keyhog-core 0.5.4

keyhog-core — shared data model and detector specifications for the KeyHog secret scanner
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

# Docs: https://docs.github.com/en/webhooks/using-webhooks/validating-webhook-deliveries
# Format: User-defined string (typically 20-100 characters) used for HMAC-SHA256 signature verification
# Verify: no public verification endpoint (local signature verification using X-Hub-Signature-256 header)
# Prefix: none (requires context anchoring)

[detector]
id = "github-webhook-secret"
name = "GitHub Webhook Secret"
service = "github"
severity = "high"
keywords = ["GITHUB_WEBHOOK_SECRET", "github_webhook_secret", "webhook_secret", "X-Hub-Signature-256"]

[[detector.patterns]]
regex = "(?:GITHUB|github)[._-]?(?:WEBHOOK|webhook|HOOK|hook)[._-]?(?:SECRET|secret|TOKEN|token)[=:\\s\"'']+([a-zA-Z0-9_-]{20,100})"
description = "GitHub webhook secret with context anchor"
group = 1

[[detector.patterns]]
regex = "(?:gh|github)[._-]?webhook[_-]?secret[=:\\s\"'']+([a-zA-Z0-9_-]{20,100})"
description = "GitHub webhook secret with abbreviated context"
group = 1