oleander/regex_patterns.py at main · aRageQueen/oleander · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
import re

# likely secret/environment variable patterns for detection (based on common development practices)
ENV_VAR_PATTERNS = [
    #cloud keys
    re.compile(r'(AWS|GCP|AZURE)?_?SECRET.*[=:]\s*[\'"]?[A-Za-z0-9/\+=]{20,}[\'"]?', re.I),
    re.compile(r'ACCESS[_-]?TOKEN[=:]\s*[\'"]?[A-Za-z0-9\-_.]{20,}[\'"]?', re.I),

    #database URLs
    re.compile(r'DATABASE_URL[=:]\s*[\'"]?.+?[\'"]?', re.I),

    #API keys
    re.compile(r'API[_-]?KEY[=:]\s*[\'"]?[A-Za-z0-9]{20,}[\'"]?', re.I),
    re.compile(r'STRIPE[_-]?KEY[=:]\s*[\'"]?[A-Za-z0-9]{20,}[\'"]?', re.I),

    #passwords
    re.compile(r'PASSWORD[=:]\s*[\'"]?.+?[\'"]?', re.I),

    #OAuth
    re.compile(r'(OAUTH|CLIENT|APP)[-_]?(ID|SECRET)[=:]\s*[\'"]?[A-Za-z0-9\-]{10,}[\'"]?', re.I),

    #JSON web tokens
    re.compile(r'eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9._-]{10,}\.[A-Za-z0-9._-]{10,}', re.I),

]