title = "风七六项目敏感信息检测规则" description = "检测代码中的敏感信息,如密码、密钥、token等" [rules] [rules.secret-token] description = "检测通用密钥令牌" regex = '''(?i)(secret|token|api[_-]?key|password|credential)[\s:=]+['"]?[A-Za-z0-9]{32,}['"]?''' severity = "high" tags = ["secret", "token"] [rules.password] description = "检测密码" regex = '''(?i)password[\s:=]+['"]?[A-Za-z0-9!@#$%^&*()_+-=]{8,}['"]?''' severity = "high" tags = ["password"] [rules.jwt-token] description = "检测JWT令牌" regex = '''eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+''' severity = "high" tags = ["jwt", "token"] [allowlist] paths = [ ".git/", "node_modules/", "target/", "build/", "dist/" ] regexes = [ ".*\\.md$", ".*\\.txt$", ".*\\.json$", ".*\\.yml$", ".*\\.yaml$" ]