PyPI - credsweeper - Versions diffs - 1.12.1__py3-none-any.whl → 1.13.3__py3-none-any.whl - Mend

credsweeper 1.12.1py3-none-any.whl → 1.13.3py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of credsweeper might be problematic. Click here for more details.

Files changed (51) hide show

credsweeper/__init__.py +1 -1
credsweeper/__main__.py +23 -13
credsweeper/app.py +7 -2
credsweeper/common/keyword_pattern.py +6 -3
credsweeper/common/morpheme_checklist.txt +26 -6
credsweeper/config/config.py +1 -0
credsweeper/credentials/line_data.py +21 -6
credsweeper/deep_scanner/abstract_scanner.py +1 -0
credsweeper/deep_scanner/csv_scanner.py +71 -0
credsweeper/deep_scanner/deep_scanner.py +19 -9
credsweeper/deep_scanner/jks_scanner.py +11 -2
credsweeper/deep_scanner/pkcs_scanner.py +4 -0
credsweeper/deep_scanner/rtf_scanner.py +41 -0
credsweeper/deep_scanner/strings_scanner.py +52 -0
credsweeper/file_handler/byte_content_provider.py +10 -1
credsweeper/file_handler/file_path_extractor.py +2 -0
credsweeper/file_handler/text_content_provider.py +7 -1
credsweeper/filters/__init__.py +1 -1
credsweeper/filters/group/token_pattern.py +2 -2
credsweeper/filters/group/weird_base36_token.py +3 -3
credsweeper/filters/group/weird_base64_token.py +2 -2
credsweeper/filters/value_camel_case_check.py +2 -2
credsweeper/filters/value_file_path_check.py +5 -3
credsweeper/filters/value_github_check.py +3 -2
credsweeper/filters/value_morphemes_check.py +43 -0
credsweeper/filters/value_string_type_check.py +1 -0
credsweeper/ml_model/features/feature.py +1 -18
credsweeper/ml_model/features/file_extension.py +1 -1
credsweeper/ml_model/features/has_html_tag.py +10 -8
credsweeper/ml_model/features/is_secret_numeric.py +4 -3
credsweeper/ml_model/features/rule_name.py +1 -1
credsweeper/ml_model/features/word_in.py +9 -32
credsweeper/ml_model/features/word_in_path.py +2 -3
credsweeper/ml_model/features/word_in_postamble.py +1 -4
credsweeper/ml_model/features/word_in_preamble.py +1 -4
credsweeper/ml_model/features/word_in_transition.py +1 -4
credsweeper/ml_model/features/word_in_value.py +2 -3
credsweeper/ml_model/features/word_in_variable.py +2 -3
credsweeper/ml_model/ml_config.json +15 -8
credsweeper/ml_model/ml_model.onnx +0 -0
credsweeper/ml_model/ml_validator.py +1 -1
credsweeper/rules/config.yaml +174 -207
credsweeper/scanner/scanner.py +12 -7
credsweeper/secret/config.json +18 -5
credsweeper/utils/util.py +21 -18
{credsweeper-1.12.1.dist-info → credsweeper-1.13.3.dist-info}/METADATA +7 -7
{credsweeper-1.12.1.dist-info → credsweeper-1.13.3.dist-info}/RECORD +50 -47
credsweeper/filters/value_couple_keyword_check.py +0 -28
{credsweeper-1.12.1.dist-info → credsweeper-1.13.3.dist-info}/WHEEL +0 -0
{credsweeper-1.12.1.dist-info → credsweeper-1.13.3.dist-info}/entry_points.txt +0 -0
{credsweeper-1.12.1.dist-info → credsweeper-1.13.3.dist-info}/licenses/LICENSE +0 -0

credsweeper/rules/config.yaml CHANGED Viewed

@@ -3,7 +3,7 @@
   confidence: weak
   type: pattern
   values:
-    - (?P<variable>(\w*(?i:비밀번호|비번|패스워드|키|암호화?|토큰|(?<!by)pass(?!ed|ing|ion|es|age)|\bpwd?\b|token|secret|key|cred)\w*)\s*(설정은|[=:!]{1,3}))?\s*([._0-9A-Za-z\[\]]*get(env)?\s*\(\s*(?(variable)[^,]+|[\"'\\]*(\\*([\"']|&(quot|apos|#3[49]);)){0,4}(\w*(?i:(?<!by)pass(?!ed|ing|ion|es|age|\s+[a-z]{3,80})|\bpwd?\b|token|secret|key|cred)\w*))(\\*([\"']|&(quot|apos|#3[49]);)){0,4})\s*,\s*(default\s*=\s*)?([brufl@]{1,2}(?=\\*[\"'&]))?(?P<lq>(\\*([\"']|&(quot|apos|#3[49]);)){1,4})(?P<value>(.(?!(?P=lq))){4,80}.?)
+    - (?P<variable>(\w*(?i:비밀번호|비번|패스워드|키|암호화?|토큰|(?<!by)pass(?!e[dns]|ing|ion|age)|\bpwd?\b|token|secret|key|cred)\w*)\s*(설정은|[=:!]{1,3}))?\s*([._0-9A-Za-z\[\]]*get(env)?\s*\(\s*(?(variable)[^,]+|[\"'\\]*(\\*([\"']|&(quot|apos|#3[49]);)){0,4}(\w*(?i:(?<!by)pass(?!e[dns]|ing|ion|age|\s+[a-z]{3,80})|\bpwd?\b|token|secret|key|cred)\w*))(\\*([\"']|&(quot|apos|#3[49]);)){0,4})\s*,\s*(default\s*=\s*)?([brufl@]{1,2}(?=\\*[\"'&]))?(?P<lq>(\\*([\"']|&(quot|apos|#3[49]);)){1,4})(?P<value>(.(?!(?P=lq))){4,80}.?)
   filter_type:
     - ValueAllowlistCheck
     - LineGitBinaryCheck
@@ -34,7 +34,7 @@
   confidence: weak
   type: pattern
   values:
-    - (?P<wrap>[\"'`(])?\s*(?P<variable>(\w*(?i:(?<!by)passw?o?r?d?s?(?!ed|ing|ion|es|age)|pwd?\b|\bp/w\b|token|secret|key|credential)\w*|비밀번호|비번|패스워드|키|암호화?|토큰))[\"'`]*(\s+(?i:is|are|was|were)(\s*[:-])?\s+|\s*(설정은|[=:!]{1,3})\s*)(?P<quote>[\"'`]{1,6})?(?P<value>(?(quote)(?(wrap)[^\"'`)]{4,80}|[^\"'`]{4,80})|(?(wrap)[^\"'`)]{4,80}|\S{4,80})))
+    - (?P<wrap>[\"'`(])?\s*(?P<variable>(\w*(?i:(?<!by)passw?o?r?d?s?(?!e[dns]|ing|ion|age)|pwd?\b|\bp/w\b|token|secret|key|credential)\w*|비밀번호|비번|패스워드|키|암호화?|토큰))[\"'`]*(\s+(?i:is|are|was|were)(\s*[:-])?\s+|\s*(설정은|[=:!]{1,3})\s*)(?P<quote>[\"'`]{1,6})?(?P<value>(?(quote)(?(wrap)[^\"'`)]{4,80}|[^\"'`]{4,80})|(?(wrap)[^\"'`)]{4,80}|\S{4,80})))
   filter_type:
     - ValueAllowlistCheck
     - LineGitBinaryCheck
@@ -73,7 +73,7 @@
     - ValueAllowlistCheck
     - ValuePatternCheck(4)
     - ValueEntropyBase64Check
-    - ValueCoupleKeywordCheck
+    - ValueMorphemesCheck
   min_line_len: 16
   required_substrings:
     - token
@@ -90,7 +90,7 @@
   confidence: moderate
   type: pattern
   values:
-    - (?P<variable>[\"'`]?(?i:(?<!id[ :/])pa[as]swo?r?ds?|pwd?|p/w|비밀번호|비번|패스워드|암호)[\"'`]?)((\s)*[=:](\s)*)(?P<quote>[\"'`(])?(?P<value>(?-i:(?P<a>[A-Z])|(?P<b>[a-z])|(?P<c>[0-9/_+=~!@#$%^&*;:?-])){8,31}(?(a)(?(b)(?(c)(\S|$)|(?!x)x)|(?!x)x)|(?!x)x))(?(quote)[)\"'`])
+    - (?P<variable>[\"'`]?(?i:(?<!id[ :/])pa[as]swo?r?ds?|pwd?|p/w|비밀번호|비번|패스워드|암호)[\"'`]?)((\s)*[=:](\s)*)(?P<quote>[\"'`(])?(?P<value>(?-i:(?P<a>[A-Z])|(?P<b>[a-z])|(?P<c>[0-9/_+=~!@#$%^&*;:?-])){8,64}(?(a)(?(b)(?(c)(\S|$)|(?!x)x)|(?!x)x)|(?!x)x))(?(quote)[)\"'`])
   filter_type:
     - ValueAllowlistCheck
     - ValuePatternCheck(4)
@@ -118,7 +118,7 @@
   confidence: moderate
   type: pattern
   values:
-    - (^|\s|(?P<variable>(?i:\bip[\s/]{1,80}id[\s/]{1,80}pw[\s/:]{0,80}))|(?P<url>://))(?P<ip>(?<![0-9.])[0-2]?[0-9]{1,2}\.[0-2]?[0-9]{1,2}\.[0-2]?[0-9]{1,2}\.[0-2]?[0-9]{1,2}(?![0-9.]))((\s*[(])?|(?(variable)[\s,/]{1,80}|(?(url)[,]|[,/])))\s*\w[\w.-]{3,80}[\s,/]{1,80}(?P<value>(?(url)(?-i:(?P<a>[A-Z])|(?P<b>[a-z])|(?P<c>[0-9_+=~!@#$%^&*;?-])){7,31}(?(a)(?(b)(?(c)(\S|$)|(?!x)x)|(?!x)x)|(?!x)x)|(?-i:(?P<e>[A-Z])|(?P<f>[a-z])|(?P<g>[0-9/_+=~!@#$%^&*;?-])){7,31}(?(e)(?(f)(?(g)(\S|$)|(?!x)x)|(?!x)x)|(?!x)x)))(?:\s|[^/]|$)
+    - (^|\s|(?P<variable>(?i:\bip[\s/]{1,80}id[\s/]{1,80}pw[\s/:]{0,80}))|(?P<url>://))(?P<ip>(?<![0-9.])[0-2]?[0-9]{1,2}\.[0-2]?[0-9]{1,2}\.[0-2]?[0-9]{1,2}\.[0-2]?[0-9]{1,2}(?![0-9.]))((\s*[(])?|(?(variable)[\s,/]{1,80}|(?(url)[,]|[,/])))\s*\w[\w.-]{3,80}[\s,/]{1,80}(?P<value>(?(url)(?-i:(?P<a>[A-Z])|(?P<b>[a-z])|(?P<c>[0-9_+=~!@#$%^&*;?-])){7,64}(?(a)(?(b)(?(c)(\S|$)|(?!x)x)|(?!x)x)|(?!x)x)|(?-i:(?P<e>[A-Z])|(?P<f>[a-z])|(?P<g>[0-9/_+=~!@#$%^&*;?-])){7,64}(?(e)(?(f)(?(g)(\S|$)|(?!x)x)|(?!x)x)|(?!x)x)))(?:\s|[^/]|$)
   filter_type:
     - ValueAllowlistCheck
     - ValuePatternCheck(4)
@@ -134,7 +134,7 @@
   confidence: moderate
   type: pattern
   values:
-    - (?P<ddash>--)?(?P<variable>\w*(?i:pa[as]swords?|passwd?|pwd|\bp/w|\bpw|비밀번호|비번|패스워드|암호))\s*?(?(ddash)[ =]|[:=/>-]{1,2})\s*(?P<quote>[\"'`]{1,8})?(?P<value>(?-i:(?P<a>[A-Z])|(?P<b>[a-z])|(?P<c>[0-9/_+=~!@#$%^&*;:?-])){4,31}(?(a)(?(b)(?(c)(\S|$)|(?!x)x)|(?!x)x)|(?!x)x))(?(quote)(?P=quote)|(\s|$))
+    - (?P<ddash>--)?(?P<variable>\w*(?i:pa[as]swords?|passwd?|pwd|\bp/w|\bpw|비밀번호|비번|패스워드|암호))\s*?(?(ddash)[ =]|[:=/>-]{1,2})\s*(?P<quote>[\"'`]{1,8})?(?P<value>(?-i:(?P<a>[A-Z])|(?P<b>[a-z])|(?P<c>[0-9/_+=~!@#$%^&*;:?-])){4,64}(?(a)(?(b)(?(c)(\S|$)|(?!x)x)|(?!x)x)|(?!x)x))(?(quote)(?P=quote)|(\s|$))
     - (?P<ddash>--)?(?P<variable>(?i:user\s*)?(?i:id|login|account|root|admin|user|name|wifi|role|host|default|계정|아이디))\s*?(?(ddash)[ =]|[ :=])\s*?(?P<value>\S+)
   filter_type:
     - ValueAllowlistCheck
@@ -157,7 +157,7 @@
   confidence: moderate
   type: pattern
   values:
-    - (?P<variable>[\w.-]{0,80}(?i:(?P<id>\bid\b)|id\b|user|name|계정|아이디)[\w.-]{0,80}(?(id)[ :(/]{1,80}|[:(/]{1,80})(?i:pa[as]swo?r?ds?|pwd?|비밀번호|비번|패스워드|암호))\)?(\s*->\s*|[ =:)(/]{1,80}|\s+is\s+|\s+are\s+|\s*는\s*|\s*은\s*|\s*설정은\s*)\(?(?P<id_value>[\w.-]{2,31})[ :\(/\"',]{1,80}(?P<value>(?-i:(?P<a>[A-Z])|(?P<b>[a-z])|(?P<c>[0-9/_+=~!@#$%^&*;:?-])){4,31}(?(a)(?(b)(?(c)(\S|$)|(?!x)x)|(?!x)x)|(?!x)x))
+    - (?P<variable>[\w.-]{0,80}(?i:(?P<id>\bid\b)|id\b|user|name|계정|아이디)[\w.-]{0,80}(?(id)[ :(/]{1,80}|[:(/]{1,80})(?i:pa[as]swo?r?ds?|pwd?|비밀번호|비번|패스워드|암호))\)?(\s*->\s*|[ =:)(/]{1,80}|\s+is\s+|\s+are\s+|\s*는\s*|\s*은\s*|\s*설정은\s*)\(?(?P<id_value>[\w.-]{2,64})[ :\(/\"',]{1,80}(?P<value>(?-i:(?P<a>[A-Z])|(?P<b>[a-z])|(?P<c>[0-9/_+=~!@#$%^&*;:?-])){4,64}(?(a)(?(b)(?(c)(\S|$)|(?!x)x)|(?!x)x)|(?!x)x))
   filter_type:
     - ValueAllowlistCheck
     - ValuePatternCheck(4)
@@ -174,24 +174,6 @@
   target:
     - doc
-- name: SQL Password
-  severity: medium
-  confidence: weak
-  type: pattern
-  values:
-    - (\\[nrt]|\b)(?i:(?P<variable>(CREATE|ALTER|SET\s{1,8}PASSWORD|INSERT(\s{1,8}IGNORE)?|UPDATE\s{1,8}[^\s;]{1,80})\s{1,8}(LOGIN|USER|ROLE|FOR|INTO|SET)\s{1,8}([^\s;]{1,80}\s{1,8}|VALUES\s*\(){1,8}(IDENTIFIED((\s{1,8}WITH\s{1,8}\S{1,80})?\s{1,8}(BY|AS))|(=|WITH)?\s*PASSWORD\b(\s*=)?)))\s*(?P<wrap>[(]\s*)?(?P<value_leftquote>((?P<esq>\\{1,8})?([\"'`]|&(quot|apos|#3[49]);)){1,4})?(?P<value>(?(value_leftquote)((?!(?P=value_leftquote))(?(esq)((?!(?P=esq)([\"'`]|&(quot|apos|#3[49]);)).)|((?!(?P=value_leftquote)).)))|(?!&(quot|apos|#3[49]);)(\\+([ tnr]|[^\s\"'`])|[^\s\"'`,;\\])){3,80})(?(value_leftquote)(?P<value_rightquote>(?<!\\)(?P=value_leftquote))|(?(wrap)[)]|[\s\"'`,;]))
-  filter_type:
-    - ValueAllowlistCheck
-    - ValuePatternCheck
-  min_line_len: 8
-  required_substrings:
-    - password
-    - identified
-  target:
-    - doc
-    - code
-  use_ml: true
 - name: UUID
   severity: info
   confidence: strong
@@ -249,7 +231,7 @@
     - LineSpecificKeyCheck
     - ValuePatternCheck
     - ValueBase64PartCheck
-    - ValueCoupleKeywordCheck(3)
+    - ValueMorphemesCheck
   required_substrings:
     - A
   min_line_len: 20
@@ -278,7 +260,7 @@
   type: pattern
   values:
     - (?:^|[^0-9A-Za-z_+-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>dt0[A-Za-z]{1}[0-9]{2}\.[0-9A-Z]{24}\.[0-9A-Z]{64})(?![0-9A-Za-z_-])
-  filter_type: GeneralPattern
+  filter_type: TokenPattern
   required_substrings:
     - dt0
   min_line_len: 90
@@ -308,7 +290,7 @@
   type: pattern
   values:
     - (?:^|[^0-9A-Za-z_+-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>[0-9]{12,18}\|[0-9A-Za-z_-]{24,28})(?![0-9A-Za-z_+-])
-  filter_type: GeneralPattern
+  filter_type: TokenPattern
   required_substrings:
     - "|"
   required_regex: "[0-9A-Za-z_/+-]{15}"
@@ -317,28 +299,13 @@
     - code
     - doc
-- name: Github Old Token
-  severity: high
-  confidence: moderate
-  type: pattern
-  values:
-    - (?i)((git)[0-9A-Za-z_-]{0,80}(token|key|api)[0-9A-Za-z_-]{0,80}(\s)*(=|:|:=)(\s)*(["']?)(?P<value>[0-9a-z]{40})(["']?))
-  filter_type: GeneralPattern
-  use_ml: true
-  required_substrings:
-    - git
-  min_line_len: 47
-  target:
-    - code
-    - doc
 - name: Google API Key
   severity: high
   confidence: moderate
   type: pattern
   values:
     - (?:^|[^0-9A-Za-z_+-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>AIza[0-9A-Za-z_-]{35})
-  filter_type: GeneralPattern
+  filter_type: TokenPattern
   required_substrings:
     - AIza
   min_line_len: 39
@@ -367,7 +334,7 @@
   type: pattern
   values:
     - (?P<value>GOCSPX-[0-9A-Za-z_-]{28})(?![0-9A-Za-z_-])
-  filter_type: GeneralPattern
+  filter_type: TokenPattern
   required_substrings:
     - GOCSPX-
   min_line_len: 40
@@ -381,7 +348,7 @@
   type: pattern
   values:
     - (?P<value>ya29\.[0-9A-Za-z_-]{22,8000})
-  filter_type: GeneralPattern
+  filter_type: TokenPattern
   required_substrings:
     - ya29.
   min_line_len: 27
@@ -395,7 +362,7 @@
   type: pattern
   values:
     - (?:^|[^0-9A-Za-z_+-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>1//0[0-9A-Za-z_-]{80,8000})
-  filter_type: GeneralPattern
+  filter_type: TokenPattern
   required_substrings:
     - 1//0
   min_line_len: 84
@@ -409,7 +376,7 @@
   type: pattern
   values:
     - (?P<value>HRKU-([0-9A-Za-z_-]{60}|[0-9A-Fa-f]{8}(-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12}))
-  filter_type: GeneralPattern
+  filter_type: TokenPattern
   required_substrings:
     - HRKU-
   min_line_len: 41
@@ -423,7 +390,7 @@
   type: pattern
   values:
     - (?P<value>IGQVJ[=0-9A-Za-z_-]{100,8000})(?![=0-9A-Za-z_-])
-  filter_type: GeneralPattern
+  filter_type: TokenPattern
   required_substrings:
     - IGQVJ
   min_line_len: 105
@@ -480,7 +447,7 @@
     - (?P<variable>\b[dk])[^0-9A-Za-z_-]{1,8}(?P<value>[0-9A-Za-z_-]{22,8000})(?![=0-9A-Za-z_-])
   filter_type:
     - ValuePatternCheck
-    - ValueCoupleKeywordCheck(3)
+    - ValueMorphemesCheck
   required_substrings:
     - kty
   min_line_len: 8
@@ -494,7 +461,7 @@
   type: pattern
   values:
     - (?:^|[^0-9A-Za-z_+-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>[0-9A-Za-z_-]{32}-us[0-9]{1,2})(?![0-9A-Za-z_-])
-  filter_type: GeneralPattern
+  filter_type: TokenPattern
   required_substrings:
     - -us
   min_line_len: 35
@@ -507,10 +474,9 @@
   confidence: moderate
   type: pattern
   values:
-    - (?:^|[^0-9A-Za-z_+-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>key-[0-9A-Za-z_-]{32})(?![0-9A-Za-z_-])
-  filter_type: GeneralPattern
-  required_substrings:
-    - key-
+    - (?:^|[^0-9A-Za-z_+-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>key-[0-9a-z]{32}|[0-9a-f]{32}-[0-9a-f]{8}-[0-9a-f]{8})(?![0-9A-Za-z_-])
+  filter_type: TokenPattern
+  required_regex: "[0-9A-Za-z_/+-]{15}"
   min_line_len: 36
   target:
     - code
@@ -593,7 +559,7 @@
   type: pattern
   values:
     - (?:^|[^0-9A-Za-z_+-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>SG\.[0-9A-Za-z_-]{16,32}\.[0-9A-Za-z_-]{16,64})
-  filter_type: GeneralPattern
+  filter_type: TokenPattern
   required_substrings:
     - SG.
   min_line_len: 34
@@ -620,10 +586,11 @@
   confidence: strong
   type: pattern
   values:
-    - (?:^|[^0-9A-Za-z_+-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>xox[a-z]\-[0-9A-Za-z-]{10,250})(?![0-9A-Za-z_-])
-  filter_type: GeneralPattern
+    - (?P<value>(xapp|xox[a-z])\-[0-9A-Za-z-]{10,250})(?![0-9A-Za-z_-])
+  filter_type: TokenPattern
   required_substrings:
     - xox
+    - xapp
   min_line_len: 15
   target:
     - code
@@ -681,7 +648,7 @@
   type: pattern
   values:
     - (?:^|[^0-9A-Za-z_+-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>sq0[a-z]{3}-[0-9A-Za-z_-]{22}([0-9A-Za-z_-]{21})?)(?![0-9A-Za-z_-])
-  filter_type: GeneralPattern
+  filter_type: TokenPattern
   required_substrings:
     - sq0
   min_line_len: 29
@@ -727,83 +694,13 @@
     - code
     - doc
-- name: CMD ConvertTo-SecureString
-  severity: high
-  confidence: moderate
-  type: pattern
-  values:
-    - (?P<variable>ConvertTo-SecureString(\s\s*-(String|AsPlainText|Force))*)\s\s*(?P<value_leftquote>(\\?[\"']){1,3})?(?P<value>(?(value_leftquote)[^\"'\\]|[^\s\"'\\]){4,800})(?(value_leftquote)(?P<value_rightquote>(\\?[\"']){1,3}))
-  filter_type: GeneralKeyword
-  use_ml: true
-  required_substrings:
-    - convertto-securestring
-  min_line_len: 27
-  target:
-    - code
-- name: CMD Password
-  severity: high
-  confidence: moderate
-  type: pattern
-  values:
-    - (^|\W|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<variable>-[A-Za-z_-]*(?i:pass(in|out|word|phrase)))(\s|\\?[\"'],)\s*(?!-)(?P<value_leftquote>(\\?[\"']){1,3})?(pass:)?(?!file:|env:|fd:)(?P<value>(?(value_leftquote)[^\"'\\]|[^\s\"'\\]){4,80})(?(value_leftquote)(?P<value_rightquote>(\\?[\"']){1,3}))
-  filter_type: GeneralKeyword
-  use_ml: true
-  required_substrings:
-    - pass
-  min_line_len: 12
-  target:
-    - code
-- name: CMD Token
-  severity: high
-  confidence: moderate
-  type: pattern
-  values:
-    - (^|\W|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<variable>-[A-Za-z_-]*(?i:token))(\s|\\?[\"'],)\s*(?!-)(?P<value_leftquote>(\\?[\"']){1,3})?(?P<value>(?(value_leftquote)[^\"'\\]|[^\s\"'\\]){4,4000})(?(value_leftquote)(?P<value_rightquote>(\\?[\"']){1,3}))
-  filter_type: GeneralKeyword
-  use_ml: true
-  required_substrings:
-    - token
-  min_line_len: 12
-  target:
-    - code
-- name: CMD Secret
-  severity: high
-  confidence: moderate
-  type: pattern
-  values:
-    - (^|\W|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<variable>-[A-Za-z_-]*(?i:secret)[A-Za-z_-]*)(\s|\\?[\"'],)\s*(?!-)(?P<value_leftquote>(\\?[\"']){1,3})?(pass:)?(?!file:|env:|fd:)(?P<value>(?(value_leftquote)[^\"'\\]|[^\s\"'\\]){4,4000})(?(value_leftquote)(?P<value_rightquote>(\\?[\"']){1,3}))
-  filter_type: GeneralKeyword
-  use_ml: true
-  required_substrings:
-    - secret
-  min_line_len: 12
-  target:
-    - code
-- name: URL Credentials
-  severity: high
-  confidence: moderate
-  type: pattern
-  values:
-    - (?P<value_leftquote>[\"'])?(?P<variable>[+0-9A-Za-z-]{2,80}://)([^\s\'"<>\[\]^~`{|}:/]{0,80}:){1,3}(?P<value>[^\s\'"<>\[\]^~`{|}@:/]{3,80})@[^\s\'"<>\[\]^~`{|}@:/]{1,800}\\{0,8}(?P<value_rightquote>[\"'])?
-  filter_type: UrlCredentialsGroup
-  use_ml: true
-  required_substrings:
-    - ://
-  min_line_len: 10
-  target:
-    - code
 - name: Telegram Bot API Token
   severity: high
   confidence: moderate
   type: pattern
   values:
     - (?:^|[^0-9A-Za-z_+-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>[0-9]{8,10}:[0-9A-Za-z_-]{35})(?![0-9A-Za-z_-])
-  filter_type: GeneralPattern
+  filter_type: TokenPattern
   required_substrings:
     - :AA
   min_line_len: 45
@@ -817,7 +714,7 @@
   type: pattern
   values:
     - (?P<value>pypi-[0-9A-Za-z_-]{150,255})
-  filter_type: GeneralPattern
+  filter_type: TokenPattern
   required_substrings:
     - pypi-
   min_line_len: 155
@@ -825,6 +722,21 @@
     - code
     - doc
+- name: NPM Token
+  severity: high
+  confidence: strong
+  type: pattern
+  values:
+    - (?:^|[^0-9A-Za-z_+-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>npm_[0-9A-Za-z_-]{36,255})
+  filter_type:
+    - ValueGitHubCheck
+  required_substrings:
+    - npm_
+  min_line_len: 40
+  target:
+    - code
+    - doc
 - name: Github Classic Token
   severity: high
   confidence: strong
@@ -994,32 +906,6 @@
     - code
     - doc
-- name: Bitbucket Client ID
-  severity: info
-  confidence: weak
-  type: pattern
-  values:
-    - (?:^|[^0-9A-Za-z_+-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>[0-9A-Za-z]{18}([0-9A-Za-z]{14})?)(?![=0-9A-Za-z_+-])
-  filter_type: WeirdBase64Token
-  min_line_len: 18
-  required_regex: "[0-9A-Za-z_/+-]{15}"
-  target:
-    - code
-    - doc
-- name: Bitbucket Client Secret
-  severity: info
-  confidence: weak
-  type: pattern
-  values:
-    - (?:^|[^0-9A-Za-z_+-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>([0-9A-Za-z_-]{32}){1,2})(?![=0-9A-Za-z_+-])
-  filter_type: WeirdBase64Token
-  min_line_len: 32
-  required_regex: "[0-9A-Za-z_/+-]{15}"
-  target:
-    - code
-    - doc
 - name: Jira / Confluence PAT token
   severity: high
   confidence: strong
@@ -1038,19 +924,6 @@
     - code
     - doc
-- name: Atlassian Old PAT token
-  severity: info
-  confidence: weak
-  type: pattern
-  values:
-    - (?:^|[^0-9A-Za-z_+-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>[0-9A-Za-z]{24})(?![=.0-9A-Za-z_/+-])
-  filter_type: WeirdBase64Token
-  min_line_len: 24
-  required_regex: "[0-9A-Za-z_/+-]{15}"
-  target:
-    - code
-    - doc
 - name: Atlassian PAT token
   severity: high
   confidence: strong
@@ -1071,12 +944,13 @@
   confidence: strong
   type: pattern
   values:
-    - (?P<value>do[op]_v1_[a-f0-9]{64})(?![0-9A-Za-z_-])
+    - (?P<value>do[opr]_v1_[a-f0-9]{64})(?![0-9A-Za-z_-])
   filter_type: TokenPattern
   min_line_len: 71
   required_substrings:
     - doo_v1_
     - dop_v1_
+    - dor_v1_
   target:
     - code
     - doc
@@ -1208,32 +1082,6 @@
     - code
     - doc
-- name: Gitlab Incoming Email Token
-  severity: info
-  confidence: weak
-  type: pattern
-  values:
-    - (?:^|[^0-9A-Za-z_+-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>[a-z0-9]{24,25})(?![=0-9A-Za-z_/+-])
-  filter_type: WeirdBase36Token
-  min_line_len: 24
-  required_regex: "[0-9A-Za-z_/+-]{15}"
-  target:
-    - code
-    - doc
-- name: Gitlab Feed Token
-  severity: info
-  confidence: weak
-  type: pattern
-  values:
-    - (?:^|[^0-9A-Za-z_+-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>[0-9A-Za-z_-]{20})(?![=0-9A-Za-z_/+-])
-  filter_type: WeirdBase64Token
-  min_line_len: 20
-  required_regex: "[0-9A-Za-z_/+-]{15}"
-  target:
-    - code
-    - doc
 - name: Hashicorp Vault Token
   severity: high
   confidence: strong
@@ -1260,7 +1108,7 @@
     - (?P<value>[0-9A-Za-z_-]{14}\.atlasv1\.[0-9A-Za-z_-]{67})(?![0-9A-Za-z_-])
   filter_type:
     - ValuePatternCheck
-    - ValueCoupleKeywordCheck(3)
+    - ValueMorphemesCheck
   min_line_len: 90
   required_substrings:
     - .atlasv1.
@@ -1276,7 +1124,7 @@
     - (?:^|[^0-9A-Za-z_+-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>S[ACNOPUX][A-Z2-7]{40,200})(?![=0-9A-Za-z_+-])
   min_line_len: 42
   filter_type:
-    - ValueCoupleKeywordCheck
+    - ValueMorphemesCheck
     - ValuePatternCheck
     - ValueEntropyBase32Check
     - ValueBase32DataCheck
@@ -1301,7 +1149,7 @@
   values:
     - (?:^|[^0-9A-Za-z_+-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>([A-Z2-7]{16}){1,2})(?![=0-9A-Za-z_+-])
   filter_type:
-    - ValueCoupleKeywordCheck
+    - ValueMorphemesCheck
     - ValuePatternCheck
     - ValueEntropyBase32Check
     - ValueBase32DataCheck
@@ -1322,7 +1170,7 @@
   min_line_len: 51
   filter_type:
     - ValuePatternCheck
-    - ValueCoupleKeywordCheck
+    - ValueMorphemesCheck
   required_substrings:
     - T3BlbkFJ
     - 9wZW5BS
@@ -1340,7 +1188,7 @@
   min_line_len: 36
   filter_type:
     - ValuePatternCheck
-    - ValueCoupleKeywordCheck
+    - ValueMorphemesCheck
   required_substrings:
     - dckr_pat_
     - dckr_oat_
@@ -1357,7 +1205,7 @@
   min_line_len: 85
   filter_type:
     - ValuePatternCheck
-    - ValueCoupleKeywordCheck
+    - ValueMorphemesCheck
   required_substrings:
     - SWMTKN-1-
   target:
@@ -1373,7 +1221,7 @@
   min_line_len: 52
   filter_type:
     - ValuePatternCheck
-    - ValueCoupleKeywordCheck(3)
+    - ValueMorphemesCheck
   required_substrings:
     - SWMKEY-1-
   target:
@@ -1389,7 +1237,7 @@
   min_line_len: 56
   filter_type:
     - ValuePatternCheck
-    - ValueCoupleKeywordCheck
+    - ValueMorphemesCheck
   required_substrings:
     - WGdyb3FY
     - hncm9xW
@@ -1500,7 +1348,7 @@
   values:
     - (?P<variable>discord(?:app)?\.com/api/webhooks)(?P<value>/[0-9]{16,22}/[0-9A-Za-z_-]{40,100})
   filter_type:
-    - ValueCoupleKeywordCheck(3)
+    - ValueMorphemesCheck
   required_substrings:
     - discordapp.com/api/webhooks
     - discord.com/api/webhooks
@@ -1541,6 +1389,22 @@
     - code
     - doc
+- name: Postman Credentials
+  severity: medium
+  confidence: moderate
+  type: pattern
+  values:
+    - (?P<value>(PMAK-[0-9a-f]{24}-[0-9a-f]{34}|PMAT-[0-9A-Z]{26}))
+  min_line_len: 29
+  filter_type:
+    - ValuePatternCheck
+  required_substrings:
+    - PMAK-
+    - PMAT-
+  target:
+    - code
+    - doc
 - name: Basic Authorization
   severity: medium
   confidence: strong
@@ -1571,6 +1435,109 @@
     - code
     - doc
+- name: SQL Password
+  severity: medium
+  confidence: weak
+  type: pattern
+  values:
+    - (\\[nrt]|\b)(?i:(?P<variable>(CREATE|ALTER|SET\s{1,8}PASSWORD|INSERT(\s{1,8}IGNORE)?|UPDATE\s{1,8}[^\s;]{1,80})\s{1,8}(LOGIN|USER|ROLE|FOR|INTO|SET)\s{1,8}([^\s;]{1,80}\s{1,8}|VALUES\s*\(){1,8}(IDENTIFIED((\s{1,8}WITH\s{1,8}\S{1,80})?\s{1,8}(BY|AS))|(=|WITH)?\s*PASSWORD\b(\s*=)?)))\s*(?P<wrap>[(]\s*)?(?P<value_leftquote>((?P<esq>\\{1,8})?([\"'`]|&(quot|apos|#3[49]);)){1,4})?(?P<value>(?(value_leftquote)((?!(?P=value_leftquote))(?(esq)((?!(?P=esq)([\"'`]|&(quot|apos|#3[49]);)).)|((?!(?P=value_leftquote)).)))|(?!&(quot|apos|#3[49]);)(\\+([ tnr]|[^\s\"'`])|[^\s\"'`,;\\])){3,80})(?(value_leftquote)(?P<value_rightquote>(?<!\\)(?P=value_leftquote))|(?(wrap)[)]|[\s\"'`,;]))
+  filter_type:
+    - ValueAllowlistCheck
+    - ValuePatternCheck
+  use_ml: true
+  min_line_len: 8
+  required_substrings:
+    - password
+    - identified
+  target:
+    - doc
+    - code
+- name: CURL User Password
+  severity: high
+  confidence: moderate
+  type: pattern
+  values:
+    - (?P<variable>curl)\s.*(-[uU]|--(proxy-)?user)\s\s*(?P<value_leftquote>(\\*[\"']){1,3})?(?(value_leftquote)[^\"'\\:]|[^\s\"'\\:]){0,64}:(?P<value>(?(value_leftquote)[^\"'\\]|[^\s\"'\\]){4,64})(?(value_leftquote)(?P<value_rightquote>(\\?[\"']){1,3}))
+  filter_type: GeneralKeyword
+  use_ml: true
+  required_substrings:
+    - curl
+  min_line_len: 16
+  target:
+    - code
+- name: CMD ConvertTo-SecureString
+  severity: high
+  confidence: moderate
+  type: pattern
+  values:
+    - (?P<variable>ConvertTo-SecureString(\s\s*-(String|AsPlainText|Force))*)\s\s*(?P<value_leftquote>(\\?[\"']){1,3})?(?P<value>(?(value_leftquote)[^\"'\\]|[^\s\"'\\]){4,800})(?(value_leftquote)(?P<value_rightquote>(\\?[\"']){1,3}))
+  filter_type: GeneralKeyword
+  use_ml: true
+  required_substrings:
+    - convertto-securestring
+  min_line_len: 27
+  target:
+    - code
+- name: CMD Password
+  severity: high
+  confidence: moderate
+  type: pattern
+  values:
+    - (^|\W|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<variable>-[A-Za-z_-]*(?i:pass(in|out|word|phrase)))(\s|\\?[\"'],)\s*(?!-)(?P<value_leftquote>(\\?[\"']){1,3})?(pass:)?(?!file:|env:|fd:)(?P<value>(?(value_leftquote)[^\"'\\]|[^\s\"'\\]){4,80})(?(value_leftquote)(?P<value_rightquote>(\\?[\"']){1,3}))
+  filter_type: GeneralKeyword
+  use_ml: true
+  required_substrings:
+    - pass
+  min_line_len: 12
+  target:
+    - code
+- name: CMD Token
+  severity: high
+  confidence: moderate
+  type: pattern
+  values:
+    - (^|\W|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<variable>-[A-Za-z_-]*(?i:token|oauth2-bearer))(\s|\\?[\"'],)\s*(?!-)(?P<value_leftquote>(\\?[\"']){1,3})?(?P<value>(?(value_leftquote)[^\"'\\]|[^\s\"'\\]){4,4000})(?(value_leftquote)(?P<value_rightquote>(\\?[\"']){1,3}))
+  filter_type: GeneralKeyword
+  use_ml: true
+  required_substrings:
+    - token
+    - oauth2-bearer
+  min_line_len: 12
+  target:
+    - code
+- name: CMD Secret
+  severity: high
+  confidence: moderate
+  type: pattern
+  values:
+    - (^|\W|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<variable>-[A-Za-z_-]*(?i:secret)[A-Za-z_-]*)(\s|\\?[\"'],)\s*(?!-)(?P<value_leftquote>(\\?[\"']){1,3})?(pass:)?(?!file:|env:|fd:)(?P<value>(?(value_leftquote)[^\"'\\]|[^\s\"'\\]){4,4000})(?(value_leftquote)(?P<value_rightquote>(\\?[\"']){1,3}))
+  filter_type: GeneralKeyword
+  use_ml: true
+  required_substrings:
+    - secret
+  min_line_len: 12
+  target:
+    - code
+- name: URL Credentials
+  severity: high
+  confidence: moderate
+  type: pattern
+  values:
+    - (?P<value_leftquote>[\"'])?(?P<variable>[+0-9A-Za-z-]{2,80}://)([^\s\'"<>\[\]^~`{|}:/]{0,80}:){1,3}(?P<value>[^\s\'"<>\[\]^~`{|}@:/]{3,80})@[^\s\'"<>\[\]^~`{|}@:/]{1,800}\\{0,8}(?P<value_rightquote>[\"'])?
+  filter_type: UrlCredentialsGroup
+  use_ml: true
+  required_substrings:
+    - ://
+  min_line_len: 10
+  target:
+    - code
 - name: API
   severity: low
   confidence: moderate
@@ -1646,7 +1613,7 @@
   confidence: moderate
   type: keyword
   values:
-    - (?<!by)pass(?!ed|ing|ion|es|age|\s+[a-z]{3,80})|pw(d|\b)
+    - (?<!by)pass(?!e[dns]|ing|ion|age|\s+[a-z]{3,80})|pw(d|\b)
   filter_type: PasswordKeyword
   use_ml: true
   min_line_len: 10

credsweeper 1.12.1__py3-none-any.whl → 1.13.3__py3-none-any.whl

Potentially problematic release.

credsweeper 1.12.1py3-none-any.whl → 1.13.3py3-none-any.whl