ex": "(A3T[A-Z0-9]|ASCA)[A-Z0-9]{16}" }, { "id": "83ab47ff-381d-48cd-bac5-fb32222f54af", "name": "AWS Secret Key", "regex": "(?i)AWS_SECRET(_ACCESS)?(_KEY)?\\s*[:=]\\s*['\"]?([a-zA-Z0-9/]{40})[\"']?", "entropies": [ { "group": 3, "min": 4.8, "max": 7 } ], "specialMask": "(?i)AWS_SECRET(_ACCESS)?(_KEY)?\\s*[:=]\\s*" }, { "id": "4b2b5fd3-364d-4093-bac2-17391b2a5297", "name": "K8s Environment Variable Password", "regex": "apiVersion((.*)\\s*)*env:((.*)\\s*)*name:\\s*\\w+(?i)pass((?i)word)?\\w*\\s*(value):\\s*([\"|'].*[\"|'])", "multiline": { "detectLineGroup": 7 }, "specialMask": "\\s*(value):\\s*" }, { "id": "d651cca2-2156-4d17-8e76-423e68de5c8b", "name": "Google OAuth", "regex": "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com" }, { "id": "ccde326f-ebc7-4772-8ad5-de66e90a8cc3", "name": "Slack Webhook", "regex": "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}" }, { "id": "d6214dca-a31b-425f-bcf7-f4faa772a1c0", "name": "MSTeams Webhook", "regex": "https://[a-zA-Z0-9_]{1,24}.webhook.office.com/webhook(b2)?/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}@[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/IncomingWebhook/[a-z0-9]+/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" }, { "id": "7908a9e3-5cac-41b1-b514-5f6d82ce02d5", "name": "Slack Token", "regex": "(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})" }, { "id": "6abcae17-b175-4698-a9a5-b07661974749", "name": "Stripe API Key", "regex": "sk_live_[0-9a-zA-Z]{24}[^0-9a-zA-Z]" }, { "id": "0b1b2482-51e7-49d1-893d-522afa4a6bd0", "name": "Square Access Token", "regex": "sq0atp-[0-9A-Za-z\\-_]{22}" }, { "id": "6c54f9da-1a11-445a-8568-0d327e6af8be", "name": "MailChimp API Key", "regex": "[0-9a-f]{32}-us[0-9]{1,2}" }, { "id": "e9856348-4069-4ac0-bd91-415f6a7b84a4", "name": "Google API Key", "regex": "AIza[0-9A-Za-z\\-_]{35}" }, { "id": "9a3650af-5b88-48cd-ab89-cd77fd0b633f", "name": "Heroku API Key", "regex": "(?i)heroku((.|\\n)*)\\b([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})\\b", "multiline": { "detectLineGroup": 3 } }, { "id": "bb51eb1e-0357-44a2-86d7-dd5350cffd43", "name": "Square OAuth Secret", "regex": "sq0csp-[0-9A-Za-z\\-_]{43}" }, { "id": "ac8c8075-6ec0-4367-9e26-30ec8161d258", "name": "Amazon MWS Auth Token", "regex": "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" }, { "id": "41a1ca8d-f466-4084-a8c9-50f8b22200d5", "name": "Google OAuth Access Token", "regex": "ya29\\.[0-9A-Za-z\\-_]+" }, { "id": "4919b847-e3da-402a-acf8-6cea8e529993", "name": "PayPal Braintree Access Token", "regex": "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}" }, { "id": "54274b18-bfac-47ce-afd1-0f05bc3e3b59", "name": "Stripe Restricted API Key", "regex": "rk_live_[0-9a-zA-Z]{24}" }, { "id": "5176e805-0cda-44fa-ac96-c092c646180a", "name": "Facebook Access Token", "regex": "EAACEdEose0cBA[0-9A-Za-z]+" }, { "id": "74736dd1-dd11-4139-beb6-41cd43a50317", "name": "Generic API Key", "regex": "(?i)['\"]?api[_]?key['\"]?\\s*[:=]\\s*['\"]?([0-9a-zA-Z]{32,45})['\"]?", "allowRules": [ { "description": "Avoiding Twilio API Key", "regex": "(?i)['\"]?api[_]?key['\"]?\\s*[:=]\\s*['\"]?(SK[0-9a-fA-F]{32})['\"]?" } ], "specialMask": "(?i)['\"]?api[_]?key['\"]?\\s*[:=]\\s*" }, { "id": "62d0025d-9575-4eff-b60b-d3b4fcec0d04", "name": "Mailgun API Key", "regex": "key-[0-9a-zA-Z]{32}" }, { "id": "50cc5f03-e686-4183-97e9-12f9b55d0f97", "name": "Picatic API Key", "regex": "sk_live_[0-9a-z]{32}" }, { "id": "e0f01838-b1c2-4669-b84b-981949ebe5ed", "name": "Twilio API Key", "regex": "SK[0-9a-fA-F]{32}" }, { "id": "7f370dd5-eea3-4e5f-8354-3cb2506f9f13", "name": "Generic Access Key", "regex": "(?i)^\\s*['\"]?(access)[_]?key['\"]?\\s*[:=]\\s*['\"]?([[A-Za-z0-9\/~^_!@&%()=?*+-]+)['\"]?", "specialMask": "(?i)['\"]?access[_]?key['\"]?\\s*[:=]\\s*" }, { "id": "2f665079-c383-4b33-896e-88268c1fa258", "name": "Generic Private Key", "regex": "(?i)['\"]?private[_]?key['\"]?\\s*[:=]\\s*['\"]?([[A-Za-z0-9/~^_!@&%()=?*+-]+)['\"]?", "specialMask": "(?i)['\"]?private[_]?key['\"]?\\s*[:=]\\s*" }, { "id": "baee238e-1921-4801-9c3f-79ae1d7b2cbc", "name": "Generic Token", "regex": "(?i)['\"]?token(_)?(key)?['\"]?\\s*[:=]\\s*['\"]?([[A-Za-z0-9/~^_!@&%()=?*+-]+)['\"]?", "allowRules": [ { "description": "Avoiding Amazon MWS Auth Token", "regex": "(?i)['\"]?token(_)?(key)?['\"]?\\s*[=:]\\s*['\"]?(amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})['\"]?" }, { "description": "Avoiding Slack Token", "regex": "(?i)['\"]?token(_)?(key)?['\"]?\\s*[=:]\\s*['\"]?(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})['\"]?" }, { "description": "Avoiding Square Access Token", "regex": "(?i)['\"]?token(_)?(key)?['\"]?\\s*[=:]\\s*['\"]?(sq0atp-[0-9A-Za-z\\-_]{22})['\"]?" }, { "description": "Avoiding Google OAuth Access Token", "regex": "(?i)['\"]?token(_)?(key)?['\"]?\\s*[=:]\\s*['\"]?(ya29\\.[0-9A-Za-z\\-_]+)['\"]?" }, { "description": "Avoiding PayPal Braintree Access Token", "regex": "(?i)['\"]?token(_)?(key)?['\"]?\\s*[=:]\\s*['\"]?(access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32})['\"]?" }, { "description": "Avoiding Facebook Access Token", "regex": "(?i)['\"]?token(_)?(key)?['\"]?\\s*[=:]\\s*['\"]?(EAACEdEose0cBA[0-9A-Za-z]+)['\"]?" }, { "description": "Avoiding TF resource access", "regex": "(?i)['\"]?token(_)?(key)?['\"]?\\s*=\\s*([a-zA-z_]+(.))?[a-zA-z_]+(.)[a-zA-z_]+(.)[a-zA-z_]+" }, { "description": "Avoiding TF creation token", "regex": "(?i)['\"]?creation_token['\"]?\\s*[:=]\\s*['\"]?([[A-Za-z0-9/~^_!@&%()=?*+-]+)['\"]?" }, { "description": "Avoiding CLoudformation ServiceToken", "regex": "['\"]?ServiceToken['\"]?\\s*[:=]\\s*['\"]?([A-Za-z0-9/~^_!@&%()=?*+-.]+)['\"]?" }, { "description": "Avoiding LifecycleActionToken Var", "regex": "(?i)['\"]?LifecycleActionToken['\"]?\\s*[:=]\\s*['\"]?([[A-Za-z0-9/~^_!@&%()=?*+-]+)['\"]?" }, { "description": "Avoiding Github id-token Default Values", "regex": "(?i)['\"]?id-token\\s*[:=]\\s*(write|read|none)\\s*$" }, { "description": "Avoiding result_token Var", "regex": "(?i)['\"]?result(_)?token['\"]?\\s*[:=]\\s*['\"]?([[A-Za-z0-9/~^_!@&%()=?*+-]+)['\"]?" }, { "description": "Avoiding next_token Var", "regex": "(?i)['\"]?next(_)?token['\"]?\\s*[:=]\\s*['\"]?([[A-Za-z0-9/~^_!@&%()=?*+-]+)['\"]?" }, { "description": "Avoiding next_token Var", "regex": "(?i)['\"]?next(_)?token['\"]?\\s*[:=]\\s*['\"]?([[A-Za-z0-9/~^_!@&%()=?*+-]+)['\"]?" } ], "specialMask": "(?i)['\"]?token(_)?(key)?['\"]?\\s*[:=]\\s*" }, { "id": "e0f01838-b1c2-4669-b84b-981949ebe5ed", "name": "CloudFormation Secret Template", "regex": "(?i)['\"]?SecretStringTemplate['\"]?\\s*:\\s*['\"]?{([\\\":A-Za-z0-9/~^_!@&%()=?*+-]{10,})}", "specialMask": "(?i)['\"]?SecretStringTemplate['\"]?\\s*:\\s*" }, { "id": "9fb1cd65-7a07-4531-9bcf-47589d0f82d6", "name": "Encryption Key", "regex": "(?i)['\"]?encryption[_]?key['\"]?\\s*[:=]\\s*['\"]?([[A-Za-z0-9/~^_!@&%()=?*+-]+)['\"]?", "allowRules": [ { "description": "Avoiding TF resource access", "regex": "(?i)['\"]?encryption[_]?key['\"]?\\s*=\\s*([a-zA-z_]+(.))?[a-zA-z_]+(.)[a-zA-z_]+(.)[a-zA-z_]+" }, { "description": "Avoiding CLoudformation KeyName", "regex": "['\"]?EncryptionKey['\"]?\\s*[:=]\\s*['\"]?([A-Za-z0-9/~^_!@&%()=?*+-.]+)['\"]?" } ], "specialMask": "(?i)['\"]?encryption[_]?key['\"]?\\s*[:=]\\s*" }, { "id": "8a879bc7-6f82-40fd-bb48-74d25d557fe8", "name": "SendGrid API Key", "regex": "(?i)SG\\.[a-zA-Z0-9\\-\\_]{22}\\.[a-zA-Z0-9\\-\\_]{43}\\s*" } ], "allowRules": [ { "description": "Avoiding TF variables", "regex": "(?i)['\"]?[a-zA-Z_]+['\"]?\\s*=\\s*['\"]?(var.)['\"]?" }, { "description": "!Ref is a cloudFormation reference", "regex": "(?i)['\"]?[a-zA-Z_]+['\"]?\\s*:\\s+!Ref\\s+\\.*" }, { "description": "Avoiding cloudFormation intrinsic functions", "regex": "(?i)['\"]?[a-zA-Z_]+['\"]?\\s*:\\s+(!GetAtt|!Sub|!FindInMap|!If|!GetAZs|!ImportValue|!Join|!Select|!Split|!Not|Fn::Transform(:)?)\\s+\\.*" }, { "description": "Avoiding CF resolve", "regex": "(?i)['\"]?[a-zA-Z_]+['\"]?\\s*[=:]\\s*['\"]?({{resolve:)['\"]?" }, { "description": "Avoiding Boolean's", "regex": "(?i)['\"]?[a-zA-Z_]+['\"]?\\s*[=:]\\s*['\"]?(true|false)['\"]?" }, { "description": "Avoiding arn", "regex": "(?i)['\"]?[a-zA-Z_]+['\"]?\\s*[=:]\\s*['\"]?(arn:)['\"]?" }, { "description": "Avoiding array access", "regex": "(?i)['\"]?[a-zA-Z_]+['\"]?\\s*[=:]\\s*['\"]?([A-Za-z0-9/~^_!@&%()=?*+-.]{4,}\\[([0-9]|['\"][a-zA-Z0-9]+['\"])\\])['\"]?" }, { "description": "Avoiding TF file function", "regex": "(?i)['\"]?[a-zA-Z_]+['\"]?\\s*=\\s*['\"]?(file\\()['\"]?" }, { "description": "Avoiding ansible-vault encrypted variables", "regex": "(?i)['\"]?[a-zA-Z_]+['\"]?\\s*[=:]\\s*['\"]?(!vault \\|)['\"]?" }, { "description": "Avoiding sha-hashed mysql native passwords", "regex": "(?i)['\"]?[a-zA-Z_]+['\"]?\\s*[=:]\\s*['\"]?(\\*[0-9A-F]{40})['\"]?" } ] }