Initial set of Azure secrets for #539 (#1079)

* Initial secret set

* Covered off all rule types in comments

* Finished Azure and Ansible rules

* About to run go run main.go

* Fixed some rules, but tests need work

* Initial secret set for Azure

Needs work - many tests fail

* Fix remaining Azure secrets - but couldn't get XML to work

* Update .gitignore

Co-authored-by: Jesse Houwing <jesse.houwing@gmail.com>

---------

Co-authored-by: Jesse Houwing <jesse.houwing@gmail.com>

.gitignore

@@ -20,4 +20,4 @@ testdata/expected/report/*.got.*
 # Test binary
 *.out
 
-dist/
+dist/

cmd/generate/config/main.go

@@ -24,11 +24,38 @@ func main() {
 	configRules = append(configRules, rules.AlgoliaApiKey())
 	configRules = append(configRules, rules.AlibabaAccessKey())
 	configRules = append(configRules, rules.AlibabaSecretKey())
+	configRules = append(configRules, rules.AnsibleVaultToken())
 	configRules = append(configRules, rules.AsanaClientID())
 	configRules = append(configRules, rules.AsanaClientSecret())
 	configRules = append(configRules, rules.Atlassian())
 	configRules = append(configRules, rules.Authress())
 	configRules = append(configRules, rules.AWS())
+	configRules = append(configRules, rules.AzureAppServiceDeploymentSecrets())
+	configRules = append(configRules, rules.AzureDevTFVCSecrets())
+	configRules = append(configRules, rules.AzureDevopsPAT())
+	configRules = append(configRules, rules.AzureNetworkCredential())
+	configRules = append(configRules, rules.AzureNetworkCredentialSchtasks())
+	configRules = append(configRules, rules.AzureNetworkCredentialDotNet())
+	configRules = append(configRules, rules.AzurePasswordDecryptionkey())
+	configRules = append(configRules, rules.AzurePasswordAddKey())
+	configRules = append(configRules, rules.AzurePasswordConnString())
+	configRules = append(configRules, rules.AzurePasswordValueString())
+	configRules = append(configRules, rules.AzurePassworduidpw())
+	configRules = append(configRules, rules.AzureStorageCredential43char())
+	configRules = append(configRules, rules.AzureStorageCredential86char())
+	configRules = append(configRules, rules.AzureStorageCredentialAccountKey())
+	configRules = append(configRules, rules.AzureStorageCredentialBlobURL())
+	configRules = append(configRules, rules.AzureStorageCredentialMonikerKey())
+	configRules = append(configRules, rules.AzureStorageCredentialServiceBus())
+	configRules = append(configRules, rules.AzureStorageCredentialSig53())
+	configRules = append(configRules, rules.AzureStorageCredentialUserIDPW())
+	configRules = append(configRules, rules.AzureStorageCredentialXStore())
+
+	// Below work on Regex.com but something about the internal conversion to generateUniqueTokenRegex is breaking them
+	//configRules = append(configRules, rules.AzurePowershellTokenCache())
+	//configRules = append(configRules, rules.AzurePasswordXMLCredential())
+	//configRules = append(configRules, rules.AzurePasswordXMLValue())
+	//configRules = append(configRules, rules.AzurePasswordSSISProperty())
 	configRules = append(configRules, rules.BitBucketClientID())
 	configRules = append(configRules, rules.BitBucketClientSecret())
 	configRules = append(configRules, rules.BittrexAccessKey())

cmd/generate/config/rules/ansible.go

@@ -0,0 +1,24 @@
+package rules
+
+import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
+	"github.com/zricethezav/gitleaks/v8/config"
+)
+
+func AnsibleVaultToken() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "CSCAN0270 - Found Azure Subscription Token Cache.",
+		RuleID:      "ansible-vault-token",
+		SecretGroup: 1,
+		Regex:       generateUniqueTokenRegex(`ANSIBLE_VAULT;[0-9]\.[0-9];AES256;[\r\n]+[0-9]+`),
+		Keywords:    []string{"ANSIBLE_VAULT;", "AES256;"},
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("ansible-vault-token",
+			"ANSIBLE_VAULT;1.0;AES256;\n" + secrets.NewSecret(numeric("32"))),
+	}
+	return validate(r, tps, nil)
+}

cmd/generate/config/rules/azure.go

@@ -0,0 +1,444 @@
+package rules
+
+import (
+	"github.com/zricethezav/gitleaks/v8/cmd/generate/secrets"
+	"github.com/zricethezav/gitleaks/v8/config"
+)
+
+// Rules come from https://www.powershellgallery.com/packages/AzSK.AzureDevOps/0.9.8/Content/Framework%5CConfigurations%5CSVT%5CAzureDevOps%5CCredentialPatterns.xml
+// Only rules with 'ContentSearchPatterns' have been used.
+
+// CSCAN0110, CSCAN0111, CSCAN0140, CSCAN0220 searches for generic passwords - covered elsewhere
+
+// CSCAN0120 searches for Twilio keys - covered in twilio.go
+
+// CSCAN0210 checks for Git repo credentials - covered elsewhere
+
+// CSCAN0230 checks for Slack tokens - covered in slack.go
+
+// CSCAN0250 - covered in jwt.go
+
+
+func AzureAppServiceDeploymentSecrets() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "CSCAN0020, CSCAN0030 - Found Azure app service deployment secrets in publish settings file.",
+		RuleID:      "azure-app-service-deployment-secrets",
+		SecretGroup: 1,
+		Regex: generateUniqueTokenRegex(`MII[a-z0-9=_\-]{200}`),
+		Keywords: []string{"MII"},
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("azure-app-service-deployment-secrets",
+			"MII" + secrets.NewSecret(alphaNumeric("200"))),
+	}
+	return validate(r, tps, nil)
+}
+
+func AzureStorageCredential86char() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "CSCAN0030, CSCAN0090, CSCAN0150 - Found Azure storage credential in source code file.",
+		RuleID:      "azure-storage-credential-86char",
+		SecretGroup: 1,
+		Regex: generateUniqueTokenRegex(`[ \t]{0,10}[a-zA-Z0-9/+]{86}==`),
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("azure-storage-credential-86char",
+			secrets.NewSecret(alphaNumeric("86") + "==")),
+	}
+	return validate(r, tps, nil)
+}
+
+func AzureStorageCredential43char() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "CSCAN0030, CSCAN0090, CSCAN0150 - Found Azure storage credential in source code file.",
+		RuleID:      "azure-storage-credential-43char",
+		SecretGroup: 1,
+		Regex: generateUniqueTokenRegex(`[a-zA-Z0-9/+]{43}=[^{@\d%]`),
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("azure-storage-credential-43char",
+			secrets.NewSecret(alphaNumeric("43") + "=a")),
+	}
+	return validate(r, tps, nil)
+}
+
+func AzureStorageCredentialSig53() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "CSCAN0030, CSCAN0090, CSCAN0150 - Found Azure storage credential in source code file.",
+		RuleID:      "azure-storage-credential-sig53",
+		SecretGroup: 1,
+		Regex: generateUniqueTokenRegex(`((sig|sas|password)=|>)[a-zA-Z0-9%]{43,53}%3d[^{a-zA-Z0-9%]`),
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("azure-storage-credential-sig53",
+			"sig=" + secrets.NewSecret(alphaNumeric("53") + "%3D")),
+	}
+	return validate(r, tps, nil)
+}
+
+
+func AzureStorageCredentialUserIDPW() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "CSCAN0030 - Found Azure storage credential in source code file.",
+		RuleID:      "azure-storage-credential-useridpw",
+		SecretGroup: 1,
+		Regex: generateUniqueTokenRegex(`((user) ?(id|name)|uid)=.{2,128}?\s*?;\s*?((password)|(pwd))=[^'$%>@'";\[\{][^;"']{2,350}?(;|"|')`),
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("azure-storage-credential-useridpw",
+		"userid=" + secrets.NewSecret(alphaNumeric("128")) + ";password=" + secrets.NewSecret(alphaNumeric("200")) + ";"),
+	}
+	return validate(r, tps, nil)
+}
+
+func AzureStorageCredentialAccountKey() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "CSCAN0030 - Found Azure storage credential in source code file.",
+		RuleID:      "azure-storage-credential-accountkey",
+		SecretGroup: 1,
+		Regex: generateUniqueTokenRegex(`AccountKey\s*=\s*MII[a-zA-Z0-9/+]{43,}?={0,2}`),
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("azure-storage-credential-accountkey",
+			"AccountKey = MII" + secrets.NewSecret(alphaNumeric("43") + "=")),
+	}
+	return validate(r, tps, nil)
+}
+
+func AzureStorageCredentialXStore() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "CSCAN0100 - Found Azure storage credential in source code file.",
+		RuleID:      "azure-storage-credential-xstore",
+		SecretGroup: 1,
+		Regex: generateUniqueTokenRegex(`[<XstoreAccountInfo].*accountSharedKey\s*=\s*['"].*['"]`),
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("azure-storage-credential-xstore",
+			"<XstoreAccountInfo accountName = 'John Doe' accountSharedKey='" + secrets.NewSecret(alphaNumeric("43")) + "' />"),
+	}
+	return validate(r, tps, nil)
+}
+
+func AzureStorageCredentialServiceBus() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "CSCAN0100 - Found Azure storage credential in source code file.",
+		RuleID:      "azure-storage-credential-servicebus",
+		SecretGroup: 1,
+		Regex: generateUniqueTokenRegex(`[<ServiceBusAccountInfo].*SharedAccessKey\s*=\s*[a-zA-Z0-9/+]{10,}['"]`),
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("azure-storage-credential-servicebus",
+		"<ServiceBusAccountInfo accountName='name' connectionString='Endpoint=sb://foo.net/;SharedAccessKeyName=bar;SharedAccessKey=" + secrets.NewSecret(alphaNumeric("43")) + "' />"),
+	}
+	return validate(r, tps, nil)
+}
+
+func AzureStorageCredentialMonikerKey() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "CSCAN0130 - Found Azure storage credential in MonitoringAgent config file.",
+		RuleID:      "azure-storage-credential-monikerkey",
+		SecretGroup: 1,
+		Regex: generateUniqueTokenRegex(`Account moniker\s?=.*key\s?=.*`),
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("azure-storage-credential-monikerkey",
+			"Account Moniker = 'John Doe' Key = '" + secrets.NewSecret(alphaNumeric("200") + "'")),
+	}
+	return validate(r, tps, nil)
+}
+
+
+func AzureStorageCredentialBlobURL() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "CSCAN0110 - Found Azure storage credential in source code file.",
+		RuleID:      "azure-storage-credential-bloburl",
+		SecretGroup: 1,
+		Regex: generateUniqueTokenRegex(`(?i)https://[a-zA-Z0-9-]+.(blob|file|queue|table|dfs|z8.web).core.windows.net/.*?sig=[a-zA-Z0-9%]{30,}`),
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("azure-storage-credential-bloburl",
+			"https://myacct.blob.core.windows.net/a?sp=r&sr=b&sig=" + secrets.NewSecret(alphaNumeric("43"))),
+	}
+	return validate(r, tps, nil)
+}
+
+// CSCAN0050, CSCAN0060, CSCAN0070 - covered in PrivateKey.go
+
+// CSCAN0080 looks for 'Password' in XML file
+
+func AzurePasswordDecryptionkey() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "CSCAN0090 - Found Azure password, symmetric key or storage credential in source file.",
+		RuleID:      "azure-password-machinekey",
+		SecretGroup: 1,
+		Regex: generateUniqueTokenRegex(`(decryptionKey\s*\=\s*['"].*['"]|validationKey\s*\=\s*['"].*['"])`),
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("azure-password-machinekey",
+			"<machineKey decryptionKey='" + secrets.NewSecret(alphaNumeric("43")) + "' validationKey='" + secrets.NewSecret(alphaNumeric("43")) + "' useMachineContainer='true'>"),
+	}
+	return validate(r, tps, nil)
+}
+
+
+func AzurePasswordAddKey() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "CSCAN0090 - Found Azure password, symmetric key or storage credential in source file.",
+		RuleID:      "azure-password-addkey",
+		SecretGroup: 1,
+		Regex: generateUniqueTokenRegex(`[<add].*([key](s|[0-9])?|(credential)s?|(secret)(s|S|[0-9])?|[password|token|key](primary|secondary|orsas|sas|encrypted))['"]\s*value\s*=['"].*['"]`),
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("azure-password-addkey",
+			"<add key='primary' value='" + secrets.NewSecret(alphaNumeric("200") + "' >")),
+	}
+	return validate(r, tps, nil)
+}
+
+func AzurePasswordConnString() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "CSCAN0090 - Found Azure password, symmetric key or storage credential in source file.",
+		RuleID:      "azure-password-connstring",
+		SecretGroup: 1,
+		Regex: generateUniqueTokenRegex(`(connectionstring|connstring)[^=]*?=["'][^"']*?(password)=[^\$\s;][^"'\s]*?(;|['"])`),
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("azure-password-connstring",
+			//connstring='password=secret123;Server=localhost;'
+			"connstring='Server=localhost;password=" + secrets.NewSecret(alphaNumeric("23") + "'")),
+	}
+	return validate(r, tps, nil)
+}
+
+func AzurePasswordValueString() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "CSCAN0090 - Found Azure password, symmetric key or storage credential in source file.",
+		RuleID:      "azure-password-value-string",
+		SecretGroup: 1,
+		Regex: generateUniqueTokenRegex(`value\s?=\s?['"]((([A-Za-z0-9+/]){4}){1,200})==['"]`),
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("azure-password-value-string",
+			"Value='" + secrets.NewSecret(alphaNumeric("20") + "=='")),
+	}
+	return validate(r, tps, nil)
+}
+
+func AzurePassworduidpw() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "CSCAN0090, CSCAN0150 - Found Azure password, symmetric key or storage credential in source file.",
+		RuleID:      "azure-password-uidpw",
+		SecretGroup: 1,
+		Regex: generateUniqueTokenRegex(`((user) ?(id|name)|uid)=.{2,128}?\s*?;\s*?((password|(pwd))=[^'$%@'";\[\{][^;"']{2,350}?(;|"|'))`),
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("azure-password-uidpw",
+			`uid=testuser;pwd=` + secrets.NewSecret(alphaNumeric("86") + ";")),
+	}
+	return validate(r, tps, nil)
+}
+
+// TODO: Come back to the two XML passwords below
+// func AzurePasswordXMLCredential() *config.Rule {
+// 	// define rule
+// 	r := config.Rule{
+// 		Description: "CSCAN0090, CSCAN0150 - Found Azure password, symmetric key or storage credential in source file.",
+// 		RuleID:      "azure-password-xml-credential",
+// 		SecretGroup: 1,
+// 		Regex: generateUniqueTokenRegex(`<credential>\s?name=['"][^"]*(key(s|[0-9])?|credential(s)?|secret(s|[0-9])?|password|token|key(primary|secondary|orsas|encrypted))['"](\s*value\s*=['"][^"]+['"].*?</credential>)`),
+// 	}
+
+// 	// validate
+// 	tps := []string{
+// 		generateSampleSecret("azure-password-xml-credential",
+// 			"<credential>name='primary_key' value='" + secrets.NewSecret(alphaNumeric("86") + "'</credential>")),
+// 	}
+// 	return validate(r, tps, nil)
+// }
+
+// func AzurePasswordXMLValue() *config.Rule {
+// 	// define rule
+// 	r := config.Rule{
+// 		Description: "CSCAN0090, CSCAN0150 - Found Azure password, symmetric key or storage credential in source file.",
+// 		RuleID:      "azure-password-xml-value",
+// 		SecretGroup: 1,
+// 		Regex: generateUniqueTokenRegex(`<setting\sname=.?password.?>.*<value>.+</value>`),
+// 	}
+
+// 	// validate
+// 	tps := []string{
+// 		generateSampleSecret("azure-password-xml-value",
+// 			//<setting name='password'><value>testpassword123</value>
+// 			"<setting name='password'><value>" + secrets.NewSecret(alphaNumeric("86") + "</value>")),
+// 	}
+// 	return validate(r, tps, nil)
+// }
+
+// func AzurePasswordSSISProperty() *config.Rule {
+// 	// define rule
+// 	r := config.Rule{
+// 		Description: "CSCAN0090 - Found Azure password, symmetric key or storage credential in source file.",
+// 		RuleID:      "azure-password-ssis",
+// 		SecretGroup: 1,
+// 		Regex: generateUniqueTokenRegex(`(?s)<SSIS:Parameter\n?\s*SSIS:Name="password">.*?<SSIS:Property\n?\s*SSIS:Name="value">[^><#$\[\{\(]+</SSIS:Property>`),
+// 	}
+
+// 	// validate
+// 	tps := []string{
+// 		generateSampleSecret("azure-password-ssis",
+// 			`
+// 			This is a random text string that contains some characters>
+// 			` + secrets.NewSecret(alphaNumeric("86") + "==")),
+// 	}
+// 	return validate(r, tps, nil)
+// }
+
+
+func AzureNetworkCredential() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "CSCAN0160 - Found Azure domain credential in source file.",
+		RuleID:      "azure-network-credential",
+		SecretGroup: 1,
+		Regex: generateUniqueTokenRegex(`NetworkCredential\((\s*).*,(\s*).*,(\s*)(corp|europe|middleeast|northamerica|southpacific|southamerica|fareast|africa|redmond|exchange|extranet|partners|extranettest|parttest|noe|ntdev|ntwksta|sys-wingroup|windeploy|wingroup|winse|segroup|xcorp|xrep|phx|gme|usme|cdocidm|mslpa)\)`),
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("azure-network-credential",
+			"NetworkCredential(username, password, europe)"),
+	}
+	return validate(r, tps, nil)
+}
+
+func AzureNetworkCredentialSchtasks() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "CSCAN0160 - Found Azure domain credential in source file.",
+		RuleID:      "azure-network-credential-schtasks",
+		SecretGroup: 1,
+		Regex: generateUniqueTokenRegex(`schtasks.*/ru\s(corp|europe|middleeast|northamerica|southpacific|southamerica|fareast|africa|redmond|exchange|extranet|partners|extranettest|parttest|noe|ntdev|ntwksta|sys\-wingroup|windeploy|wingroup|winse|segroup|xcorp|xrep|phx|gme|usme|cdocidm|mslpa).*/rp.*`),
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("azure-network-credential-schtasks",
+			`Schtasks /create /tn corp-daily-backup /tr \corp\backup.bat /ru corp\admin /rp password /sc daily`),
+	}
+	return validate(r, tps, nil)
+}
+
+func AzureNetworkCredentialDotNet() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "CSCAN0160 - Found Azure domain credential in source file.",
+		RuleID:      "azure-network-credential-dotnet",
+		SecretGroup: 1,
+		Regex: generateUniqueTokenRegex(`new-object\s*System.Net.NetworkCredential\(.*?,\s*['"][^"]+['"]`),
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("azure-network-credential-dotnet",
+			"New-Object System.Net.NetworkCredential(username, '" +  secrets.NewSecret(alphaNumeric("86")) + "')"),
+	}
+	return validate(r, tps, nil)
+}
+
+func AzureDevTFVCSecrets() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "CSCAN0200 - Found Azure DevDiv TFVC repo secrets.",
+		RuleID:      "azure-devtfvc-secrets",
+		SecretGroup: 1,
+		Regex: generateUniqueTokenRegex(`enc_username=.+[\n\r\s]+enc_password=.{3,}`),
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("azure-devtfvc-secrets",
+			"enc_username=myusername enc_password=" + secrets.NewSecret(alphaNumeric("86"))),
+	}
+	return validate(r, tps, nil)
+}
+
+func AzureDevopsPAT() *config.Rule {
+	// define rule
+	r := config.Rule{
+		Description: "CSCAN0240 - Found Azure Devops personal access token in source file.",
+		RuleID:      "azure-devops-pat",
+		SecretGroup: 1,
+		Regex: generateUniqueTokenRegex(`(access_token).*?['="][a-zA-Z0-9/+]{10,99}['"]`),
+	}
+
+	// validate
+	tps := []string{
+		generateSampleSecret("azure-devops-pat",
+			"Access_token=='" + secrets.NewSecret(hex("52")) + "'"),
+	}
+	return validate(r, tps, nil)
+}
+
+
+// func AzurePowershellTokenCache() *config.Rule {
+// 	// define rule
+// 	r := config.Rule{
+// 		Description: "CSCAN0270 - Found Azure Subscription Token Cache.",
+// 		RuleID:      "azure-powershell-tokencache",
+// 		SecretGroup: 1,
+// 		// Below finds the example on Regex101.com! So not sure what's happening here.
+// 		Regex: generateUniqueTokenRegex(`["']TokenCache["']\s*:\s*\{\s*["']CacheData["']\s*:\s*["'][a-zA-Z0-9/\+]{86}`),
+// 	}
+
+// 	// validate
+// 	tps := []string{
+// 		generateSampleSecret("azure-powershell-tokencache",
+// 			"'TokenCache': { 'CacheData': '" + secrets.NewSecret(alphaNumeric("86")) + "'"),
+// 	}
+// 	return validate(r, tps, nil)
+// }

config/gitleaks.toml

@@ -92,6 +92,15 @@ keywords = [
     "alibaba",
 ]
 
+[[rules]]
+description = "CSCAN0270 - Found Azure Subscription Token Cache."
+id = "ansible-vault-token"
+regex = '''(?i)\b(ANSIBLE_VAULT;[0-9]\.[0-9];AES256;[\r\n]+[0-9]+)(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    "ansible_vault;","aes256;",
+]
+
 [[rules]]
 description = "Asana Client ID"
 id = "asana-client-id"
@@ -136,6 +145,186 @@ keywords = [
     "akia","agpa","aida","aroa","aipa","anpa","anva","asia",
 ]
 
+[[rules]]
+description = "CSCAN0020, CSCAN0030 - Found Azure app service deployment secrets in publish settings file."
+id = "azure-app-service-deployment-secrets"
+regex = '''(?i)\b(MII[a-z0-9=_\-]{200})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    "mii",
+]
+
+[[rules]]
+description = "CSCAN0240 - Found Azure Devops personal access token in source file."
+id = "azure-devops-pat"
+regex = '''(?i)\b((access_token).*?['="][a-zA-Z0-9/+]{10,99}['"])(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    
+]
+
+[[rules]]
+description = "CSCAN0200 - Found Azure DevDiv TFVC repo secrets."
+id = "azure-devtfvc-secrets"
+regex = '''(?i)\b(enc_username=.+[\n\r\s]+enc_password=.{3,})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    
+]
+
+[[rules]]
+description = "CSCAN0160 - Found Azure domain credential in source file."
+id = "azure-network-credential"
+regex = '''(?i)\b(NetworkCredential\((\s*).*,(\s*).*,(\s*)(corp|europe|middleeast|northamerica|southpacific|southamerica|fareast|africa|redmond|exchange|extranet|partners|extranettest|parttest|noe|ntdev|ntwksta|sys-wingroup|windeploy|wingroup|winse|segroup|xcorp|xrep|phx|gme|usme|cdocidm|mslpa)\))(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    
+]
+
+[[rules]]
+description = "CSCAN0160 - Found Azure domain credential in source file."
+id = "azure-network-credential-dotnet"
+regex = '''(?i)\b(new-object\s*System.Net.NetworkCredential\(.*?,\s*['"][^"]+['"])(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    
+]
+
+[[rules]]
+description = "CSCAN0160 - Found Azure domain credential in source file."
+id = "azure-network-credential-schtasks"
+regex = '''(?i)\b(schtasks.*/ru\s(corp|europe|middleeast|northamerica|southpacific|southamerica|fareast|africa|redmond|exchange|extranet|partners|extranettest|parttest|noe|ntdev|ntwksta|sys\-wingroup|windeploy|wingroup|winse|segroup|xcorp|xrep|phx|gme|usme|cdocidm|mslpa).*/rp.*)(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    
+]
+
+[[rules]]
+description = "CSCAN0090 - Found Azure password, symmetric key or storage credential in source file."
+id = "azure-password-addkey"
+regex = '''(?i)\b([<add].*([key](s|[0-9])?|(credential)s?|(secret)(s|S|[0-9])?|[password|token|key](primary|secondary|orsas|sas|encrypted))['"]\s*value\s*=['"].*['"])(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    
+]
+
+[[rules]]
+description = "CSCAN0090 - Found Azure password, symmetric key or storage credential in source file."
+id = "azure-password-connstring"
+regex = '''(?i)\b((connectionstring|connstring)[^=]*?=["'][^"']*?(password)=[^\$\s;][^"'\s]*?(;|['"]))(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    
+]
+
+[[rules]]
+description = "CSCAN0090 - Found Azure password, symmetric key or storage credential in source file."
+id = "azure-password-machinekey"
+regex = '''(?i)\b((decryptionKey\s*\=\s*['"].*['"]|validationKey\s*\=\s*['"].*['"]))(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    
+]
+
+[[rules]]
+description = "CSCAN0090, CSCAN0150 - Found Azure password, symmetric key or storage credential in source file."
+id = "azure-password-uidpw"
+regex = '''(?i)\b(((user) ?(id|name)|uid)=.{2,128}?\s*?;\s*?((password|(pwd))=[^'$%@'";\[\{][^;"']{2,350}?(;|"|')))(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    
+]
+
+[[rules]]
+description = "CSCAN0090 - Found Azure password, symmetric key or storage credential in source file."
+id = "azure-password-value-string"
+regex = '''(?i)\b(value\s?=\s?['"]((([A-Za-z0-9+/]){4}){1,200})==['"])(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    
+]
+
+[[rules]]
+description = "CSCAN0030, CSCAN0090, CSCAN0150 - Found Azure storage credential in source code file."
+id = "azure-storage-credential-43char"
+regex = '''(?i)\b([a-zA-Z0-9/+]{43}=[^{@\d%])(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    
+]
+
+[[rules]]
+description = "CSCAN0030, CSCAN0090, CSCAN0150 - Found Azure storage credential in source code file."
+id = "azure-storage-credential-86char"
+regex = '''(?i)\b([ \t]{0,10}[a-zA-Z0-9/+]{86}==)(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    
+]
+
+[[rules]]
+description = "CSCAN0030 - Found Azure storage credential in source code file."
+id = "azure-storage-credential-accountkey"
+regex = '''(?i)\b(AccountKey\s*=\s*MII[a-zA-Z0-9/+]{43,}?={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    
+]
+
+[[rules]]
+description = "CSCAN0110 - Found Azure storage credential in source code file."
+id = "azure-storage-credential-bloburl"
+regex = '''(?i)\b((?i)https://[a-zA-Z0-9-]+.blob.core.windows.net/.*?sig=[a-zA-Z0-9%]{30,})(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    
+]
+
+[[rules]]
+description = "CSCAN0130 - Found Azure storage credential in MonitoringAgent config file."
+id = "azure-storage-credential-monikerkey"
+regex = '''(?i)\b(Account moniker\s?=.*key\s?=.*)(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    
+]
+
+[[rules]]
+description = "CSCAN0100 - Found Azure storage credential in source code file."
+id = "azure-storage-credential-servicebus"
+regex = '''(?i)\b([<ServiceBusAccountInfo].*SharedAccessKey\s*=\s*[a-zA-Z0-9/+]{10,}['"])(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    
+]
+
+[[rules]]
+description = "CSCAN0030, CSCAN0090, CSCAN0150 - Found Azure storage credential in source code file."
+id = "azure-storage-credential-sig53"
+regex = '''(?i)\b(((sig|sas|password)=|>)[a-zA-Z0-9%]{43,53}%3d[^{a-zA-Z0-9%])(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    
+]
+
+[[rules]]
+description = "CSCAN0030 - Found Azure storage credential in source code file."
+id = "azure-storage-credential-useridpw"
+regex = '''(?i)\b(((user) ?(id|name)|uid)=.{2,128}?\s*?;\s*?((password)|(pwd))=[^'$%>@'";\[\{][^;"']{2,350}?(;|"|'))(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    
+]
+
+[[rules]]
+description = "CSCAN0100 - Found Azure storage credential in source code file."
+id = "azure-storage-credential-xstore"
+regex = '''(?i)\b([<XstoreAccountInfo].*accountSharedKey\s*=\s*['"].*['"])(?:['|\"|\n|\r|\s|\x60|;]|$)'''
+secretGroup = 1
+keywords = [
+    
+]
+
 [[rules]]
 description = "Beamer API token"
 id = "beamer-api-token"