diff --git a/packages/secret-scan/src/denylist.ts b/packages/secret-scan/src/denylist.ts index 128ee04e..c5639645 100644 --- a/packages/secret-scan/src/denylist.ts +++ b/packages/secret-scan/src/denylist.ts @@ -53,7 +53,7 @@ import { infracost, intra42, // kubernetes, - linear, lob, planetscale, postman, prefect, pulumi + linear, lob, planetscale, postman, prefect, pulumi, readme, rubygems, scalingo, sendinblue, shippo } from '@/rules' const denylist: SecretConfig = { @@ -180,7 +180,17 @@ const denylist: SecretConfig = { prefect: prefect(), - pulumi: pulumi() + pulumi: pulumi(), + + readme: readme(), + + rubygems: rubygems(), + + scalingo: scalingo(), + + sendinblue: sendinblue(), + + shippo: shippo() } export default denylist diff --git a/packages/secret-scan/src/rules/index.ts b/packages/secret-scan/src/rules/index.ts index d946d6e0..cb681f09 100644 --- a/packages/secret-scan/src/rules/index.ts +++ b/packages/secret-scan/src/rules/index.ts @@ -60,6 +60,11 @@ import planetscale from './planetscale' import postman from './postman' import prefect from './prefect' import pulumi from './pulumi' +import readme from './readme' +import rubygems from './rubygems' +import scalingo from './scalingo' +import sendinblue from './sendinblue' +import shippo from './shippo' export { private_key, @@ -123,5 +128,10 @@ export { planetscale, postman, prefect, - pulumi + pulumi, + readme, + rubygems, + scalingo, + sendinblue, + shippo } diff --git a/packages/secret-scan/src/rules/readme.ts b/packages/secret-scan/src/rules/readme.ts new file mode 100644 index 00000000..571a722a --- /dev/null +++ b/packages/secret-scan/src/rules/readme.ts @@ -0,0 +1,30 @@ +// keyshade-ignore-all +import type { TestCase }from '@/types' + +export default function readme(): RegExp[] { + return [ + // Readme API Key regex + /rdme_[a-z0-9]{70}/ + ] +} + +const testcase: TestCase[] = [ + { + input: 'rdme_gmof25sb3fpcxljii5qvo1bqm7bartk9plo3r1yzus98rp1r7m6ljbn6wca140bra0luib', + expected: true + }, + { + input: 'rdme_5the1frp29hldpuswj1qxczbk5w2m5hxza48zwi3mvppjr9w4fjqzed74znqvd2sku3c3h', + expected: true + }, + { + input: 'rdme_', + expected: false + }, + { + input: 'README', + expected: false + } +] + +readme.testcases = testcase \ No newline at end of file diff --git a/packages/secret-scan/src/rules/rubygems.ts b/packages/secret-scan/src/rules/rubygems.ts new file mode 100644 index 00000000..6836b5b9 --- /dev/null +++ b/packages/secret-scan/src/rules/rubygems.ts @@ -0,0 +1,30 @@ +// keyshade-ignore-all +import type { TestCase }from '@/types' + +export default function rubygems(): RegExp[] { + return [ + // Ruby Gems API Key regex + /rubygems_[a-f0-9]{48}/ + ] +} + +const testcase: TestCase[] = [ + { + input: 'rubygems_fb6bff4ec114a74a96c4cd82bd34969fbc7873b15f4a0465', + expected: true + }, + { + input: 'rubygems_afff37f44056352348e9b97b33315e55792c0680841ba6bd', + expected: true + }, + { + input: 'rubygems_', + expected: false + }, + { + input: 'RubyGems', + expected: false + } +] + +rubygems.testcases = testcase \ No newline at end of file diff --git a/packages/secret-scan/src/rules/scalingo.ts b/packages/secret-scan/src/rules/scalingo.ts new file mode 100644 index 00000000..8f7684a9 --- /dev/null +++ b/packages/secret-scan/src/rules/scalingo.ts @@ -0,0 +1,30 @@ +// keyshade-ignore-all +import type { TestCase }from '@/types' + +export default function scalingo(): RegExp[] { + return [ + // Scalingo API Key regex + /tk-us-[a-zA-Z0-9-_]{48}/ + ] +} + +const testcase: TestCase[] = [ + { + input: 'tk-us-TPdFpIyuvXJLQytNSugN3RBeN0YYLed3ib1b7uJiPqk_XAws', + expected: true + }, + { + input: 'tk-us-h0rx7zIiaoFsmloQDcfCdkhaAljG9QjQRkmuF894qCCnp4XX', + expected: true + }, + { + input: 'tk-us-', + expected: false + }, + { + input: 'Scalingo', + expected: false + } +] + +scalingo.testcases = testcase \ No newline at end of file diff --git a/packages/secret-scan/src/rules/sendinblue.ts b/packages/secret-scan/src/rules/sendinblue.ts new file mode 100644 index 00000000..2983b804 --- /dev/null +++ b/packages/secret-scan/src/rules/sendinblue.ts @@ -0,0 +1,30 @@ +// keyshade-ignore-all +import type { TestCase }from '@/types' + +export default function sendinblue(): RegExp[] { + return [ + // SendInBlue API Key regex + /xkeysib-[a-f0-9]{64}-[a-z0-9]{16}/i + ] +} + +const testcase: TestCase[] = [ + { + input: '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', + expected: true + }, + { + input: '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', + expected: true + }, + { + input: 'xkeysib-', + expected: false + }, + { + input: 'SENDINBLUE', + expected: false + } +] + +sendinblue.testcases = testcase \ No newline at end of file diff --git a/packages/secret-scan/src/rules/shippo.ts b/packages/secret-scan/src/rules/shippo.ts new file mode 100644 index 00000000..7e8ff6c7 --- /dev/null +++ b/packages/secret-scan/src/rules/shippo.ts @@ -0,0 +1,30 @@ +// keyshade-ignore-all +import type { TestCase }from '@/types' + +export default function shippo(): RegExp[] { + return [ + // Shippo API Key regex + /shippo_(live|test)_[a-f0-9]{40}/i + ] +} + +const testcase: TestCase[] = [ + { + input: 'shippo_test_db8536f152f40910e83640bc9567783f3ac7965f', + expected: true + }, + { + input: 'shippo_live_e844246554cebd546a8b2cce0aad583992368c82', + expected: true + }, + { + input: 'shippo_', + expected: false + }, + { + input: 'Shippo', + expected: false + } +] + +shippo.testcases = testcase \ No newline at end of file diff --git a/packages/secret-scan/src/test/secret.test.ts b/packages/secret-scan/src/test/secret.test.ts index 5b6cc92e..0fd89686 100644 --- a/packages/secret-scan/src/test/secret.test.ts +++ b/packages/secret-scan/src/test/secret.test.ts @@ -62,7 +62,12 @@ import { planetscale, postman, prefect, - pulumi + pulumi, + readme, + rubygems, + scalingo, + sendinblue, + shippo } from '@/rules' import type { TestCase } from '@/types' import secretDetector from '@/index' @@ -286,4 +291,19 @@ describe('Detect Secrets from string', () => { it(testcaseTitleTemplate('Pulumi Key'), () => { testSecret(pulumi.testcases) }); + it(testcaseTitleTemplate('Readme Key'), () => { + testSecret(readme.testcases) + }); + it(testcaseTitleTemplate('Rubygems Key'), () => { + testSecret(rubygems.testcases) + }); + it(testcaseTitleTemplate('Scalingo Key'), () => { + testSecret(scalingo.testcases) + }); + it(testcaseTitleTemplate('Sendinblue Key'), () => { + testSecret(sendinblue.testcases) + }); + it(testcaseTitleTemplate('Shippo Key'), () => { + testSecret(shippo.testcases) + }); })