1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97title = "Gitleaks configuration"
[extend]
useDefault = true
#######################################################
# Custom Rules for Payment API Keys and Secrets
#######################################################
[[rules]]
id = "juspay-api-key"
description = "Juspay API key (publishable or secret) detected"
regex = '''(?i)(secret_key|publishable_key)\s*=\s*["']?[A-Za-z0-9_\-]{16,}["']?'''
tags = ["juspay", "api", "key"]
[[rules]]
id = "netcetera-certificate"
description = "Netcetera certificate detected"
regex = '''(?i)(nca_root_certificate|netcetera_cert|netcetera_private_key).*'''
tags = ["certificate", "netcetera", "security"]
[[rules]]
id = "aws-secret-access-key"
description = "AWS Secret Access Key detected"
regex = '''(?i)aws(.{0,20})?(secret|access)?(.{0,20})?['|"]([0-9a-zA-Z/+]{40})['|"]'''
tags = ["aws", "key"]
[[rules]]
id = "razorpay-api-key"
description = "Razorpay API Key detected"
regex = '''rzp_(test|live)_[0-9a-zA-Z]{24}'''
tags = ["razorpay", "api", "key"]
[[rules]]
id = "google-api-key"
description = "Google API Key detected"
regex = '''AIza[0-9A-Za-z\-_]{35}'''
tags = ["google", "api", "key"]
[[rules]]
id = "twilio-api-key"
description = "Twilio API Key detected"
regex = '''SK[0-9a-fA-F]{32}'''
tags = ["twilio", "api", "key"]
[[rules]]
id = "generic-bearer-token"
description = "Generic Bearer Token detected"
regex = '''Bearer\s+[A-Za-z0-9\-._~+/]+=*'''
tags = ["token", "bearer", "auth"]
[[rules]]
id = "github-personal-access-token"
description = "GitHub Personal Access Token detected"
regex = '''ghp_[0-9a-zA-Z]{36}'''
tags = ["github", "token"]
#######################################################
# Allow Lists (Pre-existing)
#######################################################
[[allowlists]]
description = "Ignore all .env files"
paths = ['''\.env''']
[[allowlists]]
description = "Ignore .p12 files in ThreeDS SDK xcframework"
paths = [
"ios/frameworkgen/3ds/Frameworks/ThreeDS_SDK.xcframework",
"ios/build/Build/Products/Debug-iphonesimulator/hyperswitch.app/Frameworks/ThreeDS_SDK.framework",
"ios/build/Build/Products/Debug-iphonesimulator/XCFrameworkIntermediates/react-native-hyperswitch-netcetera-3ds/ThreeDS_SDK.framework"
]
regexes = ["(^|/).*\\.p12$"]
[[allowlists]]
description = "Ignore Cardinal JFrog in Android"
commits = ["00210e92b02c166825ceae8882dad79dc0149b2b", "84f22db3afd94b7094940d0759c89e3477772bf7"]
regexes = ["/.*DAUQKXLDPDx6NYRkqrgFLRc3qDrayg6rrCb.*/", "/.*_e.minKey=_e.mergeU=void.*/"]
[[allowlists]]
description = "Ignore .bundle files in iOS"
paths = [
"hyperswitchSDK/Core/Resources",
"hyperswitch/hyperWrapper/Resources"
]
regexes = ["hyperswitch.bundle"]
[[allowlists]]
description = "Ignore debug JWT files in iOS"
commits = ["923500c696857c408e3650125438421432e7f52f"]
regexes = ["(?i)(nca_root_certificate|netcetera_cert|netcetera_private_key).*"]
[[allowlists]]
description = "Ignore debug JWT files in iOS"
commits = ["da5875b308465bdc7767ed90a366db92ed8fb9c7", "dc35c40649dae1a4798bc8c8ed008b8861cb5cb7"]
regexes = ["(?i)(nca_root_certificate|SECRET_KEY|PUBLISHABLE_KEY|Bearer Token).*"]