From 4e58fa43ee45748bc69f613a591f5af0e4e36bdf Mon Sep 17 00:00:00 2001 From: Khaled Mohamed <46958133+xElkomy@users.noreply.github.com> Date: Thu, 25 Jan 2024 17:46:05 +0200 Subject: [PATCH 1/6] Update and rename low-severity-token.bcheck to tentative.bcheck We implemented a minor adjustment using 'else if', as 'else if' ceases execution upon discovering the first secret. Conversely, using 'if' allows the process to continue, enabling the identification of any additional exposed secrets. --- ...severity-token.bcheck => tentative.bcheck} | 5094 ++++++++++------- 1 file changed, 2906 insertions(+), 2188 deletions(-) rename other/tokens/{low-severity-token.bcheck => tentative.bcheck} (57%) diff --git a/other/tokens/low-severity-token.bcheck b/other/tokens/tentative.bcheck similarity index 57% rename from other/tokens/low-severity-token.bcheck rename to other/tokens/tentative.bcheck index 45c0898..f5613fe 100644 --- a/other/tokens/low-severity-token.bcheck +++ b/other/tokens/tentative.bcheck @@ -1,5098 +1,5816 @@ metadata: language: v1-beta - name: "Information Disclosure" + name: "Information Disclosure Secret Finder - tentative" description: "Detects secret patterns in responses." - author: "bugswagger, xelkomy, juba0x00" + author: "bugswagger, xelkomy, juba0x00, xhzeem" tags: "secret, bugswagger" given response then - if {latest.response} matches "bugswagger" then - report issue: - severity: low - confidence: firm - detail: "bugswagger secret pattern detected in the response." - remediation: "Review and remove unnecessary exposure of secrets." - - else if {latest.response} matches "ec2-[0-9a-z._-]+.compute(-1)?.amazonaws.com" then + if {latest.response} matches "ec2-[0-9a-z._-]+.compute(-1)?.amazonaws.com" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "AWS EC2 External secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "[0-9a-z._-]+.compute(-1)?.internal" then + if {latest.response} matches "[0-9a-z._-]+.compute(-1)?.internal" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "AWS EC2 Internal secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "[0-9a-z._-]+.elb.amazonaws.com" then + if {latest.response} matches "[0-9a-z._-]+.elb.amazonaws.com" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "AWS ELB secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "[0-9a-z._-]+.cache.amazonaws.com" then + if {latest.response} matches "[0-9a-z._-]+.cache.amazonaws.com" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "AWS ElasticCache secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" then + if {latest.response} matches "mzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "AWS MWS ID secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}" then + if {latest.response} matches "(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "AWS client ID secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:algolia).{0,40}\b([A-Z0-9]{10})\b" then + if {latest.response} matches "(?:algolia).{0,40}\b([A-Z0-9]{10})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Algoliaadminkey - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:algolia).{0,40}\b([a-zA-Z0-9]{32})\b" then + if {latest.response} matches "(?:algolia).{0,40}\b([a-zA-Z0-9]{32})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Algoliaadminkey - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "arn:aws:sns:[a-z0-9\-]+:[0-9]+:[A-Za-z0-9\-_]+" then + if {latest.response} matches "arn:aws:sns:[a-z0-9\-]+:[0-9]+:[A-Za-z0-9\-_]+" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Amazon SNS Topic secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:\s|=|:|\"|^)AKC[a-zA-Z0-9]{10,}" then + if {latest.response} matches "(?:\s|=|:|\"|^)AKC[a-zA-Z0-9]{10,}" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Artifactory API Token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:\s|=|:|\"|^)AP[\dABCDEF][a-zA-Z0-9]{8,}" then + if {latest.response} matches "(?:\s|=|:|\"|^)AP[\dABCDEF][a-zA-Z0-9]{8,}" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Artifactory Password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:auth0).{0,40}\b([a-zA-Z0-9_-]{32,60})\b" then + if {latest.response} matches "(?:auth0).{0,40}\b([a-zA-Z0-9_-]{32,60})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Auth0oauth - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(bearer).+" then + if {latest.response} matches "(bearer).+" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Bearer token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:blogger).{0,40}\b([0-9A-Za-z-]{39})\b" then + if {latest.response} matches "(?:blogger).{0,40}\b([0-9A-Za-z-]{39})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Blogger secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:circle).{0,40}([a-fA-F0-9]{40})" then + if {latest.response} matches "(?:circle).{0,40}([a-fA-F0-9]{40})" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Circleci secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:cloudflare).{0,40}\b([A-Za-z0-9_-]{40})\b" then + if {latest.response} matches "(?:cloudflare).{0,40}\b([A-Za-z0-9_-]{40})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Cloudflareapitoken secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:customer).{0,40}\b([a-z0-9A-Z]{20})\b" then + if {latest.response} matches "(?:customer).{0,40}\b([a-z0-9A-Z]{20})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Customerio secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:datadog).{0,40}\b([a-zA-Z-0-9]{32})\b" then + if {latest.response} matches "(?:datadog).{0,40}\b([a-zA-Z-0-9]{32})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Datadogtoken - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:datadog).{0,40}\b([a-zA-Z-0-9]{40})\b" then + if {latest.response} matches "(?:datadog).{0,40}\b([a-zA-Z-0-9]{40})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Datadogtoken - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:debounce).{0,40}\b([a-zA-Z0-9]{13})\b" then + if {latest.response} matches "(?:debounce).{0,40}\b([a-zA-Z0-9]{13})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Debounce secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:8x8).{0,40}\b([a-zA-Z0-9_]{18,30})\b" then + if {latest.response} matches "(?:8x8).{0,40}\b([a-zA-Z0-9_]{18,30})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Eightxeight - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:etsy).{0,40}\b([a-zA-Z-0-9]{24})\b" then + if {latest.response} matches "(?:etsy).{0,40}\b([a-zA-Z-0-9]{24})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Etsyapikey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "AAAA[a-zA-Z0-9_-]{7}:[a-zA-Z0-9_-]{140}" then + if {latest.response} matches "AAAA[a-zA-Z0-9_-]{7}:[a-zA-Z0-9_-]{140}" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "FCM Server Key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(AAAA[a-zA-Z0-9_-]{7}:[a-zA-Z0-9_-]{140})" then + if {latest.response} matches "(AAAA[a-zA-Z0-9_-]{7}:[a-zA-Z0-9_-]{140})" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "FCM_server_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "[fF][aA][cC][eE][bB][oO][oO][kK].*['|\"][0-9a-f]{32}['|\"]" then + if {latest.response} matches "[fF][aA][cC][eE][bB][oO][oO][kK].*['|\"][0-9a-f]{32}['|\"]" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Facebook OAuth secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:facebook).{0,40}\b([A-Za-z0-9]{32})\b" then + if {latest.response} matches "(?:facebook).{0,40}\b([A-Za-z0-9]{32})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Facebookoauth secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "[a-z0-9.-]+\.firebaseio\.com" then + if {latest.response} matches "[a-z0-9.-]+\.firebaseio\.com" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Firebase Database Detect - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "[a-z0-9.-]+\.firebaseapp\.com" then + if {latest.response} matches "[a-z0-9.-]+\.firebaseapp\.com" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Firebase Database Detect - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:float).{0,40}\b([a-zA-Z0-9-._+=]{59,60})\b" then + if {latest.response} matches "(?:float).{0,40}\b([a-zA-Z0-9-._+=]{59,60})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Float secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "TOKEN[\\-|_|A-Z0-9]*(\'|\\")?(:|=)(\'|\\")?[\\-|_|A-Z0-9]{10}" then + if {latest.response} matches "TOKEN[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Generic - 1688 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "API[\\-|_|A-Z0-9]*(\'|\\")?(:|=)(\'|\\")?[\\-|_|A-Z0-9]{10}" then + if {latest.response} matches "API[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Generic - 1689 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "SECRET[\\-|_|A-Z0-9]*(\'|\\")?(:|=)(\'|\\")?[\\-|_|A-Z0-9]{10}" then + if {latest.response} matches "SECRET[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Generic - 1691 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "AUTHORIZATION[\\-|_|A-Z0-9]*(\'|\\")?(:|=)(\'|\\")?[\\-|_|A-Z0-9]{10}" then + if {latest.response} matches "AUTHORIZATION[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Generic - 1692 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "PASSWORD[\\-|_|A-Z0-9]*(\'|\\")?(:|=)(\'|\\")?[\\-|_|A-Z0-9]{10}" then + if {latest.response} matches "PASSWORD[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Generic - 1693 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(A|a)(P|p)(Ii)[\-|_|A-Za-z0-9]*(\''|\")?( )*(:|=)( )*(\''|\")?[0-9A-Za-z\-_]+(\''|\")?" then + if {latest.response} matches "(A|a)(P|p)(Ii)[\-|_|A-Za-z0-9]*(\''|\")?( )*(:|=)( )*(\''|\")?[0-9A-Za-z\-_]+(\''|\")?" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Generic - 1695 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "[a-z0-9.-]+\.s3-[a-z0-9-]\.amazonaws\.com" then + if {latest.response} matches "[a-z0-9.-]+\.s3-[a-z0-9-]\.amazonaws\.com" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Generic - 1707 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "[a-z0-9.-]+\.s3-website[.-](eu|ap|us|ca|sa|cn)" then + if {latest.response} matches "[a-z0-9.-]+\.s3-website[.-](eu|ap|us|ca|sa|cn)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Generic - 1708 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "branchio_secret" then + if {latest.response} matches "branchio_secret" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Generic - 1715 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "google_cm" then + if {latest.response} matches "google_cm" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Generic - 1731 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "google_maps_key" then + if {latest.response} matches "google_maps_key" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Generic - 1732 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mailjet" then + if {latest.response} matches "mailjet" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Generic - 1737 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mapbox_access_token" then + if {latest.response} matches "mapbox_access_token" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Generic - 1738 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "slack_webhook" then + if {latest.response} matches "slack_webhook" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Generic - 1749 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "square_secret" then + if {latest.response} matches "square_secret" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Generic - 1750 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "twilio_sid_token" then + if {latest.response} matches "twilio_sid_token" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Generic - 1753 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "zapier_webhook" then + if {latest.response} matches "zapier_webhook" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Generic - 1762 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "s3-[a-z0-9-]+\.amazonaws\.com/[a-z0-9._-]+" then + if {latest.response} matches "s3-[a-z0-9-]+\.amazonaws\.com/[a-z0-9._-]+" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Generic - 1765 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "[sS][eE][cC][rR][eE][tT].*['|\"][0-9a-zA-Z]{32,45}['|\"]" then + if {latest.response} matches "[sS][eE][cC][rR][eE][tT].*['|\"][0-9a-zA-Z]{32,45}['|\"]" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Generic Secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(webhook).+(secret|token|key).+" then + if {latest.response} matches "(webhook).+(secret|token|key).+" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Generic webhook secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "[gG][iI][tT][hH][uU][bB].*['|\"][0-9a-zA-Z]{35,40}['|\"]" then + if {latest.response} matches "[gG][iI][tT][hH][uU][bB].*['|\"][0-9a-zA-Z]{35,40}['|\"]" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "GitHub secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:github).{0,40}\b([0-9]{6})\b" then + if {latest.response} matches "(?:github).{0,40}\b([0-9]{6})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Githubapp - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:gitlab).{0,40}\b([a-zA-Z0-9\-=_]{20,22})\b" then + if {latest.response} matches "(?:gitlab).{0,40}\b([a-zA-Z0-9\-=_]{20,22})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Gitlab secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:harvest).{0,40}\b([0-9]{4,9})\b" then + if {latest.response} matches "(?:harvest).{0,40}\b([0-9]{4,9})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Harvest - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:hive).{0,40}\b([0-9a-z]{32})\b" then + if {latest.response} matches "(?:hive).{0,40}\b([0-9a-z]{32})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Hive - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:host).{0,40}\b([a-z0-9]{14})\b" then + if {latest.response} matches "(?:host).{0,40}\b([a-z0-9]{14})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Host secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:hunter).{0,40}\b([a-z0-9_-]{40})\b" then + if {latest.response} matches "(?:hunter).{0,40}\b([a-z0-9_-]{40})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Hunter secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:intercom).{0,40}\b([a-zA-Z0-9\W\S]{59}\=)" then + if {latest.response} matches "(?:intercom).{0,40}\b([a-zA-Z0-9\W\S]{59}\=)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Intercom secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:jira).{0,40}\b([a-zA-Z-0-9]{5,24}\.[a-zA-Z-0-9]{3,16}\.[a-zA-Z-0-9]{3,16})\b" then + if {latest.response} matches "(?:jira).{0,40}\b([a-zA-Z-0-9]{5,24}\.[a-zA-Z-0-9]{3,16}\.[a-zA-Z-0-9]{3,16})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Jiratoken - 3 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:less).{0,40}\b([a-zA-Z0-9-]{57})\b" then + if {latest.response} matches "(?:less).{0,40}\b([a-zA-Z0-9-]{57})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Lessannoyingcrm secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:m3o).{0,40}\b([0-9A-Za-z]{48})\b" then + if {latest.response} matches "(?:m3o).{0,40}\b([0-9A-Za-z]{48})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "M3o secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(mailgun|mg)[0-9a-z]{32}" then + if {latest.response} matches "(mailgun|mg)[0-9a-z]{32}" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Mailgun API key - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:manifest).{0,40}\b([a-zA-z0-9]{32})\b" then + if {latest.response} matches "(?:manifest).{0,40}\b([a-zA-z0-9]{32})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Manifest secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "https://outlook\.office\.com/webhook/[A-Za-z0-9\-@]+/IncomingWebhook/[A-Za-z0-9\-]+/[A-Za-z0-9\-]+" then + if {latest.response} matches "https://outlook\.office\.com/webhook/[A-Za-z0-9\-@]+/IncomingWebhook/[A-Za-z0-9\-]+/[A-Za-z0-9\-]+" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Microsoft Teams Webhook secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:freshworks).{0,40}\b([a-z0-9A-Z-]{22})\b" then + if {latest.response} matches "(?:freshworks).{0,40}\b([a-z0-9A-Z-]{22})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Myfreshworks - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:nytimes).{0,40}\b([a-z0-9A-Z-]{32})\b" then + if {latest.response} matches "(?:nytimes).{0,40}\b([a-z0-9A-Z-]{32})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Nytimes secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b([A-Za-z0-9_\.]{7}-[A-Za-z0-9_\.]{72})\b" then + if {latest.response} matches "\b([A-Za-z0-9_\.]{7}-[A-Za-z0-9_\.]{72})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Paypaloauth - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b([A-Za-z0-9_\.]{69}-[A-Za-z0-9_\.]{10})\b" then + if {latest.response} matches "\b([A-Za-z0-9_\.]{69}-[A-Za-z0-9_\.]{10})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Paypaloauth - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:key).{0,40}\b([a-z0-9]{20})\b" then + if {latest.response} matches "(?:key).{0,40}\b([a-z0-9]{20})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Pusherchannelkey - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(REDIS_URL).+" then + if {latest.response} matches "(REDIS_URL).+" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "REDIS_URL secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:rev).{0,40}\b([0-9a-zA-Z\-]{27}[ \r\n]{1})" then + if {latest.response} matches "(?:rev).{0,40}\b([0-9a-zA-Z\-]{27}[ \r\n]{1})" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Rev - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:revamp).{0,40}\b([a-zA-Z0-9.-@]{25,30})\b" then + if {latest.response} matches "(?:revamp).{0,40}\b([a-zA-Z0-9.-@]{25,30})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Revampcrm - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:ronin).{0,40}\b([0-9Aa-zA-Z]{3,32})\b" then + if {latest.response} matches "(?:ronin).{0,40}\b([0-9Aa-zA-Z]{3,32})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Roninapp - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "data-shoppable-auth-token.+" then + if {latest.response} matches "data-shoppable-auth-token.+" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Shoppable Service Auth secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:shutterstock).{0,40}\b([0-9a-zA-Z]{32})\b" then + if {latest.response} matches "(?:shutterstock).{0,40}\b([0-9a-zA-Z]{32})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Shutterstock - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:shutterstock).{0,40}\b([0-9a-zA-Z]{16})\b" then + if {latest.response} matches "(?:shutterstock).{0,40}\b([0-9a-zA-Z]{16})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Shutterstock - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "xoxp-[0-9A-Za-z\-]{72}" then + if {latest.response} matches "xoxp-[0-9A-Za-z\-]{72}" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Slack User token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sq0(atp|csp)-[0-9a-z-_]{22,43}" then + if {latest.response} matches "sq0(atp|csp)-[0-9a-z-_]{22,43}" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Square API Key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:survey).{0,40}\b([a-z0-9A-Z-]{36})\b" then + if {latest.response} matches "(?:survey).{0,40}\b([a-z0-9A-Z-]{36})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Surveyanyplace - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:survey).{0,40}\b([a-z0-9A-Z]{32})\b" then + if {latest.response} matches "(?:survey).{0,40}\b([a-z0-9A-Z]{32})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Surveyanyplace - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:swell).{0,40}\b([a-zA-Z0-9]{6,24})\b" then + if {latest.response} matches "(?:swell).{0,40}\b([a-zA-Z0-9]{6,24})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Swell - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "[tT][wW][iI][tT][tT][eE][rR].*[1-9][0-9]+-[0-9a-zA-Z]{40}" then + if {latest.response} matches "[tT][wW][iI][tT][tT][eE][rR].*[1-9][0-9]+-[0-9a-zA-Z]{40}" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Twitter Access Token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "[tT][wW][iI][tT][tT][eE][rR].*['|\"][0-9a-zA-Z]{35,44}['|\"]" then + if {latest.response} matches "[tT][wW][iI][tT][tT][eE][rR].*['|\"][0-9a-zA-Z]{35,44}['|\"]" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Twitter OAuth secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b[a-zA-Z]{1,10}:?\/\/[-.%\w{}]{1,50}:([-.%\S]{3,50})@[-.%\w\/:]+\b" then + if {latest.response} matches "\b[a-zA-Z]{1,10}:?\/\/[-.%\w{}]{1,50}:([-.%\S]{3,50})@[-.%\w\/:]+\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Uri secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:youtube).{0,40}\b([a-zA-Z-0-9_]{39})\b" then + if {latest.response} matches "(?:youtube).{0,40}\b([a-zA-Z-0-9_]{39})\b" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Youtubeapikey - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "https://(?:www.)?hooks\.zapier\.com/hooks/catch/[A-Za-z0-9]+/[A-Za-z0-9]+/" then + if {latest.response} matches "https://(?:www.)?hooks\.zapier\.com/hooks/catch/[A-Za-z0-9]+/[A-Za-z0-9]+/" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Zapier Webhook secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "https://creator\.zoho\.com/api/[A-Za-z0-9/\-_\.]+\?authtoken=[A-Za-z0-9]+" then + if {latest.response} matches "https://creator\.zoho\.com/api/[A-Za-z0-9/\-_\.]+\?authtoken=[A-Za-z0-9]+" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "Zoho Webhook secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "access[_-]?key[_-]?secret(=| =|:| :)" then + if {latest.response} matches "access[_-]?key[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "access_key_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "access[_-]?secret(=| =|:| :)" then + if {latest.response} matches "access[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "access_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "access[_-]?token(=| =|:| :)" then + if {latest.response} matches "access[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "access_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "account[_-]?sid(=| =|:| :)" then + if {latest.response} matches "account[_-]?sid(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "account_sid secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "admin[_-]?email(=| =|:| :)" then + if {latest.response} matches "admin[_-]?email(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "admin_email secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "adzerk[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "adzerk[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "adzerk_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "algolia[_-]?admin[_-]?key[_-]?1(=| =|:| :)" then + if {latest.response} matches "algolia[_-]?admin[_-]?key[_-]?1(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "algolia_admin_key_1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "algolia[_-]?admin[_-]?key[_-]?2(=| =|:| :)" then + if {latest.response} matches "algolia[_-]?admin[_-]?key[_-]?2(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "algolia_admin_key_2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "algolia[_-]?admin[_-]?key[_-]?mcm(=| =|:| :)" then + if {latest.response} matches "algolia[_-]?admin[_-]?key[_-]?mcm(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "algolia_admin_key_mcm secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "algolia[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "algolia[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "algolia_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "algolia[_-]?api[_-]?key[_-]?mcm(=| =|:| :)" then + if {latest.response} matches "algolia[_-]?api[_-]?key[_-]?mcm(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "algolia_api_key_mcm secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "algolia[_-]?api[_-]?key[_-]?search(=| =|:| :)" then + if {latest.response} matches "algolia[_-]?api[_-]?key[_-]?search(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "algolia_api_key_search secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "algolia[_-]?search[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "algolia[_-]?search[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "algolia_search_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "algolia[_-]?search[_-]?key(=| =|:| :)" then + if {latest.response} matches "algolia[_-]?search[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "algolia_search_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "algolia[_-]?search[_-]?key[_-]?1(=| =|:| :)" then + if {latest.response} matches "algolia[_-]?search[_-]?key[_-]?1(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "algolia_search_key_1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "alias[_-]?pass(=| =|:| :)" then + if {latest.response} matches "alias[_-]?pass(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "alias_pass secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "alicloud[_-]?access[_-]?key(=| =|:| :)" then + if {latest.response} matches "alicloud[_-]?access[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "alicloud_access_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "alicloud[_-]?secret[_-]?key(=| =|:| :)" then + if {latest.response} matches "alicloud[_-]?secret[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "alicloud_secret_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "amazon[_-]?bucket[_-]?name(=| =|:| :)" then + if {latest.response} matches "amazon[_-]?bucket[_-]?name(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "amazon_bucket_name secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "anaconda[_-]?token(=| =|:| :)" then + if {latest.response} matches "anaconda[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "anaconda_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "android[_-]?docs[_-]?deploy[_-]?token(=| =|:| :)" then + if {latest.response} matches "android[_-]?docs[_-]?deploy[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "android_docs_deploy_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "aos[_-]?key(=| =|:| :)" then + if {latest.response} matches "aos[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "aos_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "aos[_-]?sec(=| =|:| :)" then + if {latest.response} matches "aos[_-]?sec(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "aos_sec secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "api[_-]?key(=| =|:| :)" then + if {latest.response} matches "api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "api[_-]?key[_-]?secret(=| =|:| :)" then + if {latest.response} matches "api[_-]?key[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "api_key_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "api[_-]?key[_-]?sid(=| =|:| :)" then + if {latest.response} matches "api[_-]?key[_-]?sid(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "api_key_sid secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "api[_-]?secret(=| =|:| :)" then + if {latest.response} matches "api[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "api_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "apiary[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "apiary[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "apiary_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "apigw[_-]?access[_-]?token(=| =|:| :)" then + if {latest.response} matches "apigw[_-]?access[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "apigw_access_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "apikey[:](?:['\"]?[a-zA-Z0-9-_|]+['\"]?)" then + if {latest.response} matches "apikey[:](?:['\"]?[a-zA-Z0-9-_|]+['\"]?)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "apikey_patterns secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "app[_-]?bucket[_-]?perm(=| =|:| :)" then + if {latest.response} matches "app[_-]?bucket[_-]?perm(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "app_bucket_perm secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "app[_-]?report[_-]?token[_-]?key(=| =|:| :)" then + if {latest.response} matches "app[_-]?report[_-]?token[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "app_report_token_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "app[_-]?secrete(=| =|:| :)" then + if {latest.response} matches "app[_-]?secrete(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "app_secrete secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "app[_-]?token(=| =|:| :)" then + if {latest.response} matches "app[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "app_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "appclientsecret(=| =|:| :)" then + if {latest.response} matches "appclientsecret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "appclientsecret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "apple[_-]?id[_-]?password(=| =|:| :)" then + if {latest.response} matches "apple[_-]?id[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "apple_id_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "argos[_-]?token(=| =|:| :)" then + if {latest.response} matches "argos[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "argos_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(artifactory.{0,50}(\"|')?[a-zA-Z0-9=]{112}(\"|')?)" then + if {latest.response} matches "(artifactory.{0,50}(\"|')?[a-zA-Z0-9=]{112}(\"|')?)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "artifactory secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "artifactory[_-]?key(=| =|:| :)" then + if {latest.response} matches "artifactory[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "artifactory_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "artifacts[_-]?aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" then + if {latest.response} matches "artifacts[_-]?aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "artifacts_aws_access_key_id secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "artifacts[_-]?aws[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then + if {latest.response} matches "artifacts[_-]?aws[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "artifacts_aws_secret_access_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "artifacts[_-]?bucket(=| =|:| :)" then + if {latest.response} matches "artifacts[_-]?bucket(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "artifacts_bucket secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "artifacts[_-]?key(=| =|:| :)" then + if {latest.response} matches "artifacts[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "artifacts_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "artifacts[_-]?secret(=| =|:| :)" then + if {latest.response} matches "artifacts[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "artifacts_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "assistant[_-]?iam[_-]?apikey(=| =|:| :)" then + if {latest.response} matches "assistant[_-]?iam[_-]?apikey(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "assistant_iam_apikey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "auth0[_-]?api[_-]?clientsecret(=| =|:| :)" then + if {latest.response} matches "auth0[_-]?api[_-]?clientsecret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "auth0_api_clientsecret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "auth0[_-]?client[_-]?secret(=| =|:| :)" then + if {latest.response} matches "auth0[_-]?client[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "auth0_client_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "auth[_-]?token(=| =|:| :)" then + if {latest.response} matches "auth[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "auth_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "author[_-]?email[_-]?addr(=| =|:| :)" then + if {latest.response} matches "author[_-]?email[_-]?addr(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "author_email_addr secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "author[_-]?npm[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "author[_-]?npm[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "author_npm_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "aws[_-]?access(=| =|:| :)" then + if {latest.response} matches "aws[_-]?access(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "aws_access secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "aws[_-]?access[_-]?key(=| =|:| :)" then + if {latest.response} matches "aws[_-]?access[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "aws_access_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" then + if {latest.response} matches "aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "aws_access_key_id - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "aws[_-]?config[_-]?accesskeyid(=| =|:| :)" then + if {latest.response} matches "aws[_-]?config[_-]?accesskeyid(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "aws_config_accesskeyid secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "aws[_-]?config[_-]?secretaccesskey(=| =|:| :)" then + if {latest.response} matches "aws[_-]?config[_-]?secretaccesskey(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "aws_config_secretaccesskey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "aws[_-]?key(=| =|:| :)" then + if {latest.response} matches "aws[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "aws_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:accesskeyid|secretaccesskey|aws_access_key_id|aws_secret_access_key)" then + if {latest.response} matches "(?:accesskeyid|secretaccesskey|aws_access_key_id|aws_secret_access_key)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "aws_patterns secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "aws[_-]?secret(=| =|:| :)" then + if {latest.response} matches "aws[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "aws_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "aws[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then + if {latest.response} matches "aws[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "aws_secret_access_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "aws[_-]?secret[_-]?key(=| =|:| :)" then + if {latest.response} matches "aws[_-]?secret[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "aws_secret_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "aws[_-]?secrets(=| =|:| :)" then + if {latest.response} matches "aws[_-]?secrets(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "aws_secrets secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "aws[_-]?ses[_-]?access[_-]?key[_-]?id(=| =|:| :)" then + if {latest.response} matches "aws[_-]?ses[_-]?access[_-]?key[_-]?id(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "aws_ses_access_key_id secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "aws[_-]?ses[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then + if {latest.response} matches "aws[_-]?ses[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "aws_ses_secret_access_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "awsaccesskeyid(=| =|:| :)" then + if {latest.response} matches "awsaccesskeyid(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "awsaccesskeyid secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "awscn[_-]?access[_-]?key[_-]?id(=| =|:| :)" then + if {latest.response} matches "awscn[_-]?access[_-]?key[_-]?id(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "awscn_access_key_id secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "awscn[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then + if {latest.response} matches "awscn[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "awscn_secret_access_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "awssecretkey(=| =|:| :)" then + if {latest.response} matches "awssecretkey(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "awssecretkey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "b2[_-]?app[_-]?key(=| =|:| :)" then + if {latest.response} matches "b2[_-]?app[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "b2_app_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "b2[_-]?bucket(=| =|:| :)" then + if {latest.response} matches "b2[_-]?bucket(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "b2_bucket secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "bintray[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "bintray[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "bintray_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "bintray[_-]?apikey(=| =|:| :)" then + if {latest.response} matches "bintray[_-]?apikey(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "bintray_apikey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "bintray[_-]?gpg[_-]?password(=| =|:| :)" then + if {latest.response} matches "bintray[_-]?gpg[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "bintray_gpg_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "bintray[_-]?key(=| =|:| :)" then + if {latest.response} matches "bintray[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "bintray_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "bintray[_-]?token(=| =|:| :)" then + if {latest.response} matches "bintray[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "bintray_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "bintraykey(=| =|:| :)" then + if {latest.response} matches "bintraykey(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "bintraykey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "bluemix[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "bluemix[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "bluemix_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "bluemix[_-]?auth(=| =|:| :)" then + if {latest.response} matches "bluemix[_-]?auth(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "bluemix_auth secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "bluemix[_-]?pass(=| =|:| :)" then + if {latest.response} matches "bluemix[_-]?pass(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "bluemix_pass secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "bluemix[_-]?pass[_-]?prod(=| =|:| :)" then + if {latest.response} matches "bluemix[_-]?pass[_-]?prod(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "bluemix_pass_prod secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "bluemix[_-]?password(=| =|:| :)" then + if {latest.response} matches "bluemix[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "bluemix_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "bluemix[_-]?pwd(=| =|:| :)" then + if {latest.response} matches "bluemix[_-]?pwd(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "bluemix_pwd secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "bluemix[_-]?username(=| =|:| :)" then + if {latest.response} matches "bluemix[_-]?username(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "bluemix_username secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "brackets[_-]?repo[_-]?oauth[_-]?token(=| =|:| :)" then + if {latest.response} matches "brackets[_-]?repo[_-]?oauth[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "brackets_repo_oauth_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "browser[_-]?stack[_-]?access[_-]?key(=| =|:| :)" then + if {latest.response} matches "browser[_-]?stack[_-]?access[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "browser_stack_access_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "browserstack[_-]?access[_-]?key(=| =|:| :)" then + if {latest.response} matches "browserstack[_-]?access[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "browserstack_access_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "bucketeer[_-]?aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" then + if {latest.response} matches "bucketeer[_-]?aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "bucketeer_aws_access_key_id secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "bucketeer[_-]?aws[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then + if {latest.response} matches "bucketeer[_-]?aws[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "bucketeer_aws_secret_access_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "built[_-]?branch[_-]?deploy[_-]?key(=| =|:| :)" then + if {latest.response} matches "built[_-]?branch[_-]?deploy[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "built_branch_deploy_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "bundlesize[_-]?github[_-]?token(=| =|:| :)" then + if {latest.response} matches "bundlesize[_-]?github[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "bundlesize_github_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "bx[_-]?password(=| =|:| :)" then + if {latest.response} matches "bx[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "bx_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "bx[_-]?username(=| =|:| :)" then + if {latest.response} matches "bx[_-]?username(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "bx_username secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cache[_-]?s3[_-]?secret[_-]?key(=| =|:| :)" then + if {latest.response} matches "cache[_-]?s3[_-]?secret[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "cache_s3_secret_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cargo[_-]?token(=| =|:| :)" then + if {latest.response} matches "cargo[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "cargo_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cattle[_-]?access[_-]?key(=| =|:| :)" then + if {latest.response} matches "cattle[_-]?access[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "cattle_access_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cattle[_-]?agent[_-]?instance[_-]?auth(=| =|:| :)" then + if {latest.response} matches "cattle[_-]?agent[_-]?instance[_-]?auth(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "cattle_agent_instance_auth secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cattle[_-]?secret[_-]?key(=| =|:| :)" then + if {latest.response} matches "cattle[_-]?secret[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "cattle_secret_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "censys[_-]?secret(=| =|:| :)" then + if {latest.response} matches "censys[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "censys_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "certificate[_-]?password(=| =|:| :)" then + if {latest.response} matches "certificate[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "certificate_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cf[_-]?password(=| =|:| :)" then + if {latest.response} matches "cf[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "cf_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cheverny[_-]?token(=| =|:| :)" then + if {latest.response} matches "cheverny[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "cheverny_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ci[_-]?user[_-]?token(=| =|:| :)" then + if {latest.response} matches "ci[_-]?user[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ci_user_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "claimr[_-]?database(=| =|:| :)" then + if {latest.response} matches "claimr[_-]?database(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "claimr_database secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "claimr[_-]?db(=| =|:| :)" then + if {latest.response} matches "claimr[_-]?db(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "claimr_db secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "claimr[_-]?superuser(=| =|:| :)" then + if {latest.response} matches "claimr[_-]?superuser(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "claimr_superuser secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "claimr[_-]?token(=| =|:| :)" then + if {latest.response} matches "claimr[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "claimr_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cli[_-]?e2e[_-]?cma[_-]?token(=| =|:| :)" then + if {latest.response} matches "cli[_-]?e2e[_-]?cma[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "cli_e2e_cma_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "client[_-]?secret(=| =|:| :)" then + if {latest.response} matches "client[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "client_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "clojars[_-]?password(=| =|:| :)" then + if {latest.response} matches "clojars[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "clojars_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cloudant[_-]?archived[_-]?database(=| =|:| :)" then + if {latest.response} matches "cloudant[_-]?archived[_-]?database(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "cloudant_archived_database secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cloudant[_-]?audited[_-]?database(=| =|:| :)" then + if {latest.response} matches "cloudant[_-]?audited[_-]?database(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "cloudant_audited_database secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cloudant[_-]?database(=| =|:| :)" then + if {latest.response} matches "cloudant[_-]?database(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "cloudant_database secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cloudant[_-]?instance(=| =|:| :)" then + if {latest.response} matches "cloudant[_-]?instance(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "cloudant_instance secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cloudant[_-]?order[_-]?database(=| =|:| :)" then + if {latest.response} matches "cloudant[_-]?order[_-]?database(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "cloudant_order_database secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cloudant[_-]?parsed[_-]?database(=| =|:| :)" then + if {latest.response} matches "cloudant[_-]?parsed[_-]?database(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "cloudant_parsed_database secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cloudant[_-]?password(=| =|:| :)" then + if {latest.response} matches "cloudant[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "cloudant_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cloudant[_-]?processed[_-]?database(=| =|:| :)" then + if {latest.response} matches "cloudant[_-]?processed[_-]?database(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "cloudant_processed_database secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cloudant[_-]?service[_-]?database(=| =|:| :)" then + if {latest.response} matches "cloudant[_-]?service[_-]?database(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "cloudant_service_database secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cloudflare[_-]?auth[_-]?key(=| =|:| :)" then + if {latest.response} matches "cloudflare[_-]?auth[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "cloudflare_auth_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cloudflare[_-]?email(=| =|:| :)" then + if {latest.response} matches "cloudflare[_-]?email(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "cloudflare_email secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cloudinary[_-]?url(=| =|:| :)" then + if {latest.response} matches "cloudinary[_-]?url(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "cloudinary_url secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cloudinary[_-]?url[_-]?staging(=| =|:| :)" then + if {latest.response} matches "cloudinary[_-]?url[_-]?staging(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "cloudinary_url_staging secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "clu[_-]?repo[_-]?url(=| =|:| :)" then + if {latest.response} matches "clu[_-]?repo[_-]?url(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "clu_repo_url secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "clu[_-]?ssh[_-]?private[_-]?key[_-]?base64(=| =|:| :)" then + if {latest.response} matches "clu[_-]?ssh[_-]?private[_-]?key[_-]?base64(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "clu_ssh_private_key_base64 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cn[_-]?access[_-]?key[_-]?id(=| =|:| :)" then + if {latest.response} matches "cn[_-]?access[_-]?key[_-]?id(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "cn_access_key_id secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cn[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then + if {latest.response} matches "cn[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "cn_secret_access_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cocoapods[_-]?trunk[_-]?email(=| =|:| :)" then + if {latest.response} matches "cocoapods[_-]?trunk[_-]?email(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "cocoapods_trunk_email secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cocoapods[_-]?trunk[_-]?token(=| =|:| :)" then + if {latest.response} matches "cocoapods[_-]?trunk[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "cocoapods_trunk_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "codacy[_-]?project[_-]?token(=| =|:| :)" then + if {latest.response} matches "codacy[_-]?project[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "codacy_project_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(codeclima.{0,50}(\"|')?[0-9a-f]{64}(\"|')?)" then + if {latest.response} matches "(codeclima.{0,50}(\"|')?[0-9a-f]{64}(\"|')?)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "codeclimate secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "codeclimate[_-]?repo[_-]?token(=| =|:| :)" then + if {latest.response} matches "codeclimate[_-]?repo[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "codeclimate_repo_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "codecov[_-]?token(=| =|:| :)" then + if {latest.response} matches "codecov[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "codecov_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "coding[_-]?token(=| =|:| :)" then + if {latest.response} matches "coding[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "coding_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "conekta[_-]?apikey(=| =|:| :)" then + if {latest.response} matches "conekta[_-]?apikey(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "conekta_apikey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "consumerkey(=| =|:| :)" then + if {latest.response} matches "consumerkey(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "consumerkey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "contentful[_-]?access[_-]?token(=| =|:| :)" then + if {latest.response} matches "contentful[_-]?access[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "contentful_access_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "contentful[_-]?cma[_-]?test[_-]?token(=| =|:| :)" then + if {latest.response} matches "contentful[_-]?cma[_-]?test[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "contentful_cma_test_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "contentful[_-]?integration[_-]?management[_-]?token(=| =|:| :)" then + if {latest.response} matches "contentful[_-]?integration[_-]?management[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "contentful_integration_management_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "contentful[_-]?php[_-]?management[_-]?test[_-]?token(=| =|:| :)" then + if {latest.response} matches "contentful[_-]?php[_-]?management[_-]?test[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "contentful_php_management_test_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "contentful[_-]?test[_-]?org[_-]?cma[_-]?token(=| =|:| :)" then + if {latest.response} matches "contentful[_-]?test[_-]?org[_-]?cma[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "contentful_test_org_cma_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "contentful[_-]?v2[_-]?access[_-]?token(=| =|:| :)" then + if {latest.response} matches "contentful[_-]?v2[_-]?access[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "contentful_v2_access_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "conversation[_-]?password(=| =|:| :)" then + if {latest.response} matches "conversation[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "conversation_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "conversation[_-]?username(=| =|:| :)" then + if {latest.response} matches "conversation[_-]?username(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "conversation_username secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cos[_-]?secrets(=| =|:| :)" then + if {latest.response} matches "cos[_-]?secrets(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "cos_secrets secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "coveralls[_-]?api[_-]?token(=| =|:| :)" then + if {latest.response} matches "coveralls[_-]?api[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "coveralls_api_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "coveralls[_-]?repo[_-]?token(=| =|:| :)" then + if {latest.response} matches "coveralls[_-]?repo[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "coveralls_repo_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "coveralls[_-]?token(=| =|:| :)" then + if {latest.response} matches "coveralls[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "coveralls_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "coverity[_-]?scan[_-]?token(=| =|:| :)" then + if {latest.response} matches "coverity[_-]?scan[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "coverity_scan_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cypress[_-]?record[_-]?key(=| =|:| :)" then + if {latest.response} matches "cypress[_-]?record[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "cypress_record_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "danger[_-]?github[_-]?api[_-]?token(=| =|:| :)" then + if {latest.response} matches "danger[_-]?github[_-]?api[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "danger_github_api_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "database[_-]?host(=| =|:| :)" then + if {latest.response} matches "database[_-]?host(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "database_host secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "database[_-]?name(=| =|:| :)" then + if {latest.response} matches "database[_-]?name(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "database_name secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "database[_-]?password(=| =|:| :)" then + if {latest.response} matches "database[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "database_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "database[_-]?port(=| =|:| :)" then + if {latest.response} matches "database[_-]?port(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "database_port secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "database[_-]?user(=| =|:| :)" then + if {latest.response} matches "database[_-]?user(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "database_user secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "datadog[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "datadog[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "datadog_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "datadog[_-]?app[_-]?key(=| =|:| :)" then + if {latest.response} matches "datadog[_-]?app[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "datadog_app_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "db[_-]?connection(=| =|:| :)" then + if {latest.response} matches "db[_-]?connection(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "db_connection secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "db[_-]?database(=| =|:| :)" then + if {latest.response} matches "db[_-]?database(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "db_database secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "db[_-]?host(=| =|:| :)" then + if {latest.response} matches "db[_-]?host(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "db_host secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "db[_-]?user(=| =|:| :)" then + if {latest.response} matches "db[_-]?user(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "db_user secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "db[_-]?username(=| =|:| :)" then + if {latest.response} matches "db[_-]?username(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "db_username secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ddg[_-]?test[_-]?email(=| =|:| :)" then + if {latest.response} matches "ddg[_-]?test[_-]?email(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ddg_test_email secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ddg[_-]?test[_-]?email[_-]?pw(=| =|:| :)" then + if {latest.response} matches "ddg[_-]?test[_-]?email[_-]?pw(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ddg_test_email_pw secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ddgc[_-]?github[_-]?token(=| =|:| :)" then + if {latest.response} matches "ddgc[_-]?github[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ddgc_github_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "deploy[_-]?password(=| =|:| :)" then + if {latest.response} matches "deploy[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "deploy_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "deploy[_-]?secure(=| =|:| :)" then + if {latest.response} matches "deploy[_-]?secure(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "deploy_secure secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "deploy[_-]?token(=| =|:| :)" then + if {latest.response} matches "deploy[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "deploy_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "deploy[_-]?user(=| =|:| :)" then + if {latest.response} matches "deploy[_-]?user(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "deploy_user secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "dgpg[_-]?passphrase(=| =|:| :)" then + if {latest.response} matches "dgpg[_-]?passphrase(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "dgpg_passphrase secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "digitalocean[_-]?access[_-]?token(=| =|:| :)" then + if {latest.response} matches "digitalocean[_-]?access[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "digitalocean_access_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "digitalocean[_-]?ssh[_-]?key[_-]?body(=| =|:| :)" then + if {latest.response} matches "digitalocean[_-]?ssh[_-]?key[_-]?body(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "digitalocean_ssh_key_body secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "digitalocean[_-]?ssh[_-]?key[_-]?ids(=| =|:| :)" then + if {latest.response} matches "digitalocean[_-]?ssh[_-]?key[_-]?ids(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "digitalocean_ssh_key_ids secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "docker[_-]?key(=| =|:| :)" then + if {latest.response} matches "docker[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "docker_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "docker[_-]?pass(=| =|:| :)" then + if {latest.response} matches "docker[_-]?pass(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "docker_pass secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "docker[_-]?postgres[_-]?url(=| =|:| :)" then + if {latest.response} matches "docker[_-]?postgres[_-]?url(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "docker_postgres_url secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "dockerhubpassword(=| =|:| :)" then + if {latest.response} matches "dockerhubpassword(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "dockerhubpassword secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "dsonar[_-]?login(=| =|:| :)" then + if {latest.response} matches "dsonar[_-]?login(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "dsonar_login secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "dsonar[_-]?projectkey(=| =|:| :)" then + if {latest.response} matches "dsonar[_-]?projectkey(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "dsonar_projectkey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "elastic[_-]?cloud[_-]?auth(=| =|:| :)" then + if {latest.response} matches "elastic[_-]?cloud[_-]?auth(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "elastic_cloud_auth secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "elasticsearch[_-]?password(=| =|:| :)" then + if {latest.response} matches "elasticsearch[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "elasticsearch_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "encryption[_-]?password(=| =|:| :)" then + if {latest.response} matches "encryption[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "encryption_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "end[_-]?user[_-]?password(=| =|:| :)" then + if {latest.response} matches "end[_-]?user[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "end_user_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "env[_-]?key(=| =|:| :)" then + if {latest.response} matches "env[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "env_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "env[_-]?secret(=| =|:| :)" then + if {latest.response} matches "env[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "env_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "env[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then + if {latest.response} matches "env[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "env_secret_access_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "env[_-]?sonatype[_-]?password(=| =|:| :)" then + if {latest.response} matches "env[_-]?sonatype[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "env_sonatype_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "eureka[_-]?awssecretkey(=| =|:| :)" then + if {latest.response} matches "eureka[_-]?awssecretkey(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "eureka_awssecretkey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "exp[_-]?password(=| =|:| :)" then + if {latest.response} matches "exp[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "exp_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K].*['|\"][0-9a-f]{32}['|\"]" then + if {latest.response} matches "[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K].*['|\"][0-9a-f]{32}['|\"]" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "facebook_oauth secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "file[_-]?password(=| =|:| :)" then + if {latest.response} matches "file[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "file_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "firebase[_-]?project[_-]?develop(=| =|:| :)" then + if {latest.response} matches "firebase[_-]?project[_-]?develop(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "firebase_project_develop secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "flask[_-]?secret[_-]?key(=| =|:| :)" then + if {latest.response} matches "flask[_-]?secret[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "flask_secret_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "flickr[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "flickr[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "flickr_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "flickr[_-]?api[_-]?secret(=| =|:| :)" then + if {latest.response} matches "flickr[_-]?api[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "flickr_api_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "fossa[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "fossa[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "fossa_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ftp[_-]?host(=| =|:| :)" then + if {latest.response} matches "ftp[_-]?host(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ftp_host secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ftp[_-]?login(=| =|:| :)" then + if {latest.response} matches "ftp[_-]?login(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ftp_login secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ftp[_-]?password(=| =|:| :)" then + if {latest.response} matches "ftp[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ftp_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ftp[_-]?user(=| =|:| :)" then + if {latest.response} matches "ftp[_-]?user(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ftp_user secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ftp[_-]?username(=| =|:| :)" then + if {latest.response} matches "ftp[_-]?username(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ftp_username secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gcloud[_-]?bucket(=| =|:| :)" then + if {latest.response} matches "gcloud[_-]?bucket(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "gcloud_bucket secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gcloud[_-]?project(=| =|:| :)" then + if {latest.response} matches "gcloud[_-]?project(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "gcloud_project secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gcloud[_-]?service[_-]?key(=| =|:| :)" then + if {latest.response} matches "gcloud[_-]?service[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "gcloud_service_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gcr[_-]?password(=| =|:| :)" then + if {latest.response} matches "gcr[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "gcr_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gcs[_-]?bucket(=| =|:| :)" then + if {latest.response} matches "gcs[_-]?bucket(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "gcs_bucket secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gh[_-]?email(=| =|:| :)" then + if {latest.response} matches "gh[_-]?email(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "gh_email secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gh[_-]?next[_-]?oauth[_-]?client[_-]?secret(=| =|:| :)" then + if {latest.response} matches "gh[_-]?next[_-]?oauth[_-]?client[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "gh_next_oauth_client_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gh[_-]?next[_-]?unstable[_-]?oauth[_-]?client[_-]?id(=| =|:| :)" then + if {latest.response} matches "gh[_-]?next[_-]?unstable[_-]?oauth[_-]?client[_-]?id(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "gh_next_unstable_oauth_client_id secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gh[_-]?next[_-]?unstable[_-]?oauth[_-]?client[_-]?secret(=| =|:| :)" then + if {latest.response} matches "gh[_-]?next[_-]?unstable[_-]?oauth[_-]?client[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "gh_next_unstable_oauth_client_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gh[_-]?oauth[_-]?client[_-]?secret(=| =|:| :)" then + if {latest.response} matches "gh[_-]?oauth[_-]?client[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "gh_oauth_client_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gh[_-]?oauth[_-]?token(=| =|:| :)" then + if {latest.response} matches "gh[_-]?oauth[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "gh_oauth_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gh[_-]?repo[_-]?token(=| =|:| :)" then + if {latest.response} matches "gh[_-]?repo[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "gh_repo_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gh[_-]?token(=| =|:| :)" then + if {latest.response} matches "gh[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "gh_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gh[_-]?unstable[_-]?oauth[_-]?client[_-]?secret(=| =|:| :)" then + if {latest.response} matches "gh[_-]?unstable[_-]?oauth[_-]?client[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "gh_unstable_oauth_client_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ghb[_-]?token(=| =|:| :)" then + if {latest.response} matches "ghb[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ghb_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ghost[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "ghost[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ghost_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "git[_-]?author[_-]?email(=| =|:| :)" then + if {latest.response} matches "git[_-]?author[_-]?email(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "git_author_email secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "git[_-]?author[_-]?name(=| =|:| :)" then + if {latest.response} matches "git[_-]?author[_-]?name(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "git_author_name secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "git[_-]?committer[_-]?email(=| =|:| :)" then + if {latest.response} matches "git[_-]?committer[_-]?email(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "git_committer_email secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "git[_-]?committer[_-]?name(=| =|:| :)" then + if {latest.response} matches "git[_-]?committer[_-]?name(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "git_committer_name secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "git[_-]?email(=| =|:| :)" then + if {latest.response} matches "git[_-]?email(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "git_email secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "git[_-]?name(=| =|:| :)" then + if {latest.response} matches "git[_-]?name(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "git_name secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "git[_-]?token(=| =|:| :)" then + if {latest.response} matches "git[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "git_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "github[_-]?access[_-]?token(=| =|:| :)" then + if {latest.response} matches "github[_-]?access[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "github_access_token - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "[a-zA-Z0-9_-]*:[a-zA-Z0-9_-]+@github.com*" then + if {latest.response} matches "[a-zA-Z0-9_-]*:[a-zA-Z0-9_-]+@github.com*" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "github_access_token - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "github[_-]?api[_-]?token(=| =|:| :)" then + if {latest.response} matches "github[_-]?api[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "github_api_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "github[_-]?auth(=| =|:| :)" then + if {latest.response} matches "github[_-]?auth(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "github_auth secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "github[_-]?auth[_-]?token(=| =|:| :)" then + if {latest.response} matches "github[_-]?auth[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "github_auth_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "github[_-]?client[_-]?secret(=| =|:| :)" then + if {latest.response} matches "github[_-]?client[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "github_client_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "github[_-]?deploy[_-]?hb[_-]?doc[_-]?pass(=| =|:| :)" then + if {latest.response} matches "github[_-]?deploy[_-]?hb[_-]?doc[_-]?pass(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "github_deploy_hb_doc_pass secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "github[_-]?deployment[_-]?token(=| =|:| :)" then + if {latest.response} matches "github[_-]?deployment[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "github_deployment_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "github[_-]?hunter[_-]?token(=| =|:| :)" then + if {latest.response} matches "github[_-]?hunter[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "github_hunter_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "github[_-]?hunter[_-]?username(=| =|:| :)" then + if {latest.response} matches "github[_-]?hunter[_-]?username(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "github_hunter_username secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "github[_-]?key(=| =|:| :)" then + if {latest.response} matches "github[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "github_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "github[_-]?oauth[_-]?token(=| =|:| :)" then + if {latest.response} matches "github[_-]?oauth[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "github_oauth_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "github[_-]?password(=| =|:| :)" then + if {latest.response} matches "github[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "github_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "github[_-]?pwd(=| =|:| :)" then + if {latest.response} matches "github[_-]?pwd(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "github_pwd secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "github[_-]?release[_-]?token(=| =|:| :)" then + if {latest.response} matches "github[_-]?release[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "github_release_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "github[_-]?repo(=| =|:| :)" then + if {latest.response} matches "github[_-]?repo(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "github_repo secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gitlab[_-]?user[_-]?email(=| =|:| :)" then + if {latest.response} matches "gitlab[_-]?user[_-]?email(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "gitlab_user_email secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gogs[_-]?password(=| =|:| :)" then + if {latest.response} matches "gogs[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "gogs_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "google[_-]?account[_-]?type(=| =|:| :)" then + if {latest.response} matches "google[_-]?account[_-]?type(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "google_account_type secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "google[_-]?client[_-]?email(=| =|:| :)" then + if {latest.response} matches "google[_-]?client[_-]?email(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "google_client_email secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:google_client_id|google_client_secret|google_client_token)" then + if {latest.response} matches "(?:google_client_id|google_client_secret|google_client_token)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "google_patterns secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "google[_-]?private[_-]?key(=| =|:| :)" then + if {latest.response} matches "google[_-]?private[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "google_private_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "([0-9]{12}-[a-z0-9]{32}.apps.googleusercontent.com)" then + if {latest.response} matches "([0-9]{12}-[a-z0-9]{32}.apps.googleusercontent.com)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "google_url secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gpg[_-]?key[_-]?name(=| =|:| :)" then + if {latest.response} matches "gpg[_-]?key[_-]?name(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "gpg_key_name secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gpg[_-]?keyname(=| =|:| :)" then + if {latest.response} matches "gpg[_-]?keyname(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "gpg_keyname secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gpg[_-]?ownertrust(=| =|:| :)" then + if {latest.response} matches "gpg[_-]?ownertrust(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "gpg_ownertrust secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gpg[_-]?passphrase(=| =|:| :)" then + if {latest.response} matches "gpg[_-]?passphrase(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "gpg_passphrase secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gpg[_-]?private[_-]?key(=| =|:| :)" then + if {latest.response} matches "gpg[_-]?private[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "gpg_private_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gpg[_-]?secret[_-]?keys(=| =|:| :)" then + if {latest.response} matches "gpg[_-]?secret[_-]?keys(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "gpg_secret_keys secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gradle[_-]?publish[_-]?key(=| =|:| :)" then + if {latest.response} matches "gradle[_-]?publish[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "gradle_publish_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gradle[_-]?publish[_-]?secret(=| =|:| :)" then + if {latest.response} matches "gradle[_-]?publish[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "gradle_publish_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gradle[_-]?signing[_-]?key[_-]?id(=| =|:| :)" then + if {latest.response} matches "gradle[_-]?signing[_-]?key[_-]?id(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "gradle_signing_key_id secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gradle[_-]?signing[_-]?password(=| =|:| :)" then + if {latest.response} matches "gradle[_-]?signing[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "gradle_signing_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gren[_-]?github[_-]?token(=| =|:| :)" then + if {latest.response} matches "gren[_-]?github[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "gren_github_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "grgit[_-]?user(=| =|:| :)" then + if {latest.response} matches "grgit[_-]?user(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "grgit_user secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "hab[_-]?auth[_-]?token(=| =|:| :)" then + if {latest.response} matches "hab[_-]?auth[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "hab_auth_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "hab[_-]?key(=| =|:| :)" then + if {latest.response} matches "hab[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "hab_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "hb[_-]?codesign[_-]?gpg[_-]?pass(=| =|:| :)" then + if {latest.response} matches "hb[_-]?codesign[_-]?gpg[_-]?pass(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "hb_codesign_gpg_pass secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "hb[_-]?codesign[_-]?key[_-]?pass(=| =|:| :)" then + if {latest.response} matches "hb[_-]?codesign[_-]?key[_-]?pass(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "hb_codesign_key_pass secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "heroku[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "heroku[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "heroku_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "([h|H][e|E][r|R][o|O][k|K][u|U].{0,30}[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})" then + if {latest.response} matches "([h|H][e|E][r|R][o|O][k|K][u|U].{0,30}[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "heroku_api_key_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "heroku[_-]?email(=| =|:| :)" then + if {latest.response} matches "heroku[_-]?email(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "heroku_email secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "heroku[_-]?token(=| =|:| :)" then + if {latest.response} matches "heroku[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "heroku_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "hockey.{0,50}(\"|')?[0-9a-f]{32}(\"|')?" then + if {latest.response} matches "hockey.{0,50}(\"|')?[0-9a-f]{32}(\"|')?" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "hockeyapp secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "hockeyapp[_-]?token(=| =|:| :)" then + if {latest.response} matches "hockeyapp[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "hockeyapp_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "homebrew[_-]?github[_-]?api[_-]?token(=| =|:| :)" then + if {latest.response} matches "homebrew[_-]?github[_-]?api[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "homebrew_github_api_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "hub[_-]?dxia2[_-]?password(=| =|:| :)" then + if {latest.response} matches "hub[_-]?dxia2[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "hub_dxia2_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ij[_-]?repo[_-]?password(=| =|:| :)" then + if {latest.response} matches "ij[_-]?repo[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ij_repo_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ij[_-]?repo[_-]?username(=| =|:| :)" then + if {latest.response} matches "ij[_-]?repo[_-]?username(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ij_repo_username secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "index[_-]?name(=| =|:| :)" then + if {latest.response} matches "index[_-]?name(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "index_name secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "integration[_-]?test[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "integration[_-]?test[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "integration_test_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "integration[_-]?test[_-]?appid(=| =|:| :)" then + if {latest.response} matches "integration[_-]?test[_-]?appid(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "integration_test_appid secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "internal[_-]?secrets(=| =|:| :)" then + if {latest.response} matches "internal[_-]?secrets(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "internal_secrets secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ios[_-]?docs[_-]?deploy[_-]?token(=| =|:| :)" then + if {latest.response} matches "ios[_-]?docs[_-]?deploy[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ios_docs_deploy_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "itest[_-]?gh[_-]?token(=| =|:| :)" then + if {latest.response} matches "itest[_-]?gh[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "itest_gh_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mysql: jdbc:mysql(=| =|:| :)" then + if {latest.response} matches "mysql: jdbc:mysql(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "jdbc secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "jdbc[_-]?databaseurl(=| =|:| :)" then + if {latest.response} matches "jdbc[_-]?databaseurl(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "jdbc_databaseurl secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "jdbc[_-]?host(=| =|:| :)" then + if {latest.response} matches "jdbc[_-]?host(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "jdbc_host secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "jwt[_-]?secret(=| =|:| :)" then + if {latest.response} matches "jwt[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "jwt_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "kafka[_-]?admin[_-]?url(=| =|:| :)" then + if {latest.response} matches "kafka[_-]?admin[_-]?url(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "kafka_admin_url secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "kafka[_-]?instance[_-]?name(=| =|:| :)" then + if {latest.response} matches "kafka[_-]?instance[_-]?name(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "kafka_instance_name secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "kafka[_-]?rest[_-]?url(=| =|:| :)" then + if {latest.response} matches "kafka[_-]?rest[_-]?url(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "kafka_rest_url secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "keystore[_-]?pass(=| =|:| :)" then + if {latest.response} matches "keystore[_-]?pass(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "keystore_pass secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "kovan[_-]?private[_-]?key(=| =|:| :)" then + if {latest.response} matches "kovan[_-]?private[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "kovan_private_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "kubecfg[_-]?s3[_-]?path(=| =|:| :)" then + if {latest.response} matches "kubecfg[_-]?s3[_-]?path(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "kubecfg_s3_path secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "kubeconfig(=| =|:| :)" then + if {latest.response} matches "kubeconfig(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "kubeconfig secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "kxoltsn3vogdop92m(=| =|:| :)" then + if {latest.response} matches "kxoltsn3vogdop92m(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "kxoltsn3vogdop92m secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "leanplum[_-]?key(=| =|:| :)" then + if {latest.response} matches "leanplum[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "leanplum_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "lektor[_-]?deploy[_-]?password(=| =|:| :)" then + if {latest.response} matches "lektor[_-]?deploy[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "lektor_deploy_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "lektor[_-]?deploy[_-]?username(=| =|:| :)" then + if {latest.response} matches "lektor[_-]?deploy[_-]?username(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "lektor_deploy_username secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "lighthouse[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "lighthouse[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "lighthouse_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "linux[_-]?signing[_-]?key(=| =|:| :)" then + if {latest.response} matches "linux[_-]?signing[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "linux_signing_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ll[_-]?publish[_-]?url(=| =|:| :)" then + if {latest.response} matches "ll[_-]?publish[_-]?url(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ll_publish_url secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ll[_-]?shared[_-]?key(=| =|:| :)" then + if {latest.response} matches "ll[_-]?shared[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ll_shared_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "looker[_-]?test[_-]?runner[_-]?client[_-]?secret(=| =|:| :)" then + if {latest.response} matches "looker[_-]?test[_-]?runner[_-]?client[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "looker_test_runner_client_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "lottie[_-]?happo[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "lottie[_-]?happo[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "lottie_happo_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "lottie[_-]?happo[_-]?secret[_-]?key(=| =|:| :)" then + if {latest.response} matches "lottie[_-]?happo[_-]?secret[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "lottie_happo_secret_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "lottie[_-]?s3[_-]?secret[_-]?key(=| =|:| :)" then + if {latest.response} matches "lottie[_-]?s3[_-]?secret[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "lottie_s3_secret_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "lottie[_-]?upload[_-]?cert[_-]?key[_-]?password(=| =|:| :)" then + if {latest.response} matches "lottie[_-]?upload[_-]?cert[_-]?key[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "lottie_upload_cert_key_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "lottie[_-]?upload[_-]?cert[_-]?key[_-]?store[_-]?password(=| =|:| :)" then + if {latest.response} matches "lottie[_-]?upload[_-]?cert[_-]?key[_-]?store[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "lottie_upload_cert_key_store_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "magento[_-]?auth[_-]?password(=| =|:| :)" then + if {latest.response} matches "magento[_-]?auth[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "magento_auth_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "magento[_-]?auth[_-]?username (=| =|:| :)" then + if {latest.response} matches "magento[_-]?auth[_-]?username (=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "magento_auth_username secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "magento[_-]?password(=| =|:| :)" then + if {latest.response} matches "magento[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "magento_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mail[_-]?password(=| =|:| :)" then + if {latest.response} matches "mail[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "mail_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mailchimp[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "mailchimp[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "mailchimp_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mailchimp[_-]?key(=| =|:| :)" then + if {latest.response} matches "mailchimp[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "mailchimp_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mailer[_-]?password(=| =|:| :)" then + if {latest.response} matches "mailer[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "mailer_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(key-[0-9a-f]{32})" then + if {latest.response} matches "(key-[0-9a-f]{32})" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "mailgun secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mailgun[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "mailgun[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "mailgun_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mailgun[_-]?apikey(=| =|:| :)" then + if {latest.response} matches "mailgun[_-]?apikey(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "mailgun_apikey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mailgun[_-]?password(=| =|:| :)" then + if {latest.response} matches "mailgun[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "mailgun_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mailgun[_-]?pub[_-]?apikey(=| =|:| :)" then + if {latest.response} matches "mailgun[_-]?pub[_-]?apikey(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "mailgun_pub_apikey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mailgun[_-]?pub[_-]?key(=| =|:| :)" then + if {latest.response} matches "mailgun[_-]?pub[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "mailgun_pub_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "manage[_-]?key(=| =|:| :)" then + if {latest.response} matches "manage[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "manage_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "manage[_-]?secret(=| =|:| :)" then + if {latest.response} matches "manage[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "manage_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "management[_-]?token(=| =|:| :)" then + if {latest.response} matches "management[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "management_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "managementapiaccesstoken(=| =|:| :)" then + if {latest.response} matches "managementapiaccesstoken(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "managementapiaccesstoken secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mandrill[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "mandrill[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "mandrill_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "manifest[_-]?app[_-]?token(=| =|:| :)" then + if {latest.response} matches "manifest[_-]?app[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "manifest_app_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "manifest[_-]?app[_-]?url(=| =|:| :)" then + if {latest.response} matches "manifest[_-]?app[_-]?url(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "manifest_app_url secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mapbox[_-]?access[_-]?token(=| =|:| :)" then + if {latest.response} matches "mapbox[_-]?access[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "mapbox_access_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mapbox[_-]?api[_-]?token(=| =|:| :)" then + if {latest.response} matches "mapbox[_-]?api[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "mapbox_api_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mapbox[_-]?aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" then + if {latest.response} matches "mapbox[_-]?aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "mapbox_aws_access_key_id secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mapbox[_-]?aws[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then + if {latest.response} matches "mapbox[_-]?aws[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "mapbox_aws_secret_access_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mapboxaccesstoken(=| =|:| :)" then + if {latest.response} matches "mapboxaccesstoken(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "mapboxaccesstoken secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mg[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "mg[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "mg_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mh[_-]?apikey(=| =|:| :)" then + if {latest.response} matches "mh[_-]?apikey(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "mh_apikey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mh[_-]?password(=| =|:| :)" then + if {latest.response} matches "mh[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "mh_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mile[_-]?zero[_-]?key(=| =|:| :)" then + if {latest.response} matches "mile[_-]?zero[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "mile_zero_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "minio[_-]?access[_-]?key(=| =|:| :)" then + if {latest.response} matches "minio[_-]?access[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "minio_access_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "minio[_-]?secret[_-]?key(=| =|:| :)" then + if {latest.response} matches "minio[_-]?secret[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "minio_secret_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "multi[_-]?bob[_-]?sid(=| =|:| :)" then + if {latest.response} matches "multi[_-]?bob[_-]?sid(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "multi_bob_sid secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "multi[_-]?connect[_-]?sid(=| =|:| :)" then + if {latest.response} matches "multi[_-]?connect[_-]?sid(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "multi_connect_sid secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "multi[_-]?disconnect[_-]?sid(=| =|:| :)" then + if {latest.response} matches "multi[_-]?disconnect[_-]?sid(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "multi_disconnect_sid secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "multi[_-]?workflow[_-]?sid(=| =|:| :)" then + if {latest.response} matches "multi[_-]?workflow[_-]?sid(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "multi_workflow_sid secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "multi[_-]?workspace[_-]?sid(=| =|:| :)" then + if {latest.response} matches "multi[_-]?workspace[_-]?sid(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "multi_workspace_sid secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "my[_-]?secret[_-]?env(=| =|:| :)" then + if {latest.response} matches "my[_-]?secret[_-]?env(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "my_secret_env secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mysql[_-]?database(=| =|:| :)" then + if {latest.response} matches "mysql[_-]?database(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "mysql_database secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mysql[_-]?hostname(=| =|:| :)" then + if {latest.response} matches "mysql[_-]?hostname(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "mysql_hostname secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mysql[_-]?password(=| =|:| :)" then + if {latest.response} matches "mysql[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "mysql_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mysql[_-]?user(=| =|:| :)" then + if {latest.response} matches "mysql[_-]?user(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "mysql_user secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mysql[_-]?username(=| =|:| :)" then + if {latest.response} matches "mysql[_-]?username(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "mysql_username secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mysqlmasteruser(=| =|:| :)" then + if {latest.response} matches "mysqlmasteruser(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "mysqlmasteruser secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mysqlsecret(=| =|:| :)" then + if {latest.response} matches "mysqlsecret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "mysqlsecret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "nativeevents(=| =|:| :)" then + if {latest.response} matches "nativeevents(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "nativeevents secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "new[_-]?relic[_-]?beta[_-]?token(=| =|:| :)" then + if {latest.response} matches "new[_-]?relic[_-]?beta[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "new_relic_beta_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "nexus[_-]?password(=| =|:| :)" then + if {latest.response} matches "nexus[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "nexus_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "nexuspassword(=| =|:| :)" then + if {latest.response} matches "nexuspassword(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "nexuspassword secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ngrok[_-]?auth[_-]?token(=| =|:| :)" then + if {latest.response} matches "ngrok[_-]?auth[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ngrok_auth_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ngrok[_-]?token(=| =|:| :)" then + if {latest.response} matches "ngrok[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ngrok_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "node[_-]?env(=| =|:| :)" then + if {latest.response} matches "node[_-]?env(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "node_env secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "node[_-]?pre[_-]?gyp[_-]?accesskeyid(=| =|:| :)" then + if {latest.response} matches "node[_-]?pre[_-]?gyp[_-]?accesskeyid(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "node_pre_gyp_accesskeyid secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "node[_-]?pre[_-]?gyp[_-]?github[_-]?token(=| =|:| :)" then + if {latest.response} matches "node[_-]?pre[_-]?gyp[_-]?github[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "node_pre_gyp_github_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "node[_-]?pre[_-]?gyp[_-]?secretaccesskey(=| =|:| :)" then + if {latest.response} matches "node[_-]?pre[_-]?gyp[_-]?secretaccesskey(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "node_pre_gyp_secretaccesskey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "non[_-]?token(=| =|:| :)" then + if {latest.response} matches "non[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "non_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "now[_-]?token(=| =|:| :)" then + if {latest.response} matches "now[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "now_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "npm[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "npm[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "npm_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "npm[_-]?api[_-]?token(=| =|:| :)" then + if {latest.response} matches "npm[_-]?api[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "npm_api_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "npm[_-]?auth[_-]?token(=| =|:| :)" then + if {latest.response} matches "npm[_-]?auth[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "npm_auth_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "npm[_-]?email(=| =|:| :)" then + if {latest.response} matches "npm[_-]?email(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "npm_email secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "npm[_-]?password(=| =|:| :)" then + if {latest.response} matches "npm[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "npm_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "npm[_-]?secret[_-]?key(=| =|:| :)" then + if {latest.response} matches "npm[_-]?secret[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "npm_secret_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "npm[_-]?token(=| =|:| :)" then + if {latest.response} matches "npm[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "npm_token - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(oy2[a-z0-9]{43})" then + if {latest.response} matches "(oy2[a-z0-9]{43})" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "nuget_api_key - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "nuget[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "nuget[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "nuget_api_key - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "numbers[_-]?service[_-]?pass(=| =|:| :)" then + if {latest.response} matches "numbers[_-]?service[_-]?pass(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "numbers_service_pass secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "oauth[_-]?token(=| =|:| :)" then + if {latest.response} matches "oauth[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "oauth_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "object[_-]?storage[_-]?password(=| =|:| :)" then + if {latest.response} matches "object[_-]?storage[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "object_storage_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "object[_-]?storage[_-]?region[_-]?name(=| =|:| :)" then + if {latest.response} matches "object[_-]?storage[_-]?region[_-]?name(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "object_storage_region_name secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "object[_-]?store[_-]?bucket(=| =|:| :)" then + if {latest.response} matches "object[_-]?store[_-]?bucket(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "object_store_bucket secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "object[_-]?store[_-]?creds(=| =|:| :)" then + if {latest.response} matches "object[_-]?store[_-]?creds(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "object_store_creds secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "oc[_-]?pass(=| =|:| :)" then + if {latest.response} matches "oc[_-]?pass(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "oc_pass secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "octest[_-]?app[_-]?password(=| =|:| :)" then + if {latest.response} matches "octest[_-]?app[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "octest_app_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "octest[_-]?app[_-]?username(=| =|:| :)" then + if {latest.response} matches "octest[_-]?app[_-]?username(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "octest_app_username secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "octest[_-]?password(=| =|:| :)" then + if {latest.response} matches "octest[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "octest_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ofta[_-]?key(=| =|:| :)" then + if {latest.response} matches "ofta[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ofta_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ofta[_-]?region(=| =|:| :)" then + if {latest.response} matches "ofta[_-]?region(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ofta_region secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ofta[_-]?secret(=| =|:| :)" then + if {latest.response} matches "ofta[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ofta_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "okta[_-]?client[_-]?token(=| =|:| :)" then + if {latest.response} matches "okta[_-]?client[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "okta_client_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "okta[_-]?oauth2[_-]?client[_-]?secret(=| =|:| :)" then + if {latest.response} matches "okta[_-]?oauth2[_-]?client[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "okta_oauth2_client_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "okta[_-]?oauth2[_-]?clientsecret(=| =|:| :)" then + if {latest.response} matches "okta[_-]?oauth2[_-]?clientsecret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "okta_oauth2_clientsecret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "omise[_-]?key(=| =|:| :)" then + if {latest.response} matches "omise[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "omise_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "omise[_-]?pkey(=| =|:| :)" then + if {latest.response} matches "omise[_-]?pkey(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "omise_pkey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "omise[_-]?pubkey(=| =|:| :)" then + if {latest.response} matches "omise[_-]?pubkey(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "omise_pubkey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "omise[_-]?skey(=| =|:| :)" then + if {latest.response} matches "omise[_-]?skey(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "omise_skey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "onesignal[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "onesignal[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "onesignal_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "onesignal[_-]?user[_-]?auth[_-]?key(=| =|:| :)" then + if {latest.response} matches "onesignal[_-]?user[_-]?auth[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "onesignal_user_auth_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "open[_-]?whisk[_-]?key(=| =|:| :)" then + if {latest.response} matches "open[_-]?whisk[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "open_whisk_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "openwhisk[_-]?key(=| =|:| :)" then + if {latest.response} matches "openwhisk[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "openwhisk_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "os[_-]?auth[_-]?url(=| =|:| :)" then + if {latest.response} matches "os[_-]?auth[_-]?url(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "os_auth_url secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "os[_-]?password(=| =|:| :)" then + if {latest.response} matches "os[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "os_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ossrh[_-]?jira[_-]?password(=| =|:| :)" then + if {latest.response} matches "ossrh[_-]?jira[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ossrh_jira_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ossrh[_-]?pass(=| =|:| :)" then + if {latest.response} matches "ossrh[_-]?pass(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ossrh_pass secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ossrh[_-]?password(=| =|:| :)" then + if {latest.response} matches "ossrh[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ossrh_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ossrh[_-]?secret(=| =|:| :)" then + if {latest.response} matches "ossrh[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ossrh_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ossrh[_-]?username(=| =|:| :)" then + if {latest.response} matches "ossrh[_-]?username(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ossrh_username secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(https://outlook.office.com/webhook/[0-9a-f-]{36}@)" then + if {latest.response} matches "(https://outlook.office.com/webhook/[0-9a-f-]{36}@)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "outlook_team secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "packagecloud[_-]?token(=| =|:| :)" then + if {latest.response} matches "packagecloud[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "packagecloud_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "pagerduty[_-]?apikey(=| =|:| :)" then + if {latest.response} matches "pagerduty[_-]?apikey(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "pagerduty_apikey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "parse[_-]?js[_-]?key(=| =|:| :)" then + if {latest.response} matches "parse[_-]?js[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "parse_js_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "passwordtravis(=| =|:| :)" then + if {latest.response} matches "passwordtravis(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "passwordtravis secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(access_token$production$[0-9a-z]{16}$[0-9a-f]{32})" then + if {latest.response} matches "(access_token$production$[0-9a-z]{16}$[0-9a-f]{32})" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "paypal_braintree_access_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "paypal[_-]?client[_-]?secret(=| =|:| :)" then + if {latest.response} matches "paypal[_-]?client[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "paypal_client_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "percy[_-]?project(=| =|:| :)" then + if {latest.response} matches "percy[_-]?project(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "percy_project secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "percy[_-]?token(=| =|:| :)" then + if {latest.response} matches "percy[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "percy_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "personal[_-]?key(=| =|:| :)" then + if {latest.response} matches "personal[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "personal_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "personal[_-]?secret(=| =|:| :)" then + if {latest.response} matches "personal[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "personal_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "pg[_-]?database(=| =|:| :)" then + if {latest.response} matches "pg[_-]?database(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "pg_database secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "pg[_-]?host(=| =|:| :)" then + if {latest.response} matches "pg[_-]?host(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "pg_host secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "places[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "places[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "places_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "places[_-]?apikey(=| =|:| :)" then + if {latest.response} matches "places[_-]?apikey(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "places_apikey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "plotly[_-]?apikey(=| =|:| :)" then + if {latest.response} matches "plotly[_-]?apikey(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "plotly_apikey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "plugin[_-]?password(=| =|:| :)" then + if {latest.response} matches "plugin[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "plugin_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "postgres[_-]?env[_-]?postgres[_-]?db(=| =|:| :)" then + if {latest.response} matches "postgres[_-]?env[_-]?postgres[_-]?db(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "postgres_env_postgres_db secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "postgres[_-]?env[_-]?postgres[_-]?password(=| =|:| :)" then + if {latest.response} matches "postgres[_-]?env[_-]?postgres[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "postgres_env_postgres_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "postgresql[_-]?db(=| =|:| :)" then + if {latest.response} matches "postgresql[_-]?db(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "postgresql_db secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "postgresql[_-]?pass(=| =|:| :)" then + if {latest.response} matches "postgresql[_-]?pass(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "postgresql_pass secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "prebuild[_-]?auth(=| =|:| :)" then + if {latest.response} matches "prebuild[_-]?auth(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "prebuild_auth secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "preferred[_-]?username(=| =|:| :)" then + if {latest.response} matches "preferred[_-]?username(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "preferred_username secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "pring[_-]?mail[_-]?username(=| =|:| :)" then + if {latest.response} matches "pring[_-]?mail[_-]?username(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "pring_mail_username secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "-----(?:(?:BEGIN|END) )(?:(?:EC|PGP|DSA|RSA|OPENSSH).)?PRIVATE.KEY(.BLOCK)?-----" then + if {latest.response} matches "-----(?:(?:BEGIN|END) )(?:(?:EC|PGP|DSA|RSA|OPENSSH).)?PRIVATE.KEY(.BLOCK)?-----" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "private_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "private[_-]?signing[_-]?password(=| =|:| :)" then + if {latest.response} matches "private[_-]?signing[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "private_signing_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "prod[_-]?access[_-]?key[_-]?id(=| =|:| :)" then + if {latest.response} matches "prod[_-]?access[_-]?key[_-]?id(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "prod_access_key_id secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "prod[_-]?password(=| =|:| :)" then + if {latest.response} matches "prod[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "prod_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "prod[_-]?secret[_-]?key(=| =|:| :)" then + if {latest.response} matches "prod[_-]?secret[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "prod_secret_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "project[_-]?config(=| =|:| :)" then + if {latest.response} matches "project[_-]?config(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "project_config secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "publish[_-]?access(=| =|:| :)" then + if {latest.response} matches "publish[_-]?access(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "publish_access secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "publish[_-]?key(=| =|:| :)" then + if {latest.response} matches "publish[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "publish_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "publish[_-]?secret(=| =|:| :)" then + if {latest.response} matches "publish[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "publish_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "pushover[_-]?token(=| =|:| :)" then + if {latest.response} matches "pushover[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "pushover_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "pypi[_-]?passowrd(=| =|:| :)" then + if {latest.response} matches "pypi[_-]?passowrd(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "pypi_passowrd secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "qiita[_-]?token(=| =|:| :)" then + if {latest.response} matches "qiita[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "qiita_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "quip[_-]?token(=| =|:| :)" then + if {latest.response} matches "quip[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "quip_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "randrmusicapiaccesstoken(=| =|:| :)" then + if {latest.response} matches "randrmusicapiaccesstoken(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "randrmusicapiaccesstoken secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "redis[_-]?stunnel[_-]?urls(=| =|:| :)" then + if {latest.response} matches "redis[_-]?stunnel[_-]?urls(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "redis_stunnel_urls secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "refresh[_-]?token(=| =|:| :)" then + if {latest.response} matches "refresh[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "refresh_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "registry[_-]?pass(=| =|:| :)" then + if {latest.response} matches "registry[_-]?pass(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "registry_pass secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "registry[_-]?secure(=| =|:| :)" then + if {latest.response} matches "registry[_-]?secure(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "registry_secure secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "release[_-]?token(=| =|:| :)" then + if {latest.response} matches "release[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "release_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "reporting[_-]?webdav[_-]?pwd(=| =|:| :)" then + if {latest.response} matches "reporting[_-]?webdav[_-]?pwd(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "reporting_webdav_pwd secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "reporting[_-]?webdav[_-]?url(=| =|:| :)" then + if {latest.response} matches "reporting[_-]?webdav[_-]?url(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "reporting_webdav_url secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "repotoken(=| =|:| :)" then + if {latest.response} matches "repotoken(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "repotoken secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "rest[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "rest[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "rest_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "rinkeby[_-]?private[_-]?key(=| =|:| :)" then + if {latest.response} matches "rinkeby[_-]?private[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "rinkeby_private_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ropsten[_-]?private[_-]?key(=| =|:| :)" then + if {latest.response} matches "ropsten[_-]?private[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ropsten_private_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "route53[_-]?access[_-]?key[_-]?id(=| =|:| :)" then + if {latest.response} matches "route53[_-]?access[_-]?key[_-]?id(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "route53_access_key_id secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "rtd[_-]?key[_-]?pass(=| =|:| :)" then + if {latest.response} matches "rtd[_-]?key[_-]?pass(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "rtd_key_pass secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "rtd[_-]?store[_-]?pass(=| =|:| :)" then + if {latest.response} matches "rtd[_-]?store[_-]?pass(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "rtd_store_pass secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "s3[_-]?access[_-]?key(=| =|:| :)" then + if {latest.response} matches "s3[_-]?access[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "s3_access_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "s3[_-]?access[_-]?key[_-]?id(=| =|:| :)" then + if {latest.response} matches "s3[_-]?access[_-]?key[_-]?id(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "s3_access_key_id secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "s3[_-]?bucket[_-]?name[_-]?app[_-]?logs(=| =|:| :)" then + if {latest.response} matches "s3[_-]?bucket[_-]?name[_-]?app[_-]?logs(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "s3_bucket_name_app_logs secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "s3[_-]?bucket[_-]?name[_-]?assets(=| =|:| :)" then + if {latest.response} matches "s3[_-]?bucket[_-]?name[_-]?assets(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "s3_bucket_name_assets secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "s3[_-]?external[_-]?3[_-]?amazonaws[_-]?com(=| =|:| :)" then + if {latest.response} matches "s3[_-]?external[_-]?3[_-]?amazonaws[_-]?com(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "s3_external_3_amazonaws_com secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "s3[_-]?key(=| =|:| :)" then + if {latest.response} matches "s3[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "s3_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "s3[_-]?key[_-]?app[_-]?logs(=| =|:| :)" then + if {latest.response} matches "s3[_-]?key[_-]?app[_-]?logs(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "s3_key_app_logs secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "s3[_-]?key[_-]?assets(=| =|:| :)" then + if {latest.response} matches "s3[_-]?key[_-]?assets(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "s3_key_assets secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "s3[_-]?secret[_-]?app[_-]?logs(=| =|:| :)" then + if {latest.response} matches "s3[_-]?secret[_-]?app[_-]?logs(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "s3_secret_app_logs secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "s3[_-]?secret[_-]?assets(=| =|:| :)" then + if {latest.response} matches "s3[_-]?secret[_-]?assets(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "s3_secret_assets secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "s3[_-]?secret[_-]?key(=| =|:| :)" then + if {latest.response} matches "s3[_-]?secret[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "s3_secret_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "s3[_-]?user[_-]?secret(=| =|:| :)" then + if {latest.response} matches "s3[_-]?user[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "s3_user_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sacloud[_-]?access[_-]?token(=| =|:| :)" then + if {latest.response} matches "sacloud[_-]?access[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sacloud_access_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sacloud[_-]?access[_-]?token[_-]?secret(=| =|:| :)" then + if {latest.response} matches "sacloud[_-]?access[_-]?token[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sacloud_access_token_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sacloud[_-]?api(=| =|:| :)" then + if {latest.response} matches "sacloud[_-]?api(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sacloud_api secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "salesforce[_-]?bulk[_-]?test[_-]?password(=| =|:| :)" then + if {latest.response} matches "salesforce[_-]?bulk[_-]?test[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "salesforce_bulk_test_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "salesforce[_-]?bulk[_-]?test[_-]?security[_-]?token(=| =|:| :)" then + if {latest.response} matches "salesforce[_-]?bulk[_-]?test[_-]?security[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "salesforce_bulk_test_security_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sandbox[_-]?access[_-]?token(=| =|:| :)" then + if {latest.response} matches "sandbox[_-]?access[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sandbox_access_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sandbox[_-]?aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" then + if {latest.response} matches "sandbox[_-]?aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sandbox_aws_access_key_id secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sandbox[_-]?aws[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then + if {latest.response} matches "sandbox[_-]?aws[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sandbox_aws_secret_access_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sauce[_-]?access[_-]?key(=| =|:| :)" then + if {latest.response} matches "sauce[_-]?access[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sauce_access_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(sauce.{0,50}(\"|')?[0-9a-f-]{36}(\"|')?)" then + if {latest.response} matches "(sauce.{0,50}(\"|')?[0-9a-f-]{36}(\"|')?)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sauce_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "scrutinizer[_-]?token(=| =|:| :)" then + if {latest.response} matches "scrutinizer[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "scrutinizer_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sdr[_-]?token(=| =|:| :)" then + if {latest.response} matches "sdr[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sdr_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "secret[_-]?0(=| =|:| :)" then + if {latest.response} matches "secret[_-]?0(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "secret_0 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "secret[_-]?1(=| =|:| :)" then + if {latest.response} matches "secret[_-]?1(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "secret_1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "secret[_-]?10(=| =|:| :)" then + if {latest.response} matches "secret[_-]?10(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "secret_10 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "secret[_-]?11(=| =|:| :)" then + if {latest.response} matches "secret[_-]?11(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "secret_11 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "secret[_-]?2(=| =|:| :)" then + if {latest.response} matches "secret[_-]?2(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "secret_2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "secret[_-]?3(=| =|:| :)" then + if {latest.response} matches "secret[_-]?3(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "secret_3 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "secret[_-]?4(=| =|:| :)" then + if {latest.response} matches "secret[_-]?4(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "secret_4 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "secret[_-]?5(=| =|:| :)" then + if {latest.response} matches "secret[_-]?5(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "secret_5 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "secret[_-]?6(=| =|:| :)" then + if {latest.response} matches "secret[_-]?6(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "secret_6 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "secret[_-]?7(=| =|:| :)" then + if {latest.response} matches "secret[_-]?7(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "secret_7 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "secret[_-]?8(=| =|:| :)" then + if {latest.response} matches "secret[_-]?8(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "secret_8 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "secret[_-]?9(=| =|:| :)" then + if {latest.response} matches "secret[_-]?9(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "secret_9 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "secret[_-]?key[_-]?base(=| =|:| :)" then + if {latest.response} matches "secret[_-]?key[_-]?base(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "secret_key_base secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "secretaccesskey(=| =|:| :)" then + if {latest.response} matches "secretaccesskey(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "secretaccesskey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "secretkey(=| =|:| :)" then + if {latest.response} matches "secretkey(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "secretkey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "segment[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "segment[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "segment_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "selion[_-]?log[_-]?level[_-]?dev(=| =|:| :)" then + if {latest.response} matches "selion[_-]?log[_-]?level[_-]?dev(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "selion_log_level_dev secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "selion[_-]?selenium[_-]?host(=| =|:| :)" then + if {latest.response} matches "selion[_-]?selenium[_-]?host(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "selion_selenium_host secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sendgrid(=| =|:| :)" then + if {latest.response} matches "sendgrid(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sendgrid - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sendgrid[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "sendgrid[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sendgrid_api_key - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sendgrid[_-]?key(=| =|:| :)" then + if {latest.response} matches "sendgrid[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sendgrid_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sendgrid[_-]?password(=| =|:| :)" then + if {latest.response} matches "sendgrid[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sendgrid_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sendgrid[_-]?user(=| =|:| :)" then + if {latest.response} matches "sendgrid[_-]?user(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sendgrid_user secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sendgrid[_-]?username(=| =|:| :)" then + if {latest.response} matches "sendgrid[_-]?username(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sendgrid_username secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sendwithus[_-]?key(=| =|:| :)" then + if {latest.response} matches "sendwithus[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sendwithus_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sentry[_-]?auth[_-]?token(=| =|:| :)" then + if {latest.response} matches "sentry[_-]?auth[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sentry_auth_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sentry[_-]?default[_-]?org(=| =|:| :)" then + if {latest.response} matches "sentry[_-]?default[_-]?org(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sentry_default_org secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sentry[_-]?endpoint(=| =|:| :)" then + if {latest.response} matches "sentry[_-]?endpoint(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sentry_endpoint secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sentry[_-]?key(=| =|:| :)" then + if {latest.response} matches "sentry[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sentry_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "service[_-]?account[_-]?secret(=| =|:| :)" then + if {latest.response} matches "service[_-]?account[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "service_account_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ses[_-]?access[_-]?key(=| =|:| :)" then + if {latest.response} matches "ses[_-]?access[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ses_access_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ses[_-]?secret[_-]?key(=| =|:| :)" then + if {latest.response} matches "ses[_-]?secret[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ses_secret_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "setdstaccesskey(=| =|:| :)" then + if {latest.response} matches "setdstaccesskey(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "setdstaccesskey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "setdstsecretkey(=| =|:| :)" then + if {latest.response} matches "setdstsecretkey(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "setdstsecretkey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "setsecretkey(=| =|:| :)" then + if {latest.response} matches "setsecretkey(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "setsecretkey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "signing[_-]?key(=| =|:| :)" then + if {latest.response} matches "signing[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "signing_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "signing[_-]?key[_-]?password(=| =|:| :)" then + if {latest.response} matches "signing[_-]?key[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "signing_key_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "signing[_-]?key[_-]?secret(=| =|:| :)" then + if {latest.response} matches "signing[_-]?key[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "signing_key_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "signing[_-]?key[_-]?sid(=| =|:| :)" then + if {latest.response} matches "signing[_-]?key[_-]?sid(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "signing_key_sid secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(hooks.slack.com/services/T[A-Z0-9]{8}/B[A-Z0-9]{8}/[a-zA-Z0-9]{1,})" then + if {latest.response} matches "(hooks.slack.com/services/T[A-Z0-9]{8}/B[A-Z0-9]{8}/[a-zA-Z0-9]{1,})" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "slack_webhook_url secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "slash[_-]?developer[_-]?space(=| =|:| :)" then + if {latest.response} matches "slash[_-]?developer[_-]?space(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "slash_developer_space secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "slash[_-]?developer[_-]?space[_-]?key(=| =|:| :)" then + if {latest.response} matches "slash[_-]?developer[_-]?space[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "slash_developer_space_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "slate[_-]?user[_-]?email(=| =|:| :)" then + if {latest.response} matches "slate[_-]?user[_-]?email(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "slate_user_email secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "snoowrap[_-]?client[_-]?secret(=| =|:| :)" then + if {latest.response} matches "snoowrap[_-]?client[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "snoowrap_client_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "snoowrap[_-]?password(=| =|:| :)" then + if {latest.response} matches "snoowrap[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "snoowrap_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "snoowrap[_-]?refresh[_-]?token(=| =|:| :)" then + if {latest.response} matches "snoowrap[_-]?refresh[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "snoowrap_refresh_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "snyk[_-]?api[_-]?token(=| =|:| :)" then + if {latest.response} matches "snyk[_-]?api[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "snyk_api_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "snyk[_-]?token(=| =|:| :)" then + if {latest.response} matches "snyk[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "snyk_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "socrata[_-]?app[_-]?token(=| =|:| :)" then + if {latest.response} matches "socrata[_-]?app[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "socrata_app_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "socrata[_-]?password(=| =|:| :)" then + if {latest.response} matches "socrata[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "socrata_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sonar[_-]?organization[_-]?key(=| =|:| :)" then + if {latest.response} matches "sonar[_-]?organization[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sonar_organization_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sonar[_-]?project[_-]?key(=| =|:| :)" then + if {latest.response} matches "sonar[_-]?project[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sonar_project_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sonar[_-]?token(=| =|:| :)" then + if {latest.response} matches "sonar[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sonar_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(sonar.{0,50}(\"|')?[0-9a-f]{40}(\"|')?)" then + if {latest.response} matches "(sonar.{0,50}(\"|')?[0-9a-f]{40}(\"|')?)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sonarqube_docs_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sonatype[_-]?gpg[_-]?key[_-]?name(=| =|:| :)" then + if {latest.response} matches "sonatype[_-]?gpg[_-]?key[_-]?name(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sonatype_gpg_key_name secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sonatype[_-]?gpg[_-]?passphrase(=| =|:| :)" then + if {latest.response} matches "sonatype[_-]?gpg[_-]?passphrase(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sonatype_gpg_passphrase secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sonatype[_-]?nexus[_-]?password(=| =|:| :)" then + if {latest.response} matches "sonatype[_-]?nexus[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sonatype_nexus_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sonatype[_-]?pass(=| =|:| :)" then + if {latest.response} matches "sonatype[_-]?pass(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sonatype_pass secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sonatype[_-]?password(=| =|:| :)" then + if {latest.response} matches "sonatype[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sonatype_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sonatype[_-]?token[_-]?password(=| =|:| :)" then + if {latest.response} matches "sonatype[_-]?token[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sonatype_token_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sonatype[_-]?token[_-]?user(=| =|:| :)" then + if {latest.response} matches "sonatype[_-]?token[_-]?user(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sonatype_token_user secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sonatypepassword(=| =|:| :)" then + if {latest.response} matches "sonatypepassword(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sonatypepassword secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "soundcloud[_-]?client[_-]?secret(=| =|:| :)" then + if {latest.response} matches "soundcloud[_-]?client[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "soundcloud_client_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "soundcloud[_-]?password(=| =|:| :)" then + if {latest.response} matches "soundcloud[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "soundcloud_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "spaces[_-]?access[_-]?key[_-]?id(=| =|:| :)" then + if {latest.response} matches "spaces[_-]?access[_-]?key[_-]?id(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "spaces_access_key_id secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "spaces[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then + if {latest.response} matches "spaces[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "spaces_secret_access_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "spotify[_-]?api[_-]?access[_-]?token(=| =|:| :)" then + if {latest.response} matches "spotify[_-]?api[_-]?access[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "spotify_api_access_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "spotify[_-]?api[_-]?client[_-]?secret(=| =|:| :)" then + if {latest.response} matches "spotify[_-]?api[_-]?client[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "spotify_api_client_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "spring[_-]?mail[_-]?password(=| =|:| :)" then + if {latest.response} matches "spring[_-]?mail[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "spring_mail_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sqsaccesskey(=| =|:| :)" then + if {latest.response} matches "sqsaccesskey(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sqsaccesskey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sqssecretkey(=| =|:| :)" then + if {latest.response} matches "sqssecretkey(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sqssecretkey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(sq0[a-z]{3}-[0-9A-Za-z-_]{20,50})" then + if {latest.response} matches "(sq0[a-z]{3}-[0-9A-Za-z-_]{20,50})" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "square_app_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "square[_-]?reader[_-]?sdk[_-]?repository[_-]?password(=| =|:| :)" then + if {latest.response} matches "square[_-]?reader[_-]?sdk[_-]?repository[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "square_reader_sdk_repository_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "srcclr[_-]?api[_-]?token(=| =|:| :)" then + if {latest.response} matches "srcclr[_-]?api[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "srcclr_api_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(sshpass -p.*['|\"])" then + if {latest.response} matches "(sshpass -p.*['|\"])" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ssh_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sshpass(=| =|:| :)" then + if {latest.response} matches "sshpass(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "sshpass secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ssmtp[_-]?config(=| =|:| :)" then + if {latest.response} matches "ssmtp[_-]?config(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "ssmtp_config secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "staging[_-]?base[_-]?url[_-]?runscope(=| =|:| :)" then + if {latest.response} matches "staging[_-]?base[_-]?url[_-]?runscope(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "staging_base_url_runscope secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "star[_-]?test[_-]?aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" then + if {latest.response} matches "star[_-]?test[_-]?aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "star_test_aws_access_key_id secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "star[_-]?test[_-]?bucket(=| =|:| :)" then + if {latest.response} matches "star[_-]?test[_-]?bucket(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "star_test_bucket secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "star[_-]?test[_-]?location(=| =|:| :)" then + if {latest.response} matches "star[_-]?test[_-]?location(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "star_test_location secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "star[_-]?test[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then + if {latest.response} matches "star[_-]?test[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "star_test_secret_access_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "starship[_-]?account[_-]?sid(=| =|:| :)" then + if {latest.response} matches "starship[_-]?account[_-]?sid(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "starship_account_sid secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "starship[_-]?auth[_-]?token(=| =|:| :)" then + if {latest.response} matches "starship[_-]?auth[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "starship_auth_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "stormpath[_-]?api[_-]?key[_-]?id(=| =|:| :)" then + if {latest.response} matches "stormpath[_-]?api[_-]?key[_-]?id(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "stormpath_api_key_id secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "stormpath[_-]?api[_-]?key[_-]?secret(=| =|:| :)" then + if {latest.response} matches "stormpath[_-]?api[_-]?key[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "stormpath_api_key_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "strip[_-]?publishable[_-]?key(=| =|:| :)" then + if {latest.response} matches "strip[_-]?publishable[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "strip_publishable_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "strip[_-]?secret[_-]?key(=| =|:| :)" then + if {latest.response} matches "strip[_-]?secret[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "strip_secret_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "stripe[_-]?private(=| =|:| :)" then + if {latest.response} matches "stripe[_-]?private(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "stripe_private secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "stripe[_-]?public(=| =|:| :)" then + if {latest.response} matches "stripe[_-]?public(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "stripe_public secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(rk_live_[0-9a-zA-Z]{24,34})" then + if {latest.response} matches "(rk_live_[0-9a-zA-Z]{24,34})" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "stripe_restricted_api secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(sk_live_[0-9a-zA-Z]{24,34})" then + if {latest.response} matches "(sk_live_[0-9a-zA-Z]{24,34})" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "stripe_standard_api secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "surge[_-]?login(=| =|:| :)" then + if {latest.response} matches "surge[_-]?login(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "surge_login secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "surge[_-]?token(=| =|:| :)" then + if {latest.response} matches "surge[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "surge_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "svn[_-]?pass(=| =|:| :)" then + if {latest.response} matches "svn[_-]?pass(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "svn_pass secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "tesco[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "tesco[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "tesco_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "test[_-]?github[_-]?token(=| =|:| :)" then + if {latest.response} matches "test[_-]?github[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "test_github_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "test[_-]?test(=| =|:| :)" then + if {latest.response} matches "test[_-]?test(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "test_test secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "tester[_-]?keys[_-]?password(=| =|:| :)" then + if {latest.response} matches "tester[_-]?keys[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "tester_keys_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "thera[_-]?oss[_-]?access[_-]?key(=| =|:| :)" then + if {latest.response} matches "thera[_-]?oss[_-]?access[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "thera_oss_access_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "token[_-]?core[_-]?java(=| =|:| :)" then + if {latest.response} matches "token[_-]?core[_-]?java(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "token_core_java secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "travis[_-]?access[_-]?token(=| =|:| :)" then + if {latest.response} matches "travis[_-]?access[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "travis_access_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "travis[_-]?api[_-]?token(=| =|:| :)" then + if {latest.response} matches "travis[_-]?api[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "travis_api_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "travis[_-]?branch(=| =|:| :)" then + if {latest.response} matches "travis[_-]?branch(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "travis_branch secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "travis[_-]?com[_-]?token(=| =|:| :)" then + if {latest.response} matches "travis[_-]?com[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "travis_com_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "travis[_-]?e2e[_-]?token(=| =|:| :)" then + if {latest.response} matches "travis[_-]?e2e[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "travis_e2e_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "travis[_-]?gh[_-]?token(=| =|:| :)" then + if {latest.response} matches "travis[_-]?gh[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "travis_gh_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "travis[_-]?pull[_-]?request(=| =|:| :)" then + if {latest.response} matches "travis[_-]?pull[_-]?request(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "travis_pull_request secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "trex[_-]?client[_-]?token(=| =|:| :)" then + if {latest.response} matches "trex[_-]?client[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "trex_client_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "trex[_-]?okta[_-]?client[_-]?token(=| =|:| :)" then + if {latest.response} matches "trex[_-]?okta[_-]?client[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "trex_okta_client_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "twilio[_-]?configuration[_-]?sid(=| =|:| :)" then + if {latest.response} matches "twilio[_-]?configuration[_-]?sid(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "twilio_configuration_sid secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "twilio[_-]?sid(=| =|:| :)" then + if {latest.response} matches "twilio[_-]?sid(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "twilio_sid secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "twine[_-]?password(=| =|:| :)" then + if {latest.response} matches "twine[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "twine_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "unity[_-]?password(=| =|:| :)" then + if {latest.response} matches "unity[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "unity_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "unity[_-]?serial(=| =|:| :)" then + if {latest.response} matches "unity[_-]?serial(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "unity_serial secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "urban[_-]?key(=| =|:| :)" then + if {latest.response} matches "urban[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "urban_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "urban[_-]?secret(=| =|:| :)" then + if {latest.response} matches "urban[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "urban_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "us[_-]?east[_-]?1[_-]?elb[_-]?amazonaws[_-]?com(=| =|:| :)" then + if {latest.response} matches "us[_-]?east[_-]?1[_-]?elb[_-]?amazonaws[_-]?com(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "us_east_1_elb_amazonaws_com secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "user[_-]?assets[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then + if {latest.response} matches "user[_-]?assets[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "user_assets_secret_access_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "usertravis(=| =|:| :)" then + if {latest.response} matches "usertravis(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "usertravis secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "v[_-]?sfdc[_-]?client[_-]?secret(=| =|:| :)" then + if {latest.response} matches "v[_-]?sfdc[_-]?client[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "v_sfdc_client_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "v[_-]?sfdc[_-]?password(=| =|:| :)" then + if {latest.response} matches "v[_-]?sfdc[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "v_sfdc_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "vip[_-]?github[_-]?build[_-]?repo[_-]?deploy[_-]?key(=| =|:| :)" then + if {latest.response} matches "vip[_-]?github[_-]?build[_-]?repo[_-]?deploy[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "vip_github_build_repo_deploy_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "vip[_-]?github[_-]?deploy[_-]?key(=| =|:| :)" then + if {latest.response} matches "vip[_-]?github[_-]?deploy[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "vip_github_deploy_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "vip[_-]?github[_-]?deploy[_-]?key[_-]?pass(=| =|:| :)" then + if {latest.response} matches "vip[_-]?github[_-]?deploy[_-]?key[_-]?pass(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "vip_github_deploy_key_pass secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "visual[_-]?recognition[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "visual[_-]?recognition[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "visual_recognition_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "vscetoken(=| =|:| :)" then + if {latest.response} matches "vscetoken(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "vscetoken secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "wakatime[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "wakatime[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "wakatime_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "watson[_-]?conversation[_-]?password(=| =|:| :)" then + if {latest.response} matches "watson[_-]?conversation[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "watson_conversation_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "watson[_-]?device[_-]?password(=| =|:| :)" then + if {latest.response} matches "watson[_-]?device[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "watson_device_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "watson[_-]?password(=| =|:| :)" then + if {latest.response} matches "watson[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "watson_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "widget[_-]?basic[_-]?password(=| =|:| :)" then + if {latest.response} matches "widget[_-]?basic[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "widget_basic_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "widget[_-]?basic[_-]?password[_-]?2(=| =|:| :)" then + if {latest.response} matches "widget[_-]?basic[_-]?password[_-]?2(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "widget_basic_password_2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "widget[_-]?basic[_-]?password[_-]?3(=| =|:| :)" then + if {latest.response} matches "widget[_-]?basic[_-]?password[_-]?3(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "widget_basic_password_3 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "widget[_-]?basic[_-]?password[_-]?4(=| =|:| :)" then + if {latest.response} matches "widget[_-]?basic[_-]?password[_-]?4(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "widget_basic_password_4 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "widget[_-]?basic[_-]?password[_-]?5(=| =|:| :)" then + if {latest.response} matches "widget[_-]?basic[_-]?password[_-]?5(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "widget_basic_password_5 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "widget[_-]?fb[_-]?password(=| =|:| :)" then + if {latest.response} matches "widget[_-]?fb[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "widget_fb_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "widget[_-]?fb[_-]?password[_-]?2(=| =|:| :)" then + if {latest.response} matches "widget[_-]?fb[_-]?password[_-]?2(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "widget_fb_password_2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "widget[_-]?fb[_-]?password[_-]?3(=| =|:| :)" then + if {latest.response} matches "widget[_-]?fb[_-]?password[_-]?3(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "widget_fb_password_3 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "widget[_-]?test[_-]?server(=| =|:| :)" then + if {latest.response} matches "widget[_-]?test[_-]?server(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "widget_test_server secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "wincert[_-]?password(=| =|:| :)" then + if {latest.response} matches "wincert[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "wincert_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "wordpress[_-]?db[_-]?password(=| =|:| :)" then + if {latest.response} matches "wordpress[_-]?db[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "wordpress_db_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "wordpress[_-]?db[_-]?user(=| =|:| :)" then + if {latest.response} matches "wordpress[_-]?db[_-]?user(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "wordpress_db_user secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "wpjm[_-]?phpunit[_-]?google[_-]?geocode[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "wpjm[_-]?phpunit[_-]?google[_-]?geocode[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "wpjm_phpunit_google_geocode_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "wporg[_-]?password(=| =|:| :)" then + if {latest.response} matches "wporg[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "wporg_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "wpt[_-]?db[_-]?password(=| =|:| :)" then + if {latest.response} matches "wpt[_-]?db[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "wpt_db_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "wpt[_-]?db[_-]?user(=| =|:| :)" then + if {latest.response} matches "wpt[_-]?db[_-]?user(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "wpt_db_user secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "wpt[_-]?prepare[_-]?dir(=| =|:| :)" then + if {latest.response} matches "wpt[_-]?prepare[_-]?dir(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "wpt_prepare_dir secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "wpt[_-]?report[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "wpt[_-]?report[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "wpt_report_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "wpt[_-]?ssh[_-]?connect(=| =|:| :)" then + if {latest.response} matches "wpt[_-]?ssh[_-]?connect(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "wpt_ssh_connect secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "wpt[_-]?ssh[_-]?private[_-]?key[_-]?base64(=| =|:| :)" then + if {latest.response} matches "wpt[_-]?ssh[_-]?private[_-]?key[_-]?base64(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "wpt_ssh_private_key_base64 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "www[_-]?googleapis[_-]?com(=| =|:| :)" then + if {latest.response} matches "www[_-]?googleapis[_-]?com(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "www_googleapis_com secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "yangshun[_-]?gh[_-]?password(=| =|:| :)" then + if {latest.response} matches "yangshun[_-]?gh[_-]?password(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "yangshun_gh_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "yangshun[_-]?gh[_-]?token(=| =|:| :)" then + if {latest.response} matches "yangshun[_-]?gh[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "yangshun_gh_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "yt[_-]?account[_-]?client[_-]?secret(=| =|:| :)" then + if {latest.response} matches "yt[_-]?account[_-]?client[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "yt_account_client_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "yt[_-]?account[_-]?refresh[_-]?token(=| =|:| :)" then + if {latest.response} matches "yt[_-]?account[_-]?refresh[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "yt_account_refresh_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "yt[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "yt[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "yt_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "yt[_-]?client[_-]?secret(=| =|:| :)" then + if {latest.response} matches "yt[_-]?client[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "yt_client_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "yt[_-]?partner[_-]?client[_-]?secret(=| =|:| :)" then + if {latest.response} matches "yt[_-]?partner[_-]?client[_-]?secret(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "yt_partner_client_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "yt[_-]?partner[_-]?refresh[_-]?token(=| =|:| :)" then + if {latest.response} matches "yt[_-]?partner[_-]?refresh[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "yt_partner_refresh_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "yt[_-]?server[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "yt[_-]?server[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "yt_server_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "zendesk[_-]?travis[_-]?github(=| =|:| :)" then + if {latest.response} matches "zendesk[_-]?travis[_-]?github(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "zendesk_travis_github secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "zensonatypepassword(=| =|:| :)" then + if {latest.response} matches "zensonatypepassword(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "zensonatypepassword secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "zhuliang[_-]?gh[_-]?token(=| =|:| :)" then + if {latest.response} matches "zhuliang[_-]?gh[_-]?token(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "zhuliang_gh_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "zopim[_-]?account[_-]?key(=| =|:| :)" then + if {latest.response} matches "zopim[_-]?account[_-]?key(=| =|:| :)" then report issue: - severity: low - confidence: firm + severity: medium + confidence: tentative detail: "zopim_account_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." - end if + end if From fcd9aa878f74b40072b54f3a906e0a65d704d196 Mon Sep 17 00:00:00 2001 From: Khaled Mohamed <46958133+xElkomy@users.noreply.github.com> Date: Thu, 25 Jan 2024 17:47:01 +0200 Subject: [PATCH 2/6] Update and rename high-severity-token.bcheck to certain.bcheck We implemented a minor adjustment using 'else if', as 'else if' ceases execution upon discovering the first secret. Conversely, using 'if' allows the process to continue, enabling the identification of any additional exposed secrets. --- ...h-severity-token.bcheck => certain.bcheck} | 6178 ++++++++++------- 1 file changed, 3526 insertions(+), 2652 deletions(-) rename other/tokens/{high-severity-token.bcheck => certain.bcheck} (55%) diff --git a/other/tokens/high-severity-token.bcheck b/other/tokens/certain.bcheck similarity index 55% rename from other/tokens/high-severity-token.bcheck rename to other/tokens/certain.bcheck index 074a558..bc943f9 100644 --- a/other/tokens/high-severity-token.bcheck +++ b/other/tokens/certain.bcheck @@ -1,6182 +1,7056 @@ metadata: language: v1-beta - name: "Information Disclosure" + name: "Information Disclosure Secret Finder - certain" description: "Detects secret patterns in responses." - author: "bugswagger, xelkomy, juba0x00" + author: "bugswagger, xelkomy, juba0x00, xhzeem" tags: "secret, bugswagger" given response then - if {latest.response} matches "bugswagger" then - report issue: - severity: low - confidence: firm - detail: "bugswagger secret pattern detected in the response." - remediation: "Review and remove unnecessary exposure of secrets." - else if {latest.response} matches "arn:aws:[a-z0-9-]+:[a-z]{2}-[a-z]+-[0-9]+:[0-9]+:.+" then + if {latest.response} matches "arn:aws:[a-z0-9-]+:[a-z]{2}-[a-z]+-[0-9]+:[0-9]+:.+" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "AWS ARN secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}" then + if {latest.response} matches "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "AWS Access Key ID Value secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "da2-[a-z0-9]{26}" then + if {latest.response} matches "da2-[a-z0-9]{26}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "AWS AppSync GraphQL Key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" then + if {latest.response} matches "amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "AWS MWS key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "[0-9a-z._-]+.rds.amazonaws.com" then + if {latest.response} matches "[0-9a-z._-]+.rds.amazonaws.com" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "AWS RDS secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "s3://[0-9a-z._/-]+" then + if {latest.response} matches "s3://[0-9a-z._/-]+" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "AWS S3 Bucket secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(aws_access_key_id|aws_secret_access_key)" then + if {latest.response} matches "(aws_access_key_id|aws_secret_access_key)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "AWS cred file info secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:abbysale).{0,40}\b([a-z0-9A-Z]{40})\b" then + if {latest.response} matches "(?:abbysale).{0,40}\b([a-z0-9A-Z]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Abbysale secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:abstract).{0,40}\b([0-9a-z]{32})\b" then + if {latest.response} matches "(?:abstract).{0,40}\b([0-9a-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Abstract secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:abuseipdb).{0,40}\b([a-z0-9]{80})\b" then + if {latest.response} matches "(?:abuseipdb).{0,40}\b([a-z0-9]{80})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Abuseipdb secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:accuweather).{0,40}([a-z0-9A-Z\%]{35})\b" then + if {latest.response} matches "(?:accuweather).{0,40}([a-z0-9A-Z\%]{35})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Accuweather secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(aio\_[a-zA-Z0-9]{28})\b" then + if {latest.response} matches "\b(aio\_[a-zA-Z0-9]{28})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Adafruitio secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:adobe).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:adobe).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Adobeio - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:adzuna).{0,40}\b([a-z0-9]{8})\b" then + if {latest.response} matches "(?:adzuna).{0,40}\b([a-z0-9]{8})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Adzuna - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:adzuna).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:adzuna).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Adzuna - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:aeroworkflow).{0,40}\b([0-9]{1,})\b" then + if {latest.response} matches "(?:aeroworkflow).{0,40}\b([0-9]{1,})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Aeroworkflow - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:aeroworkflow).{0,40}\b([a-zA-Z0-9^!]{20})\b" then + if {latest.response} matches "(?:aeroworkflow).{0,40}\b([a-zA-Z0-9^!]{20})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Aeroworkflow - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:agora).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:agora).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Agora secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:airbrake).{0,40}\b([0-9]{6})\b" then + if {latest.response} matches "(?:airbrake).{0,40}\b([0-9]{6})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Airbrakeprojectkey - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:airbrake).{0,40}\b([a-zA-Z-0-9]{32})\b" then + if {latest.response} matches "(?:airbrake).{0,40}\b([a-zA-Z-0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Airbrakeprojectkey - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:airbrake).{0,40}\b([a-zA-Z-0-9]{40})\b" then + if {latest.response} matches "(?:airbrake).{0,40}\b([a-zA-Z-0-9]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Airbrakeuserkey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:airship).{0,40}\b([0-9Aa-zA-Z]{91})\b" then + if {latest.response} matches "(?:airship).{0,40}\b([0-9Aa-zA-Z]{91})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Airship secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:airvisual).{0,40}\b([a-z0-9-]{36})\b" then + if {latest.response} matches "(?:airvisual).{0,40}\b([a-z0-9-]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Airvisual secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:alconost).{0,40}\b([0-9Aa-z]{32})\b" then + if {latest.response} matches "(?:alconost).{0,40}\b([0-9Aa-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Alconost secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:alegra).{0,40}\b([a-z0-9-]{20})\b" then + if {latest.response} matches "(?:alegra).{0,40}\b([a-z0-9-]{20})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Alegra - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:alegra).{0,40}\b([a-zA-Z0-9.-@]{25,30})\b" then + if {latest.response} matches "(?:alegra).{0,40}\b([a-zA-Z0-9.-@]{25,30})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Alegra - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:aletheiaapi).{0,40}\b([A-Z0-9]{32})\b" then + if {latest.response} matches "(?:aletheiaapi).{0,40}\b([A-Z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Aletheiaapi secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(LTAI[a-zA-Z0-9]{17,21})[\\"' ;\s]*" then + if {latest.response} matches "\b(LTAI[a-zA-Z0-9]{17,21})[\"' ;\s]*" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Alibaba - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:alienvault).{0,40}\b([a-z0-9]{64})\b" then + if {latest.response} matches "(?:alienvault).{0,40}\b([a-z0-9]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Alienvault secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:allsports).{0,40}\b([0-9a-z]{64})\b" then + if {latest.response} matches "(?:allsports).{0,40}\b([0-9a-z]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Allsports secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:amadeus).{0,40}\b([0-9A-Za-z]{32})\b" then + if {latest.response} matches "(?:amadeus).{0,40}\b([0-9A-Za-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Amadeus - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:amadeus).{0,40}\b([0-9A-Za-z]{16})\b" then + if {latest.response} matches "(?:amadeus).{0,40}\b([0-9A-Za-z]{16})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Amadeus - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:ambee).{0,40}\b([0-9a-f]{64})\b" then + if {latest.response} matches "(?:ambee).{0,40}\b([0-9a-f]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Ambee secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:amplitude).{0,40}\b([a-f0-9]{32})" then + if {latest.response} matches "(?:amplitude).{0,40}\b([a-f0-9]{32})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Amplitudeapikey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:apacta).{0,40}\b([a-z0-9-]{36})\b" then + if {latest.response} matches "(?:apacta).{0,40}\b([a-z0-9-]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Apacta secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:api2cart).{0,40}\b([0-9a-f]{32})\b" then + if {latest.response} matches "(?:api2cart).{0,40}\b([0-9a-f]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Api2cart secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(sk_live_[a-z0-9A-Z-]{93})\b" then + if {latest.response} matches "\b(sk_live_[a-z0-9A-Z-]{93})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Apideck - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:apideck).{0,40}\b([a-z0-9A-Z]{40})\b" then + if {latest.response} matches "(?:apideck).{0,40}\b([a-z0-9A-Z]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Apideck - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:apiflash).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:apiflash).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Apiflash - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:apiflash).{0,40}\b([a-zA-Z0-9\S]{21,30})\b" then + if {latest.response} matches "(?:apiflash).{0,40}\b([a-zA-Z0-9\S]{21,30})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Apiflash - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:apifonica).{0,40}\b([0-9a-z]{11}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then + if {latest.response} matches "(?:apifonica).{0,40}\b([0-9a-z]{11}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Apifonica secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(apify\_api\_[a-zA-Z-0-9]{36})\b" then + if {latest.response} matches "\b(apify\_api\_[a-zA-Z-0-9]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Apify secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:apimatic).{0,40}\b([a-z0-9-\S]{8,32})\b" then + if {latest.response} matches "(?:apimatic).{0,40}\b([a-z0-9-\S]{8,32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Apimatic - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:apimatic).{0,40}\b([a-zA-Z0-9]{3,20}@[a-zA-Z0-9]{2,12}.[a-zA-Z0-9]{2,5})\b" then + if {latest.response} matches "(?:apimatic).{0,40}\b([a-zA-Z0-9]{3,20}@[a-zA-Z0-9]{2,12}.[a-zA-Z0-9]{2,5})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Apimatic - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:apiscience).{0,40}\b([a-bA-Z0-9\S]{22})\b" then + if {latest.response} matches "(?:apiscience).{0,40}\b([a-bA-Z0-9\S]{22})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Apiscience secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:apollo).{0,40}\b([a-zA-Z0-9]{22})\b" then + if {latest.response} matches "(?:apollo).{0,40}\b([a-zA-Z0-9]{22})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Apollo secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:appcues).{0,40}\b([0-9]{5})\b" then + if {latest.response} matches "(?:appcues).{0,40}\b([0-9]{5})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Appcues - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:appcues).{0,40}\b([a-z0-9-]{36})\b" then + if {latest.response} matches "(?:appcues).{0,40}\b([a-z0-9-]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Appcues - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:appcues).{0,40}\b([a-z0-9-]{39})\b" then + if {latest.response} matches "(?:appcues).{0,40}\b([a-z0-9-]{39})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Appcues - 3 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:appfollow).{0,40}\b([0-9A-Za-z]{20})\b" then + if {latest.response} matches "(?:appfollow).{0,40}\b([0-9A-Za-z]{20})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Appfollow secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:appsynergy).{0,40}\b([a-z0-9]{64})\b" then + if {latest.response} matches "(?:appsynergy).{0,40}\b([a-z0-9]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Appsynergy secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:apptivo).{0,40}\b([a-z0-9-]{36})\b" then + if {latest.response} matches "(?:apptivo).{0,40}\b([a-z0-9-]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Apptivo - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:apptivo).{0,40}\b([a-zA-Z0-9-]{32})\b" then + if {latest.response} matches "(?:apptivo).{0,40}\b([a-zA-Z0-9-]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Apptivo - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b([A-Za-z0-9](?:[A-Za-z0-9\-]{0,61}[A-Za-z0-9])\.jfrog\.io)" then + if {latest.response} matches "\b([A-Za-z0-9](?:[A-Za-z0-9\-]{0,61}[A-Za-z0-9])\.jfrog\.io)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Artifactory - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:artsy).{0,40}\b([0-9a-zA-Z]{20})\b" then + if {latest.response} matches "(?:artsy).{0,40}\b([0-9a-zA-Z]{20})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Artsy - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:artsy).{0,40}\b([0-9a-zA-Z]{32})\b" then + if {latest.response} matches "(?:artsy).{0,40}\b([0-9a-zA-Z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Artsy - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:asana).{0,40}\b([a-z\/:0-9]{51})\b" then + if {latest.response} matches "(?:asana).{0,40}\b([a-z\/:0-9]{51})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Asanaoauth secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:asana).{0,40}\b([0-9]{1,}\/[0-9]{16,}:[A-Za-z0-9]{32,})\b" then + if {latest.response} matches "(?:asana).{0,40}\b([0-9]{1,}\/[0-9]{16,}:[A-Za-z0-9]{32,})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Asanapersonalaccesstoken secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:assemblyai).{0,40}\b([0-9a-z]{32})\b" then + if {latest.response} matches "(?:assemblyai).{0,40}\b([0-9a-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Assemblyai secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "-----BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----" then + if {latest.response} matches "-----BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Asymmetric Private Key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:audd).{0,40}\b([a-z0-9-]{32})\b" then + if {latest.response} matches "(?:audd).{0,40}\b([a-z0-9-]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Audd secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:auth0).{0,40}\b(ey[a-zA-Z0-9._-]+)\b" then + if {latest.response} matches "(?:auth0).{0,40}\b(ey[a-zA-Z0-9._-]+)\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Auth0managementapitoken secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:autodesk).{0,40}\b([0-9A-Za-z]{32})\b" then + if {latest.response} matches "(?:autodesk).{0,40}\b([0-9A-Za-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Autodesk - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:autodesk).{0,40}\b([0-9A-Za-z]{16})\b" then + if {latest.response} matches "(?:autodesk).{0,40}\b([0-9A-Za-z]{16})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Autodesk - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:autoklose).{0,40}\b([a-zA-Z0-9-]{32})\b" then + if {latest.response} matches "(?:autoklose).{0,40}\b([a-zA-Z0-9-]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Autoklose secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:autopilot).{0,40}\b([0-9a-f]{32})\b" then + if {latest.response} matches "(?:autopilot).{0,40}\b([0-9a-f]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Autopilot secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:avaza).{0,40}\b([0-9]+-[0-9a-f]{40})\b" then + if {latest.response} matches "(?:avaza).{0,40}\b([0-9]+-[0-9a-f]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Avazapersonalaccesstoken secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:aviationstack).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:aviationstack).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Aviationstack secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b((?:AKIA|ABIA|ACCA|ASIA)[0-9A-Z]{16})\b" then + if {latest.response} matches "\b((?:AKIA|ABIA|ACCA|ASIA)[0-9A-Z]{16})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Aws - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:axonaut).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:axonaut).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Axonaut secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:aylien).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:aylien).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Aylien - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:aylien).{0,40}\b([a-z0-9]{8})\b" then + if {latest.response} matches "(?:aylien).{0,40}\b([a-z0-9]{8})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Aylien - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:ayrshare).{0,40}\b([A-Z]{7}-[A-Z0-9]{7}-[A-Z0-9]{7}-[A-Z0-9]{7})\b" then + if {latest.response} matches "(?:ayrshare).{0,40}\b([A-Z]{7}-[A-Z0-9]{7}-[A-Z0-9]{7}-[A-Z0-9]{7})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Ayrshare secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:bannerbear).{0,40}\b([0-9a-zA-Z]{22}tt)\b" then + if {latest.response} matches "(?:bannerbear).{0,40}\b([0-9a-zA-Z]{22}tt)\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Bannerbear secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:baremetrics).{0,40}\b([a-zA-Z0-9_]{25})\b" then + if {latest.response} matches "(?:baremetrics).{0,40}\b([a-zA-Z0-9_]{25})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Baremetrics secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:baseapi|base-api).{0,40}\b([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then + if {latest.response} matches "(?:baseapi|base-api).{0,40}\b([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Baseapiio secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:beamer).{0,40}\b([a-zA-Z0-9_+/]{45}=)" then + if {latest.response} matches "(?:beamer).{0,40}\b([a-zA-Z0-9_+/]{45}=)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Beamer secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:beebole).{0,40}\b([0-9a-z]{40})\b" then + if {latest.response} matches "(?:beebole).{0,40}\b([0-9a-z]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Beebole secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:besttime).{0,40}\b([0-9A-Za-z_]{36})\b" then + if {latest.response} matches "(?:besttime).{0,40}\b([0-9A-Za-z_]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Besttime secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:billomat).{0,40}\b([0-9a-z]{1,})\b" then + if {latest.response} matches "(?:billomat).{0,40}\b([0-9a-z]{1,})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Billomat - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:billomat).{0,40}\b([0-9a-z]{32})\b" then + if {latest.response} matches "(?:billomat).{0,40}\b([0-9a-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Billomat - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:bitbar).{0,40}\b([0-9a-z]{32})\b" then + if {latest.response} matches "(?:bitbar).{0,40}\b([0-9a-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Bitbar secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:bitcoinaverage).{0,40}\b([a-zA-Z0-9]{43})\b" then + if {latest.response} matches "(?:bitcoinaverage).{0,40}\b([a-zA-Z0-9]{43})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Bitcoinaverage secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:bitfinex).{0,40}\b([A-Za-z0-9_-]{43})\b" then + if {latest.response} matches "(?:bitfinex).{0,40}\b([A-Za-z0-9_-]{43})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Bitfinex secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "R_[0-9a-f]{32}" then + if {latest.response} matches "R_[0-9a-f]{32}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Bitly Secret Key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:bitly).{0,40}\b([a-zA-Z-0-9]{40})\b" then + if {latest.response} matches "(?:bitly).{0,40}\b([a-zA-Z-0-9]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Bitlyaccesstoken secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:bitmex).{0,40}([ \r\n]{1}[0-9a-zA-Z\-\_]{24}[ \r\n]{1})" then + if {latest.response} matches "(?:bitmex).{0,40}([ \r\n]{1}[0-9a-zA-Z\-\_]{24}[ \r\n]{1})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Bitmex - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:bitmex).{0,40}([ \r\n]{1}[0-9a-zA-Z\-\_]{48}[ \r\n]{1})" then + if {latest.response} matches "(?:bitmex).{0,40}([ \r\n]{1}[0-9a-zA-Z\-\_]{48}[ \r\n]{1})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Bitmex - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:blablabus).{0,40}\b([0-9A-Za-z]{22})\b" then + if {latest.response} matches "(?:blablabus).{0,40}\b([0-9A-Za-z]{22})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Blablabus secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:blazemeter|runscope).{0,40}\b([0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then + if {latest.response} matches "(?:blazemeter|runscope).{0,40}\b([0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Blazemeter secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:blitapp).{0,40}\b([a-zA-Z0-9_-]{39})\b" then + if {latest.response} matches "(?:blitapp).{0,40}\b([a-zA-Z0-9_-]{39})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Blitapp secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:bombbomb).{0,40}\b([a-zA-Z0-9-._]{704})\b" then + if {latest.response} matches "(?:bombbomb).{0,40}\b([a-zA-Z0-9-._]{704})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Bombbomb secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:boostnote).{0,40}\b([0-9a-f]{64})\b" then + if {latest.response} matches "(?:boostnote).{0,40}\b([0-9a-f]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Boostnote secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:borgbase).{0,40}\b([a-zA-Z0-9/_.-]{148,152})\b" then + if {latest.response} matches "(?:borgbase).{0,40}\b([a-zA-Z0-9/_.-]{148,152})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Borgbase secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "access_token$production$[0-9a-z]{16}$[0-9a-f]{32}" then + if {latest.response} matches "access_token$production$[0-9a-z]{16}$[0-9a-f]{32}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Braintree API Key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:brandfetch).{0,40}\b([0-9A-Za-z]{40})\b" then + if {latest.response} matches "(?:brandfetch).{0,40}\b([0-9A-Za-z]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Brandfetch secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:browshot).{0,40}\b([a-zA-Z-0-9]{28})\b" then + if {latest.response} matches "(?:browshot).{0,40}\b([a-zA-Z-0-9]{28})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Browshot secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:buddyns).{0,40}\b([0-9a-z]{40})\b" then + if {latest.response} matches "(?:buddyns).{0,40}\b([0-9a-z]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Buddyns secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:bugherd).{0,40}\b([0-9a-z]{22})\b" then + if {latest.response} matches "(?:bugherd).{0,40}\b([0-9a-z]{22})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Bugherd secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:bugsnag).{0,40}\b([0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then + if {latest.response} matches "(?:bugsnag).{0,40}\b([0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Bugsnag secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:buildkite).{0,40}\b([a-z0-9]{40})\b" then + if {latest.response} matches "(?:buildkite).{0,40}\b([a-z0-9]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Buildkite secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:bulbul).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:bulbul).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Bulbul secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:buttercms).{0,40}\b([a-z0-9]{40})\b" then + if {latest.response} matches "(?:buttercms).{0,40}\b([a-z0-9]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Buttercms secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:caflou).{0,40}\b([a-bA-Z0-9\S]{155})\b" then + if {latest.response} matches "(?:caflou).{0,40}\b([a-bA-Z0-9\S]{155})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Caflou secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:calendarific).{0,40}\b([a-z0-9]{40})\b" then + if {latest.response} matches "(?:calendarific).{0,40}\b([a-z0-9]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Calendarific secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:calendly).{0,40}\b([a-zA-Z-0-9]{20}.[a-zA-Z-0-9]{171}.[a-zA-Z-0-9_]{43})\b" then + if {latest.response} matches "(?:calendly).{0,40}\b([a-zA-Z-0-9]{20}.[a-zA-Z-0-9]{171}.[a-zA-Z-0-9_]{43})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Calendlyapikey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:calorieninja).{0,40}\b([0-9A-Za-z]{40})\b" then + if {latest.response} matches "(?:calorieninja).{0,40}\b([0-9A-Za-z]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Calorieninja secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:campayn).{0,40}\b([a-z0-9]{64})\b" then + if {latest.response} matches "(?:campayn).{0,40}\b([a-z0-9]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Campayn secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:canny).{0,40}\b([a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[0-9]{4}-[a-z0-9]{12})\b" then + if {latest.response} matches "(?:canny).{0,40}\b([a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[0-9]{4}-[a-z0-9]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Cannyio secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:capsulecrm).{0,40}\b([a-zA-Z0-9-._+=]{64})\b" then + if {latest.response} matches "(?:capsulecrm).{0,40}\b([a-zA-Z0-9-._+=]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Capsulecrm secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:captaindata).{0,40}\b([0-9a-f]{8}\-[0-9a-f]{4}\-[0-9a-f]{4}\-[0-9a-f]{4}\-[0-9a-f]{12})\b" then + if {latest.response} matches "(?:captaindata).{0,40}\b([0-9a-f]{8}\-[0-9a-f]{4}\-[0-9a-f]{4}\-[0-9a-f]{4}\-[0-9a-f]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Captaindata - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:captaindata).{0,40}\b([0-9a-f]{64})\b" then + if {latest.response} matches "(?:captaindata).{0,40}\b([0-9a-f]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Captaindata - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:carboninterface).{0,40}\b([a-zA-Z0-9]{21})\b" then + if {latest.response} matches "(?:carboninterface).{0,40}\b([a-zA-Z0-9]{21})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Carboninterface secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:cashboard).{0,40}\b([0-9A-Z]{3}-[0-9A-Z]{3}-[0-9A-Z]{3}-[0-9A-Z]{3})\b" then + if {latest.response} matches "(?:cashboard).{0,40}\b([0-9A-Z]{3}-[0-9A-Z]{3}-[0-9A-Z]{3}-[0-9A-Z]{3})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Cashboard - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:cashboard).{0,40}\b([0-9a-z]{1,})\b" then + if {latest.response} matches "(?:cashboard).{0,40}\b([0-9a-z]{1,})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Cashboard - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:caspio).{0,40}\b([a-z0-9]{8})\b" then + if {latest.response} matches "(?:caspio).{0,40}\b([a-z0-9]{8})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Caspio - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:caspio).{0,40}\b([a-z0-9]{50})\b" then + if {latest.response} matches "(?:caspio).{0,40}\b([a-z0-9]{50})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Caspio - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:censys).{0,40}\b([a-zA-Z0-9]{32})\b" then + if {latest.response} matches "(?:censys).{0,40}\b([a-zA-Z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Censys - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:censys).{0,40}\b([a-z0-9-]{36})\b" then + if {latest.response} matches "(?:censys).{0,40}\b([a-z0-9-]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Censys - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:centralstation).{0,40}\b([a-z0-9]{30})\b" then + if {latest.response} matches "(?:centralstation).{0,40}\b([a-z0-9]{30})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Centralstationcrm secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:cexio|cex.io).{0,40}\b([a-z]{2}[0-9]{9})\b" then + if {latest.response} matches "(?:cexio|cex.io).{0,40}\b([a-z]{2}[0-9]{9})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Cexio - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:cexio|cex.io).{0,40}\b([0-9A-Za-z]{24,27})\b" then + if {latest.response} matches "(?:cexio|cex.io).{0,40}\b([0-9A-Za-z]{24,27})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Cexio - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:chatbot).{0,40}\b([a-zA-Z0-9_]{32})\b" then + if {latest.response} matches "(?:chatbot).{0,40}\b([a-zA-Z0-9_]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Chatbot secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:chatfuel).{0,40}\b([a-zA-Z0-9]{128})\b" then + if {latest.response} matches "(?:chatfuel).{0,40}\b([a-zA-Z0-9]{128})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Chatfule secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:checio).{0,40}\b(pk_[a-z0-9]{45})\b" then + if {latest.response} matches "(?:checio).{0,40}\b(pk_[a-z0-9]{45})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Checio secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:checklyhq).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:checklyhq).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Checklyhq secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:checkout).{0,40}\b((sk_|sk_test_)[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})\b" then + if {latest.response} matches "(?:checkout).{0,40}\b((sk_|sk_test_)[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Checkout - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:checkout).{0,40}\b(cus_[0-9a-zA-Z]{26})\b" then + if {latest.response} matches "(?:checkout).{0,40}\b(cus_[0-9a-zA-Z]{26})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Checkout - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:checkvist).{0,40}\b([\w\.-]+@[\w-]+\.[\w\.-]{2,5})\b" then + if {latest.response} matches "(?:checkvist).{0,40}\b([\w\.-]+@[\w-]+\.[\w\.-]{2,5})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Checkvist - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:checkvist).{0,40}\b([0-9a-zA-Z]{14})\b" then + if {latest.response} matches "(?:checkvist).{0,40}\b([0-9a-zA-Z]{14})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Checkvist - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:cicero).{0,40}\b([0-9a-z]{40})\b" then + if {latest.response} matches "(?:cicero).{0,40}\b([0-9a-z]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Cicero secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:clearbit).{0,40}\b([0-9a-z_]{35})\b" then + if {latest.response} matches "(?:clearbit).{0,40}\b([0-9a-z_]{35})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Clearbit secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b([0-9A-Za-z]{3,20}.try.clickhelp.co)\b" then + if {latest.response} matches "\b([0-9A-Za-z]{3,20}.try.clickhelp.co)\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Clickhelp - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:clickhelp).{0,40}\b([0-9A-Za-z]{24})\b" then + if {latest.response} matches "(?:clickhelp).{0,40}\b([0-9A-Za-z]{24})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Clickhelp - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:sms).{0,40}\b([a-zA-Z0-9]{3,20}@[a-zA-Z0-9]{2,12}.[a-zA-Z0-9]{2,5})\b" then + if {latest.response} matches "(?:sms).{0,40}\b([a-zA-Z0-9]{3,20}@[a-zA-Z0-9]{2,12}.[a-zA-Z0-9]{2,5})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Clicksendsms - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:clickup).{0,40}\b(pk_[0-9]{8}_[0-9A-Z]{32})\b" then + if {latest.response} matches "(?:clickup).{0,40}\b(pk_[0-9]{8}_[0-9A-Z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Clickuppersonaltoken secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:cliengo).{0,40}\b([0-9a-f]{8}\-[0-9a-f]{4}\-[0-9a-f]{4}\-[0-9a-f]{4}\-[0-9a-f]{12})\b" then + if {latest.response} matches "(?:cliengo).{0,40}\b([0-9a-f]{8}\-[0-9a-f]{4}\-[0-9a-f]{4}\-[0-9a-f]{4}\-[0-9a-f]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Cliengo secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:clinchpad).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:clinchpad).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Clinchpad secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:clockify).{0,40}\b([a-zA-Z0-9]{48})\b" then + if {latest.response} matches "(?:clockify).{0,40}\b([a-zA-Z0-9]{48})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Clockify secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:clockwork|textanywhere).{0,40}\b([0-9a-zA-Z]{24})\b" then + if {latest.response} matches "(?:clockwork|textanywhere).{0,40}\b([0-9a-zA-Z]{24})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Clockworksms - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:clockwork|textanywhere).{0,40}\b([0-9]{5})\b" then + if {latest.response} matches "(?:clockwork|textanywhere).{0,40}\b([0-9]{5})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Clockworksms - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(api_[a-z0-9A-Z.]{45})\b" then + if {latest.response} matches "\b(api_[a-z0-9A-Z.]{45})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Closecrm secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:cloudelements).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:cloudelements).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Cloudelements - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:cloudelements).{0,40}\b([a-zA-Z0-9]{43})\b" then + if {latest.response} matches "(?:cloudelements).{0,40}\b([a-zA-Z0-9]{43})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Cloudelements - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:cloudflare).{0,40}\b(v[A-Za-z0-9._-]{173,})\b" then + if {latest.response} matches "(?:cloudflare).{0,40}\b(v[A-Za-z0-9._-]{173,})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Cloudflarecakey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:cloudimage).{0,40}\b([a-z0-9_]{30})\b" then + if {latest.response} matches "(?:cloudimage).{0,40}\b([a-z0-9_]{30})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Cloudimage secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cloudinary://[0-9]+:[A-Za-z0-9\-_\.]+@[A-Za-z0-9\-_\.]+" then + if {latest.response} matches "cloudinary://[0-9]+:[A-Za-z0-9\-_\.]+@[A-Za-z0-9\-_\.]+" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Cloudinary Credentials secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:cloudmersive).{0,40}\b([a-z0-9-]{36})\b" then + if {latest.response} matches "(?:cloudmersive).{0,40}\b([a-z0-9-]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Cloudmersive secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:cloudplan).{0,40}\b([A-Z0-9-]{32})\b" then + if {latest.response} matches "(?:cloudplan).{0,40}\b([A-Z0-9-]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Cloudplan secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:cloverly).{0,40}\b([a-z0-9:_]{28})\b" then + if {latest.response} matches "(?:cloverly).{0,40}\b([a-z0-9:_]{28})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Cloverly secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:cloze).{0,40}\b([0-9a-f]{32})\b" then + if {latest.response} matches "(?:cloze).{0,40}\b([0-9a-f]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Cloze - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:cloze).{0,40}\b([\w\.-]+@[\w-]+\.[\w\.-]{2,5})\b" then + if {latest.response} matches "(?:cloze).{0,40}\b([\w\.-]+@[\w-]+\.[\w\.-]{2,5})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Cloze - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:clustdoc).{0,40}\b([0-9a-zA-Z]{60})\b" then + if {latest.response} matches "(?:clustdoc).{0,40}\b([0-9a-zA-Z]{60})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Clustdoc secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:codacy).{0,40}\b([0-9A-Za-z]{20})\b" then + if {latest.response} matches "(?:codacy).{0,40}\b([0-9A-Za-z]{20})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Codacy secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:coinapi).{0,40}\b([A-Z0-9-]{36})\b" then + if {latest.response} matches "(?:coinapi).{0,40}\b([A-Z0-9-]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Coinapi secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:coinbase).{0,40}\b([a-zA-Z-0-9]{64})\b" then + if {latest.response} matches "(?:coinbase).{0,40}\b([a-zA-Z-0-9]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Coinbase secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:coinlayer).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:coinlayer).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Coinlayer secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:coinlib).{0,40}\b([a-z0-9]{16})\b" then + if {latest.response} matches "(?:coinlib).{0,40}\b([a-z0-9]{16})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Coinlib secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:column).{0,40}\b((?:test|live)_[a-zA-Z0-9]{27})\b" then + if {latest.response} matches "(?:column).{0,40}\b((?:test|live)_[a-zA-Z0-9]{27})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Column secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:commercejs).{0,40}\b([a-z0-9_]{48})\b" then + if {latest.response} matches "(?:commercejs).{0,40}\b([a-z0-9_]{48})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Commercejs secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:commodities).{0,40}\b([a-zA-Z0-9]{60})\b" then + if {latest.response} matches "(?:commodities).{0,40}\b([a-zA-Z0-9]{60})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Commodities secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:companyhub).{0,40}\b([0-9a-zA-Z]{20})\b" then + if {latest.response} matches "(?:companyhub).{0,40}\b([0-9a-zA-Z]{20})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Companyhub - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:companyhub).{0,40}\b([a-zA-Z0-9$%^=-]{4,32})\b" then + if {latest.response} matches "(?:companyhub).{0,40}\b([a-zA-Z0-9$%^=-]{4,32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Companyhub - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:confluent).{0,40}\b([a-zA-Z-0-9]{16})\b" then + if {latest.response} matches "(?:confluent).{0,40}\b([a-zA-Z-0-9]{16})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Confluent - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:confluent).{0,40}\b([a-zA-Z-0-9]{64})\b" then + if {latest.response} matches "(?:confluent).{0,40}\b([a-zA-Z-0-9]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Confluent - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:convertkit).{0,40}\b([a-z0-9A-Z_]{22})\b" then + if {latest.response} matches "(?:convertkit).{0,40}\b([a-z0-9A-Z_]{22})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Convertkit secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:convier).{0,40}\b([0-9]{2}\|[a-zA-Z0-9]{40})\b" then + if {latest.response} matches "(?:convier).{0,40}\b([0-9]{2}\|[a-zA-Z0-9]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Convier secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:copper).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:copper).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Copper - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:countrylayer).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:countrylayer).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Countrylayer secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:courier).{0,40}\b(pk\_[a-zA-Z0-9]{1,}\_[a-zA-Z0-9]{28})\b" then + if {latest.response} matches "(?:courier).{0,40}\b(pk\_[a-zA-Z0-9]{1,}\_[a-zA-Z0-9]{28})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Courier secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:coveralls).{0,40}\b([a-zA-Z0-9-]{37})\b" then + if {latest.response} matches "(?:coveralls).{0,40}\b([a-zA-Z0-9-]{37})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Coveralls secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:crowdin).{0,40}\b([0-9A-Za-z]{80})\b" then + if {latest.response} matches "(?:crowdin).{0,40}\b([0-9A-Za-z]{80})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Crowdin secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:cryptocompare).{0,40}\b([a-z-0-9]{64})\b" then + if {latest.response} matches "(?:cryptocompare).{0,40}\b([a-z-0-9]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Cryptocompare secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:currencycloud).{0,40}\b([0-9a-z]{64})\b" then + if {latest.response} matches "(?:currencycloud).{0,40}\b([0-9a-z]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Currencycloud - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:currencyfreaks).{0,40}\b([0-9a-z]{32})\b" then + if {latest.response} matches "(?:currencyfreaks).{0,40}\b([0-9a-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Currencyfreaks secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:currencylayer).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:currencylayer).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Currencylayer secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:currencyscoop).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:currencyscoop).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Currencyscoop secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:currentsapi).{0,40}\b([a-zA-Z0-9\S]{48})\b" then + if {latest.response} matches "(?:currentsapi).{0,40}\b([a-zA-Z0-9\S]{48})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Currentsapi secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:guru).{0,40}\b([a-z0-9A-Z]{50})\b" then + if {latest.response} matches "(?:guru).{0,40}\b([a-z0-9A-Z]{50})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Customerguru - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:guru).{0,40}\b([a-z0-9A-Z]{30})\b" then + if {latest.response} matches "(?:guru).{0,40}\b([a-z0-9A-Z]{30})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Customerguru - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:d7network).{0,40}\b([a-zA-Z0-9\W\S]{23}\=)" then + if {latest.response} matches "(?:d7network).{0,40}\b([a-zA-Z0-9\W\S]{23}\=)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "D7network secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:daily).{0,40}\b([0-9a-f]{64})\b" then + if {latest.response} matches "(?:daily).{0,40}\b([0-9a-f]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Dailyco secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:dandelion).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:dandelion).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Dandelion secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "dapi[a-f0-9]{32}\b" then + if {latest.response} matches "dapi[a-f0-9]{32}\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Databricks secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:datafire).{0,40}\b([a-z0-9\S]{175,190})\b" then + if {latest.response} matches "(?:datafire).{0,40}\b([a-z0-9\S]{175,190})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Datafire secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:data.gov).{0,40}\b([a-zA-Z0-9]{40})\b" then + if {latest.response} matches "(?:data.gov).{0,40}\b([a-zA-Z0-9]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Datagov secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:deepai).{0,40}\b([a-z0-9-]{36})\b" then + if {latest.response} matches "(?:deepai).{0,40}\b([a-z0-9-]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Deepai secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:deepgram).{0,40}\b([0-9a-z]{40})\b" then + if {latest.response} matches "(?:deepgram).{0,40}\b([0-9a-z]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Deepgram secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:delighted).{0,40}\b([a-z0-9A-Z]{32})\b" then + if {latest.response} matches "(?:delighted).{0,40}\b([a-z0-9A-Z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Delighted secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b([0-9a-z]{1,}.as.deputy.com)\b" then + if {latest.response} matches "\b([0-9a-z]{1,}.as.deputy.com)\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Deputy - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:deputy).{0,40}\b([0-9a-z]{32})\b" then + if {latest.response} matches "(?:deputy).{0,40}\b([0-9a-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Deputy - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:detectlanguage).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:detectlanguage).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Detectlanguage secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(web\_[0-9a-z]{32})\b" then + if {latest.response} matches "\b(web\_[0-9a-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Dfuse secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:diffbot).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:diffbot).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Diffbot secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:digitalocean).{0,40}\b([A-Za-z0-9_-]{64})\b" then + if {latest.response} matches "(?:digitalocean).{0,40}\b([A-Za-z0-9_-]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Digitaloceantoken secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "https://discordapp\.com/api/webhooks/[0-9]+/[A-Za-z0-9\-]+" then + if {latest.response} matches "https://discordapp\.com/api/webhooks/[0-9]+/[A-Za-z0-9\-]+" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Discord Webhook secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:discord).{0,40}\b([A-Za-z0-9_-]{24}\.[A-Za-z0-9_-]{6}\.[A-Za-z0-9_-]{27})\b" then + if {latest.response} matches "(?:discord).{0,40}\b([A-Za-z0-9_-]{24}\.[A-Za-z0-9_-]{6}\.[A-Za-z0-9_-]{27})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Discordbottoken - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:discord).{0,40}\b([0-9]{17})\b" then + if {latest.response} matches "(?:discord).{0,40}\b([0-9]{17})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Discordbottoken - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(https:\/\/discord.com\/api\/webhooks\/[0-9]{18}\/[0-9a-zA-Z-]{68})" then + if {latest.response} matches "(https:\/\/discord.com\/api\/webhooks\/[0-9]{18}\/[0-9a-zA-Z-]{68})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Discordwebhook secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:ditto).{0,40}\b([a-z0-9]{8}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{12}\.[a-z0-9]{40})\b" then + if {latest.response} matches "(?:ditto).{0,40}\b([a-z0-9]{8}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{12}\.[a-z0-9]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Ditto secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:dnscheck).{0,40}\b([a-z0-9A-Z-]{36})\b" then + if {latest.response} matches "(?:dnscheck).{0,40}\b([a-z0-9A-Z-]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Dnscheck - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:dnscheck).{0,40}\b([a-z0-9A-Z]{32})\b" then + if {latest.response} matches "(?:dnscheck).{0,40}\b([a-z0-9A-Z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Dnscheck - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(ey[a-zA-Z0-9]{34}.ey[a-zA-Z0-9]{154}.[a-zA-Z0-9_-]{43})\b" then + if {latest.response} matches "\b(ey[a-zA-Z0-9]{34}.ey[a-zA-Z0-9]{154}.[a-zA-Z0-9_-]{43})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Documo secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(dp\.pt\.[a-zA-Z0-9]{43})\b" then + if {latest.response} matches "\b(dp\.pt\.[a-zA-Z0-9]{43})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Doppler secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:dotmailer).{0,40}\b(apiuser-[a-z0-9]{12}@apiconnector.com)\b" then + if {latest.response} matches "(?:dotmailer).{0,40}\b(apiuser-[a-z0-9]{12}@apiconnector.com)\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Dotmailer - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:dotmailer).{0,40}\b([a-zA-Z0-9\S]{8,24})\b" then + if {latest.response} matches "(?:dotmailer).{0,40}\b([a-zA-Z0-9\S]{8,24})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Dotmailer - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:dovico).{0,40}\b([0-9a-z]{32}\.[0-9a-z]{1,}\b)" then + if {latest.response} matches "(?:dovico).{0,40}\b([0-9a-z]{32}\.[0-9a-z]{1,}\b)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Dovico secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:dronahq).{0,40}\b([a-z0-9]{50})\b" then + if {latest.response} matches "(?:dronahq).{0,40}\b([a-z0-9]{50})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Dronahq secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:droneci).{0,40}\b([a-zA-Z0-9]{32})\b" then + if {latest.response} matches "(?:droneci).{0,40}\b([a-zA-Z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Droneci secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(sl\.[A-Za-z0-9\-\_]{130,140})\b" then + if {latest.response} matches "\b(sl\.[A-Za-z0-9\-\_]{130,140})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Dropbox secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:dwolla).{0,40}\b([a-zA-Z-0-9]{50})\b" then + if {latest.response} matches "(?:dwolla).{0,40}\b([a-zA-Z-0-9]{50})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Dwolla secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:dynalist).{0,40}\b([a-zA-Z0-9-_]{128})\b" then + if {latest.response} matches "(?:dynalist).{0,40}\b([a-zA-Z0-9-_]{128})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Dynalist secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "dt0[a-zA-Z]{1}[0-9]{2}\.[A-Z0-9]{24}\.[A-Z0-9]{64}" then + if {latest.response} matches "dt0[a-zA-Z]{1}[0-9]{2}\.[A-Z0-9]{24}\.[A-Z0-9]{64}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Dynatrace token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:dyspatch).{0,40}\b([A-Z0-9]{52})\b" then + if {latest.response} matches "(?:dyspatch).{0,40}\b([A-Z0-9]{52})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Dyspatch secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "-----BEGIN EC PRIVATE KEY-----" then + if {latest.response} matches "-----BEGIN EC PRIVATE KEY-----" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "EC secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:eagleeyenetworks).{0,40}\b([a-zA-Z0-9]{3,20}@[a-zA-Z0-9]{2,12}.[a-zA-Z0-9]{2,5})\b" then + if {latest.response} matches "(?:eagleeyenetworks).{0,40}\b([a-zA-Z0-9]{3,20}@[a-zA-Z0-9]{2,12}.[a-zA-Z0-9]{2,5})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Eagleeyenetworks - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:eagleeyenetworks).{0,40}\b([a-zA-Z0-9]{15})\b" then + if {latest.response} matches "(?:eagleeyenetworks).{0,40}\b([a-zA-Z0-9]{15})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Eagleeyenetworks - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:easyinsight|easy-insight).{0,40}\b([a-zA-Z0-9]{20})\b" then + if {latest.response} matches "(?:easyinsight|easy-insight).{0,40}\b([a-zA-Z0-9]{20})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Easyinsight - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:easyinsight|easy-insight).{0,40}\b([0-9Aa-zA-Z]{20})\b" then + if {latest.response} matches "(?:easyinsight|easy-insight).{0,40}\b([0-9Aa-zA-Z]{20})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Easyinsight - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:edamam).{0,40}\b([0-9a-z]{32})\b" then + if {latest.response} matches "(?:edamam).{0,40}\b([0-9a-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Edamam - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:edamam).{0,40}\b([0-9a-z]{8})\b" then + if {latest.response} matches "(?:edamam).{0,40}\b([0-9a-z]{8})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Edamam - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:edenai).{0,40}\b([a-zA-Z0-9]{36}.[a-zA-Z0-9]{92}.[a-zA-Z0-9_]{43})\b" then + if {latest.response} matches "(?:edenai).{0,40}\b([a-zA-Z0-9]{36}.[a-zA-Z0-9]{92}.[a-zA-Z0-9_]{43})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Edenai secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:8x8).{0,40}\b([a-zA-Z0-9]{43})\b" then + if {latest.response} matches "(?:8x8).{0,40}\b([a-zA-Z0-9]{43})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Eightxeight - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:elastic).{0,40}\b([A-Za-z0-9_-]{96})\b" then + if {latest.response} matches "(?:elastic).{0,40}\b([A-Za-z0-9_-]{96})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Elasticemail secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:enablex).{0,40}\b([a-zA-Z0-9]{36})\b" then + if {latest.response} matches "(?:enablex).{0,40}\b([a-zA-Z0-9]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Enablex - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:enablex).{0,40}\b([a-z0-9]{24})\b" then + if {latest.response} matches "(?:enablex).{0,40}\b([a-z0-9]{24})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Enablex - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:enigma).{0,40}\b([a-zA-Z0-9]{40})\b" then + if {latest.response} matches "(?:enigma).{0,40}\b([a-zA-Z0-9]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Enigma secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:ethplorer).{0,40}\b([a-z0-9A-Z-]{22})\b" then + if {latest.response} matches "(?:ethplorer).{0,40}\b([a-z0-9A-Z-]{22})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Ethplorer secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:everhour).{0,40}\b([0-9Aa-f]{4}-[0-9a-f]{4}-[0-9a-f]{6}-[0-9a-f]{6}-[0-9a-f]{8})\b" then + if {latest.response} matches "(?:everhour).{0,40}\b([0-9Aa-f]{4}-[0-9a-f]{4}-[0-9a-f]{6}-[0-9a-f]{6}-[0-9a-f]{8})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Everhour secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:exchangerate).{0,40}\b([a-z0-9]{24})\b" then + if {latest.response} matches "(?:exchangerate).{0,40}\b([a-z0-9]{24})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Exchangerateapi secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:exchangerates).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:exchangerates).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Exchangeratesapi secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "EAACEdEose0cBA[0-9A-Za-z]+" then + if {latest.response} matches "EAACEdEose0cBA[0-9A-Za-z]+" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Facebook Access Token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:faceplusplus).{0,40}\b([0-9a-zA-Z_-]{32})\b" then + if {latest.response} matches "(?:faceplusplus).{0,40}\b([0-9a-zA-Z_-]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Faceplusplus secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:fakejson).{0,40}\b([a-zA-Z0-9]{22})\b" then + if {latest.response} matches "(?:fakejson).{0,40}\b([a-zA-Z0-9]{22})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Fakejson secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:fastforex).{0,40}\b([a-z0-9-]{28})\b" then + if {latest.response} matches "(?:fastforex).{0,40}\b([a-z0-9-]{28})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Fastforex secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:fastly).{0,40}\b([A-Za-z0-9_-]{32})\b" then + if {latest.response} matches "(?:fastly).{0,40}\b([A-Za-z0-9_-]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Fastlypersonaltoken secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:feedier).{0,40}\b([a-z0-9A-Z]{32})\b" then + if {latest.response} matches "(?:feedier).{0,40}\b([a-z0-9A-Z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Feedier secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:fetchrss).{0,40}\b([0-9A-Za-z.]{40})\b" then + if {latest.response} matches "(?:fetchrss).{0,40}\b([0-9A-Za-z.]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Fetchrss secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:figma).{0,40}\b([0-9]{6}-[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then + if {latest.response} matches "(?:figma).{0,40}\b([0-9]{6}-[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Figmapersonalaccesstoken secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:fileio).{0,40}\b([A-Z0-9.-]{39})\b" then + if {latest.response} matches "(?:fileio).{0,40}\b([A-Z0-9.-]{39})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Fileio secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(API_KEY[0-9A-Z]{32})\b" then + if {latest.response} matches "\b(API_KEY[0-9A-Z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Finage secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:financialmodelingprep).{0,40}\b([a-zA-Z0-9]{32})\b" then + if {latest.response} matches "(?:financialmodelingprep).{0,40}\b([a-zA-Z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Financialmodelingprep secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:findl).{0,40}\b([a-z0-9]{8}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{12})\b" then + if {latest.response} matches "(?:findl).{0,40}\b([a-z0-9]{8}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Findl secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:finnhub).{0,40}\b([0-9a-z]{20})\b" then + if {latest.response} matches "(?:finnhub).{0,40}\b([0-9a-z]{20})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Finnhub secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:fixer).{0,40}\b([A-Za-z0-9]{32})\b" then + if {latest.response} matches "(?:fixer).{0,40}\b([A-Za-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Fixerio secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:flat).{0,40}\b([0-9a-z]{128})\b" then + if {latest.response} matches "(?:flat).{0,40}\b([0-9a-z]{128})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Flatio secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(flb_live_[0-9a-zA-Z]{20})\b" then + if {latest.response} matches "\b(flb_live_[0-9a-zA-Z]{20})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Fleetbase secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:flickr).{0,40}\b([0-9a-z]{32})\b" then + if {latest.response} matches "(?:flickr).{0,40}\b([0-9a-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Flickr secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:flightapi).{0,40}\b([a-z0-9]{24})\b" then + if {latest.response} matches "(?:flightapi).{0,40}\b([a-z0-9]{24})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Flightapi secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:flightstats).{0,40}\b([0-9a-z]{32})\b" then + if {latest.response} matches "(?:flightstats).{0,40}\b([0-9a-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Flightstats - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:flightstats).{0,40}\b([0-9a-z]{8})\b" then + if {latest.response} matches "(?:flightstats).{0,40}\b([0-9a-z]{8})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Flightstats - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:flowflu).{0,40}\b([a-zA-Z0-9]{51})\b" then + if {latest.response} matches "(?:flowflu).{0,40}\b([a-zA-Z0-9]{51})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Flowflu - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(FLWSECK-[0-9a-z]{32}-X)\b" then + if {latest.response} matches "\b(FLWSECK-[0-9a-z]{32}-X)\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Flutterwave secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:fmfw).{0,40}\b([a-zA-Z0-9-]{32})\b" then + if {latest.response} matches "(?:fmfw).{0,40}\b([a-zA-Z0-9-]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Fmfw - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:fmfw).{0,40}\b([a-zA-Z0-9_-]{32})\b" then + if {latest.response} matches "(?:fmfw).{0,40}\b([a-zA-Z0-9_-]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Fmfw - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:formbucket).{0,40}\b([0-9A-Za-z]{1,}.[0-9A-Za-z]{1,}\.[0-9A-Z-a-z\-_]{1,})" then + if {latest.response} matches "(?:formbucket).{0,40}\b([0-9A-Za-z]{1,}.[0-9A-Za-z]{1,}\.[0-9A-Z-a-z\-_]{1,})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Formbucket secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:formio).{0,40}\b(eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\.[0-9A-Za-z]{310}\.[0-9A-Z-a-z\-_]{43}[ \r\n]{1})" then + if {latest.response} matches "(?:formio).{0,40}\b(eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\.[0-9A-Za-z]{310}\.[0-9A-Z-a-z\-_]{43}[ \r\n]{1})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Formio secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:foursquare).{0,40}\b([0-9A-Z]{48})\b" then + if {latest.response} matches "(?:foursquare).{0,40}\b([0-9A-Z]{48})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Foursquare secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(fio-u-[0-9a-zA-Z_-]{64})\b" then + if {latest.response} matches "\b(fio-u-[0-9a-zA-Z_-]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Frameio secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:freshbooks).{0,40}\b([0-9a-z]{64})\b" then + if {latest.response} matches "(?:freshbooks).{0,40}\b([0-9a-z]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Freshbooks - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:freshbooks).{0,40}\b(https://www.[0-9A-Za-z_-]{1,}.com)\b" then + if {latest.response} matches "(?:freshbooks).{0,40}\b(https://www.[0-9A-Za-z_-]{1,}.com)\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Freshbooks - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:freshdesk).{0,40}\b([0-9A-Za-z]{20})\b" then + if {latest.response} matches "(?:freshdesk).{0,40}\b([0-9A-Za-z]{20})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Freshdesk - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b([0-9a-z-]{1,}.freshdesk.com)\b" then + if {latest.response} matches "\b([0-9a-z-]{1,}.freshdesk.com)\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Freshdesk - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:front).{0,40}\b([0-9a-zA-Z]{36}.[0-9a-zA-Z\.\-\_]{188,244})\b" then + if {latest.response} matches "(?:front).{0,40}\b([0-9a-zA-Z]{36}.[0-9a-zA-Z\.\-\_]{188,244})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Front secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:fulcrum).{0,40}\b([a-z0-9]{80})\b" then + if {latest.response} matches "(?:fulcrum).{0,40}\b([a-z0-9]{80})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Fulcrum secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:fullstory).{0,40}\b([a-zA-Z-0-9/+]{88})\b" then + if {latest.response} matches "(?:fullstory).{0,40}\b([a-zA-Z-0-9/+]{88})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Fullstory secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:fusebill).{0,40}\b([a-zA-Z0-9]{88})\b" then + if {latest.response} matches "(?:fusebill).{0,40}\b([a-zA-Z0-9]{88})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Fusebill secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:fxmarket).{0,40}\b([0-9Aa-zA-Z-_=]{20})\b" then + if {latest.response} matches "(?:fxmarket).{0,40}\b([0-9Aa-zA-Z-_=]{20})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Fxmarket secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\{[^{]+auth_provider_x509_cert_url[^}]+\}" then + if {latest.response} matches "\{[^{]+auth_provider_x509_cert_url[^}]+\}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Gcp secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:geckoboard).{0,40}\b([a-zA-Z0-9]{44})\b" then + if {latest.response} matches "(?:geckoboard).{0,40}\b([a-zA-Z0-9]{44})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Geckoboard secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "jdbc:mysql(=| =|:| :)" then + if {latest.response} matches "jdbc:mysql(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1376 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "BEGIN OPENSSH PRIVATE KEY" then + if {latest.response} matches "BEGIN OPENSSH PRIVATE KEY" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1700 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "BEGIN PRIVATE KEY" then + if {latest.response} matches "BEGIN PRIVATE KEY" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1701 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "BEGIN RSA PRIVATE KEY" then + if {latest.response} matches "BEGIN RSA PRIVATE KEY" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1702 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "BEGIN DSA PRIVATE KEY" then + if {latest.response} matches "BEGIN DSA PRIVATE KEY" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1703 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "BEGIN EC PRIVATE KEY" then + if {latest.response} matches "BEGIN EC PRIVATE KEY" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1704 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "BEGIN PGP PRIVATE KEY BLOCK" then + if {latest.response} matches "BEGIN PGP PRIVATE KEY BLOCK" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1705 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "algolia_api_key" then + if {latest.response} matches "algolia_api_key" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1710 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "asana_access_token" then + if {latest.response} matches "asana_access_token" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1711 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "azure_tenant" then + if {latest.response} matches "azure_tenant" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1713 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "bitly_access_token" then + if {latest.response} matches "bitly_access_token" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1714 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "browserstack_access_key" then + if {latest.response} matches "browserstack_access_key" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1716 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "buildkite_access_token" then + if {latest.response} matches "buildkite_access_token" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1717 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "comcast_access_token" then + if {latest.response} matches "comcast_access_token" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1718 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "datadog_api_key" then + if {latest.response} matches "datadog_api_key" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1719 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "deviantart_secret" then + if {latest.response} matches "deviantart_secret" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1720 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "deviantart_access_token" then + if {latest.response} matches "deviantart_access_token" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1721 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "dropbox_api_token" then + if {latest.response} matches "dropbox_api_token" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1722 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "facebook_appsecret" then + if {latest.response} matches "facebook_appsecret" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1723 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "facebook_access_token" then + if {latest.response} matches "facebook_access_token" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1724 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "firebase_custom_token" then + if {latest.response} matches "firebase_custom_token" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1725 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "firebase_id_token" then + if {latest.response} matches "firebase_id_token" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1726 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "github_client" then + if {latest.response} matches "github_client" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1727 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "github_ssh_key" then + if {latest.response} matches "github_ssh_key" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1728 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gitlab_private_token" then + if {latest.response} matches "gitlab_private_token" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1730 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "heroku_api_key" then + if {latest.response} matches "heroku_api_key" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1733 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "instagram_access_token" then + if {latest.response} matches "instagram_access_token" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1734 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mailchimp_api_key" then + if {latest.response} matches "mailchimp_api_key" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1735 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mailgun_api_key" then + if {latest.response} matches "mailgun_api_key" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1736 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "pagerduty_api_token" then + if {latest.response} matches "pagerduty_api_token" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1739 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "paypal_key_sb" then + if {latest.response} matches "paypal_key_sb" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1740 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "paypal_key_live" then + if {latest.response} matches "paypal_key_live" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1741 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "paypal_token_sb" then + if {latest.response} matches "paypal_token_sb" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1742 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "paypal_token_live" then + if {latest.response} matches "paypal_token_live" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1743 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "pendo_integration_key" then + if {latest.response} matches "pendo_integration_key" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1744 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "salesforce_access_token" then + if {latest.response} matches "salesforce_access_token" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1745 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "saucelabs_ukey" then + if {latest.response} matches "saucelabs_ukey" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1746 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sendgrid_api_key" then + if {latest.response} matches "sendgrid_api_key" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1747 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "slack_api_token" then + if {latest.response} matches "slack_api_token" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1748 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "square_auth_token" then + if {latest.response} matches "square_auth_token" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1751 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "travisci_api_token" then + if {latest.response} matches "travisci_api_token" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1752 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "twitter_api_secret" then + if {latest.response} matches "twitter_api_secret" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1754 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "twitter_bearer_token" then + if {latest.response} matches "twitter_bearer_token" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1755 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "spotify_access_token" then + if {latest.response} matches "spotify_access_token" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1756 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "stripe_key_live" then + if {latest.response} matches "stripe_key_live" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1757 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "wakatime_api_key" then + if {latest.response} matches "wakatime_api_key" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1758 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "wompi_auth_bearer_sb" then + if {latest.response} matches "wompi_auth_bearer_sb" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1759 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "wompi_auth_bearer_live" then + if {latest.response} matches "wompi_auth_bearer_live" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1760 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "wpengine_api_key" then + if {latest.response} matches "wpengine_api_key" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1761 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "zendesk_access_token" then + if {latest.response} matches "zendesk_access_token" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1763 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ssh-rsa" then + if {latest.response} matches "ssh-rsa" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Generic - 1764 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:gengo).{0,40}([ ]{0,1}[0-9a-zA-Z\[\]\-\(\)\{\}|_^@$=~]{64}[ \r\n]{1})" then + if {latest.response} matches "(?:gengo).{0,40}([ ]{0,1}[0-9a-zA-Z\[\]\-\(\)\{\}|_^@$=~]{64}[ \r\n]{1})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Gengo secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:geoapify).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:geoapify).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Geoapify secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:geocode).{0,40}\b([a-z0-9]{28})\b" then + if {latest.response} matches "(?:geocode).{0,40}\b([a-z0-9]{28})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Geocode secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:geocodify).{0,40}\b([0-9a-z]{40})\b" then + if {latest.response} matches "(?:geocodify).{0,40}\b([0-9a-z]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Geocodify secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:geocod).{0,40}\b([a-z0-9]{39})\b" then + if {latest.response} matches "(?:geocod).{0,40}\b([a-z0-9]{39})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Geocodio - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:ipifi).{0,40}\b([a-z0-9A-Z_]{32})\b" then + if {latest.response} matches "(?:ipifi).{0,40}\b([a-z0-9A-Z_]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Geoipifi secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:getemail).{0,40}\b([a-zA-Z0-9-]{20})\b" then + if {latest.response} matches "(?:getemail).{0,40}\b([a-zA-Z0-9-]{20})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Getemail secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:getemails).{0,40}\b([a-z0-9-]{26})\b" then + if {latest.response} matches "(?:getemails).{0,40}\b([a-z0-9-]{26})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Getemails - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:getemails).{0,40}\b([a-z0-9-]{18})\b" then + if {latest.response} matches "(?:getemails).{0,40}\b([a-z0-9-]{18})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Getemails - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:getgeoapi).{0,40}\b([0-9a-z]{40})\b" then + if {latest.response} matches "(?:getgeoapi).{0,40}\b([0-9a-z]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Getgeoapi secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:getgist).{0,40}\b([a-z0-9A-Z+=]{68})" then + if {latest.response} matches "(?:getgist).{0,40}\b([a-z0-9A-Z+=]{68})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Getgist secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:getsandbox).{0,40}\b([a-z0-9-]{40})\b" then + if {latest.response} matches "(?:getsandbox).{0,40}\b([a-z0-9-]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Getsandbox - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:getsandbox).{0,40}\b([a-z0-9-]{15,30})\b" then + if {latest.response} matches "(?:getsandbox).{0,40}\b([a-z0-9-]{15,30})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Getsandbox - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b((?:ghp|gho|ghu|ghs|ghr)_[a-zA-Z0-9]{36,255}\b)" then + if {latest.response} matches "\b((?:ghp|gho|ghu|ghs|ghr)_[a-zA-Z0-9]{36,255}\b)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Github - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(ghu|ghs)_[0-9a-zA-Z]{36}" then + if {latest.response} matches "(ghu|ghs)_[0-9a-zA-Z]{36}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Github App Token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gho_[0-9a-zA-Z]{36}" then + if {latest.response} matches "gho_[0-9a-zA-Z]{36}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Github OAuth Access Token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ghp_[0-9a-zA-Z]{36}" then + if {latest.response} matches "ghp_[0-9a-zA-Z]{36}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Github Personal Access Token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ghr_[0-9a-zA-Z]{76}" then + if {latest.response} matches "ghr_[0-9a-zA-Z]{76}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Github Refresh Token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:github)[^\.].{0,40}[ =:'\"]+([a-f0-9]{40})\b" then + if {latest.response} matches "(?:github)[^\.].{0,40}[ =:'\"]+([a-f0-9]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Github_old secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:github).{0,40}(-----BEGIN RSA PRIVATE KEY-----\s[A-Za-z0-9+\/\s]*\s-----END RSA PRIVATE KEY-----)" then + if {latest.response} matches "(?:github).{0,40}(-----BEGIN RSA PRIVATE KEY-----\s[A-Za-z0-9+\/\s]*\s-----END RSA PRIVATE KEY-----)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Githubapp - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(glpat-[a-zA-Z0-9\-=_]{20,22})\b" then + if {latest.response} matches "\b(glpat-[a-zA-Z0-9\-=_]{20,22})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Gitlabv2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:gitter).{0,40}\b([a-z0-9-]{40})\b" then + if {latest.response} matches "(?:gitter).{0,40}\b([a-z0-9-]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Gitter secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:glassnode).{0,40}\b([0-9A-Za-z]{27})\b" then + if {latest.response} matches "(?:glassnode).{0,40}\b([0-9A-Za-z]{27})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Glassnode secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:gocanvas).{0,40}\b([0-9A-Za-z/+]{43}=[ \r\n]{1})" then + if {latest.response} matches "(?:gocanvas).{0,40}\b([0-9A-Za-z/+]{43}=[ \r\n]{1})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Gocanvas - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:gocanvas).{0,40}\b([\w\.-]+@[\w-]+\.[\w\.-]{2,5})\b" then + if {latest.response} matches "(?:gocanvas).{0,40}\b([\w\.-]+@[\w-]+\.[\w\.-]{2,5})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Gocanvas - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(live_[0-9A-Za-z\_\-]{40}[ \"'\r\n]{1})" then + if {latest.response} matches "\b(live_[0-9A-Za-z\_\-]{40}[ \"'\r\n]{1})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Gocardless secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:goodday).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:goodday).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Goodday secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\"type\": \"service_account\"" then + if {latest.response} matches "\"type\": \"service_account\"" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Google (GCP) Service Account secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "AIza[0-9a-z-_]{35}" then + if {latest.response} matches "AIza[0-9a-z-_]{35}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Google API Key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "https://www\.google\.com/calendar/embed\?src=[A-Za-z0-9%@&;=\-_\./]+" then + if {latest.response} matches "https://www\.google\.com/calendar/embed\?src=[A-Za-z0-9%@&;=\-_\./]+" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Google Calendar URI secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ya29\.[0-9A-Za-z\-_]+" then + if {latest.response} matches "ya29\.[0-9A-Za-z\-_]+" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Google OAuth Access Token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:graph).{0,40}\b([a-z0-9]{25})\b" then + if {latest.response} matches "(?:graph).{0,40}\b([a-z0-9]{25})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Graphcms - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(ey[a-zA-Z0-9]{73}.ey[a-zA-Z0-9]{365}.[a-zA-Z0-9_-]{683})\b" then + if {latest.response} matches "\b(ey[a-zA-Z0-9]{73}.ey[a-zA-Z0-9]{365}.[a-zA-Z0-9_-]{683})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Graphcms - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:graphhopper).{0,40}\b([a-z0-9-]{36})\b" then + if {latest.response} matches "(?:graphhopper).{0,40}\b([a-z0-9-]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Graphhopper secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:groove).{0,40}\b([a-z0-9A-Z]{64})" then + if {latest.response} matches "(?:groove).{0,40}\b([a-z0-9A-Z]{64})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Groovehq secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:guru).{0,40}\b([a-zA-Z0-9]{3,20}@[a-zA-Z0-9]{2,12}.[a-zA-Z0-9]{2,5})\b" then + if {latest.response} matches "(?:guru).{0,40}\b([a-zA-Z0-9]{3,20}@[a-zA-Z0-9]{2,12}.[a-zA-Z0-9]{2,5})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Guru - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:guru).{0,40}\b([a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})\b" then + if {latest.response} matches "(?:guru).{0,40}\b([a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Guru - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:gyazo).{0,40}\b([0-9A-Za-z-]{43})\b" then + if {latest.response} matches "(?:gyazo).{0,40}\b([0-9A-Za-z-]{43})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Gyazo secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:happi).{0,40}\b([a-zA-Z0-9]{56})" then + if {latest.response} matches "(?:happi).{0,40}\b([a-zA-Z0-9]{56})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Happi secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:happyscribe).{0,40}\b([0-9a-zA-Z]{24})\b" then + if {latest.response} matches "(?:happyscribe).{0,40}\b([0-9a-zA-Z]{24})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Happyscribe secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:harvest).{0,40}\b([a-z0-9A-Z._]{97})\b" then + if {latest.response} matches "(?:harvest).{0,40}\b([a-z0-9A-Z._]{97})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Harvest - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:hellosign).{0,40}\b([a-zA-Z-0-9/+]{64})\b" then + if {latest.response} matches "(?:hellosign).{0,40}\b([a-zA-Z-0-9/+]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Hellosign secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:helpcrunch).{0,40}\b([a-zA-Z-0-9+/=]{328})" then + if {latest.response} matches "(?:helpcrunch).{0,40}\b([a-zA-Z-0-9+/=]{328})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Helpcrunch secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:helpscout).{0,40}\b([A-Za-z0-9]{56})\b" then + if {latest.response} matches "(?:helpscout).{0,40}\b([A-Za-z0-9]{56})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Helpscout secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:hereapi).{0,40}\b([a-zA-Z0-9\S]{43})\b" then + if {latest.response} matches "(?:hereapi).{0,40}\b([a-zA-Z0-9\S]{43})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Hereapi secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:heroku).{0,40}\b([0-9Aa-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then + if {latest.response} matches "(?:heroku).{0,40}\b([0-9Aa-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Heroku secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:hive).{0,40}\b([0-9A-Za-z]{17})\b" then + if {latest.response} matches "(?:hive).{0,40}\b([0-9A-Za-z]{17})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Hive - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:hiveage).{0,40}\b([0-9A-Za-z\_\-]{20})\b" then + if {latest.response} matches "(?:hiveage).{0,40}\b([0-9A-Za-z\_\-]{20})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Hiveage secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:holidayapi).{0,40}\b([a-z0-9-]{36})\b" then + if {latest.response} matches "(?:holidayapi).{0,40}\b([a-z0-9-]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Holidayapi secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:html2pdf).{0,40}\b([a-zA-Z0-9]{64})\b" then + if {latest.response} matches "(?:html2pdf).{0,40}\b([a-zA-Z0-9]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Html2pdf secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:hubspot).{0,40}\b([A-Za-z0-9]{8}\-[A-Za-z0-9]{4}\-[A-Za-z0-9]{4}\-[A-Za-z0-9]{4}\-[A-Za-z0-9]{12})\b" then + if {latest.response} matches "(?:hubspot).{0,40}\b([A-Za-z0-9]{8}\-[A-Za-z0-9]{4}\-[A-Za-z0-9]{4}\-[A-Za-z0-9]{4}\-[A-Za-z0-9]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Hubspotapikey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:humanity).{0,40}\b([0-9a-z]{40})\b" then + if {latest.response} matches "(?:humanity).{0,40}\b([0-9a-z]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Humanity secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:hypertrack).{0,40}\b([0-9a-zA-Z\_\-]{54})\b" then + if {latest.response} matches "(?:hypertrack).{0,40}\b([0-9a-zA-Z\_\-]{54})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Hypertrack - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:hypertrack).{0,40}\b([0-9a-zA-Z\_\-]{27})\b" then + if {latest.response} matches "(?:hypertrack).{0,40}\b([0-9a-zA-Z\_\-]{27})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Hypertrack - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:ibm).{0,40}\b([A-Za-z0-9_-]{44})\b" then + if {latest.response} matches "(?:ibm).{0,40}\b([A-Za-z0-9_-]{44})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Ibmclouduserkey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:iconfinder).{0,40}\b([a-zA-Z0-9]{64})\b" then + if {latest.response} matches "(?:iconfinder).{0,40}\b([a-zA-Z0-9]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Iconfinder secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:iexcloud).{0,40}\b([a-z0-9_]{35})\b" then + if {latest.response} matches "(?:iexcloud).{0,40}\b([a-z0-9_]{35})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Iexcloud secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:imagekit).{0,40}\b([a-zA-Z0-9_=]{36})" then + if {latest.response} matches "(?:imagekit).{0,40}\b([a-zA-Z0-9_=]{36})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Imagekit secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:imagga).{0,40}\b([a-z0-9A-Z=]{72})" then + if {latest.response} matches "(?:imagga).{0,40}\b([a-z0-9A-Z=]{72})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Imagga secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:impala).{0,40}\b([0-9A-Za-z_]{46})\b" then + if {latest.response} matches "(?:impala).{0,40}\b([0-9A-Za-z_]{46})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Impala secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:insightly).{0,40}\b([a-z0-9-]{36})\b" then + if {latest.response} matches "(?:insightly).{0,40}\b([a-z0-9-]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Insightly secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:integromat).{0,40}\b([a-z0-9-]{36})\b" then + if {latest.response} matches "(?:integromat).{0,40}\b([a-z0-9-]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Integromat secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:intrinio).{0,40}\b([a-zA-Z0-9]{44})\b" then + if {latest.response} matches "(?:intrinio).{0,40}\b([a-zA-Z0-9]{44})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Intrinio secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:invoiceocean).{0,40}\b([0-9A-Za-z]{20})\b" then + if {latest.response} matches "(?:invoiceocean).{0,40}\b([0-9A-Za-z]{20})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Invoiceocean - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b([0-9a-z]{1,}.invoiceocean.com)\b" then + if {latest.response} matches "\b([0-9a-z]{1,}.invoiceocean.com)\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Invoiceocean - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:ipapi).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:ipapi).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Ipapi secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:ipgeolocation).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:ipgeolocation).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Ipgeolocation secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:ipify).{0,40}\b([a-zA-Z0-9_-]{32})\b" then + if {latest.response} matches "(?:ipify).{0,40}\b([a-zA-Z0-9_-]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Ipify secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:ipinfodb).{0,40}\b([a-z0-9]{64})\b" then + if {latest.response} matches "(?:ipinfodb).{0,40}\b([a-z0-9]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Ipinfodb secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:ipquality).{0,40}\b([0-9a-z]{32})\b" then + if {latest.response} matches "(?:ipquality).{0,40}\b([0-9a-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Ipquality secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:ipstack).{0,40}\b([a-fA-f0-9]{32})\b" then + if {latest.response} matches "(?:ipstack).{0,40}\b([a-fA-f0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Ipstack secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "jdbc:[a-z:]+://[A-Za-z0-9\.\-_:;=/@?,&]+" then + if {latest.response} matches "jdbc:[a-z:]+://[A-Za-z0-9\.\-_:;=/@?,&]+" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "JDBC Connection String secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:jira).{0,40}\b([a-zA-Z-0-9]{24})\b" then + if {latest.response} matches "(?:jira).{0,40}\b([a-zA-Z-0-9]{24})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Jiratoken - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:jira).{0,40}\b([a-zA-Z-0-9]{5,24}\@[a-zA-Z-0-9]{3,16}\.com)\b" then + if {latest.response} matches "(?:jira).{0,40}\b([a-zA-Z-0-9]{5,24}\@[a-zA-Z-0-9]{3,16}\.com)\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Jiratoken - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:jotform).{0,40}\b([0-9Aa-z]{32})\b" then + if {latest.response} matches "(?:jotform).{0,40}\b([0-9Aa-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Jotform secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:jumpcloud).{0,40}\b([a-zA-Z0-9]{40})\b" then + if {latest.response} matches "(?:jumpcloud).{0,40}\b([a-zA-Z0-9]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Jumpcloud secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:juro).{0,40}\b([a-zA-Z0-9]{40})\b" then + if {latest.response} matches "(?:juro).{0,40}\b([a-zA-Z0-9]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Juro secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:kanban).{0,40}\b([0-9A-Z]{12})\b" then + if {latest.response} matches "(?:kanban).{0,40}\b([0-9A-Z]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Kanban - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b([0-9a-z]{1,}.kanbantool.com)\b" then + if {latest.response} matches "\b([0-9a-z]{1,}.kanbantool.com)\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Kanban - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:karma).{0,40}\b([a-zA-Z0-9]{20})\b" then + if {latest.response} matches "(?:karma).{0,40}\b([a-zA-Z0-9]{20})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Karmacrm secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:keen).{0,40}\b([0-9a-z]{24})\b" then + if {latest.response} matches "(?:keen).{0,40}\b([0-9a-z]{24})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Keenio - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:keen).{0,40}\b([0-9A-Z]{64})\b" then + if {latest.response} matches "(?:keen).{0,40}\b([0-9A-Z]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Keenio - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:kickbox).{0,40}\b([a-zA-Z0-9_]+[a-zA-Z0-9]{64})\b" then + if {latest.response} matches "(?:kickbox).{0,40}\b([a-zA-Z0-9_]+[a-zA-Z0-9]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Kickbox secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:klipfolio).{0,40}\b([0-9a-f]{40})\b" then + if {latest.response} matches "(?:klipfolio).{0,40}\b([0-9a-f]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Klipfolio secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:kontent).{0,40}\b([a-z0-9-]{36})\b" then + if {latest.response} matches "(?:kontent).{0,40}\b([a-z0-9-]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Kontent secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:kraken).{0,40}\b([0-9A-Za-z\/\+=]{56}[ \"'\r\n]{1})" then + if {latest.response} matches "(?:kraken).{0,40}\b([0-9A-Za-z\/\+=]{56}[ \"'\r\n]{1})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Kraken - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:kraken).{0,40}\b([0-9A-Za-z\/\+=]{86,88}[ \"'\r\n]{1})" then + if {latest.response} matches "(?:kraken).{0,40}\b([0-9A-Za-z\/\+=]{86,88}[ \"'\r\n]{1})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Kraken - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:kucoin).{0,40}([ \r\n]{1}[!-~]{7,32}[ \r\n]{1})" then + if {latest.response} matches "(?:kucoin).{0,40}([ \r\n]{1}[!-~]{7,32}[ \r\n]{1})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Kucoin - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:kucoin).{0,40}\b([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then + if {latest.response} matches "(?:kucoin).{0,40}\b([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Kucoin - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:kucoin).{0,40}\b([0-9a-f]{24})\b" then + if {latest.response} matches "(?:kucoin).{0,40}\b([0-9a-f]{24})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Kucoin - 3 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:kylas).{0,40}\b([a-z0-9-]{36})\b" then + if {latest.response} matches "(?:kylas).{0,40}\b([a-z0-9-]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Kylas secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:languagelayer).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:languagelayer).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Languagelayer secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:lastfm).{0,40}\b([0-9a-z]{32})\b" then + if {latest.response} matches "(?:lastfm).{0,40}\b([0-9a-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Lastfm secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:launchdarkly).{0,40}\b([a-z0-9-]{40})\b" then + if {latest.response} matches "(?:launchdarkly).{0,40}\b([a-z0-9-]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Launchdarkly secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:leadfeeder).{0,40}\b([a-zA-Z0-9-]{43})\b" then + if {latest.response} matches "(?:leadfeeder).{0,40}\b([a-zA-Z0-9-]{43})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Leadfeeder secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:lendflow).{0,40}\b([a-zA-Z0-9]{36}\.[a-zA-Z0-9]{235}\.[a-zA-Z0-9]{32}\-[a-zA-Z0-9]{47}\-[a-zA-Z0-9_]{162}\-[a-zA-Z0-9]{42}\-[a-zA-Z0-9_]{40}\-[a-zA-Z0-9_]{66}\-[a-zA-Z0-9_]{59}\-[a-zA-Z0-9]{7}\-[a-zA-Z0-9_]{220})\b" then + if {latest.response} matches "(?:lendflow).{0,40}\b([a-zA-Z0-9]{36}\.[a-zA-Z0-9]{235}\.[a-zA-Z0-9]{32}\-[a-zA-Z0-9]{47}\-[a-zA-Z0-9_]{162}\-[a-zA-Z0-9]{42}\-[a-zA-Z0-9_]{40}\-[a-zA-Z0-9_]{66}\-[a-zA-Z0-9_]{59}\-[a-zA-Z0-9]{7}\-[a-zA-Z0-9_]{220})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Lendflow secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:lexigram).{0,40}\b([a-zA-Z0-9\S]{301})\b" then + if {latest.response} matches "(?:lexigram).{0,40}\b([a-zA-Z0-9\S]{301})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Lexigram secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(lin_api_[0-9A-Za-z]{40})\b" then + if {latest.response} matches "\b(lin_api_[0-9A-Za-z]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Linearapi secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:line).{0,40}\b([A-Za-z0-9+/]{171,172})\b" then + if {latest.response} matches "(?:line).{0,40}\b([A-Za-z0-9+/]{171,172})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Linemessaging secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:linenotify).{0,40}\b([0-9A-Za-z]{43})\b" then + if {latest.response} matches "(?:linenotify).{0,40}\b([0-9A-Za-z]{43})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Linenotify secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:linkpreview).{0,40}\b([a-zA-Z0-9]{32})\b" then + if {latest.response} matches "(?:linkpreview).{0,40}\b([a-zA-Z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Linkpreview secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:liveagent).{0,40}\b([a-zA-Z0-9]{32})\b" then + if {latest.response} matches "(?:liveagent).{0,40}\b([a-zA-Z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Liveagent secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:livestorm).{0,40}\b(eyJhbGciOiJIUzI1NiJ9\.eyJhdWQiOiJhcGkubGl2ZXN0b3JtLmNvIiwianRpIjoi[0-9A-Z-a-z]{134}\.[0-9A-Za-z\-\_]{43}[ \r\n]{1})" then + if {latest.response} matches "(?:livestorm).{0,40}\b(eyJhbGciOiJIUzI1NiJ9\.eyJhdWQiOiJhcGkubGl2ZXN0b3JtLmNvIiwianRpIjoi[0-9A-Z-a-z]{134}\.[0-9A-Za-z\-\_]{43}[ \r\n]{1})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Livestorm secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(pk\.[a-zA-Z-0-9]{32})\b" then + if {latest.response} matches "\b(pk\.[a-zA-Z-0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Locationiq secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:loginradius).{0,40}\b([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then + if {latest.response} matches "(?:loginradius).{0,40}\b([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Loginradius secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:lokalise).{0,40}\b([a-z0-9]{40})\b" then + if {latest.response} matches "(?:lokalise).{0,40}\b([a-z0-9]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Lokalisetoken secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:loyverse).{0,40}\b([0-9-a-z]{32})\b" then + if {latest.response} matches "(?:loyverse).{0,40}\b([0-9-a-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Loyverse secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:luno).{0,40}\b([a-z0-9]{13})\b" then + if {latest.response} matches "(?:luno).{0,40}\b([a-z0-9]{13})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Luno - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:luno).{0,40}\b([a-zA-Z0-9_-]{43})\b" then + if {latest.response} matches "(?:luno).{0,40}\b([a-zA-Z0-9_-]{43})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Luno - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:macaddress).{0,40}\b([a-zA-Z0-9_]{32})\b" then + if {latest.response} matches "(?:macaddress).{0,40}\b([a-zA-Z0-9_]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Macaddress secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:madkudu).{0,40}\b([0-9a-f]{32})\b" then + if {latest.response} matches "(?:madkudu).{0,40}\b([0-9a-f]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Madkudu secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:magnetic).{0,40}\b([0-9Aa-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then + if {latest.response} matches "(?:magnetic).{0,40}\b([0-9Aa-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Magnetic secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "[0-9a-f]{32}-us[0-9]{1,2}" then + if {latest.response} matches "[0-9a-f]{32}-us[0-9]{1,2}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "MailChimp API Key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:mailboxlayer).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:mailboxlayer).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Mailboxlayer secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:mailerlite).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:mailerlite).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Mailerlite secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:mailgun).{0,40}\b([a-zA-Z-0-9]{72})\b" then + if {latest.response} matches "(?:mailgun).{0,40}\b([a-zA-Z-0-9]{72})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Mailgun - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "key-[0-9a-zA-Z]{32}" then + if {latest.response} matches "key-[0-9a-zA-Z]{32}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Mailgun API Key - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:mailjet).{0,40}\b([A-Za-z0-9]{87}\=)" then + if {latest.response} matches "(?:mailjet).{0,40}\b([A-Za-z0-9]{87}\=)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Mailjetbasicauth secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:mailjet).{0,40}\b([A-Za-z0-9]{32})\b" then + if {latest.response} matches "(?:mailjet).{0,40}\b([A-Za-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Mailjetsms secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:mailmodo).{0,40}\b([A-Z0-9]{7}-[A-Z0-9]{7}-[A-Z0-9]{7}-[A-Z0-9]{7})\b" then + if {latest.response} matches "(?:mailmodo).{0,40}\b([A-Z0-9]{7}-[A-Z0-9]{7}-[A-Z0-9]{7}-[A-Z0-9]{7})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Mailmodo secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:mailsac).{0,40}\b(k_[0-9A-Za-z]{36,})\b" then + if {latest.response} matches "(?:mailsac).{0,40}\b(k_[0-9A-Za-z]{36,})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Mailsac secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:mandrill).{0,40}\b([A-Za-z0-9_-]{22})\b" then + if {latest.response} matches "(?:mandrill).{0,40}\b([A-Za-z0-9_-]{22})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Mandrill secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(sk\.[a-zA-Z-0-9\.]{80,240})\b" then + if {latest.response} matches "\b(sk\.[a-zA-Z-0-9\.]{80,240})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Mapbox - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:mapquest).{0,40}\b([0-9A-Za-z]{32})\b" then + if {latest.response} matches "(?:mapquest).{0,40}\b([0-9A-Za-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Mapquest secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:marketstack).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:marketstack).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Marketstack secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:mattermost).{0,40}\b([A-Za-z0-9-_]{1,}.cloud.mattermost.com)\b" then + if {latest.response} matches "(?:mattermost).{0,40}\b([A-Za-z0-9-_]{1,}.cloud.mattermost.com)\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Mattermostpersonaltoken - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:mattermost).{0,40}\b([a-z0-9]{26})\b" then + if {latest.response} matches "(?:mattermost).{0,40}\b([a-z0-9]{26})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Mattermostpersonaltoken - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:mavenlink).{0,40}\b([0-9a-z]{64})\b" then + if {latest.response} matches "(?:mavenlink).{0,40}\b([0-9a-z]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Mavenlink secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:maxmind|geoip).{0,40}\b([0-9A-Za-z]{16})\b" then + if {latest.response} matches "(?:maxmind|geoip).{0,40}\b([0-9A-Za-z]{16})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Maxmindlicense - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:maxmind|geoip).{0,40}\b([0-9]{2,7})\b" then + if {latest.response} matches "(?:maxmind|geoip).{0,40}\b([0-9]{2,7})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Maxmindlicense - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:meaningcloud).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:meaningcloud).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Meaningcloud secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:mediastack).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:mediastack).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Mediastack secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:meistertask).{0,40}\b([a-zA-Z0-9]{43})\b" then + if {latest.response} matches "(?:meistertask).{0,40}\b([a-zA-Z0-9]{43})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Meistertask secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:mesibo).{0,40}\b([0-9A-Za-z]{64})\b" then + if {latest.response} matches "(?:mesibo).{0,40}\b([0-9A-Za-z]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Mesibo secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:messagebird).{0,40}\b([A-Za-z0-9_-]{25})\b" then + if {latest.response} matches "(?:messagebird).{0,40}\b([A-Za-z0-9_-]{25})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Messagebird secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:metaapi|meta-api).{0,40}\b([0-9a-f]{64})\b" then + if {latest.response} matches "(?:metaapi|meta-api).{0,40}\b([0-9a-f]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Metaapi - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:metaapi|meta-api).{0,40}\b([0-9a-f]{24})\b" then + if {latest.response} matches "(?:metaapi|meta-api).{0,40}\b([0-9a-f]{24})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Metaapi - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:metrilo).{0,40}\b([a-z0-9]{16})\b" then + if {latest.response} matches "(?:metrilo).{0,40}\b([a-z0-9]{16})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Metrilo secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(https:\/\/[a-zA-Z-0-9]+\.webhook\.office\.com\/webhookb2\/[a-zA-Z-0-9]{8}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{12}\@[a-zA-Z-0-9]{8}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{12}\/IncomingWebhook\/[a-zA-Z-0-9]{32}\/[a-zA-Z-0-9]{8}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{12})" then + if {latest.response} matches "(https:\/\/[a-zA-Z-0-9]+\.webhook\.office\.com\/webhookb2\/[a-zA-Z-0-9]{8}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{12}\@[a-zA-Z-0-9]{8}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{12}\/IncomingWebhook\/[a-zA-Z-0-9]{32}\/[a-zA-Z-0-9]{8}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{12})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Microsoftteamswebhook secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "midi-662b69edd2[a-zA-Z0-9]{54}" then + if {latest.response} matches "midi-662b69edd2[a-zA-Z0-9]{54}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Midise secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:mindmeister).{0,40}\b([a-zA-Z0-9]{43})\b" then + if {latest.response} matches "(?:mindmeister).{0,40}\b([a-zA-Z0-9]{43})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Mindmeister secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:mite).{0,40}\b([0-9a-z]{16})\b" then + if {latest.response} matches "(?:mite).{0,40}\b([0-9a-z]{16})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Mite - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b([0-9a-z-]{1,}.mite.yo.lk)\b" then + if {latest.response} matches "\b([0-9a-z-]{1,}.mite.yo.lk)\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Mite - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:mixmax).{0,40}\b([a-zA-Z0-9_-]{36})\b" then + if {latest.response} matches "(?:mixmax).{0,40}\b([a-zA-Z0-9_-]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Mixmax secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:mixpanel).{0,40}\b([a-zA-Z0-9.-]{30,40})\b" then + if {latest.response} matches "(?:mixpanel).{0,40}\b([a-zA-Z0-9.-]{30,40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Mixpanel - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:mixpanel).{0,40}\b([a-zA-Z0-9-]{32})\b" then + if {latest.response} matches "(?:mixpanel).{0,40}\b([a-zA-Z0-9-]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Mixpanel - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:moderation).{0,40}\b([a-zA-Z0-9]{36}\.[a-zA-Z0-9]{115}\.[a-zA-Z0-9_]{43})\b" then + if {latest.response} matches "(?:moderation).{0,40}\b([a-zA-Z0-9]{36}\.[a-zA-Z0-9]{115}\.[a-zA-Z0-9_]{43})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Moderation secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:monday).{0,40}\b(ey[a-zA-Z0-9_.]{210,225})\b" then + if {latest.response} matches "(?:monday).{0,40}\b(ey[a-zA-Z0-9_.]{210,225})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Monday secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:moonclerck).{0,40}\b([0-9a-z]{32})\b" then + if {latest.response} matches "(?:moonclerck).{0,40}\b([0-9a-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Moonclerck secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:moonclerk).{0,40}\b([0-9a-z]{32})\b" then + if {latest.response} matches "(?:moonclerk).{0,40}\b([0-9a-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Moonclerk secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:moosend).{0,40}\b([0-9Aa-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then + if {latest.response} matches "(?:moosend).{0,40}\b([0-9Aa-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Moosend secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:mrticktock).{0,40}\b([a-zA-Z0-9!=@#$%()_^]{1,50})" then + if {latest.response} matches "(?:mrticktock).{0,40}\b([a-zA-Z0-9!=@#$%()_^]{1,50})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Mrticktock - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:myintervals).{0,40}\b([0-9a-z]{11})\b" then + if {latest.response} matches "(?:myintervals).{0,40}\b([0-9a-z]{11})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Myintervals secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:nasdaq).{0,40}\b([a-zA-Z0-9_-]{20})\b" then + if {latest.response} matches "(?:nasdaq).{0,40}\b([a-zA-Z0-9_-]{20})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Nasdaqdatalink secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:nethunt).{0,40}\b([a-zA-Z0-9.-@]{25,30})\b" then + if {latest.response} matches "(?:nethunt).{0,40}\b([a-zA-Z0-9.-@]{25,30})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Nethunt - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:nethunt).{0,40}\b([a-z0-9-\S]{36})\b" then + if {latest.response} matches "(?:nethunt).{0,40}\b([a-z0-9-\S]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Nethunt - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:netlify).{0,40}\b([A-Za-z0-9_-]{43,45})\b" then + if {latest.response} matches "(?:netlify).{0,40}\b([A-Za-z0-9_-]{43,45})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Netlify secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:neutrinoapi).{0,40}\b([a-zA-Z0-9]{48})\b" then + if {latest.response} matches "(?:neutrinoapi).{0,40}\b([a-zA-Z0-9]{48})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Neutrinoapi - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:neutrinoapi).{0,40}\b([a-zA-Z0-9]{6,24})\b" then + if {latest.response} matches "(?:neutrinoapi).{0,40}\b([a-zA-Z0-9]{6,24})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Neutrinoapi - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "NRAA-[a-f0-9]{27}" then + if {latest.response} matches "NRAA-[a-f0-9]{27}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Newrelic Admin API Key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "NRI(?:I|Q)-[A-Za-z0-9\-_]{32}" then + if {latest.response} matches "NRI(?:I|Q)-[A-Za-z0-9\-_]{32}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Newrelic Insights API Key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "NRRA-[a-f0-9]{42}" then + if {latest.response} matches "NRRA-[a-f0-9]{42}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Newrelic REST API Key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "NRSP-[a-z]{2}[0-9]{2}[a-f0-9]{31}" then + if {latest.response} matches "NRSP-[a-z]{2}[0-9]{2}[a-f0-9]{31}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Newrelic Synthetics Location Key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:newrelic).{0,40}\b([A-Za-z0-9_\.]{4}-[A-Za-z0-9_\.]{42})\b" then + if {latest.response} matches "(?:newrelic).{0,40}\b([A-Za-z0-9_\.]{4}-[A-Za-z0-9_\.]{42})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Newrelicpersonalapikey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:newsapi).{0,40}\b([a-z0-9]{32})" then + if {latest.response} matches "(?:newsapi).{0,40}\b([a-z0-9]{32})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Newsapi secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:newscatcher).{0,40}\b([0-9A-Za-z_]{43})\b" then + if {latest.response} matches "(?:newscatcher).{0,40}\b([0-9A-Za-z_]{43})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Newscatcher secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:nexmo).{0,40}\b([A-Za-z0-9_-]{8})\b" then + if {latest.response} matches "(?:nexmo).{0,40}\b([A-Za-z0-9_-]{8})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Nexmoapikey - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:nexmo).{0,40}\b([A-Za-z0-9_-]{16})\b" then + if {latest.response} matches "(?:nexmo).{0,40}\b([A-Za-z0-9_-]{16})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Nexmoapikey - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:nftport).{0,40}\b([a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})\b" then + if {latest.response} matches "(?:nftport).{0,40}\b([a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Nftport secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:nicereply).{0,40}\b([0-9a-f]{40})\b" then + if {latest.response} matches "(?:nicereply).{0,40}\b([0-9a-f]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Nicereply secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:nimble).{0,40}\b([a-zA-Z0-9]{30})\b" then + if {latest.response} matches "(?:nimble).{0,40}\b([a-zA-Z0-9]{30})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Nimble secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:nitro).{0,40}\b([0-9a-f]{32})\b" then + if {latest.response} matches "(?:nitro).{0,40}\b([0-9a-f]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Nitro secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:noticeable).{0,40}\b([0-9a-zA-Z]{20})\b" then + if {latest.response} matches "(?:noticeable).{0,40}\b([0-9a-zA-Z]{20})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Noticeable secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(secret_[A-Za-z0-9]{43})\b" then + if {latest.response} matches "\b(secret_[A-Za-z0-9]{43})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Notion secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:nozbe|nozbeteams).{0,40}\b([0-9A-Za-z]{16}_[0-9A-Za-z\-_]{64}[ \r\n]{1})" then + if {latest.response} matches "(?:nozbe|nozbeteams).{0,40}\b([0-9A-Za-z]{16}_[0-9A-Za-z\-_]{64}[ \r\n]{1})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Nozbeteams secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:numverify).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:numverify).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Numverify secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:nutritionix).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:nutritionix).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Nutritionix - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:nutritionix).{0,40}\b([a-z0-9]{8})\b" then + if {latest.response} matches "(?:nutritionix).{0,40}\b([a-z0-9]{8})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Nutritionix - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:nylas).{0,40}\b([0-9A-Za-z]{30})\b" then + if {latest.response} matches "(?:nylas).{0,40}\b([0-9A-Za-z]{30})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Nylas secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:oanda).{0,40}\b([a-zA-Z0-9]{24})\b" then + if {latest.response} matches "(?:oanda).{0,40}\b([a-zA-Z0-9]{24})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Oanda secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:omnisend).{0,40}\b([a-z0-9A-Z-]{75})\b" then + if {latest.response} matches "(?:omnisend).{0,40}\b([a-z0-9A-Z-]{75})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Omnisend secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:onedesk).{0,40}\b([a-zA-Z0-9!=@#$%^]{8,64})" then + if {latest.response} matches "(?:onedesk).{0,40}\b([a-zA-Z0-9!=@#$%^]{8,64})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Onedesk - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "secret[a-zA-Z0-9_' \"=]{0,20}([a-z0-9]{64})" then + if {latest.response} matches "secret[a-zA-Z0-9_' \"=]{0,20}([a-z0-9]{64})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Onelogin - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:onepagecrm).{0,40}\b([a-zA-Z0-9=]{44})" then + if {latest.response} matches "(?:onepagecrm).{0,40}\b([a-zA-Z0-9=]{44})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Onepagecrm - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:onepagecrm).{0,40}\b([a-z0-9]{24})\b" then + if {latest.response} matches "(?:onepagecrm).{0,40}\b([a-z0-9]{24})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Onepagecrm - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:onwater).{0,40}\b([a-zA-Z0-9_-]{20})\b" then + if {latest.response} matches "(?:onwater).{0,40}\b([a-zA-Z0-9_-]{20})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Onwaterio secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:oopspam).{0,40}\b([a-zA-Z0-9]{40})\b" then + if {latest.response} matches "(?:oopspam).{0,40}\b([a-zA-Z0-9]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Oopspam secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:opencagedata).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:opencagedata).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Opencagedata secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:opengraphr).{0,40}\b([0-9Aa-zA-Z]{80})\b" then + if {latest.response} matches "(?:opengraphr).{0,40}\b([0-9Aa-zA-Z]{80})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Opengraphr secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:openuv).{0,40}\b([0-9a-z]{32})\b" then + if {latest.response} matches "(?:openuv).{0,40}\b([0-9a-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Openuv secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:openweather).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:openweather).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Openweather secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:optimizely).{0,40}\b([0-9A-Za-z-:]{54})\b" then + if {latest.response} matches "(?:optimizely).{0,40}\b([0-9A-Za-z-:]{54})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Optimizely secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:owlbot).{0,40}\b([a-z0-9]{40})\b" then + if {latest.response} matches "(?:owlbot).{0,40}\b([a-z0-9]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Owlbot secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "-----BEGIN PGP PRIVATE KEY BLOCK-----" then + if {latest.response} matches "-----BEGIN PGP PRIVATE KEY BLOCK-----" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "PGP private key block secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:pagerduty).{0,40}\b([a-z]{1}\+[a-zA-Z]{9}\-[a-z]{2}\-[a-z0-9]{5})\b" then + if {latest.response} matches "(?:pagerduty).{0,40}\b([a-z]{1}\+[a-zA-Z]{9}\-[a-z]{2}\-[a-z0-9]{5})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Pagerdutyapikey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:pandadoc).{0,40}\b([a-zA-Z0-9]{40})\b" then + if {latest.response} matches "(?:pandadoc).{0,40}\b([a-zA-Z0-9]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Pandadoc secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:pandascore).{0,40}([ \r\n]{0,1}[0-9A-Za-z\-\_]{51}[ \r\n]{1})" then + if {latest.response} matches "(?:pandascore).{0,40}([ \r\n]{0,1}[0-9A-Za-z\-\_]{51}[ \r\n]{1})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Pandascore secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:paralleldots).{0,40}\b([0-9A-Za-z]{43})\b" then + if {latest.response} matches "(?:paralleldots).{0,40}\b([0-9A-Za-z]{43})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Paralleldots secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:partnerstack).{0,40}\b([0-9A-Za-z]{64})\b" then + if {latest.response} matches "(?:partnerstack).{0,40}\b([0-9A-Za-z]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Partnerstack secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:passbase).{0,40}\b([a-zA-Z0-9]{128})\b" then + if {latest.response} matches "(?:passbase).{0,40}\b([a-zA-Z0-9]{128})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Passbase secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "[a-zA-Z]{3,10}://[^/\s:@]{3,20}:[^/\s:@]{3,20}@.{1,100}[\"'\s]" then + if {latest.response} matches "[a-zA-Z]{3,10}://[^/\s:@]{3,20}:[^/\s:@]{3,20}@.{1,100}[\"'\s]" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Password in URL secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:pastebin).{0,40}\b([a-zA-Z0-9_]{32})\b" then + if {latest.response} matches "(?:pastebin).{0,40}\b([a-zA-Z0-9_]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Pastebin secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}" then + if {latest.response} matches "access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "PayPal Braintree access token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:paymoapp).{0,40}\b([a-zA-Z0-9]{44})\b" then + if {latest.response} matches "(?:paymoapp).{0,40}\b([a-zA-Z0-9]{44})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Paymoapp secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:paymongo).{0,40}\b([a-zA-Z0-9_]{32})\b" then + if {latest.response} matches "(?:paymongo).{0,40}\b([a-zA-Z0-9_]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Paymongo secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(sk\_[a-z]{1,}\_[A-Za-z0-9]{40})\b" then + if {latest.response} matches "\b(sk\_[a-z]{1,}\_[A-Za-z0-9]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Paystack secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:pdflayer).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:pdflayer).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Pdflayer secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:pdfshift).{0,40}\b([0-9a-f]{32})\b" then + if {latest.response} matches "(?:pdfshift).{0,40}\b([0-9a-f]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Pdfshift secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:peopledatalabs).{0,40}\b([a-z0-9]{64})\b" then + if {latest.response} matches "(?:peopledatalabs).{0,40}\b([a-z0-9]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Peopledatalabs secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:pepipost|netcore).{0,40}\b([a-zA-Z-0-9]{32})\b" then + if {latest.response} matches "(?:pepipost|netcore).{0,40}\b([a-zA-Z-0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Pepipost secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sk_live_[0-9a-z]{32}" then + if {latest.response} matches "sk_live_[0-9a-z]{32}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Picatic API key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:pipedream).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:pipedream).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Pipedream secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:pipedrive).{0,40}\b([a-zA-Z0-9]{40})\b" then + if {latest.response} matches "(?:pipedrive).{0,40}\b([a-zA-Z0-9]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Pipedrive secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:pivotal).{0,40}([a-z0-9]{32})" then + if {latest.response} matches "(?:pivotal).{0,40}([a-z0-9]{32})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Pivotaltracker secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:pixabay).{0,40}\b([a-z0-9-]{34})\b" then + if {latest.response} matches "(?:pixabay).{0,40}\b([a-z0-9-]{34})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Pixabay secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:plaid).{0,40}\b([a-z0-9]{24})\b" then + if {latest.response} matches "(?:plaid).{0,40}\b([a-z0-9]{24})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Plaidkey - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:plaid).{0,40}\b([a-z0-9]{30})\b" then + if {latest.response} matches "(?:plaid).{0,40}\b([a-z0-9]{30})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Plaidkey - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:planviewleankit|planview).{0,40}\b([0-9a-f]{128})\b" then + if {latest.response} matches "(?:planviewleankit|planview).{0,40}\b([0-9a-f]{128})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Planviewleankit - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:planviewleankit|planview).{0,40}(?:subdomain).\b([a-zA-Z][a-zA-Z0-9.-]{1,23}[a-zA-Z0-9])\b" then + if {latest.response} matches "(?:planviewleankit|planview).{0,40}(?:subdomain).\b([a-zA-Z][a-zA-Z0-9.-]{1,23}[a-zA-Z0-9])\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Planviewleankit - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:planyo).{0,40}\b([0-9a-z]{62})\b" then + if {latest.response} matches "(?:planyo).{0,40}\b([0-9a-z]{62})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Planyo secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:plivo).{0,40}\b([A-Za-z0-9_-]{40})\b" then + if {latest.response} matches "(?:plivo).{0,40}\b([A-Za-z0-9_-]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Plivo - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:plivo).{0,40}\b([A-Z]{20})\b" then + if {latest.response} matches "(?:plivo).{0,40}\b([A-Z]{20})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Plivo - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:poloniex).{0,40}\b([0-9a-f]{128})\b" then + if {latest.response} matches "(?:poloniex).{0,40}\b([0-9a-f]{128})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Poloniex - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:poloniex).{0,40}\b([0-9A-Z]{8}-[0-9A-Z]{8}-[0-9A-Z]{8}-[0-9A-Z]{8})\b" then + if {latest.response} matches "(?:poloniex).{0,40}\b([0-9A-Z]{8}-[0-9A-Z]{8}-[0-9A-Z]{8}-[0-9A-Z]{8})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Poloniex - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:polygon).{0,40}\b([a-z0-9A-Z]{32})\b" then + if {latest.response} matches "(?:polygon).{0,40}\b([a-z0-9A-Z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Polygon secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:positionstack).{0,40}\b([a-zA-Z0-9_]{32})\b" then + if {latest.response} matches "(?:positionstack).{0,40}\b([a-zA-Z0-9_]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Positionstack secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:postageapp).{0,40}\b([0-9A-Za-z]{32})\b" then + if {latest.response} matches "(?:postageapp).{0,40}\b([0-9A-Za-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Postageapp secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(phc_[a-zA-Z0-9_]{43})\b" then + if {latest.response} matches "\b(phc_[a-zA-Z0-9_]{43})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Posthog secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(PMAK-[a-zA-Z-0-9]{59})\b" then + if {latest.response} matches "\b(PMAK-[a-zA-Z-0-9]{59})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Postman secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:postmark).{0,40}\b([0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then + if {latest.response} matches "(?:postmark).{0,40}\b([0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Postmark secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:powrbot).{0,40}\b([a-z0-9A-Z]{40})\b" then + if {latest.response} matches "(?:powrbot).{0,40}\b([a-z0-9A-Z]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Powrbot secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "-----\s*?BEGIN[ A-Z0-9_-]*?PRIVATE KEY\s*?-----[\s\S]*?----\s*?END[ A-Z0-9_-]*? PRIVATE KEY\s*?-----" then + if {latest.response} matches "-----\s*?BEGIN[ A-Z0-9_-]*?PRIVATE KEY\s*?-----[\s\S]*?----\s*?END[ A-Z0-9_-]*? PRIVATE KEY\s*?-----" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Privatekey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:prospect).{0,40}\b([a-z0-9-]{32})\b" then + if {latest.response} matches "(?:prospect).{0,40}\b([a-z0-9-]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Prospectcrm secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:prospect).{0,40}\b([a-z0-9A-Z-]{50})\b" then + if {latest.response} matches "(?:prospect).{0,40}\b([a-z0-9A-Z-]{50})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Prospectio secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:protocols).{0,40}\b([a-z0-9]{64})\b" then + if {latest.response} matches "(?:protocols).{0,40}\b([a-z0-9]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Protocolsio secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:proxycrawl).{0,40}\b([a-zA-Z0-9_]{22})\b" then + if {latest.response} matches "(?:proxycrawl).{0,40}\b([a-zA-Z0-9_]{22})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Proxycrawl secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(sub-c-[0-9a-z]{8}-[a-z]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})\b" then + if {latest.response} matches "\b(sub-c-[0-9a-z]{8}-[a-z]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Pubnubpublishkey - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(pub-c-[0-9a-z]{8}-[0-9a-z]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})\b" then + if {latest.response} matches "\b(pub-c-[0-9a-z]{8}-[0-9a-z]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Pubnubpublishkey - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:purestake).{0,40}\b([a-zA-Z0-9]{40})\b" then + if {latest.response} matches "(?:purestake).{0,40}\b([a-zA-Z0-9]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Purestake secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:pushbullet).{0,40}\b([A-Za-z0-9_\.]{34})\b" then + if {latest.response} matches "(?:pushbullet).{0,40}\b([A-Za-z0-9_\.]{34})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Pushbulletapikey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:pusher).{0,40}\b([a-z0-9]{20})\b" then + if {latest.response} matches "(?:pusher).{0,40}\b([a-z0-9]{20})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Pusherchannelkey - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:pusher).{0,40}\b([0-9]{7})\b" then + if {latest.response} matches "(?:pusher).{0,40}\b([0-9]{7})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Pusherchannelkey - 3 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}" then + if {latest.response} matches "pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "PyPI upload token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:qualaroo).{0,40}\b([a-z0-9A-Z=]{64})" then + if {latest.response} matches "(?:qualaroo).{0,40}\b([a-z0-9A-Z=]{64})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Qualaroo secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:qubole).{0,40}\b([0-9a-z]{64})\b" then + if {latest.response} matches "(?:qubole).{0,40}\b([0-9a-z]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Qubole secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:quickmetrics).{0,40}\b([a-zA-Z0-9_-]{22})\b" then + if {latest.response} matches "(?:quickmetrics).{0,40}\b([a-zA-Z0-9_-]{22})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Quickmetrics secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "-----BEGIN PRIVATE KEY-----" then + if {latest.response} matches "-----BEGIN PRIVATE KEY-----" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "RKCS8 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "-----BEGIN RSA PRIVATE KEY-----" then + if {latest.response} matches "-----BEGIN RSA PRIVATE KEY-----" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "RSA private key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:rapidapi).{0,40}\b([A-Za-z0-9_-]{50})\b" then + if {latest.response} matches "(?:rapidapi).{0,40}\b([A-Za-z0-9_-]{50})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Rapidapi secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:raven).{0,40}\b([A-Z0-9-]{16})\b" then + if {latest.response} matches "(?:raven).{0,40}\b([A-Z0-9-]{16})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Raven secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:rawg).{0,40}\b([0-9Aa-z]{32})\b" then + if {latest.response} matches "(?:rawg).{0,40}\b([0-9Aa-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Rawg secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\brzp_\w{2,6}_\w{10,20}\b" then + if {latest.response} matches "\brzp_\w{2,6}_\w{10,20}\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Razorpay - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:readme).{0,40}\b([a-zA-Z0-9_]{32})\b" then + if {latest.response} matches "(?:readme).{0,40}\b([a-zA-Z0-9_]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Readme secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(ey[a-zA-Z0-9-._]{153}.ey[a-zA-Z0-9-._]{916,1000})\b" then + if {latest.response} matches "\b(ey[a-zA-Z0-9-._]{153}.ey[a-zA-Z0-9-._]{916,1000})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Reallysimplesystems secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:rebrandly).{0,40}\b([a-zA-Z0-9_]{32})\b" then + if {latest.response} matches "(?:rebrandly).{0,40}\b([a-zA-Z0-9_]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Rebrandly secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:refiner).{0,40}\b([0-9Aa-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then + if {latest.response} matches "(?:refiner).{0,40}\b([0-9Aa-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Refiner secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:repairshopr).{0,40}\b([a-zA-Z0-9_.!+$#^*]{3,32})\b" then + if {latest.response} matches "(?:repairshopr).{0,40}\b([a-zA-Z0-9_.!+$#^*]{3,32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Repairshopr - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:repairshopr).{0,40}\b([a-zA-Z0-9-]{51})\b" then + if {latest.response} matches "(?:repairshopr).{0,40}\b([a-zA-Z0-9-]{51})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Repairshopr - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:restpack).{0,40}\b([a-zA-Z0-9]{48})\b" then + if {latest.response} matches "(?:restpack).{0,40}\b([a-zA-Z0-9]{48})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Restpack secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:restpack).{0,40}\b([0-9A-Za-z]{48})\b" then + if {latest.response} matches "(?:restpack).{0,40}\b([0-9A-Za-z]{48})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Restpackhtmltopdfapi secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:rev).{0,40}\b([0-9a-zA-Z\/\+]{27}\=[ \r\n]{1})" then + if {latest.response} matches "(?:rev).{0,40}\b([0-9a-zA-Z\/\+]{27}\=[ \r\n]{1})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Rev - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:revamp).{0,40}\b([a-zA-Z0-9]{40}\b)" then + if {latest.response} matches "(?:revamp).{0,40}\b([a-zA-Z0-9]{40}\b)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Revampcrm - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:ringcentral).{0,40}\b(https://www.[0-9A-Za-z_-]{1,}.com)\b" then + if {latest.response} matches "(?:ringcentral).{0,40}\b(https://www.[0-9A-Za-z_-]{1,}.com)\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Ringcentral - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:ringcentral).{0,40}\b([0-9A-Za-z_-]{22})\b" then + if {latest.response} matches "(?:ringcentral).{0,40}\b([0-9A-Za-z_-]{22})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Ringcentral - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:ritekit).{0,40}\b([0-9a-f]{44})\b" then + if {latest.response} matches "(?:ritekit).{0,40}\b([0-9a-f]{44})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Ritekit secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:roaring).{0,40}\b([0-9A-Za-z_-]{28})\b" then + if {latest.response} matches "(?:roaring).{0,40}\b([0-9A-Za-z_-]{28})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Roaring secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:rocketreach).{0,40}\b([a-z0-9-]{39})\b" then + if {latest.response} matches "(?:rocketreach).{0,40}\b([a-z0-9-]{39})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Rocketreach secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:ronin).{0,40}\b([0-9a-zA-Z]{26})\b" then + if {latest.response} matches "(?:ronin).{0,40}\b([0-9a-zA-Z]{26})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Roninapp - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:route4me).{0,40}\b([0-9A-Z]{32})\b" then + if {latest.response} matches "(?:route4me).{0,40}\b([0-9A-Z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Route4me secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:rownd).{0,40}\b([a-z0-9]{8}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{12})\b" then + if {latest.response} matches "(?:rownd).{0,40}\b([a-z0-9]{8}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Rownd - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:rownd).{0,40}\b([a-z0-9]{48})\b" then + if {latest.response} matches "(?:rownd).{0,40}\b([a-z0-9]{48})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Rownd - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:rownd).{0,40}\b([0-9]{18})\b" then + if {latest.response} matches "(?:rownd).{0,40}\b([0-9]{18})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Rownd - 3 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(rubygems_[a-zA0-9]{48})\b" then + if {latest.response} matches "\b(rubygems_[a-zA0-9]{48})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Rubygems secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:runrunit).{0,40}\b([0-9a-f]{32})\b" then + if {latest.response} matches "(?:runrunit).{0,40}\b([0-9a-f]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Runrunit - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:runrunit).{0,40}\b([0-9A-Za-z]{18,20})\b" then + if {latest.response} matches "(?:runrunit).{0,40}\b([0-9A-Za-z]{18,20})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Runrunit - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "-----BEGIN OPENSSH PRIVATE KEY-----" then + if {latest.response} matches "-----BEGIN OPENSSH PRIVATE KEY-----" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "SSH secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "-----BEGIN DSA PRIVATE KEY-----" then + if {latest.response} matches "-----BEGIN DSA PRIVATE KEY-----" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "SSH (DSA) private key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:salesblink).{0,40}\b([a-zA-Z]{16})\b" then + if {latest.response} matches "(?:salesblink).{0,40}\b([a-zA-Z]{16})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Salesblink secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:salescookie).{0,40}\b([a-zA-z0-9]{32})\b" then + if {latest.response} matches "(?:salescookie).{0,40}\b([a-zA-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Salescookie secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:salesflare).{0,40}\b([a-zA-Z0-9_]{45})\b" then + if {latest.response} matches "(?:salesflare).{0,40}\b([a-zA-Z0-9_]{45})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Salesflare secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:satismeter).{0,40}\b([a-zA-Z0-9]{4,20}@[a-zA-Z0-9]{2,12}.[a-zA-Z0-9]{2,12})\b" then + if {latest.response} matches "(?:satismeter).{0,40}\b([a-zA-Z0-9]{4,20}@[a-zA-Z0-9]{2,12}.[a-zA-Z0-9]{2,12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Satismeterprojectkey - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:satismeter).{0,40}\b([a-zA-Z0-9]{24})\b" then + if {latest.response} matches "(?:satismeter).{0,40}\b([a-zA-Z0-9]{24})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Satismeterprojectkey - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:satismeter).{0,40}\b([a-zA-Z0-9!=@#$%^]{6,32})" then + if {latest.response} matches "(?:satismeter).{0,40}\b([a-zA-Z0-9!=@#$%^]{6,32})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Satismeterprojectkey - 3 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:satismeter).{0,40}\b([a-z0-9A-Z]{16})\b" then + if {latest.response} matches "(?:satismeter).{0,40}\b([a-z0-9A-Z]{16})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Satismeterwritekey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(oauth\-[a-z0-9]{8,}\-[a-z0-9]{5})\b" then + if {latest.response} matches "\b(oauth\-[a-z0-9]{8,}\-[a-z0-9]{5})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Saucelabs - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:saucelabs).{0,40}\b([a-z0-9]{8}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{12})\b" then + if {latest.response} matches "(?:saucelabs).{0,40}\b([a-z0-9]{8}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Saucelabs - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:scaleway).{0,40}\b([0-9a-z]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then + if {latest.response} matches "(?:scaleway).{0,40}\b([0-9a-z]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Scalewaykey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:scrapeowl).{0,40}\b([0-9a-z]{30})\b" then + if {latest.response} matches "(?:scrapeowl).{0,40}\b([0-9a-z]{30})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Scrapeowl secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:scraperapi).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:scraperapi).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Scraperapi secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:scraperbox).{0,40}\b([A-Z0-9]{32})\b" then + if {latest.response} matches "(?:scraperbox).{0,40}\b([A-Z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Scraperbox secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:scrapersite).{0,40}\b([a-zA-Z0-9]{45})\b" then + if {latest.response} matches "(?:scrapersite).{0,40}\b([a-zA-Z0-9]{45})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Scrapersite secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:scrapestack).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:scrapestack).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Scrapestack secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:scrapfly).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:scrapfly).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Scrapfly secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:scrapingant).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:scrapingant).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Scrapingant secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:scrapingbee).{0,40}\b([A-Z0-9]{80})\b" then + if {latest.response} matches "(?:scrapingbee).{0,40}\b([A-Z0-9]{80})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Scrapingbee secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:screenshotapi).{0,40}\b([0-9A-Z]{7}\-[0-9A-Z]{7}\-[0-9A-Z]{7}\-[0-9A-Z]{7})\b" then + if {latest.response} matches "(?:screenshotapi).{0,40}\b([0-9A-Z]{7}\-[0-9A-Z]{7}\-[0-9A-Z]{7}\-[0-9A-Z]{7})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Screenshotapi secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:screenshotlayer).{0,40}\b([a-zA-Z0-9_]{32})\b" then + if {latest.response} matches "(?:screenshotlayer).{0,40}\b([a-zA-Z0-9_]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Screenshotlayer secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:securitytrails).{0,40}\b([a-zA-Z0-9]{32})\b" then + if {latest.response} matches "(?:securitytrails).{0,40}\b([a-zA-Z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Securitytrails secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:segment).{0,40}\b([A-Za-z0-9_\-a-zA-Z]{43}\.[A-Za-z0-9_\-a-zA-Z]{43})\b" then + if {latest.response} matches "(?:segment).{0,40}\b([A-Za-z0-9_\-a-zA-Z]{43}\.[A-Za-z0-9_\-a-zA-Z]{43})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Segmentapikey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:selectpdf).{0,40}\b([a-z0-9-]{36})\b" then + if {latest.response} matches "(?:selectpdf).{0,40}\b([a-z0-9-]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Selectpdf secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:semaphore).{0,40}\b([0-9a-z]{32})\b" then + if {latest.response} matches "(?:semaphore).{0,40}\b([0-9a-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Semaphore secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "SG\.[\w_]{16,32}\.[\w_]{16,64}" then + if {latest.response} matches "SG\.[\w_]{16,32}\.[\w_]{16,64}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "SendGrid API Key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:sendbird).{0,40}\b([0-9a-f]{40})\b" then + if {latest.response} matches "(?:sendbird).{0,40}\b([0-9a-f]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Sendbird - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:sendbird).{0,40}\b([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})\b" then + if {latest.response} matches "(?:sendbird).{0,40}\b([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Sendbird - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:sendbird).{0,40}\b([0-9a-f]{24})\b" then + if {latest.response} matches "(?:sendbird).{0,40}\b([0-9a-f]{24})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Sendbirdorganizationapi secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:sendgrid).{0,40}(SG\.[\w\-_]{20,24}\.[\w\-_]{39,50})\b" then + if {latest.response} matches "(?:sendgrid).{0,40}(SG\.[\w\-_]{20,24}\.[\w\-_]{39,50})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Sendgrid secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(xkeysib\-[A-Za-z0-9_-]{81})\b" then + if {latest.response} matches "\b(xkeysib\-[A-Za-z0-9_-]{81})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Sendinbluev2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:sentiment).{0,40}\b([0-9]{17})\b" then + if {latest.response} matches "(?:sentiment).{0,40}\b([0-9]{17})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Sentiment - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:sentiment).{0,40}\b([a-zA-Z0-9]{20})\b" then + if {latest.response} matches "(?:sentiment).{0,40}\b([a-zA-Z0-9]{20})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Sentiment - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:sentry).{0,40}\b([a-f0-9]{64})\b" then + if {latest.response} matches "(?:sentry).{0,40}\b([a-f0-9]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Sentrytoken secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:serphouse).{0,40}\b([0-9A-Za-z]{60})\b" then + if {latest.response} matches "(?:serphouse).{0,40}\b([0-9A-Za-z]{60})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Serphouse secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:serpstack).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:serpstack).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Serpstack secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:sheety).{0,40}\b([0-9a-z]{32})\b" then + if {latest.response} matches "(?:sheety).{0,40}\b([0-9a-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Sheety - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:sheety).{0,40}\b([0-9a-z]{64})\b" then + if {latest.response} matches "(?:sheety).{0,40}\b([0-9a-z]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Sheety - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:sherpadesk).{0,40}\b([0-9a-z]{32})\b" then + if {latest.response} matches "(?:sherpadesk).{0,40}\b([0-9a-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Sherpadesk secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:shipday).{0,40}\b([a-zA-Z0-9.]{11}[a-zA-Z0-9]{20})\b" then + if {latest.response} matches "(?:shipday).{0,40}\b([a-zA-Z0-9.]{11}[a-zA-Z0-9]{20})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Shipday secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:shodan).{0,40}\b([a-zA-Z0-9]{32})\b" then + if {latest.response} matches "(?:shodan).{0,40}\b([a-zA-Z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Shodankey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "shpat_[a-fA-F0-9]{32}" then + if {latest.response} matches "shpat_[a-fA-F0-9]{32}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Shopify access token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "shpca_[a-fA-F0-9]{32}" then + if {latest.response} matches "shpca_[a-fA-F0-9]{32}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Shopify custom app access token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "shppa_[a-fA-F0-9]{32}" then + if {latest.response} matches "shppa_[a-fA-F0-9]{32}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Shopify private app access token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "shpss_[a-fA-F0-9]{32}" then + if {latest.response} matches "shpss_[a-fA-F0-9]{32}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Shopify shared secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:shortcut).{0,40}\b([0-9a-f-]{36})\b" then + if {latest.response} matches "(?:shortcut).{0,40}\b([0-9a-f-]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Shortcut secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:shotstack).{0,40}\b([a-zA-Z0-9]{40})\b" then + if {latest.response} matches "(?:shotstack).{0,40}\b([a-zA-Z0-9]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Shotstack secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:shutterstock).{0,40}\b(v2/[0-9A-Za-z]{388})\b" then + if {latest.response} matches "(?:shutterstock).{0,40}\b(v2/[0-9A-Za-z]{388})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Shutterstockoauth secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b([0-9a-z-]{3,64}.signalwire.com)\b" then + if {latest.response} matches "\b([0-9a-z-]{3,64}.signalwire.com)\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Signalwire - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:signalwire).{0,40}\b([0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then + if {latest.response} matches "(?:signalwire).{0,40}\b([0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Signalwire - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:signalwire).{0,40}\b([0-9A-Za-z]{50})\b" then + if {latest.response} matches "(?:signalwire).{0,40}\b([0-9A-Za-z]{50})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Signalwire - 3 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:signaturit).{0,40}\b([0-9A-Za-z]{86})\b" then + if {latest.response} matches "(?:signaturit).{0,40}\b([0-9A-Za-z]{86})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Signaturit secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:signupgenius).{0,40}\b([0-9A-Za-z]{32})\b" then + if {latest.response} matches "(?:signupgenius).{0,40}\b([0-9A-Za-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Signupgenius secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:sigopt).{0,40}\b([A-Z0-9]{48})\b" then + if {latest.response} matches "(?:sigopt).{0,40}\b([A-Z0-9]{48})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Sigopt secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:simplesat).{0,40}\b([a-z0-9]{40})" then + if {latest.response} matches "(?:simplesat).{0,40}\b([a-z0-9]{40})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Simplesat secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:simplynoted).{0,40}\b([a-zA-Z0-9\S]{340,360})\b" then + if {latest.response} matches "(?:simplynoted).{0,40}\b([a-zA-Z0-9\S]{340,360})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Simplynoted secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:simvoly).{0,40}\b([a-z0-9]{33})\b" then + if {latest.response} matches "(?:simvoly).{0,40}\b([a-z0-9]{33})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Simvoly secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:sinch).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:sinch).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Sinchmessage secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:sirv).{0,40}\b([a-zA-Z0-9\S]{88})" then + if {latest.response} matches "(?:sirv).{0,40}\b([a-zA-Z0-9\S]{88})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Sirv - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:sirv).{0,40}\b([a-zA-Z0-9]{26})\b" then + if {latest.response} matches "(?:sirv).{0,40}\b([a-zA-Z0-9]{26})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Sirv - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:siteleaf).{0,40}\b([0-9Aa-z]{32})\b" then + if {latest.response} matches "(?:siteleaf).{0,40}\b([0-9Aa-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Siteleaf secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:skrapp).{0,40}\b([a-z0-9A-Z]{42})\b" then + if {latest.response} matches "(?:skrapp).{0,40}\b([a-z0-9A-Z]{42})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Skrappio secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:skybiometry).{0,40}\b([0-9a-z]{25,26})\b" then + if {latest.response} matches "(?:skybiometry).{0,40}\b([0-9a-z]{25,26})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Skybiometry secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "xox[baprs]-[0-9a-zA-Z]{10,48}" then + if {latest.response} matches "xox[baprs]-[0-9a-zA-Z]{10,48}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Slack secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(xox[pborsa]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})" then + if {latest.response} matches "(xox[pborsa]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Slack Token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8,10}/B[a-zA-Z0-9_]{8,12}/[a-zA-Z0-9_]{23,24}" then + if {latest.response} matches "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8,10}/B[a-zA-Z0-9_]{8,12}/[a-zA-Z0-9_]{23,24}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Slack Webhook secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "xoxb-[0-9A-Za-z\-]{51}" then + if {latest.response} matches "xoxb-[0-9A-Za-z\-]{51}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Slack access token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(https:\/\/hooks.slack.com\/services\/[A-Za-z0-9+\/]{44,46})" then + if {latest.response} matches "(https:\/\/hooks.slack.com\/services\/[A-Za-z0-9+\/]{44,46})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Slackwebhook secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:smartsheets).{0,40}\b([a-zA-Z0-9]{37})\b" then + if {latest.response} matches "(?:smartsheets).{0,40}\b([a-zA-Z0-9]{37})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Smartsheets secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:smartystreets).{0,40}\b([a-zA-Z0-9]{20})\b" then + if {latest.response} matches "(?:smartystreets).{0,40}\b([a-zA-Z0-9]{20})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Smartystreets - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:smartystreets).{0,40}\b([a-z0-9-]{36})\b" then + if {latest.response} matches "(?:smartystreets).{0,40}\b([a-z0-9-]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Smartystreets - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:smooch).{0,40}\b(act_[0-9a-z]{24})\b" then + if {latest.response} matches "(?:smooch).{0,40}\b(act_[0-9a-z]{24})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Smooch - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:smooch).{0,40}\b([0-9a-zA-Z_-]{86})\b" then + if {latest.response} matches "(?:smooch).{0,40}\b([0-9a-zA-Z_-]{86})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Smooch - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:snipcart).{0,40}\b([0-9A-Za-z_]{75})\b" then + if {latest.response} matches "(?:snipcart).{0,40}\b([0-9A-Za-z_]{75})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Snipcart secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:snyk).{0,40}\b([0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then + if {latest.response} matches "(?:snyk).{0,40}\b([0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Snykkey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sonar.{0,50}(?:\"|'|`)?[0-9a-f]{40}(?:\"|'|`)?" then + if {latest.response} matches "sonar.{0,50}(?:\"|'|`)?[0-9a-f]{40}(?:\"|'|`)?" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "SonarQube Token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:splunk).{0,40}\b([a-z0-9A-Z]{22})\b" then + if {latest.response} matches "(?:splunk).{0,40}\b([a-z0-9A-Z]{22})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Splunkobservabilitytoken secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:spoonacular).{0,40}\b([0-9a-z]{32})\b" then + if {latest.response} matches "(?:spoonacular).{0,40}\b([0-9a-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Spoonacular secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:sportsmonk).{0,40}\b([0-9a-zA-Z]{60})\b" then + if {latest.response} matches "(?:sportsmonk).{0,40}\b([0-9a-zA-Z]{60})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Sportsmonk secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:square).{0,40}(EAAA[a-zA-Z0-9\-\+\=]{60})" then + if {latest.response} matches "(?:square).{0,40}(EAAA[a-zA-Z0-9\-\+\=]{60})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Square secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sq0csp-[0-9A-Za-z\-_]{43}" then + if {latest.response} matches "sq0csp-[0-9A-Za-z\-_]{43}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Square OAuth Secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sq0atp-[0-9A-Za-z\-_]{22}" then + if {latest.response} matches "sq0atp-[0-9A-Za-z\-_]{22}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Square access token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "[\w\-]*sq0i[a-z]{2}-[0-9A-Za-z\-_]{22,43}" then + if {latest.response} matches "[\w\-]*sq0i[a-z]{2}-[0-9A-Za-z\-_]{22,43}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Squareapp - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "[\w\-]*sq0c[a-z]{2}-[0-9A-Za-z\-_]{40,50}" then + if {latest.response} matches "[\w\-]*sq0c[a-z]{2}-[0-9A-Za-z\-_]{40,50}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Squareapp - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:squarespace).{0,40}\b([0-9Aa-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then + if {latest.response} matches "(?:squarespace).{0,40}\b([0-9Aa-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Squarespace secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(sq0idp-[0-9A-Za-z]{22})\b" then + if {latest.response} matches "\b(sq0idp-[0-9A-Za-z]{22})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Squareup secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:sslmate).{0,40}\b([a-zA-Z0-9]{36})\b" then + if {latest.response} matches "(?:sslmate).{0,40}\b([a-zA-Z0-9]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Sslmate secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:stitchdata).{0,40}\b([0-9a-z_]{35})\b" then + if {latest.response} matches "(?:stitchdata).{0,40}\b([0-9a-z_]{35})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Stitchdata secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:stockdata).{0,40}\b([0-9A-Za-z]{40})\b" then + if {latest.response} matches "(?:stockdata).{0,40}\b([0-9A-Za-z]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Stockdata secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:storecove).{0,40}\b([a-zA-Z0-9_-]{43})\b" then + if {latest.response} matches "(?:storecove).{0,40}\b([a-zA-Z0-9_-]{43})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Storecove secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:stormglass).{0,40}\b([0-9Aa-z-]{73})\b" then + if {latest.response} matches "(?:stormglass).{0,40}\b([0-9Aa-z-]{73})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Stormglass secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:storyblok).{0,40}\b([0-9A-Za-z]{22}t{2})\b" then + if {latest.response} matches "(?:storyblok).{0,40}\b([0-9A-Za-z]{22}t{2})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Storyblok secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:storychief).{0,40}\b([a-zA-Z0-9_\-.]{940,1000})" then + if {latest.response} matches "(?:storychief).{0,40}\b([a-zA-Z0-9_\-.]{940,1000})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Storychief secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:strava).{0,40}\b([0-9]{5})\b" then + if {latest.response} matches "(?:strava).{0,40}\b([0-9]{5})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Strava - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:strava).{0,40}\b([0-9a-z]{40})\b" then + if {latest.response} matches "(?:strava).{0,40}\b([0-9a-z]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Strava - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:streak).{0,40}\b([0-9Aa-f]{32})\b" then + if {latest.response} matches "(?:streak).{0,40}\b([0-9Aa-f]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Streak secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "[rs]k_live_[a-zA-Z0-9]{20,30}" then + if {latest.response} matches "[rs]k_live_[a-zA-Z0-9]{20,30}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Stripe secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sk_live_[0-9a-zA-Z]{24}" then + if {latest.response} matches "sk_live_[0-9a-zA-Z]{24}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Stripe API Key - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "stripe[sr]k_live_[0-9a-zA-Z]{24}" then + if {latest.response} matches "stripe[sr]k_live_[0-9a-zA-Z]{24}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Stripe API key - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "stripe[sk|rk]_live_[0-9a-zA-Z]{24}" then + if {latest.response} matches "stripe[sk|rk]_live_[0-9a-zA-Z]{24}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Stripe API key - 3 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "pk_live_[0-9a-z]{24}" then + if {latest.response} matches "pk_live_[0-9a-z]{24}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Stripe Public Live Key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "pk_test_[0-9a-z]{24}" then + if {latest.response} matches "pk_test_[0-9a-z]{24}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Stripe Public Test Key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "rk_(?:live|test)_[0-9a-zA-Z]{24}" then + if {latest.response} matches "rk_(?:live|test)_[0-9a-zA-Z]{24}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Stripe Restriced Key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "rk_live_[0-9a-zA-Z]{24}" then + if {latest.response} matches "rk_live_[0-9a-zA-Z]{24}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Stripe Restricted API Key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "sk_(?:live|test)_[0-9a-zA-Z]{24}" then + if {latest.response} matches "sk_(?:live|test)_[0-9a-zA-Z]{24}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Stripe Secret Key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(sk|rk)_live_[0-9a-z]{24}" then + if {latest.response} matches "(sk|rk)_live_[0-9a-z]{24}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Stripe Secret Live Key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(sk|rk)_test_[0-9a-z]{24}" then + if {latest.response} matches "(sk|rk)_test_[0-9a-z]{24}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Stripe Secret Test Key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:stytch).{0,40}\b([a-zA-Z0-9-_]{47}=)" then + if {latest.response} matches "(?:stytch).{0,40}\b([a-zA-Z0-9-_]{47}=)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Stytch - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:stytch).{0,40}\b([a-z0-9-]{49})\b" then + if {latest.response} matches "(?:stytch).{0,40}\b([a-z0-9-]{49})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Stytch - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:sugester).{0,40}\b([a-zA-Z0-9_.!+$#^*%]{3,32})\b" then + if {latest.response} matches "(?:sugester).{0,40}\b([a-zA-Z0-9_.!+$#^*%]{3,32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Sugester - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:sugester).{0,40}\b([a-zA-Z0-9]{32})\b" then + if {latest.response} matches "(?:sugester).{0,40}\b([a-zA-Z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Sugester - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:sumo).{0,40}\b([A-Za-z0-9]{14})\b" then + if {latest.response} matches "(?:sumo).{0,40}\b([A-Za-z0-9]{14})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Sumologickey - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:sumo).{0,40}\b([A-Za-z0-9]{64})\b" then + if {latest.response} matches "(?:sumo).{0,40}\b([A-Za-z0-9]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Sumologickey - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:supernotes).{0,40}([ \r\n]{0,1}[0-9A-Za-z\-_]{43}[ \r\n]{1})" then + if {latest.response} matches "(?:supernotes).{0,40}([ \r\n]{0,1}[0-9A-Za-z\-_]{43}[ \r\n]{1})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Supernotesapi secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:surveybot).{0,40}\b([A-Za-z0-9-]{80})\b" then + if {latest.response} matches "(?:surveybot).{0,40}\b([A-Za-z0-9-]{80})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Surveybot secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:surveysparrow).{0,40}\b([a-zA-Z0-9-_]{88})\b" then + if {latest.response} matches "(?:surveysparrow).{0,40}\b([a-zA-Z0-9-_]{88})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Surveysparrow secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:survicate).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:survicate).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Survicate secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:swell).{0,40}\b([a-zA-Z0-9]{32})\b" then + if {latest.response} matches "(?:swell).{0,40}\b([a-zA-Z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Swell - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:swiftype).{0,40}\b([a-zA-z-0-9]{6}\_[a-zA-z-0-9]{6}\-[a-zA-z-0-9]{6})\b" then + if {latest.response} matches "(?:swiftype).{0,40}\b([a-zA-z-0-9]{6}\_[a-zA-z-0-9]{6}\-[a-zA-z-0-9]{6})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Swiftype secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:tallyfy).{0,40}\b([0-9A-Za-z]{36}\.[0-9A-Za-z]{264}\.[0-9A-Za-z\-\_]{683})\b" then + if {latest.response} matches "(?:tallyfy).{0,40}\b([0-9A-Za-z]{36}\.[0-9A-Za-z]{264}\.[0-9A-Za-z\-\_]{683})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Tallyfy secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:tatum).{0,40}\b([0-9a-z-]{36})\b" then + if {latest.response} matches "(?:tatum).{0,40}\b([0-9a-z-]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Tatumio secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:taxjar).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:taxjar).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Taxjar secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:teamgate).{0,40}\b([a-z0-9]{40})\b" then + if {latest.response} matches "(?:teamgate).{0,40}\b([a-z0-9]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Teamgate - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:teamgate).{0,40}\b([a-zA-Z0-9]{80})\b" then + if {latest.response} matches "(?:teamgate).{0,40}\b([a-zA-Z0-9]{80})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Teamgate - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:teamwork|teamworkcrm).{0,40}\b(tkn\.v1_[0-9A-Za-z]{71}=[ \r\n]{1})" then + if {latest.response} matches "(?:teamwork|teamworkcrm).{0,40}\b(tkn\.v1_[0-9A-Za-z]{71}=[ \r\n]{1})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Teamworkcrm secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:teamwork|teamworkdesk).{0,40}\b(tkn\.v1_[0-9A-Za-z]{71}=[ \r\n]{1})" then + if {latest.response} matches "(?:teamwork|teamworkdesk).{0,40}\b(tkn\.v1_[0-9A-Za-z]{71}=[ \r\n]{1})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Teamworkdesk secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:teamwork|teamworkspaces).{0,40}\b(tkn\.v1_[0-9A-Za-z]{71}=[ \r\n]{1})" then + if {latest.response} matches "(?:teamwork|teamworkspaces).{0,40}\b(tkn\.v1_[0-9A-Za-z]{71}=[ \r\n]{1})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Teamworkspaces secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:technicalanalysisapi).{0,40}\b([A-Z0-9]{48})\b" then + if {latest.response} matches "(?:technicalanalysisapi).{0,40}\b([A-Z0-9]{48})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Technicalanalysisapi secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "[0-9]+:AA[0-9A-Za-z\-_]{33}" then + if {latest.response} matches "[0-9]+:AA[0-9A-Za-z\-_]{33}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Telegram Bot API Key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "d{5,}:A[0-9a-z_-]{34,34}" then + if {latest.response} matches "d{5,}:A[0-9a-z_-]{34,34}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Telegram Secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:telegram).{0,40}\b([0-9]{8,10}:[a-zA-Z0-9_-]{35})\b" then + if {latest.response} matches "(?:telegram).{0,40}\b([0-9]{8,10}:[a-zA-Z0-9_-]{35})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Telegrambottoken secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:telnyx).{0,40}\b(KEY[0-9A-Za-z_-]{55})\b" then + if {latest.response} matches "(?:telnyx).{0,40}\b(KEY[0-9A-Za-z_-]{55})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Telnyx secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b([A-Za-z0-9]{14}.atlasv1.[A-Za-z0-9]{67})\b" then + if {latest.response} matches "\b([A-Za-z0-9]{14}.atlasv1.[A-Za-z0-9]{67})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Terraformcloudpersonaltoken secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:text2data).{0,40}\b([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})\b" then + if {latest.response} matches "(?:text2data).{0,40}\b([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Text2data secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:textmagic).{0,40}\b([0-9A-Za-z]{30})\b" then + if {latest.response} matches "(?:textmagic).{0,40}\b([0-9A-Za-z]{30})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Textmagic - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:textmagic).{0,40}\b([0-9A-Za-z]{1,25})\b" then + if {latest.response} matches "(?:textmagic).{0,40}\b([0-9A-Za-z]{1,25})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Textmagic - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:theoddsapi|the-odds-api).{0,40}\b([0-9a-f]{32})\b" then + if {latest.response} matches "(?:theoddsapi|the-odds-api).{0,40}\b([0-9a-f]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Theoddsapi secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:thinkific).{0,40}\b([0-9a-f]{32})\b" then + if {latest.response} matches "(?:thinkific).{0,40}\b([0-9a-f]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Thinkific - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:thinkific).{0,40}\b([0-9A-Za-z]{4,40})\b" then + if {latest.response} matches "(?:thinkific).{0,40}\b([0-9A-Za-z]{4,40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Thinkific - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:thousandeyes).{0,40}\b([a-zA-Z0-9]{32})\b" then + if {latest.response} matches "(?:thousandeyes).{0,40}\b([a-zA-Z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Thousandeyes - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:thousandeyes).{0,40}\b([a-zA-Z0-9]{3,20}@[a-zA-Z0-9]{2,12}.[a-zA-Z0-9]{2,5})\b" then + if {latest.response} matches "(?:thousandeyes).{0,40}\b([a-zA-Z0-9]{3,20}@[a-zA-Z0-9]{2,12}.[a-zA-Z0-9]{2,5})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Thousandeyes - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:ticketmaster).{0,40}\b([a-zA-Z0-9]{32})\b" then + if {latest.response} matches "(?:ticketmaster).{0,40}\b([a-zA-Z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Ticketmaster secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:tiingo).{0,40}\b([0-9a-z]{40})\b" then + if {latest.response} matches "(?:tiingo).{0,40}\b([0-9a-z]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Tiingo secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:timezoneapi).{0,40}\b([a-zA-Z0-9]{20})\b" then + if {latest.response} matches "(?:timezoneapi).{0,40}\b([a-zA-Z0-9]{20})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Timezoneapi secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:tly).{0,40}\b([0-9A-Za-z]{60})\b" then + if {latest.response} matches "(?:tly).{0,40}\b([0-9A-Za-z]{60})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Tly secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:tmetric).{0,40}\b([0-9A-Z]{64})\b" then + if {latest.response} matches "(?:tmetric).{0,40}\b([0-9A-Z]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Tmetric secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:todoist).{0,40}\b([0-9a-z]{40})\b" then + if {latest.response} matches "(?:todoist).{0,40}\b([0-9a-z]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Todoist secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:toggl).{0,40}\b([0-9Aa-z]{32})\b" then + if {latest.response} matches "(?:toggl).{0,40}\b([0-9Aa-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Toggltrack secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:tomorrow).{0,40}\b([a-zA-Z0-9]{32})\b" then + if {latest.response} matches "(?:tomorrow).{0,40}\b([a-zA-Z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Tomorrowio secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:tomtom).{0,40}\b([0-9Aa-zA-Z]{32})\b" then + if {latest.response} matches "(?:tomtom).{0,40}\b([0-9Aa-zA-Z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Tomtom secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:tradier).{0,40}\b([a-zA-Z0-9]{28})\b" then + if {latest.response} matches "(?:tradier).{0,40}\b([a-zA-Z0-9]{28})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Tradier secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:travelpayouts).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:travelpayouts).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Travelpayouts secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:travis).{0,40}\b([a-zA-Z0-9A-Z_]{22})\b" then + if {latest.response} matches "(?:travis).{0,40}\b([a-zA-Z0-9A-Z_]{22})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Travisci secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "https://trello.com/b/[0-9a-z]/[0-9a-z_-]+" then + if {latest.response} matches "https://trello.com/b/[0-9a-z]/[0-9a-z_-]+" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Trello URL secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:trello).{0,40}\b([a-zA-Z-0-9]{32})\b" then + if {latest.response} matches "(?:trello).{0,40}\b([a-zA-Z-0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Trelloapikey - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:twelvedata).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:twelvedata).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Twelvedata secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\bAC[0-9a-f]{32}\b" then + if {latest.response} matches "\bAC[0-9a-f]{32}\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Twilio - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "SK[0-9a-fA-F]{32}" then + if {latest.response} matches "SK[0-9a-fA-F]{32}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Twilio API Key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "twitter[0-9a-z]{18,25}" then + if {latest.response} matches "twitter[0-9a-z]{18,25}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Twitter Client ID secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "twitter[0-9a-z]{35,44}" then + if {latest.response} matches "twitter[0-9a-z]{35,44}" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Twitter Secret Key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:tyntec).{0,40}\b([a-zA-Z0-9]{32})\b" then + if {latest.response} matches "(?:tyntec).{0,40}\b([a-zA-Z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Tyntec secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:typeform).{0,40}\b([0-9A-Za-z]{44})\b" then + if {latest.response} matches "(?:typeform).{0,40}\b([0-9A-Za-z]{44})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Typeform secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "\b(BBFF-[0-9a-zA-Z]{30})\b" then + if {latest.response} matches "\b(BBFF-[0-9a-zA-Z]{30})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Ubidots secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:unify).{0,40}\b([0-9A-Za-z_=-]{44})" then + if {latest.response} matches "(?:unify).{0,40}\b([0-9A-Za-z_=-]{44})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Unifyid secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:unplu).{0,40}\b([a-z0-9]{64})\b" then + if {latest.response} matches "(?:unplu).{0,40}\b([a-z0-9]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Unplugg secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:unsplash).{0,40}\b([0-9A-Za-z_]{43})\b" then + if {latest.response} matches "(?:unsplash).{0,40}\b([0-9A-Za-z_]{43})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Unsplash secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:upcdatabase).{0,40}\b([A-Z0-9]{32})\b" then + if {latest.response} matches "(?:upcdatabase).{0,40}\b([A-Z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Upcdatabase secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:uplead).{0,40}\b([a-z0-9-]{32})\b" then + if {latest.response} matches "(?:uplead).{0,40}\b([a-z0-9-]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Uplead secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:uploadcare).{0,40}\b([a-z0-9]{20})\b" then + if {latest.response} matches "(?:uploadcare).{0,40}\b([a-z0-9]{20})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Uploadcare secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:upwave).{0,40}\b([0-9a-z]{32})\b" then + if {latest.response} matches "(?:upwave).{0,40}\b([0-9a-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Upwave secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:urlscan).{0,40}\b([a-z0-9-]{36})\b" then + if {latest.response} matches "(?:urlscan).{0,40}\b([a-z0-9-]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Urlscan secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:userstack).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:userstack).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Userstack secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:vatlayer).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:vatlayer).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Vatlayer secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:vercel).{0,40}\b([a-zA-Z0-9]{24})\b" then + if {latest.response} matches "(?:vercel).{0,40}\b([a-zA-Z0-9]{24})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Vercel secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:verifier).{0,40}\b([a-zA-Z-0-9-]{5,16}\@[a-zA-Z-0-9]{4,16}\.[a-zA-Z-0-9]{3,6})\b" then + if {latest.response} matches "(?:verifier).{0,40}\b([a-zA-Z-0-9-]{5,16}\@[a-zA-Z-0-9]{4,16}\.[a-zA-Z-0-9]{3,6})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Verifier - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:verifier).{0,40}\b([a-z0-9]{96})\b" then + if {latest.response} matches "(?:verifier).{0,40}\b([a-z0-9]{96})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Verifier - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:verimail).{0,40}\b([A-Z0-9]{32})\b" then + if {latest.response} matches "(?:verimail).{0,40}\b([A-Z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Verimail secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:veriphone).{0,40}\b([0-9A-Z]{32})\b" then + if {latest.response} matches "(?:veriphone).{0,40}\b([0-9A-Z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Veriphone secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:versioneye).{0,40}\b([a-zA-Z0-9-]{40})\b" then + if {latest.response} matches "(?:versioneye).{0,40}\b([a-zA-Z0-9-]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Versioneye secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:viewneo).{0,40}\b([a-z0-9A-Z]{120,300}.[a-z0-9A-Z]{150,300}.[a-z0-9A-Z-_]{600,800})" then + if {latest.response} matches "(?:viewneo).{0,40}\b([a-z0-9A-Z]{120,300}.[a-z0-9A-Z]{150,300}.[a-z0-9A-Z-_]{600,800})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Viewneo secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:virustotal).{0,40}\b([a-f0-9]{64})\b" then + if {latest.response} matches "(?:virustotal).{0,40}\b([a-f0-9]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Virustotal secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:visualcrossing).{0,40}\b([0-9A-Z]{25})\b" then + if {latest.response} matches "(?:visualcrossing).{0,40}\b([0-9A-Z]{25})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Visualcrossing secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:voicegain).{0,40}\b(ey[0-9a-zA-Z_-]{34}.ey[0-9a-zA-Z_-]{108}.[0-9a-zA-Z_-]{43})\b" then + if {latest.response} matches "(?:voicegain).{0,40}\b(ey[0-9a-zA-Z_-]{34}.ey[0-9a-zA-Z_-]{108}.[0-9a-zA-Z_-]{43})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Voicegain secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:vouchery).{0,40}\b([a-z0-9-]{36})\b" then + if {latest.response} matches "(?:vouchery).{0,40}\b([a-z0-9-]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Vouchery - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:vouchery).{0,40}\b([a-zA-Z0-9-\S]{2,20})\b" then + if {latest.response} matches "(?:vouchery).{0,40}\b([a-zA-Z0-9-\S]{2,20})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Vouchery - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:vpnapi).{0,40}\b([a-z0-9A-Z]{32})\b" then + if {latest.response} matches "(?:vpnapi).{0,40}\b([a-z0-9A-Z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Vpnapi secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:vultr).{0,40} \b([A-Z0-9]{36})\b" then + if {latest.response} matches "(?:vultr).{0,40} \b([A-Z0-9]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Vultrapikey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:vyte).{0,40}\b([0-9a-z]{50})\b" then + if {latest.response} matches "(?:vyte).{0,40}\b([0-9a-z]{50})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Vyte secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:walkscore).{0,40}\b([0-9a-z]{32})\b" then + if {latest.response} matches "(?:walkscore).{0,40}\b([0-9a-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Walkscore secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:weatherbit).{0,40}\b([0-9a-z]{32})\b" then + if {latest.response} matches "(?:weatherbit).{0,40}\b([0-9a-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Weatherbit secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:weatherstack).{0,40}\b([0-9a-z]{32})\b" then + if {latest.response} matches "(?:weatherstack).{0,40}\b([0-9a-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Weatherstack secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:error).{0,40}(redirect_uri_mismatch)" then + if {latest.response} matches "(?:error).{0,40}(redirect_uri_mismatch)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Webex - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:webex).{0,40}\b([A-Za-z0-9_-]{65})\b" then + if {latest.response} matches "(?:webex).{0,40}\b([A-Za-z0-9_-]{65})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Webex - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:webex).{0,40}\b([A-Za-z0-9_-]{64})\b" then + if {latest.response} matches "(?:webex).{0,40}\b([A-Za-z0-9_-]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Webex - 3 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:webflow).{0,40}\b([a-zA0-9]{64})\b" then + if {latest.response} matches "(?:webflow).{0,40}\b([a-zA0-9]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Webflow secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:webscraper).{0,40}\b([a-zA-Z0-9]{60})\b" then + if {latest.response} matches "(?:webscraper).{0,40}\b([a-zA-Z0-9]{60})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Webscraper secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:webscraping).{0,40}\b([0-9A-Za-z]{32})\b" then + if {latest.response} matches "(?:webscraping).{0,40}\b([0-9A-Za-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Webscraping secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:wepay).{0,40}\b([a-zA-Z0-9_?]{62})\b" then + if {latest.response} matches "(?:wepay).{0,40}\b([a-zA-Z0-9_?]{62})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Wepay - 2 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:whoxy).{0,40}\b([0-9a-z]{33})\b" then + if {latest.response} matches "(?:whoxy).{0,40}\b([0-9a-z]{33})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Whoxy secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:worksnaps).{0,40}\b([0-9A-Za-z]{40})\b" then + if {latest.response} matches "(?:worksnaps).{0,40}\b([0-9A-Za-z]{40})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Worksnaps secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:workstack).{0,40}\b([0-9Aa-zA-Z]{60})\b" then + if {latest.response} matches "(?:workstack).{0,40}\b([0-9Aa-zA-Z]{60})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Workstack secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:worldcoinindex).{0,40}\b([a-zA-Z0-9]{35})\b" then + if {latest.response} matches "(?:worldcoinindex).{0,40}\b([a-zA-Z0-9]{35})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Worldcoinindex secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:worldweather).{0,40}\b([0-9a-z]{31})\b" then + if {latest.response} matches "(?:worldweather).{0,40}\b([0-9a-z]{31})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Worldweather secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:wrike).{0,40}\b(ey[a-zA-Z0-9-._]{333})\b" then + if {latest.response} matches "(?:wrike).{0,40}\b(ey[a-zA-Z0-9-._]{333})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Wrike secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:yandex).{0,40}\b([a-z0-9A-Z.]{83})\b" then + if {latest.response} matches "(?:yandex).{0,40}\b([a-z0-9A-Z.]{83})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Yandex secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:youneedabudget).{0,40}\b([0-9a-f]{64})\b" then + if {latest.response} matches "(?:youneedabudget).{0,40}\b([0-9a-f]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Youneedabudget secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:yousign).{0,40}\b([0-9a-z]{32})\b" then + if {latest.response} matches "(?:yousign).{0,40}\b([0-9a-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Yousign secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(https:\/\/hooks.zapier.com\/hooks\/catch\/[A-Za-z0-9\/]{16})" then + if {latest.response} matches "(https:\/\/hooks.zapier.com\/hooks\/catch\/[A-Za-z0-9\/]{16})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Zapierwebhook secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:zendesk).{0,40}([A-Za-z0-9_-]{40})" then + if {latest.response} matches "(?:zendesk).{0,40}([A-Za-z0-9_-]{40})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Zendeskapi - 3 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:zenkit).{0,40}\b([0-9a-z]{8}\-[0-9A-Za-z]{32})\b" then + if {latest.response} matches "(?:zenkit).{0,40}\b([0-9a-z]{8}\-[0-9A-Za-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Zenkitapi secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:zenscrape).{0,40}\b([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then + if {latest.response} matches "(?:zenscrape).{0,40}\b([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Zenscrape secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:zenserp).{0,40}\b([0-9a-z-]{36})\b" then + if {latest.response} matches "(?:zenserp).{0,40}\b([0-9a-z-]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Zenserp secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:zeplin).{0,40}\b([a-zA-Z0-9-.]{350,400})\b" then + if {latest.response} matches "(?:zeplin).{0,40}\b([a-zA-Z0-9-.]{350,400})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Zeplin secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:zerobounce).{0,40}\b([a-z0-9]{32})\b" then + if {latest.response} matches "(?:zerobounce).{0,40}\b([a-z0-9]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Zerobounce secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:zipapi).{0,40}\b([a-zA-Z0-9!=@#$%^]{7,})" then + if {latest.response} matches "(?:zipapi).{0,40}\b([a-zA-Z0-9!=@#$%^]{7,})" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Zipapi - 1 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:zipapi).{0,40}\b([0-9a-z]{32})\b" then + if {latest.response} matches "(?:zipapi).{0,40}\b([0-9a-z]{32})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Zipapi - 3 secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:zipcodeapi).{0,40}\b([a-zA-Z0-9]{64})\b" then + if {latest.response} matches "(?:zipcodeapi).{0,40}\b([a-zA-Z0-9]{64})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Zipcodeapi secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(?:zonka).{0,40}\b([A-Za-z0-9]{36})\b" then + if {latest.response} matches "(?:zonka).{0,40}\b([A-Za-z0-9]{36})\b" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "Zonkafeedback secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "amazon[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then + if {latest.response} matches "amazon[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "amazon_secret_access_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ansible[_-]?vault[_-]?password(=| =|:| :)" then + if {latest.response} matches "ansible[_-]?vault[_-]?password(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "ansible_vault_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "chrome[_-]?client[_-]?secret(=| =|:| :)" then + if {latest.response} matches "chrome[_-]?client[_-]?secret(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "chrome_client_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "chrome[_-]?refresh[_-]?token(=| =|:| :)" then + if {latest.response} matches "chrome[_-]?refresh[_-]?token(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "chrome_refresh_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ci[_-]?deploy[_-]?password(=| =|:| :)" then + if {latest.response} matches "ci[_-]?deploy[_-]?password(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "ci_deploy_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ci[_-]?project[_-]?url(=| =|:| :)" then + if {latest.response} matches "ci[_-]?project[_-]?url(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "ci_project_url secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ci[_-]?registry[_-]?user(=| =|:| :)" then + if {latest.response} matches "ci[_-]?registry[_-]?user(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "ci_registry_user secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ci[_-]?server[_-]?name(=| =|:| :)" then + if {latest.response} matches "ci[_-]?server[_-]?name(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "ci_server_name secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cloud[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "cloud[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "cloud_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cloudflare[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "cloudflare[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "cloudflare_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "cloudflare[_-]?auth[_-]?email(=| =|:| :)" then + if {latest.response} matches "cloudflare[_-]?auth[_-]?email(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "cloudflare_auth_email secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "consumer[_-]?key(=| =|:| :)" then + if {latest.response} matches "consumer[_-]?key(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "consumer_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "database[_-]?username(=| =|:| :)" then + if {latest.response} matches "database[_-]?username(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "database_username secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "db[_-]?password(=| =|:| :)" then + if {latest.response} matches "db[_-]?password(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "db_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "db[_-]?pw(=| =|:| :)" then + if {latest.response} matches "db[_-]?pw(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "db_pw secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "docker[_-]?hub[_-]?password(=| =|:| :)" then + if {latest.response} matches "docker[_-]?hub[_-]?password(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "docker_hub_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "docker[_-]?passwd(=| =|:| :)" then + if {latest.response} matches "docker[_-]?passwd(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "docker_passwd secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "docker[_-]?password(=| =|:| :)" then + if {latest.response} matches "docker[_-]?password(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "docker_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "docker[_-]?token(=| =|:| :)" then + if {latest.response} matches "docker[_-]?token(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "docker_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "dockerhub[_-]?password(=| =|:| :)" then + if {latest.response} matches "dockerhub[_-]?password(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "dockerhub_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "doordash[_-]?auth[_-]?token(=| =|:| :)" then + if {latest.response} matches "doordash[_-]?auth[_-]?token(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "doordash_auth_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "dropbox[_-]?oauth[_-]?bearer(=| =|:| :)" then + if {latest.response} matches "dropbox[_-]?oauth[_-]?bearer(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "dropbox_oauth_bearer secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "droplet[_-]?travis[_-]?password(=| =|:| :)" then + if {latest.response} matches "droplet[_-]?travis[_-]?password(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "droplet_travis_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "env[_-]?github[_-]?oauth[_-]?token(=| =|:| :)" then + if {latest.response} matches "env[_-]?github[_-]?oauth[_-]?token(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "env_github_oauth_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "env[_-]?heroku[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "env[_-]?heroku[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "env_heroku_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(EAACEdEose0cBA[0-9A-Za-z]+)" then + if {latest.response} matches "(EAACEdEose0cBA[0-9A-Za-z]+)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "facebook_access_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "firebase[_-]?api[_-]?json(=| =|:| :)" then + if {latest.response} matches "firebase[_-]?api[_-]?json(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "firebase_api_json secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "firebase[_-]?api[_-]?token(=| =|:| :)" then + if {latest.response} matches "firebase[_-]?api[_-]?token(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "firebase_api_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "firebase[_-]?key(=| =|:| :)" then + if {latest.response} matches "firebase[_-]?key(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "firebase_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "firebase[_-]?token(=| =|:| :)" then + if {latest.response} matches "firebase[_-]?token(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "firebase_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "firefox[_-]?secret(=| =|:| :)" then + if {latest.response} matches "firefox[_-]?secret(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "firefox_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "ftp[_-]?pw(=| =|:| :)" then + if {latest.response} matches "ftp[_-]?pw(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "ftp_pw secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "gh[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "gh[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "gh_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "github[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "github[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "github_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "github[_-]?oauth(=| =|:| :)" then + if {latest.response} matches "github[_-]?oauth(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "github_oauth secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "github[_-]?token(=| =|:| :)" then + if {latest.response} matches "github[_-]?token(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "github_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "github[_-]?tokens(=| =|:| :)" then + if {latest.response} matches "github[_-]?tokens(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "github_tokens secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "google[_-]?client[_-]?id(=| =|:| :)" then + if {latest.response} matches "google[_-]?client[_-]?id(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "google_client_id secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "google[_-]?client[_-]?secret(=| =|:| :)" then + if {latest.response} matches "google[_-]?client[_-]?secret(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "google_client_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "google[_-]?maps[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "google[_-]?maps[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "google_maps_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(ya29.[0-9A-Za-z-_]+)" then + if {latest.response} matches "(ya29.[0-9A-Za-z-_]+)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "google_oauth secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(W(?:[a-f0-9]{32}(-us[0-9]{1,2}))a-zA-Z0-9)" then + if {latest.response} matches "(W(?:[a-f0-9]{32}(-us[0-9]{1,2}))a-zA-Z0-9)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "mailchimp secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mailgun[_-]?priv[_-]?key(=| =|:| :)" then + if {latest.response} matches "mailgun[_-]?priv[_-]?key(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "mailgun_priv_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mailgun[_-]?secret[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "mailgun[_-]?secret[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "mailgun_secret_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "(master_password).+" then + if {latest.response} matches "(master_password).+" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "master_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mg[_-]?public[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "mg[_-]?public[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "mg_public_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "mysql[_-]?root[_-]?password(=| =|:| :)" then + if {latest.response} matches "mysql[_-]?root[_-]?password(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "mysql_root_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "netlify[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "netlify[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "netlify_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "rabbitmq[_-]?password(=| =|:| :)" then + if {latest.response} matches "rabbitmq[_-]?password(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "rabbitmq_password secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "rediscloud[_-]?url(=| =|:| :)" then + if {latest.response} matches "rediscloud[_-]?url(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "rediscloud_url secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "release[_-]?gh[_-]?token(=| =|:| :)" then + if {latest.response} matches "release[_-]?gh[_-]?token(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "release_gh_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "rubygems[_-]?auth[_-]?token(=| =|:| :)" then + if {latest.response} matches "rubygems[_-]?auth[_-]?token(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "rubygems_auth_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "travis[_-]?secure[_-]?env[_-]?vars(=| =|:| :)" then + if {latest.response} matches "travis[_-]?secure[_-]?env[_-]?vars(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "travis_secure_env_vars secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "travis[_-]?token(=| =|:| :)" then + if {latest.response} matches "travis[_-]?token(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "travis_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "twilio[_-]?api[_-]?key(=| =|:| :)" then + if {latest.response} matches "twilio[_-]?api[_-]?key(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "twilio_api_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "twilio[_-]?api[_-]?secret(=| =|:| :)" then + if {latest.response} matches "twilio[_-]?api[_-]?secret(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "twilio_api_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "twilio[_-]?chat[_-]?account[_-]?api[_-]?service(=| =|:| :)" then + if {latest.response} matches "twilio[_-]?chat[_-]?account[_-]?api[_-]?service(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "twilio_chat_account_api_service secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "twilio[_-]?token(=| =|:| :)" then + if {latest.response} matches "twilio[_-]?token(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "twilio_token secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "twitter[_-]?consumer[_-]?key(=| =|:| :)" then + if {latest.response} matches "twitter[_-]?consumer[_-]?key(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "twitter_consumer_key secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "twitter[_-]?consumer[_-]?secret(=| =|:| :)" then + if {latest.response} matches "twitter[_-]?consumer[_-]?secret(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "twitter_consumer_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "twitteroauthaccesssecret(=| =|:| :)" then + if {latest.response} matches "twitteroauthaccesssecret(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "twitteroauthaccesssecret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "twitteroauthaccesstoken(=| =|:| :)" then + if {latest.response} matches "twitteroauthaccesstoken(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "twitteroauthaccesstoken secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "urban[_-]?master[_-]?secret(=| =|:| :)" then + if {latest.response} matches "urban[_-]?master[_-]?secret(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "urban_master_secret secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "use[_-]?ssh(=| =|:| :)" then + if {latest.response} matches "use[_-]?ssh(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "use_ssh secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "user[_-]?assets[_-]?access[_-]?key[_-]?id(=| =|:| :)" then + if {latest.response} matches "user[_-]?assets[_-]?access[_-]?key[_-]?id(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "user_assets_access_key_id secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." + end if - else if {latest.response} matches "virustotal[_-]?apikey(=| =|:| :)" then + if {latest.response} matches "virustotal[_-]?apikey(=| =|:| :)" then report issue: - severity: high - confidence: firm + severity: medium + confidence: certain detail: "virustotal_apikey secret pattern detected in the response." remediation: "Review and remove unnecessary exposure of secrets." - end if + end if From b592cd3fac8e2bc45fd743d110aa35dff43291d0 Mon Sep 17 00:00:00 2001 From: Khaled Mohamed <46958133+xElkomy@users.noreply.github.com> Date: Thu, 25 Jan 2024 18:03:51 +0200 Subject: [PATCH 3/6] Update certain.bcheck --- other/tokens/certain.bcheck | 1764 +++++++++++++++++------------------ 1 file changed, 882 insertions(+), 882 deletions(-) diff --git a/other/tokens/certain.bcheck b/other/tokens/certain.bcheck index bc943f9..0ddf918 100644 --- a/other/tokens/certain.bcheck +++ b/other/tokens/certain.bcheck @@ -1,5 +1,5 @@ metadata: - language: v1-beta + language: v2-beta name: "Information Disclosure Secret Finder - certain" description: "Detects secret patterns in responses." author: "bugswagger, xelkomy, juba0x00, xhzeem" @@ -8,7 +8,7 @@ metadata: given response then if {latest.response} matches "arn:aws:[a-z0-9-]+:[a-z]{2}-[a-z]+-[0-9]+:[0-9]+:.+" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "AWS ARN secret pattern detected in the response." @@ -16,7 +16,7 @@ given response then end if if {latest.response} matches "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "AWS Access Key ID Value secret pattern detected in the response." @@ -24,7 +24,7 @@ given response then end if if {latest.response} matches "da2-[a-z0-9]{26}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "AWS AppSync GraphQL Key secret pattern detected in the response." @@ -32,7 +32,7 @@ given response then end if if {latest.response} matches "amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "AWS MWS key secret pattern detected in the response." @@ -40,7 +40,7 @@ given response then end if if {latest.response} matches "[0-9a-z._-]+.rds.amazonaws.com" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "AWS RDS secret pattern detected in the response." @@ -48,7 +48,7 @@ given response then end if if {latest.response} matches "s3://[0-9a-z._/-]+" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "AWS S3 Bucket secret pattern detected in the response." @@ -56,7 +56,7 @@ given response then end if if {latest.response} matches "(aws_access_key_id|aws_secret_access_key)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "AWS cred file info secret pattern detected in the response." @@ -64,7 +64,7 @@ given response then end if if {latest.response} matches "(?:abbysale).{0,40}\b([a-z0-9A-Z]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Abbysale secret pattern detected in the response." @@ -72,7 +72,7 @@ given response then end if if {latest.response} matches "(?:abstract).{0,40}\b([0-9a-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Abstract secret pattern detected in the response." @@ -80,7 +80,7 @@ given response then end if if {latest.response} matches "(?:abuseipdb).{0,40}\b([a-z0-9]{80})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Abuseipdb secret pattern detected in the response." @@ -88,7 +88,7 @@ given response then end if if {latest.response} matches "(?:accuweather).{0,40}([a-z0-9A-Z\%]{35})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Accuweather secret pattern detected in the response." @@ -96,7 +96,7 @@ given response then end if if {latest.response} matches "\b(aio\_[a-zA-Z0-9]{28})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Adafruitio secret pattern detected in the response." @@ -104,7 +104,7 @@ given response then end if if {latest.response} matches "(?:adobe).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Adobeio - 1 secret pattern detected in the response." @@ -112,7 +112,7 @@ given response then end if if {latest.response} matches "(?:adzuna).{0,40}\b([a-z0-9]{8})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Adzuna - 1 secret pattern detected in the response." @@ -120,7 +120,7 @@ given response then end if if {latest.response} matches "(?:adzuna).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Adzuna - 2 secret pattern detected in the response." @@ -128,7 +128,7 @@ given response then end if if {latest.response} matches "(?:aeroworkflow).{0,40}\b([0-9]{1,})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Aeroworkflow - 1 secret pattern detected in the response." @@ -136,7 +136,7 @@ given response then end if if {latest.response} matches "(?:aeroworkflow).{0,40}\b([a-zA-Z0-9^!]{20})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Aeroworkflow - 2 secret pattern detected in the response." @@ -144,7 +144,7 @@ given response then end if if {latest.response} matches "(?:agora).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Agora secret pattern detected in the response." @@ -152,7 +152,7 @@ given response then end if if {latest.response} matches "(?:airbrake).{0,40}\b([0-9]{6})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Airbrakeprojectkey - 1 secret pattern detected in the response." @@ -160,7 +160,7 @@ given response then end if if {latest.response} matches "(?:airbrake).{0,40}\b([a-zA-Z-0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Airbrakeprojectkey - 2 secret pattern detected in the response." @@ -168,7 +168,7 @@ given response then end if if {latest.response} matches "(?:airbrake).{0,40}\b([a-zA-Z-0-9]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Airbrakeuserkey secret pattern detected in the response." @@ -176,7 +176,7 @@ given response then end if if {latest.response} matches "(?:airship).{0,40}\b([0-9Aa-zA-Z]{91})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Airship secret pattern detected in the response." @@ -184,7 +184,7 @@ given response then end if if {latest.response} matches "(?:airvisual).{0,40}\b([a-z0-9-]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Airvisual secret pattern detected in the response." @@ -192,7 +192,7 @@ given response then end if if {latest.response} matches "(?:alconost).{0,40}\b([0-9Aa-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Alconost secret pattern detected in the response." @@ -200,7 +200,7 @@ given response then end if if {latest.response} matches "(?:alegra).{0,40}\b([a-z0-9-]{20})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Alegra - 1 secret pattern detected in the response." @@ -208,7 +208,7 @@ given response then end if if {latest.response} matches "(?:alegra).{0,40}\b([a-zA-Z0-9.-@]{25,30})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Alegra - 2 secret pattern detected in the response." @@ -216,7 +216,7 @@ given response then end if if {latest.response} matches "(?:aletheiaapi).{0,40}\b([A-Z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Aletheiaapi secret pattern detected in the response." @@ -224,7 +224,7 @@ given response then end if if {latest.response} matches "\b(LTAI[a-zA-Z0-9]{17,21})[\"' ;\s]*" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Alibaba - 2 secret pattern detected in the response." @@ -232,7 +232,7 @@ given response then end if if {latest.response} matches "(?:alienvault).{0,40}\b([a-z0-9]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Alienvault secret pattern detected in the response." @@ -240,7 +240,7 @@ given response then end if if {latest.response} matches "(?:allsports).{0,40}\b([0-9a-z]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Allsports secret pattern detected in the response." @@ -248,7 +248,7 @@ given response then end if if {latest.response} matches "(?:amadeus).{0,40}\b([0-9A-Za-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Amadeus - 1 secret pattern detected in the response." @@ -256,7 +256,7 @@ given response then end if if {latest.response} matches "(?:amadeus).{0,40}\b([0-9A-Za-z]{16})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Amadeus - 2 secret pattern detected in the response." @@ -264,7 +264,7 @@ given response then end if if {latest.response} matches "(?:ambee).{0,40}\b([0-9a-f]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Ambee secret pattern detected in the response." @@ -272,7 +272,7 @@ given response then end if if {latest.response} matches "(?:amplitude).{0,40}\b([a-f0-9]{32})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Amplitudeapikey secret pattern detected in the response." @@ -280,7 +280,7 @@ given response then end if if {latest.response} matches "(?:apacta).{0,40}\b([a-z0-9-]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Apacta secret pattern detected in the response." @@ -288,7 +288,7 @@ given response then end if if {latest.response} matches "(?:api2cart).{0,40}\b([0-9a-f]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Api2cart secret pattern detected in the response." @@ -296,7 +296,7 @@ given response then end if if {latest.response} matches "\b(sk_live_[a-z0-9A-Z-]{93})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Apideck - 1 secret pattern detected in the response." @@ -304,7 +304,7 @@ given response then end if if {latest.response} matches "(?:apideck).{0,40}\b([a-z0-9A-Z]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Apideck - 2 secret pattern detected in the response." @@ -312,7 +312,7 @@ given response then end if if {latest.response} matches "(?:apiflash).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Apiflash - 1 secret pattern detected in the response." @@ -320,7 +320,7 @@ given response then end if if {latest.response} matches "(?:apiflash).{0,40}\b([a-zA-Z0-9\S]{21,30})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Apiflash - 2 secret pattern detected in the response." @@ -328,7 +328,7 @@ given response then end if if {latest.response} matches "(?:apifonica).{0,40}\b([0-9a-z]{11}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Apifonica secret pattern detected in the response." @@ -336,7 +336,7 @@ given response then end if if {latest.response} matches "\b(apify\_api\_[a-zA-Z-0-9]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Apify secret pattern detected in the response." @@ -344,7 +344,7 @@ given response then end if if {latest.response} matches "(?:apimatic).{0,40}\b([a-z0-9-\S]{8,32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Apimatic - 1 secret pattern detected in the response." @@ -352,7 +352,7 @@ given response then end if if {latest.response} matches "(?:apimatic).{0,40}\b([a-zA-Z0-9]{3,20}@[a-zA-Z0-9]{2,12}.[a-zA-Z0-9]{2,5})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Apimatic - 2 secret pattern detected in the response." @@ -360,7 +360,7 @@ given response then end if if {latest.response} matches "(?:apiscience).{0,40}\b([a-bA-Z0-9\S]{22})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Apiscience secret pattern detected in the response." @@ -368,7 +368,7 @@ given response then end if if {latest.response} matches "(?:apollo).{0,40}\b([a-zA-Z0-9]{22})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Apollo secret pattern detected in the response." @@ -376,7 +376,7 @@ given response then end if if {latest.response} matches "(?:appcues).{0,40}\b([0-9]{5})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Appcues - 1 secret pattern detected in the response." @@ -384,7 +384,7 @@ given response then end if if {latest.response} matches "(?:appcues).{0,40}\b([a-z0-9-]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Appcues - 2 secret pattern detected in the response." @@ -392,7 +392,7 @@ given response then end if if {latest.response} matches "(?:appcues).{0,40}\b([a-z0-9-]{39})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Appcues - 3 secret pattern detected in the response." @@ -400,7 +400,7 @@ given response then end if if {latest.response} matches "(?:appfollow).{0,40}\b([0-9A-Za-z]{20})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Appfollow secret pattern detected in the response." @@ -408,7 +408,7 @@ given response then end if if {latest.response} matches "(?:appsynergy).{0,40}\b([a-z0-9]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Appsynergy secret pattern detected in the response." @@ -416,7 +416,7 @@ given response then end if if {latest.response} matches "(?:apptivo).{0,40}\b([a-z0-9-]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Apptivo - 1 secret pattern detected in the response." @@ -424,7 +424,7 @@ given response then end if if {latest.response} matches "(?:apptivo).{0,40}\b([a-zA-Z0-9-]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Apptivo - 2 secret pattern detected in the response." @@ -432,7 +432,7 @@ given response then end if if {latest.response} matches "\b([A-Za-z0-9](?:[A-Za-z0-9\-]{0,61}[A-Za-z0-9])\.jfrog\.io)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Artifactory - 2 secret pattern detected in the response." @@ -440,7 +440,7 @@ given response then end if if {latest.response} matches "(?:artsy).{0,40}\b([0-9a-zA-Z]{20})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Artsy - 1 secret pattern detected in the response." @@ -448,7 +448,7 @@ given response then end if if {latest.response} matches "(?:artsy).{0,40}\b([0-9a-zA-Z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Artsy - 2 secret pattern detected in the response." @@ -456,7 +456,7 @@ given response then end if if {latest.response} matches "(?:asana).{0,40}\b([a-z\/:0-9]{51})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Asanaoauth secret pattern detected in the response." @@ -464,7 +464,7 @@ given response then end if if {latest.response} matches "(?:asana).{0,40}\b([0-9]{1,}\/[0-9]{16,}:[A-Za-z0-9]{32,})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Asanapersonalaccesstoken secret pattern detected in the response." @@ -472,7 +472,7 @@ given response then end if if {latest.response} matches "(?:assemblyai).{0,40}\b([0-9a-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Assemblyai secret pattern detected in the response." @@ -480,7 +480,7 @@ given response then end if if {latest.response} matches "-----BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Asymmetric Private Key secret pattern detected in the response." @@ -488,7 +488,7 @@ given response then end if if {latest.response} matches "(?:audd).{0,40}\b([a-z0-9-]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Audd secret pattern detected in the response." @@ -496,7 +496,7 @@ given response then end if if {latest.response} matches "(?:auth0).{0,40}\b(ey[a-zA-Z0-9._-]+)\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Auth0managementapitoken secret pattern detected in the response." @@ -504,7 +504,7 @@ given response then end if if {latest.response} matches "(?:autodesk).{0,40}\b([0-9A-Za-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Autodesk - 1 secret pattern detected in the response." @@ -512,7 +512,7 @@ given response then end if if {latest.response} matches "(?:autodesk).{0,40}\b([0-9A-Za-z]{16})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Autodesk - 2 secret pattern detected in the response." @@ -520,7 +520,7 @@ given response then end if if {latest.response} matches "(?:autoklose).{0,40}\b([a-zA-Z0-9-]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Autoklose secret pattern detected in the response." @@ -528,7 +528,7 @@ given response then end if if {latest.response} matches "(?:autopilot).{0,40}\b([0-9a-f]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Autopilot secret pattern detected in the response." @@ -536,7 +536,7 @@ given response then end if if {latest.response} matches "(?:avaza).{0,40}\b([0-9]+-[0-9a-f]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Avazapersonalaccesstoken secret pattern detected in the response." @@ -544,7 +544,7 @@ given response then end if if {latest.response} matches "(?:aviationstack).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Aviationstack secret pattern detected in the response." @@ -552,7 +552,7 @@ given response then end if if {latest.response} matches "\b((?:AKIA|ABIA|ACCA|ASIA)[0-9A-Z]{16})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Aws - 1 secret pattern detected in the response." @@ -560,7 +560,7 @@ given response then end if if {latest.response} matches "(?:axonaut).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Axonaut secret pattern detected in the response." @@ -568,7 +568,7 @@ given response then end if if {latest.response} matches "(?:aylien).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Aylien - 1 secret pattern detected in the response." @@ -576,7 +576,7 @@ given response then end if if {latest.response} matches "(?:aylien).{0,40}\b([a-z0-9]{8})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Aylien - 2 secret pattern detected in the response." @@ -584,7 +584,7 @@ given response then end if if {latest.response} matches "(?:ayrshare).{0,40}\b([A-Z]{7}-[A-Z0-9]{7}-[A-Z0-9]{7}-[A-Z0-9]{7})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Ayrshare secret pattern detected in the response." @@ -592,7 +592,7 @@ given response then end if if {latest.response} matches "(?:bannerbear).{0,40}\b([0-9a-zA-Z]{22}tt)\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Bannerbear secret pattern detected in the response." @@ -600,7 +600,7 @@ given response then end if if {latest.response} matches "(?:baremetrics).{0,40}\b([a-zA-Z0-9_]{25})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Baremetrics secret pattern detected in the response." @@ -608,7 +608,7 @@ given response then end if if {latest.response} matches "(?:baseapi|base-api).{0,40}\b([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Baseapiio secret pattern detected in the response." @@ -616,7 +616,7 @@ given response then end if if {latest.response} matches "(?:beamer).{0,40}\b([a-zA-Z0-9_+/]{45}=)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Beamer secret pattern detected in the response." @@ -624,7 +624,7 @@ given response then end if if {latest.response} matches "(?:beebole).{0,40}\b([0-9a-z]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Beebole secret pattern detected in the response." @@ -632,7 +632,7 @@ given response then end if if {latest.response} matches "(?:besttime).{0,40}\b([0-9A-Za-z_]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Besttime secret pattern detected in the response." @@ -640,7 +640,7 @@ given response then end if if {latest.response} matches "(?:billomat).{0,40}\b([0-9a-z]{1,})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Billomat - 1 secret pattern detected in the response." @@ -648,7 +648,7 @@ given response then end if if {latest.response} matches "(?:billomat).{0,40}\b([0-9a-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Billomat - 2 secret pattern detected in the response." @@ -656,7 +656,7 @@ given response then end if if {latest.response} matches "(?:bitbar).{0,40}\b([0-9a-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Bitbar secret pattern detected in the response." @@ -664,7 +664,7 @@ given response then end if if {latest.response} matches "(?:bitcoinaverage).{0,40}\b([a-zA-Z0-9]{43})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Bitcoinaverage secret pattern detected in the response." @@ -672,7 +672,7 @@ given response then end if if {latest.response} matches "(?:bitfinex).{0,40}\b([A-Za-z0-9_-]{43})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Bitfinex secret pattern detected in the response." @@ -680,7 +680,7 @@ given response then end if if {latest.response} matches "R_[0-9a-f]{32}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Bitly Secret Key secret pattern detected in the response." @@ -688,7 +688,7 @@ given response then end if if {latest.response} matches "(?:bitly).{0,40}\b([a-zA-Z-0-9]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Bitlyaccesstoken secret pattern detected in the response." @@ -696,7 +696,7 @@ given response then end if if {latest.response} matches "(?:bitmex).{0,40}([ \r\n]{1}[0-9a-zA-Z\-\_]{24}[ \r\n]{1})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Bitmex - 1 secret pattern detected in the response." @@ -704,7 +704,7 @@ given response then end if if {latest.response} matches "(?:bitmex).{0,40}([ \r\n]{1}[0-9a-zA-Z\-\_]{48}[ \r\n]{1})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Bitmex - 2 secret pattern detected in the response." @@ -712,7 +712,7 @@ given response then end if if {latest.response} matches "(?:blablabus).{0,40}\b([0-9A-Za-z]{22})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Blablabus secret pattern detected in the response." @@ -720,7 +720,7 @@ given response then end if if {latest.response} matches "(?:blazemeter|runscope).{0,40}\b([0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Blazemeter secret pattern detected in the response." @@ -728,7 +728,7 @@ given response then end if if {latest.response} matches "(?:blitapp).{0,40}\b([a-zA-Z0-9_-]{39})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Blitapp secret pattern detected in the response." @@ -736,7 +736,7 @@ given response then end if if {latest.response} matches "(?:bombbomb).{0,40}\b([a-zA-Z0-9-._]{704})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Bombbomb secret pattern detected in the response." @@ -744,7 +744,7 @@ given response then end if if {latest.response} matches "(?:boostnote).{0,40}\b([0-9a-f]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Boostnote secret pattern detected in the response." @@ -752,7 +752,7 @@ given response then end if if {latest.response} matches "(?:borgbase).{0,40}\b([a-zA-Z0-9/_.-]{148,152})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Borgbase secret pattern detected in the response." @@ -760,7 +760,7 @@ given response then end if if {latest.response} matches "access_token$production$[0-9a-z]{16}$[0-9a-f]{32}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Braintree API Key secret pattern detected in the response." @@ -768,7 +768,7 @@ given response then end if if {latest.response} matches "(?:brandfetch).{0,40}\b([0-9A-Za-z]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Brandfetch secret pattern detected in the response." @@ -776,7 +776,7 @@ given response then end if if {latest.response} matches "(?:browshot).{0,40}\b([a-zA-Z-0-9]{28})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Browshot secret pattern detected in the response." @@ -784,7 +784,7 @@ given response then end if if {latest.response} matches "(?:buddyns).{0,40}\b([0-9a-z]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Buddyns secret pattern detected in the response." @@ -792,7 +792,7 @@ given response then end if if {latest.response} matches "(?:bugherd).{0,40}\b([0-9a-z]{22})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Bugherd secret pattern detected in the response." @@ -800,7 +800,7 @@ given response then end if if {latest.response} matches "(?:bugsnag).{0,40}\b([0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Bugsnag secret pattern detected in the response." @@ -808,7 +808,7 @@ given response then end if if {latest.response} matches "(?:buildkite).{0,40}\b([a-z0-9]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Buildkite secret pattern detected in the response." @@ -816,7 +816,7 @@ given response then end if if {latest.response} matches "(?:bulbul).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Bulbul secret pattern detected in the response." @@ -824,7 +824,7 @@ given response then end if if {latest.response} matches "(?:buttercms).{0,40}\b([a-z0-9]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Buttercms secret pattern detected in the response." @@ -832,7 +832,7 @@ given response then end if if {latest.response} matches "(?:caflou).{0,40}\b([a-bA-Z0-9\S]{155})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Caflou secret pattern detected in the response." @@ -840,7 +840,7 @@ given response then end if if {latest.response} matches "(?:calendarific).{0,40}\b([a-z0-9]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Calendarific secret pattern detected in the response." @@ -848,7 +848,7 @@ given response then end if if {latest.response} matches "(?:calendly).{0,40}\b([a-zA-Z-0-9]{20}.[a-zA-Z-0-9]{171}.[a-zA-Z-0-9_]{43})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Calendlyapikey secret pattern detected in the response." @@ -856,7 +856,7 @@ given response then end if if {latest.response} matches "(?:calorieninja).{0,40}\b([0-9A-Za-z]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Calorieninja secret pattern detected in the response." @@ -864,7 +864,7 @@ given response then end if if {latest.response} matches "(?:campayn).{0,40}\b([a-z0-9]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Campayn secret pattern detected in the response." @@ -872,7 +872,7 @@ given response then end if if {latest.response} matches "(?:canny).{0,40}\b([a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[0-9]{4}-[a-z0-9]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Cannyio secret pattern detected in the response." @@ -880,7 +880,7 @@ given response then end if if {latest.response} matches "(?:capsulecrm).{0,40}\b([a-zA-Z0-9-._+=]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Capsulecrm secret pattern detected in the response." @@ -888,7 +888,7 @@ given response then end if if {latest.response} matches "(?:captaindata).{0,40}\b([0-9a-f]{8}\-[0-9a-f]{4}\-[0-9a-f]{4}\-[0-9a-f]{4}\-[0-9a-f]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Captaindata - 1 secret pattern detected in the response." @@ -896,7 +896,7 @@ given response then end if if {latest.response} matches "(?:captaindata).{0,40}\b([0-9a-f]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Captaindata - 2 secret pattern detected in the response." @@ -904,7 +904,7 @@ given response then end if if {latest.response} matches "(?:carboninterface).{0,40}\b([a-zA-Z0-9]{21})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Carboninterface secret pattern detected in the response." @@ -912,7 +912,7 @@ given response then end if if {latest.response} matches "(?:cashboard).{0,40}\b([0-9A-Z]{3}-[0-9A-Z]{3}-[0-9A-Z]{3}-[0-9A-Z]{3})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Cashboard - 1 secret pattern detected in the response." @@ -920,7 +920,7 @@ given response then end if if {latest.response} matches "(?:cashboard).{0,40}\b([0-9a-z]{1,})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Cashboard - 2 secret pattern detected in the response." @@ -928,7 +928,7 @@ given response then end if if {latest.response} matches "(?:caspio).{0,40}\b([a-z0-9]{8})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Caspio - 1 secret pattern detected in the response." @@ -936,7 +936,7 @@ given response then end if if {latest.response} matches "(?:caspio).{0,40}\b([a-z0-9]{50})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Caspio - 2 secret pattern detected in the response." @@ -944,7 +944,7 @@ given response then end if if {latest.response} matches "(?:censys).{0,40}\b([a-zA-Z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Censys - 1 secret pattern detected in the response." @@ -952,7 +952,7 @@ given response then end if if {latest.response} matches "(?:censys).{0,40}\b([a-z0-9-]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Censys - 2 secret pattern detected in the response." @@ -960,7 +960,7 @@ given response then end if if {latest.response} matches "(?:centralstation).{0,40}\b([a-z0-9]{30})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Centralstationcrm secret pattern detected in the response." @@ -968,7 +968,7 @@ given response then end if if {latest.response} matches "(?:cexio|cex.io).{0,40}\b([a-z]{2}[0-9]{9})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Cexio - 1 secret pattern detected in the response." @@ -976,7 +976,7 @@ given response then end if if {latest.response} matches "(?:cexio|cex.io).{0,40}\b([0-9A-Za-z]{24,27})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Cexio - 2 secret pattern detected in the response." @@ -984,7 +984,7 @@ given response then end if if {latest.response} matches "(?:chatbot).{0,40}\b([a-zA-Z0-9_]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Chatbot secret pattern detected in the response." @@ -992,7 +992,7 @@ given response then end if if {latest.response} matches "(?:chatfuel).{0,40}\b([a-zA-Z0-9]{128})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Chatfule secret pattern detected in the response." @@ -1000,7 +1000,7 @@ given response then end if if {latest.response} matches "(?:checio).{0,40}\b(pk_[a-z0-9]{45})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Checio secret pattern detected in the response." @@ -1008,7 +1008,7 @@ given response then end if if {latest.response} matches "(?:checklyhq).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Checklyhq secret pattern detected in the response." @@ -1016,7 +1016,7 @@ given response then end if if {latest.response} matches "(?:checkout).{0,40}\b((sk_|sk_test_)[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Checkout - 1 secret pattern detected in the response." @@ -1024,7 +1024,7 @@ given response then end if if {latest.response} matches "(?:checkout).{0,40}\b(cus_[0-9a-zA-Z]{26})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Checkout - 2 secret pattern detected in the response." @@ -1032,7 +1032,7 @@ given response then end if if {latest.response} matches "(?:checkvist).{0,40}\b([\w\.-]+@[\w-]+\.[\w\.-]{2,5})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Checkvist - 1 secret pattern detected in the response." @@ -1040,7 +1040,7 @@ given response then end if if {latest.response} matches "(?:checkvist).{0,40}\b([0-9a-zA-Z]{14})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Checkvist - 2 secret pattern detected in the response." @@ -1048,7 +1048,7 @@ given response then end if if {latest.response} matches "(?:cicero).{0,40}\b([0-9a-z]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Cicero secret pattern detected in the response." @@ -1056,7 +1056,7 @@ given response then end if if {latest.response} matches "(?:clearbit).{0,40}\b([0-9a-z_]{35})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Clearbit secret pattern detected in the response." @@ -1064,7 +1064,7 @@ given response then end if if {latest.response} matches "\b([0-9A-Za-z]{3,20}.try.clickhelp.co)\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Clickhelp - 1 secret pattern detected in the response." @@ -1072,7 +1072,7 @@ given response then end if if {latest.response} matches "(?:clickhelp).{0,40}\b([0-9A-Za-z]{24})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Clickhelp - 2 secret pattern detected in the response." @@ -1080,7 +1080,7 @@ given response then end if if {latest.response} matches "(?:sms).{0,40}\b([a-zA-Z0-9]{3,20}@[a-zA-Z0-9]{2,12}.[a-zA-Z0-9]{2,5})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Clicksendsms - 2 secret pattern detected in the response." @@ -1088,7 +1088,7 @@ given response then end if if {latest.response} matches "(?:clickup).{0,40}\b(pk_[0-9]{8}_[0-9A-Z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Clickuppersonaltoken secret pattern detected in the response." @@ -1096,7 +1096,7 @@ given response then end if if {latest.response} matches "(?:cliengo).{0,40}\b([0-9a-f]{8}\-[0-9a-f]{4}\-[0-9a-f]{4}\-[0-9a-f]{4}\-[0-9a-f]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Cliengo secret pattern detected in the response." @@ -1104,7 +1104,7 @@ given response then end if if {latest.response} matches "(?:clinchpad).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Clinchpad secret pattern detected in the response." @@ -1112,7 +1112,7 @@ given response then end if if {latest.response} matches "(?:clockify).{0,40}\b([a-zA-Z0-9]{48})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Clockify secret pattern detected in the response." @@ -1120,7 +1120,7 @@ given response then end if if {latest.response} matches "(?:clockwork|textanywhere).{0,40}\b([0-9a-zA-Z]{24})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Clockworksms - 1 secret pattern detected in the response." @@ -1128,7 +1128,7 @@ given response then end if if {latest.response} matches "(?:clockwork|textanywhere).{0,40}\b([0-9]{5})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Clockworksms - 2 secret pattern detected in the response." @@ -1136,7 +1136,7 @@ given response then end if if {latest.response} matches "\b(api_[a-z0-9A-Z.]{45})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Closecrm secret pattern detected in the response." @@ -1144,7 +1144,7 @@ given response then end if if {latest.response} matches "(?:cloudelements).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Cloudelements - 1 secret pattern detected in the response." @@ -1152,7 +1152,7 @@ given response then end if if {latest.response} matches "(?:cloudelements).{0,40}\b([a-zA-Z0-9]{43})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Cloudelements - 2 secret pattern detected in the response." @@ -1160,7 +1160,7 @@ given response then end if if {latest.response} matches "(?:cloudflare).{0,40}\b(v[A-Za-z0-9._-]{173,})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Cloudflarecakey secret pattern detected in the response." @@ -1168,7 +1168,7 @@ given response then end if if {latest.response} matches "(?:cloudimage).{0,40}\b([a-z0-9_]{30})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Cloudimage secret pattern detected in the response." @@ -1176,7 +1176,7 @@ given response then end if if {latest.response} matches "cloudinary://[0-9]+:[A-Za-z0-9\-_\.]+@[A-Za-z0-9\-_\.]+" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Cloudinary Credentials secret pattern detected in the response." @@ -1184,7 +1184,7 @@ given response then end if if {latest.response} matches "(?:cloudmersive).{0,40}\b([a-z0-9-]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Cloudmersive secret pattern detected in the response." @@ -1192,7 +1192,7 @@ given response then end if if {latest.response} matches "(?:cloudplan).{0,40}\b([A-Z0-9-]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Cloudplan secret pattern detected in the response." @@ -1200,7 +1200,7 @@ given response then end if if {latest.response} matches "(?:cloverly).{0,40}\b([a-z0-9:_]{28})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Cloverly secret pattern detected in the response." @@ -1208,7 +1208,7 @@ given response then end if if {latest.response} matches "(?:cloze).{0,40}\b([0-9a-f]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Cloze - 1 secret pattern detected in the response." @@ -1216,7 +1216,7 @@ given response then end if if {latest.response} matches "(?:cloze).{0,40}\b([\w\.-]+@[\w-]+\.[\w\.-]{2,5})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Cloze - 2 secret pattern detected in the response." @@ -1224,7 +1224,7 @@ given response then end if if {latest.response} matches "(?:clustdoc).{0,40}\b([0-9a-zA-Z]{60})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Clustdoc secret pattern detected in the response." @@ -1232,7 +1232,7 @@ given response then end if if {latest.response} matches "(?:codacy).{0,40}\b([0-9A-Za-z]{20})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Codacy secret pattern detected in the response." @@ -1240,7 +1240,7 @@ given response then end if if {latest.response} matches "(?:coinapi).{0,40}\b([A-Z0-9-]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Coinapi secret pattern detected in the response." @@ -1248,7 +1248,7 @@ given response then end if if {latest.response} matches "(?:coinbase).{0,40}\b([a-zA-Z-0-9]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Coinbase secret pattern detected in the response." @@ -1256,7 +1256,7 @@ given response then end if if {latest.response} matches "(?:coinlayer).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Coinlayer secret pattern detected in the response." @@ -1264,7 +1264,7 @@ given response then end if if {latest.response} matches "(?:coinlib).{0,40}\b([a-z0-9]{16})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Coinlib secret pattern detected in the response." @@ -1272,7 +1272,7 @@ given response then end if if {latest.response} matches "(?:column).{0,40}\b((?:test|live)_[a-zA-Z0-9]{27})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Column secret pattern detected in the response." @@ -1280,7 +1280,7 @@ given response then end if if {latest.response} matches "(?:commercejs).{0,40}\b([a-z0-9_]{48})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Commercejs secret pattern detected in the response." @@ -1288,7 +1288,7 @@ given response then end if if {latest.response} matches "(?:commodities).{0,40}\b([a-zA-Z0-9]{60})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Commodities secret pattern detected in the response." @@ -1296,7 +1296,7 @@ given response then end if if {latest.response} matches "(?:companyhub).{0,40}\b([0-9a-zA-Z]{20})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Companyhub - 1 secret pattern detected in the response." @@ -1304,7 +1304,7 @@ given response then end if if {latest.response} matches "(?:companyhub).{0,40}\b([a-zA-Z0-9$%^=-]{4,32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Companyhub - 2 secret pattern detected in the response." @@ -1312,7 +1312,7 @@ given response then end if if {latest.response} matches "(?:confluent).{0,40}\b([a-zA-Z-0-9]{16})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Confluent - 1 secret pattern detected in the response." @@ -1320,7 +1320,7 @@ given response then end if if {latest.response} matches "(?:confluent).{0,40}\b([a-zA-Z-0-9]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Confluent - 2 secret pattern detected in the response." @@ -1328,7 +1328,7 @@ given response then end if if {latest.response} matches "(?:convertkit).{0,40}\b([a-z0-9A-Z_]{22})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Convertkit secret pattern detected in the response." @@ -1336,7 +1336,7 @@ given response then end if if {latest.response} matches "(?:convier).{0,40}\b([0-9]{2}\|[a-zA-Z0-9]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Convier secret pattern detected in the response." @@ -1344,7 +1344,7 @@ given response then end if if {latest.response} matches "(?:copper).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Copper - 2 secret pattern detected in the response." @@ -1352,7 +1352,7 @@ given response then end if if {latest.response} matches "(?:countrylayer).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Countrylayer secret pattern detected in the response." @@ -1360,7 +1360,7 @@ given response then end if if {latest.response} matches "(?:courier).{0,40}\b(pk\_[a-zA-Z0-9]{1,}\_[a-zA-Z0-9]{28})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Courier secret pattern detected in the response." @@ -1368,7 +1368,7 @@ given response then end if if {latest.response} matches "(?:coveralls).{0,40}\b([a-zA-Z0-9-]{37})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Coveralls secret pattern detected in the response." @@ -1376,7 +1376,7 @@ given response then end if if {latest.response} matches "(?:crowdin).{0,40}\b([0-9A-Za-z]{80})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Crowdin secret pattern detected in the response." @@ -1384,7 +1384,7 @@ given response then end if if {latest.response} matches "(?:cryptocompare).{0,40}\b([a-z-0-9]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Cryptocompare secret pattern detected in the response." @@ -1392,7 +1392,7 @@ given response then end if if {latest.response} matches "(?:currencycloud).{0,40}\b([0-9a-z]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Currencycloud - 1 secret pattern detected in the response." @@ -1400,7 +1400,7 @@ given response then end if if {latest.response} matches "(?:currencyfreaks).{0,40}\b([0-9a-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Currencyfreaks secret pattern detected in the response." @@ -1408,7 +1408,7 @@ given response then end if if {latest.response} matches "(?:currencylayer).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Currencylayer secret pattern detected in the response." @@ -1416,7 +1416,7 @@ given response then end if if {latest.response} matches "(?:currencyscoop).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Currencyscoop secret pattern detected in the response." @@ -1424,7 +1424,7 @@ given response then end if if {latest.response} matches "(?:currentsapi).{0,40}\b([a-zA-Z0-9\S]{48})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Currentsapi secret pattern detected in the response." @@ -1432,7 +1432,7 @@ given response then end if if {latest.response} matches "(?:guru).{0,40}\b([a-z0-9A-Z]{50})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Customerguru - 1 secret pattern detected in the response." @@ -1440,7 +1440,7 @@ given response then end if if {latest.response} matches "(?:guru).{0,40}\b([a-z0-9A-Z]{30})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Customerguru - 2 secret pattern detected in the response." @@ -1448,7 +1448,7 @@ given response then end if if {latest.response} matches "(?:d7network).{0,40}\b([a-zA-Z0-9\W\S]{23}\=)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "D7network secret pattern detected in the response." @@ -1456,7 +1456,7 @@ given response then end if if {latest.response} matches "(?:daily).{0,40}\b([0-9a-f]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Dailyco secret pattern detected in the response." @@ -1464,7 +1464,7 @@ given response then end if if {latest.response} matches "(?:dandelion).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Dandelion secret pattern detected in the response." @@ -1472,7 +1472,7 @@ given response then end if if {latest.response} matches "dapi[a-f0-9]{32}\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Databricks secret pattern detected in the response." @@ -1480,7 +1480,7 @@ given response then end if if {latest.response} matches "(?:datafire).{0,40}\b([a-z0-9\S]{175,190})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Datafire secret pattern detected in the response." @@ -1488,7 +1488,7 @@ given response then end if if {latest.response} matches "(?:data.gov).{0,40}\b([a-zA-Z0-9]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Datagov secret pattern detected in the response." @@ -1496,7 +1496,7 @@ given response then end if if {latest.response} matches "(?:deepai).{0,40}\b([a-z0-9-]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Deepai secret pattern detected in the response." @@ -1504,7 +1504,7 @@ given response then end if if {latest.response} matches "(?:deepgram).{0,40}\b([0-9a-z]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Deepgram secret pattern detected in the response." @@ -1512,7 +1512,7 @@ given response then end if if {latest.response} matches "(?:delighted).{0,40}\b([a-z0-9A-Z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Delighted secret pattern detected in the response." @@ -1520,7 +1520,7 @@ given response then end if if {latest.response} matches "\b([0-9a-z]{1,}.as.deputy.com)\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Deputy - 1 secret pattern detected in the response." @@ -1528,7 +1528,7 @@ given response then end if if {latest.response} matches "(?:deputy).{0,40}\b([0-9a-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Deputy - 2 secret pattern detected in the response." @@ -1536,7 +1536,7 @@ given response then end if if {latest.response} matches "(?:detectlanguage).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Detectlanguage secret pattern detected in the response." @@ -1544,7 +1544,7 @@ given response then end if if {latest.response} matches "\b(web\_[0-9a-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Dfuse secret pattern detected in the response." @@ -1552,7 +1552,7 @@ given response then end if if {latest.response} matches "(?:diffbot).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Diffbot secret pattern detected in the response." @@ -1560,7 +1560,7 @@ given response then end if if {latest.response} matches "(?:digitalocean).{0,40}\b([A-Za-z0-9_-]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Digitaloceantoken secret pattern detected in the response." @@ -1568,7 +1568,7 @@ given response then end if if {latest.response} matches "https://discordapp\.com/api/webhooks/[0-9]+/[A-Za-z0-9\-]+" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Discord Webhook secret pattern detected in the response." @@ -1576,7 +1576,7 @@ given response then end if if {latest.response} matches "(?:discord).{0,40}\b([A-Za-z0-9_-]{24}\.[A-Za-z0-9_-]{6}\.[A-Za-z0-9_-]{27})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Discordbottoken - 1 secret pattern detected in the response." @@ -1584,7 +1584,7 @@ given response then end if if {latest.response} matches "(?:discord).{0,40}\b([0-9]{17})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Discordbottoken - 2 secret pattern detected in the response." @@ -1592,7 +1592,7 @@ given response then end if if {latest.response} matches "(https:\/\/discord.com\/api\/webhooks\/[0-9]{18}\/[0-9a-zA-Z-]{68})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Discordwebhook secret pattern detected in the response." @@ -1600,7 +1600,7 @@ given response then end if if {latest.response} matches "(?:ditto).{0,40}\b([a-z0-9]{8}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{12}\.[a-z0-9]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Ditto secret pattern detected in the response." @@ -1608,7 +1608,7 @@ given response then end if if {latest.response} matches "(?:dnscheck).{0,40}\b([a-z0-9A-Z-]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Dnscheck - 1 secret pattern detected in the response." @@ -1616,7 +1616,7 @@ given response then end if if {latest.response} matches "(?:dnscheck).{0,40}\b([a-z0-9A-Z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Dnscheck - 2 secret pattern detected in the response." @@ -1624,7 +1624,7 @@ given response then end if if {latest.response} matches "\b(ey[a-zA-Z0-9]{34}.ey[a-zA-Z0-9]{154}.[a-zA-Z0-9_-]{43})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Documo secret pattern detected in the response." @@ -1632,7 +1632,7 @@ given response then end if if {latest.response} matches "\b(dp\.pt\.[a-zA-Z0-9]{43})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Doppler secret pattern detected in the response." @@ -1640,7 +1640,7 @@ given response then end if if {latest.response} matches "(?:dotmailer).{0,40}\b(apiuser-[a-z0-9]{12}@apiconnector.com)\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Dotmailer - 1 secret pattern detected in the response." @@ -1648,7 +1648,7 @@ given response then end if if {latest.response} matches "(?:dotmailer).{0,40}\b([a-zA-Z0-9\S]{8,24})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Dotmailer - 2 secret pattern detected in the response." @@ -1656,7 +1656,7 @@ given response then end if if {latest.response} matches "(?:dovico).{0,40}\b([0-9a-z]{32}\.[0-9a-z]{1,}\b)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Dovico secret pattern detected in the response." @@ -1664,7 +1664,7 @@ given response then end if if {latest.response} matches "(?:dronahq).{0,40}\b([a-z0-9]{50})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Dronahq secret pattern detected in the response." @@ -1672,7 +1672,7 @@ given response then end if if {latest.response} matches "(?:droneci).{0,40}\b([a-zA-Z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Droneci secret pattern detected in the response." @@ -1680,7 +1680,7 @@ given response then end if if {latest.response} matches "\b(sl\.[A-Za-z0-9\-\_]{130,140})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Dropbox secret pattern detected in the response." @@ -1688,7 +1688,7 @@ given response then end if if {latest.response} matches "(?:dwolla).{0,40}\b([a-zA-Z-0-9]{50})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Dwolla secret pattern detected in the response." @@ -1696,7 +1696,7 @@ given response then end if if {latest.response} matches "(?:dynalist).{0,40}\b([a-zA-Z0-9-_]{128})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Dynalist secret pattern detected in the response." @@ -1704,7 +1704,7 @@ given response then end if if {latest.response} matches "dt0[a-zA-Z]{1}[0-9]{2}\.[A-Z0-9]{24}\.[A-Z0-9]{64}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Dynatrace token secret pattern detected in the response." @@ -1712,7 +1712,7 @@ given response then end if if {latest.response} matches "(?:dyspatch).{0,40}\b([A-Z0-9]{52})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Dyspatch secret pattern detected in the response." @@ -1720,7 +1720,7 @@ given response then end if if {latest.response} matches "-----BEGIN EC PRIVATE KEY-----" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "EC secret pattern detected in the response." @@ -1728,7 +1728,7 @@ given response then end if if {latest.response} matches "(?:eagleeyenetworks).{0,40}\b([a-zA-Z0-9]{3,20}@[a-zA-Z0-9]{2,12}.[a-zA-Z0-9]{2,5})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Eagleeyenetworks - 1 secret pattern detected in the response." @@ -1736,7 +1736,7 @@ given response then end if if {latest.response} matches "(?:eagleeyenetworks).{0,40}\b([a-zA-Z0-9]{15})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Eagleeyenetworks - 2 secret pattern detected in the response." @@ -1744,7 +1744,7 @@ given response then end if if {latest.response} matches "(?:easyinsight|easy-insight).{0,40}\b([a-zA-Z0-9]{20})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Easyinsight - 1 secret pattern detected in the response." @@ -1752,7 +1752,7 @@ given response then end if if {latest.response} matches "(?:easyinsight|easy-insight).{0,40}\b([0-9Aa-zA-Z]{20})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Easyinsight - 2 secret pattern detected in the response." @@ -1760,7 +1760,7 @@ given response then end if if {latest.response} matches "(?:edamam).{0,40}\b([0-9a-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Edamam - 1 secret pattern detected in the response." @@ -1768,7 +1768,7 @@ given response then end if if {latest.response} matches "(?:edamam).{0,40}\b([0-9a-z]{8})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Edamam - 2 secret pattern detected in the response." @@ -1776,7 +1776,7 @@ given response then end if if {latest.response} matches "(?:edenai).{0,40}\b([a-zA-Z0-9]{36}.[a-zA-Z0-9]{92}.[a-zA-Z0-9_]{43})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Edenai secret pattern detected in the response." @@ -1784,7 +1784,7 @@ given response then end if if {latest.response} matches "(?:8x8).{0,40}\b([a-zA-Z0-9]{43})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Eightxeight - 2 secret pattern detected in the response." @@ -1792,7 +1792,7 @@ given response then end if if {latest.response} matches "(?:elastic).{0,40}\b([A-Za-z0-9_-]{96})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Elasticemail secret pattern detected in the response." @@ -1800,7 +1800,7 @@ given response then end if if {latest.response} matches "(?:enablex).{0,40}\b([a-zA-Z0-9]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Enablex - 1 secret pattern detected in the response." @@ -1808,7 +1808,7 @@ given response then end if if {latest.response} matches "(?:enablex).{0,40}\b([a-z0-9]{24})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Enablex - 2 secret pattern detected in the response." @@ -1816,7 +1816,7 @@ given response then end if if {latest.response} matches "(?:enigma).{0,40}\b([a-zA-Z0-9]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Enigma secret pattern detected in the response." @@ -1824,7 +1824,7 @@ given response then end if if {latest.response} matches "(?:ethplorer).{0,40}\b([a-z0-9A-Z-]{22})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Ethplorer secret pattern detected in the response." @@ -1832,7 +1832,7 @@ given response then end if if {latest.response} matches "(?:everhour).{0,40}\b([0-9Aa-f]{4}-[0-9a-f]{4}-[0-9a-f]{6}-[0-9a-f]{6}-[0-9a-f]{8})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Everhour secret pattern detected in the response." @@ -1840,7 +1840,7 @@ given response then end if if {latest.response} matches "(?:exchangerate).{0,40}\b([a-z0-9]{24})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Exchangerateapi secret pattern detected in the response." @@ -1848,7 +1848,7 @@ given response then end if if {latest.response} matches "(?:exchangerates).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Exchangeratesapi secret pattern detected in the response." @@ -1856,7 +1856,7 @@ given response then end if if {latest.response} matches "EAACEdEose0cBA[0-9A-Za-z]+" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Facebook Access Token secret pattern detected in the response." @@ -1864,7 +1864,7 @@ given response then end if if {latest.response} matches "(?:faceplusplus).{0,40}\b([0-9a-zA-Z_-]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Faceplusplus secret pattern detected in the response." @@ -1872,7 +1872,7 @@ given response then end if if {latest.response} matches "(?:fakejson).{0,40}\b([a-zA-Z0-9]{22})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Fakejson secret pattern detected in the response." @@ -1880,7 +1880,7 @@ given response then end if if {latest.response} matches "(?:fastforex).{0,40}\b([a-z0-9-]{28})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Fastforex secret pattern detected in the response." @@ -1888,7 +1888,7 @@ given response then end if if {latest.response} matches "(?:fastly).{0,40}\b([A-Za-z0-9_-]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Fastlypersonaltoken secret pattern detected in the response." @@ -1896,7 +1896,7 @@ given response then end if if {latest.response} matches "(?:feedier).{0,40}\b([a-z0-9A-Z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Feedier secret pattern detected in the response." @@ -1904,7 +1904,7 @@ given response then end if if {latest.response} matches "(?:fetchrss).{0,40}\b([0-9A-Za-z.]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Fetchrss secret pattern detected in the response." @@ -1912,7 +1912,7 @@ given response then end if if {latest.response} matches "(?:figma).{0,40}\b([0-9]{6}-[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Figmapersonalaccesstoken secret pattern detected in the response." @@ -1920,7 +1920,7 @@ given response then end if if {latest.response} matches "(?:fileio).{0,40}\b([A-Z0-9.-]{39})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Fileio secret pattern detected in the response." @@ -1928,7 +1928,7 @@ given response then end if if {latest.response} matches "\b(API_KEY[0-9A-Z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Finage secret pattern detected in the response." @@ -1936,7 +1936,7 @@ given response then end if if {latest.response} matches "(?:financialmodelingprep).{0,40}\b([a-zA-Z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Financialmodelingprep secret pattern detected in the response." @@ -1944,7 +1944,7 @@ given response then end if if {latest.response} matches "(?:findl).{0,40}\b([a-z0-9]{8}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Findl secret pattern detected in the response." @@ -1952,7 +1952,7 @@ given response then end if if {latest.response} matches "(?:finnhub).{0,40}\b([0-9a-z]{20})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Finnhub secret pattern detected in the response." @@ -1960,7 +1960,7 @@ given response then end if if {latest.response} matches "(?:fixer).{0,40}\b([A-Za-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Fixerio secret pattern detected in the response." @@ -1968,7 +1968,7 @@ given response then end if if {latest.response} matches "(?:flat).{0,40}\b([0-9a-z]{128})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Flatio secret pattern detected in the response." @@ -1976,7 +1976,7 @@ given response then end if if {latest.response} matches "\b(flb_live_[0-9a-zA-Z]{20})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Fleetbase secret pattern detected in the response." @@ -1984,7 +1984,7 @@ given response then end if if {latest.response} matches "(?:flickr).{0,40}\b([0-9a-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Flickr secret pattern detected in the response." @@ -1992,7 +1992,7 @@ given response then end if if {latest.response} matches "(?:flightapi).{0,40}\b([a-z0-9]{24})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Flightapi secret pattern detected in the response." @@ -2000,7 +2000,7 @@ given response then end if if {latest.response} matches "(?:flightstats).{0,40}\b([0-9a-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Flightstats - 1 secret pattern detected in the response." @@ -2008,7 +2008,7 @@ given response then end if if {latest.response} matches "(?:flightstats).{0,40}\b([0-9a-z]{8})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Flightstats - 2 secret pattern detected in the response." @@ -2016,7 +2016,7 @@ given response then end if if {latest.response} matches "(?:flowflu).{0,40}\b([a-zA-Z0-9]{51})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Flowflu - 2 secret pattern detected in the response." @@ -2024,7 +2024,7 @@ given response then end if if {latest.response} matches "\b(FLWSECK-[0-9a-z]{32}-X)\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Flutterwave secret pattern detected in the response." @@ -2032,7 +2032,7 @@ given response then end if if {latest.response} matches "(?:fmfw).{0,40}\b([a-zA-Z0-9-]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Fmfw - 1 secret pattern detected in the response." @@ -2040,7 +2040,7 @@ given response then end if if {latest.response} matches "(?:fmfw).{0,40}\b([a-zA-Z0-9_-]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Fmfw - 2 secret pattern detected in the response." @@ -2048,7 +2048,7 @@ given response then end if if {latest.response} matches "(?:formbucket).{0,40}\b([0-9A-Za-z]{1,}.[0-9A-Za-z]{1,}\.[0-9A-Z-a-z\-_]{1,})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Formbucket secret pattern detected in the response." @@ -2056,7 +2056,7 @@ given response then end if if {latest.response} matches "(?:formio).{0,40}\b(eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\.[0-9A-Za-z]{310}\.[0-9A-Z-a-z\-_]{43}[ \r\n]{1})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Formio secret pattern detected in the response." @@ -2064,7 +2064,7 @@ given response then end if if {latest.response} matches "(?:foursquare).{0,40}\b([0-9A-Z]{48})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Foursquare secret pattern detected in the response." @@ -2072,7 +2072,7 @@ given response then end if if {latest.response} matches "\b(fio-u-[0-9a-zA-Z_-]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Frameio secret pattern detected in the response." @@ -2080,7 +2080,7 @@ given response then end if if {latest.response} matches "(?:freshbooks).{0,40}\b([0-9a-z]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Freshbooks - 1 secret pattern detected in the response." @@ -2088,7 +2088,7 @@ given response then end if if {latest.response} matches "(?:freshbooks).{0,40}\b(https://www.[0-9A-Za-z_-]{1,}.com)\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Freshbooks - 2 secret pattern detected in the response." @@ -2096,7 +2096,7 @@ given response then end if if {latest.response} matches "(?:freshdesk).{0,40}\b([0-9A-Za-z]{20})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Freshdesk - 1 secret pattern detected in the response." @@ -2104,7 +2104,7 @@ given response then end if if {latest.response} matches "\b([0-9a-z-]{1,}.freshdesk.com)\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Freshdesk - 2 secret pattern detected in the response." @@ -2112,7 +2112,7 @@ given response then end if if {latest.response} matches "(?:front).{0,40}\b([0-9a-zA-Z]{36}.[0-9a-zA-Z\.\-\_]{188,244})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Front secret pattern detected in the response." @@ -2120,7 +2120,7 @@ given response then end if if {latest.response} matches "(?:fulcrum).{0,40}\b([a-z0-9]{80})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Fulcrum secret pattern detected in the response." @@ -2128,7 +2128,7 @@ given response then end if if {latest.response} matches "(?:fullstory).{0,40}\b([a-zA-Z-0-9/+]{88})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Fullstory secret pattern detected in the response." @@ -2136,7 +2136,7 @@ given response then end if if {latest.response} matches "(?:fusebill).{0,40}\b([a-zA-Z0-9]{88})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Fusebill secret pattern detected in the response." @@ -2144,7 +2144,7 @@ given response then end if if {latest.response} matches "(?:fxmarket).{0,40}\b([0-9Aa-zA-Z-_=]{20})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Fxmarket secret pattern detected in the response." @@ -2152,7 +2152,7 @@ given response then end if if {latest.response} matches "\{[^{]+auth_provider_x509_cert_url[^}]+\}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Gcp secret pattern detected in the response." @@ -2160,7 +2160,7 @@ given response then end if if {latest.response} matches "(?:geckoboard).{0,40}\b([a-zA-Z0-9]{44})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Geckoboard secret pattern detected in the response." @@ -2168,7 +2168,7 @@ given response then end if if {latest.response} matches "jdbc:mysql(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1376 secret pattern detected in the response." @@ -2176,7 +2176,7 @@ given response then end if if {latest.response} matches "BEGIN OPENSSH PRIVATE KEY" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1700 secret pattern detected in the response." @@ -2184,7 +2184,7 @@ given response then end if if {latest.response} matches "BEGIN PRIVATE KEY" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1701 secret pattern detected in the response." @@ -2192,7 +2192,7 @@ given response then end if if {latest.response} matches "BEGIN RSA PRIVATE KEY" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1702 secret pattern detected in the response." @@ -2200,7 +2200,7 @@ given response then end if if {latest.response} matches "BEGIN DSA PRIVATE KEY" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1703 secret pattern detected in the response." @@ -2208,7 +2208,7 @@ given response then end if if {latest.response} matches "BEGIN EC PRIVATE KEY" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1704 secret pattern detected in the response." @@ -2216,7 +2216,7 @@ given response then end if if {latest.response} matches "BEGIN PGP PRIVATE KEY BLOCK" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1705 secret pattern detected in the response." @@ -2224,7 +2224,7 @@ given response then end if if {latest.response} matches "algolia_api_key" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1710 secret pattern detected in the response." @@ -2232,7 +2232,7 @@ given response then end if if {latest.response} matches "asana_access_token" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1711 secret pattern detected in the response." @@ -2240,7 +2240,7 @@ given response then end if if {latest.response} matches "azure_tenant" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1713 secret pattern detected in the response." @@ -2248,7 +2248,7 @@ given response then end if if {latest.response} matches "bitly_access_token" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1714 secret pattern detected in the response." @@ -2256,7 +2256,7 @@ given response then end if if {latest.response} matches "browserstack_access_key" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1716 secret pattern detected in the response." @@ -2264,7 +2264,7 @@ given response then end if if {latest.response} matches "buildkite_access_token" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1717 secret pattern detected in the response." @@ -2272,7 +2272,7 @@ given response then end if if {latest.response} matches "comcast_access_token" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1718 secret pattern detected in the response." @@ -2280,7 +2280,7 @@ given response then end if if {latest.response} matches "datadog_api_key" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1719 secret pattern detected in the response." @@ -2288,7 +2288,7 @@ given response then end if if {latest.response} matches "deviantart_secret" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1720 secret pattern detected in the response." @@ -2296,7 +2296,7 @@ given response then end if if {latest.response} matches "deviantart_access_token" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1721 secret pattern detected in the response." @@ -2304,7 +2304,7 @@ given response then end if if {latest.response} matches "dropbox_api_token" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1722 secret pattern detected in the response." @@ -2312,7 +2312,7 @@ given response then end if if {latest.response} matches "facebook_appsecret" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1723 secret pattern detected in the response." @@ -2320,7 +2320,7 @@ given response then end if if {latest.response} matches "facebook_access_token" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1724 secret pattern detected in the response." @@ -2328,7 +2328,7 @@ given response then end if if {latest.response} matches "firebase_custom_token" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1725 secret pattern detected in the response." @@ -2336,7 +2336,7 @@ given response then end if if {latest.response} matches "firebase_id_token" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1726 secret pattern detected in the response." @@ -2344,7 +2344,7 @@ given response then end if if {latest.response} matches "github_client" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1727 secret pattern detected in the response." @@ -2352,7 +2352,7 @@ given response then end if if {latest.response} matches "github_ssh_key" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1728 secret pattern detected in the response." @@ -2360,7 +2360,7 @@ given response then end if if {latest.response} matches "gitlab_private_token" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1730 secret pattern detected in the response." @@ -2368,7 +2368,7 @@ given response then end if if {latest.response} matches "heroku_api_key" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1733 secret pattern detected in the response." @@ -2376,7 +2376,7 @@ given response then end if if {latest.response} matches "instagram_access_token" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1734 secret pattern detected in the response." @@ -2384,7 +2384,7 @@ given response then end if if {latest.response} matches "mailchimp_api_key" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1735 secret pattern detected in the response." @@ -2392,7 +2392,7 @@ given response then end if if {latest.response} matches "mailgun_api_key" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1736 secret pattern detected in the response." @@ -2400,7 +2400,7 @@ given response then end if if {latest.response} matches "pagerduty_api_token" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1739 secret pattern detected in the response." @@ -2408,7 +2408,7 @@ given response then end if if {latest.response} matches "paypal_key_sb" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1740 secret pattern detected in the response." @@ -2416,7 +2416,7 @@ given response then end if if {latest.response} matches "paypal_key_live" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1741 secret pattern detected in the response." @@ -2424,7 +2424,7 @@ given response then end if if {latest.response} matches "paypal_token_sb" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1742 secret pattern detected in the response." @@ -2432,7 +2432,7 @@ given response then end if if {latest.response} matches "paypal_token_live" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1743 secret pattern detected in the response." @@ -2440,7 +2440,7 @@ given response then end if if {latest.response} matches "pendo_integration_key" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1744 secret pattern detected in the response." @@ -2448,7 +2448,7 @@ given response then end if if {latest.response} matches "salesforce_access_token" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1745 secret pattern detected in the response." @@ -2456,7 +2456,7 @@ given response then end if if {latest.response} matches "saucelabs_ukey" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1746 secret pattern detected in the response." @@ -2464,7 +2464,7 @@ given response then end if if {latest.response} matches "sendgrid_api_key" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1747 secret pattern detected in the response." @@ -2472,7 +2472,7 @@ given response then end if if {latest.response} matches "slack_api_token" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1748 secret pattern detected in the response." @@ -2480,7 +2480,7 @@ given response then end if if {latest.response} matches "square_auth_token" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1751 secret pattern detected in the response." @@ -2488,7 +2488,7 @@ given response then end if if {latest.response} matches "travisci_api_token" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1752 secret pattern detected in the response." @@ -2496,7 +2496,7 @@ given response then end if if {latest.response} matches "twitter_api_secret" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1754 secret pattern detected in the response." @@ -2504,7 +2504,7 @@ given response then end if if {latest.response} matches "twitter_bearer_token" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1755 secret pattern detected in the response." @@ -2512,7 +2512,7 @@ given response then end if if {latest.response} matches "spotify_access_token" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1756 secret pattern detected in the response." @@ -2520,7 +2520,7 @@ given response then end if if {latest.response} matches "stripe_key_live" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1757 secret pattern detected in the response." @@ -2528,7 +2528,7 @@ given response then end if if {latest.response} matches "wakatime_api_key" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1758 secret pattern detected in the response." @@ -2536,7 +2536,7 @@ given response then end if if {latest.response} matches "wompi_auth_bearer_sb" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1759 secret pattern detected in the response." @@ -2544,7 +2544,7 @@ given response then end if if {latest.response} matches "wompi_auth_bearer_live" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1760 secret pattern detected in the response." @@ -2552,7 +2552,7 @@ given response then end if if {latest.response} matches "wpengine_api_key" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1761 secret pattern detected in the response." @@ -2560,7 +2560,7 @@ given response then end if if {latest.response} matches "zendesk_access_token" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1763 secret pattern detected in the response." @@ -2568,7 +2568,7 @@ given response then end if if {latest.response} matches "ssh-rsa" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Generic - 1764 secret pattern detected in the response." @@ -2576,7 +2576,7 @@ given response then end if if {latest.response} matches "(?:gengo).{0,40}([ ]{0,1}[0-9a-zA-Z\[\]\-\(\)\{\}|_^@$=~]{64}[ \r\n]{1})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Gengo secret pattern detected in the response." @@ -2584,7 +2584,7 @@ given response then end if if {latest.response} matches "(?:geoapify).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Geoapify secret pattern detected in the response." @@ -2592,7 +2592,7 @@ given response then end if if {latest.response} matches "(?:geocode).{0,40}\b([a-z0-9]{28})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Geocode secret pattern detected in the response." @@ -2600,7 +2600,7 @@ given response then end if if {latest.response} matches "(?:geocodify).{0,40}\b([0-9a-z]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Geocodify secret pattern detected in the response." @@ -2608,7 +2608,7 @@ given response then end if if {latest.response} matches "(?:geocod).{0,40}\b([a-z0-9]{39})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Geocodio - 2 secret pattern detected in the response." @@ -2616,7 +2616,7 @@ given response then end if if {latest.response} matches "(?:ipifi).{0,40}\b([a-z0-9A-Z_]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Geoipifi secret pattern detected in the response." @@ -2624,7 +2624,7 @@ given response then end if if {latest.response} matches "(?:getemail).{0,40}\b([a-zA-Z0-9-]{20})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Getemail secret pattern detected in the response." @@ -2632,7 +2632,7 @@ given response then end if if {latest.response} matches "(?:getemails).{0,40}\b([a-z0-9-]{26})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Getemails - 1 secret pattern detected in the response." @@ -2640,7 +2640,7 @@ given response then end if if {latest.response} matches "(?:getemails).{0,40}\b([a-z0-9-]{18})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Getemails - 2 secret pattern detected in the response." @@ -2648,7 +2648,7 @@ given response then end if if {latest.response} matches "(?:getgeoapi).{0,40}\b([0-9a-z]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Getgeoapi secret pattern detected in the response." @@ -2656,7 +2656,7 @@ given response then end if if {latest.response} matches "(?:getgist).{0,40}\b([a-z0-9A-Z+=]{68})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Getgist secret pattern detected in the response." @@ -2664,7 +2664,7 @@ given response then end if if {latest.response} matches "(?:getsandbox).{0,40}\b([a-z0-9-]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Getsandbox - 1 secret pattern detected in the response." @@ -2672,7 +2672,7 @@ given response then end if if {latest.response} matches "(?:getsandbox).{0,40}\b([a-z0-9-]{15,30})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Getsandbox - 2 secret pattern detected in the response." @@ -2680,7 +2680,7 @@ given response then end if if {latest.response} matches "\b((?:ghp|gho|ghu|ghs|ghr)_[a-zA-Z0-9]{36,255}\b)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Github - 2 secret pattern detected in the response." @@ -2688,7 +2688,7 @@ given response then end if if {latest.response} matches "(ghu|ghs)_[0-9a-zA-Z]{36}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Github App Token secret pattern detected in the response." @@ -2696,7 +2696,7 @@ given response then end if if {latest.response} matches "gho_[0-9a-zA-Z]{36}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Github OAuth Access Token secret pattern detected in the response." @@ -2704,7 +2704,7 @@ given response then end if if {latest.response} matches "ghp_[0-9a-zA-Z]{36}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Github Personal Access Token secret pattern detected in the response." @@ -2712,7 +2712,7 @@ given response then end if if {latest.response} matches "ghr_[0-9a-zA-Z]{76}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Github Refresh Token secret pattern detected in the response." @@ -2720,7 +2720,7 @@ given response then end if if {latest.response} matches "(?:github)[^\.].{0,40}[ =:'\"]+([a-f0-9]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Github_old secret pattern detected in the response." @@ -2728,7 +2728,7 @@ given response then end if if {latest.response} matches "(?:github).{0,40}(-----BEGIN RSA PRIVATE KEY-----\s[A-Za-z0-9+\/\s]*\s-----END RSA PRIVATE KEY-----)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Githubapp - 2 secret pattern detected in the response." @@ -2736,7 +2736,7 @@ given response then end if if {latest.response} matches "\b(glpat-[a-zA-Z0-9\-=_]{20,22})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Gitlabv2 secret pattern detected in the response." @@ -2744,7 +2744,7 @@ given response then end if if {latest.response} matches "(?:gitter).{0,40}\b([a-z0-9-]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Gitter secret pattern detected in the response." @@ -2752,7 +2752,7 @@ given response then end if if {latest.response} matches "(?:glassnode).{0,40}\b([0-9A-Za-z]{27})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Glassnode secret pattern detected in the response." @@ -2760,7 +2760,7 @@ given response then end if if {latest.response} matches "(?:gocanvas).{0,40}\b([0-9A-Za-z/+]{43}=[ \r\n]{1})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Gocanvas - 1 secret pattern detected in the response." @@ -2768,7 +2768,7 @@ given response then end if if {latest.response} matches "(?:gocanvas).{0,40}\b([\w\.-]+@[\w-]+\.[\w\.-]{2,5})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Gocanvas - 2 secret pattern detected in the response." @@ -2776,7 +2776,7 @@ given response then end if if {latest.response} matches "\b(live_[0-9A-Za-z\_\-]{40}[ \"'\r\n]{1})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Gocardless secret pattern detected in the response." @@ -2784,7 +2784,7 @@ given response then end if if {latest.response} matches "(?:goodday).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Goodday secret pattern detected in the response." @@ -2792,7 +2792,7 @@ given response then end if if {latest.response} matches "\"type\": \"service_account\"" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Google (GCP) Service Account secret pattern detected in the response." @@ -2800,7 +2800,7 @@ given response then end if if {latest.response} matches "AIza[0-9a-z-_]{35}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Google API Key secret pattern detected in the response." @@ -2808,7 +2808,7 @@ given response then end if if {latest.response} matches "https://www\.google\.com/calendar/embed\?src=[A-Za-z0-9%@&;=\-_\./]+" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Google Calendar URI secret pattern detected in the response." @@ -2816,7 +2816,7 @@ given response then end if if {latest.response} matches "ya29\.[0-9A-Za-z\-_]+" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Google OAuth Access Token secret pattern detected in the response." @@ -2824,7 +2824,7 @@ given response then end if if {latest.response} matches "(?:graph).{0,40}\b([a-z0-9]{25})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Graphcms - 1 secret pattern detected in the response." @@ -2832,7 +2832,7 @@ given response then end if if {latest.response} matches "\b(ey[a-zA-Z0-9]{73}.ey[a-zA-Z0-9]{365}.[a-zA-Z0-9_-]{683})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Graphcms - 2 secret pattern detected in the response." @@ -2840,7 +2840,7 @@ given response then end if if {latest.response} matches "(?:graphhopper).{0,40}\b([a-z0-9-]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Graphhopper secret pattern detected in the response." @@ -2848,7 +2848,7 @@ given response then end if if {latest.response} matches "(?:groove).{0,40}\b([a-z0-9A-Z]{64})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Groovehq secret pattern detected in the response." @@ -2856,7 +2856,7 @@ given response then end if if {latest.response} matches "(?:guru).{0,40}\b([a-zA-Z0-9]{3,20}@[a-zA-Z0-9]{2,12}.[a-zA-Z0-9]{2,5})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Guru - 1 secret pattern detected in the response." @@ -2864,7 +2864,7 @@ given response then end if if {latest.response} matches "(?:guru).{0,40}\b([a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Guru - 2 secret pattern detected in the response." @@ -2872,7 +2872,7 @@ given response then end if if {latest.response} matches "(?:gyazo).{0,40}\b([0-9A-Za-z-]{43})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Gyazo secret pattern detected in the response." @@ -2880,7 +2880,7 @@ given response then end if if {latest.response} matches "(?:happi).{0,40}\b([a-zA-Z0-9]{56})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Happi secret pattern detected in the response." @@ -2888,7 +2888,7 @@ given response then end if if {latest.response} matches "(?:happyscribe).{0,40}\b([0-9a-zA-Z]{24})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Happyscribe secret pattern detected in the response." @@ -2896,7 +2896,7 @@ given response then end if if {latest.response} matches "(?:harvest).{0,40}\b([a-z0-9A-Z._]{97})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Harvest - 1 secret pattern detected in the response." @@ -2904,7 +2904,7 @@ given response then end if if {latest.response} matches "(?:hellosign).{0,40}\b([a-zA-Z-0-9/+]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Hellosign secret pattern detected in the response." @@ -2912,7 +2912,7 @@ given response then end if if {latest.response} matches "(?:helpcrunch).{0,40}\b([a-zA-Z-0-9+/=]{328})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Helpcrunch secret pattern detected in the response." @@ -2920,7 +2920,7 @@ given response then end if if {latest.response} matches "(?:helpscout).{0,40}\b([A-Za-z0-9]{56})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Helpscout secret pattern detected in the response." @@ -2928,7 +2928,7 @@ given response then end if if {latest.response} matches "(?:hereapi).{0,40}\b([a-zA-Z0-9\S]{43})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Hereapi secret pattern detected in the response." @@ -2936,7 +2936,7 @@ given response then end if if {latest.response} matches "(?:heroku).{0,40}\b([0-9Aa-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Heroku secret pattern detected in the response." @@ -2944,7 +2944,7 @@ given response then end if if {latest.response} matches "(?:hive).{0,40}\b([0-9A-Za-z]{17})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Hive - 2 secret pattern detected in the response." @@ -2952,7 +2952,7 @@ given response then end if if {latest.response} matches "(?:hiveage).{0,40}\b([0-9A-Za-z\_\-]{20})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Hiveage secret pattern detected in the response." @@ -2960,7 +2960,7 @@ given response then end if if {latest.response} matches "(?:holidayapi).{0,40}\b([a-z0-9-]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Holidayapi secret pattern detected in the response." @@ -2968,7 +2968,7 @@ given response then end if if {latest.response} matches "(?:html2pdf).{0,40}\b([a-zA-Z0-9]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Html2pdf secret pattern detected in the response." @@ -2976,7 +2976,7 @@ given response then end if if {latest.response} matches "(?:hubspot).{0,40}\b([A-Za-z0-9]{8}\-[A-Za-z0-9]{4}\-[A-Za-z0-9]{4}\-[A-Za-z0-9]{4}\-[A-Za-z0-9]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Hubspotapikey secret pattern detected in the response." @@ -2984,7 +2984,7 @@ given response then end if if {latest.response} matches "(?:humanity).{0,40}\b([0-9a-z]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Humanity secret pattern detected in the response." @@ -2992,7 +2992,7 @@ given response then end if if {latest.response} matches "(?:hypertrack).{0,40}\b([0-9a-zA-Z\_\-]{54})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Hypertrack - 1 secret pattern detected in the response." @@ -3000,7 +3000,7 @@ given response then end if if {latest.response} matches "(?:hypertrack).{0,40}\b([0-9a-zA-Z\_\-]{27})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Hypertrack - 2 secret pattern detected in the response." @@ -3008,7 +3008,7 @@ given response then end if if {latest.response} matches "(?:ibm).{0,40}\b([A-Za-z0-9_-]{44})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Ibmclouduserkey secret pattern detected in the response." @@ -3016,7 +3016,7 @@ given response then end if if {latest.response} matches "(?:iconfinder).{0,40}\b([a-zA-Z0-9]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Iconfinder secret pattern detected in the response." @@ -3024,7 +3024,7 @@ given response then end if if {latest.response} matches "(?:iexcloud).{0,40}\b([a-z0-9_]{35})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Iexcloud secret pattern detected in the response." @@ -3032,7 +3032,7 @@ given response then end if if {latest.response} matches "(?:imagekit).{0,40}\b([a-zA-Z0-9_=]{36})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Imagekit secret pattern detected in the response." @@ -3040,7 +3040,7 @@ given response then end if if {latest.response} matches "(?:imagga).{0,40}\b([a-z0-9A-Z=]{72})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Imagga secret pattern detected in the response." @@ -3048,7 +3048,7 @@ given response then end if if {latest.response} matches "(?:impala).{0,40}\b([0-9A-Za-z_]{46})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Impala secret pattern detected in the response." @@ -3056,7 +3056,7 @@ given response then end if if {latest.response} matches "(?:insightly).{0,40}\b([a-z0-9-]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Insightly secret pattern detected in the response." @@ -3064,7 +3064,7 @@ given response then end if if {latest.response} matches "(?:integromat).{0,40}\b([a-z0-9-]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Integromat secret pattern detected in the response." @@ -3072,7 +3072,7 @@ given response then end if if {latest.response} matches "(?:intrinio).{0,40}\b([a-zA-Z0-9]{44})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Intrinio secret pattern detected in the response." @@ -3080,7 +3080,7 @@ given response then end if if {latest.response} matches "(?:invoiceocean).{0,40}\b([0-9A-Za-z]{20})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Invoiceocean - 1 secret pattern detected in the response." @@ -3088,7 +3088,7 @@ given response then end if if {latest.response} matches "\b([0-9a-z]{1,}.invoiceocean.com)\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Invoiceocean - 2 secret pattern detected in the response." @@ -3096,7 +3096,7 @@ given response then end if if {latest.response} matches "(?:ipapi).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Ipapi secret pattern detected in the response." @@ -3104,7 +3104,7 @@ given response then end if if {latest.response} matches "(?:ipgeolocation).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Ipgeolocation secret pattern detected in the response." @@ -3112,7 +3112,7 @@ given response then end if if {latest.response} matches "(?:ipify).{0,40}\b([a-zA-Z0-9_-]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Ipify secret pattern detected in the response." @@ -3120,7 +3120,7 @@ given response then end if if {latest.response} matches "(?:ipinfodb).{0,40}\b([a-z0-9]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Ipinfodb secret pattern detected in the response." @@ -3128,7 +3128,7 @@ given response then end if if {latest.response} matches "(?:ipquality).{0,40}\b([0-9a-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Ipquality secret pattern detected in the response." @@ -3136,7 +3136,7 @@ given response then end if if {latest.response} matches "(?:ipstack).{0,40}\b([a-fA-f0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Ipstack secret pattern detected in the response." @@ -3144,7 +3144,7 @@ given response then end if if {latest.response} matches "jdbc:[a-z:]+://[A-Za-z0-9\.\-_:;=/@?,&]+" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "JDBC Connection String secret pattern detected in the response." @@ -3152,7 +3152,7 @@ given response then end if if {latest.response} matches "(?:jira).{0,40}\b([a-zA-Z-0-9]{24})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Jiratoken - 1 secret pattern detected in the response." @@ -3160,7 +3160,7 @@ given response then end if if {latest.response} matches "(?:jira).{0,40}\b([a-zA-Z-0-9]{5,24}\@[a-zA-Z-0-9]{3,16}\.com)\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Jiratoken - 2 secret pattern detected in the response." @@ -3168,7 +3168,7 @@ given response then end if if {latest.response} matches "(?:jotform).{0,40}\b([0-9Aa-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Jotform secret pattern detected in the response." @@ -3176,7 +3176,7 @@ given response then end if if {latest.response} matches "(?:jumpcloud).{0,40}\b([a-zA-Z0-9]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Jumpcloud secret pattern detected in the response." @@ -3184,7 +3184,7 @@ given response then end if if {latest.response} matches "(?:juro).{0,40}\b([a-zA-Z0-9]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Juro secret pattern detected in the response." @@ -3192,7 +3192,7 @@ given response then end if if {latest.response} matches "(?:kanban).{0,40}\b([0-9A-Z]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Kanban - 1 secret pattern detected in the response." @@ -3200,7 +3200,7 @@ given response then end if if {latest.response} matches "\b([0-9a-z]{1,}.kanbantool.com)\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Kanban - 2 secret pattern detected in the response." @@ -3208,7 +3208,7 @@ given response then end if if {latest.response} matches "(?:karma).{0,40}\b([a-zA-Z0-9]{20})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Karmacrm secret pattern detected in the response." @@ -3216,7 +3216,7 @@ given response then end if if {latest.response} matches "(?:keen).{0,40}\b([0-9a-z]{24})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Keenio - 1 secret pattern detected in the response." @@ -3224,7 +3224,7 @@ given response then end if if {latest.response} matches "(?:keen).{0,40}\b([0-9A-Z]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Keenio - 2 secret pattern detected in the response." @@ -3232,7 +3232,7 @@ given response then end if if {latest.response} matches "(?:kickbox).{0,40}\b([a-zA-Z0-9_]+[a-zA-Z0-9]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Kickbox secret pattern detected in the response." @@ -3240,7 +3240,7 @@ given response then end if if {latest.response} matches "(?:klipfolio).{0,40}\b([0-9a-f]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Klipfolio secret pattern detected in the response." @@ -3248,7 +3248,7 @@ given response then end if if {latest.response} matches "(?:kontent).{0,40}\b([a-z0-9-]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Kontent secret pattern detected in the response." @@ -3256,7 +3256,7 @@ given response then end if if {latest.response} matches "(?:kraken).{0,40}\b([0-9A-Za-z\/\+=]{56}[ \"'\r\n]{1})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Kraken - 1 secret pattern detected in the response." @@ -3264,7 +3264,7 @@ given response then end if if {latest.response} matches "(?:kraken).{0,40}\b([0-9A-Za-z\/\+=]{86,88}[ \"'\r\n]{1})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Kraken - 2 secret pattern detected in the response." @@ -3272,7 +3272,7 @@ given response then end if if {latest.response} matches "(?:kucoin).{0,40}([ \r\n]{1}[!-~]{7,32}[ \r\n]{1})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Kucoin - 1 secret pattern detected in the response." @@ -3280,7 +3280,7 @@ given response then end if if {latest.response} matches "(?:kucoin).{0,40}\b([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Kucoin - 2 secret pattern detected in the response." @@ -3288,7 +3288,7 @@ given response then end if if {latest.response} matches "(?:kucoin).{0,40}\b([0-9a-f]{24})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Kucoin - 3 secret pattern detected in the response." @@ -3296,7 +3296,7 @@ given response then end if if {latest.response} matches "(?:kylas).{0,40}\b([a-z0-9-]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Kylas secret pattern detected in the response." @@ -3304,7 +3304,7 @@ given response then end if if {latest.response} matches "(?:languagelayer).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Languagelayer secret pattern detected in the response." @@ -3312,7 +3312,7 @@ given response then end if if {latest.response} matches "(?:lastfm).{0,40}\b([0-9a-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Lastfm secret pattern detected in the response." @@ -3320,7 +3320,7 @@ given response then end if if {latest.response} matches "(?:launchdarkly).{0,40}\b([a-z0-9-]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Launchdarkly secret pattern detected in the response." @@ -3328,7 +3328,7 @@ given response then end if if {latest.response} matches "(?:leadfeeder).{0,40}\b([a-zA-Z0-9-]{43})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Leadfeeder secret pattern detected in the response." @@ -3336,7 +3336,7 @@ given response then end if if {latest.response} matches "(?:lendflow).{0,40}\b([a-zA-Z0-9]{36}\.[a-zA-Z0-9]{235}\.[a-zA-Z0-9]{32}\-[a-zA-Z0-9]{47}\-[a-zA-Z0-9_]{162}\-[a-zA-Z0-9]{42}\-[a-zA-Z0-9_]{40}\-[a-zA-Z0-9_]{66}\-[a-zA-Z0-9_]{59}\-[a-zA-Z0-9]{7}\-[a-zA-Z0-9_]{220})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Lendflow secret pattern detected in the response." @@ -3344,7 +3344,7 @@ given response then end if if {latest.response} matches "(?:lexigram).{0,40}\b([a-zA-Z0-9\S]{301})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Lexigram secret pattern detected in the response." @@ -3352,7 +3352,7 @@ given response then end if if {latest.response} matches "\b(lin_api_[0-9A-Za-z]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Linearapi secret pattern detected in the response." @@ -3360,7 +3360,7 @@ given response then end if if {latest.response} matches "(?:line).{0,40}\b([A-Za-z0-9+/]{171,172})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Linemessaging secret pattern detected in the response." @@ -3368,7 +3368,7 @@ given response then end if if {latest.response} matches "(?:linenotify).{0,40}\b([0-9A-Za-z]{43})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Linenotify secret pattern detected in the response." @@ -3376,7 +3376,7 @@ given response then end if if {latest.response} matches "(?:linkpreview).{0,40}\b([a-zA-Z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Linkpreview secret pattern detected in the response." @@ -3384,7 +3384,7 @@ given response then end if if {latest.response} matches "(?:liveagent).{0,40}\b([a-zA-Z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Liveagent secret pattern detected in the response." @@ -3392,7 +3392,7 @@ given response then end if if {latest.response} matches "(?:livestorm).{0,40}\b(eyJhbGciOiJIUzI1NiJ9\.eyJhdWQiOiJhcGkubGl2ZXN0b3JtLmNvIiwianRpIjoi[0-9A-Z-a-z]{134}\.[0-9A-Za-z\-\_]{43}[ \r\n]{1})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Livestorm secret pattern detected in the response." @@ -3400,7 +3400,7 @@ given response then end if if {latest.response} matches "\b(pk\.[a-zA-Z-0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Locationiq secret pattern detected in the response." @@ -3408,7 +3408,7 @@ given response then end if if {latest.response} matches "(?:loginradius).{0,40}\b([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Loginradius secret pattern detected in the response." @@ -3416,7 +3416,7 @@ given response then end if if {latest.response} matches "(?:lokalise).{0,40}\b([a-z0-9]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Lokalisetoken secret pattern detected in the response." @@ -3424,7 +3424,7 @@ given response then end if if {latest.response} matches "(?:loyverse).{0,40}\b([0-9-a-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Loyverse secret pattern detected in the response." @@ -3432,7 +3432,7 @@ given response then end if if {latest.response} matches "(?:luno).{0,40}\b([a-z0-9]{13})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Luno - 1 secret pattern detected in the response." @@ -3440,7 +3440,7 @@ given response then end if if {latest.response} matches "(?:luno).{0,40}\b([a-zA-Z0-9_-]{43})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Luno - 2 secret pattern detected in the response." @@ -3448,7 +3448,7 @@ given response then end if if {latest.response} matches "(?:macaddress).{0,40}\b([a-zA-Z0-9_]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Macaddress secret pattern detected in the response." @@ -3456,7 +3456,7 @@ given response then end if if {latest.response} matches "(?:madkudu).{0,40}\b([0-9a-f]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Madkudu secret pattern detected in the response." @@ -3464,7 +3464,7 @@ given response then end if if {latest.response} matches "(?:magnetic).{0,40}\b([0-9Aa-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Magnetic secret pattern detected in the response." @@ -3472,7 +3472,7 @@ given response then end if if {latest.response} matches "[0-9a-f]{32}-us[0-9]{1,2}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "MailChimp API Key secret pattern detected in the response." @@ -3480,7 +3480,7 @@ given response then end if if {latest.response} matches "(?:mailboxlayer).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Mailboxlayer secret pattern detected in the response." @@ -3488,7 +3488,7 @@ given response then end if if {latest.response} matches "(?:mailerlite).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Mailerlite secret pattern detected in the response." @@ -3496,7 +3496,7 @@ given response then end if if {latest.response} matches "(?:mailgun).{0,40}\b([a-zA-Z-0-9]{72})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Mailgun - 2 secret pattern detected in the response." @@ -3504,7 +3504,7 @@ given response then end if if {latest.response} matches "key-[0-9a-zA-Z]{32}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Mailgun API Key - 1 secret pattern detected in the response." @@ -3512,7 +3512,7 @@ given response then end if if {latest.response} matches "(?:mailjet).{0,40}\b([A-Za-z0-9]{87}\=)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Mailjetbasicauth secret pattern detected in the response." @@ -3520,7 +3520,7 @@ given response then end if if {latest.response} matches "(?:mailjet).{0,40}\b([A-Za-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Mailjetsms secret pattern detected in the response." @@ -3528,7 +3528,7 @@ given response then end if if {latest.response} matches "(?:mailmodo).{0,40}\b([A-Z0-9]{7}-[A-Z0-9]{7}-[A-Z0-9]{7}-[A-Z0-9]{7})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Mailmodo secret pattern detected in the response." @@ -3536,7 +3536,7 @@ given response then end if if {latest.response} matches "(?:mailsac).{0,40}\b(k_[0-9A-Za-z]{36,})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Mailsac secret pattern detected in the response." @@ -3544,7 +3544,7 @@ given response then end if if {latest.response} matches "(?:mandrill).{0,40}\b([A-Za-z0-9_-]{22})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Mandrill secret pattern detected in the response." @@ -3552,7 +3552,7 @@ given response then end if if {latest.response} matches "\b(sk\.[a-zA-Z-0-9\.]{80,240})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Mapbox - 2 secret pattern detected in the response." @@ -3560,7 +3560,7 @@ given response then end if if {latest.response} matches "(?:mapquest).{0,40}\b([0-9A-Za-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Mapquest secret pattern detected in the response." @@ -3568,7 +3568,7 @@ given response then end if if {latest.response} matches "(?:marketstack).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Marketstack secret pattern detected in the response." @@ -3576,7 +3576,7 @@ given response then end if if {latest.response} matches "(?:mattermost).{0,40}\b([A-Za-z0-9-_]{1,}.cloud.mattermost.com)\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Mattermostpersonaltoken - 1 secret pattern detected in the response." @@ -3584,7 +3584,7 @@ given response then end if if {latest.response} matches "(?:mattermost).{0,40}\b([a-z0-9]{26})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Mattermostpersonaltoken - 2 secret pattern detected in the response." @@ -3592,7 +3592,7 @@ given response then end if if {latest.response} matches "(?:mavenlink).{0,40}\b([0-9a-z]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Mavenlink secret pattern detected in the response." @@ -3600,7 +3600,7 @@ given response then end if if {latest.response} matches "(?:maxmind|geoip).{0,40}\b([0-9A-Za-z]{16})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Maxmindlicense - 1 secret pattern detected in the response." @@ -3608,7 +3608,7 @@ given response then end if if {latest.response} matches "(?:maxmind|geoip).{0,40}\b([0-9]{2,7})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Maxmindlicense - 2 secret pattern detected in the response." @@ -3616,7 +3616,7 @@ given response then end if if {latest.response} matches "(?:meaningcloud).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Meaningcloud secret pattern detected in the response." @@ -3624,7 +3624,7 @@ given response then end if if {latest.response} matches "(?:mediastack).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Mediastack secret pattern detected in the response." @@ -3632,7 +3632,7 @@ given response then end if if {latest.response} matches "(?:meistertask).{0,40}\b([a-zA-Z0-9]{43})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Meistertask secret pattern detected in the response." @@ -3640,7 +3640,7 @@ given response then end if if {latest.response} matches "(?:mesibo).{0,40}\b([0-9A-Za-z]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Mesibo secret pattern detected in the response." @@ -3648,7 +3648,7 @@ given response then end if if {latest.response} matches "(?:messagebird).{0,40}\b([A-Za-z0-9_-]{25})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Messagebird secret pattern detected in the response." @@ -3656,7 +3656,7 @@ given response then end if if {latest.response} matches "(?:metaapi|meta-api).{0,40}\b([0-9a-f]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Metaapi - 1 secret pattern detected in the response." @@ -3664,7 +3664,7 @@ given response then end if if {latest.response} matches "(?:metaapi|meta-api).{0,40}\b([0-9a-f]{24})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Metaapi - 2 secret pattern detected in the response." @@ -3672,7 +3672,7 @@ given response then end if if {latest.response} matches "(?:metrilo).{0,40}\b([a-z0-9]{16})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Metrilo secret pattern detected in the response." @@ -3680,7 +3680,7 @@ given response then end if if {latest.response} matches "(https:\/\/[a-zA-Z-0-9]+\.webhook\.office\.com\/webhookb2\/[a-zA-Z-0-9]{8}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{12}\@[a-zA-Z-0-9]{8}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{12}\/IncomingWebhook\/[a-zA-Z-0-9]{32}\/[a-zA-Z-0-9]{8}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{4}-[a-zA-Z-0-9]{12})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Microsoftteamswebhook secret pattern detected in the response." @@ -3688,7 +3688,7 @@ given response then end if if {latest.response} matches "midi-662b69edd2[a-zA-Z0-9]{54}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Midise secret pattern detected in the response." @@ -3696,7 +3696,7 @@ given response then end if if {latest.response} matches "(?:mindmeister).{0,40}\b([a-zA-Z0-9]{43})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Mindmeister secret pattern detected in the response." @@ -3704,7 +3704,7 @@ given response then end if if {latest.response} matches "(?:mite).{0,40}\b([0-9a-z]{16})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Mite - 1 secret pattern detected in the response." @@ -3712,7 +3712,7 @@ given response then end if if {latest.response} matches "\b([0-9a-z-]{1,}.mite.yo.lk)\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Mite - 2 secret pattern detected in the response." @@ -3720,7 +3720,7 @@ given response then end if if {latest.response} matches "(?:mixmax).{0,40}\b([a-zA-Z0-9_-]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Mixmax secret pattern detected in the response." @@ -3728,7 +3728,7 @@ given response then end if if {latest.response} matches "(?:mixpanel).{0,40}\b([a-zA-Z0-9.-]{30,40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Mixpanel - 1 secret pattern detected in the response." @@ -3736,7 +3736,7 @@ given response then end if if {latest.response} matches "(?:mixpanel).{0,40}\b([a-zA-Z0-9-]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Mixpanel - 2 secret pattern detected in the response." @@ -3744,7 +3744,7 @@ given response then end if if {latest.response} matches "(?:moderation).{0,40}\b([a-zA-Z0-9]{36}\.[a-zA-Z0-9]{115}\.[a-zA-Z0-9_]{43})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Moderation secret pattern detected in the response." @@ -3752,7 +3752,7 @@ given response then end if if {latest.response} matches "(?:monday).{0,40}\b(ey[a-zA-Z0-9_.]{210,225})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Monday secret pattern detected in the response." @@ -3760,7 +3760,7 @@ given response then end if if {latest.response} matches "(?:moonclerck).{0,40}\b([0-9a-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Moonclerck secret pattern detected in the response." @@ -3768,7 +3768,7 @@ given response then end if if {latest.response} matches "(?:moonclerk).{0,40}\b([0-9a-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Moonclerk secret pattern detected in the response." @@ -3776,7 +3776,7 @@ given response then end if if {latest.response} matches "(?:moosend).{0,40}\b([0-9Aa-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Moosend secret pattern detected in the response." @@ -3784,7 +3784,7 @@ given response then end if if {latest.response} matches "(?:mrticktock).{0,40}\b([a-zA-Z0-9!=@#$%()_^]{1,50})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Mrticktock - 1 secret pattern detected in the response." @@ -3792,7 +3792,7 @@ given response then end if if {latest.response} matches "(?:myintervals).{0,40}\b([0-9a-z]{11})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Myintervals secret pattern detected in the response." @@ -3800,7 +3800,7 @@ given response then end if if {latest.response} matches "(?:nasdaq).{0,40}\b([a-zA-Z0-9_-]{20})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Nasdaqdatalink secret pattern detected in the response." @@ -3808,7 +3808,7 @@ given response then end if if {latest.response} matches "(?:nethunt).{0,40}\b([a-zA-Z0-9.-@]{25,30})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Nethunt - 1 secret pattern detected in the response." @@ -3816,7 +3816,7 @@ given response then end if if {latest.response} matches "(?:nethunt).{0,40}\b([a-z0-9-\S]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Nethunt - 2 secret pattern detected in the response." @@ -3824,7 +3824,7 @@ given response then end if if {latest.response} matches "(?:netlify).{0,40}\b([A-Za-z0-9_-]{43,45})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Netlify secret pattern detected in the response." @@ -3832,7 +3832,7 @@ given response then end if if {latest.response} matches "(?:neutrinoapi).{0,40}\b([a-zA-Z0-9]{48})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Neutrinoapi - 1 secret pattern detected in the response." @@ -3840,7 +3840,7 @@ given response then end if if {latest.response} matches "(?:neutrinoapi).{0,40}\b([a-zA-Z0-9]{6,24})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Neutrinoapi - 2 secret pattern detected in the response." @@ -3848,7 +3848,7 @@ given response then end if if {latest.response} matches "NRAA-[a-f0-9]{27}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Newrelic Admin API Key secret pattern detected in the response." @@ -3856,7 +3856,7 @@ given response then end if if {latest.response} matches "NRI(?:I|Q)-[A-Za-z0-9\-_]{32}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Newrelic Insights API Key secret pattern detected in the response." @@ -3864,7 +3864,7 @@ given response then end if if {latest.response} matches "NRRA-[a-f0-9]{42}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Newrelic REST API Key secret pattern detected in the response." @@ -3872,7 +3872,7 @@ given response then end if if {latest.response} matches "NRSP-[a-z]{2}[0-9]{2}[a-f0-9]{31}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Newrelic Synthetics Location Key secret pattern detected in the response." @@ -3880,7 +3880,7 @@ given response then end if if {latest.response} matches "(?:newrelic).{0,40}\b([A-Za-z0-9_\.]{4}-[A-Za-z0-9_\.]{42})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Newrelicpersonalapikey secret pattern detected in the response." @@ -3888,7 +3888,7 @@ given response then end if if {latest.response} matches "(?:newsapi).{0,40}\b([a-z0-9]{32})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Newsapi secret pattern detected in the response." @@ -3896,7 +3896,7 @@ given response then end if if {latest.response} matches "(?:newscatcher).{0,40}\b([0-9A-Za-z_]{43})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Newscatcher secret pattern detected in the response." @@ -3904,7 +3904,7 @@ given response then end if if {latest.response} matches "(?:nexmo).{0,40}\b([A-Za-z0-9_-]{8})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Nexmoapikey - 1 secret pattern detected in the response." @@ -3912,7 +3912,7 @@ given response then end if if {latest.response} matches "(?:nexmo).{0,40}\b([A-Za-z0-9_-]{16})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Nexmoapikey - 2 secret pattern detected in the response." @@ -3920,7 +3920,7 @@ given response then end if if {latest.response} matches "(?:nftport).{0,40}\b([a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Nftport secret pattern detected in the response." @@ -3928,7 +3928,7 @@ given response then end if if {latest.response} matches "(?:nicereply).{0,40}\b([0-9a-f]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Nicereply secret pattern detected in the response." @@ -3936,7 +3936,7 @@ given response then end if if {latest.response} matches "(?:nimble).{0,40}\b([a-zA-Z0-9]{30})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Nimble secret pattern detected in the response." @@ -3944,7 +3944,7 @@ given response then end if if {latest.response} matches "(?:nitro).{0,40}\b([0-9a-f]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Nitro secret pattern detected in the response." @@ -3952,7 +3952,7 @@ given response then end if if {latest.response} matches "(?:noticeable).{0,40}\b([0-9a-zA-Z]{20})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Noticeable secret pattern detected in the response." @@ -3960,7 +3960,7 @@ given response then end if if {latest.response} matches "\b(secret_[A-Za-z0-9]{43})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Notion secret pattern detected in the response." @@ -3968,7 +3968,7 @@ given response then end if if {latest.response} matches "(?:nozbe|nozbeteams).{0,40}\b([0-9A-Za-z]{16}_[0-9A-Za-z\-_]{64}[ \r\n]{1})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Nozbeteams secret pattern detected in the response." @@ -3976,7 +3976,7 @@ given response then end if if {latest.response} matches "(?:numverify).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Numverify secret pattern detected in the response." @@ -3984,7 +3984,7 @@ given response then end if if {latest.response} matches "(?:nutritionix).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Nutritionix - 1 secret pattern detected in the response." @@ -3992,7 +3992,7 @@ given response then end if if {latest.response} matches "(?:nutritionix).{0,40}\b([a-z0-9]{8})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Nutritionix - 2 secret pattern detected in the response." @@ -4000,7 +4000,7 @@ given response then end if if {latest.response} matches "(?:nylas).{0,40}\b([0-9A-Za-z]{30})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Nylas secret pattern detected in the response." @@ -4008,7 +4008,7 @@ given response then end if if {latest.response} matches "(?:oanda).{0,40}\b([a-zA-Z0-9]{24})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Oanda secret pattern detected in the response." @@ -4016,7 +4016,7 @@ given response then end if if {latest.response} matches "(?:omnisend).{0,40}\b([a-z0-9A-Z-]{75})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Omnisend secret pattern detected in the response." @@ -4024,7 +4024,7 @@ given response then end if if {latest.response} matches "(?:onedesk).{0,40}\b([a-zA-Z0-9!=@#$%^]{8,64})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Onedesk - 1 secret pattern detected in the response." @@ -4032,7 +4032,7 @@ given response then end if if {latest.response} matches "secret[a-zA-Z0-9_' \"=]{0,20}([a-z0-9]{64})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Onelogin - 2 secret pattern detected in the response." @@ -4040,7 +4040,7 @@ given response then end if if {latest.response} matches "(?:onepagecrm).{0,40}\b([a-zA-Z0-9=]{44})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Onepagecrm - 1 secret pattern detected in the response." @@ -4048,7 +4048,7 @@ given response then end if if {latest.response} matches "(?:onepagecrm).{0,40}\b([a-z0-9]{24})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Onepagecrm - 2 secret pattern detected in the response." @@ -4056,7 +4056,7 @@ given response then end if if {latest.response} matches "(?:onwater).{0,40}\b([a-zA-Z0-9_-]{20})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Onwaterio secret pattern detected in the response." @@ -4064,7 +4064,7 @@ given response then end if if {latest.response} matches "(?:oopspam).{0,40}\b([a-zA-Z0-9]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Oopspam secret pattern detected in the response." @@ -4072,7 +4072,7 @@ given response then end if if {latest.response} matches "(?:opencagedata).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Opencagedata secret pattern detected in the response." @@ -4080,7 +4080,7 @@ given response then end if if {latest.response} matches "(?:opengraphr).{0,40}\b([0-9Aa-zA-Z]{80})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Opengraphr secret pattern detected in the response." @@ -4088,7 +4088,7 @@ given response then end if if {latest.response} matches "(?:openuv).{0,40}\b([0-9a-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Openuv secret pattern detected in the response." @@ -4096,7 +4096,7 @@ given response then end if if {latest.response} matches "(?:openweather).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Openweather secret pattern detected in the response." @@ -4104,7 +4104,7 @@ given response then end if if {latest.response} matches "(?:optimizely).{0,40}\b([0-9A-Za-z-:]{54})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Optimizely secret pattern detected in the response." @@ -4112,7 +4112,7 @@ given response then end if if {latest.response} matches "(?:owlbot).{0,40}\b([a-z0-9]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Owlbot secret pattern detected in the response." @@ -4120,7 +4120,7 @@ given response then end if if {latest.response} matches "-----BEGIN PGP PRIVATE KEY BLOCK-----" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "PGP private key block secret pattern detected in the response." @@ -4128,7 +4128,7 @@ given response then end if if {latest.response} matches "(?:pagerduty).{0,40}\b([a-z]{1}\+[a-zA-Z]{9}\-[a-z]{2}\-[a-z0-9]{5})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Pagerdutyapikey secret pattern detected in the response." @@ -4136,7 +4136,7 @@ given response then end if if {latest.response} matches "(?:pandadoc).{0,40}\b([a-zA-Z0-9]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Pandadoc secret pattern detected in the response." @@ -4144,7 +4144,7 @@ given response then end if if {latest.response} matches "(?:pandascore).{0,40}([ \r\n]{0,1}[0-9A-Za-z\-\_]{51}[ \r\n]{1})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Pandascore secret pattern detected in the response." @@ -4152,7 +4152,7 @@ given response then end if if {latest.response} matches "(?:paralleldots).{0,40}\b([0-9A-Za-z]{43})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Paralleldots secret pattern detected in the response." @@ -4160,7 +4160,7 @@ given response then end if if {latest.response} matches "(?:partnerstack).{0,40}\b([0-9A-Za-z]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Partnerstack secret pattern detected in the response." @@ -4168,7 +4168,7 @@ given response then end if if {latest.response} matches "(?:passbase).{0,40}\b([a-zA-Z0-9]{128})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Passbase secret pattern detected in the response." @@ -4176,7 +4176,7 @@ given response then end if if {latest.response} matches "[a-zA-Z]{3,10}://[^/\s:@]{3,20}:[^/\s:@]{3,20}@.{1,100}[\"'\s]" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Password in URL secret pattern detected in the response." @@ -4184,7 +4184,7 @@ given response then end if if {latest.response} matches "(?:pastebin).{0,40}\b([a-zA-Z0-9_]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Pastebin secret pattern detected in the response." @@ -4192,7 +4192,7 @@ given response then end if if {latest.response} matches "access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "PayPal Braintree access token secret pattern detected in the response." @@ -4200,7 +4200,7 @@ given response then end if if {latest.response} matches "(?:paymoapp).{0,40}\b([a-zA-Z0-9]{44})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Paymoapp secret pattern detected in the response." @@ -4208,7 +4208,7 @@ given response then end if if {latest.response} matches "(?:paymongo).{0,40}\b([a-zA-Z0-9_]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Paymongo secret pattern detected in the response." @@ -4216,7 +4216,7 @@ given response then end if if {latest.response} matches "\b(sk\_[a-z]{1,}\_[A-Za-z0-9]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Paystack secret pattern detected in the response." @@ -4224,7 +4224,7 @@ given response then end if if {latest.response} matches "(?:pdflayer).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Pdflayer secret pattern detected in the response." @@ -4232,7 +4232,7 @@ given response then end if if {latest.response} matches "(?:pdfshift).{0,40}\b([0-9a-f]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Pdfshift secret pattern detected in the response." @@ -4240,7 +4240,7 @@ given response then end if if {latest.response} matches "(?:peopledatalabs).{0,40}\b([a-z0-9]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Peopledatalabs secret pattern detected in the response." @@ -4248,7 +4248,7 @@ given response then end if if {latest.response} matches "(?:pepipost|netcore).{0,40}\b([a-zA-Z-0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Pepipost secret pattern detected in the response." @@ -4256,7 +4256,7 @@ given response then end if if {latest.response} matches "sk_live_[0-9a-z]{32}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Picatic API key secret pattern detected in the response." @@ -4264,7 +4264,7 @@ given response then end if if {latest.response} matches "(?:pipedream).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Pipedream secret pattern detected in the response." @@ -4272,7 +4272,7 @@ given response then end if if {latest.response} matches "(?:pipedrive).{0,40}\b([a-zA-Z0-9]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Pipedrive secret pattern detected in the response." @@ -4280,7 +4280,7 @@ given response then end if if {latest.response} matches "(?:pivotal).{0,40}([a-z0-9]{32})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Pivotaltracker secret pattern detected in the response." @@ -4288,7 +4288,7 @@ given response then end if if {latest.response} matches "(?:pixabay).{0,40}\b([a-z0-9-]{34})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Pixabay secret pattern detected in the response." @@ -4296,7 +4296,7 @@ given response then end if if {latest.response} matches "(?:plaid).{0,40}\b([a-z0-9]{24})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Plaidkey - 1 secret pattern detected in the response." @@ -4304,7 +4304,7 @@ given response then end if if {latest.response} matches "(?:plaid).{0,40}\b([a-z0-9]{30})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Plaidkey - 2 secret pattern detected in the response." @@ -4312,7 +4312,7 @@ given response then end if if {latest.response} matches "(?:planviewleankit|planview).{0,40}\b([0-9a-f]{128})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Planviewleankit - 1 secret pattern detected in the response." @@ -4320,7 +4320,7 @@ given response then end if if {latest.response} matches "(?:planviewleankit|planview).{0,40}(?:subdomain).\b([a-zA-Z][a-zA-Z0-9.-]{1,23}[a-zA-Z0-9])\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Planviewleankit - 2 secret pattern detected in the response." @@ -4328,7 +4328,7 @@ given response then end if if {latest.response} matches "(?:planyo).{0,40}\b([0-9a-z]{62})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Planyo secret pattern detected in the response." @@ -4336,7 +4336,7 @@ given response then end if if {latest.response} matches "(?:plivo).{0,40}\b([A-Za-z0-9_-]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Plivo - 1 secret pattern detected in the response." @@ -4344,7 +4344,7 @@ given response then end if if {latest.response} matches "(?:plivo).{0,40}\b([A-Z]{20})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Plivo - 2 secret pattern detected in the response." @@ -4352,7 +4352,7 @@ given response then end if if {latest.response} matches "(?:poloniex).{0,40}\b([0-9a-f]{128})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Poloniex - 1 secret pattern detected in the response." @@ -4360,7 +4360,7 @@ given response then end if if {latest.response} matches "(?:poloniex).{0,40}\b([0-9A-Z]{8}-[0-9A-Z]{8}-[0-9A-Z]{8}-[0-9A-Z]{8})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Poloniex - 2 secret pattern detected in the response." @@ -4368,7 +4368,7 @@ given response then end if if {latest.response} matches "(?:polygon).{0,40}\b([a-z0-9A-Z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Polygon secret pattern detected in the response." @@ -4376,7 +4376,7 @@ given response then end if if {latest.response} matches "(?:positionstack).{0,40}\b([a-zA-Z0-9_]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Positionstack secret pattern detected in the response." @@ -4384,7 +4384,7 @@ given response then end if if {latest.response} matches "(?:postageapp).{0,40}\b([0-9A-Za-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Postageapp secret pattern detected in the response." @@ -4392,7 +4392,7 @@ given response then end if if {latest.response} matches "\b(phc_[a-zA-Z0-9_]{43})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Posthog secret pattern detected in the response." @@ -4400,7 +4400,7 @@ given response then end if if {latest.response} matches "\b(PMAK-[a-zA-Z-0-9]{59})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Postman secret pattern detected in the response." @@ -4408,7 +4408,7 @@ given response then end if if {latest.response} matches "(?:postmark).{0,40}\b([0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Postmark secret pattern detected in the response." @@ -4416,7 +4416,7 @@ given response then end if if {latest.response} matches "(?:powrbot).{0,40}\b([a-z0-9A-Z]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Powrbot secret pattern detected in the response." @@ -4424,7 +4424,7 @@ given response then end if if {latest.response} matches "-----\s*?BEGIN[ A-Z0-9_-]*?PRIVATE KEY\s*?-----[\s\S]*?----\s*?END[ A-Z0-9_-]*? PRIVATE KEY\s*?-----" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Privatekey secret pattern detected in the response." @@ -4432,7 +4432,7 @@ given response then end if if {latest.response} matches "(?:prospect).{0,40}\b([a-z0-9-]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Prospectcrm secret pattern detected in the response." @@ -4440,7 +4440,7 @@ given response then end if if {latest.response} matches "(?:prospect).{0,40}\b([a-z0-9A-Z-]{50})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Prospectio secret pattern detected in the response." @@ -4448,7 +4448,7 @@ given response then end if if {latest.response} matches "(?:protocols).{0,40}\b([a-z0-9]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Protocolsio secret pattern detected in the response." @@ -4456,7 +4456,7 @@ given response then end if if {latest.response} matches "(?:proxycrawl).{0,40}\b([a-zA-Z0-9_]{22})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Proxycrawl secret pattern detected in the response." @@ -4464,7 +4464,7 @@ given response then end if if {latest.response} matches "\b(sub-c-[0-9a-z]{8}-[a-z]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Pubnubpublishkey - 1 secret pattern detected in the response." @@ -4472,7 +4472,7 @@ given response then end if if {latest.response} matches "\b(pub-c-[0-9a-z]{8}-[0-9a-z]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Pubnubpublishkey - 2 secret pattern detected in the response." @@ -4480,7 +4480,7 @@ given response then end if if {latest.response} matches "(?:purestake).{0,40}\b([a-zA-Z0-9]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Purestake secret pattern detected in the response." @@ -4488,7 +4488,7 @@ given response then end if if {latest.response} matches "(?:pushbullet).{0,40}\b([A-Za-z0-9_\.]{34})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Pushbulletapikey secret pattern detected in the response." @@ -4496,7 +4496,7 @@ given response then end if if {latest.response} matches "(?:pusher).{0,40}\b([a-z0-9]{20})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Pusherchannelkey - 2 secret pattern detected in the response." @@ -4504,7 +4504,7 @@ given response then end if if {latest.response} matches "(?:pusher).{0,40}\b([0-9]{7})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Pusherchannelkey - 3 secret pattern detected in the response." @@ -4512,7 +4512,7 @@ given response then end if if {latest.response} matches "pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "PyPI upload token secret pattern detected in the response." @@ -4520,7 +4520,7 @@ given response then end if if {latest.response} matches "(?:qualaroo).{0,40}\b([a-z0-9A-Z=]{64})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Qualaroo secret pattern detected in the response." @@ -4528,7 +4528,7 @@ given response then end if if {latest.response} matches "(?:qubole).{0,40}\b([0-9a-z]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Qubole secret pattern detected in the response." @@ -4536,7 +4536,7 @@ given response then end if if {latest.response} matches "(?:quickmetrics).{0,40}\b([a-zA-Z0-9_-]{22})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Quickmetrics secret pattern detected in the response." @@ -4544,7 +4544,7 @@ given response then end if if {latest.response} matches "-----BEGIN PRIVATE KEY-----" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "RKCS8 secret pattern detected in the response." @@ -4552,7 +4552,7 @@ given response then end if if {latest.response} matches "-----BEGIN RSA PRIVATE KEY-----" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "RSA private key secret pattern detected in the response." @@ -4560,7 +4560,7 @@ given response then end if if {latest.response} matches "(?:rapidapi).{0,40}\b([A-Za-z0-9_-]{50})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Rapidapi secret pattern detected in the response." @@ -4568,7 +4568,7 @@ given response then end if if {latest.response} matches "(?:raven).{0,40}\b([A-Z0-9-]{16})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Raven secret pattern detected in the response." @@ -4576,7 +4576,7 @@ given response then end if if {latest.response} matches "(?:rawg).{0,40}\b([0-9Aa-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Rawg secret pattern detected in the response." @@ -4584,7 +4584,7 @@ given response then end if if {latest.response} matches "\brzp_\w{2,6}_\w{10,20}\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Razorpay - 1 secret pattern detected in the response." @@ -4592,7 +4592,7 @@ given response then end if if {latest.response} matches "(?:readme).{0,40}\b([a-zA-Z0-9_]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Readme secret pattern detected in the response." @@ -4600,7 +4600,7 @@ given response then end if if {latest.response} matches "\b(ey[a-zA-Z0-9-._]{153}.ey[a-zA-Z0-9-._]{916,1000})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Reallysimplesystems secret pattern detected in the response." @@ -4608,7 +4608,7 @@ given response then end if if {latest.response} matches "(?:rebrandly).{0,40}\b([a-zA-Z0-9_]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Rebrandly secret pattern detected in the response." @@ -4616,7 +4616,7 @@ given response then end if if {latest.response} matches "(?:refiner).{0,40}\b([0-9Aa-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Refiner secret pattern detected in the response." @@ -4624,7 +4624,7 @@ given response then end if if {latest.response} matches "(?:repairshopr).{0,40}\b([a-zA-Z0-9_.!+$#^*]{3,32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Repairshopr - 1 secret pattern detected in the response." @@ -4632,7 +4632,7 @@ given response then end if if {latest.response} matches "(?:repairshopr).{0,40}\b([a-zA-Z0-9-]{51})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Repairshopr - 2 secret pattern detected in the response." @@ -4640,7 +4640,7 @@ given response then end if if {latest.response} matches "(?:restpack).{0,40}\b([a-zA-Z0-9]{48})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Restpack secret pattern detected in the response." @@ -4648,7 +4648,7 @@ given response then end if if {latest.response} matches "(?:restpack).{0,40}\b([0-9A-Za-z]{48})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Restpackhtmltopdfapi secret pattern detected in the response." @@ -4656,7 +4656,7 @@ given response then end if if {latest.response} matches "(?:rev).{0,40}\b([0-9a-zA-Z\/\+]{27}\=[ \r\n]{1})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Rev - 1 secret pattern detected in the response." @@ -4664,7 +4664,7 @@ given response then end if if {latest.response} matches "(?:revamp).{0,40}\b([a-zA-Z0-9]{40}\b)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Revampcrm - 1 secret pattern detected in the response." @@ -4672,7 +4672,7 @@ given response then end if if {latest.response} matches "(?:ringcentral).{0,40}\b(https://www.[0-9A-Za-z_-]{1,}.com)\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Ringcentral - 1 secret pattern detected in the response." @@ -4680,7 +4680,7 @@ given response then end if if {latest.response} matches "(?:ringcentral).{0,40}\b([0-9A-Za-z_-]{22})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Ringcentral - 2 secret pattern detected in the response." @@ -4688,7 +4688,7 @@ given response then end if if {latest.response} matches "(?:ritekit).{0,40}\b([0-9a-f]{44})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Ritekit secret pattern detected in the response." @@ -4696,7 +4696,7 @@ given response then end if if {latest.response} matches "(?:roaring).{0,40}\b([0-9A-Za-z_-]{28})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Roaring secret pattern detected in the response." @@ -4704,7 +4704,7 @@ given response then end if if {latest.response} matches "(?:rocketreach).{0,40}\b([a-z0-9-]{39})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Rocketreach secret pattern detected in the response." @@ -4712,7 +4712,7 @@ given response then end if if {latest.response} matches "(?:ronin).{0,40}\b([0-9a-zA-Z]{26})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Roninapp - 2 secret pattern detected in the response." @@ -4720,7 +4720,7 @@ given response then end if if {latest.response} matches "(?:route4me).{0,40}\b([0-9A-Z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Route4me secret pattern detected in the response." @@ -4728,7 +4728,7 @@ given response then end if if {latest.response} matches "(?:rownd).{0,40}\b([a-z0-9]{8}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Rownd - 1 secret pattern detected in the response." @@ -4736,7 +4736,7 @@ given response then end if if {latest.response} matches "(?:rownd).{0,40}\b([a-z0-9]{48})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Rownd - 2 secret pattern detected in the response." @@ -4744,7 +4744,7 @@ given response then end if if {latest.response} matches "(?:rownd).{0,40}\b([0-9]{18})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Rownd - 3 secret pattern detected in the response." @@ -4752,7 +4752,7 @@ given response then end if if {latest.response} matches "\b(rubygems_[a-zA0-9]{48})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Rubygems secret pattern detected in the response." @@ -4760,7 +4760,7 @@ given response then end if if {latest.response} matches "(?:runrunit).{0,40}\b([0-9a-f]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Runrunit - 1 secret pattern detected in the response." @@ -4768,7 +4768,7 @@ given response then end if if {latest.response} matches "(?:runrunit).{0,40}\b([0-9A-Za-z]{18,20})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Runrunit - 2 secret pattern detected in the response." @@ -4776,7 +4776,7 @@ given response then end if if {latest.response} matches "-----BEGIN OPENSSH PRIVATE KEY-----" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "SSH secret pattern detected in the response." @@ -4784,7 +4784,7 @@ given response then end if if {latest.response} matches "-----BEGIN DSA PRIVATE KEY-----" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "SSH (DSA) private key secret pattern detected in the response." @@ -4792,7 +4792,7 @@ given response then end if if {latest.response} matches "(?:salesblink).{0,40}\b([a-zA-Z]{16})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Salesblink secret pattern detected in the response." @@ -4800,7 +4800,7 @@ given response then end if if {latest.response} matches "(?:salescookie).{0,40}\b([a-zA-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Salescookie secret pattern detected in the response." @@ -4808,7 +4808,7 @@ given response then end if if {latest.response} matches "(?:salesflare).{0,40}\b([a-zA-Z0-9_]{45})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Salesflare secret pattern detected in the response." @@ -4816,7 +4816,7 @@ given response then end if if {latest.response} matches "(?:satismeter).{0,40}\b([a-zA-Z0-9]{4,20}@[a-zA-Z0-9]{2,12}.[a-zA-Z0-9]{2,12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Satismeterprojectkey - 1 secret pattern detected in the response." @@ -4824,7 +4824,7 @@ given response then end if if {latest.response} matches "(?:satismeter).{0,40}\b([a-zA-Z0-9]{24})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Satismeterprojectkey - 2 secret pattern detected in the response." @@ -4832,7 +4832,7 @@ given response then end if if {latest.response} matches "(?:satismeter).{0,40}\b([a-zA-Z0-9!=@#$%^]{6,32})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Satismeterprojectkey - 3 secret pattern detected in the response." @@ -4840,7 +4840,7 @@ given response then end if if {latest.response} matches "(?:satismeter).{0,40}\b([a-z0-9A-Z]{16})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Satismeterwritekey secret pattern detected in the response." @@ -4848,7 +4848,7 @@ given response then end if if {latest.response} matches "\b(oauth\-[a-z0-9]{8,}\-[a-z0-9]{5})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Saucelabs - 1 secret pattern detected in the response." @@ -4856,7 +4856,7 @@ given response then end if if {latest.response} matches "(?:saucelabs).{0,40}\b([a-z0-9]{8}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{4}\-[a-z0-9]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Saucelabs - 2 secret pattern detected in the response." @@ -4864,7 +4864,7 @@ given response then end if if {latest.response} matches "(?:scaleway).{0,40}\b([0-9a-z]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Scalewaykey secret pattern detected in the response." @@ -4872,7 +4872,7 @@ given response then end if if {latest.response} matches "(?:scrapeowl).{0,40}\b([0-9a-z]{30})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Scrapeowl secret pattern detected in the response." @@ -4880,7 +4880,7 @@ given response then end if if {latest.response} matches "(?:scraperapi).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Scraperapi secret pattern detected in the response." @@ -4888,7 +4888,7 @@ given response then end if if {latest.response} matches "(?:scraperbox).{0,40}\b([A-Z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Scraperbox secret pattern detected in the response." @@ -4896,7 +4896,7 @@ given response then end if if {latest.response} matches "(?:scrapersite).{0,40}\b([a-zA-Z0-9]{45})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Scrapersite secret pattern detected in the response." @@ -4904,7 +4904,7 @@ given response then end if if {latest.response} matches "(?:scrapestack).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Scrapestack secret pattern detected in the response." @@ -4912,7 +4912,7 @@ given response then end if if {latest.response} matches "(?:scrapfly).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Scrapfly secret pattern detected in the response." @@ -4920,7 +4920,7 @@ given response then end if if {latest.response} matches "(?:scrapingant).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Scrapingant secret pattern detected in the response." @@ -4928,7 +4928,7 @@ given response then end if if {latest.response} matches "(?:scrapingbee).{0,40}\b([A-Z0-9]{80})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Scrapingbee secret pattern detected in the response." @@ -4936,7 +4936,7 @@ given response then end if if {latest.response} matches "(?:screenshotapi).{0,40}\b([0-9A-Z]{7}\-[0-9A-Z]{7}\-[0-9A-Z]{7}\-[0-9A-Z]{7})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Screenshotapi secret pattern detected in the response." @@ -4944,7 +4944,7 @@ given response then end if if {latest.response} matches "(?:screenshotlayer).{0,40}\b([a-zA-Z0-9_]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Screenshotlayer secret pattern detected in the response." @@ -4952,7 +4952,7 @@ given response then end if if {latest.response} matches "(?:securitytrails).{0,40}\b([a-zA-Z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Securitytrails secret pattern detected in the response." @@ -4960,7 +4960,7 @@ given response then end if if {latest.response} matches "(?:segment).{0,40}\b([A-Za-z0-9_\-a-zA-Z]{43}\.[A-Za-z0-9_\-a-zA-Z]{43})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Segmentapikey secret pattern detected in the response." @@ -4968,7 +4968,7 @@ given response then end if if {latest.response} matches "(?:selectpdf).{0,40}\b([a-z0-9-]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Selectpdf secret pattern detected in the response." @@ -4976,7 +4976,7 @@ given response then end if if {latest.response} matches "(?:semaphore).{0,40}\b([0-9a-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Semaphore secret pattern detected in the response." @@ -4984,7 +4984,7 @@ given response then end if if {latest.response} matches "SG\.[\w_]{16,32}\.[\w_]{16,64}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "SendGrid API Key secret pattern detected in the response." @@ -4992,7 +4992,7 @@ given response then end if if {latest.response} matches "(?:sendbird).{0,40}\b([0-9a-f]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Sendbird - 1 secret pattern detected in the response." @@ -5000,7 +5000,7 @@ given response then end if if {latest.response} matches "(?:sendbird).{0,40}\b([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Sendbird - 2 secret pattern detected in the response." @@ -5008,7 +5008,7 @@ given response then end if if {latest.response} matches "(?:sendbird).{0,40}\b([0-9a-f]{24})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Sendbirdorganizationapi secret pattern detected in the response." @@ -5016,7 +5016,7 @@ given response then end if if {latest.response} matches "(?:sendgrid).{0,40}(SG\.[\w\-_]{20,24}\.[\w\-_]{39,50})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Sendgrid secret pattern detected in the response." @@ -5024,7 +5024,7 @@ given response then end if if {latest.response} matches "\b(xkeysib\-[A-Za-z0-9_-]{81})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Sendinbluev2 secret pattern detected in the response." @@ -5032,7 +5032,7 @@ given response then end if if {latest.response} matches "(?:sentiment).{0,40}\b([0-9]{17})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Sentiment - 1 secret pattern detected in the response." @@ -5040,7 +5040,7 @@ given response then end if if {latest.response} matches "(?:sentiment).{0,40}\b([a-zA-Z0-9]{20})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Sentiment - 2 secret pattern detected in the response." @@ -5048,7 +5048,7 @@ given response then end if if {latest.response} matches "(?:sentry).{0,40}\b([a-f0-9]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Sentrytoken secret pattern detected in the response." @@ -5056,7 +5056,7 @@ given response then end if if {latest.response} matches "(?:serphouse).{0,40}\b([0-9A-Za-z]{60})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Serphouse secret pattern detected in the response." @@ -5064,7 +5064,7 @@ given response then end if if {latest.response} matches "(?:serpstack).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Serpstack secret pattern detected in the response." @@ -5072,7 +5072,7 @@ given response then end if if {latest.response} matches "(?:sheety).{0,40}\b([0-9a-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Sheety - 1 secret pattern detected in the response." @@ -5080,7 +5080,7 @@ given response then end if if {latest.response} matches "(?:sheety).{0,40}\b([0-9a-z]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Sheety - 2 secret pattern detected in the response." @@ -5088,7 +5088,7 @@ given response then end if if {latest.response} matches "(?:sherpadesk).{0,40}\b([0-9a-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Sherpadesk secret pattern detected in the response." @@ -5096,7 +5096,7 @@ given response then end if if {latest.response} matches "(?:shipday).{0,40}\b([a-zA-Z0-9.]{11}[a-zA-Z0-9]{20})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Shipday secret pattern detected in the response." @@ -5104,7 +5104,7 @@ given response then end if if {latest.response} matches "(?:shodan).{0,40}\b([a-zA-Z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Shodankey secret pattern detected in the response." @@ -5112,7 +5112,7 @@ given response then end if if {latest.response} matches "shpat_[a-fA-F0-9]{32}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Shopify access token secret pattern detected in the response." @@ -5120,7 +5120,7 @@ given response then end if if {latest.response} matches "shpca_[a-fA-F0-9]{32}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Shopify custom app access token secret pattern detected in the response." @@ -5128,7 +5128,7 @@ given response then end if if {latest.response} matches "shppa_[a-fA-F0-9]{32}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Shopify private app access token secret pattern detected in the response." @@ -5136,7 +5136,7 @@ given response then end if if {latest.response} matches "shpss_[a-fA-F0-9]{32}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Shopify shared secret secret pattern detected in the response." @@ -5144,7 +5144,7 @@ given response then end if if {latest.response} matches "(?:shortcut).{0,40}\b([0-9a-f-]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Shortcut secret pattern detected in the response." @@ -5152,7 +5152,7 @@ given response then end if if {latest.response} matches "(?:shotstack).{0,40}\b([a-zA-Z0-9]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Shotstack secret pattern detected in the response." @@ -5160,7 +5160,7 @@ given response then end if if {latest.response} matches "(?:shutterstock).{0,40}\b(v2/[0-9A-Za-z]{388})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Shutterstockoauth secret pattern detected in the response." @@ -5168,7 +5168,7 @@ given response then end if if {latest.response} matches "\b([0-9a-z-]{3,64}.signalwire.com)\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Signalwire - 1 secret pattern detected in the response." @@ -5176,7 +5176,7 @@ given response then end if if {latest.response} matches "(?:signalwire).{0,40}\b([0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Signalwire - 2 secret pattern detected in the response." @@ -5184,7 +5184,7 @@ given response then end if if {latest.response} matches "(?:signalwire).{0,40}\b([0-9A-Za-z]{50})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Signalwire - 3 secret pattern detected in the response." @@ -5192,7 +5192,7 @@ given response then end if if {latest.response} matches "(?:signaturit).{0,40}\b([0-9A-Za-z]{86})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Signaturit secret pattern detected in the response." @@ -5200,7 +5200,7 @@ given response then end if if {latest.response} matches "(?:signupgenius).{0,40}\b([0-9A-Za-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Signupgenius secret pattern detected in the response." @@ -5208,7 +5208,7 @@ given response then end if if {latest.response} matches "(?:sigopt).{0,40}\b([A-Z0-9]{48})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Sigopt secret pattern detected in the response." @@ -5216,7 +5216,7 @@ given response then end if if {latest.response} matches "(?:simplesat).{0,40}\b([a-z0-9]{40})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Simplesat secret pattern detected in the response." @@ -5224,7 +5224,7 @@ given response then end if if {latest.response} matches "(?:simplynoted).{0,40}\b([a-zA-Z0-9\S]{340,360})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Simplynoted secret pattern detected in the response." @@ -5232,7 +5232,7 @@ given response then end if if {latest.response} matches "(?:simvoly).{0,40}\b([a-z0-9]{33})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Simvoly secret pattern detected in the response." @@ -5240,7 +5240,7 @@ given response then end if if {latest.response} matches "(?:sinch).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Sinchmessage secret pattern detected in the response." @@ -5248,7 +5248,7 @@ given response then end if if {latest.response} matches "(?:sirv).{0,40}\b([a-zA-Z0-9\S]{88})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Sirv - 1 secret pattern detected in the response." @@ -5256,7 +5256,7 @@ given response then end if if {latest.response} matches "(?:sirv).{0,40}\b([a-zA-Z0-9]{26})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Sirv - 2 secret pattern detected in the response." @@ -5264,7 +5264,7 @@ given response then end if if {latest.response} matches "(?:siteleaf).{0,40}\b([0-9Aa-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Siteleaf secret pattern detected in the response." @@ -5272,7 +5272,7 @@ given response then end if if {latest.response} matches "(?:skrapp).{0,40}\b([a-z0-9A-Z]{42})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Skrappio secret pattern detected in the response." @@ -5280,7 +5280,7 @@ given response then end if if {latest.response} matches "(?:skybiometry).{0,40}\b([0-9a-z]{25,26})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Skybiometry secret pattern detected in the response." @@ -5288,7 +5288,7 @@ given response then end if if {latest.response} matches "xox[baprs]-[0-9a-zA-Z]{10,48}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Slack secret pattern detected in the response." @@ -5296,7 +5296,7 @@ given response then end if if {latest.response} matches "(xox[pborsa]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Slack Token secret pattern detected in the response." @@ -5304,7 +5304,7 @@ given response then end if if {latest.response} matches "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8,10}/B[a-zA-Z0-9_]{8,12}/[a-zA-Z0-9_]{23,24}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Slack Webhook secret pattern detected in the response." @@ -5312,7 +5312,7 @@ given response then end if if {latest.response} matches "xoxb-[0-9A-Za-z\-]{51}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Slack access token secret pattern detected in the response." @@ -5320,7 +5320,7 @@ given response then end if if {latest.response} matches "(https:\/\/hooks.slack.com\/services\/[A-Za-z0-9+\/]{44,46})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Slackwebhook secret pattern detected in the response." @@ -5328,7 +5328,7 @@ given response then end if if {latest.response} matches "(?:smartsheets).{0,40}\b([a-zA-Z0-9]{37})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Smartsheets secret pattern detected in the response." @@ -5336,7 +5336,7 @@ given response then end if if {latest.response} matches "(?:smartystreets).{0,40}\b([a-zA-Z0-9]{20})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Smartystreets - 1 secret pattern detected in the response." @@ -5344,7 +5344,7 @@ given response then end if if {latest.response} matches "(?:smartystreets).{0,40}\b([a-z0-9-]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Smartystreets - 2 secret pattern detected in the response." @@ -5352,7 +5352,7 @@ given response then end if if {latest.response} matches "(?:smooch).{0,40}\b(act_[0-9a-z]{24})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Smooch - 1 secret pattern detected in the response." @@ -5360,7 +5360,7 @@ given response then end if if {latest.response} matches "(?:smooch).{0,40}\b([0-9a-zA-Z_-]{86})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Smooch - 2 secret pattern detected in the response." @@ -5368,7 +5368,7 @@ given response then end if if {latest.response} matches "(?:snipcart).{0,40}\b([0-9A-Za-z_]{75})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Snipcart secret pattern detected in the response." @@ -5376,7 +5376,7 @@ given response then end if if {latest.response} matches "(?:snyk).{0,40}\b([0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Snykkey secret pattern detected in the response." @@ -5384,7 +5384,7 @@ given response then end if if {latest.response} matches "sonar.{0,50}(?:\"|'|`)?[0-9a-f]{40}(?:\"|'|`)?" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "SonarQube Token secret pattern detected in the response." @@ -5392,7 +5392,7 @@ given response then end if if {latest.response} matches "(?:splunk).{0,40}\b([a-z0-9A-Z]{22})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Splunkobservabilitytoken secret pattern detected in the response." @@ -5400,7 +5400,7 @@ given response then end if if {latest.response} matches "(?:spoonacular).{0,40}\b([0-9a-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Spoonacular secret pattern detected in the response." @@ -5408,7 +5408,7 @@ given response then end if if {latest.response} matches "(?:sportsmonk).{0,40}\b([0-9a-zA-Z]{60})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Sportsmonk secret pattern detected in the response." @@ -5416,7 +5416,7 @@ given response then end if if {latest.response} matches "(?:square).{0,40}(EAAA[a-zA-Z0-9\-\+\=]{60})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Square secret pattern detected in the response." @@ -5424,7 +5424,7 @@ given response then end if if {latest.response} matches "sq0csp-[0-9A-Za-z\-_]{43}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Square OAuth Secret secret pattern detected in the response." @@ -5432,7 +5432,7 @@ given response then end if if {latest.response} matches "sq0atp-[0-9A-Za-z\-_]{22}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Square access token secret pattern detected in the response." @@ -5440,7 +5440,7 @@ given response then end if if {latest.response} matches "[\w\-]*sq0i[a-z]{2}-[0-9A-Za-z\-_]{22,43}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Squareapp - 1 secret pattern detected in the response." @@ -5448,7 +5448,7 @@ given response then end if if {latest.response} matches "[\w\-]*sq0c[a-z]{2}-[0-9A-Za-z\-_]{40,50}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Squareapp - 2 secret pattern detected in the response." @@ -5456,7 +5456,7 @@ given response then end if if {latest.response} matches "(?:squarespace).{0,40}\b([0-9Aa-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Squarespace secret pattern detected in the response." @@ -5464,7 +5464,7 @@ given response then end if if {latest.response} matches "\b(sq0idp-[0-9A-Za-z]{22})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Squareup secret pattern detected in the response." @@ -5472,7 +5472,7 @@ given response then end if if {latest.response} matches "(?:sslmate).{0,40}\b([a-zA-Z0-9]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Sslmate secret pattern detected in the response." @@ -5480,7 +5480,7 @@ given response then end if if {latest.response} matches "(?:stitchdata).{0,40}\b([0-9a-z_]{35})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Stitchdata secret pattern detected in the response." @@ -5488,7 +5488,7 @@ given response then end if if {latest.response} matches "(?:stockdata).{0,40}\b([0-9A-Za-z]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Stockdata secret pattern detected in the response." @@ -5496,7 +5496,7 @@ given response then end if if {latest.response} matches "(?:storecove).{0,40}\b([a-zA-Z0-9_-]{43})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Storecove secret pattern detected in the response." @@ -5504,7 +5504,7 @@ given response then end if if {latest.response} matches "(?:stormglass).{0,40}\b([0-9Aa-z-]{73})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Stormglass secret pattern detected in the response." @@ -5512,7 +5512,7 @@ given response then end if if {latest.response} matches "(?:storyblok).{0,40}\b([0-9A-Za-z]{22}t{2})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Storyblok secret pattern detected in the response." @@ -5520,7 +5520,7 @@ given response then end if if {latest.response} matches "(?:storychief).{0,40}\b([a-zA-Z0-9_\-.]{940,1000})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Storychief secret pattern detected in the response." @@ -5528,7 +5528,7 @@ given response then end if if {latest.response} matches "(?:strava).{0,40}\b([0-9]{5})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Strava - 1 secret pattern detected in the response." @@ -5536,7 +5536,7 @@ given response then end if if {latest.response} matches "(?:strava).{0,40}\b([0-9a-z]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Strava - 2 secret pattern detected in the response." @@ -5544,7 +5544,7 @@ given response then end if if {latest.response} matches "(?:streak).{0,40}\b([0-9Aa-f]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Streak secret pattern detected in the response." @@ -5552,7 +5552,7 @@ given response then end if if {latest.response} matches "[rs]k_live_[a-zA-Z0-9]{20,30}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Stripe secret pattern detected in the response." @@ -5560,7 +5560,7 @@ given response then end if if {latest.response} matches "sk_live_[0-9a-zA-Z]{24}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Stripe API Key - 1 secret pattern detected in the response." @@ -5568,7 +5568,7 @@ given response then end if if {latest.response} matches "stripe[sr]k_live_[0-9a-zA-Z]{24}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Stripe API key - 2 secret pattern detected in the response." @@ -5576,7 +5576,7 @@ given response then end if if {latest.response} matches "stripe[sk|rk]_live_[0-9a-zA-Z]{24}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Stripe API key - 3 secret pattern detected in the response." @@ -5584,7 +5584,7 @@ given response then end if if {latest.response} matches "pk_live_[0-9a-z]{24}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Stripe Public Live Key secret pattern detected in the response." @@ -5592,7 +5592,7 @@ given response then end if if {latest.response} matches "pk_test_[0-9a-z]{24}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Stripe Public Test Key secret pattern detected in the response." @@ -5600,7 +5600,7 @@ given response then end if if {latest.response} matches "rk_(?:live|test)_[0-9a-zA-Z]{24}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Stripe Restriced Key secret pattern detected in the response." @@ -5608,7 +5608,7 @@ given response then end if if {latest.response} matches "rk_live_[0-9a-zA-Z]{24}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Stripe Restricted API Key secret pattern detected in the response." @@ -5616,7 +5616,7 @@ given response then end if if {latest.response} matches "sk_(?:live|test)_[0-9a-zA-Z]{24}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Stripe Secret Key secret pattern detected in the response." @@ -5624,7 +5624,7 @@ given response then end if if {latest.response} matches "(sk|rk)_live_[0-9a-z]{24}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Stripe Secret Live Key secret pattern detected in the response." @@ -5632,7 +5632,7 @@ given response then end if if {latest.response} matches "(sk|rk)_test_[0-9a-z]{24}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Stripe Secret Test Key secret pattern detected in the response." @@ -5640,7 +5640,7 @@ given response then end if if {latest.response} matches "(?:stytch).{0,40}\b([a-zA-Z0-9-_]{47}=)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Stytch - 1 secret pattern detected in the response." @@ -5648,7 +5648,7 @@ given response then end if if {latest.response} matches "(?:stytch).{0,40}\b([a-z0-9-]{49})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Stytch - 2 secret pattern detected in the response." @@ -5656,7 +5656,7 @@ given response then end if if {latest.response} matches "(?:sugester).{0,40}\b([a-zA-Z0-9_.!+$#^*%]{3,32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Sugester - 1 secret pattern detected in the response." @@ -5664,7 +5664,7 @@ given response then end if if {latest.response} matches "(?:sugester).{0,40}\b([a-zA-Z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Sugester - 2 secret pattern detected in the response." @@ -5672,7 +5672,7 @@ given response then end if if {latest.response} matches "(?:sumo).{0,40}\b([A-Za-z0-9]{14})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Sumologickey - 1 secret pattern detected in the response." @@ -5680,7 +5680,7 @@ given response then end if if {latest.response} matches "(?:sumo).{0,40}\b([A-Za-z0-9]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Sumologickey - 2 secret pattern detected in the response." @@ -5688,7 +5688,7 @@ given response then end if if {latest.response} matches "(?:supernotes).{0,40}([ \r\n]{0,1}[0-9A-Za-z\-_]{43}[ \r\n]{1})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Supernotesapi secret pattern detected in the response." @@ -5696,7 +5696,7 @@ given response then end if if {latest.response} matches "(?:surveybot).{0,40}\b([A-Za-z0-9-]{80})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Surveybot secret pattern detected in the response." @@ -5704,7 +5704,7 @@ given response then end if if {latest.response} matches "(?:surveysparrow).{0,40}\b([a-zA-Z0-9-_]{88})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Surveysparrow secret pattern detected in the response." @@ -5712,7 +5712,7 @@ given response then end if if {latest.response} matches "(?:survicate).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Survicate secret pattern detected in the response." @@ -5720,7 +5720,7 @@ given response then end if if {latest.response} matches "(?:swell).{0,40}\b([a-zA-Z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Swell - 2 secret pattern detected in the response." @@ -5728,7 +5728,7 @@ given response then end if if {latest.response} matches "(?:swiftype).{0,40}\b([a-zA-z-0-9]{6}\_[a-zA-z-0-9]{6}\-[a-zA-z-0-9]{6})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Swiftype secret pattern detected in the response." @@ -5736,7 +5736,7 @@ given response then end if if {latest.response} matches "(?:tallyfy).{0,40}\b([0-9A-Za-z]{36}\.[0-9A-Za-z]{264}\.[0-9A-Za-z\-\_]{683})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Tallyfy secret pattern detected in the response." @@ -5744,7 +5744,7 @@ given response then end if if {latest.response} matches "(?:tatum).{0,40}\b([0-9a-z-]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Tatumio secret pattern detected in the response." @@ -5752,7 +5752,7 @@ given response then end if if {latest.response} matches "(?:taxjar).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Taxjar secret pattern detected in the response." @@ -5760,7 +5760,7 @@ given response then end if if {latest.response} matches "(?:teamgate).{0,40}\b([a-z0-9]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Teamgate - 1 secret pattern detected in the response." @@ -5768,7 +5768,7 @@ given response then end if if {latest.response} matches "(?:teamgate).{0,40}\b([a-zA-Z0-9]{80})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Teamgate - 2 secret pattern detected in the response." @@ -5776,7 +5776,7 @@ given response then end if if {latest.response} matches "(?:teamwork|teamworkcrm).{0,40}\b(tkn\.v1_[0-9A-Za-z]{71}=[ \r\n]{1})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Teamworkcrm secret pattern detected in the response." @@ -5784,7 +5784,7 @@ given response then end if if {latest.response} matches "(?:teamwork|teamworkdesk).{0,40}\b(tkn\.v1_[0-9A-Za-z]{71}=[ \r\n]{1})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Teamworkdesk secret pattern detected in the response." @@ -5792,7 +5792,7 @@ given response then end if if {latest.response} matches "(?:teamwork|teamworkspaces).{0,40}\b(tkn\.v1_[0-9A-Za-z]{71}=[ \r\n]{1})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Teamworkspaces secret pattern detected in the response." @@ -5800,7 +5800,7 @@ given response then end if if {latest.response} matches "(?:technicalanalysisapi).{0,40}\b([A-Z0-9]{48})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Technicalanalysisapi secret pattern detected in the response." @@ -5808,7 +5808,7 @@ given response then end if if {latest.response} matches "[0-9]+:AA[0-9A-Za-z\-_]{33}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Telegram Bot API Key secret pattern detected in the response." @@ -5816,7 +5816,7 @@ given response then end if if {latest.response} matches "d{5,}:A[0-9a-z_-]{34,34}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Telegram Secret secret pattern detected in the response." @@ -5824,7 +5824,7 @@ given response then end if if {latest.response} matches "(?:telegram).{0,40}\b([0-9]{8,10}:[a-zA-Z0-9_-]{35})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Telegrambottoken secret pattern detected in the response." @@ -5832,7 +5832,7 @@ given response then end if if {latest.response} matches "(?:telnyx).{0,40}\b(KEY[0-9A-Za-z_-]{55})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Telnyx secret pattern detected in the response." @@ -5840,7 +5840,7 @@ given response then end if if {latest.response} matches "\b([A-Za-z0-9]{14}.atlasv1.[A-Za-z0-9]{67})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Terraformcloudpersonaltoken secret pattern detected in the response." @@ -5848,7 +5848,7 @@ given response then end if if {latest.response} matches "(?:text2data).{0,40}\b([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Text2data secret pattern detected in the response." @@ -5856,7 +5856,7 @@ given response then end if if {latest.response} matches "(?:textmagic).{0,40}\b([0-9A-Za-z]{30})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Textmagic - 1 secret pattern detected in the response." @@ -5864,7 +5864,7 @@ given response then end if if {latest.response} matches "(?:textmagic).{0,40}\b([0-9A-Za-z]{1,25})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Textmagic - 2 secret pattern detected in the response." @@ -5872,7 +5872,7 @@ given response then end if if {latest.response} matches "(?:theoddsapi|the-odds-api).{0,40}\b([0-9a-f]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Theoddsapi secret pattern detected in the response." @@ -5880,7 +5880,7 @@ given response then end if if {latest.response} matches "(?:thinkific).{0,40}\b([0-9a-f]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Thinkific - 1 secret pattern detected in the response." @@ -5888,7 +5888,7 @@ given response then end if if {latest.response} matches "(?:thinkific).{0,40}\b([0-9A-Za-z]{4,40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Thinkific - 2 secret pattern detected in the response." @@ -5896,7 +5896,7 @@ given response then end if if {latest.response} matches "(?:thousandeyes).{0,40}\b([a-zA-Z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Thousandeyes - 1 secret pattern detected in the response." @@ -5904,7 +5904,7 @@ given response then end if if {latest.response} matches "(?:thousandeyes).{0,40}\b([a-zA-Z0-9]{3,20}@[a-zA-Z0-9]{2,12}.[a-zA-Z0-9]{2,5})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Thousandeyes - 2 secret pattern detected in the response." @@ -5912,7 +5912,7 @@ given response then end if if {latest.response} matches "(?:ticketmaster).{0,40}\b([a-zA-Z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Ticketmaster secret pattern detected in the response." @@ -5920,7 +5920,7 @@ given response then end if if {latest.response} matches "(?:tiingo).{0,40}\b([0-9a-z]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Tiingo secret pattern detected in the response." @@ -5928,7 +5928,7 @@ given response then end if if {latest.response} matches "(?:timezoneapi).{0,40}\b([a-zA-Z0-9]{20})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Timezoneapi secret pattern detected in the response." @@ -5936,7 +5936,7 @@ given response then end if if {latest.response} matches "(?:tly).{0,40}\b([0-9A-Za-z]{60})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Tly secret pattern detected in the response." @@ -5944,7 +5944,7 @@ given response then end if if {latest.response} matches "(?:tmetric).{0,40}\b([0-9A-Z]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Tmetric secret pattern detected in the response." @@ -5952,7 +5952,7 @@ given response then end if if {latest.response} matches "(?:todoist).{0,40}\b([0-9a-z]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Todoist secret pattern detected in the response." @@ -5960,7 +5960,7 @@ given response then end if if {latest.response} matches "(?:toggl).{0,40}\b([0-9Aa-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Toggltrack secret pattern detected in the response." @@ -5968,7 +5968,7 @@ given response then end if if {latest.response} matches "(?:tomorrow).{0,40}\b([a-zA-Z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Tomorrowio secret pattern detected in the response." @@ -5976,7 +5976,7 @@ given response then end if if {latest.response} matches "(?:tomtom).{0,40}\b([0-9Aa-zA-Z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Tomtom secret pattern detected in the response." @@ -5984,7 +5984,7 @@ given response then end if if {latest.response} matches "(?:tradier).{0,40}\b([a-zA-Z0-9]{28})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Tradier secret pattern detected in the response." @@ -5992,7 +5992,7 @@ given response then end if if {latest.response} matches "(?:travelpayouts).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Travelpayouts secret pattern detected in the response." @@ -6000,7 +6000,7 @@ given response then end if if {latest.response} matches "(?:travis).{0,40}\b([a-zA-Z0-9A-Z_]{22})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Travisci secret pattern detected in the response." @@ -6008,7 +6008,7 @@ given response then end if if {latest.response} matches "https://trello.com/b/[0-9a-z]/[0-9a-z_-]+" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Trello URL secret pattern detected in the response." @@ -6016,7 +6016,7 @@ given response then end if if {latest.response} matches "(?:trello).{0,40}\b([a-zA-Z-0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Trelloapikey - 2 secret pattern detected in the response." @@ -6024,7 +6024,7 @@ given response then end if if {latest.response} matches "(?:twelvedata).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Twelvedata secret pattern detected in the response." @@ -6032,7 +6032,7 @@ given response then end if if {latest.response} matches "\bAC[0-9a-f]{32}\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Twilio - 1 secret pattern detected in the response." @@ -6040,7 +6040,7 @@ given response then end if if {latest.response} matches "SK[0-9a-fA-F]{32}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Twilio API Key secret pattern detected in the response." @@ -6048,7 +6048,7 @@ given response then end if if {latest.response} matches "twitter[0-9a-z]{18,25}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Twitter Client ID secret pattern detected in the response." @@ -6056,7 +6056,7 @@ given response then end if if {latest.response} matches "twitter[0-9a-z]{35,44}" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Twitter Secret Key secret pattern detected in the response." @@ -6064,7 +6064,7 @@ given response then end if if {latest.response} matches "(?:tyntec).{0,40}\b([a-zA-Z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Tyntec secret pattern detected in the response." @@ -6072,7 +6072,7 @@ given response then end if if {latest.response} matches "(?:typeform).{0,40}\b([0-9A-Za-z]{44})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Typeform secret pattern detected in the response." @@ -6080,7 +6080,7 @@ given response then end if if {latest.response} matches "\b(BBFF-[0-9a-zA-Z]{30})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Ubidots secret pattern detected in the response." @@ -6088,7 +6088,7 @@ given response then end if if {latest.response} matches "(?:unify).{0,40}\b([0-9A-Za-z_=-]{44})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Unifyid secret pattern detected in the response." @@ -6096,7 +6096,7 @@ given response then end if if {latest.response} matches "(?:unplu).{0,40}\b([a-z0-9]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Unplugg secret pattern detected in the response." @@ -6104,7 +6104,7 @@ given response then end if if {latest.response} matches "(?:unsplash).{0,40}\b([0-9A-Za-z_]{43})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Unsplash secret pattern detected in the response." @@ -6112,7 +6112,7 @@ given response then end if if {latest.response} matches "(?:upcdatabase).{0,40}\b([A-Z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Upcdatabase secret pattern detected in the response." @@ -6120,7 +6120,7 @@ given response then end if if {latest.response} matches "(?:uplead).{0,40}\b([a-z0-9-]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Uplead secret pattern detected in the response." @@ -6128,7 +6128,7 @@ given response then end if if {latest.response} matches "(?:uploadcare).{0,40}\b([a-z0-9]{20})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Uploadcare secret pattern detected in the response." @@ -6136,7 +6136,7 @@ given response then end if if {latest.response} matches "(?:upwave).{0,40}\b([0-9a-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Upwave secret pattern detected in the response." @@ -6144,7 +6144,7 @@ given response then end if if {latest.response} matches "(?:urlscan).{0,40}\b([a-z0-9-]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Urlscan secret pattern detected in the response." @@ -6152,7 +6152,7 @@ given response then end if if {latest.response} matches "(?:userstack).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Userstack secret pattern detected in the response." @@ -6160,7 +6160,7 @@ given response then end if if {latest.response} matches "(?:vatlayer).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Vatlayer secret pattern detected in the response." @@ -6168,7 +6168,7 @@ given response then end if if {latest.response} matches "(?:vercel).{0,40}\b([a-zA-Z0-9]{24})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Vercel secret pattern detected in the response." @@ -6176,7 +6176,7 @@ given response then end if if {latest.response} matches "(?:verifier).{0,40}\b([a-zA-Z-0-9-]{5,16}\@[a-zA-Z-0-9]{4,16}\.[a-zA-Z-0-9]{3,6})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Verifier - 1 secret pattern detected in the response." @@ -6184,7 +6184,7 @@ given response then end if if {latest.response} matches "(?:verifier).{0,40}\b([a-z0-9]{96})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Verifier - 2 secret pattern detected in the response." @@ -6192,7 +6192,7 @@ given response then end if if {latest.response} matches "(?:verimail).{0,40}\b([A-Z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Verimail secret pattern detected in the response." @@ -6200,7 +6200,7 @@ given response then end if if {latest.response} matches "(?:veriphone).{0,40}\b([0-9A-Z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Veriphone secret pattern detected in the response." @@ -6208,7 +6208,7 @@ given response then end if if {latest.response} matches "(?:versioneye).{0,40}\b([a-zA-Z0-9-]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Versioneye secret pattern detected in the response." @@ -6216,7 +6216,7 @@ given response then end if if {latest.response} matches "(?:viewneo).{0,40}\b([a-z0-9A-Z]{120,300}.[a-z0-9A-Z]{150,300}.[a-z0-9A-Z-_]{600,800})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Viewneo secret pattern detected in the response." @@ -6224,7 +6224,7 @@ given response then end if if {latest.response} matches "(?:virustotal).{0,40}\b([a-f0-9]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Virustotal secret pattern detected in the response." @@ -6232,7 +6232,7 @@ given response then end if if {latest.response} matches "(?:visualcrossing).{0,40}\b([0-9A-Z]{25})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Visualcrossing secret pattern detected in the response." @@ -6240,7 +6240,7 @@ given response then end if if {latest.response} matches "(?:voicegain).{0,40}\b(ey[0-9a-zA-Z_-]{34}.ey[0-9a-zA-Z_-]{108}.[0-9a-zA-Z_-]{43})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Voicegain secret pattern detected in the response." @@ -6248,7 +6248,7 @@ given response then end if if {latest.response} matches "(?:vouchery).{0,40}\b([a-z0-9-]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Vouchery - 1 secret pattern detected in the response." @@ -6256,7 +6256,7 @@ given response then end if if {latest.response} matches "(?:vouchery).{0,40}\b([a-zA-Z0-9-\S]{2,20})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Vouchery - 2 secret pattern detected in the response." @@ -6264,7 +6264,7 @@ given response then end if if {latest.response} matches "(?:vpnapi).{0,40}\b([a-z0-9A-Z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Vpnapi secret pattern detected in the response." @@ -6272,7 +6272,7 @@ given response then end if if {latest.response} matches "(?:vultr).{0,40} \b([A-Z0-9]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Vultrapikey secret pattern detected in the response." @@ -6280,7 +6280,7 @@ given response then end if if {latest.response} matches "(?:vyte).{0,40}\b([0-9a-z]{50})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Vyte secret pattern detected in the response." @@ -6288,7 +6288,7 @@ given response then end if if {latest.response} matches "(?:walkscore).{0,40}\b([0-9a-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Walkscore secret pattern detected in the response." @@ -6296,7 +6296,7 @@ given response then end if if {latest.response} matches "(?:weatherbit).{0,40}\b([0-9a-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Weatherbit secret pattern detected in the response." @@ -6304,7 +6304,7 @@ given response then end if if {latest.response} matches "(?:weatherstack).{0,40}\b([0-9a-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Weatherstack secret pattern detected in the response." @@ -6312,7 +6312,7 @@ given response then end if if {latest.response} matches "(?:error).{0,40}(redirect_uri_mismatch)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Webex - 1 secret pattern detected in the response." @@ -6320,7 +6320,7 @@ given response then end if if {latest.response} matches "(?:webex).{0,40}\b([A-Za-z0-9_-]{65})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Webex - 2 secret pattern detected in the response." @@ -6328,7 +6328,7 @@ given response then end if if {latest.response} matches "(?:webex).{0,40}\b([A-Za-z0-9_-]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Webex - 3 secret pattern detected in the response." @@ -6336,7 +6336,7 @@ given response then end if if {latest.response} matches "(?:webflow).{0,40}\b([a-zA0-9]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Webflow secret pattern detected in the response." @@ -6344,7 +6344,7 @@ given response then end if if {latest.response} matches "(?:webscraper).{0,40}\b([a-zA-Z0-9]{60})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Webscraper secret pattern detected in the response." @@ -6352,7 +6352,7 @@ given response then end if if {latest.response} matches "(?:webscraping).{0,40}\b([0-9A-Za-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Webscraping secret pattern detected in the response." @@ -6360,7 +6360,7 @@ given response then end if if {latest.response} matches "(?:wepay).{0,40}\b([a-zA-Z0-9_?]{62})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Wepay - 2 secret pattern detected in the response." @@ -6368,7 +6368,7 @@ given response then end if if {latest.response} matches "(?:whoxy).{0,40}\b([0-9a-z]{33})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Whoxy secret pattern detected in the response." @@ -6376,7 +6376,7 @@ given response then end if if {latest.response} matches "(?:worksnaps).{0,40}\b([0-9A-Za-z]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Worksnaps secret pattern detected in the response." @@ -6384,7 +6384,7 @@ given response then end if if {latest.response} matches "(?:workstack).{0,40}\b([0-9Aa-zA-Z]{60})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Workstack secret pattern detected in the response." @@ -6392,7 +6392,7 @@ given response then end if if {latest.response} matches "(?:worldcoinindex).{0,40}\b([a-zA-Z0-9]{35})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Worldcoinindex secret pattern detected in the response." @@ -6400,7 +6400,7 @@ given response then end if if {latest.response} matches "(?:worldweather).{0,40}\b([0-9a-z]{31})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Worldweather secret pattern detected in the response." @@ -6408,7 +6408,7 @@ given response then end if if {latest.response} matches "(?:wrike).{0,40}\b(ey[a-zA-Z0-9-._]{333})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Wrike secret pattern detected in the response." @@ -6416,7 +6416,7 @@ given response then end if if {latest.response} matches "(?:yandex).{0,40}\b([a-z0-9A-Z.]{83})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Yandex secret pattern detected in the response." @@ -6424,7 +6424,7 @@ given response then end if if {latest.response} matches "(?:youneedabudget).{0,40}\b([0-9a-f]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Youneedabudget secret pattern detected in the response." @@ -6432,7 +6432,7 @@ given response then end if if {latest.response} matches "(?:yousign).{0,40}\b([0-9a-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Yousign secret pattern detected in the response." @@ -6440,7 +6440,7 @@ given response then end if if {latest.response} matches "(https:\/\/hooks.zapier.com\/hooks\/catch\/[A-Za-z0-9\/]{16})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Zapierwebhook secret pattern detected in the response." @@ -6448,7 +6448,7 @@ given response then end if if {latest.response} matches "(?:zendesk).{0,40}([A-Za-z0-9_-]{40})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Zendeskapi - 3 secret pattern detected in the response." @@ -6456,7 +6456,7 @@ given response then end if if {latest.response} matches "(?:zenkit).{0,40}\b([0-9a-z]{8}\-[0-9A-Za-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Zenkitapi secret pattern detected in the response." @@ -6464,7 +6464,7 @@ given response then end if if {latest.response} matches "(?:zenscrape).{0,40}\b([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Zenscrape secret pattern detected in the response." @@ -6472,7 +6472,7 @@ given response then end if if {latest.response} matches "(?:zenserp).{0,40}\b([0-9a-z-]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Zenserp secret pattern detected in the response." @@ -6480,7 +6480,7 @@ given response then end if if {latest.response} matches "(?:zeplin).{0,40}\b([a-zA-Z0-9-.]{350,400})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Zeplin secret pattern detected in the response." @@ -6488,7 +6488,7 @@ given response then end if if {latest.response} matches "(?:zerobounce).{0,40}\b([a-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Zerobounce secret pattern detected in the response." @@ -6496,7 +6496,7 @@ given response then end if if {latest.response} matches "(?:zipapi).{0,40}\b([a-zA-Z0-9!=@#$%^]{7,})" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Zipapi - 1 secret pattern detected in the response." @@ -6504,7 +6504,7 @@ given response then end if if {latest.response} matches "(?:zipapi).{0,40}\b([0-9a-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Zipapi - 3 secret pattern detected in the response." @@ -6512,7 +6512,7 @@ given response then end if if {latest.response} matches "(?:zipcodeapi).{0,40}\b([a-zA-Z0-9]{64})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Zipcodeapi secret pattern detected in the response." @@ -6520,7 +6520,7 @@ given response then end if if {latest.response} matches "(?:zonka).{0,40}\b([A-Za-z0-9]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "Zonkafeedback secret pattern detected in the response." @@ -6528,7 +6528,7 @@ given response then end if if {latest.response} matches "amazon[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "amazon_secret_access_key secret pattern detected in the response." @@ -6536,7 +6536,7 @@ given response then end if if {latest.response} matches "ansible[_-]?vault[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "ansible_vault_password secret pattern detected in the response." @@ -6544,7 +6544,7 @@ given response then end if if {latest.response} matches "chrome[_-]?client[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "chrome_client_secret secret pattern detected in the response." @@ -6552,7 +6552,7 @@ given response then end if if {latest.response} matches "chrome[_-]?refresh[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "chrome_refresh_token secret pattern detected in the response." @@ -6560,7 +6560,7 @@ given response then end if if {latest.response} matches "ci[_-]?deploy[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "ci_deploy_password secret pattern detected in the response." @@ -6568,7 +6568,7 @@ given response then end if if {latest.response} matches "ci[_-]?project[_-]?url(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "ci_project_url secret pattern detected in the response." @@ -6576,7 +6576,7 @@ given response then end if if {latest.response} matches "ci[_-]?registry[_-]?user(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "ci_registry_user secret pattern detected in the response." @@ -6584,7 +6584,7 @@ given response then end if if {latest.response} matches "ci[_-]?server[_-]?name(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "ci_server_name secret pattern detected in the response." @@ -6592,7 +6592,7 @@ given response then end if if {latest.response} matches "cloud[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "cloud_api_key secret pattern detected in the response." @@ -6600,7 +6600,7 @@ given response then end if if {latest.response} matches "cloudflare[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "cloudflare_api_key secret pattern detected in the response." @@ -6608,7 +6608,7 @@ given response then end if if {latest.response} matches "cloudflare[_-]?auth[_-]?email(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "cloudflare_auth_email secret pattern detected in the response." @@ -6616,7 +6616,7 @@ given response then end if if {latest.response} matches "consumer[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "consumer_key secret pattern detected in the response." @@ -6624,7 +6624,7 @@ given response then end if if {latest.response} matches "database[_-]?username(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "database_username secret pattern detected in the response." @@ -6632,7 +6632,7 @@ given response then end if if {latest.response} matches "db[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "db_password secret pattern detected in the response." @@ -6640,7 +6640,7 @@ given response then end if if {latest.response} matches "db[_-]?pw(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "db_pw secret pattern detected in the response." @@ -6648,7 +6648,7 @@ given response then end if if {latest.response} matches "docker[_-]?hub[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "docker_hub_password secret pattern detected in the response." @@ -6656,7 +6656,7 @@ given response then end if if {latest.response} matches "docker[_-]?passwd(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "docker_passwd secret pattern detected in the response." @@ -6664,7 +6664,7 @@ given response then end if if {latest.response} matches "docker[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "docker_password secret pattern detected in the response." @@ -6672,7 +6672,7 @@ given response then end if if {latest.response} matches "docker[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "docker_token secret pattern detected in the response." @@ -6680,7 +6680,7 @@ given response then end if if {latest.response} matches "dockerhub[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "dockerhub_password secret pattern detected in the response." @@ -6688,7 +6688,7 @@ given response then end if if {latest.response} matches "doordash[_-]?auth[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "doordash_auth_token secret pattern detected in the response." @@ -6696,7 +6696,7 @@ given response then end if if {latest.response} matches "dropbox[_-]?oauth[_-]?bearer(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "dropbox_oauth_bearer secret pattern detected in the response." @@ -6704,7 +6704,7 @@ given response then end if if {latest.response} matches "droplet[_-]?travis[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "droplet_travis_password secret pattern detected in the response." @@ -6712,7 +6712,7 @@ given response then end if if {latest.response} matches "env[_-]?github[_-]?oauth[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "env_github_oauth_token secret pattern detected in the response." @@ -6720,7 +6720,7 @@ given response then end if if {latest.response} matches "env[_-]?heroku[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "env_heroku_api_key secret pattern detected in the response." @@ -6728,7 +6728,7 @@ given response then end if if {latest.response} matches "(EAACEdEose0cBA[0-9A-Za-z]+)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "facebook_access_token secret pattern detected in the response." @@ -6736,7 +6736,7 @@ given response then end if if {latest.response} matches "firebase[_-]?api[_-]?json(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "firebase_api_json secret pattern detected in the response." @@ -6744,7 +6744,7 @@ given response then end if if {latest.response} matches "firebase[_-]?api[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "firebase_api_token secret pattern detected in the response." @@ -6752,7 +6752,7 @@ given response then end if if {latest.response} matches "firebase[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "firebase_key secret pattern detected in the response." @@ -6760,7 +6760,7 @@ given response then end if if {latest.response} matches "firebase[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "firebase_token secret pattern detected in the response." @@ -6768,7 +6768,7 @@ given response then end if if {latest.response} matches "firefox[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "firefox_secret secret pattern detected in the response." @@ -6776,7 +6776,7 @@ given response then end if if {latest.response} matches "ftp[_-]?pw(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "ftp_pw secret pattern detected in the response." @@ -6784,7 +6784,7 @@ given response then end if if {latest.response} matches "gh[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "gh_api_key secret pattern detected in the response." @@ -6792,7 +6792,7 @@ given response then end if if {latest.response} matches "github[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "github_api_key secret pattern detected in the response." @@ -6800,7 +6800,7 @@ given response then end if if {latest.response} matches "github[_-]?oauth(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "github_oauth secret pattern detected in the response." @@ -6808,7 +6808,7 @@ given response then end if if {latest.response} matches "github[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "github_token secret pattern detected in the response." @@ -6816,7 +6816,7 @@ given response then end if if {latest.response} matches "github[_-]?tokens(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "github_tokens secret pattern detected in the response." @@ -6824,7 +6824,7 @@ given response then end if if {latest.response} matches "google[_-]?client[_-]?id(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "google_client_id secret pattern detected in the response." @@ -6832,7 +6832,7 @@ given response then end if if {latest.response} matches "google[_-]?client[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "google_client_secret secret pattern detected in the response." @@ -6840,7 +6840,7 @@ given response then end if if {latest.response} matches "google[_-]?maps[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "google_maps_api_key secret pattern detected in the response." @@ -6848,7 +6848,7 @@ given response then end if if {latest.response} matches "(ya29.[0-9A-Za-z-_]+)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "google_oauth secret pattern detected in the response." @@ -6856,7 +6856,7 @@ given response then end if if {latest.response} matches "(W(?:[a-f0-9]{32}(-us[0-9]{1,2}))a-zA-Z0-9)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "mailchimp secret pattern detected in the response." @@ -6864,7 +6864,7 @@ given response then end if if {latest.response} matches "mailgun[_-]?priv[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "mailgun_priv_key secret pattern detected in the response." @@ -6872,7 +6872,7 @@ given response then end if if {latest.response} matches "mailgun[_-]?secret[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "mailgun_secret_api_key secret pattern detected in the response." @@ -6880,7 +6880,7 @@ given response then end if if {latest.response} matches "(master_password).+" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "master_password secret pattern detected in the response." @@ -6888,7 +6888,7 @@ given response then end if if {latest.response} matches "mg[_-]?public[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "mg_public_api_key secret pattern detected in the response." @@ -6896,7 +6896,7 @@ given response then end if if {latest.response} matches "mysql[_-]?root[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "mysql_root_password secret pattern detected in the response." @@ -6904,7 +6904,7 @@ given response then end if if {latest.response} matches "netlify[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "netlify_api_key secret pattern detected in the response." @@ -6912,7 +6912,7 @@ given response then end if if {latest.response} matches "rabbitmq[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "rabbitmq_password secret pattern detected in the response." @@ -6920,7 +6920,7 @@ given response then end if if {latest.response} matches "rediscloud[_-]?url(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "rediscloud_url secret pattern detected in the response." @@ -6928,7 +6928,7 @@ given response then end if if {latest.response} matches "release[_-]?gh[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "release_gh_token secret pattern detected in the response." @@ -6936,7 +6936,7 @@ given response then end if if {latest.response} matches "rubygems[_-]?auth[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "rubygems_auth_token secret pattern detected in the response." @@ -6944,7 +6944,7 @@ given response then end if if {latest.response} matches "travis[_-]?secure[_-]?env[_-]?vars(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "travis_secure_env_vars secret pattern detected in the response." @@ -6952,7 +6952,7 @@ given response then end if if {latest.response} matches "travis[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "travis_token secret pattern detected in the response." @@ -6960,7 +6960,7 @@ given response then end if if {latest.response} matches "twilio[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "twilio_api_key secret pattern detected in the response." @@ -6968,7 +6968,7 @@ given response then end if if {latest.response} matches "twilio[_-]?api[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "twilio_api_secret secret pattern detected in the response." @@ -6976,7 +6976,7 @@ given response then end if if {latest.response} matches "twilio[_-]?chat[_-]?account[_-]?api[_-]?service(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "twilio_chat_account_api_service secret pattern detected in the response." @@ -6984,7 +6984,7 @@ given response then end if if {latest.response} matches "twilio[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "twilio_token secret pattern detected in the response." @@ -6992,7 +6992,7 @@ given response then end if if {latest.response} matches "twitter[_-]?consumer[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "twitter_consumer_key secret pattern detected in the response." @@ -7000,7 +7000,7 @@ given response then end if if {latest.response} matches "twitter[_-]?consumer[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "twitter_consumer_secret secret pattern detected in the response." @@ -7008,7 +7008,7 @@ given response then end if if {latest.response} matches "twitteroauthaccesssecret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "twitteroauthaccesssecret secret pattern detected in the response." @@ -7016,7 +7016,7 @@ given response then end if if {latest.response} matches "twitteroauthaccesstoken(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "twitteroauthaccesstoken secret pattern detected in the response." @@ -7024,7 +7024,7 @@ given response then end if if {latest.response} matches "urban[_-]?master[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "urban_master_secret secret pattern detected in the response." @@ -7032,7 +7032,7 @@ given response then end if if {latest.response} matches "use[_-]?ssh(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "use_ssh secret pattern detected in the response." @@ -7040,7 +7040,7 @@ given response then end if if {latest.response} matches "user[_-]?assets[_-]?access[_-]?key[_-]?id(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "user_assets_access_key_id secret pattern detected in the response." @@ -7048,7 +7048,7 @@ given response then end if if {latest.response} matches "virustotal[_-]?apikey(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: certain detail: "virustotal_apikey secret pattern detected in the response." From e6ac8df86f42f452b3848c8a5577895d85ae282a Mon Sep 17 00:00:00 2001 From: Khaled Mohamed <46958133+xElkomy@users.noreply.github.com> Date: Thu, 25 Jan 2024 18:04:11 +0200 Subject: [PATCH 4/6] Update tentative.bcheck --- other/tokens/tentative.bcheck | 1454 ++++++++++++++++----------------- 1 file changed, 727 insertions(+), 727 deletions(-) diff --git a/other/tokens/tentative.bcheck b/other/tokens/tentative.bcheck index f5613fe..5954e0f 100644 --- a/other/tokens/tentative.bcheck +++ b/other/tokens/tentative.bcheck @@ -1,5 +1,5 @@ metadata: - language: v1-beta + language: v2-beta name: "Information Disclosure Secret Finder - tentative" description: "Detects secret patterns in responses." author: "bugswagger, xelkomy, juba0x00, xhzeem" @@ -8,7 +8,7 @@ metadata: given response then if {latest.response} matches "ec2-[0-9a-z._-]+.compute(-1)?.amazonaws.com" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "AWS EC2 External secret pattern detected in the response." @@ -16,7 +16,7 @@ given response then end if if {latest.response} matches "[0-9a-z._-]+.compute(-1)?.internal" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "AWS EC2 Internal secret pattern detected in the response." @@ -24,7 +24,7 @@ given response then end if if {latest.response} matches "[0-9a-z._-]+.elb.amazonaws.com" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "AWS ELB secret pattern detected in the response." @@ -32,7 +32,7 @@ given response then end if if {latest.response} matches "[0-9a-z._-]+.cache.amazonaws.com" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "AWS ElasticCache secret pattern detected in the response." @@ -40,7 +40,7 @@ given response then end if if {latest.response} matches "mzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "AWS MWS ID secret pattern detected in the response." @@ -48,7 +48,7 @@ given response then end if if {latest.response} matches "(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "AWS client ID secret pattern detected in the response." @@ -56,7 +56,7 @@ given response then end if if {latest.response} matches "(?:algolia).{0,40}\b([A-Z0-9]{10})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Algoliaadminkey - 1 secret pattern detected in the response." @@ -64,7 +64,7 @@ given response then end if if {latest.response} matches "(?:algolia).{0,40}\b([a-zA-Z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Algoliaadminkey - 2 secret pattern detected in the response." @@ -72,7 +72,7 @@ given response then end if if {latest.response} matches "arn:aws:sns:[a-z0-9\-]+:[0-9]+:[A-Za-z0-9\-_]+" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Amazon SNS Topic secret pattern detected in the response." @@ -80,7 +80,7 @@ given response then end if if {latest.response} matches "(?:\s|=|:|\"|^)AKC[a-zA-Z0-9]{10,}" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Artifactory API Token secret pattern detected in the response." @@ -88,7 +88,7 @@ given response then end if if {latest.response} matches "(?:\s|=|:|\"|^)AP[\dABCDEF][a-zA-Z0-9]{8,}" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Artifactory Password secret pattern detected in the response." @@ -96,7 +96,7 @@ given response then end if if {latest.response} matches "(?:auth0).{0,40}\b([a-zA-Z0-9_-]{32,60})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Auth0oauth - 1 secret pattern detected in the response." @@ -104,7 +104,7 @@ given response then end if if {latest.response} matches "(bearer).+" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Bearer token secret pattern detected in the response." @@ -112,7 +112,7 @@ given response then end if if {latest.response} matches "(?:blogger).{0,40}\b([0-9A-Za-z-]{39})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Blogger secret pattern detected in the response." @@ -120,7 +120,7 @@ given response then end if if {latest.response} matches "(?:circle).{0,40}([a-fA-F0-9]{40})" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Circleci secret pattern detected in the response." @@ -128,7 +128,7 @@ given response then end if if {latest.response} matches "(?:cloudflare).{0,40}\b([A-Za-z0-9_-]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Cloudflareapitoken secret pattern detected in the response." @@ -136,7 +136,7 @@ given response then end if if {latest.response} matches "(?:customer).{0,40}\b([a-z0-9A-Z]{20})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Customerio secret pattern detected in the response." @@ -144,7 +144,7 @@ given response then end if if {latest.response} matches "(?:datadog).{0,40}\b([a-zA-Z-0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Datadogtoken - 1 secret pattern detected in the response." @@ -152,7 +152,7 @@ given response then end if if {latest.response} matches "(?:datadog).{0,40}\b([a-zA-Z-0-9]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Datadogtoken - 2 secret pattern detected in the response." @@ -160,7 +160,7 @@ given response then end if if {latest.response} matches "(?:debounce).{0,40}\b([a-zA-Z0-9]{13})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Debounce secret pattern detected in the response." @@ -168,7 +168,7 @@ given response then end if if {latest.response} matches "(?:8x8).{0,40}\b([a-zA-Z0-9_]{18,30})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Eightxeight - 1 secret pattern detected in the response." @@ -176,7 +176,7 @@ given response then end if if {latest.response} matches "(?:etsy).{0,40}\b([a-zA-Z-0-9]{24})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Etsyapikey secret pattern detected in the response." @@ -184,7 +184,7 @@ given response then end if if {latest.response} matches "AAAA[a-zA-Z0-9_-]{7}:[a-zA-Z0-9_-]{140}" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "FCM Server Key secret pattern detected in the response." @@ -192,7 +192,7 @@ given response then end if if {latest.response} matches "(AAAA[a-zA-Z0-9_-]{7}:[a-zA-Z0-9_-]{140})" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "FCM_server_key secret pattern detected in the response." @@ -200,7 +200,7 @@ given response then end if if {latest.response} matches "[fF][aA][cC][eE][bB][oO][oO][kK].*['|\"][0-9a-f]{32}['|\"]" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Facebook OAuth secret pattern detected in the response." @@ -208,7 +208,7 @@ given response then end if if {latest.response} matches "(?:facebook).{0,40}\b([A-Za-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Facebookoauth secret pattern detected in the response." @@ -216,7 +216,7 @@ given response then end if if {latest.response} matches "[a-z0-9.-]+\.firebaseio\.com" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Firebase Database Detect - 1 secret pattern detected in the response." @@ -224,7 +224,7 @@ given response then end if if {latest.response} matches "[a-z0-9.-]+\.firebaseapp\.com" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Firebase Database Detect - 2 secret pattern detected in the response." @@ -232,7 +232,7 @@ given response then end if if {latest.response} matches "(?:float).{0,40}\b([a-zA-Z0-9-._+=]{59,60})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Float secret pattern detected in the response." @@ -240,7 +240,7 @@ given response then end if if {latest.response} matches "TOKEN[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Generic - 1688 secret pattern detected in the response." @@ -248,7 +248,7 @@ given response then end if if {latest.response} matches "API[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Generic - 1689 secret pattern detected in the response." @@ -256,7 +256,7 @@ given response then end if if {latest.response} matches "SECRET[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Generic - 1691 secret pattern detected in the response." @@ -264,7 +264,7 @@ given response then end if if {latest.response} matches "AUTHORIZATION[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Generic - 1692 secret pattern detected in the response." @@ -272,7 +272,7 @@ given response then end if if {latest.response} matches "PASSWORD[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Generic - 1693 secret pattern detected in the response." @@ -280,7 +280,7 @@ given response then end if if {latest.response} matches "(A|a)(P|p)(Ii)[\-|_|A-Za-z0-9]*(\''|\")?( )*(:|=)( )*(\''|\")?[0-9A-Za-z\-_]+(\''|\")?" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Generic - 1695 secret pattern detected in the response." @@ -288,7 +288,7 @@ given response then end if if {latest.response} matches "[a-z0-9.-]+\.s3-[a-z0-9-]\.amazonaws\.com" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Generic - 1707 secret pattern detected in the response." @@ -296,7 +296,7 @@ given response then end if if {latest.response} matches "[a-z0-9.-]+\.s3-website[.-](eu|ap|us|ca|sa|cn)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Generic - 1708 secret pattern detected in the response." @@ -304,7 +304,7 @@ given response then end if if {latest.response} matches "branchio_secret" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Generic - 1715 secret pattern detected in the response." @@ -312,7 +312,7 @@ given response then end if if {latest.response} matches "google_cm" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Generic - 1731 secret pattern detected in the response." @@ -320,7 +320,7 @@ given response then end if if {latest.response} matches "google_maps_key" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Generic - 1732 secret pattern detected in the response." @@ -328,7 +328,7 @@ given response then end if if {latest.response} matches "mailjet" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Generic - 1737 secret pattern detected in the response." @@ -336,7 +336,7 @@ given response then end if if {latest.response} matches "mapbox_access_token" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Generic - 1738 secret pattern detected in the response." @@ -344,7 +344,7 @@ given response then end if if {latest.response} matches "slack_webhook" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Generic - 1749 secret pattern detected in the response." @@ -352,7 +352,7 @@ given response then end if if {latest.response} matches "square_secret" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Generic - 1750 secret pattern detected in the response." @@ -360,7 +360,7 @@ given response then end if if {latest.response} matches "twilio_sid_token" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Generic - 1753 secret pattern detected in the response." @@ -368,7 +368,7 @@ given response then end if if {latest.response} matches "zapier_webhook" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Generic - 1762 secret pattern detected in the response." @@ -376,7 +376,7 @@ given response then end if if {latest.response} matches "s3-[a-z0-9-]+\.amazonaws\.com/[a-z0-9._-]+" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Generic - 1765 secret pattern detected in the response." @@ -384,7 +384,7 @@ given response then end if if {latest.response} matches "[sS][eE][cC][rR][eE][tT].*['|\"][0-9a-zA-Z]{32,45}['|\"]" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Generic Secret secret pattern detected in the response." @@ -392,7 +392,7 @@ given response then end if if {latest.response} matches "(webhook).+(secret|token|key).+" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Generic webhook secret secret pattern detected in the response." @@ -400,7 +400,7 @@ given response then end if if {latest.response} matches "[gG][iI][tT][hH][uU][bB].*['|\"][0-9a-zA-Z]{35,40}['|\"]" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "GitHub secret pattern detected in the response." @@ -408,7 +408,7 @@ given response then end if if {latest.response} matches "(?:github).{0,40}\b([0-9]{6})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Githubapp - 1 secret pattern detected in the response." @@ -416,7 +416,7 @@ given response then end if if {latest.response} matches "(?:gitlab).{0,40}\b([a-zA-Z0-9\-=_]{20,22})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Gitlab secret pattern detected in the response." @@ -424,7 +424,7 @@ given response then end if if {latest.response} matches "(?:harvest).{0,40}\b([0-9]{4,9})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Harvest - 2 secret pattern detected in the response." @@ -432,7 +432,7 @@ given response then end if if {latest.response} matches "(?:hive).{0,40}\b([0-9a-z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Hive - 1 secret pattern detected in the response." @@ -440,7 +440,7 @@ given response then end if if {latest.response} matches "(?:host).{0,40}\b([a-z0-9]{14})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Host secret pattern detected in the response." @@ -448,7 +448,7 @@ given response then end if if {latest.response} matches "(?:hunter).{0,40}\b([a-z0-9_-]{40})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Hunter secret pattern detected in the response." @@ -456,7 +456,7 @@ given response then end if if {latest.response} matches "(?:intercom).{0,40}\b([a-zA-Z0-9\W\S]{59}\=)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Intercom secret pattern detected in the response." @@ -464,7 +464,7 @@ given response then end if if {latest.response} matches "(?:jira).{0,40}\b([a-zA-Z-0-9]{5,24}\.[a-zA-Z-0-9]{3,16}\.[a-zA-Z-0-9]{3,16})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Jiratoken - 3 secret pattern detected in the response." @@ -472,7 +472,7 @@ given response then end if if {latest.response} matches "(?:less).{0,40}\b([a-zA-Z0-9-]{57})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Lessannoyingcrm secret pattern detected in the response." @@ -480,7 +480,7 @@ given response then end if if {latest.response} matches "(?:m3o).{0,40}\b([0-9A-Za-z]{48})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "M3o secret pattern detected in the response." @@ -488,7 +488,7 @@ given response then end if if {latest.response} matches "(mailgun|mg)[0-9a-z]{32}" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Mailgun API key - 2 secret pattern detected in the response." @@ -496,7 +496,7 @@ given response then end if if {latest.response} matches "(?:manifest).{0,40}\b([a-zA-z0-9]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Manifest secret pattern detected in the response." @@ -504,7 +504,7 @@ given response then end if if {latest.response} matches "https://outlook\.office\.com/webhook/[A-Za-z0-9\-@]+/IncomingWebhook/[A-Za-z0-9\-]+/[A-Za-z0-9\-]+" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Microsoft Teams Webhook secret pattern detected in the response." @@ -512,7 +512,7 @@ given response then end if if {latest.response} matches "(?:freshworks).{0,40}\b([a-z0-9A-Z-]{22})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Myfreshworks - 2 secret pattern detected in the response." @@ -520,7 +520,7 @@ given response then end if if {latest.response} matches "(?:nytimes).{0,40}\b([a-z0-9A-Z-]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Nytimes secret pattern detected in the response." @@ -528,7 +528,7 @@ given response then end if if {latest.response} matches "\b([A-Za-z0-9_\.]{7}-[A-Za-z0-9_\.]{72})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Paypaloauth - 1 secret pattern detected in the response." @@ -536,7 +536,7 @@ given response then end if if {latest.response} matches "\b([A-Za-z0-9_\.]{69}-[A-Za-z0-9_\.]{10})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Paypaloauth - 2 secret pattern detected in the response." @@ -544,7 +544,7 @@ given response then end if if {latest.response} matches "(?:key).{0,40}\b([a-z0-9]{20})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Pusherchannelkey - 1 secret pattern detected in the response." @@ -552,7 +552,7 @@ given response then end if if {latest.response} matches "(REDIS_URL).+" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "REDIS_URL secret pattern detected in the response." @@ -560,7 +560,7 @@ given response then end if if {latest.response} matches "(?:rev).{0,40}\b([0-9a-zA-Z\-]{27}[ \r\n]{1})" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Rev - 2 secret pattern detected in the response." @@ -568,7 +568,7 @@ given response then end if if {latest.response} matches "(?:revamp).{0,40}\b([a-zA-Z0-9.-@]{25,30})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Revampcrm - 2 secret pattern detected in the response." @@ -576,7 +576,7 @@ given response then end if if {latest.response} matches "(?:ronin).{0,40}\b([0-9Aa-zA-Z]{3,32})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Roninapp - 1 secret pattern detected in the response." @@ -584,7 +584,7 @@ given response then end if if {latest.response} matches "data-shoppable-auth-token.+" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Shoppable Service Auth secret pattern detected in the response." @@ -592,7 +592,7 @@ given response then end if if {latest.response} matches "(?:shutterstock).{0,40}\b([0-9a-zA-Z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Shutterstock - 1 secret pattern detected in the response." @@ -600,7 +600,7 @@ given response then end if if {latest.response} matches "(?:shutterstock).{0,40}\b([0-9a-zA-Z]{16})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Shutterstock - 2 secret pattern detected in the response." @@ -608,7 +608,7 @@ given response then end if if {latest.response} matches "xoxp-[0-9A-Za-z\-]{72}" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Slack User token secret pattern detected in the response." @@ -616,7 +616,7 @@ given response then end if if {latest.response} matches "sq0(atp|csp)-[0-9a-z-_]{22,43}" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Square API Key secret pattern detected in the response." @@ -624,7 +624,7 @@ given response then end if if {latest.response} matches "(?:survey).{0,40}\b([a-z0-9A-Z-]{36})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Surveyanyplace - 1 secret pattern detected in the response." @@ -632,7 +632,7 @@ given response then end if if {latest.response} matches "(?:survey).{0,40}\b([a-z0-9A-Z]{32})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Surveyanyplace - 2 secret pattern detected in the response." @@ -640,7 +640,7 @@ given response then end if if {latest.response} matches "(?:swell).{0,40}\b([a-zA-Z0-9]{6,24})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Swell - 1 secret pattern detected in the response." @@ -648,7 +648,7 @@ given response then end if if {latest.response} matches "[tT][wW][iI][tT][tT][eE][rR].*[1-9][0-9]+-[0-9a-zA-Z]{40}" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Twitter Access Token secret pattern detected in the response." @@ -656,7 +656,7 @@ given response then end if if {latest.response} matches "[tT][wW][iI][tT][tT][eE][rR].*['|\"][0-9a-zA-Z]{35,44}['|\"]" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Twitter OAuth secret pattern detected in the response." @@ -664,7 +664,7 @@ given response then end if if {latest.response} matches "\b[a-zA-Z]{1,10}:?\/\/[-.%\w{}]{1,50}:([-.%\S]{3,50})@[-.%\w\/:]+\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Uri secret pattern detected in the response." @@ -672,7 +672,7 @@ given response then end if if {latest.response} matches "(?:youtube).{0,40}\b([a-zA-Z-0-9_]{39})\b" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Youtubeapikey - 1 secret pattern detected in the response." @@ -680,7 +680,7 @@ given response then end if if {latest.response} matches "https://(?:www.)?hooks\.zapier\.com/hooks/catch/[A-Za-z0-9]+/[A-Za-z0-9]+/" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Zapier Webhook secret pattern detected in the response." @@ -688,7 +688,7 @@ given response then end if if {latest.response} matches "https://creator\.zoho\.com/api/[A-Za-z0-9/\-_\.]+\?authtoken=[A-Za-z0-9]+" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "Zoho Webhook secret pattern detected in the response." @@ -696,7 +696,7 @@ given response then end if if {latest.response} matches "access[_-]?key[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "access_key_secret secret pattern detected in the response." @@ -704,7 +704,7 @@ given response then end if if {latest.response} matches "access[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "access_secret secret pattern detected in the response." @@ -712,7 +712,7 @@ given response then end if if {latest.response} matches "access[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "access_token secret pattern detected in the response." @@ -720,7 +720,7 @@ given response then end if if {latest.response} matches "account[_-]?sid(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "account_sid secret pattern detected in the response." @@ -728,7 +728,7 @@ given response then end if if {latest.response} matches "admin[_-]?email(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "admin_email secret pattern detected in the response." @@ -736,7 +736,7 @@ given response then end if if {latest.response} matches "adzerk[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "adzerk_api_key secret pattern detected in the response." @@ -744,7 +744,7 @@ given response then end if if {latest.response} matches "algolia[_-]?admin[_-]?key[_-]?1(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "algolia_admin_key_1 secret pattern detected in the response." @@ -752,7 +752,7 @@ given response then end if if {latest.response} matches "algolia[_-]?admin[_-]?key[_-]?2(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "algolia_admin_key_2 secret pattern detected in the response." @@ -760,7 +760,7 @@ given response then end if if {latest.response} matches "algolia[_-]?admin[_-]?key[_-]?mcm(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "algolia_admin_key_mcm secret pattern detected in the response." @@ -768,7 +768,7 @@ given response then end if if {latest.response} matches "algolia[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "algolia_api_key secret pattern detected in the response." @@ -776,7 +776,7 @@ given response then end if if {latest.response} matches "algolia[_-]?api[_-]?key[_-]?mcm(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "algolia_api_key_mcm secret pattern detected in the response." @@ -784,7 +784,7 @@ given response then end if if {latest.response} matches "algolia[_-]?api[_-]?key[_-]?search(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "algolia_api_key_search secret pattern detected in the response." @@ -792,7 +792,7 @@ given response then end if if {latest.response} matches "algolia[_-]?search[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "algolia_search_api_key secret pattern detected in the response." @@ -800,7 +800,7 @@ given response then end if if {latest.response} matches "algolia[_-]?search[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "algolia_search_key secret pattern detected in the response." @@ -808,7 +808,7 @@ given response then end if if {latest.response} matches "algolia[_-]?search[_-]?key[_-]?1(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "algolia_search_key_1 secret pattern detected in the response." @@ -816,7 +816,7 @@ given response then end if if {latest.response} matches "alias[_-]?pass(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "alias_pass secret pattern detected in the response." @@ -824,7 +824,7 @@ given response then end if if {latest.response} matches "alicloud[_-]?access[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "alicloud_access_key secret pattern detected in the response." @@ -832,7 +832,7 @@ given response then end if if {latest.response} matches "alicloud[_-]?secret[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "alicloud_secret_key secret pattern detected in the response." @@ -840,7 +840,7 @@ given response then end if if {latest.response} matches "amazon[_-]?bucket[_-]?name(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "amazon_bucket_name secret pattern detected in the response." @@ -848,7 +848,7 @@ given response then end if if {latest.response} matches "anaconda[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "anaconda_token secret pattern detected in the response." @@ -856,7 +856,7 @@ given response then end if if {latest.response} matches "android[_-]?docs[_-]?deploy[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "android_docs_deploy_token secret pattern detected in the response." @@ -864,7 +864,7 @@ given response then end if if {latest.response} matches "aos[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "aos_key secret pattern detected in the response." @@ -872,7 +872,7 @@ given response then end if if {latest.response} matches "aos[_-]?sec(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "aos_sec secret pattern detected in the response." @@ -880,7 +880,7 @@ given response then end if if {latest.response} matches "api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "api_key secret pattern detected in the response." @@ -888,7 +888,7 @@ given response then end if if {latest.response} matches "api[_-]?key[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "api_key_secret secret pattern detected in the response." @@ -896,7 +896,7 @@ given response then end if if {latest.response} matches "api[_-]?key[_-]?sid(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "api_key_sid secret pattern detected in the response." @@ -904,7 +904,7 @@ given response then end if if {latest.response} matches "api[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "api_secret secret pattern detected in the response." @@ -912,7 +912,7 @@ given response then end if if {latest.response} matches "apiary[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "apiary_api_key secret pattern detected in the response." @@ -920,7 +920,7 @@ given response then end if if {latest.response} matches "apigw[_-]?access[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "apigw_access_token secret pattern detected in the response." @@ -928,7 +928,7 @@ given response then end if if {latest.response} matches "apikey[:](?:['\"]?[a-zA-Z0-9-_|]+['\"]?)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "apikey_patterns secret pattern detected in the response." @@ -936,7 +936,7 @@ given response then end if if {latest.response} matches "app[_-]?bucket[_-]?perm(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "app_bucket_perm secret pattern detected in the response." @@ -944,7 +944,7 @@ given response then end if if {latest.response} matches "app[_-]?report[_-]?token[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "app_report_token_key secret pattern detected in the response." @@ -952,7 +952,7 @@ given response then end if if {latest.response} matches "app[_-]?secrete(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "app_secrete secret pattern detected in the response." @@ -960,7 +960,7 @@ given response then end if if {latest.response} matches "app[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "app_token secret pattern detected in the response." @@ -968,7 +968,7 @@ given response then end if if {latest.response} matches "appclientsecret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "appclientsecret secret pattern detected in the response." @@ -976,7 +976,7 @@ given response then end if if {latest.response} matches "apple[_-]?id[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "apple_id_password secret pattern detected in the response." @@ -984,7 +984,7 @@ given response then end if if {latest.response} matches "argos[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "argos_token secret pattern detected in the response." @@ -992,7 +992,7 @@ given response then end if if {latest.response} matches "(artifactory.{0,50}(\"|')?[a-zA-Z0-9=]{112}(\"|')?)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "artifactory secret pattern detected in the response." @@ -1000,7 +1000,7 @@ given response then end if if {latest.response} matches "artifactory[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "artifactory_key secret pattern detected in the response." @@ -1008,7 +1008,7 @@ given response then end if if {latest.response} matches "artifacts[_-]?aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "artifacts_aws_access_key_id secret pattern detected in the response." @@ -1016,7 +1016,7 @@ given response then end if if {latest.response} matches "artifacts[_-]?aws[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "artifacts_aws_secret_access_key secret pattern detected in the response." @@ -1024,7 +1024,7 @@ given response then end if if {latest.response} matches "artifacts[_-]?bucket(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "artifacts_bucket secret pattern detected in the response." @@ -1032,7 +1032,7 @@ given response then end if if {latest.response} matches "artifacts[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "artifacts_key secret pattern detected in the response." @@ -1040,7 +1040,7 @@ given response then end if if {latest.response} matches "artifacts[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "artifacts_secret secret pattern detected in the response." @@ -1048,7 +1048,7 @@ given response then end if if {latest.response} matches "assistant[_-]?iam[_-]?apikey(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "assistant_iam_apikey secret pattern detected in the response." @@ -1056,7 +1056,7 @@ given response then end if if {latest.response} matches "auth0[_-]?api[_-]?clientsecret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "auth0_api_clientsecret secret pattern detected in the response." @@ -1064,7 +1064,7 @@ given response then end if if {latest.response} matches "auth0[_-]?client[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "auth0_client_secret secret pattern detected in the response." @@ -1072,7 +1072,7 @@ given response then end if if {latest.response} matches "auth[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "auth_token secret pattern detected in the response." @@ -1080,7 +1080,7 @@ given response then end if if {latest.response} matches "author[_-]?email[_-]?addr(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "author_email_addr secret pattern detected in the response." @@ -1088,7 +1088,7 @@ given response then end if if {latest.response} matches "author[_-]?npm[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "author_npm_api_key secret pattern detected in the response." @@ -1096,7 +1096,7 @@ given response then end if if {latest.response} matches "aws[_-]?access(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "aws_access secret pattern detected in the response." @@ -1104,7 +1104,7 @@ given response then end if if {latest.response} matches "aws[_-]?access[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "aws_access_key secret pattern detected in the response." @@ -1112,7 +1112,7 @@ given response then end if if {latest.response} matches "aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "aws_access_key_id - 1 secret pattern detected in the response." @@ -1120,7 +1120,7 @@ given response then end if if {latest.response} matches "aws[_-]?config[_-]?accesskeyid(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "aws_config_accesskeyid secret pattern detected in the response." @@ -1128,7 +1128,7 @@ given response then end if if {latest.response} matches "aws[_-]?config[_-]?secretaccesskey(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "aws_config_secretaccesskey secret pattern detected in the response." @@ -1136,7 +1136,7 @@ given response then end if if {latest.response} matches "aws[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "aws_key secret pattern detected in the response." @@ -1144,7 +1144,7 @@ given response then end if if {latest.response} matches "(?:accesskeyid|secretaccesskey|aws_access_key_id|aws_secret_access_key)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "aws_patterns secret pattern detected in the response." @@ -1152,7 +1152,7 @@ given response then end if if {latest.response} matches "aws[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "aws_secret secret pattern detected in the response." @@ -1160,7 +1160,7 @@ given response then end if if {latest.response} matches "aws[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "aws_secret_access_key secret pattern detected in the response." @@ -1168,7 +1168,7 @@ given response then end if if {latest.response} matches "aws[_-]?secret[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "aws_secret_key secret pattern detected in the response." @@ -1176,7 +1176,7 @@ given response then end if if {latest.response} matches "aws[_-]?secrets(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "aws_secrets secret pattern detected in the response." @@ -1184,7 +1184,7 @@ given response then end if if {latest.response} matches "aws[_-]?ses[_-]?access[_-]?key[_-]?id(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "aws_ses_access_key_id secret pattern detected in the response." @@ -1192,7 +1192,7 @@ given response then end if if {latest.response} matches "aws[_-]?ses[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "aws_ses_secret_access_key secret pattern detected in the response." @@ -1200,7 +1200,7 @@ given response then end if if {latest.response} matches "awsaccesskeyid(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "awsaccesskeyid secret pattern detected in the response." @@ -1208,7 +1208,7 @@ given response then end if if {latest.response} matches "awscn[_-]?access[_-]?key[_-]?id(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "awscn_access_key_id secret pattern detected in the response." @@ -1216,7 +1216,7 @@ given response then end if if {latest.response} matches "awscn[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "awscn_secret_access_key secret pattern detected in the response." @@ -1224,7 +1224,7 @@ given response then end if if {latest.response} matches "awssecretkey(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "awssecretkey secret pattern detected in the response." @@ -1232,7 +1232,7 @@ given response then end if if {latest.response} matches "b2[_-]?app[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "b2_app_key secret pattern detected in the response." @@ -1240,7 +1240,7 @@ given response then end if if {latest.response} matches "b2[_-]?bucket(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "b2_bucket secret pattern detected in the response." @@ -1248,7 +1248,7 @@ given response then end if if {latest.response} matches "bintray[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "bintray_api_key secret pattern detected in the response." @@ -1256,7 +1256,7 @@ given response then end if if {latest.response} matches "bintray[_-]?apikey(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "bintray_apikey secret pattern detected in the response." @@ -1264,7 +1264,7 @@ given response then end if if {latest.response} matches "bintray[_-]?gpg[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "bintray_gpg_password secret pattern detected in the response." @@ -1272,7 +1272,7 @@ given response then end if if {latest.response} matches "bintray[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "bintray_key secret pattern detected in the response." @@ -1280,7 +1280,7 @@ given response then end if if {latest.response} matches "bintray[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "bintray_token secret pattern detected in the response." @@ -1288,7 +1288,7 @@ given response then end if if {latest.response} matches "bintraykey(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "bintraykey secret pattern detected in the response." @@ -1296,7 +1296,7 @@ given response then end if if {latest.response} matches "bluemix[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "bluemix_api_key secret pattern detected in the response." @@ -1304,7 +1304,7 @@ given response then end if if {latest.response} matches "bluemix[_-]?auth(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "bluemix_auth secret pattern detected in the response." @@ -1312,7 +1312,7 @@ given response then end if if {latest.response} matches "bluemix[_-]?pass(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "bluemix_pass secret pattern detected in the response." @@ -1320,7 +1320,7 @@ given response then end if if {latest.response} matches "bluemix[_-]?pass[_-]?prod(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "bluemix_pass_prod secret pattern detected in the response." @@ -1328,7 +1328,7 @@ given response then end if if {latest.response} matches "bluemix[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "bluemix_password secret pattern detected in the response." @@ -1336,7 +1336,7 @@ given response then end if if {latest.response} matches "bluemix[_-]?pwd(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "bluemix_pwd secret pattern detected in the response." @@ -1344,7 +1344,7 @@ given response then end if if {latest.response} matches "bluemix[_-]?username(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "bluemix_username secret pattern detected in the response." @@ -1352,7 +1352,7 @@ given response then end if if {latest.response} matches "brackets[_-]?repo[_-]?oauth[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "brackets_repo_oauth_token secret pattern detected in the response." @@ -1360,7 +1360,7 @@ given response then end if if {latest.response} matches "browser[_-]?stack[_-]?access[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "browser_stack_access_key secret pattern detected in the response." @@ -1368,7 +1368,7 @@ given response then end if if {latest.response} matches "browserstack[_-]?access[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "browserstack_access_key secret pattern detected in the response." @@ -1376,7 +1376,7 @@ given response then end if if {latest.response} matches "bucketeer[_-]?aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "bucketeer_aws_access_key_id secret pattern detected in the response." @@ -1384,7 +1384,7 @@ given response then end if if {latest.response} matches "bucketeer[_-]?aws[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "bucketeer_aws_secret_access_key secret pattern detected in the response." @@ -1392,7 +1392,7 @@ given response then end if if {latest.response} matches "built[_-]?branch[_-]?deploy[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "built_branch_deploy_key secret pattern detected in the response." @@ -1400,7 +1400,7 @@ given response then end if if {latest.response} matches "bundlesize[_-]?github[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "bundlesize_github_token secret pattern detected in the response." @@ -1408,7 +1408,7 @@ given response then end if if {latest.response} matches "bx[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "bx_password secret pattern detected in the response." @@ -1416,7 +1416,7 @@ given response then end if if {latest.response} matches "bx[_-]?username(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "bx_username secret pattern detected in the response." @@ -1424,7 +1424,7 @@ given response then end if if {latest.response} matches "cache[_-]?s3[_-]?secret[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "cache_s3_secret_key secret pattern detected in the response." @@ -1432,7 +1432,7 @@ given response then end if if {latest.response} matches "cargo[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "cargo_token secret pattern detected in the response." @@ -1440,7 +1440,7 @@ given response then end if if {latest.response} matches "cattle[_-]?access[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "cattle_access_key secret pattern detected in the response." @@ -1448,7 +1448,7 @@ given response then end if if {latest.response} matches "cattle[_-]?agent[_-]?instance[_-]?auth(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "cattle_agent_instance_auth secret pattern detected in the response." @@ -1456,7 +1456,7 @@ given response then end if if {latest.response} matches "cattle[_-]?secret[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "cattle_secret_key secret pattern detected in the response." @@ -1464,7 +1464,7 @@ given response then end if if {latest.response} matches "censys[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "censys_secret secret pattern detected in the response." @@ -1472,7 +1472,7 @@ given response then end if if {latest.response} matches "certificate[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "certificate_password secret pattern detected in the response." @@ -1480,7 +1480,7 @@ given response then end if if {latest.response} matches "cf[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "cf_password secret pattern detected in the response." @@ -1488,7 +1488,7 @@ given response then end if if {latest.response} matches "cheverny[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "cheverny_token secret pattern detected in the response." @@ -1496,7 +1496,7 @@ given response then end if if {latest.response} matches "ci[_-]?user[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ci_user_token secret pattern detected in the response." @@ -1504,7 +1504,7 @@ given response then end if if {latest.response} matches "claimr[_-]?database(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "claimr_database secret pattern detected in the response." @@ -1512,7 +1512,7 @@ given response then end if if {latest.response} matches "claimr[_-]?db(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "claimr_db secret pattern detected in the response." @@ -1520,7 +1520,7 @@ given response then end if if {latest.response} matches "claimr[_-]?superuser(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "claimr_superuser secret pattern detected in the response." @@ -1528,7 +1528,7 @@ given response then end if if {latest.response} matches "claimr[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "claimr_token secret pattern detected in the response." @@ -1536,7 +1536,7 @@ given response then end if if {latest.response} matches "cli[_-]?e2e[_-]?cma[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "cli_e2e_cma_token secret pattern detected in the response." @@ -1544,7 +1544,7 @@ given response then end if if {latest.response} matches "client[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "client_secret secret pattern detected in the response." @@ -1552,7 +1552,7 @@ given response then end if if {latest.response} matches "clojars[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "clojars_password secret pattern detected in the response." @@ -1560,7 +1560,7 @@ given response then end if if {latest.response} matches "cloudant[_-]?archived[_-]?database(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "cloudant_archived_database secret pattern detected in the response." @@ -1568,7 +1568,7 @@ given response then end if if {latest.response} matches "cloudant[_-]?audited[_-]?database(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "cloudant_audited_database secret pattern detected in the response." @@ -1576,7 +1576,7 @@ given response then end if if {latest.response} matches "cloudant[_-]?database(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "cloudant_database secret pattern detected in the response." @@ -1584,7 +1584,7 @@ given response then end if if {latest.response} matches "cloudant[_-]?instance(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "cloudant_instance secret pattern detected in the response." @@ -1592,7 +1592,7 @@ given response then end if if {latest.response} matches "cloudant[_-]?order[_-]?database(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "cloudant_order_database secret pattern detected in the response." @@ -1600,7 +1600,7 @@ given response then end if if {latest.response} matches "cloudant[_-]?parsed[_-]?database(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "cloudant_parsed_database secret pattern detected in the response." @@ -1608,7 +1608,7 @@ given response then end if if {latest.response} matches "cloudant[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "cloudant_password secret pattern detected in the response." @@ -1616,7 +1616,7 @@ given response then end if if {latest.response} matches "cloudant[_-]?processed[_-]?database(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "cloudant_processed_database secret pattern detected in the response." @@ -1624,7 +1624,7 @@ given response then end if if {latest.response} matches "cloudant[_-]?service[_-]?database(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "cloudant_service_database secret pattern detected in the response." @@ -1632,7 +1632,7 @@ given response then end if if {latest.response} matches "cloudflare[_-]?auth[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "cloudflare_auth_key secret pattern detected in the response." @@ -1640,7 +1640,7 @@ given response then end if if {latest.response} matches "cloudflare[_-]?email(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "cloudflare_email secret pattern detected in the response." @@ -1648,7 +1648,7 @@ given response then end if if {latest.response} matches "cloudinary[_-]?url(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "cloudinary_url secret pattern detected in the response." @@ -1656,7 +1656,7 @@ given response then end if if {latest.response} matches "cloudinary[_-]?url[_-]?staging(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "cloudinary_url_staging secret pattern detected in the response." @@ -1664,7 +1664,7 @@ given response then end if if {latest.response} matches "clu[_-]?repo[_-]?url(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "clu_repo_url secret pattern detected in the response." @@ -1672,7 +1672,7 @@ given response then end if if {latest.response} matches "clu[_-]?ssh[_-]?private[_-]?key[_-]?base64(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "clu_ssh_private_key_base64 secret pattern detected in the response." @@ -1680,7 +1680,7 @@ given response then end if if {latest.response} matches "cn[_-]?access[_-]?key[_-]?id(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "cn_access_key_id secret pattern detected in the response." @@ -1688,7 +1688,7 @@ given response then end if if {latest.response} matches "cn[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "cn_secret_access_key secret pattern detected in the response." @@ -1696,7 +1696,7 @@ given response then end if if {latest.response} matches "cocoapods[_-]?trunk[_-]?email(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "cocoapods_trunk_email secret pattern detected in the response." @@ -1704,7 +1704,7 @@ given response then end if if {latest.response} matches "cocoapods[_-]?trunk[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "cocoapods_trunk_token secret pattern detected in the response." @@ -1712,7 +1712,7 @@ given response then end if if {latest.response} matches "codacy[_-]?project[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "codacy_project_token secret pattern detected in the response." @@ -1720,7 +1720,7 @@ given response then end if if {latest.response} matches "(codeclima.{0,50}(\"|')?[0-9a-f]{64}(\"|')?)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "codeclimate secret pattern detected in the response." @@ -1728,7 +1728,7 @@ given response then end if if {latest.response} matches "codeclimate[_-]?repo[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "codeclimate_repo_token secret pattern detected in the response." @@ -1736,7 +1736,7 @@ given response then end if if {latest.response} matches "codecov[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "codecov_token secret pattern detected in the response." @@ -1744,7 +1744,7 @@ given response then end if if {latest.response} matches "coding[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "coding_token secret pattern detected in the response." @@ -1752,7 +1752,7 @@ given response then end if if {latest.response} matches "conekta[_-]?apikey(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "conekta_apikey secret pattern detected in the response." @@ -1760,7 +1760,7 @@ given response then end if if {latest.response} matches "consumerkey(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "consumerkey secret pattern detected in the response." @@ -1768,7 +1768,7 @@ given response then end if if {latest.response} matches "contentful[_-]?access[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "contentful_access_token secret pattern detected in the response." @@ -1776,7 +1776,7 @@ given response then end if if {latest.response} matches "contentful[_-]?cma[_-]?test[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "contentful_cma_test_token secret pattern detected in the response." @@ -1784,7 +1784,7 @@ given response then end if if {latest.response} matches "contentful[_-]?integration[_-]?management[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "contentful_integration_management_token secret pattern detected in the response." @@ -1792,7 +1792,7 @@ given response then end if if {latest.response} matches "contentful[_-]?php[_-]?management[_-]?test[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "contentful_php_management_test_token secret pattern detected in the response." @@ -1800,7 +1800,7 @@ given response then end if if {latest.response} matches "contentful[_-]?test[_-]?org[_-]?cma[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "contentful_test_org_cma_token secret pattern detected in the response." @@ -1808,7 +1808,7 @@ given response then end if if {latest.response} matches "contentful[_-]?v2[_-]?access[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "contentful_v2_access_token secret pattern detected in the response." @@ -1816,7 +1816,7 @@ given response then end if if {latest.response} matches "conversation[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "conversation_password secret pattern detected in the response." @@ -1824,7 +1824,7 @@ given response then end if if {latest.response} matches "conversation[_-]?username(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "conversation_username secret pattern detected in the response." @@ -1832,7 +1832,7 @@ given response then end if if {latest.response} matches "cos[_-]?secrets(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "cos_secrets secret pattern detected in the response." @@ -1840,7 +1840,7 @@ given response then end if if {latest.response} matches "coveralls[_-]?api[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "coveralls_api_token secret pattern detected in the response." @@ -1848,7 +1848,7 @@ given response then end if if {latest.response} matches "coveralls[_-]?repo[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "coveralls_repo_token secret pattern detected in the response." @@ -1856,7 +1856,7 @@ given response then end if if {latest.response} matches "coveralls[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "coveralls_token secret pattern detected in the response." @@ -1864,7 +1864,7 @@ given response then end if if {latest.response} matches "coverity[_-]?scan[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "coverity_scan_token secret pattern detected in the response." @@ -1872,7 +1872,7 @@ given response then end if if {latest.response} matches "cypress[_-]?record[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "cypress_record_key secret pattern detected in the response." @@ -1880,7 +1880,7 @@ given response then end if if {latest.response} matches "danger[_-]?github[_-]?api[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "danger_github_api_token secret pattern detected in the response." @@ -1888,7 +1888,7 @@ given response then end if if {latest.response} matches "database[_-]?host(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "database_host secret pattern detected in the response." @@ -1896,7 +1896,7 @@ given response then end if if {latest.response} matches "database[_-]?name(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "database_name secret pattern detected in the response." @@ -1904,7 +1904,7 @@ given response then end if if {latest.response} matches "database[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "database_password secret pattern detected in the response." @@ -1912,7 +1912,7 @@ given response then end if if {latest.response} matches "database[_-]?port(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "database_port secret pattern detected in the response." @@ -1920,7 +1920,7 @@ given response then end if if {latest.response} matches "database[_-]?user(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "database_user secret pattern detected in the response." @@ -1928,7 +1928,7 @@ given response then end if if {latest.response} matches "datadog[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "datadog_api_key secret pattern detected in the response." @@ -1936,7 +1936,7 @@ given response then end if if {latest.response} matches "datadog[_-]?app[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "datadog_app_key secret pattern detected in the response." @@ -1944,7 +1944,7 @@ given response then end if if {latest.response} matches "db[_-]?connection(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "db_connection secret pattern detected in the response." @@ -1952,7 +1952,7 @@ given response then end if if {latest.response} matches "db[_-]?database(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "db_database secret pattern detected in the response." @@ -1960,7 +1960,7 @@ given response then end if if {latest.response} matches "db[_-]?host(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "db_host secret pattern detected in the response." @@ -1968,7 +1968,7 @@ given response then end if if {latest.response} matches "db[_-]?user(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "db_user secret pattern detected in the response." @@ -1976,7 +1976,7 @@ given response then end if if {latest.response} matches "db[_-]?username(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "db_username secret pattern detected in the response." @@ -1984,7 +1984,7 @@ given response then end if if {latest.response} matches "ddg[_-]?test[_-]?email(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ddg_test_email secret pattern detected in the response." @@ -1992,7 +1992,7 @@ given response then end if if {latest.response} matches "ddg[_-]?test[_-]?email[_-]?pw(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ddg_test_email_pw secret pattern detected in the response." @@ -2000,7 +2000,7 @@ given response then end if if {latest.response} matches "ddgc[_-]?github[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ddgc_github_token secret pattern detected in the response." @@ -2008,7 +2008,7 @@ given response then end if if {latest.response} matches "deploy[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "deploy_password secret pattern detected in the response." @@ -2016,7 +2016,7 @@ given response then end if if {latest.response} matches "deploy[_-]?secure(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "deploy_secure secret pattern detected in the response." @@ -2024,7 +2024,7 @@ given response then end if if {latest.response} matches "deploy[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "deploy_token secret pattern detected in the response." @@ -2032,7 +2032,7 @@ given response then end if if {latest.response} matches "deploy[_-]?user(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "deploy_user secret pattern detected in the response." @@ -2040,7 +2040,7 @@ given response then end if if {latest.response} matches "dgpg[_-]?passphrase(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "dgpg_passphrase secret pattern detected in the response." @@ -2048,7 +2048,7 @@ given response then end if if {latest.response} matches "digitalocean[_-]?access[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "digitalocean_access_token secret pattern detected in the response." @@ -2056,7 +2056,7 @@ given response then end if if {latest.response} matches "digitalocean[_-]?ssh[_-]?key[_-]?body(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "digitalocean_ssh_key_body secret pattern detected in the response." @@ -2064,7 +2064,7 @@ given response then end if if {latest.response} matches "digitalocean[_-]?ssh[_-]?key[_-]?ids(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "digitalocean_ssh_key_ids secret pattern detected in the response." @@ -2072,7 +2072,7 @@ given response then end if if {latest.response} matches "docker[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "docker_key secret pattern detected in the response." @@ -2080,7 +2080,7 @@ given response then end if if {latest.response} matches "docker[_-]?pass(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "docker_pass secret pattern detected in the response." @@ -2088,7 +2088,7 @@ given response then end if if {latest.response} matches "docker[_-]?postgres[_-]?url(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "docker_postgres_url secret pattern detected in the response." @@ -2096,7 +2096,7 @@ given response then end if if {latest.response} matches "dockerhubpassword(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "dockerhubpassword secret pattern detected in the response." @@ -2104,7 +2104,7 @@ given response then end if if {latest.response} matches "dsonar[_-]?login(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "dsonar_login secret pattern detected in the response." @@ -2112,7 +2112,7 @@ given response then end if if {latest.response} matches "dsonar[_-]?projectkey(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "dsonar_projectkey secret pattern detected in the response." @@ -2120,7 +2120,7 @@ given response then end if if {latest.response} matches "elastic[_-]?cloud[_-]?auth(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "elastic_cloud_auth secret pattern detected in the response." @@ -2128,7 +2128,7 @@ given response then end if if {latest.response} matches "elasticsearch[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "elasticsearch_password secret pattern detected in the response." @@ -2136,7 +2136,7 @@ given response then end if if {latest.response} matches "encryption[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "encryption_password secret pattern detected in the response." @@ -2144,7 +2144,7 @@ given response then end if if {latest.response} matches "end[_-]?user[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "end_user_password secret pattern detected in the response." @@ -2152,7 +2152,7 @@ given response then end if if {latest.response} matches "env[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "env_key secret pattern detected in the response." @@ -2160,7 +2160,7 @@ given response then end if if {latest.response} matches "env[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "env_secret secret pattern detected in the response." @@ -2168,7 +2168,7 @@ given response then end if if {latest.response} matches "env[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "env_secret_access_key secret pattern detected in the response." @@ -2176,7 +2176,7 @@ given response then end if if {latest.response} matches "env[_-]?sonatype[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "env_sonatype_password secret pattern detected in the response." @@ -2184,7 +2184,7 @@ given response then end if if {latest.response} matches "eureka[_-]?awssecretkey(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "eureka_awssecretkey secret pattern detected in the response." @@ -2192,7 +2192,7 @@ given response then end if if {latest.response} matches "exp[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "exp_password secret pattern detected in the response." @@ -2200,7 +2200,7 @@ given response then end if if {latest.response} matches "[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K].*['|\"][0-9a-f]{32}['|\"]" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "facebook_oauth secret pattern detected in the response." @@ -2208,7 +2208,7 @@ given response then end if if {latest.response} matches "file[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "file_password secret pattern detected in the response." @@ -2216,7 +2216,7 @@ given response then end if if {latest.response} matches "firebase[_-]?project[_-]?develop(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "firebase_project_develop secret pattern detected in the response." @@ -2224,7 +2224,7 @@ given response then end if if {latest.response} matches "flask[_-]?secret[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "flask_secret_key secret pattern detected in the response." @@ -2232,7 +2232,7 @@ given response then end if if {latest.response} matches "flickr[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "flickr_api_key secret pattern detected in the response." @@ -2240,7 +2240,7 @@ given response then end if if {latest.response} matches "flickr[_-]?api[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "flickr_api_secret secret pattern detected in the response." @@ -2248,7 +2248,7 @@ given response then end if if {latest.response} matches "fossa[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "fossa_api_key secret pattern detected in the response." @@ -2256,7 +2256,7 @@ given response then end if if {latest.response} matches "ftp[_-]?host(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ftp_host secret pattern detected in the response." @@ -2264,7 +2264,7 @@ given response then end if if {latest.response} matches "ftp[_-]?login(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ftp_login secret pattern detected in the response." @@ -2272,7 +2272,7 @@ given response then end if if {latest.response} matches "ftp[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ftp_password secret pattern detected in the response." @@ -2280,7 +2280,7 @@ given response then end if if {latest.response} matches "ftp[_-]?user(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ftp_user secret pattern detected in the response." @@ -2288,7 +2288,7 @@ given response then end if if {latest.response} matches "ftp[_-]?username(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ftp_username secret pattern detected in the response." @@ -2296,7 +2296,7 @@ given response then end if if {latest.response} matches "gcloud[_-]?bucket(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "gcloud_bucket secret pattern detected in the response." @@ -2304,7 +2304,7 @@ given response then end if if {latest.response} matches "gcloud[_-]?project(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "gcloud_project secret pattern detected in the response." @@ -2312,7 +2312,7 @@ given response then end if if {latest.response} matches "gcloud[_-]?service[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "gcloud_service_key secret pattern detected in the response." @@ -2320,7 +2320,7 @@ given response then end if if {latest.response} matches "gcr[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "gcr_password secret pattern detected in the response." @@ -2328,7 +2328,7 @@ given response then end if if {latest.response} matches "gcs[_-]?bucket(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "gcs_bucket secret pattern detected in the response." @@ -2336,7 +2336,7 @@ given response then end if if {latest.response} matches "gh[_-]?email(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "gh_email secret pattern detected in the response." @@ -2344,7 +2344,7 @@ given response then end if if {latest.response} matches "gh[_-]?next[_-]?oauth[_-]?client[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "gh_next_oauth_client_secret secret pattern detected in the response." @@ -2352,7 +2352,7 @@ given response then end if if {latest.response} matches "gh[_-]?next[_-]?unstable[_-]?oauth[_-]?client[_-]?id(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "gh_next_unstable_oauth_client_id secret pattern detected in the response." @@ -2360,7 +2360,7 @@ given response then end if if {latest.response} matches "gh[_-]?next[_-]?unstable[_-]?oauth[_-]?client[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "gh_next_unstable_oauth_client_secret secret pattern detected in the response." @@ -2368,7 +2368,7 @@ given response then end if if {latest.response} matches "gh[_-]?oauth[_-]?client[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "gh_oauth_client_secret secret pattern detected in the response." @@ -2376,7 +2376,7 @@ given response then end if if {latest.response} matches "gh[_-]?oauth[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "gh_oauth_token secret pattern detected in the response." @@ -2384,7 +2384,7 @@ given response then end if if {latest.response} matches "gh[_-]?repo[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "gh_repo_token secret pattern detected in the response." @@ -2392,7 +2392,7 @@ given response then end if if {latest.response} matches "gh[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "gh_token secret pattern detected in the response." @@ -2400,7 +2400,7 @@ given response then end if if {latest.response} matches "gh[_-]?unstable[_-]?oauth[_-]?client[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "gh_unstable_oauth_client_secret secret pattern detected in the response." @@ -2408,7 +2408,7 @@ given response then end if if {latest.response} matches "ghb[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ghb_token secret pattern detected in the response." @@ -2416,7 +2416,7 @@ given response then end if if {latest.response} matches "ghost[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ghost_api_key secret pattern detected in the response." @@ -2424,7 +2424,7 @@ given response then end if if {latest.response} matches "git[_-]?author[_-]?email(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "git_author_email secret pattern detected in the response." @@ -2432,7 +2432,7 @@ given response then end if if {latest.response} matches "git[_-]?author[_-]?name(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "git_author_name secret pattern detected in the response." @@ -2440,7 +2440,7 @@ given response then end if if {latest.response} matches "git[_-]?committer[_-]?email(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "git_committer_email secret pattern detected in the response." @@ -2448,7 +2448,7 @@ given response then end if if {latest.response} matches "git[_-]?committer[_-]?name(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "git_committer_name secret pattern detected in the response." @@ -2456,7 +2456,7 @@ given response then end if if {latest.response} matches "git[_-]?email(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "git_email secret pattern detected in the response." @@ -2464,7 +2464,7 @@ given response then end if if {latest.response} matches "git[_-]?name(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "git_name secret pattern detected in the response." @@ -2472,7 +2472,7 @@ given response then end if if {latest.response} matches "git[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "git_token secret pattern detected in the response." @@ -2480,7 +2480,7 @@ given response then end if if {latest.response} matches "github[_-]?access[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "github_access_token - 1 secret pattern detected in the response." @@ -2488,7 +2488,7 @@ given response then end if if {latest.response} matches "[a-zA-Z0-9_-]*:[a-zA-Z0-9_-]+@github.com*" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "github_access_token - 2 secret pattern detected in the response." @@ -2496,7 +2496,7 @@ given response then end if if {latest.response} matches "github[_-]?api[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "github_api_token secret pattern detected in the response." @@ -2504,7 +2504,7 @@ given response then end if if {latest.response} matches "github[_-]?auth(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "github_auth secret pattern detected in the response." @@ -2512,7 +2512,7 @@ given response then end if if {latest.response} matches "github[_-]?auth[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "github_auth_token secret pattern detected in the response." @@ -2520,7 +2520,7 @@ given response then end if if {latest.response} matches "github[_-]?client[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "github_client_secret secret pattern detected in the response." @@ -2528,7 +2528,7 @@ given response then end if if {latest.response} matches "github[_-]?deploy[_-]?hb[_-]?doc[_-]?pass(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "github_deploy_hb_doc_pass secret pattern detected in the response." @@ -2536,7 +2536,7 @@ given response then end if if {latest.response} matches "github[_-]?deployment[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "github_deployment_token secret pattern detected in the response." @@ -2544,7 +2544,7 @@ given response then end if if {latest.response} matches "github[_-]?hunter[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "github_hunter_token secret pattern detected in the response." @@ -2552,7 +2552,7 @@ given response then end if if {latest.response} matches "github[_-]?hunter[_-]?username(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "github_hunter_username secret pattern detected in the response." @@ -2560,7 +2560,7 @@ given response then end if if {latest.response} matches "github[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "github_key secret pattern detected in the response." @@ -2568,7 +2568,7 @@ given response then end if if {latest.response} matches "github[_-]?oauth[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "github_oauth_token secret pattern detected in the response." @@ -2576,7 +2576,7 @@ given response then end if if {latest.response} matches "github[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "github_password secret pattern detected in the response." @@ -2584,7 +2584,7 @@ given response then end if if {latest.response} matches "github[_-]?pwd(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "github_pwd secret pattern detected in the response." @@ -2592,7 +2592,7 @@ given response then end if if {latest.response} matches "github[_-]?release[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "github_release_token secret pattern detected in the response." @@ -2600,7 +2600,7 @@ given response then end if if {latest.response} matches "github[_-]?repo(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "github_repo secret pattern detected in the response." @@ -2608,7 +2608,7 @@ given response then end if if {latest.response} matches "gitlab[_-]?user[_-]?email(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "gitlab_user_email secret pattern detected in the response." @@ -2616,7 +2616,7 @@ given response then end if if {latest.response} matches "gogs[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "gogs_password secret pattern detected in the response." @@ -2624,7 +2624,7 @@ given response then end if if {latest.response} matches "google[_-]?account[_-]?type(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "google_account_type secret pattern detected in the response." @@ -2632,7 +2632,7 @@ given response then end if if {latest.response} matches "google[_-]?client[_-]?email(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "google_client_email secret pattern detected in the response." @@ -2640,7 +2640,7 @@ given response then end if if {latest.response} matches "(?:google_client_id|google_client_secret|google_client_token)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "google_patterns secret pattern detected in the response." @@ -2648,7 +2648,7 @@ given response then end if if {latest.response} matches "google[_-]?private[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "google_private_key secret pattern detected in the response." @@ -2656,7 +2656,7 @@ given response then end if if {latest.response} matches "([0-9]{12}-[a-z0-9]{32}.apps.googleusercontent.com)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "google_url secret pattern detected in the response." @@ -2664,7 +2664,7 @@ given response then end if if {latest.response} matches "gpg[_-]?key[_-]?name(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "gpg_key_name secret pattern detected in the response." @@ -2672,7 +2672,7 @@ given response then end if if {latest.response} matches "gpg[_-]?keyname(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "gpg_keyname secret pattern detected in the response." @@ -2680,7 +2680,7 @@ given response then end if if {latest.response} matches "gpg[_-]?ownertrust(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "gpg_ownertrust secret pattern detected in the response." @@ -2688,7 +2688,7 @@ given response then end if if {latest.response} matches "gpg[_-]?passphrase(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "gpg_passphrase secret pattern detected in the response." @@ -2696,7 +2696,7 @@ given response then end if if {latest.response} matches "gpg[_-]?private[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "gpg_private_key secret pattern detected in the response." @@ -2704,7 +2704,7 @@ given response then end if if {latest.response} matches "gpg[_-]?secret[_-]?keys(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "gpg_secret_keys secret pattern detected in the response." @@ -2712,7 +2712,7 @@ given response then end if if {latest.response} matches "gradle[_-]?publish[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "gradle_publish_key secret pattern detected in the response." @@ -2720,7 +2720,7 @@ given response then end if if {latest.response} matches "gradle[_-]?publish[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "gradle_publish_secret secret pattern detected in the response." @@ -2728,7 +2728,7 @@ given response then end if if {latest.response} matches "gradle[_-]?signing[_-]?key[_-]?id(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "gradle_signing_key_id secret pattern detected in the response." @@ -2736,7 +2736,7 @@ given response then end if if {latest.response} matches "gradle[_-]?signing[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "gradle_signing_password secret pattern detected in the response." @@ -2744,7 +2744,7 @@ given response then end if if {latest.response} matches "gren[_-]?github[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "gren_github_token secret pattern detected in the response." @@ -2752,7 +2752,7 @@ given response then end if if {latest.response} matches "grgit[_-]?user(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "grgit_user secret pattern detected in the response." @@ -2760,7 +2760,7 @@ given response then end if if {latest.response} matches "hab[_-]?auth[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "hab_auth_token secret pattern detected in the response." @@ -2768,7 +2768,7 @@ given response then end if if {latest.response} matches "hab[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "hab_key secret pattern detected in the response." @@ -2776,7 +2776,7 @@ given response then end if if {latest.response} matches "hb[_-]?codesign[_-]?gpg[_-]?pass(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "hb_codesign_gpg_pass secret pattern detected in the response." @@ -2784,7 +2784,7 @@ given response then end if if {latest.response} matches "hb[_-]?codesign[_-]?key[_-]?pass(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "hb_codesign_key_pass secret pattern detected in the response." @@ -2792,7 +2792,7 @@ given response then end if if {latest.response} matches "heroku[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "heroku_api_key secret pattern detected in the response." @@ -2800,7 +2800,7 @@ given response then end if if {latest.response} matches "([h|H][e|E][r|R][o|O][k|K][u|U].{0,30}[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "heroku_api_key_api_key secret pattern detected in the response." @@ -2808,7 +2808,7 @@ given response then end if if {latest.response} matches "heroku[_-]?email(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "heroku_email secret pattern detected in the response." @@ -2816,7 +2816,7 @@ given response then end if if {latest.response} matches "heroku[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "heroku_token secret pattern detected in the response." @@ -2824,7 +2824,7 @@ given response then end if if {latest.response} matches "hockey.{0,50}(\"|')?[0-9a-f]{32}(\"|')?" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "hockeyapp secret pattern detected in the response." @@ -2832,7 +2832,7 @@ given response then end if if {latest.response} matches "hockeyapp[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "hockeyapp_token secret pattern detected in the response." @@ -2840,7 +2840,7 @@ given response then end if if {latest.response} matches "homebrew[_-]?github[_-]?api[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "homebrew_github_api_token secret pattern detected in the response." @@ -2848,7 +2848,7 @@ given response then end if if {latest.response} matches "hub[_-]?dxia2[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "hub_dxia2_password secret pattern detected in the response." @@ -2856,7 +2856,7 @@ given response then end if if {latest.response} matches "ij[_-]?repo[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ij_repo_password secret pattern detected in the response." @@ -2864,7 +2864,7 @@ given response then end if if {latest.response} matches "ij[_-]?repo[_-]?username(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ij_repo_username secret pattern detected in the response." @@ -2872,7 +2872,7 @@ given response then end if if {latest.response} matches "index[_-]?name(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "index_name secret pattern detected in the response." @@ -2880,7 +2880,7 @@ given response then end if if {latest.response} matches "integration[_-]?test[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "integration_test_api_key secret pattern detected in the response." @@ -2888,7 +2888,7 @@ given response then end if if {latest.response} matches "integration[_-]?test[_-]?appid(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "integration_test_appid secret pattern detected in the response." @@ -2896,7 +2896,7 @@ given response then end if if {latest.response} matches "internal[_-]?secrets(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "internal_secrets secret pattern detected in the response." @@ -2904,7 +2904,7 @@ given response then end if if {latest.response} matches "ios[_-]?docs[_-]?deploy[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ios_docs_deploy_token secret pattern detected in the response." @@ -2912,7 +2912,7 @@ given response then end if if {latest.response} matches "itest[_-]?gh[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "itest_gh_token secret pattern detected in the response." @@ -2920,7 +2920,7 @@ given response then end if if {latest.response} matches "mysql: jdbc:mysql(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "jdbc secret pattern detected in the response." @@ -2928,7 +2928,7 @@ given response then end if if {latest.response} matches "jdbc[_-]?databaseurl(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "jdbc_databaseurl secret pattern detected in the response." @@ -2936,7 +2936,7 @@ given response then end if if {latest.response} matches "jdbc[_-]?host(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "jdbc_host secret pattern detected in the response." @@ -2944,7 +2944,7 @@ given response then end if if {latest.response} matches "jwt[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "jwt_secret secret pattern detected in the response." @@ -2952,7 +2952,7 @@ given response then end if if {latest.response} matches "kafka[_-]?admin[_-]?url(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "kafka_admin_url secret pattern detected in the response." @@ -2960,7 +2960,7 @@ given response then end if if {latest.response} matches "kafka[_-]?instance[_-]?name(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "kafka_instance_name secret pattern detected in the response." @@ -2968,7 +2968,7 @@ given response then end if if {latest.response} matches "kafka[_-]?rest[_-]?url(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "kafka_rest_url secret pattern detected in the response." @@ -2976,7 +2976,7 @@ given response then end if if {latest.response} matches "keystore[_-]?pass(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "keystore_pass secret pattern detected in the response." @@ -2984,7 +2984,7 @@ given response then end if if {latest.response} matches "kovan[_-]?private[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "kovan_private_key secret pattern detected in the response." @@ -2992,7 +2992,7 @@ given response then end if if {latest.response} matches "kubecfg[_-]?s3[_-]?path(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "kubecfg_s3_path secret pattern detected in the response." @@ -3000,7 +3000,7 @@ given response then end if if {latest.response} matches "kubeconfig(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "kubeconfig secret pattern detected in the response." @@ -3008,7 +3008,7 @@ given response then end if if {latest.response} matches "kxoltsn3vogdop92m(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "kxoltsn3vogdop92m secret pattern detected in the response." @@ -3016,7 +3016,7 @@ given response then end if if {latest.response} matches "leanplum[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "leanplum_key secret pattern detected in the response." @@ -3024,7 +3024,7 @@ given response then end if if {latest.response} matches "lektor[_-]?deploy[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "lektor_deploy_password secret pattern detected in the response." @@ -3032,7 +3032,7 @@ given response then end if if {latest.response} matches "lektor[_-]?deploy[_-]?username(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "lektor_deploy_username secret pattern detected in the response." @@ -3040,7 +3040,7 @@ given response then end if if {latest.response} matches "lighthouse[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "lighthouse_api_key secret pattern detected in the response." @@ -3048,7 +3048,7 @@ given response then end if if {latest.response} matches "linux[_-]?signing[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "linux_signing_key secret pattern detected in the response." @@ -3056,7 +3056,7 @@ given response then end if if {latest.response} matches "ll[_-]?publish[_-]?url(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ll_publish_url secret pattern detected in the response." @@ -3064,7 +3064,7 @@ given response then end if if {latest.response} matches "ll[_-]?shared[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ll_shared_key secret pattern detected in the response." @@ -3072,7 +3072,7 @@ given response then end if if {latest.response} matches "looker[_-]?test[_-]?runner[_-]?client[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "looker_test_runner_client_secret secret pattern detected in the response." @@ -3080,7 +3080,7 @@ given response then end if if {latest.response} matches "lottie[_-]?happo[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "lottie_happo_api_key secret pattern detected in the response." @@ -3088,7 +3088,7 @@ given response then end if if {latest.response} matches "lottie[_-]?happo[_-]?secret[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "lottie_happo_secret_key secret pattern detected in the response." @@ -3096,7 +3096,7 @@ given response then end if if {latest.response} matches "lottie[_-]?s3[_-]?secret[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "lottie_s3_secret_key secret pattern detected in the response." @@ -3104,7 +3104,7 @@ given response then end if if {latest.response} matches "lottie[_-]?upload[_-]?cert[_-]?key[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "lottie_upload_cert_key_password secret pattern detected in the response." @@ -3112,7 +3112,7 @@ given response then end if if {latest.response} matches "lottie[_-]?upload[_-]?cert[_-]?key[_-]?store[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "lottie_upload_cert_key_store_password secret pattern detected in the response." @@ -3120,7 +3120,7 @@ given response then end if if {latest.response} matches "magento[_-]?auth[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "magento_auth_password secret pattern detected in the response." @@ -3128,7 +3128,7 @@ given response then end if if {latest.response} matches "magento[_-]?auth[_-]?username (=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "magento_auth_username secret pattern detected in the response." @@ -3136,7 +3136,7 @@ given response then end if if {latest.response} matches "magento[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "magento_password secret pattern detected in the response." @@ -3144,7 +3144,7 @@ given response then end if if {latest.response} matches "mail[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "mail_password secret pattern detected in the response." @@ -3152,7 +3152,7 @@ given response then end if if {latest.response} matches "mailchimp[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "mailchimp_api_key secret pattern detected in the response." @@ -3160,7 +3160,7 @@ given response then end if if {latest.response} matches "mailchimp[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "mailchimp_key secret pattern detected in the response." @@ -3168,7 +3168,7 @@ given response then end if if {latest.response} matches "mailer[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "mailer_password secret pattern detected in the response." @@ -3176,7 +3176,7 @@ given response then end if if {latest.response} matches "(key-[0-9a-f]{32})" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "mailgun secret pattern detected in the response." @@ -3184,7 +3184,7 @@ given response then end if if {latest.response} matches "mailgun[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "mailgun_api_key secret pattern detected in the response." @@ -3192,7 +3192,7 @@ given response then end if if {latest.response} matches "mailgun[_-]?apikey(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "mailgun_apikey secret pattern detected in the response." @@ -3200,7 +3200,7 @@ given response then end if if {latest.response} matches "mailgun[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "mailgun_password secret pattern detected in the response." @@ -3208,7 +3208,7 @@ given response then end if if {latest.response} matches "mailgun[_-]?pub[_-]?apikey(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "mailgun_pub_apikey secret pattern detected in the response." @@ -3216,7 +3216,7 @@ given response then end if if {latest.response} matches "mailgun[_-]?pub[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "mailgun_pub_key secret pattern detected in the response." @@ -3224,7 +3224,7 @@ given response then end if if {latest.response} matches "manage[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "manage_key secret pattern detected in the response." @@ -3232,7 +3232,7 @@ given response then end if if {latest.response} matches "manage[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "manage_secret secret pattern detected in the response." @@ -3240,7 +3240,7 @@ given response then end if if {latest.response} matches "management[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "management_token secret pattern detected in the response." @@ -3248,7 +3248,7 @@ given response then end if if {latest.response} matches "managementapiaccesstoken(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "managementapiaccesstoken secret pattern detected in the response." @@ -3256,7 +3256,7 @@ given response then end if if {latest.response} matches "mandrill[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "mandrill_api_key secret pattern detected in the response." @@ -3264,7 +3264,7 @@ given response then end if if {latest.response} matches "manifest[_-]?app[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "manifest_app_token secret pattern detected in the response." @@ -3272,7 +3272,7 @@ given response then end if if {latest.response} matches "manifest[_-]?app[_-]?url(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "manifest_app_url secret pattern detected in the response." @@ -3280,7 +3280,7 @@ given response then end if if {latest.response} matches "mapbox[_-]?access[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "mapbox_access_token secret pattern detected in the response." @@ -3288,7 +3288,7 @@ given response then end if if {latest.response} matches "mapbox[_-]?api[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "mapbox_api_token secret pattern detected in the response." @@ -3296,7 +3296,7 @@ given response then end if if {latest.response} matches "mapbox[_-]?aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "mapbox_aws_access_key_id secret pattern detected in the response." @@ -3304,7 +3304,7 @@ given response then end if if {latest.response} matches "mapbox[_-]?aws[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "mapbox_aws_secret_access_key secret pattern detected in the response." @@ -3312,7 +3312,7 @@ given response then end if if {latest.response} matches "mapboxaccesstoken(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "mapboxaccesstoken secret pattern detected in the response." @@ -3320,7 +3320,7 @@ given response then end if if {latest.response} matches "mg[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "mg_api_key secret pattern detected in the response." @@ -3328,7 +3328,7 @@ given response then end if if {latest.response} matches "mh[_-]?apikey(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "mh_apikey secret pattern detected in the response." @@ -3336,7 +3336,7 @@ given response then end if if {latest.response} matches "mh[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "mh_password secret pattern detected in the response." @@ -3344,7 +3344,7 @@ given response then end if if {latest.response} matches "mile[_-]?zero[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "mile_zero_key secret pattern detected in the response." @@ -3352,7 +3352,7 @@ given response then end if if {latest.response} matches "minio[_-]?access[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "minio_access_key secret pattern detected in the response." @@ -3360,7 +3360,7 @@ given response then end if if {latest.response} matches "minio[_-]?secret[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "minio_secret_key secret pattern detected in the response." @@ -3368,7 +3368,7 @@ given response then end if if {latest.response} matches "multi[_-]?bob[_-]?sid(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "multi_bob_sid secret pattern detected in the response." @@ -3376,7 +3376,7 @@ given response then end if if {latest.response} matches "multi[_-]?connect[_-]?sid(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "multi_connect_sid secret pattern detected in the response." @@ -3384,7 +3384,7 @@ given response then end if if {latest.response} matches "multi[_-]?disconnect[_-]?sid(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "multi_disconnect_sid secret pattern detected in the response." @@ -3392,7 +3392,7 @@ given response then end if if {latest.response} matches "multi[_-]?workflow[_-]?sid(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "multi_workflow_sid secret pattern detected in the response." @@ -3400,7 +3400,7 @@ given response then end if if {latest.response} matches "multi[_-]?workspace[_-]?sid(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "multi_workspace_sid secret pattern detected in the response." @@ -3408,7 +3408,7 @@ given response then end if if {latest.response} matches "my[_-]?secret[_-]?env(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "my_secret_env secret pattern detected in the response." @@ -3416,7 +3416,7 @@ given response then end if if {latest.response} matches "mysql[_-]?database(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "mysql_database secret pattern detected in the response." @@ -3424,7 +3424,7 @@ given response then end if if {latest.response} matches "mysql[_-]?hostname(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "mysql_hostname secret pattern detected in the response." @@ -3432,7 +3432,7 @@ given response then end if if {latest.response} matches "mysql[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "mysql_password secret pattern detected in the response." @@ -3440,7 +3440,7 @@ given response then end if if {latest.response} matches "mysql[_-]?user(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "mysql_user secret pattern detected in the response." @@ -3448,7 +3448,7 @@ given response then end if if {latest.response} matches "mysql[_-]?username(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "mysql_username secret pattern detected in the response." @@ -3456,7 +3456,7 @@ given response then end if if {latest.response} matches "mysqlmasteruser(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "mysqlmasteruser secret pattern detected in the response." @@ -3464,7 +3464,7 @@ given response then end if if {latest.response} matches "mysqlsecret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "mysqlsecret secret pattern detected in the response." @@ -3472,7 +3472,7 @@ given response then end if if {latest.response} matches "nativeevents(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "nativeevents secret pattern detected in the response." @@ -3480,7 +3480,7 @@ given response then end if if {latest.response} matches "new[_-]?relic[_-]?beta[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "new_relic_beta_token secret pattern detected in the response." @@ -3488,7 +3488,7 @@ given response then end if if {latest.response} matches "nexus[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "nexus_password secret pattern detected in the response." @@ -3496,7 +3496,7 @@ given response then end if if {latest.response} matches "nexuspassword(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "nexuspassword secret pattern detected in the response." @@ -3504,7 +3504,7 @@ given response then end if if {latest.response} matches "ngrok[_-]?auth[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ngrok_auth_token secret pattern detected in the response." @@ -3512,7 +3512,7 @@ given response then end if if {latest.response} matches "ngrok[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ngrok_token secret pattern detected in the response." @@ -3520,7 +3520,7 @@ given response then end if if {latest.response} matches "node[_-]?env(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "node_env secret pattern detected in the response." @@ -3528,7 +3528,7 @@ given response then end if if {latest.response} matches "node[_-]?pre[_-]?gyp[_-]?accesskeyid(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "node_pre_gyp_accesskeyid secret pattern detected in the response." @@ -3536,7 +3536,7 @@ given response then end if if {latest.response} matches "node[_-]?pre[_-]?gyp[_-]?github[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "node_pre_gyp_github_token secret pattern detected in the response." @@ -3544,7 +3544,7 @@ given response then end if if {latest.response} matches "node[_-]?pre[_-]?gyp[_-]?secretaccesskey(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "node_pre_gyp_secretaccesskey secret pattern detected in the response." @@ -3552,7 +3552,7 @@ given response then end if if {latest.response} matches "non[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "non_token secret pattern detected in the response." @@ -3560,7 +3560,7 @@ given response then end if if {latest.response} matches "now[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "now_token secret pattern detected in the response." @@ -3568,7 +3568,7 @@ given response then end if if {latest.response} matches "npm[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "npm_api_key secret pattern detected in the response." @@ -3576,7 +3576,7 @@ given response then end if if {latest.response} matches "npm[_-]?api[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "npm_api_token secret pattern detected in the response." @@ -3584,7 +3584,7 @@ given response then end if if {latest.response} matches "npm[_-]?auth[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "npm_auth_token secret pattern detected in the response." @@ -3592,7 +3592,7 @@ given response then end if if {latest.response} matches "npm[_-]?email(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "npm_email secret pattern detected in the response." @@ -3600,7 +3600,7 @@ given response then end if if {latest.response} matches "npm[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "npm_password secret pattern detected in the response." @@ -3608,7 +3608,7 @@ given response then end if if {latest.response} matches "npm[_-]?secret[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "npm_secret_key secret pattern detected in the response." @@ -3616,7 +3616,7 @@ given response then end if if {latest.response} matches "npm[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "npm_token - 1 secret pattern detected in the response." @@ -3624,7 +3624,7 @@ given response then end if if {latest.response} matches "(oy2[a-z0-9]{43})" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "nuget_api_key - 1 secret pattern detected in the response." @@ -3632,7 +3632,7 @@ given response then end if if {latest.response} matches "nuget[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "nuget_api_key - 2 secret pattern detected in the response." @@ -3640,7 +3640,7 @@ given response then end if if {latest.response} matches "numbers[_-]?service[_-]?pass(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "numbers_service_pass secret pattern detected in the response." @@ -3648,7 +3648,7 @@ given response then end if if {latest.response} matches "oauth[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "oauth_token secret pattern detected in the response." @@ -3656,7 +3656,7 @@ given response then end if if {latest.response} matches "object[_-]?storage[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "object_storage_password secret pattern detected in the response." @@ -3664,7 +3664,7 @@ given response then end if if {latest.response} matches "object[_-]?storage[_-]?region[_-]?name(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "object_storage_region_name secret pattern detected in the response." @@ -3672,7 +3672,7 @@ given response then end if if {latest.response} matches "object[_-]?store[_-]?bucket(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "object_store_bucket secret pattern detected in the response." @@ -3680,7 +3680,7 @@ given response then end if if {latest.response} matches "object[_-]?store[_-]?creds(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "object_store_creds secret pattern detected in the response." @@ -3688,7 +3688,7 @@ given response then end if if {latest.response} matches "oc[_-]?pass(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "oc_pass secret pattern detected in the response." @@ -3696,7 +3696,7 @@ given response then end if if {latest.response} matches "octest[_-]?app[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "octest_app_password secret pattern detected in the response." @@ -3704,7 +3704,7 @@ given response then end if if {latest.response} matches "octest[_-]?app[_-]?username(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "octest_app_username secret pattern detected in the response." @@ -3712,7 +3712,7 @@ given response then end if if {latest.response} matches "octest[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "octest_password secret pattern detected in the response." @@ -3720,7 +3720,7 @@ given response then end if if {latest.response} matches "ofta[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ofta_key secret pattern detected in the response." @@ -3728,7 +3728,7 @@ given response then end if if {latest.response} matches "ofta[_-]?region(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ofta_region secret pattern detected in the response." @@ -3736,7 +3736,7 @@ given response then end if if {latest.response} matches "ofta[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ofta_secret secret pattern detected in the response." @@ -3744,7 +3744,7 @@ given response then end if if {latest.response} matches "okta[_-]?client[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "okta_client_token secret pattern detected in the response." @@ -3752,7 +3752,7 @@ given response then end if if {latest.response} matches "okta[_-]?oauth2[_-]?client[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "okta_oauth2_client_secret secret pattern detected in the response." @@ -3760,7 +3760,7 @@ given response then end if if {latest.response} matches "okta[_-]?oauth2[_-]?clientsecret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "okta_oauth2_clientsecret secret pattern detected in the response." @@ -3768,7 +3768,7 @@ given response then end if if {latest.response} matches "omise[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "omise_key secret pattern detected in the response." @@ -3776,7 +3776,7 @@ given response then end if if {latest.response} matches "omise[_-]?pkey(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "omise_pkey secret pattern detected in the response." @@ -3784,7 +3784,7 @@ given response then end if if {latest.response} matches "omise[_-]?pubkey(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "omise_pubkey secret pattern detected in the response." @@ -3792,7 +3792,7 @@ given response then end if if {latest.response} matches "omise[_-]?skey(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "omise_skey secret pattern detected in the response." @@ -3800,7 +3800,7 @@ given response then end if if {latest.response} matches "onesignal[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "onesignal_api_key secret pattern detected in the response." @@ -3808,7 +3808,7 @@ given response then end if if {latest.response} matches "onesignal[_-]?user[_-]?auth[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "onesignal_user_auth_key secret pattern detected in the response." @@ -3816,7 +3816,7 @@ given response then end if if {latest.response} matches "open[_-]?whisk[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "open_whisk_key secret pattern detected in the response." @@ -3824,7 +3824,7 @@ given response then end if if {latest.response} matches "openwhisk[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "openwhisk_key secret pattern detected in the response." @@ -3832,7 +3832,7 @@ given response then end if if {latest.response} matches "os[_-]?auth[_-]?url(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "os_auth_url secret pattern detected in the response." @@ -3840,7 +3840,7 @@ given response then end if if {latest.response} matches "os[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "os_password secret pattern detected in the response." @@ -3848,7 +3848,7 @@ given response then end if if {latest.response} matches "ossrh[_-]?jira[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ossrh_jira_password secret pattern detected in the response." @@ -3856,7 +3856,7 @@ given response then end if if {latest.response} matches "ossrh[_-]?pass(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ossrh_pass secret pattern detected in the response." @@ -3864,7 +3864,7 @@ given response then end if if {latest.response} matches "ossrh[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ossrh_password secret pattern detected in the response." @@ -3872,7 +3872,7 @@ given response then end if if {latest.response} matches "ossrh[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ossrh_secret secret pattern detected in the response." @@ -3880,7 +3880,7 @@ given response then end if if {latest.response} matches "ossrh[_-]?username(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ossrh_username secret pattern detected in the response." @@ -3888,7 +3888,7 @@ given response then end if if {latest.response} matches "(https://outlook.office.com/webhook/[0-9a-f-]{36}@)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "outlook_team secret pattern detected in the response." @@ -3896,7 +3896,7 @@ given response then end if if {latest.response} matches "packagecloud[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "packagecloud_token secret pattern detected in the response." @@ -3904,7 +3904,7 @@ given response then end if if {latest.response} matches "pagerduty[_-]?apikey(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "pagerduty_apikey secret pattern detected in the response." @@ -3912,7 +3912,7 @@ given response then end if if {latest.response} matches "parse[_-]?js[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "parse_js_key secret pattern detected in the response." @@ -3920,7 +3920,7 @@ given response then end if if {latest.response} matches "passwordtravis(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "passwordtravis secret pattern detected in the response." @@ -3928,7 +3928,7 @@ given response then end if if {latest.response} matches "(access_token$production$[0-9a-z]{16}$[0-9a-f]{32})" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "paypal_braintree_access_token secret pattern detected in the response." @@ -3936,7 +3936,7 @@ given response then end if if {latest.response} matches "paypal[_-]?client[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "paypal_client_secret secret pattern detected in the response." @@ -3944,7 +3944,7 @@ given response then end if if {latest.response} matches "percy[_-]?project(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "percy_project secret pattern detected in the response." @@ -3952,7 +3952,7 @@ given response then end if if {latest.response} matches "percy[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "percy_token secret pattern detected in the response." @@ -3960,7 +3960,7 @@ given response then end if if {latest.response} matches "personal[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "personal_key secret pattern detected in the response." @@ -3968,7 +3968,7 @@ given response then end if if {latest.response} matches "personal[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "personal_secret secret pattern detected in the response." @@ -3976,7 +3976,7 @@ given response then end if if {latest.response} matches "pg[_-]?database(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "pg_database secret pattern detected in the response." @@ -3984,7 +3984,7 @@ given response then end if if {latest.response} matches "pg[_-]?host(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "pg_host secret pattern detected in the response." @@ -3992,7 +3992,7 @@ given response then end if if {latest.response} matches "places[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "places_api_key secret pattern detected in the response." @@ -4000,7 +4000,7 @@ given response then end if if {latest.response} matches "places[_-]?apikey(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "places_apikey secret pattern detected in the response." @@ -4008,7 +4008,7 @@ given response then end if if {latest.response} matches "plotly[_-]?apikey(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "plotly_apikey secret pattern detected in the response." @@ -4016,7 +4016,7 @@ given response then end if if {latest.response} matches "plugin[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "plugin_password secret pattern detected in the response." @@ -4024,7 +4024,7 @@ given response then end if if {latest.response} matches "postgres[_-]?env[_-]?postgres[_-]?db(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "postgres_env_postgres_db secret pattern detected in the response." @@ -4032,7 +4032,7 @@ given response then end if if {latest.response} matches "postgres[_-]?env[_-]?postgres[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "postgres_env_postgres_password secret pattern detected in the response." @@ -4040,7 +4040,7 @@ given response then end if if {latest.response} matches "postgresql[_-]?db(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "postgresql_db secret pattern detected in the response." @@ -4048,7 +4048,7 @@ given response then end if if {latest.response} matches "postgresql[_-]?pass(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "postgresql_pass secret pattern detected in the response." @@ -4056,7 +4056,7 @@ given response then end if if {latest.response} matches "prebuild[_-]?auth(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "prebuild_auth secret pattern detected in the response." @@ -4064,7 +4064,7 @@ given response then end if if {latest.response} matches "preferred[_-]?username(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "preferred_username secret pattern detected in the response." @@ -4072,7 +4072,7 @@ given response then end if if {latest.response} matches "pring[_-]?mail[_-]?username(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "pring_mail_username secret pattern detected in the response." @@ -4080,7 +4080,7 @@ given response then end if if {latest.response} matches "-----(?:(?:BEGIN|END) )(?:(?:EC|PGP|DSA|RSA|OPENSSH).)?PRIVATE.KEY(.BLOCK)?-----" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "private_key secret pattern detected in the response." @@ -4088,7 +4088,7 @@ given response then end if if {latest.response} matches "private[_-]?signing[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "private_signing_password secret pattern detected in the response." @@ -4096,7 +4096,7 @@ given response then end if if {latest.response} matches "prod[_-]?access[_-]?key[_-]?id(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "prod_access_key_id secret pattern detected in the response." @@ -4104,7 +4104,7 @@ given response then end if if {latest.response} matches "prod[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "prod_password secret pattern detected in the response." @@ -4112,7 +4112,7 @@ given response then end if if {latest.response} matches "prod[_-]?secret[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "prod_secret_key secret pattern detected in the response." @@ -4120,7 +4120,7 @@ given response then end if if {latest.response} matches "project[_-]?config(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "project_config secret pattern detected in the response." @@ -4128,7 +4128,7 @@ given response then end if if {latest.response} matches "publish[_-]?access(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "publish_access secret pattern detected in the response." @@ -4136,7 +4136,7 @@ given response then end if if {latest.response} matches "publish[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "publish_key secret pattern detected in the response." @@ -4144,7 +4144,7 @@ given response then end if if {latest.response} matches "publish[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "publish_secret secret pattern detected in the response." @@ -4152,7 +4152,7 @@ given response then end if if {latest.response} matches "pushover[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "pushover_token secret pattern detected in the response." @@ -4160,7 +4160,7 @@ given response then end if if {latest.response} matches "pypi[_-]?passowrd(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "pypi_passowrd secret pattern detected in the response." @@ -4168,7 +4168,7 @@ given response then end if if {latest.response} matches "qiita[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "qiita_token secret pattern detected in the response." @@ -4176,7 +4176,7 @@ given response then end if if {latest.response} matches "quip[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "quip_token secret pattern detected in the response." @@ -4184,7 +4184,7 @@ given response then end if if {latest.response} matches "randrmusicapiaccesstoken(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "randrmusicapiaccesstoken secret pattern detected in the response." @@ -4192,7 +4192,7 @@ given response then end if if {latest.response} matches "redis[_-]?stunnel[_-]?urls(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "redis_stunnel_urls secret pattern detected in the response." @@ -4200,7 +4200,7 @@ given response then end if if {latest.response} matches "refresh[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "refresh_token secret pattern detected in the response." @@ -4208,7 +4208,7 @@ given response then end if if {latest.response} matches "registry[_-]?pass(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "registry_pass secret pattern detected in the response." @@ -4216,7 +4216,7 @@ given response then end if if {latest.response} matches "registry[_-]?secure(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "registry_secure secret pattern detected in the response." @@ -4224,7 +4224,7 @@ given response then end if if {latest.response} matches "release[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "release_token secret pattern detected in the response." @@ -4232,7 +4232,7 @@ given response then end if if {latest.response} matches "reporting[_-]?webdav[_-]?pwd(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "reporting_webdav_pwd secret pattern detected in the response." @@ -4240,7 +4240,7 @@ given response then end if if {latest.response} matches "reporting[_-]?webdav[_-]?url(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "reporting_webdav_url secret pattern detected in the response." @@ -4248,7 +4248,7 @@ given response then end if if {latest.response} matches "repotoken(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "repotoken secret pattern detected in the response." @@ -4256,7 +4256,7 @@ given response then end if if {latest.response} matches "rest[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "rest_api_key secret pattern detected in the response." @@ -4264,7 +4264,7 @@ given response then end if if {latest.response} matches "rinkeby[_-]?private[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "rinkeby_private_key secret pattern detected in the response." @@ -4272,7 +4272,7 @@ given response then end if if {latest.response} matches "ropsten[_-]?private[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ropsten_private_key secret pattern detected in the response." @@ -4280,7 +4280,7 @@ given response then end if if {latest.response} matches "route53[_-]?access[_-]?key[_-]?id(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "route53_access_key_id secret pattern detected in the response." @@ -4288,7 +4288,7 @@ given response then end if if {latest.response} matches "rtd[_-]?key[_-]?pass(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "rtd_key_pass secret pattern detected in the response." @@ -4296,7 +4296,7 @@ given response then end if if {latest.response} matches "rtd[_-]?store[_-]?pass(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "rtd_store_pass secret pattern detected in the response." @@ -4304,7 +4304,7 @@ given response then end if if {latest.response} matches "s3[_-]?access[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "s3_access_key secret pattern detected in the response." @@ -4312,7 +4312,7 @@ given response then end if if {latest.response} matches "s3[_-]?access[_-]?key[_-]?id(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "s3_access_key_id secret pattern detected in the response." @@ -4320,7 +4320,7 @@ given response then end if if {latest.response} matches "s3[_-]?bucket[_-]?name[_-]?app[_-]?logs(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "s3_bucket_name_app_logs secret pattern detected in the response." @@ -4328,7 +4328,7 @@ given response then end if if {latest.response} matches "s3[_-]?bucket[_-]?name[_-]?assets(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "s3_bucket_name_assets secret pattern detected in the response." @@ -4336,7 +4336,7 @@ given response then end if if {latest.response} matches "s3[_-]?external[_-]?3[_-]?amazonaws[_-]?com(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "s3_external_3_amazonaws_com secret pattern detected in the response." @@ -4344,7 +4344,7 @@ given response then end if if {latest.response} matches "s3[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "s3_key secret pattern detected in the response." @@ -4352,7 +4352,7 @@ given response then end if if {latest.response} matches "s3[_-]?key[_-]?app[_-]?logs(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "s3_key_app_logs secret pattern detected in the response." @@ -4360,7 +4360,7 @@ given response then end if if {latest.response} matches "s3[_-]?key[_-]?assets(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "s3_key_assets secret pattern detected in the response." @@ -4368,7 +4368,7 @@ given response then end if if {latest.response} matches "s3[_-]?secret[_-]?app[_-]?logs(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "s3_secret_app_logs secret pattern detected in the response." @@ -4376,7 +4376,7 @@ given response then end if if {latest.response} matches "s3[_-]?secret[_-]?assets(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "s3_secret_assets secret pattern detected in the response." @@ -4384,7 +4384,7 @@ given response then end if if {latest.response} matches "s3[_-]?secret[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "s3_secret_key secret pattern detected in the response." @@ -4392,7 +4392,7 @@ given response then end if if {latest.response} matches "s3[_-]?user[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "s3_user_secret secret pattern detected in the response." @@ -4400,7 +4400,7 @@ given response then end if if {latest.response} matches "sacloud[_-]?access[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sacloud_access_token secret pattern detected in the response." @@ -4408,7 +4408,7 @@ given response then end if if {latest.response} matches "sacloud[_-]?access[_-]?token[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sacloud_access_token_secret secret pattern detected in the response." @@ -4416,7 +4416,7 @@ given response then end if if {latest.response} matches "sacloud[_-]?api(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sacloud_api secret pattern detected in the response." @@ -4424,7 +4424,7 @@ given response then end if if {latest.response} matches "salesforce[_-]?bulk[_-]?test[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "salesforce_bulk_test_password secret pattern detected in the response." @@ -4432,7 +4432,7 @@ given response then end if if {latest.response} matches "salesforce[_-]?bulk[_-]?test[_-]?security[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "salesforce_bulk_test_security_token secret pattern detected in the response." @@ -4440,7 +4440,7 @@ given response then end if if {latest.response} matches "sandbox[_-]?access[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sandbox_access_token secret pattern detected in the response." @@ -4448,7 +4448,7 @@ given response then end if if {latest.response} matches "sandbox[_-]?aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sandbox_aws_access_key_id secret pattern detected in the response." @@ -4456,7 +4456,7 @@ given response then end if if {latest.response} matches "sandbox[_-]?aws[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sandbox_aws_secret_access_key secret pattern detected in the response." @@ -4464,7 +4464,7 @@ given response then end if if {latest.response} matches "sauce[_-]?access[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sauce_access_key secret pattern detected in the response." @@ -4472,7 +4472,7 @@ given response then end if if {latest.response} matches "(sauce.{0,50}(\"|')?[0-9a-f-]{36}(\"|')?)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sauce_token secret pattern detected in the response." @@ -4480,7 +4480,7 @@ given response then end if if {latest.response} matches "scrutinizer[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "scrutinizer_token secret pattern detected in the response." @@ -4488,7 +4488,7 @@ given response then end if if {latest.response} matches "sdr[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sdr_token secret pattern detected in the response." @@ -4496,7 +4496,7 @@ given response then end if if {latest.response} matches "secret[_-]?0(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "secret_0 secret pattern detected in the response." @@ -4504,7 +4504,7 @@ given response then end if if {latest.response} matches "secret[_-]?1(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "secret_1 secret pattern detected in the response." @@ -4512,7 +4512,7 @@ given response then end if if {latest.response} matches "secret[_-]?10(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "secret_10 secret pattern detected in the response." @@ -4520,7 +4520,7 @@ given response then end if if {latest.response} matches "secret[_-]?11(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "secret_11 secret pattern detected in the response." @@ -4528,7 +4528,7 @@ given response then end if if {latest.response} matches "secret[_-]?2(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "secret_2 secret pattern detected in the response." @@ -4536,7 +4536,7 @@ given response then end if if {latest.response} matches "secret[_-]?3(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "secret_3 secret pattern detected in the response." @@ -4544,7 +4544,7 @@ given response then end if if {latest.response} matches "secret[_-]?4(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "secret_4 secret pattern detected in the response." @@ -4552,7 +4552,7 @@ given response then end if if {latest.response} matches "secret[_-]?5(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "secret_5 secret pattern detected in the response." @@ -4560,7 +4560,7 @@ given response then end if if {latest.response} matches "secret[_-]?6(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "secret_6 secret pattern detected in the response." @@ -4568,7 +4568,7 @@ given response then end if if {latest.response} matches "secret[_-]?7(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "secret_7 secret pattern detected in the response." @@ -4576,7 +4576,7 @@ given response then end if if {latest.response} matches "secret[_-]?8(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "secret_8 secret pattern detected in the response." @@ -4584,7 +4584,7 @@ given response then end if if {latest.response} matches "secret[_-]?9(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "secret_9 secret pattern detected in the response." @@ -4592,7 +4592,7 @@ given response then end if if {latest.response} matches "secret[_-]?key[_-]?base(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "secret_key_base secret pattern detected in the response." @@ -4600,7 +4600,7 @@ given response then end if if {latest.response} matches "secretaccesskey(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "secretaccesskey secret pattern detected in the response." @@ -4608,7 +4608,7 @@ given response then end if if {latest.response} matches "secretkey(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "secretkey secret pattern detected in the response." @@ -4616,7 +4616,7 @@ given response then end if if {latest.response} matches "segment[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "segment_api_key secret pattern detected in the response." @@ -4624,7 +4624,7 @@ given response then end if if {latest.response} matches "selion[_-]?log[_-]?level[_-]?dev(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "selion_log_level_dev secret pattern detected in the response." @@ -4632,7 +4632,7 @@ given response then end if if {latest.response} matches "selion[_-]?selenium[_-]?host(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "selion_selenium_host secret pattern detected in the response." @@ -4640,7 +4640,7 @@ given response then end if if {latest.response} matches "sendgrid(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sendgrid - 2 secret pattern detected in the response." @@ -4648,7 +4648,7 @@ given response then end if if {latest.response} matches "sendgrid[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sendgrid_api_key - 1 secret pattern detected in the response." @@ -4656,7 +4656,7 @@ given response then end if if {latest.response} matches "sendgrid[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sendgrid_key secret pattern detected in the response." @@ -4664,7 +4664,7 @@ given response then end if if {latest.response} matches "sendgrid[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sendgrid_password secret pattern detected in the response." @@ -4672,7 +4672,7 @@ given response then end if if {latest.response} matches "sendgrid[_-]?user(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sendgrid_user secret pattern detected in the response." @@ -4680,7 +4680,7 @@ given response then end if if {latest.response} matches "sendgrid[_-]?username(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sendgrid_username secret pattern detected in the response." @@ -4688,7 +4688,7 @@ given response then end if if {latest.response} matches "sendwithus[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sendwithus_key secret pattern detected in the response." @@ -4696,7 +4696,7 @@ given response then end if if {latest.response} matches "sentry[_-]?auth[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sentry_auth_token secret pattern detected in the response." @@ -4704,7 +4704,7 @@ given response then end if if {latest.response} matches "sentry[_-]?default[_-]?org(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sentry_default_org secret pattern detected in the response." @@ -4712,7 +4712,7 @@ given response then end if if {latest.response} matches "sentry[_-]?endpoint(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sentry_endpoint secret pattern detected in the response." @@ -4720,7 +4720,7 @@ given response then end if if {latest.response} matches "sentry[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sentry_key secret pattern detected in the response." @@ -4728,7 +4728,7 @@ given response then end if if {latest.response} matches "service[_-]?account[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "service_account_secret secret pattern detected in the response." @@ -4736,7 +4736,7 @@ given response then end if if {latest.response} matches "ses[_-]?access[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ses_access_key secret pattern detected in the response." @@ -4744,7 +4744,7 @@ given response then end if if {latest.response} matches "ses[_-]?secret[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ses_secret_key secret pattern detected in the response." @@ -4752,7 +4752,7 @@ given response then end if if {latest.response} matches "setdstaccesskey(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "setdstaccesskey secret pattern detected in the response." @@ -4760,7 +4760,7 @@ given response then end if if {latest.response} matches "setdstsecretkey(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "setdstsecretkey secret pattern detected in the response." @@ -4768,7 +4768,7 @@ given response then end if if {latest.response} matches "setsecretkey(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "setsecretkey secret pattern detected in the response." @@ -4776,7 +4776,7 @@ given response then end if if {latest.response} matches "signing[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "signing_key secret pattern detected in the response." @@ -4784,7 +4784,7 @@ given response then end if if {latest.response} matches "signing[_-]?key[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "signing_key_password secret pattern detected in the response." @@ -4792,7 +4792,7 @@ given response then end if if {latest.response} matches "signing[_-]?key[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "signing_key_secret secret pattern detected in the response." @@ -4800,7 +4800,7 @@ given response then end if if {latest.response} matches "signing[_-]?key[_-]?sid(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "signing_key_sid secret pattern detected in the response." @@ -4808,7 +4808,7 @@ given response then end if if {latest.response} matches "(hooks.slack.com/services/T[A-Z0-9]{8}/B[A-Z0-9]{8}/[a-zA-Z0-9]{1,})" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "slack_webhook_url secret pattern detected in the response." @@ -4816,7 +4816,7 @@ given response then end if if {latest.response} matches "slash[_-]?developer[_-]?space(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "slash_developer_space secret pattern detected in the response." @@ -4824,7 +4824,7 @@ given response then end if if {latest.response} matches "slash[_-]?developer[_-]?space[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "slash_developer_space_key secret pattern detected in the response." @@ -4832,7 +4832,7 @@ given response then end if if {latest.response} matches "slate[_-]?user[_-]?email(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "slate_user_email secret pattern detected in the response." @@ -4840,7 +4840,7 @@ given response then end if if {latest.response} matches "snoowrap[_-]?client[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "snoowrap_client_secret secret pattern detected in the response." @@ -4848,7 +4848,7 @@ given response then end if if {latest.response} matches "snoowrap[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "snoowrap_password secret pattern detected in the response." @@ -4856,7 +4856,7 @@ given response then end if if {latest.response} matches "snoowrap[_-]?refresh[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "snoowrap_refresh_token secret pattern detected in the response." @@ -4864,7 +4864,7 @@ given response then end if if {latest.response} matches "snyk[_-]?api[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "snyk_api_token secret pattern detected in the response." @@ -4872,7 +4872,7 @@ given response then end if if {latest.response} matches "snyk[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "snyk_token secret pattern detected in the response." @@ -4880,7 +4880,7 @@ given response then end if if {latest.response} matches "socrata[_-]?app[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "socrata_app_token secret pattern detected in the response." @@ -4888,7 +4888,7 @@ given response then end if if {latest.response} matches "socrata[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "socrata_password secret pattern detected in the response." @@ -4896,7 +4896,7 @@ given response then end if if {latest.response} matches "sonar[_-]?organization[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sonar_organization_key secret pattern detected in the response." @@ -4904,7 +4904,7 @@ given response then end if if {latest.response} matches "sonar[_-]?project[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sonar_project_key secret pattern detected in the response." @@ -4912,7 +4912,7 @@ given response then end if if {latest.response} matches "sonar[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sonar_token secret pattern detected in the response." @@ -4920,7 +4920,7 @@ given response then end if if {latest.response} matches "(sonar.{0,50}(\"|')?[0-9a-f]{40}(\"|')?)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sonarqube_docs_api_key secret pattern detected in the response." @@ -4928,7 +4928,7 @@ given response then end if if {latest.response} matches "sonatype[_-]?gpg[_-]?key[_-]?name(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sonatype_gpg_key_name secret pattern detected in the response." @@ -4936,7 +4936,7 @@ given response then end if if {latest.response} matches "sonatype[_-]?gpg[_-]?passphrase(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sonatype_gpg_passphrase secret pattern detected in the response." @@ -4944,7 +4944,7 @@ given response then end if if {latest.response} matches "sonatype[_-]?nexus[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sonatype_nexus_password secret pattern detected in the response." @@ -4952,7 +4952,7 @@ given response then end if if {latest.response} matches "sonatype[_-]?pass(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sonatype_pass secret pattern detected in the response." @@ -4960,7 +4960,7 @@ given response then end if if {latest.response} matches "sonatype[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sonatype_password secret pattern detected in the response." @@ -4968,7 +4968,7 @@ given response then end if if {latest.response} matches "sonatype[_-]?token[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sonatype_token_password secret pattern detected in the response." @@ -4976,7 +4976,7 @@ given response then end if if {latest.response} matches "sonatype[_-]?token[_-]?user(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sonatype_token_user secret pattern detected in the response." @@ -4984,7 +4984,7 @@ given response then end if if {latest.response} matches "sonatypepassword(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sonatypepassword secret pattern detected in the response." @@ -4992,7 +4992,7 @@ given response then end if if {latest.response} matches "soundcloud[_-]?client[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "soundcloud_client_secret secret pattern detected in the response." @@ -5000,7 +5000,7 @@ given response then end if if {latest.response} matches "soundcloud[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "soundcloud_password secret pattern detected in the response." @@ -5008,7 +5008,7 @@ given response then end if if {latest.response} matches "spaces[_-]?access[_-]?key[_-]?id(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "spaces_access_key_id secret pattern detected in the response." @@ -5016,7 +5016,7 @@ given response then end if if {latest.response} matches "spaces[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "spaces_secret_access_key secret pattern detected in the response." @@ -5024,7 +5024,7 @@ given response then end if if {latest.response} matches "spotify[_-]?api[_-]?access[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "spotify_api_access_token secret pattern detected in the response." @@ -5032,7 +5032,7 @@ given response then end if if {latest.response} matches "spotify[_-]?api[_-]?client[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "spotify_api_client_secret secret pattern detected in the response." @@ -5040,7 +5040,7 @@ given response then end if if {latest.response} matches "spring[_-]?mail[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "spring_mail_password secret pattern detected in the response." @@ -5048,7 +5048,7 @@ given response then end if if {latest.response} matches "sqsaccesskey(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sqsaccesskey secret pattern detected in the response." @@ -5056,7 +5056,7 @@ given response then end if if {latest.response} matches "sqssecretkey(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sqssecretkey secret pattern detected in the response." @@ -5064,7 +5064,7 @@ given response then end if if {latest.response} matches "(sq0[a-z]{3}-[0-9A-Za-z-_]{20,50})" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "square_app_secret secret pattern detected in the response." @@ -5072,7 +5072,7 @@ given response then end if if {latest.response} matches "square[_-]?reader[_-]?sdk[_-]?repository[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "square_reader_sdk_repository_password secret pattern detected in the response." @@ -5080,7 +5080,7 @@ given response then end if if {latest.response} matches "srcclr[_-]?api[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "srcclr_api_token secret pattern detected in the response." @@ -5088,7 +5088,7 @@ given response then end if if {latest.response} matches "(sshpass -p.*['|\"])" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ssh_password secret pattern detected in the response." @@ -5096,7 +5096,7 @@ given response then end if if {latest.response} matches "sshpass(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "sshpass secret pattern detected in the response." @@ -5104,7 +5104,7 @@ given response then end if if {latest.response} matches "ssmtp[_-]?config(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "ssmtp_config secret pattern detected in the response." @@ -5112,7 +5112,7 @@ given response then end if if {latest.response} matches "staging[_-]?base[_-]?url[_-]?runscope(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "staging_base_url_runscope secret pattern detected in the response." @@ -5120,7 +5120,7 @@ given response then end if if {latest.response} matches "star[_-]?test[_-]?aws[_-]?access[_-]?key[_-]?id(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "star_test_aws_access_key_id secret pattern detected in the response." @@ -5128,7 +5128,7 @@ given response then end if if {latest.response} matches "star[_-]?test[_-]?bucket(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "star_test_bucket secret pattern detected in the response." @@ -5136,7 +5136,7 @@ given response then end if if {latest.response} matches "star[_-]?test[_-]?location(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "star_test_location secret pattern detected in the response." @@ -5144,7 +5144,7 @@ given response then end if if {latest.response} matches "star[_-]?test[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "star_test_secret_access_key secret pattern detected in the response." @@ -5152,7 +5152,7 @@ given response then end if if {latest.response} matches "starship[_-]?account[_-]?sid(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "starship_account_sid secret pattern detected in the response." @@ -5160,7 +5160,7 @@ given response then end if if {latest.response} matches "starship[_-]?auth[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "starship_auth_token secret pattern detected in the response." @@ -5168,7 +5168,7 @@ given response then end if if {latest.response} matches "stormpath[_-]?api[_-]?key[_-]?id(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "stormpath_api_key_id secret pattern detected in the response." @@ -5176,7 +5176,7 @@ given response then end if if {latest.response} matches "stormpath[_-]?api[_-]?key[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "stormpath_api_key_secret secret pattern detected in the response." @@ -5184,7 +5184,7 @@ given response then end if if {latest.response} matches "strip[_-]?publishable[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "strip_publishable_key secret pattern detected in the response." @@ -5192,7 +5192,7 @@ given response then end if if {latest.response} matches "strip[_-]?secret[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "strip_secret_key secret pattern detected in the response." @@ -5200,7 +5200,7 @@ given response then end if if {latest.response} matches "stripe[_-]?private(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "stripe_private secret pattern detected in the response." @@ -5208,7 +5208,7 @@ given response then end if if {latest.response} matches "stripe[_-]?public(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "stripe_public secret pattern detected in the response." @@ -5216,7 +5216,7 @@ given response then end if if {latest.response} matches "(rk_live_[0-9a-zA-Z]{24,34})" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "stripe_restricted_api secret pattern detected in the response." @@ -5224,7 +5224,7 @@ given response then end if if {latest.response} matches "(sk_live_[0-9a-zA-Z]{24,34})" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "stripe_standard_api secret pattern detected in the response." @@ -5232,7 +5232,7 @@ given response then end if if {latest.response} matches "surge[_-]?login(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "surge_login secret pattern detected in the response." @@ -5240,7 +5240,7 @@ given response then end if if {latest.response} matches "surge[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "surge_token secret pattern detected in the response." @@ -5248,7 +5248,7 @@ given response then end if if {latest.response} matches "svn[_-]?pass(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "svn_pass secret pattern detected in the response." @@ -5256,7 +5256,7 @@ given response then end if if {latest.response} matches "tesco[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "tesco_api_key secret pattern detected in the response." @@ -5264,7 +5264,7 @@ given response then end if if {latest.response} matches "test[_-]?github[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "test_github_token secret pattern detected in the response." @@ -5272,7 +5272,7 @@ given response then end if if {latest.response} matches "test[_-]?test(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "test_test secret pattern detected in the response." @@ -5280,7 +5280,7 @@ given response then end if if {latest.response} matches "tester[_-]?keys[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "tester_keys_password secret pattern detected in the response." @@ -5288,7 +5288,7 @@ given response then end if if {latest.response} matches "thera[_-]?oss[_-]?access[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "thera_oss_access_key secret pattern detected in the response." @@ -5296,7 +5296,7 @@ given response then end if if {latest.response} matches "token[_-]?core[_-]?java(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "token_core_java secret pattern detected in the response." @@ -5304,7 +5304,7 @@ given response then end if if {latest.response} matches "travis[_-]?access[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "travis_access_token secret pattern detected in the response." @@ -5312,7 +5312,7 @@ given response then end if if {latest.response} matches "travis[_-]?api[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "travis_api_token secret pattern detected in the response." @@ -5320,7 +5320,7 @@ given response then end if if {latest.response} matches "travis[_-]?branch(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "travis_branch secret pattern detected in the response." @@ -5328,7 +5328,7 @@ given response then end if if {latest.response} matches "travis[_-]?com[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "travis_com_token secret pattern detected in the response." @@ -5336,7 +5336,7 @@ given response then end if if {latest.response} matches "travis[_-]?e2e[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "travis_e2e_token secret pattern detected in the response." @@ -5344,7 +5344,7 @@ given response then end if if {latest.response} matches "travis[_-]?gh[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "travis_gh_token secret pattern detected in the response." @@ -5352,7 +5352,7 @@ given response then end if if {latest.response} matches "travis[_-]?pull[_-]?request(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "travis_pull_request secret pattern detected in the response." @@ -5360,7 +5360,7 @@ given response then end if if {latest.response} matches "trex[_-]?client[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "trex_client_token secret pattern detected in the response." @@ -5368,7 +5368,7 @@ given response then end if if {latest.response} matches "trex[_-]?okta[_-]?client[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "trex_okta_client_token secret pattern detected in the response." @@ -5376,7 +5376,7 @@ given response then end if if {latest.response} matches "twilio[_-]?configuration[_-]?sid(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "twilio_configuration_sid secret pattern detected in the response." @@ -5384,7 +5384,7 @@ given response then end if if {latest.response} matches "twilio[_-]?sid(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "twilio_sid secret pattern detected in the response." @@ -5392,7 +5392,7 @@ given response then end if if {latest.response} matches "twine[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "twine_password secret pattern detected in the response." @@ -5400,7 +5400,7 @@ given response then end if if {latest.response} matches "unity[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "unity_password secret pattern detected in the response." @@ -5408,7 +5408,7 @@ given response then end if if {latest.response} matches "unity[_-]?serial(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "unity_serial secret pattern detected in the response." @@ -5416,7 +5416,7 @@ given response then end if if {latest.response} matches "urban[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "urban_key secret pattern detected in the response." @@ -5424,7 +5424,7 @@ given response then end if if {latest.response} matches "urban[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "urban_secret secret pattern detected in the response." @@ -5432,7 +5432,7 @@ given response then end if if {latest.response} matches "us[_-]?east[_-]?1[_-]?elb[_-]?amazonaws[_-]?com(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "us_east_1_elb_amazonaws_com secret pattern detected in the response." @@ -5440,7 +5440,7 @@ given response then end if if {latest.response} matches "user[_-]?assets[_-]?secret[_-]?access[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "user_assets_secret_access_key secret pattern detected in the response." @@ -5448,7 +5448,7 @@ given response then end if if {latest.response} matches "usertravis(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "usertravis secret pattern detected in the response." @@ -5456,7 +5456,7 @@ given response then end if if {latest.response} matches "v[_-]?sfdc[_-]?client[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "v_sfdc_client_secret secret pattern detected in the response." @@ -5464,7 +5464,7 @@ given response then end if if {latest.response} matches "v[_-]?sfdc[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "v_sfdc_password secret pattern detected in the response." @@ -5472,7 +5472,7 @@ given response then end if if {latest.response} matches "vip[_-]?github[_-]?build[_-]?repo[_-]?deploy[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "vip_github_build_repo_deploy_key secret pattern detected in the response." @@ -5480,7 +5480,7 @@ given response then end if if {latest.response} matches "vip[_-]?github[_-]?deploy[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "vip_github_deploy_key secret pattern detected in the response." @@ -5488,7 +5488,7 @@ given response then end if if {latest.response} matches "vip[_-]?github[_-]?deploy[_-]?key[_-]?pass(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "vip_github_deploy_key_pass secret pattern detected in the response." @@ -5496,7 +5496,7 @@ given response then end if if {latest.response} matches "visual[_-]?recognition[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "visual_recognition_api_key secret pattern detected in the response." @@ -5504,7 +5504,7 @@ given response then end if if {latest.response} matches "vscetoken(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "vscetoken secret pattern detected in the response." @@ -5512,7 +5512,7 @@ given response then end if if {latest.response} matches "wakatime[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "wakatime_api_key secret pattern detected in the response." @@ -5520,7 +5520,7 @@ given response then end if if {latest.response} matches "watson[_-]?conversation[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "watson_conversation_password secret pattern detected in the response." @@ -5528,7 +5528,7 @@ given response then end if if {latest.response} matches "watson[_-]?device[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "watson_device_password secret pattern detected in the response." @@ -5536,7 +5536,7 @@ given response then end if if {latest.response} matches "watson[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "watson_password secret pattern detected in the response." @@ -5544,7 +5544,7 @@ given response then end if if {latest.response} matches "widget[_-]?basic[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "widget_basic_password secret pattern detected in the response." @@ -5552,7 +5552,7 @@ given response then end if if {latest.response} matches "widget[_-]?basic[_-]?password[_-]?2(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "widget_basic_password_2 secret pattern detected in the response." @@ -5560,7 +5560,7 @@ given response then end if if {latest.response} matches "widget[_-]?basic[_-]?password[_-]?3(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "widget_basic_password_3 secret pattern detected in the response." @@ -5568,7 +5568,7 @@ given response then end if if {latest.response} matches "widget[_-]?basic[_-]?password[_-]?4(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "widget_basic_password_4 secret pattern detected in the response." @@ -5576,7 +5576,7 @@ given response then end if if {latest.response} matches "widget[_-]?basic[_-]?password[_-]?5(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "widget_basic_password_5 secret pattern detected in the response." @@ -5584,7 +5584,7 @@ given response then end if if {latest.response} matches "widget[_-]?fb[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "widget_fb_password secret pattern detected in the response." @@ -5592,7 +5592,7 @@ given response then end if if {latest.response} matches "widget[_-]?fb[_-]?password[_-]?2(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "widget_fb_password_2 secret pattern detected in the response." @@ -5600,7 +5600,7 @@ given response then end if if {latest.response} matches "widget[_-]?fb[_-]?password[_-]?3(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "widget_fb_password_3 secret pattern detected in the response." @@ -5608,7 +5608,7 @@ given response then end if if {latest.response} matches "widget[_-]?test[_-]?server(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "widget_test_server secret pattern detected in the response." @@ -5616,7 +5616,7 @@ given response then end if if {latest.response} matches "wincert[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "wincert_password secret pattern detected in the response." @@ -5624,7 +5624,7 @@ given response then end if if {latest.response} matches "wordpress[_-]?db[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "wordpress_db_password secret pattern detected in the response." @@ -5632,7 +5632,7 @@ given response then end if if {latest.response} matches "wordpress[_-]?db[_-]?user(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "wordpress_db_user secret pattern detected in the response." @@ -5640,7 +5640,7 @@ given response then end if if {latest.response} matches "wpjm[_-]?phpunit[_-]?google[_-]?geocode[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "wpjm_phpunit_google_geocode_api_key secret pattern detected in the response." @@ -5648,7 +5648,7 @@ given response then end if if {latest.response} matches "wporg[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "wporg_password secret pattern detected in the response." @@ -5656,7 +5656,7 @@ given response then end if if {latest.response} matches "wpt[_-]?db[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "wpt_db_password secret pattern detected in the response." @@ -5664,7 +5664,7 @@ given response then end if if {latest.response} matches "wpt[_-]?db[_-]?user(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "wpt_db_user secret pattern detected in the response." @@ -5672,7 +5672,7 @@ given response then end if if {latest.response} matches "wpt[_-]?prepare[_-]?dir(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "wpt_prepare_dir secret pattern detected in the response." @@ -5680,7 +5680,7 @@ given response then end if if {latest.response} matches "wpt[_-]?report[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "wpt_report_api_key secret pattern detected in the response." @@ -5688,7 +5688,7 @@ given response then end if if {latest.response} matches "wpt[_-]?ssh[_-]?connect(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "wpt_ssh_connect secret pattern detected in the response." @@ -5696,7 +5696,7 @@ given response then end if if {latest.response} matches "wpt[_-]?ssh[_-]?private[_-]?key[_-]?base64(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "wpt_ssh_private_key_base64 secret pattern detected in the response." @@ -5704,7 +5704,7 @@ given response then end if if {latest.response} matches "www[_-]?googleapis[_-]?com(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "www_googleapis_com secret pattern detected in the response." @@ -5712,7 +5712,7 @@ given response then end if if {latest.response} matches "yangshun[_-]?gh[_-]?password(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "yangshun_gh_password secret pattern detected in the response." @@ -5720,7 +5720,7 @@ given response then end if if {latest.response} matches "yangshun[_-]?gh[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "yangshun_gh_token secret pattern detected in the response." @@ -5728,7 +5728,7 @@ given response then end if if {latest.response} matches "yt[_-]?account[_-]?client[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "yt_account_client_secret secret pattern detected in the response." @@ -5736,7 +5736,7 @@ given response then end if if {latest.response} matches "yt[_-]?account[_-]?refresh[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "yt_account_refresh_token secret pattern detected in the response." @@ -5744,7 +5744,7 @@ given response then end if if {latest.response} matches "yt[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "yt_api_key secret pattern detected in the response." @@ -5752,7 +5752,7 @@ given response then end if if {latest.response} matches "yt[_-]?client[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "yt_client_secret secret pattern detected in the response." @@ -5760,7 +5760,7 @@ given response then end if if {latest.response} matches "yt[_-]?partner[_-]?client[_-]?secret(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "yt_partner_client_secret secret pattern detected in the response." @@ -5768,7 +5768,7 @@ given response then end if if {latest.response} matches "yt[_-]?partner[_-]?refresh[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "yt_partner_refresh_token secret pattern detected in the response." @@ -5776,7 +5776,7 @@ given response then end if if {latest.response} matches "yt[_-]?server[_-]?api[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "yt_server_api_key secret pattern detected in the response." @@ -5784,7 +5784,7 @@ given response then end if if {latest.response} matches "zendesk[_-]?travis[_-]?github(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "zendesk_travis_github secret pattern detected in the response." @@ -5792,7 +5792,7 @@ given response then end if if {latest.response} matches "zensonatypepassword(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "zensonatypepassword secret pattern detected in the response." @@ -5800,7 +5800,7 @@ given response then end if if {latest.response} matches "zhuliang[_-]?gh[_-]?token(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "zhuliang_gh_token secret pattern detected in the response." @@ -5808,7 +5808,7 @@ given response then end if if {latest.response} matches "zopim[_-]?account[_-]?key(=| =|:| :)" then - report issue: + report issue and continue: severity: medium confidence: tentative detail: "zopim_account_key secret pattern detected in the response." From c1260d6b7a0a3a6fc256a81363643c1e1a7414f2 Mon Sep 17 00:00:00 2001 From: Khaled Mohamed <46958133+xElkomy@users.noreply.github.com> Date: Thu, 25 Jan 2024 18:32:10 +0200 Subject: [PATCH 5/6] Rename tentative.bcheck to Tentative-leaks-checker.bcheck --- other/tokens/{tentative.bcheck => Tentative-leaks-checker.bcheck} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename other/tokens/{tentative.bcheck => Tentative-leaks-checker.bcheck} (100%) diff --git a/other/tokens/tentative.bcheck b/other/tokens/Tentative-leaks-checker.bcheck similarity index 100% rename from other/tokens/tentative.bcheck rename to other/tokens/Tentative-leaks-checker.bcheck From 8f488fd4e82e38807cd1318cb325402a7069688f Mon Sep 17 00:00:00 2001 From: Khaled Mohamed <46958133+xElkomy@users.noreply.github.com> Date: Thu, 25 Jan 2024 18:32:20 +0200 Subject: [PATCH 6/6] Rename certain.bcheck to Certain-leaks-checker.bcheck --- other/tokens/{certain.bcheck => Certain-leaks-checker.bcheck} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename other/tokens/{certain.bcheck => Certain-leaks-checker.bcheck} (100%) diff --git a/other/tokens/certain.bcheck b/other/tokens/Certain-leaks-checker.bcheck similarity index 100% rename from other/tokens/certain.bcheck rename to other/tokens/Certain-leaks-checker.bcheck