From 778edaf42cba2df63f1be987b7ffa286e81b92a5 Mon Sep 17 00:00:00 2001
From: Josh Larsen <2565382+joshlarsen@users.noreply.github.com>
Date: Fri, 27 Mar 2026 10:55:06 -0400
Subject: [PATCH 1/9] add raindrop
---
pkg/rules/raindrop.yaml | 35 +++++++++++++++++++++++++++++++++++
1 file changed, 35 insertions(+)
create mode 100644 pkg/rules/raindrop.yaml
diff --git a/pkg/rules/raindrop.yaml b/pkg/rules/raindrop.yaml
new file mode 100644
index 0000000..cd237e3
--- /dev/null
+++ b/pkg/rules/raindrop.yaml
@@ -0,0 +1,35 @@
+rules:
+ - name: Raindrop AI API Key
+ id: ghost.raindrop.1
+ description: Raindrop AI API key variable declaration.
+ tags:
+ - api
+ - raindrop
+ pattern: |
+ (?x)
+ \b
+ (
+ (?i)(?:raindrop)\w*
+ [\W]{0,40}?
+ [A-F0-9]{96}
+ )
+ \b
+ redact: [14, 4]
+ entropy: 3.5
+ tests:
+ assert:
+ - "raindrop=6d89b01696fcf5f775bb123dbac9df184371325f9af413caf7334ff86852445df8554b0e74d7b589f69ddfc1691dd4bb"
+ - "raindrop: f0fdaac6eead4b4fd8b88a8e8c05761fbc8aa7e1ac9622e5bff19b488e79c60e9502ce00fdc2e3bf7552834da0eb7591"
+ - "raindrop = 85371bfdf76bc47125a8b71a94967335c103507e4bd8886dd88de4fc351775a72c5602d126946157c5bced3e2bbeb95f"
+ - 'let raindrop = "1cf76e570309a9ca09c0a5bc08938ee9e4e4f28f16c177dbe64cab33d3ff0df8837619ebfe4f0c1c0ffc835909346cac"'
+ - 'export RAINDROP_API_KEY="073d5b09a4e5784fb781e525fa42db7259d3961c2c4b921d18bb54e64ab7bebb9848eda2f484f7d16b2bb1b052c9f4da"'
+ - "RAINDROP_KEY=1cc5720db4892d1636b453967b348c08cb90ef77baf7d53dd0d2e6bec64880f1702cf36b14de94c56d772efe62349a5c"
+ - 'const RAINDROP_API_KEY = "7548930a071fb8c16261e279f68e69fc0d29a60516b6d0665782e06c23d6e3b45da60bc8acdc44c5b10689d340f433a9"'
+ - "RAINDROP_API_KEY=c360f3235aaba2e3f1e5b525e2f068df70fc6960478b5f399582c5d70cffbf70ff9714cfa85ca78fe3fb978122a3aeb7"
+ assert_not:
+ - d89cd81769e476eb94a488024b06df6bf51a075c2b5767296df5a074f9a54a9681037d9c96df4513126297c9cc207157
+ - 'let raindrop = "1cf76e570309a9ca09c0a5bc08938ee9e4e4f28f16c177dbe64cab33d3ff0df8837619ebfe4f0c1c0ffc835909346cax"'
+ - 'export RAINDROP_API_KEY="073d5b09a4e5784fb781e525fa42db7259d3961c2c4b921d18bb54e64ab7bebb9848eda2f484f7d16b2bb1b052c9f4d"'
+ - "RAINDROP_KEY=1cc5720db4892d1636b453967b348c08cb90ef77baf7d53dd0d2e6bec64880f1702cf36b14de94c56d772efe62349a5cd"
+ history:
+ - 2026-03-27 initial version
From 65ea4ce924487d2ac455ab18423170418ed6bb6e Mon Sep 17 00:00:00 2001
From: Josh Larsen <2565382+joshlarsen@users.noreply.github.com>
Date: Sat, 28 Mar 2026 14:05:45 -0400
Subject: [PATCH 2/9] add influxdb
---
docs/rules.md | 62 ++++++++++++++++++++++++++++++++++++++++-
pkg/rules/influxdb.yaml | 33 ++++++++++++++++++++++
2 files changed, 94 insertions(+), 1 deletion(-)
create mode 100644 pkg/rules/influxdb.yaml
diff --git a/docs/rules.md b/docs/rules.md
index 71f80b0..fb9afaa 100644
--- a/docs/rules.md
+++ b/docs/rules.md
@@ -2,7 +2,7 @@
Auto-generated by `make docs`
-Total rules: 142
+Total rules: 144
| Name | ID | Description | Tags | Entropy |
|------|----|-----------|----|---------|
@@ -78,6 +78,7 @@ Total rules: 142
| [Harness SDK API Key](#ghost.harness.3) | ghost.harness.3 | Harness SDK API Key | api, harness, sdk | 3.5 |
| [HubSpot API Key](#ghost.hubspot.1) | ghost.hubspot.1 | HubSpot API key. | api, hubspot | 3.5 |
| [Hugging Face API Key](#ghost.huggingface.1) | ghost.huggingface.1 | Hugging Face API key. | api, huggingface | 4.2 |
+| [InfluxDB API Token](#ghost.influxdb.1) | ghost.influxdb.1 | InfluxDB API token variable declaration. | api, influxdb | 5.1 |
| [Intercom API Key](#ghost.intercom.1) | ghost.intercom.1 | Intercom API key. | api, intercom | 4.2 |
| [JumpCloud API Key](#ghost.jumpcloud.1) | ghost.jumpcloud.1 | JumpCloud API key. | api, jumpcloud | 4.2 |
| [LangSmith Personal Access Token](#ghost.langsmith.1) | ghost.langsmith.1 | LangSmith personal access token. | api, langsmith, pat | 3.1 |
@@ -113,6 +114,7 @@ Total rules: 142
| [PostHog OAuth Access Token](#ghost.posthog.5) | ghost.posthog.5 | PostHog OAuth Refresh Token | api, posthog, oauth | 4.5 |
| [Pulumi Access Token](#ghost.pulumi.1) | ghost.pulumi.1 | Pulumi access token. | api, pulumi | 3.3 |
| [PyPI API Key](#ghost.pypi.1) | ghost.pypi.1 | PyPI API key. | api, pypi | 4.5 |
+| [Raindrop AI API Key](#ghost.raindrop.1) | ghost.raindrop.1 | Raindrop AI API key variable declaration. | api, raindrop | 3.5 |
| [RapiAPI API Key](#ghost.rapidapi.1) | ghost.rapidapi.1 | RapidAPI API Key | api, rapidapi | 3.5 |
| [ReCaptcha API Key](#ghost.recaptcha.1) | ghost.recaptcha.1 | ReCaptcha API key variable declaration. | api, recaptcha | 3.5 |
| [Resend API Key](#ghost.resend.1) | ghost.resend.1 | Resend API key. | api, resend | 4.2 |
@@ -2023,6 +2025,35 @@ Total rules: 142
- assert_not: 3 cases
+
+### InfluxDB API Token
+
+**ID:** `ghost.influxdb.1`
+
+**Description:** InfluxDB API token variable declaration.
+
+**Tags:** api, influxdb
+
+**Pattern:**
+```
+(?x)
+ \b
+ (
+ (?i)(?:influx)\w*
+ [\W]{0,40}?
+ [A-Z0-9_-]{86,}
+ )
+ \b
+
+```
+
+**Min entropy:** 5.1
+
+**Tests:**
+- assert: 4 cases
+- assert_not: 4 cases
+
+
### Intercom API Key
@@ -2940,6 +2971,35 @@ Total rules: 142
- assert_not: 2 cases
+
+### Raindrop AI API Key
+
+**ID:** `ghost.raindrop.1`
+
+**Description:** Raindrop AI API key variable declaration.
+
+**Tags:** api, raindrop
+
+**Pattern:**
+```
+(?x)
+ \b
+ (
+ (?i)(?:raindrop)\w*
+ [\W]{0,40}?
+ [A-F0-9]{96}
+ )
+ \b
+
+```
+
+**Min entropy:** 3.5
+
+**Tests:**
+- assert: 8 cases
+- assert_not: 4 cases
+
+
### RapiAPI API Key
diff --git a/pkg/rules/influxdb.yaml b/pkg/rules/influxdb.yaml
new file mode 100644
index 0000000..00e094d
--- /dev/null
+++ b/pkg/rules/influxdb.yaml
@@ -0,0 +1,33 @@
+rules:
+ - name: InfluxDB API Token
+ id: ghost.influxdb.1
+ description: InfluxDB API token variable declaration.
+ tags:
+ - api
+ - influxdb
+ pattern: |
+ (?x)
+ \b
+ (
+ (?i)(?:influx)\w*
+ [\W]{0,40}?
+ [A-Z0-9_-]{86,}
+ )
+ \b
+ redact: [20, 4]
+ entropy: 5.1
+ tests:
+ assert:
+ - "INFLUXDB_TOKEN=5qpcUD0RL7iXRRhu_k0c5eekGIP3Xg0Re-4JKqp0JFx181SseU_f8QcZr5CKgGAJJEVn7_61UIykH58VcWHncA=="
+ - "INFLUXDB_TOKEN=oYacagiEUlR5DFwIu18dd52uS457AQt-jlixv57t3SAXc3q-2G8Wb-tgpSIAE1RSGqPhmCLsCsrRmUIBi5Lr0w=="
+ - "INFLUXDB_TOKEN=VUM15AazTlWk1kYBG6pL3CSE_LBkbwng5_hucqhBDv95ib6i4jSUNUcyuy6n7qqUvNAMEjDPgMbbeDUFpLJdgw=="
+ - "INFLUXDB_TOKEN=8Sv8yy6NXUmAkUFqQCPoZAqYFgdfJbh-3xk1x7dLgqnJZw2JR5sbMTJ-UWgTYqAjo3mkRC0VSGRj4F639qu2LA=="
+ assert_not:
+ - "INFLUXDB_TOKEN=5qpcUD0RL7iXRRhu_k0c5eekGIP3Xg0Re-4JKqp0JFx181SseU_f8QcZr5CKgGAJJEVn7=="
+ - "INFLUXDB_TOKEN=oYacagiEUlR5DFwIu18dd52uS457AQt-jlixv57t3SAXc3q-2G8Wb-tgpSIAE1RSGqPh%CLsCsrRmUIBi5Lr0w=="
+ - "INFLUXDB_TOKEN=VUM15AazTlWk1kYBG6pL3CSE_LBkbwng5_hucqhBDv95ib6i4jSUNU^yuy6n7qqUvNAMEjDPgMbbeDUFpLJdgw=="
+ - "8Sv8yy6NXUmAkUFqQCPoZAqYFgdfJbh-3xk1x7dLgqnJZw2JR5sbMTJ-UWgTYqAjo3mkRC0VSGRj4F639qu2LA=="
+ history:
+ - 2026-03-28 initial version
+ refs:
+ - https://docs.influxdata.com/influxdb/cloud/admin/tokens/
From 9a3c43c728f50265743a17b49a319d4b6a821bb6 Mon Sep 17 00:00:00 2001
From: Josh Larsen <2565382+joshlarsen@users.noreply.github.com>
Date: Sat, 28 Mar 2026 14:18:35 -0400
Subject: [PATCH 3/9] add sonarqube
---
docs/rules.md | 32 +++++++++++++++++++++++++++++++-
pkg/rules/cohere.yaml | 12 +++++++-----
pkg/rules/sonarqube.yaml | 31 +++++++++++++++++++++++++++++++
3 files changed, 69 insertions(+), 6 deletions(-)
create mode 100644 pkg/rules/sonarqube.yaml
diff --git a/docs/rules.md b/docs/rules.md
index fb9afaa..b77ae64 100644
--- a/docs/rules.md
+++ b/docs/rules.md
@@ -2,7 +2,7 @@
Auto-generated by `make docs`
-Total rules: 144
+Total rules: 145
| Name | ID | Description | Tags | Entropy |
|------|----|-----------|----|---------|
@@ -131,6 +131,7 @@ Total rules: 144
| [Slack Refresh Token](#ghost.slack.5) | ghost.slack.5 | Slack refresh token. | api, slack | 4.1 |
| [Slack Service Webhook Secret](#ghost.slack.6) | ghost.slack.6 | Slack service webhook secret. | api, slack | 4.1 |
| [Slack Workflow Webhook Secret](#ghost.slack.7) | ghost.slack.7 | Slack workflow webhook secret. | api, slack | 4.1 |
+| [SonarQube API Key](#ghost.sonarqube.1) | ghost.sonarqube.1 | SonarQube API key variable declaration. | api, sonarqube | 4.1 |
| [Sourcegraph Legacy Token](#ghost.sourcegraph.1) | ghost.sourcegraph.1 | Sourcegraph legacy token. | api, sourcegraph | 4.1 |
| [Sourcegraph Workspace Token](#ghost.sourcegraph.2) | ghost.sourcegraph.2 | Sourcegraph workspace token. | api, sourcegraph | 3.5 |
| [Spotify Access Token](#ghost.spotify.1) | ghost.spotify.1 | Spotify Access Token variable declaration. | api, spotify, token | 4.1 |
@@ -3440,6 +3441,35 @@ Total rules: 144
- assert_not: 3 cases
+
+### SonarQube API Key
+
+**ID:** `ghost.sonarqube.1`
+
+**Description:** SonarQube API key variable declaration.
+
+**Tags:** api, sonarqube
+
+**Pattern:**
+```
+(?x)
+ \b
+ (
+ (?i)sonarqube\w*(?:token|key|secret)\w*
+ [\W]{0,40}?
+ [a-f0-9]{40}
+ )
+ \b
+
+```
+
+**Min entropy:** 4.1
+
+**Tests:**
+- assert: 3 cases
+- assert_not: 3 cases
+
+
### Sourcegraph Legacy Token
diff --git a/pkg/rules/cohere.yaml b/pkg/rules/cohere.yaml
index 5583040..87437a2 100644
--- a/pkg/rules/cohere.yaml
+++ b/pkg/rules/cohere.yaml
@@ -18,14 +18,14 @@ rules:
entropy: 4.1
tests:
assert:
- - 'cohere: w9piJHtWe0p01rRO420M6PTJmCTerjuHOH0wZsgB'
- - 'cohere=szJiK1fy6FaEedPWSw8e41kAXTbtArCX5ks7wQP3'
- - 'cohere = fVst85KDGHJxfjrXtSJGjwQ27W92ORERq4bV6Ais'
+ - "cohere: w9piJHtWe0p01rRO420M6PTJmCTerjuHOH0wZsgB"
+ - "cohere=szJiK1fy6FaEedPWSw8e41kAXTbtArCX5ks7wQP3"
+ - "cohere = fVst85KDGHJxfjrXtSJGjwQ27W92ORERq4bV6Ais"
- 'let cohere = "s8Cuh6T6Tz4ZP5Xg7HTxsX0JZY3J92KGX0p1yt47"'
- 'export COHERE_KEY="s8Cuh6T6Tz4ZP5Xg7HTxsX0JZY3J92KGX0p1yt47"'
- - 'CO_API_KEY=w9piJHtWe0p01rRO420M6PTJmCTerjuHOH0wZsgB'
+ - "CO_API_KEY=w9piJHtWe0p01rRO420M6PTJmCTerjuHOH0wZsgB"
- 'const CO_API_KEY = "szJiK1fy6FaEedPWSw8e41kAXTbtArCX5ks7wQP3"'
- - 'CO_API_KEY=fVst85KDGHJxfjrXtSJGjwQ27W92ORERq4bV6Ais'
+ - "CO_API_KEY=fVst85KDGHJxfjrXtSJGjwQ27W92ORERq4bV6Ais"
assert_not:
- 9MbXxamGfTkx2cfasR7oUUzylk14gqTAK9GMlSDuX
- 9MbXxamGfTkx2cfasR7oUUzylk14gqTAK9GMlSD
@@ -34,3 +34,5 @@ rules:
- 2025-08-06 initial version
- 2025-08-07 simplify pattern with fewer capture groups
- 2025-08-12 combined into one pattern to match when either "COHERE" or "CO_API" are used in the variable name
+ refs:
+ - https://docs.cohere.com/docs/rate-limits
diff --git a/pkg/rules/sonarqube.yaml b/pkg/rules/sonarqube.yaml
new file mode 100644
index 0000000..7bb1fa8
--- /dev/null
+++ b/pkg/rules/sonarqube.yaml
@@ -0,0 +1,31 @@
+rules:
+ - name: SonarQube API Key
+ id: ghost.sonarqube.1
+ description: SonarQube API key variable declaration.
+ tags:
+ - api
+ - sonarqube
+ pattern: |
+ (?x)
+ \b
+ (
+ (?i)sonarqube\w*(?:token|key|secret)\w*
+ [\W]{0,40}?
+ [a-f0-9]{40}
+ )
+ \b
+ redact: [20, 4]
+ entropy: 4.1
+ tests:
+ assert:
+ - "SONARQUBE_TOKEN=fdfa0411cc61d63a812e28c8ff1d105c449eb2b6"
+ - "let sonarqubeApiKey = 291730f7fe18deadc15ae79eeb2aca5b00812122"
+ - "const sonarQubeToken = 3cce61edfd0794f69b1c338dd75efe8bf6923557"
+ assert_not:
+ - "SONARQUBE=fdfa0411cc61d63a812e28c8ff1d105c449eb2b6"
+ - "let sonarqubeApiKey = 291730f7fe18deadc15ae79eeb2aca5b0081212"
+ - "const sonarQubeToken = 3cce61edfd0794f69b1c338dd75efe8bf6923557x"
+ history:
+ - 2026-03-28 initial version
+ refs:
+ - https://docs.influxdata.com/influxdb/cloud/admin/tokens/
From 47d890449d924f09192cfb7787ce57f39da0a1de Mon Sep 17 00:00:00 2001
From: Josh Larsen <2565382+joshlarsen@users.noreply.github.com>
Date: Sat, 28 Mar 2026 14:35:41 -0400
Subject: [PATCH 4/9] add sonarqube scoped token
---
docs/rules.md | 40 ++++++++++++++++++++++++++++++++++------
pkg/rules/sonarqube.yaml | 37 ++++++++++++++++++++++++++++++++++---
2 files changed, 68 insertions(+), 9 deletions(-)
diff --git a/docs/rules.md b/docs/rules.md
index b77ae64..1fffd09 100644
--- a/docs/rules.md
+++ b/docs/rules.md
@@ -2,7 +2,7 @@
Auto-generated by `make docs`
-Total rules: 145
+Total rules: 146
| Name | ID | Description | Tags | Entropy |
|------|----|-----------|----|---------|
@@ -131,7 +131,8 @@ Total rules: 145
| [Slack Refresh Token](#ghost.slack.5) | ghost.slack.5 | Slack refresh token. | api, slack | 4.1 |
| [Slack Service Webhook Secret](#ghost.slack.6) | ghost.slack.6 | Slack service webhook secret. | api, slack | 4.1 |
| [Slack Workflow Webhook Secret](#ghost.slack.7) | ghost.slack.7 | Slack workflow webhook secret. | api, slack | 4.1 |
-| [SonarQube API Key](#ghost.sonarqube.1) | ghost.sonarqube.1 | SonarQube API key variable declaration. | api, sonarqube | 4.1 |
+| [SonarQube PAT](#ghost.sonarqube.1) | ghost.sonarqube.1 | SonarQube Personal Access Token variable declaration. | api, sonarqube, pat | 4.1 |
+| [SonarQube Scoped Access Token](#ghost.sonarqube.2) | ghost.sonarqube.2 | SonarQube Scoped Access Token | api, sonarqube, token | 4.5 |
| [Sourcegraph Legacy Token](#ghost.sourcegraph.1) | ghost.sourcegraph.1 | Sourcegraph legacy token. | api, sourcegraph | 4.1 |
| [Sourcegraph Workspace Token](#ghost.sourcegraph.2) | ghost.sourcegraph.2 | Sourcegraph workspace token. | api, sourcegraph | 3.5 |
| [Spotify Access Token](#ghost.spotify.1) | ghost.spotify.1 | Spotify Access Token variable declaration. | api, spotify, token | 4.1 |
@@ -3442,20 +3443,20 @@ Total rules: 145
-### SonarQube API Key
+### SonarQube PAT
**ID:** `ghost.sonarqube.1`
-**Description:** SonarQube API key variable declaration.
+**Description:** SonarQube Personal Access Token variable declaration.
-**Tags:** api, sonarqube
+**Tags:** api, sonarqube, pat
**Pattern:**
```
(?x)
\b
(
- (?i)sonarqube\w*(?:token|key|secret)\w*
+ (?i)sonar\w*(?:token|key|secret)\w*
[\W]{0,40}?
[a-f0-9]{40}
)
@@ -3465,6 +3466,33 @@ Total rules: 145
**Min entropy:** 4.1
+**Tests:**
+- assert: 4 cases
+- assert_not: 3 cases
+
+
+
+### SonarQube Scoped Access Token
+
+**ID:** `ghost.sonarqube.2`
+
+**Description:** SonarQube Scoped Access Token
+
+**Tags:** api, sonarqube, token
+
+**Pattern:**
+```
+(?x)
+ \b
+ (
+ (sqco_(?i)[A-Z0-9]{59})
+ )
+ \b
+
+```
+
+**Min entropy:** 4.5
+
**Tests:**
- assert: 3 cases
- assert_not: 3 cases
diff --git a/pkg/rules/sonarqube.yaml b/pkg/rules/sonarqube.yaml
index 7bb1fa8..31aab60 100644
--- a/pkg/rules/sonarqube.yaml
+++ b/pkg/rules/sonarqube.yaml
@@ -1,15 +1,16 @@
rules:
- - name: SonarQube API Key
+ - name: SonarQube PAT
id: ghost.sonarqube.1
- description: SonarQube API key variable declaration.
+ description: SonarQube Personal Access Token variable declaration.
tags:
- api
- sonarqube
+ - pat
pattern: |
(?x)
\b
(
- (?i)sonarqube\w*(?:token|key|secret)\w*
+ (?i)sonar\w*(?:token|key|secret)\w*
[\W]{0,40}?
[a-f0-9]{40}
)
@@ -19,6 +20,7 @@ rules:
tests:
assert:
- "SONARQUBE_TOKEN=fdfa0411cc61d63a812e28c8ff1d105c449eb2b6"
+ - "SONAR_TOKEN=fdfa0411cc61d63a812e28c8ff1d105c449eb2b6"
- "let sonarqubeApiKey = 291730f7fe18deadc15ae79eeb2aca5b00812122"
- "const sonarQubeToken = 3cce61edfd0794f69b1c338dd75efe8bf6923557"
assert_not:
@@ -29,3 +31,32 @@ rules:
- 2026-03-28 initial version
refs:
- https://docs.influxdata.com/influxdb/cloud/admin/tokens/
+ - name: SonarQube Scoped Access Token
+ id: ghost.sonarqube.2
+ description: SonarQube Scoped Access Token
+ tags:
+ - api
+ - sonarqube
+ - token
+ pattern: |
+ (?x)
+ \b
+ (
+ (sqco_(?i)[A-Z0-9]{59})
+ )
+ \b
+ redact: [8, 4]
+ entropy: 4.5
+ tests:
+ assert:
+ - sqco_CaF1swqmEKeziPpYbWAmST0b24vlynPZk5tdsLnWL16i1i9cOTjVVr7YNzq
+ - sqco_j6ZSGozSQZqBB2c2cwq597b5ejoPfP41B6EK6ozU6GisgnYBTEeBN64sUqY
+ - sqco_wr11vcXlByW8ZSVuBpAEH4DFeZQcxYfrN7r3VcTaqjSlII79hhOA4bZMbhQ
+ assert_not:
+ - sqcx_CaF1swqmEKeziPpYbWAmST0b24vlynPZk5tdsLnWL16i1i9cOTjVVr7YNzq
+ - sqco_j6ZSGozSQZqBB2c2cwq597b5ejoPfP41B6EK6ozU6GisgnYBTEeBN64sUqYx
+ - sqco_wr11vcXlByW8ZSVuBpAEH4DFeZQcxYfrN7r3VcTaqjSlII79hhOA4bZMbh
+ history:
+ - 2026-03-28 initial version
+ refs:
+ - https://docs.influxdata.com/influxdb/cloud/admin/tokens/
From a8f5a63a574e426dd3209d921621dcbdc2d00b34 Mon Sep 17 00:00:00 2001
From: Josh Larsen <2565382+joshlarsen@users.noreply.github.com>
Date: Sat, 28 Mar 2026 14:36:34 -0400
Subject: [PATCH 5/9] fix ref
---
pkg/rules/sonarqube.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pkg/rules/sonarqube.yaml b/pkg/rules/sonarqube.yaml
index 31aab60..d92fdd7 100644
--- a/pkg/rules/sonarqube.yaml
+++ b/pkg/rules/sonarqube.yaml
@@ -59,4 +59,4 @@ rules:
history:
- 2026-03-28 initial version
refs:
- - https://docs.influxdata.com/influxdb/cloud/admin/tokens/
+ - https://docs.sonarsource.com/sonarqube-cloud/administering-sonarcloud/managing-organization/scoped-organization-tokens
From ed7666c2b0a549c05006a3626458a90d25ca3249 Mon Sep 17 00:00:00 2001
From: Josh Larsen <2565382+joshlarsen@users.noreply.github.com>
Date: Sat, 28 Mar 2026 14:44:37 -0400
Subject: [PATCH 6/9] add alibaba
---
docs/rules.md | 28 +++++++++++++++++++++++++++-
pkg/rules/alibaba.yaml | 27 +++++++++++++++++++++++++++
2 files changed, 54 insertions(+), 1 deletion(-)
create mode 100644 pkg/rules/alibaba.yaml
diff --git a/docs/rules.md b/docs/rules.md
index 1fffd09..4879136 100644
--- a/docs/rules.md
+++ b/docs/rules.md
@@ -2,12 +2,13 @@
Auto-generated by `make docs`
-Total rules: 146
+Total rules: 147
| Name | ID | Description | Tags | Entropy |
|------|----|-----------|----|---------|
| [Airtable PAT](#ghost.airtable.1) | ghost.airtable.1 | Airtable PAT | api, airtable, pat | 4.1 |
| [Algolia API Key](#ghost.algolia.1) | ghost.algolia.1 | Algolia API key variable declaration. | api, algolia | 3.6 |
+| [Alibaba API Key](#ghost.alibaba.1) | ghost.alibaba.1 | Alibaba API Key | api, alibaba | 3.5 |
| [Amplemarket API Key](#ghost.amplemarket.1) | ghost.amplemarket.1 | Amplemarket API Key | api, amplemarket | 3.5 |
| [Anthropic API Key](#ghost.anthropic.1) | ghost.anthropic.1 | Anthropic API key. | api, anthropic | 5.1 |
| [Anthropic Admin API Key](#ghost.anthropic.2) | ghost.anthropic.2 | Anthropic admin API key. | api, anthropic, admin | 5.1 |
@@ -209,6 +210,31 @@ Total rules: 146
- assert_not: 3 cases
+
+### Alibaba API Key
+
+**ID:** `ghost.alibaba.1`
+
+**Description:** Alibaba API Key
+
+**Tags:** api, alibaba
+
+**Pattern:**
+```
+(?x)
+ \b
+ (sk-(?i)[a-f0-9]{32})
+ \b
+
+```
+
+**Min entropy:** 3.5
+
+**Tests:**
+- assert: 3 cases
+- assert_not: 3 cases
+
+
### Amplemarket API Key
diff --git a/pkg/rules/alibaba.yaml b/pkg/rules/alibaba.yaml
new file mode 100644
index 0000000..f2c5104
--- /dev/null
+++ b/pkg/rules/alibaba.yaml
@@ -0,0 +1,27 @@
+rules:
+ - name: Alibaba API Key
+ id: ghost.alibaba.1
+ description: Alibaba API Key
+ tags:
+ - api
+ - alibaba
+ pattern: |
+ (?x)
+ \b
+ (sk-(?i)[a-f0-9]{32})
+ \b
+ entropy: 3.5
+ redact: [6, 4]
+ tests:
+ assert:
+ - sk-3e3f172c956e4d32a87135c37eec4a5f
+ - sk-9e2596f50f014cb2a8f02d59e4f872db
+ - sk-40d84e35978d8e7cf0afe45c52989cad
+ assert_not:
+ - sk-3e3f172c956e4d32a87135c37eec4a5fx
+ - sk-9e2596f50f014cb2a8f02d59e4f872d
+ - sk-40d84e35978d8e-7cf0afe45c52989ca
+ history:
+ - 2026-03-28 initial version
+ refs:
+ - https://www.alibabacloud.com/help/en/ram/user-guide/create-an-accesskey-pair
From 9e1aab10311bc8ae874ed094704262fadb170381 Mon Sep 17 00:00:00 2001
From: Josh Larsen <2565382+joshlarsen@users.noreply.github.com>
Date: Sat, 28 Mar 2026 14:50:33 -0400
Subject: [PATCH 7/9] add nvidia
---
docs/rules.md | 28 +++++++++++++++++++++++++++-
pkg/rules/nvidia.yaml | 26 ++++++++++++++++++++++++++
2 files changed, 53 insertions(+), 1 deletion(-)
create mode 100644 pkg/rules/nvidia.yaml
diff --git a/docs/rules.md b/docs/rules.md
index 4879136..5f4ad0d 100644
--- a/docs/rules.md
+++ b/docs/rules.md
@@ -2,7 +2,7 @@
Auto-generated by `make docs`
-Total rules: 147
+Total rules: 148
| Name | ID | Description | Tags | Entropy |
|------|----|-----------|----|---------|
@@ -99,6 +99,7 @@ Total rules: 147
| [NPM Legacy Token](#ghost.npm.1) | ghost.npm.1 | NPM legacy token. | api, npm, legacy | 4.1 |
| [NPM Access Token](#ghost.npm.2) | ghost.npm.2 | NPM access token. | api, npm, token | 4.1 |
| [NuGet API Key](#ghost.nuget.1) | ghost.nuget.1 | NuGet API key. | api, nuget | 4.1 |
+| [NVIDIA API Key](#ghost.nvidia.1) | ghost.nvidia.1 | Nvidia API key. | api, nvidai | 4.8 |
| [OpenAI API Key](#ghost.openai.1) | ghost.openai.1 | Matches an OpenAI API key. | api, openai | 5.1 |
| [OpenAI Admin API Key](#ghost.openai.2) | ghost.openai.2 | Matches an OpenAI admin API key. | api, openai, admin | 5.1 |
| [OpenAI Legacy API Key](#ghost.openai.3) | ghost.openai.3 | Matches an OpenAI legacy API key. | api, openai, legacy | 5.1 |
@@ -2589,6 +2590,31 @@ Total rules: 147
- assert_not: 4 cases
+
+### NVIDIA API Key
+
+**ID:** `ghost.nvidia.1`
+
+**Description:** Nvidia API key.
+
+**Tags:** api, nvidai
+
+**Pattern:**
+```
+(?x)
+ \b
+ (nvapi-(?i)[A-Z0-9_-]{64})
+ \b
+
+```
+
+**Min entropy:** 4.8
+
+**Tests:**
+- assert: 2 cases
+- assert_not: 3 cases
+
+
### OpenAI API Key
diff --git a/pkg/rules/nvidia.yaml b/pkg/rules/nvidia.yaml
new file mode 100644
index 0000000..80fd23a
--- /dev/null
+++ b/pkg/rules/nvidia.yaml
@@ -0,0 +1,26 @@
+rules:
+ - name: NVIDIA API Key
+ id: ghost.nvidia.1
+ description: Nvidia API key.
+ tags:
+ - api
+ - nvidai
+ pattern: |
+ (?x)
+ \b
+ (nvapi-(?i)[A-Z0-9_-]{64})
+ \b
+ entropy: 4.8
+ redact: [8, 4]
+ tests:
+ assert:
+ - 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
+ - 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
+ assert_not:
+ - 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
+ - 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
+ - nvapi-OFyUWnNcwU__LwIiHjibHB-6ODljEcTZUBdC09&j8PwsIDFL4qsTVjb4EQXvtncC
+ history:
+ - 2025-08-18 initial version
+ refs:
+ - https://clickhouse.com/docs/cloud/manage/openapi
From 490b48c1f293c7c5b3d322ef7eea7cb4d168c4c0 Mon Sep 17 00:00:00 2001
From: Josh Larsen <2565382+joshlarsen@users.noreply.github.com>
Date: Sat, 28 Mar 2026 14:57:44 -0400
Subject: [PATCH 8/9] add sendbird
---
docs/rules.md | 32 +++++++++++++++++++++++++++++++-
pkg/rules/sendbird.yaml | 33 +++++++++++++++++++++++++++++++++
2 files changed, 64 insertions(+), 1 deletion(-)
create mode 100644 pkg/rules/sendbird.yaml
diff --git a/docs/rules.md b/docs/rules.md
index 5f4ad0d..e456559 100644
--- a/docs/rules.md
+++ b/docs/rules.md
@@ -2,7 +2,7 @@
Auto-generated by `make docs`
-Total rules: 148
+Total rules: 149
| Name | ID | Description | Tags | Entropy |
|------|----|-----------|----|---------|
@@ -123,6 +123,7 @@ Total rules: 148
| [Salesforce App Consumer Secret](#ghost.salesforce.1) | ghost.salesforce.1 | Salesforce App Consumer Secret. | api, salesforce | 4.1 |
| [Salesforce App Consumer Key](#ghost.salesforce.2) | ghost.salesforce.2 | Salesforce App Consumer Key. | api, salesforce | 5.1 |
| [Salesforce Security Token](#ghost.salesforce.3) | ghost.salesforce.3 | Salesforce Security Token. | api, salesforce, token | 4.1 |
+| [Sendbird API Key](#ghost.sendbird.1) | ghost.sendbird.1 | Sendbird API key variable declaration. | api, sendbird | 3.5 |
| [Sendgrid API Key](#ghost.sendgrid.1) | ghost.sendgrid.1 | Sendgrid API key. | api, sendgrid | 4.8 |
| [Sentry Token](#ghost.sentry.1) | ghost.sentry.1 | Sentry Token | api, sentry | 3.5 |
| [Shodan API Key](#ghost.shodan.1) | ghost.shodan.1 | Shodan API key. | api, shodan | 3.1 |
@@ -3224,6 +3225,35 @@ Total rules: 148
- assert_not: 2 cases
+
+### Sendbird API Key
+
+**ID:** `ghost.sendbird.1`
+
+**Description:** Sendbird API key variable declaration.
+
+**Tags:** api, sendbird
+
+**Pattern:**
+```
+(?x)
+ \b
+ (
+ (?i)sendbird\w*(?:token|key|secret)\w*
+ [\W]{0,40}?
+ [a-f0-9]{40}
+ )
+ \b
+
+```
+
+**Min entropy:** 3.5
+
+**Tests:**
+- assert: 4 cases
+- assert_not: 4 cases
+
+
### Sendgrid API Key
diff --git a/pkg/rules/sendbird.yaml b/pkg/rules/sendbird.yaml
new file mode 100644
index 0000000..02d46b6
--- /dev/null
+++ b/pkg/rules/sendbird.yaml
@@ -0,0 +1,33 @@
+rules:
+ - name: Sendbird API Key
+ id: ghost.sendbird.1
+ description: Sendbird API key variable declaration.
+ tags:
+ - api
+ - sendbird
+ pattern: |
+ (?x)
+ \b
+ (
+ (?i)sendbird\w*(?:token|key|secret)\w*
+ [\W]{0,40}?
+ [a-f0-9]{40}
+ )
+ \b
+ redact: [20, 4]
+ entropy: 3.5
+ tests:
+ assert:
+ - "SENDBIRD_KEY=3cb4a43feb676d8f8ffe1c3153905fe99b37aad7"
+ - "SENDBIRD_TOKEN=0c570ad597eea60692b46d66584f7095d2599c1f"
+ - "let sendbirdApiKey = 8d642762930554af9abb1c8bac460169a2b5c616"
+ - "const sendbirdToken = 1d02b8254f25f2b60af540dd41cb46c5e6bb0f5e"
+ assert_not:
+ - "SENDBIRD_KEY=3cb4a43feb676d8f8ffe1c3153905fe99b37aaz7"
+ - "SENDBIRD_TOKEN=0c570ad597eea60692b46d66584f7095d2599c1"
+ - "let sendbirdApiKey = 8d642762930554af9abb1c8-ac460169a2b5c616"
+ - "const sendbirdToken = 1d02b8254f25f2b60af540dd41cb46c5e6bb0f5exxx"
+ history:
+ - 2026-03-28 initial version
+ refs:
+ - https://docs.influxdata.com/influxdb/cloud/admin/tokens/
From ea04f5425b685398396a32161cf97a35b8510bd2 Mon Sep 17 00:00:00 2001
From: Josh Larsen <2565382+joshlarsen@users.noreply.github.com>
Date: Sat, 28 Mar 2026 15:04:33 -0400
Subject: [PATCH 9/9] add readme.io
---
docs/rules.md | 28 +++++++++++++++++++++++++++-
pkg/rules/nvidia.yaml | 2 +-
pkg/rules/raindrop.yaml | 2 ++
pkg/rules/readmeio.yaml | 27 +++++++++++++++++++++++++++
pkg/rules/sendbird.yaml | 2 +-
5 files changed, 58 insertions(+), 3 deletions(-)
create mode 100644 pkg/rules/readmeio.yaml
diff --git a/docs/rules.md b/docs/rules.md
index e456559..d2fb42b 100644
--- a/docs/rules.md
+++ b/docs/rules.md
@@ -2,7 +2,7 @@
Auto-generated by `make docs`
-Total rules: 149
+Total rules: 150
| Name | ID | Description | Tags | Entropy |
|------|----|-----------|----|---------|
@@ -118,6 +118,7 @@ Total rules: 149
| [PyPI API Key](#ghost.pypi.1) | ghost.pypi.1 | PyPI API key. | api, pypi | 4.5 |
| [Raindrop AI API Key](#ghost.raindrop.1) | ghost.raindrop.1 | Raindrop AI API key variable declaration. | api, raindrop | 3.5 |
| [RapiAPI API Key](#ghost.rapidapi.1) | ghost.rapidapi.1 | RapidAPI API Key | api, rapidapi | 3.5 |
+| [Readme.io API Key](#ghost.readmeio.1) | ghost.readmeio.1 | ReadMe.io API key | api, readmeio | 3.5 |
| [ReCaptcha API Key](#ghost.recaptcha.1) | ghost.recaptcha.1 | ReCaptcha API key variable declaration. | api, recaptcha | 3.5 |
| [Resend API Key](#ghost.resend.1) | ghost.resend.1 | Resend API key. | api, resend | 4.2 |
| [Salesforce App Consumer Secret](#ghost.salesforce.1) | ghost.salesforce.1 | Salesforce App Consumer Secret. | api, salesforce | 4.1 |
@@ -3084,6 +3085,31 @@ Total rules: 149
- assert_not: 3 cases
+
+### Readme.io API Key
+
+**ID:** `ghost.readmeio.1`
+
+**Description:** ReadMe.io API key
+
+**Tags:** api, readmeio
+
+**Pattern:**
+```
+(?x)
+ \b
+ (rdme_(?i)[A-Z0-9]{70})
+ \b
+
+```
+
+**Min entropy:** 3.5
+
+**Tests:**
+- assert: 3 cases
+- assert_not: 3 cases
+
+
### ReCaptcha API Key
diff --git a/pkg/rules/nvidia.yaml b/pkg/rules/nvidia.yaml
index 80fd23a..8f2914e 100644
--- a/pkg/rules/nvidia.yaml
+++ b/pkg/rules/nvidia.yaml
@@ -23,4 +23,4 @@ rules:
history:
- 2025-08-18 initial version
refs:
- - https://clickhouse.com/docs/cloud/manage/openapi
+ - https://docs.api.nvidia.com/nim/docs/api-quickstart
diff --git a/pkg/rules/raindrop.yaml b/pkg/rules/raindrop.yaml
index cd237e3..0e62c81 100644
--- a/pkg/rules/raindrop.yaml
+++ b/pkg/rules/raindrop.yaml
@@ -33,3 +33,5 @@ rules:
- "RAINDROP_KEY=1cc5720db4892d1636b453967b348c08cb90ef77baf7d53dd0d2e6bec64880f1702cf36b14de94c56d772efe62349a5cd"
history:
- 2026-03-27 initial version
+ refs:
+ - https://www.raindrop.ai/docs/sdk/http-api#authentication
diff --git a/pkg/rules/readmeio.yaml b/pkg/rules/readmeio.yaml
new file mode 100644
index 0000000..7e284a7
--- /dev/null
+++ b/pkg/rules/readmeio.yaml
@@ -0,0 +1,27 @@
+rules:
+ - name: Readme.io API Key
+ id: ghost.readmeio.1
+ description: ReadMe.io API key
+ tags:
+ - api
+ - readmeio
+ pattern: |
+ (?x)
+ \b
+ (rdme_(?i)[A-Z0-9]{70})
+ \b
+ entropy: 3.5
+ redact: [8, 4]
+ tests:
+ assert:
+ - rdme_xn8s9h25591dd12be975c84bfed0e62757c52d2b0cf4a5accdce7ac24a3bbc3e53d520
+ - rdme_xn8s9hf98e484695211ea342539e7bfc9ab08c2415260a318f3366ee58dcdc9bd0c9d3
+ - rdme_xn8s9h4e7f33c9e6a359a6d322bf7dda66d3ee6c0761500a32b9b49d6d88d9d8ba181e
+ assert_not:
+ - rdme_xn8s9h25591dd12be975c84bfed0e62757c52d2b0cf4a5accdce7ac24a3bbc3e53d520x
+ - rdme_xn8s9hf98e484695211ea342539e7b-c9ab08c2415260a318f3366ee58dcdc9bd0c9d3
+ - rdme_xn8s9h4e7f33c9e6a359a6d322bf7dda66d3ee6c0761500a32b9b49d6d88d9d8ba181
+ history:
+ - 2026-03-28 initial version
+ refs:
+ - https://docs.readme.com/main/reference/authentication
diff --git a/pkg/rules/sendbird.yaml b/pkg/rules/sendbird.yaml
index 02d46b6..35e5860 100644
--- a/pkg/rules/sendbird.yaml
+++ b/pkg/rules/sendbird.yaml
@@ -30,4 +30,4 @@ rules:
history:
- 2026-03-28 initial version
refs:
- - https://docs.influxdata.com/influxdb/cloud/admin/tokens/
+ - https://sendbird.com/docs/chat/platform-api/v3/prepare-to-use-api