From 6813e89b2eb931fad163b7fa6250bb4a55ab51b6 Mon Sep 17 00:00:00 2001 From: jmagee Date: Fri, 3 May 2024 13:42:30 +0100 Subject: [PATCH] NEW SAST --- IAC/ec2.tf | 34 -- IAC/s3.tf | 152 --------- IAC/s3bucket.yaml | 29 -- IAC/storage.bicep | 49 --- SCA/pom.xml | 128 -------- SCA/requirements.txt | 38 --- Secrets/app1.js | 2 - Secrets/config.js | 2 - Secrets/secrets.txt | 758 ------------------------------------------- main.py | 2 +- 10 files changed, 1 insertion(+), 1193 deletions(-) delete mode 100644 IAC/ec2.tf delete mode 100644 IAC/s3.tf delete mode 100644 IAC/s3bucket.yaml delete mode 100644 IAC/storage.bicep delete mode 100644 SCA/pom.xml delete mode 100644 SCA/requirements.txt delete mode 100644 Secrets/app1.js delete mode 100644 Secrets/config.js delete mode 100644 Secrets/secrets.txt diff --git a/IAC/ec2.tf b/IAC/ec2.tf deleted file mode 100644 index 7302c82..0000000 --- a/IAC/ec2.tf +++ /dev/null @@ -1,34 +0,0 @@ -resource "aws_instance" "web_host" { - # ec2 have plain text secrets in user data - ami = "${var.ami}" - instance_type = "t2.nano" - - vpc_security_group_ids = [ - "${aws_security_group.web-node.id}"] - subnet_id = "${aws_subnet.web_subnet.id}" - user_data = <Deployed via Terraform" | sudo tee /var/www/html/index.html -EOF - tags = merge({ - Name = "${local.resource_prefix.value}-ec2" - }, { - git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" - git_file = "terraform/aws/ec2.tf" - git_last_modified_at = "2020-06-16 14:46:24" - git_last_modified_by = "jmagee@paloaltonetworks.com" - git_modifiers = "jmagee" - git_org = "bridgecrewio" - git_repo = "terragoat" - yor_trace = "347af3cd-4f70-4632-aca3-4d5e30ffc0b6" - }, { - yor_name = "web_host" - }) -} diff --git a/IAC/s3.tf b/IAC/s3.tf deleted file mode 100644 index b8a52d5..0000000 --- a/IAC/s3.tf +++ /dev/null @@ -1,152 +0,0 @@ -resource "aws_s3_bucket" "data" { - # bucket is public - # bucket is not encrypted - # bucket does not have access logs - # bucket does not have versioning - bucket = "${local.resource_prefix.value}-data" - force_destroy = true - tags = merge({ - Name = "${local.resource_prefix.value}-data" - Environment = local.resource_prefix.value - }, { - git_commit = "4d57f83ca4d3a78a44fb36d1dcf0d23983fa44f5" - git_file = "terraform/aws/s3.tf" - git_last_modified_at = "2022-05-18 07:08:06" - git_last_modified_by = "jmagee@paloaltonetworks.com" - git_modifiers = "34870196+LironElbaz/nimrod/nimrodkor/jmagee" - git_org = "bridgecrewio" - git_repo = "terragoat" - yor_trace = "0874007d-903a-4b4c-945f-c9c233e13243" - }, { - yor_name = "data" - }) -} - -resource "aws_s3_bucket_object" "data_object" { - bucket = aws_s3_bucket.data.id - key = "customer-master.xlsx" - source = "resources/customer-master.xlsx" - tags = merge({ - Name = "${local.resource_prefix.value}-customer-master" - Environment = local.resource_prefix.value - }, { - git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" - git_file = "terraform/aws/s3.tf" - git_last_modified_at = "2020-06-16 14:46:24" - git_last_modified_by = "njmagee@paloaltonetworks.com" - git_modifiers = "jmagee" - git_org = "bridgecrewio" - git_repo = "terragoat" - yor_trace = "a7f01cc7-63c2-41a8-8555-6665e5e39a64" - }, { - yor_name = "data_object" - }) -} - -resource "aws_s3_bucket" "financials" { - # bucket is not encrypted - # bucket does not have access logs - # bucket does not have versioning - bucket = "${local.resource_prefix.value}-financials" - acl = "private" - force_destroy = true - tags = merge({ - Name = "${local.resource_prefix.value}-financials" - Environment = local.resource_prefix.value - }, { - git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" - git_file = "terraform/aws/s3.tf" - git_last_modified_at = "2020-06-16 14:46:24" - git_last_modified_by = "jmagee@paloaltonetworks.com" - git_modifiers = "jmagee" - git_org = "bridgecrewio" - git_repo = "terragoat" - yor_trace = "0e012640-b597-4e5d-9378-d4b584aea913" - }, { - yor_name = "financials" - }) - -} - -resource "aws_s3_bucket" "operations" { - # bucket is not encrypted - # bucket does not have access logs - bucket = "${local.resource_prefix.value}-operations" - acl = "private" - versioning { - enabled = true - } - force_destroy = true - tags = merge({ - Name = "${local.resource_prefix.value}-operations" - Environment = local.resource_prefix.value - }, { - git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" - git_file = "terraform/aws/s3.tf" - git_last_modified_at = "2020-06-16 14:46:24" - git_last_modified_by = "jmagee@paloaltonetworks.com" - git_modifiers = "jmagee" - git_org = "bridgecrewio" - git_repo = "terragoat" - yor_trace = "29efcf7b-22a8-4bd6-8e14-1f55b3a2d743" - }, { - yor_name = "operations" - }) -} - -resource "aws_s3_bucket" "data_science" { - # bucket is not encrypted - bucket = "${local.resource_prefix.value}-data-science" - acl = "private" - versioning { - enabled = true - } - logging { - target_bucket = "${aws_s3_bucket.logs.id}" - target_prefix = "log/" - } - force_destroy = true - tags = { - git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" - git_file = "terraform/aws/s3.tf" - git_last_modified_at = "2020-06-16 14:46:24" - git_last_modified_by = "jmagee@paloaltonetworks.com" - git_modifiers = "jmagee" - git_org = "bridgecrewio" - git_repo = "terragoat" - yor_trace = "9a7c8788-5655-4708-bbc3-64ead9847f64" - yor_name = "data_science" - } -} - -resource "aws_s3_bucket" "logs" { - bucket = "${local.resource_prefix.value}-logs" - acl = "log-delivery-write" - versioning { - enabled = true - } - server_side_encryption_configuration { - rule { - apply_server_side_encryption_by_default { - sse_algorithm = "aws:kms" - kms_master_key_id = "${aws_kms_key.logs_key.arn}" - } - } - } - force_destroy = true - tags = merge({ - Name = "${local.resource_prefix.value}-logs" - Environment = local.resource_prefix.value - }, { - git_commit = "d68d2897add9bc2203a5ed0632a5cdd8ff8cefb0" - git_file = "terraform/aws/s3.tf" - git_last_modified_at = "2020-06-16 14:46:24" - git_last_modified_by = "jmagee@paloaltonetworks.com" - git_modifiers = "jmagee" - git_org = "bridgecrewio" - git_repo = "terragoat" - yor_trace = "01946fe9-aae2-4c99-a975-e9b0d3a4696c" - }, { - yor_name = "logs" - }) -} diff --git a/IAC/s3bucket.yaml b/IAC/s3bucket.yaml deleted file mode 100644 index a7c1b58..0000000 --- a/IAC/s3bucket.yaml +++ /dev/null @@ -1,29 +0,0 @@ -AWSTemplateFormatVersion: '2010-09-09' -Metadata: - License: Apache-2.0 -Description: 'AWS CloudFormation Sample Template S3_Website_Bucket_With_Retain_On_Delete: - Sample template showing how to create a publicly accessible S3 bucket configured - for website access with a deletion policy of retain on delete. **WARNING** This - template creates an S3 bucket that will NOT be deleted when the stack is deleted. - You will be billed for the AWS resources used if you create a stack from this template.' -Resources: - S3Bucket: - Type: AWS::S3::Bucket - Properties: - AccessControl: PublicRead - WebsiteConfiguration: - IndexDocument: index.html - ErrorDocument: error.html - Tags: - - Key: yor_trace - Value: c7a9755f-ba4e-430c-935f-b5cc157d14d0 - - Key: yor_name - Value: S3Bucket - DeletionPolicy: Retain -Outputs: - WebsiteURL: - Value: !GetAtt [S3Bucket, WebsiteURL] - Description: URL for website hosted on S3 - S3BucketSecureURL: - Value: !Join ['', ['https://', !GetAtt [S3Bucket, DomainName]]] - Description: Name of S3 bucket to hold website content \ No newline at end of file diff --git a/IAC/storage.bicep b/IAC/storage.bicep deleted file mode 100644 index 9dd77d4..0000000 --- a/IAC/storage.bicep +++ /dev/null @@ -1,49 +0,0 @@ -@description('Name of environment') -param env string = 'dev' - -@description('Default location for all resources.') -param location string = resourceGroup().location - -var name = 'bicepgoat' - -resource datadisk 'Microsoft.Compute/disks@2021-12-01' = { - name: '${name}-disk-${env}' - location: location - sku: { - name: 'Standard_LRS' - } - - properties: { - diskSizeGB: 10 - encryptionSettingsCollection: { - enabled: false - } - } -} - -resource storageAccount 'Microsoft.Storage/storageAccounts@2021-01-01' = { - name: '${name}-sa-${env}' - location: location - kind: 'StorageV2' - sku: { - name: 'Standard_GRS' - } - - properties: { - supportsHttpsTrafficOnly: false - - networkAcls: { - bypass: 'None' - defaultAction: 'Deny' - } - } - - resource configWeb 'config' = { - name: 'web' - - properties: { - minTlsVersion: '1.1' - remoteDebuggingEnabled: true - } - } -} \ No newline at end of file diff --git a/SCA/pom.xml b/SCA/pom.xml deleted file mode 100644 index c245fb2..0000000 --- a/SCA/pom.xml +++ /dev/null @@ -1,128 +0,0 @@ - - 4.0.0 - com.checkmarx.app - sca-big-goat - jar - 1.0-SNAPSHOT - sca-big-goat - http://maven.apache.org - - - - ${org.checkerframework:jdk8:jar} - - - - - commons-httpclient - commons-httpclient - 3.1 - - - commons-collections - commons-collections - 3.2.2 - - - dom4j - dom4j - 1.6.1 - - - axis - axis - 1.4 - - - org.apache.httpcomponents - httpasyncclient - 4.1.4 - - - ca.juliusdavies - not-yet-commons-ssl - 0.3.9 - - - org.bouncycastle - bcprov-jdk15 - 1.46 - - - org.webjars - jquery - 3.5.1 - - - org.beanshell - bsh - 2.0b5 - - - org.codehaus.jackson - jackson-core-asl - 1.9.13 - - - org.mortbay.jetty - jetty-util - 6.1.26 - - - io.netty - netty - 3.10.6.Final - - - log4j - log4j - 1.2.17 - - - net.sf.dozer - dozer - 5.5.1 - - - org.beanshell - bsh - 2.0b4 - - - org.codehaus.jackson - jackson-mapper-asl - 1.9.13 - - - taglibs - standard - 1.1.2 - - - org.simpleframework - simple-xml - 2.7.1 - - - ant - ant - 1.6.5 - - - org.apache.spark - spark-core_2.11 - 2.4.7 - - - org.mortbay.jetty - jetty - 6.1.26 - - - org.apache.hadoop - hadoop-yarn-server-nodemanager - 3.3.0 - - - diff --git a/SCA/requirements.txt b/SCA/requirements.txt deleted file mode 100644 index 6ecc4ce..0000000 --- a/SCA/requirements.txt +++ /dev/null @@ -1,38 +0,0 @@ -parso==0.8.1 -pycrypto==2.6.1 -oauth2==1.9.0.post1 -httplib2==0.17.4 -Django==1.11.1 -PyYAML==3.13 -urllib3==1.23 -requests==2.2.1 -PyYAML==5.1 -Django==1.7.1 -ansible==2.8.8 -Werkzeug==0.15.3 -urllib3==1.25.2 -Jinja2==2.10.1 -Pygments==2.0.2 -pandas==0.24.2 -python-gnupg==0.4.3 -PyJWT==0.4.2 -rsa==3.4.2 -requests==2.19.1 -urllib3==1.24.2 -Django==3.1 -Pillow==7.1.0 -pycrypto==2.4 -tensorflow==1.14.0 -Jinja2==2.7.2 -Flask==0.11.1 -feedparser==5.1.1 -mercurial==4.8.2 -buildbot==0.7.11 -notebook==5.7.10 -httplib2==0.12.0 -lodash==3.10.1 -sphinx==3.0.3 -sphinx-py3doc-enhanced-theme==2.4.0 -docutils==0.16 --e . - diff --git a/Secrets/app1.js b/Secrets/app1.js deleted file mode 100644 index 7490c8a..0000000 --- a/Secrets/app1.js +++ /dev/null @@ -1,2 +0,0 @@ -const SEC_1 = "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" -const SEC_3 = "dsapi45202d12abdce73c004a9e0be24a21b2" \ No newline at end of file diff --git a/Secrets/config.js b/Secrets/config.js deleted file mode 100644 index 2b091da..0000000 --- a/Secrets/config.js +++ /dev/null @@ -1,2 +0,0 @@ -const CIRCLE_CI = "2065ae463be5e534bb1d074a366d44e7a776d472" -const JIRA = "5FP0NmFYz81U32XdjNb42762" diff --git a/Secrets/secrets.txt b/Secrets/secrets.txt deleted file mode 100644 index f0c265f..0000000 --- a/Secrets/secrets.txt +++ /dev/null @@ -1,758 +0,0 @@ -Rule ID: adafruit-api-key -Description: Identified a potential Adafruit API Key, which could lead to unauthorized access to Adafruit services and sensitive data exposure. -Generated Example: adafruitqz3c73_r00rtfs21k::=x9rl0auaictrq_vjmdvbdtw4_lt9hd0o - -Rule ID: adobe-client-id -Description: Detected a pattern that resembles an Adobe OAuth Web Client ID, posing a risk of compromised Adobe integrations and data breaches. -Generated Example: adobe.vre-87ca1_ii39q2bc -|||: c527a48634edc1d9f67898baa8fbf98e; - -Rule ID: adobe-client-secret -Description: Discovered a potential Adobe Client Secret, which, if exposed, could allow unauthorized Adobe service access and data manipulation. -Generated Example: p8e-pjuy0u3rje1377t8onvmr2293yk2zn2t - -Rule ID: age-secret-key -Description: Discovered a potential Age encryption tool secret key, risking data decryption and unauthorized access to sensitive information. -Generated Example: AGE-SECRET-KEY-1Y2D6FQETYKQ5XR0D5UGE0ULZ7US7D3VWYMZK4UNGTHDN2DLT274LD90KYP - -Rule ID: airtable-api-key -Description: Uncovered a possible Airtable API Key, potentially compromising database access and leading to data leakage or alteration. -Generated Example: airtablecriiu.48 : - izalazq1yi0tmyg0k" - -Rule ID: algolia-api-key -Description: Identified an Algolia API Key, which could result in unauthorized search operations and data exposure on Algolia-managed platforms. -Generated Example: algolia9 - |>' � chph6k48zcp9vkg7rvzrtdsskh63ke10 - -Rule ID: alibaba-access-key-id -Description: Detected an Alibaba Cloud AccessKey ID, posing a risk of unauthorized cloud resource access and potential data compromise. -Generated Example: LTAIlnixncam9iz8sszao2en - -Rule ID: alibaba-secret-key -Description: Discovered a potential Alibaba Cloud Secret Key, potentially allowing unauthorized operations and data access within Alibaba Cloud. -Generated Example: alibabae d22xfm nridq5-| -�= -`` -h0auh7mp675031cd6kx7s9m5vli3ar - -Rule ID: asana-client-id -Description: Discovered a potential Asana Client ID, risking unauthorized access to Asana projects and sensitive task information. -Generated Example: asana3diup| - -= - -8796176620633054 - -Rule ID: asana-client-secret -Description: Identified an Asana Client Secret, which could lead to compromised project management integrity and unauthorized access. -Generated Example: asana_ag2kx9d2crwm>deyvp4x6a8d5fm40cn2wwpp7e8106mls - -Rule ID: atlassian-api-token -Description: Detected an Atlassian API token, posing a threat to project management and collaboration tool security and data confidentiality. -Generated Example: jira1l0xbpb mp" - > a4uh7k5885n1dteejiysz2rf - -Rule ID: authress-service-client-access-key -Description: Uncovered a possible Authress Service Client Access Key, which may compromise access control services and sensitive data. -Generated Example: scauth_9k6yn.omql.acc-iitzknmzi8c9h61jyn.8zbcu50w7ilj2719er6tufwd33fs+hj67jtn_z - -Rule ID: aws-access-token -Description: Identified a pattern that may indicate AWS credentials, risking unauthorized cloud resource access and data breaches on AWS platforms. -Generated Example: ASIAZF54YMK7RHQS2XJN - -Rule ID: beamer-api-token -Description: Detected a Beamer API token, potentially compromising content management and exposing sensitive notifications and updates. -Generated Example: beamerx6.mfhew �:�b_n7r9cpvi9ivwimpj8kdiftz3nvxuqy151pd==koxe64v - -Rule ID: bitbucket-client-id -Description: Discovered a potential Bitbucket Client ID, risking unauthorized repository access and potential codebase exposure. -Generated Example: bitbucket0d5 -' ?== -' 338nnw24zewkmfwcx4ak22uol7ef2vxz - -Rule ID: bitbucket-client-secret -Description: Discovered a potential Bitbucket Client Secret, posing a risk of compromised code repositories and unauthorized access. -Generated Example: bitbucket8tk5o -::=� -7daywp590u6wue=lkpsyqfcqz8ekgdq6b46azasogat10zkuwypcmds1c4=36e0z; - -Rule ID: bittrex-access-key -Description: Identified a Bittrex Access Key, which could lead to unauthorized access to cryptocurrency trading accounts and financial loss. -Generated Example: bittrexo1fts9j-k5vh.1_trc - ?= -= ` -xi3ta8i64zdcaojl03dc8hsnyyny6tqp - -Rule ID: bittrex-secret-key -Description: Detected a Bittrex Secret Key, potentially compromising cryptocurrency transactions and financial security. -Generated Example: bittrex.nni �=>2w6z7qfbl794bxkd9vzm37ikhvj2rhnj - -Rule ID: clojars-api-token -Description: Uncovered a possible Clojars API token, risking unauthorized access to Clojure libraries and potential code manipulation. -Generated Example: CLOJARS_1c6iaw9690ft4ktzfco3wl68092tlkywno6g0wrokq19i8gjlj8239wwbwuh - -Rule ID: codecov-access-token -Description: Found a pattern resembling a Codecov Access Token, posing a risk of unauthorized access to code coverage reports and sensitive data. -Generated Example: codecov_o4cdaq9mgsw':= 8jld7sx0svwy7wa6yxbj7n7a2y7uzzte - -Rule ID: coinbase-access-token -Description: Detected a Coinbase Access Token, posing a risk of unauthorized access to cryptocurrency accounts and financial transactions. -Generated Example: coinbase - |> `=1m354e-0se7sd0bo4q4vcxmxtkdv6wy0o54xlhn9jen1hrrjmm8zkr9kjdd3vr90 - - -Rule ID: confluent-access-token -Description: Identified a Confluent Access Token, which could compromise access to streaming data platforms and sensitive data flow. -Generated Example: confluentjyy||:`''' 2xnekdi50odvgdcd - -Rule ID: confluent-secret-key -Description: Found a Confluent Secret Key, potentially risking unauthorized operations and data access within Confluent services. -Generated Example: confluent_ -='mqguk35r2nqeeo5mwl7udf2wplya6a92t88ktefo89k84ufz8058n61v92vhqf02 - - -Rule ID: contentful-delivery-api-token -Description: Discovered a Contentful delivery API token, posing a risk to content management systems and data integrity. -Generated Example: contentfulbv6t t iops -|=> -bigq59hpk8imay34_b5g2e3xfsjj7spu1xh1a3rs6fg - -Rule ID: databricks-api-token -Description: Uncovered a Databricks API token, which may compromise big data analytics platforms and sensitive data processing. -Generated Example: dapi1d0a5d8geb4532f8b1g2c4aa564983g1; - -Rule ID: datadog-access-token -Description: Detected a Datadog Access Token, potentially risking monitoring and analytics data exposure and manipulation. -Generated Example: datadogm-m2h65c' ?= -jxas6zzyqdnak7fsljcu095ziquet2qa4nkfh67j - -Rule ID: defined-networking-api-token -Description: Identified a Defined Networking API token, which could lead to unauthorized network operations and data breaches. -Generated Example: dnkey399j2ele3bldh=>'=dnkey-=3sazanqozvk-ff53v2vszi2wy-3po-xryrmexwgy2nd26vv4tjet=4u-eb=yiptt97kqkfw609=w35� - -Rule ID: digitalocean-access-token -Description: Found a DigitalOcean OAuth Access Token, risking unauthorized cloud resource access and data compromise. -Generated Example: doo_v1_6a8433e619701db0f78067cb5cfef5dbaabffef1f8f0600517096f05c7cd7dbd - -Rule ID: digitalocean-pat -Description: Discovered a DigitalOcean Personal Access Token, posing a threat to cloud infrastructure security and data privacy. -Generated Example: dop_v1_da5da72fa5a90020b4a05de62f6c2e7e5a4cfa28bd2b9404cd8ff64977f73cf3 - - -Rule ID: digitalocean-refresh-token -Description: Uncovered a DigitalOcean OAuth Refresh Token, which could allow prolonged unauthorized access and resource manipulation. -Generated Example: dor_v1_9415a05d6263d210f907e6dc91769ee9edd15aaea55bda5a101de4bb330f6741 - - -Rule ID: discord-api-token -Description: Detected a Discord API key, potentially compromising communication channels and user data privacy on Discord. -Generated Example: discordo0zt7mcqo e4ulzxf4b?=cb02c2422d5ad942f63ca31bd69635ce77a30118bfb331ef7478c1a7431f1213 - -Rule ID: discord-client-id -Description: Identified a Discord client ID, which may lead to unauthorized integrations and data exposure in Discord applications. -Generated Example: discordpe9rn4ujr'::=` -� -516801323036455227 - -Rule ID: discord-client-secret -Description: Discovered a potential Discord client secret, risking compromised Discord bot integrations and data leaks. -Generated Example: discordvnoa63gtb6ys1q7d -"?= zmg2q6ez5xfels5koh=tmdbtynkjpd0d - -Rule ID: doppler-api-token -Description: Discovered a Doppler API token, posing a risk to environment and secrets management security. -Generated Example: dp.pt.kiu0unxbn9xduqg4kmusn54p652ouken8cpe63dn1wa - -Rule ID: droneci-access-token -Description: Detected a Droneci Access Token, potentially compromising continuous integration and deployment workflows. -Generated Example: droneciv9ohb l8r - -:='c3dgzakrenlwmgoolvrk94buoylwfavj" - -Rule ID: dropbox-api-token -Description: Identified a Dropbox API secret, which could lead to unauthorized file access and data breaches in Dropbox storage. -Generated Example: dropboxsiqfmt61hvcfd xe. ' =" " -'derr1ididofs7jz - -Rule ID: dropbox-long-lived-api-token -Description: Found a Dropbox long-lived API token, risking prolonged unauthorized access to cloud storage and sensitive data. -Generated Example: dropbox.mqt51q1a||: ojqu3jttok9AAAAAAAAAAqu0taf45e9c45dhns_rzfoddf5rw-x-6wbsmnjb5yjt - -Rule ID: dropbox-short-lived-api-token -Description: Discovered a Dropbox short-lived API token, posing a risk of temporary but potentially harmful data access and manipulation. -Generated Example: dropboxbpd8l395xbq62mb� > "' -sl.gf0z=vd37c6h07j9a6ywjma4kr13tjiue3-y760nesh_jyas5vpuas2=vnb=vam9095c_dd7k_-gac5jk_f5hc16=m4_jefchyiojeda23hh0jpbn6-wx5ctomki322g8k1ut79 - -Rule ID: duffel-api-token -Description: Uncovered a Duffel API token, which may compromise travel platform integrations and sensitive customer data. -Generated Example: duffel_live_r53u9wsv2jtbe4j8vd2aho=zu2g9_5bt52nfedy2-2d - -Rule ID: dynatrace-api-token -Description: Detected a Dynatrace API token, potentially risking application performance monitoring and data exposure. -Generated Example: dt0c01.7t528iejtllnwi7l1q8w0jpc.qng2r17xnxtyench2mw2smb2qdz4rb8c8j5zsisxkl1zlgdlbtqvdphpfccmc1j8 - -Rule ID: easypost-api-token -Description: Identified an EasyPost API token, which could lead to unauthorized postal and shipment service access and data exposure. -Generated Example: EZAK1jkygj2cvye3959te5jzrh8b39hpatxyi53dcm7f1naj760kis04q4 - -Rule ID: easypost-test-api-token -Description: Detected an EasyPost test API token, risking exposure of test environments and potentially sensitive shipment data. -Generated Example: EZTKsk5xru512kg85r7ubbo8v5hhiuh90b6nd16o9z3b18qqslxfjay4xj - -Rule ID: etsy-access-token -Description: Found an Etsy Access Token, potentially compromising Etsy shop management and customer data. -Generated Example: etsy"=>dylkdb23135wj9ohla9f4j5s - - -Rule ID: facebook -Description: Discovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure. -Generated Example: facebooklc35e1ae-x =e840b4a85576f90562925de0b462739a - -Rule ID: fastly-api-token -Description: Uncovered a Fastly API key, which may compromise CDN and edge cloud services, leading to content delivery and security issues. -Generated Example: fastly5v1 zr� -?= "= "y9tl=esek9uqob6_x48k21to3pn4iz7l" - -Rule ID: finicity-api-token -Description: Detected a Finicity API token, potentially risking financial data access and unauthorized financial operations. -Generated Example: finicity r74o mx82hd" - =>6fa864bcca66d8a5776cf43a195efa2b - -Rule ID: finicity-client-secret -Description: Identified a Finicity Client Secret, which could lead to compromised financial service integrations and data breaches. -Generated Example: finicityoh64q:5hlz7hz76a5aoany9m3p - -Rule ID: finnhub-access-token -Description: Found a Finnhub Access Token, risking unauthorized access to financial market data and analytics. -Generated Example: finnhubna"|::= -` - -ot1o8c4euxm1jzh93plc - -Rule ID: flickr-access-token -Description: Discovered a Flickr Access Token, posing a risk of unauthorized photo management and potential data leakage. -Generated Example: flickrdcu il-zyv 0q3h�||: -2agvy9cmii30cfplgc8rdwjlh7g1qfxr - -Rule ID: flutterwave-encryption-key -Description: Uncovered a Flutterwave Encryption Key, which may compromise payment processing and sensitive financial information. -Generated Example: FLWSECK_TEST-gfd221a862ca - -Rule ID: flutterwave-public-key -Description: Detected a Finicity Public Key, potentially exposing public cryptographic operations and integrations. -Generated Example: FLWPUBK_TEST-ge9a62d31e6c3f4g4egcc2e6fd6h8942-X - -Rule ID: flutterwave-secret-key -Description: Identified a Flutterwave Secret Key, risking unauthorized financial transactions and data breaches. -Generated Example: FLWSECK_TEST-75bb577235af4b365252gae3f9cgb82g-X - -Rule ID: frameio-api-token -Description: Found a Frame.io API token, potentially compromising video collaboration and project management. -Generated Example: fio-u-pon0ein70_5lwvlh_fnx0xrz_ftfiqjh5cxanln1eyx121szzxk3rza_x8i21v8x - -Rule ID: freshbooks-access-token -Description: Discovered a Freshbooks Access Token, posing a risk to accounting software access and sensitive financial data exposure. -Generated Example: freshbookslmd3je- ax__ - :� tvgtnkfbg7zpp1b5u3s16x64w22td2pdy5xkzmuug2pi338ft2xm5r01zjfahux5 - -Rule ID: gcp-api-key -Description: Uncovered a GCP API key, which could lead to unauthorized access to Google Cloud services and data breaches. -Generated Example: AIzaQhwneeP4Cxt_BnjEF2sF\A6YuLZiXG1tFpt - -Rule ID: generic-api-key -Description: Detected a Generic API Key, potentially exposing access to various services and sensitive operations. -Generated Example: secrettp_je1_r9f2 -=> �'orvlxlwrh2q-1f7fgtm4; - -Rule ID: github-app-token -Description: Identified a GitHub App Token, which may compromise GitHub application integrations and source code security. -Generated Example: ghu_Brbv5YVmVOfTefWtkA9v4PHrrsnkBMUxQjXc - -Rule ID: github-fine-grained-pat -Description: Found a GitHub Fine-Grained Personal Access Token, risking unauthorized repository access and code manipulation. -Generated Example: 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 - -Rule ID: github-oauth -Description: Discovered a GitHub OAuth Access Token, posing a risk of compromised GitHub account integrations and data leaks. -Generated Example: gho_Q4xmWOGvZHAqq2WO3P4aZGhqVvgH5Q4NixAP - -Rule ID: github-pat -Description: Uncovered a GitHub Personal Access Token, potentially leading to unauthorized repository access and sensitive content exposure. -Generated Example: ghp_lEXvn1sd5FXLdHYearPTx1LKrg7USqzFbH5v - -Rule ID: github-refresh-token -Description: Detected a GitHub Refresh Token, which could allow prolonged unauthorized access to GitHub services. -Generated Example: ghr_JCiszOwt4KPoyp9vyt4i8Gjtrs47HB5X57TI - -Rule ID: gitlab-pat -Description: Identified a GitLab Personal Access Token, risking unauthorized access to GitLab repositories and codebase exposure. -Generated Example: glpat--IjTsKyDI6mLWPHrVwYY - -Rule ID: gitlab-ptt -Description: Found a GitLab Pipeline Trigger Token, potentially compromising continuous integration workflows and project security. -Generated Example: glptt-8bee407aa2d8e1848599f86c9e96eb66c4354b31 - -Rule ID: gitlab-rrt -Description: Discovered a GitLab Runner Registration Token, posing a risk to CI/CD pipeline integrity and unauthorized access. -Generated Example: GR1348941YPFWEKEkYmIXKvIzN2nn - -Rule ID: gitter-access-token -Description: Uncovered a Gitter Access Token, which may lead to unauthorized access to chat and communication services. -Generated Example: gitterb=2z9165-r9mnb3t9l_pdtkbnl_j4thtckzwd9d42y - -Rule ID: gocardless-api-token -Description: Detected a GoCardless API token, potentially risking unauthorized direct debit payment operations and financial data exposure. -Generated Example: gocardlessa 2pce6pegll::= - -"live_rgkkr0=m9_aak5mz4kx-g28q=zosgi8qn7yte4ti - -Rule ID: grafana-api-key -Description: Identified a Grafana API key, which could compromise monitoring dashboards and sensitive data analytics. -Generated Example: eyJrIjoisURLSnqCLy4ERJDRZIGR5SN6S444w5Ea3QMolZZjIBD4mgc7y9STqjnrfhSIttj5FTuOXSKjgfKhBySlOSD= - -Rule ID: grafana-cloud-api-token -Description: Found a Grafana cloud API token, risking unauthorized access to cloud-based monitoring services and data exposure. -Generated Example: glc_cUuZsUAUHRMTOBYQ3z7cjHqjKRXp2At9iBPErAh7fg== - -Rule ID: grafana-service-account-token -Description: Discovered a Grafana service account token, posing a risk of compromised monitoring services and data integrity. -Generated Example: glsa_GU9fbnf6fZsmbnKEispeOXsTC8Z4JMt6_4C56f38d - - -Rule ID: hashicorp-tf-api-token -Description: Uncovered a HashiCorp Terraform user/org API token, which may lead to unauthorized infrastructure management and security breaches. -Generated Example: ndulotqxb5w1w3.atlasv1.aacspf9bsurqusdn1f439xc4h=ru=i0iex03paj_36vs7s90jq54qnge5uoo64 - -Rule ID: hashicorp-tf-password -Description: Identified a HashiCorp Terraform password field, risking unauthorized infrastructure configuration and security breaches. -Generated Example: administrator_login_passwordid3t26 75tkvtnkszb - => "aqxx4-yptni2w"" - -Rule ID: heroku-api-key -Description: Detected a Heroku API Key, potentially compromising cloud application deployments and operational security. -Generated Example: heroku0x5xkrtg�||: -`" - 064dae3c-314a-3a93-5da3-91d3b3050888 - -Rule ID: hubspot-api-key -Description: Found a HubSpot API Token, posing a risk to CRM data integrity and unauthorized marketing operations. -Generated Example: hubspot6hvp9 _56-em_m::= 5FCEE2B4-1AF2-8E40-885A-B11F19CDEA8D - -Rule ID: huggingface-access-token -Description: Discovered a Hugging Face Access token, which could lead to unauthorized access to AI models and sensitive data. -Generated Example: =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 - -Rule ID: huggingface-organization-api-token -Description: Uncovered a Hugging Face Organization API token, potentially compromising AI organization accounts and associated data. -Generated Example: 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 - -Rule ID: infracost-api-token -Description: Detected an Infracost API Token, risking unauthorized access to cloud cost estimation tools and financial data. -Generated Example: ico-BnJZfGpJcaPtFU4p2VSlrIf9VJsG3wB8 - -Rule ID: intercom-api-key -Description: Identified an Intercom API Token, which could compromise customer communication channels and data privacy. -Generated Example: intercomckyo | =>='`wn9kgx9-3gqu6nirssm4dg3f38114wbgz3za0ypbs7ev6=sj6cec59ufn-6a| - -Rule ID: jfrog-api-key -Description: Found a JFrog API Key, posing a risk of unauthorized access to software artifact repositories and build pipelines. -Generated Example: xraylr84omh_5pte<=="6w4t75yhyeffagnjbxeh5emyno0kpfju3lcckk5mgcyph1fafdoqpukbwkdj0ilaa8h75vpz0 - - -Rule ID: jfrog-identity-token -Description: Discovered a JFrog Identity Token, potentially compromising access to JFrog services and sensitive software artifacts. -Generated Example: xrayp> =ssxzb2hvu45xm8ae21uxdf0gvjyq88psfyw1a5o11pzmhm8gqaz09nq95nzm2f01 - -Rule ID: jwt -Description: Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. -Generated Example: eyrEFTZughJS9FkKTdDZ.eyWP70XdcHS9P-oPGxviQ\zuj. - -Rule ID: jwt-base64 -Description: Detected a Base64-encoded JSON Web Token, posing a risk of exposing encoded authentication and data exchange information. -Generated Example: ZXlKcmRIa2lPaUp7oB -1r77+abn6gPz_jOfCB6OCO2oO\Bb/2e9rN8Ani_Okq2LwgOVG-Du-qG - -Rule ID: kraken-access-token -Description: Identified a Kraken Access Token, potentially compromising cryptocurrency trading accounts and financial security. -Generated Example: kraken - -': -=xdn=ij3il+z-qfyvunwj7=4=_ylmz/jxgpd0npyy5oa2+388/-earf38-c_cul_=2sz1anvz+o1x5s5z" - -Rule ID: kucoin-access-token -Description: Found a Kucoin Access Token, risking unauthorized access to cryptocurrency exchange services and transactions. -Generated Example: kucoin42ru--b - -:�c6cfdb3b1a6c85f5297fa686 - -Rule ID: kucoin-secret-key -Description: Discovered a Kucoin Secret Key, which could lead to compromised cryptocurrency operations and financial data breaches. -Generated Example: kucoinv3x4dlekusyd ?== -' 2fbfe826-0c02-74c9-b81b-ce9e233986a0" - -Rule ID: launchdarkly-access-token -Description: Uncovered a Launchdarkly Access Token, potentially compromising feature flag management and application functionality. -Generated Example: launchdarkly5btwq3_o-uc4ufjfr1e:s7c07s3t6-_jnm-uq728___ti1gu5_f79j5x2_7_ - -Rule ID: linear-api-key -Description: Detected a Linear API Token, posing a risk to project management tools and sensitive task data. -Generated Example: lin_api_k3pzkca1et14ppw6zmwqzhw9ups1uayoxlubccyw - -Rule ID: linear-client-secret -Description: Identified a Linear Client Secret, which may compromise secure integrations and sensitive project management data. -Generated Example: linearfd ges4 "=> = 689ffc9621f3aea6e43b872f3c7cbb7e� - -Rule ID: linkedin-client-id -Description: Found a LinkedIn Client ID, risking unauthorized access to LinkedIn integrations and professional data exposure. -Generated Example: linkedin1c6x9dj. -="=�="hhjd53jppdergj - -Rule ID: linkedin-client-secret -Description: Discovered a LinkedIn Client secret, potentially compromising LinkedIn application integrations and user data. -Generated Example: linkedinl6prcnc1t5c_jt ||: -�zorpovw9c2ckkid1" - -Rule ID: lob-api-key -Description: Uncovered a Lob API Key, which could lead to unauthorized access to mailing and address verification services. -Generated Example: lobo_102fg9v9j_?= -test_43fbcb7e56f5d656c02548840488b056c45 - -Rule ID: lob-pub-api-key -Description: Detected a Lob Publishable API Key, posing a risk of exposing mail and print service integrations. -Generated Example: lobp1je641fxwghg4y_4eq -<= test_pub_b50a22d2f5db88143bae1a09c5c53a8` - -Rule ID: mailchimp-api-key -Description: Identified a Mailchimp API key, potentially compromising email marketing campaigns and subscriber data. -Generated Example: mailchimp8w ogwqht9ymqtt_x3" :::=94324ebd37c44c335d0e59e40c54bc9b-us20 - -Rule ID: mailgun-private-api-token -Description: Found a Mailgun private API token, risking unauthorized email service operations and data breaches. -Generated Example: mailgunm_gj_ugshrwy y57 ''::= ==key-422e6f981065719e405c3caf5e9c3cb5 - -Rule ID: mailgun-pub-key -Description: Discovered a Mailgun public validation key, which could expose email verification processes and associated data. -Generated Example: mailgunz8n-n_0rq8 "||:pubkey-16363d54ae3c0413c2e00c66723c2e47 - -Rule ID: mailgun-signing-key -Description: Uncovered a Mailgun webhook signing key, potentially compromising email automation and data integrity. -Generated Example: mailgun7.89hvygv?= =` d8127446eh2d9c099fg165b0897d9c91-17cc24ac-bb991d96 - -Rule ID: mapbox-api-token -Description: Detected a MapBox API token, posing a risk to geospatial services and sensitive location data exposure. -Generated Example: mapboxo||: - pk.kqywg1bhotgukblvycua96fe2923g2i3r5lpwlyf31uofei2d6eewi094396.2v0wgxlimi59t2jrspfz12 - -Rule ID: mattermost-access-token -Description: Identified a Mattermost Access Token, which may compromise team communication channels and data privacy. -Generated Example: mattermostatemfa3e4_h-.rzucy =>" - 9il815mpz4vfnfxiv3gbibpqmq - -Rule ID: messagebird-api-token -Description: Found a MessageBird API token, risking unauthorized access to communication platforms and message data. -Generated Example: messagebirdl�||: -e0kr7u2hqji76z3suk1kjt7dj| - -Rule ID: messagebird-client-id -Description: Discovered a MessageBird client ID, potentially compromising API integrations and sensitive communication data. -Generated Example: messagebirdzs1 hfmbg9 <="�da8a5b42-2ade-7c6d-30fd-7210102998fe - -Rule ID: microsoft-teams-webhook -Description: Uncovered a Microsoft Teams Webhook, which could lead to unauthorized access to team collaboration tools and data leaks. -Generated Example: https://550.webhook.office.com/webhookb2/tka8he0y-sv0b-u4lp-9opx-kx4g4hsqfg6h@yw2hwrjx-toby-pndg-d8z2-2sdjn8kfl85h/IncomingWebhook/mpjncn4cnchn63q9dc6rrk7jeedo6odd/osugfyc9-syp6-klao-15zw-9uaezecsin00 - -Rule ID: netlify-access-token -Description: Detected a Netlify Access Token, potentially compromising web hosting services and site management. -Generated Example: netlifyevsq hy6 fz978k" =>�""`2fypapb0r_i5r5uxvd=pqmhrwtxjss9eaxx8yv0n - -Rule ID: new-relic-browser-api-token -Description: Identified a New Relic ingest browser API token, risking unauthorized access to application performance data and analytics. -Generated Example: new-relicmv7_9gyct77wa44za0c=> =NRJS-b286fc24d66d7c19c56 - -Rule ID: new-relic-user-api-id -Description: Found a New Relic user API ID, posing a risk to application monitoring services and data integrity. -Generated Example: newrelich2 " =` -`lbmh73v5jajxrq7bqft3vgdz5k0vc1fdobmtp17cykojc1win2w8gi7090ky9gib - - -Rule ID: new-relic-user-api-key -Description: Discovered a New Relic user API Key, which could lead to compromised application insights and performance monitoring. -Generated Example: new-relic_3coqh� = -'`"NRAK-6ykeaui5fxk25adqvf0ocbjgrys - - -Rule ID: npm-access-token -Description: Uncovered an npm access token, potentially compromising package management and code repository access. -Generated Example: npm_5vzsv8by95fh7i88awhtkzzjt6l7qmapb9nl" - -Rule ID: nytimes-access-token -Description: Detected a Nytimes Access Token, risking unauthorized access to New York Times APIs and content services. -Generated Example: nytimesd2fdfcvsftob6gg ='" -onxr_upi24x=zix=m9792h-rdm7wuttm - -Rule ID: okta-access-token -Description: Identified an Okta Access Token, which may compromise identity management services and user authentication data. -Generated Example: okta6miq20..o5dmr4_1cq'||: -=iyy1mwkd7rsj3egdgwdapngywc2wysn0e2hgfu=in7 - -Rule ID: openai-api-key -Description: Found an OpenAI API Key, posing a risk of unauthorized access to AI services and data manipulation. -Generated Example: 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 - -Rule ID: plaid-api-token -Description: Discovered a Plaid API Token, potentially compromising financial data aggregation and banking services. -Generated Example: plaidc0ljup9p2my7i -��||:'=`=access-production-e4c9f29c-5d26-bb74-cf91-692474ca4281; - -Rule ID: plaid-client-id -Description: Uncovered a Plaid Client ID, which could lead to unauthorized financial service integrations and data breaches. -Generated Example: plaid3tg.6ntl�|: - ` -hez82i6x2mcglhlcy1zpmbfg - -Rule ID: plaid-secret-key -Description: Detected a Plaid Secret key, risking unauthorized access to financial accounts and sensitive transaction data. -Generated Example: plaid09_q9p0gtr9-safelmy ::=`"ih272utcezihkc6t86r2df9qwtqtwj` - -Rule ID: planetscale-api-token -Description: Identified a PlanetScale API token, potentially compromising database management and operations. -Generated Example: pscale_tkn_jvybelt=hiim_gyqr_j72nl3k_3qdgbm4be=z" - -Rule ID: planetscale-oauth-token -Description: Found a PlanetScale OAuth token, posing a risk to database access control and sensitive data integrity. -Generated Example: pscale_oauth_y-tk==ztr-070cc8iqbb4mngbssfbuni85sncxp9ec_vt - -Rule ID: planetscale-password -Description: Discovered a PlanetScale password, which could lead to unauthorized database operations and data breaches. -Generated Example: pscale_pw_fpledu-.arlhcntprl77gegdy=90fl11vdvjb6q_ugz.zf - -Rule ID: postman-api-token -Description: Uncovered a Postman API token, potentially compromising API testing and development workflows. -Generated Example: PMAK-e8937548baa679a0abf44536-1558b18c39045e9427e4e5bb9c1e9ebef7 - -Rule ID: prefect-api-token -Description: Detected a Prefect API token, risking unauthorized access to workflow management and automation services. -Generated Example: pnu_lkkx7fxogfleh1jkq716rmddtazi0mbsh51i" - -Rule ID: private-key -Description: Identified a Private Key, which may compromise cryptographic security and sensitive data encryption. -Generated Example: -----BEGINL84K1GD79IG0PRIVATE KEY------� - - -KEY BLOCK---- - -Rule ID: pulumi-api-token -Description: Found a Pulumi API token, posing a risk to infrastructure as code services and cloud resource management. -Generated Example: pul-ab03c87b9bdf2b14e82fd915e638a36c9f36c229 - -Rule ID: pypi-upload-token -Description: Discovered a PyPI upload token, potentially compromising Python package distribution and repository integrity. -Generated Example: pypi-AgEIcHlwaS5vcmcL5WPLkZSPb-jBL1BoTVOXLlrq5EOkVKEIDjqinGwSMNPdQliGXbbwa-V2hbo - -Rule ID: rapidapi-access-token -Description: Uncovered a RapidAPI Access Token, which could lead to unauthorized access to various APIs and data services. -Generated Example: rapidapih47vv4wge.u6zya92t8| -|=``"6gkf0ivcu06p14jiztia5q-fzyr6o8dduqn03yauhqe7numu13 - -Rule ID: readme-api-token -Description: Detected a Readme API token, risking unauthorized documentation management and content exposure. -Generated Example: rdme_hjrk2lvk40c5xcz51x6ye3bu77xmkkg9i22r9xv6vb76p2utacglf46fvj4xlmsuw3thci' - -Rule ID: rubygems-api-token -Description: Identified a Rubygem API token, potentially compromising Ruby library distribution and package management. -Generated Example: rubygems_352b81f9bebe922c44bd251a310258a6dd8e0fe8492f44d4 - -Rule ID: scalingo-api-token -Description: Found a Scalingo API token, posing a risk to cloud platform services and application deployment security. -Generated Example: tk-us-sb3IIZV5_xBuGbg2E5Rtwghy5wcdTcRPvggRPdF9NMe9APZG - -Rule ID: sendbird-access-id -Description: Discovered a Sendbird Access ID, which could compromise chat and messaging platform integrations. -Generated Example: sendbirdbft3mlql7dyv "'<='= - - 0965e801-4e85-5969-69f5-dd08b4ae2972' - -Rule ID: sendbird-access-token -Description: Uncovered a Sendbird Access Token, potentially risking unauthorized access to communication services and user data. -Generated Example: sendbirdlcjb60.wqb1-piix�"�?= - 5129c4d14eaa1adc12ed17f7c86116cf27100d1c| - -Rule ID: sendgrid-api-token -Description: Detected a SendGrid API token, posing a risk of unauthorized email service operations and data exposure. -Generated Example: SG.2-oh0x=vxpgbeiv80e7h-790v.hh9axox_pll.r02ji9scfa-xiab8-7qf3apk-.2s - -Rule ID: sendinblue-api-token -Description: Identified a Sendinblue API token, which may compromise email marketing services and subscriber data privacy. -Generated Example: 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 - -Rule ID: sentry-access-token -Description: Found a Sentry Access Token, risking unauthorized access to error tracking services and sensitive application data. -Generated Example: sentry4zgjeyhy0jt8zgmk' =>110dae8c6cff474ccc1accbda8d9a8e508a7ce7c7aed4e572be3159642a68eb3 - -Rule ID: shippo-api-token -Description: Discovered a Shippo API token, potentially compromising shipping services and customer order data. -Generated Example: shippo_live_b86692beabc8e4345fad1b47e5682cdb7336ad42| - -Rule ID: shopify-access-token -Description: Uncovered a Shopify access token, which could lead to unauthorized e-commerce platform access and data breaches. -Generated Example: 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 - -Rule ID: shopify-custom-access-token -Description: Detected a Shopify custom access token, potentially compromising custom app integrations and e-commerce data security. -Generated Example: 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 - -Rule ID: shopify-private-app-access-token -Description: Identified a Shopify private app access token, risking unauthorized access to private app data and store operations. -Generated Example: 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 - -Rule ID: shopify-shared-secret -Description: Found a Shopify shared secret, posing a risk to application authentication and e-commerce platform security. -Generated Example: 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 - -Rule ID: sidekiq-secret -Description: Discovered a Sidekiq Secret, which could lead to compromised background job processing and application data breaches. -Generated Example: BUNDLE_ENTERPRISE__CONTRIBSYS__COMo7idrdn79xahjk - -:` ba4f2b2e:0f29ef58 - -Rule ID: sidekiq-sensitive-url -Description: Uncovered a Sidekiq Sensitive URL, potentially exposing internal job queues and sensitive operation details. -Generated Example: https://feda65a0:ec79f130@enterpriseOcontribsysPcom? - -Rule ID: slack-app-token -Description: Detected a Slack App-level token, risking unauthorized access to Slack applications and workspace data. -Generated Example: xapp-3-G-10029079683107-grlyxqtmm3agdtnp1fj - -Rule ID: slack-bot-token -Description: Identified a Slack Bot token, which may compromise bot integrations and communication channel security. -Generated Example: xoxb-896384292132-2696318678067bx - -Rule ID: slack-config-access-token -Description: Found a Slack Configuration access token, posing a risk to workspace configuration and sensitive data access. -Generated Example: xoxeZxoxp-9-DSTEPTMH43BMP6H46ZNY4HMEH9OG0AMQNVVIMIV2W8WHWMXLGLCFSHJXHRISM7QL0BBCXW6B2DMPVNIMON1AZ4QKZLY0AD0QRL49Y2AJX3AIATNZ1EE7EDHT85U5YDG2UHPDZCS1GA8XKVQFB05L8IVCL16I4J2YVEDE - -Rule ID: slack-config-refresh-token -Description: Discovered a Slack Configuration refresh token, potentially allowing prolonged unauthorized access to configuration settings. -Generated Example: xoxe-4-EWUCUFMP7DWCN36BY4S23GRAVGSYRKFZRZY1AG7F7HGR5YG6R7PIX9JV6OC3LF5ED609ZMJS1FOCFIXA2D608VNCNXT52FXPTVHOTJKTB062CY1P0SDG9K4O9ZX4MFWFE4Z6A7674HYOCMJOB6 - -Rule ID: slack-legacy-bot-token -Description: Uncovered a Slack Legacy bot token, which could lead to compromised legacy bot operations and data exposure. -Generated Example: xoxb-2858623943663-foLKolVVP4EFbJ13loLwJPkQX3 - -Rule ID: slack-legacy-token -Description: Detected a Slack Legacy token, risking unauthorized access to older Slack integrations and user data. -Generated Example: xoxs-303236462-11623776210-1074065-e0bFF28cb348Dca - -Rule ID: slack-legacy-workspace-token -Description: Identified a Slack Legacy Workspace token, potentially compromising access to workspace data and legacy features. -Generated Example: xoxa-5-mPEAgT2Lyi6v2rBi2rJgbpY - -Rule ID: slack-user-token -Description: Found a Slack User token, posing a risk of unauthorized user impersonation and data access within Slack workspaces. -Generated Example: xoxp-9216717979-1281632918221-5675795174656-GIZtEhc4htwJZHcWyM1mgtxYDT0d - -Rule ID: slack-webhook-url -Description: Discovered a Slack Webhook, which could lead to unauthorized message posting and data leakage in Slack channels. -Generated Example: http://hooksHslackAcom/services/mLFEwiqfxzEHgyVHCPjc2EguDzojjYvGQazbo/pfJKHxf - -Rule ID: snyk-api-token -Description: Uncovered a Snyk API token, potentially compromising software vulnerability scanning and code security. -Generated Example: snyk_api_keywq8iyrl4| �: - �= -3df8e02d-43af-c806-e7c4-7d8a88f632a1 - -Rule ID: square-access-token -Description: Detected a Square Access Token, risking unauthorized payment processing and financial transaction exposure. -Generated Example: sq0atp-ZuC3GZBqXzWVse79jnbW9n - -Rule ID: squarespace-access-token -Description: Identified a Squarespace Access Token, which may compromise website management and content control on Squarespace. -Generated Example: squarespacesw.g0__5g a26gb9im||:� -a2bb4735-dc59-f899-73f5-584e326d3542| - -Rule ID: stripe-access-token -Description: Found a Stripe Access Token, posing a risk to payment processing services and sensitive financial data. -Generated Example: sk_test_5coib8z58rz8v9 - -Rule ID: sumologic-access-id -Description: Discovered a SumoLogic Access ID, potentially compromising log management services and data analytics integrity. -Generated Example: sumos9a 6- xiidi uwxetn||: ' -suf10zjJ2qEWk4 - -Rule ID: sumologic-access-token -Description: Uncovered a SumoLogic Access Token, which could lead to unauthorized access to log data and analytics insights. -Generated Example: sumo6jgifnpnac-fvridt - :::== - 8wviiqu7a9xc22sq2bxwpujg7yzzxgdiqfyy2x3pc0butnkxgm5sfz78htyr47uv' - -Rule ID: telegram-bot-api-token -Description: Detected a Telegram Bot API Token, risking unauthorized bot operations and message interception on Telegram. -Generated Example: 1835263604:AWj9XvS92WCiQY94L60vClHsCMOQKdNOnnq - -Rule ID: travisci-access-token -Description: Identified a Travis CI Access Token, potentially compromising continuous integration services and codebase security. -Generated Example: travisg1m0.zka6vjyab 7y�|'> -="bqrsxxiqff5sficghkmq0s - -Rule ID: twilio-api-key -Description: Found a Twilio API Key, posing a risk to communication services and sensitive customer interaction data. -Generated Example: SK77B986cd2Dd772eeCf8A0ffd457324D0 - -Rule ID: twitch-api-token -Description: Discovered a Twitch API token, which could compromise streaming services and account integrations. -Generated Example: twitchycn6?=""= 'gcrsuu48be27qz44yib6ys36ln4kya - -Rule ID: twitter-access-secret -Description: Uncovered a Twitter Access Secret, potentially risking unauthorized Twitter integrations and data breaches. -Generated Example: twitterv7doc <= - 'w5yxf20ptpjxufwyfaqyz1kgoteemp39p5pjw9hd4ym0h - -Rule ID: twitter-access-token -Description: Detected a Twitter Access Token, posing a risk of unauthorized account operations and social media data exposure. -Generated Example: twitterw�"> -` -'6931008712879319203330-vfiGuWEKKdPqRwPhzhIdqAr1L3Z09oGjKCbe� - -Rule ID: twitter-api-key -Description: Identified a Twitter API Key, which may compromise Twitter application integrations and user data security. -Generated Example: twitterx9-bx" =�``"�d5eas4w7bfnjby542nxrt6uox� - -Rule ID: twitter-api-secret -Description: Found a Twitter API Secret, risking the security of Twitter app integrations and sensitive data access. -Generated Example: twitter .8s gpthr9gw<=947jkh5uzc70xpds7jx6dlkyye7exxmrp1irbypqf38ccvzq64 - -Rule ID: twitter-bearer-token -Description: Discovered a Twitter Bearer Token, potentially compromising API access and data retrieval from Twitter. -Generated Example: twitterzb36k<=``'AAAAAAAAAAAAAAAAAAAAAAIcSNVXrIsVAVY8zZcbQiQyviXbtnx4X8E7oZryDDKiXfsc41kZ90h9A0CmxNElpTXUSEco0rUHsx5zyRk5Db" - -Rule ID: typeform-api-token -Description: Uncovered a Typeform API token, which could lead to unauthorized survey management and data collection. -Generated Example: typeform838edk_1acq4n5n2b9l=>' `tfp_fmsaw.dfcld0p0fi5dlvupvz1_lt5-czjwjc32ha2pd3tl2=_ueu9yujm76 - -Rule ID: vault-batch-token -Description: Detected a Vault Batch Token, risking unauthorized access to secret management services and sensitive data. -Generated Example: hvb.j19l0qzfyd8vvm1w3_tl6jkoyzbr1tg1vquif2doz427ums51-x35ue37jlk72z21tozuewpe0giqlf_4vk1w3z_mmus5nojzthcfpxnnklc6zb37msz-nxynqvit-vy1hldo3npswzh7hd-eyr3l6b5wf - -Rule ID: vault-service-token -Description: Identified a Vault Service Token, potentially compromising infrastructure security and access to sensitive credentials. -Generated Example: hvs.070jb-bq9fakknko0sv6x_pnks_8mx5zqmn58a9g08siax-u1txg1qkk1vx0w9cv9lj0e923ta_2v8ws7-tqrm_sh6mimq06pp - -Rule ID: yandex-access-token -Description: Found a Yandex Access Token, posing a risk to Yandex service integrations and user data privacy. -Generated Example: yandex� -<= "'�t1.B7bp==.oLVlxyhOVhLyQoGaGY91N_nF5Vj2c6bLSDOIHehaI0f1cpGQ3boLOY6AlYhW_aUIaCMFX7sUnCpx-pILVwlytA== - -Rule ID: yandex-api-key -Description: Discovered a Yandex API Key, which could lead to unauthorized access to Yandex services and data manipulation. -Generated Example: yandexhaydvm33v-73uj�:=' 'AQVNKtmQFhFa1guFRV3v2bGZJ0Ylb3Wp3uILUcA - -Rule ID: yandex-aws-access-token -Description: Uncovered a Yandex AWS Access Token, potentially compromising cloud resource access and data security on Yandex Cloud. -Generated Example: yandexzjri87tdtnlv49" ||:= -YCXfn58rEwv49KU9_xWwbp5Y3bBGZ4imXVR0B2CK - -Rule ID: zendesk-secret-key -Description: Detected a Zendesk Secret Key, risking unauthorized access to customer support services and sensitive ticketing data. -Generated Example: zendesk09rdj5 2mos7wn -='pqi2wecz0wimxj9et4b567q6ngqf04vba7bagwoi \ No newline at end of file diff --git a/main.py b/main.py index 2e7b1c0..f75c964 100644 --- a/main.py +++ b/main.py @@ -3,7 +3,7 @@ from Crypto.PublicKey import DSA from socket import socket, AF_INET, SOCK_STREAM, SOCK_NONBLOCK -# Set a file write by others. +# Set a file write by others by Jonny Magee. temp_file = "/tmp/foo.txt" os.chmod(temp_file, stat.S_IWOTH)