rust-sanitize 0.11.0

Deterministic one-way data sanitization engine
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

# GitHub Actions — personal access tokens, OAuth tokens, GitHub App tokens

# Modern token formats (ghp=personal, gho=OAuth, ghu=user-to-server,
# ghs=server-to-server, ghr=refresh, github_pat=fine-grained PAT)
- kind: regex
  pattern: '\b((?:ghp|gho|ghu|ghs|ghr|github_pat)_[a-zA-Z0-9_]{36,255})\b'
  category: auth_token
  label: github_token

# Legacy 40-char hex token with github/gh context keyword
- kind: regex
  pattern: '(?i)(?:github[_-]?(?:token|secret|key|api|pat)|gh[_-]?(?:token|secret|key|api|pat)|ghtoken|ghsecret)[\s:="'']+\b([0-9a-f]{40})\b'
  category: auth_token
  label: github_token_legacy

- kind: allow
  values:
    - "github"
    - "github.com"
    - "github-actions"
    - "github-actions[bot]"
    - "github_actions"
    - "actions/checkout"
    - "actions/setup-node"
    - "actions/upload-artifact"
    - "actions/download-artifact"
    - "GITHUB_ACTOR"
    - "GITHUB_REPOSITORY"
    - "GITHUB_EVENT_NAME"
    - "GITHUB_REF"
    - "GITHUB_SHA"
    - "GITHUB_WORKFLOW"
    - "GITHUB_RUN_ID"
    - "GITHUB_RUN_NUMBER"
    - "github.event_name"
    - "github.ref"
    - "github.sha"
    - "github.actor"
    - "github.repository"
    - "true"
    - "false"
    - "yes"
    - "no"
    - "null"
    - "none"
    - "nil"
    - "0"
    - "1"
    - "localhost"
    - "127.0.0.1"
    - "0.0.0.0"
    - "::1"
    - "changeme"
    - "example"
    - "sample"
    - "placeholder"
    - "${*}"
    - "{{*}}"
    - "${{*}}"
    - "example.com"
    - "example.org"