-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathlucha.yaml
185 lines (185 loc) · 8.17 KB
/
lucha.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
version: 0.0.1
lucha:
rules:
- code: DFKM001
name: "Passwords"
description: "Matches if the word `password` (case insensitive) exists in the code"
message: "Line may contain a password"
attribution: "DKFM" # Can be omitted
regex: "(?i)\\bpassword\\b"
severity: 0 # Informational, Can be omitted as the default is 0
- code: DFKM002
name: "Github"
description: "Searches for github personal access tokens inside the code"
message: "Line may contain a github personal access token"
attribution: DKFM
regex: "^[0-9a-f]{40}$"
severity: 4
- code: DFKM003
name: "AWS"
description: "Searches for AWS client identifiers inside the code"
message: "Line contains an AWS client identifier"
attribution: "https://github.com/odomojuli/RegExAPI"
regex: "AKIA[0-9A-Z]{16}"
severity: 4
- code: DFKM004
name: "AWS"
description: "Searches for hardcoded AWS access keys inside the code"
message: "Line may contain an AWS access key"
attribution: "https://github.com/odomojuli/RegExAPI"
regex: "[0-9a-zA-Z/+]{40}"
severity: 4
- code: DFKM005
name: "Mailgun"
description: "Searches for a Mailgun API key inside the code"
message: "Line contains a Mailgun API key"
attribution: "https://github.com/odomojuli/RegExAPI"
regex: "key-[0-9a-zA-Z]{32}"
severity: 3
- code: DKFM007
name: "Twitter"
description: "Searches for a Twitter access token inside the code"
message: "Line may contain a Twitter access token"
attribution: "https://github.com/odomojuli/RegExAPI"
regex: "[1-9][ 0-9]+-[0-9a-zA-Z]{40}"
severity: 2
- code: DKFM008
name: "Facebook"
description: "Searches for a Facebook access token inside the code"
message: "Line contains a Facebook access token"
attribution: "https://github.com/odomojuli/RegExAPI"
regex: "EAACEdEose0cBA[0-9A-Za-z]+"
severity: 2
- code: DKFM009
name: "Google API Key"
description: "Searches for a Google API Key inside the code"
message: "Line contains a Google API key"
attribution: "https://github.com/odomojuli/RegExAPI"
regex: "AIza[0-9A-Za-z-_]{35}"
severity: 2
- code: DKFM010
name: "Stripe API Key"
description: "Searches for a Stripe Standard or Restricted API Key inside the code"
message: "Line contains a Stripe Standard or Restricted API Key"
attribution: "https://github.com/odomojuli/RegExAPI"
regex: "sk_live_[0-9a-zA-Z]{24}"
severity: 4
- code: DKFM011
name: "Square Access Token"
description: "Searches for a Square access token inside the code"
message: "Line contains a Square access token"
attribution: "https://github.com/odomojuli/RegExAPI"
regex: "sqOatp-[0-9A-Za-z-_]{22}"
severity: 4
- code: DKFM012
name: "Square OAuth Secret"
description: "Searches for a Square OAuth Secret inside the code"
message: "Line contains a Square OAuth Secret"
attribution: "https://github.com/odomojuli/RegExAPI"
regex: "q0csp-[ 0-9A-Za-z-_]{43}"
severity: 4
- code: DKFM013
name: "PayPal/Braintree Access Token"
description: "Searches for a PayPal/Braintree access token inside the code"
message: "Line contains a PayPal/Braintree access token"
attribution: "https://github.com/odomojuli/RegExAPI"
regex: "access_token,production$[0-9a-z]{161[0-9a,]{32}"
severity: 4
- code: DKFM014
name: "AMS"
description: "Searches for an AMS auth token inside the code"
message: "Line contains a AMS auth token"
attribution: "https://github.com/odomojuli/RegExAPI"
regex: "amzn.mws.[0-9a-f]{8}-[0-9a-f]{4}-10-9a-f1{4}-[0-9a,]{4}-[0-9a-f]{12}"
severity: 4
- code: DKFM015
name: "MailChimp"
description: "Searches for a MailChimp API Key inside the code"
message: "Line contains a MailChimp API key"
attribution: "https://github.com/odomojuli/RegExAPI"
regex: "0-9a-f]{32}-us[0-9]{1,2}"
severity: 3
- code: DKFM016
name: "Slack API Key"
description: "Searches for a Slack API Key inside the code"
message: "Line contains a Slack API key"
attribution: "https://github.com/odomojuli/RegExAPI"
regex: "xox[baprs]-[0-9]{12}-[0-9]{12}-[0-9a-zA-Z]{24}"
severity: 3
- code: DKFM017
name: "Slack Access Tokens"
description: "Searches for a Slack access token inside the code"
message: "Line contains a Slack access token"
attribution: "https://github.com/odomojuli/RegExAPI"
regex: "T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}"
severity: 3
- code: DKFM018
name: "GCP OAuth2.0"
description: "Searches for a GCP OAuth2.0 token inside the code"
message: "Line contains a GCP OAuth2.0 token"
attribution: "https://github.com/odomojuli/RegExAPI"
regex: "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"
severity: 4
- code: DKFM019
name: "GCP API Key"
description: "Searches for a GCP API Key inside the code"
message: "Line contains a GCP API Key"
attribution: "https://github.com/odomojuli/RegExAPI"
regex: "[A-Za-z0-9_]{21}--[A-Za-z0-9_]{8}"
severity: 4
- code: DKFM020
name: "Heroku API Key"
description: "Searches for a Heroku API Key inside the code"
message: "Line may contain a Herouku API Key"
attribution: "https://github.com/odomojuli/RegExAPI"
regex: "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}"
severity: 3
- code: DKFM020
name: "Artifactory API token"
description: "Searches for an Artifactory API token inside the code"
message: "Line contains an Artifactory API Key"
attribution: "https://github.com/l4yton/RegHex"
regex: "(?:\\s|=|:|\"|^)AKC[a-zA-Z0-9]{10,}"
severity: 2
- code: DKFM021
name: "Artifactory Password"
description: "Searches for an Artifactory password inside the code"
message: "Line may contain an Artifactory password"
attribution: "https://github.com/l4yton/RegHex"
regex: "(?:\\s|=|:|\"|^)AP[\\dABCDEF][a-zA-Z0-9]{8,}"
severity: 2
- code: DKFM022
name: "Vault Token"
description: "Searches for a Hashicorp Vault token inside the code"
message: "Line may contain a Hashicorp Vault token "
attribution: "https://github.com/l4yton/RegHex"
regex: "[sb]\\.[a-zA-Z0-9]{24}"
severity: 4
# - code: DKFM023
# name: "Parameterized URLs"
# description: "Searches for parametrized URLs inside the code"
# message: "Line may contain a parametrized URL "
# attribution: "https://github.com/l4yton/RegHex"
# regex: "^((http[s]?|ftp):\\/)?\\/?([^:\\/\\s]+)((\\/\\w+)*\\/)([\\w\\-\\.]+[^#?\\s]+)(.*)?(#[\\w\\-]+)?$"
# severity: 4
- code: DKFM24
name: "Social Security Number"
description: "Searches for a Social Security Number inside the code"
message: "Line may contain a Social Security Number"
attribution: "https://github.com/l4yton/RegHex"
regex: "^(\\d{3}-\\d{2}-\\d{4})|(\\d{3}\\d{2}\\d{4})$"
severity: 3
- code: DKFM25
name: "Email Address"
description: "Searches for an email address inside the code"
message: "Line contains an email address"
attribution: "https://emailregex.com/"
regex: "(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|\"(?:[\\x01-\\x08\\x0b\\x0c\\x0e-\\x1f\\x21\\x23-\\x5b\\x5d-\\x7f]|\\\\[\\x01-\\x09\\x0b\\x0c\\x0e-\\x7f])*\")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\\x01-\\x08\\x0b\\x0c\\x0e-\\x1f\\x21-\\x5a\\x53-\\x7f]|\\\\[\\x01-\\x09\\x0b\\x0c\\x0e-\\x7f])+)\\])"
severity: 1
- code: DKFM26
name: "Phone Number (North America)"
description: "Searches for a North American phone number inside the code"
message: "Line contains a phone number"
attribution: "https://regexlib.com/"
regex: "((\\(\\d{3}\\)?)|(\\d{3}))([\\s-./]?)(\\d{3})([\\s-./]?)(\\d{4})"
severity: 1