PostHog,Netlify,Vercel credentials patterns (#819)

* PostHog,Netlify,Vercel credentials patterns

* crc fix

Author: babenek

.github/workflows/check.yml

@@ -93,7 +93,7 @@ jobs:
         run: |
           banner="$(python -m credsweeper --banner | grep CredSweeper | head -1)"
           echo "banner = '${banner}'"
-          if [ "CredSweeper 1.14.8 crc32:a6e1804e" != "${banner}" ]; then
+          if [ "CredSweeper 1.14.8 crc32:8a4b3391" != "${banner}" ]; then
             echo "Update the check for '${banner}'"
             exit 1
           fi

credsweeper/rules/config.yaml

@@ -1469,6 +1469,52 @@
     - code
     - doc
 
+- name: Vercel Token
+  severity: medium
+  confidence: weak
+  type: pattern
+  values:
+    - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>vcp_[0-9A-Za-z]{56})(?![0-9A-Za-z_-])
+  min_line_len: 60
+  filter_type: TokenPattern
+  required_substrings:
+    - vcp_
+  target:
+    - code
+    - doc
+
+- name: Netlify Token
+  severity: medium
+  confidence: weak
+  type: pattern
+  values:
+    - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>nfp_[0-9A-Za-z]{36})(?![0-9A-Za-z_-])
+  min_line_len: 40
+  filter_type: TokenPattern
+  required_substrings:
+    - nfp_
+  target:
+    - code
+    - doc
+
+- name: PostHog Credentials
+  severity: medium
+  confidence: weak
+  type: pattern
+  values:
+    - (?:^|/|[^\\0-9A-Za-z+_-]|\\[0abfnrtv]|(?:%|\\x)[0-9A-Fa-f]{2}|\\[0-7]{3}|\\[Uu][0-9A-Fa-f]{4}|\x1B\[[0-9;]{0,80}m)(?P<value>ph[acrsx]_[0-9A-Za-z]{40,60})(?![0-9A-Za-z_-])
+  min_line_len: 44
+  filter_type: TokenPattern
+  required_substrings:
+    - phx_
+    - phs_
+    - phr_
+    - pha_
+    - phc_
+  target:
+    - code
+    - doc
+
 - name: Tencent WeChat API App ID
   severity: medium
   confidence: weak

tests/__init__.py

@@ -1,7 +1,7 @@
 from pathlib import Path
 
 # total number of files in test samples
-SAMPLES_FILES_COUNT = 175
+SAMPLES_FILES_COUNT = 178
 
 # ML_DELTA for different platforms which may produce a dribbling in ml_probability
 ML_DELTA = 0.0001
@@ -10,16 +10,16 @@
 ZERO_ML_THRESHOLD = 0.0
 
 # with option --doc & NEGLIGIBLE_ML_THRESHOLD
-SAMPLES_IN_DOC = 927
+SAMPLES_IN_DOC = 934
 
 # credentials count after scan without filters and ML validations
-SAMPLES_REGEX_COUNT = 661
+SAMPLES_REGEX_COUNT = 670
 
 # credentials count after scan with filters and without ML validation
-SAMPLES_FILTERED_COUNT = 547
+SAMPLES_FILTERED_COUNT = 554
 
 # credentials count after default post-processing
-SAMPLES_POST_CRED_COUNT = 501
+SAMPLES_POST_CRED_COUNT = 508
 
 # archived credentials that are not found without --depth
 SAMPLES_IN_DEEP_1 = SAMPLES_POST_CRED_COUNT + 138

tests/data/depth_3_pedantic.json

@@ -8119,6 +8119,27 @@
             }
         ]
     },
+    {
+        "rule": "Netlify Token",
+        "severity": "medium",
+        "confidence": "weak",
+        "ml_probability": null,
+        "line_data_list": [
+            {
+                "line": "nfp_0i5OM4MV7L02wV3E6rrwiTwhvEkkkPJ9C3EP",
+                "line_num": 1,
+                "path": "./tests/samples/netlify",
+                "info": "FILE:./tests/samples/netlify|RAW",
+                "variable": null,
+                "variable_start": -2,
+                "variable_end": -2,
+                "value": "nfp_0i5OM4MV7L02wV3E6rrwiTwhvEkkkPJ9C3EP",
+                "value_start": 0,
+                "value_end": 40,
+                "entropy": 4.61531
+            }
+        ]
+    },
     {
         "rule": "NKEY Seed",
         "severity": "high",
@@ -11827,6 +11848,111 @@
             }
         ]
     },
+    {
+        "rule": "PostHog Credentials",
+        "severity": "medium",
+        "confidence": "weak",
+        "ml_probability": null,
+        "line_data_list": [
+            {
+                "line": "phc_cJMqv5nG7Qtd0sfIwasTG87lgnDfJVbrcOOAZMOf",
+                "line_num": 1,
+                "path": "./tests/samples/posthog",
+                "info": "FILE:./tests/samples/posthog|RAW",
+                "variable": null,
+                "variable_start": -2,
+                "variable_end": -2,
+                "value": "phc_cJMqv5nG7Qtd0sfIwasTG87lgnDfJVbrcOOAZMOf",
+                "value_start": 0,
+                "value_end": 44,
+                "entropy": 4.86251
+            }
+        ]
+    },
+    {
+        "rule": "PostHog Credentials",
+        "severity": "medium",
+        "confidence": "weak",
+        "ml_probability": null,
+        "line_data_list": [
+            {
+                "line": "phs_dNrZRd5etgv1B1gRTkfUrTJnf0EaZ5r6hUouJgXtWwFTrq",
+                "line_num": 2,
+                "path": "./tests/samples/posthog",
+                "info": "FILE:./tests/samples/posthog|RAW",
+                "variable": null,
+                "variable_start": -2,
+                "variable_end": -2,
+                "value": "phs_dNrZRd5etgv1B1gRTkfUrTJnf0EaZ5r6hUouJgXtWwFTrq",
+                "value_start": 0,
+                "value_end": 50,
+                "entropy": 4.89366
+            }
+        ]
+    },
+    {
+        "rule": "PostHog Credentials",
+        "severity": "medium",
+        "confidence": "weak",
+        "ml_probability": null,
+        "line_data_list": [
+            {
+                "line": "phr_dNrZRd5etgv1B1gRTKedUjAkFCcvNdBLoQz4W8GCYEVUySGUt",
+                "line_num": 3,
+                "path": "./tests/samples/posthog",
+                "info": "FILE:./tests/samples/posthog|RAW",
+                "variable": null,
+                "variable_start": -2,
+                "variable_end": -2,
+                "value": "phr_dNrZRd5etgv1B1gRTKedUjAkFCcvNdBLoQz4W8GCYEVUySGUt",
+                "value_start": 0,
+                "value_end": 53,
+                "entropy": 5.07217
+            }
+        ]
+    },
+    {
+        "rule": "PostHog Credentials",
+        "severity": "medium",
+        "confidence": "weak",
+        "ml_probability": null,
+        "line_data_list": [
+            {
+                "line": "pha_BkeaIpOESh8OGcD1bhPGh6kH9UjVGp6nnaC6vF4E7q9TcJr7GapdQMVDX",
+                "line_num": 4,
+                "path": "./tests/samples/posthog",
+                "info": "FILE:./tests/samples/posthog|RAW",
+                "variable": null,
+                "variable_start": -2,
+                "variable_end": -2,
+                "value": "pha_BkeaIpOESh8OGcD1bhPGh6kH9UjVGp6nnaC6vF4E7q9TcJr7GapdQMVDX",
+                "value_start": 0,
+                "value_end": 61,
+                "entropy": 5.03312
+            }
+        ]
+    },
+    {
+        "rule": "PostHog Credentials",
+        "severity": "medium",
+        "confidence": "weak",
+        "ml_probability": null,
+        "line_data_list": [
+            {
+                "line": "phx_5nYpKltuz4gvt7LessoO3swaOH41RJh6pzT1x1NoeTrKbTuAaxtVMA7JmMxp",
+                "line_num": 5,
+                "path": "./tests/samples/posthog",
+                "info": "FILE:./tests/samples/posthog|RAW",
+                "variable": null,
+                "variable_start": -2,
+                "variable_end": -2,
+                "value": "phx_5nYpKltuz4gvt7LessoO3swaOH41RJh6pzT1x1NoeTrKbTuAaxtVMA7JmMxp",
+                "value_start": 0,
+                "value_end": 64,
+                "entropy": 5.04657
+            }
+        ]
+    },
     {
         "rule": "Postman Credentials",
         "severity": "medium",
@@ -16859,6 +16985,27 @@
             }
         ]
     },
+    {
+        "rule": "Vercel Token",
+        "severity": "medium",
+        "confidence": "weak",
+        "ml_probability": null,
+        "line_data_list": [
+            {
+                "line": "vcp_5G8LQP7fmw80eG7W8y0sWO1QFPuhsYUuLEqyd1ialdvz9r6pL4vzxkC3",
+                "line_num": 1,
+                "path": "./tests/samples/vercel",
+                "info": "FILE:./tests/samples/vercel|RAW",
+                "variable": null,
+                "variable_start": -2,
+                "variable_end": -2,
+                "value": "vcp_5G8LQP7fmw80eG7W8y0sWO1QFPuhsYUuLEqyd1ialdvz9r6pL4vzxkC3",
+                "value_start": 0,
+                "value_end": 60,
+                "entropy": 5.23581
+            }
+        ]
+    },
     {
         "rule": "Tencent WeChat API App ID",
         "severity": "medium",