Skip to content

Commit 28a7054

Browse files
rafabd1rafabd1
committed
Enhance regex patterns and keyword exclusions for improved secret detection accuracy
1 parent f72081c commit 28a7054

File tree

1 file changed

+22
-20
lines changed

1 file changed

+22
-20
lines changed

core/patterns/patterns.go

Lines changed: 22 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -243,11 +243,12 @@ var DefaultPatterns = &PatternDefinitions{
243243
MinLength: 8,
244244
},
245245
"private_key_var": {
246-
Regex: `['"]?(?:private_?key|secret_?key)['"]?\s*[:=]\s*['"]([^'"]{20,})['"]`,
246+
Regex: `(?i)['"]?(?:private_?key|secret_?key)['"]?\s*[:=]\s*['"]([a-zA-Z0-9+/=_-]{20,})['"]`,
247247
Description: "Private Key Variable",
248248
Enabled: true,
249249
Category: "crypto",
250250
MinLength: 20,
251+
KeywordExcludes: []string{"click_", "export_", "track_", "event_", "action_", "_event", "_click", "_track", "switch_", "show_", "hide_"},
251252
},
252253

253254
// GitHub tokens - High risk for code repository access
@@ -387,20 +388,20 @@ var DefaultPatterns = &PatternDefinitions{
387388

388389
// Payment services
389390
"paypal_client_id": {
390-
Regex: `(?i)(?:paypal|braintree).{0,20}(?:[:=]\s*)['"]([A-Za-z0-9_-]{20,64})['"]`,
391+
Regex: `(?i)(?:paypal|braintree)[_-]?(?:client[_-]?)?(?:id|key|secret)\s*[:=]\s*['"]([A-Za-z0-9_-]{20,64})['"]`,
391392
Description: "PayPal/Braintree Client ID",
392393
Enabled: true,
393394
Category: "payment",
394395
MinLength: 20,
395-
KeywordExcludes: []string{"example", "placeholder", "user", "password", "sample", "kill_"},
396+
KeywordExcludes: []string{"example", "placeholder", "user", "password", "sample", "kill_", "button", "class", "style", "css"},
396397
},
397398
"paypal_client_secret": {
398-
Regex: `(?i)(?:paypal|braintree).{0,20}(?:[:=]\s*)['"]([A-Za-z0-9_-]{20,64})['"]`,
399+
Regex: `(?i)(?:paypal|braintree)[_-]?(?:client[_-]?)?secret\s*[:=]\s*['"]([A-Za-z0-9_-]{20,64})['"]`,
399400
Description: "PayPal/Braintree Client Secret",
400401
Enabled: true,
401402
Category: "payment",
402403
MinLength: 20,
403-
KeywordExcludes: []string{"example", "placeholder", "user", "password", "sample", "kill_"},
404+
KeywordExcludes: []string{"example", "placeholder", "user", "password", "sample", "kill_", "button", "class", "style", "css"},
404405
},
405406
"braintree_token": {
406407
Regex: `access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}`,
@@ -517,41 +518,42 @@ var DefaultPatterns = &PatternDefinitions{
517518
KeywordExcludes: []string{"example", "test", "demo", "noreply", "no-reply", "@example.com", "@test.com", "verification-card-", "name@email.com", "name@domain.com", "@author", "license", "(c)", "copyright", "author:", "maintainer:", "created by", "contact:", "<", "first.last@company.com", ".png')", ".jpg')", ".gif')", ".svg')", ".webp')", ".png\"')", ".jpg\"')", ".gif\"')", ".svg\"')", ".webp\"')", "@2x.png", "@3x.png"},
518519
},
519520
"phone_number": {
520-
Regex: `(?i)(?:(?:\\b(?:phone|mobile|tel(?:ephone)?)\\b(?:[^\\w\\d\\n\\r<]{0,10}(?:[:= ]{1,3}|\\s+(?:to|at|us\\s+at)\\s+))(\\+?\\d{1,3}[-.\s]?)?(\\(\\d{3}\\)|\\d{3})[-.\s]?\\d{3}[-.\s]?\\d{4})|(?:(\\+?\\d{1,3}[-.\s]?)?(?:\\(\\d{3}\\)[-.\s]?\\d{3}[-.\s]?\\d{4}|\\d{3}[-.\s]+\\d{3}[-.\s]+\\d{4}|\\d{3}[-.\s]+\\d{7}|\\d{6}[-.\s]+\\d{4})))\\b`,
521-
Description: "Phone Number",
521+
Regex: `(?i)(?:phone|mobile|tel(?:ephone)?|fax|cell)\s*[:=]\s*['"]?(\+?1?[-.\s]?\(?\d{3}\)?[-.\s]?\d{3}[-.\s]?\d{4})['"]?`,
522+
Description: "Phone Number (US format, keyword dependent)",
522523
Enabled: true,
523524
Category: "pii",
524525
MinLength: 10,
525-
KeywordExcludes: []string{"version", "id", "example", "test", "port", "e.g.", "_filter", "className", "jsx-", "mask", "000-000-0000", "prod", "phones/", "watermark", "123-456-7890", "tel:", "adobe_mc", "TS=", "gtag", "AW-", "DC-", "Lg(e,"},
526+
MaxLength: 20,
527+
KeywordExcludes: []string{"version", "id", "example", "test", "port", "e.g.", "_filter", "className", "jsx-", "mask", "000-000-0000", "prod", "phones/", "watermark", "123-456-7890", "tel:", "adobe_mc", "TS=", "gtag", "AW-", "DC-", "Lg(e,", "000-0000", "111-1111", "999-9999"},
526528
},
527529
"ipv4_address": {
528-
Regex: `(?i)(?:[a-zA-Z0-9._-]*?(?:ip|address|host|server)[a-zA-Z0-9._-]*?\s*[:=]\s*['"]?)\s*(\b(?:(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])\.){3}(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])\b)`,
530+
Regex: `(?i)(?:^|[^0-9.])(?:ip[_-]?addr(?:ess)?|host[_-]?(?:name|addr)?|server[_-]?(?:ip|addr))\s*[:=]\s*['"]?((?:(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[1-9])\.){3}(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9]))['"]?`,
529531
Description: "IPv4 Address (associated with a keyworded key, e.g., server_ip: 1.2.3.4)",
530532
Enabled: true,
531533
Category: "pii",
532534
MinLength: 7,
533535
MaxLength: 15,
534-
KeywordMatches: []string{"ip", "address", "host"},
535-
KeywordExcludes: []string{"0.0.0.0", "127.0.0.1", "localhost", "firefox/", "version", "rfc", "section-", "webpack_require__", "module", "/***/", "/*", "javascript/", "// ", "Symbol(", "RegExp.prototype", ",.", "c0 .", "M.exports={", "c-id=", "{\"2.16.840.", "@see Recommendation", "ITU-T H.", "Section "},
536+
KeywordMatches: []string{"ip", "address", "host", "server"},
537+
KeywordExcludes: []string{"0.0.0.0", "127.0.0.1", "localhost", "1.3.6.1", "2.16.840", "1.2.840", "oid", "urn:", "OID"},
536538
},
537539
"ipv6_address": {
538-
Regex: `\b(?:(?:[0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,5}(?::[0-9a-fA-F]{1,4}){1,2}|(?:[0-9a-fA-F]{1,4}:){1,4}(?::[0-9a-fA-F]{1,4}){1,3}|(?:[0-9a-fA-F]{1,4}:){1,3}(?::[0-9a-fA-F]{1,4}){1,4}|(?:[0-9a-fA-F]{1,4}:){1,2}(?::[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:(?:(?::[0-9a-fA-F]{1,4}){1,6})|:(?:(?::[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(?::[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(?:ffff(?::0{1,4}){0,1}:){0,1}(?:(?:25[0-5]|(?:2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(?:25[0-5]|(?:2[0-4]|1{0,1}[0-9]){0,1}[0-9])|(?:[0-9a-fA-F]{1,4}:){1,4}:(?:(?:25[0-5]|(?:2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(?:25[0-5]|(?:2[0-4]|1{0,1}[0-9]){0,1}[0-9]))\b`,
539-
Description: "IPv6 Address",
540+
Regex: `(?i)(?:ipv6|ip6)[_-]?(?:addr(?:ess)?)?\s*[:=]\s*['"]?((?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|(?:[0-9a-fA-F]{1,4}:){1,7}:|(?:[0-9a-fA-F]{1,4}:){6}:[0-9a-fA-F]{1,4})['"]?`,
541+
Description: "IPv6 Address (Keyword Dependent)",
540542
Enabled: true,
541543
Category: "pii",
542-
MinLength: 7,
543-
KeywordMatches: []string{"ip", "address", "host"},
544-
KeywordExcludes: []string{"::1", "localhost", "//", "/*", "* ", "EPSG::", "urn:ogc:def:crs:", "fab::", "cdk-keyboard-focused"},
544+
MinLength: 15,
545+
KeywordMatches: []string{"ipv6", "ip6"},
546+
KeywordExcludes: []string{"::1", "0000:0000", "fingerprint", "sha-256", "sha256", "hash"},
545547
},
546548
"mac_address": {
547-
Regex: `\b(?:[0-9A-Fa-f]{2}[:-]){5}(?:[0-9A-Fa-f]{2})\b`,
548-
Description: "MAC Address",
549+
Regex: `(?i)(?:mac[_-]?address|ethernet[_-]?addr|hw[_-]?addr)\s*[:=]\s*['"]?([0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2})['"]?`,
550+
Description: "MAC Address (Keyword Dependent, colon format only)",
549551
Enabled: true,
550552
Category: "pii",
551553
MinLength: 17,
552554
MaxLength: 17,
553-
KeywordMatches: []string{"mac", "address", "ethernet"},
554-
KeywordExcludes: []string{"path", "svg", "translate", "d=\"", "d='", "stroke", "fill", "points"},
555+
KeywordMatches: []string{"mac", "ethernet", "hardware"},
556+
KeywordExcludes: []string{"00:00:00:00:00:00", "ff:ff:ff:ff:ff:ff", "FF:FF:FF:FF:FF:FF", "fingerprint", "sha"},
555557
},
556558
"us_zip_code": {
557559
Regex: `(?i)(?:zip|postal|post_?code|address)\\s*[:=]\\s*(\\d{5}(?:-\\d{4})?)\\b`,

0 commit comments

Comments
 (0)