keyhog-core 0.5.4

keyhog-core — shared data model and detector specifications for the KeyHog secret scanner
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

# Docs: https://developers.docusign.com/docs/esign-rest-api/authentication/
# Format: Integration Key (GUID), RSA Private Key, or Legacy API Password
# Verify: POST to https://account.docusign.com/oauth/token (JWT grant)
# Prefix: none for Integration Key (requires context anchoring)

[detector]
id = "docusign-api-credentials"
name = "DocuSign API Credentials"
service = "docusign"
severity = "critical"
keywords = ["DOCUSIGN_INTEGRATION_KEY", "DOCUSIGN_USER_ID", "DOCUSIGN_API_PASSWORD", "docusign_integration_key"]

[[detector.patterns]]
regex = "(?:DOCUSIGN|docusign)[_\\s]?(?:INTEGRATION[_\\s]?KEY)[=:\\s\"'']+([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})"
description = "DocuSign Integration Key (UUID format)"
group = 1

[[detector.patterns]]
regex = "(?:DOCUSIGN|docusign)[_\\s]?(?:USER[_\\s]?ID)[=:\\s\"'']+([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})"
description = "DocuSign User ID (UUID format for JWT)"
group = 1

[[detector.patterns]]
regex = "(?:DOCUSIGN|docusign)[_\\s]?(?:API[_\\s]?PASSWORD|PWD)[=:\\s\"'']+([a-zA-Z0-9!@#$%^&*._\\-]{16,})"
description = "DocuSign Legacy API Password"
group = 1

[[detector.companions]]
name = "rsa_private_key"
regex = "BEGIN RSA PRIVATE KEY"
within_lines = 10