rust-sanitize 0.11.0

Deterministic one-way data sanitization engine
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

# Docker Compose — registry credentials, image pull secrets

# docker config.json "auths" block with base64 auth or password fields
- kind: regex
  pattern: '"auths"\s*:\s*\{[^}]*"auth"\s*:\s*"([A-Za-z0-9+/=]{8,})"'
  category: auth_token
  label: docker_auth_config

# Context-keyed registry password
- kind: regex
  pattern: '(?i)(?:docker[_-]?(?:password|pass|token|hub[_-]?token))[\s:="'']+([^\s"'']{8,})'
  category: custom:password
  label: docker_registry_password

# List-form env var with credential-indicating key: "- KEY=value" lines
# Matches PASSWORD, SECRET, TOKEN, API_KEY, PRIVATE_KEY, ACCESS_KEY, AUTH suffixes/prefixes
- kind: regex
  pattern: '(?m)^\s*-\s+([A-Z_]*(?:PASSWORD|SECRET|TOKEN|API_KEY|PRIVATE_KEY|ACCESS_KEY|AUTH)[A-Z_]*)=(\S+)'
  category: auth_token
  label: compose_list_env_credential

- kind: allow
  values:
    - "docker"
    - "docker.io"
    - "hub.docker.com"
    - "index.docker.io"
    - "registry-1.docker.io"
    - "gcr.io"
    - "ghcr.io"
    - "quay.io"
    - "docker.elastic.co"
    - "true"
    - "false"
    - "yes"
    - "no"
    - "null"
    - "none"
    - "nil"
    - "0"
    - "1"
    - "localhost"
    - "127.0.0.1"
    - "0.0.0.0"
    - "::1"
    - "changeme"
    - "example"
    - "sample"
    - "placeholder"
    - "${*}"
    - "{{*}}"
    - "example.com"
    - "example.org"