Regular Expressions 101

Community Patterns

Find Secrets in Object

0

Regular Expression
PCRE2 (PHP >=7.3)

/
(?:"?[a-z0-9_\-]*(?:key|secret|token)[a-z0-9_\-]*"?\s*(?::|=)\s*\"?(?!null|true|false)([a-z0-9+_:\.\-\/]+)|"Authorization":"[a-z0-9+:_\-\/]+\s(.*?(?<!\\)(?=")))
/
gmi

Description

Given a JSON.stringified object that may contain secrets, obfuscate them for logging. It will match parameters with "token," "key," and "secret" in strings and key/value pairs. Specifically looks for object values with : setters``, strings with = setters and Authorization headers.

This regex will produce 2 groups for each match.

  • Group 1 will have object key/values and = param value pairs from strings such as query strings.
  • Group 2 will have authorization header keys
{
   secret: "hdsuaskleasdkfjs8e229das-43332",
   urls: {
      uri_1: "https://www.api.example.com/api/?count=433&apiKey=DD2EXAMPLE248330EFBB58D6B1431AFB03C8E1D&debug=true",
      uri_7: "https://www.api.example.com/api/?api_key=7119EXAMPLE25C366F9AB506A1BFD&debug=true"
   },
   secret-pin:123456789,
   headers: {Authorization: "Bearer dasd/4EXAMPLEuCoAO8UaxuWUGXUtuzRJKdRTvKMVe3dJ9FN1SyF9n=="},
      auth_3: {Authorization: "App D4DEXAMPLE0BB1B2F12B5E97405C764CA45F"},
      auth_4: {Authorization: "IPSO dasd+F51EXAMPLEB63334AD3520894712D15D8F1105ED3DD"},
      auth_5: {Authorization: "Key hJdilwrEXAMPLEzM9616MJsDGBiK4qjeJFYB0zmHPxYNUrn8D54ycAN7gwedqHt0UiCWTb"},
auth_8: {Authorization: "Digest username=EXAMPLE, nonce=h8A4EXAMPLEZW22ygGZozIIGZcb43waVMEM6Gq, response='b4543cd4dEXAMPLE6a923b4ab4fd4583af48f0e'}
   },
   apiKey: null,
   apiKey3: true,
   apiKey4: false,
   apiKey5: 'null',
   apiKey6: 'true'
}
Submitted by chadkluck - a year ago (Last modified a year ago)