Commit Graph

15 Commits (4fa67e2b36d62d0e5f4bc6b743446f6919a62f01)

Author SHA1 Message Date
geeknik 6ff45ea0a0
Update credentials-disclosure.yaml
https://regex101.com/r/L8AgnX/1
2022-12-06 13:24:27 +00:00
Sandeep Singh 712264db7e
Using "host-redirects" instead of "redirects" to avoid scanning 3rd party / out of scope hosts. (#5491) 2022-10-08 02:57:25 +05:30
sandeep 0a0d7c6213 severity update for token templates 2022-03-14 18:51:04 +05:30
Geeknik Labs 5645f7e9c6
Update credentials-disclosure.yaml
This new regex matches the following patterns:
```
air_table_api_key:"82973659213857235"
airtable_api_key: '28375628173562352'
"airtableapikey":'test'
"air_table_api_key":"test"
```
2022-01-27 12:26:15 -06:00
forgedhallpass 5b3e3dbdf0 refactor: credentials-disclosure.yaml & credential-exposure.yaml
* correction
2022-01-21 16:25:39 +02:00
forgedhallpass 02c0417190 refactor: credentials-disclosure.yaml & credential-exposure.yaml
* Extended the regex to handle more use-cases
2022-01-21 15:55:19 +02:00
forgedhallpass 0ff3afe771 refactor: credentials-disclosure.yaml
* removed the unnecessary capture group
2022-01-18 11:35:45 +02:00
forgedhallpass a67af376e7 refactor: credentials-disclosure.yaml
* changed the [a-z0-9-_] with [\w-] for readability
2022-01-18 11:35:41 +02:00
forgedhallpass 98a2d89ad8 refactor: credentials-disclosure.yaml
* replaced (=| =|:| :)(( \"|\")|( '|')) with \\s*[=:]\\s*[\"'] because it's more readable and also more permissive with white space characters
2022-01-18 11:35:34 +02:00
forgedhallpass 66435721f9 refactor: credentials-disclosure.yaml
* fixed linter error: unnecessary escape of single quotes
* minor simplification of the last capture group
2022-01-18 11:35:29 +02:00
sandeep fa7c2d3553 misc updates 2022-01-12 19:10:31 +05:30
Emad Youssef c5262cb836
Update credentials-disclosure.yaml 2022-01-07 21:36:35 +02:00
Geeknik Labs 95664dfc18
Update credentials-disclosure.yaml 2021-09-16 15:13:12 -05:00
Geeknik Labs 5e3cc340ee
Update credentials-disclosure.yaml
I feel like we should make these regex case insensitive so they match unexpected variations. For example, the `api[_-]?key(=| =|:| :)` regex before my change would match `apikey :`, `api_key =` and `api-key:` but not `apiKey=`.
2021-07-29 14:08:41 -05:00
sandeep 34a68cdde3 Moving tokens under exposures with tags support 2021-04-13 19:18:02 +05:30