feat: add several other GitHub access token patterns

offbyone · offbyone · commit fd8440e10eda · 2024-06-25T10:55:26.000-07:00
- OAuth access tokens
- refresh token
- app installation token
- PAT v2
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -18,6 +18,7 @@ All notable changes to this project will be documented in this file.
 
 ### Features
 
+- *(client)* Identify several other GitHub token types as secrets 
 - *(daemon)* Follow XDG_RUNTIME_DIR if set ([#2171](https://github.com/atuinsh/atuin/issues/2171))
 - *(gui)* Automatically install and setup the cli/shell ([#2139](https://github.com/atuinsh/atuin/issues/2139))
 - *(gui)* Add activity calendar to the homepage ([#2160](https://github.com/atuinsh/atuin/issues/2160))
diff --git a/crates/atuin-client/src/secrets.rs b/crates/atuin-client/src/secrets.rs
@@ -42,6 +42,36 @@ pub static SECRET_PATTERNS: &[(&str, &str, &str)] = &[
         "github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59}",
         "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", // also legit, also expired
     ),
+    (
+        "GitHub OAuth Access Token",
+        "gho_[A-Za-z0-9]{36}",
+        "gho_1234567890abcdefghijklmnopqrstuvwx",  // not a real token
+    ),
+    (
+        "GitHub OAuth Access Token (user)",
+        "ghu_[A-Za-z0-9]{36}",
+        "ghu_1234567890abcdefghijklmnopqrstuvwx",  // not a real token
+    ),
+    (
+        "GitHub App Installation Access Token",
+        "ghs_[A-Za-z0-9]{36}",
+        "ghs_1234567890abcdefghijklmnopqrstuvwx",  // not a real token
+    ),
+    (
+        "GitHub Refresh Token",
+        "ghr_[A-Za-z0-9]{76}",
+        "ghr_1234567890abcdefghijklmnopqrstuvwx1234567890abcdefghijklmnopqrstuvwx1234567890abcdefghijklmnopqrstuvwx",  // not a real token
+    ),
+    (
+        "GitHub App Installation Access Token",
+        "v1\\.[0-9A-Fa-f]{40}",
+        "v1.1234567890abcdefghijklmnopqrstuvwx1234567890abcdefghijklmnopqrstuvwx",  // not a real token
+    ),
+    (
+        "GitHub Personal Access Token (v2)",
+        "gh1_[A-Za-z0-9]{21}_[A-Za-z0-9]{59}|github_pat_[0-9][A-Za-z0-9]{21}_[A-Za-z0-9]{59}",
+        "gh1_1234567890abcdefghijklmnopqrstuvwx_1234567890abcdefghijklmnopqrstuvwx",  // not a real token
+    ),
     (
         "GitLab PAT",
         "glpat-[a-zA-Z0-9_]{20}",
