github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/pkg/fanal/secret/builtin-rules.go (about) 1 package secret 2 3 import ( 4 "fmt" 5 6 "github.com/samber/lo" 7 8 defsecRules "github.com/aquasecurity/trivy-iac/pkg/rules" 9 "github.com/devseccon/trivy/pkg/fanal/types" 10 ) 11 12 var ( 13 CategoryAWS = types.SecretRuleCategory("AWS") 14 CategoryGitHub = types.SecretRuleCategory("GitHub") 15 CategoryGitLab = types.SecretRuleCategory("GitLab") 16 CategoryAsymmetricPrivateKey = types.SecretRuleCategory("AsymmetricPrivateKey") 17 CategoryShopify = types.SecretRuleCategory("Shopify") 18 CategorySlack = types.SecretRuleCategory("Slack") 19 CategoryGoogle = types.SecretRuleCategory("Google") 20 CategoryStripe = types.SecretRuleCategory("Stripe") 21 CategoryPyPI = types.SecretRuleCategory("PyPI") 22 CategoryHeroku = types.SecretRuleCategory("Heroku") 23 CategoryTwilio = types.SecretRuleCategory("Twilio") 24 CategoryAge = types.SecretRuleCategory("Age") 25 CategoryFacebook = types.SecretRuleCategory("Facebook") 26 CategoryTwitter = types.SecretRuleCategory("Twitter") 27 CategoryAdobe = types.SecretRuleCategory("Adobe") 28 CategoryAlibaba = types.SecretRuleCategory("Alibaba") 29 CategoryAsana = types.SecretRuleCategory("Asana") 30 CategoryAtlassian = types.SecretRuleCategory("Atlassian") 31 CategoryBitbucket = types.SecretRuleCategory("Bitbucket") 32 CategoryBeamer = types.SecretRuleCategory("Beamer") 33 CategoryClojars = types.SecretRuleCategory("Clojars") 34 CategoryContentfulDelivery = types.SecretRuleCategory("ContentfulDelivery") 35 CategoryDatabricks = types.SecretRuleCategory("Databricks") 36 CategoryDiscord = types.SecretRuleCategory("Discord") 37 CategoryDoppler = types.SecretRuleCategory("Doppler") 38 CategoryDropbox = types.SecretRuleCategory("Dropbox") 39 CategoryDuffel = types.SecretRuleCategory("Duffel") 40 CategoryDynatrace = types.SecretRuleCategory("Dynatrace") 41 CategoryEasypost = types.SecretRuleCategory("Easypost") 42 CategoryFastly = types.SecretRuleCategory("Fastly") 43 CategoryFinicity = types.SecretRuleCategory("Finicity") 44 CategoryFlutterwave = types.SecretRuleCategory("Flutterwave") 45 CategoryFrameio = types.SecretRuleCategory("Frameio") 46 CategoryGoCardless = types.SecretRuleCategory("GoCardless") 47 CategoryGrafana = types.SecretRuleCategory("Grafana") 48 CategoryHashiCorp = types.SecretRuleCategory("HashiCorp") 49 CategoryHubSpot = types.SecretRuleCategory("HubSpot") 50 CategoryIntercom = types.SecretRuleCategory("Intercom") 51 CategoryIonic = types.SecretRuleCategory("Ionic") 52 CategoryJWT = types.SecretRuleCategory("JWT") 53 CategoryLinear = types.SecretRuleCategory("Linear") 54 CategoryLob = types.SecretRuleCategory("Lob") 55 CategoryMailchimp = types.SecretRuleCategory("Mailchimp") 56 CategoryMailgun = types.SecretRuleCategory("Mailgun") 57 CategoryMapbox = types.SecretRuleCategory("Mapbox") 58 CategoryMessageBird = types.SecretRuleCategory("MessageBird") 59 CategoryNewRelic = types.SecretRuleCategory("NewRelic") 60 CategoryNpm = types.SecretRuleCategory("Npm") 61 CategoryPlanetscale = types.SecretRuleCategory("Planetscale") 62 CategoryPostman = types.SecretRuleCategory("Postman") 63 CategoryPulumi = types.SecretRuleCategory("Pulumi") 64 CategoryRubyGems = types.SecretRuleCategory("RubyGems") 65 CategorySendGrid = types.SecretRuleCategory("SendGrid") 66 CategorySendinblue = types.SecretRuleCategory("Sendinblue") 67 CategoryShippo = types.SecretRuleCategory("Shippo") 68 CategoryLinkedIn = types.SecretRuleCategory("LinkedIn") 69 CategoryTwitch = types.SecretRuleCategory("Twitch") 70 CategoryTypeform = types.SecretRuleCategory("Typeform") 71 ) 72 73 // Reusable regex patterns 74 const ( 75 quote = `["']?` 76 connect = `\s*(:|=>|=)\s*` 77 startSecret = `(^|\s+)` 78 endSecret = `(\s+|$)` 79 80 aws = `(aws)?_?` 81 ) 82 83 // This function is exported for trivy-plugin-aqua purposes only 84 func GetSecretRulesMetadata() []defsecRules.Check { 85 return lo.Map(builtinRules, func(rule Rule, i int) defsecRules.Check { 86 return defsecRules.Check{ 87 Name: rule.ID, 88 Description: rule.Title, 89 } 90 }) 91 } 92 93 var builtinRules = []Rule{ 94 { 95 ID: "aws-access-key-id", 96 Category: CategoryAWS, 97 Severity: "CRITICAL", 98 Title: "AWS Access Key ID", 99 Regex: MustCompile(fmt.Sprintf(`%s(?P<secret>(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16})%s%s`, quote, quote, endSecret)), 100 SecretGroupName: "secret", 101 Keywords: []string{"AKIA", "AGPA", "AIDA", "AROA", "AIPA", "ANPA", "ANVA", "ASIA"}, 102 }, 103 { 104 ID: "aws-secret-access-key", 105 Category: CategoryAWS, 106 Severity: "CRITICAL", 107 Title: "AWS Secret Access Key", 108 Regex: MustCompile(fmt.Sprintf(`(?i)%s%s%s(secret)?_?(access)?_?key%s%s%s(?P<secret>[A-Za-z0-9\/\+=]{40})%s%s`, startSecret, quote, aws, quote, connect, quote, quote, endSecret)), 109 SecretGroupName: "secret", 110 Keywords: []string{"key"}, 111 }, 112 { 113 ID: "github-pat", 114 Category: CategoryGitHub, 115 Title: "GitHub Personal Access Token", 116 Severity: "CRITICAL", 117 Regex: MustCompile(`ghp_[0-9a-zA-Z]{36}`), 118 Keywords: []string{"ghp_"}, 119 }, 120 { 121 ID: "github-oauth", 122 Category: CategoryGitHub, 123 Title: "GitHub OAuth Access Token", 124 Severity: "CRITICAL", 125 Regex: MustCompile(`gho_[0-9a-zA-Z]{36}`), 126 Keywords: []string{"gho_"}, 127 }, 128 { 129 ID: "github-app-token", 130 Category: CategoryGitHub, 131 Title: "GitHub App Token", 132 Severity: "CRITICAL", 133 Regex: MustCompile(`(ghu|ghs)_[0-9a-zA-Z]{36}`), 134 Keywords: []string{"ghu_", "ghs_"}, 135 }, 136 { 137 ID: "github-refresh-token", 138 Category: CategoryGitHub, 139 Title: "GitHub Refresh Token", 140 Severity: "CRITICAL", 141 Regex: MustCompile(`ghr_[0-9a-zA-Z]{76}`), 142 Keywords: []string{"ghr_"}, 143 }, 144 { 145 ID: "gitlab-pat", 146 Category: CategoryGitLab, 147 Title: "GitLab Personal Access Token", 148 Severity: "CRITICAL", 149 Regex: MustCompile(`glpat-[0-9a-zA-Z\-\_]{20}`), 150 Keywords: []string{"glpat-"}, 151 }, 152 { 153 ID: "private-key", 154 Category: CategoryAsymmetricPrivateKey, 155 Title: "Asymmetric Private Key", 156 Severity: "HIGH", 157 Regex: MustCompile(`(?i)-----\s*?BEGIN[ A-Z0-9_-]*?PRIVATE KEY( BLOCK)?\s*?-----[\s]*?(?P<secret>[\sA-Za-z0-9=+/\\\r\n]+)[\s]*?-----\s*?END[ A-Z0-9_-]*? PRIVATE KEY( BLOCK)?\s*?-----`), 158 SecretGroupName: "secret", 159 Keywords: []string{"-----"}, 160 }, 161 { 162 ID: "shopify-token", 163 Category: CategoryShopify, 164 Title: "Shopify token", 165 Severity: "HIGH", 166 Regex: MustCompile(`shp(ss|at|ca|pa)_[a-fA-F0-9]{32}`), 167 Keywords: []string{"shpss_", "shpat_", "shpca_", "shppa_"}, 168 }, 169 { 170 ID: "slack-access-token", 171 Category: CategorySlack, 172 Title: "Slack token", 173 Severity: "HIGH", 174 Regex: MustCompile(`xox[baprs]-([0-9a-zA-Z]{10,48})`), 175 Keywords: []string{"xoxb-", "xoxa-", "xoxp-", "xoxr-", "xoxs-"}, 176 }, 177 { 178 ID: "stripe-publishable-token", 179 Category: CategoryStripe, 180 Title: "Stripe Publishable Key", 181 Severity: "LOW", 182 Regex: MustCompile(`(?i)pk_(test|live)_[0-9a-z]{10,32}`), 183 Keywords: []string{"pk_test_", "pk_live_"}, 184 }, 185 { 186 ID: "stripe-secret-token", 187 Category: CategoryStripe, 188 Title: "Stripe Secret Key", 189 Severity: "CRITICAL", 190 Regex: MustCompile(`(?i)sk_(test|live)_[0-9a-z]{10,32}`), 191 Keywords: []string{"sk_test_", "sk_live_"}, 192 }, 193 { 194 ID: "pypi-upload-token", 195 Category: CategoryPyPI, 196 Title: "PyPI upload token", 197 Severity: "HIGH", 198 Regex: MustCompile(`pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}`), 199 Keywords: []string{"pypi-AgEIcHlwaS5vcmc"}, 200 }, 201 { 202 ID: "gcp-service-account", 203 Category: CategoryGoogle, 204 Title: "Google (GCP) Service-account", 205 Severity: "CRITICAL", 206 Regex: MustCompile(`\"type\": \"service_account\"`), 207 Keywords: []string{"\"type\": \"service_account\""}, 208 }, 209 { 210 ID: "heroku-api-key", 211 Category: CategoryHeroku, 212 Title: "Heroku API Key", 213 Severity: "HIGH", 214 Regex: MustCompile(` (?i)(?P<key>heroku[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})['\"]`), 215 SecretGroupName: "secret", 216 Keywords: []string{"heroku"}, 217 }, 218 { 219 ID: "slack-web-hook", 220 Category: CategorySlack, 221 Title: "Slack Webhook", 222 Severity: "MEDIUM", 223 Regex: MustCompile(`https:\/\/hooks.slack.com\/services\/[A-Za-z0-9+\/]{44,48}`), 224 Keywords: []string{"hooks.slack.com"}, 225 }, 226 { 227 ID: "twilio-api-key", 228 Category: CategoryTwilio, 229 Title: "Twilio API Key", 230 Severity: "MEDIUM", 231 Regex: MustCompile(`SK[0-9a-fA-F]{32}`), 232 Keywords: []string{"SK"}, 233 }, 234 { 235 ID: "age-secret-key", 236 Category: CategoryAge, 237 Title: "Age secret key", 238 Severity: "MEDIUM", 239 Regex: MustCompile(`AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}`), 240 Keywords: []string{"AGE-SECRET-KEY-1"}, 241 }, 242 { 243 ID: "facebook-token", 244 Category: CategoryFacebook, 245 Title: "Facebook token", 246 Severity: "LOW", 247 Regex: MustCompile(`(?i)(?P<key>facebook[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>[a-f0-9]{32})['\"]`), 248 SecretGroupName: "secret", 249 Keywords: []string{"facebook"}, 250 }, 251 { 252 ID: "twitter-token", 253 Category: CategoryTwitter, 254 Title: "Twitter token", 255 Severity: "LOW", 256 Regex: MustCompile(`(?i)(?P<key>twitter[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>[a-f0-9]{35,44})['\"]`), 257 SecretGroupName: "secret", 258 Keywords: []string{"twitter"}, 259 }, 260 { 261 ID: "adobe-client-id", 262 Category: CategoryAdobe, 263 Title: "Adobe Client ID (Oauth Web)", 264 Severity: "LOW", 265 Regex: MustCompile(`(?i)(?P<key>adobe[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>[a-f0-9]{32})['\"]`), 266 SecretGroupName: "secret", 267 Keywords: []string{"adobe"}, 268 }, 269 { 270 ID: "adobe-client-secret", 271 Category: CategoryAdobe, 272 Title: "Adobe Client Secret", 273 Severity: "LOW", 274 Regex: MustCompile(`(p8e-)(?i)[a-z0-9]{32}`), 275 Keywords: []string{"p8e-"}, 276 }, 277 { 278 ID: "alibaba-access-key-id", 279 Category: CategoryAlibaba, 280 Title: "Alibaba AccessKey ID", 281 Severity: "HIGH", 282 Regex: MustCompile(`([^0-9A-Za-z]|^)(?P<secret>(LTAI)(?i)[a-z0-9]{20})([^0-9A-Za-z]|$)`), 283 SecretGroupName: "secret", 284 Keywords: []string{"LTAI"}, 285 }, 286 { 287 ID: "alibaba-secret-key", 288 Category: CategoryAlibaba, 289 Title: "Alibaba Secret Key", 290 Severity: "HIGH", 291 Regex: MustCompile(`(?i)(?P<key>alibaba[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>[a-z0-9]{30})['\"]`), 292 SecretGroupName: "secret", 293 Keywords: []string{"alibaba"}, 294 }, 295 { 296 ID: "asana-client-id", 297 Category: CategoryAsana, 298 Title: "Asana Client ID", 299 Severity: "MEDIUM", 300 Regex: MustCompile(`(?i)(?P<key>asana[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>[0-9]{16})['\"]`), 301 SecretGroupName: "secret", 302 Keywords: []string{"asana"}, 303 }, 304 { 305 ID: "asana-client-secret", 306 Category: CategoryAsana, 307 Title: "Asana Client Secret", 308 Severity: "MEDIUM", 309 Regex: MustCompile(`(?i)(?P<key>asana[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>[a-z0-9]{32})['\"]`), 310 SecretGroupName: "secret", 311 Keywords: []string{"asana"}, 312 }, 313 { 314 ID: "atlassian-api-token", 315 Category: CategoryAtlassian, 316 Title: "Atlassian API token", 317 Severity: "HIGH", 318 Regex: MustCompile(`(?i)(?P<key>atlassian[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>[a-z0-9]{24})['\"]`), 319 SecretGroupName: "secret", 320 Keywords: []string{"atlassian"}, 321 }, 322 { 323 ID: "bitbucket-client-id", 324 Category: CategoryBitbucket, 325 Title: "Bitbucket client ID", 326 Severity: "HIGH", 327 Regex: MustCompile(`(?i)(?P<key>bitbucket[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>[a-z0-9]{32})['\"]`), 328 SecretGroupName: "secret", 329 Keywords: []string{"bitbucket"}, 330 }, 331 { 332 ID: "bitbucket-client-secret", 333 Category: CategoryBitbucket, 334 Title: "Bitbucket client secret", 335 Severity: "HIGH", 336 Regex: MustCompile(`(?i)(?P<key>bitbucket[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>[a-z0-9_\-]{64})['\"]`), 337 SecretGroupName: "secret", 338 Keywords: []string{"bitbucket"}, 339 }, 340 { 341 ID: "beamer-api-token", 342 Category: CategoryBeamer, 343 Title: "Beamer API token", 344 Severity: "LOW", 345 Regex: MustCompile(`(?i)(?P<key>beamer[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>b_[a-z0-9=_\-]{44})['\"]`), 346 SecretGroupName: "secret", 347 Keywords: []string{"beamer"}, 348 }, 349 { 350 ID: "clojars-api-token", 351 Category: CategoryClojars, 352 Title: "Clojars API token", 353 Severity: "MEDIUM", 354 Regex: MustCompile(`(CLOJARS_)(?i)[a-z0-9]{60}`), 355 Keywords: []string{"CLOJARS_"}, 356 }, 357 { 358 ID: "contentful-delivery-api-token", 359 Category: CategoryContentfulDelivery, 360 Title: "Contentful delivery API token", 361 Severity: "LOW", 362 Regex: MustCompile(`(?i)(?P<key>contentful[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>[a-z0-9\-=_]{43})['\"]`), 363 SecretGroupName: "secret", 364 Keywords: []string{"contentful"}, 365 }, 366 { 367 ID: "databricks-api-token", 368 Category: CategoryDatabricks, 369 Title: "Databricks API token", 370 Severity: "MEDIUM", 371 Regex: MustCompile(`dapi[a-h0-9]{32}`), 372 Keywords: []string{"dapi"}, 373 }, 374 { 375 ID: "discord-api-token", 376 Category: CategoryDiscord, 377 Title: "Discord API key", 378 Severity: "MEDIUM", 379 Regex: MustCompile(`(?i)(?P<key>discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>[a-h0-9]{64})['\"]`), 380 SecretGroupName: "secret", 381 Keywords: []string{"discord"}, 382 }, 383 { 384 ID: "discord-client-id", 385 Category: CategoryDiscord, 386 Title: "Discord client ID", 387 Severity: "MEDIUM", 388 Regex: MustCompile(`(?i)(?P<key>discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>[0-9]{18})['\"]`), 389 SecretGroupName: "secret", 390 Keywords: []string{"discord"}, 391 }, 392 { 393 ID: "discord-client-secret", 394 Category: CategoryDiscord, 395 Title: "Discord client secret", 396 Severity: "MEDIUM", 397 Regex: MustCompile(`(?i)(?P<key>discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>[a-z0-9=_\-]{32})['\"]`), 398 SecretGroupName: "secret", 399 Keywords: []string{"discord"}, 400 }, 401 { 402 ID: "doppler-api-token", 403 Category: CategoryDoppler, 404 Title: "Doppler API token", 405 Severity: "MEDIUM", 406 Regex: MustCompile(`['\"](dp\.pt\.)(?i)[a-z0-9]{43}['\"]`), 407 Keywords: []string{"dp.pt."}, 408 }, 409 { 410 ID: "dropbox-api-secret", 411 Category: CategoryDropbox, 412 Title: "Dropbox API secret/key", 413 Severity: "HIGH", 414 Regex: MustCompile(`(?i)(dropbox[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{15})['\"]`), 415 Keywords: []string{"dropbox"}, 416 }, 417 { 418 ID: "dropbox-short-lived-api-token", 419 Category: CategoryDropbox, 420 Title: "Dropbox short lived API token", 421 Severity: "HIGH", 422 Regex: MustCompile(`(?i)(dropbox[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](sl\.[a-z0-9\-=_]{135})['\"]`), 423 Keywords: []string{"dropbox"}, 424 }, 425 { 426 ID: "dropbox-long-lived-api-token", 427 Category: CategoryDropbox, 428 Title: "Dropbox long lived API token", 429 Severity: "HIGH", 430 Regex: MustCompile(`(?i)(dropbox[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"][a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\-_=]{43}['\"]`), 431 Keywords: []string{"dropbox"}, 432 }, 433 { 434 ID: "duffel-api-token", 435 Category: CategoryDuffel, 436 Title: "Duffel API token", 437 Severity: "LOW", 438 Regex: MustCompile(`['\"]duffel_(test|live)_(?i)[a-z0-9_-]{43}['\"]`), 439 Keywords: []string{"duffel_test_", "duffel_live_"}, 440 }, 441 { 442 ID: "dynatrace-api-token", 443 Category: CategoryDynatrace, 444 Title: "Dynatrace API token", 445 Severity: "MEDIUM", 446 Regex: MustCompile(`['\"]dt0c01\.(?i)[a-z0-9]{24}\.[a-z0-9]{64}['\"]`), 447 Keywords: []string{"dt0c01."}, 448 }, 449 { 450 ID: "easypost-api-token", 451 Category: CategoryEasypost, 452 Title: "EasyPost API token", 453 Severity: "LOW", 454 Regex: MustCompile(`['\"]EZ[AT]K(?i)[a-z0-9]{54}['\"]`), 455 Keywords: []string{"EZAK", "EZAT"}, 456 }, 457 { 458 ID: "fastly-api-token", 459 Category: CategoryFastly, 460 Title: "Fastly API token", 461 Severity: "MEDIUM", 462 Regex: MustCompile(`(?i)(?P<key>fastly[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>[a-z0-9\-=_]{32})['\"]`), 463 SecretGroupName: "secret", 464 Keywords: []string{"fastly"}, 465 }, 466 { 467 ID: "finicity-client-secret", 468 Category: CategoryFinicity, 469 Title: "Finicity client secret", 470 Severity: "MEDIUM", 471 Regex: MustCompile(`(?i)(?P<key>finicity[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>[a-z0-9]{20})['\"]`), 472 SecretGroupName: "secret", 473 Keywords: []string{"finicity"}, 474 }, 475 { 476 ID: "finicity-api-token", 477 Category: CategoryFinicity, 478 Title: "Finicity API token", 479 Severity: "MEDIUM", 480 Regex: MustCompile(`(?i)(?P<key>finicity[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>[a-f0-9]{32})['\"]`), 481 SecretGroupName: "secret", 482 Keywords: []string{"finicity"}, 483 }, 484 { 485 ID: "flutterwave-public-key", 486 Category: CategoryFlutterwave, 487 Title: "Flutterwave public/secret key", 488 Severity: "MEDIUM", 489 Regex: MustCompile(`FLW(PUB|SEC)K_TEST-(?i)[a-h0-9]{32}-X`), 490 Keywords: []string{"FLWSECK_TEST-", "FLWPUBK_TEST-"}, 491 }, 492 { 493 ID: "flutterwave-enc-key", 494 Category: CategoryFlutterwave, 495 Title: "Flutterwave encrypted key", 496 Severity: "MEDIUM", 497 Regex: MustCompile(`FLWSECK_TEST[a-h0-9]{12}`), 498 Keywords: []string{"FLWSECK_TEST"}, 499 }, 500 { 501 ID: "frameio-api-token", 502 Category: CategoryFrameio, 503 Title: "Frame.io API token", 504 Severity: "LOW", 505 Regex: MustCompile(`fio-u-(?i)[a-z0-9\-_=]{64}`), 506 Keywords: []string{"fio-u-"}, 507 }, 508 { 509 ID: "gocardless-api-token", 510 Category: CategoryGoCardless, 511 Title: "GoCardless API token", 512 Severity: "MEDIUM", 513 Regex: MustCompile(`['\"]live_(?i)[a-z0-9\-_=]{40}['\"]`), 514 Keywords: []string{"live_"}, 515 }, 516 { 517 ID: "grafana-api-token", 518 Category: CategoryGrafana, 519 Title: "Grafana API token", 520 Severity: "MEDIUM", 521 Regex: MustCompile(`['\"]eyJrIjoi(?i)[a-z0-9\-_=]{72,92}['\"]`), 522 Keywords: []string{"eyJrIjoi"}, 523 }, 524 { 525 ID: "hashicorp-tf-api-token", 526 Category: CategoryHashiCorp, 527 Title: "HashiCorp Terraform user/org API token", 528 Severity: "MEDIUM", 529 Regex: MustCompile(`['\"](?i)[a-z0-9]{14}\.atlasv1\.[a-z0-9\-_=]{60,70}['\"]`), 530 Keywords: []string{"atlasv1."}, 531 }, 532 { 533 ID: "hubspot-api-token", 534 Title: "HubSpot API token", 535 Category: CategoryHubSpot, 536 Severity: "LOW", 537 Regex: MustCompile(`(?i)(?P<key>hubspot[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>[a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\"]`), 538 SecretGroupName: "secret", 539 Keywords: []string{"hubspot"}, 540 }, 541 { 542 ID: "intercom-api-token", 543 Category: CategoryIntercom, 544 Title: "Intercom API token", 545 Severity: "LOW", 546 Regex: MustCompile(`(?i)(?P<key>intercom[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>[a-z0-9=_]{60})['\"]`), 547 SecretGroupName: "secret", 548 Keywords: []string{"intercom"}, 549 }, 550 { 551 ID: "intercom-client-secret", 552 Category: CategoryIntercom, 553 Title: "Intercom client secret/ID", 554 Severity: "LOW", 555 Regex: MustCompile(`(?i)(?P<key>intercom[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>[a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\"]`), 556 SecretGroupName: "secret", 557 Keywords: []string{"intercom"}, 558 }, 559 { 560 ID: "ionic-api-token", 561 Category: CategoryIonic, 562 Title: "Ionic API token", 563 Regex: MustCompile(`(?i)(ionic[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](ion_[a-z0-9]{42})['\"]`), 564 Keywords: []string{"ionic"}, 565 }, 566 { 567 ID: "jwt-token", 568 Category: CategoryJWT, 569 Title: "JWT token", 570 Severity: "MEDIUM", 571 Regex: MustCompile(`ey[a-zA-Z0-9]{17,}\.ey[a-zA-Z0-9\/\\_-]{17,}\.(?:[a-zA-Z0-9\/\\_-]{10,}={0,2})?`), 572 Keywords: []string{"jwt"}, 573 }, 574 { 575 ID: "linear-api-token", 576 Category: CategoryLinear, 577 Title: "Linear API token", 578 Severity: "MEDIUM", 579 Regex: MustCompile(`lin_api_(?i)[a-z0-9]{40}`), 580 Keywords: []string{"lin_api_"}, 581 }, 582 { 583 ID: "linear-client-secret", 584 Category: CategoryLinear, 585 Title: "Linear client secret/ID", 586 Severity: "MEDIUM", 587 Regex: MustCompile(`(?i)(?P<key>linear[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>[a-f0-9]{32})['\"]`), 588 SecretGroupName: "secret", 589 Keywords: []string{"linear"}, 590 }, 591 { 592 ID: "lob-api-key", 593 Category: CategoryLob, 594 Title: "Lob API Key", 595 Severity: "LOW", 596 Regex: MustCompile(`(?i)(?P<key>lob[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>(live|test)_[a-f0-9]{35})['\"]`), 597 SecretGroupName: "secret", 598 Keywords: []string{"lob"}, 599 }, 600 { 601 ID: "lob-pub-api-key", 602 Category: CategoryLob, 603 Title: "Lob Publishable API Key", 604 Severity: "LOW", 605 Regex: MustCompile(`(?i)(?P<key>lob[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>(test|live)_pub_[a-f0-9]{31})['\"]`), 606 SecretGroupName: "secret", 607 Keywords: []string{"lob"}, 608 }, 609 { 610 ID: "mailchimp-api-key", 611 Category: CategoryMailchimp, 612 Title: "Mailchimp API key", 613 Severity: "MEDIUM", 614 Regex: MustCompile(`(?i)(?P<key>mailchimp[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>[a-f0-9]{32}-us20)['\"]`), 615 SecretGroupName: "secret", 616 Keywords: []string{"mailchimp"}, 617 }, 618 { 619 ID: "mailgun-token", 620 Category: CategoryMailgun, 621 Title: "Mailgun private API token", 622 Severity: "MEDIUM", 623 Regex: MustCompile(`(?i)(?P<key>mailgun[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>(pub)?key-[a-f0-9]{32})['\"]`), 624 SecretGroupName: "secret", 625 Keywords: []string{"mailgun"}, 626 }, 627 { 628 ID: "mailgun-signing-key", 629 Category: CategoryMailgun, 630 Title: "Mailgun webhook signing key", 631 Severity: "MEDIUM", 632 Regex: MustCompile(`(?i)(?P<key>mailgun[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>[a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})['\"]`), 633 SecretGroupName: "secret", 634 Keywords: []string{"mailgun"}, 635 }, 636 { 637 ID: "mapbox-api-token", 638 Category: CategoryMapbox, 639 Title: "Mapbox API token", 640 Severity: "MEDIUM", 641 Regex: MustCompile(`(?i)(pk\.[a-z0-9]{60}\.[a-z0-9]{22})`), 642 Keywords: []string{"pk."}, 643 }, 644 { 645 ID: "messagebird-api-token", 646 Category: CategoryMessageBird, 647 Title: "MessageBird API token", 648 Severity: "MEDIUM", 649 Regex: MustCompile(`(?i)(?P<key>messagebird[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>[a-z0-9]{25})['\"]`), 650 SecretGroupName: "secret", 651 Keywords: []string{"messagebird"}, 652 }, 653 { 654 ID: "messagebird-client-id", 655 Category: CategoryMessageBird, 656 Title: "MessageBird API client ID", 657 Severity: "MEDIUM", 658 Regex: MustCompile(`(?i)(?P<key>messagebird[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>[a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\"]`), 659 SecretGroupName: "secret", 660 Keywords: []string{"messagebird"}, 661 }, 662 { 663 ID: "new-relic-user-api-key", 664 Category: CategoryNewRelic, 665 Title: "New Relic user API Key", 666 Severity: "MEDIUM", 667 Regex: MustCompile(`['\"](NRAK-[A-Z0-9]{27})['\"]`), 668 Keywords: []string{"NRAK-"}, 669 }, 670 { 671 ID: "new-relic-user-api-id", 672 Category: CategoryNewRelic, 673 Title: "New Relic user API ID", 674 Severity: "MEDIUM", 675 Regex: MustCompile(`(?i)(?P<key>newrelic[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>[A-Z0-9]{64})['\"]`), 676 SecretGroupName: "secret", 677 Keywords: []string{"newrelic"}, 678 }, 679 { 680 ID: "new-relic-browser-api-token", 681 Category: CategoryNewRelic, 682 Title: "New Relic ingest browser API token", 683 Severity: "MEDIUM", 684 Regex: MustCompile(`['\"](NRJS-[a-f0-9]{19})['\"]`), 685 Keywords: []string{"NRJS-"}, 686 }, 687 { 688 ID: "npm-access-token", 689 Category: CategoryNpm, 690 Title: "npm access token", 691 Severity: "CRITICAL", 692 Regex: MustCompile(`['\"](npm_(?i)[a-z0-9]{36})['\"]`), 693 Keywords: []string{"npm_"}, 694 }, 695 { 696 ID: "planetscale-password", 697 Category: CategoryPlanetscale, 698 Title: "PlanetScale password", 699 Severity: "MEDIUM", 700 Regex: MustCompile(`pscale_pw_(?i)[a-z0-9\-_\.]{43}`), 701 Keywords: []string{"pscale_pw_"}, 702 }, 703 { 704 ID: "planetscale-api-token", 705 Category: CategoryPlanetscale, 706 Title: "PlanetScale API token", 707 Severity: "MEDIUM", 708 Regex: MustCompile(`pscale_tkn_(?i)[a-z0-9\-_\.]{43}`), 709 Keywords: []string{"pscale_tkn_"}, 710 }, 711 { 712 ID: "postman-api-token", 713 Category: CategoryPostman, 714 Title: "Postman API token", 715 Severity: "MEDIUM", 716 Regex: MustCompile(`PMAK-(?i)[a-f0-9]{24}\-[a-f0-9]{34}`), 717 Keywords: []string{"PMAK-"}, 718 }, 719 { 720 ID: "pulumi-api-token", 721 Category: CategoryPulumi, 722 Title: "Pulumi API token", 723 Severity: "HIGH", 724 Regex: MustCompile(`pul-[a-f0-9]{40}`), 725 Keywords: []string{"pul-"}, 726 }, 727 { 728 ID: "rubygems-api-token", 729 Category: CategoryRubyGems, 730 Title: "Rubygem API token", 731 Severity: "MEDIUM", 732 Regex: MustCompile(`rubygems_[a-f0-9]{48}`), 733 Keywords: []string{"rubygems_"}, 734 }, 735 { 736 ID: "sendgrid-api-token", 737 Category: CategorySendGrid, 738 Title: "SendGrid API token", 739 Severity: "MEDIUM", 740 Regex: MustCompile(`SG\.(?i)[a-z0-9_\-\.]{66}`), 741 Keywords: []string{"SG."}, 742 }, 743 { 744 ID: "sendinblue-api-token", 745 Category: CategorySendinblue, 746 Title: "Sendinblue API token", 747 Severity: "LOW", 748 Regex: MustCompile(`xkeysib-[a-f0-9]{64}\-(?i)[a-z0-9]{16}`), 749 Keywords: []string{"xkeysib-"}, 750 }, 751 { 752 ID: "shippo-api-token", 753 Category: CategoryShippo, 754 Title: "Shippo API token", 755 Severity: "LOW", 756 Regex: MustCompile(`shippo_(live|test)_[a-f0-9]{40}`), 757 Keywords: []string{"shippo_live_", "shippo_test_"}, 758 }, 759 { 760 ID: "linkedin-client-secret", 761 Category: CategoryLinkedIn, 762 Title: "LinkedIn Client secret", 763 Severity: "LOW", 764 Regex: MustCompile(`(?i)(?P<key>linkedin[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>[a-z]{16})['\"]`), 765 SecretGroupName: "secret", 766 Keywords: []string{"linkedin"}, 767 }, 768 { 769 ID: "linkedin-client-id", 770 Category: CategoryLinkedIn, 771 Title: "LinkedIn Client ID", 772 Severity: "LOW", 773 Regex: MustCompile(`(?i)(?P<key>linkedin[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>[a-z0-9]{14})['\"]`), 774 SecretGroupName: "secret", 775 Keywords: []string{"linkedin"}, 776 }, 777 { 778 ID: "twitch-api-token", 779 Category: CategoryTwitch, 780 Title: "Twitch API token", 781 Severity: "LOW", 782 Regex: MustCompile(`(?i)(?P<key>twitch[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](?P<secret>[a-z0-9]{30})['\"]`), 783 SecretGroupName: "secret", 784 Keywords: []string{"twitch"}, 785 }, 786 { 787 ID: "typeform-api-token", 788 Category: CategoryTypeform, 789 Title: "Typeform API token", 790 Severity: "LOW", 791 Regex: MustCompile(`(?i)(?P<key>typeform[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}(?P<secret>tfp_[a-z0-9\-_\.=]{59})`), 792 SecretGroupName: "secret", 793 Keywords: []string{"typeform"}, 794 }, 795 }