From b9f5f9f6c5dbef474fbeaa919103e44a88b14b65 Mon Sep 17 00:00:00 2001
From: Khemraj Rathore <khemraj.rathore@privado.ai>
Date: Tue, 29 Oct 2024 14:41:47 +0530
Subject: [PATCH 1/2] add token and vendor exclusion rule

---
 config/exclusions/go.yaml             |  5 +++++
 rules/sources/online_identifiers.yaml | 10 ++++++++++
 2 files changed, 15 insertions(+)

diff --git a/config/exclusions/go.yaml b/config/exclusions/go.yaml
index 7b3ff4a5..184cf862 100644
--- a/config/exclusions/go.yaml
+++ b/config/exclusions/go.yaml
@@ -3,3 +3,8 @@ exclusions:
     name: Exclude test source code
     patterns:
       - '.*_test(s)?.*'
+
+  - id: Exclusions.ExternalModules
+    name: Exclude external modules
+    patterns:
+      - '(?i).*vendor(s)?/.*'
diff --git a/rules/sources/online_identifiers.yaml b/rules/sources/online_identifiers.yaml
index 284f99d4..229ab86a 100644
--- a/rules/sources/online_identifiers.yaml
+++ b/rules/sources/online_identifiers.yaml
@@ -58,3 +58,13 @@ sources:
       - "(?i)idfa|idfv|aaid|advertising[^\\s/(;)#|,=!>]{0,5}id|gps[^\\s/(;)#|,=!>]{0,5}adid"
     tags:
       law: GDPR
+
+  - id: Data.Sensitive.OnlineIdentifiers.Token
+    name: Token
+    category: Online Identifiers
+    isSensitive: False
+    sensitivity: medium
+    patterns:
+      - "((?i)(auth|session|access|bearer|jwt|recaptcha|user|useraccess)?token[s]?)"
+    tags:
+      law: GDPR

From 5cc1c70447a02a1012519e70e64365f1bb2775a1 Mon Sep 17 00:00:00 2001
From: Khemraj Rathore <khemraj.rathore@privado.ai>
Date: Tue, 29 Oct 2024 14:48:08 +0530
Subject: [PATCH 2/2] PR comment

---
 rules/sources/account_data.yaml       | 10 ++++++++++
 rules/sources/online_identifiers.yaml |  9 ---------
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/rules/sources/account_data.yaml b/rules/sources/account_data.yaml
index 5b65ac7e..4149a674 100644
--- a/rules/sources/account_data.yaml
+++ b/rules/sources/account_data.yaml
@@ -58,3 +58,13 @@ sources:
       - "(?i)(.*(?<!(db|database|jira|sql|postgres|mongo|aws)[^\\s/(;)#|,=!>]{0,3})user[^\\s/(;)#|,=!>]{0,3}name)|(.*(account|customer|doctor|patient|teacher|student|person|organi[zs]ation|company)[^\\s/(;)#|,=!>]{0,3}name)"
     tags:
       law: GDPR
+
+  - id: Data.Sensitive.AccountData.Token
+    name: Token
+    category: Account Data
+    isSensitive: False
+    sensitivity: medium
+    patterns:
+      - "((?i)(auth|session|access|bearer|jwt|recaptcha|user|useraccess)[^\\s/(;)#|,=!>]{0,3}token[s]?)"
+    tags:
+      law: GDPR
\ No newline at end of file
diff --git a/rules/sources/online_identifiers.yaml b/rules/sources/online_identifiers.yaml
index 229ab86a..9c4eb032 100644
--- a/rules/sources/online_identifiers.yaml
+++ b/rules/sources/online_identifiers.yaml
@@ -59,12 +59,3 @@ sources:
     tags:
       law: GDPR
 
-  - id: Data.Sensitive.OnlineIdentifiers.Token
-    name: Token
-    category: Online Identifiers
-    isSensitive: False
-    sensitivity: medium
-    patterns:
-      - "((?i)(auth|session|access|bearer|jwt|recaptcha|user|useraccess)?token[s]?)"
-    tags:
-      law: GDPR