added artifacts
This commit is contained in:
@@ -0,0 +1,106 @@
|
||||
package scanning
|
||||
|
||||
// pattern holds a compiled regex-like pattern string and its metadata.
|
||||
// We use raw string patterns rather than importing regexp for each check;
|
||||
// the Scanner compiles all patterns once at startup.
|
||||
type pattern struct {
|
||||
Name string
|
||||
Description string
|
||||
Raw string // the regex pattern (compiled at init)
|
||||
Severity string // "high", "medium", "low"
|
||||
}
|
||||
|
||||
// Patterns is the list of secret patterns checked against every pushed commit.
|
||||
// Patterns are ordered by severity — high first.
|
||||
var Patterns = []pattern{
|
||||
{
|
||||
Name: "aws-access-key-id",
|
||||
Description: "AWS Access Key ID",
|
||||
Raw: `AKIA[0-9A-Z]{16}`,
|
||||
Severity: "high",
|
||||
},
|
||||
{
|
||||
Name: "aws-secret-key",
|
||||
Description: "AWS Secret Access Key",
|
||||
Raw: `(?i)aws[_-]?(secret|private)[_-]?(access[_-]?)?key['"]?\s*[:=]\s*['"]?[A-Za-z0-9\/+=]{40}`,
|
||||
Severity: "high",
|
||||
},
|
||||
{
|
||||
Name: "github-token",
|
||||
Description: "GitHub Personal Access Token",
|
||||
Raw: `gh[pousr]_[A-Za-z0-9_]{36,}`,
|
||||
Severity: "high",
|
||||
},
|
||||
{
|
||||
Name: "gitlab-token",
|
||||
Description: "GitLab Personal Access Token",
|
||||
Raw: `glpat-[A-Za-z0-9\-_]{20,}`,
|
||||
Severity: "high",
|
||||
},
|
||||
{
|
||||
Name: "generic-api-key",
|
||||
Description: "Generic API key assignment (high entropy)",
|
||||
Raw: `(?i)(api[_-]?key|apikey|api[_-]?secret|api[_-]?token)['"]?\s*[:=]\s*['"][A-Za-z0-9_\-\.]{20,64}`,
|
||||
Severity: "high",
|
||||
},
|
||||
{
|
||||
Name: "bearer-token",
|
||||
Description: "Bearer token in HTTP header",
|
||||
Raw: `(?i)authorization:\s*bearer\s+[A-Za-z0-9_\-\.]{20,}`,
|
||||
Severity: "high",
|
||||
},
|
||||
{
|
||||
Name: "slack-token",
|
||||
Description: "Slack Bot / Webhook token",
|
||||
Raw: `xox[baprs]-[A-Za-z0-9\-]{10,}`,
|
||||
Severity: "high",
|
||||
},
|
||||
{
|
||||
Name: "google-api-key",
|
||||
Description: "Google API Key",
|
||||
Raw: `AIza[0-9A-Za-z\-_]{35}`,
|
||||
Severity: "high",
|
||||
},
|
||||
{
|
||||
Name: "google-service-account",
|
||||
Description: "Google Service Account",
|
||||
Raw: `[0-9]+-[0-9a-z]{32}\.apps\.googleusercontent\.com`,
|
||||
Severity: "high",
|
||||
},
|
||||
{
|
||||
Name: "ssh-private-key",
|
||||
Description: "SSH / TLS private key embed",
|
||||
Raw: `-----BEGIN\s+(RSA|EC|OPENSSH|DSA|PRIVATE)(\s+PRIVATE)?\s+KEY-----`,
|
||||
Severity: "high",
|
||||
},
|
||||
{
|
||||
Name: "jwt-token",
|
||||
Description: "JSON Web Token (JWT)",
|
||||
Raw: `eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}`,
|
||||
Severity: "medium",
|
||||
},
|
||||
{
|
||||
Name: "generic-password",
|
||||
Description: "Generic password/secret field assignment",
|
||||
Raw: `(?i)(password|passwd|pwd|secret)['"]?\s*[:=]\s*['"][A-Za-z0-9!@#$%^&*()_+\-=\[\]{}|;:,.<>?]{8,}`,
|
||||
Severity: "medium",
|
||||
},
|
||||
{
|
||||
Name: "npm-token",
|
||||
Description: "npm access token",
|
||||
Raw: `npm_[A-Za-z0-9]{36,}`,
|
||||
Severity: "high",
|
||||
},
|
||||
{
|
||||
Name: "pg-connection-string",
|
||||
Description: "PostgreSQL connection string",
|
||||
Raw: `postgres(ql)?://[A-Za-z0-9_]+:[^@\s]+@`,
|
||||
Severity: "high",
|
||||
},
|
||||
{
|
||||
Name: "redis-connection-string",
|
||||
Description: "Redis connection string with password",
|
||||
Raw: `redis://[^:@\s]+:[^@\s]+@`,
|
||||
Severity: "high",
|
||||
},
|
||||
}
|
||||
Reference in New Issue
Block a user