secret-scan-cli
Version:
A tool to scan codebases for potential secrets and sensitive information
21 lines (20 loc) • 1.19 kB
JavaScript
// src/config.js
export const patterns = {
apiKey: /(?:api[_-]?key|api|token|secret)[^a-zA-Z0-9]*[=:]\s*["']?[a-zA-Z0-9_-]{32,}["']?/gi,
password: /(?:password|pass|pwd)[^a-zA-Z0-9]*[=:]\s*["'].+["']/gi,
dbUrl: /(?:postgres|postgresql|mysql|mongodb):\/\/[^:]+:[^@]+@/gi,
jwt: /eyJ[a-zA-Z0-9]{10,}\.[a-zA-Z0-9]{10,}\.[a-zA-Z0-9_-]{10,}/gi,
awsAccessKeyId: /AKIA[0-9A-Z]{16}/gi,
awsSecretAccessKey: /[0-9a-zA-Z/+]{40}/gi,
stripeApiKey: /sk_(live|test)_[0-9a-zA-Z-]{24,}/gi,
githubToken: /ghp_[0-9a-zA-Z]{36}/,
slackToken: /xox[baprs]-[0-9a-zA-Z-]{10,48}/,
googleApiKey: /AIza[0-9A-Za-z_-]{35}/,
sshPrivateKey: /-----BEGIN (RSA|DSA|EC|OPENSSH) PRIVATE KEY-----/,
email: /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/,
ipAddress: /(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/,
basicAuth: /https?:\/\/[^:]+:[^@]+@/,
oauthToken: /[0-9a-fA-F]{32}-[0-9a-fA-F]{32}/,
genericSecret: /(?:secret|key|token)[^a-zA-Z0-9]{0,20}["'][0-9a-zA-Z]{16,}["']/,
};
export const ignorePaths = ['node_modules', '.git', '.DS_Store'];