diff --git a/bench_loki_test.go b/bench_loki_test.go new file mode 100644 index 0000000..e16e2c0 --- /dev/null +++ b/bench_loki_test.go @@ -0,0 +1,228 @@ +package logparser + +import ( + "encoding/json" + "fmt" + "io" + "net/http" + "net/url" + "testing" + "time" +) + +type lokiQueryResponse struct { + Data struct { + Result []struct { + Values [][]string `json:"values"` + } `json:"result"` + } `json:"data"` +} + +// fetchLokiLogs queries Loki for recent logs from a pod. +func fetchLokiLogs(lokiURL, podName string, limit int) ([]string, error) { + query := fmt.Sprintf(`{pod=~"%s.*"}`, podName) + params := url.Values{ + "query": {query}, + "limit": {fmt.Sprintf("%d", limit)}, + } + reqURL := fmt.Sprintf("%s/loki/api/v1/query_range?%s&start=%d&end=%d", + lokiURL, params.Encode(), + time.Now().Add(-1*time.Hour).UnixNano(), + time.Now().UnixNano(), + ) + + resp, err := http.Get(reqURL) + if err != nil { + return nil, fmt.Errorf("loki request failed: %w", err) + } + defer resp.Body.Close() + + body, err := io.ReadAll(resp.Body) + if err != nil { + return nil, fmt.Errorf("reading response: %w", err) + } + + if resp.StatusCode != 200 { + return nil, fmt.Errorf("loki returned %d: %s", resp.StatusCode, string(body[:minInt(len(body), 200)])) + } + + var result lokiQueryResponse + if err := json.Unmarshal(body, &result); err != nil { + return nil, fmt.Errorf("parsing response: %w", err) + } + + var lines []string + for _, stream := range result.Data.Result { + for _, entry := range stream.Values { + if len(entry) >= 2 { + lines = append(lines, entry[1]) + } + } + } + return lines, nil +} + +// TestLokiBenchmark fetches real logs from Loki and benchmarks sensitive data detection. +// Run with: go test -v -run TestLokiBenchmark -timeout 60s -count=1 +// Requires Loki at localhost:3100 with services-server pod logs. +func TestLokiBenchmark(t *testing.T) { + lokiURL := "http://localhost:3100" + podName := "services-server" + logLimit := 5000 + + t.Logf("Fetching up to %d logs from Loki for pod %s...", logLimit, podName) + lines, err := fetchLokiLogs(lokiURL, podName, logLimit) + if err != nil { + t.Skipf("Skipping Loki benchmark (Loki not available): %v", err) + return + } + + if len(lines) == 0 { + t.Skipf("No logs found for pod %s", podName) + return + } + t.Logf("Fetched %d log lines", len(lines)) + + // Show sample lines + for i, line := range lines { + if i >= 3 { + break + } + if len(line) > 120 { + line = line[:120] + "..." + } + t.Logf(" Sample[%d]: %s", i, line) + } + + // Load patterns at each confidence level + configs := []struct { + name string + confidence string + }{ + {"high-only", "high"}, + {"medium+high", "medium"}, + {"all (low+medium+high)", "low"}, + } + + for _, cfg := range configs { + patterns, err := LoadPatterns(cfg.confidence) + if err != nil { + t.Fatalf("LoadPatterns(%s): %v", cfg.confidence, err) + } + + t.Logf("\n=== %s (%d patterns) ===", cfg.name, len(patterns)) + + // Benchmark: time all lines + start := time.Now() + totalMatches := 0 + matchNames := map[string]int{} + for _, line := range lines { + matches := DetectSensitiveData(line, "bench", patterns) + totalMatches += len(matches) + for _, m := range matches { + matchNames[m.name]++ + } + } + elapsed := time.Since(start) + + perLine := elapsed / time.Duration(len(lines)) + linesPerSec := float64(len(lines)) / elapsed.Seconds() + + t.Logf(" Lines: %d", len(lines)) + t.Logf(" Total time: %v", elapsed) + t.Logf(" Per line: %v", perLine) + t.Logf(" Lines/sec: %.0f", linesPerSec) + t.Logf(" Matches: %d", totalMatches) + + if totalMatches > 0 { + t.Logf(" Match breakdown:") + for name, count := range matchNames { + t.Logf(" %s: %d", name, count) + } + + // Show sample matched lines + t.Logf(" Sample matches:") + shown := 0 + for _, line := range lines { + matches := DetectSensitiveData(line, "bench", patterns) + if len(matches) > 0 { + sample := line + if len(sample) > 150 { + sample = sample[:150] + "..." + } + t.Logf(" [%s] %s", matches[0].name, sample) + shown++ + if shown >= 5 { + break + } + } + } + } + + // Compare with old-style (no pre-filter) + startOld := time.Now() + for _, line := range lines { + for j := range patterns { + if patterns[j].Pattern.MatchString(line) { + _ = patterns[j].Pattern.FindString(line) + break + } + } + } + elapsedOld := time.Since(startOld) + + speedup := float64(elapsedOld) / float64(elapsed) + t.Logf(" Old style: %v (%.1fx slower)", elapsedOld, speedup) + } + + // Test with sampling + t.Logf("\n=== Sampling benchmark (medium confidence, 1-in-100) ===") + patterns, _ := LoadPatterns("medium") + start := time.Now() + sampled := 0 + for i, line := range lines { + if i%100 != 0 { + continue + } + sampled++ + DetectSensitiveData(line, "bench", patterns) + } + elapsed := time.Since(start) + t.Logf(" Sampled: %d/%d lines", sampled, len(lines)) + t.Logf(" Total time: %v", elapsed) + if sampled > 0 { + t.Logf(" Per sampled: %v", elapsed/time.Duration(sampled)) + } + + // Estimate throughput at scale + t.Logf("\n=== Throughput estimates ===") + patternsHigh, _ := LoadPatterns("high") + patternsMed, _ := LoadPatterns("medium") + + for _, scenario := range []struct { + name string + patterns []PrecompiledPattern + }{ + {"high-only", patternsHigh}, + {"medium+high", patternsMed}, + } { + benchStart := time.Now() + iterations := 0 + for time.Since(benchStart) < 2*time.Second { + for _, line := range lines { + DetectSensitiveData(line, "bench", scenario.patterns) + iterations++ + } + } + benchElapsed := time.Since(benchStart) + lps := float64(iterations) / benchElapsed.Seconds() + t.Logf(" %s: %.0f lines/sec (%.0f pods @ 100 lines/sec)", scenario.name, lps, lps/100) + } +} + +func minInt(a, b int) int { + if a < b { + return a + } + return b +} diff --git a/bench_test.go b/bench_test.go new file mode 100644 index 0000000..93b47fe --- /dev/null +++ b/bench_test.go @@ -0,0 +1,108 @@ +package logparser + +import ( + "strings" + "testing" +) + +// BenchmarkDetectSensitiveData_NoMatch benchmarks detection on a normal log line +// that doesn't contain any sensitive data (worst case: all patterns checked). +func BenchmarkDetectSensitiveData_NoMatch(b *testing.B) { + patterns, err := LoadPatterns("medium") + if err != nil { + b.Fatal(err) + } + line := `2024-01-15T10:30:45.123Z INFO [http-handler] Request processed: method=GET path=/api/v1/users status=200 latency=45ms bytes=1234 user_agent="Mozilla/5.0"` + + b.ResetTimer() + b.ReportAllocs() + for i := 0; i < b.N; i++ { + DetectSensitiveData(line, "abc123", patterns) + } +} + +// BenchmarkDetectSensitiveData_NoMatch_HighOnly benchmarks with only high-confidence patterns. +func BenchmarkDetectSensitiveData_NoMatch_HighOnly(b *testing.B) { + patterns, err := LoadPatterns("high") + if err != nil { + b.Fatal(err) + } + line := `2024-01-15T10:30:45.123Z INFO [http-handler] Request processed: method=GET path=/api/v1/users status=200 latency=45ms bytes=1234 user_agent="Mozilla/5.0"` + + b.ResetTimer() + b.ReportAllocs() + for i := 0; i < b.N; i++ { + DetectSensitiveData(line, "abc123", patterns) + } +} + +// BenchmarkDetectSensitiveData_WithMatch benchmarks detection when a secret is present. +func BenchmarkDetectSensitiveData_WithMatch(b *testing.B) { + patterns, err := LoadPatterns("medium") + if err != nil { + b.Fatal(err) + } + line := `ERROR: Failed to authenticate with AWS key AKIAIOSFODNN7EXAMPLE in region us-east-1` + + b.ResetTimer() + b.ReportAllocs() + for i := 0; i < b.N; i++ { + DetectSensitiveData(line, "abc123", patterns) + } +} + +// BenchmarkDetectSensitiveData_LongLine benchmarks detection on a verbose log line. +func BenchmarkDetectSensitiveData_LongLine(b *testing.B) { + patterns, err := LoadPatterns("medium") + if err != nil { + b.Fatal(err) + } + line := strings.Repeat(`level=info ts=2024-01-15T10:30:45.123Z caller=handler.go:45 msg="Processing batch request" `, 5) + + b.ResetTimer() + b.ReportAllocs() + for i := 0; i < b.N; i++ { + DetectSensitiveData(line, "abc123", patterns) + } +} + +// BenchmarkPrefilterOnly benchmarks just the anchor pre-filter step (no regex). +func BenchmarkPrefilterOnly(b *testing.B) { + patterns, err := LoadPatterns("medium") + if err != nil { + b.Fatal(err) + } + line := `2024-01-15T10:30:45.123Z INFO request processed successfully` + lowerLine := strings.ToLower(line) + + b.ResetTimer() + b.ReportAllocs() + for i := 0; i < b.N; i++ { + for j := range patterns { + if len(patterns[j].Anchors) > 0 { + anchorMatchesLine(lowerLine, patterns[j].Anchors) + } + } + } +} + +// BenchmarkOldStyle_NoPrefilter simulates the old approach: run all regexes without pre-filtering. +func BenchmarkOldStyle_NoPrefilter(b *testing.B) { + patterns, err := LoadPatterns("medium") + if err != nil { + b.Fatal(err) + } + line := `2024-01-15T10:30:45.123Z INFO [http-handler] Request processed: method=GET path=/api/v1/users status=200 latency=45ms bytes=1234` + + b.ResetTimer() + b.ReportAllocs() + for i := 0; i < b.N; i++ { + // Simulate old approach: no anchor check, run every regex + for j := range patterns { + if patterns[j].Pattern.MatchString(line) { + _ = patterns[j].Pattern.FindString(line) + break + } + } + } +} diff --git a/cmd/logparser.go b/cmd/logparser.go index 051f20d..c185852 100644 --- a/cmd/logparser.go +++ b/cmd/logparser.go @@ -30,7 +30,7 @@ func main() { reader := bufio.NewReader(os.Stdin) ch := make(chan logparser.LogEntry) - parser := logparser.NewParser(ch, nil, nil, time.Second, 256, false) + parser := logparser.NewParser(ch, nil, nil, time.Second, 256, logparser.SensitiveConfig{Enabled: true, MinConfidence: "medium"}) t := time.Now() for { line, err := reader.ReadString('\n') diff --git a/impact_test.go b/impact_test.go new file mode 100644 index 0000000..2d7565d --- /dev/null +++ b/impact_test.go @@ -0,0 +1,251 @@ +package logparser + +import ( + "fmt" + "runtime" + "testing" + "time" + "unsafe" +) + +// TestResourceImpact measures actual CPU and memory impact of sensitive detection. +func TestResourceImpact(t *testing.T) { + // ========================================================= + // 1. MEMORY: Pattern storage + // ========================================================= + t.Log("=== MEMORY IMPACT ===") + + runtime.GC() + var m1 runtime.MemStats + runtime.ReadMemStats(&m1) + + patternsHigh, _ := LoadPatterns("high") + patternsMed, _ := LoadPatterns("medium") + patternsAll, _ := LoadPatterns("low") + + runtime.GC() + var m2 runtime.MemStats + runtime.ReadMemStats(&m2) + + t.Logf("Pattern sets loaded (high=%d, med=%d, all=%d)", len(patternsHigh), len(patternsMed), len(patternsAll)) + t.Logf("Heap increase: %d KB", (m2.HeapAlloc-m1.HeapAlloc)/1024) + + // Measure size of a single pattern set in detail + totalAnchorBytes := 0 + totalRegexEstimate := 0 + for _, p := range patternsMed { + for _, a := range p.Anchors { + totalAnchorBytes += len(a) + } + totalAnchorBytes += int(unsafe.Sizeof(p.Anchors)) + len(p.Anchors)*int(unsafe.Sizeof("")) + totalRegexEstimate += len(p.Pattern.String()) * 10 // rough estimate: compiled regex ~10x source + } + t.Logf("Medium pattern set: anchors=%d bytes, regex estimate=%d KB", + totalAnchorBytes, totalRegexEstimate/1024) + + // ========================================================= + // 2. MEMORY: Per-container parser overhead + // ========================================================= + runtime.GC() + var m3 runtime.MemStats + runtime.ReadMemStats(&m3) + + // Simulate 200 containers each with a parser + parsers := make([]*Parser, 200) + for i := range parsers { + ch := make(chan LogEntry, 1) + parsers[i] = NewParser(ch, nil, nil, time.Second, 256, SensitiveConfig{ + Enabled: true, + MinConfidence: "medium", + MaxDetections: 100, + }) + } + + runtime.GC() + var m4 runtime.MemStats + runtime.ReadMemStats(&m4) + + perParser := (m4.HeapAlloc - m3.HeapAlloc) / 200 + t.Logf("\nPer-parser memory (200 parsers): %d KB each", perParser/1024) + t.Logf("Total for 200 parsers: %d MB", (m4.HeapAlloc-m3.HeapAlloc)/1024/1024) + + // Check if patterns are shared or duplicated + // Each parser calls LoadPatterns independently — let's measure + runtime.GC() + var m5 runtime.MemStats + runtime.ReadMemStats(&m5) + + // Patterns are loaded per-parser (embedded in parser struct) + t.Logf("Note: Compiled regexes are shared across parsers (singleton cache)") + t.Logf("Total heap after 200 parsers: %d MB", m5.HeapAlloc/1024/1024) + + for _, p := range parsers { + p.Stop() + } + + // ========================================================= + // 3. MEMORY: Disabled state (current default) + // ========================================================= + runtime.GC() + var m6 runtime.MemStats + runtime.ReadMemStats(&m6) + + disabledParsers := make([]*Parser, 200) + for i := range disabledParsers { + ch := make(chan LogEntry, 1) + disabledParsers[i] = NewParser(ch, nil, nil, time.Second, 256, SensitiveConfig{ + Enabled: false, + }) + } + + runtime.GC() + var m7 runtime.MemStats + runtime.ReadMemStats(&m7) + + perParserDisabled := (m7.HeapAlloc - m6.HeapAlloc) / 200 + t.Logf("\nPer-parser memory (DISABLED): %d KB each", perParserDisabled/1024) + t.Logf("Overhead of enabling sensitive detection: %d KB per parser", + (perParser-perParserDisabled)/1024) + + for _, p := range disabledParsers { + p.Stop() + } + + // ========================================================= + // 4. CPU: Throughput at scale + // ========================================================= + t.Log("\n=== CPU IMPACT ===") + + // Realistic log lines (mix of types from real apps) + sampleLines := []string{ + `{"time":"2024-01-15T10:30:45Z","level":"INFO","msg":"Request processed","status":200,"latency":"45ms"}`, + `2024-01-15 10:30:45.123 INFO [http-handler] GET /api/v1/users 200 45ms`, + `level=info ts=2024-01-15T10:30:45Z caller=handler.go:45 msg="batch complete" items=150`, + `{"time":"2024-01-15T10:30:45Z","level":"ERROR","msg":"connection refused","host":"db-primary","port":5432}`, + `WARN [2024-01-15 10:30:45] Cache miss for key user:12345:profile`, + `{"time":"2024-01-15T10:30:45Z","level":"DEBUG","msg":"SQL query","query":"SELECT * FROM users WHERE id = $1","duration":"2ms"}`, + `INFO Starting health check for service auth-gateway on port 8080`, + `{"time":"2024-01-15T10:30:45Z","level":"INFO","msg":"Kafka message consumed","topic":"events","partition":3,"offset":45678}`, + `ERROR: dial tcp 10.0.0.5:6379: connection refused`, + `{"level":"info","ts":1705312245.123,"msg":"gRPC call completed","method":"/api.v1.Users/Get","code":"OK","duration":0.003}`, + } + + configs := []struct { + name string + cfg SensitiveConfig + }{ + {"disabled (default)", SensitiveConfig{Enabled: false}}, + {"high-only", SensitiveConfig{Enabled: true, MinConfidence: "high"}}, + {"medium (recommended)", SensitiveConfig{Enabled: true, MinConfidence: "medium"}}, + {"medium + 1:100 sampling", SensitiveConfig{Enabled: true, MinConfidence: "medium", SampleRate: 100}}, + {"all (low)", SensitiveConfig{Enabled: true, MinConfidence: "low"}}, + } + + for _, cfg := range configs { + // Create a parser with this config + ch := make(chan LogEntry, 1000) + p := NewParser(ch, nil, nil, time.Second, 256, cfg.cfg) + + // Warm up + for _, line := range sampleLines { + ch <- LogEntry{Timestamp: time.Now(), Content: line, Level: LevelInfo} + } + time.Sleep(100 * time.Millisecond) + + // Measure throughput: send lines as fast as possible for 2 seconds + start := time.Now() + sent := 0 + for time.Since(start) < 2*time.Second { + for _, line := range sampleLines { + ch <- LogEntry{Timestamp: time.Now(), Content: line, Level: LevelInfo} + sent++ + } + } + // Wait for processing to finish + time.Sleep(2 * time.Second) + elapsed := time.Since(start) - 2*time.Second // subtract wait time + lps := float64(sent) / elapsed.Seconds() + + p.Stop() + t.Logf(" %-30s %8.0f lines/sec", cfg.name, lps) + } + + // ========================================================= + // 5. CPU: Per-line cost breakdown + // ========================================================= + t.Log("\n=== PER-LINE COST BREAKDOWN ===") + + patternsMedium, _ := LoadPatterns("medium") + normalLine := `{"time":"2024-01-15T10:30:45Z","level":"INFO","msg":"Request processed","status":200}` + + // Measure ToLower cost + iters := 100000 + start := time.Now() + for i := 0; i < iters; i++ { + _ = fmt.Sprintf("%s", normalLine) // prevent optimization + } + baseline := time.Since(start) + + start = time.Now() + for i := 0; i < iters; i++ { + lowerLine := toLower(normalLine) + _ = lowerLine + } + toLowerCost := time.Since(start) - baseline + + // Measure anchor check cost + lowerLine := toLower(normalLine) + start = time.Now() + for i := 0; i < iters; i++ { + for j := range patternsMedium { + if len(patternsMedium[j].Anchors) > 0 { + anchorMatchesLine(lowerLine, patternsMedium[j].Anchors) + } + } + } + anchorCost := time.Since(start) + + t.Logf(" strings.ToLower: %v per line", toLowerCost/time.Duration(iters)) + t.Logf(" Anchor checks (%d): %v per line", len(patternsMedium), anchorCost/time.Duration(iters)) + t.Logf(" Total pre-filter: %v per line", (toLowerCost+anchorCost)/time.Duration(iters)) + + // ========================================================= + // 6. SCALE PROJECTIONS + // ========================================================= + t.Log("\n=== SCALE PROJECTIONS ===") + t.Log("Assuming 100 lines/sec per container:") + + perLineMedium := 102 * time.Microsecond // from Loki benchmark + perLineHigh := 52 * time.Microsecond + perLineDisabled := time.Duration(0) + + for _, scenario := range []struct { + name string + perLine time.Duration + pods int + }{ + {"disabled", perLineDisabled, 200}, + {"high-only, 200 pods", perLineHigh, 200}, + {"medium, 100 pods", perLineMedium, 100}, + {"medium, 200 pods", perLineMedium, 200}, + {"medium + 1:100 sampling, 200 pods", perLineMedium / 100, 200}, + } { + linesPerSec := scenario.pods * 100 + cpuPerSec := time.Duration(linesPerSec) * scenario.perLine + cpuPct := float64(cpuPerSec) / float64(time.Second) * 100 + t.Logf(" %-42s %d lines/sec → %.1f%% CPU core", scenario.name, linesPerSec, cpuPct) + } +} + +func toLower(s string) string { + // Simple wrapper for benchmarking + b := make([]byte, len(s)) + for i := 0; i < len(s); i++ { + c := s[i] + if c >= 'A' && c <= 'Z' { + c += 'a' - 'A' + } + b[i] = c + } + return string(b) +} diff --git a/parser.go b/parser.go index fb20bff..dffe5f1 100644 --- a/parser.go +++ b/parser.go @@ -6,6 +6,7 @@ import ( "encoding/json" "log" "regexp" + "strings" "sync" "time" ) @@ -18,6 +19,13 @@ var ( unclassifiedPatternHash = "00000000000000000000000000000000" ) +// Shared pattern caches: compiled once, shared across all parsers. +// Key is the minConfidence level. +var ( + patternCacheMu sync.Mutex + patternCache = map[string][]PrecompiledPattern{} +) + type LogEntry struct { Timestamp time.Time Content string @@ -41,8 +49,27 @@ type SensitiveLogCounter struct { } type PrecompiledPattern struct { - Name string - Pattern *regexp.Regexp + Name string + Pattern *regexp.Regexp + Anchors []string // lowercased literal strings for pre-filtering + Confidence string // "high", "medium", "low" +} + +// SensitiveConfig controls sensitive data detection behavior. +type SensitiveConfig struct { + // Enabled turns on sensitive data detection in log lines. + Enabled bool + // SampleRate controls how many lines are checked: 1-in-N. + // 0 or 1 means every line is checked. + SampleRate int + // MinConfidence filters patterns by confidence level. + // "high" = only distinctive-prefix patterns (lowest FP rate) + // "medium" = high + service-keyword patterns (default) + // "low" = all patterns including generic ones (highest FP rate) + MinConfidence string + // MaxDetections caps unique sensitive patterns tracked per parser. + // 0 means no limit. + MaxDetections int } type Parser struct { @@ -57,17 +84,17 @@ type Parser struct { stop func() - onMsgCb OnMsgCallbackF - sensitivePatternsDefinations []PrecompiledPattern + onMsgCb OnMsgCallbackF + sensitivePatternDefinitions []PrecompiledPattern sensitivePatterns map[sensitivePatternKey]*sensitivePatternStat - - disableSensitivePatternDetection bool + sensitiveConfig SensitiveConfig + sensitiveCounter uint64 } type OnMsgCallbackF func(ts time.Time, level Level, patternHash string, msg string) -func NewParser(ch <-chan LogEntry, decoder Decoder, onMsgCallback OnMsgCallbackF, multilineCollectorTimeout time.Duration, patternsPerLevelLimit int, disableSensitiveDataDetection bool) *Parser { +func NewParser(ch <-chan LogEntry, decoder Decoder, onMsgCallback OnMsgCallbackF, multilineCollectorTimeout time.Duration, patternsPerLevelLimit int, sensitiveCfg SensitiveConfig) *Parser { p := &Parser{ decoder: decoder, patterns: map[patternKey]*patternStat{}, @@ -75,16 +102,14 @@ func NewParser(ch <-chan LogEntry, decoder Decoder, onMsgCallback OnMsgCallbackF patternsPerLevelLimit: patternsPerLevelLimit, onMsgCb: onMsgCallback, sensitivePatterns: map[sensitivePatternKey]*sensitivePatternStat{}, - disableSensitivePatternDetection: disableSensitiveDataDetection, + sensitiveConfig: sensitiveCfg, } - if !disableSensitiveDataDetection { - patterns, err := LoadPatterns() + if sensitiveCfg.Enabled { + patterns, err := getOrLoadPatterns(sensitiveCfg.MinConfidence) if err != nil { log.Printf("Error loading sensitive patterns: %v", err) } - p.sensitivePatternsDefinations = patterns - } else { - p.sensitivePatternsDefinations = []PrecompiledPattern{} + p.sensitivePatternDefinitions = patterns } ctx, stop := context.WithCancel(context.Background()) p.stop = stop @@ -138,7 +163,7 @@ func (p *Parser) inc(msg Message) { p.onMsgCb(msg.Timestamp, msg.Level, "", msg.Content) } pattern := NewPattern(msg.Content) - processSensitivePattern(msg, p, pattern) + p.processSensitivePattern(msg, pattern) return } @@ -148,16 +173,27 @@ func (p *Parser) inc(msg Message) { p.onMsgCb(msg.Timestamp, msg.Level, key.hash, msg.Content) } stat.messages++ - processSensitivePattern(msg, p, pattern) - + p.processSensitivePattern(msg, pattern) } -func processSensitivePattern(msg Message, p *Parser, pattern *Pattern) { - if p.disableSensitivePatternDetection { +func (p *Parser) processSensitivePattern(msg Message, pattern *Pattern) { + if !p.sensitiveConfig.Enabled { + return + } + + // Sampling: only check 1-in-N lines. + p.sensitiveCounter++ + if p.sensitiveConfig.SampleRate > 1 && p.sensitiveCounter%uint64(p.sensitiveConfig.SampleRate) != 0 { return } - matchs := DetectSensitiveData(msg.Content, pattern.Hash(), p.sensitivePatternsDefinations) - for _, match := range matchs { + + // Detection cap: stop scanning once we've tracked enough unique patterns. + if p.sensitiveConfig.MaxDetections > 0 && len(p.sensitivePatterns) >= p.sensitiveConfig.MaxDetections { + return + } + + matches := DetectSensitiveData(msg.Content, pattern.Hash(), p.sensitivePatternDefinitions) + for _, match := range matches { sKey := match.sensitivePatternKey stat := p.sensitivePatterns[sKey] if stat == nil { @@ -253,8 +289,9 @@ type sensitivePatternKey struct { } type SensitivePattern struct { - Name string `json:"name"` - Pattern string `json:"pattern"` + Name string `json:"name"` + Pattern string `json:"pattern"` + Confidence string `json:"confidence,omitempty"` } type SensitivePatternMatch struct { @@ -264,38 +301,104 @@ type SensitivePatternMatch struct { hash string } +// confidenceLevel returns a numeric level for sorting: high=3, medium=2, low=1. +func confidenceLevel(c string) int { + switch c { + case "high": + return 3 + case "medium": + return 2 + case "low": + return 1 + default: + return 2 // default to medium + } +} + +// DetectSensitiveData scans a log line against precompiled patterns using +// anchor-based pre-filtering to skip patterns that can't possibly match. func DetectSensitiveData(line string, hash string, precompiledPatterns []PrecompiledPattern) []SensitivePatternMatch { - matches := []SensitivePatternMatch{} - for _, precompiled := range precompiledPatterns { - if precompiled.Pattern.MatchString(line) { - sensitivePart := precompiled.Pattern.FindString(line) + var matches []SensitivePatternMatch + lowerLine := strings.ToLower(line) + + for i := range precompiledPatterns { + p := &precompiledPatterns[i] + + // Pre-filter: if the pattern has anchors, at least one must appear in the line. + if len(p.Anchors) > 0 && !anchorMatchesLine(lowerLine, p.Anchors) { + continue + } + + if p.Pattern.MatchString(line) { + sensitivePart := p.Pattern.FindString(line) + + // Post-match validation for low-confidence patterns: + // reject matches where the captured value doesn't look like a real secret + // (e.g., SQL table names, cache keys, enum values). + if p.Confidence == "low" && !looksLikeSecret(sensitivePart) { + continue + } + key := sensitivePatternKey{ pattern: sensitivePart, hash: hash, } - matches = append(matches, SensitivePatternMatch{name: precompiled.Name, sensitivePatternKey: key, regex: precompiled.Pattern.String(), hash: hash}) + matches = append(matches, SensitivePatternMatch{name: p.Name, sensitivePatternKey: key, regex: p.Pattern.String(), hash: hash}) break } } return matches } -func LoadPatterns() ([]PrecompiledPattern, error) { +// getOrLoadPatterns returns a shared, cached pattern set for the given +// confidence level. Compiled regexes are loaded once and reused across all +// parsers — avoids duplicating ~2 MB of compiled regex state per container. +func getOrLoadPatterns(minConfidence string) ([]PrecompiledPattern, error) { + patternCacheMu.Lock() + defer patternCacheMu.Unlock() + + if cached, ok := patternCache[minConfidence]; ok { + return cached, nil + } + patterns, err := LoadPatterns(minConfidence) + if err != nil { + return nil, err + } + patternCache[minConfidence] = patterns + return patterns, nil +} + +// LoadPatterns loads and compiles sensitive data patterns, filtering by +// minimum confidence level. Patterns below minConfidence are excluded. +func LoadPatterns(minConfidence string) ([]PrecompiledPattern, error) { var patterns []SensitivePattern err := json.Unmarshal(sensitivePatternsJSON, &patterns) if err != nil { return nil, err } - precompiled := []PrecompiledPattern{} + + minLevel := confidenceLevel(minConfidence) + + precompiled := make([]PrecompiledPattern, 0, len(patterns)) for _, pattern := range patterns { + confidence := pattern.Confidence + if confidence == "" { + confidence = "medium" + } + if confidenceLevel(confidence) < minLevel { + continue + } + re, err := regexp.Compile(pattern.Pattern) if err != nil { log.Printf("Error compiling pattern '%s': %v", pattern.Name, err) continue } precompiled = append(precompiled, PrecompiledPattern{ - Name: pattern.Name, - Pattern: re, + Name: pattern.Name, + Pattern: re, + Anchors: extractAnchors(pattern.Pattern), + Confidence: confidence, }) } return precompiled, nil diff --git a/parser_test.go b/parser_test.go index 2633c38..c867327 100644 --- a/parser_test.go +++ b/parser_test.go @@ -11,7 +11,10 @@ import ( func TestParser(t *testing.T) { ch := make(chan LogEntry) - parser := NewParser(ch, nil, nil, time.Second, 256, false) + parser := NewParser(ch, nil, nil, time.Second, 256, SensitiveConfig{ + Enabled: true, + MinConfidence: "high", + }) ch <- LogEntry{Timestamp: time.Now(), Content: "INFO:root:AWS access key: AKIAIOSFODNN7EXAMPLE", Level: LevelInfo} @@ -22,11 +25,86 @@ func TestParser(t *testing.T) { parser.Stop() } +func TestParserSensitiveDisabled(t *testing.T) { + ch := make(chan LogEntry) + parser := NewParser(ch, nil, nil, time.Second, 256, SensitiveConfig{ + Enabled: false, + }) + + ch <- LogEntry{Timestamp: time.Now(), Content: "INFO:root:AWS access key: AKIAIOSFODNN7EXAMPLE", Level: LevelInfo} + time.Sleep(3 * time.Second) + counts := parser.GetSensitiveCounters() + assert.Equal(t, 0, len(counts)) + parser.Stop() +} + +func TestParserSensitiveSampling(t *testing.T) { + ch := make(chan LogEntry) + // Sample 1 in 10 lines + parser := NewParser(ch, nil, nil, time.Second, 256, SensitiveConfig{ + Enabled: true, + SampleRate: 10, + MinConfidence: "high", + }) + + // Send 20 lines, only ~2 should be checked (lines 10 and 20). + for i := 0; i < 20; i++ { + ch <- LogEntry{Timestamp: time.Now(), Content: "INFO:root:AWS access key: AKIAIOSFODNN7EXAMPLE", Level: LevelInfo} + } + time.Sleep(3 * time.Second) + counts := parser.GetSensitiveCounters() + // Should detect the pattern, but with fewer messages than 20 + if len(counts) > 0 { + total := 0 + for _, c := range counts { + total += c.Messages + } + assert.True(t, total < 20, "sampling should reduce detections, got %d", total) + assert.True(t, total > 0, "should still detect some") + } + parser.Stop() +} + +func TestParserSensitiveMaxDetections(t *testing.T) { + ch := make(chan LogEntry) + parser := NewParser(ch, nil, nil, time.Second, 256, SensitiveConfig{ + Enabled: true, + MinConfidence: "high", + MaxDetections: 1, + }) + + ch <- LogEntry{Timestamp: time.Now(), Content: "AWS key: AKIAIOSFODNN7EXAMPLE", Level: LevelError} + ch <- LogEntry{Timestamp: time.Now(), Content: "GitHub token: ghp_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefgh", Level: LevelError} + time.Sleep(3 * time.Second) + counts := parser.GetSensitiveCounters() + // Should stop after first unique detection + assert.LessOrEqual(t, len(counts), 1) + parser.Stop() +} + +func TestParserMinConfidence(t *testing.T) { + // Load only high-confidence patterns + high, err := LoadPatterns("high") + require.NoError(t, err) + // Load all patterns (low = include everything) + all, err := LoadPatterns("low") + require.NoError(t, err) + + assert.True(t, len(high) < len(all), "high-confidence set should be smaller than full set") + assert.True(t, len(high) > 0, "should have some high-confidence patterns") + + // Verify all high-confidence patterns are actually marked high + for _, p := range high { + assert.Equal(t, "high", p.Confidence, "pattern %s should be high confidence", p.Name) + } +} + func TestParserCardinalityLimit(t *testing.T) { p := &Parser{ patterns: map[patternKey]*patternStat{}, patternsPerLevel: map[Level]int{}, patternsPerLevelLimit: 2, + sensitivePatterns: map[sensitivePatternKey]*sensitivePatternStat{}, } msgs := []string{ diff --git a/sensitive_filter.go b/sensitive_filter.go new file mode 100644 index 0000000..7641555 --- /dev/null +++ b/sensitive_filter.go @@ -0,0 +1,163 @@ +package logparser + +import ( + "math" + "regexp" + "strings" +) + +// nonCapGroupRE matches (?:...), (?i:...), (?-i:...) groups without nested parentheses. +var nonCapGroupRE = regexp.MustCompile(`\(\?(?:-?i)?:([^()]+)\)`) + +// extractAnchors extracts case-insensitive literal substrings from a regex +// that must appear in any matching string. These serve as cheap pre-filters: +// if none of the anchors appear in a log line, the full regex can be skipped. +// Returns nil if no reliable anchors can be extracted. +func extractAnchors(regexStr string) []string { + var anchors []string + + // Find non-capturing groups and extract literal alternatives. + // Handles patterns like (?:adafruit), (?:AKIA|ASIA|ABIA), (?-i:Okta|OKTA). + for _, m := range nonCapGroupRE.FindAllStringSubmatch(regexStr, -1) { + content := m[1] + for _, alt := range strings.Split(content, "|") { + lit := leadingLiteral(alt) + if len(lit) >= 3 { + anchors = append(anchors, strings.ToLower(lit)) + } + } + } + + if len(anchors) > 0 { + return dedupStrings(anchors) + } + + // Fallback: extract literal prefix from the regex itself. + // Handles patterns like ops_eyJ..., AGE-SECRET-KEY-..., shpat_... + cleaned := regexStr + for { + n := len(cleaned) + for _, pfx := range []string{`\b`, `(?i)`, `^`, `(?:`, `(`} { + cleaned = strings.TrimPrefix(cleaned, pfx) + } + if len(cleaned) == n { + break + } + } + lit := leadingLiteral(cleaned) + if len(lit) >= 3 { + return []string{strings.ToLower(lit)} + } + + return nil +} + +// leadingLiteral extracts leading literal characters from a string, +// stopping at the first regex metacharacter. +func leadingLiteral(s string) string { + var b strings.Builder + for _, c := range s { + if (c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || + (c >= '0' && c <= '9') || c == '_' || c == '-' || c == '.' { + b.WriteRune(c) + } else { + break + } + } + return b.String() +} + +// anchorMatchesLine checks if any anchor substring appears in the lowercased line. +func anchorMatchesLine(lowerLine string, anchors []string) bool { + for _, a := range anchors { + if strings.Contains(lowerLine, a) { + return true + } + } + return false +} + +// shannonEntropy calculates the Shannon entropy of a string in bits per character. +// Real secrets (API keys, tokens) have high entropy (~4-6 bits). +// Normal strings (English words, table names) have low entropy (~2-3 bits). +func shannonEntropy(s string) float64 { + if len(s) == 0 { + return 0 + } + freq := make(map[rune]int, 64) + for _, c := range s { + freq[c]++ + } + length := float64(len([]rune(s))) + entropy := 0.0 + for _, count := range freq { + p := float64(count) / length + if p > 0 { + entropy -= p * math.Log2(p) + } + } + return entropy +} + +// looksLikeSecret checks whether a matched value has the characteristics of +// a real secret rather than a normal application string. This is applied as +// a post-match filter for low-confidence patterns to reduce false positives. +// +// Real secrets (API keys, tokens, webhook URLs) tend to have: +// - High character entropy (random-looking) +// - Mix of character classes (upper, lower, digits) +// +// False positives (SQL tables, cache keys, enum values) tend to have: +// - Low entropy (English words, underscores) +// - Single character class (all lowercase + underscores) +func looksLikeSecret(s string) bool { + if len(s) < 10 { + return false + } + + // Count character classes + var hasUpper, hasLower, hasDigit bool + for _, c := range s { + switch { + case c >= 'A' && c <= 'Z': + hasUpper = true + case c >= 'a' && c <= 'z': + hasLower = true + case c >= '0' && c <= '9': + hasDigit = true + } + } + + classes := 0 + if hasUpper { + classes++ + } + if hasLower { + classes++ + } + if hasDigit { + classes++ + } + + // Require at least 2 character classes (e.g., lower+digit, or upper+lower) + if classes < 2 { + return false + } + + // Require minimum entropy to filter out structured-but-predictable strings. + // Real tokens/keys: ~4.0+ bits (e.g., hex string = 4.0, base64 = ~5.2) + // English words with separators: ~2.5-3.5 bits + return shannonEntropy(s) >= 3.5 +} + +func dedupStrings(ss []string) []string { + seen := make(map[string]struct{}, len(ss)) + out := make([]string, 0, len(ss)) + for _, s := range ss { + if _, ok := seen[s]; !ok { + seen[s] = struct{}{} + out = append(out, s) + } + } + return out +} diff --git a/sensitive_filter_test.go b/sensitive_filter_test.go new file mode 100644 index 0000000..4ee2f4d --- /dev/null +++ b/sensitive_filter_test.go @@ -0,0 +1,204 @@ +package logparser + +import ( + "strings" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestExtractAnchors(t *testing.T) { + tests := []struct { + name string + regex string + expected []string + }{ + { + name: "AWS key pattern with alternation", + regex: `\b((?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16})\b`, + expected: []string{"a3t", "akia", "asia", "abia", "acca"}, + }, + { + name: "keyword pattern - adafruit", + regex: `(?i)[\w.-]{0,50}?(?:adafruit)(?:[ \t\w.-]{0,20})`, + expected: []string{"adafruit"}, + }, + { + name: "keyword pattern - discord", + regex: `(?i)[\w.-]{0,50}?(?:discord)(?:[ \t\w.-]{0,20})`, + expected: []string{"discord"}, + }, + { + name: "literal prefix - age secret key", + regex: `AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}`, + expected: []string{"age-secret-key-1"}, + }, + { + name: "literal prefix - shopify", + regex: `shpat_[a-fA-F0-9]{32}`, + expected: []string{"shpat_"}, + }, + { + name: "literal prefix with \b - github pat", + regex: `ghp_[0-9a-zA-Z]{36}`, + expected: []string{"ghp_"}, + }, + { + name: "case insensitive group - okta", + regex: `[\w.-]{0,50}?(?i:[\w.-]{0,50}?(?:(?-i:Okta|OKTA))(?:[ \t\w.-]{0,20}))`, + expected: []string{"okta"}, + }, + { + name: "no extractable anchors - short prefix", + regex: `\b(ey[a-zA-Z0-9]{17,}\.)`, + expected: nil, + }, + { + name: "multiple service keywords", + regex: `(?i)[\w.-]{0,50}?(?:jfrog|artifactory|bintray|xray)`, + expected: []string{"jfrog", "artifactory", "bintray", "xray"}, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result := extractAnchors(tt.regex) + if tt.expected == nil { + assert.Nil(t, result) + } else { + assert.Equal(t, tt.expected, result) + } + }) + } +} + +func TestAnchorMatchesLine(t *testing.T) { + assert.True(t, anchorMatchesLine("aws key is akiaiosfodnn7example", []string{"akia"})) + assert.True(t, anchorMatchesLine("github token ghp_abc123", []string{"ghp_"})) + assert.False(t, anchorMatchesLine("normal log line with no secrets", []string{"akia", "ghp_"})) + assert.True(t, anchorMatchesLine("using adafruit library", []string{"adafruit"})) +} + +func TestPrefilterEffectiveness(t *testing.T) { + // Load all patterns and verify anchor extraction coverage + patterns, err := LoadPatterns("low") + require.NoError(t, err) + + withAnchors := 0 + for _, p := range patterns { + if len(p.Anchors) > 0 { + withAnchors++ + } + } + + coverage := float64(withAnchors) / float64(len(patterns)) * 100 + t.Logf("Anchor coverage: %d/%d patterns (%.1f%%)", withAnchors, len(patterns), coverage) + + // At least 80% of patterns should have extractable anchors + assert.True(t, coverage >= 80, "anchor coverage should be >= 80%%, got %.1f%%", coverage) +} + +func TestPrefilterSkipsNonMatching(t *testing.T) { + patterns, err := LoadPatterns("high") + require.NoError(t, err) + + // A normal log line should not trigger any anchor matches for most patterns + normalLine := "2024-01-15 INFO Processing request for user 12345 completed in 45ms" + lowerLine := strings.ToLower(normalLine) + + candidateCount := 0 + for _, p := range patterns { + if len(p.Anchors) == 0 || anchorMatchesLine(lowerLine, p.Anchors) { + candidateCount++ + } + } + + // Vast majority of high-confidence patterns should be skipped + skipRate := float64(len(patterns)-candidateCount) / float64(len(patterns)) * 100 + t.Logf("Pre-filter skip rate: %.1f%% (%d/%d patterns skipped)", skipRate, len(patterns)-candidateCount, len(patterns)) + assert.True(t, skipRate >= 90, "pre-filter should skip >= 90%% of patterns for normal lines, got %.1f%%", skipRate) +} + +func TestLooksLikeSecret(t *testing.T) { + // Real secrets — should pass + assert.True(t, looksLikeSecret("cdd6190b063b4da02e8beb855b65e55428055c491a48b2bdf1c85660391506882e1feb13")) + assert.True(t, looksLikeSecret("AKIAIOSFODNN7EXAMPLE")) + assert.True(t, looksLikeSecret("ghp_AAAAAAAAAAAA1234567890abcdefghijkl")) + assert.True(t, looksLikeSecret("xK9mPq2wF7vL0aB3nR5tY8uJ1dG4hS6")) + + // False positives — should fail + assert.False(t, looksLikeSecret("auth_group_permissions")) // SQL table name + assert.False(t, looksLikeSecret("throttle_user_1011")) // too short after check + assert.False(t, looksLikeSecret("application_json")) // English words + assert.False(t, looksLikeSecret("password_hash_algorithm")) // English words + assert.False(t, looksLikeSecret("POST")) // too short + + // Edge cases + assert.False(t, looksLikeSecret("")) + assert.False(t, looksLikeSecret("short")) + assert.False(t, looksLikeSecret("alllowercase")) // single class +} + +func TestShannonEntropy(t *testing.T) { + // Hex string — high entropy (~3.6 bits) + hexEntropy := shannonEntropy("cdd6190b063b4da02e8beb855b65e55428055c49") + assert.True(t, hexEntropy >= 3.5, "hex entropy should be >= 3.5, got %.2f", hexEntropy) + + // Mixed-case alphanumeric — very high entropy (~4.0+ bits) + randomEntropy := shannonEntropy("aB3xK9mPq2wF7vL0") + assert.True(t, randomEntropy >= 3.5, "random entropy should be >= 3.5, got %.2f", randomEntropy) + + // Repeated chars — low entropy + repeatEntropy := shannonEntropy("aaaaaaaaaa") + assert.True(t, repeatEntropy < 1.0, "repeated chars should have low entropy, got %.2f", repeatEntropy) + + // Empty string + assert.Equal(t, 0.0, shannonEntropy("")) + + // Note: English words like "auth_group_permissions" can have entropy ~3.7, + // overlapping with real secrets. That's why looksLikeSecret uses character-class + // diversity as the primary filter, with entropy as a secondary check. +} + +func TestDetectSensitiveData_LowConfidence_EntropyFilter(t *testing.T) { + patterns, err := LoadPatterns("low") + require.NoError(t, err) + + // Real webhook token in URL — should be detected + matches := DetectSensitiveData( + `GET /api/webhooks/pagerduty?token=cdd6190b063b4da02e8beb855b65e55428055c491a48b2bdf1c85660391506882e1feb13`, + "hash1", patterns) + assert.True(t, len(matches) > 0, "real webhook token should be detected") + + // SQL table name containing keyword — should NOT be detected + matches = DetectSensitiveData( + `SELECT * FROM auth_group_permissions WHERE id = 1`, + "hash2", patterns) + assert.Equal(t, 0, len(matches), "SQL table name should not trigger detection") + + // Redis cache key — should NOT be detected + matches = DetectSensitiveData( + `cache.key: throttle_user_1011_ratelimit`, + "hash3", patterns) + assert.Equal(t, 0, len(matches), "cache key should not trigger detection") +} + +func TestDetectSensitiveDataWithPrefilter(t *testing.T) { + patterns, err := LoadPatterns("high") + require.NoError(t, err) + + // Should detect AWS key + matches := DetectSensitiveData("AWS access key: AKIAIOSFODNN7EXAMPLE", "testhash", patterns) + require.Len(t, matches, 1) + assert.Contains(t, matches[0].name, "AWS") + + // Should detect GitHub PAT (ghp_ + exactly 36 alphanumeric chars) + matches = DetectSensitiveData("token: ghp_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", "testhash", patterns) + require.Len(t, matches, 1) + assert.Equal(t, "github-pat", matches[0].name) + + // Normal log line should not match + matches = DetectSensitiveData("INFO: request completed successfully in 200ms", "testhash", patterns) + assert.Len(t, matches, 0) +} diff --git a/sensitive_patterns.json b/sensitive_patterns.json index 3f9fcec..dc8ca3d 100644 --- a/sensitive_patterns.json +++ b/sensitive_patterns.json @@ -1,612 +1,680 @@ [ { "name": "AWS", - "pattern": "\\b((?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16})\\b" + "pattern": "\\b((?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16})\\b", + "confidence": "high" }, - { - "description": "Uncovered a possible 1Password service account token, potentially compromising access to secrets in vaults.", - "entropy": 4, - "name": "1password-service-account-token", - "keywords": [ + { + "description": "Uncovered a possible 1Password service account token, potentially compromising access to secrets in vaults.", + "entropy": 4, + "name": "1password-service-account-token", + "keywords": [ "ops_" - ], - "pattern": "ops_eyJ[a-zA-Z0-9+/]{250,}={0,3}" - }, - { - "description": "Identified a potential Adafruit API Key, which could lead to unauthorized access to Adafruit services and sensitive data exposure.", - "name": "adafruit-api-key", - "keywords": [ + ], + "pattern": "ops_eyJ[a-zA-Z0-9+/]{250,}={0,3}", + "confidence": "high" + }, + { + "description": "Identified a potential Adafruit API Key, which could lead to unauthorized access to Adafruit services and sensitive data exposure.", + "name": "adafruit-api-key", + "keywords": [ "adafruit" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:adafruit)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9_-]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Detected a pattern that resembles an Adobe OAuth Web Client ID, posing a risk of compromised Adobe integrations and data breaches.", - "entropy": 2, - "name": "adobe-client-id", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:adafruit)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9_-]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Detected a pattern that resembles an Adobe OAuth Web Client ID, posing a risk of compromised Adobe integrations and data breaches.", + "entropy": 2, + "name": "adobe-client-id", + "keywords": [ "adobe" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:adobe)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-f0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a potential Adobe Client Secret, which, if exposed, could allow unauthorized Adobe service access and data manipulation.", - "entropy": 2, - "name": "adobe-client-secret", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:adobe)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-f0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Discovered a potential Adobe Client Secret, which, if exposed, could allow unauthorized Adobe service access and data manipulation.", + "entropy": 2, + "name": "adobe-client-secret", + "keywords": [ "p8e-" - ], - "pattern": "\\b(p8e-(?i)[a-z0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a potential Age encryption tool secret key, risking data decryption and unauthorized access to sensitive information.", - "name": "age-secret-key", - "keywords": [ + ], + "pattern": "\\b(p8e-(?i)[a-z0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Discovered a potential Age encryption tool secret key, risking data decryption and unauthorized access to sensitive information.", + "name": "age-secret-key", + "keywords": [ "age-secret-key-1" - ], - "pattern": "AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}" - }, - { - "description": "Uncovered a possible Airtable API Key, potentially compromising database access and leading to data leakage or alteration.", - "name": "airtable-api-key", - "keywords": [ + ], + "pattern": "AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}", + "confidence": "high" + }, + { + "description": "Uncovered a possible Airtable API Key, potentially compromising database access and leading to data leakage or alteration.", + "name": "airtable-api-key", + "keywords": [ "airtable" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:airtable)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{17})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Identified an Algolia API Key, which could result in unauthorized search operations and data exposure on Algolia-managed platforms.", - "name": "algolia-api-key", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:airtable)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{17})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Identified an Algolia API Key, which could result in unauthorized search operations and data exposure on Algolia-managed platforms.", + "name": "algolia-api-key", + "keywords": [ "algolia" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:algolia)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Detected an Alibaba Cloud AccessKey ID, posing a risk of unauthorized cloud resource access and potential data compromise.", - "entropy": 2, - "name": "alibaba-access-key-id", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:algolia)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Detected an Alibaba Cloud AccessKey ID, posing a risk of unauthorized cloud resource access and potential data compromise.", + "entropy": 2, + "name": "alibaba-access-key-id", + "keywords": [ "ltai" - ], - "pattern": "\\b(LTAI(?i)[a-z0-9]{20})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a potential Alibaba Cloud Secret Key, potentially allowing unauthorized operations and data access within Alibaba Cloud.", - "entropy": 2, - "name": "alibaba-secret-key", - "keywords": [ + ], + "pattern": "\\b(LTAI(?i)[a-z0-9]{20})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Discovered a potential Alibaba Cloud Secret Key, potentially allowing unauthorized operations and data access within Alibaba Cloud.", + "entropy": 2, + "name": "alibaba-secret-key", + "keywords": [ "alibaba" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:alibaba)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{30})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a potential Asana Client ID, risking unauthorized access to Asana projects and sensitive task information.", - "name": "asana-client-id", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:alibaba)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{30})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Discovered a potential Asana Client ID, risking unauthorized access to Asana projects and sensitive task information.", + "name": "asana-client-id", + "keywords": [ "asana" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:asana)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([0-9]{16})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Identified an Asana Client Secret, which could lead to compromised project management integrity and unauthorized access.", - "name": "asana-client-secret", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:asana)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([0-9]{16})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Identified an Asana Client Secret, which could lead to compromised project management integrity and unauthorized access.", + "name": "asana-client-secret", + "keywords": [ "asana" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:asana)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Detected an Atlassian API token, posing a threat to project management and collaboration tool security and data confidentiality.", - "entropy": 3.5, - "name": "atlassian-api-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:asana)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Detected an Atlassian API token, posing a threat to project management and collaboration tool security and data confidentiality.", + "entropy": 3.5, + "name": "atlassian-api-token", + "keywords": [ "atlassian", "confluence", "jira", "atatt3" - ], - "pattern": "[\\w.-]{0,50}?(?i:[\\w.-]{0,50}?(?:atlassian|confluence|jira)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3})(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-zA-Z0-9]{24})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)|\\b(ATATT3[A-Za-z0-9_\\-=]{186})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Uncovered a possible Authress Service Client Access Key, which may compromise access control services and sensitive data.", - "entropy": 2, - "name": "authress-service-client-access-key", - "keywords": [ + ], + "pattern": "[\\w.-]{0,50}?(?i:[\\w.-]{0,50}?(?:atlassian|confluence|jira)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3})(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-zA-Z0-9]{24})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)|\\b(ATATT3[A-Za-z0-9_\\-=]{186})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Uncovered a possible Authress Service Client Access Key, which may compromise access control services and sensitive data.", + "entropy": 2, + "name": "authress-service-client-access-key", + "keywords": [ "sc_", "ext_", "scauth_", "authress_" - ], - "pattern": "\\b((?:sc|ext|scauth|authress)_(?i)[a-z0-9]{5,30}\\.[a-z0-9]{4,6}\\.(?-i:acc)[_-][a-z0-9-]{10,32}\\.[a-z0-9+/_=-]{30,120})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Identified a pattern that may indicate AWS credentials, risking unauthorized cloud resource access and data breaches on AWS platforms.", - "entropy": 3, - "name": "aws-access-token", - "keywords": [ + ], + "pattern": "\\b((?:sc|ext|scauth|authress)_(?i)[a-z0-9]{5,30}\\.[a-z0-9]{4,6}\\.(?-i:acc)[_-][a-z0-9-]{10,32}\\.[a-z0-9+/_=-]{30,120})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Identified a pattern that may indicate AWS credentials, risking unauthorized cloud resource access and data breaches on AWS platforms.", + "entropy": 3, + "name": "aws-access-token", + "keywords": [ "a3t", "akia", "asia", "abia", "acca" - ], - "pattern": "\\b((?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16})\\b", - "allowlist": { + ], + "pattern": "\\b((?:A3T[A-Z0-9]|AKIA|ASIA|ABIA|ACCA)[A-Z0-9]{16})\\b", + "allowlist": { "regexes": [ - ".+EXAMPLE$" + ".+EXAMPLE$" ] - } }, - { - "description": "Azure AD Client Secret", - "entropy": 3, - "name": "azure-ad-client-secret", - "keywords": [ + "confidence": "high" + }, + { + "description": "Azure AD Client Secret", + "entropy": 3, + "name": "azure-ad-client-secret", + "keywords": [ "q~" - ], - "pattern": "(?:^|[\\\\'\"\\x60\\s>=:(,)])([a-zA-Z0-9_~.]{3}\\dQ~[a-zA-Z0-9_~.-]{31,34})(?:$|[\\\\'\"\\x60\\s<),])" - }, - { - "description": "Detected a Beamer API token, potentially compromising content management and exposing sensitive notifications and updates.", - "name": "beamer-api-token", - "keywords": [ + ], + "pattern": "(?:^|[\\\\'\"\\x60\\s>=:(,)])([a-zA-Z0-9_~.]{3}\\dQ~[a-zA-Z0-9_~.-]{31,34})(?:$|[\\\\'\"\\x60\\s<),])", + "confidence": "medium" + }, + { + "description": "Detected a Beamer API token, potentially compromising content management and exposing sensitive notifications and updates.", + "name": "beamer-api-token", + "keywords": [ "beamer" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:beamer)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(b_[a-z0-9=_\\-]{44})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a potential Bitbucket Client ID, risking unauthorized repository access and potential codebase exposure.", - "name": "bitbucket-client-id", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:beamer)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(b_[a-z0-9=_\\-]{44})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Discovered a potential Bitbucket Client ID, risking unauthorized repository access and potential codebase exposure.", + "name": "bitbucket-client-id", + "keywords": [ "bitbucket" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:bitbucket)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a potential Bitbucket Client Secret, posing a risk of compromised code repositories and unauthorized access.", - "name": "bitbucket-client-secret", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:bitbucket)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Discovered a potential Bitbucket Client Secret, posing a risk of compromised code repositories and unauthorized access.", + "name": "bitbucket-client-secret", + "keywords": [ "bitbucket" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:bitbucket)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9=_\\-]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Identified a Bittrex Access Key, which could lead to unauthorized access to cryptocurrency trading accounts and financial loss.", - "name": "bittrex-access-key", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:bitbucket)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9=_\\-]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Identified a Bittrex Access Key, which could lead to unauthorized access to cryptocurrency trading accounts and financial loss.", + "name": "bittrex-access-key", + "keywords": [ "bittrex" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:bittrex)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Detected a Bittrex Secret Key, potentially compromising cryptocurrency transactions and financial security.", - "name": "bittrex-secret-key", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:bittrex)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Detected a Bittrex Secret Key, potentially compromising cryptocurrency transactions and financial security.", + "name": "bittrex-secret-key", + "keywords": [ "bittrex" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:bittrex)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Uncovered a possible Clojars API token, risking unauthorized access to Clojure libraries and potential code manipulation.", - "entropy": 2, - "name": "clojars-api-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:bittrex)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Uncovered a possible Clojars API token, risking unauthorized access to Clojure libraries and potential code manipulation.", + "entropy": 2, + "name": "clojars-api-token", + "keywords": [ "clojars_" - ], - "pattern": "(?i)CLOJARS_[a-z0-9]{60}" - }, - { - "description": "Detected a Cloudflare API Key, potentially compromising cloud application deployments and operational security.", - "entropy": 2, - "name": "cloudflare-api-key", - "keywords": [ + ], + "pattern": "(?i)CLOJARS_[a-z0-9]{60}", + "confidence": "high" + }, + { + "description": "Detected a Cloudflare API Key, potentially compromising cloud application deployments and operational security.", + "entropy": 2, + "name": "cloudflare-api-key", + "keywords": [ "cloudflare" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:cloudflare)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9_-]{40})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Detected a Cloudflare Global API Key, potentially compromising cloud application deployments and operational security.", - "entropy": 2, - "name": "cloudflare-global-api-key", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:cloudflare)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9_-]{40})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Detected a Cloudflare Global API Key, potentially compromising cloud application deployments and operational security.", + "entropy": 2, + "name": "cloudflare-global-api-key", + "keywords": [ "cloudflare" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:cloudflare)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-f0-9]{37})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Detected a Cloudflare Origin CA Key, potentially compromising cloud application deployments and operational security.", - "entropy": 2, - "name": "cloudflare-origin-ca-key", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:cloudflare)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-f0-9]{37})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Detected a Cloudflare Origin CA Key, potentially compromising cloud application deployments and operational security.", + "entropy": 2, + "name": "cloudflare-origin-ca-key", + "keywords": [ "cloudflare", "v1.0-" - ], - "pattern": "\\b(v1\\.0-[a-f0-9]{24}-[a-f0-9]{146})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Found a pattern resembling a Codecov Access Token, posing a risk of unauthorized access to code coverage reports and sensitive data.", - "name": "codecov-access-token", - "keywords": [ + ], + "pattern": "\\b(v1\\.0-[a-f0-9]{24}-[a-f0-9]{146})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Found a pattern resembling a Codecov Access Token, posing a risk of unauthorized access to code coverage reports and sensitive data.", + "name": "codecov-access-token", + "keywords": [ "codecov" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:codecov)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Identified a Cohere Token, posing a risk of unauthorized access to AI services and data manipulation.", - "entropy": 4, - "name": "cohere-api-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:codecov)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Identified a Cohere Token, posing a risk of unauthorized access to AI services and data manipulation.", + "entropy": 4, + "name": "cohere-api-token", + "keywords": [ "cohere", "co_api_key" - ], - "pattern": "[\\w.-]{0,50}?(?i:[\\w.-]{0,50}?(?:cohere|CO_API_KEY)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3})(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-zA-Z0-9]{40})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Detected a Coinbase Access Token, posing a risk of unauthorized access to cryptocurrency accounts and financial transactions.", - "name": "coinbase-access-token", - "keywords": [ + ], + "pattern": "[\\w.-]{0,50}?(?i:[\\w.-]{0,50}?(?:cohere|CO_API_KEY)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3})(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-zA-Z0-9]{40})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Detected a Coinbase Access Token, posing a risk of unauthorized access to cryptocurrency accounts and financial transactions.", + "name": "coinbase-access-token", + "keywords": [ "coinbase" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:coinbase)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9_-]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Identified a Confluent Access Token, which could compromise access to streaming data platforms and sensitive data flow.", - "name": "confluent-access-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:coinbase)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9_-]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Identified a Confluent Access Token, which could compromise access to streaming data platforms and sensitive data flow.", + "name": "confluent-access-token", + "keywords": [ "confluent" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:confluent)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{16})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Found a Confluent Secret Key, potentially risking unauthorized operations and data access within Confluent services.", - "name": "confluent-secret-key", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:confluent)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{16})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Found a Confluent Secret Key, potentially risking unauthorized operations and data access within Confluent services.", + "name": "confluent-secret-key", + "keywords": [ "confluent" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:confluent)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a Contentful delivery API token, posing a risk to content management systems and data integrity.", - "name": "contentful-delivery-api-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:confluent)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Discovered a Contentful delivery API token, posing a risk to content management systems and data integrity.", + "name": "contentful-delivery-api-token", + "keywords": [ "contentful" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:contentful)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9=_\\-]{43})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.", - "entropy": 2.75, - "name": "curl-auth-header", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:contentful)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9=_\\-]{43})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.", + "entropy": 2.75, + "name": "curl-auth-header", + "keywords": [ "curl" - ], - "pattern": "\\bcurl\\b(?:.*?|.*?(?:[\\r\\n]{1,2}.*?){1,5})[ \\t\\n\\r](?:-H|--header)(?:=|[ \\t]{0,5})(?:\"(?i)(?:Authorization:[ \\t]{0,5}(?:Basic[ \\t]([a-z0-9+/]{8,}={0,3})|(?:Bearer|(?:Api-)?Token)[ \\t]([\\w=~@.+/-]{8,})|([\\w=~@.+/-]{8,}))|(?:(?:X-(?:[a-z]+-)?)?(?:Api-?)?(?:Key|Token)):[ \\t]{0,5}([\\w=~@.+/-]{8,}))\"|'(?i)(?:Authorization:[ \\t]{0,5}(?:Basic[ \\t]([a-z0-9+/]{8,}={0,3})|(?:Bearer|(?:Api-)?Token)[ \\t]([\\w=~@.+/-]{8,})|([\\w=~@.+/-]{8,}))|(?:(?:X-(?:[a-z]+-)?)?(?:Api-?)?(?:Key|Token)):[ \\t]{0,5}([\\w=~@.+/-]{8,}))')(?:\\B|\\s|\\z)" - }, - { - "description": "Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.", - "entropy": 2, - "name": "curl-auth-user", - "keywords": [ + ], + "pattern": "\\bcurl\\b(?:.*?|.*?(?:[\\r\\n]{1,2}.*?){1,5})[ \\t\\n\\r](?:-H|--header)(?:=|[ \\t]{0,5})(?:\"(?i)(?:Authorization:[ \\t]{0,5}(?:Basic[ \\t]([a-z0-9+/]{8,}={0,3})|(?:Bearer|(?:Api-)?Token)[ \\t]([\\w=~@.+/-]{8,})|([\\w=~@.+/-]{8,}))|(?:(?:X-(?:[a-z]+-)?)?(?:Api-?)?(?:Key|Token)):[ \\t]{0,5}([\\w=~@.+/-]{8,}))\"|'(?i)(?:Authorization:[ \\t]{0,5}(?:Basic[ \\t]([a-z0-9+/]{8,}={0,3})|(?:Bearer|(?:Api-)?Token)[ \\t]([\\w=~@.+/-]{8,})|([\\w=~@.+/-]{8,}))|(?:(?:X-(?:[a-z]+-)?)?(?:Api-?)?(?:Key|Token)):[ \\t]{0,5}([\\w=~@.+/-]{8,}))')(?:\\B|\\s|\\z)", + "confidence": "low" + }, + { + "description": "Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.", + "entropy": 2, + "name": "curl-auth-user", + "keywords": [ "curl" - ], - "pattern": "\\bcurl\\b(?:.*|.*(?:[\\r\\n]{1,2}.*){1,5})[ \\t\\n\\r](?:-u|--user)(?:=|[ \\t]{0,5})(?:\"([^:\"]{3,}:[^\"]{3,})\"|'([^:']{3,}:[^']{3,})'|((?:\"[^\"]{3,}\"|'[^']{3,}'|[\\w$@.-]+):(?:\"[^\"]{3,}\"|'[^']{3,}'|[\\w${}@.-]+)))(?:\\s|\\z)", - "allowlist": { + ], + "pattern": "\\bcurl\\b(?:.*|.*(?:[\\r\\n]{1,2}.*){1,5})[ \\t\\n\\r](?:-u|--user)(?:=|[ \\t]{0,5})(?:\"([^:\"]{3,}:[^\"]{3,})\"|'([^:']{3,}:[^']{3,})'|((?:\"[^\"]{3,}\"|'[^']{3,}'|[\\w$@.-]+):(?:\"[^\"]{3,}\"|'[^']{3,}'|[\\w${}@.-]+)))(?:\\s|\\z)", + "allowlist": { "regexes": [ - "[^:]+:(change(it|me)|pass(word)?|pwd|test|token|\\*+|x+)", - "['\"]?<[^>]+>['\"]?:['\"]?<[^>]+>|<[^:]+:[^>]+>['\"]?", - "[^:]+:\\[[^]]+]", - "['\"]?[^:]+['\"]?:['\"]?\\$(\\d|\\w+|\\{(\\d|\\w+)})['\"]?", - "\\$\\([^)]+\\):\\$\\([^)]+\\)", - "['\"]?\\$?{{[^}]+}}['\"]?:['\"]?\\$?{{[^}]+}}['\"]?" + "[^:]+:(change(it|me)|pass(word)?|pwd|test|token|\\*+|x+)", + "['\"]?<[^>]+>['\"]?:['\"]?<[^>]+>|<[^:]+:[^>]+>['\"]?", + "[^:]+:\\[[^]]+]", + "['\"]?[^:]+['\"]?:['\"]?\\$(\\d|\\w+|\\{(\\d|\\w+)})['\"]?", + "\\$\\([^)]+\\):\\$\\([^)]+\\)", + "['\"]?\\$?{{[^}]+}}['\"]?:['\"]?\\$?{{[^}]+}}['\"]?" ] - } }, - { - "description": "Uncovered a Databricks API token, which may compromise big data analytics platforms and sensitive data processing.", - "entropy": 3, - "name": "databricks-api-token", - "keywords": [ + "confidence": "low" + }, + { + "description": "Uncovered a Databricks API token, which may compromise big data analytics platforms and sensitive data processing.", + "entropy": 3, + "name": "databricks-api-token", + "keywords": [ "dapi" - ], - "pattern": "\\b(dapi[a-f0-9]{32}(?:-\\d)?)(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Detected a Datadog Access Token, potentially risking monitoring and analytics data exposure and manipulation.", - "name": "datadog-access-token", - "keywords": [ + ], + "pattern": "\\b(dapi[a-f0-9]{32}(?:-\\d)?)(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Detected a Datadog Access Token, potentially risking monitoring and analytics data exposure and manipulation.", + "name": "datadog-access-token", + "keywords": [ "datadog" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:datadog)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{40})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Identified a Defined Networking API token, which could lead to unauthorized network operations and data breaches.", - "name": "defined-networking-api-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:datadog)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{40})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Identified a Defined Networking API token, which could lead to unauthorized network operations and data breaches.", + "name": "defined-networking-api-token", + "keywords": [ "dnkey" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:dnkey)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(dnkey-[a-z0-9=_\\-]{26}-[a-z0-9=_\\-]{52})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Found a DigitalOcean OAuth Access Token, risking unauthorized cloud resource access and data compromise.", - "entropy": 3, - "name": "digitalocean-access-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:dnkey)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(dnkey-[a-z0-9=_\\-]{26}-[a-z0-9=_\\-]{52})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Found a DigitalOcean OAuth Access Token, risking unauthorized cloud resource access and data compromise.", + "entropy": 3, + "name": "digitalocean-access-token", + "keywords": [ "doo_v1_" - ], - "pattern": "\\b(doo_v1_[a-f0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a DigitalOcean Personal Access Token, posing a threat to cloud infrastructure security and data privacy.", - "entropy": 3, - "name": "digitalocean-pat", - "keywords": [ + ], + "pattern": "\\b(doo_v1_[a-f0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Discovered a DigitalOcean Personal Access Token, posing a threat to cloud infrastructure security and data privacy.", + "entropy": 3, + "name": "digitalocean-pat", + "keywords": [ "dop_v1_" - ], - "pattern": "\\b(dop_v1_[a-f0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Uncovered a DigitalOcean OAuth Refresh Token, which could allow prolonged unauthorized access and resource manipulation.", - "name": "digitalocean-refresh-token", - "keywords": [ + ], + "pattern": "\\b(dop_v1_[a-f0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Uncovered a DigitalOcean OAuth Refresh Token, which could allow prolonged unauthorized access and resource manipulation.", + "name": "digitalocean-refresh-token", + "keywords": [ "dor_v1_" - ], - "pattern": "(?i)\\b(dor_v1_[a-f0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Detected a Discord API key, potentially compromising communication channels and user data privacy on Discord.", - "name": "discord-api-token", - "keywords": [ + ], + "pattern": "(?i)\\b(dor_v1_[a-f0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Detected a Discord API key, potentially compromising communication channels and user data privacy on Discord.", + "name": "discord-api-token", + "keywords": [ "discord" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:discord)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-f0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Identified a Discord client ID, which may lead to unauthorized integrations and data exposure in Discord applications.", - "entropy": 2, - "name": "discord-client-id", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:discord)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-f0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Identified a Discord client ID, which may lead to unauthorized integrations and data exposure in Discord applications.", + "entropy": 2, + "name": "discord-client-id", + "keywords": [ "discord" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:discord)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([0-9]{18})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a potential Discord client secret, risking compromised Discord bot integrations and data leaks.", - "entropy": 2, - "name": "discord-client-secret", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:discord)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([0-9]{18})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Discovered a potential Discord client secret, risking compromised Discord bot integrations and data leaks.", + "entropy": 2, + "name": "discord-client-secret", + "keywords": [ "discord" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:discord)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9=_\\-]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a Doppler API token, posing a risk to environment and secrets management security.", - "entropy": 2, - "name": "doppler-api-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:discord)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9=_\\-]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Discovered a Doppler API token, posing a risk to environment and secrets management security.", + "entropy": 2, + "name": "doppler-api-token", + "keywords": [ "dp.pt." - ], - "pattern": "dp\\.pt\\.(?i)[a-z0-9]{43}" - }, - { - "description": "Detected a Droneci Access Token, potentially compromising continuous integration and deployment workflows.", - "name": "droneci-access-token", - "keywords": [ + ], + "pattern": "dp\\.pt\\.(?i)[a-z0-9]{43}", + "confidence": "high" + }, + { + "description": "Detected a Droneci Access Token, potentially compromising continuous integration and deployment workflows.", + "name": "droneci-access-token", + "keywords": [ "droneci" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:droneci)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Identified a Dropbox API secret, which could lead to unauthorized file access and data breaches in Dropbox storage.", - "name": "dropbox-api-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:droneci)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Identified a Dropbox API secret, which could lead to unauthorized file access and data breaches in Dropbox storage.", + "name": "dropbox-api-token", + "keywords": [ "dropbox" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:dropbox)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{15})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Found a Dropbox long-lived API token, risking prolonged unauthorized access to cloud storage and sensitive data.", - "name": "dropbox-long-lived-api-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:dropbox)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{15})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Found a Dropbox long-lived API token, risking prolonged unauthorized access to cloud storage and sensitive data.", + "name": "dropbox-long-lived-api-token", + "keywords": [ "dropbox" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:dropbox)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\\-_=]{43})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a Dropbox short-lived API token, posing a risk of temporary but potentially harmful data access and manipulation.", - "name": "dropbox-short-lived-api-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:dropbox)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\\-_=]{43})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Discovered a Dropbox short-lived API token, posing a risk of temporary but potentially harmful data access and manipulation.", + "name": "dropbox-short-lived-api-token", + "keywords": [ "dropbox" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:dropbox)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(sl\\.[a-z0-9\\-=_]{135})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Uncovered a Duffel API token, which may compromise travel platform integrations and sensitive customer data.", - "entropy": 2, - "name": "duffel-api-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:dropbox)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(sl\\.[a-z0-9\\-=_]{135})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Uncovered a Duffel API token, which may compromise travel platform integrations and sensitive customer data.", + "entropy": 2, + "name": "duffel-api-token", + "keywords": [ "duffel_" - ], - "pattern": "duffel_(?:test|live)_(?i)[a-z0-9_\\-=]{43}" - }, - { - "description": "Detected a Dynatrace API token, potentially risking application performance monitoring and data exposure.", - "entropy": 4, - "name": "dynatrace-api-token", - "keywords": [ + ], + "pattern": "duffel_(?:test|live)_(?i)[a-z0-9_\\-=]{43}", + "confidence": "high" + }, + { + "description": "Detected a Dynatrace API token, potentially risking application performance monitoring and data exposure.", + "entropy": 4, + "name": "dynatrace-api-token", + "keywords": [ "dt0c01" - ], - "pattern": "dt0c01\\.(?i)[a-z0-9]{24}\\.[a-z0-9]{64}" - }, - { - "description": "Identified an EasyPost API token, which could lead to unauthorized postal and shipment service access and data exposure.", - "entropy": 2, - "name": "easypost-api-token", - "keywords": [ + ], + "pattern": "dt0c01\\.(?i)[a-z0-9]{24}\\.[a-z0-9]{64}", + "confidence": "high" + }, + { + "description": "Identified an EasyPost API token, which could lead to unauthorized postal and shipment service access and data exposure.", + "entropy": 2, + "name": "easypost-api-token", + "keywords": [ "ezak" - ], - "pattern": "\\bEZAK(?i)[a-z0-9]{54}\\b" - }, - { - "description": "Detected an EasyPost test API token, risking exposure of test environments and potentially sensitive shipment data.", - "entropy": 2, - "name": "easypost-test-api-token", - "keywords": [ + ], + "pattern": "\\bEZAK(?i)[a-z0-9]{54}\\b", + "confidence": "high" + }, + { + "description": "Detected an EasyPost test API token, risking exposure of test environments and potentially sensitive shipment data.", + "entropy": 2, + "name": "easypost-test-api-token", + "keywords": [ "eztk" - ], - "pattern": "\\bEZTK(?i)[a-z0-9]{54}\\b" - }, - { - "description": "Found an Etsy Access Token, potentially compromising Etsy shop management and customer data.", - "entropy": 3, - "name": "etsy-access-token", - "keywords": [ + ], + "pattern": "\\bEZTK(?i)[a-z0-9]{54}\\b", + "confidence": "high" + }, + { + "description": "Found an Etsy Access Token, potentially compromising Etsy shop management and customer data.", + "entropy": 3, + "name": "etsy-access-token", + "keywords": [ "etsy" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:(?-i:ETSY|[Ee]tsy))(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{24})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure.", - "entropy": 3, - "name": "facebook-access-token", - "pattern": "(?i)\\b(\\d{15,16}(\\||%)[0-9a-z\\-_]{27,40})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a Facebook Page Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure.", - "entropy": 4, - "name": "facebook-page-access-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:(?-i:ETSY|[Ee]tsy))(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{24})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Discovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure.", + "entropy": 3, + "name": "facebook-access-token", + "pattern": "(?i)\\b(\\d{15,16}(\\||%)[0-9a-z\\-_]{27,40})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Discovered a Facebook Page Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure.", + "entropy": 4, + "name": "facebook-page-access-token", + "keywords": [ "eaam", "eaac" - ], - "pattern": "\\b(EAA[MC](?i)[a-z0-9]{100,})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a Facebook Application secret, posing a risk of unauthorized access to Facebook accounts and personal data exposure.", - "entropy": 3, - "name": "facebook-secret", - "keywords": [ + ], + "pattern": "\\b(EAA[MC](?i)[a-z0-9]{100,})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Discovered a Facebook Application secret, posing a risk of unauthorized access to Facebook accounts and personal data exposure.", + "entropy": 3, + "name": "facebook-secret", + "keywords": [ "facebook" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:facebook)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-f0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Uncovered a Fastly API key, which may compromise CDN and edge cloud services, leading to content delivery and security issues.", - "name": "fastly-api-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:facebook)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-f0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Uncovered a Fastly API key, which may compromise CDN and edge cloud services, leading to content delivery and security issues.", + "name": "fastly-api-token", + "keywords": [ "fastly" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:fastly)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9=_\\-]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Detected a Finicity API token, potentially risking financial data access and unauthorized financial operations.", - "name": "finicity-api-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:fastly)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9=_\\-]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Detected a Finicity API token, potentially risking financial data access and unauthorized financial operations.", + "name": "finicity-api-token", + "keywords": [ "finicity" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:finicity)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-f0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Identified a Finicity Client Secret, which could lead to compromised financial service integrations and data breaches.", - "name": "finicity-client-secret", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:finicity)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-f0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Identified a Finicity Client Secret, which could lead to compromised financial service integrations and data breaches.", + "name": "finicity-client-secret", + "keywords": [ "finicity" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:finicity)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{20})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Found a Finnhub Access Token, risking unauthorized access to financial market data and analytics.", - "name": "finnhub-access-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:finicity)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{20})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Found a Finnhub Access Token, risking unauthorized access to financial market data and analytics.", + "name": "finnhub-access-token", + "keywords": [ "finnhub" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:finnhub)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{20})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a Flickr Access Token, posing a risk of unauthorized photo management and potential data leakage.", - "name": "flickr-access-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:finnhub)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{20})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Discovered a Flickr Access Token, posing a risk of unauthorized photo management and potential data leakage.", + "name": "flickr-access-token", + "keywords": [ "flickr" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:flickr)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Uncovered a Flutterwave Encryption Key, which may compromise payment processing and sensitive financial information.", - "entropy": 2, - "name": "flutterwave-encryption-key", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:flickr)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Uncovered a Flutterwave Encryption Key, which may compromise payment processing and sensitive financial information.", + "entropy": 2, + "name": "flutterwave-encryption-key", + "keywords": [ "flwseck_test" - ], - "pattern": "FLWSECK_TEST-(?i)[a-h0-9]{12}" - }, - { - "description": "Detected a Finicity Public Key, potentially exposing public cryptographic operations and integrations.", - "entropy": 2, - "name": "flutterwave-public-key", - "keywords": [ + ], + "pattern": "FLWSECK_TEST-(?i)[a-h0-9]{12}", + "confidence": "high" + }, + { + "description": "Detected a Finicity Public Key, potentially exposing public cryptographic operations and integrations.", + "entropy": 2, + "name": "flutterwave-public-key", + "keywords": [ "flwpubk_test" - ], - "pattern": "FLWPUBK_TEST-(?i)[a-h0-9]{32}-X" - }, - { - "description": "Identified a Flutterwave Secret Key, risking unauthorized financial transactions and data breaches.", - "entropy": 2, - "name": "flutterwave-secret-key", - "keywords": [ + ], + "pattern": "FLWPUBK_TEST-(?i)[a-h0-9]{32}-X", + "confidence": "high" + }, + { + "description": "Identified a Flutterwave Secret Key, risking unauthorized financial transactions and data breaches.", + "entropy": 2, + "name": "flutterwave-secret-key", + "keywords": [ "flwseck_test" - ], - "pattern": "FLWSECK_TEST-(?i)[a-h0-9]{32}-X" - }, - { - "description": "Uncovered a Fly.io API key", - "entropy": 4, - "name": "flyio-access-token", - "keywords": [ + ], + "pattern": "FLWSECK_TEST-(?i)[a-h0-9]{32}-X", + "confidence": "high" + }, + { + "description": "Uncovered a Fly.io API key", + "entropy": 4, + "name": "flyio-access-token", + "keywords": [ "fo1_", "fm1", "fm2_" - ], - "pattern": "\\b((?:fo1_[\\w-]{43}|fm1[ar]_[a-zA-Z0-9+\\/]{100,}={0,3}|fm2_[a-zA-Z0-9+\\/]{100,}={0,3}))(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Found a Frame.io API token, potentially compromising video collaboration and project management.", - "name": "frameio-api-token", - "keywords": [ + ], + "pattern": "\\b((?:fo1_[\\w-]{43}|fm1[ar]_[a-zA-Z0-9+\\/]{100,}={0,3}|fm2_[a-zA-Z0-9+\\/]{100,}={0,3}))(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Found a Frame.io API token, potentially compromising video collaboration and project management.", + "name": "frameio-api-token", + "keywords": [ "fio-u-" - ], - "pattern": "fio-u-(?i)[a-z0-9\\-_=]{64}" - }, - { - "description": "Detected a Freemius secret key, potentially exposing sensitive information.", - "name": "freemius-secret-key", - "keywords": [ + ], + "pattern": "fio-u-(?i)[a-z0-9\\-_=]{64}", + "confidence": "high" + }, + { + "description": "Detected a Freemius secret key, potentially exposing sensitive information.", + "name": "freemius-secret-key", + "keywords": [ "secret_key" - ], - "path": "(?i)\\.php$", - "pattern": "(?i)[\"']secret_key[\"']\\s*=>\\s*[\"'](sk_[\\S]{29})[\"']" - }, - { - "description": "Discovered a Freshbooks Access Token, posing a risk to accounting software access and sensitive financial data exposure.", - "name": "freshbooks-access-token", - "keywords": [ + ], + "path": "(?i)\\.php$", + "pattern": "(?i)[\"']secret_key[\"']\\s*=>\\s*[\"'](sk_[\\S]{29})[\"']", + "confidence": "low" + }, + { + "description": "Discovered a Freshbooks Access Token, posing a risk to accounting software access and sensitive financial data exposure.", + "name": "freshbooks-access-token", + "keywords": [ "freshbooks" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:freshbooks)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Uncovered a GCP API key, which could lead to unauthorized access to Google Cloud services and data breaches.", - "entropy": 3, - "name": "gcp-api-key", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:freshbooks)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Uncovered a GCP API key, which could lead to unauthorized access to Google Cloud services and data breaches.", + "entropy": 3, + "name": "gcp-api-key", + "keywords": [ "aiza" - ], - "pattern": "\\b(AIza[\\w-]{35})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.", - "entropy": 3.5, - "name": "generic-api-key", - "keywords": [ + ], + "pattern": "\\b(AIza[\\w-]{35})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.", + "entropy": 3.5, + "name": "generic-api-key", + "keywords": [ "access", "api", "auth", @@ -617,2691 +685,2823 @@ "password", "secret", "token" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:access|auth|(?-i:[Aa]pi|API)|credential|creds|key|passwd|password|secret|token)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([\\w.=-]{10,150})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", - "allowlist": { + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:access|auth|(?-i:[Aa]pi|API)|credential|creds|key|passwd|password|secret|token)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([\\w.=-]{10,150})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "allowlist": { "regexTarget": "match", "regexes": [ - "(?i)(accessor|access[_.-]?id|api[_.-]?(version|id)|rapid|capital|[a-z0-9-]*?api[a-z0-9-]*?:jar:|author|X-MS-Exchange-Organization-Auth|Authentication-Results|(credentials?[_.-]?id|withCredentials)|(bucket|foreign|hot|natural|primary|schema|sequence)[_.-]?key|key[_.-]?(alias|board|code|ring|selector|size|stone|storetype|word|up|down|left|right)|key(store|tab)[_.-]?(file|path)|issuerkeyhash|(?-i:[DdMm]onkey|[DM]ONKEY)|keying|(secret)[_.-]?name|UserSecretsId|(api|credentials|token)[_.-]?(endpoint|ur[il])|public[_.-]?(key|token)|(key|token)[_.-]?file)" + "(?i)(accessor|access[_.-]?id|api[_.-]?(version|id)|rapid|capital|[a-z0-9-]*?api[a-z0-9-]*?:jar:|author|X-MS-Exchange-Organization-Auth|Authentication-Results|(credentials?[_.-]?id|withCredentials)|(bucket|foreign|hot|natural|primary|schema|sequence)[_.-]?key|key[_.-]?(alias|board|code|ring|selector|size|stone|storetype|word|up|down|left|right)|key(store|tab)[_.-]?(file|path)|issuerkeyhash|(?-i:[DdMm]onkey|[DM]ONKEY)|keying|(secret)[_.-]?name|UserSecretsId|(api|credentials|token)[_.-]?(endpoint|ur[il])|public[_.-]?(key|token)|(key|token)[_.-]?file)" ], "stopwords": [ - "000000", - "aaaaaa", - "about", - "abstract", - "academy", - "acces", - "account", - "act-", - "act.", - "act_", - "action", - "active", - "actively", - "activity", - "adapter", - "add-", - "add.", - "add_", - "add-on", - "addon", - "addres", - "admin", - "adobe", - "advanced", - "adventure", - "agent", - "agile", - "air-", - "air.", - "air_", - "ajax", - "akka", - "alert", - "alfred", - "algorithm", - "all-", - "all.", - "all_", - "alloy", - "alpha", - "amazon", - "amqp", - "analysi", - "analytic", - "analyzer", - "android", - "angular", - "angularj", - "animate", - "animation", - "another", - "ansible", - "answer", - "ant-", - "ant.", - "ant_", - "any-", - "any.", - "any_", - "apache", - "app-", - "app-", - "app.", - "app.", - "app_", - "app_", - "apple", - "arch", - "archive", - "archived", - "arduino", - "array", - "art-", - "art.", - "art_", - "article", - "asp-", - "asp.", - "asp_", - "asset", - "async", - "atom", - "attention", - "audio", - "audit", - "aura", - "auth", - "author", - "author", - "authorize", - "auto", - "automated", - "automatic", - "awesome", - "aws_", - "azure", - "back", - "backbone", - "backend", - "backup", - "bar-", - "bar.", - "bar_", - "base", - "based", - "bash", - "basic", - "batch", - "been", - "beer", - "behavior", - "being", - "benchmark", - "best", - "beta", - "better", - "big-", - "big.", - "big_", - "binary", - "binding", - "bit-", - "bit.", - "bit_", - "bitcoin", - "block", - "blog", - "board", - "book", - "bookmark", - "boost", - "boot", - "bootstrap", - "bosh", - "bot-", - "bot.", - "bot_", - "bower", - "box-", - "box.", - "box_", - "boxen", - "bracket", - "branch", - "bridge", - "browser", - "brunch", - "buffer", - "bug-", - "bug.", - "bug_", - "build", - "builder", - "building", - "buildout", - "buildpack", - "built", - "bundle", - "busines", - "but-", - "but.", - "but_", - "button", - "cache", - "caching", - "cakephp", - "calendar", - "call", - "camera", - "campfire", - "can-", - "can.", - "can_", - "canva", - "captcha", - "capture", - "card", - "carousel", - "case", - "cassandra", - "cat-", - "cat.", - "cat_", - "category", - "center", - "cento", - "challenge", - "change", - "changelog", - "channel", - "chart", - "chat", - "cheat", - "check", - "checker", - "chef", - "ches", - "chinese", - "chosen", - "chrome", - "ckeditor", - "clas", - "classe", - "classic", - "clean", - "cli-", - "cli.", - "cli_", - "client", - "client", - "clojure", - "clone", - "closure", - "cloud", - "club", - "cluster", - "cms-", - "cms_", - "coco", - "code", - "coding", - "coffee", - "color", - "combination", - "combo", - "command", - "commander", - "comment", - "commit", - "common", - "community", - "compas", - "compiler", - "complete", - "component", - "composer", - "computer", - "computing", - "con-", - "con.", - "con_", - "concept", - "conf", - "config", - "config", - "connect", - "connector", - "console", - "contact", - "container", - "contao", - "content", - "contest", - "context", - "control", - "convert", - "converter", - "conway'", - "cookbook", - "cookie", - "cool", - "copy", - "cordova", - "core", - "couchbase", - "couchdb", - "countdown", - "counter", - "course", - "craft", - "crawler", - "create", - "creating", - "creator", - "credential", - "crm-", - "crm.", - "crm_", - "cros", - "crud", - "csv-", - "csv.", - "csv_", - "cube", - "cucumber", - "cuda", - "current", - "currently", - "custom", - "daemon", - "dark", - "dart", - "dash", - "dashboard", - "data", - "database", - "date", - "day-", - "day.", - "day_", - "dead", - "debian", - "debug", - "debug", - "debugger", - "deck", - "define", - "del-", - "del.", - "del_", - "delete", - "demo", - "deploy", - "design", - "designer", - "desktop", - "detection", - "detector", - "dev-", - "dev.", - "dev_", - "develop", - "developer", - "device", - "devise", - "diff", - "digital", - "directive", - "directory", - "discovery", - "display", - "django", - "dns-", - "dns_", - "doc-", - "doc-", - "doc.", - "doc.", - "doc_", - "doc_", - "docker", - "docpad", - "doctrine", - "document", - "doe-", - "doe.", - "doe_", - "dojo", - "dom-", - "dom.", - "dom_", - "domain", - "done", - "don't", - "dot-", - "dot.", - "dot_", - "dotfile", - "download", - "draft", - "drag", - "drill", - "drive", - "driven", - "driver", - "drop", - "dropbox", - "drupal", - "dsl-", - "dsl.", - "dsl_", - "dynamic", - "easy", - "_ec2_", - "ecdsa", - "eclipse", - "edit", - "editing", - "edition", - "editor", - "element", - "emac", - "email", - "embed", - "embedded", - "ember", - "emitter", - "emulator", - "encoding", - "endpoint", - "engine", - "english", - "enhanced", - "entity", - "entry", - "env_", - "episode", - "erlang", - "error", - "espresso", - "event", - "evented", - "example", - "example", - "exchange", - "exercise", - "experiment", - "expire", - "exploit", - "explorer", - "export", - "exporter", - "expres", - "ext-", - "ext.", - "ext_", - "extended", - "extension", - "external", - "extra", - "extractor", - "fabric", - "facebook", - "factory", - "fake", - "fast", - "feature", - "feed", - "fewfwef", - "ffmpeg", - "field", - "file", - "filter", - "find", - "finder", - "firefox", - "firmware", - "first", - "fish", - "fix-", - "fix_", - "flash", - "flask", - "flat", - "flex", - "flexible", - "flickr", - "flow", - "fluent", - "fluentd", - "fluid", - "folder", - "font", - "force", - "foreman", - "fork", - "form", - "format", - "formatter", - "forum", - "foundry", - "framework", - "free", - "friend", - "friendly", - "front-end", - "frontend", - "ftp-", - "ftp.", - "ftp_", - "fuel", - "full", - "fun-", - "fun.", - "fun_", - "func", - "future", - "gaia", - "gallery", - "game", - "gateway", - "gem-", - "gem.", - "gem_", - "gen-", - "gen.", - "gen_", - "general", - "generator", - "generic", - "genetic", - "get-", - "get.", - "get_", - "getenv", - "getting", - "ghost", - "gist", - "git-", - "git.", - "git_", - "github", - "gitignore", - "gitlab", - "glas", - "gmail", - "gnome", - "gnu-", - "gnu.", - "gnu_", - "goal", - "golang", - "gollum", - "good", - "google", - "gpu-", - "gpu.", - "gpu_", - "gradle", - "grail", - "graph", - "graphic", - "great", - "grid", - "groovy", - "group", - "grunt", - "guard", - "gui-", - "gui.", - "gui_", - "guide", - "guideline", - "gulp", - "gwt-", - "gwt.", - "gwt_", - "hack", - "hackathon", - "hacker", - "hacking", - "hadoop", - "haml", - "handler", - "hardware", - "has-", - "has_", - "hash", - "haskell", - "have", - "haxe", - "hello", - "help", - "helper", - "here", - "hero", - "heroku", - "high", - "hipchat", - "history", - "home", - "homebrew", - "homepage", - "hook", - "host", - "hosting", - "hot-", - "hot.", - "hot_", - "house", - "how-", - "how.", - "how_", - "html", - "http", - "hub-", - "hub.", - "hub_", - "hubot", - "human", - "icon", - "ide-", - "ide.", - "ide_", - "idea", - "identity", - "idiomatic", - "image", - "impact", - "import", - "important", - "importer", - "impres", - "index", - "infinite", - "info", - "injection", - "inline", - "input", - "inside", - "inspector", - "instagram", - "install", - "installer", - "instant", - "intellij", - "interface", - "internet", - "interview", - "into", - "intro", - "ionic", - "iphone", - "ipython", - "irc-", - "irc_", - "iso-", - "iso.", - "iso_", - "issue", - "jade", - "jasmine", - "java", - "jbos", - "jekyll", - "jenkin", - "jetbrains", - "job-", - "job.", - "job_", - "joomla", - "jpa-", - "jpa.", - "jpa_", - "jquery", - "json", - "just", - "kafka", - "karma", - "kata", - "kernel", - "keyboard", - "kindle", - "kit-", - "kit.", - "kit_", - "kitchen", - "knife", - "koan", - "kohana", - "lab-", - "lab-", - "lab.", - "lab.", - "lab_", - "lab_", - "lambda", - "lamp", - "language", - "laravel", - "last", - "latest", - "latex", - "launcher", - "layer", - "layout", - "lazy", - "ldap", - "leaflet", - "league", - "learn", - "learning", - "led-", - "led.", - "led_", - "leetcode", - "les-", - "les.", - "les_", - "level", - "leveldb", - "lib-", - "lib.", - "lib_", - "librarie", - "library", - "license", - "life", - "liferay", - "light", - "lightbox", - "like", - "line", - "link", - "linked", - "linkedin", - "linux", - "lisp", - "list", - "lite", - "little", - "load", - "loader", - "local", - "location", - "lock", - "log-", - "log.", - "log_", - "logger", - "logging", - "logic", - "login", - "logstash", - "longer", - "look", - "love", - "lua-", - "lua.", - "lua_", - "mac-", - "mac.", - "mac_", - "machine", - "made", - "magento", - "magic", - "mail", - "make", - "maker", - "making", - "man-", - "man.", - "man_", - "manage", - "manager", - "manifest", - "manual", - "map-", - "map-", - "map.", - "map.", - "map_", - "map_", - "mapper", - "mapping", - "markdown", - "markup", - "master", - "math", - "matrix", - "maven", - "md5", - "mean", - "media", - "mediawiki", - "meetup", - "memcached", - "memory", - "menu", - "merchant", - "message", - "messaging", - "meta", - "metadata", - "meteor", - "method", - "metric", - "micro", - "middleman", - "migration", - "minecraft", - "miner", - "mini", - "minimal", - "mirror", - "mit-", - "mit.", - "mit_", - "mobile", - "mocha", - "mock", - "mod-", - "mod.", - "mod_", - "mode", - "model", - "modern", - "modular", - "module", - "modx", - "money", - "mongo", - "mongodb", - "mongoid", - "mongoose", - "monitor", - "monkey", - "more", - "motion", - "moved", - "movie", - "mozilla", - "mqtt", - "mule", - "multi", - "multiple", - "music", - "mustache", - "mvc-", - "mvc.", - "mvc_", - "mysql", - "nagio", - "name", - "native", - "need", - "neo-", - "neo.", - "neo_", - "nest", - "nested", - "net-", - "net.", - "net_", - "nette", - "network", - "new-", - "new-", - "new.", - "new.", - "new_", - "new_", - "next", - "nginx", - "ninja", - "nlp-", - "nlp.", - "nlp_", - "node", - "nodej", - "nosql", - "not-", - "not.", - "not_", - "note", - "notebook", - "notepad", - "notice", - "notifier", - "now-", - "now.", - "now_", - "number", - "oauth", - "object", - "objective", - "obsolete", - "ocaml", - "octopres", - "official", - "old-", - "old.", - "old_", - "onboard", - "online", - "only", - "open", - "opencv", - "opengl", - "openshift", - "openwrt", - "option", - "oracle", - "org-", - "org.", - "org_", - "origin", - "original", - "orm-", - "orm.", - "orm_", - "osx-", - "osx_", - "our-", - "our.", - "our_", - "out-", - "out.", - "out_", - "output", - "over", - "overview", - "own-", - "own.", - "own_", - "pack", - "package", - "packet", - "page", - "page", - "panel", - "paper", - "paperclip", - "para", - "parallax", - "parallel", - "parse", - "parser", - "parsing", - "particle", - "party", - "password", - "patch", - "path", - "pattern", - "payment", - "paypal", - "pdf-", - "pdf.", - "pdf_", - "pebble", - "people", - "perl", - "personal", - "phalcon", - "phoenix", - "phone", - "phonegap", - "photo", - "php-", - "php.", - "php_", - "physic", - "picker", - "pipeline", - "platform", - "play", - "player", - "please", - "plu-", - "plu.", - "plu_", - "plug-in", - "plugin", - "plupload", - "png-", - "png.", - "png_", - "poker", - "polyfill", - "polymer", - "pool", - "pop-", - "pop.", - "pop_", - "popcorn", - "popup", - "port", - "portable", - "portal", - "portfolio", - "post", - "power", - "powered", - "powerful", - "prelude", - "pretty", - "preview", - "principle", - "print", - "pro-", - "pro.", - "pro_", - "problem", - "proc", - "product", - "profile", - "profiler", - "program", - "progres", - "project", - "protocol", - "prototype", - "provider", - "proxy", - "public", - "pull", - "puppet", - "pure", - "purpose", - "push", - "pusher", - "pyramid", - "python", - "quality", - "query", - "queue", - "quick", - "rabbitmq", - "rack", - "radio", - "rail", - "railscast", - "random", - "range", - "raspberry", - "rdf-", - "rdf.", - "rdf_", - "react", - "reactive", - "read", - "reader", - "readme", - "ready", - "real", - "reality", - "real-time", - "realtime", - "recipe", - "recorder", - "red-", - "red.", - "red_", - "reddit", - "redi", - "redmine", - "reference", - "refinery", - "refresh", - "registry", - "related", - "release", - "remote", - "rendering", - "repo", - "report", - "request", - "require", - "required", - "requirej", - "research", - "resource", - "response", - "resque", - "rest", - "restful", - "resume", - "reveal", - "reverse", - "review", - "riak", - "rich", - "right", - "ring", - "robot", - "role", - "room", - "router", - "routing", - "rpc-", - "rpc.", - "rpc_", - "rpg-", - "rpg.", - "rpg_", - "rspec", - "ruby-", - "ruby.", - "ruby_", - "rule", - "run-", - "run.", - "run_", - "runner", - "running", - "runtime", - "rust", - "rvm-", - "rvm.", - "rvm_", - "salt", - "sample", - "sample", - "sandbox", - "sas-", - "sas.", - "sas_", - "sbt-", - "sbt.", - "sbt_", - "scala", - "scalable", - "scanner", - "schema", - "scheme", - "school", - "science", - "scraper", - "scratch", - "screen", - "script", - "scroll", - "scs-", - "scs.", - "scs_", - "sdk-", - "sdk.", - "sdk_", - "sdl-", - "sdl.", - "sdl_", - "search", - "secure", - "security", - "see-", - "see.", - "see_", - "seed", - "select", - "selector", - "selenium", - "semantic", - "sencha", - "send", - "sentiment", - "serie", - "server", - "service", - "session", - "set-", - "set.", - "set_", - "setting", - "setting", - "setup", - "sha1", - "sha2", - "sha256", - "share", - "shared", - "sharing", - "sheet", - "shell", - "shield", - "shipping", - "shop", - "shopify", - "shortener", - "should", - "show", - "showcase", - "side", - "silex", - "simple", - "simulator", - "single", - "site", - "skeleton", - "sketch", - "skin", - "slack", - "slide", - "slider", - "slim", - "small", - "smart", - "smtp", - "snake", - "snapshot", - "snippet", - "soap", - "social", - "socket", - "software", - "solarized", - "solr", - "solution", - "solver", - "some", - "soon", - "source", - "space", - "spark", - "spatial", - "spec", - "sphinx", - "spine", - "spotify", - "spree", - "spring", - "sprite", - "sql-", - "sql.", - "sql_", - "sqlite", - "ssh-", - "ssh.", - "ssh_", - "stack", - "staging", - "standard", - "stanford", - "start", - "started", - "starter", - "startup", - "stat", - "statamic", - "state", - "static", - "statistic", - "statsd", - "statu", - "steam", - "step", - "still", - "stm-", - "stm.", - "stm_", - "storage", - "store", - "storm", - "story", - "strategy", - "stream", - "streaming", - "string", - "stripe", - "structure", - "studio", - "study", - "stuff", - "style", - "sublime", - "sugar", - "suite", - "summary", - "super", - "support", - "supported", - "svg-", - "svg.", - "svg_", - "svn-", - "svn.", - "svn_", - "swagger", - "swift", - "switch", - "switcher", - "symfony", - "symphony", - "sync", - "synopsi", - "syntax", - "system", - "system", - "tab-", - "tab-", - "tab.", - "tab.", - "tab_", - "tab_", - "table", - "tag-", - "tag-", - "tag.", - "tag.", - "tag_", - "tag_", - "talk", - "target", - "task", - "tcp-", - "tcp.", - "tcp_", - "tdd-", - "tdd.", - "tdd_", - "team", - "tech", - "template", - "term", - "terminal", - "testing", - "tetri", - "text", - "textmate", - "theme", - "theory", - "three", - "thrift", - "time", - "timeline", - "timer", - "tiny", - "tinymce", - "tip-", - "tip.", - "tip_", - "title", - "todo", - "todomvc", - "token", - "tool", - "toolbox", - "toolkit", - "top-", - "top.", - "top_", - "tornado", - "touch", - "tower", - "tracker", - "tracking", - "traffic", - "training", - "transfer", - "translate", - "transport", - "tree", - "trello", - "try-", - "try.", - "try_", - "tumblr", - "tut-", - "tut.", - "tut_", - "tutorial", - "tweet", - "twig", - "twitter", - "type", - "typo", - "ubuntu", - "uiview", - "ultimate", - "under", - "unit", - "unity", - "universal", - "unix", - "update", - "updated", - "upgrade", - "upload", - "uploader", - "uri-", - "uri.", - "uri_", - "url-", - "url.", - "url_", - "usage", - "usb-", - "usb.", - "usb_", - "use-", - "use.", - "use_", - "used", - "useful", - "user", - "using", - "util", - "utilitie", - "utility", - "vagrant", - "validator", - "value", - "variou", - "varnish", - "version", - "via-", - "via.", - "via_", - "video", - "view", - "viewer", - "vim-", - "vim.", - "vim_", - "vimrc", - "virtual", - "vision", - "visual", - "vpn", - "want", - "warning", - "watch", - "watcher", - "wave", - "way-", - "way.", - "way_", - "weather", - "web-", - "web_", - "webapp", - "webgl", - "webhook", - "webkit", - "webrtc", - "website", - "websocket", - "welcome", - "welcome", - "what", - "what'", - "when", - "where", - "which", - "why-", - "why.", - "why_", - "widget", - "wifi", - "wiki", - "win-", - "win.", - "win_", - "window", - "wip-", - "wip.", - "wip_", - "within", - "without", - "wizard", - "word", - "wordpres", - "work", - "worker", - "workflow", - "working", - "workshop", - "world", - "wrapper", - "write", - "writer", - "writing", - "written", - "www-", - "www.", - "www_", - "xamarin", - "xcode", - "xml-", - "xml.", - "xml_", - "xmpp", - "xxxxxx", - "yahoo", - "yaml", - "yandex", - "yeoman", - "yet-", - "yet.", - "yet_", - "yii-", - "yii.", - "yii_", - "youtube", - "yui-", - "yui.", - "yui_", - "zend", - "zero", - "zip-", - "zip.", - "zip_", - "zsh-", - "zsh.", - "zsh_" + "000000", + "aaaaaa", + "about", + "abstract", + "academy", + "acces", + "account", + "act-", + "act.", + "act_", + "action", + "active", + "actively", + "activity", + "adapter", + "add-", + "add.", + "add_", + "add-on", + "addon", + "addres", + "admin", + "adobe", + "advanced", + "adventure", + "agent", + "agile", + "air-", + "air.", + "air_", + "ajax", + "akka", + "alert", + "alfred", + "algorithm", + "all-", + "all.", + "all_", + "alloy", + "alpha", + "amazon", + "amqp", + "analysi", + "analytic", + "analyzer", + "android", + "angular", + "angularj", + "animate", + "animation", + "another", + "ansible", + "answer", + "ant-", + "ant.", + "ant_", + "any-", + "any.", + "any_", + "apache", + "app-", + "app-", + "app.", + "app.", + "app_", + "app_", + "apple", + "arch", + "archive", + "archived", + "arduino", + "array", + "art-", + "art.", + "art_", + "article", + "asp-", + "asp.", + "asp_", + "asset", + "async", + "atom", + "attention", + "audio", + "audit", + "aura", + "auth", + "author", + "author", + "authorize", + "auto", + "automated", + "automatic", + "awesome", + "aws_", + "azure", + "back", + "backbone", + "backend", + "backup", + "bar-", + "bar.", + "bar_", + "base", + "based", + "bash", + "basic", + "batch", + "been", + "beer", + "behavior", + "being", + "benchmark", + "best", + "beta", + "better", + "big-", + "big.", + "big_", + "binary", + "binding", + "bit-", + "bit.", + "bit_", + "bitcoin", + "block", + "blog", + "board", + "book", + "bookmark", + "boost", + "boot", + "bootstrap", + "bosh", + "bot-", + "bot.", + "bot_", + "bower", + "box-", + "box.", + "box_", + "boxen", + "bracket", + "branch", + "bridge", + "browser", + "brunch", + "buffer", + "bug-", + "bug.", + "bug_", + "build", + "builder", + "building", + "buildout", + "buildpack", + "built", + "bundle", + "busines", + "but-", + "but.", + "but_", + "button", + "cache", + "caching", + "cakephp", + "calendar", + "call", + "camera", + "campfire", + "can-", + "can.", + "can_", + "canva", + "captcha", + "capture", + "card", + "carousel", + "case", + "cassandra", + "cat-", + "cat.", + "cat_", + "category", + "center", + "cento", + "challenge", + "change", + "changelog", + "channel", + "chart", + "chat", + "cheat", + "check", + "checker", + "chef", + "ches", + "chinese", + "chosen", + "chrome", + "ckeditor", + "clas", + "classe", + "classic", + "clean", + "cli-", + "cli.", + "cli_", + "client", + "client", + "clojure", + "clone", + "closure", + "cloud", + "club", + "cluster", + "cms-", + "cms_", + "coco", + "code", + "coding", + "coffee", + "color", + "combination", + "combo", + "command", + "commander", + "comment", + "commit", + "common", + "community", + "compas", + "compiler", + "complete", + "component", + "composer", + "computer", + "computing", + "con-", + "con.", + "con_", + "concept", + "conf", + "config", + "config", + "connect", + "connector", + "console", + "contact", + "container", + "contao", + "content", + "contest", + "context", + "control", + "convert", + "converter", + "conway'", + "cookbook", + "cookie", + "cool", + "copy", + "cordova", + "core", + "couchbase", + "couchdb", + "countdown", + "counter", + "course", + "craft", + "crawler", + "create", + "creating", + "creator", + "credential", + "crm-", + "crm.", + "crm_", + "cros", + "crud", + "csv-", + "csv.", + "csv_", + "cube", + "cucumber", + "cuda", + "current", + "currently", + "custom", + "daemon", + "dark", + "dart", + "dash", + "dashboard", + "data", + "database", + "date", + "day-", + "day.", + "day_", + "dead", + "debian", + "debug", + "debug", + "debugger", + "deck", + "define", + "del-", + "del.", + "del_", + "delete", + "demo", + "deploy", + "design", + "designer", + "desktop", + "detection", + "detector", + "dev-", + "dev.", + "dev_", + "develop", + "developer", + "device", + "devise", + "diff", + "digital", + "directive", + "directory", + "discovery", + "display", + "django", + "dns-", + "dns_", + "doc-", + "doc-", + "doc.", + "doc.", + "doc_", + "doc_", + "docker", + "docpad", + "doctrine", + "document", + "doe-", + "doe.", + "doe_", + "dojo", + "dom-", + "dom.", + "dom_", + "domain", + "done", + "don't", + "dot-", + "dot.", + "dot_", + "dotfile", + "download", + "draft", + "drag", + "drill", + "drive", + "driven", + "driver", + "drop", + "dropbox", + "drupal", + "dsl-", + "dsl.", + "dsl_", + "dynamic", + "easy", + "_ec2_", + "ecdsa", + "eclipse", + "edit", + "editing", + "edition", + "editor", + "element", + "emac", + "email", + "embed", + "embedded", + "ember", + "emitter", + "emulator", + "encoding", + "endpoint", + "engine", + "english", + "enhanced", + "entity", + "entry", + "env_", + "episode", + "erlang", + "error", + "espresso", + "event", + "evented", + "example", + "example", + "exchange", + "exercise", + "experiment", + "expire", + "exploit", + "explorer", + "export", + "exporter", + "expres", + "ext-", + "ext.", + "ext_", + "extended", + "extension", + "external", + "extra", + "extractor", + "fabric", + "facebook", + "factory", + "fake", + "fast", + "feature", + "feed", + "fewfwef", + "ffmpeg", + "field", + "file", + "filter", + "find", + "finder", + "firefox", + "firmware", + "first", + "fish", + "fix-", + "fix_", + "flash", + "flask", + "flat", + "flex", + "flexible", + "flickr", + "flow", + "fluent", + "fluentd", + "fluid", + "folder", + "font", + "force", + "foreman", + "fork", + "form", + "format", + "formatter", + "forum", + "foundry", + "framework", + "free", + "friend", + "friendly", + "front-end", + "frontend", + "ftp-", + "ftp.", + "ftp_", + "fuel", + "full", + "fun-", + "fun.", + "fun_", + "func", + "future", + "gaia", + "gallery", + "game", + "gateway", + "gem-", + "gem.", + "gem_", + "gen-", + "gen.", + "gen_", + "general", + "generator", + "generic", + "genetic", + "get-", + "get.", + "get_", + "getenv", + "getting", + "ghost", + "gist", + "git-", + "git.", + "git_", + "github", + "gitignore", + "gitlab", + "glas", + "gmail", + "gnome", + "gnu-", + "gnu.", + "gnu_", + "goal", + "golang", + "gollum", + "good", + "google", + "gpu-", + "gpu.", + "gpu_", + "gradle", + "grail", + "graph", + "graphic", + "great", + "grid", + "groovy", + "group", + "grunt", + "guard", + "gui-", + "gui.", + "gui_", + "guide", + "guideline", + "gulp", + "gwt-", + "gwt.", + "gwt_", + "hack", + "hackathon", + "hacker", + "hacking", + "hadoop", + "haml", + "handler", + "hardware", + "has-", + "has_", + "hash", + "haskell", + "have", + "haxe", + "hello", + "help", + "helper", + "here", + "hero", + "heroku", + "high", + "hipchat", + "history", + "home", + "homebrew", + "homepage", + "hook", + "host", + "hosting", + "hot-", + "hot.", + "hot_", + "house", + "how-", + "how.", + "how_", + "html", + "http", + "hub-", + "hub.", + "hub_", + "hubot", + "human", + "icon", + "ide-", + "ide.", + "ide_", + "idea", + "identity", + "idiomatic", + "image", + "impact", + "import", + "important", + "importer", + "impres", + "index", + "infinite", + "info", + "injection", + "inline", + "input", + "inside", + "inspector", + "instagram", + "install", + "installer", + "instant", + "intellij", + "interface", + "internet", + "interview", + "into", + "intro", + "ionic", + "iphone", + "ipython", + "irc-", + "irc_", + "iso-", + "iso.", + "iso_", + "issue", + "jade", + "jasmine", + "java", + "jbos", + "jekyll", + "jenkin", + "jetbrains", + "job-", + "job.", + "job_", + "joomla", + "jpa-", + "jpa.", + "jpa_", + "jquery", + "json", + "just", + "kafka", + "karma", + "kata", + "kernel", + "keyboard", + "kindle", + "kit-", + "kit.", + "kit_", + "kitchen", + "knife", + "koan", + "kohana", + "lab-", + "lab-", + "lab.", + "lab.", + "lab_", + "lab_", + "lambda", + "lamp", + "language", + "laravel", + "last", + "latest", + "latex", + "launcher", + "layer", + "layout", + "lazy", + "ldap", + "leaflet", + "league", + "learn", + "learning", + "led-", + "led.", + "led_", + "leetcode", + "les-", + "les.", + "les_", + "level", + "leveldb", + "lib-", + "lib.", + "lib_", + "librarie", + "library", + "license", + "life", + "liferay", + "light", + "lightbox", + "like", + "line", + "link", + "linked", + "linkedin", + "linux", + "lisp", + "list", + "lite", + "little", + "load", + "loader", + "local", + "location", + "lock", + "log-", + "log.", + "log_", + "logger", + "logging", + "logic", + "login", + "logstash", + "longer", + "look", + "love", + "lua-", + "lua.", + "lua_", + "mac-", + "mac.", + "mac_", + "machine", + "made", + "magento", + "magic", + "mail", + "make", + "maker", + "making", + "man-", + "man.", + "man_", + "manage", + "manager", + "manifest", + "manual", + "map-", + "map-", + "map.", + "map.", + "map_", + "map_", + "mapper", + "mapping", + "markdown", + "markup", + "master", + "math", + "matrix", + "maven", + "md5", + "mean", + "media", + "mediawiki", + "meetup", + "memcached", + "memory", + "menu", + "merchant", + "message", + "messaging", + "meta", + "metadata", + "meteor", + "method", + "metric", + "micro", + "middleman", + "migration", + "minecraft", + "miner", + "mini", + "minimal", + "mirror", + "mit-", + "mit.", + "mit_", + "mobile", + "mocha", + "mock", + "mod-", + "mod.", + "mod_", + "mode", + "model", + "modern", + "modular", + "module", + "modx", + "money", + "mongo", + "mongodb", + "mongoid", + "mongoose", + "monitor", + "monkey", + "more", + "motion", + "moved", + "movie", + "mozilla", + "mqtt", + "mule", + "multi", + "multiple", + "music", + "mustache", + "mvc-", + "mvc.", + "mvc_", + "mysql", + "nagio", + "name", + "native", + "need", + "neo-", + "neo.", + "neo_", + "nest", + "nested", + "net-", + "net.", + "net_", + "nette", + "network", + "new-", + "new-", + "new.", + "new.", + "new_", + "new_", + "next", + "nginx", + "ninja", + "nlp-", + "nlp.", + "nlp_", + "node", + "nodej", + "nosql", + "not-", + "not.", + "not_", + "note", + "notebook", + "notepad", + "notice", + "notifier", + "now-", + "now.", + "now_", + "number", + "oauth", + "object", + "objective", + "obsolete", + "ocaml", + "octopres", + "official", + "old-", + "old.", + "old_", + "onboard", + "online", + "only", + "open", + "opencv", + "opengl", + "openshift", + "openwrt", + "option", + "oracle", + "org-", + "org.", + "org_", + "origin", + "original", + "orm-", + "orm.", + "orm_", + "osx-", + "osx_", + "our-", + "our.", + "our_", + "out-", + "out.", + "out_", + "output", + "over", + "overview", + "own-", + "own.", + "own_", + "pack", + "package", + "packet", + "page", + "page", + "panel", + "paper", + "paperclip", + "para", + "parallax", + "parallel", + "parse", + "parser", + "parsing", + "particle", + "party", + "password", + "patch", + "path", + "pattern", + "payment", + "paypal", + "pdf-", + "pdf.", + "pdf_", + "pebble", + "people", + "perl", + "personal", + "phalcon", + "phoenix", + "phone", + "phonegap", + "photo", + "php-", + "php.", + "php_", + "physic", + "picker", + "pipeline", + "platform", + "play", + "player", + "please", + "plu-", + "plu.", + "plu_", + "plug-in", + "plugin", + "plupload", + "png-", + "png.", + "png_", + "poker", + "polyfill", + "polymer", + "pool", + "pop-", + "pop.", + "pop_", + "popcorn", + "popup", + "port", + "portable", + "portal", + "portfolio", + "post", + "power", + "powered", + "powerful", + "prelude", + "pretty", + "preview", + "principle", + "print", + "pro-", + "pro.", + "pro_", + "problem", + "proc", + "product", + "profile", + "profiler", + "program", + "progres", + "project", + "protocol", + "prototype", + "provider", + "proxy", + "public", + "pull", + "puppet", + "pure", + "purpose", + "push", + "pusher", + "pyramid", + "python", + "quality", + "query", + "queue", + "quick", + "rabbitmq", + "rack", + "radio", + "rail", + "railscast", + "random", + "range", + "raspberry", + "rdf-", + "rdf.", + "rdf_", + "react", + "reactive", + "read", + "reader", + "readme", + "ready", + "real", + "reality", + "real-time", + "realtime", + "recipe", + "recorder", + "red-", + "red.", + "red_", + "reddit", + "redi", + "redmine", + "reference", + "refinery", + "refresh", + "registry", + "related", + "release", + "remote", + "rendering", + "repo", + "report", + "request", + "require", + "required", + "requirej", + "research", + "resource", + "response", + "resque", + "rest", + "restful", + "resume", + "reveal", + "reverse", + "review", + "riak", + "rich", + "right", + "ring", + "robot", + "role", + "room", + "router", + "routing", + "rpc-", + "rpc.", + "rpc_", + "rpg-", + "rpg.", + "rpg_", + "rspec", + "ruby-", + "ruby.", + "ruby_", + "rule", + "run-", + "run.", + "run_", + "runner", + "running", + "runtime", + "rust", + "rvm-", + "rvm.", + "rvm_", + "salt", + "sample", + "sample", + "sandbox", + "sas-", + "sas.", + "sas_", + "sbt-", + "sbt.", + "sbt_", + "scala", + "scalable", + "scanner", + "schema", + "scheme", + "school", + "science", + "scraper", + "scratch", + "screen", + "script", + "scroll", + "scs-", + "scs.", + "scs_", + "sdk-", + "sdk.", + "sdk_", + "sdl-", + "sdl.", + "sdl_", + "search", + "secure", + "security", + "see-", + "see.", + "see_", + "seed", + "select", + "selector", + "selenium", + "semantic", + "sencha", + "send", + "sentiment", + "serie", + "server", + "service", + "session", + "set-", + "set.", + "set_", + "setting", + "setting", + "setup", + "sha1", + "sha2", + "sha256", + "share", + "shared", + "sharing", + "sheet", + "shell", + "shield", + "shipping", + "shop", + "shopify", + "shortener", + "should", + "show", + "showcase", + "side", + "silex", + "simple", + "simulator", + "single", + "site", + "skeleton", + "sketch", + "skin", + "slack", + "slide", + "slider", + "slim", + "small", + "smart", + "smtp", + "snake", + "snapshot", + "snippet", + "soap", + "social", + "socket", + "software", + "solarized", + "solr", + "solution", + "solver", + "some", + "soon", + "source", + "space", + "spark", + "spatial", + "spec", + "sphinx", + "spine", + "spotify", + "spree", + "spring", + "sprite", + "sql-", + "sql.", + "sql_", + "sqlite", + "ssh-", + "ssh.", + "ssh_", + "stack", + "staging", + "standard", + "stanford", + "start", + "started", + "starter", + "startup", + "stat", + "statamic", + "state", + "static", + "statistic", + "statsd", + "statu", + "steam", + "step", + "still", + "stm-", + "stm.", + "stm_", + "storage", + "store", + "storm", + "story", + "strategy", + "stream", + "streaming", + "string", + "stripe", + "structure", + "studio", + "study", + "stuff", + "style", + "sublime", + "sugar", + "suite", + "summary", + "super", + "support", + "supported", + "svg-", + "svg.", + "svg_", + "svn-", + "svn.", + "svn_", + "swagger", + "swift", + "switch", + "switcher", + "symfony", + "symphony", + "sync", + "synopsi", + "syntax", + "system", + "system", + "tab-", + "tab-", + "tab.", + "tab.", + "tab_", + "tab_", + "table", + "tag-", + "tag-", + "tag.", + "tag.", + "tag_", + "tag_", + "talk", + "target", + "task", + "tcp-", + "tcp.", + "tcp_", + "tdd-", + "tdd.", + "tdd_", + "team", + "tech", + "template", + "term", + "terminal", + "testing", + "tetri", + "text", + "textmate", + "theme", + "theory", + "three", + "thrift", + "time", + "timeline", + "timer", + "tiny", + "tinymce", + "tip-", + "tip.", + "tip_", + "title", + "todo", + "todomvc", + "token", + "tool", + "toolbox", + "toolkit", + "top-", + "top.", + "top_", + "tornado", + "touch", + "tower", + "tracker", + "tracking", + "traffic", + "training", + "transfer", + "translate", + "transport", + "tree", + "trello", + "try-", + "try.", + "try_", + "tumblr", + "tut-", + "tut.", + "tut_", + "tutorial", + "tweet", + "twig", + "twitter", + "type", + "typo", + "ubuntu", + "uiview", + "ultimate", + "under", + "unit", + "unity", + "universal", + "unix", + "update", + "updated", + "upgrade", + "upload", + "uploader", + "uri-", + "uri.", + "uri_", + "url-", + "url.", + "url_", + "usage", + "usb-", + "usb.", + "usb_", + "use-", + "use.", + "use_", + "used", + "useful", + "user", + "using", + "util", + "utilitie", + "utility", + "vagrant", + "validator", + "value", + "variou", + "varnish", + "version", + "via-", + "via.", + "via_", + "video", + "view", + "viewer", + "vim-", + "vim.", + "vim_", + "vimrc", + "virtual", + "vision", + "visual", + "vpn", + "want", + "warning", + "watch", + "watcher", + "wave", + "way-", + "way.", + "way_", + "weather", + "web-", + "web_", + "webapp", + "webgl", + "webhook", + "webkit", + "webrtc", + "website", + "websocket", + "welcome", + "welcome", + "what", + "what'", + "when", + "where", + "which", + "why-", + "why.", + "why_", + "widget", + "wifi", + "wiki", + "win-", + "win.", + "win_", + "window", + "wip-", + "wip.", + "wip_", + "within", + "without", + "wizard", + "word", + "wordpres", + "work", + "worker", + "workflow", + "working", + "workshop", + "world", + "wrapper", + "write", + "writer", + "writing", + "written", + "www-", + "www.", + "www_", + "xamarin", + "xcode", + "xml-", + "xml.", + "xml_", + "xmpp", + "xxxxxx", + "yahoo", + "yaml", + "yandex", + "yeoman", + "yet-", + "yet.", + "yet_", + "yii-", + "yii.", + "yii_", + "youtube", + "yui-", + "yui.", + "yui_", + "zend", + "zero", + "zip-", + "zip.", + "zip_", + "zsh-", + "zsh.", + "zsh_" ] - } }, - { - "description": "Identified a GitHub App Token, which may compromise GitHub application integrations and source code security.", - "entropy": 3, - "name": "github-app-token", - "keywords": [ + "confidence": "low" + }, + { + "description": "Identified a GitHub App Token, which may compromise GitHub application integrations and source code security.", + "entropy": 3, + "name": "github-app-token", + "keywords": [ "ghu_", "ghs_" - ], - "pattern": "(?:ghu|ghs)_[0-9a-zA-Z]{36}", - "allowlist": { + ], + "pattern": "(?:ghu|ghs)_[0-9a-zA-Z]{36}", + "allowlist": { "paths": [ - "(^|/)@octokit/auth-token/README\\.md$" + "(^|/)@octokit/auth-token/README\\.md$" ] - } }, - { - "description": "Found a GitHub Fine-Grained Personal Access Token, risking unauthorized repository access and code manipulation.", - "entropy": 3, - "name": "github-fine-grained-pat", - "keywords": [ + "confidence": "high" + }, + { + "description": "Found a GitHub Fine-Grained Personal Access Token, risking unauthorized repository access and code manipulation.", + "entropy": 3, + "name": "github-fine-grained-pat", + "keywords": [ "github_pat_" - ], - "pattern": "github_pat_\\w{82}" - }, - { - "description": "Discovered a GitHub OAuth Access Token, posing a risk of compromised GitHub account integrations and data leaks.", - "entropy": 3, - "name": "github-oauth", - "keywords": [ + ], + "pattern": "github_pat_\\w{82}", + "confidence": "high" + }, + { + "description": "Discovered a GitHub OAuth Access Token, posing a risk of compromised GitHub account integrations and data leaks.", + "entropy": 3, + "name": "github-oauth", + "keywords": [ "gho_" - ], - "pattern": "gho_[0-9a-zA-Z]{36}" - }, - { - "description": "Uncovered a GitHub Personal Access Token, potentially leading to unauthorized repository access and sensitive content exposure.", - "entropy": 3, - "name": "github-pat", - "keywords": [ + ], + "pattern": "gho_[0-9a-zA-Z]{36}", + "confidence": "high" + }, + { + "description": "Uncovered a GitHub Personal Access Token, potentially leading to unauthorized repository access and sensitive content exposure.", + "entropy": 3, + "name": "github-pat", + "keywords": [ "ghp_" - ], - "pattern": "ghp_[0-9a-zA-Z]{36}", - "allowlist": { + ], + "pattern": "ghp_[0-9a-zA-Z]{36}", + "allowlist": { "paths": [ - "(^|/)@octokit/auth-token/README\\.md$" + "(^|/)@octokit/auth-token/README\\.md$" ] - } }, - { - "description": "Detected a GitHub Refresh Token, which could allow prolonged unauthorized access to GitHub services.", - "entropy": 3, - "name": "github-refresh-token", - "keywords": [ + "confidence": "high" + }, + { + "description": "Detected a GitHub Refresh Token, which could allow prolonged unauthorized access to GitHub services.", + "entropy": 3, + "name": "github-refresh-token", + "keywords": [ "ghr_" - ], - "pattern": "ghr_[0-9a-zA-Z]{36}" - }, - { - "description": "Identified a GitLab CI/CD Job Token, potential access to projects and some APIs on behalf of a user while the CI job is running.", - "entropy": 3, - "name": "gitlab-cicd-job-token", - "keywords": [ + ], + "pattern": "ghr_[0-9a-zA-Z]{36}", + "confidence": "high" + }, + { + "description": "Identified a GitLab CI/CD Job Token, potential access to projects and some APIs on behalf of a user while the CI job is running.", + "entropy": 3, + "name": "gitlab-cicd-job-token", + "keywords": [ "glcbt-" - ], - "pattern": "glcbt-[0-9a-zA-Z]{1,5}_[0-9a-zA-Z_-]{20}" - }, - { - "description": "Identified a GitLab Deploy Token, risking access to repositories, packages and containers with write access.", - "entropy": 3, - "name": "gitlab-deploy-token", - "keywords": [ + ], + "pattern": "glcbt-[0-9a-zA-Z]{1,5}_[0-9a-zA-Z_-]{20}", + "confidence": "high" + }, + { + "description": "Identified a GitLab Deploy Token, risking access to repositories, packages and containers with write access.", + "entropy": 3, + "name": "gitlab-deploy-token", + "keywords": [ "gldt-" - ], - "pattern": "gldt-[0-9a-zA-Z_\\-]{20}" - }, - { - "description": "Identified a GitLab feature flag client token, risks exposing user lists and features flags used by an application.", - "entropy": 3, - "name": "gitlab-feature-flag-client-token", - "keywords": [ + ], + "pattern": "gldt-[0-9a-zA-Z_\\-]{20}", + "confidence": "high" + }, + { + "description": "Identified a GitLab feature flag client token, risks exposing user lists and features flags used by an application.", + "entropy": 3, + "name": "gitlab-feature-flag-client-token", + "keywords": [ "glffct-" - ], - "pattern": "glffct-[0-9a-zA-Z_\\-]{20}" - }, - { - "description": "Identified a GitLab feed token, risking exposure of user data.", - "entropy": 3, - "name": "gitlab-feed-token", - "keywords": [ + ], + "pattern": "glffct-[0-9a-zA-Z_\\-]{20}", + "confidence": "high" + }, + { + "description": "Identified a GitLab feed token, risking exposure of user data.", + "entropy": 3, + "name": "gitlab-feed-token", + "keywords": [ "glft-" - ], - "pattern": "glft-[0-9a-zA-Z_\\-]{20}" - }, - { - "description": "Identified a GitLab incoming mail token, risking manipulation of data sent by mail.", - "entropy": 3, - "name": "gitlab-incoming-mail-token", - "keywords": [ + ], + "pattern": "glft-[0-9a-zA-Z_\\-]{20}", + "confidence": "high" + }, + { + "description": "Identified a GitLab incoming mail token, risking manipulation of data sent by mail.", + "entropy": 3, + "name": "gitlab-incoming-mail-token", + "keywords": [ "glimt-" - ], - "pattern": "glimt-[0-9a-zA-Z_\\-]{25}" - }, - { - "description": "Identified a GitLab Kubernetes Agent token, risking access to repos and registry of projects connected via agent.", - "entropy": 3, - "name": "gitlab-kubernetes-agent-token", - "keywords": [ + ], + "pattern": "glimt-[0-9a-zA-Z_\\-]{25}", + "confidence": "high" + }, + { + "description": "Identified a GitLab Kubernetes Agent token, risking access to repos and registry of projects connected via agent.", + "entropy": 3, + "name": "gitlab-kubernetes-agent-token", + "keywords": [ "glagent-" - ], - "pattern": "glagent-[0-9a-zA-Z_\\-]{50}" - }, - { - "description": "Identified a GitLab OIDC Application Secret, risking access to apps using GitLab as authentication provider.", - "entropy": 3, - "name": "gitlab-oauth-app-secret", - "keywords": [ + ], + "pattern": "glagent-[0-9a-zA-Z_\\-]{50}", + "confidence": "high" + }, + { + "description": "Identified a GitLab OIDC Application Secret, risking access to apps using GitLab as authentication provider.", + "entropy": 3, + "name": "gitlab-oauth-app-secret", + "keywords": [ "gloas-" - ], - "pattern": "gloas-[0-9a-zA-Z_\\-]{64}" - }, - { - "description": "Identified a GitLab Personal Access Token, risking unauthorized access to GitLab repositories and codebase exposure.", - "entropy": 3, - "name": "gitlab-pat", - "keywords": [ + ], + "pattern": "gloas-[0-9a-zA-Z_\\-]{64}", + "confidence": "high" + }, + { + "description": "Identified a GitLab Personal Access Token, risking unauthorized access to GitLab repositories and codebase exposure.", + "entropy": 3, + "name": "gitlab-pat", + "keywords": [ "glpat-" - ], - "pattern": "glpat-[\\w-]{20}" - }, - { - "description": "Identified a GitLab Personal Access Token (routable), risking unauthorized access to GitLab repositories and codebase exposure.", - "entropy": 4, - "name": "gitlab-pat-routable", - "keywords": [ + ], + "pattern": "glpat-[\\w-]{20}", + "confidence": "high" + }, + { + "description": "Identified a GitLab Personal Access Token (routable), risking unauthorized access to GitLab repositories and codebase exposure.", + "entropy": 4, + "name": "gitlab-pat-routable", + "keywords": [ "glpat-" - ], - "pattern": "\\bglpat-[0-9a-zA-Z_-]{27,300}\\.[0-9a-z]{2}[0-9a-z]{7}\\b" - }, - { - "description": "Found a GitLab Pipeline Trigger Token, potentially compromising continuous integration workflows and project security.", - "entropy": 3, - "name": "gitlab-ptt", - "keywords": [ + ], + "pattern": "\\bglpat-[0-9a-zA-Z_-]{27,300}\\.[0-9a-z]{2}[0-9a-z]{7}\\b", + "confidence": "high" + }, + { + "description": "Found a GitLab Pipeline Trigger Token, potentially compromising continuous integration workflows and project security.", + "entropy": 3, + "name": "gitlab-ptt", + "keywords": [ "glptt-" - ], - "pattern": "glptt-[0-9a-f]{40}" - }, - { - "description": "Discovered a GitLab Runner Registration Token, posing a risk to CI/CD pipeline integrity and unauthorized access.", - "entropy": 3, - "name": "gitlab-rrt", - "keywords": [ + ], + "pattern": "glptt-[0-9a-f]{40}", + "confidence": "high" + }, + { + "description": "Discovered a GitLab Runner Registration Token, posing a risk to CI/CD pipeline integrity and unauthorized access.", + "entropy": 3, + "name": "gitlab-rrt", + "keywords": [ "gr1348941" - ], - "pattern": "GR1348941[\\w-]{20}" - }, - { - "description": "Discovered a GitLab Runner Authentication Token, posing a risk to CI/CD pipeline integrity and unauthorized access.", - "entropy": 3, - "name": "gitlab-runner-authentication-token", - "keywords": [ + ], + "pattern": "GR1348941[\\w-]{20}", + "confidence": "high" + }, + { + "description": "Discovered a GitLab Runner Authentication Token, posing a risk to CI/CD pipeline integrity and unauthorized access.", + "entropy": 3, + "name": "gitlab-runner-authentication-token", + "keywords": [ "glrt-" - ], - "pattern": "glrt-[0-9a-zA-Z_\\-]{20}" - }, - { - "description": "Discovered a GitLab SCIM Token, posing a risk to unauthorized access for a organization or instance.", - "entropy": 3, - "name": "gitlab-scim-token", - "keywords": [ + ], + "pattern": "glrt-[0-9a-zA-Z_\\-]{20}", + "confidence": "high" + }, + { + "description": "Discovered a GitLab SCIM Token, posing a risk to unauthorized access for a organization or instance.", + "entropy": 3, + "name": "gitlab-scim-token", + "keywords": [ "glsoat-" - ], - "pattern": "glsoat-[0-9a-zA-Z_\\-]{20}" - }, - { - "description": "Discovered a GitLab Session Cookie, posing a risk to unauthorized access to a user account.", - "entropy": 3, - "name": "gitlab-session-cookie", - "keywords": [ + ], + "pattern": "glsoat-[0-9a-zA-Z_\\-]{20}", + "confidence": "high" + }, + { + "description": "Discovered a GitLab Session Cookie, posing a risk to unauthorized access to a user account.", + "entropy": 3, + "name": "gitlab-session-cookie", + "keywords": [ "_gitlab_session=" - ], - "pattern": "_gitlab_session=[0-9a-z]{32}" - }, - { - "description": "Uncovered a Gitter Access Token, which may lead to unauthorized access to chat and communication services.", - "name": "gitter-access-token", - "keywords": [ - "gitter" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:gitter)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9_-]{40})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Detected a GoCardless API token, potentially risking unauthorized direct debit payment operations and financial data exposure.", - "name": "gocardless-api-token", - "keywords": [ + ], + "pattern": "_gitlab_session=[0-9a-z]{32}", + "confidence": "high" + }, + { + "description": "Uncovered a Gitter Access Token, which may lead to unauthorized access to chat and communication services.", + "name": "gitter-access-token", + "keywords": [ + "gitter" + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:gitter)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9_-]{40})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Detected a GoCardless API token, potentially risking unauthorized direct debit payment operations and financial data exposure.", + "name": "gocardless-api-token", + "keywords": [ "live_", "gocardless" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:gocardless)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(live_(?i)[a-z0-9\\-_=]{40})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Identified a Grafana API key, which could compromise monitoring dashboards and sensitive data analytics.", - "entropy": 3, - "name": "grafana-api-key", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:gocardless)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(live_(?i)[a-z0-9\\-_=]{40})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Identified a Grafana API key, which could compromise monitoring dashboards and sensitive data analytics.", + "entropy": 3, + "name": "grafana-api-key", + "keywords": [ "eyjrijoi" - ], - "pattern": "(?i)\\b(eyJrIjoi[A-Za-z0-9]{70,400}={0,3})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Found a Grafana cloud API token, risking unauthorized access to cloud-based monitoring services and data exposure.", - "entropy": 3, - "name": "grafana-cloud-api-token", - "keywords": [ + ], + "pattern": "(?i)\\b(eyJrIjoi[A-Za-z0-9]{70,400}={0,3})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Found a Grafana cloud API token, risking unauthorized access to cloud-based monitoring services and data exposure.", + "entropy": 3, + "name": "grafana-cloud-api-token", + "keywords": [ "glc_" - ], - "pattern": "(?i)\\b(glc_[A-Za-z0-9+/]{32,400}={0,3})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a Grafana service account token, posing a risk of compromised monitoring services and data integrity.", - "entropy": 3, - "name": "grafana-service-account-token", - "keywords": [ + ], + "pattern": "(?i)\\b(glc_[A-Za-z0-9+/]{32,400}={0,3})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Discovered a Grafana service account token, posing a risk of compromised monitoring services and data integrity.", + "entropy": 3, + "name": "grafana-service-account-token", + "keywords": [ "glsa_" - ], - "pattern": "(?i)\\b(glsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Identified a Harness Access Token (PAT or SAT), risking unauthorized access to a Harness account.", - "name": "harness-api-key", - "keywords": [ + ], + "pattern": "(?i)\\b(glsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Identified a Harness Access Token (PAT or SAT), risking unauthorized access to a Harness account.", + "name": "harness-api-key", + "keywords": [ "pat.", "sat." - ], - "pattern": "(?:pat|sat)\\.[a-zA-Z0-9_-]{22}\\.[a-zA-Z0-9]{24}\\.[a-zA-Z0-9]{20}" - }, - { - "description": "Uncovered a HashiCorp Terraform user/org API token, which may lead to unauthorized infrastructure management and security breaches.", - "entropy": 3.5, - "name": "hashicorp-tf-api-token", - "keywords": [ + ], + "pattern": "(?:pat|sat)\\.[a-zA-Z0-9_-]{22}\\.[a-zA-Z0-9]{24}\\.[a-zA-Z0-9]{20}", + "confidence": "high" + }, + { + "description": "Uncovered a HashiCorp Terraform user/org API token, which may lead to unauthorized infrastructure management and security breaches.", + "entropy": 3.5, + "name": "hashicorp-tf-api-token", + "keywords": [ "atlasv1" - ], - "pattern": "(?i)[a-z0-9]{14}\\.(?-i:atlasv1)\\.[a-z0-9\\-_=]{60,70}" - }, - { - "description": "Identified a HashiCorp Terraform password field, risking unauthorized infrastructure configuration and security breaches.", - "entropy": 2, - "name": "hashicorp-tf-password", - "keywords": [ + ], + "pattern": "(?i)[a-z0-9]{14}\\.(?-i:atlasv1)\\.[a-z0-9\\-_=]{60,70}", + "confidence": "high" + }, + { + "description": "Identified a HashiCorp Terraform password field, risking unauthorized infrastructure configuration and security breaches.", + "entropy": 2, + "name": "hashicorp-tf-password", + "keywords": [ "administrator_login_password", "password" - ], - "path": "(?i)\\.(?:tf|hcl)$", - "pattern": "(?i)[\\w.-]{0,50}?(?:administrator_login_password|password)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(\"[a-z0-9=_\\-]{8,20}\")(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Detected a Heroku API Key, potentially compromising cloud application deployments and operational security.", - "name": "heroku-api-key", - "keywords": [ + ], + "path": "(?i)\\.(?:tf|hcl)$", + "pattern": "(?i)[\\w.-]{0,50}?(?:administrator_login_password|password)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(\"[a-z0-9=_\\-]{8,20}\")(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "low" + }, + { + "description": "Detected a Heroku API Key, potentially compromising cloud application deployments and operational security.", + "name": "heroku-api-key", + "keywords": [ "heroku" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:heroku)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Found a HubSpot API Token, posing a risk to CRM data integrity and unauthorized marketing operations.", - "name": "hubspot-api-key", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:heroku)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Found a HubSpot API Token, posing a risk to CRM data integrity and unauthorized marketing operations.", + "name": "hubspot-api-key", + "keywords": [ "hubspot" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:hubspot)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a Hugging Face Access token, which could lead to unauthorized access to AI models and sensitive data.", - "entropy": 2, - "name": "huggingface-access-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:hubspot)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Discovered a Hugging Face Access token, which could lead to unauthorized access to AI models and sensitive data.", + "entropy": 2, + "name": "huggingface-access-token", + "keywords": [ "hf_" - ], - "pattern": "\\b(hf_(?i:[a-z]{34}))(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Uncovered a Hugging Face Organization API token, potentially compromising AI organization accounts and associated data.", - "entropy": 2, - "name": "huggingface-organization-api-token", - "keywords": [ + ], + "pattern": "\\b(hf_(?i:[a-z]{34}))(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Uncovered a Hugging Face Organization API token, potentially compromising AI organization accounts and associated data.", + "entropy": 2, + "name": "huggingface-organization-api-token", + "keywords": [ "api_org_" - ], - "pattern": "\\b(api_org_(?i:[a-z]{34}))(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Detected an Infracost API Token, risking unauthorized access to cloud cost estimation tools and financial data.", - "entropy": 3, - "name": "infracost-api-token", - "keywords": [ + ], + "pattern": "\\b(api_org_(?i:[a-z]{34}))(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Detected an Infracost API Token, risking unauthorized access to cloud cost estimation tools and financial data.", + "entropy": 3, + "name": "infracost-api-token", + "keywords": [ "ico-" - ], - "pattern": "\\b(ico-[a-zA-Z0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Identified an Intercom API Token, which could compromise customer communication channels and data privacy.", - "name": "intercom-api-key", - "keywords": [ + ], + "pattern": "\\b(ico-[a-zA-Z0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Identified an Intercom API Token, which could compromise customer communication channels and data privacy.", + "name": "intercom-api-key", + "keywords": [ "intercom" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:intercom)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9=_\\-]{60})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Found a Intra42 client secret, which could lead to unauthorized access to the 42School API and sensitive data.", - "entropy": 3, - "name": "intra42-client-secret", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:intercom)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9=_\\-]{60})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Found a Intra42 client secret, which could lead to unauthorized access to the 42School API and sensitive data.", + "entropy": 3, + "name": "intra42-client-secret", + "keywords": [ "intra", "s-s4t2ud-", "s-s4t2af-" - ], - "pattern": "\\b(s-s4t2(?:ud|af)-(?i)[abcdef0123456789]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Found a JFrog API Key, posing a risk of unauthorized access to software artifact repositories and build pipelines.", - "name": "jfrog-api-key", - "keywords": [ + ], + "pattern": "\\b(s-s4t2(?:ud|af)-(?i)[abcdef0123456789]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Found a JFrog API Key, posing a risk of unauthorized access to software artifact repositories and build pipelines.", + "name": "jfrog-api-key", + "keywords": [ "jfrog", "artifactory", "bintray", "xray" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:jfrog|artifactory|bintray|xray)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{73})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a JFrog Identity Token, potentially compromising access to JFrog services and sensitive software artifacts.", - "name": "jfrog-identity-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:jfrog|artifactory|bintray|xray)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{73})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Discovered a JFrog Identity Token, potentially compromising access to JFrog services and sensitive software artifacts.", + "name": "jfrog-identity-token", + "keywords": [ "jfrog", "artifactory", "bintray", "xray" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:jfrog|artifactory|bintray|xray)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.", - "entropy": 3, - "name": "jwt", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:jfrog|artifactory|bintray|xray)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.", + "entropy": 3, + "name": "jwt", + "keywords": [ "ey" - ], - "pattern": "\\b(ey[a-zA-Z0-9]{17,}\\.ey[a-zA-Z0-9\\/\\\\_-]{17,}\\.(?:[a-zA-Z0-9\\/\\\\_-]{10,}={0,2})?)(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Detected a Base64-encoded JSON Web Token, posing a risk of exposing encoded authentication and data exchange information.", - "entropy": 2, - "name": "jwt-base64", - "keywords": [ + ], + "pattern": "\\b(ey[a-zA-Z0-9]{17,}\\.ey[a-zA-Z0-9\\/\\\\_-]{17,}\\.(?:[a-zA-Z0-9\\/\\\\_-]{10,}={0,2})?)(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "low" + }, + { + "description": "Detected a Base64-encoded JSON Web Token, posing a risk of exposing encoded authentication and data exchange information.", + "entropy": 2, + "name": "jwt-base64", + "keywords": [ "zxlk" - ], - "pattern": "\\bZXlK(?:(?PaGJHY2lPaU)|(?PaGNIVWlPaU)|(?PaGNIWWlPaU)|(?PaGRXUWlPaU)|(?PaU5qUWlP)|(?PamNtbDBJanBi)|(?PamRIa2lPaU)|(?PbGNHc2lPbn)|(?PbGJtTWlPaU)|(?PcWEzVWlPaU)|(?PcWQyc2lPb)|(?PcGMzTWlPaU)|(?PcGRpSTZJ)|(?PcmFXUWlP)|(?PclpYbGZiM0J6SWpwY)|(?PcmRIa2lPaUp)|(?PdWIyNWpaU0k2)|(?Pd01tTWlP)|(?Pd01uTWlPaU)|(?Pd2NIUWlPaU)|(?PemRXSWlPaU)|(?PemRuUWlP)|(?PMFlXY2lPaU)|(?PMGVYQWlPaUp)|(?PMWNtd2l)|(?PMWMyVWlPaUp)|(?PMlpYSWlPaU)|(?PMlpYSnphVzl1SWpv)|(?PNElqb2)|(?PNE5XTWlP)|(?PNE5YUWlPaU)|(?PNE5YUWpVekkxTmlJNkl)|(?PNE5YVWlPaU)|(?PNmFYQWlPaU))[a-zA-Z0-9\\/\\\\_+\\-\\r\\n]{40,}={0,2}" - }, - { - "description": "Identified a Kraken Access Token, potentially compromising cryptocurrency trading accounts and financial security.", - "name": "kraken-access-token", - "keywords": [ + ], + "pattern": "\\bZXlK(?:(?PaGJHY2lPaU)|(?PaGNIVWlPaU)|(?PaGNIWWlPaU)|(?PaGRXUWlPaU)|(?PaU5qUWlP)|(?PamNtbDBJanBi)|(?PamRIa2lPaU)|(?PbGNHc2lPbn)|(?PbGJtTWlPaU)|(?PcWEzVWlPaU)|(?PcWQyc2lPb)|(?PcGMzTWlPaU)|(?PcGRpSTZJ)|(?PcmFXUWlP)|(?PclpYbGZiM0J6SWpwY)|(?PcmRIa2lPaUp)|(?PdWIyNWpaU0k2)|(?Pd01tTWlP)|(?Pd01uTWlPaU)|(?Pd2NIUWlPaU)|(?PemRXSWlPaU)|(?PemRuUWlP)|(?PMFlXY2lPaU)|(?PMGVYQWlPaUp)|(?PMWNtd2l)|(?PMWMyVWlPaUp)|(?PMlpYSWlPaU)|(?PMlpYSnphVzl1SWpv)|(?PNElqb2)|(?PNE5XTWlP)|(?PNE5YUWlPaU)|(?PNE5YUWpVekkxTmlJNkl)|(?PNE5YVWlPaU)|(?PNmFYQWlPaU))[a-zA-Z0-9\\/\\\\_+\\-\\r\\n]{40,}={0,2}", + "confidence": "low" + }, + { + "description": "Identified a Kraken Access Token, potentially compromising cryptocurrency trading accounts and financial security.", + "name": "kraken-access-token", + "keywords": [ "kraken" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:kraken)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9\\/=_\\+\\-]{80,90})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Possible Kubernetes Secret detected, posing a risk of leaking credentials/tokens from your deployments", - "name": "kubernetes-secret-yaml", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:kraken)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9\\/=_\\+\\-]{80,90})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Possible Kubernetes Secret detected, posing a risk of leaking credentials/tokens from your deployments", + "name": "kubernetes-secret-yaml", + "keywords": [ "secret" - ], - "path": "(?i)\\.ya?ml$", - "pattern": "(?i)(?:\\bkind:[ \\t]*[\"']?\\bsecret\\b[\"']?(?:.|\\s){0,200}?\\bdata:(?:.|\\s){0,100}?\\s+([\\w.-]+:(?:[ \\t]*(?:\\||>[-+]?)\\s+)?[ \\t]*(?:[\"']?[a-z0-9+/]{10,}={0,3}[\"']?|\\{\\{[ \\t\\w\"|$:=,.-]+}}|\"\"|''))|\\bdata:(?:.|\\s){0,100}?\\s+([\\w.-]+:(?:[ \\t]*(?:\\||>[-+]?)\\s+)?[ \\t]*(?:[\"']?[a-z0-9+/]{10,}={0,3}[\"']?|\\{\\{[ \\t\\w\"|$:=,.-]+}}|\"\"|''))(?:.|\\s){0,200}?\\bkind:[ \\t]*[\"']?\\bsecret\\b[\"']?)", - "allowlist": { + ], + "path": "(?i)\\.ya?ml$", + "pattern": "(?i)(?:\\bkind:[ \\t]*[\"']?\\bsecret\\b[\"']?(?:.|\\s){0,200}?\\bdata:(?:.|\\s){0,100}?\\s+([\\w.-]+:(?:[ \\t]*(?:\\||>[-+]?)\\s+)?[ \\t]*(?:[\"']?[a-z0-9+/]{10,}={0,3}[\"']?|\\{\\{[ \\t\\w\"|$:=,.-]+}}|\"\"|''))|\\bdata:(?:.|\\s){0,100}?\\s+([\\w.-]+:(?:[ \\t]*(?:\\||>[-+]?)\\s+)?[ \\t]*(?:[\"']?[a-z0-9+/]{10,}={0,3}[\"']?|\\{\\{[ \\t\\w\"|$:=,.-]+}}|\"\"|''))(?:.|\\s){0,200}?\\bkind:[ \\t]*[\"']?\\bsecret\\b[\"']?)", + "allowlist": { "regexes": [ - "[\\w.-]+:(?:[ \\t]*(?:\\||>[-+]?)\\s+)?[ \\t]*(?:\\{\\{[ \\t\\w\"|$:=,.-]+}}|\"\"|'')" + "[\\w.-]+:(?:[ \\t]*(?:\\||>[-+]?)\\s+)?[ \\t]*(?:\\{\\{[ \\t\\w\"|$:=,.-]+}}|\"\"|'')" ] - } }, - { - "description": "Found a Kucoin Access Token, risking unauthorized access to cryptocurrency exchange services and transactions.", - "name": "kucoin-access-token", - "keywords": [ + "confidence": "low" + }, + { + "description": "Found a Kucoin Access Token, risking unauthorized access to cryptocurrency exchange services and transactions.", + "name": "kucoin-access-token", + "keywords": [ "kucoin" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:kucoin)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-f0-9]{24})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a Kucoin Secret Key, which could lead to compromised cryptocurrency operations and financial data breaches.", - "name": "kucoin-secret-key", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:kucoin)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-f0-9]{24})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Discovered a Kucoin Secret Key, which could lead to compromised cryptocurrency operations and financial data breaches.", + "name": "kucoin-secret-key", + "keywords": [ "kucoin" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:kucoin)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Uncovered a Launchdarkly Access Token, potentially compromising feature flag management and application functionality.", - "name": "launchdarkly-access-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:kucoin)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Uncovered a Launchdarkly Access Token, potentially compromising feature flag management and application functionality.", + "name": "launchdarkly-access-token", + "keywords": [ "launchdarkly" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:launchdarkly)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9=_\\-]{40})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Detected a Linear API Token, posing a risk to project management tools and sensitive task data.", - "entropy": 2, - "name": "linear-api-key", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:launchdarkly)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9=_\\-]{40})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Detected a Linear API Token, posing a risk to project management tools and sensitive task data.", + "entropy": 2, + "name": "linear-api-key", + "keywords": [ "lin_api_" - ], - "pattern": "lin_api_(?i)[a-z0-9]{40}" - }, - { - "description": "Identified a Linear Client Secret, which may compromise secure integrations and sensitive project management data.", - "entropy": 2, - "name": "linear-client-secret", - "keywords": [ + ], + "pattern": "lin_api_(?i)[a-z0-9]{40}", + "confidence": "high" + }, + { + "description": "Identified a Linear Client Secret, which may compromise secure integrations and sensitive project management data.", + "entropy": 2, + "name": "linear-client-secret", + "keywords": [ "linear" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:linear)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-f0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Found a LinkedIn Client ID, risking unauthorized access to LinkedIn integrations and professional data exposure.", - "entropy": 2, - "name": "linkedin-client-id", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:linear)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-f0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Found a LinkedIn Client ID, risking unauthorized access to LinkedIn integrations and professional data exposure.", + "entropy": 2, + "name": "linkedin-client-id", + "keywords": [ "linkedin", "linked_in", "linked-in" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:linked[_-]?in)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{14})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a LinkedIn Client secret, potentially compromising LinkedIn application integrations and user data.", - "entropy": 2, - "name": "linkedin-client-secret", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:linked[_-]?in)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{14})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Discovered a LinkedIn Client secret, potentially compromising LinkedIn application integrations and user data.", + "entropy": 2, + "name": "linkedin-client-secret", + "keywords": [ "linkedin", "linked_in", "linked-in" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:linked[_-]?in)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{16})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Uncovered a Lob API Key, which could lead to unauthorized access to mailing and address verification services.", - "name": "lob-api-key", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:linked[_-]?in)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{16})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Uncovered a Lob API Key, which could lead to unauthorized access to mailing and address verification services.", + "name": "lob-api-key", + "keywords": [ "test_", "live_" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:lob)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}((live|test)_[a-f0-9]{35})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Detected a Lob Publishable API Key, posing a risk of exposing mail and print service integrations.", - "name": "lob-pub-api-key", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:lob)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}((live|test)_[a-f0-9]{35})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "low" + }, + { + "description": "Detected a Lob Publishable API Key, posing a risk of exposing mail and print service integrations.", + "name": "lob-pub-api-key", + "keywords": [ "test_pub", "live_pub", "_pub" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:lob)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}((test|live)_pub_[a-f0-9]{31})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Identified a Mailchimp API key, potentially compromising email marketing campaigns and subscriber data.", - "name": "mailchimp-api-key", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:lob)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}((test|live)_pub_[a-f0-9]{31})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "low" + }, + { + "description": "Identified a Mailchimp API key, potentially compromising email marketing campaigns and subscriber data.", + "name": "mailchimp-api-key", + "keywords": [ "mailchimp" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:MailchimpSDK.initialize|mailchimp)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-f0-9]{32}-us\\d\\d)(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Found a Mailgun private API token, risking unauthorized email service operations and data breaches.", - "name": "mailgun-private-api-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:MailchimpSDK.initialize|mailchimp)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-f0-9]{32}-us\\d\\d)(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Found a Mailgun private API token, risking unauthorized email service operations and data breaches.", + "name": "mailgun-private-api-token", + "keywords": [ "mailgun" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:mailgun)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(key-[a-f0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a Mailgun public validation key, which could expose email verification processes and associated data.", - "name": "mailgun-pub-key", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:mailgun)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(key-[a-f0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Discovered a Mailgun public validation key, which could expose email verification processes and associated data.", + "name": "mailgun-pub-key", + "keywords": [ "mailgun" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:mailgun)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(pubkey-[a-f0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Uncovered a Mailgun webhook signing key, potentially compromising email automation and data integrity.", - "name": "mailgun-signing-key", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:mailgun)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(pubkey-[a-f0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Uncovered a Mailgun webhook signing key, potentially compromising email automation and data integrity.", + "name": "mailgun-signing-key", + "keywords": [ "mailgun" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:mailgun)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Detected a MapBox API token, posing a risk to geospatial services and sensitive location data exposure.", - "name": "mapbox-api-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:mailgun)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Detected a MapBox API token, posing a risk to geospatial services and sensitive location data exposure.", + "name": "mapbox-api-token", + "keywords": [ "mapbox" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:mapbox)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(pk\\.[a-z0-9]{60}\\.[a-z0-9]{22})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Identified a Mattermost Access Token, which may compromise team communication channels and data privacy.", - "name": "mattermost-access-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:mapbox)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(pk\\.[a-z0-9]{60}\\.[a-z0-9]{22})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Identified a Mattermost Access Token, which may compromise team communication channels and data privacy.", + "name": "mattermost-access-token", + "keywords": [ "mattermost" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:mattermost)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{26})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Found a MessageBird API token, risking unauthorized access to communication platforms and message data.", - "name": "messagebird-api-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:mattermost)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{26})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Found a MessageBird API token, risking unauthorized access to communication platforms and message data.", + "name": "messagebird-api-token", + "keywords": [ "messagebird", "message-bird", "message_bird" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:message[_-]?bird)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{25})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a MessageBird client ID, potentially compromising API integrations and sensitive communication data.", - "name": "messagebird-client-id", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:message[_-]?bird)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{25})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Discovered a MessageBird client ID, potentially compromising API integrations and sensitive communication data.", + "name": "messagebird-client-id", + "keywords": [ "messagebird", "message-bird", "message_bird" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:message[_-]?bird)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Uncovered a Microsoft Teams Webhook, which could lead to unauthorized access to team collaboration tools and data leaks.", - "name": "microsoft-teams-webhook", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:message[_-]?bird)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Uncovered a Microsoft Teams Webhook, which could lead to unauthorized access to team collaboration tools and data leaks.", + "name": "microsoft-teams-webhook", + "keywords": [ "webhook.office.com", "webhookb2", "incomingwebhook" - ], - "pattern": "https://[a-z0-9]+\\.webhook\\.office\\.com/webhookb2/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}@[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}/IncomingWebhook/[a-z0-9]{32}/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}" - }, - { - "description": "Detected a Netlify Access Token, potentially compromising web hosting services and site management.", - "name": "netlify-access-token", - "keywords": [ + ], + "pattern": "https://[a-z0-9]+\\.webhook\\.office\\.com/webhookb2/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}@[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}/IncomingWebhook/[a-z0-9]{32}/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}", + "confidence": "high" + }, + { + "description": "Detected a Netlify Access Token, potentially compromising web hosting services and site management.", + "name": "netlify-access-token", + "keywords": [ "netlify" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:netlify)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9=_\\-]{40,46})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Identified a New Relic ingest browser API token, risking unauthorized access to application performance data and analytics.", - "name": "new-relic-browser-api-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:netlify)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9=_\\-]{40,46})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Identified a New Relic ingest browser API token, risking unauthorized access to application performance data and analytics.", + "name": "new-relic-browser-api-token", + "keywords": [ "nrjs-" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:new-relic|newrelic|new_relic)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(NRJS-[a-f0-9]{19})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a New Relic insight insert key, compromising data injection into the platform.", - "name": "new-relic-insert-key", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:new-relic|newrelic|new_relic)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(NRJS-[a-f0-9]{19})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Discovered a New Relic insight insert key, compromising data injection into the platform.", + "name": "new-relic-insert-key", + "keywords": [ "nrii-" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:new-relic|newrelic|new_relic)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(NRII-[a-z0-9-]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Found a New Relic user API ID, posing a risk to application monitoring services and data integrity.", - "name": "new-relic-user-api-id", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:new-relic|newrelic|new_relic)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(NRII-[a-z0-9-]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Found a New Relic user API ID, posing a risk to application monitoring services and data integrity.", + "name": "new-relic-user-api-id", + "keywords": [ "new-relic", "newrelic", "new_relic" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:new-relic|newrelic|new_relic)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a New Relic user API Key, which could lead to compromised application insights and performance monitoring.", - "name": "new-relic-user-api-key", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:new-relic|newrelic|new_relic)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Discovered a New Relic user API Key, which could lead to compromised application insights and performance monitoring.", + "name": "new-relic-user-api-key", + "keywords": [ "nrak" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:new-relic|newrelic|new_relic)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(NRAK-[a-z0-9]{27})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Uncovered an npm access token, potentially compromising package management and code repository access.", - "entropy": 2, - "name": "npm-access-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:new-relic|newrelic|new_relic)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(NRAK-[a-z0-9]{27})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Uncovered an npm access token, potentially compromising package management and code repository access.", + "entropy": 2, + "name": "npm-access-token", + "keywords": [ "npm_" - ], - "pattern": "(?i)\\b(npm_[a-z0-9]{36})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Identified a password within a Nuget config file, potentially compromising package management access.", - "entropy": 1, - "name": "nuget-config-password", - "keywords": [ + ], + "pattern": "(?i)\\b(npm_[a-z0-9]{36})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Identified a password within a Nuget config file, potentially compromising package management access.", + "entropy": 1, + "name": "nuget-config-password", + "keywords": [ "", - "allowlist": { + ], + "path": "(?i)nuget\\.config$", + "pattern": "(?i)", + "allowlist": { "regexes": [ - "33f!!lloppa", - "hal\\+9ooo_da!sY", - "^\\%\\S.*\\%$" + "33f!!lloppa", + "hal\\+9ooo_da!sY", + "^\\%\\S.*\\%$" ] - } }, - { - "description": "Detected a Nytimes Access Token, risking unauthorized access to New York Times APIs and content services.", - "name": "nytimes-access-token", - "keywords": [ + "confidence": "low" + }, + { + "description": "Detected a Nytimes Access Token, risking unauthorized access to New York Times APIs and content services.", + "name": "nytimes-access-token", + "keywords": [ "nytimes", "new-york-times", "newyorktimes" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:nytimes|new-york-times,|newyorktimes)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9=_\\-]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a potential Octopus Deploy API key, risking application deployments and operational security.", - "entropy": 3, - "name": "octopus-deploy-api-key", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:nytimes|new-york-times,|newyorktimes)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9=_\\-]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Discovered a potential Octopus Deploy API key, risking application deployments and operational security.", + "entropy": 3, + "name": "octopus-deploy-api-key", + "keywords": [ "api-" - ], - "pattern": "\\b(API-[A-Z0-9]{26})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Identified an Okta Access Token, which may compromise identity management services and user authentication data.", - "entropy": 4, - "name": "okta-access-token", - "keywords": [ + ], + "pattern": "\\b(API-[A-Z0-9]{26})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Identified an Okta Access Token, which may compromise identity management services and user authentication data.", + "entropy": 4, + "name": "okta-access-token", + "keywords": [ "okta" - ], - "pattern": "[\\w.-]{0,50}?(?i:[\\w.-]{0,50}?(?:(?-i:[Oo]kta|OKTA))(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3})(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(00[\\w=\\-]{40})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Found an OpenAI API Key, posing a risk of unauthorized access to AI services and data manipulation.", - "entropy": 3, - "name": "openai-api-key", - "keywords": [ + ], + "pattern": "[\\w.-]{0,50}?(?i:[\\w.-]{0,50}?(?:(?-i:[Oo]kta|OKTA))(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3})(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(00[\\w=\\-]{40})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Found an OpenAI API Key, posing a risk of unauthorized access to AI services and data manipulation.", + "entropy": 3, + "name": "openai-api-key", + "keywords": [ "t3blbkfj" - ], - "pattern": "\\b(sk-[a-zA-Z0-9]{20}T3BlbkFJ[a-zA-Z0-9]{20})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Found an OpenShift user token, potentially compromising an OpenShift/Kubernetes cluster.", - "entropy": 3.5, - "name": "openshift-user-token", - "keywords": [ + ], + "pattern": "\\b(sk-[a-zA-Z0-9]{20}T3BlbkFJ[a-zA-Z0-9]{20})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Found an OpenShift user token, potentially compromising an OpenShift/Kubernetes cluster.", + "entropy": 3.5, + "name": "openshift-user-token", + "keywords": [ "sha256~" - ], - "pattern": "\\b(sha256~[\\w-]{43})(?:[^\\w-]|\\z)" - }, - { - "description": "Discovered a Plaid API Token, potentially compromising financial data aggregation and banking services.", - "name": "plaid-api-token", - "keywords": [ + ], + "pattern": "\\b(sha256~[\\w-]{43})(?:[^\\w-]|\\z)", + "confidence": "high" + }, + { + "description": "Discovered a Plaid API Token, potentially compromising financial data aggregation and banking services.", + "name": "plaid-api-token", + "keywords": [ "plaid" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:plaid)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(access-(?:sandbox|development|production)-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Uncovered a Plaid Client ID, which could lead to unauthorized financial service integrations and data breaches.", - "entropy": 3.5, - "name": "plaid-client-id", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:plaid)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(access-(?:sandbox|development|production)-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Uncovered a Plaid Client ID, which could lead to unauthorized financial service integrations and data breaches.", + "entropy": 3.5, + "name": "plaid-client-id", + "keywords": [ "plaid" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:plaid)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{24})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Detected a Plaid Secret key, risking unauthorized access to financial accounts and sensitive transaction data.", - "entropy": 3.5, - "name": "plaid-secret-key", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:plaid)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{24})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Detected a Plaid Secret key, risking unauthorized access to financial accounts and sensitive transaction data.", + "entropy": 3.5, + "name": "plaid-secret-key", + "keywords": [ "plaid" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:plaid)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{30})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Identified a PlanetScale API token, potentially compromising database management and operations.", - "entropy": 3, - "name": "planetscale-api-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:plaid)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{30})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Identified a PlanetScale API token, potentially compromising database management and operations.", + "entropy": 3, + "name": "planetscale-api-token", + "keywords": [ "pscale_tkn_" - ], - "pattern": "\\b(pscale_tkn_(?i)[\\w=\\.-]{32,64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Found a PlanetScale OAuth token, posing a risk to database access control and sensitive data integrity.", - "entropy": 3, - "name": "planetscale-oauth-token", - "keywords": [ + ], + "pattern": "\\b(pscale_tkn_(?i)[\\w=\\.-]{32,64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Found a PlanetScale OAuth token, posing a risk to database access control and sensitive data integrity.", + "entropy": 3, + "name": "planetscale-oauth-token", + "keywords": [ "pscale_oauth_" - ], - "pattern": "\\b(pscale_oauth_[\\w=\\.-]{32,64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a PlanetScale password, which could lead to unauthorized database operations and data breaches.", - "entropy": 3, - "name": "planetscale-password", - "keywords": [ + ], + "pattern": "\\b(pscale_oauth_[\\w=\\.-]{32,64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Discovered a PlanetScale password, which could lead to unauthorized database operations and data breaches.", + "entropy": 3, + "name": "planetscale-password", + "keywords": [ "pscale_pw_" - ], - "pattern": "(?i)\\b(pscale_pw_(?i)[\\w=\\.-]{32,64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Uncovered a Postman API token, potentially compromising API testing and development workflows.", - "entropy": 3, - "name": "postman-api-token", - "keywords": [ + ], + "pattern": "(?i)\\b(pscale_pw_(?i)[\\w=\\.-]{32,64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Uncovered a Postman API token, potentially compromising API testing and development workflows.", + "entropy": 3, + "name": "postman-api-token", + "keywords": [ "pmak-" - ], - "pattern": "\\b(PMAK-(?i)[a-f0-9]{24}\\-[a-f0-9]{34})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Detected a Prefect API token, risking unauthorized access to workflow management and automation services.", - "entropy": 2, - "name": "prefect-api-token", - "keywords": [ + ], + "pattern": "\\b(PMAK-(?i)[a-f0-9]{24}\\-[a-f0-9]{34})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Detected a Prefect API token, risking unauthorized access to workflow management and automation services.", + "entropy": 2, + "name": "prefect-api-token", + "keywords": [ "pnu_" - ], - "pattern": "\\b(pnu_[a-zA-Z0-9]{36})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption.", - "name": "private-key", - "keywords": [ + ], + "pattern": "\\b(pnu_[a-zA-Z0-9]{36})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption.", + "name": "private-key", + "keywords": [ "-----begin" - ], - "pattern": "(?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY(?: BLOCK)?-----[\\s\\S-]*?KEY(?: BLOCK)?-----" - }, - { - "description": "Identified a PrivateAI Token, posing a risk of unauthorized access to AI services and data manipulation.", - "entropy": 3, - "name": "privateai-api-token", - "keywords": [ + ], + "pattern": "(?i)-----BEGIN[ A-Z0-9_-]{0,100}PRIVATE KEY(?: BLOCK)?-----[\\s\\S-]*?KEY(?: BLOCK)?-----", + "confidence": "low" + }, + { + "description": "Identified a PrivateAI Token, posing a risk of unauthorized access to AI services and data manipulation.", + "entropy": 3, + "name": "privateai-api-token", + "keywords": [ "privateai", "private_ai", "private-ai" - ], - "pattern": "[\\w.-]{0,50}?(?i:[\\w.-]{0,50}?(?:private[_-]?ai)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3})(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Found a Pulumi API token, posing a risk to infrastructure as code services and cloud resource management.", - "entropy": 2, - "name": "pulumi-api-token", - "keywords": [ + ], + "pattern": "[\\w.-]{0,50}?(?i:[\\w.-]{0,50}?(?:private[_-]?ai)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3})(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{32})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Found a Pulumi API token, posing a risk to infrastructure as code services and cloud resource management.", + "entropy": 2, + "name": "pulumi-api-token", + "keywords": [ "pul-" - ], - "pattern": "\\b(pul-[a-f0-9]{40})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a PyPI upload token, potentially compromising Python package distribution and repository integrity.", - "entropy": 3, - "name": "pypi-upload-token", - "keywords": [ + ], + "pattern": "\\b(pul-[a-f0-9]{40})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Discovered a PyPI upload token, potentially compromising Python package distribution and repository integrity.", + "entropy": 3, + "name": "pypi-upload-token", + "keywords": [ "pypi-ageichlwas5vcmc" - ], - "pattern": "pypi-AgEIcHlwaS5vcmc[\\w-]{50,1000}" - }, - { - "description": "Uncovered a RapidAPI Access Token, which could lead to unauthorized access to various APIs and data services.", - "name": "rapidapi-access-token", - "keywords": [ + ], + "pattern": "pypi-AgEIcHlwaS5vcmc[\\w-]{50,1000}", + "confidence": "high" + }, + { + "description": "Uncovered a RapidAPI Access Token, which could lead to unauthorized access to various APIs and data services.", + "name": "rapidapi-access-token", + "keywords": [ "rapidapi" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:rapidapi)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9_-]{50})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Detected a Readme API token, risking unauthorized documentation management and content exposure.", - "entropy": 2, - "name": "readme-api-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:rapidapi)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9_-]{50})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Detected a Readme API token, risking unauthorized documentation management and content exposure.", + "entropy": 2, + "name": "readme-api-token", + "keywords": [ "rdme_" - ], - "pattern": "\\b(rdme_[a-z0-9]{70})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Identified a Rubygem API token, potentially compromising Ruby library distribution and package management.", - "entropy": 2, - "name": "rubygems-api-token", - "keywords": [ + ], + "pattern": "\\b(rdme_[a-z0-9]{70})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Identified a Rubygem API token, potentially compromising Ruby library distribution and package management.", + "entropy": 2, + "name": "rubygems-api-token", + "keywords": [ "rubygems_" - ], - "pattern": "\\b(rubygems_[a-f0-9]{48})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Found a Scalingo API token, posing a risk to cloud platform services and application deployment security.", - "entropy": 2, - "name": "scalingo-api-token", - "keywords": [ + ], + "pattern": "\\b(rubygems_[a-f0-9]{48})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Found a Scalingo API token, posing a risk to cloud platform services and application deployment security.", + "entropy": 2, + "name": "scalingo-api-token", + "keywords": [ "tk-us-" - ], - "pattern": "\\b(tk-us-[\\w-]{48})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a Sendbird Access ID, which could compromise chat and messaging platform integrations.", - "name": "sendbird-access-id", - "keywords": [ + ], + "pattern": "\\b(tk-us-[\\w-]{48})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Discovered a Sendbird Access ID, which could compromise chat and messaging platform integrations.", + "name": "sendbird-access-id", + "keywords": [ "sendbird" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:sendbird)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Uncovered a Sendbird Access Token, potentially risking unauthorized access to communication services and user data.", - "name": "sendbird-access-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:sendbird)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Uncovered a Sendbird Access Token, potentially risking unauthorized access to communication services and user data.", + "name": "sendbird-access-token", + "keywords": [ "sendbird" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:sendbird)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-f0-9]{40})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Detected a SendGrid API token, posing a risk of unauthorized email service operations and data exposure.", - "entropy": 2, - "name": "sendgrid-api-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:sendbird)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-f0-9]{40})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Detected a SendGrid API token, posing a risk of unauthorized email service operations and data exposure.", + "entropy": 2, + "name": "sendgrid-api-token", + "keywords": [ "sg." - ], - "pattern": "\\b(SG\\.(?i)[a-z0-9=_\\-\\.]{66})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Identified a Sendinblue API token, which may compromise email marketing services and subscriber data privacy.", - "entropy": 2, - "name": "sendinblue-api-token", - "keywords": [ + ], + "pattern": "\\b(SG\\.(?i)[a-z0-9=_\\-\\.]{66})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Identified a Sendinblue API token, which may compromise email marketing services and subscriber data privacy.", + "entropy": 2, + "name": "sendinblue-api-token", + "keywords": [ "xkeysib-" - ], - "pattern": "\\b(xkeysib-[a-f0-9]{64}\\-(?i)[a-z0-9]{16})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Found a Sentry.io Access Token (old format), risking unauthorized access to error tracking services and sensitive application data.", - "entropy": 3, - "name": "sentry-access-token", - "keywords": [ + ], + "pattern": "\\b(xkeysib-[a-f0-9]{64}\\-(?i)[a-z0-9]{16})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Found a Sentry.io Access Token (old format), risking unauthorized access to error tracking services and sensitive application data.", + "entropy": 3, + "name": "sentry-access-token", + "keywords": [ "sentry" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:sentry)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-f0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Found a Sentry.io Organization Token, risking unauthorized access to error tracking services and sensitive application data.", - "entropy": 4.5, - "name": "sentry-org-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:sentry)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-f0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Found a Sentry.io Organization Token, risking unauthorized access to error tracking services and sensitive application data.", + "entropy": 4.5, + "name": "sentry-org-token", + "keywords": [ "sntrys_eyjpyxqio" - ], - "pattern": "\\bsntrys_eyJpYXQiO[a-zA-Z0-9+/]{10,200}(?:LCJyZWdpb25fdXJs|InJlZ2lvbl91cmwi|cmVnaW9uX3VybCI6)[a-zA-Z0-9+/]{10,200}={0,2}_[a-zA-Z0-9+/]{43}\\b" - }, - { - "description": "Found a Sentry.io User Token, risking unauthorized access to error tracking services and sensitive application data.", - "entropy": 3.5, - "name": "sentry-user-token", - "keywords": [ + ], + "pattern": "\\bsntrys_eyJpYXQiO[a-zA-Z0-9+/]{10,200}(?:LCJyZWdpb25fdXJs|InJlZ2lvbl91cmwi|cmVnaW9uX3VybCI6)[a-zA-Z0-9+/]{10,200}={0,2}_[a-zA-Z0-9+/]{43}\\b", + "confidence": "high" + }, + { + "description": "Found a Sentry.io User Token, risking unauthorized access to error tracking services and sensitive application data.", + "entropy": 3.5, + "name": "sentry-user-token", + "keywords": [ "sntryu_" - ], - "pattern": "\\b(sntryu_[a-f0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a Shippo API token, potentially compromising shipping services and customer order data.", - "entropy": 2, - "name": "shippo-api-token", - "keywords": [ + ], + "pattern": "\\b(sntryu_[a-f0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Discovered a Shippo API token, potentially compromising shipping services and customer order data.", + "entropy": 2, + "name": "shippo-api-token", + "keywords": [ "shippo_" - ], - "pattern": "\\b(shippo_(?:live|test)_[a-fA-F0-9]{40})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Uncovered a Shopify access token, which could lead to unauthorized e-commerce platform access and data breaches.", - "entropy": 2, - "name": "shopify-access-token", - "keywords": [ + ], + "pattern": "\\b(shippo_(?:live|test)_[a-fA-F0-9]{40})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Uncovered a Shopify access token, which could lead to unauthorized e-commerce platform access and data breaches.", + "entropy": 2, + "name": "shopify-access-token", + "keywords": [ "shpat_" - ], - "pattern": "shpat_[a-fA-F0-9]{32}" - }, - { - "description": "Detected a Shopify custom access token, potentially compromising custom app integrations and e-commerce data security.", - "entropy": 2, - "name": "shopify-custom-access-token", - "keywords": [ + ], + "pattern": "shpat_[a-fA-F0-9]{32}", + "confidence": "high" + }, + { + "description": "Detected a Shopify custom access token, potentially compromising custom app integrations and e-commerce data security.", + "entropy": 2, + "name": "shopify-custom-access-token", + "keywords": [ "shpca_" - ], - "pattern": "shpca_[a-fA-F0-9]{32}" - }, - { - "description": "Identified a Shopify private app access token, risking unauthorized access to private app data and store operations.", - "entropy": 2, - "name": "shopify-private-app-access-token", - "keywords": [ + ], + "pattern": "shpca_[a-fA-F0-9]{32}", + "confidence": "high" + }, + { + "description": "Identified a Shopify private app access token, risking unauthorized access to private app data and store operations.", + "entropy": 2, + "name": "shopify-private-app-access-token", + "keywords": [ "shppa_" - ], - "pattern": "shppa_[a-fA-F0-9]{32}" - }, - { - "description": "Found a Shopify shared secret, posing a risk to application authentication and e-commerce platform security.", - "entropy": 2, - "name": "shopify-shared-secret", - "keywords": [ + ], + "pattern": "shppa_[a-fA-F0-9]{32}", + "confidence": "high" + }, + { + "description": "Found a Shopify shared secret, posing a risk to application authentication and e-commerce platform security.", + "entropy": 2, + "name": "shopify-shared-secret", + "keywords": [ "shpss_" - ], - "pattern": "shpss_[a-fA-F0-9]{32}" - }, - { - "description": "Discovered a Sidekiq Secret, which could lead to compromised background job processing and application data breaches.", - "name": "sidekiq-secret", - "keywords": [ + ], + "pattern": "shpss_[a-fA-F0-9]{32}", + "confidence": "high" + }, + { + "description": "Discovered a Sidekiq Secret, which could lead to compromised background job processing and application data breaches.", + "name": "sidekiq-secret", + "keywords": [ "bundle_enterprise__contribsys__com", "bundle_gems__contribsys__com" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:BUNDLE_ENTERPRISE__CONTRIBSYS__COM|BUNDLE_GEMS__CONTRIBSYS__COM)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-f0-9]{8}:[a-f0-9]{8})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Uncovered a Sidekiq Sensitive URL, potentially exposing internal job queues and sensitive operation details.", - "name": "sidekiq-sensitive-url", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:BUNDLE_ENTERPRISE__CONTRIBSYS__COM|BUNDLE_GEMS__CONTRIBSYS__COM)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-f0-9]{8}:[a-f0-9]{8})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Uncovered a Sidekiq Sensitive URL, potentially exposing internal job queues and sensitive operation details.", + "name": "sidekiq-sensitive-url", + "keywords": [ "gems.contribsys.com", "enterprise.contribsys.com" - ], - "pattern": "(?i)\\bhttps?://([a-f0-9]{8}:[a-f0-9]{8})@(?:gems.contribsys.com|enterprise.contribsys.com)(?:[\\/|\\#|\\?|:]|$)" - }, - { - "description": "Detected a Slack App-level token, risking unauthorized access to Slack applications and workspace data.", - "entropy": 2, - "name": "slack-app-token", - "keywords": [ + ], + "pattern": "(?i)\\bhttps?://([a-f0-9]{8}:[a-f0-9]{8})@(?:gems.contribsys.com|enterprise.contribsys.com)(?:[\\/|\\#|\\?|:]|$)", + "confidence": "high" + }, + { + "description": "Detected a Slack App-level token, risking unauthorized access to Slack applications and workspace data.", + "entropy": 2, + "name": "slack-app-token", + "keywords": [ "xapp" - ], - "pattern": "(?i)xapp-\\d-[A-Z0-9]+-\\d+-[a-z0-9]+" - }, - { - "description": "Identified a Slack Bot token, which may compromise bot integrations and communication channel security.", - "entropy": 3, - "name": "slack-bot-token", - "keywords": [ + ], + "pattern": "(?i)xapp-\\d-[A-Z0-9]+-\\d+-[a-z0-9]+", + "confidence": "high" + }, + { + "description": "Identified a Slack Bot token, which may compromise bot integrations and communication channel security.", + "entropy": 3, + "name": "slack-bot-token", + "keywords": [ "xoxb" - ], - "pattern": "xoxb-[0-9]{10,13}-[0-9]{10,13}[a-zA-Z0-9-]*" - }, - { - "description": "Found a Slack Configuration access token, posing a risk to workspace configuration and sensitive data access.", - "entropy": 2, - "name": "slack-config-access-token", - "keywords": [ + ], + "pattern": "xoxb-[0-9]{10,13}-[0-9]{10,13}[a-zA-Z0-9-]*", + "confidence": "high" + }, + { + "description": "Found a Slack Configuration access token, posing a risk to workspace configuration and sensitive data access.", + "entropy": 2, + "name": "slack-config-access-token", + "keywords": [ "xoxe.xoxb-", "xoxe.xoxp-" - ], - "pattern": "(?i)xoxe.xox[bp]-\\d-[A-Z0-9]{163,166}" - }, - { - "description": "Discovered a Slack Configuration refresh token, potentially allowing prolonged unauthorized access to configuration settings.", - "entropy": 2, - "name": "slack-config-refresh-token", - "keywords": [ + ], + "pattern": "(?i)xoxe.xox[bp]-\\d-[A-Z0-9]{163,166}", + "confidence": "high" + }, + { + "description": "Discovered a Slack Configuration refresh token, potentially allowing prolonged unauthorized access to configuration settings.", + "entropy": 2, + "name": "slack-config-refresh-token", + "keywords": [ "xoxe-" - ], - "pattern": "(?i)xoxe-\\d-[A-Z0-9]{146}" - }, - { - "description": "Uncovered a Slack Legacy bot token, which could lead to compromised legacy bot operations and data exposure.", - "entropy": 2, - "name": "slack-legacy-bot-token", - "keywords": [ + ], + "pattern": "(?i)xoxe-\\d-[A-Z0-9]{146}", + "confidence": "high" + }, + { + "description": "Uncovered a Slack Legacy bot token, which could lead to compromised legacy bot operations and data exposure.", + "entropy": 2, + "name": "slack-legacy-bot-token", + "keywords": [ "xoxb" - ], - "pattern": "xoxb-[0-9]{8,14}-[a-zA-Z0-9]{18,26}" - }, - { - "description": "Detected a Slack Legacy token, risking unauthorized access to older Slack integrations and user data.", - "entropy": 2, - "name": "slack-legacy-token", - "keywords": [ + ], + "pattern": "xoxb-[0-9]{8,14}-[a-zA-Z0-9]{18,26}", + "confidence": "high" + }, + { + "description": "Detected a Slack Legacy token, risking unauthorized access to older Slack integrations and user data.", + "entropy": 2, + "name": "slack-legacy-token", + "keywords": [ "xoxo", "xoxs" - ], - "pattern": "xox[os]-\\d+-\\d+-\\d+-[a-fA-F\\d]+" - }, - { - "description": "Identified a Slack Legacy Workspace token, potentially compromising access to workspace data and legacy features.", - "entropy": 2, - "name": "slack-legacy-workspace-token", - "keywords": [ + ], + "pattern": "xox[os]-\\d+-\\d+-\\d+-[a-fA-F\\d]+", + "confidence": "high" + }, + { + "description": "Identified a Slack Legacy Workspace token, potentially compromising access to workspace data and legacy features.", + "entropy": 2, + "name": "slack-legacy-workspace-token", + "keywords": [ "xoxa", "xoxr" - ], - "pattern": "xox[ar]-(?:\\d-)?[0-9a-zA-Z]{8,48}" - }, - { - "description": "Found a Slack User token, posing a risk of unauthorized user impersonation and data access within Slack workspaces.", - "entropy": 2, - "name": "slack-user-token", - "keywords": [ + ], + "pattern": "xox[ar]-(?:\\d-)?[0-9a-zA-Z]{8,48}", + "confidence": "high" + }, + { + "description": "Found a Slack User token, posing a risk of unauthorized user impersonation and data access within Slack workspaces.", + "entropy": 2, + "name": "slack-user-token", + "keywords": [ "xoxp-", "xoxe-" - ], - "pattern": "xox[pe](?:-[0-9]{10,13}){3}-[a-zA-Z0-9-]{28,34}" - }, - { - "description": "Discovered a Slack Webhook, which could lead to unauthorized message posting and data leakage in Slack channels.", - "name": "slack-webhook-url", - "keywords": [ + ], + "pattern": "xox[pe](?:-[0-9]{10,13}){3}-[a-zA-Z0-9-]{28,34}", + "confidence": "high" + }, + { + "description": "Discovered a Slack Webhook, which could lead to unauthorized message posting and data leakage in Slack channels.", + "name": "slack-webhook-url", + "keywords": [ "hooks.slack.com" - ], - "pattern": "(?:https?://)?hooks.slack.com/(?:services|workflows)/[A-Za-z0-9+/]{43,46}" - }, - { - "description": "Uncovered a Snyk API token, potentially compromising software vulnerability scanning and code security.", - "name": "snyk-api-token", - "keywords": [ + ], + "pattern": "(?:https?://)?hooks.slack.com/(?:services|workflows)/[A-Za-z0-9+/]{43,46}", + "confidence": "high" + }, + { + "description": "Uncovered a Snyk API token, potentially compromising software vulnerability scanning and code security.", + "name": "snyk-api-token", + "keywords": [ "snyk" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:snyk[_.-]?(?:(?:api|oauth)[_.-]?)?(?:key|token))(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Detected a Square Access Token, risking unauthorized payment processing and financial transaction exposure.", - "entropy": 2, - "name": "square-access-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:snyk[_.-]?(?:(?:api|oauth)[_.-]?)?(?:key|token))(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Detected a Square Access Token, risking unauthorized payment processing and financial transaction exposure.", + "entropy": 2, + "name": "square-access-token", + "keywords": [ "sq0atp-", "eaaa" - ], - "pattern": "\\b((?:EAAA|sq0atp-)[\\w-]{22,60})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Identified a Squarespace Access Token, which may compromise website management and content control on Squarespace.", - "name": "squarespace-access-token", - "keywords": [ + ], + "pattern": "\\b((?:EAAA|sq0atp-)[\\w-]{22,60})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Identified a Squarespace Access Token, which may compromise website management and content control on Squarespace.", + "name": "squarespace-access-token", + "keywords": [ "squarespace" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:squarespace)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Found a Stripe Access Token, posing a risk to payment processing services and sensitive financial data.", - "entropy": 2, - "name": "stripe-access-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:squarespace)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Found a Stripe Access Token, posing a risk to payment processing services and sensitive financial data.", + "entropy": 2, + "name": "stripe-access-token", + "keywords": [ "sk_test", "sk_live", "sk_prod", "rk_test", "rk_live", "rk_prod" - ], - "pattern": "\\b((?:sk|rk)_(?:test|live|prod)_[a-zA-Z0-9]{10,99})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a SumoLogic Access ID, potentially compromising log management services and data analytics integrity.", - "entropy": 3, - "name": "sumologic-access-id", - "keywords": [ + ], + "pattern": "\\b((?:sk|rk)_(?:test|live|prod)_[a-zA-Z0-9]{10,99})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Discovered a SumoLogic Access ID, potentially compromising log management services and data analytics integrity.", + "entropy": 3, + "name": "sumologic-access-id", + "keywords": [ "sumo" - ], - "pattern": "[\\w.-]{0,50}?(?i:[\\w.-]{0,50}?(?:(?-i:[Ss]umo|SUMO))(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3})(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(su[a-zA-Z0-9]{12})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Uncovered a SumoLogic Access Token, which could lead to unauthorized access to log data and analytics insights.", - "entropy": 3, - "name": "sumologic-access-token", - "keywords": [ + ], + "pattern": "[\\w.-]{0,50}?(?i:[\\w.-]{0,50}?(?:(?-i:[Ss]umo|SUMO))(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3})(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(su[a-zA-Z0-9]{12})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Uncovered a SumoLogic Access Token, which could lead to unauthorized access to log data and analytics insights.", + "entropy": 3, + "name": "sumologic-access-token", + "keywords": [ "sumo" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:(?-i:[Ss]umo|SUMO))(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Detected a Telegram Bot API Token, risking unauthorized bot operations and message interception on Telegram.", - "name": "telegram-bot-api-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:(?-i:[Ss]umo|SUMO))(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Detected a Telegram Bot API Token, risking unauthorized bot operations and message interception on Telegram.", + "name": "telegram-bot-api-token", + "keywords": [ "telegr" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:telegr)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([0-9]{5,16}:(?-i:A)[a-z0-9_\\-]{34})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Identified a Travis CI Access Token, potentially compromising continuous integration services and codebase security.", - "name": "travisci-access-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:telegr)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([0-9]{5,16}:(?-i:A)[a-z0-9_\\-]{34})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Identified a Travis CI Access Token, potentially compromising continuous integration services and codebase security.", + "name": "travisci-access-token", + "keywords": [ "travis" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:travis)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{22})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Found a Twilio API Key, posing a risk to communication services and sensitive customer interaction data.", - "entropy": 3, - "name": "twilio-api-key", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:travis)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{22})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Found a Twilio API Key, posing a risk to communication services and sensitive customer interaction data.", + "entropy": 3, + "name": "twilio-api-key", + "keywords": [ "sk" - ], - "pattern": "SK[0-9a-fA-F]{32}" - }, - { - "description": "Discovered a Twitch API token, which could compromise streaming services and account integrations.", - "name": "twitch-api-token", - "keywords": [ + ], + "pattern": "SK[0-9a-fA-F]{32}", + "confidence": "medium" + }, + { + "description": "Discovered a Twitch API token, which could compromise streaming services and account integrations.", + "name": "twitch-api-token", + "keywords": [ "twitch" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:twitch)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{30})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Uncovered a Twitter Access Secret, potentially risking unauthorized Twitter integrations and data breaches.", - "name": "twitter-access-secret", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:twitch)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{30})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Uncovered a Twitter Access Secret, potentially risking unauthorized Twitter integrations and data breaches.", + "name": "twitter-access-secret", + "keywords": [ "twitter" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:twitter)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{45})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Detected a Twitter Access Token, posing a risk of unauthorized account operations and social media data exposure.", - "name": "twitter-access-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:twitter)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{45})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Detected a Twitter Access Token, posing a risk of unauthorized account operations and social media data exposure.", + "name": "twitter-access-token", + "keywords": [ "twitter" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:twitter)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([0-9]{15,25}-[a-zA-Z0-9]{20,40})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Identified a Twitter API Key, which may compromise Twitter application integrations and user data security.", - "name": "twitter-api-key", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:twitter)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([0-9]{15,25}-[a-zA-Z0-9]{20,40})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Identified a Twitter API Key, which may compromise Twitter application integrations and user data security.", + "name": "twitter-api-key", + "keywords": [ "twitter" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:twitter)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{25})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Found a Twitter API Secret, risking the security of Twitter app integrations and sensitive data access.", - "name": "twitter-api-secret", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:twitter)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{25})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Found a Twitter API Secret, risking the security of Twitter app integrations and sensitive data access.", + "name": "twitter-api-secret", + "keywords": [ "twitter" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:twitter)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{50})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a Twitter Bearer Token, potentially compromising API access and data retrieval from Twitter.", - "name": "twitter-bearer-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:twitter)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{50})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Discovered a Twitter Bearer Token, potentially compromising API access and data retrieval from Twitter.", + "name": "twitter-bearer-token", + "keywords": [ "twitter" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:twitter)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(A{22}[a-zA-Z0-9%]{80,100})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Uncovered a Typeform API token, which could lead to unauthorized survey management and data collection.", - "name": "typeform-api-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:twitter)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(A{22}[a-zA-Z0-9%]{80,100})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Uncovered a Typeform API token, which could lead to unauthorized survey management and data collection.", + "name": "typeform-api-token", + "keywords": [ "tfp_" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:typeform)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(tfp_[a-z0-9\\-_\\.=]{59})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Detected a Vault Batch Token, risking unauthorized access to secret management services and sensitive data.", - "entropy": 4, - "name": "vault-batch-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:typeform)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(tfp_[a-z0-9\\-_\\.=]{59})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Detected a Vault Batch Token, risking unauthorized access to secret management services and sensitive data.", + "entropy": 4, + "name": "vault-batch-token", + "keywords": [ "hvb." - ], - "pattern": "\\b(hvb\\.[\\w-]{138,300})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Identified a Vault Service Token, potentially compromising infrastructure security and access to sensitive credentials.", - "entropy": 3.5, - "name": "vault-service-token", - "keywords": [ + ], + "pattern": "\\b(hvb\\.[\\w-]{138,300})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "high" + }, + { + "description": "Identified a Vault Service Token, potentially compromising infrastructure security and access to sensitive credentials.", + "entropy": 3.5, + "name": "vault-service-token", + "keywords": [ "hvs.", "s." - ], - "pattern": "\\b((?:hvs\\.[\\w-]{90,120}|s\\.(?i:[a-z0-9]{24})))(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", - "allowlist": { + ], + "pattern": "\\b((?:hvs\\.[\\w-]{90,120}|s\\.(?i:[a-z0-9]{24})))(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "allowlist": { "regexes": [ - "s\\.[A-Za-z]{24}" + "s\\.[A-Za-z]{24}" ] - } }, - { - "description": "Found a Yandex Access Token, posing a risk to Yandex service integrations and user data privacy.", - "name": "yandex-access-token", - "keywords": [ + "confidence": "high" + }, + { + "description": "Found a Yandex Access Token, posing a risk to Yandex service integrations and user data privacy.", + "name": "yandex-access-token", + "keywords": [ "yandex" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:yandex)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(t1\\.[A-Z0-9a-z_-]+[=]{0,2}\\.[A-Z0-9a-z_-]{86}[=]{0,2})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Discovered a Yandex API Key, which could lead to unauthorized access to Yandex services and data manipulation.", - "name": "yandex-api-key", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:yandex)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(t1\\.[A-Z0-9a-z_-]+[=]{0,2}\\.[A-Z0-9a-z_-]{86}[=]{0,2})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Discovered a Yandex API Key, which could lead to unauthorized access to Yandex services and data manipulation.", + "name": "yandex-api-key", + "keywords": [ "yandex" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:yandex)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(AQVN[A-Za-z0-9_\\-]{35,38})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Uncovered a Yandex AWS Access Token, potentially compromising cloud resource access and data security on Yandex Cloud.", - "name": "yandex-aws-access-token", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:yandex)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(AQVN[A-Za-z0-9_\\-]{35,38})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Uncovered a Yandex AWS Access Token, potentially compromising cloud resource access and data security on Yandex Cloud.", + "name": "yandex-aws-access-token", + "keywords": [ "yandex" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:yandex)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(YC[a-zA-Z0-9_\\-]{38})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - }, - { - "description": "Detected a Zendesk Secret Key, risking unauthorized access to customer support services and sensitive ticketing data.", - "name": "zendesk-secret-key", - "keywords": [ + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:yandex)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}(YC[a-zA-Z0-9_\\-]{38})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + }, + { + "description": "Detected a Zendesk Secret Key, risking unauthorized access to customer support services and sensitive ticketing data.", + "name": "zendesk-secret-key", + "keywords": [ "zendesk" - ], - "pattern": "(?i)[\\w.-]{0,50}?(?:zendesk)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{40})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)" - } + ], + "pattern": "(?i)[\\w.-]{0,50}?(?:zendesk)(?:[ \\t\\w.-]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:{1,3}=|\\|\\|:|<=|=>|:|\\?=)(?:'|\\\"|\\s|=|\\x60){0,5}([a-z0-9]{40})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "confidence": "medium" + } ]