META-INF.rewrite.find-plaintext-secrets.yml Maven / Gradle / Ivy
Show all versions of rewrite-java Show documentation
#
# Copyright 2020 the original author or authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.java.search.FindSecrets
displayName: Find plain text secrets
description: Find secrets stored in plain text in code.
tags:
- security
recipeList:
- org.openrewrite.java.search.FindComments:
patterns:
- "(xox[pboa]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})" # Slack Token
- "-----BEGIN RSA PRIVATE KEY-----" # RSA private key
- "-----BEGIN DSA PRIVATE KEY-----" # SSH (DSA) private key
- "-----BEGIN EC PRIVATE KEY-----" # SSH (EC) private key
- "-----BEGIN PGP PRIVATE KEY BLOCK-----" # PGP private key block
- "((?:A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16})" # AWS API Key
- "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" # Amazon MWS Auth Token
- "AKIA[0-9A-Z]{16}" # AWS API Key
- "da2-[a-z0-9]{26}" # AWS AppSync GraphQL Key
- "EAACEdEose0cBA[0-9A-Za-z]+" # Facebook Access Token
- "[fF][aA][cC][eE][bB][oO][oO][kK].*['|\"][0-9a-f]{32}['|\"]" # Facebook OAuth
- "[gG][iI][tT][hH][uU][bB].*['|\"][0-9a-zA-Z]{35,40}['|\"]" # GitHub
- "[aA][pP][iI]_?[kK][eE][yY].*['|\"][0-9a-zA-Z]{32,45}['|\"]" # Generic API Key
- "[sS][eE][cC][rR][eE][tT].*['|\"][0-9a-zA-Z]{32,45}['|\"]" # Generic Secret
- "AIza[0-9A-Za-z\\-_]{35}" # Google API Key
- "AIza[0-9A-Za-z\\-_]{35}" # Google Cloud Platform API Key
- "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com" # Google Cloud Platform OAuth
- "AIza[0-9A-Za-z\\-_]{35}" # Google Drive API Key
- "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com" # Google Drive OAuth
- "\"type\": \"service_account\"" # Google (GCP) Service-account
- "AIza[0-9A-Za-z\\-_]{35}" # Google Gmail API Key
- "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com" # Google Gmail OAuth
- "ya29\\.[0-9A-Za-z\\-_]+" # Google OAuth Access Token
- "AIza[0-9A-Za-z\\-_]{35}" # Google YouTube API Key
- "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com" # Google YouTube OAuth
- "[hH][eE][rR][oO][kK][uU].*[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}" # Heroku API Key
- "[0-9a-f]{32}-us[0-9]{1,2}" # MailChimp API Key
- "key-[0-9a-zA-Z]{32}" # Mailgun API Key
- "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]" # Password in URL
- "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}" # PayPal Braintree Access Token
- "sk_live_[0-9a-z]{32}" # Picatic API Key
- "https://hooks\\.slack\\.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}" # Slack Webhook
- "sk_live_[0-9a-zA-Z]{24}" # Stripe API Key
- "rk_live_[0-9a-zA-Z]{24}" # Stripe Restricted API Key
- "sq0atp-[0-9A-Za-z\\-_]{22}" # Square Access Token
- "sq0csp-[0-9A-Za-z\\-_]{43}" # Square OAuth Secret
- "[0-9]+:AA[0-9A-Za-z\\-_]{33}" # Telegram Bot API Key
- "SK[0-9a-fA-F]{32}" # Twilio API Key
- "[tT][wW][iI][tT][tT][eE][rR].*[1-9][0-9]+-[0-9a-zA-Z]{40}" # Twitter Access Token
- "[tT][wW][iI][tT][tT][eE][rR].*['|\"][0-9a-zA-Z]{35,44}['|\"]" # Twitter OAuth