fqr.core.strings.obj module¶

Strings objects.

class Pattern¶

Bases: object

Compiled regex patterns.

SnakeToCamelReplacements = re.compile('(_[a-z0-9])')¶

Matches all lower case alphanumeric characters following any non-leading underscore.

Note: match is inclusive of underscores to improve substitution performance.

CamelToSnakeReplacements = re.compile('[A-Z0-9]([0-9]+|[a-z]+|([0-9][a-z])+)')¶: Matches all Title Case and numeric components.

camelCase = re.compile('^[a-z]+((\\d)|([A-Z0-9][a-z0-9]{1,128})){0,32}$')¶

Matches strict [lower] camelCase (i.e. RESTful casing) according to the Google Java Style Guide.

Unlike Google, does NOT allow for an optional uppercase character at the end of the string.

Strings with more than32IndividualWords or withWordsLongerThan128Characters will not be matched.

snake_case = re.compile('^[a-z0-9_]{1,4096}$')¶

Matches strict [lower] snake_case (i.e. python instance / attribute / function casing).

Strings longer than 4096 characters will not be matched.

DateTime = re.compile('[0-9]{4}-[0-9]{2}-[0-9]{2}([ T][0-9]{2}:[0-9]{2}:[0-9]{2}(\\.([0-9]{1,6}))?)?([+-][0-9]{2}:[0-9]{2})?')¶

Matches valid python datetime strings.

Note: validity is determined by parsability fromisoformat().

Number = re.compile('^([+-]?([0-9](_?[0-9]){0,63})?(\\.)?[0-9](_?[0-9]){0,63}(e[+-]?[0-9](_?[0-9]){0,63})?)(j|([+-]([0-9](_?[0-9]){0,63})?(\\.)?[0-9](_?[0-9]){0,63}(e[+-]?[0-9](_?[0-9]){0,63})?j))?$')¶

Matches integers, floats, scientific notation, and complex numbers.

Supports precision up to 64 digits either side of a decimal point.

Recognizes valid, pythonic underscore usage as well.

class KeyValueRedactionPattern¶

Bases: object

Regex patterns to redact common, sensitive data.

api_key_token = re.compile('(api|secret)+.?(key|token)', re.IGNORECASE)¶: Matches common names for api keys, tokens, etc.

authorization_header = re.compile('(authorization|bearer)+', re.IGNORECASE)¶: Matches an authorization / bearer token header.

conn_string_password = re.compile('(:\\/\\/)+\\w+(:[^:@]+)@')¶: Matches passwords in database connection strings.

credit_card = re.compile('\\b(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|6(?:011|5[0-9]{2})[0-9]{12}|(?:2131|1800|35\\d{3})\\d{11})\\b')¶: Matches an [ostensibly] valid credit card number.

KeyValueRedactionPatterns: dict[str, Pattern[str]] = {'API_KEY_TOKEN': re.compile('(api|secret)+.?(key|token)', re.IGNORECASE), 'AUTHORIZATION_HEADER': re.compile('(authorization|bearer)+', re.IGNORECASE), 'CONN_STRING_PASSWORD': re.compile('(:\\/\\/)+\\w+(:[^:@]+)@'), 'CREDIT_CARD': re.compile('\\b(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|6(?:011|5[0-9]{2})[0-9]{12}|(?:2131|1800|35\\d{3})\\d{11})\\b')}¶: Regex patterns to redact common, sensitive data.

class RedactionPattern¶

Bases: object

Regex patterns to redact common, sensitive data.

Sourced from trivy / aqua. https://github.com/aquasecurity/trivy/blob/main/pkg/fanal/secret/builtin-rules.go

aws_access_key_id = re.compile('(?P<secret>(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16})')¶

aws_secret_access_key = re.compile('(?i)(^|\\s+)(?P<secret>[A-Za-z0-9\\/\\+=]{40})', re.IGNORECASE)¶

github_pat = re.compile('ghp_[0-9a-zA-Z]{36}')¶

github_oauth = re.compile('gho_[0-9a-zA-Z]{36}')¶

github_app_token = re.compile('(ghu|ghs)_[0-9a-zA-Z]{36}')¶

github_refresh_token = re.compile('ghr_[0-9a-zA-Z]{76}')¶

github_fine_grained_pat = re.compile('github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59}')¶

gitlab_pat = re.compile('glpat-[0-9a-zA-Z\\-\\_]{20}')¶

private_key = re.compile('(?i)-----\\s*?BEGIN[ A-Z0-9_-]*?PRIVATE KEY( BLOCK)?\\s*?-----[\\s]*?(?P<secret>[\\sA-Za-z0-9=+/\\\\\\r\\n]+)[\\s]*?-----\\s*?END[ A-Z0-9_-]*? PRIVATE KEY( BLOCK)?\\s*?-----', re.IGNORECASE)¶

shopify_token = re.compile('shp(ss|at|ca|pa)_[a-fA-F0-9]{32}')¶

slack_access_token = re.compile('xox[baprs]-([0-9a-zA-Z]{10,48})')¶

stripe_publishable_token = re.compile('(?i)pk_(test|live)_[0-9a-z]{10,32}', re.IGNORECASE)¶

stripe_secret_token = re.compile('(?i)sk_(test|live)_[0-9a-z]{10,32}', re.IGNORECASE)¶

pypi_upload_token = re.compile('pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\\-_]{50,1000}')¶

gcp_service_account = re.compile('\\"type\\": \\"service_account\\"')¶

heroku_api_key = re.compile('(?i)(?P<key>heroku[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})[\\\'\\"]', re.IGNORECASE)¶

slack_web_hook = re.compile('https:\\/\\/hooks\\.slack\\.com\\/services\\/[A-Za-z0-9+\\/]{44,48}')¶

twilio_api_key = re.compile('SK[0-9a-fA-F]{32}')¶

age_secret_key = re.compile('AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}')¶

facebook_token = re.compile('(?i)(?P<key>facebook[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-f0-9]{32})[\\\'\\"]', re.IGNORECASE)¶

twitter_token = re.compile('(?i)(?P<key>twitter[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-f0-9]{35,44})[\\\'\\"]', re.IGNORECASE)¶

adobe_client_id = re.compile('(?i)(?P<key>adobe[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-f0-9]{32})[\\\'\\"]', re.IGNORECASE)¶

adobe_client_secret = re.compile('(?i)(p8e-)[a-z0-9]{32}', re.IGNORECASE)¶

alibaba_access_key_id = re.compile('(?i)([^0-9A-Za-z]|^)(?P<secret>(LTAI)[a-z0-9]{20})([^0-9A-Za-z]|$)', re.IGNORECASE)¶

alibaba_secret_key = re.compile('(?i)(?P<key>alibaba[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-z0-9]{30})[\\\'\\"]', re.IGNORECASE)¶

asana_client_id = re.compile('(?i)(?P<key>asana[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[0-9]{16})[\\\'\\"]', re.IGNORECASE)¶

asana_client_secret = re.compile('(?i)(?P<key>asana[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-z0-9]{32})[\\\'\\"]', re.IGNORECASE)¶

atlassian_api_token = re.compile('(?i)(?P<key>atlassian[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-z0-9]{24})[\\\'\\"]', re.IGNORECASE)¶

bitbucket_client_id = re.compile('(?i)(?P<key>bitbucket[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-z0-9]{32})[\\\'\\"]', re.IGNORECASE)¶

bitbucket_client_secret = re.compile('(?i)(?P<key>bitbucket[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-z0-9_\\-]{64})[\\\'\\"]', re.IGNORECASE)¶

beamer_api_token = re.compile('(?i)(?P<key>beamer[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>b_[a-z0-9=_\\-]{44})[\\\'\\"]', re.IGNORECASE)¶

clojars_api_token = re.compile('(?i)(CLOJARS_)[a-z0-9]{60}', re.IGNORECASE)¶

contentful_delivery_api_token = re.compile('(?i)(?P<key>contentful[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-z0-9\\-=_]{43})[\\\'\\"]', re.IGNORECASE)¶

databricks_api_token = re.compile('dapi[a-h0-9]{32}')¶

discord_api_token = re.compile('(?i)(?P<key>discord[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-h0-9]{64})[\\\'\\"]', re.IGNORECASE)¶

discord_client_id = re.compile('(?i)(?P<key>discord[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[0-9]{18})[\\\'\\"]', re.IGNORECASE)¶

discord_client_secret = re.compile('(?i)(?P<key>discord[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-z0-9=_\\-]{32})[\\\'\\"]', re.IGNORECASE)¶

doppler_api_token = re.compile('(?i)[\\\'\\"](dp\\.pt\\.)[a-z0-9]{43}[\\\'\\"]', re.IGNORECASE)¶

dropbox_api_secret = re.compile('(?i)(dropbox[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"]([a-z0-9]{15})[\\\'\\"]', re.IGNORECASE)¶

dropbox_short_lived_api_token = re.compile('(?i)(dropbox[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](sl\\.[a-z0-9\\-=_]{135})[\\\'\\"]', re.IGNORECASE)¶

dropbox_long_lived_api_token = re.compile('(?i)(dropbox[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"][a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\\-_=]{43}[\\\'\\"]', re.IGNORECASE)¶

duffel_api_token = re.compile('(?i)[\\\'\\"]duffel_(test|live)_[a-z0-9_-]{43}[\\\'\\"]', re.IGNORECASE)¶

dynatrace_api_token = re.compile('(?i)[\\\'\\"]dt0c01\\.[a-z0-9]{24}\\.[a-z0-9]{64}[\\\'\\"]', re.IGNORECASE)¶

easypost_api_token = re.compile('(?i)[\\\'\\"]EZ[AT]K[a-z0-9]{54}[\\\'\\"]', re.IGNORECASE)¶

fastly_api_token = re.compile('(?i)(?P<key>fastly[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-z0-9\\-=_]{32})[\\\'\\"]', re.IGNORECASE)¶

finicity_client_secret = re.compile('(?i)(?P<key>finicity[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-z0-9]{20})[\\\'\\"]', re.IGNORECASE)¶

finicity_api_token = re.compile('(?i)(?P<key>finicity[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-f0-9]{32})[\\\'\\"]', re.IGNORECASE)¶

flutterwave_public_key = re.compile('(?i)FLW(PUB|SEC)K_TEST-[a-h0-9]{32}-X', re.IGNORECASE)¶

flutterwave_enc_key = re.compile('FLWSECK_TEST[a-h0-9]{12}')¶

frameio_api_token = re.compile('(?i)fio-u-[a-z0-9\\-_=]{64}', re.IGNORECASE)¶

gocardless_api_token = re.compile('(?i)[\\\'\\"]live_[a-z0-9\\-_=]{40}[\\\'\\"]', re.IGNORECASE)¶

grafana_api_token = re.compile('(?i)[\\\'\\"]eyJrIjoi[a-z0-9\\-_=]{72,92}[\\\'\\"]', re.IGNORECASE)¶

hashicorp_tf_api_token = re.compile('(?i)[\\\'\\"][a-z0-9]{14}\\.atlasv1\\.[a-z0-9\\-_=]{60,70}[\\\'\\"]', re.IGNORECASE)¶

hubspot_api_token = re.compile('(?i)(?P<key>hubspot[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})[\\\'\\"]', re.IGNORECASE)¶

intercom_api_token = re.compile('(?i)(?P<key>intercom[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-z0-9=_]{60})[\\\'\\"]', re.IGNORECASE)¶

intercom_client_secret = re.compile('(?i)(?P<key>intercom[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})[\\\'\\"]', re.IGNORECASE)¶

ionic_api_token = re.compile('(?i)(ionic[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](ion_[a-z0-9]{42})[\\\'\\"]', re.IGNORECASE)¶

jwt_token = re.compile('ey[a-zA-Z0-9]{17,}\\.ey[a-zA-Z0-9\\/\\\\_-]{17,}\\.(?:[a-zA-Z0-9\\/\\\\_-]{10,}={0,2})?')¶

linear_api_token = re.compile('(?i)lin_api_[a-z0-9]{40}', re.IGNORECASE)¶

linear_client_secret = re.compile('(?i)(?P<key>linear[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-f0-9]{32})[\\\'\\"]', re.IGNORECASE)¶

lob_api_key = re.compile('(?i)(?P<key>lob[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>(live|test)_[a-f0-9]{35})[\\\'\\"]', re.IGNORECASE)¶

lob_pub_api_key = re.compile('(?i)(?P<key>lob[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>(test|live)_pub_[a-f0-9]{31})[\\\'\\"]', re.IGNORECASE)¶

mailchimp_api_key = re.compile('(?i)(?P<key>mailchimp[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-f0-9]{32}-us20)[\\\'\\"]', re.IGNORECASE)¶

mailgun_token = re.compile('(?i)(?P<key>mailgun[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>(pub)?key-[a-f0-9]{32})[\\\'\\"]', re.IGNORECASE)¶

mailgun_signing_key = re.compile('(?i)(?P<key>mailgun[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})[\\\'\\"]', re.IGNORECASE)¶

mapbox_api_token = re.compile('(?i)(pk\\.[a-z0-9]{60}\\.[a-z0-9]{22})', re.IGNORECASE)¶

messagebird_api_token = re.compile('(?i)(?P<key>messagebird[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-z0-9]{25})[\\\'\\"]', re.IGNORECASE)¶

messagebird_client_id = re.compile('(?i)(?P<key>messagebird[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})[\\\'\\"]', re.IGNORECASE)¶

new_relic_user_api_key = re.compile('[\\\'\\"](NRAK-[A-Z0-9]{27})[\\\'\\"]')¶

new_relic_user_api_id = re.compile('(?i)(?P<key>newrelic[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[A-Z0-9]{64})[\\\'\\"]', re.IGNORECASE)¶

new_relic_browser_api_token = re.compile('[\\\'\\"](NRJS-[a-f0-9]{19})[\\\'\\"]')¶

npm_access_token = re.compile('(?i)[\\\'\\"](npm_[a-z0-9]{36})[\\\'\\"]', re.IGNORECASE)¶

planetscale_password = re.compile('(?i)pscale_pw_[a-z0-9\\-_\\.]{43}', re.IGNORECASE)¶

planetscale_api_token = re.compile('(?i)pscale_tkn_[a-z0-9\\-_\\.]{43}', re.IGNORECASE)¶

postman_api_token = re.compile('(?i)PMAK-[a-f0-9]{24}\\-[a-f0-9]{34}', re.IGNORECASE)¶

pulumi_api_token = re.compile('pul-[a-f0-9]{40}')¶

rubygems_api_token = re.compile('rubygems_[a-f0-9]{48}')¶

sendgrid_api_token = re.compile('(?i)SG\\.[a-z0-9_\\-\\.]{66}', re.IGNORECASE)¶

sendinblue_api_token = re.compile('(?i)xkeysib-[a-f0-9]{64}\\-[a-z0-9]{16}', re.IGNORECASE)¶

shippo_api_token = re.compile('shippo_(live|test)_[a-f0-9]{40}')¶

linkedin_client_secret = re.compile('(?i)(?P<key>linkedin[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-z]{16})[\\\'\\"]', re.IGNORECASE)¶

linkedin_client_id = re.compile('(?i)(?P<key>linkedin[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-z0-9]{14})[\\\'\\"]', re.IGNORECASE)¶

twitch_api_token = re.compile('(?i)(?P<key>twitch[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-z0-9]{30})[\\\'\\"]', re.IGNORECASE)¶

typeform_api_token = re.compile('(?i)(?P<key>typeform[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}(?P<secret>tfp_[a-z0-9\\-_\\.=]{59})', re.IGNORECASE)¶

dockerconfig_secret = re.compile('(?i)(\\.(dockerconfigjson|dockercfg):\\s*\\|*\\s*(?P<secret>(ey|ew)+[A-Za-z0-9\\/\\+=]+))', re.IGNORECASE)¶

RedactionPatterns: dict[str, Pattern[str]] = {'ADOBE_CLIENT_ID': re.compile('(?i)(?P<key>adobe[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-f0-9]{32})[\\\'\\"]', re.IGNORECASE), 'ADOBE_CLIENT_SECRET': re.compile('(?i)(p8e-)[a-z0-9]{32}', re.IGNORECASE), 'AGE_SECRET_KEY': re.compile('AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}'), 'ALIBABA_ACCESS_KEY_ID': re.compile('(?i)([^0-9A-Za-z]|^)(?P<secret>(LTAI)[a-z0-9]{20})([^0-9A-Za-z]|$)', re.IGNORECASE), 'ALIBABA_SECRET_KEY': re.compile('(?i)(?P<key>alibaba[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-z0-9]{30})[\\\'\\"]', re.IGNORECASE), 'ASANA_CLIENT_ID': re.compile('(?i)(?P<key>asana[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[0-9]{16})[\\\'\\"]', re.IGNORECASE), 'ASANA_CLIENT_SECRET': re.compile('(?i)(?P<key>asana[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-z0-9]{32})[\\\'\\"]', re.IGNORECASE), 'ATLASSIAN_API_TOKEN': re.compile('(?i)(?P<key>atlassian[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-z0-9]{24})[\\\'\\"]', re.IGNORECASE), 'AWS_ACCESS_KEY_ID': re.compile('(?P<secret>(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16})'), 'AWS_SECRET_ACCESS_KEY': re.compile('(?i)(^|\\s+)(?P<secret>[A-Za-z0-9\\/\\+=]{40})', re.IGNORECASE), 'BEAMER_API_TOKEN': re.compile('(?i)(?P<key>beamer[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>b_[a-z0-9=_\\-]{44})[\\\'\\"]', re.IGNORECASE), 'BITBUCKET_CLIENT_ID': re.compile('(?i)(?P<key>bitbucket[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-z0-9]{32})[\\\'\\"]', re.IGNORECASE), 'BITBUCKET_CLIENT_SECRET': re.compile('(?i)(?P<key>bitbucket[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-z0-9_\\-]{64})[\\\'\\"]', re.IGNORECASE), 'CLOJARS_API_TOKEN': re.compile('(?i)(CLOJARS_)[a-z0-9]{60}', re.IGNORECASE), 'CONTENTFUL_DELIVERY_API_TOKEN': re.compile('(?i)(?P<key>contentful[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-z0-9\\-=_]{43})[\\\'\\"]', re.IGNORECASE), 'DATABRICKS_API_TOKEN': re.compile('dapi[a-h0-9]{32}'), 'DISCORD_API_TOKEN': re.compile('(?i)(?P<key>discord[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-h0-9]{64})[\\\'\\"]', re.IGNORECASE), 'DISCORD_CLIENT_ID': re.compile('(?i)(?P<key>discord[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[0-9]{18})[\\\'\\"]', re.IGNORECASE), 'DISCORD_CLIENT_SECRET': re.compile('(?i)(?P<key>discord[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-z0-9=_\\-]{32})[\\\'\\"]', re.IGNORECASE), 'DOCKERCONFIG_SECRET': re.compile('(?i)(\\.(dockerconfigjson|dockercfg):\\s*\\|*\\s*(?P<secret>(ey|ew)+[A-Za-z0-9\\/\\+=]+))', re.IGNORECASE), 'DOPPLER_API_TOKEN': re.compile('(?i)[\\\'\\"](dp\\.pt\\.)[a-z0-9]{43}[\\\'\\"]', re.IGNORECASE), 'DROPBOX_API_SECRET': re.compile('(?i)(dropbox[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"]([a-z0-9]{15})[\\\'\\"]', re.IGNORECASE), 'DROPBOX_LONG_LIVED_API_TOKEN': re.compile('(?i)(dropbox[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"][a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\\-_=]{43}[\\\'\\"]', re.IGNORECASE), 'DROPBOX_SHORT_LIVED_API_TOKEN': re.compile('(?i)(dropbox[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](sl\\.[a-z0-9\\-=_]{135})[\\\'\\"]', re.IGNORECASE), 'DUFFEL_API_TOKEN': re.compile('(?i)[\\\'\\"]duffel_(test|live)_[a-z0-9_-]{43}[\\\'\\"]', re.IGNORECASE), 'DYNATRACE_API_TOKEN': re.compile('(?i)[\\\'\\"]dt0c01\\.[a-z0-9]{24}\\.[a-z0-9]{64}[\\\'\\"]', re.IGNORECASE), 'EASYPOST_API_TOKEN': re.compile('(?i)[\\\'\\"]EZ[AT]K[a-z0-9]{54}[\\\'\\"]', re.IGNORECASE), 'FACEBOOK_TOKEN': re.compile('(?i)(?P<key>facebook[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-f0-9]{32})[\\\'\\"]', re.IGNORECASE), 'FASTLY_API_TOKEN': re.compile('(?i)(?P<key>fastly[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-z0-9\\-=_]{32})[\\\'\\"]', re.IGNORECASE), 'FINICITY_API_TOKEN': re.compile('(?i)(?P<key>finicity[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-f0-9]{32})[\\\'\\"]', re.IGNORECASE), 'FINICITY_CLIENT_SECRET': re.compile('(?i)(?P<key>finicity[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-z0-9]{20})[\\\'\\"]', re.IGNORECASE), 'FLUTTERWAVE_ENC_KEY': re.compile('FLWSECK_TEST[a-h0-9]{12}'), 'FLUTTERWAVE_PUBLIC_KEY': re.compile('(?i)FLW(PUB|SEC)K_TEST-[a-h0-9]{32}-X', re.IGNORECASE), 'FRAMEIO_API_TOKEN': re.compile('(?i)fio-u-[a-z0-9\\-_=]{64}', re.IGNORECASE), 'GCP_SERVICE_ACCOUNT': re.compile('\\"type\\": \\"service_account\\"'), 'GITHUB_APP_TOKEN': re.compile('(ghu|ghs)_[0-9a-zA-Z]{36}'), 'GITHUB_FINE_GRAINED_PAT': re.compile('github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59}'), 'GITHUB_OAUTH': re.compile('gho_[0-9a-zA-Z]{36}'), 'GITHUB_PAT': re.compile('ghp_[0-9a-zA-Z]{36}'), 'GITHUB_REFRESH_TOKEN': re.compile('ghr_[0-9a-zA-Z]{76}'), 'GITLAB_PAT': re.compile('glpat-[0-9a-zA-Z\\-\\_]{20}'), 'GOCARDLESS_API_TOKEN': re.compile('(?i)[\\\'\\"]live_[a-z0-9\\-_=]{40}[\\\'\\"]', re.IGNORECASE), 'GRAFANA_API_TOKEN': re.compile('(?i)[\\\'\\"]eyJrIjoi[a-z0-9\\-_=]{72,92}[\\\'\\"]', re.IGNORECASE), 'HASHICORP_TF_API_TOKEN': re.compile('(?i)[\\\'\\"][a-z0-9]{14}\\.atlasv1\\.[a-z0-9\\-_=]{60,70}[\\\'\\"]', re.IGNORECASE), 'HEROKU_API_KEY': re.compile('(?i)(?P<key>heroku[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})[\\\'\\"]', re.IGNORECASE), 'HUBSPOT_API_TOKEN': re.compile('(?i)(?P<key>hubspot[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})[\\\'\\"]', re.IGNORECASE), 'INTERCOM_API_TOKEN': re.compile('(?i)(?P<key>intercom[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-z0-9=_]{60})[\\\'\\"]', re.IGNORECASE), 'INTERCOM_CLIENT_SECRET': re.compile('(?i)(?P<key>intercom[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})[\\\'\\"]', re.IGNORECASE), 'IONIC_API_TOKEN': re.compile('(?i)(ionic[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](ion_[a-z0-9]{42})[\\\'\\"]', re.IGNORECASE), 'JWT_TOKEN': re.compile('ey[a-zA-Z0-9]{17,}\\.ey[a-zA-Z0-9\\/\\\\_-]{17,}\\.(?:[a-zA-Z0-9\\/\\\\_-]{10,}={0,2})?'), 'LINEAR_API_TOKEN': re.compile('(?i)lin_api_[a-z0-9]{40}', re.IGNORECASE), 'LINEAR_CLIENT_SECRET': re.compile('(?i)(?P<key>linear[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-f0-9]{32})[\\\'\\"]', re.IGNORECASE), 'LINKEDIN_CLIENT_ID': re.compile('(?i)(?P<key>linkedin[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-z0-9]{14})[\\\'\\"]', re.IGNORECASE), 'LINKEDIN_CLIENT_SECRET': re.compile('(?i)(?P<key>linkedin[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-z]{16})[\\\'\\"]', re.IGNORECASE), 'LOB_API_KEY': re.compile('(?i)(?P<key>lob[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>(live|test)_[a-f0-9]{35})[\\\'\\"]', re.IGNORECASE), 'LOB_PUB_API_KEY': re.compile('(?i)(?P<key>lob[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>(test|live)_pub_[a-f0-9]{31})[\\\'\\"]', re.IGNORECASE), 'MAILCHIMP_API_KEY': re.compile('(?i)(?P<key>mailchimp[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-f0-9]{32}-us20)[\\\'\\"]', re.IGNORECASE), 'MAILGUN_SIGNING_KEY': re.compile('(?i)(?P<key>mailgun[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})[\\\'\\"]', re.IGNORECASE), 'MAILGUN_TOKEN': re.compile('(?i)(?P<key>mailgun[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>(pub)?key-[a-f0-9]{32})[\\\'\\"]', re.IGNORECASE), 'MAPBOX_API_TOKEN': re.compile('(?i)(pk\\.[a-z0-9]{60}\\.[a-z0-9]{22})', re.IGNORECASE), 'MESSAGEBIRD_API_TOKEN': re.compile('(?i)(?P<key>messagebird[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-z0-9]{25})[\\\'\\"]', re.IGNORECASE), 'MESSAGEBIRD_CLIENT_ID': re.compile('(?i)(?P<key>messagebird[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})[\\\'\\"]', re.IGNORECASE), 'NEW_RELIC_BROWSER_API_TOKEN': re.compile('[\\\'\\"](NRJS-[a-f0-9]{19})[\\\'\\"]'), 'NEW_RELIC_USER_API_ID': re.compile('(?i)(?P<key>newrelic[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[A-Z0-9]{64})[\\\'\\"]', re.IGNORECASE), 'NEW_RELIC_USER_API_KEY': re.compile('[\\\'\\"](NRAK-[A-Z0-9]{27})[\\\'\\"]'), 'NPM_ACCESS_TOKEN': re.compile('(?i)[\\\'\\"](npm_[a-z0-9]{36})[\\\'\\"]', re.IGNORECASE), 'PLANETSCALE_API_TOKEN': re.compile('(?i)pscale_tkn_[a-z0-9\\-_\\.]{43}', re.IGNORECASE), 'PLANETSCALE_PASSWORD': re.compile('(?i)pscale_pw_[a-z0-9\\-_\\.]{43}', re.IGNORECASE), 'POSTMAN_API_TOKEN': re.compile('(?i)PMAK-[a-f0-9]{24}\\-[a-f0-9]{34}', re.IGNORECASE), 'PRIVATE_KEY': re.compile('(?i)-----\\s*?BEGIN[ A-Z0-9_-]*?PRIVATE KEY( BLOCK)?\\s*?-----[\\s]*?(?P<secret>[\\sA-Za-z0-9=+/\\\\\\r\\n]+)[\\s]*?-----\\s*?END[ A-Z0-9_-]*? PRIVATE KEY( BLOCK)?\\s*?-----', re.IGNORECASE), 'PULUMI_API_TOKEN': re.compile('pul-[a-f0-9]{40}'), 'PYPI_UPLOAD_TOKEN': re.compile('pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\\-_]{50,1000}'), 'RUBYGEMS_API_TOKEN': re.compile('rubygems_[a-f0-9]{48}'), 'SENDGRID_API_TOKEN': re.compile('(?i)SG\\.[a-z0-9_\\-\\.]{66}', re.IGNORECASE), 'SENDINBLUE_API_TOKEN': re.compile('(?i)xkeysib-[a-f0-9]{64}\\-[a-z0-9]{16}', re.IGNORECASE), 'SHIPPO_API_TOKEN': re.compile('shippo_(live|test)_[a-f0-9]{40}'), 'SHOPIFY_TOKEN': re.compile('shp(ss|at|ca|pa)_[a-fA-F0-9]{32}'), 'SLACK_ACCESS_TOKEN': re.compile('xox[baprs]-([0-9a-zA-Z]{10,48})'), 'SLACK_WEB_HOOK': re.compile('https:\\/\\/hooks\\.slack\\.com\\/services\\/[A-Za-z0-9+\\/]{44,48}'), 'STRIPE_PUBLISHABLE_TOKEN': re.compile('(?i)pk_(test|live)_[0-9a-z]{10,32}', re.IGNORECASE), 'STRIPE_SECRET_TOKEN': re.compile('(?i)sk_(test|live)_[0-9a-z]{10,32}', re.IGNORECASE), 'TWILIO_API_KEY': re.compile('SK[0-9a-fA-F]{32}'), 'TWITCH_API_TOKEN': re.compile('(?i)(?P<key>twitch[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-z0-9]{30})[\\\'\\"]', re.IGNORECASE), 'TWITTER_TOKEN': re.compile('(?i)(?P<key>twitter[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}[\\\'\\"](?P<secret>[a-f0-9]{35,44})[\\\'\\"]', re.IGNORECASE), 'TYPEFORM_API_TOKEN': re.compile('(?i)(?P<key>typeform[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}(?P<secret>tfp_[a-z0-9\\-_\\.=]{59})', re.IGNORECASE)}¶

Regex patterns to redact common, sensitive data.

Sourced from trivy / aqua. https://github.com/aquasecurity/trivy/blob/main/pkg/fanal/secret/builtin-rules.go

StringWrapper = <textwrap.TextWrapper object>¶: Wraps long strings.

fqr.core.strings.obj module¶

fqr

Navigation

Related Topics