rust-sanitize 0.11.0

Deterministic one-way data sanitization engine
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

# Postman — token patterns in pre/post scripts, collection variables, raw bodies

# Bearer token in a pre-request or test script:
#   pm.request.headers.add({key: "Authorization", value: "Bearer abc123"})
- kind: regex
  pattern: '(?i)\bBearer\s+([A-Za-z0-9\-._~+/]{16,})\b'
  category: auth_token
  label: postman_bearer_token

# pm.environment.set / pm.collectionVariables.set with a literal value
- kind: regex
  pattern: '(?i)pm\.(?:environment|collectionVariables|globals|variables)\.set\s*\(\s*["\x27][^"''\s]+["\x27]\s*,\s*["\x27]([A-Za-z0-9\-._~+/=]{8,})["\x27]'
  category: auth_token
  label: postman_script_set_value

# JWT standalone (service account tokens embedded in scripts or body)
- kind: regex
  pattern: '\b(eyJ[A-Za-z0-9_-]{10,}\.eyJ[A-Za-z0-9_-]{20,}\.[A-Za-z0-9_-]{20,})\b'
  category: jwt
  label: postman_jwt

# AWS access key ID
- kind: regex
  pattern: '\b((?:AKIA|ASIA|AROA)[A-Z0-9]{16})\b'
  category: auth_token
  label: postman_aws_access_key

# field-name signal: high-entropy `value` fields in auth, header, query, and
# form arrays that the profile cannot filter by sibling key name.
- kind: field-name
  pattern: "^value$"
  category: auth_token
  label: postman_value_signal
  threshold: 4.0

- kind: allow
  values:
    - "Bearer"
    - "Basic"
    - "application/json"
    - "application/x-www-form-urlencoded"
    - "multipart/form-data"
    - "text/plain"
    - "text/html"
    - "raw"
    - "header"
    - "query"
    - "true"
    - "false"
    - "null"
    - "none"
    - "0"
    - "1"
    - "localhost"
    - "127.0.0.1"
    - "0.0.0.0"
    - "::1"
    - "YOUR_*"
    - "REPLACE_*"
    - "<*>"
    - "{{*}}"
    - "changeme"
    - "example"
    - "sample"
    - "placeholder"
    - "${*}"
    - "example.com"
    - "example.org"