Merge pull request #4117 from Tanq16/master

Detect GitHub OAuth, Refresh and App tokens in files

file/keys/amazon/aws-cognito.yaml

@@ -29,4 +29,4 @@ file:
           - "us-east-2:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}"
           - "us-west-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}"
           - "us-west-2:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}"
-          - "sa-east-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}"
+          - "sa-east-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}"

file/keys/github/github-app-token.yaml

@@ -0,0 +1,16 @@
+id: github-app-token
+
+info:
+  name: Github App Token
+  author: tanq16
+  severity: medium
+  tags: token,file,github
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "gh[us]_.{36}"

file/keys/github/github-oauth-token.yaml

@@ -0,0 +1,16 @@
+id: github-oauth-token
+
+info:
+  name: Github OAuth Access Token
+  author: tanq16
+  severity: high
+  tags: token,file,github
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "gho_.{36}"

file/keys/github/github-refresh-token.yaml

@@ -0,0 +1,16 @@
+id: github-refresh-token
+
+info:
+  name: Github Refresh Token
+  author: tanq16
+  severity: high
+  tags: token,file,github
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        regex:
+          - "ghr_.{36}"