id: amazon-session-token

info:
  name: Amazon Session Token - Detect
  author: DhiyaneshDK
  severity: info
  description: Amazon session token was detected.
  reference:
    - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/aws.yml
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cvss-score: 0
    cwe-id: CWE-200
  metadata:
    verified: true
  tags: file,keys,aws,amazon,token,session

file:
  - extensions:
      - all

    extractors:
      - type: regex
        part: body
        regex:
          - '(?i)(?:aws.?session|aws.?session.?token|aws.?token)["''`]?\s{0,30}(?::|=>|=)\s{0,30}["''`]?([a-z0-9/+=]{16,200})[^a-z0-9/+=]'

# Enhanced by md on 2023/05/04
# digest: 4a0a00473045022012a50d46848dcc172a05c5e2fd88e802af8022bf13ab09dbf8740ae3ad5855f5022100c16953404125451a8cfc4ed26412b99b0d25c02e73a6c7ba8337a905c7e2efa9:922c64590222798bb761d5b6d8e72950