keyhog-core 0.5.4

keyhog-core — shared data model and detector specifications for the KeyHog secret scanner
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

# Docs: https://vercel.com/docs/storage/vercel-postgres
# Format: PostgreSQL connection string with postgresql:// or postgres:// protocol
# Verify: PostgreSQL connection test (requires Postgres client)
# Prefix: postgres (requires context anchoring)

[detector]
id = "vercel-postgres-credentials"
name = "Vercel Postgres Credentials"
service = "vercel"
severity = "high"
keywords = ["POSTGRES_URL", "POSTGRES_PRISMA_URL", ".vercel-storage.com", "verceldb"]

[[detector.patterns]]
regex = "postgres(?:ql)?://[a-zA-Z0-9_-]+:([A-Za-z0-9_-]{20,})@[a-z0-9-]+-[a-z0-9]+-[a-z0-9]+\\.[a-z0-9]+\\.[a-z]+\\.verceldb\\.com:\\d+/[a-zA-Z0-9_-]+"
description = "Vercel Postgres connection string with embedded password"
group = 1

[[detector.patterns]]
regex = "POSTGRES_URL_NON_POOLING[=:\\s\"'']+(postgres(?:ql)?://[^\\s\"'']+)"
description = "Vercel Postgres non-pooling URL with context anchor"
group = 1

[[detector.patterns]]
regex = "POSTGRES_PRISMA_URL[=:\\s\"'']+(postgres(?:ql)?://[^\\s\"'']+)"
description = "Vercel Postgres Prisma URL with context anchor"
group = 1