keyhog-core 0.5.4

keyhog-core — shared data model and detector specifications for the KeyHog secret scanner
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

# Docs: https://docs.turso.tech/sdk/libsql
# Format: libsql:// URL for remote or file: for local; auth tokens are JWT or alphanumeric
# Verify: no public verification endpoint
# Prefix: libsql://

[detector]
id = "libsql-credentials"
name = "LibSQL Credentials"
service = "libsql"
severity = "high"
keywords = ["LIBSQL", "libsql://", "sqld", "SQLD_AUTH_TOKEN"]

[[detector.patterns]]
regex = "libsql://[a-zA-Z0-9._-]+(:\\d+)?"
description = "LibSQL remote URL (libsql:// protocol)"

[[detector.patterns]]
regex = "(?:LIBSQL[_-](?:URL|DATABASE|CONNECTION))[=:\\s\"'']+(libsql://[^\\s\"'']+)"
description = "LibSQL URL with context anchor"
group = 1

[[detector.patterns]]
regex = "(?:SQLD_AUTH_TOKEN|LIBSQL_AUTH_TOKEN)[=:\\s\"'']+([a-zA-Z0-9_-]{20,})"
description = "LibSQL auth token with context anchor"
group = 1