
50
|
+
{"id": "SAFE-SRC-029", "pattern": "\\.zsh$", "category": "source_code", "platforms": ["linux", "macos"], "added": "1.0.0"},
|
|
51
|
+
{"id": "SAFE-SRC-030", "pattern": "\\.fish$", "category": "source_code", "platforms": ["linux", "macos"], "added": "1.0.0"},
|
|
52
|
+
{"id": "SAFE-SRC-031", "pattern": "\\.ps1$", "category": "source_code", "platforms": ["windows"], "added": "1.0.0"},
|
|
53
|
+
{"id": "SAFE-SRC-032", "pattern": "\\.bat$", "category": "source_code", "platforms": ["windows"], "added": "1.0.0"},
|
|
54
|
+
{"id": "SAFE-SRC-033", "pattern": "\\.cmd$", "category": "source_code", "platforms": ["windows"], "added": "1.0.0"},
|
|
55
|
+
{"id": "SAFE-SRC-034", "pattern": "\\.sql$", "category": "source_code", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
56
|
+
{"id": "SAFE-SRC-035", "pattern": "\\.graphql$", "category": "source_code", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
57
|
+
{"id": "SAFE-SRC-036", "pattern": "\\.gql$", "category": "source_code", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
58
|
+
{"id": "SAFE-CFG-001", "pattern": "package\\.json$", "category": "project_config", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
59
|
+
{"id": "SAFE-CFG-002", "pattern": "package-lock\\.json$", "category": "project_config", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
60
|
+
{"id": "SAFE-CFG-003", "pattern": "yarn\\.lock$", "category": "project_config", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
61
|
+
{"id": "SAFE-CFG-004", "pattern": "pnpm-lock\\.yaml$", "category": "project_config", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
62
|
+
{"id": "SAFE-CFG-005", "pattern": "tsconfig\\.json$", "category": "project_config", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
63
|
+
{"id": "SAFE-CFG-006", "pattern": "jsconfig\\.json$", "category": "project_config", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
64
|
+
{"id": "SAFE-CFG-007", "pattern": "pyproject\\.toml$", "category": "project_config", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
65
|
+
{"id": "SAFE-CFG-008", "pattern": "setup\\.py$", "category": "project_config", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
66
|
+
{"id": "SAFE-CFG-009", "pattern": "setup\\.cfg$", "category": "project_config", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
67
|
+
{"id": "SAFE-CFG-010", "pattern": "Cargo\\.toml$", "category": "project_config", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
68
|
+
{"id": "SAFE-CFG-011", "pattern": "Cargo\\.lock$", "category": "project_config", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
69
|
+
{"id": "SAFE-CFG-012", "pattern": "go\\.mod$", "category": "project_config", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
70
|
+
{"id": "SAFE-CFG-013", "pattern": "go\\.sum$", "category": "project_config", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
71
|
+
{"id": "SAFE-CFG-014", "pattern": "requirements\\.txt$", "category": "project_config", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
72
|
+
{"id": "SAFE-CFG-015", "pattern": "Pipfile$", "category": "project_config", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
73
|
+
{"id": "SAFE-CFG-016", "pattern": "Pipfile\\.lock$", "category": "project_config", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
74
|
+
{"id": "SAFE-CFG-017", "pattern": "Gemfile$", "category": "project_config", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
75
|
+
{"id": "SAFE-CFG-018", "pattern": "Gemfile\\.lock$", "category": "project_config", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
76
|
+
{"id": "SAFE-CFG-019", "pattern": "composer\\.json$", "category": "project_config", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
77
|
+
{"id": "SAFE-CFG-020", "pattern": "composer\\.lock$", "category": "project_config", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
78
|
+
{"id": "SAFE-CFG-021", "pattern": "Makefile$", "category": "project_config", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
79
|
+
{"id": "SAFE-CFG-022", "pattern": "CMakeLists\\.txt$", "category": "project_config", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
80
|
+
{"id": "SAFE-CFG-023", "pattern": "\\.gitignore$", "category": "project_config", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
81
|
+
{"id": "SAFE-CFG-024", "pattern": "\\.dockerignore$", "category": "project_config", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
82
|
+
{"id": "SAFE-CFG-025", "pattern": "Dockerfile$", "category": "project_config", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
83
|
+
{"id": "SAFE-CFG-026", "pattern": "docker-compose\\.yml$", "category": "project_config", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
84
|
+
{"id": "SAFE-CFG-027", "pattern": "docker-compose\\.yaml$", "category": "project_config", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
85
|
+
{"id": "SAFE-TMPL-001", "pattern": "\\.env\\.example$", "category": "template_files", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
86
|
+
{"id": "SAFE-TMPL-002", "pattern": "\\.env\\.template$", "category": "template_files", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
87
|
+
{"id": "SAFE-TMPL-003", "pattern": "\\.env\\.sample$", "category": "template_files", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
88
|
+
{"id": "SAFE-TMPL-004", "pattern": "\\.env\\.dist$", "category": "template_files", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
89
|
+
{"id": "SAFE-TMPL-005", "pattern": "example\\.", "category": "template_files", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
90
|
+
{"id": "SAFE-TMPL-006", "pattern": "sample\\.", "category": "template_files", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
91
|
+
{"id": "SAFE-TMPL-007", "pattern": "template\\.", "category": "template_files", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
92
|
+
{"id": "SAFE-WEB-001", "pattern": "\\.html$", "category": "web_assets", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
93
|
+
{"id": "SAFE-WEB-002", "pattern": "\\.css$", "category": "web_assets", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
94
|
+
{"id": "SAFE-WEB-003", "pattern": "\\.scss$", "category": "web_assets", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
95
|
+
{"id": "SAFE-WEB-004", "pattern": "\\.sass$", "category": "web_assets", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
96
|
+
{"id": "SAFE-WEB-005", "pattern": "\\.less$", "category": "web_assets", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
97
|
+
{"id": "SAFE-WEB-006", "pattern": "\\.svg$", "category": "web_assets", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
98
|
+
{"id": "SAFE-DATA-001", "pattern": "\\.xml$", "category": "data_formats", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"}
|
|
99
|
+
]
|
|
100
|
+
}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
{
|
|
2
|
+
"version": "1.0.0",
|
|
3
|
+
"scope": "read",
|
|
4
|
+
"type": "sensitive",
|
|
5
|
+
"match_mode": "search",
|
|
6
|
+
"patterns": [
|
|
7
|
+
{"id": "SENS-CFG-001", "pattern": "[/\\\\]config\\.json$", "message": "Config file (may contain secrets)", "category": "config_files", "severity": "medium", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
8
|
+
{"id": "SENS-CFG-002", "pattern": "[/\\\\]config\\.yaml$", "message": "Config file (may contain secrets)", "category": "config_files", "severity": "medium", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
9
|
+
{"id": "SENS-CFG-003", "pattern": "[/\\\\]config\\.yml$", "message": "Config file (may contain secrets)", "category": "config_files", "severity": "medium", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
10
|
+
{"id": "SENS-CFG-004", "pattern": "(?<!\\.vscode)[/\\\\]settings\\.json$", "message": "Settings file (may contain secrets)", "category": "config_files", "severity": "medium", "platforms": ["linux", "macos", "windows"], "added": "1.0.0", "notes": "Excludes .vscode/settings.json which is IDE config, not secrets"},
|
|
11
|
+
{"id": "SENS-BAK-001", "pattern": "[/\\\\]\\.env\\.bak$", "message": "Environment file backup", "category": "backup_files", "severity": "medium", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
12
|
+
{"id": "SENS-BAK-002", "pattern": "[/\\\\]\\.env\\.backup$", "message": "Environment file backup", "category": "backup_files", "severity": "medium", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
13
|
+
{"id": "SENS-BAK-003", "pattern": "[/\\\\]credentials\\.bak$", "message": "Credentials backup", "category": "backup_files", "severity": "medium", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
14
|
+
{"id": "SENS-NAME-001", "pattern": "[/\\\\][^/\\\\]*password[^/\\\\]*$", "message": "File with 'password' in name", "category": "suspicious_names", "severity": "medium", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"},
|
|
15
|
+
{"id": "SENS-NAME-002", "pattern": "[/\\\\](?!client_secret)[^/\\\\]*secret[^/\\\\]*$", "message": "File with 'secret' in name", "category": "suspicious_names", "severity": "medium", "platforms": ["linux", "macos", "windows"], "added": "1.0.0", "notes": "Excludes client_secret*.json (caught by CRED-TOKEN-002). Uses lookahead instead of lookbehind for Python re compat."},
|
|
16
|
+
{"id": "SENS-NAME-003", "pattern": "[/\\\\][^/\\\\]*token[^/\\\\]*(?:(?<!\\.js)(?<!\\.ts)(?<!\\.py)(?<!\\.rs)(?<!\\.go)(?<!\\.jsx)(?<!\\.tsx)(?<!\\.mjs)(?<!\\.cjs))$", "message": "File with 'token' in name", "category": "suspicious_names", "severity": "medium", "platforms": ["linux", "macos", "windows"], "added": "1.0.0", "notes": "Excludes source code files like tokenizer.js, tokenizer.tsx, etc."},
|
|
17
|
+
{"id": "SENS-NAME-004", "pattern": "[/\\\\][^/\\\\]*api.?key[^/\\\\]*$", "message": "File with 'apikey' in name", "category": "suspicious_names", "severity": "medium", "platforms": ["linux", "macos", "windows"], "added": "1.0.0"}
|
|
18
|
+
]
|
|
19
|
+
}
|