META-INF.rewrite.secrets.yml Maven / Gradle / Ivy
Show all versions of rewrite-java-security Show documentation
#
# Copyright 2022 the original author or authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.security.secrets.FindSecrets
displayName: Find secrets
description: Locates secrets stored in plain text in code.
tags:
- security
recipeList:
- org.openrewrite.java.security.secrets.FindArtifactorySecrets
- org.openrewrite.java.security.secrets.FindAwsSecrets
- org.openrewrite.java.security.secrets.FindAzureSecrets
- org.openrewrite.java.security.secrets.FindDiscordSecrets
- org.openrewrite.java.security.secrets.FindGenericSecrets
- org.openrewrite.java.security.secrets.FindGitHubSecrets
- org.openrewrite.java.security.secrets.FindGoogleSecrets
- org.openrewrite.java.security.secrets.FindHerokuSecrets
- org.openrewrite.java.security.secrets.FindJwtSecrets
- org.openrewrite.java.security.secrets.FindMailChimpSecrets
- org.openrewrite.java.security.secrets.FindMailgunSecrets
- org.openrewrite.java.security.secrets.FindNpmSecrets
- org.openrewrite.java.security.secrets.FindNpmSecrets
- org.openrewrite.java.security.secrets.FindPasswordInUrlSecrets
- org.openrewrite.java.security.secrets.FindPayPalSecrets
- org.openrewrite.java.security.secrets.FindPgpSecrets
- org.openrewrite.java.security.secrets.FindPicaticSecrets
- org.openrewrite.java.security.secrets.FindRsaSecrets
- org.openrewrite.java.security.secrets.FindSendGridSecrets
- org.openrewrite.java.security.secrets.FindSlackSecrets
- org.openrewrite.java.security.secrets.FindSquareSecrets
- org.openrewrite.java.security.secrets.FindSshSecrets
- org.openrewrite.java.security.secrets.FindStripeSecrets
- org.openrewrite.java.security.secrets.FindTelegramSecrets
- org.openrewrite.java.security.secrets.FindTwilioSecrets
- org.openrewrite.java.security.secrets.FindTwitterSecrets
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.security.secrets.FindArtifactorySecrets
displayName: Find Artifactory secrets
description: Locates Artifactory secrets stored in plain text in code.
tags:
- security
recipeList:
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: Artifactory
valuePattern: '(?:\s|=|:|"|^)AP[\dABCDEF][a-zA-Z0-9]{8,}(?:\s|"|$)'
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: Artifactory
valuePattern: '(?:\s|=|:|"|^)AKC[a-zA-Z0-9]{10,}(?:\s|"|$)'
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.security.secrets.FindAwsSecrets
displayName: Find AWS secrets
description: Locates AWS secrets stored in plain text in code.
tags:
- security
recipeList:
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: AWS access key
valuePattern: 'AKIA[0-9A-Z]{16}'
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: AWS access key
keyPattern: 'aws.{0,20}?(key|pwd|pw|password|pass|token)'
valuePattern: '^([0-9a-zA-Z/+]{40})$'
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.security.secrets.FindAzureSecrets
displayName: Find Azure secrets
description: Locates Azure secrets stored in plain text in code.
tags:
- security
recipeList:
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: Azure access key
valuePattern: '[a-zA-Z0-9+/=]{88}'
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.security.secrets.FindDiscordSecrets
displayName: Find Discord secrets
description: Locates Discord secrets stored in plain text in code.
tags:
- security
recipeList:
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: Discord
valuePattern: '[MN][a-zA-Z\d_-]{23}\.[a-zA-Z\d_-]{6}\.[a-zA-Z\d_-]{27}'
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.security.secrets.FindGitHubSecrets
displayName: Find GitHub secrets
description: Locates GitHub secrets stored in plain text in code.
tags:
- security
recipeList:
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: GitHub
valuePattern: |-
[gG][iI][tT][hH][uU][bB].*['|"][0-9a-zA-Z]{35,40}['|"]
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: GitHub
valuePattern: '(ghp|gho|ghu|ghs|ghr)_[A-Za-z0-9_]{36}'
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.security.secrets.FindNpmSecrets
displayName: Find NPM secrets
description: Locates NPM secrets stored in plain text in code.
tags:
- security
recipeList:
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: NPM
valuePattern: '//.+/:_authToken=\s*((npm_.+)|([A-Fa-f0-9-]{36})).*'
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.security.secrets.FindRsaSecrets
displayName: Find RSA private keys
description: Locates RSA private keys stored in plain text in code.
tags:
- security
recipeList:
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: NPM
valuePattern: '-----BEGIN RSA PRIVATE KEY-----'
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.security.secrets.FindSshSecrets
displayName: Find SSH secrets
description: Locates SSH secrets stored in plain text in code.
tags:
- security
recipeList:
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: SSH (DSA) private key
valuePattern: '-----BEGIN DSA PRIVATE KEY-----'
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: SSH (EC) private key
valuePattern: '-----BEGIN EC PRIVATE KEY-----'
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.security.secrets.FindPgpSecrets
displayName: Find PGP secrets
description: Locates PGP secrets stored in plain text in code.
tags:
- security
recipeList:
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: PGP private key block
valuePattern: '-----BEGIN PGP PRIVATE KEY BLOCK-----'
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.security.secrets.FindNpmSecrets
displayName: Find NPM secrets
description: Locates NPM secrets stored in plain text in code.
tags:
- security
recipeList:
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: Facebook access token
valuePattern: 'EAACEdEose0cBA[0-9A-Za-z]+'
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: Facebook OAuth
valuePattern: |-
[fF][aA][cC][eE][bB][oO][oO][kK].*['|"][0-9a-f]{32}['|"]
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.security.secrets.FindGenericSecrets
displayName: Find generic secrets
description: Locates generic secrets stored in plain text in code.
tags:
- security
recipeList:
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: Generic API key
valuePattern: |-
[aA][pP][iI]_?[kK][eE][yY].*['|"][0-9a-zA-Z]{32,45}['|"]
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: Generic secret
valuePattern: |-
[sS][eE][cC][rR][eE][tT].*['|"][0-9a-zA-Z]{32,45}['|"]
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.security.secrets.FindGoogleSecrets
displayName: Find Google secrets
description: Locates Google secrets stored in plain text in code.
tags:
- security
recipeList:
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: Google API key
valuePattern: 'AIza[0-9A-Za-z\-_]{35}'
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: Google OAuth token
valuePattern: '[0-9]+-[0-9A-Za-z_]{32}\.apps\.googleusercontent\.com'
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: Google OAuth token
valuePattern: 'ya29\.[0-9A-Za-z\-_]+'
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.security.secrets.FindHerokuSecrets
displayName: Find Heroku secrets
description: Locates Heroku secrets stored in plain text in code.
tags:
- security
recipeList:
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: Heroku API key
valuePattern: '[hH][eE][rR][oO][kK][uU].*[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}'
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.security.secrets.FindMailChimpSecrets
displayName: Find MailChimp secrets
description: Locates MailChimp secrets stored in plain text in code.
tags:
- security
recipeList:
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: MailChimp access key
valuePattern: '[0-9a-z]{32}-us[0-9]{1,2}'
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: MailChimp API key
valuePattern: '[0-9a-f]{32}-us[0-9]{1,2}'
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.security.secrets.FindMailgunSecrets
displayName: Find Mailgun secrets
description: Locates Mailgun secrets stored in plain text in code.
tags:
- security
recipeList:
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: Mailgun API key
valuePattern: 'key-[0-9a-zA-Z]{32}'
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.security.secrets.FindPasswordInUrlSecrets
displayName: Find passwords used in URLs
description: Locates URLs that contain passwords in plain text.
tags:
- security
recipeList:
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: Password in URL
valuePattern: |-
[a-zA-Z]{3,10}://[^/\s:@]{3,20}:[^/\s:@]{3,20}@.{1,100}["'\s]
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.security.secrets.FindPayPalSecrets
displayName: Find PayPal secrets
description: Locates PayPal secrets stored in plain text in code.
tags:
- security
recipeList:
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: PayPal Braintree access token
valuePattern: 'access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.security.secrets.FindPicaticSecrets
displayName: Find Picatic secrets
description: Locates Picatic secrets stored in plain text in code.
tags:
- security
recipeList:
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: Picatic
valuePattern: 'sk_live_[0-9a-z]{32}'
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.security.secrets.FindSendGridSecrets
displayName: Find SendGrid secrets
description: Locates SendGrid secrets stored in plain text in code.
tags:
- security
recipeList:
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: SendGrid API key
valuePattern: 'SG\.[a-zA-Z0-9_-]{22}\.[a-zA-Z0-9_-]{43}'
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.security.secrets.FindStripeSecrets
displayName: Find Stripe secrets
description: Locates Stripe secrets stored in plain text in code.
tags:
- security
recipeList:
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: Stripe API key
valuePattern: '(s|r)k_live_[0-9a-zA-Z]{24}'
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.security.secrets.FindSquareSecrets
displayName: Find Square secrets
description: Locates Square secrets stored in plain text in code.
tags:
- security
recipeList:
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: Square access token
valuePattern: 'sq0atp-[0-9A-Za-z\-_]{22}'
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: Square OAuth token
valuePattern: 'sq0csp-[0-9A-Za-z\-_]{43}'
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.security.secrets.FindTelegramSecrets
displayName: Find Telegram secrets
description: Locates Telegram secrets stored in plain text in code.
tags:
- security
recipeList:
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: Telegram bot API key
valuePattern: '[0-9]+:AA[0-9A-Za-z\-_]{33}'
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.security.secrets.FindTwilioSecrets
displayName: Find Twilio secrets
description: Locates Twilio secrets stored in plain text in code.
tags:
- security
recipeList:
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: Twilio API key auth token
valuePattern: 'SK[0-9a-fA-F]{32}'
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: Twilio API key account SID
valuePattern: 'AC[a-z0-9]{32}'
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.security.secrets.FindTwitterSecrets
displayName: Find Twitter secrets
description: Locates Twitter secrets stored in plain text in code.
tags:
- security
recipeList:
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: Twitter access token
valuePattern: '[tT][wW][iI][tT][tT][eE][rR].*[1-9][0-9]+-[0-9a-zA-Z]{40}'
- org.openrewrite.java.security.secrets.FindSecretsByPattern:
secretName: Twitter OAuth token
valuePattern: |-
[tT][wW][iI][tT][tT][eE][rR].*['|"][0-9a-zA-Z]{35,44}['|"]