Skip to content

Commit f2cc043

Browse files
postman-insights-builds[bot]postman-insights-builds[bot]
authored
Update redaction configuration (#52)
Co-authored-by: postman-insights-builds[bot] <146154414+postman-insights-builds[bot]@users.noreply.github.com>
1 parent 80526a5 commit f2cc043

File tree

1 file changed

+206
-156
lines changed

1 file changed

+206
-156
lines changed

trace/obfuscation_config.yaml

Lines changed: 206 additions & 156 deletions
Original file line numberDiff line numberDiff line change
@@ -1,158 +1,208 @@
1-
# Alphabetical list of sensitive keys
21
sensitive_keys:
3-
- api_key
4-
- api-key
5-
- auth
6-
- auth-key
7-
- encryption_key
8-
- postman_sid
9-
- proxy-authorization
10-
- set-cookie
11-
- sso_jwt_key
12-
- token
13-
- x-access-token
14-
- x-amz-security-token
15-
- x-api-key
16-
- x-auth-token
17-
- x-csrf-token
18-
- x-support-secret
19-
2+
- accessToken
3+
- api-key
4+
- api_key
5+
- auth
6+
- auth-key
7+
- authKey
8+
- clientSecret
9+
- clientToken
10+
- consumerSecret
11+
- encryption_key
12+
- password
13+
- postman_sid
14+
- proxy-authorization
15+
- secretKey
16+
- sessionToken
17+
- set-cookie
18+
- sso_jwt_key
19+
- token
20+
- tokenSecret
21+
- x-access-token
22+
- x-amz-security-token
23+
- x-api-key
24+
- x-auth-token
25+
- x-csrf-token
26+
- x-support-secret
2027
sensitive_value_regexes:
21-
- \bPMAK-[a-f0-9]{24}\b # Unit Test Regex
22-
- (?i)https:\/\/creator\.zoho\.com\/api\/[A-Za-z0-9\/\-_\.]+\?authtoken=[A-Za-z0-9]+
23-
- \bt1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2}\b
24-
- \b(live|test)_[a-f0-9]{35}\b
25-
- (?i)https:\/\/[\w-]*\.?zoom\.us\/(j|my)\/[\d\w?=-]+\b
26-
- \bb\.AAAAAQ[0-9a-zA-Z_-]{156}\b
27-
- (?i)\beyJhbGciOi[a-z0-9_\-\.]{2,1000}\b
28-
- \bpypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}\b
29-
- \bFLWSECK_TEST[a-h0-9]{12}\b
30-
- \bnpm_[a-zA-Z0-9]{36}\b
31-
- \b[0-9]{15,25}-[a-zA-Z0-9]{20,40}\b
32-
- \bSSWS [a-zA-Z0-9=_\-]{42}\b
33-
- \bEZAK[a-zA-Z0-9]{54}\b
34-
- \b(?:pat|sat)\.[a-zA-Z0-9]{22}\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{20}\b
35-
- \bico-[a-zA-Z0-9]{32}\b
36-
- \bflb_live_[0-9a-zA-Z]{20}\b
37-
- \b[0-9a-f]{32}-us[0-9]{1,2}\b
38-
- \bdp\.audit\.[a-zA-Z0-9]{40,44}\b
39-
- (?i)\bduffel_live_[a-zA-Z0-9_-]{43}\b
40-
- \b(amqp|amqps):\/\/[\d\w\:?=-]+\b
41-
- \b[A-Za-z0-9]{14}\.atlasv1\.[A-Za-z0-9]{67}\b
42-
- (?i)\bsk-ant-api[0-9]{2}-[0-9a-z\-\_]{95}\b
43-
- \bdp\.pt\.[a-zA-Z0-9]{40,44}\b
44-
- \bAQVN[A-Za-z0-9_\-]{35,38}\b
45-
- (?i)\bsk_live_[0-9a-z]{24}\b
46-
- '[-]{5}BEGIN EC PRIVATE KEY[-]{5}([\s\S]{128,}?)[-]{5}END EC PRIVATE KEY[-]{5}'
47-
- \bhttps:\/\/[\w-]*\.?alchemyapi\.io\/v2\/[\d\w?=-]+\b
48-
- \bNRBR-[a-fA-F0-9]{19}\b
49-
- \b\d{15,16}(?:\||%)[0-9a-zA-Z_-]{27,40}\b
50-
- \bpscale_tkn_[A-Za-z0-9_]{43}\b
51-
- \btfp_[0-9A-Za-z-_]{59}\b
52-
- \bhttps:\/\/discord\.com\/api\/webhooks\/([0-9]{18,20})\/([0-9a-zA-Z_-]+)\b
53-
- (?i)\blin_api_[a-zA-Z0-9]{40}\b
54-
- \bdp\.sa\.[a-zA-Z0-9]{40,44}\b
55-
- \bdnkey-[a-zA-Z0-9=_\-]{26}-[a-zA-Z0-9=_\-]{52}\b
56-
- \b(pk|dk)_(prod|test)_[a-zA-Z0-9]{28}\b
57-
- \bglsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8}\b
58-
- (?i)\bhttps:\/\/api\.hubapi\.com\/webhooks\/v1\/[a-zA-Z0-9]+\/
59-
- \bhttps://[a-f0-9]{8}:[a-f0-9]{8}@(?:gems\.contribsys\.com|enterprise\.contribsys\.com)
60-
- Bearer xoxe.xox[bp]-\d-[a-zA-Z0-9]{163,166}
61-
- \bPMAK-[a-f0-9]{24}-[a-f0-9]{34}\b
62-
- \bSK[A-Fa-f0-9]{32}\b
63-
- (?i)\bshpat_[a-fA-F0-9]{32}\b
64-
- (?i)\bshppa_[a-fA-F0-9]{32}\b
65-
- (?i)\bfigd_[0-9a-z_-]{40}\b
66-
- \bp8e\-[a-zA-Z0-9\-]{32}\b
67-
- Bearer xapp-\d-[A-Z0-9]+-\d+-[a-z0-9]+
68-
- (?i)[0-9]+-[0-9a-z_]{32}\.apps\.googleusercontent\.com
69-
- (?i)https:\/\/(?:www.)?hooks\.zapier\.com\/hooks\/catch\/[a-z0-9]+\/[a-z0-9]+\/
70-
- \b(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}\b
71-
- \brzp_live_[0-9a-zA-Z-_]+\b
72-
- (?i)\bpk_[0-9a-z]{34}\b
73-
- (?i)\bshippo_test_[a-fA-F0-9]{40}\b
74-
- \b(pscale_pw_[a-zA-Z0-9=\-_\.]{32,64})\b
75-
- \bAIza[0-9a-zA-Z-_]{35}\b
76-
- '[-]{5}BEGIN OPENSSH PRIVATE KEY[-]{5}([\s\S]{128,}?)[-]{5}END OPENSSH PRIVATE KEY[-]{5}'
77-
- '[-]{5}BEGIN RSA PRIVATE KEY[-]{5}([\s\S]{128,}?)[-]{5}END RSA PRIVATE KEY[-]{5}'
78-
- (?i)\bduffel_test_[a-zA-Z0-9_-]{43}\b
79-
- (?i)\br8_[0-9a-z-_]{37}\b
80-
- (?i)\bhf_[0-9a-z]{34}\b
81-
- \b[a-f0-9]{8}:[a-f0-9]{8}\b
82-
- \bakaa[0-9a-z-]{15,1000}\b
83-
- (?i)\bghr_[0-9a-zA-Z]{36}\b
84-
- (?i)\bshippo_live_[a-fA-F0-9]{40}\b
85-
- \bglptt-[0-9a-f]{40}\b
86-
- \bdapi([a-hA-H0-9]{32})\b
87-
- \bpscale_app_secret_[a-zA-Z0-9=\-_\.]{43}\b
88-
- Bearer xox[os]-\d+-\d+-\d+-[a-fA-F\d]+
89-
- \bdt0c01\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{64}\b
90-
- \b(glc_[A-Za-z0-9+\/]{32,400}={0,2})\b
91-
- (?i)\brubygems_[a-f0-9]{48}\b
92-
- (?i)\bCCIPAT_[0-9a-z]{22}_[0-9a-z]{40}\b
93-
- \bNRII-[a-zA-Z0-9-]{32}\b
94-
- Bearer xoxb-[0-9]{10,13}\-[0-9]{10,13}[a-zA-Z0-9-]*
95-
- (?i)\bghp_[A-Z0-9]{36}\b
96-
- \bakab-[a-zA-Z0-9]{16}-[a-zA-Z0-9]{16}\b
97-
- (?i)\bgh[us]_[0-9a-zA-Z]{36}\b
98-
- \bGR1348941[0-9a-zA-Z\-\_]{20}\b
99-
- \bdp\.ct\.[a-zA-Z0-9]{40,44}\b
100-
- \bapi_org_[a-zA-Z]{34}\b
101-
- \beyJrIjoi[A-Za-z0-9]{70,400}={0,2}\b
102-
- \btk-us-[a-zA-Z0-9-_]{48}\b
103-
- \bAGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}\b
104-
- \bsu[a-zA-Z0-9]{12}\b
105-
- (?i)\bBasic [A-Z0-9+/]{8,1000}[=]{0,2}
106-
- '[-]{5}BEGIN DSA PRIVATE KEY[-]{5}([\s\S]{128,}?)[-]{5}END DSA PRIVATE KEY[-]{5}'
107-
- \bdG9rO[0-9a-zA-Z]{54}\=
108-
- \bphc_[a-zA-Z0-9_]{43}\b
109-
- \bBearer [A-Za-z0-9\-._~+/]{8,1000}[=]{0,2}
110-
- (?i)\bNRAK-[0-9a-z-_]{27}\b
111-
- (?i)\bgho_[0-9a-zA-Z]{36}\b
112-
- (?i)\bpul-[a-fA-F0-9]{40}\b
113-
- (?i)\bhttps:\/\/chat\.twilio\.com\/v2\/Services\/[a-zA-Z0-9]{32}\b
114-
- \bpub-c-[0-9a-z]{8}-[0-9a-z]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}\b
115-
- \baio\_[a-zA-Z0-9]{28}\b
116-
- \b(live|test)_[a-f0-9]{35}\b
117-
- \bpk\.[a-zA-Z0-9]{60,70}\.[a-zA-Z0-9]{22}\b
118-
- '[-]{5}BEGIN PGP PRIVATE KEY BLOCK[-]{5}([\s\S]{128,}?)[-]{5}END PGP PRIVATE KEY BLOCK[-]{5}'
119-
- \bsk_[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\b
120-
- (?i)\bdo[por]_v1_[a-f0-9]{64}\b
121-
- \bey[a-zA-Z0-9]{17,512}\.ey[a-zA-Z0-9/_-]{17,512}\.[a-zA-Z0-9/_-]{17,512}={0,2}\b
122-
- \bLTAI[a-zA-Z0-9]{20}\b
123-
- \brdme_[a-zA-Z0-9]{70}\b
124-
- \bsecret_[0-9a-zA-Z-_]{43}\b
125-
- (?i)\bpk_[0-9]{7,8}_[0-9a-z]{32}\b
126-
- Bearer [0-9]{15,25}-[a-zA-Z0-9]{20,40}
127-
- \bpnu_[a-zA-Z0-9]{36}\b
128-
- \bsub-c-[0-9a-z]{8}-[a-z]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}\b
129-
- \bfio-u-[a-zA-Z0-9\-_=]{64}\b
130-
- (?i)\brk_live_[0-9a-z]{24}\b
131-
- \bion_[a-zA-Z0-9]{42}\b
132-
- \bkey[a-zA-Z0-9]{14}\b
133-
- https:\/\/www\.google\.com\/calendar\/embed\?src=[A-Za-z0-9%\@&;=\-_\.\/]+
134-
- \bpdct\.1\.1\.[0-9A-Z]{16}\.[0-9a-z]{16}\.[0-9a-z]{40}\b
135-
- \bYC[a-zA-Z0-9_\-]{38}\b
136-
- \bBBFF-[0-9a-zA-Z]{30}\b
137-
- (?i)\bpscale_tkn_[a-zA-Z0-9\-_\.]{43}\b
138-
- \bEZTK[a-zA-Z0-9]{54}\b
139-
- \bapify\_api\_[a-zA-Z-0-9]{36}\b
140-
- \bEAACEdEose0cBA[0-9A-Za-z]{5,1000}\b
141-
- \bPMAT-[0-9A-Z]{26}\b
142-
- (?i)\bshpca_[a-fA-F0-9]{32}\b
143-
- Bearer xoxb-[0-9]{8,14}\-[a-zA-Z0-9]{18,26}
144-
- \bdp\.scim\.[a-zA-Z0-9]{40,44}\b
145-
- \bsk\.[a-zA-Z-0-9\.]{80,240}\b
146-
- \bpscale_oauth_[a-zA-Z0-9=\-_\.]{43}\b
147-
- \bsk_test_[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\b
148-
- (?i)\bKEY[0-9A-Z_-]{55}\b
149-
- (?i)\bhttps:\/\/hooks\.slack\.com\/(services|workflows)\/[a-z0-9_+\/]{43,46}\b
150-
- (?i)\bsbp_[a-f0-9]{40}\b
151-
- (?i)\bsk-[0-9a-z]{20}T3BlbkFJ[0-9a-z]{20}\b
152-
- \bgithub_pat_[0-9a-zA-Z_]{82}\b
153-
- \bFLWSECK_TEST-[a-h0-9]{32}-X\b
154-
- \bsl\.[a-zA-Z0-9\-=_]{135,}\b
155-
- Bearer xoxe-\d-[a-zA-Z0-9]{146}
156-
- (?i)\bglpat-[0-9a-zA-Z_\-]{20}\b
157-
- \bhttps://[a-zA-Z0-9\-]{0,63}\.webhook\.office\.com/webhookb2/[a-z0-9-]{36}@[a-z0-9-]{36}/IncomingWebhook/[a-z0-9]{32}/[a-z0-9-]{36}
158-
- \b\d{15,16}\|[0-9a-zA-Z\-_]{27}\b
28+
- \bPMAK-[a-f0-9]{24}\b
29+
- (?i)https:\/\/creator\.zoho\.com\/api\/[A-Za-z0-9\/\-_\.]+\?authtoken=[A-Za-z0-9]+
30+
- \bt1\.[A-Z0-9a-z_-]+[=]{0,2}\.[A-Z0-9a-z_-]{86}[=]{0,2}\b
31+
- \b(live|test)_[a-f0-9]{35}\b
32+
- (?i)https:\/\/[\w-]*\.?zoom\.us\/(j|my)\/[\d\w?=-]+\b
33+
- \bb\.AAAAAQ[0-9a-zA-Z_-]{156}\b
34+
- (?i)\beyJhbGciOi[a-z0-9_\-\.]{2,1000}\b
35+
- \bpypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}\b
36+
- \bFLWSECK_TEST[a-h0-9]{12}\b
37+
- \bnpm_[a-zA-Z0-9]{36}\b
38+
- \b[0-9]{15,25}-[a-zA-Z0-9]{20,40}\b
39+
- \bSSWS [a-zA-Z0-9=_\-]{42}\b
40+
- \bEZAK[a-zA-Z0-9]{54}\b
41+
- \b(?:pat|sat)\.[a-zA-Z0-9]{22}\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{20}\b
42+
- \bico-[a-zA-Z0-9]{32}\b
43+
- \bflb_live_[0-9a-zA-Z]{20}\b
44+
- \b[0-9a-f]{32}-us[0-9]{1,2}\b
45+
- \bdp\.audit\.[a-zA-Z0-9]{40,44}\b
46+
- (?i)\bduffel_live_[a-zA-Z0-9_-]{43}\b
47+
- \b(amqp|amqps):\/\/[\d\w\:?=-]+\b
48+
- \b[A-Za-z0-9]{14}\.atlasv1\.[A-Za-z0-9]{67}\b
49+
- (?i)\bsk-ant-api[0-9]{2}-[0-9a-z\-\_]{95}\b
50+
- \bdp\.pt\.[a-zA-Z0-9]{40,44}\b
51+
- \bAQVN[A-Za-z0-9_\-]{35,38}\b
52+
- (?i)\bsk_live_[0-9a-z]{24}\b
53+
- '[-]{5}BEGIN EC PRIVATE KEY[-]{5}([\s\S]{128,}?)[-]{5}END EC PRIVATE KEY[-]{5}'
54+
- \bhttps:\/\/[\w-]*\.?alchemyapi\.io\/v2\/[\d\w?=-]+\b
55+
- \bNRBR-[a-fA-F0-9]{19}\b
56+
- \b\d{15,16}(?:\||%)[0-9a-zA-Z_-]{27,40}\b
57+
- \bpscale_tkn_[A-Za-z0-9_]{43}\b
58+
- \btfp_[0-9A-Za-z-_]{59}\b
59+
- \bhttps:\/\/discord\.com\/api\/webhooks\/([0-9]{18,20})\/([0-9a-zA-Z_-]+)\b
60+
- (?i)\blin_api_[a-zA-Z0-9]{40}\b
61+
- \bdp\.sa\.[a-zA-Z0-9]{40,44}\b
62+
- \bdnkey-[a-zA-Z0-9=_\-]{26}-[a-zA-Z0-9=_\-]{52}\b
63+
- \b(pk|dk)_(prod|test)_[a-zA-Z0-9]{28}\b
64+
- \bglsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8}\b
65+
- (?i)\bhttps:\/\/api\.hubapi\.com\/webhooks\/v1\/[a-zA-Z0-9]+\/
66+
- \bhttps://[a-f0-9]{8}:[a-f0-9]{8}@(?:gems\.contribsys\.com|enterprise\.contribsys\.com)
67+
- Bearer xoxe.xox[bp]-\d-[a-zA-Z0-9]{163,166}
68+
- \bPMAK-[a-f0-9]{24}-[a-f0-9]{34}\b
69+
- \bSK[A-Fa-f0-9]{32}\b
70+
- (?i)\bshpat_[a-fA-F0-9]{32}\b
71+
- (?i)\bshppa_[a-fA-F0-9]{32}\b
72+
- (?i)\bfigd_[0-9a-z_-]{40}\b
73+
- \bp8e\-[a-zA-Z0-9\-]{32}\b
74+
- Bearer xapp-\d-[A-Z0-9]+-\d+-[a-z0-9]+
75+
- (?i)[0-9]+-[0-9a-z_]{32}\.apps\.googleusercontent\.com
76+
- (?i)https:\/\/(?:www.)?hooks\.zapier\.com\/hooks\/catch\/[a-z0-9]+\/[a-z0-9]+\/
77+
- \b(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}\b
78+
- \brzp_live_[0-9a-zA-Z-_]+\b
79+
- (?i)\bpk_[0-9a-z]{34}\b
80+
- (?i)\bshippo_test_[a-fA-F0-9]{40}\b
81+
- \b(pscale_pw_[a-zA-Z0-9=\-_\.]{32,64})\b
82+
- \bAIza[0-9a-zA-Z-_]{35}\b
83+
- '[-]{5}BEGIN OPENSSH PRIVATE KEY[-]{5}([\s\S]{128,}?)[-]{5}END OPENSSH PRIVATE KEY[-]{5}'
84+
- '[-]{5}BEGIN RSA PRIVATE KEY[-]{5}([\s\S]{128,}?)[-]{5}END RSA PRIVATE KEY[-]{5}'
85+
- (?i)\bduffel_test_[a-zA-Z0-9_-]{43}\b
86+
- (?i)\br8_[0-9a-z-_]{37}\b
87+
- (?i)\bhf_[0-9a-z]{34}\b
88+
- \b[a-f0-9]{8}:[a-f0-9]{8}\b
89+
- \bakaa[0-9a-z-]{15,1000}\b
90+
- (?i)\bghr_[0-9a-zA-Z]{36}\b
91+
- (?i)\bshippo_live_[a-fA-F0-9]{40}\b
92+
- \bglptt-[0-9a-f]{40}\b
93+
- \bdapi([a-hA-H0-9]{32})\b
94+
- \bpscale_app_secret_[a-zA-Z0-9=\-_\.]{43}\b
95+
- Bearer xox[os]-\d+-\d+-\d+-[a-fA-F\d]+
96+
- \bdt0c01\.[a-zA-Z0-9]{24}\.[a-zA-Z0-9]{64}\b
97+
- \b(glc_[A-Za-z0-9+\/]{32,400}={0,2})\b
98+
- (?i)\brubygems_[a-f0-9]{48}\b
99+
- (?i)\bCCIPAT_[0-9a-z]{22}_[0-9a-z]{40}\b
100+
- \bNRII-[a-zA-Z0-9-]{32}\b
101+
- Bearer xoxb-[0-9]{10,13}\-[0-9]{10,13}[a-zA-Z0-9-]*
102+
- (?i)\bghp_[A-Z0-9]{36}\b
103+
- \bakab-[a-zA-Z0-9]{16}-[a-zA-Z0-9]{16}\b
104+
- (?i)\bgh[us]_[0-9a-zA-Z]{36}\b
105+
- \bGR1348941[0-9a-zA-Z\-\_]{20}\b
106+
- \bdp\.ct\.[a-zA-Z0-9]{40,44}\b
107+
- \bapi_org_[a-zA-Z]{34}\b
108+
- \beyJrIjoi[A-Za-z0-9]{70,400}={0,2}\b
109+
- \btk-us-[a-zA-Z0-9-_]{48}\b
110+
- \bAGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}\b
111+
- \bsu[a-zA-Z0-9]{12}\b
112+
- (?i)\bBasic [A-Z0-9+/]{8,1000}[=]{0,2}
113+
- '[-]{5}BEGIN DSA PRIVATE KEY[-]{5}([\s\S]{128,}?)[-]{5}END DSA PRIVATE KEY[-]{5}'
114+
- \bdG9rO[0-9a-zA-Z]{54}\=
115+
- \bphc_[a-zA-Z0-9_]{43}\b
116+
- \bBearer [A-Za-z0-9\-._~+/]{8,1000}[=]{0,2}
117+
- (?i)\bNRAK-[0-9a-z-_]{27}\b
118+
- (?i)\bgho_[0-9a-zA-Z]{36}\b
119+
- (?i)\bpul-[a-fA-F0-9]{40}\b
120+
- (?i)\bhttps:\/\/chat\.twilio\.com\/v2\/Services\/[a-zA-Z0-9]{32}\b
121+
- \bpub-c-[0-9a-z]{8}-[0-9a-z]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}\b
122+
- \baio\_[a-zA-Z0-9]{28}\b
123+
- \b(live|test)_[a-f0-9]{35}\b
124+
- \bpk\.[a-zA-Z0-9]{60,70}\.[a-zA-Z0-9]{22}\b
125+
- '[-]{5}BEGIN PGP PRIVATE KEY BLOCK[-]{5}([\s\S]{128,}?)[-]{5}END PGP PRIVATE KEY
126+
BLOCK[-]{5}'
127+
- \bsk_[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\b
128+
- (?i)\bdo[por]_v1_[a-f0-9]{64}\b
129+
- \bey[a-zA-Z0-9]{17,512}\.ey[a-zA-Z0-9/_-]{17,512}\.[a-zA-Z0-9/_-]{17,512}={0,2}\b
130+
- \bLTAI[a-zA-Z0-9]{20}\b
131+
- \brdme_[a-zA-Z0-9]{70}\b
132+
- \bsecret_[0-9a-zA-Z-_]{43}\b
133+
- (?i)\bpk_[0-9]{7,8}_[0-9a-z]{32}\b
134+
- Bearer [0-9]{15,25}-[a-zA-Z0-9]{20,40}
135+
- \bpnu_[a-zA-Z0-9]{36}\b
136+
- \bsub-c-[0-9a-z]{8}-[a-z]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}\b
137+
- \bfio-u-[a-zA-Z0-9\-_=]{64}\b
138+
- (?i)\brk_live_[0-9a-z]{24}\b
139+
- \bion_[a-zA-Z0-9]{42}\b
140+
- \bkey[a-zA-Z0-9]{14}\b
141+
- https:\/\/www\.google\.com\/calendar\/embed\?src=[A-Za-z0-9%\@&;=\-_\.\/]+
142+
- \bpdct\.1\.1\.[0-9A-Z]{16}\.[0-9a-z]{16}\.[0-9a-z]{40}\b
143+
- \bYC[a-zA-Z0-9_\-]{38}\b
144+
- \bBBFF-[0-9a-zA-Z]{30}\b
145+
- (?i)\bpscale_tkn_[a-zA-Z0-9\-_\.]{43}\b
146+
- \bEZTK[a-zA-Z0-9]{54}\b
147+
- \bapify\_api\_[a-zA-Z-0-9]{36}\b
148+
- \bEAACEdEose0cBA[0-9A-Za-z]{5,1000}\b
149+
- \bPMAT-[0-9A-Z]{26}\b
150+
- (?i)\bshpca_[a-fA-F0-9]{32}\b
151+
- Bearer xoxb-[0-9]{8,14}\-[a-zA-Z0-9]{18,26}
152+
- \bdp\.scim\.[a-zA-Z0-9]{40,44}\b
153+
- \bsk\.[a-zA-Z-0-9\.]{80,240}\b
154+
- \bpscale_oauth_[a-zA-Z0-9=\-_\.]{43}\b
155+
- \bsk_test_[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\b
156+
- (?i)\bKEY[0-9A-Z_-]{55}\b
157+
- (?i)\bhttps:\/\/hooks\.slack\.com\/(services|workflows)\/[a-z0-9_+\/]{43,46}\b
158+
- (?i)\bsbp_[a-f0-9]{40}\b
159+
- (?i)\bsk-[0-9a-z]{20}T3BlbkFJ[0-9a-z]{20}\b
160+
- \bgithub_pat_[0-9a-zA-Z_]{82}\b
161+
- \bFLWSECK_TEST-[a-h0-9]{32}-X\b
162+
- \bsl\.[a-zA-Z0-9\-=_]{135,}\b
163+
- Bearer xoxe-\d-[a-zA-Z0-9]{146}
164+
- (?i)\bglpat-[0-9a-zA-Z_\-]{20}\b
165+
- \bhttps://[a-zA-Z0-9\-]{0,63}\.webhook\.office\.com/webhookb2/[a-z0-9-]{36}@[a-z0-9-]{36}/IncomingWebhook/[a-z0-9]{32}/[a-z0-9-]{36}
166+
- \b\d{15,16}\|[0-9a-zA-Z\-_]{27}\b
167+
- sb_secret_[-_a-zA-Z0-9]{27}
168+
- \bLTAI[a-zA-Z0-9]{17,21}\b
169+
- (?i)\beyJhbGciOi[a-z0-9_\-\.]{2,1000}\b
170+
ignored_keys:
171+
- clientId
172+
- value
173+
ignored_regexes:
174+
- (?i)[0-9a-z+\/]{15,1000}
175+
- amzn\.mws\.([0-9a-f]{8})-([0-9a-f]{4})-([0-9a-f]{4})-([0-9a-f]{4})-([0-9a-f]{12})(?![a-z0-9-])
176+
- (?i)key"\s*:\s*"Authorization"\s*,\s*"value"\s*:\s*"(Bearer [a-z/:0-9]{51})\b
177+
- (?i)https:\/\/outlook\.office\.com\/webhook\/([a-f0-9]{8})-([a-f0-9]{4})-([a-f0-9]{4})-([a-f0-9]{4})-([a-f0-9]{12})@([a-f0-9]{8})-([a-f0-9]{4})-([a-f0-9]{4})-([a-f0-9]{4})-([a-f0-9]{12})(?![a-z0-9-_])
178+
- key"\s*:\s*"Authorization"\s*,\s*"value"\s*:\s*"(Bearer [a-z0-9]{32})
179+
- key"\s*:\s*"username"\s*,\s*"value"\s*:\s*"(su[a-zA-Z0-9]{12})
180+
- key"\s*:\s*"Authorization"\s*,\s*"value"\s*:\s*"(Bearer [a-zA-Z0-9]{11}(AAAAAAAAAA)[a-zA-Z0-9\-_=]{43})
181+
- \bAAAA[A-Za-z0-9_-]{7}:[A-Za-z0-9_-]{140}(?![A-Za-z0-9\/+=])
182+
- \b[a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8}(?![-\w])\b
183+
- key"\s*:\s*"Authorization"\s*,\s*"value"\s*:\s*"(Bearer [a-zA-Z0-9_~.]{3}\dQ~[a-zA-Z0-9_~.-]{31,34})\b
184+
- key"\s*:\s*"Authorization"\s*,\s*"value"\s*:\s*"(aivenv1 [a-zA-Z0-9/+=]{372})
185+
- key"\s*:\s*"x-algolia-api-key"\s*,\s*"value"\s*:\s*"([a-zA-Z0-9]{32}\b)
186+
- key"\s*:\s*"password"\s*,\s*"value"\s*:\s*"([a-zA-Z0-9]{64})\b
187+
- key"\s*:\s*"X-Auth-Key"\s*,\s*"value"\s*:\s*"([a-f0-9]{37})
188+
- key"\s*:\s*"X-Auth-User-Service-Key"\s*,\s*"value"\s*:\s*"(v1\.0-[a-f0-9]{64}-[a-f0-9]{128}-[a-f0-9]{64})
189+
- key"\s*:\s*"Authorization"\s*,\s*"value"\s*:\s*"(SSWS [a-zA-Z0-9=_\-]{42})
190+
- (?i)key"\s*:\s*"X-RapidAPI-Key"\s*,\s*"value"\s*:\s*"([0-9a-z]{10}msh[0-9a-z]{37})
191+
- (?i)\bsq0idp-[a-z0-9-_]{22}(?![a-z0-9-_])\b
192+
- (?i)(?<![0-9])[0-9]{10}:[A]{2}[A-Z-_0-9]{33}(?![A-Z])
193+
- \b(?<!Bearer\s)[A]{21}[0-9A-Za-z-_%?]{80,110}(?![A-Za-z0-9\/+=])\b
194+
- key"\s*:\s*"Authorization"\s*,\s*"value"\s*:\s*"(Bearer glsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8})
195+
- \b(?<!\w-)(key-[0-9a-zA-Z]{32})(?![-+])\b
196+
- (?i)\bshpss_[a-f0-9]{32}(?![a-z0-9-_])\b
197+
- (?i)CLOJARS_[a-f0-9]{60}(?![a-z0-9_])
198+
- key"\s*:\s*"username"\s*,\s*"value"\s*:\s*"((live|test)_[a-f0-9]{35})
199+
- (?i)\bsq0atp-[a-z0-9-_\\]{22}(?![a-z0-9-_\\])\b
200+
- key"\s*:\s*"Beamer-Api-Key"\s*,\s*"value"\s*:\s*"(b_[a-zA-Z0-9+/]{43}=)
201+
- \bSG\.[a-zA-Z0-9_-]{16,32}\.[a-zA-Z0-9-_]{16,64}(?![a-zA-Z0-9-_])\b
202+
- key"\s*:\s*"Authorization"\s*,\s*"value"\s*:\s*"(Bearer [0-9]{15,25}-[a-zA-Z0-9]{20,40})
203+
- (?i)\bxkeysib-([a-z0-9]{64})-([a-z0-9]{16})(?![a-z0-9-])\b
204+
- (?i)\bsq0csp-[a-z0-9-_\\]{43}(?![a-z0-9-_\\])\b
205+
- ^.{15,1000}$
206+
- (?i)^.{8,1000}$
207+
rewritten_regexes:
208+
- (?i)\beyJhbGciOi[a-z0-9_\-\.]{2,1001}\b

0 commit comments

Comments
 (0)