diff --git a/signatures.yaml b/signatures.yaml index 88b1c54d..3c16d36b 100644 --- a/signatures.yaml +++ b/signatures.yaml @@ -1,309 +1,310 @@ --- - Amazon: - - Access Key: (?:A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA|ABIA|ACCA)[A-Z0-9]{16} - - Secret Access Key: (??*&:%@!\/= \n]{0,40}[\"\']?\s{0,50}(?::|=>|=)\s{0,50}[\"\']?([a-zA-Z0-9-_]{20}) - Slack: - - User Token: (xox[ps]-[0-9]{8,13}-[0-9]{8,13}-[0-9]{8,13}-[a-zA-Z0-9-]{10,32}) - - Bot Token: (xox[b]-[0-9]{8,13}-[0-9]{8,13}-[a-zA-Z0-9-]{20,30}) - - Workspace Access Token: (xoxa-[0-9]{8,13}-[0-9]{8,13}-[a-zA-Z0-9-]{8,128}) - - Workspace Refresh Token: (xoxr-[0-9]{8,13}-[0-9]{8,13}-[a-zA-Z0-9-]{8,128}) - - Configuration Access Token: (xoxe.xoxp-[0-9]{0,2}-[a-zA-Z0-9-]{130,170}) - - Signing Secret: (?i)xox[a-z]-[0-9a-zA-Z-]{10,} - - Configuration Refresh Token: (xoxe-[0-9]{0,2}-[a-zA-Z0-9-]{130,170}) - - App Token: (xapp-[0-9]{0,2}-[A-Z0-9]{8,13}-[0-9]{12,15}-[a-zA-Z0-9-]{60,70}) - - Webhook URL: https://hooks\.slack\.com/services/.{8,128} + - User Token: (xox[ps]-[0-9]{8,13}-[0-9]{8,13}-[0-9]{8,13}-[a-zA-Z0-9-]{10,32}) + - Bot Token: (xox[b]-[0-9]{8,13}-[0-9]{8,13}-[a-zA-Z0-9-]{20,30}) + - Workspace Access Token: (xoxa-[0-9]{8,13}-[0-9]{8,13}-[a-zA-Z0-9-]{8,128}) + - Workspace Refresh Token: (xoxr-[0-9]{8,13}-[0-9]{8,13}-[a-zA-Z0-9-]{8,128}) + - Configuration Access Token: (xoxe.xoxp-[0-9]{0,2}-[a-zA-Z0-9-]{130,170}) + - Signing Secret: (?i)xox[a-z]-[0-9a-zA-Z-]{10,} + - Configuration Refresh Token: (xoxe-[0-9]{0,2}-[a-zA-Z0-9-]{130,170}) + - App Token: (xapp-[0-9]{0,2}-[A-Z0-9]{8,13}-[0-9]{12,15}-[a-zA-Z0-9-]{60,70}) + - Webhook URL: https://hooks\.slack\.com/services/.{8,128} - Oracle: - - Cloud Infrastructure: ocid1\.(tenancy|user)\.oc1\..[a-zA-Z0-9\-_]{59} + - Cloud Infrastructure: ocid1\.(tenancy|user)\.oc1\..[a-zA-Z0-9\-_]{59} - Tencent: - - Cloud API: AKID[0-9a-zA-Z]{16} + - Cloud API: AKID[0-9a-zA-Z]{16} - Docker: - - Hub Access Token: dckr_pat_[a-zA-Z0-9_=-]{24,32} - - Swarm Join Token: (?i)(SWMTKN-[a-z0-9A-Z]+) - - Swarm Unlock Token: (?i)(swmkey-1-[A-Za-z0-9+_-]{30,50}) + - Hub Access Token: dckr_pat_[a-zA-Z0-9_=-]{24,32} + - Swarm Join Token: (?i)(SWMTKN-[a-z0-9A-Z]+) + - Swarm Unlock Token: (?i)(swmkey-1-[A-Za-z0-9+_-]{30,50}) - Replit: - - Identity Secret Key: k2.secret.[\w]+ + - Identity Secret Key: k2.secret.[\w]+ - Meta: - - Page Access Token: (?i)(EAAG[0-9A-Za-z]{10,128}) - - Facebook Access Token: EAACEdEose0cBA[0-9A-Za-z]+ - #- Client Token: (?i)fb[a-zA-Z0-9]{24,32} - - Instagram Access Token: (?i)(IGQV[0-9A-Za-z-_]{10,255}) - - Instagram App Secret: (?i)(ig_[a-f0-9]{32}) - - Instagram Client Token: (?i)(ig_ct_[a-zA-Z0-9]{32}) - - Instagram Authentication Token: (?i)(ig_did=[a-f0-9-]{36}) - #- WhatsApp API Key: (?i)(?:whatsapp)[^{}]{0,20}[=:\"\' ]{0,5}([A-Za-z0-9]{24,32}) - - WhatsApp Session Token: (?i)(session_token=[a-zA-Z0-9-_]{40,}) - #- Messenger App Secret: (?i)(?:messenger|fb)[^{}]{0,20}[=:\"\' ]{0,5}([a-f0-9]{32}) - - Debug Token: (?i)(DQVJ[0-9A-Za-z-_]{10,255}) + - Page Access Token: (?i)(EAAG[0-9A-Za-z]{10,128}) + - Facebook Access Token: EAACEdEose0cBA[0-9A-Za-z]+ + #- Client Token: (?i)fb[a-zA-Z0-9]{24,32} + - Instagram Access Token: (?i)(IGQV[0-9A-Za-z-_]{10,255}) + - Instagram App Secret: (?i)(ig_[a-f0-9]{32}) + - Instagram Client Token: (?i)(ig_ct_[a-zA-Z0-9]{32}) + - Instagram Authentication Token: (?i)(ig_did=[a-f0-9-]{36}) + #- WhatsApp API Key: (?i)(?:whatsapp)[^{}]{0,20}[=:\"\' ]{0,5}([A-Za-z0-9]{24,32}) + - WhatsApp Session Token: (?i)(session_token=[a-zA-Z0-9-_]{40,}) + #- Messenger App Secret: (?i)(?:messenger|fb)[^{}]{0,20}[=:\"\' ]{0,5}([a-f0-9]{32}) + - Debug Token: (?i)(DQVJ[0-9A-Za-z-_]{10,255}) - Grafana: - - Service Account Token: (?i)glsa_[a-z0-9+-=\/]{32}_[a-f0-9]{8} - - API Token: (?i)grafana_(api_token|token) + - Service Account Token: (?i)glsa_[a-z0-9+-=\/]{32}_[a-f0-9]{8} + - API Token: (?i)grafana_(api_token|token) - Stripe: - - Read-only Key: (?i)rk_live_[a-zA-Z0-9]{20,30} - - Secret Key: (?i)sk_live_[a-zA-Z0-9]{20,30} - - Publishable Key: (?i)pk_live_[a-zA-Z0-9]{20,30} + - Read-only Key: (?i)rk_live_[a-zA-Z0-9]{20,30} + - Secret Key: (?i)sk_live_[a-zA-Z0-9]{20,30} + - Publishable Key: (?i)pk_live_[a-zA-Z0-9]{20,30} - PayPal: - - Access Token: (?:^|['\"])access_token\$production\$([0-9a-zA-Z]{28,42}) + - Access Token: (?:^|['\"])access_token\$production\$([0-9a-zA-Z]{28,42}) - SquareUp: - - API Key: sq0i[a-z]{2}-[0-9A-Za-z\-_]{22,43} - - API Secret: sq0c[a-z]{2}-[0-9A-Za-z\-_]{40,50} - - Access Token: sqOatp-[0-9A-Za-z\-_]{22} + - API Key: sq0i[a-z]{2}-[0-9A-Za-z\-_]{22,43} + - API Secret: sq0c[a-z]{2}-[0-9A-Za-z\-_]{40,50} + - Access Token: sqOatp-[0-9A-Za-z\-_]{22} - PubNub: - - Publish Key: pub-c-[0-9a-z]{8}-[0-9a-z]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12} - - Subscribe Key: sub-c-[0-9a-z]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12} + - Publish Key: pub-c-[0-9a-z]{8}-[0-9a-z]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12} + - Subscribe Key: sub-c-[0-9a-z]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12} - FlutterWave: - - API Key: (?i)(FLWSECK-[0-9a-z]{32}-X) + - API Key: (?i)(FLWSECK-[0-9a-z]{32}-X) - DataDog: - - Client Token: ^pub[0-9a-f]{32}$ + - Client Token: ^pub[0-9a-f]{32}$ # - App ID: ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$ - Spotify: - - Device Cookie: (?i)sp_dc=[\w_-]{128,256} - - Key: (?i)sp_key=[a-f0-9]{8}-?[a-f0-9]{4}-?4[a-f0-9]{3}-?[89ab][a-f0-9]{3}-?[a-f0-9]{12} + - Device Cookie: (?i)sp_dc=[\w_-]{128,256} + - Key: (?i)sp_key=[a-f0-9]{8}-?[a-f0-9]{4}-?4[a-f0-9]{3}-?[89ab][a-f0-9]{3}-?[a-f0-9]{12} - Telegram: - - Bot API Key: (?:bot)*[0-9]{8,10}:AA[0-9A-Za-z\-_=]{33} + - Bot API Key: (?:bot)*[0-9]{8,10}:AA[0-9A-Za-z\-_=]{33} - Airtable: - - API Key: (?i)(?:airtable).{0,40}[\"\'`]?\s{0,50}(?::|=>|=|,)\s{0,50}[\"\'`]?(key[a-zA-Z0-9_-]{14}) - - Table URL: https:\/\/api\.airtable\.com\/v0\/[\w]+\/[\w]+ + - API Key: (?i)(?:airtable).{0,40}[\"\'`]?\s{0,50}(?::|=>|=|,)\s{0,50}[\"\'`]?(key[a-zA-Z0-9_-]{14}) + - Table URL: https:\/\/api\.airtable\.com\/v0\/[\w]+\/[\w]+ - Postman: - - API Key: (?i)(PMAK-[a-zA-Z-0-9]{59}) + - API Key: (?i)(PMAK-[a-zA-Z-0-9]{59}) #- Clearbit: # - API Key: (?i)(?:clearbit)[^{}]{0,20}( ){0,1}[=:]( ){0,1}.{0,40}(sk_[0-9a-z_]{24,32}) - OpenAI: - - Project API Key: (?i)sk-proj-[\w-]+T3BlbkFJ[\w-]+ - - User API Key: (?i)sk-[^proj]\w.+T3BlbkFJ[\w-]+ + - Project API Key: (?i)sk-proj-[\w-]+T3BlbkFJ[\w-]+ + - User API Key: (?i)sk-[^proj]\w.+T3BlbkFJ[\w-]+ - Groq: - - API Key: (?i)gsk_[A-Za-z0-9]+ + - API Key: (?i)gsk_[A-Za-z0-9]+ - OpenWeatherMap: - - API Key URL: (?i)(?:https?://api\.openweathermap\.org/data/[a-z0-9.+?\/]+=)([a-z0-9]{32}) + - API Key URL: (?i)(?:https?://api\.openweathermap\.org/data/[a-z0-9.+?\/]+=)([a-z0-9]{32}) - Razorpay: - - Test Key: (?i)rzp_test_\w{10,20} - - Live Key: (?i)rzp_live_\w{10,20} + - Test Key: (?i)rzp_test_\w{10,20} + - Live Key: (?i)rzp_live_\w{10,20} #- CircleCI: # - Personal Token: (?i)(?:circle)[^{}]{0,20}( ){0,1}[=:]( ){0,1}(["a-fA-F0-9]{40,42}) - MailGun: - - API Key: (?i)key-[0-9a-zA-Z]{32} - - Domain Sending Key: "[a-f0-9]{32}-[a-f0-9]{8}-[a-f0-9]{8}" + - API Key: (?i)key-[0-9a-zA-Z]{32} + - Domain Sending Key: "[a-f0-9]{32}-[a-f0-9]{8}-[a-f0-9]{8}" - Hashicorp: - - Terraform API Token: (?i)([A-Za-z0-9]{14}.atlasv1.[A-Za-z0-9]{67}) - - Vault Unseal Key: (?i)unseal.?(?:key|token)[^)(|\s"\'<>,&#]?.{0,40}([a-fA-F0-9\/_\-=][^|\s"\'<>,&#]{43}) + - Terraform API Token: (?i)([A-Za-z0-9]{14}.atlasv1.[A-Za-z0-9]{67}) + - Vault Unseal Key: (?i)unseal.?(?:key|token)[^)(|\s"\'<>,&#]?.{0,40}([a-fA-F0-9\/_\-=][^|\s"\'<>,&#]{43}) - Intuit: - - MailChimp API Key: (?i)[0-9a-f]{32}-us[0-9]{1,2} + - MailChimp API Key: (?i)[0-9a-f]{32}-us[0-9]{1,2} - NPM: - - Token: (?i)(npm_[0-9a-zA-Z]{36}) + - Token: (?i)(npm_[0-9a-zA-Z]{36}) -- Riot Games: - - API Key: (?i)(rgapi[a-f0-9-]{37}) +- Riot Games: + - API Key: (?i)(rgapi[a-f0-9-]{37}) -- RubyGems: - - API Key: (?i)(rubygems_[a-zA0-9]{48}) +- RubyGems: + - API Key: (?i)(rubygems_[a-zA0-9]{48}) - Artifactory: - - Token: AKCp[0-9][a-zA-Z0-9]{64,128} + - Token: AKCp[0-9][a-zA-Z0-9]{64,128} - Figma: - - Personal Access Token: (figd_[a-zA-Z0-9-_]{14,32}_[a-zA-Z0-9-_]{14,32}) + - Personal Access Token: (figd_[a-zA-Z0-9-_]{14,32}_[a-zA-Z0-9-_]{14,32}) - Adafruit.io: - - API Key: aio_[a-zA-Z0-9]{28} + - API Key: aio_[a-zA-Z0-9]{28} -- Checkout.com: - - Secret Key: (sk_|sk_test_)[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12} +- Checkout.com: + - Secret Key: (sk_|sk_test_)[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12} - Mapbox: - - Token: (?i)(sk\.eyj1ijoi[a-zA-Z-0-9-_\.]{80,240}) + - Token: (?i)(sk\.eyj1ijoi[a-zA-Z-0-9-_\.]{80,240}) #- IBM: # - Cloud User Key: (?i)(?:ibm)[^{}]{0,20}( ){0,1}[=:]( ){0,1}(-_[A-Za-z0-9_-]{42}) - Freshdesk: - - API Token: (?i)(?:freshdesk)[^{}()<>?*&:%@.\-!\/\n]{0,40}\b([0-9A-Za-z]{16,24}) + - API Token: (?i)(?:freshdesk)[^{}()<>?*&:%@.\-!\/\n]{0,40}\b([0-9A-Za-z]{16,24}) - SendInBlue: - - API Key: xkeysib-.{0,81} + - API Key: xkeysib-.{0,81} - Docusign: - - API Key: (?i)(?:docusign).{0,40}\b[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\b + - API Key: (?i)(?:docusign).{0,40}\b[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\b - Dynatrace: - - API Token: dt0[a-zA-Z]{1}[0-9]{2}\.[A-Z0-9]{24}\.[A-Z0-9]{64} + - API Token: dt0[a-zA-Z]{1}[0-9]{2}\.[A-Z0-9]{24}\.[A-Z0-9]{64} - Sidekiq: - - API Key: (?i)(?:CONTRIBSYS_+COM).{0,40}\b(?:[0-9a-z\-_\t .]{0,20})\b + - API Key: (?i)(?:CONTRIBSYS_+COM).{0,40}\b(?:[0-9a-z\-_\t .]{0,20})\b - Fastly: - - Personal Token: (?i)(?:fastly)[^{}()<>?*&%'",@!\-/=\n]{0,40}\b([A-Za-z0-9_-]{32})\b + - Personal Token: (?i)(?:fastly)[^{}()<>?*&%'",@!\-/=\n]{0,40}\b([A-Za-z0-9_-]{32})\b - Asana: - - Personal Access Token: (?i)(?:asana).{0,40}([0-9]{1,}\/[0-9]{10,}:[A-Za-z0-9]{32,})|([0-9]{1,}\/[0-9]{10,}:[A-Za-z0-9]{32,}) - + - Personal Access Token: (?i)(?:asana).{0,40}([0-9]{1,}\/[0-9]{10,}:[A-Za-z0-9]{32,})|([0-9]{1,}\/[0-9]{10,}:[A-Za-z0-9]{32,}) + - Beamer: - - API Key: (?i)(?:beamer).{0,40}b_[a-z0-9+/]{43}=|b_[a-z0-9+/]{43}= + - API Key: (?i)(?:beamer).{0,40}b_[a-z0-9+/]{43}=|b_[a-z0-9+/]{43}= - Chief.app: - - Key: ct[pt]_([a-zA-Z0-9]){36} - + - Key: ct[pt]_([a-zA-Z0-9]){36} + - Square: - - Access Token: (sq0atp-[0-9A-Za-z\-_]{22}) + - Access Token: (sq0atp-[0-9A-Za-z\-_]{22}) - Saucelabs: - - TestFairy OAuth Token URL: https://testfairy\.atlassian\.net/plugins/servlet/oauth/authorize\?oauth_token-\w{32} + - TestFairy OAuth Token URL: https://testfairy\.atlassian\.net/plugins/servlet/oauth/authorize\?oauth_token-\w{32} - NuGet: - - API Key: (?i)(?:nuget).{0,40}(oy2[a-z0-9]{43}) + - API Key: (?i)(?:nuget).{0,40}(oy2[a-z0-9]{43}) - Cloudinary: - - API URL: cloudinary://.+/ + - API URL: cloudinary://.+/ - Ngrok: - - API Key Block: (?i)add-api-key - - Authentication Token Block: (?i)add-authtoken - - Connection URL Block: (?i)add-connect-url + - API Key Block: (?i)add-api-key + - Authentication Token Block: (?i)add-authtoken + - Connection URL Block: (?i)add-connect-url - WeChat: - - App Key: (?:^|['\"`])(wx[a-f0-9]{16})(?:$|['\"`]) + - App Key: (?:^|['\"`])(wx[a-f0-9]{16})(?:$|['\"`]) - Resend: - - API Key: re_\w{8}_{0,1}\w*\d\w* + - API Key: re_\w{8}_{0,1}\w*\d\w* - Vercel: - - Blob Read/Write Token: vercel_blob_rw_\w{47,49} - - Project ID: \bprj_.{28}\b + - Blob Read/Write Token: vercel_blob_rw_\w{47,49} + - Project ID: \bprj_.{28}\b - Postgresql: - - URL: (?i)(?:pgsql:|postgres:|postgresql:)//[\S]{1,256}:[\S]{1,256}@[-.%\w\/:]+\.[\S]+ + - URL: (?i)(?:pgsql:|postgres:|postgresql:)//[\S]{1,256}:[\S]{1,256}@[-.%\w\/:]+\.[\S]+ - GitHub: - - Access Token: (?i)\bghp_[A-Za-z0-9]{36}\b - - OAuth Token: (?i)\bgho_[A-Za-z0-9]{36}\b - - App Installation Token: (?i)\bghu_[A-Za-z0-9]{36}\b - - App user Token: (?i)\bghs_[A-Za-z0-9]{36}\b - - Refresh Token: (?i)\bghr_[A-Za-z0-9]{36}\b + - Access Token: (?i)\bghp_[A-Za-z0-9]{36}\b + - OAuth Token: (?i)\bgho_[A-Za-z0-9]{36}\b + - App Installation Token: (?i)\bghu_[A-Za-z0-9]{36}\b + - App user Token: (?i)\bghs_[A-Za-z0-9]{36}\b + - Refresh Token: (?i)\bghr_[A-Za-z0-9]{36}\b - Addresses: - - Bitcoin Legacy: \b[13][a-km-zA-HJ-NP-Z1-9]{25,34}\b - - Bitcoin SegWit: \b(bc1)[a-zA-HJ-NP-Z0-9]{39,59}\b - - Ethereum: \b0x[a-fA-F0-9]{40}\b - - Litecoin: \b(L|M)[a-km-zA-HJ-NP-Z1-9]{26,33}\b - - Dogecoin: \b(D|A)[a-km-zA-HJ-NP-Z1-9]{25,34}\b - - Ripple: \br[rK][a-zA-Z0-9]{25,35}\b - - Monero: \b4[0-9AB][1-9A-HJ-NP-Za-km-z]{93}\b - - Tron: \bT[a-zA-HJ-NP-Z0-9]{33}\b + - Bitcoin Legacy: \b[13][a-km-zA-HJ-NP-Z1-9]{25,34}\b + - Bitcoin SegWit: \b(bc1)[a-zA-HJ-NP-Z0-9]{39,59}\b + - Ethereum: \b0x[a-fA-F0-9]{40}\b + - Litecoin: \b(L|M)[a-km-zA-HJ-NP-Z1-9]{26,33}\b + - Dogecoin: \b(D|A)[a-km-zA-HJ-NP-Z1-9]{25,34}\b + - Ripple: \br[rK][a-zA-Z0-9]{25,35}\b + - Monero: \b4[0-9AB][1-9A-HJ-NP-Za-km-z]{93}\b + - Tron: \bT[a-zA-HJ-NP-Z0-9]{33}\b # - Solana: \b[1-9A-HJ-NP-Za-km-z]{43,44}\b - Generic: - - Shell Command: "[\\w. ]+(--username|-u|--user|--uname|--userid|--id|-i) [^$][\\w_\\-.\"']{1,256} (--password|-p|--pwd|--pass)[^$<{][\\w_\\-.\"']{4,253}" - - Bearer Token: "(Authorization: )*((b|B)earer [a-zA-Z0-9+\\/._=-]{16,512})(={0,2})" - - Basic Token: "(Authorization: )*((b|B)asic [a-zA-Z0-9+\\/._=-]{16,512})(={0,2})" - - JSON Web Token: \beyJ[a-zA-Z0-9]{3,}\.eyJ[A-Za-z0-9_\\/+-]{3,}\.[A-Za-z0-9_\\/+-]{3,}\b - # Tokens - #- Refresh Token Variable: (?i)refresh[_-]{0,1}token - # URLs - - Auth URL: (?i)((https?|ftps?|ssh|sftp)://[^":@>\]\[\n\s*/]+:[^:@/>\]\[\n\s*/]+([^>\]\[\n\s*:][@]{1})\w+(\.\w+)+) - - Redis URL: (?i)((redis?)://[^":@>\]\[\n\s*/]+:[^:@/>\]\[\n\s*/]+([^>\]\[\n\s*:][@]{1})\w+(\.\w+)+) - - MongoDB URL: (?i)(?:mongodb:|mongodb\+srv:)//[\S]{1,256}:[\S]{1,256}@[-.%\w\/:]+\.[\S]+ - - MySQL URL: (?i)(?:mysql:)//[\S]{1,256}:[\S]{1,256}@[-.%\w\/:]+\.[\S]+ - - File Transfer Protocol (FTP) URL: ftp://[a-zA-Z0-9-_+.@]+:[^@]+@[^/]+ - - Advanced Message Queuing Protocol (AMQP) URL: amqp://[a-zA-Z0-9-_+.@]+:[^@]+@[^/]+ - # Private Keys - - JSON Web Key Block: /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/gm - - Private Key Block: -{0,5} ?BEGIN (?:RSA |ENCRYPTED |OPENSSH |SSH2 )?PRIVATE KEY ?-{0,5} ?([\s\S]*?)-{0,5} ?END (?:RSA |ENCRYPTED |OPENSSH |SSH2 )?PRIVATE KEY ?-{0,5} - - Bitcoin Private Key: \b[5KL][1-9A-HJ-NP-Za-km-z]{50,51}\b - - Ethereum Private Key: \b0x[a-fA-F0-9]{64}\b - - Litecoin Private Key: \b[5KL][1-9A-HJ-NP-Za-km-z]{50,51}\b - - Ripple Secret Key: \b[sS][a-zA-Z0-9]{28,35}\b + - Shell Command: "[\\w. ]+(--username|-u|--user|--uname|--userid|--id|-i) [^$][\\w_\\-.\"']{1,256} (--password|-p|--pwd|--pass)[^$<{][\\w_\\-.\"']{4,253}" + - Bearer Token: "(Authorization: )*((b|B)earer [a-zA-Z0-9+\\/._=-]{16,512})(={0,2})" + - Basic Token: "(Authorization: )*((b|B)asic [a-zA-Z0-9+\\/._=-]{16,512})(={0,2})" + - JSON Web Token: \beyJ[a-zA-Z0-9]{3,}\.eyJ[A-Za-z0-9_\\/+-]{3,}\.[A-Za-z0-9_\\/+-]{3,}\b + # Tokens + #- Refresh Token Variable: (?i)refresh[_-]{0,1}token + # URLs + - Auth URL: (?i)((https?|ftps?|ssh|sftp)://[^":@>\]\[\n\s*/]+:[^:@/>\]\[\n\s*/]+([^>\]\[\n\s*:][@]{1})\w+(\.\w+)+) + - Redis URL: (?i)((redis?)://[^":@>\]\[\n\s*/]+:[^:@/>\]\[\n\s*/]+([^>\]\[\n\s*:][@]{1})\w+(\.\w+)+) + - MongoDB URL: (?i)(?:mongodb:|mongodb\+srv:)//[\S]{1,256}:[\S]{1,256}@[-.%\w\/:]+\.[\S]+ + - MySQL URL: (?i)(?:mysql:)//[\S]{1,256}:[\S]{1,256}@[-.%\w\/:]+\.[\S]+ + - File Transfer Protocol (FTP) URL: ftp://[a-zA-Z0-9-_+.@]+:[^@]+@[^/]+ + - Advanced Message Queuing Protocol (AMQP) URL: amqp://[a-zA-Z0-9-_+.@]+:[^@]+@[^/]+ + # Private Keys + - JSON Web Key Block: /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/gm + - Private Key Block: -{0,5} ?BEGIN (?:RSA |ENCRYPTED |OPENSSH |SSH2 )?PRIVATE KEY ?-{0,5} ?([\s\S]*?)-{0,5} ?END (?:RSA |ENCRYPTED |OPENSSH |SSH2 )?PRIVATE KEY ?-{0,5} + - Bitcoin Private Key: \b[5KL][1-9A-HJ-NP-Za-km-z]{50,51}\b + - Ethereum Private Key: \b0x[a-fA-F0-9]{64}\b + - Litecoin Private Key: \b[5KL][1-9A-HJ-NP-Za-km-z]{50,51}\b + - Ripple Secret Key: \b[sS][a-zA-Z0-9]{28,35}\b # - Monero Private View Key: \b[0-9A-Fa-f]{64}\b # - Tron Private Key: \b[a-fA-F0-9]{64}\b # - Solana Private Key: \b[1-9A-HJ-NP-Za-km-z]{43,88}\b diff --git a/src/codegate/pipeline/secrets/secrets.py b/src/codegate/pipeline/secrets/secrets.py index 01eb40e6..056b4418 100644 --- a/src/codegate/pipeline/secrets/secrets.py +++ b/src/codegate/pipeline/secrets/secrets.py @@ -76,7 +76,7 @@ def _extend_match_boundaries(self, text: str, start: int, end: int) -> tuple[int return start, end - def _redeact_text( + def _redact_text( self, text: str, secrets_manager: SecretsManager, session_id: str, context: PipelineContext ) -> tuple[str, int]: """ @@ -189,11 +189,14 @@ async def process( for i, message in enumerate(new_request["messages"]): if "content" in message and message["content"]: # Protect the text - protected_string, redacted_count = self._redeact_text( + protected_string, redacted_count = self._redact_text( message["content"], secrets_manager, session_id, context ) new_request["messages"][i]["content"] = protected_string - total_redacted += redacted_count + + # only sum to the count if it is the last message + if i == len(new_request["messages"]) - 1: + total_redacted += redacted_count logger.info(f"Total secrets redacted: {total_redacted}") diff --git a/src/codegate/pipeline/secrets/signatures.py b/src/codegate/pipeline/secrets/signatures.py index 0f96423b..d6cbed36 100644 --- a/src/codegate/pipeline/secrets/signatures.py +++ b/src/codegate/pipeline/secrets/signatures.py @@ -175,7 +175,8 @@ def _load_signatures(cls) -> None: yaml_data = cls._load_yaml(cls._yaml_path) # Add custom GitHub token patterns - github_patterns = {"Access Token": r"ghp_[0-9a-zA-Z]{32}"} + github_patterns = {"Access Token": r"ghp_[0-9a-zA-Z]{32}", + "Personal Token": r"github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59}"} cls._add_signature_group("GitHub", github_patterns) # Process patterns from YAML