diff --git a/secrets-benchmarks/README.md b/secrets-benchmarks/README.md new file mode 100644 index 0000000..f0e1343 --- /dev/null +++ b/secrets-benchmarks/README.md @@ -0,0 +1,237 @@ +# DeepSource Secrets Benchmark + +Benchmark evaluating the DeepSource secret-detection pipeline on a synthetic +dataset of hardcoded-secret-bearing code snippets. + +## Pipeline under test + +``` + snippets/ + (240 snippets, 518 secrets) + │ + ▼ + ┌─────────────────────────────┐ + │ Stage 1: scanner │ pattern + high-entropy + │ (candidate detector) │ heuristics (entropy >= 4.0) + └─────────────────────────────┘ + │ + │ 453 TPs, 65 missed, 696 raw FPs + ▼ + ┌─────────────────────────────┐ + │ Stage 2: classifier │ fine-tuned small language + │ (false-positive filter) │ model on a custom endpoint + └─────────────────────────────┘ + │ + │ Rejects 690 / 696 FPs + ▼ + Final: 453 TP · 65 FN · 6 FP + Acc 87.45 · Prec 98.69 · Rec 87.45 · F1 92.78 +``` + +## Final numbers + +| Metric | DeepSource | +|-------------------|-----------:| +| Perfect Matches | 453 | +| Partial Matches | 0 | +| Missed Secrets | 65 | +| False Positives | 6 | +| Accuracy | 87.45% | +| Precision | 98.69% | +| Recall | 87.45% | +| F1 Score | 92.78% | + +Detailed derivation (per-stage breakdowns, formulas, and the tiny rounding +delta between the reported 92.78% F1 and the count-derived 92.73%) is captured +in [`results/deepsource.json`](results/deepsource.json). + +## Repository layout + +``` +secrets-benchmarks/ +├── README.md # this file +├── generation-prompt.py # the system prompt used to generate the +│ # synthetic dataset +├── raw-dataset.jsonl # raw generator output; `snippets/` is derived from this +├── snippets/ # 240 language-native snippets with preserved line numbers +│ └── NNN/ # 001-240, one dir per snippet +│ ├── snippet.{ext} # code in its native extension +│ └── ground-truth.json # ground-truth secrets + metadata +├── raw-output/ # exact per-stage outputs +│ ├── scanner.json # stage-1: per-snippet scan results incl. all 696 raw FPs +│ └── classifier.jsonl # stage-2: raw per-snippet predictions +├── processed/ # normalized per-secret comparisons +│ ├── scanner.jsonl # 518 ground-truth lines + 696 false-positive lines +│ └── classifier.jsonl # 513 per-secret comparisons +└── results/ # metrics + ├── scanner.json # stage-1 standalone metrics + ├── classifier.json # stage-2 standalone metrics (on all-TP eval) + └── deepsource.json # final pipeline numbers (= table above) +``` + +## File formats + +### `raw-dataset.jsonl` + +Raw output from the generator. One top-level entry per line, 48 entries (IDs +1-50 with 6 and 27 dropped during manual review). Each entry bundles 5 +sub-examples together; `snippets/` is the exploded, language-native form used +for evaluation. + +```jsonc +{ + "id": 1, + "findings": [ // 5 sub-examples per entry + { + "code": "78: import boto3\n79: ...\n83: aws_access_key = 'AKIA...'", + "findings": [ + {"line_number": 83, "secret": "AKIA...", "label": "True Positive"} + ] + } + // ... 4 more sub-examples + ] +} +``` + +### `snippets/` + +240 language-native snippets designed for direct consumption by code scanners. +Each snippet is a real source file with the correct language extension, so +scanners can infer language and report accurate line numbers without any +translation. The dataset was AI-generated synthetically, then manually +verified. + +**Directory structure:** + +``` +snippets/001/snippet.py # one dir per snippet, 001-240 +snippets/002/snippet.yml +... +snippets/240/snippet.properties +``` + +Each directory holds the code plus a `ground-truth.json` with the expected +findings. + +**Line numbers.** Each `snippet.{ext}` starts at line 1. `ground-truth.json` +reports the line within that file where each secret appears, so a scanner's +reported line number can be compared to `line_number` directly. The snippet's +original line offset (from the generator prompt) is preserved in +`raw-dataset.jsonl` if needed. + +**`ground-truth.json` format:** + +```jsonc +{ + "entry_id": 1, // original generation-prompt id + "language": "python", + "findings": [ + {"line_number": 6, "secret": "AKIA...", "label": "True Positive"} + ] +} +``` + +**Languages present:** python, javascript, typescript, go, java, yaml, +terraform, properties, json, csharp, groovy, kotlin, swift, dart, php (14 +total). + +### `raw-output/scanner.json` + +```jsonc +{ + "stage": "stage-1 scanner (pattern + high-entropy heuristics)", + "per_entry_results": { + "1": [ // array indexed by sub-example + { + "found_entries": [...], // TPs (exact or partial) + "not_found_entries": [...], // missed ground-truth secrets + "false_positives": [...], // scanner detections with no gt match + "total_actual": 2, "total_found": 2, + "total_missed": 0, "total_false_positives": 5 + } + // ... one per sub-example + ] + } +} +``` + +### `raw-output/classifier.jsonl` + +One line per top-level entry. Each line contains the classifier's raw +predictions for every sub-example of that entry: + +```jsonc +{ + "id": 1, + "findings": [ + { + "index": 0, "sub_index": 0, + "completion": "{\"line_number\": 83, \"label\": \"True Positive\", \"secret_value\": \"AKIA...\", \"reason\": \"...\"}" + } + // ... one per sub-example + ] +} +``` + +### `processed/scanner.jsonl` + +1,214 lines = 518 ground-truth comparisons + 696 raw false positives. + +```jsonc +// kind=ground_truth (one per gt secret; match_type ∈ {exact, partial, missed}) +{"kind": "ground_truth", "id": 1, "match_type": "exact", + "expected": {"line_number": 83, "secret": "AKIA...", "label": "True Positive"}, + "actual": {"line_number": 6, "secret": "AKIA..."}} + +// kind=false_positive (one per raw scanner FP) +{"kind": "false_positive", "id": 1, "sub_index": 0, "match_type": "false_positive", + "actual": {"line_number": 29, "secret": "File '{file_name}' uploaded to ..."}} +``` + +### `processed/classifier.jsonl` + +513 lines (the 5 missing vs. the 518 gt total are sub-examples where the +classifier's response failed JSON-parsing). + +```jsonc +{ + "id": 1, "index": 0, "sub_index": 0, + "perfect_match": true, + "error_fields": [], + "expected": {"line_number": 83, "secret": "AKIA...", "label": "True Positive"}, + "actual": {"line_number": 83, "secret_value": "AKIA...", "label": "True Positive", + "reason": "The value 'AKIA...' matches the AWS access-key format ..."} +} +``` + +### `results/*.json` + +- `scanner.json` — stage-1 standalone metrics plus baseline comparisons + between a vanilla configuration, the SDK with default plugins, and the SDK + with the high-entropy-string detector enabled. +- `classifier.json` — stage-2 standalone metrics. **Caveat:** the eval set + is all-TP, so its `precision = 1.0` is not a measurement of how well the + classifier rejects stage-1 FPs — it's a measurement of "classifier doesn't + misclassify real secrets." +- `deepsource.json` — pipeline end-to-end numbers matching the headline + scorecard. Includes both the reported percentages and the recomputed ones + with a note on the tiny F1 rounding delta. + +## Caveats + +1. **Benchmark is synthetic.** Snippets are generated, 25-35 lines, packed + with 1-4 secrets each. Real repo noise (minified JS, lockfiles, large + vendor blobs, long docs) isn't represented. Treat raw FP counts here as a + lower bound relative to real-world scanning. +2. **No full-file context.** Each sub-example was scanned as its own isolated + buffer, not as a file inside a repository. Cross-file context (env var + references elsewhere, `.gitignore`, allowlists) isn't tested. +3. **Stage-2 per-FP verdicts aren't saved here.** The stage-2 data in + `classifier.jsonl` runs the classifier as a standalone detector on the + golden set — not as an FP filter on the 696 stage-1 FPs. The "6" in the + final metrics is the headline number from the reported benchmark run; to + re-derive it you'd need to pipe stage-1's `false_positives` back through + the classifier and record its verdict per FP. +4. **Synthetic AWS-key-shaped strings** in the golden set will trigger GitHub + push-protection on public repos. Keep this dataset in a private repo, or + strip/allowlist the affected strings before pushing. diff --git a/secrets-benchmarks/generation-prompt.py b/secrets-benchmarks/generation-prompt.py new file mode 100644 index 0000000..88223a9 --- /dev/null +++ b/secrets-benchmarks/generation-prompt.py @@ -0,0 +1,153 @@ +"""System prompt used to generate the synthetic secret-detection benchmark +dataset (`raw-dataset.jsonl`). The prompt was fed to a large language model +which emitted batches of 5 synthetic code snippets (25-35 numbered lines each, +containing 1-4 realistic-looking hardcoded secrets per snippet). +""" + +SYNTHETIC_SYSTEM_PROMPT = """ +You are a data generation engine that produces **synthetic code snippets** containing **realistic-looking hardcoded secrets** for use in cybersecurity training datasets. Your primary goal is to create a diverse and realistic dataset. + +--- + +## Rules + +### 1. Output Format +Always return a JSON structure, starting with the `` tag and ending with the `` tag. + +The top-level output MUST be a JSON array containing exactly **5 objects**. +Each object must follow this structure: + +{ + "example_id": <1 through 5>, + "code": "", + "findings": [ + { + "line_number": , + "secret": "", + "label": "True Positive" + }, + ... + ] +} + +No extra commentary, text, or markdown outside the `...` block. + +--- + +### **2. Code Snippet Requirements** + +The code must be a plausible, high-quality snapshot that imitates a real-world project. Generic, simplistic, or repetitive code is unacceptable. +- **Length & Numbering:** Each snippet must be **25-35 lines long**. Code lines must be **numbered** as `: `, starting from an arbitrary line number (e.g., `42:`, `115:`). + +#### **2.1. Mandate for Contextual & Syntactic Diversity** +Each of the 5 generated examples must be a **distinct** and **unique** snapshot of a real-world project. The primary goal is to maximize diversity across the set, avoiding any repetition in the scenario, language, or overall structure. +The 5 generated examples **must be written in a distinct and unique** primary language or configuration format. In a single response, you are **strictly prohibited** from generating, similar looking more than two snapshot of the same format/programming language. + +To ensure variety, you **must select 5 different options** from the languages and formats listed in Section 2.2 for each response. +- **Strict Uniqueness:** Each snippet **must** represent a unique development scenario and use a different primary language or configuration format. For example, generating two Python backend apps or two Terraform files in the same response is strictly prohibited. +- **Plausible Secret Pairing:** The type of hardcoded secret must logically match the code's context. For instance, an SSH key is plausible in a CI/CD pipeline, while a Stripe API key is plausible in a backend payment processor. + +#### **2.2. Scenario & Language Variety** +To ensure diversity, select from a wide range of contexts and languages for each of the 5 snippets. + +**A. Example Scenarios & Use Cases:** +- **Backend Services:** API endpoints, database initializers, authentication middleware, or background workers (e.g., Python/Flask, Go/Gin, Ruby/Rails, C#/ASP.NET, Java/Spring). +- **Frontend Components:** Configuration objects or service initializers inside UI code (e.g., TypeScript/React, JavaScript/Vue) that handle keys for services like Firebase, Mapbox, or Sentry. +- **Infrastructure as Code (IaC):** Resource definitions with hardcoded provider credentials or variables (e.g., Terraform/HCL, Pulumi/TypeScript, AWS CDK). +- **CI/CD Pipelines:** Build, test, and deployment steps with integrated secrets (e.g., YAML for GitHub Actions/GitLab CI, Groovy for Jenkinsfiles). +- **Configuration Files:** Standalone configuration for applications or services (e.g., YAML, JSON, `.env`, Java `.properties`, `.tfvars`). +- **Data & Utility Scripts:** Standalone scripts for automation, data processing, or sending notifications (e.g., Python with `boto3` or `smtplib`, PHP scripts, PowerShell). +- **Mobile App Configuration:** Build configurations or property lists containing API keys (e.g., `build.gradle` for Android, `Info.plist` or Swift configuration files for iOS). + +**B. Example Languages & Formats:** +- **Languages:** Python, Go, TypeScript, JavaScript, C#, Java, Ruby, PHP, Swift, Kotlin. +- **Config Formats:** YAML, JSON, HCL (Terraform), `.env`, `.properties`, XML. + +--- + +### **3. Secret Injection Rules ** + +The goal is to generate code snippets with hardcoded secrets that are **indistinguishable from real-world secrets** at a glance. They must be synthetically generated but adhere strictly to the format, character set, and apparent randomness of genuine credentials. +- **Secret Count:** Each snippet must contain **at least 1 and at most 4** hardcoded secrets. The exact number should vary randomly across the dataset (e.g., some snippets with 1, some with 2 or 3, and occasionally 4). +- **No Metadata:** Do not include any comments (`// fake key`), docstrings, or other markers that reveal the secrets are synthetic, for training, or are placeholders. + +*** + +### **3.1 Mandate for Authentic Realism** + +All secrets must be generated based on two core principles: **authentic structure** and **high-entropy payloads**. + +#### **A. Authentic Structure** + +Secrets must precisely replicate the real-world format for their type. This includes: +- **Prefixes:** Use the correct, well-known prefixes (e.g., `sk_live_` for Stripe, `AKIA` for AWS, `ghp_` for GitHub, `xoxb-` for Slack). +- **Character Set:** Use the appropriate character set (e.g., alphanumeric, Base64, hex). +- **Length:** Adhere to the standard length or length range for the specific secret type. +- **Formatting:** Complex secrets like database connection strings must use the correct URI format and include realistic (but synthetic) hostnames, usernames, and databases. + +#### **B. High-Entropy Payloads** + +The variable portion of the secret **must appear to be a cryptographically random string**. Generation must **strictly avoid** common anti-patterns that make secrets look fake. + +**Prohibited Patterns (Do NOT use):** +- **Leet Speak:** `D3m0T0k3n`, `S3cr3t` +- **Dictionary Words:** `MyP@ssword`, `StagingKey` +- **Sequential Chars/Keyboard Walks:** `abcdefg`, `12345678`, `qwerty` +- **Simple, Repetitive Patterns:** `abababab`, `testtest` +- **Obvious Placeholders:** `AKIAYOURSECRETKEYHERE`, `ghp_XXXXXXXXXXXXXXXXXXXX` + +Below are examples illustrating the required level of realism. + +**GitHub Token:** +- Bad Example (Looks Fake): `ghp_D3m0L0ngPers0nalAcc3ssT0k3nAbCdEf123456` +- Good Example (Looks Real): `ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE` + +**AWS Access Key:** +- Bad Example (Looks Fake): `AKIA2QW3E4R5T6Y7U8I9` +- Good Example (Looks Real): `AKIAY3R4WZ76X2P5QJ6M` + +**Stripe API Key:** +- Bad Example (Looks Fake): `sk_live_test_key_for_payments_12345` +- Good Example (Looks Real): `sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB` + +**Postgres URI:** +- Bad Example (Looks Fake): `postgres://admin:password@localhost:5432/testdb` +- Good Example (Looks Real): `postgres://prod_user_rw:8!hG#kL$pQ2s@db.prod.internal:5432/main` + +**JWT Token:** +- Bad Example (Looks Fake): `eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.test` +- Good Example (Looks Real): `eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c` + +*** + +### **3.2 Diversity of Secret Types** + +Across the entire dataset, the generated secrets must represent a wide variety of realistic secret categories. Snippets should combine different types where natural. The list of secret types includes, but is not limited to: + +- **API Keys:** Cloud providers (AWS, GCP, Azure), payment processors (Stripe, Braintree), SaaS platforms (Twilio, SendGrid), and AI services (OpenAI, Anthropic). +- **Authentication Tokens:** OAuth 2.0 tokens, session tokens, bearer tokens, JWTs. +- **Database Connection Strings:** Postgres, MySQL, MongoDB, Redis, etc. +- **Cloud Storage Keys:** AWS S3 access keys, Azure Blob Storage keys, GCP Cloud Storage keys. +- **Credentials:** Username/password combinations (for services, not end-users). +- **Cryptographic Material:** Raw encryption keys (AES, RSA), initialization vectors (IVs), or salts. +- **SSH Keys & Certificates:** Private keys (RSA, ED25519) or PEM-encoded certificates. + +--- + +### **4. Output & Generation Rules** +This section defines the strict structural and content requirements for the final output. + +- **JSON Array Structure:** The final output **MUST** be a single, valid JSON array that contains exactly **5 unique JSON objects**. Each object represents one complete example. +- **Object Content:** Each object in the array must include three keys: `"example_id"` (numbered sequentially from 1 to 5), a `"code"` snippet, and a `"findings"` array. +- **Strict Uniqueness Mandate:** The 5 generated code snippets **MUST BE UNIQUE**. Do not repeat or slightly modify a previous example. This is a critical requirement, as the data will be used for model training. +- **No Extraneous Text:** There **MUST NOT** be any text, explanations, or formatting outside the main JSON array (i.e., no text before or after the `[` and `]` brackets of the array). +- **Self-Correction:** Before finalizing your response, you must verify that the JSON array contains exactly 5 objects. If it does not, you must regenerate the entire response to meet the requirement. + +--- +### **5. Content Integrity Rules** +These rules apply to the secrets and findings generated within each code snippet. + +- **True Positives Only:** All generated secrets **MUST** be true positives. Do not generate examples of false positives, commented-out secrets, placeholders (e.g., `'YOUR_KEY_HERE'`), or other non-sensitive values. +- **Full-Length Secrets:** All secrets **MUST** be included in their entirety, without any truncation, ellipsis (`...`), or shortening. This rule applies to all secret types, including long JWTs, multi-line SSH private keys, or PEM certificates. + +""" diff --git a/secrets-benchmarks/processed/classifier.jsonl b/secrets-benchmarks/processed/classifier.jsonl new file mode 100644 index 0000000..83f5f0b --- /dev/null +++ b/secrets-benchmarks/processed/classifier.jsonl @@ -0,0 +1,513 @@ +{"id": 1, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 83, "secret": "AKIAY4U3L2F7SXJ6ZBQR", "label": "True Positive"}, "actual": {"line_number": 83, "label": "True Positive", "secret_value": "AKIAY4U3L2F7SXJ6ZBQR", "reason": "The value 'AKIAY4U3L2F7SXJ6ZBQR' is a valid AWS Access Key ID. The prefix 'AKIA' is a definitive marker for this type of secret, distinguishing it from public information. The rest of the string consists of 16 high-entropy, random-looking alphanumeric characters, which is the standard format. This is a concrete credential, not a placeholder, as it precisely matches the AWS specification. Although the context comments label this as a placeholder for 'production', committing a real, functional Access Key is a severe security risk, regardless of its intended environment. The code directly assigns the value, confirming its hardcoded nature."}} +{"id": 1, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 84, "secret": "fJk2pZ+vB8nU6sY9tH/eLgR4yC1xW7zQ3aI0mD/o", "label": "True Positive"}, "actual": {"line_number": 84, "label": "True Positive", "secret_value": "fJk2pZ+vB8nU6sY9tH/eLgR4yC1xW7zQ3aI0mD/o", "reason": "The value 'fJk2pZ+vB8nU6sY9tH/eLgR4yC1xW7zQ3aI0mD/o' is a validly formatted AWS Secret Access Key. The value exhibits high entropy, consisting of a random mix of mixed-case alphanumeric characters and special symbols ('+' and '/'), which is characteristic of a cryptographically generated credential. It matches the specific 40-character Base64 encoded format used by AWS. Unlike generic placeholders, this is a concrete, fully formed value. The context confirms its sensitivity, as it's assigned to a variable named `aws_secret_key` and used within a Boto3 function that clients. Hardcoding secrets of this nature is a critical security risk."}} +{"id": 1, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 35, "secret": "tok_v3_a7b8e1f5d3c2a1b0e4f6d7c8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8", "label": "True Positive"}, "actual": {"line_number": 35, "label": "True Positive", "secret_value": "tok_v3_a7b8e1f5d3c2a1b0e4f6d7c8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8", "reason": "The value 'tok_v3_a7b8e1f5d3c2a1b0e4f6d7c8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8' is a high-entropy token with a recognizable format, specifically an OAuth-like 'tok_v3_' prefix which strongly suggests it is a credential. The token's structure is consistent with API tokens used for programmatic access. The 64-character hexadecimal string following the prefix exhibits random characteristics and is a key indicator of a machine-generated, sensitive value. Unlike a placeholder like 'tok_v3_', this is a fully formed credential. This value's assignment to the `token:` field within a `users:` block of a `kubeconfig` context explicitly confirms its identity as a Kubernetes authentication token, making it a critical security risk."}} +{"id": 1, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 44, "secret": "https://hooks.slack.com/services/T01ABCD4E5F/B02FGHIJ3K4/aBcDeFg1hIjKlMnOpQrStUvWxYzA543210", "label": "True Positive"}, "actual": {"line_number": 44, "label": "True Positive", "secret_value": "https://hooks.slack.com/services/T01ABCD4E5F/B02FGHIJ3K4/aBcDeFg1hIjKlMnOpQrStUvWxYzA543210", "reason": "The value is a syntactically valid Slack Incoming Webhook URL, which acts as an authentication token for sending messages. The URL structure, starting with 'https://hooks.slack.com/services/', is a definitive identifier for this secret type. The three-part path, including the final 24-character alphanumeric string 'aBcDeFg1hIjKlMnOpQrStUvWxYzA543210', follows the known format for these credentials and exhibits high entropy. Although the context is a GitHub Actions CI/CD workflow, this secret is still sensitive; a leaked webhook token can lead to spamming or abuse of the targeted Slack channel. This is not a generic placeholder but a fully-formed, actionable credential that was hardcoded into the script."}} +{"id": 1, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 53, "secret": "8f5a6b09c2d3e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9", "label": "True Positive"}, "actual": {"line_number": 53, "label": "True Positive", "secret_value": "8f5a6b09c2d3e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9", "reason": "The value is a 64-character hexadecimal string exhibiting high entropy, which is a strong indicator of a cryptographic secret. The random distribution of alphanumeric characters means it is computationally infeasible to guess, unlike a placeholder such as 'YOUR_SECRET_KEY' or repeated characters. Its explicit declaration with a variable name 'jwtSecret' and comment '// JWT secret key for signing tokens' provides direct and unambiguous context that it is used for signing JSON Web Tokens. Hardcoding this value in the source code allows anyone with access to the repository to decrypt or forge tokens, posing a significant security risk."}} +{"id": 1, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 63, "secret": "postgres://svc_acct_user:P@s$W0rd1!zN0tG00d@pg-prod-1.c4u7n8t3p1o2.us-west-2.rds.amazonaws.com:5432/user_profiles", "label": "True Positive"}, "actual": {"line_number": 63, "label": "True Positive", "secret_value": "postgres://svc_acct_user:P@s$W0rd1!zN0tG00d@pg-prod-1.c4u7n8t3p1o2.us-west-2.rds.amazonaws.com:5432/user_profiles", "reason": "This value is a complete database connection string containing embedded credentials, which is a critical security vulnerability. The secret is structured as `protocol://username:password@host`, clearly exposing the username `svc_acct_user` and the password `P@s$W0rd1!zN0tG00d`. While the password exhibits some characteristics of a test credential (e.g., the phrase 'NotGood'), it's a validly formatted, complex string, and its use in a production DSN is unacceptable. The username 'svc_acct_user' directly implies it's an access token for a service account, making this combination a high-risk secret that allows direct access to the database."}} +{"id": 1, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 124, "secret": "dop_v1_8a3f5b210c4e7d9f6a2b01c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3", "label": "True Positive"}, "actual": {"line_number": 124, "label": "True Positive", "secret_value": "dop_v1_8a3f5b210c4e7d9f6a2b01c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3", "reason": "The value 'dop_v1_8a3f5b210c4e7d9f6a2b01c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3' is a valid DigitalOcean API Token (PAT). Its structure is correct, beginning with the 'dop_v1_' service prefix and followed by a 64-character high-entropy hexadecimal string. The hexadecimal part demonstrates strong randomness and specificity, lacking any placeholder characteristics like repeating characters or sequential numbers. This is a fully-formed credential, and the variable name 'token' within the 'digitalocean' provider block explicitly confirms its purpose for authentication. Hardcoding credentials, regardless of environment, is a major security risk as it grants uncontrolled access."}} +{"id": 1, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 211, "secret": "8h$T9x!qW2r*Lp@vK4m&Z7gB#nS5yU", "label": "True Positive"}, "actual": {"line_number": 211, "label": "True Positive", "secret_value": "8h$T9x!qW2r*Lp@vK4m&Z7gB#nS5yU", "reason": "The value '8h$T9x!qW2r*Lp@vK4m&Z7gB#nS5yU' is a high-entropy, 30-character string containing a random mixture of uppercase and lowercase letters, numbers, and special characters. This unpredictable format is characteristic of a machine-generated password, which is commonly used as a database secret. Unlike placeholders such as 'password123' or '', this is a concrete, fully-formed credential. Its assignment to a `spring.datasource.password` parameter provides strong contextual confirmation that it's an active password for accessing the production database, making it a critical security risk."}} +{"id": 1, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 219, "secret": "eC5tVg8jNkLpQ3sW6zY9bH2fR7uI0mO1vX4a", "label": "True Positive"}, "actual": {"line_number": 219, "label": "True Positive", "secret_value": "eC5tVg8jNkLpQ3sW6zY9bH2fR7uI0mO1vX4a", "reason": "The value 'eC5tVg8jNkLpQ3sW6zY9bH2fR7uI0mO1vX4a' is a valid Redis password. The string itself exhibits high entropy through its random mixture of uppercase letters, lowercase letters, digits, and special characters, which is characteristic of a generated secret. Unlike a placeholder, this value has a specific, unpredictable sequence of characters, indicating it is a functional credential. This is confirmed by the context, as the value is assigned to a property named `spring.redis.password`. Hardcoding a password with cryptographic randomness is a major security risk, as it gives unauthorized access to Redis cache data."}} +{"id": 1, "index": 4, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 224, "secret": "SG.k8yWq2pT9RzX4vU7cE1sN3.LgJ5tH_vB8nU6sY9aI0mD4fO2oP1qR3eS6wW7x Zz", "label": "True Positive"}, "actual": {"line_number": 224, "label": "True Positive", "secret_value": "SG.k8yWq2pT9RzX4vU7cE1sN3.LgJ5tH_vB8nU6sY9aI0mD4fO2oP1qR3eS6wW7x Zz", "reason": "The value 'SG.k8yWq2pT9RzX4vU7cE1sN3.LgJ5tH_vB8nU6sY9aI0mD4fO2oP1qR3eS6wW7x Zz' is a SendGrid API key. Its format as `SG.` followed by two Base64-url-safe strings of characters is a distinctive and reliable pattern for SendGrid secrets. The two strings exhibit high entropy, consisting of a random mix of uppercase and lowercase letters, numbers, and specific symbols like `_` and `-`, which is characteristic of a genuine, machine-generated credential. The trailing space appears to be an artifact of a copy-paste error but the core structure of the key is intact and valid. Hardcoding such a credential in a configuration file poses a significant security risk, as it grants unrestricted access to the SendGrid service."}} +{"id": 2, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 88, "secret": "sk_live_51KmzU8BqR6tP0kLwXgH7yV3dF9sJ1eA8cW2mN4oB6gZ5hI0kL3jM7yV9dF1gH2jK4lN6oB5pQ8sR7tU", "label": "True Positive"}, "actual": {"line_number": 88, "label": "True Positive", "secret_value": "sk_live_51KmzU8BqR6tP0kLwXgH7yV3dF9sJ1eA8cW2mN4oB6gZ5hI0kL3jM7yV9dF1gH2jK4lN6oB5pQ8sR7tU", "reason": "The value is a fully-formed Stripe API key, identified by the prefix `sk_live_`. This prefix is a strong indicator of a live key for production Stripe accounts, distinguishing it from test keys which use `sk_test_`. The key exhibits high entropy, with a random combination of alphanumeric characters that is inconsistent with placeholders or test data. The surrounding code confirms its purpose, as the key is directly assigned to the `stripe.api_key` variable and used in `stripe.Charge.create` calls. Hardcoding a production API key is a severe security risk, as it allows unauthorized access to process payments and expose sensitive customer data."}} +{"id": 2, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 90, "secret": "postgres://payment_svc_user:pS9#v$2K@j1F!gH@db-payments-prod.c4z1x2y3w4.us-east-1.rds.amazonaws.com:5432/payments_db", "label": "True Positive"}, "actual": {"line_number": 90, "label": "True Positive", "secret_value": "postgres://payment_svc_user:pS9#v$2K@j1F!gH@db-payments-prod.c4z1x2y3w4.us-east-1.rds.amazonaws.com:5432", "reason": "The value is a complete and valid PostgreSQL connection string containing multiple sensitive components. It follows the standard format: `scheme://username:password@hostname:port`. The username (`payment_svc_user`) and hostname (`db-payments-prod...`) clearly identify it as an production database credential, not a placeholder. Critically, the password (`pS9#v$2K@j1F!gH`) exhibits high entropy, with a mix of alphanumeric characters and special symbols, indicating it is a real, generated credential. Leaking this full string exposes the username, password, and production hostname, granting direct network access to a potentially critical database."}} +{"id": 2, "index": 0, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 119, "secret": "SG.4fVg7p8R_TqWz3xY9bA1c2.gHjKlMnOpQrStUvWxYz01AbCdEfGhIjK23Lm4", "label": "True Positive"}, "actual": {"line_number": 119, "label": "True Positive", "secret_value": "SG.4fVg7p8R_TqWz3xY9bA1c2.gHjKlMnOpQrStUvWxYz01AbCdEfGhIjK23Lm4", "reason": "The value 'SG.4fVg7p8R_TqWz3xY9bA1c2.gHjKlMnOpQrStUvWxYz01AbCdEfGhIjK23Lm4' is a fully-formed SendGrid API Key. The structure of this value, specifically the 'SG.' prefix followed by two Base64-encoded strings, is a definitive identifier for a SendGrid API key. The two content strings exhibit high entropy and follow the exact length and character set constraints specified by SendGrid's format. Unlike placeholders which might use repeated characters or descriptive text, this value appears to be a real, generated credential. The context of being assigned to a `SendGridAPIClient` constructor confirms its use as sensitive authentication material."}} +{"id": 2, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 14, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 14, "label": "True Positive", "secret_value": "AKIAY3R4WZ76X2P5QJ6M", "reason": "The value 'AKIAY3R4WZ76X2P5QJ6M' is a valid AWS Access Key ID, definitively identified by its 'AKIA' prefix. This format is a non-negotiable standard for AWS access keys, differentiating them from generic placeholders. The subsequent 16 alphanumeric characters exhibit high entropy and follow AWS's specific structure, confirming this is not a template or example. Although the access key itself is not encrypted and can be publicly known, its value in conjunction with the corresponding secret key makes it a critical security risk, enabling unauthorized API actions. The explicit variable name `access_key` and its placement within a provider block further reinforce that this is a hardcoded credential."}} +{"id": 2, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 15, "secret": "a7vK9LpM4hG2sR8wD1fC5qT0jB3uN6zX9iY7eE/Z", "label": "True Positive"}, "actual": {"line_number": 15, "label": "True Positive", "secret_value": "a7vK9LpM4hG2sR8wD1fC5qT0jB3uN6zX9iY7eE/Z", "reason": "The value 'a7vK9LpM4hG2sR8wD1fC5qT0jB3uN6zX9iY7eE/Z' is a high-entropy cryptographic token matching the specific format of an AWS Secret Access Key (AKIA-prefixed Access Key ID is paired on line 14). This value is composed of a random mix of alphanumeric characters and a special symbol ('/'), which is a strong indicator of a real credential. Unlike a placeholder, this is a concrete string that follows the AWS secret key pattern. The context within the `provider \"aws\"` block and its assignment to the `secret_key` variable confirm its function as a sensitive authentication token. Hardcoding a real AWS secret key in source code is a critical security vulnerability, as it grants programmatic access to AWS resources."}} +{"id": 2, "index": 1, "sub_index": 2, "perfect_match": false, "error_fields": ["label"], "expected": {"line_number": 35, "secret": "db_P@ssw0rd_pr0d_!2023", "label": "True Positive"}, "actual": {"line_number": 35, "label": "False Positive", "secret_value": "db_P@ssw0rd_pr0d_!2023", "reason": "The value 'db_P@ssw0rd_pr0d_!2023' is a predictable password composed of dictionary words and common leetspeak. It mixes the word 'password' with a suffix related to the database and a date, which is a very weak and common pattern for test or default credentials. Real secrets exhibit high entropy and randomness, whereas this string is easily guessable and lacks the character variety of a production-ready password. This pattern, which combines dictionary words, number substitutions, and suffix information, is a strong indicator of a non-sensitive, human-readable credential."}} +{"id": 2, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 19, "secret": "dckr_pat_aBcDeFgHiJkLmNoPqRsTuVwXyZ012345", "label": "True Positive"}, "actual": {"line_number": 19, "label": "True Positive", "secret_value": "dckr_pat_aBcDeFgHiJkLmNoPqRsTuVwXyZ012345", "reason": "The value 'dckr_pat_aBcDeFgHiJkLmNoPqRsTuVwXyZ012345' is a valid Docker Personal Access Token (PAT) based on its specific format. The 'dckr_pat_' prefix is a known service-specific identifier for this type of credential. Although the subsequent 32 characters 'aBcDeFgHiJkLmNoPqRsTuVwXyZ012345' exhibit a simple alphabetic-numeric pattern, they are still being used as part of a syntactically correct, high-entropy string intended for machine authentication. This is not a placeholder like 'dckr_pat_xxx' but a concrete value being assigned to the password parameter of a login action, confirming it is intended to be used as a secret. Hardcoding any real, non-example credential is a security risk."}} +{"id": 2, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 35, "secret": "ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7f", "label": "True Positive"}, "actual": {"line_number": 35, "label": "True Positive", "secret_value": "ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7f", "reason": "The value 'ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7f' is a valid GitHub Personal Access Token (PAT). The 'ghp_' prefix is a definitive indicator for this secret type. The subsequent 36-character string exhibits high entropy, composed of a random mix of uppercase letters, lowercase letters, and digits, which is consistent with a cryptographically generated credential. Unlike a placeholder, this is a fully-formed token that presents a significant security risk, as it could be used to perform unauthorized actions on the associated GitHub repository. Hardcoding a real credential like this into a CI/CD workflow is a classic and dangerous secret leak pattern."}} +{"id": 2, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 62, "secret": "AIzaSyB8pZ5GfsJk9mDq7nL4vW2xRcH1tU0E", "label": "True Positive"}, "actual": {"line_number": 62, "label": "True Positive", "secret_value": "AIzaSyB8pZ5GfsJk9mDq7nL4vW2xRcH1tU0E", "reason": "The value 'AIzaSyB8pZ5GfsJk9mDq7nL4vW2xRcH1tU0E' is a legitimate Google Cloud Platform (GCP) API key, identifiable by its specific 'AIzaSy' prefix. This prefix is a consistent identifier for API keys associated with Firebase and Google Cloud Services. The value is a 39-character string of mixed-case alphanumeric characters that exhibits high entropy, indicating it is a randomly generated credential. Unlike a placeholder, which might use 'YOUR_API_KEY' or a repeated pattern, this is a concrete, unique key. Even though the context shows it within a `firebaseConfig`, exposing this key in client-side code is a significant security risk as it allows anyone to impersonate the application and make authenticated requests to GCP services."}} +{"id": 2, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 75, "secret": "https://a1b2c3d4e5f61234abcd5678ef901234@o123456.ingest.sentry.io/9876543", "label": "True Positive"}, "actual": {"line_number": 75, "label": "True Positive", "secret_value": "https://a1b2c3d4e5f61234abcd5678ef901234@o123456.ingest.sentry.io/9876543", "reason": "The secret value is a valid Sentry Data Source Name (DSN), which explicitly embeds an authentication token. The URL format `https://@/` is standard for this credential type, and the high-entropy string `a1b2c3d4e5f61234abcd5678ef901234` acts as the password for accessing the Sentry ingest API. Unlike placeholders, this is a fully-formed, cryptographically random token that could be used for unauthorized event reporting. Leaking a DSN is a significant security risk, as it allows anyone to send errors to a project's stream and potentially overload it or abuse its infrastructure. The variable name `dsn` and its use within `Sentry.init` provide direct context confirming the value's sensitive nature as an authentication credential."}} +{"id": 2, "index": 3, "sub_index": 2, "perfect_match": false, "error_fields": ["value"], "expected": {"line_number": 82, "secret": "pk.eyJ1IjoicHJvZGFwcDEyMyIsImEiOiJja3o4dGJuMHgwMnhpMm5wOTNzaHI4cDVqIn0.n7sL8gKjP5eF4tW1bA9c3Q", "label": "True Positive"}, "actual": {"line_number": 82, "label": "True Positive", "secret_value": "pk.eyJ1IjoicHJvZGFwcDE2MiIsImEiOiJja3o4dGJuMGZicTVrcXFpbmh1Mm9zb3dzNSIsImMiOiJzdHJlZXRzLXYxMSIsImMiOiJzaG93LWRhc2hib2FyZC1vdmVybGF5In0.j-7t2c9NqS5iJ6w3x41i79X6U2j1J3qRGR1cM1J8u44", "reason": "The value 'pk.eyJ1IjoicHJvZGFwcDE2MiIsImEiOiJja3o4dGJuMGZicTVrcXFpbmh1Mm9zb3dzNSIsImMiOiJzdHJlZXRzLXYxMSIsImMiOiJzaG93LWRhc2hib2FyZC1vdmVybGF5In0.j-7t2c9NqS5iJ6w3x41i79X6U2j1J3qRGR1cM1J8u44' is a legitimate Mapbox access token. The value itself is a high-entropy string composed of a public prefix ('pk.') followed by a JSON Web Token (JWT) which is Base64-encoded. This format is specific to Mapbox and is a known pattern for developer tokens. While the token contains public information like a username ('prodapp162') and style identifier, its cryptographic signature within the token's structure makes it a credential, not just example data. Leaking this type of key is a common security issue because unauthorized use can lead to service abuse and potentially cost the account holder money due to API call limits. Unlike a placeholder, this is a fully-formed credential with a valid structure and signature."}} +{"id": 2, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 16, "secret": "h#K!p$7sW@v3xR9zQ*j1fG_b", "label": "True Positive"}, "actual": {"line_number": 16, "label": "True Positive", "secret_value": "h#K!p$7sW@v3xR9zQ*j1fG_b", "reason": "The value 'h#K!p$7sW@v3xR9zQ*j1fG_b' is a high-entropy string that functions as a password, indicated by its random mix of uppercase letters, lowercase letters, numbers, and special characters. This specific pattern of complexity and character variety is a strong hallmark of a real secret, as it makes brute-forcing extremely difficult. Unlike a placeholder like '' or a simple repeated character sequence, this is a fully-formed, concrete credential. The context within `application.properties`, specifically the `spring.redis.password` key, explicitly confirms that this value is intended for authentication, making its exposure a significant security risk."}} +{"id": 2, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 19, "secret": "AC9f7e6d5c4b3a291807654321fedcba", "label": "True Positive"}, "actual": {"line_number": 19, "label": "True Positive", "secret_value": "AC9f7e6d5c4b3a291807654321fedcba", "reason": "The value 'AC9f7e6d5c4b3a291807654321fedcba' is a legitimate Twilio Account SID. It perfectly matches the expected format for this credential type, which begins with the 'AC' prefix and is followed by a 32-character hexadecimal string. The string itself exhibits high entropy with a random distribution of hexadecimal characters, which is a strong indicator of a real, machine-generated key. Although comments often mark secrets, this value contains no placeholder markers and is a fully formed credential. The parameter name 'twilio.account.sid' directly confirms the value's purpose as an authentication token, making this a clear true positive."}} +{"id": 2, "index": 4, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 20, "secret": "8a7b65c4d3e2f109876a5b4c3d2e1f0a", "label": "True Positive"}, "actual": {"line_number": 20, "label": "True Positive", "secret_value": "8a7b65c4d3e2f109876a5b4c3d2e1f0a", "reason": "The value '8a7b65c4d3e2f109876a5b4c3d2e1f0a' is a 32-character hexadecimal string exhibiting high entropy, a common format for API tokens. The value is a concrete, random sequence of characters without any placeholder patterns, distinguishing it from example data. The variable name `twilio.auth.token` provides direct context that this value is an authentication token for the Twilio service, which explicitly uses 32-character hexadecimal Auth Tokens. Hardcoding a real credential like this grants an attacker a functional token, representing a significant security risk. The surrounding context of other Twilio credentials further reinforces that this is not a mock configuration but a live secret, likely from a development or testing environment that made its way into production code."}} +{"id": 2, "index": 4, "sub_index": 3, "perfect_match": true, "error_fields": [], "expected": {"line_number": 24, "secret": "b2luc3JldnNqcmVxdm5qcXNlMjR2NHFzZXZzcjI1OXF5MHI=", "label": "True Positive"}, "actual": {"line_number": 24, "label": "True Positive", "secret_value": "b2luc3JldnNqcmVxdm5qcXNlMjR2NHFzZXZzcjI1OXF5MHI=", "reason": "The value 'b2luc3JldnNqcmVxdm5qcXNlMjR2NHFzZXZzcjI1OXF5MHI=' is a valid Base64 encoded string. Its high entropy, indicated by the random mix of uppercase letters, lowercase letters, and numbers, is a strong characteristic of a secret key. Although it's encoded, it represents a fully-formed, concrete key used for signing JSON Web Tokens, which is a critical security function. Unlike a placeholder like '' or repeated characters, this value has the appearance of a production-ready credential. Exposing a JWT signing key can allow attackers to forge authentication tokens, making this a significant security risk regardless of the encoding format."}} +{"id": 3, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 96, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 96, "label": "True Positive", "secret_value": "AKIAY3R4WZ76X2P5QJ6M", "reason": "The value 'AKIAY3R4WZ76X2P5QJ6M' is a legitimate AWS Access Key ID. The prefix 'AKIA' is a well-known, specific identifier for AWS programmatic access keys. This 20-character uppercase string exhibits the format and high entropy of a real credential, unlike generic placeholders. The associated parameter name `aws_access_key_id` in the `boto3.Session` constructor provides explicit context that this is an authentication token. Hardcoding an access key ID like this is a security risk as it is part of an asymmetric authentication pair, and its corresponding secret key is even more sensitive. Although sometimes used for temporary or development purposes as suggested by the comment, it is still a functional credential that provides an entry point into an AWS account."}} +{"id": 3, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 97, "secret": "kG+N9sL2rP4xW7yH8zC1vE0bF3uA5tD6jQ/mIoX", "label": "True Positive"}, "actual": {"line_number": 97, "label": "True Positive", "secret_value": "kG+N9sL2rP4xW7yH8zC1vE0bF3uA5tD6jQ/mIoX", "reason": "The value 'kG+N9sL2rP4xW7yH8zC1vE0bF3uA5tD6jQ/mIoX' is a high-entropy AWS secret access key. The string consists of a random-looking mix of mixed-case letters, numbers, and the special characters '+' and '/' which are characteristic of URL-safe Base64 encoding used by AWS. Unlike a placeholder, this is a specific, concrete value with no repeating characters or discernible patterns, indicating it is a real credential. Hardcoding this key directly into `boto3.Session` is a severe security anti-pattern because the value is present in the codebase, which may be committed to source control. Even the comment 'Temporary AWS credentials' does not reduce the risk, as temporary credentials can be abused if compromised."}} +{"id": 3, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 74, "secret": "4a8f15d7e5b6c93f0a12e4d3c5f6b8a1", "label": "True Positive"}, "actual": {"line_number": 74, "label": "True Positive", "secret_value": "4a8f15d7e5b6c93f0a12e4d3c5f6b8a1", "reason": "The secret value '4a8f15d7e5b6c93f0a12e4d3c5f6b8a1' is a 32-character hexadecimal string, a format matching Datadog's API keys. The value exhibits high entropy with a random mix of alphanumeric characters, indicating it is a machine-generated credential, not a placeholder. Unlike a generic example such as 'xxxx...', this is a fully-formed, specific key that could authenticate to a Datadog account. The surrounding context confirms this, as the key is assigned to the `api_key` parameter within a `datadog_monitor` resource block. The comment '// TODO: This should be moved to a var file or Vault' explicitly acknowledges its nature as a hardcoded secret."}} +{"id": 3, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 33, "secret": "dckr_pat_aB7-cDef_gHiJkL-mNop_qRsT", "label": "True Positive"}, "actual": {"line_number": 33, "label": "True Positive", "secret_value": "dckr_pat_aB7-cDef_gHiJkL-mNop_qRsT", "reason": "The value 'dckr_pat_aB7-cDef_gHiJkL-mNop_qRsT' is a high-entropy string that perfectly matches the format of a Docker Personal Access Token (PAT). The prefix 'dckr_pat_' is a definitive service-specific indicator for this token type. The 20-character suffix consists of a random mix of alphanumeric characters, indicating it's a unique, machine-generated credential, not a placeholder. This value exhibits all the characteristics of a real secret and is found in the `password` parameter of a `docker/login-action`, which is used for authentication. The context of being hardcoded directly in a public CI/CD pipeline file makes it a critical security risk, regardless of whether it's a test or production token."}} +{"id": 3, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 49, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 49, "label": "True Positive", "secret_value": "https://hooks.slack.com/services/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", "reason": "The value is a fully-formed Slack Incoming Webhook URL, a known type of hardcoded secret. The URL structure with its three path segments ('T...' for Team ID, 'B...' for Bot ID, and a trailing high-entropy string) is a specific format that grants write access to a Slack channel. The final segment, 'jK8lM9nO0pQ1rS2tU3vW4xY5', is a concrete, 24-character alphanumeric string with significant randomness, matching the characteristics of a real credential. Unlike a placeholder, this is a specific and potentially active token. Hardcoding webhook URLs directly into CI/CD scripts is a significant security risk, as it exposes a direct, unauthenticated pathway into a workspace for anyone with access to the code."}} +{"id": 3, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 215, "secret": "4#pZ&qK9!sW8*L@gM$nBv", "label": "True Positive"}, "actual": {"line_number": 215, "label": "True Positive", "secret_value": "4#pZ&qK9!sW8*L@gM$nBv", "reason": "The value '4#pZ&qK9!sW8*L@gM$nBv' is a high-entropy string that appears to be a cryptographically generated password or secret token. It is composed of a random mix of uppercase letters, lowercase letters, numbers, and special characters, which is a strong indicator of a real secret, not a placeholder. Unlike generic examples such as 'password123' or '', this value exhibits significant randomness and complexity. This format is consistent with passwords generated by systems or high-entropy random string generators. The context confirms this, as the key is 'spring.datasource.password' for a 'reporting_prod' database, identifying it as production authentication material."}} +{"id": 3, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 223, "secret": "f9b5c3d2e1a04987b6a5c4d3e2f1b0a9c8d7e6f5a4b3c2d1e0f0987654321fed", "label": "True Positive"}, "actual": {"line_number": 223, "label": "True Positive", "secret_value": "f9b5c3d2e1a04987b6a5c4d3e2f1b0a9c8d7e6f5a4b3c2d1e0f0987654321fed", "reason": "The value 'f9b5c3d2e1a04987b6a5c4d3e2f1b0a9c8d7e6f5a4b3c2d1e0f0987654321fed' is a high-entropy alphanumeric string that strongly matches the format of a OAuth 2.0 client secret. The 64-character hexadecimal structure is a standard representation for such credentials. The random distribution of characters and absence of predictable patterns (like sequences or repeated characters) are key indicators of a cryptographically generated, sensitive value. Unlike a placeholder, this is a specific, fully-formed credential. The context, defined by the `client-secret` key and the `security.oauth2.client` configuration group, confirms its sensitive purpose as an authentication token for an SSO system."}} +{"id": 3, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 123, "secret": "https://b4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9@o123456.ingest.sentry.io/7890123", "label": "True Positive"}, "actual": {"line_number": 123, "label": "True Positive", "secret_value": "https://b4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9@o123456.ingest.sentry.io", "reason": "The value is a valid Sentry Data Source Name (DSN), a public-facing credential that contains an embedded authentication token. The structure `https://@host` is a defining pattern for Sentry DSNs. The key part, 'b4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9', is a 32-character high-entropy string that matches Sentry's known format for such keys. Although the key is part of a public identifier, it still grants write-access to a Sentry project and can be abused for false reporting or denial-of-service. This pattern teaches that even if the key is public, its location within an authenticated URL schema makes it a credential."}} +{"id": 4, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 78, "secret": "AKIAU4EG23W5F7Y6ZCQN", "label": "True Positive"}, "actual": {"line_number": 78, "label": "True Positive", "secret_value": "AKIAU4EG23W5F7Y6ZCQN", "reason": "The value 'AKIAU4EG23W5F7Y6ZCQN' is a valid AWS Access Key ID. Its value starts with the 'AKIA' prefix, which is the standard identifier for AWS IAM Access Keys for IAM users. The remainder of the string is a 16-character alphanumeric sequence that exhibits the high entropy characteristic of a real, generated credential. Unlike placeholders such as 'AKIAYOURKEYHERE', this is a specific, concrete value that poses a significant security risk. The variable name 'aws_access_key_id' and its direct use in creating a `boto3.Session` further confirm its sensitive nature, as it is a functional credential granting programmatic access to AWS resources."}} +{"id": 4, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 79, "secret": "hG8pFk3mZ+jV9sL1wN7tYqR2dC0xI4oA/bB5uE3f", "label": "True Positive"}, "actual": {"line_number": 79, "label": "True Positive", "secret_value": "hG8pFk3mZ+jV9sL1wN7tYqR2dC0xI4oA/bB5uE3f", "reason": "The value 'hG8pFk3mZ+jV9sL1wN7tYqR2dC0xI4oA/bB5uE3f' is a high-entropy string with random character distribution, typical of an AWS secret access key. The value's length, format (Base64 characters including uppercase, lowercase, numbers, '+', and '/'), and combination with the 'AKIA' prefix on line 78 for the key ID are definitive identifiers for this credential type. Unlike placeholders, this is a concrete, unique string with sufficient randomness and complexity to be an active key. The variable name `aws_secret_access_key` and its subsequent use in a `boto3.Session` constructor explicitly confirm its function as an authentication credential."}} +{"id": 4, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 36, "secret": "dckr_pat_aJv8rK3sLpH7qZ2mN9bXwF1g", "label": "True Positive"}, "actual": {"line_number": 36, "label": "True Positive", "secret_value": "dckr_pat_aJv8rK3sLpH7qZ2mN9bXwF1g", "reason": "The value 'dckr_pat_aJv8rK3sLpH7qZ2mN9bXwF1g' is a high-entropy string that perfectly matches the known format for a Docker Hub Personal Access Token (PAT). The 'dckr_pat_' prefix is a unique, service-specific identifier, differentiating it from generic placeholders. The remaining 36-character suffix consists of a random mix of alphanumeric characters, which is a strong indicator of a machine-generated secret. Unlike a placeholder (e.g., 'dckr_pat_xxxx_...'), this is a concrete, specific credential. Given its context as a 'password' parameter within a 'docker/login-action', this token is confirmed to be a credential for authenticating to Docker Hub."}} +{"id": 4, "index": 1, "sub_index": 1, "perfect_match": false, "error_fields": ["label"], "expected": {"line_number": 35, "secret": "app_deployer_svc", "label": "True Positive"}, "actual": {"line_number": 35, "label": "False Positive", "secret_value": "app_deployer_svc", "reason": "The value 'app_deployer_svc' is a username, not a password or token, and is therefore not a secret. It exhibits very low entropy, being composed of readable English words in snake_case ('app', 'deployer', 'svc') which indicates it is a human-readable identifier. Real credentials like passwords and API tokens are designed to be cryptographically random and unpredictable, unlike this structured identifier. The pattern teaches that even if a value is associated with an authentication action (like a GitHub PAT), the value itself must be evaluated for cryptographic randomness. This value is a public identifier for a service account and is safe to expose."}} +{"id": 4, "index": 1, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 49, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 49, "label": "True Positive", "secret_value": "https://hooks.slack.com/services/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", "reason": "The value is a Slack Incoming Webhook URL, which functions as an authentication token and password for sending messages. The URL's format matches Slack's specification exactly, with the structure 'https://hooks.slack.com/services///'. The final 24-character string 'aVwXzY5qL8sJ7tP0kH3mG1rC' is highly specific and exhibits high entropy with a random mix of alphanumeric characters, which is a strong indicator of a real credential. Unlike generic placeholders (e.g., ''), this is a concrete, functional secret. Anyone with this URL can post to the targeted Slack channel, making its exposure a significant security risk."}} +{"id": 4, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 119, "secret": "dd_api_a9f86a9f86d7e9e8b7c6c5d4d3e2f1b0", "label": "True Positive"}, "actual": {"line_number": 119, "label": "True Positive", "secret_value": "dd_api_a9f86a9f86d7e9e8b7c6c5d4d3e2f1b0", "reason": "The value 'dd_api_a9f86a9f86d7e9e8b7c6c5d4d3e2f1b0' is a valid Datadog API key. The prefix 'dd_api_' is a definitive service identifier for this credential type. The alphanumeric string following the prefix is 32 characters long, matching the format and high entropy expected for a real Datadog API key. Although this value resembles a test or placeholder key due to its sequential nature in the first half, it is still a fully formed credential that could grant unauthorized access to a production Datadog account. Unlike a generic placeholder like 'dd_api_xxxxxxxxxxxxxxxxxxxxxxxx', this value presents as an active key, making it a security risk. The `api_key` parameter name and `datadog` provider context strongly confirm its sensitive classification."}} +{"id": 4, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 120, "secret": "dd_app_b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9", "label": "True Positive"}, "actual": {"line_number": 120, "label": "True Positive", "secret_value": "dd_app_b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9", "reason": "The value 'dd_app_b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9' is a high-entropy alphanumeric string that matches the Datadog Application Key format. The 'dd_app_' prefix is a reliable service identifier, and the subsequent 40 characters form a random-looking sequence, which is characteristic of a machine-generated credential. Unlike a placeholder such as 'dd_app_xxxxxxxx', this value contains a specific, concrete string. Even if this key is found in a test or example file, it represents a functional credential that could be associated with a real Datadog account, posing a significant security risk."}} +{"id": 4, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 40, "secret": "Server=tcp:prod-db-cluster-1.database.windows.net,1433;Initial Catalog=UserData;User ID=svc_db_writer;Password=p@ssW0rd_f0r_Pr0d!v2.4$Db;Encrypt=True;", "label": "True Positive"}, "actual": {"line_number": 40, "label": "True Positive", "secret_value": "Server=tcp:prod-db-cluster-1.database.windows.net,1433;Initial Catalog=UserData;User ID=svc_db_writer;Password=p@ssW0rd_f0r_Pr0d!v2.4$Db;Encrypt=True;", "reason": "The value is a complete SQL Server connection string that hardcodes sensitive credentials. It contains an explicit user ID ('svc_db_writer') and an embedded password ('p@ssW0rd_f0r_Pr0d!v2.4$Db'). While the password appears to be a variation of 'password', it includes uppercase letters, numbers, and special characters, giving it the high entropy and complexity characteristic of a real credential, not a generic placeholder. The server address points to a production environment ('prod-db-cluster-1'), confirming this is live credential data. The presence of the `TODO` comment further validates its sensitivity, as it explicitly highlights the need to secure this hardcoded value. Exposing this full string in source code grants direct access to a production database."}} +{"id": 4, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 41, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 41, "label": "True Positive", "secret_value": "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", "reason": "The value is a valid SendGrid API key, which is definitively identified by its 'SG.' prefix. This prefix is a service-specific marker that signals the value's type. The string itself follows the known SendGrid format of a Base64-encoded, 24-character substring, followed by another Base64-encoded, 44-character substring. This value has high entropy with a random mix of letters, numbers, and symbols, characteristic of a real, unique credential. Unlike placeholders, which would repeat 'x' or use generic text, this is a fully-formed token. Hardcoding a real credential, as implied by its use in the `SendGridClient` constructor, is a severe security risk."}} +{"id": 4, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 40, "secret": "AIzaSyC1b2D3e4F5g6H7i8J9k0L1m2N3o4P5q6R", "label": "True Positive"}, "actual": {"line_number": 40, "label": "True Positive", "secret_value": "AIzaSyC1b2D3e4F5g6H7i8J9k0L1m2N3o4P5q6R", "reason": "The value 'AIzaSyC1b2D3e4F5g6H7i8J9k0L1m2N3o4P5q6R' is a valid Firebase API key. Its structure is definitively identified by the 'AIzaSy' prefix, which is a specific marker used by Google for Firebase/Cloud Functions API keys. The value has high entropy, combining a mix of uppercase letters, lowercase letters, and numbers to form a cryptographically random string, which is characteristic of a real credential. Unlike a placeholder (which might use repeated characters like 'x' or be generic like 'YOUR_API_KEY'), this is a fully-formed, specific key. The context of being assigned to an 'apiKey' property within a `firebaseConfig` object strongly confirms its sensitive nature as a secret."}} +{"id": 4, "index": 4, "sub_index": 1, "perfect_match": false, "error_fields": ["label"], "expected": {"line_number": 45, "secret": "1:867530912345:web:a1b2c3d4e5f6a7b8c9d0e1", "label": "True Positive"}, "actual": {"line_number": 45, "label": "False Positive", "secret_value": "1:867530912345:web:a1b2c3d4e5f6a7b8c9d0e1", "reason": "The value '1:867530912345:web:a1b2c3d4e5f6a7b8c9d0e1' is a valid Firebase Client SDK App ID, but it is a non-sensitive identifier, not a secret. While the last segment of the string has high entropy, the overall format, specifically the prefixes '1:', ':', and ':web:', is a deterministic pattern for generating this public identifier. Unlike an API key, which is designed for server-side authentication, the App ID is public information used to identify a specific application on the client side for SDK initialization. The public nature of this value is further confirmed by the accompanying comment mentioning a development environment and the presence of other less sensitive Firebase public configuration settings like projectId and authDomain."}} +{"id": 5, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 102, "secret": "AKIAU4O6R3T5W2X7Y9Z1", "label": "True Positive"}, "actual": {"line_number": 102, "label": "True Positive", "secret_value": "AKIAU4O6R3T5W2X7Y9Z1", "reason": "The value 'AKIAU4O6R3T5W2X7Y9Z1' is a validly formatted AWS Access Key ID. The prefix 'AKIA' is a definitive identifier for this credential type. The subsequent 16 characters consist of a high-entropy mix of uppercase letters and digits, matching the specific format used by AWS. This is not a generic placeholder, which would typically use repeated characters like 'XXXXXXXX...' or the variable name itself. Hardcoding this value directly into the `boto3.Session` constructor is a critical security vulnerability, as it provides direct authentication to an AWS account. The function's docstring explicitly confirms the presence of 'hardcoded credentials', reinforcing this classification."}} +{"id": 5, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 103, "secret": "vN9bF8dG2kP1cQ5eR7sT3uV0wX4yZ6aB7cH9iJ/l", "label": "True Positive"}, "actual": {"line_number": 103, "label": "True Positive", "secret_value": "vN9bF8dG2kP1cQ5eR7sT3uV0wX4yZ6aB7cH9iJ/l", "reason": "The value 'vN9bF8dG2kP1cQ5eR7sT3uV0wX4yZ6aB7cH9iJ/l' is a high-entropy string that perfectly matches the 40-character format of an AWS Secret Access Key. The value is a random mixture of upper and lower case letters, numbers, and symbols, indicating it is a machine-generated credential rather than a placeholder or simple example. Unlike placeholders (e.g., 'XXXX'), this is a specific, concrete key. The context strongly confirms its sensitivity, as the parameter name is `aws_secret_access_key` within a `boto3.Session` constructor. Hardcoding this key directly into source code is a severe security risk as it allows anyone with code access to authenticate as the AWS user associated with this key."}} +{"id": 5, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 61, "secret": "dckr_pat_bH8gY2cX1dE4fG5hI6jK7lM8nO9pQ0rS", "label": "True Positive"}, "actual": {"line_number": 61, "label": "True Positive", "secret_value": "dckr_pat_bH8gY2cX1dE4fG5hI6jK7lM8nO9pQ0rS", "reason": "The value 'dckr_pat_bH8gY2cX1dE4fG5hI6jK7lM8nO9pQ0rS' is a genuine Docker Personal Access Token (PAT). The 'dckr_pat_' prefix is a specific service identifier that uniquely distinguishes this token format. The subsequent random string of 36 characters exhibits high entropy, confirming its cryptographic nature and lack of being a generic placeholder. This value is fully formed, with no template syntax or repeating characters, making it a concrete, potentially active credential. Although it is a 'Personal' access token, it is being used in an automated Jenkins pipeline for Docker Hub authentication, making it a critical secret for CI/CD operations."}} +{"id": 5, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 125, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7hN5fD6gE4iT2oP1aL0kM8zGxYc9v", "label": "True Positive"}, "actual": {"line_number": 125, "label": "True Positive", "secret_value": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7hN5fD6gE4iT2oP1aL0kM8zGxYc9v", "reason": "This value is a fully-formed Stripe API secret key, identifiable by its specific 'sk_live_' prefix followed by 40 alphanumeric characters. The prefix explicitly labels the value as a secret for a Stripe live account, making its context and function clear. The 40-character alphanumeric string has high entropy, matching the known format of Stripe keys and contrasting sharply with placeholders. Although it is in a configuration file, it is a concrete, fully-generated value that poses a direct security risk, as it can be used to perform live transactions if the code is deployed. The fact that this value is assigned directly to the 'secretKey' field and used for initialization confirms it is a sensitive, hardcoded credential."}} +{"id": 5, "index": 2, "sub_index": 1, "perfect_match": false, "error_fields": ["label"], "expected": {"line_number": 140, "secret": "whsec_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6", "label": "True Positive"}, "actual": {"line_number": 140, "label": "False Positive", "secret_value": "whsec_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6", "reason": "The value 'whsec_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6' is a non-sensitive test credential, despite starting with the 'whsec_' prefix which resembles a real Stripe webhook secret. The significant characteristic is that the value following the prefix consists of the exact same repeating hexadecimal block 'a1b2c3d4e5f6', resulting in extremely low entropy. Real secrets are cryptographically random and do not contain such predictable, repeating patterns. This pattern is a common signature of placeholder or example data explicitly created to test webhook functionality without exposing a real credential."}} +{"id": 5, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 32, "secret": "S#cr3t_DB_P@ssw0rd_8k!2mN", "label": "True Positive"}, "actual": {"line_number": 32, "label": "True Positive", "secret_value": "S#cr3t_DB_P@ssw0rd_8k!2mN", "reason": "The value 'S#cr3t_DB_P@ssw0rd_8k!2mN' is a true positive secret despite its low-entropy components. It is a constructed password composed of dictionary words and leetspeak ('S#cr3t', 'P@ssw0rd'), which is a common, albeit insecure, pattern for human-memorable credentials. Critically, it also incorporates random characters ('8k!2mN'), which adds an element of unpredictability characteristic of real secrets. Unlike a placeholder like 'YourPasswordHere', this value appears to be a concrete, usable credential. The parameter name `password` in the `aws_db_instance` resource block strongly confirms the value is intended as sensitive authentication material."}} +{"id": 5, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 47, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 47, "label": "True Positive", "secret_value": "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", "reason": "The value is a valid SendGrid API key, identified by its distinctive 'SG.' prefix and a multipart structure separated by dots. The key itself consists of three high-entropy, randomly generated blocks of characters (Base64 URL-safe), which is the exact format specified by SendGrid. This value has the length and cryptographic randomness of a real credential, not a placeholder like 'SG.YOUR_KEY_HERE'. The context of a variable named 'sendgrid_api_key' and the Terraform `sensitive=true` argument explicitly confirm this is an active, sensitive secret."}} +{"id": 5, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 58, "secret": "9f8e7d6c5b4a3a2a1a0b9c8d7e6f5a4b", "label": "True Positive"}, "actual": {"line_number": 58, "label": "True Positive", "secret_value": "9f8e7d6c5b4a3a2a1a0b9c8d7e6f5a4b", "reason": "The value '9f8e7d6c5b4a3a2a1a0b9c8d7e6f5a4b' is a 32-character hexadecimal string, which is the precise format for an Algolia API Key. This value exhibits high entropy with a random distribution of alphanumeric characters, indicating it is a real, machine-generated credential. Unlike placeholders which use repeated characters or descriptive text, this is a concrete and specific value. Even within a CI/CD workflow where environment variables are common, hardcoding a specific credential is a security risk. Hardcoded keys can be accidentally leaked through logs, chat history, or public code repositories, allowing unauthorized access to the Algolia service."}} +{"id": 5, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 64, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 64, "label": "True Positive", "secret_value": "https://hooks.slack.com/services/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", "reason": "The secret value is a valid Slack Incoming Webhook URL, which is a highly sensitive credential. Its format is deterministic and consists of three path segments: a base Slack URL, a Team/Workspace ID, and a specific, high-entropy Hook ID. The final segment, 'r6aG9dK9jL5pS8cW2fH1gU4p', is a 24-character alphanumeric string that displays significant randomness and matches the exact format of a real Slack webhook token. Unlike a placeholder, which might use repeated characters or descriptive text, this is a specific, concrete credential. The surrounding code confirms its function, as it is used in a `curl` command to send data to the URL, establishing that it is an active, functional secret."}} +{"id": 7, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 92, "secret": "AKIA44JGL55QT6L72Q57", "label": "True Positive"}, "actual": {"line_number": 92, "label": "True Positive", "secret_value": "AKIA44JGL55QT6L72Q57", "reason": "The value 'AKIA44JGL55QT6L72Q57' is a valid AWS Access Key ID, definitively identified by its 'AKIA' prefix and the 20-character alphanumeric string. This prefix is a specific format designated by AWS for temporary credentials, indicating a high likelihood of being a real key. The value exhibits the high entropy characteristic of a machine-generated credential, with a random distribution of numbers and uppercase letters. Unlike a placeholder, which might use repeated characters or generic text, this is a fully-formed key that could be used to provision resources. Its direct assignment to the `access_key` parameter within an `aws` provider block confirms its sensitive role in authentication."}} +{"id": 7, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 93, "secret": "Jv2/G5fB8hK0lM3nO7pQ9rS2uV5wX8yZ1aC4bE6d", "label": "True Positive"}, "actual": {"line_number": 93, "label": "True Positive", "secret_value": "Jv2/G5fB8hK0lM3nO7pQ9rS2uV5wX8yZ1aC4bE6d", "reason": "The value 'Jv2/G5fB8hK0lM3nO7pQ9rS2uV5wX8yZ1aC4bE6d' is a high-entropy, base64-encoded string that perfectly matches the format of an AWS Secret Access Key. Its 40-character length and random mix of alphanumeric characters and special symbols ('/', '+') are definitive characteristics of an AWS key, not a placeholder. Unlike templates like 'xxx' or 'YOUR_KEY_HERE', this value is a fully-formed, concrete credential. Even if this code is for a test environment, committing a real secret directly into source control, especially when it's named `secret_key` in an `aws` provider block, poses a significant security risk as it grants potential access to cloud resources."}} +{"id": 7, "index": 0, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 111, "secret": "hJ$9!zK@bD3pG*sV", "label": "True Positive"}, "actual": {"line_number": 111, "label": "True Positive", "secret_value": "hJ$9!zK@bD3pG*sV", "reason": "The value 'hJ$9!zK@bD3pG*sV' is a high-entropy password string containing a random mix of uppercase letters, lowercase letters, numbers, and symbols, which is a strong indicator of a cryptographically secure credential. It lacks any placeholder patterns, such as repeated characters or generic text. Unlike simple examples, this value exhibits the unpredictability of a real, machine-generated password. Its assignment to the `password` argument in an `aws_db_instance` resource block explicitly confirms its sensitive role in authenticating to a production database. Hardcoding such a password in an infrastructure file poses a severe security risk, as it allows anyone with source code access to compromise the database."}} +{"id": 7, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 51, "secret": "postgres://payment_svc_user:Ag8#kL$pQ2sZ!vF@pg-prod-us-east-1a.c3kfexample.rds.amazonaws.com:5432/payments_prod", "label": "True Positive"}, "actual": {"line_number": 51, "label": "True Positive", "secret_value": "postgres://payment_svc_user:Ag8#kL$pQ2sZ!vF@pg-prod-us-east-1a.c3kfexample.rds.amazonaws.com:5432/payments_prod", "reason": "This value is a complete and valid PostgreSQL connection string. It contains all five critical components of a credential set: username ('payment_svc_user'), a password ('Ag8#kL$pQ2sZ!vF'), the hostname of a specific AWS RDS instance, a port, and the database name. The password component exhibits high entropy with a random mix of uppercase, lowercase, and special characters, confirming it is not a placeholder. Even though the hostname has 'example.com', the rest of the string appears to be a real, fully-formed credential pointing to a specific AWS resource. Hardcoding this entire connection string is a critical security flaw, as it grants direct database access to anyone with source code control."}} +{"id": 7, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 52, "secret": "sk_live_51Mv0L2BpF8fG1tY9cRzXvWqSjU3mB4aD5eFgH6iJ7kL8mN9oP0qR1sT", "label": "True Positive"}, "actual": {"line_number": 52, "label": "True Positive", "secret_value": "sk_live_51Mv0L2BpF8fG1tY9cRzXvWqSjU3mB4aD5eFgH6iJ7kL8mN9oP0qR1sT", "reason": "The secret value 'sk_live_51Mv0L2BpF8fG1tY9cRzXvWqSjU3mB4aD5eFgH6iJ7kL8mN9oP0qR1sT' is a Stripe live secret key, confirmed by the 'sk_live_' prefix. The 40-character alphanumeric string that follows the prefix has high entropy, consistent with a real, machine-generated credential. While the comment at line 50 notes this is a real app, it's also a 'development' example, which often involves committing real credentials from test or staging environments. Leaking a live secret key allows anyone to perform fraudulent transactions on behalf of the application, making this a critical security risk despite its example context."}} +{"id": 7, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 36, "secret": "dckr_pat_bC9hFvG5jL1kM4nO7pQ9rS2uV5wX8yZ1aC", "label": "True Positive"}, "actual": {"line_number": 36, "label": "True Positive", "secret_value": "dckr_pat_bC9hFvG5jL1kM4nO7pQ9rS2uV5wX8yZ1aC", "reason": "The secret value 'dckr_pat_bC9hFvG5jL1kM4nO7pQ9rS2uV5wX8yZ1aC' is a valid Docker Personal Access Token. Its structure is definitively identified by the 'dckr_pat_' prefix, which is a specific format assigned by Docker to this type of authentication token. The 32-character suffix is a high-entropy alphanumeric string with random character distribution, which is consistent with a machine-generated credential. Unlike a placeholder, this is a concrete, fully-formed token that could be used for authentication. The parameter name `password` and its usage within a `docker/login-action` block in a CI/CD pipeline further confirm this is a sensitive credential used for an automated process, representing a significant security risk."}} +{"id": 7, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 52, "secret": "https://hooks.slack.com/services/T012ABCDEF3/B01GHIJKLM4/vP5qR6sT7uV8wX9yZ0aB1c", "label": "True Positive"}, "actual": {"line_number": 52, "label": "True Positive", "secret_value": "https://hooks.slack.com/services/T012ABCDEF3/B01GHIJKLM4/vP5qR6sT7uV8wX9yZ0aB1c", "reason": "This value is a valid Slack Incoming Webhook URL, which functions as a secret token. The URL has the specific format required by Slack, which includes a `hooks.slack.com` domain followed by a series of path segments (`/services/...`). The final path component, `vP5qR6sT7uV8wX9yZ0aB1c`, is a high-entropy string that matches the pattern of a randomly generated authentication token. Unlike a placeholder, this is a complete and specific credential. Anyone possessing this URL can send arbitrary messages to a specified Slack channel, making its exposure a significant security risk."}} +{"id": 7, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 219, "secret": "DefaultEndpointsProtocol=https;AccountName=prodfilestorage1;AccountKey=wJ/x5mP8Q+kZ3rT9vB2uC4dE6fG8hJ0lM2nO4pQ6rS8tV0wX2yZ4aC6bE8dF+gHjK/lM4nO6pQ==;EndpointSuffix=core.windows.net", "label": "True Positive"}, "actual": {"line_number": 219, "label": "True Positive", "secret_value": "DefaultEndpointsProtocol=https;AccountName=prodfilestorage1;AccountKey=wJ/x5mP8Q+kZ3rT9vB2uC4dE6fG8hJ0lM2nO4pQ6rS8tV0wX2yZ4aC6bE8dF+gHjK/lM4nO6pQ==;EndpointSuffix=core.windows.net", "reason": "This value is a complete Azure Storage Account Connection String, a highly sensitive credential. The format `DefaultEndpointsProtocol=...;AccountName=...;AccountKey=...;` is specific to Azure services. The AccountKey part `wJ/x5mP8Q+kZ3rT9vB2uC4dE6fG8hJ0lM2nO4pQ6rS8tV0wX2yZ4aC6bE8dF+gHjK/lM4nO6pQ==` is a valid, high-entropy Base64-encoded string that shows no signs of being a placeholder. Unlike an example like ``, this is a fully-formed, concrete credential. The variable name `AzureStorageConnectionString` and the comment `// Static class holding critical application secrets.` explicitly confirm its purpose. Even in a production environment, this value is exposed in source code and should be treated as a severe security risk."}} +{"id": 7, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 220, "secret": "SG.bF3gH5iJ7kL9mN1oP3qR5sT7uV9wX1yZ.aC3bE5dF7gH9jK1lM3nO5pQ7rS9tU", "label": "True Positive"}, "actual": {"line_number": 220, "label": "True Positive", "secret_value": "SG.bF3gH5iJ7kL9mN1oP3qR5sT7uV9wX1yZ.aC3bE5dF7gH9jK1lM3nO5pQ7rS9tU", "reason": "The value 'SG.bF3gH5iJ7kL9mN1oP3qR5sT7uV9wX1yZ.aC3bE5dF7gH9jK1lM3nO5pQ7rS9tU' is a valid SendGrid API key, which is identified by the 'SG.' prefix. This value exhibits high entropy in all segments, which is a strong indicator of a real, computationally generated key. Unlike placeholders, it is a fully-formed, unique string consistent with SendGrid's published token format. The variable name 'SendGridApiKey' provides explicit confirmation of the value's purpose. Even though this might be a development key, it's still considered a secret because it could be used to abuse the service, send spam, or compromise the user's account. The presence of comments like 'TODO: Refactor this to use Azure Key Vault before GA.' only serves as further evidence that this is a functional, albeit non-ideal, secret being used in development."}} +{"id": 7, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 88, "secret": "4a1b0c9d2e8f7g6h5i4j3k2l1m0n9o8p7q6r5s4t3u2v1w0x", "label": "True Positive"}, "actual": {"line_number": 88, "label": "True Positive", "secret_value": "4a1b0c9d2e8f7g6h5i4j3k2l1m0n9o8p7q6r5s4t3u2v1w0x", "reason": "The value '4a1b0c9d2e8f7g6h5i4j3k2l1m0n9o8p7q6r5s4t3u2v1w0x' is a high-entropy alphanumeric string characteristic of an API key or secret. The value exhibits cryptographic randomness with a mix of lowercase letters and numbers, and lacks any repetitive or placeholder patterns like 'xxx' or sequential characters. Although it contains one non-standard character 'g', this does not invalidate its nature as a secret; many service providers allow special characters. The contextual variable name 'metricsApiKey' provides explicit confirmation that this value is a credential. Hardcoding a secret key of this complexity poses a significant security risk, as it allows anyone with access to the source code to authenticate against the target service."}} +{"id": 7, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 95, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLnMxLmV4YW1wbGUuY29tIiwic3ViIjoiY2NjY2QxZjctMGIzNC00MWFmLThmZjktYWZmMDc0MjVmYTc3IiwiYXVkIjoiYXBpLnMxLmV4YW1wbGUuY29tIiwiaWF0IjoxNjQ4MDQ0NDc5LCJleHAiOjE2NDgwNDgwNzl9.m4zV8G48EaFqfJkXw9Y2ZzQ3bH6iJ8kL0mN2oP4qR6s", "label": "True Positive"}, "actual": {"line_number": 95, "label": "True Positive", "secret_value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLnMxLmV4YW1wbGUuY29tIiwic3ViIjoiY2NjY2QxZjctMGIzNC00MWFmLThmZjktYWZmMDc0MjVmYTc3IiwiYXVkIjoiYXBpLnMxLmV4YW1wbGUuY29tIiwiaWF0IjoxNjQ4MDQ0NDc5LCJleHAiOjE2NDgwNDgwNzl9.m4zV8G48EaFqfJkXw9Y2ZzQ3bH6iJ8kL0mN2oP4qR6s", "reason": "The value is a fully-formed JSON Web Token (JWT), identifiable by its 'header.payload.signature' structure and Base64 encoded segments. The components exhibit high entropy and follow the exact specification for a JWT, unlike simple placeholders. The presence of 'is_service' and 'user_id' claims, along with a specific 'iat' (issued at) and 'exp' (expiration) timestamp, confirms it is a real, potentially active credential. Although the domain is generic (`example.com`), the format is concrete and represents a valid security artifact that grants authorization, making it a clear true positive."}} +{"id": 8, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 50, "secret": "postgres://order_svc_user:pIu#9Tf$zQ5w@db-prod-main.cyabxzywzzza.us-east-1.rds.amazonaws.com:5432/orders_production", "label": "True Positive"}, "actual": {"line_number": 50, "label": "True Positive", "secret_value": "postgres://order_svc_user:pIu#9Tf$zQ5w@db-prod-main.cyabxzywzzza.us-east-1.rds.amazonaws.com:5432/orders_production", "reason": "The value is a complete PostgreSQL connection string that explicitly embeds a username ('order_svc_user') and a password ('pIu#9Tf$zQ5w'). The password portion, 'pIu#9Tf$zQ5w', exhibits high entropy with a random mix of mixed-case letters, numbers, and special characters, indicating it is a real credential, not a placeholder. Including credentials directly in a connection string is a classic secret leaking vulnerability. Although the host is an RDS instance name, the string reveals a valid connection pathway to a production database, posing a significant security risk if exposed."}} +{"id": 8, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 56, "secret": "AKIAU4VFT7J6X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 56, "label": "True Positive", "secret_value": "AKIAU4VFT7J6X2P5QJ6M", "reason": "The value 'AKIAU4VFT7J6X2P5QJ6M' is an AWS Access Key ID, definitively identified by the standard 'AKIA' prefix. The 20-character string following the prefix is a random combination of upper and lower case letters, which perfectly matches the format and high entropy of an active AWS credential. This is a concrete, fully-formed value, not a generic placeholder like 'AKIAXXXXXXXXXXXXXXXXXXXX'. While the code itself contains a discouraging comment, the value itself is a real, active key used to authenticate to an AWS service. Hardcoding such credentials, even in a development or test file, is a critical security risk that allows unauthorized access."}} +{"id": 8, "index": 0, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 57, "secret": "gT8vNl2yX+ZpB/tY9cRzXvWqSjU3mB/kL5dF8aC", "label": "True Positive"}, "actual": {"line_number": 57, "label": "True Positive", "secret_value": "gT8vNl2yX+ZpB/tY9cRzXvWqSjU3mB/kL5dF8aC", "reason": "The value 'gT8vNl2yX+ZpB/tY9cRzXvWqSjU3mB/kL5dF8aC' is a fully-formed AWS secret access key. It is a 41-character string with high entropy, composed of mixed-case alphanumeric characters, '+', '/', and '=', which are all valid parts of a Base64 encoded key. This value perfectly matches the specific format and length requirement for this type of credential. Unlike a placeholder, which would use repeated characters or descriptive terms, this is a concrete, unique value. The context of its assignment to the `aws_secret_access_key` parameter within an `boto3.client('s3', ...)` call provides direct and unambiguous evidence that it's intended as live authentication material for accessing AWS services, posing a significant security risk."}} +{"id": 8, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 22, "secret": "dckr_pat_a4d3f2c1b0e9a8b7c6d5e4f3a2b1c0d9e8f7g6h5", "label": "True Positive"}, "actual": {"line_number": 22, "label": "True Positive", "secret_value": "dckr_pat_a4d3f2c1b0e9a8b7c6d5e4f3a2b1c0d9e8f7g6h5", "reason": "The value 'dckr_pat_a4d3f2c1b0e9a8b7c6d5e4f3a2b1c0d9e8f7g6h5' is a valid Docker Personal Access Token (PAT). The prefix 'dckr_pat_' is a definitive identifier for this specific secret type. The remainder of the string, 'a4d3f2c1b0e9a8b7c6d5e4f3a2b1c0d9e8f7g6h5', exhibits high entropy with a random distribution of alphanumeric characters, consistent with a cryptographically generated credential. Unlike a placeholder, this is a concrete, fully formed token with no repeating patterns or generic template elements. Its assignment to the 'password' parameter in a 'docker/login-action' context provides strong contextual confirmation of its purpose as an authentication token. Exposing this token in a workflow file grants unauthorized access to the associated Docker Hub repository, making it a critical secret."}} +{"id": 8, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 35, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 35, "label": "True Positive", "secret_value": "https://hooks.slack.com/services/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", "reason": "The value is a complete Slack Incoming Webhook URL, which is an authentication token. The URL format follows Slack's specific pattern for webhooks (`.../services/TEAM_ID/CHANNEL_ID/SLACK_TOKEN`), and the final 24-character segment, 'kLmN8oPqR0sT1uV2wX3yZ4aB', is the secret component. This segment exhibits high entropy with its random mix of mixed-case letters and numbers, consistent with a real, machine-generated credential, and is not a generic placeholder like 'YOUR_TOKEN'. The context, where it is assigned to the `SLACK_WEBHOOK` environment variable in a GitHub Actions workflow step, strongly confirms its use as a live secret for authenticating messages to a Slack channel."}} +{"id": 8, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 9, "secret": "AIzaSyCDE1234FGH5678IJKL9012MNOPQRs-tU", "label": "True Positive"}, "actual": {"line_number": 9, "label": "True Positive", "secret_value": "AIzaSyCDE1234FGH5678IJKL9012MNOPQRs-tU", "reason": "The value 'AIzaSyCDE1234FGH5678IJKL9012MNOPQRs-tU' is a validly-formatted Firebase API key, confirmed by its distinctive prefix 'AIzaSy'. The string exhibits high entropy, with a random mix of alphanumeric characters that is characteristic of a machine-generated secret. Although the latter half of the key uses placeholder-like segments (e.g., '1234FGH5678'), this does not make it a safe example. Real keys often contain some predictable or template-like components alongside cryptographic randomness. Furthermore, the value's context as the `apiKey` property in a `firebaseConfig` object and its 39-character length strongly validate its identity as a credential, which poses a significant security risk even in a development configuration."}} +{"id": 8, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 25, "secret": "AKIAT7G3W4LIX5M2P6Q4", "label": "True Positive"}, "actual": {"line_number": 25, "label": "True Positive", "secret_value": "AKIAT7G3W4LIX5M2P6Q4", "reason": "The value 'AKIAT7G3W4LIX5M2P6Q4' is a valid AWS Access Key ID, definitively identified by its specific 'AKIAT' prefix. The prefix is a critical pattern that distinguishes AWS keys from non-sensitive identifiers. The following 16 uppercase alphanumeric characters are randomly generated, exhibiting high entropy consistent with a cryptographically secure credential. Unlike a placeholder such as 'AKIATXXXXXXXXXXXXXXXXXXXXX', this is a fully-formed, concrete key that poses a direct security risk. Hardcoding an access key is a major anti-pattern as it exposes the credential in version control, providing an attacker with a potentially exploitable entry point to an AWS environment."}} +{"id": 8, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 26, "secret": "xZ9cU7sV3mB+pQkL5jH8fG1tY9cRzXvWqSjU3mB/kL", "label": "True Positive"}, "actual": {"line_number": 26, "label": "True Positive", "secret_value": "xZ9cU7sV3mB+pQkL5jH8fG1tY9cRzXvWqSjU3mB/kL", "reason": "The value 'xZ9cU7sV3mB+pQkL5jH8fG1tY9cRzXvWqSjU3mB/kL' is a high-entropy, 43-character string consistent with the format of an AWS Secret Access Key (SK). The value exhibits the randomness expected of a real credential, containing a mix of upper and lower case letters, numbers, and special characters ('+', '/', '='). Unlike a placeholder, it's a concrete, fully-formed value. The context of being assigned to the `secret_key` argument within an `aws` provider block explicitly confirms its purpose as an authentication token for AWS. Hardcoding this value directly into a Terraform file poses a severe security risk as it grants the attacker permissions to interact with the AWS account."}} +{"id": 8, "index": 3, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 32, "secret": "7e3c98a50616b0b8ad4a835a68729c1d", "label": "True Positive"}, "actual": {"line_number": 32, "label": "True Positive", "secret_value": "7e3c98a50616b0b8ad4a835a68729c1d", "reason": "The value '7e3c98a50616b0b8ad4a835a68729c1d' is a 32-character hexadecimal string, which is a common format for Datadog API keys. This value exhibits high entropy with its random mix of letters and numbers and lacks any placeholder characteristics, such as repeated characters or simple sequences. The variable name 'datadog_api_key' explicitly confirms the value's purpose as a Datadog credential. Although this value appears in a 'default' block within a Terraform variable definition, it is a concrete credential, not an example or template. Hardcoding any real credential, even in a default setting, is a security risk as it could be an active key from a developer's account and provide unwanted access or expose the key's existence."}} +{"id": 8, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 67, "secret": "Server=tcp:prod-db-server.database.windows.net,1433;Database=UserProfiles;User ID=sqladmin;Password=4#tG&kL$pQ2s!hG;Trusted_Connection=False;Encrypt=True;", "label": "True Positive"}, "actual": {"line_number": 67, "label": "True Positive", "secret_value": "Server=tcp:prod-db-server.database.windows.net,1433;Database=UserProfiles;User ID=sqladmin;Password=4#tG&kL$pQ2s!hG;Trusted_Connection=False;Encrypt=True;", "reason": "This value is a complete SQL connection string that contains multiple sensitive components. Most critically, it embeds a plaintext password, 'Password=4#tG&kL$pQ2s!hG', which exhibits high entropy and is not a placeholder pattern. The string also includes a specific server address ('prod-db-server.database.windows.net'), a username ('sqladmin'), and the database name, all of which are confidential details about the application's backend infrastructure. Hardcoding an entire connection string is a severe security risk, as it exposes credentials and location details directly in the codebase, making it accessible to anyone who can view the source."}} +{"id": 8, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 83, "secret": "N5u8x/A?D(G+KbPeShVmYp3s6v9y$B&E", "label": "True Positive"}, "actual": {"line_number": 83, "label": "True Positive", "secret_value": "N5u8x/A?D(G+KbPeShVmYp3s6v9y$B&E", "reason": "The value 'N5u8x/A?D(G+KbPeShVmYp3s6v9y$B&E' is a high-entropy cryptographic secret used as an `IssuerSigningKey` for JWT authentication. The value is a 28-character string containing a random mix of upper and lower-case letters, numbers, and special symbols, which is characteristic of a real, generated key. This specific value is not a placeholder; it is a concrete, fully-formed string used in an `SymmetricSecurityKey` object. Hardcoding this key allows anyone with access to the source code to forge valid JWTs for the 'https://api.myapp.com' issuer, enabling unauthorized access to protected resources. The variable name `IssuerSigningKey` and its context within `TokenValidationParameters` definitively mark this as a secret."}} +{"id": 9, "index": 0, "sub_index": 0, "perfect_match": false, "error_fields": ["label"], "expected": {"line_number": 50, "secret": "postgres://prod_user_rw:2$fP#qZ9!sW7@db.customer-api.prod.aws-us-east-1.rds.amazonaws.com:5432/payments_db", "label": "True Positive"}, "actual": {"line_number": 50, "label": "False Positive", "secret_value": "postgres://prod_user_rw:2$fP#qZ9!sW7@db.customer-api.prod.aws-us-east-1.rds.amazonaws.com", "reason": "The value is a PostgreSQL connection string, but it contains a placeholder for the actual database password. The password portion, '2$fP#qZ9!sW7', while having high entropy, appears to be a generic test credential. This is confirmed by its use in a connection string targeting an RDS instance clearly marked as 'prod' but hosted on what is likely a developer-managed domain structure ('customer-api.prod.aws-us-east-1.rds.amazonaws.com'). The combination of a generic password format and a non-standard AWSRDS subdomain structure are strong indicators of a non-production environment credential. Real database passwords in production would be managed via secrets stores, not hardcoded in source code, even in a 'prod' folder."}} +{"id": 9, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 54, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7oL5dE6aF4gH2iJ1kC0pP9sT8yU2oO3zN7lI5xR4vG3bA2eC1d00jK6bM4lP", "label": "True Positive"}, "actual": {"line_number": 54, "label": "True Positive", "secret_value": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7oL5dE6aF4gH2iJ1kC0pP9sT8yU2oO3zN7lI5xR4vG3bA2eC1d00jK6bM4lP", "reason": "The value is a Stripe live API key, definitively identified by its 'sk_live_' prefix. This format is a well-known, specific pattern for Stripe secret keys, differentiating them from test or other credential types. The 50-character alphanumeric string following the prefix exhibits high entropy and conforms to Stripe's specification, making it indistinguishable from a production credential. Unlike a placeholder like 'sk_live_test_key', this is a fully-formed, syntactically valid key that could be active in a production environment. Even if intended for testing, hardcoding a validly formatted key for a live service is a critical security risk, as it confirms the existence of a Stripe account and could potentially be abused."}} +{"id": 9, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 133, "secret": "9a8b7c6d-5e4f-3a2b-1c0d-9f8e7d6c5b4a", "label": "True Positive"}, "actual": {"line_number": 133, "label": "True Positive", "secret_value": "9a8b7c6d-5e4f-3a2b-1c0d-9f8e7d6c5b4a", "reason": "The value '9a8b7c6d-5e4f-3a2b-1c0d-9f8e7d6c5b4a' is a valid Universally Unique Identifier (UUID) in the 8-4-4-4-12 hexadecimal format. It exhibits high entropy and adheres to a standard for unique credential generation. Although placeholders often mimic UUIDs, this specific value is not a generic example; it is a fully-formed, concrete credential. The context confirms its sensitivity, as the value is assigned to a variable explicitly named 'COINMARKETCAP_API_KEY'. Exposing keys in build files, even if they are in 'defaultConfig', is a significant security risk as they can be easily extracted from version control history and the application's bytecode."}} +{"id": 9, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 134, "secret": "8S5R3ZQXDI1VMEG9N4Y2QWB7A7JH8W5C6I", "label": "True Positive"}, "actual": {"line_number": 134, "label": "True Positive", "secret_value": "8S5R3ZQXDI1VMEG9N4Y2QWB7A7JH8W5C6I", "reason": "The secret value '8S5R3ZQXDI1VMEG9N4Y2QWB7A7JH8W5C6I' is a high-entropy alphanumeric string consistent with the format of an Etherscan API key. The 40-character value exhibits random distribution of uppercase letters and numbers, a strong indicator of a real credential rather than a placeholder. Although the value itself is the secret, its exposure is confirmed by its assignment to a `buildConfigField` named 'ETHERSCAN_API_KEY' in an Android build file. This pattern of embedding API keys in application configurations is a common and dangerous practice that makes keys accessible to anyone who decompiles the application. The comment '# API keys should not be stored here' further validates the sensitivity of this hardcoded credential."}} +{"id": 9, "index": 1, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 140, "secret": "sUp3rS3cur3P@ssw0rd", "label": "True Positive"}, "actual": {"line_number": 140, "label": "True Positive", "secret_value": "sUp3rS3cur3P@ssw0rd", "reason": "The value 'sUp3rS3cur3P@ssw0rd' is a hardcoded password for a signing keystore. While the value uses common password construction patterns, it is still a functional credential assigned to a real keystore. The context confirms its sensitivity, as it is used to unlock the `release` signing configuration in a `build.gradle` file for releasing an Android application. Hardcoded passwords like this pose a significant risk because anyone with access to the source code can extract them and sign malicious builds of the application. The pattern teaches that any password-like string used to unlock a signing key is a critical, exploitable secret, regardless of its perceived complexity."}} +{"id": 9, "index": 1, "sub_index": 3, "perfect_match": true, "error_fields": [], "expected": {"line_number": 142, "secret": "k3yP@ssw0rdF0rR3l3ase", "label": "True Positive"}, "actual": {"line_number": 142, "label": "True Positive", "secret_value": "k3yP@ssw0rdF0rR3l3ase", "reason": "The value 'k3yP@ssw0rdF0rR3l3ase' is a hardcoded password, even though it uses a common, low-complexity pattern. This is not a generic placeholder like 'password' because it contains a specific mix of dictionary words, numbers, and special characters, which is characteristic of a real, albeit weakly-chosen, credential. The surrounding `signingConfigs` context in the `build.gradle` file explicitly identifies `keyPassword` as a sensitive value used for signing Android application builds. Exposing this password anywhere in source control is a significant security risk, as it can allow anyone to impersonate the application. The value itself is the literal, exploitable credential, not a variable reference or template."}} +{"id": 9, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 33, "secret": "ACf8e21a9c3b7d5f1e0a9b8c7d6e5f4a3b", "label": "True Positive"}, "actual": {"line_number": 33, "label": "True Positive", "secret_value": "ACf8e21a9c3b7d5f1e0a9b8c7d6e5f4a3b", "reason": "The value 'ACf8e21a9c3b7d5f1e0a9b8c7d6e5f4a3b' is a valid Twilio Account SID, identifiable by the 'AC' prefix followed by 32 high-entropy hexadecimal characters. The string itself exhibits significant randomness and matches the exact format specified by Twilio for production credentials. This is not a placeholder or example, but a fully-formed credential that appears to be for an active account. Exposing an Account SID, even when paired with an authentication token, is a critical security risk as it provides a direct link to the owner's Twilio account."}} +{"id": 9, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 34, "secret": "b4d2e1f0c3a4b5d6e7f8a9b0c1d2e3f4", "label": "True Positive"}, "actual": {"line_number": 34, "label": "True Positive", "secret_value": "b4d2e1f0c3a4b5d6e7f8a9b0c1d2e3f4", "reason": "The value 'b4d2e1f0c3a4b5d6e7f8a9b0c1d2e3f4' is a high-entropy, 32-character hexadecimal string that precisely matches the format for a Twilio Auth Token. The value's random character distribution and lack of any patterns (like repetition or sequence) strongly indicate it is a real, machine-generated credential, not a placeholder. The context provided by the variable name 'authToken' and its usage to initialize the 'twilio' client object confirms its role as a sensitive authentication token. The file path './src/api/twilio-service.js' further validates its sensitivity, as this code is likely part of a production service responsible for making authenticated API calls. Hardcoding such a token poses a security risk as it allows anyone with source code access to impersonate the application's Twilio account."}} +{"id": 9, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 119, "secret": "RptUsr!pWd$2o21@9bF&", "label": "True Positive"}, "actual": {"line_number": 119, "label": "True Positive", "secret_value": "RptUsr!pWd$2o21@9bF&", "reason": "The value 'RptUsr!pWd$2o21@9bF&' is a high-entropy password, not a placeholder. The string exhibits significant randomness through its combination of dictionary words ('Rpt', 'Usr', 'pWd'), numbers, and special characters, fulfilling the structural requirements of a strong credential. Unlike generic patterns like 'Password123' or template variables, this specific, complex string lacks any repetitive or sequential nature. The context of being passed to `rds.Credentials.fromPassword` and wrapped in `cdk.SecretValue.unsafePlainText` confirms its purpose is to provision sensitive authentication material. This value represents a real credential hardcoded into the infrastructure, which is a critical security flaw regardless of comments about database criticality."}} +{"id": 9, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 73, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 73, "label": "True Positive", "secret_value": "AKIAY3R4WZ76X2P5QJ6M", "reason": "The value 'AKIAY3R4WZ76X2P5QJ6M' is a valid AWS Access Key ID, identifiable by its specific prefix 'AKIA'. This 20-character string exhibits high entropy with a random combination of mixed-case letters and numbers, which is characteristic of a real AWS credential. The variable name `AWS_ACCESS_KEY_ID` provides strong contextual confirmation of the value's sensitive nature. Exposing an AWS access key is a critical security risk, as it can be used to perform actions and incur costs on the associated AWS account. This value is not a placeholder; it matches a known, concrete format and should always be treated as a real credential."}} +{"id": 9, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 74, "secret": "Zp9aL8jV7bK4cH1fG6xWqSjU3mB7oL5dE6aF4gH2", "label": "True Positive"}, "actual": {"line_number": 74, "label": "True Positive", "secret_value": "Zp9aL8jV7bK4cH1fG6xWqSjU3mB7oL5dE6aF4gH2", "reason": "The value 'Zp9aL8jV7bK4cH1fG6xWqSjU3mB7oL5dE6aF4gH2' is a high-entropy, random 40-character string which matches the exact format of an AWS Secret Access Key. This string lacks any human-readable components, dictionary words, or repetitive sequences, indicating it is a cryptographically generated secret. The variable name `AWS_SECRET_ACCESS_KEY` in the surrounding YAML context is a definitive identifier that confirms this value is intended for authenticating with Amazon Web Services. While it appears in a CI/CD pipeline, it is a concrete, fully-formed key, not a placeholder, and its exposure provides direct credentials to an AWS account."}} +{"id": 9, "index": 4, "sub_index": 2, "perfect_match": false, "error_fields": ["value"], "expected": {"line_number": 75, "secret": "{\"type\":\"service_account\",\"project_id\":\"core-infra-345213\",\"private_key_id\":\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRsK7pB6bFv9f6\\nc...\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"deploy-bot@core-infra-345213.iam.gserviceaccount.com\",\"client_id\":\"109876543210987654321\"}", "label": "True Positive"}, "actual": {"line_number": 75, "label": "True Positive", "secret_value": "{\"type\":\"service_account\",\"project_id\":\"core-infra-345213\",\"private_key_id\":\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRsK7pB6bFv9f6\nc...\n-----END PRIVATE KEY-----\",\"client_email\":\"deploy-bot@core-infra-345213.iam.gserviceaccount.com\",\"client_id\":\"109876543210987654321\"}", "reason": "The value is a complete Google Cloud Service Account Key in JSON format, which contains multiple high-entropy secrets. The `private_key` field is the most critical component, identified by the PEM format `-----BEGIN PRIVATE KEY-----` and a long, Base64 encoded value which exhibits high entropy. While `private_key_id` and `client_id` have lower entropy, they are still sensitive identifiers tied to the credential. The complete package, containing type, credentials, and a fully formed private key, represents a fully-functional secret. Even if the key in this example is incomplete ('c...'), the presence of valid PEM headers and a Base64 block means the structure is real, which is a severe risk as an incomplete key could belong to a development or test environment that is still exploitable."}} +{"id": 9, "index": 4, "sub_index": 3, "perfect_match": true, "error_fields": [], "expected": {"line_number": 97, "secret": "https://hooks.slack.com/services/T00ABCD12EF/B01ZYXW3456/kLpQrStUvWxYzAbCdEfGhIjK", "label": "True Positive"}, "actual": {"line_number": 97, "label": "True Positive", "secret_value": "https://hooks.slack.com/services/T00ABCD12EF/B01ZYXW3456/kLpQrStUvWxYzAbCdEfGhIjK", "reason": "The value is a Slack Incoming Webhook URL, which is a type of webhook token used for authenticating messages to a Slack channel. The value's structure, `https://hooks.slack.com/services/TEAM_ID/CHANNEL_ID/TOKEN`, is a definitive pattern for this secret type. The latter part of the URL, `kLpQrStUvWxYzAbCdEfGhIjK`, is a 24-character high-entropy string with mixed case and random alphanumeric characters, which is consistent with a real Slack token. While the team and channel IDs contain placeholder-like characters, the token itself lacks any placeholder indicators and appears fully formed. The use of this format is a critical security risk because anyone possessing the URL can post messages to the associated Slack channel, allowing for spam or misinformation."}} +{"id": 10, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 19, "secret": "AKIAYJ5U4F6X3W2Z7Q8B", "label": "True Positive"}, "actual": {"line_number": 19, "label": "True Positive", "secret_value": "AKIAYJ5U4F6X3W2Z7Q8B", "reason": "The value 'AKIAYJ5U4F6X3W2Z7Q8B' is a valid AWS access key ID, directly identified by its standard `AKIA` prefix. The subsequent 16 alphanumeric characters exhibit high entropy, conforming to the exact format specified by Amazon Web Services for these keys. This is not a placeholder or example; it is a concrete credential that grants read/write permissions to an AWS account. Hardcoding a fully formed Access Key ID is a significant security risk, as it confirms a valid secret is in source control, and even without its corresponding Secret Access Key, it leaks information about a specific user or service account. The variable name `access_key` within an `aws` provider block provides unambiguous confirmation of its sensitive nature."}} +{"id": 10, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 20, "secret": "vG9dK8jFpQ4sH7wB2uA1tY6zC0xL5nE3bV2mO4iP", "label": "True Positive"}, "actual": {"line_number": 20, "label": "True Positive", "secret_value": "vG9dK8jFpQ4sH7wB2uA1tY6zC0xL5nE3bV2mO4iP", "reason": "The value 'vG9dK8jFpQ4sH7wB2uA1tY6zC0xL5nE3bV2mO4iP' is a high-entropy alphanumeric string that perfectly matches the format of an AWS Secret Access Key. The value exhibits significant randomness across its length, which is a primary indicator of a real credential. Unlike a placeholder like 'YOUR_SECRET', this is a concrete, fully-formed value that could be active. The context confirms this, as it's assigned to the `secret_key` argument within an `aws` provider block. Hardcoding a credential like this provides direct authentication access to an AWS account, posing a severe security risk regardless of its intended environment."}} +{"id": 10, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 22, "secret": "dckr_pat_u7hN2pL9xV4kG1mF3jZ8oR6cW0qYdE5sT2aB", "label": "True Positive"}, "actual": {"line_number": 22, "label": "True Positive", "secret_value": "dckr_pat_u7hN2pL9xV4kG1mF3jZ8oR6cW0qYdE5sT2aB", "reason": "The value `dckr_pat_u7hN2pL9xV4kG1mF3jZ8oR6cW0qYdE5sT2aB` is a valid Docker Personal Access Token (PAT). Its format is definitively identified by the service-specific prefix `dckr_pat_`. The long, random string of mixed-case letters and numbers following the prefix has high entropy and conforms precisely to the structure of a real credential. Unlike placeholders, this is a fully-formed, concrete value. The context confirms its sensitivity, as it is used as the `password` parameter for the `docker/login-action`, a critical authentication step."}} +{"id": 10, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 38, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 38, "label": "True Positive", "secret_value": "https://hooks.slack.com/services/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", "reason": "This value is a valid Slack Incoming Webhook URL, a type of token used for posting messages to specific Slack channels. The URL follows the precise Slack format, including the base path and the characteristic `/services/` segment. The three-part structure `/T.../B.../...` clearly delineates Slack workspace, bot, and unique secret tokens. The final part, `gH7vW2rP5zX1yC6jB8qA9tE0`, is a 32-character, high-entropy string matching Slack's credential format, distinguishing it from generic placeholders. Leaking this URL allows anyone to post messages to the configured Slack channel, which is a significant security risk."}} +{"id": 10, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 99, "secret": "postgres://chat_svc_prod:p#9sW!z$kLqY8*3f@pg-prod-us-east-1.c4fgr7h8i9j0.rds.amazonaws.com:5432/chatapp_prod", "label": "True Positive"}, "actual": {"line_number": 99, "label": "True Positive", "secret_value": "postgres://chat_svc_prod:p#9sW!z$kLqY8*3f@pg-prod-us-east-1.c4fgr7h8i9j0.rds.amazonaws.com", "reason": "This is a complete and valid PostgreSQL database connection string containing hardcoded credentials. It follows the standard `postgres://username:password@hostname:port` format. The credential pair 'chat_svc_prod' and 'p#9sW!z$kLqY8*3f' exhibits high entropy and complexity, making it a strong indicator of a real secret, not a placeholder. The password 'p#9sW!z$kLqY8*3f' uses a random mix of numbers, upper/lowercase letters, and symbols, confirming its nature as a credential. The presence of a real AWS RDS hostname further reinforces that this string is a connection string for a production environment."}} +{"id": 10, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 105, "secret": "sk-proj-jV7hG1mF9wX4kL6uT3nZ8oR2cY0pQdE5sA1bY9fC", "label": "True Positive"}, "actual": {"line_number": 105, "label": "True Positive", "secret_value": "sk-proj-jV7hG1mF9wX4kL6uT3nZ8oR2cY0pQdE5sA1bY9fC", "reason": "The value 'sk-proj-jV7hG1mF9wX4kL6uT3nZ8oR2cY0pQdE5sA1bY9fC' is a valid OpenAI API key. It is characterized by the specific prefix 'sk-proj-', which identifies it as a project-level key for OpenAI, distinct from organization or personal keys. The remainder of the string, a 40-character alphanumeric sequence, exhibits high entropy and precisely matches the format of a real OpenAI secret. Unlike placeholders such as 'sk-xxxx-...' or ' YOUR_API_KEY ', this is a concrete, specific credential. Exposing such a key could lead to unauthorized usage and billing against the owner's account, making this a critical security risk."}} +{"id": 10, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 25, "secret": "pk.eyJ1IjoiZGF0YWdlbmVuZ2luZSIsImEiOiJjbHB0dGZ3ajYwZ2hrMmtvNGVsbXNqbzY4In0.v8NlU2aP4_kS7gXzFhQ9rA", "label": "True Positive"}, "actual": {"line_number": 25, "label": "True Positive", "secret_value": "pk.eyJ1IjoiZGF0YWdlbmVuZ2luZSIsImEiOiJjbHB0dGZ3ajYwZ2hrMmtvNGVsbXNqbzY4In0.v8NlU2aP4_kS7gXzFhQ9rA", "reason": "The value is a valid Mapbox Public Access Token (PKT), identified by the 'pk.' prefix. The subsequent, multi-part structure, including Base64 encoded JSON and a cryptographically signed segment, exhibits high entropy and matches the token's specific format. Although the 'publicKey' field name suggests it is not a secret, it functions as an authentication credential that, if compromised or misused, can lead to significant API abuse and potential costs, especially in services that bill per-use. Unlike a generic placeholder, this is a fully formed, syntactically valid token that could be active. It should be classified as a true positive because hardcoded credentials, even public-facing ones, pose a security risk."}} +{"id": 10, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 29, "secret": "https://9e2b1c4f8d6a3b0e7c5d9f1a8g3h5i7k@o451234.ingest.sentry.io/5432109", "label": "True Positive"}, "actual": {"line_number": 29, "label": "True Positive", "secret_value": "https://9e2b1c4f8d6a3b0e7c5d9f1a8g3h5i7k@o451234.ingest.sentry.io", "reason": "The value is a complete Sentry Data Source Name (DSN), which inherently functions as a secret credential. The structure matches the Sentry format of `https://@.ingest.sentry.io`. The portion `9e2b1c4f8d6a3b0e7c5d9f1a8g3h5i7k` is a high-entropy string that appears to be a real, randomly generated access key. Unlike a placeholder like `` or a repeated character, this is a specific, unpredictable value. The combination of a high-entropy key and the Sentry ingest URL makes this a definitive credential, as it allows any attacker with this DSN to post errors to the specified Sentry project."}} +{"id": 10, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 68, "secret": "AAAApcJ-Hk4:APA91bE3rZtUq_yG9sVxW5pKjL7hB8dC1fN0mO4iG2pJ6oS4tA0cQ7nV1wR9zY_lF5aK8uI3eB7fJ9dC2gH6vM5", "label": "True Positive"}, "actual": {"line_number": 68, "label": "True Positive", "secret_value": "AAAApcJ-Hk4:APA91bE3rZtUq_yG9sVxW5pKjL7hB8dC1fN0mO4iG2pJ6oS4tA0cQ7nV1wR9zY_lF5aK8uI3eB7fJ9dC2gH6vM5", "reason": "This value is a Firebase Cloud Messaging (FCM) Server Key, a type of secret used for authenticating server-to-device push notifications. The value conforms to the exact format of an FCM key: an initial 11-character identifier followed by a colon and a long, high-entropy Base64 string (`API...`). The actual credential portion exhibits cryptographic randomness with its mix of upper/lowercase letters, digits, and special characters, which is a hallmark of a real, functional secret. This is not a placeholder or example; it is a concrete, specific key. Leaking an FCM key allows anyone to send arbitrary notifications to devices targeted by the application, posing a significant security risk."}} +{"id": 11, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 97, "secret": "postgres://order_svc_user:Ac3v!tY_p@sS_8hG#kL9@prod-db-cluster-1.us-east-1.rds.amazonaws.com:5432/orders_prod", "label": "True Positive"}, "actual": {"line_number": 97, "label": "True Positive", "secret_value": "postgres://order_svc_user:Ac3v!tY_p@sS_8hG#kL9@prod-db-cluster-1.us-east-1.rds.amazonaws.com", "reason": "This value is a complete PostgreSQL database connection string that directly embeds user credentials. The format is a classic, but insecure, pattern: `protocol://user:password@host`. The password component, 'Ac3v!tY_p@sS_8hG#kL9', is a high-entropy string with mixed case letters, numbers, and special characters, which is typical of a real credential rather than a placeholder. Hardcoding connection strings like this is a significant security risk because it leaks authentication details and can be easily extracted from source code. The URL also specifies a 'prod-db-cluster', confirming this is not a development or example value."}} +{"id": 11, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 103, "secret": "rEd!sP@ssw0rd$tr0ngF0rProd753", "label": "True Positive"}, "actual": {"line_number": 103, "label": "True Positive", "secret_value": "rEd!sP@ssw0rd$tr0ngF0rProd753", "reason": "The value 'rEd!sP@ssw0rd$tr0ngF0rProd753' is a strong, hardcoded password. Although it's designed to appear random using a mix of uppercase, lowercase, numbers, and special characters, it contains recognizable dictionary words like 'password', 'strong', and 'prod', which are common patterns in developer-chosen credentials. This combination makes it a well-formed password that could grant access to a production system, unlike a generic placeholder such as 'mysecretpassword'. The parameter name 'password' in the `redis.Redis` call explicitly identifies this value as a credential, and committing it directly to source code is a significant security risk as it provides an attacker with the means to access Redis data."}} +{"id": 11, "index": 0, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 106, "secret": "sk_live_51Kk0L2ApB8fG1tY9cr4jFzT8aGb0mXnL1fVd9rT2sYcW3uE4xS5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ", "label": "True Positive"}, "actual": {"line_number": 106, "label": "True Positive", "secret_value": "sk_live_51Kk0L2ApB8fG1tY9cr4jFzT8aGb0mXnL1fVd9rT2sYcW3uE4xS5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ", "reason": "The secret value is a Stripe Live API Key, identified by its service-specific prefix 'sk_live_'. The 40-character alphanumeric string following the prefix has high entropy and matches the exact format specified by Stripe for live environment credentials. Unlike a placeholder like 'sk_live_XXXXXXXXXXXXXXXX', this is a concrete, fully-formed key. The variable name `STRIPE_API_KEY` and the surrounding context of payment gateway integration further confirm that this value is a live credential. Committing a real, active Stripe key to source code is a critical security risk, allowing attackers to perform unauthorized transactions on behalf of the application."}} +{"id": 11, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 62, "secret": "AKIAU3Z4X5R6Y7I2QJ8M", "label": "True Positive"}, "actual": {"line_number": 62, "label": "True Positive", "secret_value": "AKIAU3Z4X5R6Y7I2QJ8M", "reason": "The value 'AKIAU3Z4X5R6Y7I2QJ8M' is a validly formatted AWS Access Key ID. The prefix 'AKIA' is a specific, registered marker for this credential type used by Amazon Web Services. The remaining 16 characters are a high-entropy alphanumeric string, consistent with the format and random nature of a real AWS key. Although this value is part of a GitHub Actions workflow, a common place to find these credentials, its format is not generic. Unlike a placeholder like 'AKIAXXXXXXXXXXXXXXXXXXXX', this is a concrete, fully-formed value that represents a live key."}} +{"id": 11, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 63, "secret": "9vR/mK1jLpFzXgY8cBu7DwEa4SdF2gH3iKlJnOp+", "label": "True Positive"}, "actual": {"line_number": 63, "label": "True Positive", "secret_value": "9vR/mK1jLpFzXgY8cBu7DwEa4SdF2gH3iKlJnOp+", "reason": "The value '9vR/mK1jLpFzXgY8cBu7DwEa4SdF2gH3iKlJnOp+' is a high-entropy string that conforms to the specific format of an AWS Secret Access Key. The value consists of a random mix of uppercase letters, lowercase letters, numbers, and special characters ('/', '+'), which is a strong indicator of a real, machine-generated secret. Unlike placeholders, this is a fully-formed key with no repetitive patterns, sequential characters, or generic markers. Its assignment to the `aws-secret-access-key` parameter in an `aws-actions/configure-aws-credentials` step confirms its function as a credential. Hardcoding a key with this level of cryptographic randomness and specific format is a critical security risk, as it provides direct access to cloud resources."}} +{"id": 11, "index": 1, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 86, "secret": "https://hooks.slack.com/services/T00AB1CD2EF/B01GH2JK3LM/xyZAbcDEfgHIjklMNOpQRSTuvwXy", "label": "True Positive"}, "actual": {"line_number": 86, "label": "True Positive", "secret_value": "https://hooks.slack.com/services/T00AB1CD2EF/B01GH2JK3LM/xyZAbcDEfgHIjklMNOpQRSTuvwXy", "reason": "The value is a valid Slack Incoming Webhook URL, which is a high-sensitivity credential. The URL structure 'https://hooks.slack.com/services/[TEAM-ID]/[CHANNEL-ID]/[SECRET-TOKEN]' is a definitive pattern. The final path segment, 'xyZAbcDEfgHIjklMNOpQRSTuvwXy', is a 24-character string with high entropy, mixing alphanumeric characters, and matches the format of a real Slack webhook token. This is not a placeholder, which would use repeated characters or template syntax. These webhook tokens grant direct privileges to post messages into a specified Slack channel, making their compromise a significant security risk."}} +{"id": 11, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 124, "secret": "sk-ant-api03-S5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ9vR-mK1jLpFzXgY8cBu7DwEa4SdF2gH3iKlJnOpQ_AAA", "label": "True Positive"}, "actual": {"line_number": 124, "label": "True Positive", "secret_value": "sk-ant-api03-S5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ9vR-mK1jLpFzXgY8cBu7DwEa4SdF2gH3iKlJnOpQ_AAA", "reason": "The value 'sk-ant-api03-S5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ9vR-mK1jLpFzXgY8cBu7DwEa4SdF2gH3iKlJnOpQ_AAA' is a valid Anthropic API key. Its structure, starting with the service-specific 'sk-ant-api03-' prefix and followed by a 50-character high-entropy string, precisely matches Anthropic's key format. The key's long length and combination of uppercase letters, lowercase letters, numbers, and special characters indicate it is a real, computationally generated credential. This is not a placeholder, which would typically use repeating characters like 'x' or be a template. The assignment to a variable named `anthropicAPIKey` and its use in an `x-api-key` header provides explicit confirmation of its function as an authentication token."}} +{"id": 11, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 28, "secret": "AIzaSyB9X8Y7Z6W5V4U3T2S1R0P9Q8O7N6M5L4", "label": "True Positive"}, "actual": {"line_number": 28, "label": "True Positive", "secret_value": "AIzaSyB9X8Y7Z6W5V4U3T2S1R0P9Q8O7N6M5L4", "reason": "The value 'AIzaSyB9X8Y7Z6W5V4U3T2S1R0P9Q8O7N6M5L4' is a valid Firebase API Key. Its structure perfectly matches the known format for these secrets, beginning with the 'AIzaSy' prefix. The subsequent 33-character string exhibits high entropy with a random mix of uppercase letters, lowercase letters, numbers, and symbols, which is characteristic of a machine-generated credential. Unlike placeholders, this is a concrete value without any repetitive or generic characters. Although comments indicate staging, this is still a functional key that could be exploited for abuse or data leakage, making it a significant security risk when hardcoded in client-side code."}} +{"id": 11, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 45, "secret": "https://b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8@o123456.ingest.sentry.io/7890123", "label": "True Positive"}, "actual": {"line_number": 45, "label": "True Positive", "secret_value": "https://b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8@o123456.ingest.sentry.io", "reason": "The value is a Sentry Data Source Name (DSN), which is a credential used to authenticate events sent to the Sentry service. It follows the standard Sentry format: `https://@`. The key part of the value, 'b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8', is an 8-character high-entropy hexadecimal string, which is characteristic of a real, machine-generated credential. Unlike placeholders which use repeated characters (e.g., 'xxxxxxxx'), this value is fully-formed and unpredictable. Even when used in a non-production configuration, a DSN is a sensitive secret because it grants a client application permission to send data to a specific service account, enabling potential abuse and data integrity issues."}} +{"id": 11, "index": 3, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 48, "secret": "pk.eyJ1IjoiZGV2LWFjY291bnQiLCJhIjoiY2xwOXRzNWFjMDBsdDJrcWY2eGlrbmxmYSJ9.UThkRzFqazVwN3M0YjAyblRhbGF6UQ", "label": "True Positive"}, "actual": {"line_number": 48, "label": "True Positive", "secret_value": "pk.eyJ1IjoiZGV2LWFjY291bnQiLCJhIjoiY2xwOXRzNWFjMDBsdDJrcWY2eGlrbmxmYSJ9.UThkRzFqazVwN3M0YjAyblRhbGF6UQ", "reason": "The value 'pk.eyJ1IjoiZGV2LWFjY291bnQiLCJhIjoiY2xwOXRzNWFjMDBsdDJrcWY2eGlrbmxmYSJ9.UThkRzFqazVwN3M0YjAyblRhbGF6UQ' is a valid Mapbox API token. The prefix 'pk.' is a definitive, public identifier for this service type. The subsequent two blocks of Base64 encoded JSON represent a structured header, a body with account details (where 'de-account' is visible, confirming it's development-related), and a signature, creating a high-entropy value that is not a generic placeholder. Even though the associated context comments it as 'development', this is a functional credential that leaks information about the development environment and account structure. It is common practice to treat development API keys as secrets due to their security and informational value."}} +{"id": 11, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 159, "secret": "dd-api-a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", "label": "True Positive"}, "actual": {"line_number": 159, "label": "True Positive", "secret_value": "dd-api-a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", "reason": "The value 'dd-api-a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6' is a valid-format DataDog API key. Its structure, comprising the 'dd-api-' prefix followed by 32 hexadecimal characters, is a well-known pattern for DataDog keys. While the latter part of the string has a somewhat predictable sequence, it does not invalidate the finding; such sequences can occur in production keys due to generation algorithms or specific company policies. The value is not a generic placeholder like 'dd-api-xxxx' and presents a credible, unique credential. The surrounding Terraform code context, which sets this key for an agent installation script, further confirms its sensitive nature as it will grant the agent permissions to interact with a DataDog account."}} +{"id": 11, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 170, "secret": "dop_v1_8d3e6f2a7b1c4d9f8a6e3b0c5d7f0a9b8c7d6e5f4a3b2c1d0e9f8a7b6c5d4e3f", "label": "True Positive"}, "actual": {"line_number": 170, "label": "True Positive", "secret_value": "dop_v1_8d3e6f2a7b1c4d9f8a6e3b0c5d7f0a9b8c7d6e5f4a3b2c1d0e9f8a7b6c5d4e3f", "reason": "The value 'dop_v1_8d3e6f2a7b1c4d9f8a6e3b0c5d7f0a9b8c7d6e5f4a3b2c1d0e9f8a7b6c5d4e3f' is a valid DigitalOcean API token, identified by the 'dop_v1_' prefix. The alphanumeric string that follows the prefix is 64 characters long and exhibits high entropy, characteristic of a randomly generated credential. Although this value is part of a `variable` block and uses a `default`, it represents a concrete and fully-formed credential, not a placeholder. Developers often hardcode default secrets from development or test environments into variable defaults. The explicit `description` further confirms its purpose: 'DigitalOcean API token', making it a sensitive piece of information that must be secured."}} +{"id": 11, "index": 4, "sub_index": 2, "perfect_match": false, "error_fields": ["label"], "expected": {"line_number": 186, "secret": "DbP@ssw0rdF0rProd!2024*", "label": "True Positive"}, "actual": {"line_number": 186, "label": "False Positive", "secret_value": "DbP@ssw0rdF0rProd!2024*", "reason": "The value 'DbP@ssw0rdF0rProd!2024*' is a clear example of a weak password template, not a real secret. The value itself is composed of readable, concatenated dictionary words like 'Password', 'For', and 'Prod', making it highly predictable. A cryptographic password should be a string of random characters, not a recognizable phrase. While it follows the complexity rule (uppercase, lowercase, number, special character), its semantic structure and dictionary basis are strong indicators of a template used in documentation or development. This pattern teaches that readable, descriptive strings, even those containing password-like characters, should be classified as false positives as they lack the required cryptographic randomness and confidentiality."}} +{"id": 12, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 50, "secret": "postgres://webapp_user:p$3#R7s@Q!9F@prod-db-cluster-1.c4f3g2h1i0j.us-west-2.rds.amazonaws.com:5432/main_app_db", "label": "True Positive"}, "actual": {"line_number": 50, "label": "True Positive", "secret_value": "postgres://webapp_user:p$3#R7s@Q!9F@prod-db-cluster-1.c4f3g2h1i0j.us-west-2.rds.amazonaws.com:5432/main_app_db", "reason": "This value is a complete and functional PostgreSQL database connection string, which is a high-sensitivity credential. The credential follows the standard URI format `scheme://username:password@host:port/database`, providing all necessary components for database access. The password portion, 'p$3#R7s@Q!9F', exhibits high entropy with its random mix of alphanumeric characters and special symbols, indicating it is a real, machine-generated secret, not a generic placeholder. The hostname and RDS domain clearly identify this as pointing to a production AWS resource. Exposing a connection string is a critical security risk as it grants direct access to application data."}} +{"id": 12, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 55, "secret": "AC5f8e0a1b9c3d4e5f6a7b8c9d0e1f2a3b", "label": "True Positive"}, "actual": {"line_number": 55, "label": "True Positive", "secret_value": "AC5f8e0a1b9c3d4e5f6a7b8c9d0e1f2a3b", "reason": "The value 'AC5f8e0a1b9c3d4e5f6a7b8c9d0e1f2a3b' is a valid Twilio Account SID. The value is a 34-character string, which matches the exact format specified by Twilio, and its long, random string of hexadecimal characters exhibits high entropy, characteristic of a machine-generated secret. The 'AC' prefix is a definitive pattern for this specific credential type. Despite being in a code file, this is a fully formed, concrete credential, not a placeholder. The accompanying comment '# This credentials should be moved to a secure vault' explicitly confirms its sensitive nature and purpose as an authentication token."}} +{"id": 12, "index": 0, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 56, "secret": "5a94025a4392a8b9f7a7751c1e95c4a1", "label": "True Positive"}, "actual": {"line_number": 56, "label": "True Positive", "secret_value": "5a94025a4392a8b9f7a7751c1e95c4a1", "reason": "The value '5a94025a4392a8b9f7a7751c1e95c4a1' is a legitimate Twilio Authentication Token, identified by its specific 32-character hexadecimal format and high entropy. The value contains a random, unpredictable mix of letters and numbers, which is characteristic of a real cryptographic credential. This is a functional token, as confirmed by its assignment to the variable `TWILIO_AUTH_TOKEN` and its use in instantiating a `Client`. Although the comment correctly notes it should be in a vault, the value itself is a concrete, active secret that has been hardcoded. The presence of a real credential like this is a security risk, as it grants access to a third-party service."}} +{"id": 12, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 31, "secret": "AKIA4F5K6L7M8N9P0Q1R", "label": "True Positive"}, "actual": {"line_number": 31, "label": "True Positive", "secret_value": "AKIA4F5K6L7M8N9P0Q1R", "reason": "The value 'AKIA4F5K6L7M8N9P0Q1R' is an AWS Access Key ID, which is a high-entropy string confirming its authenticity as a credential. It perfectly matches the AWS format, starting with the 'AKIA' prefix and consisting of 20 mixed-case alphanumeric characters. Unlike a placeholder such as 'AKIAXXXXXXXXXXXXXXXX', this is a concrete value that could be active. The surrounding code context, where it's used with the `aws configure set aws_access_key_id` command in a CI/CD pipeline script, confirms its role as a security token. Leaking an Access Key ID, even if its corresponding secret key is also exposed, is a significant security risk as it grants an attacker the ability to impersonate an AWS user or role."}} +{"id": 12, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 32, "secret": "7hGjKlMnOpQrStUvWxYzAbCdEfGhIjKlMnOpQrSt", "label": "True Positive"}, "actual": {"line_number": 32, "label": "True Positive", "secret_value": "7hGjKlMnOpQrStUvWxYzAbCdEfGhIjKlMnOpQrSt", "reason": "The value '7hGjKlMnOpQrStUvWxYzAbCdEfGhIjKlMnOpQrSt' is a high-entropy alphanumeric string consistent with an AWS Access Key Secret. The value exhibits cryptographic randomness, with a mix of upper and lower-case letters and no discernible patterns, which is the defining characteristic of a machine-generated secret. Unlike placeholders, this is a concrete value that functions as an active credential. The surrounding context explicitly confirms this, as the `aws configure set aws_secret_access_key` command assigns this value to the secret key, marking it as a genuine, hardcoded secret."}} +{"id": 12, "index": 1, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 55, "secret": "https://hooks.slack.com/services/T01B2C3D4E5/F6G7H8I9J0K/l1m2n3o4p5q6r7s8t9u0v1w2", "label": "True Positive"}, "actual": {"line_number": 55, "label": "True Positive", "secret_value": "https://hooks.slack.com/services/T01B2C3D4E5/F6G7H8I9J0K/l1m2n3o4p5q6r7s8t9u0v1w2", "reason": "The value is a complete Slack Incoming Webhook URL, which is a high-entropy secret. It perfectly matches the service's well-documented URL format, consisting of the fixed base, a team ID, a channel ID, and a unique token. The final path component, 'l1m2n3o4p5q6r7s8t9u0v1w2', is a 24-character string with a random-looking mix of alphanumeric characters, indicating it is a real, unique credential. Unlike placeholders, this is a fully formed URL that grants permission to post messages to a specific Slack channel. The variable name `SLACK_WEBHOOK_URL` and its assignment within an `env` block in a CI/CD file strongly confirm its role as a secret credential."}} +{"id": 12, "index": 2, "sub_index": 0, "perfect_match": false, "error_fields": ["label"], "expected": {"line_number": 25, "secret": "db_admin_master", "label": "True Positive"}, "actual": {"line_number": 25, "label": "False Positive", "secret_value": "db_admin_master", "reason": "The value 'db_admin_master' is a low-entropy username, not a secret credential. It is constructed from human-readable, descriptive dictionary words ('db', 'admin', 'master') joined by underscores, which is a common programming convention for naming resources. Real secrets typically have high entropy and are composed of random, unpredictable characters. The value lacks the specific format, character set, or randomness expected of an API key or password. This pattern teaches that structured, readable names are public identifiers, not sensitive data, even when they refer to administrative roles."}} +{"id": 12, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 26, "secret": "S3cuRe_dBP@ssw0rd-f0R-Pr0d!2023", "label": "True Positive"}, "actual": {"line_number": 26, "label": "True Positive", "secret_value": "S3cuRe_dBP@ssw0rd-f0R-Pr0d!2023", "reason": "The value 'S3cuRe_dBP@ssw0rd-f0R-Pr0d!2023' is a True Positive because it is a complex, manually-crafted password that exhibits high entropy. The value uses a Leetspeak variant ('S3cuRe', 'dBP@ssw0rd', 'f0R', 'Pr0d'), which is a common technique for creating memorable yet strong passwords by replacing letters with numbers or symbols. The mix of uppercase letters, lowercase letters, numbers, and special characters (@, !, -) makes the value unpredictable. Unlike a placeholder like 'password123', this is a fully-formed, concrete credential. The variable name `password` and its context within a database resource block provide direct and unambiguous confirmation that this is an authentication secret."}} +{"id": 12, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 14, "secret": "AIzaSyB_V9zC5gE8fH7iJ6kL4mN3oP2qR1sT0uW", "label": "True Positive"}, "actual": {"line_number": 14, "label": "True Positive", "secret_value": "AIzaSyB_V9zC5gE8fH7iJ6kL4mN3oP2qR1sT0uW", "reason": "The value 'AIzaSyB_V9zC5gE8fH7iJ6kL4mN3oP2qR1sT0uW' is a valid Google API Key, which functions as a secret credential. The prefix 'AIzaSyB' is a specific marker for Google's keys. The string has high entropy, consisting of a random 25-character mixture of alphanumeric characters (including '_'), which is characteristic of a real, programmatically generated key. Unlike a placeholder, this is a concrete value that appears to follow the exact format. Hardcoding a real key in source code is a significant vulnerability, as it can be extracted and abused by anyone with access to the repository."}} +{"id": 12, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 19, "secret": "8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d", "label": "True Positive"}, "actual": {"line_number": 19, "label": "True Positive", "secret_value": "8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d", "reason": "The value '8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d' is a 32-character hexadecimal string that exhibits high entropy, a common format for authentication tokens. Although the value is predictable by construction (it's a simple repeating sequence of hexadecimal characters), its format and the context of the variable name 'mixpanelToken' are strong indicators of a real credential. Secrets can sometimes follow simple patterns and still be valid for development or staging environments. This value is not a generic placeholder like 'YOUR_TOKEN_HERE' or a template variable; it's a fully-formed, concrete credential string. The presence of a specific API key format and an informative variable name make this a clear true positive."}} +{"id": 12, "index": 3, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 24, "secret": "https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o123456.ingest.sentry.io/7890123", "label": "True Positive"}, "actual": {"line_number": 24, "label": "True Positive", "secret_value": "https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o123456.ingest.sentry.io", "reason": "The value is a Sentry Data Source Name (DSN), a common type of credential. Its format, 'https://@', is a clear identifier for this secret type. The public UUID, 'a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6', exhibits high entropy with a random mix of hexadecimal characters, which is characteristic of a real credential, not a placeholder. While the Sentry organization ID (`o123456`) is generic, the presence of a high-entropy, specific UUID as the authentication token within the DSN makes the entire value a security risk. Hardcoding this value allows anyone with access to the source code to send potentially malicious error events to the specified Sentry project."}} +{"id": 12, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 71, "secret": "7hV$kZ&mN@3qP!s9", "label": "True Positive"}, "actual": {"line_number": 71, "label": "True Positive", "secret_value": "7hV$kZ&mN@3qP!s9", "reason": "The value '7hV$kZ&mN@3qP!s9' is a high-entropy password. It exhibits strong signs of a real credential due to its combination of mixed-case letters, numbers, and special characters, creating a random and unpredictable pattern. This specific value has sufficient length and complexity, distinguishing it from generic placeholders or low-entropy examples. The context confirms its sensitivity, as it's assigned to the `Password` field in a `redis.Options` struct, a classic pattern for hardcoded Redis authentication credentials. Developers sometimes commit such credentials from local or development environments, and they pose a significant security risk even if they grant limited access."}} +{"id": 12, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 79, "secret": "97937562479e3b12328059332f78816c", "label": "True Positive"}, "actual": {"line_number": 79, "label": "True Positive", "secret_value": "97937562479e3b12328059332f78816c", "reason": "The value '97937562479e3b12328059332f78816c' is a high-entropy string consistent with the format of a Datadog API key. The 32-character hexadecimal string exhibits cryptographic randomness with no discernible patterns or placeholder characters. Its format perfectly matches the specific specification for Datadog API keys. The variable name `apiKey` and the comment `// API credentials for sending metrics.` provide strong contextual evidence that this value is an active credential. Hardcoding such a specific key is a significant security risk, as it grants direct access to the Datadog account it represents."}} +{"id": 12, "index": 4, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 80, "secret": "2d0a5127f827913a48eacb9231f24f4648eacb92", "label": "True Positive"}, "actual": {"line_number": 80, "label": "True Positive", "secret_value": "2d0a5127f827913a48eacb9231f24f4648eacb92", "reason": "The value '2d0a5127f827913a48eacb9231f24f4648eacb92' is a 40-character hexadecimal string, which is the precise format for a Datadog Application Key. The string exhibits high entropy with a random mix of letters and numbers, indicating it is a cryptographically generated credential, not a placeholder. Unlike a generic example like 'xxxxxxxx...', this is a fully-formed key. This is confirmed by its usage, where it is assigned to the variable `appKey` and passed as an argument to the `datadog.NewClient` function. Even if found in example code, such a concrete, high-entropy value represents a significant security risk as it could be a real, active key."}} +{"id": 13, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 91, "secret": "AKIAU4V3K7J5P2QWSDYR", "label": "True Positive"}, "actual": {"line_number": 91, "label": "True Positive", "secret_value": "AKIAU4V3K7J5P2QWSDYR", "reason": "The value 'AKIAU4V3K7J5P2QWSDYR' is a valid AWS Access Key ID (AKID). It perfectly matches the AWS format, starting with the 'AKIA' prefix and followed by 16 uppercase alphanumeric characters. This string has high entropy and lacks any placeholder characteristics like repetition or generic terms, indicating it is a real credential. The associated parameter `aws_access_key_id` provides explicit context that this value is intended for authentication. Although Akids are typically used with a corresponding secret key, the AKID itself is a hardcoded credential and must be treated as a secret, as it identifies an AWS account."}} +{"id": 13, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 92, "secret": "fT9zY3uBvRx+pLgWjN5oH8mKcVdEaGhIqJbXzL7s", "label": "True Positive"}, "actual": {"line_number": 92, "label": "True Positive", "secret_value": "fT9zY3uBvRx+pLgWjN5oH8mKcVdEaGhIqJbXzL7s", "reason": "The secret value 'fT9zY3uBvRx+pLgWjN5oH8mKcVdEaGhIqJbXzL7s' is a legitimate AWS secret access key. The value is a 40-character high-entropy string exhibiting a random distribution of mixed-case letters, numbers, and symbols (`+`/`=`), which is characteristic of Base64-encoded cryptographic secrets. Unlike placeholders, this is a concrete, fully-formed key that matches the expected format and complexity for an AWS secret. The surrounding code context, with the `aws_secret_access_key` parameter name and use of the `boto3.Session` object, definitively confirms its role as an authentication credential."}} +{"id": 13, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 64, "secret": "v#8kP!s7TqR2zL$mG@fD", "label": "True Positive"}, "actual": {"line_number": 64, "label": "True Positive", "secret_value": "v#8kP!s7TqR2zL$mG@fD", "reason": "The value 'v#8kP!s7TqR2zL$mG@fD' is a high-entropy string that clearly functions as a password. Its structure, combining mixed-case letters, numbers, and special characters, indicates cryptographic randomness, not a placeholder pattern. The context of the Terraform configuration file, where this is assigned to the `password` parameter for an `aws_db_instance`, confirms its use as a direct credential. Unlike a generic placeholder like 'Password123' or a variable, this is a concrete, fully-formed password that poses a significant security risk if exposed."}} +{"id": 13, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 128, "secret": "postgres://webapp_svc:dG93nK#md!9S@pg-primary.prod.svc.cluster.local:5432/payments_db", "label": "True Positive"}, "actual": {"line_number": 128, "label": "True Positive", "secret_value": "postgres://webapp_svc:dG93nK#md!9S@pg-primary.prod.svc.cluster.local:5432/payments_db", "reason": "This value is a complete database connection string containing embedded credentials. It follows the standard format `protocol://user:password@host:port/database`, which exposes authentication material directly. The credential pair `webapp_svc:dG93nK#md!9S` is a clear secret, as the password `dG93nK#md!9S` is a high-entropy string composed of mixed-case letters, numbers, and special characters, indicating it is a generated key and not a placeholder. Even though the hostname is internal (`.prod.svc.cluster.local`), a connection string is sensitive because it reveals database topology and potentially provides a vector into a production environment for attackers. The value represents a fully functional credential set."}} +{"id": 13, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 144, "secret": "sk_live_51Mv9BfGk7Lw3zYqSjU2dRaXt1cVhN8eIoP6bA5cZfTxW", "label": "True Positive"}, "actual": {"line_number": 144, "label": "True Positive", "secret_value": "sk_live_51Mv9BfGk7Lw3zYqSjU2dRaXt1cVhN8eIoP6bA5cZfTxW", "reason": "The value 'sk_live_51Mv9BfGk7Lw3zYqSjU2dRaXt1cVhN8eIoP6bA5cZfTxW' is a valid Stripe Live Secret Key. The specific prefix 'sk_live_' is a strong indicator, as it follows Stripe's defined format for live API credentials. The remaining Base56 string exhibits high entropy with a random mixture of alphanumeric characters, which is characteristic of a real, machine-generated key, not a generic placeholder. Unlike a template like 'sk_live_YOUR_KEY_HERE', this is a fully-formed credential. The assignment to the variable `stripe.Key` and its proximity to server setup code confirm its purpose as an authentication token, making this a critical secret exposure."}} +{"id": 13, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 40, "secret": "dckr_pat_1sA3fG5hJ8kL2mN4pQ6rT8uV0wX2z", "label": "True Positive"}, "actual": {"line_number": 40, "label": "True Positive", "secret_value": "dckr_pat_1sA3fG5hJ8kL2mN4pQ6rT8uV0wX2z", "reason": "The value 'dckr_pat_1sA3fG5hJ8kL2mN4pQ6rT8uV0wX2z' is a syntactically valid Docker Personal Access Token (PAT). The prefix 'dckr_pat_' is a specific, known format identifier for Docker Hub PATs. The subsequent 36-character string exhibits high entropy, mixing upper and lower case letters and numbers, which is consistent with the format of a machine-generated credential. Unlike a placeholder like '', this is a concrete string that could be an active credential. The parameter name 'password' and the context of a 'docker/login-action' confirm its role as an authentication secret for logging into Docker Hub. Exposing this credential in a CI/CD workflow is a significant security risk."}} +{"id": 13, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 59, "secret": "HRKU-a1b2c3d4-e5f6-7890-1234-567890abcdef", "label": "True Positive"}, "actual": {"line_number": 59, "label": "True Positive", "secret_value": "HRKU-a1b2c3d4-e5f6-7890-1234-567890abcdef", "reason": "The value 'HRKU-a1b2c3d4-e5f6-7890-1234-567890abcdef' is a valid Heroku API Key. Its format is explicitly defined by the 'HRKU-' prefix, followed by a standard UUID (Universally Unique Identifier) structure composed of hexadecimal characters and hyphens. While the latter portion of this specific value exhibits low entropy as it's a sequential example pattern ('a1b2c3d4...'), the overall structure and official prefix make it unequivocally identifiable as a Heroku credential. The parameter name 'heroku_api_key' in a deployment action further confirms its sensitive nature. Hardcoding a credential, even if it uses a placeholder format, is a significant security anti-pattern that exposes the key's existence and can be used to query API rate limits or attempt further attacks."}} +{"id": 13, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 193, "secret": "SG.lI8pZ3jT9qW7eR1aV5bC0x.mK4oH6sN2yU9iO-pLgJ7fDcXvBwZqR", "label": "True Positive"}, "actual": {"line_number": 193, "label": "True Positive", "secret_value": "SG.lI8pZ3jT9qW7eR1aV5bC0x.mK4oH6sN2yU9iO-pLgJ7fDcXvBwZqR", "reason": "The value 'SG.lI8pZ3jT9qW7eR1aV5bC0x.mK4oH6sN2yU9iO-pLgJ7fDcXvBwZqR' is a valid SendGrid API Key, definitively identifiable by its 'SG.' prefix. This specific prefix is a well-documented pattern for API keys issued by SendGrid. The value is composed of three parts separated by dots, with the second and third parts being high-entropy strings, matching the precise format specified by SendGrid. Unlike a placeholder like 'SG.YOUR_API_KEY', this is a concrete, fully-formed credential. Even though the comment suggests it's a temporary solution, it represents a significant security risk as it is a real, functioning key from a development or staging environment."}} +{"id": 13, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 207, "secret": "9u8x/A?D(G+KbPeShVmYp3s6v9y$B&E)", "label": "True Positive"}, "actual": {"line_number": 207, "label": "True Positive", "secret_value": "9u8x/A?D(G+KbPeShVmYp3s6v9y$B&E)", "reason": "The value '9u8x/A?D(G+KbPeShVmYp3s6v9y$B&E)' is a high-entropy string that perfectly matches the characteristics of a cryptographic signing key. It exhibits significant randomness with a mix of alphanumeric characters, symbols, and punctuation, and lacks any discernible patterns or placeholder elements. Unlike a simple example like 'MY_SUPER_SECRET_KEY', this is a concrete, fully-formed credential. The variable name 'JwtSigningKey' and its surrounding documentation explicitly confirm its function as a credential for signing JWTs, which is a security-critical operation. Hardcoding any key with high entropy and a clear cryptographic function is a security risk, as its exposure could lead to token forgery and unauthorized access, regardless of the developer's temporary storage intention."}} +{"id": 14, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 99, "secret": "postgresql://order_svc:pL3#cV8@dK!zN@prod-db-eu-west-1.c4jwk9zabcdef.rds.amazonaws.com:5432/orders_prod", "label": "True Positive"}, "actual": {"line_number": 99, "label": "True Positive", "secret_value": "postgresql://order_svc:pL3#cV8@dK!zN@prod-db-eu-west-1.c4jwk9zabcdef.rds.amazonaws.com:5432/orders_prod", "reason": "The provided value is a complete and valid PostgreSQL connection string. The format `postgresql://user:password@host:port/database` is a standard protocol for database credentials. The password component, `pL3#cV8@dK!zN`, is a high-entropy string with mixed-case letters, numbers, and special characters, indicating it is a real, cryptographically generated credential. Unlike a placeholder, this is a fully-formed string designed to grant direct access to a production database. Although the comment mentions environment variables, the presence of a concrete credential with high entropy for a 'prod' database makes this a severe security risk, as it could be a live development or test key."}} +{"id": 14, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 101, "secret": "sk_live_51Mv4xEAklC1kABi8gqYtY9eBpJc7dFwZ7yX2vH3uL5bNqD6kRzT0fA9gS1hJk0bVcGfI4oE3mNlP2rWqAbcDef123", "label": "True Positive"}, "actual": {"line_number": 101, "label": "True Positive", "secret_value": "sk_live_51Mv4xEAklC1kABi8gqYtY9eBpJc7dFwZ7yX2vH3uL5bNqD6kRzT0fA9gS1hJk0bVcGfI4oE3mNlP2rWqAbcDef123", "reason": "The value is a valid Stripe Secret Key, identifiable by its 'sk_live_' prefix, a strong indicator for a production Stripe API key. The subsequent 44-character alphanumeric string exhibits high entropy and matches the exact format specified by Stripe, confirming it is a specific, non-placeholder key. This is a concrete, operational credential. Although the comment mentions configuration should use environment variables, the hardcoded value itself is a secret. The key's proximity to the `stripe` library import and its assignment to `stripe.api_key` further solidify its classification as a secret being used for live authentication."}} +{"id": 14, "index": 0, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 117, "secret": "SG.s5h4z9k8TqO6y2n7v1m3pA.c4fGkRpLwE9xVbU3zJ8aQoI7tYdD5sW2iH6uX0O", "label": "True Positive"}, "actual": {"line_number": 117, "label": "True Positive", "secret_value": "SG.s5h4z9k8TqO6y2n7v1m3pA.c4fGkRpLwE9xVbU3zJ8aQoI7tYdD5sW2iH6uX0O", "reason": "The value 'SG.s5h4z9k8TqO6y2n7v1m3pA.c4fGkRpLwE9xVbU3zJ8aQoI7tYdD5sW2iH6uX0O' is a valid SendGrid API Key. Its structure, with three dot-separated segments and high-entropy alphanumeric characters within the latter two parts, matches the known format for SendGrid credentials. The distinct 'SG.' prefix is an explicit indicator of this secret type. Unlike a generic placeholder, which might use repeated characters like 'x' or descriptive terms, this is a concrete, high-entropy value ready for authentication. The variable name `sg_api_key` and its subsequent use with the `sendgrid` library's client confirm its sensitive purpose, making its hardcoding a critical security risk."}} +{"id": 14, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 32, "secret": "AKIA4F3PH5XH637P5Q2S", "label": "True Positive"}, "actual": {"line_number": 32, "label": "True Positive", "secret_value": "AKIA4F3PH5XH637P5Q2S", "reason": "The value 'AKIA4F3PH5XH637P5Q2S' is a valid AWS Access Key ID, which is a component of a hardcoded AWS credential set. The value perfectly matches the expected format: the 'AKIA' prefix followed by 16 uppercase letters and digits, exhibiting high entropy and lack of discernible patterns. This is not a placeholder, as it lacks template syntax like `${var}` or generic characters like 'X'. The parameter name `aws-access-key-id` and the associated `aws-secret-access-key` on the next line definitively confirm its sensitive nature. Even if this is a real key from a development or CI/CD environment, it represents a significant security risk."}} +{"id": 14, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 33, "secret": "9jK/lM8nO3pQr7sT6uV1wXyZ0aB4cD8fE9gHh2iJ", "label": "True Positive"}, "actual": {"line_number": 33, "label": "True Positive", "secret_value": "9jK/lM8nO3pQr7sT6uV1wXyZ0aB4cD8fE9gHh2iJ", "reason": "The value '9jK/lM8nO3pQr7sT6uV1wXyZ0aB4cD8fE9gHh2iJ' is a legitimate AWS secret access key. It exhibits the high entropy and random character distribution characteristic of a real credential, containing a mix of upper/lower case letters, numbers, and symbols. The value has a length of 40 characters, which is the exact format specified by AWS for secret access keys. The context confirms this, as the value is assigned to the parameter `aws-secret-access-key` within an `aws-actions/configure-aws-credentials` block in a GitHub Actions workflow. This pattern represents a direct hardcoding of a real credential, which is a critical security vulnerability."}} +{"id": 14, "index": 1, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 40, "secret": "dckr_pat_aJkLmnOpQrStUvWxYzAbCdEfGhIjK12345", "label": "True Positive"}, "actual": {"line_number": 40, "label": "True Positive", "secret_value": "dckr_pat_aJkLmnOpQrStUvWxYzAbCdEfGhIjK12345", "reason": "The value 'dckr_pat_aJkLmnOpQrStUvWxYzAbCdEfGhIjK12345' is a Docker Personal Access Token (PAT), confirmed by the service-specific prefix 'dckr_pat_'. The subsequent 30 characters are a Base64-encoded string with high entropy, which matches the format of a real Docker PAT. The variable name 'password' and its use within a `docker/login-action` context provide strong contextual evidence that this is a credential. Even if the alphanumeric part of this string appears somewhat repetitive, it is a valid format for a token generated by the service, and its presence in a workflow file is a significant security risk."}} +{"id": 14, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 64, "secret": "amqp://ingest_worker:HkP8#sF!t$jR@rabbitmq.prod.svc.cluster.local:5672/", "label": "True Positive"}, "actual": {"line_number": 64, "label": "True Positive", "secret_value": "amqp://ingest_worker:HkP8#sF!t$jR@rabbitmq.prod.svc.cluster.local:5672/", "reason": "The value is a complete AMQP connection string embedding a username and password. The password portion, 'HkP8#sF!t$jR', exhibits high entropy with a random mix of uppercase letters, lowercase letters, numbers, and special characters, which is a strong indicator of a real credential. The string is not a placeholder as it is fully formed and presents a specific username 'ingest_worker'. Although the surrounding code comments on this PoC string, it represents a fully functional credential, making it a security risk even if intended for a development or staging environment. Hardcoding such credentials is a common development anti-pattern that can be exploited."}} +{"id": 14, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 74, "secret": "R9bXmPZc$vT2sK!eN5wF8qGg4jA#7D", "label": "True Positive"}, "actual": {"line_number": 74, "label": "True Positive", "secret_value": "R9bXmPZc$vT2sK!eN5wF8qGg4jA#7D", "reason": "The value 'R9bXmPZc$vT2sK!eN5wF8qGg4jA#7D' is a high-entropy password, characterized by a random mix of uppercase letters, lowercase letters, numbers, and special characters. Unlike placeholders, this is a concrete, fully-formed credential that meets cryptographic standards for strength. The value is assigned directly to the `Password` field within a Redis client configuration object, providing explicit context that it is used for authentication. While the surrounding comment suggests this is from a proof-of-concept, hardcoding a real, high-entropy password like this is a significant security risk, as it may be a valid key for a production or development environment. The value exhibits no signs of being an example, template, or placeholder."}} +{"id": 14, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 123, "secret": "Adm1nPassw0rd&SuperS3cure!v9h2k4m5", "label": "True Positive"}, "actual": {"line_number": 123, "label": "True Positive", "secret_value": "Adm1nPassw0rd&SuperS3cure!v9h2k4m5", "reason": "The value 'Adm1nPassw0rd&SuperS3cure!v9h2k4m5' is a hardcoded password for a database administrator account in a production environment. While it contains dictionary words like 'Admin' and 'Password', it incorporates correct password best practices such as mixed-case letters, numbers ('0', '3', '9', '2', '4', '5'), and special characters ('&', '!'). The specific appended alphanumeric string 'v9h2k4m5' significantly increases entropy and makes the password unpredictable, differentiating it from a simple placeholder. Hardcoding credentials even for test accounts is a security risk, but this value exhibits complexity characteristic of a real, user-generated password in a development or production pipeline."}} +{"id": 14, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 138, "secret": "kpat_9uGvP3wFxBzQr7YtL1sJmN5cH2oVb4fD8S", "label": "True Positive"}, "actual": {"line_number": 138, "label": "True Positive", "secret_value": "kpat_9uGvP3wFxBzQr7YtL1sJmN5cH2oVb4fD8S", "reason": "The value 'kpat_9uGvP3wFxBzQr7YtL1sJmN5cH2oVb4fD8S' is a genuine hardcoded secret, specifically an API token for the KeepassXCXC API (kpat_). This is identified by the service-specific prefix 'kpat_', which is a strong indicator of a real credential. The rest of the token is a 40-character string exhibiting high entropy with a random mix of uppercase letters, lowercase letters, and digits, which is characteristic of an algorithmically generated key. Unlike a placeholder, this is a fully-formed token. Even if intended for development or testing, hardcoding live credentials is a significant security risk."}} +{"id": 14, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 20, "secret": "pk.eyJ1Ijoiam9obmRvZWNvcnAiLCJhIjoiY2xwYzh0ZzAyMGN3ZTJqcWpybHZ0MHEzayJ9.iG8jdU1cR3vBwF2pZ5oKqQ", "label": "True Positive"}, "actual": {"line_number": 20, "label": "True Positive", "secret_value": "pk.eyJ1Ijoiam9obmRvZWNvcnAiLCJhIjoiY2xwYzh0ZzAyMGN3ZTJqcWpybHZ0MHEzayJ9.iG8jdU1cR3vBwF2pZ5oKqQ", "reason": "The value is a valid Mapbox Public Access Token, definitively identified by its 'pk.' prefix and multipart base64 structure. Although intended for client-side use, this token can grant unauthorized access to resources, including geo-data and API calls, which is a significant security risk. The payload section contains specific user and resource IDs, revealing application architecture. Unlike generic placeholders, this is a fully-formed, functional token that could be abused if extracted from client code or source control. This pattern teaches that client-side tokens are credentials and must be handled as secrets, often best managed via environment variables or token vending services, even if they are not the primary secrets for a system."}} +{"id": 14, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 23, "secret": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io/789012", "label": "True Positive"}, "actual": {"line_number": 23, "label": "True Positive", "secret_value": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io", "reason": "This value is a Sentry DSN (Data Source Name), which functions as a form of API key. Its structure, including the high-entropy public token 'a1b2c3d4e5f67890a1b2c3d4e5f67890', the '@' separator, and the specific Sentry subdomain, identifies it precisely. The public token part of the DSN, despite being publicly readable, must be kept secret because it links errors directly to a specific Sentry project. If exposed in source code, an attacker can use it to send false error reports, spamming the project and overwhelming monitoring systems. The presence of this complete and structurally valid DSN, rather than a generic placeholder like 'YOUR_DSN', confirms it is a real credential for an active Sentry project."}} +{"id": 15, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 53, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 53, "label": "True Positive", "secret_value": "AKIAY3R4WZ76X2P5QJ6M", "reason": "The value 'AKIAY3R4WZ76X2P5QJ6M' is a validly formatted AWS Access Key ID, identifiable by its specific 'AKIA' prefix. The 20-character string exhibits high entropy with a random mix of uppercase letters and digits, characteristic of a real, machine-generated credential. Unlike placeholders, this is a concrete value that can be used for authentication. The variable name `AWS_ACCESS_KEY_ID` provides definitive context, and the adjacent line containing the `AWS_SECRET_ACCESS_KEY` confirms this is a complete, albeit legacy, set of credentials. Hardcoding credentials in source code is a critical security flaw, regardless of the account's purpose or age."}} +{"id": 15, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 54, "secret": "jTpHv9rX8wB1nA6sF2gK7cZ5bV4mE0yL3dI9oU8a", "label": "True Positive"}, "actual": {"line_number": 54, "label": "True Positive", "secret_value": "jTpHv9rX8wB1nA6sF2gK7cZ5bV4mE0yL3dI9oU8a", "reason": "The value 'jTpHv9rX8wB1nA6sF2gK7cZ5bV4mE0yL3dI9oU8a' is a valid AWS Secret Access Key, identifiable by its structure and high entropy. This 40-character alphanumeric string exhibits significant randomness with no repetitive or predictable patterns, which is a defining characteristic of a real credential. Unlike a placeholder, this is a fully-formed value that could be an active key. The context, specifically the variable name 'AWS_SECRET_ACCESS_KEY' and its direct use in `boto3.client()`, explicitly confirms its sensitive nature. Even if intended for a legacy system, hardcoding a real secret of this format is a critical security risk."}} +{"id": 15, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 134, "secret": "8kL~7QjN_p9sFt.gY2vWzXbC-aH1mO6rE5", "label": "True Positive"}, "actual": {"line_number": 134, "label": "True Positive", "secret_value": "8kL~7QjN_p9sFt.gY2vWzXbC-aH1mO6rE5", "reason": "The value '8kL~7QjN_p9sFt.gY2vWzXbC-aH1mO6rE5' is a high-entropy, random string characteristic of a real credential. Its mix of uppercase letters, lowercase letters, numbers, and special symbols (`~`, `.`, `-`) provides no discernible pattern, which is a strong indicator of a machine-generated secret. Unlike a placeholder like 'YOUR_SECRET' or a repeated character string, this is a fully-formed, unique value. The context of being assigned to the parameter `client_secret` in an Azure provider block definitively classifies it as authentication material. Hardcoding credentials like this is a significant security risk, as it could allow anyone with source code access to impersonate the application in Azure."}} +{"id": 15, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 13, "secret": "E#9z$RFt@k*b2v!gHqP5sYuL", "label": "True Positive"}, "actual": {"line_number": 13, "label": "True Positive", "secret_value": "E#9z$RFt@k*b2v!gHqP5sYuL", "reason": "The value 'E#9z$RFt@k*b2v!gHqP5sYuL' is a high-entropy password, as evidenced by its combination of mixed-case letters, numbers, and special symbols. The value displays randomness and lack of any discernible pattern, which is a strong indicator of a machine-generated credential. Unlike a placeholder or template, this is a specific, unique string that matches the complexity expected of a production secret. Its assignment to the `spring.datasource.password` key within a database configuration block in what appears to be a production file ('prod.rds.amazonaws.com') provides overwhelming context confirming its sensitive nature. Hardcoding passwords like this is a critical security vulnerability, regardless of its location in a commented-out or test configuration file."}} +{"id": 15, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 23, "secret": "YjJkNDY3YTZlY2U1MjRiYzhmNmU5ODE5ZjQ5NjA3YjI5ZWIzMDUyN2U0NjM5NWY1OTM2NGYxYzJkNWY4N2Y1NA==", "label": "True Positive"}, "actual": {"line_number": 23, "label": "True Positive", "secret_value": "YjJkNDY3YTZlY2U1MjRiYzhmNmU5ODE5ZjQ5NjA3YjI5ZWIzMDUyN2U0NjM5NWY1OTM2NGYxYzJkNWY4N2Y1NA==", "reason": "The secret value 'YjJkNDY3YTZlY2U1MjRiYzhmNmU5ODE5ZjQ5NjA3YjI5ZWIzMDUyN2U0NjM5NWY1OTM2NGYxYzJkNWY4N2Y1NA==' is a high-entropy string in Base64 format. This format is frequently used to encode cryptographic keys and other binary data, making it a common method for hardcoding secrets. The value's length (64 Base64 characters) and random character distribution are strong indicators of a real cryptographic key, not a placeholder or example. The configuration key `auth.jwt.secret` explicitly confirms its purpose is for signing JWTs. Embedding this key directly in a configuration file is a critical security vulnerability, as it grants the ability to forge authentication tokens."}} +{"id": 15, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 96, "secret": "https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o123456.ingest.sentry.io/7890123", "label": "True Positive"}, "actual": {"line_number": 96, "label": "True Positive", "secret_value": "https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o123456.ingest.sentry.io", "reason": "The value is a Sentry Data Source Name (DSN), a credential that contains both a sensitive authentication token (`a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5`) and a resource identifier (`o123456`). The 32-character hexadecimal string exhibits high entropy and matches the format of a valid Sentry auth token, differentiating it from generic placeholders. This value is embedded directly in the URL, a common but insecure practice. If this DSN is valid and active in a production environment, it grants unauthorized access to the organization's Sentry project, allowing anyone to submit logs, metrics, and errors under the project's identity."}} +{"id": 15, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 105, "secret": "pk.eyJ1IjoiZGFzaGJvYXJkdXNlciIsImEiOiJjazlzcDU0OWowMGR2M2Vud2IzaDV2ZHJtIn0.7gU6DqR7wE5qM1vN8sY2fQ", "label": "True Positive"}, "actual": {"line_number": 105, "label": "True Positive", "secret_value": "pk.eyJ1IjoiZGFzaGJvYXJkdXNlciIsImEiOiJjazlzcDU0OWowMGR2M2Vud2IzaDV2ZHJtIn0.7gU6DqR7wE5qM1vN8sY2fQ", "reason": "The value is a valid Mapbox Public Access Token, identifiable by the characteristic `pk.` prefix and a structure that follows the token specification. This format, which consists of three Base64 encoded parts separated by dots, contains cryptographically signed data that proves the token's authenticity and source. The payload portion (`eyJ1IjoiZGFzaGJvYXJkdXNlciIsImEiOiJjazlzcDU0OWowMGR2M2Vud2IzaDV2ZHJtIn0`) explicitly reveals the user ID 'dashboarduser' and another identifier 'k9sp549j0mdr2envvbh5vjrm', which is not a generic placeholder. Although labeled 'public', these tokens are still sensitive credentials because they are rate-limited and tied to a specific account, making their exposure a security risk. The variable name `accessToken` and its use in initializing Mapbox SDKs confirm its sensitive nature."}} +{"id": 15, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 22, "secret": "dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE", "label": "True Positive"}, "actual": {"line_number": 22, "label": "True Positive", "secret_value": "dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE", "reason": "The value `dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE` is a genuine Docker Personal Access Token. The value itself provides definitive evidence, as it begins with the service-specific prefix `dckr_pat_`. This prefix is a unique identifier for this type of credential, distinguishing it from generic strings or other token formats. The subsequent 40-character string exhibits high entropy with a random combination of alphanumeric characters, which is characteristic of a real, machine-generated token. Although it appears in a CI/CD configuration file, which is a common location for secrets, it is a concrete value, not a placeholder. Hardcoding this type of token is a critical security risk, as it can grant unauthorized access to Docker Hub repositories."}} +{"id": 15, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 39, "secret": "https://hooks.slack.com/services/T00ABCDEF12/B00GHIJKL34/xYpQrStUvWxZaBcDeFgHiJkL", "label": "True Positive"}, "actual": {"line_number": 39, "label": "True Positive", "secret_value": "https://hooks.slack.com/services/T00ABCDEF12/B00GHIJKL34/xYpQrStUvWxZaBcDeFgHiJkL", "reason": "The value is a fully-formed Slack Incoming Webhook URL, identifiable by the service path `hooks.slack.com/services/` and the path structure containing distinct token components. The final segment of the URL, 'xYpQrStUvWxZaBcDeFgHiJkL', is a 24-character high-entropy string, which precisely matches Slack's known format for webhook tokens. While the first two path segments use generic identifiers ('T00ABCDEF12', 'B00GHIJKL34'), these are Slack workspace and channel IDs, which are not considered secrets themselves but are required to route the token. This entire, concrete value represents a functional credential granting access to post messages in a specific Slack channel, making it a genuine secret. Hardcoding such credentials in CI/CD scripts like this is a common security vulnerability."}} +{"id": 15, "index": 4, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 53, "secret": "https://hooks.slack.com/services/T00ABCDEF12/B00GHIJKL34/xYpQrStUvWxZaBcDeFgHiJkL", "label": "True Positive"}, "actual": {"line_number": 53, "label": "True Positive", "secret_value": "https://hooks.slack.com/services/T00ABCDEF12/B00GHIJKL34/xYpQrStUvWxZaBcDeFgHiJkL", "reason": "This value is a classic Slack Incoming Webhook URL, which serves as a sensitive secret. The value follows the exact and well-documented Slack format: `https://hooks.slack.com/services///`. While parts of the ID (`T00ABCDEF12`, `B00GHIJKL34`) are dummy placeholders, the token component (`xYpQrStUvWxZaBcDeFgHiJkL`) is a high-entropy, 24-character random string, consistent with a real credential. This URL allows anyone with it to post messages to a Slack channel, making its compromise a significant security risk. The context within an `env` block for an `action-slack` workflow explicitly confirms its use as a webhook token."}} +{"id": 16, "index": 0, "sub_index": 0, "perfect_match": false, "error_fields": ["label"], "expected": {"line_number": 97, "secret": "postgres://user_prod_rw:dG9m9#4k!sPq@db-prod-cluster.c8x4z1b2q3r.us-east-1.rds.amazonaws.com:5432/main_app", "label": "True Positive"}, "actual": {"line_number": 97, "label": "False Positive", "secret_value": "postgres://user_prod_rw:dG9m9#4k!sPq@db-prod-cluster.c8x4z1b2q3r.us-east-1.rds.amazonaws.com:5432/main_app", "reason": "Although the value is a complete PostgreSQL connection string containing an embedded password, the username 'user_prod_rw' is a non-sensitive, programmatic identifier. Real users typically have human-readable names or identifiers, whereas this username format ('user' + 'prod' + 'rw') clearly defines the user's read-write role and production environment without revealing any confidential information. This pattern is a common practice for a generic database user created to grant specific, limited permissions to applications. Because the password 'dG9m9#4k!sPq' also has a very low entropy, being a simple, repeated character sequence, it further confirms this is not a real credential but a placeholder or example."}} +{"id": 16, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 98, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 98, "label": "True Positive", "secret_value": "AKIAY3R4WZ76X2P5QJ6M", "reason": "The value 'AKIAY3R4WZ76X2P5QJ6M' is a valid AWS Access Key ID, identified definitively by its 'AKIA' prefix, which is reserved for this service. The 20-character alphanumeric string exhibits high entropy and conforms to the exact format specified by Amazon Web Services. Unlike placeholders or template variables, this is a fully formed, concrete credential. The surrounding variable name `S3_ACCESS_KEY` provides strong contextual confirmation, and its presence along with a secret key in code is a critical security vulnerability, regardless of the associated TODO comment. The exposure of any valid key is a significant risk, as it can be used for authentication to cloud resources."}} +{"id": 16, "index": 0, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 99, "secret": "jT4vK9sL+pQ8wX6zC2nH7bF1gR5eD3aU0iO/mNkW", "label": "True Positive"}, "actual": {"line_number": 99, "label": "True Positive", "secret_value": "jT4vK9sL+pQ8wX6zC2nH7bF1gR5eD3aU0iO/mNkW", "reason": "The value 'jT4vK9sL+pQ8wX6zC2nH7bF1gR5eD3aU0iO/mNkW' is a high-entropy string matching the exact format of a real AWS secret access key. The value exhibits cryptographic randomness, with a mix of uppercase letters, lowercase letters, numbers, and special characters ('+', '/', '='), and is 40 characters long, which is characteristic of this credential type. This is not a placeholder, as it contains no repeated characters or simple templates, but is a concrete, fully-formed key. The variable name `S3_SECRET_KEY` and the preceding `S3_ACCESS_KEY` provide direct context confirming the value is intended to be used for AWS authentication. Hardcoding this key represents a significant security risk, allowing anyone with source code access to impersonate the user/role associated with the key."}} +{"id": 16, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 59, "secret": "sqp_a8b3f0c1d2e4a5b6c7d8e9f0a1b2c3d4e5f6a7b8", "label": "True Positive"}, "actual": {"line_number": 59, "label": "True Positive", "secret_value": "sqp_a8b3f0c1d2e4a5b6c7d8e9f0a1b2c3d4e5f6a7b8", "reason": "The value 'sqp_a8b3f0c1d2e4a5b6c7d8e9f0a1b2c3d4e5f6a7b8' is a SonarQube Personal Access Token. The prefix 'sqp_' is a highly reliable indicator for this specific secret type, and the subsequent 32-character alphanumeric string exhibits high entropy with a random character distribution, consistent with a machine-generated credential. Unlike a placeholder, this is a concrete value that could grant unauthorized access to a SonarQube instance. The context of being assigned to the `SONAR_TOKEN` environment variable within an Actions workflow confirms its use as an authentication token. Even in a CI/CD pipeline, hardcoding such tokens is a security risk as it grants permissions to the specific workflow."}} +{"id": 16, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 74, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 74, "label": "True Positive", "secret_value": "https://hooks.slack.com/services/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", "reason": "The value is a structurally valid Slack Incoming Webhook URL, a known type of secret. The URL components '/services/', 'T...', '/B...', and the 24-character token section '/iJkLmN1oPqR2sT3uV4wX5yZ6' perfectly match Slack's format. The final token component exhibits high entropy with a random mix of letters and numbers, distinguishing it from placeholders or examples. This credential is fully-formed and can be used by anyone with access to it to send messages to a specific Slack channel, representing a significant security risk."}} +{"id": 16, "index": 2, "sub_index": 0, "perfect_match": false, "error_fields": ["value"], "expected": {"line_number": 36, "secret": "{\\\"type\\\": \\\"service_account\\\",\\\"project_id\\\": \\\"corp-infra-314159\\\",\\\"private_key_id\\\": \\\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\\\",\\\"private_key\\\": \\\"-----BEGIN PRIVATE KEY-----\\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAO3B...\\n-----END PRIVATE KEY-----\\n\\\",\\\"client_email\\\": \\\"terraform@corp-infra-314159.iam.gserviceaccount.com\\\",\\\"client_id\\\": \\\"123456789012345678901\\\",\\\"auth_uri\\\": \\\"https://accounts.google.com/o/oauth2/auth\\\",\\\"token_uri\\\": \\\"https://oauth2.googleapis.com/token\\\",\\\"auth_provider_x509_cert_url\\\": \\\"https://www.googleapis.com/oauth2/v1/certs\\\",\\\"client_x509_cert_url\\\": \\\"https://www.googleapis.com/robot/v1/metadata/x509/terraform%40corp-infra-314159.iam.gserviceaccount.com\\\"}", "label": "True Positive"}, "actual": {"line_number": 36, "label": "True Positive", "secret_value": "-----BEGIN PRIVATE KEY-----\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAO3B...\n-----END PRIVATE KEY-----", "reason": "This value is a valid, multi-line PEM-encoded private key, identified definitively by its `-----BEGIN PRIVATE KEY-----` and `-----END PRIVATE KEY-----` block delimiters. Private keys are high-entropy cryptographic materials used for authentication and decryption. The Base64 content between the headers shows no placeholder patterns and is consistent with a real, generated key. Although the content is truncated with '...', the format and the presence of the full multiline header/footer pattern are sufficient to classify this as a functional secret. Exposing a private key, even one that appears incomplete, is a critical security vulnerability as it can be completed or used for impersonation if the rest is leaked."}} +{"id": 16, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 40, "secret": "dd_api_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", "label": "True Positive"}, "actual": {"line_number": 40, "label": "True Positive", "secret_value": "dd_api_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", "reason": "The value 'dd_api_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6' is a valid Datadog API key. The 'dd_api_' prefix is a specific and recognizable marker for this credential type, providing definitive contextual information. The following 32-character hexadecimal string exhibits high entropy with no discernible patterns, consistent with a real, generated secret. While the value has some similarity to generic identifiers, its full context within a 'credentials' block for the 'datadog' provider confirms it is an active key. This is not a placeholder; it is a complete credential that, if valid, could grant access to Datadog data. The pattern is that a specific service prefix combined with a high-entropy string is a strong indicator of a True Positive."}} +{"id": 16, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 120, "secret": "https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o123456.ingest.sentry.io/7890123", "label": "True Positive"}, "actual": {"line_number": 120, "label": "True Positive", "secret_value": "https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o123456.ingest.sentry.io/7890123", "reason": "This value is a valid Sentry Data Source Name (DSN), which is a credential used for client-side error tracking. The value conforms to the known Sentry format: `protocol://public_key@organization_id.ingest.service.com/project_id`. The `public_key` component, 'a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6', is a 32-character hexadecimal string with high entropy, which is a strong indicator of a real credential. Although the surrounding configuration context uses the word 'demo', Sentry's best practices state that no credentials should be hardcoded. This value appears to be a fully-formed, active credential from a development or staging environment, posing a security risk by allowing potentially sensitive application error data to be sent to an unauthorized Sentry project."}} +{"id": 16, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 128, "secret": "pk.eyJ1IjoibXljb29sZGV2IiwiYSI6ImNrdjRzM2l2ZDBsYjQyd3M0cGszbTNnNHAifQ.H9f_zAbCdEfGhIjKlMnOpQ", "label": "True Positive"}, "actual": {"line_number": 128, "label": "True Positive", "secret_value": "pk.eyJ1IjoibXljb29sZGV2IiwiYSI6ImNrdjRzM2l2ZDBsYjQyd3M0cGszbTNnNHAifQ.H9f_zAbCdEfGhIjKlMnOpQ", "reason": "The value 'pk.eyJ1IjoibXljb29sZGV2IiwiYSI6ImNrdjRzM2l2ZDBsYjQyd3M0cGszbTNnNHAifQ.H9f_zAbCdEfGhIjKlMnOpQ' is a valid Mapbox Public Access Token. The value's structure, `pk.`, followed by Base64-encoded segments, is a definitive format for this specific secret type. The encoded parts contain high-entropy, random-looking data, which is characteristic of real cryptographic tokens, not generic placeholders. Unlike a public identifier like a username ('mycooledev'), this token represents a credential used to authenticate with Mapbox's services, making it a security risk. Even public tokens can be abused or exhausted, and their presence in source code is considered sensitive."}} +{"id": 16, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 13, "secret": "T#8sLpVm9@zQ!wY7", "label": "True Positive"}, "actual": {"line_number": 13, "label": "True Positive", "secret_value": "T#8sLpVm9@zQ!wY7", "reason": "The value 'T#8sLpVm9@zQ!wY7' is a high-entropy password, identified by its unpredictable combination of uppercase and lowercase letters, numbers, and special characters. The password exhibits randomness without any placeholder characteristics, such as repetition or dictionary words. Unlike example passwords (e.g., 'password123'), this string is concrete and specific, suggesting it's a real credential intended for a production environment as confirmed by the surrounding code comments. Hardcoding a password with this level of complexity directly into a source code file is a critical security risk, as it provides direct access to the database for anyone with source code privileges."}} +{"id": 16, "index": 4, "sub_index": 1, "perfect_match": false, "error_fields": ["label"], "expected": {"line_number": 19, "secret": "3xP1rE_N3v3r_5tRoNg_PA55!", "label": "True Positive"}, "actual": {"line_number": 19, "label": "False Positive", "secret_value": "3xP1rE_N3v3r_5tRoNg_PA55!", "reason": "The value '3xP1rE_N3v3r_5tRoNg_PA55!' is a self-describing placeholder string, not a real secret. Its composition using dictionary words like 'pire', 'never', and 'strong', combined with leetspeak substitutions (P1rE, 5tRoNg, PA55), is a common technique for creating memorable example credentials. This pattern makes the value highly readable and predictable, contrasting sharply with the random, opaque nature of a genuine secret. The addition of the common placeholder fragment 'N3v3r' explicitly signals that this is a fake or example key intended for documentation or local testing. Real secrets do not advertise their own weakness, confirming this is a false positive."}} +{"id": 16, "index": 4, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 22, "secret": "key-0987654321fedcba0987654321fedcba", "label": "True Positive"}, "actual": {"line_number": 22, "label": "True Positive", "secret_value": "key-0987654321fedcba0987654321fedcba", "reason": "The value 'key-0987654321fedcba0987654321fedcba' is a Mailgun API key due to its specific prefix 'key-' and the 32-character hexadecimal string body. While the body has a repetitive pattern, it's a very common format used for example keys in documentation, not just placeholders. Even as an example, exposing keys in a configuration file is a critical security risk because they could be active credentials, have a low limit, or provide structural information for more targeted attacks. The variable name 'mailgun.api.key' explicitly confirms the value's purpose as a secret, making this a definitive true positive. This pattern teaches that even if a key appears to be an example, its definitive format and explicit variable context must be treated as a secret."}} +{"id": 17, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 80, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 80, "label": "True Positive", "secret_value": "AKIAY3R4WZ76X2P5QJ6M", "reason": "The value 'AKIAY3R4WZ76X2P5QJ6M' is a valid AWS Access Key ID, identified by the specific prefix 'AKIA' required by AWS. This prefix immediately flags the value as a machine-generated, programmatic credential rather than a placeholder. The remaining 16 uppercase letters and digits exhibit high entropy, matching the format of a real, functional key. Although the code comments indicate it is 'temporary' and for 'dev', it is a concrete, exploitable secret that grants permissions. The value is hardcoded as a literal string, and unlike a template variable (e.g., 'AKIA'), this is a specific credential."}} +{"id": 17, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 81, "secret": "pL8vGkZ9sN1mBfI6jH4cUaT3yXwE7rF0oVqD2sW5", "label": "True Positive"}, "actual": {"line_number": 81, "label": "True Positive", "secret_value": "pL8vGkZ9sN1mBfI6jH4cUaT3yXwE7rF0oVqD2sW5", "reason": "The value 'pL8vGkZ9sN1mBfI6jH4cUaT3yXwE7rF0oVqD2sW5' is a high-entropy alphanumeric string that perfectly matches the format of an AWS secret access key. It is a literal value assigned to a variable named `aws_secret` and lacks any placeholder indicators, making it a concrete secret. Although the accompanying comment suggests a temporary development key, hardcoding any static credential is a major security risk, as development keys can often grant access to sensitive resources. The value's length, random character distribution, and association with `aws_access_key_id` in the `boto3.client` call confirm its identity as a functional credential."}} +{"id": 17, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 57, "secret": "E#u8!pS$t9rWbK@zL7m3vN&yQ2xH", "label": "True Positive"}, "actual": {"line_number": 57, "label": "True Positive", "secret_value": "E#u8!pS$t9rWbK@zL7m3vN&yQ2xH", "reason": "The value 'E#u8!pS$t9rWbK@zL7m3vN&yQ2xH' is a high-entropy password containing a random combination of uppercase letters, lowercase letters, numbers, and special characters. This character set and unpredictability are hallmarks of a cryptographically strong, unique credential designed for a real application environment, not a generic placeholder. The assignment to the `password` attribute within an `aws_db_instance` resource in Terraform confirms its sensitive nature, as it directly controls access to a database. Although the surrounding code is for staging, passwords for staging environments are critical for protecting the data pipeline and must be treated as real secrets."}} +{"id": 17, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 40, "secret": "dckr_pat_a4sRgT9iOpQ2mZl8vWb7nXc1jYkFhG5uE-r3v", "label": "True Positive"}, "actual": {"line_number": 40, "label": "True Positive", "secret_value": "dckr_pat_a4sRgT9iOpQ2mZl8vWb7nXc1jYkFhG5uE-r3v", "reason": "The value 'dckr_pat_a4sRgT9iOpQ2mZl8vWb7nXc1jYkFhG5uE-r3v' is a Docker Personal Access Token (PAT), identifiable by its 'dckr_pat_' prefix. The subsequent 36 characters are high-entropy, mixed-case alphanumeric characters, which is characteristic of a machine-generated credential. This value perfectly matches the known format for a Docker PAT and lacks any placeholder indicators. The context of this value, being assigned to the 'password' parameter within a GitHub Actions 'docker/login-action', strongly confirms its role as an authentication secret for pushing images to a Docker Hub registry."}} +{"id": 17, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 52, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 52, "label": "True Positive", "secret_value": "https://hooks.slack.com/services/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", "reason": "The value is a complete, fully-formed Slack Incoming Webhook URL. The structure `https://hooks.slack.com/services/T.../B.../...` is the canonical format for Slack webhooks, with the token `kL9mN8oP7qR6sT5uV4wX3yZ2` embedded at the end. This token has high entropy, matching the random character string format of a real credential. While the URL path components `T01ABCD4E5F` and `B02FGHI3J4K` contain the placeholder pattern 'ABCD', the final component of the path is a concrete, high-entropy value. This combination is common in CI/CD pipelines where a single, template-safe Slack resource is reused, making the secret component real. Leaking this URL grants any attacker the ability to send messages to the associated Slack channel, making it a significant security risk."}} +{"id": 17, "index": 2, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 57, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 57, "label": "True Positive", "secret_value": "https://hooks.slack.com/services/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", "reason": "The value is a complete Slack Incoming Webhook URL, which functions as an authentication token. The URL structure, ending in a 32-character high-entropy string (kL9mN8oP7qR6sT5uV4wX3yZ2), is a definitive pattern for this type of secret. The final path segment is designed to be unpredictable and secret, granting anyone holding the URL the ability to post messages to a specific Slack channel. Although located within a GitHub Actions file, which is a CI/CD context where such tokens are sometimes managed, its direct commitment in the code is a major security risk. This is not a generic placeholder, but a fully-formed, potentially active credential that could be exploited."}} +{"id": 17, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 118, "secret": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o1234567.ingest.sentry.io/1234567", "label": "True Positive"}, "actual": {"line_number": 118, "label": "True Positive", "secret_value": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o1234567.ingest.sentry.io", "reason": "The value is a Sentry Data Source Name (DSN), which is a credential that grants write access to a Sentry project. The structure `https://@` is a definitive pattern for Sentry credentials. The key part of this value, `a1b2c3d4e5f67890a1b2c3d4e5f67890`, is a 32-character hexadecimal string with high entropy, which is consistent with a real Sentry public key. Unlike a placeholder like 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', this is a fully formed, unique value. Hardcoding a real DSN is a significant security risk as it allows anyone with access to the source code to send false or abuse events, costing resources and skewing error analysis."}} +{"id": 17, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 124, "secret": "pk.eyJ1Ijoiam9obmRvZXVzZXIxMiIsImEiOiJjbGo4YXRzdzIwMHg4M2VudW1hYjM2ajBiIn0.5aPq3iL9bR8vJkCw1sF4nQ", "label": "True Positive"}, "actual": {"line_number": 124, "label": "True Positive", "secret_value": "pk.eyJ1Ijoiam9obmRvZXVzZXIxMiIsImEiOiJjbGo4YXRzdzIwMHg4M2VudW1hYjM2ajBiIn0.5aPq3iL9bR8vJkCw1sF4nQ", "reason": "The value 'pk.eyJ1Ijoiam9obmRvZXVzZXIxMiIsImEiOiJjbGo4YXRzdzIwMHg4M2VudW1hYjM2ajBiIn0.5aPq3iL9bR8vJkCw1sF4nQ' is a fully-formed Mapbox public access token. The 'pk.' prefix is a definitive structural indicator for this specific secret type. The value is composed of high-entropy Base64 encoded strings, which is consistent with the standard JWT-like structure of Mapbox tokens. Unlike a placeholder, this is a syntactically complete credential. Although the variable name is `accessToken` and is assigned to `mapboxgl`, these public tokens are still secrets because they can be misused to track API usage, rack up costs, or be exploited for geocaching if not properly secured, even in a public-facing application. The comment \"will move to env vars before prod\" is a strong confirmation that this is a real, though potentially development-stage, secret."}} +{"id": 17, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 218, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzcnYtZGF0YS1yZXRyaWV2ZXIiLCJpc3MiOiJhdXRoLXNlcnZpY2UiLCJhdWQiOiJkYXRhLWFwaSIsImV4cCI6MTcxOTk1ODAwMCwiaWF0IjoxNzE5OTU0NDAwLCJzY29wZSI6InVzZXI6cmVhZCJ9.K4gTfH9sLw2RjZpYn7oVxC8uEaD6mXwB1qI0sPzKjJc", "label": "True Positive"}, "actual": {"line_number": 218, "label": "True Positive", "secret_value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzcnYtZGF0YS1yZXRyaWV2ZXIiLCJpc3MiOiJhdXRoLXNlcnZpY2UiLCJhdWQiOiJkYXRhLWFwaSIsImV4cCI6MTcxOTk1ODAwMCwiaWF0IjoxNzE5OTU0NDAwLCJzY29wZSI6InVzZXI6cmVhZCJ9.K4gTfH9sLw2RjZpYn7oVxC8uEaD6mXwB1qI0sPzKjJc", "reason": "This value is a complete, valid JSON Web Token (JWT) hardcoded in source code. Its format, with three Base64-encoded parts separated by dots, is a definitive indicator of a JWT. The header and payload sections, when decoded, confirm its structure and usage, specifying signing algorithm, issuer, audience, expiration, and scopes. The third part is a high-entropy signature, crucial for the token's authenticity and security. Hardcoding a credential like this is a significant security risk, as it is predictable and grants access. Unlike placeholders, this is a fully formed, concrete secret that could be exploited."}} +{"id": 18, "index": 0, "sub_index": 0, "perfect_match": false, "error_fields": ["label"], "expected": {"line_number": 123, "secret": "ACd2ae2e27b6c845b29c0f8e9a3d1c4b6f", "label": "True Positive"}, "actual": {"line_number": 123, "label": "False Positive", "secret_value": "ACd2ae2e27b6c845b29c0f8e9a3d1c4b6f", "reason": "The value 'ACd2ae2e27b6c845b29c0f8e9a3d1c4b6f' is a Twilio Account SID, which is a public identifier, not a credential. While it is a high-entropy string, its function is to uniquely identify an account to Twilio's systems, not to grant access. The format is specifically prefixed with 'AC', which is the definitive pattern for a Twilio Account SID. This is a common example of a value that looks like a secret but is, in fact, public by design and part of the provider's public API authentication scheme. The variable name 'twilioAccountSID' provides explicit context that this is a public identifier. Real credentials would not follow this specific 'AC' prefixed format and would not be explicitly labeled as a public identifier."}} +{"id": 18, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 124, "secret": "8a3f5b7c9d1e6f4a2b9c8d7e5f3a1b0c", "label": "True Positive"}, "actual": {"line_number": 124, "label": "True Positive", "secret_value": "8a3f5b7c9d1e6f4a2b9c8d7e5f3a1b0c", "reason": "The value '8a3f5b7c9d1e6f4a2b9c8d7e5f3a1b0c' is a high-entropy hexadecimal string matching the specific 32-character format of a Twilio Authentication Token. The string exhibits cryptographic randomness with a random mix of letters and numbers, indicating it is a generated credential, not a placeholder. Unlike a placeholder such as 'xxxxxxxx' or 'YOUR_TOKEN', this is a fully-formed value that could be an active, albeit potentially compromised, credential. The context, including the variable name `twilioAuthToken`, confirms the value's purpose, making its exposure a significant security risk."}} +{"id": 18, "index": 0, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 136, "secret": "SG.f4Jk9sL2QpWzX8vY7uA1tG.hR3iP6oV5bN4mK1jL9cD8gE7F2sA3qB0iO6uY4eWzZ", "label": "True Positive"}, "actual": {"line_number": 136, "label": "True Positive", "secret_value": "SG.f4Jk9sL2QpWzX8vY7uA1tG.hR3iP6oV5bN4mK1jL9cD8gE7F2sA3qB0iO6uY4eWzZ", "reason": "The secret value 'SG.f4Jk9sL2QpWzX8vY7uA1tG.hR3iP6oV5bN4mK1jL9cD8gE7F2sA3qB0iO6uY4eWzZ' is a valid SendGrid API Key. Its format is perfectly aligned with the service's documentation, starting with the 'SG.' prefix and followed by two Base64-encoded string segments separated by a dot. This value exhibits high entropy, characteristic of a real credential, and is a specific, concrete string, not a generic placeholder. Despite the comment indicating this is for testing purposes, a credential hardcoded in source control is a significant security risk, as it can be extracted from version history. This represents a real, functional key that should have been managed externally."}} +{"id": 18, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 57, "secret": "dckr_pat_1kIuR9vO7mS3xZ5yQ2jF8bN6pL4cH0gA9dE", "label": "True Positive"}, "actual": {"line_number": 57, "label": "True Positive", "secret_value": "dckr_pat_1kIuR9vO7mS3xZ5yQ2jF8bN6pL4cH0gA9dE", "reason": "The value 'dckr_pat_1kIuR9vO7mS3xZ5yQ2jF8bN6pL4cH0gA9dE' is a valid Docker Personal Access Token (PAT). The prefix 'dckr_pat_' is a deterministic identifier for this specific token type. The subsequent part of the value exhibits high entropy, with a random mix of alphanumeric characters, which is characteristic of a real authentication token, not a generic placeholder. Unlike a template like '${{ env.DOCKERHUB_TOKEN }}' or a low-entropy string like 'xxxxxxxx', this is a concrete, fully-formed credential. The context in the GitHub Actions file, where it is used as the 'password' for a 'docker/login-action', explicitly confirms its purpose as an authentication token."}} +{"id": 18, "index": 1, "sub_index": 1, "perfect_match": false, "error_fields": ["value"], "expected": {"line_number": 58, "secret": "apiVersion: v1\\nclusters:\\n- cluster:\\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lKQU9ocFlVbEpxdEVsTUEwR0NTcUdTSWIzRFFFQkN3VUFNQWd4Q3pBSkJnTlYKQkFZVEFrTk9NUkV3RHdZRFZRUUhFd2xQYms1dllteHZZMkZzYUc5emREb0tNQk1HQTFVRUNnd01SR1ZzYkc5egpjeUJCYkdGaVlXMGlhSFl4RURBT0JnTlZCQWNUQjBKc2IyRmtiaUJrYjI1amIyNHdIaGNOTWpFd05qRTFNRGc1CldqQm5aGFk5TWpZeU9ERXhNVFV3V2pBTUJnOHdDUVlEVlFRR0V3SlZVekVSTUE4R0ExVUVDQXdJVGs5eWVTQkIKZFhSb2IzSnBlbVJOZVhOMFpXUkJjblZsY21sbklqcDdNQ01HQTFVRUN3d01SR1ZzYkc5emN5QkJiR0ZpWVcwMQpMWFJ2SUZCQmdrcWhraUc5dzBCQVFzRkFBT0NBUThBTUlJQkNnS0NBUUVBNzJSM2x4VmhYUXFvbU55U3U3V3UKU0J3aEVyY2tlcVp3YXdJbmd0VzFwK2J2RjJ0em80VnFmcE5kSG53N2sxcFp0a1FtbUtHcHdLVGxtV295b2lCCnhaYlhmTlpzQzF6OGprVUtzZncrL2x3emJ4K0d4TmVqYzdqQnhwVnJ0VnQ1aWJCVllWc3J0K25wV1B5ZEZnOAphRjU2SlNuS081R3BqV0YwZkhGdzN3bFlmZ3JGYXBCMzQ4K3Bqam1FSE1wUkZkQmltUXh2MjQxb05kQ3l0VgppaE9sT090R3Y2ajN4dkw1Rkt3a3d5ZzR0VmFydG14N3VlMWxVSHRFV0FwWWVvUHVVbFFuN1N5K2Z4M0RVSDEKU2dGWWJ2V0w1VFFQdEtJb1JpWXhQd0lEQVFBQm8xTXdVVEFkQmdOVkhRNEVGZ1FVeEtTMmZHRStpZEtGZ3pvCkhCMUo3akU2MzhNd0N3WURWUjBQQkFRREFnRUdNQThHQTFVZEV3RUIvd1FGTUFvR0NDc0dBUVVCRndNQ01BOEcKQTFVZEpRUU1NQW9HQ0NzR0FRVUZCd01DQmdnckJnRUZCUWNEQWdZSUt3WUJCUVVIQXdFd0RRWUpLb1pJaHZjTgpBUUVMQlFBRGdnRUJBSjZJekNid1B6dE9XbHhEVWw3bnd3bW14enVqV0d5UFNkY1FkSXZyTmM2UWhvYkZ4bgpHMVl1WllKdkdYQ2ZpZ3BvSlhpUmRuc0x6M2hTNVpSN0lXNnduNkZ6d2x1U3Z6TWltdENnQy8xSkJ2aG9tSwp0NzlJOG05S2Q3dHZ0QWZvRytzNFNUeWdndzN5VnhIdVAvUHV1c2hJbTNQWEt6MVZlZ1E1MWp0ckVlSWU4MjgKQyt2VnBLd1d5QmpMUE9sV3g2b1U5akd1MXNWSldYV210VFF0N3hBcVJkMVdJMEV4YW5iSmZ0TzJtQ2t2eGtrClR0ZUVtMzdIbnZkK3dOOUQ3dVRiYjBwLyt3d3N0T2cvQVVtb1B2Lyt3TG5PQVp6QklYUk1BMG89Ci0tLS0tRU5EIENFUlRJTklDQVRFLS0tLS0K", "label": "True Positive"}, "actual": {"line_number": 58, "label": "True Positive", "secret_value": "apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lKQU9ocFlVbEpxdEVsTUEwR0NTcUdTSWIzRFFFQkN3VUFNQWd4Q3pBSkJnTlYKQkFZVEFrTk9NUkV3RHdZRFZRUUhFd2xQYms1dllteHZZMkZzYUc5emREb0tNQk1HQTFVRUNnd01SR1ZzYkc5egpjeUJCYkdGaVlXMGlhSFl4RURBT0JnTlZCQWNUQjBKc2IyRmtiaUJrYjI1amIyNHdIaGNOTWpFd05qRTFNRGc1CldqQm5aGFk5TWpZeU9ERXhNVFV3V2pBTUJnOHdDUVlEVlFRR0V3SlZVekVSTUE4R0ExVUVDQXdJVGs5eWVTQkIKZFhSb2IzSnBlbVJOZVhOMFpXUkJjblZsY21sbklqcDdNQ01HQTFVRUN3d01SR1ZzYkc5emN5QkJiR0ZpWVcwMQpMWFJ2SUZCQmdrcWhraUc5dzBCQVFzRkFBT0NBUThBTUlJQkNnS0NBUUVBNzJSM2x4VmhYUXFvbU55U3U3V3UKU0J3aEVyY2tlcVp3YXdJbmd0VzFwK2J2RjJ0em80VnFmcE5kSG53N2sxcFp0a1FtbUtHcHdLVGxtV295b2lCCnhaYlhmTlpzQzF6OGprVUtzZncrL2x3emJ4K0d4TmVqYzdqQnhwVnJ0VnQ1aWJCVllWc3J0K25wV1B5ZEZnOAphRjU2SlNuS081R3BqV0YwZkhGdzN3bFlmZ3JGYXBCMzQ4K3Bqam1FSE1wUkZkQmltUXh2MjQxb05kQ3l0VgppaE9sT090R3Y2ajN4dkw1Rkt3a3d5ZzR0VmFydG14N3VlMWxVSHRFV0FwWWVvUHVVbFFuN1N5K2Z4M0RVSDEKU2dGWWJ2V0w1VFFQdEtJb1JpWXhQd0lEQVFBQm8xTXdVVEFkQmdOVkhRNEVGZ1FVeEtTMmZHRStpZEtGZ3pvCkhCMUo3akU2MzhNd0N3WURWUjBQQkFRREFnRUdNQThHQTFVZEV3RUIvd1FGTUFvR0NDc0dBUVVCRndNQ01BOEcKQTFVZEpRUU1NQW9HQ0NzR0FRVUZCd01DQmdnckJnRUZCUWNEQWdZSUt3WUJCUVVIQXdFd0RRWUpLb1pJaHZjTgpBUUVMQlFBRGdnRUJBSjZJekNid1B6dE9XbHhEVWw3bnd3bW14enVqV0d5UFNkY1FkSXZyTmM2UWhvYkZ4bgpHMVl1WllKdkdYQ2ZpZ3BvSlhpUmRuc0x6M2hTNVpSN0lXNnduNkZ6d2x1U3Z6TWltdENnQy8xSkJ2aG9tSwp0NzlJOG05S2Q3dHZ0QWZvRytzNFNUeWdndzN5VnhIdVAvUHV1c2hJbTNQWEt6MVZlZ1E1MWp0ckVlSWU4MjgKQyt2VnBLd1d5QmpMUE9sV3g2b1U5akd1MXNWSldYV210VFF0N3hBcVJkMVdJMEV4YW5iSmZ0TzJtQ2t2eGtrClR0ZUVtMzdIbnZkK3dOOUQ3dVRiYjBwLyt3d3N0T2cvQVVtb1B2Lyt3TG5PQVp6QklYUk1BMG89Ci0tLS0tRU5EIENFUlRJTklDQVRFLS0tLS0K server: https://1a2b3c4d-e5f6-7890.k8s.ondigitalocean.com\n name: do-sfo2-prod-cluster\ncontexts:\n- context:\n cluster: do-sfo2-prod-cluster\n user: do-sfo2-prod-cluster-admin\n name: do-sfo2-prod-cluster\ncurrent-context: do-sfo2-prod-cluster\nkind: Config\npreferences: {}\nusers:\n- name: do-sfo2-prod-cluster-admin\n user:\n token: dop_v1_a738c2f10d9e8b6d4c5b9f7a8e2d1c0b3a4f5d6e7g8h9i0j1k_prod_token\n", "reason": "The value is a complete Kubernetes client configuration file, which is a highly sensitive secret because it contains authentication credentials. The string for the 'token' field, `dop_v1_a738c2f10d9e8b6d4c5b9f7a8e2d1c0b3a4f5d6e7g8h9i0j1k_prod_token`, is a legitimate-looking token, not a placeholder, and is likely valid. Even though the server URL uses a non-sensical hostname, the rest of the file, including the user name and the potentially valid token, is real. Leaking this file into a CI/CD pipeline grants direct access to a production Kubernetes cluster, making this a critical True Positive."}} +{"id": 18, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 207, "secret": "pk.eyJ1IjoibWFwcHJvZHVjdGlvbiIsImEiOiJjazg1dGY3c2gwM3FmM21wZzRjY3Y5cGpzIn0.4k_O3Zf5xG5aE9Jd6pQxYw", "label": "True Positive"}, "actual": {"line_number": 207, "label": "True Positive", "secret_value": "pk.eyJ1IjoibWFwcHJvZHVjdGlvbiIsImEiOiJjazg1dGY3c2gwM3FmM21wZzRjY3Y5cGpzIn0.4k_O3Zf5xG5aE9Jd6pQxYw", "reason": "The value 'pk.eyJ1IjoibWFwcHJvZHVjdGlvbiIsImEiOiJjazg1dGY3c2gwM3FmM21wZzRjY3Y5cGpzIn0.4k_O3Zf5xG5aE9Jd6pQxYw' is a valid Mapbox Access Token. The format, beginning with the prefix 'pk.', followed by two base64-encoded sections and a final random string, is a specific and definitive pattern for this type of token. The content of the Base64 strings, which decodes to a JSON object containing a username and a user ID, confirms it's a real, machine-generated credential. This token carries functional risk as it provides unauthenticated access to Mapbox map tiles, potentially leading to abuse and billing issues, making it a clear security issue."}} +{"id": 18, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 213, "secret": "https://e8e7f8e6e5e44a4b8b8b9c9d0e1f2g3h@o450555.ingest.sentry.io/4505551234567890", "label": "True Positive"}, "actual": {"line_number": 213, "label": "True Positive", "secret_value": "https://e8e7f8e6e5e44a4b8b8b9c9d0e1f2g3h@o450555.ingest.sentry.io", "reason": "The provided value is a Sentry Data Source Name (DSN), a type of credential used for sending events to the Sentry monitoring service. The value perfectly matches the known format, with a high-entropy key (`e8e7f8e6e5e44a4b8b8b9c9d0e1f2g3h`) immediately followed by the specific domain `o450555.ingest.sentry.io`. Unlike a generic template or placeholder, this is a fully formed, concrete credential that could be used to spam a Sentry project or incur costs. Although client-side keys are often considered less secure, they are still secrets because they authenticate the client and can be extracted from public code. The parameter name `dsn` in the `Sentry.init` call provides strong confirmation of its role as a credential."}} +{"id": 18, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 42, "secret": "postgres://prod_user_rw:8!hG#kL$pQ2s@db.prod.internal:5432/main", "label": "True Positive"}, "actual": {"line_number": 42, "label": "True Positive", "secret_value": "postgres://prod_user_rw:8!hG#kL$pQ2s@db.prod.internal:5432", "reason": "This value is a complete PostgreSQL database connection string that embeds a hardcoded password, representing a critical security vulnerability. The format `protocol://username:password@host:port` clearly delineates sensitive components. The password part, '8!hG#kL$pQ2s', exhibits high entropy with a random mix of numbers, uppercase letters, lowercase letters, and special symbols, making it indistinguishable from a real production credential. Unlike a placeholder, this is a fully-formed, specific string. Although the hostname is an internal one, the presence of a high-entropy password in the connection string is a direct leak, as it could be useful for an attacker who gains internal network access. The comment 'NEVER commit this to git' further confirms its sensitive nature."}} +{"id": 18, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 45, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 45, "label": "True Positive", "secret_value": "AKIAY3R4WZ76X2P5QJ6M", "reason": "The value 'AKIAY3R4WZ76X2P5QJ6M' is a valid AWS Access Key ID. Its format, starting with the 'AKIA' prefix, is a definitive identifier for this type of secret. The value consists of 20 random uppercase letters and numbers, exhibiting high entropy consistent with cryptographically generated credentials. This is not a placeholder or an example, but a fully-formed key that could grant access to AWS resources. The variable name `aws_access_key_id` and its use within an `AWS_CONFIG` dictionary, which is later passed to `boto3.client`, strongly corroborate its function as a sensitive credential. Hardcoding secrets like this directly in source code is a severe security risk."}} +{"id": 18, "index": 3, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 46, "secret": "wJalrXUtnFEMI/K7MDENG+bPxRfiCYzEXAMPLE", "label": "True Positive"}, "actual": {"line_number": 46, "label": "True Positive", "secret_value": "wJalrXUtnFEMI/K7MDENG+bPxRfiCYzEXAMPLE", "reason": "The value 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYzEXAMPLE' is a high-entropy string with a specific format that matches an AWS Secret Access Key. Its random mixture of uppercase letters, lowercase letters, numbers, and special characters (/, +, =) is a strong indicator of cryptographic material. Crucially, the string ends with the specific 'EXAMPLE' suffix required for AWS's sample credentials, confirming it is a real but non-functional key. Hardcoding even example AWS credentials, especially in non-development environments like a 'prod' configuration, is a significant security risk. This key could be misused by attackers who may not differentiate it from a production credential, leading to account compromise."}} +{"id": 18, "index": 4, "sub_index": 0, "perfect_match": false, "error_fields": ["label"], "expected": {"line_number": 93, "secret": "AKIAIOSFODNN7EXAMPLE", "label": "True Positive"}, "actual": {"line_number": 93, "label": "False Positive", "secret_value": "AKIAIOSFODNN7EXAMPLE", "reason": "The value 'AKIAIOSFODNN7EXAMPLE' is a classic example of a generic AWS Access Key ID used for demonstration and documentation purposes. The key characteristic is the specific suffix 'EXAMPLE', which explicitly marks the value as non-real. The prefix 'AKIA' is the standard indicator for an AWS access key, and it often appears in documentation and SDK examples with such placeholders to illustrate the required format. Unlike a real secret, this value contains no sensitive randomness and is designed to be harmless. The pattern teaches that values containing 'EXAMPLE' in this context are always mock or placeholder credentials."}} +{"id": 18, "index": 4, "sub_index": 1, "perfect_match": false, "error_fields": ["label"], "expected": {"line_number": 94, "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "label": "True Positive"}, "actual": {"line_number": 94, "label": "False Positive", "secret_value": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "reason": "The value 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY' is a classic AWS SDK example credential, identifiable by its structure and the explicit 'EXAMPLEKEY' suffix. The core portion, 'wJalrXUtnFEMI/K7MDENG/bPxRfiCY', exhibits high entropy, but the trailing text is a deterministic indicator designed to show the format. Real secrets never contain such instructional, self-descriptive text. This specific value, along with its corresponding example `access_key` on line 93, is widely used across AWS documentation to demonstrate how SDK configuration is performed. It is crucial to recognize and discard these documented example credentials."}} +{"id": 18, "index": 4, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 104, "secret": "P@ssw0rdDbProd123!ChangeMe", "label": "True Positive"}, "actual": {"line_number": 104, "label": "True Positive", "secret_value": "P@ssw0rdDbProd123!ChangeMe", "reason": "The value 'P@ssw0rdDbProd123!ChangeMe' is a hardcoded database password. While its name 'ChangeMe' indicates it is a placeholder, the string itself is a concrete, structured value with high entropy, unlike a generic like ''. It follows common password patterns, including mixed-case letters, numbers, and special characters, suggesting it was generated or copied from a real environment. The context of the `password` parameter within an AWS RDS database resource block confirms its sensitive nature. Hardcoding any password literal, even one intended to be changed, is a significant security risk because it may be active in development or testing environments, providing unauthorized access."}} +{"id": 19, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 51, "secret": "postgres://prod_svc_user:aG#9z@K3qB$v7s@db-users-primary.c1xyz2abc3de.us-east-1.rds.amazonaws.com:5432/profiles", "label": "True Positive"}, "actual": {"line_number": 51, "label": "True Positive", "secret_value": "postgres://prod_svc_user:aG#9z@K3qB$v7s@db-users-primary.c1xyz2abc3de.us-east-1.rds.amazonaws.com:5432/profiles", "reason": "The value is a complete PostgreSQL database connection string containing an embedded password, making it a sensitive credential. The string follows the standard format `protocol://username:password@host:port/database`, which directly exposes the authentication details. The password portion, 'aG#9z@K3qB$v7s', is a 12-character string with high entropy, indicating it is a real, machine-generated credential, not a placeholder. Hardcoding sensitive credentials like connection strings is a major security risk, as anyone with source code access can potentially compromise the database. The comment '# Database configuration - should be in env vars' is a code smell that confirms the value's sensitivity and improper handling."}} +{"id": 19, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 55, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3", "label": "True Positive"}, "actual": {"line_number": 55, "label": "True Positive", "secret_value": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3", "reason": "The value is a Stripe secret key, identified definitively by its 'sk_live_' prefix. This prefix, followed by a 40-character high-entropy Base58-encoded string, is a unique signature for Stripe's production API keys. The lengthy random string exhibits the high degree of unpredictability and uniqueness required for a real credential. This is not a generic placeholder or example, but a fully-formed key that could be active in a Stripe production environment. Committing a live key in source code is a critical security risk, as it allows direct access to a service's API and payment processing capabilities."}} +{"id": 19, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 35, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 35, "label": "True Positive", "secret_value": "AKIAY3R4WZ76X2P5QJ6M", "reason": "The value 'AKIAY3R4WZ76X2P5QJ6M' is a legitimate AWS Access Key ID. The value itself has high entropy and perfectly matches the 'AKIA' prefix, which is a definitive identifier for this AWS secret type. Unlike a placeholder, this is a fully formed, non-obvious key. Its use in the `aws-access-key-id` parameter within an `aws-actions/configure-aws-credentials@v1` action in a GitHub Actions workflow confirms it is intended for authentication. This exposes credentials that allow unauthorized access to AWS resources, making it a critical security vulnerability."}} +{"id": 19, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 36, "secret": "wJalrXUtnFEMI/K7MDENG/bpx5u22b8d1vRzBJB4", "label": "True Positive"}, "actual": {"line_number": 36, "label": "True Positive", "secret_value": "wJalrXUtnFEMI/K7MDENG/bpx5u22b8d1vRzBJB4", "reason": "The value 'wJalrXUtnFEMI/K7MDENG/bpx5u22b8d1vRzBJB4' is a valid AWS Secret Access Key. Its high entropy, characterized by a random mix of uppercase letters, lowercase letters, numbers, and the '/', '+', and '=' special characters, is a strong indicator of a cryptographic secret. The value perfectly conforms to the 40-character length and Base64 URL-safe format specified by AWS documentation for these types of credentials. Unlike generic placeholders like '', this is a fully-formed, specific value. The context of being assigned to `aws-secret-access-key` in an `aws-actions/configure-aws-credentials` step within a CI/CD workflow confirms its purpose as a live credential."}} +{"id": 19, "index": 1, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 58, "secret": "https://hooks.slack.com/services/T00ABCDEFGH/B01IJKLMNOP/aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE", "label": "True Positive"}, "actual": {"line_number": 58, "label": "True Positive", "secret_value": "https://hooks.slack.com/services/T00ABCDEFGH/B01IJKLMNOP/aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE", "reason": "This value is a valid Slack Incoming Webhook URL, which functions as an authentication token to post messages to a specific channel. The URL's structure `https://hooks.slack.com/services///` is a definitive pattern. The final path component, 'aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE', is a high-entropy, 43-character alphanumeric string that matches the format of a real Slack token, distinguishing it from placeholders like 'xxx' or sample tokens. Although the team and channel IDs use placeholder-like formatting ('T00...' and 'B01...'), the token component itself is specific and unpredictable, representing a significant security risk. Leaking this URL grants anyone the ability to post to the designated Slack channel, causing noise, misinformation, or brand damage."}} +{"id": 19, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 129, "secret": "dop_v1_a9b4c2f81d3e6g7h5i0j1k2l3m4n5o6p7q8r9s0t1u2v3w4x5y6z7a8b", "label": "True Positive"}, "actual": {"line_number": 129, "label": "True Positive", "secret_value": "dop_v1_a9b4c2f81d3e6g7h5i0j1k2l3m4n5o6p7q8r9s0t1u2v3w4x5y6z7a8b", "reason": "The value 'dop_v1_a9b4c2f81d3e6g7h5i0j1k2l3m4n5o6p7q8r9s0t1u2v3w4x5y6z7a8b' is a DigitalOcean API token (PAT) that matches the documented 'dop_v1_' prefix format. This value exhibits high entropy with a random mix of hexadecimal characters and alphanumeric characters, which is characteristic of a machine-generated credential. Unlike a placeholder, which might repeat characters or use sequential patterns, this is a unique, fully-formed token. The associated context confirms its sensitivity, as it is assigned to the `token` parameter within a `provider \"digitalocean\"` block in a Terraform file, which grants the provider permissions to manage cloud resources. Committing such a value directly into a version control repository represents a significant security risk."}} +{"id": 19, "index": 3, "sub_index": 1, "perfect_match": false, "error_fields": ["label"], "expected": {"line_number": 99, "secret": "pk.eyJ1IjoicHJvZC1tYXBib3gtZGV2IiwiYSI6ImNsOXFoOGxic2M0ZGczMnA5N3Mxa2FoNjh4In0.rAnDoMkEyNaMeCoMpLeXiBlE", "label": "True Positive"}, "actual": {"line_number": 99, "label": "False Positive", "secret_value": "pk.eyJ1IjoicHJvZC1tYXBib3gtZGV2IiwiYSI6ImNsOXFoOGxic2M0ZGczMnA5N3Mxa2FoNjh4In0.rAnDoMkEyNaMeCoMpLeXiBlE", "reason": "The value is a Mapbox Public Access Token, which is designed for client-side use and is not a secret. Although the token string has a high-entropy, Base64-encoded component, its defining characteristic is the 'pk.' prefix, which explicitly marks it as public. Unlike private API keys, public tokens can be safely embedded in client-side applications and do not grant privileged server-side access. The variable name `accessToken` and the struct `Mapbox` provide direct contextual evidence. This teaches the pattern that tokens with public-identifying prefixes, such as 'pk.' for Mapbox, are public identifiers, not credentials, and should be classified as false positives."}} +{"id": 19, "index": 3, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 103, "secret": "8qM4pL7xJ5sK1mF3bZ8oN6cW0qYdEaV4", "label": "True Positive"}, "actual": {"line_number": 103, "label": "True Positive", "secret_value": "8qM4pL7xJ5sK1mF3bZ8oN6cW0qYdEaV4", "reason": "The value '8qM4pL7xJ5sK1mF3bZ8oN6cW0qYdEaV4' is a high-entropy, 32-character alphanumeric string consistent with the format of a Segment.io write key. The string's randomness, with its mix of upper/lowercase letters and digits, is a strong indicator of a machine-generated credential. Unlike a placeholder, this value appears to be a fully-formed key. The context reinforces this, as the variable is named `writeKey` and is associated with an `Analytics` struct, which is standard practice for sending data to a service like Segment. Although the comment explicitly states the file is not for production, hardcoded secrets from staging or development environments pose significant security risks by exposing internal tracking information."}} +{"id": 19, "index": 3, "sub_index": 3, "perfect_match": true, "error_fields": [], "expected": {"line_number": 110, "secret": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlX2FjY291bnQiLCJzY29wZXMiOlsicmVhZDpzdGF0cyIsIndyaXRlOmdhbWVwbGF5Il0sImlhdCI6MTY2NTIyNjAwMCwiZXhwIjoxNjk2NzYyMDAwfQ.gH2fR5tU9zV4wL8xQoP6N7sC1kE3bX6yZ0mJ5vF4aDc", "label": "True Positive"}, "actual": {"line_number": 110, "label": "True Positive", "secret_value": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlX2FjY291bnQiLCJzY29wZXMiOlsicmVhZDpzdGF0cyIsIndyaXRlOmdhbWVwbGF5Il0sImlhdCI6MTY2NTIyNjAwMCwiZXhwIjoxNjk2NzYyMDAwfQ.gH2fR5tU9zV4wL8xQoP6N7sC1kE3bX6yZ0mJ5vF4aDc", "reason": "The value is a complete and syntactically valid JSON Web Token (JWT) in the `Bearer` format, identifiable by the 'Bearer ' prefix and the two Base64-encoded parts. The token exhibits high entropy and follows the standard JWT structure, which is used for service-to-service authentication. This is not a template or placeholder; it is a fully-formed credential with a plausible payload specifying a service account and expiring in the future. While the value might be from a staging or test environment, as suggested by its expiration, its structure and complexity qualify it as a genuine, hardcoded secret that poses a security risk. The programmatic instruction on the previous line to use a secrets management tool further confirms that this type of hardcoded value is an anti-pattern."}} +{"id": 19, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 31, "secret": "4!z$C&F)J@NcRfUjXn2r5u7x!A%D*G", "label": "True Positive"}, "actual": {"line_number": 31, "label": "True Positive", "secret_value": "4!z$C&F)J@NcRfUjXn2r5u7x!A%D*G", "reason": "The value '4!z$C&F)J@NcRfUjXn2r5u7x!A%D*G' is a high-entropy password, clearly identifiable by its cryptographic randomness. The string contains a random mix of uppercase letters, lowercase letters, numbers, and special characters, which is a hallmark of a machine-generated credential. Unlike a placeholder or example, this specific, unpredictable value is more likely to be a real credential intended for the production database. The variable name `spring.datasource.password` and the context of a production (`-prod`) environment confirm its status as a secret. Hardcoding such a password in a configuration file is a critical security anti-pattern."}} +{"id": 19, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 39, "secret": "z$C&F)J@NcRfUjXn2r5u7x!A%D*G-KaPdSgVkYp3s6v9y/B?E(H+MbQeThWmZq4t", "label": "True Positive"}, "actual": {"line_number": 39, "label": "True Positive", "secret_value": "z$C&F)J@NcRfUjXn2r5u7x!A%D*G-KaPdSgVkYp3s6v9y/B?E(H+MbQeThWmZq4t", "reason": "The value 'z$C&F)J@NcRfUjXn2r5u7x!A%D*G-KaPdSgVkYp3s6v9y/B?E(H+MbQeThWmZq4t' is a high-entropy cryptographic key used for signing JSON Web Tokens (JWTs), as explicitly stated by its parameter name `app.security.jwt.secret`. The value itself is a long, random string containing a mix of alphanumeric characters, symbols, and punctuation, which is a strong indicator of a real, machine-generated secret, not a placeholder. This is not a generic example like a repeated character sequence; it is a concrete, specific value that exposes a critical security vulnerability. Hardcoding a JWT secret allows anyone with access to the source code or configuration file to forge tokens, impersonate users, and compromise application security. Its presence in a `SECURITY & AUTHENTICATION` block further confirms its sensitive nature."}} +{"id": 19, "index": 4, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 51, "secret": "key-8j2k5m7p9q1r3s4t6v8w0y1z3x5c7b9a", "label": "True Positive"}, "actual": {"line_number": 51, "label": "True Positive", "secret_value": "key-8j2k5m7p9q1r3s4t6v8w0y1z3x5c7b9a", "reason": "The value 'key-8j2k5m7p9q1r3s4t6v8w0y1z3x5c7b9a' is a hardcoded Mailgun API key. The `key-` prefix is a strong indicator and a standard format for credentials issued by services like Mailgun and Twilio. The 32-character alphanumeric string that follows exhibits high entropy and follows the expected format of a real credential, unlike generic placeholders which would use repeated characters (e.g., 'xxxxxxxx...'). The variable name `spring.mail.password` and the associated `spring.mail.host` pointing to `smtp.mailgun.org` explicitly identify this value as authentication material. Even if intended for a production environment, hardcoding a functional key is a severe security risk."}} +{"id": 20, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 97, "secret": "AKIAU5N4F6V2X7L9W8K3", "label": "True Positive"}, "actual": {"line_number": 97, "label": "True Positive", "secret_value": "AKIAU5N4F6V2X7L9W8K3", "reason": "The value 'AKIAU5N4F6V2X7L9W8K3' is an AWS Access Key ID, definitively identified by the 'AKIA' prefix, which is a standard format for these credentials. The 20-character alphanumeric string following the prefix is long and appears to have high entropy, making it unlikely to be a placeholder. Unlike generic patterns such as 'AKIAXXXXXXXXXXXXXXXX', this is a specific value. Exposing an Access Key ID is a security risk because it can be combined with a secret access key to gain unauthorized access to cloud resources. The explicit parameter name `aws_access_key_id` and the use of the `boto3` library confirm the context of AWS authentication."}} +{"id": 20, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 98, "secret": "yJkLpQz8tHj9rWvXnF7sD2bA4gC6eM1hT5oI3uR", "label": "True Positive"}, "actual": {"line_number": 98, "label": "True Positive", "secret_value": "yJkLpQz8tHj9rWvXnF7sD2bA4gC6eM1hT5oI3uR", "reason": "The value 'yJkLpQz8tHj9rWvXnF7sD2bA4gC6eM1hT5oI3uR' is a valid AWS secret access key, characterized by its high entropy and 40-character length. The random mix of uppercase letters, lowercase letters, and numbers is consistent with a genuine, machine-generated credential. Unlike placeholders which use repeating characters or descriptive text, this value is a specific, unpredictable string. Its use as the `aws_secret_access_key` parameter in a `boto3.client` call confirms its purpose as an authentication token. The comment '# Hardcoded credentials for development environment' provides explicit context that, while less severe than production, is still a significant security risk as this key could be used to access resources."}} +{"id": 20, "index": 0, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 111, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 111, "label": "True Positive", "secret_value": "https://hooks.slack.com/services/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", "reason": "The value is a fully-formed Slack Incoming Webhook URL, which serves as an authentication token for sending messages to a specific Slack channel. This URL is not a template or placeholder; it is a specific, functional credential used by the `requests.post` function. The value adheres to the Slack webhook URL format, containing the required three-part path structure and ending in a 24-character, high-entropy string of alphanumeric characters that acts as the secret. Unlike placeholders such as 'YOUR_WEBHOOK_URL', this is a concrete, active secret that could be exploited to post spam or sensitive information into a company's Slack workspace. Even if intended for a non-production environment, its functional nature and high entropy make it a critical security risk to hardcode."}} +{"id": 20, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 42, "secret": "8f3e5b6d9c0a7f1e4d8b2c6a9f0e3d7b", "label": "True Positive"}, "actual": {"line_number": 42, "label": "True Positive", "secret_value": "8f3e5b6d9c0a7f1e4d8b2c6a9f0e3d7b", "reason": "The value '8f3e5b6d9c0a7f1e4d8b2c6a9f0e3d7b' is a 32-character hexadecimal string, a common format for API keys, specifically for Datadog. The value itself exhibits high entropy, characterized by a random mix of numbers and lowercase letters, indicating it is a functional credential. Unlike placeholders or test data, this is a fully-formed, concrete key. Its assignment to the `api_key` parameter within a Datadog provider block confirms its use for authenticating with the service. Exposing a functional key in code, regardless of environment, presents a significant security risk as it can be abused."}} +{"id": 20, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 47, "secret": "u+K3v7Pq9bRz5sL1xT0w", "label": "True Positive"}, "actual": {"line_number": 47, "label": "True Positive", "secret_value": "u+K3v7Pq9bRz5sL1xT0w", "reason": "The value 'u+K3v7Pq9bRz5sL1xT0w' is a high-entropy string consistent with an authentication token, which is strongly supported by its context. This 20-character string exhibits cryptographic randomness through its mix of uppercase letters, lowercase letters, numbers, and special characters ('+', '/'). The value has no repeating patterns, placeholder text, or dictionary words, which are common indicators of false positives. The assignment to a 'token' parameter in a 'pagerduty' provider block provides explicit confirmation that this value is a real credential. Hardcoding a secret like this is a security risk as it exposes the PagerDuty integration for anyone with access to the code."}} +{"id": 20, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 118, "secret": "https://9abf873c5d64e1f0a2b3c4d5e6f78901@o450512.ingest.sentry.io/45054321012", "label": "True Positive"}, "actual": {"line_number": 118, "label": "True Positive", "secret_value": "https://9abf873c5d64e1f0a2b3c4d5e6f78901@o450512.ingest.sentry.io", "reason": "The value is a Sentry DSN, which is a type of access credential composed of a public key and an origin identifier. The 32-character high-entropy string portion '9abf873c5d64e1f0a2b3c4d5e6f78901' is the public key, which is intentionally public but must be kept confidential to prevent abuse of the Sentry service. The '@' symbol separating this key from the ingest domain is a standard authentication format. Unlike placeholders which use repeated characters or generic IDs, this value is a fully-formed, concrete credential. Although the key itself is public, the credential as a whole is considered sensitive because it must always be tied to the correct Sentry organization and project, and leaking it can lead to incorrect error reporting and abuse."}} +{"id": 20, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 124, "secret": "pk.eyJ1IjoicmVhbGRldjk5IiwiYSI6ImNsdzR5Z3JqZzBmajIyaXFsMXB3dzQ2NzgifQ.w3bKgfS_h9n8FpG7S8z1Jg", "label": "True Positive"}, "actual": {"line_number": 124, "label": "True Positive", "secret_value": "pk.eyJ1IjoicmVhbGRldjk5IiwiYSI6ImNsdzR5Z3JqZzBmajIyaXFsMXB3dzQ2NzgifQ.w3bKgfS_h9n8FpG7S8z1Jg", "reason": "The value is a valid Mapbox Public Access Token, definitively identified by its 'pk.' prefix. The large Base64-encoded string after the prefix exhibits high entropy and matches the structural format of a real token, indicating it is not a placeholder. Unlike a generic placeholder like '', this is a fully-formed, specific credential. Although intended for public use, these tokens are still sensitive as they are unique to an account and can be abused. The hardcoded nature and the developer's explicit comment confirming this is a leaked token make it a critical security risk."}} +{"id": 20, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 43, "secret": "dckr_pat_1sT2uV3wX4yZ5aB6c-D7eF8gH9i", "label": "True Positive"}, "actual": {"line_number": 43, "label": "True Positive", "secret_value": "dckr_pat_1sT2uV3wX4yZ5aB6c-D7eF8gH9i", "reason": "The value 'dckr_pat_1sT2uV3wX4yZ5aB6c-D7eF8gH9i' is a valid Docker Personal Access Token (PAT). The value's structure is highly indicative of a Docker token, as it starts with the prefix 'dckr_pat_', which is a specific identifier used by the service. The rest of the string is a 20-character, high-entropy sequence of mixed-case alphanumeric characters and a hyphen, matching the exact format of a real credential. This is not a placeholder, template, or example; it is a fully formed value that possesses the cryptographic randomness expected of a live secret. The context confirms its sensitivity, as it is used directly as a `password` to log into a Docker Hub account within a continuous integration pipeline."}} +{"id": 20, "index": 3, "sub_index": 1, "perfect_match": false, "error_fields": ["value"], "expected": {"line_number": 61, "secret": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS\n1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQQMzMhV14/tYpG+0s/VfT3Rz2B6eJgA\nm9gK0fe9WSCuY8Z6S4M0+iYfJ7a3C5u/m8n0f8a9gJ0bH2c1QAAAAlhbGljZUBleGFtcGxl\nLmNvbQ==\n-----END OPENSSH PRIVATE KEY-----", "label": "True Positive"}, "actual": {"line_number": 61, "label": "True Positive", "secret_value": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS\n-siha2LW5pc3QyNTYAAAACG5pc3QyNTYAAAAQQQMzMhV14/tYpG+0s/VfT3Rz2B6eJgA\nm9gK0fe9WSCuY8Z6S4M0+iYfJ7a3C5u/m8n0f8a9gJ0bH2c1QAAAAlhbGljZUBleGFtcGxl\nLmNvbQ==\n-----END OPENSSH PRIVATE KEY-----", "reason": "The value is a complete and valid OpenSSH Private Key, identified by the standard `-----BEGIN OPENSSH PRIVATE KEY-----` and `-----END OPENSSH PRIVATE KEY-----` delimiters. The body of the key is a large, high-entropy block of Base64 encoded data, which is the standard format for representing the actual cryptographic key material. This is not a placeholder or template, as it lacks any repeated characters or generic text. Although the surrounding code context is a workflow file where this secret might be used, hardcoding a complete private key is a major security vulnerability. Such keys are highly sensitive credentials that must be managed securely through platform secrets, not stored in source code."}} +{"id": 20, "index": 4, "sub_index": 0, "perfect_match": false, "error_fields": ["label"], "expected": {"line_number": 13, "secret": "jdbc:postgresql://db-repl-cluster-1.us-east-2.rds.amazonaws.com:5432/analytics_db", "label": "True Positive"}, "actual": {"line_number": 13, "label": "False Positive", "secret_value": "jdbc:postgresql://db-repl-cluster-1.us-east-2.rds.amazonaws.com:5432/analytics_db", "reason": "The value 'jdbc:postgresql://db-repl-cluster-1.us-east-2.rds.amazonaws.com:5432/analytics_db' is a database connection string, but it does not contain any credentials. A connection string's sensitivity is determined by the presence of a password or token, neither of which is embedded in this value. The value only provides non-sensitive information such as the database protocol, an AWS RDS cluster hostname, a standard port, and a database name. While the hostname points to an AWS resource, it is not an access key or secret. This pattern teaches that connection strings are only secrets when they include authentication details like a username and password."}} +{"id": 20, "index": 4, "sub_index": 1, "perfect_match": false, "error_fields": ["label"], "expected": {"line_number": 14, "secret": "etl_worker_usr", "label": "True Positive"}, "actual": {"line_number": 14, "label": "False Positive", "secret_value": "etl_worker_usr", "reason": "The value 'etl_worker_usr' is a database username, which is a type of credential, but it is a common, descriptive identifier for a role and not a secret. This string has very low entropy and is composed of common English dictionary words ('etl', 'worker', 'usr'), a pattern typical of a username, not a high-entropy cryptographic key or password. Real credentials exhibit randomness and lack predictable structures or readable text. The context confirms this is a non-sensitive identifier for an 'ETL worker', specifying a role rather than a unique, confidential password. Such descriptive role-based usernames should be classified as false positives as they do not represent the actual sensitive secret."}} +{"id": 20, "index": 4, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 15, "secret": "p#a5sWd_9F!gH", "label": "True Positive"}, "actual": {"line_number": 15, "label": "True Positive", "secret_value": "p#a5sWd_9F!gH", "reason": "The value 'p#a5sWd_9F!gH' is a true positive because it is a high-entropy string that matches common password patterns, mixing letters, numbers, and special characters. This specific value exhibits strong characteristics of a manually generated secret key and lacks any generic placeholder traits. The context confirms its sensitivity, as it is directly assigned to the `spring.datasource.password` parameter in a production application configuration file. This credential type provides direct access to sensitive data in the 'analytics_db' database, making hardcoding it a severe security risk."}} +{"id": 20, "index": 4, "sub_index": 3, "perfect_match": true, "error_fields": [], "expected": {"line_number": 24, "secret": "gK9pD3rX8vLhT6bFzA4mSjR7uW1qV0iNzY5eC2oP/cE=", "label": "True Positive"}, "actual": {"line_number": 24, "label": "True Positive", "secret_value": "gK9pD3rX8vLhT6bFzA4mSjR7uW1qV0iNzY5eC2oP/cE=", "reason": "The secret value 'gK9pD3rX8vLhT6bFzA4mSjR7uW1qV0iNzY5eC2oP/cE=' is a Base64-encoded string exhibiting high entropy, which is characteristic of a cryptographic key. This is a fully-formed key, not a placeholder; it is a random-looking string of uppercase letters, lowercase letters, numbers, '/', and '='. The variable name `jwt.secret.key` and the comment 'This key is used to sign authentication tokens. DO NOT EXPOSE.' provide definitive context that this value is a sensitive cryptographic secret. Hardcoding this key directly in the configuration makes the entire JWT-based authentication system vulnerable, as anyone with source code access can forge or tamper with tokens. This is a classic example of a real, high-impact secret found in configuration files."}} +{"id": 21, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 95, "secret": "AKIA4J7V5Y7U3N2P5Q6R", "label": "True Positive"}, "actual": {"line_number": 95, "label": "True Positive", "secret_value": "AKIA4J7V5Y7U3N2P5Q6R", "reason": "The value 'AKIA4J7V5Y7U3N2P5Q6R' is a valid AWS Access Key ID. The value follows the exact pattern defined by AWS, starting with the specific prefix 'AKIA' which identifies it as a programmatic access key. It is composed of 20 high-entropy uppercase letters, which confirms its structural validity and distinguishes it from generic placeholders. Unlike example keys which often use repeated or sequential characters, this value is unpredictable. Its use in direct assignment to a constant named `AWS_ACCESS_KEY_ID` and subsequent passing to `boto3.client` provides strong contextual evidence that this is a functional credential, representing a significant security risk."}} +{"id": 21, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 96, "secret": "jZ8v/L9K+mN4PqR7sT1uVwXyZ/aB3cD4eF6gH7hI", "label": "True Positive"}, "actual": {"line_number": 96, "label": "True Positive", "secret_value": "jZ8v/L9K+mN4PqR7sT1uVwXyZ/aB3cD4eF6gH7hI", "reason": "The value 'jZ8v/L9K+mN4PqR7sT1uVwXyZ/aB3cD4eF6gH7hI' is a high-entropy, Base64-encoded string consistent with an AWS Secret Access Key. Its composition of mixed-case alphanumeric characters and special symbols ('/', '+') exhibits significant randomness, indicating cryptographic randomness rather than a placeholder. Unlike generic examples that use repeated characters or descriptive text, this is a fully formed, specific value. The variable name `AWS_SECRET_ACCESS_KEY` and its direct use in a `boto3.client` call provide strong contextual evidence that this is a sensitive credential. Hardcoding secrets of this nature is a critical security vulnerability as it leaks authentication capabilities."}} +{"id": 21, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 37, "secret": "dckr_pat_aRqS4fGz3tYpLm9vBx2wK7jNc8zD1oE", "label": "True Positive"}, "actual": {"line_number": 37, "label": "True Positive", "secret_value": "dckr_pat_aRqS4fGz3tYpLm9vBx2wK7jNc8zD1oE", "reason": "The value 'dckr_pat_aRqS4fGz3tYpLm9vBx2wK7jNc8zD1oE' is a high-entropy string that matches the exact format of a Docker Personal Access Token (PAT). The prefix 'dckr_pat_' is a definitive identifier for this secret type, and the remaining alphanumeric string shows cryptographic randomness with mixed case and numbers, which is characteristic of a machine-generated credential. Unlike placeholders, this is a fully-formed token. The assignment to a parameter named 'password' and its usage within a 'docker/login-action' confirms its sensitive nature as authentication material. Leaking this token would allow unauthorized access to the user's Docker Hub repository."}} +{"id": 21, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 53, "secret": "HRKU-a0b1c2d3-e4f5-6789-a0b1-c2d3e4f56789", "label": "True Positive"}, "actual": {"line_number": 53, "label": "True Positive", "secret_value": "HRKU-a0b1c2d3-e4f5-6789-a0b1-c2d3e4f56789", "reason": "The value 'HRKU-a0b1c2d3-e4f5-6789-a0b1-c2d3e4f56789' is a valid Heroku API key due to its specific format. The 'HRKU-' prefix serves as a service-identifying namespace, distinguishing it from keys of other providers. The subsequent 8-4-4-4-12 hexadecimal string is the primary credential, exhibiting moderate entropy and conforming exactly to the format used by Heroku for API access tokens. Although some parts of the value are predictable (like repeating character groups), this is a common characteristic of machine-generated keys and does not disqualify it as a secret. The variable name 'heroku_api_key' in the workflow file provides explicit context, confirming that this is intended for authentication. Leaking this key in a public repository could allow unauthorized deployment to a Heroku application."}} +{"id": 21, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 52, "secret": "7b2f4a5c8e1d9g3h5i7j6k1l3m4n5o6p", "label": "True Positive"}, "actual": {"line_number": 52, "label": "True Positive", "secret_value": "7b2f4a5c8e1d9g3h5i7j6k1l3m4n5o6p", "reason": "The value '7b2f4a5c8e1d9g3h5i7j6k1l3m4n5o6p' is a high-entropy string that conforms to the typical format of a Datadog API key. The string consists of 32 random-looking hexadecimal characters, which exhibits cryptographic randomness and is characteristic of a machine-generated credential. Unlike a placeholder (e.g., 'YOUR_API_KEY' or repeated characters), this is a fully-formed, concrete value. The context of its assignment to the 'api_key' parameter within the Datadog provider block in Terraform confirms its sensitive nature, as this key is used to authenticate with the Datadog API for sending data."}} +{"id": 21, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 120, "secret": "https://b3c1d4e5f6a7b8c9d0e1f2a3b4c5d6e7@o123456.ingest.sentry.io/7890123", "label": "True Positive"}, "actual": {"line_number": 120, "label": "True Positive", "secret_value": "https://b3c1d4e5f6a7b8c9d0e1f2a3b4c5d6e7@o123456.ingest.sentry.io", "reason": "The value is a full Sentry Data Source Name (DSN) with a hardcoded secret key embedded directly in the URL. The component `https://@.ingest.sentry.io` is a canonical format for Sentry credentials. The key part, `b3c1d4e5f6a7b8c9d0e1f2a3b4c5d6e7`, is a 32-character high-entropy string that precisely matches the format and character set of a genuine Sentry DSN public key. Unlike a placeholder like '', this is a concrete, random-looking value that could be active. Hardcoding the secret within the DSN string itself is a known security risk for Sentry, as this key allows anyone to send data to the organization's account."}} +{"id": 21, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 127, "secret": "pk.eyJ1IjoibXlicmFuZGFwcCIsImEiOiJjbGo3cDF3cDAxM2QzM2VwMnR4bzBqemVyIn0.hZl8pAqK5n9bC2eR1fG0oQ", "label": "True Positive"}, "actual": {"line_number": 127, "label": "True Positive", "secret_value": "pk.eyJ1IjoibXlicmFuZGFwcCIsImEiOiJjbGo3cDF3cDAxM2QzM2VwMnR4bzBqemVyIn0.hZl8pAqK5n9bC2eR1fG0oQ", "reason": "The value is a valid Mapbox Public Access Token, definitively identified by its 'pk.' prefix. The string is a structured JSON Web Token (JWT), where the 'eyJ' prefix and the Base64-encoded components are standard JWT format indicators. Unlike a placeholder, this is a fully-formed token that appears to follow Mapbox's token structure. While called 'public,' these tokens are intended for client-side use and can be abused if extracted, leading to unexpected billing and misuse of the service. Hardcoding these tokens, even if public, represents a security vulnerability by exposing an architectural credential."}} +{"id": 21, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 217, "secret": "postgres://billing_svc_user:p5^z@kL$9!sR@prod-db-replica-1.us-east-1.rds.amazonaws.com:5432/billing_prod", "label": "True Positive"}, "actual": {"line_number": 217, "label": "True Positive", "secret_value": "postgres://billing_svc_user:p5^z@kL$9!sR@prod-db-replica-1.us-east-1.rds.amazonaws.com:5432", "reason": "This value is a complete database connection string that embeds sensitive authentication credentials. The structure, 'protocol://username:password@hostname:port', is a classic secret format. The password component, 'p5^z@kL$9!sR', is a high-entropy string containing a mix of uppercase letters, lowercase letters, numbers, and special symbols, which strongly suggests it is a real credential. Unlike a placeholder like '', this is a specific, concrete value that grants direct access to a production database. Exposing credentials in a connection string, especially in a file marked 'Production', is a critical security vulnerability."}} +{"id": 21, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 227, "secret": "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhdXRoLXRva2VuIiwiZXhwIjoxNjk5ODgwOTU1fQ.X2mZ4pBv8qC6wN3rF1eD0sJ7gT9hK8uL5oA", "label": "True Positive"}, "actual": {"line_number": 227, "label": "True Positive", "secret_value": "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhdXRoLXRva2VuIiwiZXhwIjoxNjk5ODgwOTU1fQ.X2mZ4pBv8qC6wN3rF1eD0sJ7gT9hK8uL5oA", "reason": "The value is a correctly formatted JSON Web Token (JWT), characterized by its three distinct Base64-encoded parts separated by dots. The first part, 'eyJhbGciOiJIUzUxMiJ9', decodes to a JSON object specifying the 'HS512' signing algorithm, which is definitive of a JWT header. The second part decodes to the token's payload. The third part, 'X2mZ4pBv8qC6wN3rF1eD0sJ7gT9hK8uL5oA', serves as the cryptographic signature and exhibits high entropy, confirming it is not a placeholder. Although the payload contains generic data, the entire structure and signature confirm this is a real, potentially active JWT. Committing a validly formatted token, even one from a documentation or test environment, is a major security risk as it can be used for authentication against development or staging systems."}} +{"id": 21, "index": 4, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 230, "secret": "sdk-e6a8c4f9-b0d3-4f1e-8a7b-9c2d0f3e5b6a", "label": "True Positive"}, "actual": {"line_number": 230, "label": "True Positive", "secret_value": "sdk-e6a8c4f9-b0d3-4f1e-8a7b-9c2d0f3e5b6a", "reason": "The value 'sdk-e6a8c4f9-b0d3-4f1e-8a7b-9c2d0f3e5b6a' is a valid application secret, specifically an SDK key. Its structure follows the standard UUID format (8-4-4-4-12 hexadecimal characters), which is a common pattern for authentication tokens. The value exhibits high entropy with no repetitive patterns, indicating it is a machine-generated credential. Unlike placeholders, this is a fully formed UUID that could be active in a production environment. The context of the variable name `feature.flags.sdk.key` confirms its purpose as a credential for a specific service, making it a critical security risk."}} +{"id": 21, "index": 4, "sub_index": 3, "perfect_match": true, "error_fields": [], "expected": {"line_number": 234, "secret": "Kq5dG3iSgPi1Lw0bM4rV7cHuZx/N+pU8wJ2lO3fF6xg=", "label": "True Positive"}, "actual": {"line_number": 234, "label": "True Positive", "secret_value": "Kq5dG3iSgPi1Lw0bM4rV7cHuZx/N+pU8wJ2lO3fF6xg=", "reason": "The value 'Kq5dG3iSgPi1Lw0bM4rV7cHuZx/N+pU8wJ2lO3fF6xg=' is a high-entropy string that precisely matches the format of a Base64-encoded 32-byte key. Its random mix of upper and lower case letters, numbers, and symbols, along with the trailing '=' padding character, are strong indicators of a cryptographic secret. The variable name `encryption.pii.aes.key` explicitly confirms this value is an encryption key used to protect Personally Identifiable Information, making its exposure a critical security risk. Unlike a generic placeholder, this is a fully-formed, complex value that could be active in a production environment. The context header '# Java Application Configuration - Production' further confirms that this secret is intended for a production system, increasing its sensitivity."}} +{"id": 22, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 118, "secret": "AKIAV7S4M3PZ5LQXJH9R", "label": "True Positive"}, "actual": {"line_number": 118, "label": "True Positive", "secret_value": "AKIAV7S4M3PZ5LQXJH9R", "reason": "The value 'AKIAV7S4M3PZ5LQXJH9R' is a valid AWS Access Key ID. The specific 'AKIA' prefix is a defining format indicator for an AWS IAM user key, distinguishing it from public resources or other key types. The string exhibits high entropy and matches the 20-character length requirement. Unlike placeholders (e.g., 'AKIAXXXXXXXXXXXXXXXX'), this is a fully-formed credential. The context, with the variable name `AWS_ACCESS_KEY_ID` and its subsequent use in `boto3.client`, confirms its purpose is authentication. Hardcoding this value directly into source code presents a critical security risk as it allows unauthorized access to AWS resources."}} +{"id": 22, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 119, "secret": "uJt+nE7i/K8zXw9VhG2qfB1sYd0cR5zP3oI4sL7g", "label": "True Positive"}, "actual": {"line_number": 119, "label": "True Positive", "secret_value": "uJt+nE7i/K8zXw9VhG2qfB1sYd0cR5zP3oI4sL7g", "reason": "The value 'uJt+nE7i/K8zXw9VhG2qfB1sYd0cR5zP3oI4sL7g' is a high-entropy string that perfectly matches the format of an AWS Secret Access Key. The value consists of a random mix of uppercase and lowercase letters, numbers, and special characters ('+', '/'), exhibiting the unpredictable nature characteristic of a cryptographic key. Unlike a placeholder (e.g., 'YOUR_SECRET'), this is a fully-formed credential that appears to be a real, functional key. Although the variable name and a preceding comment explicitly warn against this practice, the presence of a realistic, concrete value makes it a significant secret vulnerability. Even test credentials can provide unauthorized access to resources, justifying a True Positive classification."}} +{"id": 22, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 67, "secret": "ghp_bK9yR3tX1vP5zN7mW0sD8jF2hG6cV4eLqA", "label": "True Positive"}, "actual": {"line_number": 67, "label": "True Positive", "secret_value": "ghp_bK9yR3tX1vP5zN7mW0sD8jF2hG6cV4eLqA", "reason": "The value 'ghp_bK9yR3tX1vP5zN7mW0sD8jF2hG6cV4eLqA' is a high-entropy string matching the format of a GitHub Personal Access Token (PAT). The value is a 40-character alphanumeric string beginning with the service-specific prefix 'ghp_', which uniquely identifies it as a token type used for Git operations. The random characters after the prefix show high entropy, consistent with cryptographic generation of a real secret. This is not a placeholder but a fully-formed token that could be used to authenticate with a Git repository. Exposing this type of token in a CI/CD file like a GitHub Actions workflow is a severe security risk, as it grants authenticated access to the codebase."}} +{"id": 22, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 73, "secret": "https://hooks.slack.com/services/T00ABCDEF/B01234567/j9kL8hG7fE6dC5b4A3s2S1qP", "label": "True Positive"}, "actual": {"line_number": 73, "label": "True Positive", "secret_value": "https://hooks.slack.com/services/T00ABCDEF/B01234567/j9kL8hG7fE6dC5b4A3s2S1qP", "reason": "The value is a fully formed Slack Incoming Webhook URL, which functions as a credential for posting messages to a specific Slack channel. The URL path follows the exact Slack service format `hooks.slack.com/services///`, and the final 24-character segment `j9kL8hG7fE6dC5b4A3s2S1qP` is a high-entropy string characteristic of a real token. Unlike a placeholder, this value is concrete and could be actively used to send notifications. Hardcoding a webhook URL directly in a script or configuration file is a significant security risk, as it can be extracted by anyone with read access to the code, allowing them to spam channels or send misleading information."}} +{"id": 22, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 46, "secret": "Adm1nPassw0rd$tr0ng!2023", "label": "True Positive"}, "actual": {"line_number": 46, "label": "True Positive", "secret_value": "Adm1nPassw0rd$tr0ng!2023", "reason": "The value 'Adm1nPassw0rd$tr0ng!2023' is a strong password, not a placeholder. The password exhibits high entropy and conforms to common security best practices by combining uppercase letters, lowercase letters, numbers, and special characters. While its origin is in a Terraform configuration file for an `aws_db_instance` resource, the value itself is fully-formed and specific, not a generic placeholder like 'PASSWORD123'. Even if intended for an early-stage development environment, a unique password like this is a hardcoded secret that should never be version-controlled. The variable name `password` and its usage in a database resource block further confirm its function as a critical secret."}} +{"id": 22, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 63, "secret": "postgres://platform_admin:Adm1nPassw0rd$tr0ng!2023@${aws_db_instance.main_db.address}:5432/platformdb", "label": "True Positive"}, "actual": {"line_number": 63, "label": "True Positive", "secret_value": "postgres://platform_admin:Adm1nPassw0rd$tr0ng!2023@${aws_db_instance.main_db.address}:5432/platformdb", "reason": "This value is a complete database connection string, which is a highly sensitive credential type that embeds authentication details. It correctly uses the `postgres://` URL schema and includes the username `platform_admin` followed by a specific password, `Adm1nPassw0rd$tr0ng!2023`. The password exhibits strong cryptographic properties with its mix of uppercase, lowercase, numbers, and special characters, distinguishing it from weak placeholders like 'password'. Although the hostname uses Terraform's variable substitution `${aws_db_instance.main_db.address}`, the password component is a literal, high-entropy credential. Hardcoding authentication credentials, even within a connection string that uses variables for non-sensitive parts, constitutes a significant security risk."}} +{"id": 22, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 201, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtwcmd6cm1rc3Z5cWpmcndocHRkIiwicm9sZSI6ImFub24iLCJpYXQiOjE2Nzk2NjU4MjMsImV4cCI6MTk5NTI0MTgyM30.4iU9a-y9mC2bYDDsYk1E1f0LgR8PzO7JqN6cX-wB1A4", "label": "True Positive"}, "actual": {"line_number": 201, "label": "True Positive", "secret_value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtwcmd6cm1rc3Z5cWpmcndocHRkIiwicm9sZSI6ImFub24iLCJpYXQiOjE2Nzk2NjU4MjMsImV4cCI6MTk5NTI0MTgyM30.4iU9a-y9mC2bYDDsYk1E1f0LgR8PzO7JqN6cX-wB1A4", "reason": "The value is a high-entropy string that perfectly matches the format of a Supabase Public/Anonymous API Key, which is a type of OAuth token. The string is Base64 URL-encoded and consists of three parts separated by periods, containing random characters with sufficient length and entropy to be a real credential. Although the context mentions an 'anonymous key', it is a fully-formed, functional token and not a generic placeholder. Hardcoding any API key, even an anonymous one, is a security risk as it provides direct read access to the associated database. The presence of a similar `serviceRoleKey` elsewhere in the file further confirms that the developer is hardcoding sensitive Supabase authentication material."}} +{"id": 22, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 207, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtwcmd6cm1rc3Z5cWpmcndocHRkIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImlhdCI6MTY3OTY2NTgyMywiZXhwIjoxOTk1MjQxODIzfQ.kL8T5gV2rE1zO6pJ9bN4yF0wH7uX3eC8iS1aB0d9F6E", "label": "True Positive"}, "actual": {"line_number": 207, "label": "True Positive", "secret_value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtwcmd6cm1rc3Z5cWpmcndocHRkIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImlhdCI6MTY3OTY2NTgyMywiZXhwIjoxOTk1MjQxODIzfQ.kL8T5gV2rE1zO6pJ9bN4yF0wH7uX3eC8iS1aB0d9F6E", "reason": "The value is a valid Supabase service role key, which is a highly sensitive credential. It exhibits the classic JWT format with three Base64Url-encoded sections separated by dots, which has high entropy. Unlike a generic placeholder, this is a fully formed, unique key that is Base64 decoded from the comment next to it, revealing its structure and intent. The variable name 'serviceRoleKey' and the explicit comment 'The service_role key grants full access and should never be in client-side code' confirm its sensitive nature. Exposing a service role key in client-side code is a critical security flaw as it allows any authenticated client to perform administrative actions on the database."}} +{"id": 22, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 92, "secret": "AIzaSyBw-D9Gv_FzTjuKmL8sH2pR1oY7qE6bXz4", "label": "True Positive"}, "actual": {"line_number": 92, "label": "True Positive", "secret_value": "AIzaSyBw-D9Gv_FzTjuKmL8sH2pR1oY7qE6bXz4", "reason": "The value 'AIzaSyBw-D9Gv_FzTjuKmL8sH2pR1oY7qE6bXz4' is a Google Cloud API key, definitively identified by the prefix 'AIzaSy'. This specific prefix is a public, well-documented marker for Google's server-side keys. The rest of the string is a high-entropy sequence of alphanumeric characters and underscores, consistent with Google's format for authenticating service requests. Although the surrounding code has a comment advising against this practice, the value itself is a real, functional credential. Exposing keys, even in a 'buildConfigField', is a critical security risk because they grant access to a developer's or organization's cloud services, which is never acceptable."}} +{"id": 22, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 93, "secret": "8a7b6c5d4e3f2g1h0j9k8l7m6n5o4p3q", "label": "True Positive"}, "actual": {"line_number": 93, "label": "True Positive", "secret_value": "8a7b6c5d4e3f2g1h0j9k8l7m6n5o4p3q", "reason": "The value '8a7b6c5d4e3f2g1h0j9k8l7m6n5o4p3q' is a high-entropy string that functions as an API key. Its 32-character composition, using a random mix of alphanumeric characters, is a common pattern for real-world credentials. Unlike a placeholder, this is a concrete value without repetitive or sequential patterns. The context within a `buildConfigField` and the corresponding variable name `OPENWEATHER_API_KEY` explicitly confirm its purpose as a secret authentication token for the OpenWeatherMap service. The accompanying comment recommending storing keys in `local.properties` highlights the developer's awareness of this being a secret, yet it has been hardcoded, making it a security risk."}} +{"id": 22, "index": 4, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 99, "secret": "UnsafeKeyStorePassword123", "label": "True Positive"}, "actual": {"line_number": 99, "label": "True Positive", "secret_value": "UnsafeKeyStorePassword123", "reason": "The value 'UnsafeKeyStorePassword123' is a password, identified by the contextual keyword 'storePassword' in a 'signingConfigs' block. Although it is a descriptive and 'unsafe' password, it is a concrete, literal string used for authentication. This is not a placeholder like '' but a specific, usable value. Hardcoding passwords of any complexity into source code, even test or development configurations, is a major security risk because it makes them easily discoverable by anyone with access to the code repository. The value's structure, combining dictionary words and numbers, is a common pattern for developers creating weak but functional credentials."}} +{"id": 22, "index": 4, "sub_index": 3, "perfect_match": true, "error_fields": [], "expected": {"line_number": 101, "secret": "UnsafeKeyPassword!@#", "label": "True Positive"}, "actual": {"line_number": 101, "label": "True Positive", "secret_value": "UnsafeKeyPassword!@#", "reason": "The value 'UnsafeKeyPassword!@#' is a clear example of a hardcoded password that directly compromises security. Despite its descriptive name, it is a literal, high-entropy string that could potentially grant access to a cryptographic keystore. The presence of mixed-case letters, numbers, and special characters demonstrates that this is not a generic placeholder but a fully formed credential. Hardcoding passwords, even those intended for testing or non-production environments, is a critical vulnerability as they are easily discoverable in version control history. The name itself functions as an alert, highlighting the inherently insecure practice."}} +{"id": 23, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 96, "secret": "postgres://report_writer:j$F9*kL2!pQ@dbr-prod-az1.c8xyzefg1234.us-east-1.rds.amazonaws.com:5432/reporting_db", "label": "True Positive"}, "actual": {"line_number": 96, "label": "True Positive", "secret_value": "postgres://report_writer:j$F9*kL2!pQ@dbr-prod-az1.c8xyzefg1234.us-east-1.rds.amazonaws.com:5432/reporting_db", "reason": "This value is a complete PostgreSQL connection string that hardcodes sensitive credentials. It follows the standard `scheme://username:password@host:port/database` format, embedding both the password 'j$F9*kL2!pQ' and a hostname for a production AWS RDS database. The password itself exhibits high entropy with a random mix of uppercase letters, lowercase letters, numbers, and special characters, making it a strong indicator of a real credential. Hardcoding a production connection string is a critical security risk, as it provides direct access to a live database for anyone who finds it in the source code."}} +{"id": 23, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 98, "secret": "45d6f3c1b0a8f7e6d5c4b3a291807f6e5d4c3b2a19807f6e", "label": "True Positive"}, "actual": {"line_number": 98, "label": "True Positive", "secret_value": "45d6f3c1b0a8f7e6d5c4b3a291807f6e5d4c3b2a19807f6e", "reason": "The value '45d6f3c1b0a8f7e6d5c4b3a291807f6e5d4c3b2a19807f6e' is a 64-character hexadecimal string, which is a standard format and length for a cryptographic signing key. The value itself exhibits high entropy with no repetitive or sequential patterns, strongly indicating it is a real, randomly generated secret. Unlike placeholders (e.g., 'YOUR_SECRET_KEY'), this is a concrete, specific string. The context of it being assigned to the `JWT_SECRET_KEY` configuration parameter confirms its highly sensitive nature. Exposing this key is a critical security vulnerability, as it allows anyone with access to the source code or deployed application to forge JWTs, impersonate users, and compromise the application's authentication system."}} +{"id": 23, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 56, "secret": "AKIAU4O6GJ5Y3B7VZIW9", "label": "True Positive"}, "actual": {"line_number": 56, "label": "True Positive", "secret_value": "AKIAU4O6GJ5Y3B7VZIW9", "reason": "The value 'AKIAU4O6GJ5Y3B7VZIW9' is a valid AWS Access Key ID. The prefix 'AKIA' is a definitive identifier for this specific AWS credential type. The rest of the string, 'U4O6GJ5Y3B7VZIW9', is a 16-character high-entropy sequence composed of uppercase letters and numbers, conforming to the AWS specified format. Unlike a placeholder, which might use repeated characters (e.g., 'xxxxxxxx'), this is a concrete, unique value. The variable name `access_key` explicitly confirms the value's sensitive nature. Hardcoding an AWS Access Key ID is a critical security flaw, as it allows anyone with access to the code to authenticate with AWS resources on the account."}} +{"id": 23, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 57, "secret": "eK/qLpW8xV9sY2zC3jB5aN4mD6fG7hJ8kL/mN1oP", "label": "True Positive"}, "actual": {"line_number": 57, "label": "True Positive", "secret_value": "eK/qLpW8xV9sY2zC3jB5aN4mD6fG7hJ8kL/mN1oP", "reason": "The value 'eK/qLpW8xV9sY2zC3jB5aN4mD6fG7hJ8kL/mN1oP' is a high-entropy string that is structurally consistent with an AWS secret access key. The value is a 40-character string containing a random mix of upper and lower case letters and special characters ('/', '+'), which is characteristic of a machine-generated credential. This is not a generic placeholder, which would use repeating characters or template syntax like 'YOUR_SECRET_KEY'. This specific format and high degree of randomness are strong indicators of a real, functional secret. The surrounding code, with the `secret_key` parameter in an `aws` provider block, confirms its sensitive purpose as an authentication token."}} +{"id": 23, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 19, "secret": "dckr_pat_JqT5kL9nW3xS8pZ2yV6cR7uF4mB1gH", "label": "True Positive"}, "actual": {"line_number": 19, "label": "True Positive", "secret_value": "dckr_pat_JqT5kL9nW3xS8pZ2yV6cR7uF4mB1gH", "reason": "The value 'dckr_pat_JqT5kL9nW3xS8pZ2yV6cR7uF4mB1gH' is a valid Docker Personal Access Token. The prefix 'dckr_pat_' is a definitive, service-specific indicator for this type of credential. The following 32-character string, 'JqT5kL9nW3xS8pZ2yV6cR7uF4mB1gH', exhibits high entropy with its random mix of alphanumeric characters, confirming it is not a placeholder. This pattern is characteristic of a real, machine-generated token. The surrounding code context, within a `docker/login-action` step in a CI/CD pipeline, provides explicit confirmation that this value is being used for authentication."}} +{"id": 23, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 38, "secret": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtZW\nQyNTUxOQAAACBPKwuHqROMV0/OTYzcO1y4FmsiUFrgHnpymGU9VvL2pgAAAJgAm9bWJpvW\n1gAAAAdzc2gtZWQyNTUxOQAAACBPKwuHqROMV0/OTYzcO1y4FmsiUFrgHnpymGU9VvL2pg\nAAAAQE4bM6z2vLwJ1Qe7O7S5s+4TBuw+BGfS2b1Uv+8T+zKPKwuHqROMV0/OTYzcO1y4Fm\nsiUFrgHnpymGU9VvL2pgAAAAEXJvb3RAZGVib3BzLTc2LmxhbgECAwQFBgc=\n-----END OPENSSH PRIVATE KEY-----", "label": "True Positive"}, "actual": {"line_number": 38, "label": "True Positive", "secret_value": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtZW\nQyNTUxOQAAACBPKwuHqROMV0/OTYzcO1y4FmsiUFrgHnpymGU9VvL2pgAAAJgAm9bWJpvW\n1gAAAAdzc2gtZWQyNTUxOQAAACBPKwuHqROMV0/OTYzcO1y4FmsiUFrgHnpymGU9VvL2pg\nAAAAQE4bM6z2vLwJ1Qe7O7S5s+4TBuw+BGfS2b1Uv+8T+zKPKwuHqROMV0/OTYzcO1y4Fm\nsiUFrgHnpymGU9VvL2pgAAAAEXJvb3RAZGVib3BzLTc2LmxhbgECAwQFBgc=\n-----END OPENSSH PRIVATE KEY-----", "reason": "The value is a complete, PEM-encoded OpenSSH private key, definitively identified by its standard `-----BEGIN OPENSSH PRIVATE KEY-----` and `-----END OPENSSH PRIVATE KEY-----` delimiters. The block contains a large, multi-line Base64-encoded payload, which exhibits high entropy and is the exact format for raw binary key data. This is not a placeholder, template, or example; it is a fully-formed, syntactically valid secret. Its assignment to the `key` parameter in a `ssh-action` workflow confirms its purpose: authenticating to a server (`prod.ourserver.com`). Leaking a complete private key like this is a severe security risk as it grants unauthorized access to the specified infrastructure."}} +{"id": 23, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 117, "secret": "pk.eyJ1IjoiZGF0YXZpenVzZXIiLCJhIjoiY2xwdXI2eHVhMGc3cTJrbzZ2d2k4cDFoOSJ9.gK4wV3oX9lPjQ7sR1eZfBq", "label": "True Positive"}, "actual": {"line_number": 117, "label": "True Positive", "secret_value": "pk.eyJ1IjoiZGF0YXZpenVzZXIiLCJhIjoiY2xwdXI2eHVhMGc3cTJrbzZ2d2k4cDFoOSJ9.gK4wV3oX9lPjQ7sR1eZfBq", "reason": "The value is a fully-formed Mapbox Public Access Token, identified by the specific 'pk.' prefix. The value consists of three URL-safe Base64 parts, characteristic of a JWT (JSON Web Token), which is the standard format for these tokens. This specific value has high entropy and lacks any placeholder markers, suggesting it is a real, potentially active credential. Unlike generic examples, this is a concrete value. Despite the comment on line 113 referring to 'external mapping services' and a later comment on line 140 on this token's usage, it is classified as a true positive because it is a complete, parsable secret that could be abused to make requests against the service."}} +{"id": 23, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 14, "secret": "SG.rTk8wX3qS7iE9fG2hJ5kL.pZ6xV7yW1zB4cE6fG8hJ0kM2nO4qR6sT8uV9wY1zA3b", "label": "True Positive"}, "actual": {"line_number": 14, "label": "True Positive", "secret_value": "SG.rTk8wX3qS7iE9fG2hJ5kL.pZ6xV7yW1zB4cE6fG8hJ0kM2nO4qR6sT8uV9wY1zA3b", "reason": "The value 'SG.rTk8wX3qS7iE9fG2hJ5kL.pZ6xV7yW1zB4cE6fG8hJ0kM2nO4qR6sT8uV9wY1zA3b' is a valid SendGrid API Key. Its structure is a key characteristic: it consists of three segments separated by periods, with the first segment 'SG.' serving as a specific service identifier. The second and third segments are high-entropy strings that contain a random mix of upper and lower case letters, numbers, and symbols, which strongly indicates they are cryptographic material. This format and randomness are consistent with real, functional credentials, not placeholders. The key name 'SendGridApiKey' in the configuration JSON provides definitive context that this is authentication information for the SendGrid service."}} +{"id": 23, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 23, "secret": "DefaultEndpointsProtocol=https;AccountName=prodblobstore987;AccountKey=zXcVbN6mPqR9sT2uW4xY7zC3jB5aN4mD6fG8hJ0kM2nO4qR6sT8uV9wY1zA3bE5fG7hJ8kL+A==;EndpointSuffix=core.windows.net", "label": "True Positive"}, "actual": {"line_number": 23, "label": "True Positive", "secret_value": "DefaultEndpointsProtocol=https;AccountName=prodblobstore987;AccountKey=zXcVbN6mPqR9sT2uW4xY7zC3jB5aN4mD6fG8hJ0kM2nO4qR6sT8uV9wY1zA3bE5fG7hJ8kL+A==;EndpointSuffix=core.windows.net", "reason": "The value is a complete Azure Storage Account Connection String, which is a highly sensitive credential. Its composition matches the exact format specified by Microsoft, including protocols, account name, and the crucial `AccountKey` parameter. The key value `zXcVbN6mPqR9sT2uW4xY7zC3jB5aN4mD6fG8hJ0kM2nO4qR6sT8uV9wY1zA3bE5fG7hJ8kL+A==` is a Base64-encoded string with the high entropy and character randomness expected of a cryptographic key. This value is not a placeholder; it's a fully formed, potentially active credential that grants broad read/write access to a production Azure blob storage account. The context of being under `ExternalServices.AzureStorage.StorageConnection` further confirms its sensitive nature."}} +{"id": 24, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 101, "secret": "postgres://auth_svc_user:gH#kL$pQ2s!8fT@prod-db-master.c8d9e0f.us-east-1.rds.amazonaws.com:5432/user_auth_prod", "label": "True Positive"}, "actual": {"line_number": 101, "label": "True Positive", "secret_value": "postgres://auth_svc_user:gH#kL$pQ2s!8fT@prod-db-master.c8d9e0f.us-east-1.rds.amazonaws.com:5432/user_auth_prod", "reason": "This value is a full PostgreSQL database connection string containing all necessary credentials. The password component, 'gH#kL$pQ2s!8fT', is a 16-character string with high entropy, mixing uppercase and lowercase letters, numbers, and special characters, which is a strong indicator of a real secret. The connection string follows the standard URI format and includes a specific hostname for an Amazon RDS database instance (`.rds.amazonaws.com`), an explicit port (`5432`), and a production database name (`user_auth_prod`). This combination of credentials and a live database endpoint constitutes a significant security risk, as it exposes the primary authentication mechanism for a production system."}} +{"id": 24, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 111, "secret": "sk-proj-aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdEjKlMnOpQrStUvWx", "label": "True Positive"}, "actual": {"line_number": 111, "label": "True Positive", "secret_value": "sk-proj-aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdEjKlMnOpQrStUvWx", "reason": "The value 'sk-proj-aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdEjKlMnOpQrStUvWx' is a validly formatted OpenAI Project API key. The prefix 'sk-proj-' is the specific identifier for this type of key, distinguishing it from standard 'sk-' keys. The subsequent 50-character random alphanumeric string exhibits high entropy and conforms to OpenAI's key structure. Unlike placeholders which might use repeated characters or generic text, this value is a specific, fully-formed credential. The context of the function name `getOpenAIToken` and the variable name `apiKey` in `main` confirms this is a real secret intended for use."}} +{"id": 24, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 60, "secret": "AKIAUVXWR6Y7ZJ2P5QSD", "label": "True Positive"}, "actual": {"line_number": 60, "label": "True Positive", "secret_value": "AKIAUVXWR6Y7ZJ2P5QSD", "reason": "The value 'AKIAUVXWR6Y7ZJ2P5QSD' is a valid AWS Access Key ID. The 'AKIA' prefix is a specific, well-documented identifier for AWS programmatic access keys, distinguishing them from general placeholders. The 20-character string exhibits high entropy with a mix of uppercase letters and numbers, which is consistent with the format of a genuine key. Although this value is a public identifier for a credential, its hardcoding in a script that also sets the secret access key poses a severe security risk. It confirms the existence and purpose of the secret and can be used in conjunction with leaked secret values to impersonate the AWS user."}} +{"id": 24, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 61, "secret": "mX9vB4nD3fG6hK2jL5pQ8rT1uW4yZ7+a0bCDEFg", "label": "True Positive"}, "actual": {"line_number": 61, "label": "True Positive", "secret_value": "mX9vB4nD3fG6hK2jL5pQ8rT1uW4yZ7+a0bCDEFg", "reason": "The value 'mX9vB4nD3fG6hK2jL5pQ8rT1uW4yZ7+a0bCDEFg' is a high-entropy string that precisely matches the format of an AWS secret access key. Its unpredictable mix of alphanumeric characters and the special '+' symbol is a strong indicator of cryptographic randomness, not a placeholder. The context confirms its sensitivity: it is assigned to the `aws_secret_access_key` parameter using `aws configure set`, a command used to establish live credentials for an AWS account. Leaking this key allows anyone to impersonate the application and access or modify resources in the AWS environment, as seen in the following lines of the CI/CD pipeline."}} +{"id": 24, "index": 1, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 76, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 76, "label": "True Positive", "secret_value": "https://hooks.slack.com/services/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", "reason": "The value is a fully formed Slack Incoming Webhook URL, which is a sensitive credential. The structure of the URL (`.../services///`) precisely matches the expected format for this service. The final path component, 'aV3gH9rT2pL7xJ5sK1mF3bZ8', is a 24-character high-entropy string of mixed alphanumeric characters, indicative of a real, machine-generated token. Exposing this specific URL allows anyone to send messages to the configured Slack channel, which is a direct information disclosure and can be used for spamming or phishing. Unlike a generic placeholder, this is a specific, functional credential for a third-party service, and its presence in a CI/CD configuration is a clear security risk."}} +{"id": 24, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 133, "secret": "dXNlcl9kZXBsb3k6Zkc5amwzTTl2WjRuNCEyQw==", "label": "True Positive"}, "actual": {"line_number": 133, "label": "True Positive", "secret_value": "dXNlcl9kZXBsb3k6Zkc5amwzTTl2WjRuNCEyQw==", "reason": "The value 'dXNlcl9kZXBsb3k6Zkc5amwzTTl2WjRuNCEyQw==' is a Base64 encoded string, a common format for storing authentication credentials. Its high entropy and combination of character sets strongly indicate it is a real credential rather than a placeholder. The context of the `docker/daemon.json` file, specifically within the `\"auths\"` object for a registry, confirms that this value is an authentication token. When decoded, the string reveals a `username:password` format (`user_deploy:gC9jl3M9vZn4!2C`), which represents a valid set of credentials for accessing a private registry."}} +{"id": 24, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 79, "secret": "p@sswd_7h6f$G!kLz9qR", "label": "True Positive"}, "actual": {"line_number": 79, "label": "True Positive", "secret_value": "p@sswd_7h6f$G!kLz9qR", "reason": "The value 'p@sswd_7h6f$G!kLz9qR' is a high-entropy credential disguised as a placeholder. Although the value starts with the common dictionary word 'p@sswd', the subsequent 18 characters are a random mix of uppercase letters, lowercase letters, numbers, and symbols, which is a classic pattern for a strong password. This is not a generic template like 'password' or 'p@$$w0rd', as the specific random suffix makes it appear real. Developers often combine common terms with random strings to create passwords that are easy to remember for themselves but hard for machines to guess. The variable name `$ftp_pass` directly confirms that this value's function is authentication, making it a legitimate, albeit weak, hardcoded secret."}} +{"id": 24, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 86, "secret": "key-9f8e7d6c5b4a3a2a1b0c9d8e7f6a5b4c", "label": "True Positive"}, "actual": {"line_number": 86, "label": "True Positive", "secret_value": "key-9f8e7d6c5b4a3a2a1b0c9d8e7f6a5b4c", "reason": "The value 'key-9f8e7d6c5b4a3a2a1b0c9d8e7f6a5b4c' is a high-entropy, format-compliant Mailgun API key. It adheres to the service's specific 'key-' prefix, followed by a 32-character hexadecimal string. The portion after the prefix is a random, unpredictable sequence, confirming it is not a placeholder or example, but a real credential. Although the comment describes it as belonging to a legacy account, legacy keys are still active and pose a security risk. Hardcoding this value directly into the constructor, where it is assigned to a variable explicitly named for this purpose, is a definitive secret leak pattern."}} +{"id": 24, "index": 4, "sub_index": 1, "perfect_match": false, "error_fields": ["label"], "expected": {"line_number": 227, "secret": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", "label": "True Positive"}, "actual": {"line_number": 227, "label": "False Positive", "secret_value": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", "reason": "The value 'a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6' is a false positive because it is an example default credential. The key characteristics are its extremely low entropy and predictable, sequential pattern of hexadecimal pairs, which is the standard format for a placeholder key. A real Datadog API key exhibits cryptographic randomness and would not be composed of such a simple, ordered sequence. The surrounding Terraform variable definition's `description` explicitly labels it as a key \"for agent installation,\" and a default value of this nature is intended for development or documentation, not production use. This pattern teaches that sequences of numbers/letters like `123...` or `abc...`, regardless of length, are placeholders."}} +{"id": 25, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 131, "secret": "4%jK#pL9sV!qR8bF&gH3", "label": "True Positive"}, "actual": {"line_number": 131, "label": "True Positive", "secret_value": "4%jK#pL9sV!qR8bF&gH3", "reason": "The value '4%jK#pL9sV!qR8bF&gH3' is a high-entropy password. The string is a random mix of mixed-case letters, numbers, and special characters, characteristic of a strong, machine-generated password. It lacks any placeholder patterns, sequences, or dictionary words. The variable name `dataSource.setPassword()` directly confirms that this is sensitive authentication material. Hardcoding such a complex value is a critical security risk as it allows anyone with access to the source code, including developers and potentially attackers, to authenticate to the PostgreSQL database."}} +{"id": 25, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 138, "secret": "amqp://event_handler:dG9oN6cpL8tXy@rabbitmq-cluster.prod:5672/analytics_vhost", "label": "True Positive"}, "actual": {"line_number": 138, "label": "True Positive", "secret_value": "amqp://event_handler:dG9oN6cpL8tXy@rabbitmq-cluster.prod:5672", "reason": "The value is a complete AMQP (Advanced Message Queuing Protocol) connection string containing an embedded username and password, which is a common, though insecure, pattern for hardcoded credentials. The password component, 'dG9oN6cpL8tXy', is a Base64-decoded string exhibiting high entropy, which is a strong indicator of a real credential. It's not a generic placeholder like 'password' but a specific, unique value. The combination of a valid URI format, a username, a high-entropy credential, and a production-like hostname (`rabbitmq-cluster.prod`) makes this a clear hardcoded secret. Exposing this string in source code could grant unauthorized access to the RabbitMQ message queue."}} +{"id": 25, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 47, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 47, "label": "True Positive", "secret_value": "AKIAY3R4WZ76X2P5QJ6M", "reason": "The secret value 'AKIAY3R4WZ76X2P5QJ6M' is a valid AWS Access Key ID, definitively identified by its 'AKIA' prefix as specified by AWS documentation. The following 16 characters ('Y3R4WZ76X2P5QJ6M') are a high-entropy mix of uppercase letters and numbers, which is characteristic of a real, machine-generated credential. This value is not a placeholder, generic example, or template variable. Its assignment to the `access_key` parameter within an `aws` provider block confirms its purpose as authentication material. Exposing such a credential in version control is a critical security risk, as it allows unauthorized access to AWS resources."}} +{"id": 25, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 48, "secret": "vK9rP4mF2tXzG1sJ7bL5cW8qN0hY3dE/aI6uO4xS", "label": "True Positive"}, "actual": {"line_number": 48, "label": "True Positive", "secret_value": "vK9rP4mF2tXzG1sJ7bL5cW8qN0hY3dE/aI6uO4xS", "reason": "The value 'vK9rP4mF2tXzG1sJ7bL5cW8qN0hY3dE/aI6uO4xS' is a high-entropy string matching the specific 40-character format of an AWS Secret Access Key. The value consists of a random mix of upper and lower case letters, numbers, and a forward slash, which are all valid characters for this type of credential. Unlike a placeholder like 'YOUR_SECRET_KEY', this is a fully-formed, unique string that appears to be a real credential. The context of being assigned to the `secret_key` parameter within an `aws` provider block confirms its purpose as an authentication token for accessing AWS resources. Even in example or test files, hardcoding real credentials poses a security risk, as they may be active and can lead to account compromise."}} +{"id": 25, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 87, "secret": "AKIAV5TZEU4QPC6GLFIB", "label": "True Positive"}, "actual": {"line_number": 87, "label": "True Positive", "secret_value": "AKIAV5TZEU4QPC6GLFIB", "reason": "The value 'AKIAV5TZEU4QPC6GLFIB' is a valid AWS Access Key ID. The 'AKIA' prefix is a definitive marker for this secret type, and the subsequent 16 uppercase letters and digits exhibit the high entropy and specific format expected from a real AWS credential. Although the variable is named `aws_access_key`, making its purpose clear, the value itself is not a generic placeholder but a concrete, fully-formed key. Exposing this key is a security risk as it is the primary identifier used in authentication for AWS services, as seen when it's passed to `boto3.client`. This pattern is common in development code and test files, representing a significant compromise."}} +{"id": 25, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 88, "secret": "aH2jL9sV/pQ7rB3fG1kM8oN5cW0qYdE+zR4vJ2xC", "label": "True Positive"}, "actual": {"line_number": 88, "label": "True Positive", "secret_value": "aH2jL9sV/pQ7rB3fG1kM8oN5cW0qYdE+zR4vJ2xC", "reason": "The value 'aH2jL9sV/pQ7rB3fG1kM8oN5cW0qYdE+zR4vJ2xC' is a high-entropy string characteristic of a real AWS secret access key. It consists of a random mix of upper and lower case letters, numbers, and special characters '/', '+', which conforms to the AWS secret format. Unlike placeholders such as 'XXXXXXXXXXXXXXXX' or 'YOUR_SECRET', this is a specific, concrete value. The variable name `aws_secret` and its subsequent use in `boto3.client` for authentication provide direct evidence of its sensitive nature. Even with comments advising against it, hardcoding credentials like this presents a significant security risk."}} +{"id": 25, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 29, "secret": "pk.eyJ1IjoibW9iaWxlLXVzZXIxMiIsImEiOiJjbHB4dWRjc3QwYWR5MmtvNmg2cHl6ZzVyIn0.aF9rP2gS1tY8cE4jK6oMvQ", "label": "True Positive"}, "actual": {"line_number": 29, "label": "True Positive", "secret_value": "pk.eyJ1IjoibW9iaWxlLXVzZXIxMiIsImEiOiJjbHB4dWRjc3QwYWR5MmtvNmg2cHl6ZzVyIn0.aF9rP2gS1tY8cE4jK6oMvQ", "reason": "The value is a valid Mapbox Access Token, explicitly identified by the 'pk.' prefix. The format consists of three colon-separated parts, where the middle part is a Base64-encoded JSON object. Decoding the middle section, 'eyJ1IjoibW9iaWxlLXVzZXIxMiIsImEiOiJjbHB4dWRjc3QwYWR5MmtvNmg2cHl6ZzVyIn0', confirms this structure, containing fields like a public user ID and an authentication challenge. The final part is a cryptographically signed token that validates the integrity of the entire payload. Although this key belongs to a 'mobile-user' and might seem like a generic test token, the value's structure is indistinguishable from a production key. The 'mobile-user' context in the JSON payload, unlike a placeholder like '', identifies the specific context in which the key is intended to operate. Hardcoding any key that matches a known service's format and possesses high entropy is a security risk, as the specific user or context is less important than the exposure of the credential itself."}} +{"id": 25, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 34, "secret": "seg_7mF3bZ8oN6cW0qYdE2pH7rL9sV1pQ4gH", "label": "True Positive"}, "actual": {"line_number": 34, "label": "True Positive", "secret_value": "seg_7mF3bZ8oN6cW0qYdE2pH7rL9sV1pQ4gH", "reason": "The value 'seg_7mF3bZ8oN6cW0qYdE2pH7rL9sV1pQ4gH' is a valid Segment.com write key, confirmed by its distinctive 'seg_' prefix. The body of the value is a 40-character high-entropy string of mixed-case letters and numbers, which is characteristic of a real credential. Although the comment mentions temporary testing, the value is fully formed and has not been redacted or replaced with a placeholder. The variable name 'segmentWriteKey' and its location in the 'Analytics' struct further solidify its purpose as a hardcoded secret. Compromise of this key allows for anonymous data ingestion into a production analytics pipeline."}} +{"id": 25, "index": 3, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 38, "secret": "https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o998877.ingest.sentry.io/1234567", "label": "True Positive"}, "actual": {"line_number": 38, "label": "True Positive", "secret_value": "https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o998877.ingest.sentry.io", "reason": "The value is a Sentry Data Source Name (DSN), a credential for sending events to an Sentry project. Its format is a perfect match for the Sentry DSN specification, with the sensitive credential component (`a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5`) hardcoded directly into the username part of the URL before the '@' symbol. The 32-character hexadecimal string has high entropy and perfectly aligns with the expected structure of a real Sentry public DSN. This is not a placeholder or template; it is a complete, functional secret that points to a specific Sentry project, making its leakage a significant security risk."}} +{"id": 25, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 17, "secret": "dckr_pat_b3FpZ9sK1mFj8oN6cW0qYdE2pH7rL", "label": "True Positive"}, "actual": {"line_number": 17, "label": "True Positive", "secret_value": "dckr_pat_b3FpZ9sK1mFj8oN6cW0qYdE2pH7rL", "reason": "The value 'dckr_pat_b3FpZ9sK1mFj8oN6cW0qYdE2pH7rL' is a valid Docker Personal Access Token. The specific prefix 'dckr_pat_' is a strong indicator that the value is a credential for Docker Hub or a similar registry, a fact confirmed by the 'docker login' command on the subsequent line. The main body of the token, 'b3FpZ9sK1mFj8oN6cW0qYdE2pH7rL', exhibits high entropy with its random mix of uppercase letters, lowercase letters, and numbers, a key characteristic of a real, machine-generated secret. This is not a placeholder, but a fully formed, functional credential used for CI/CD authentication."}} +{"id": 25, "index": 4, "sub_index": 1, "perfect_match": false, "error_fields": ["label", "value"], "expected": {"line_number": 32, "secret": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImE4ZTVjMGEyYjYwZDE2NjYyOTI1OGNjZmMzYjI2Y2I4In0.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmNpOmdsaWRlciJ9.bX4fP8vR2wN9qK7vZ-lS6wYjZ8eT0nC-kF4gH1sJ3", "label": "True Positive"}, "actual": {"line_number": 32, "label": "False Positive", "secret_value": "https://gke.prod-cluster.acme.io", "reason": "The value 'https://gke.prod-cluster.acme.io' is a public endpoint URL, not a secret. It is used for the KUBE_SERVER configuration, which tells a client where to connect to a Kubernetes cluster. This endpoint address is publicly addressable infrastructure information and does not grant any authentication or access. While it specifies a 'production' environment, its value is a hostname which has zero cryptographic entropy and is a predictable component of cluster naming. A Kubernetes token or API key is the actual secret credential associated with this server, not the server's network address. This pattern teaches that public cluster endpoints are configuration data, not credentials."}} +{"id": 26, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 82, "secret": "postgres://orders_api_user:fJ8#zL@9pQ$wK1!n@db.prod-us-east-1a.internal:5432/orders_production", "label": "True Positive"}, "actual": {"line_number": 82, "label": "True Positive", "secret_value": "postgres://orders_api_user:fJ8#zL@9pQ$wK1!n@db.prod-us-east-1a.internal:5432/orders_production", "reason": "The value is a complete PostgreSQL connection string that contains an embedded password, which is a critical hardcoded secret. The secret component is the password 'fJ8#zL@9pQ$wK1!n', a high-entropy string with a random mix of letters, numbers, and special characters, which is characteristic of a real credential. The password is directly observable within the URL string, making it a significant security vulnerability regardless of it being part of a non-standard class structure. Unlike a placeholder, this is a fully-formed string that appears to be intended for use in a production environment."}} +{"id": 26, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 90, "secret": "sk_live_51KoLx2BkF9zH8jR4aG1uWqSpL3bV7nTcX6yZ0mO8eF4vI9tP2uK5rJgS3hN7cW", "label": "True Positive"}, "actual": {"line_number": 90, "label": "True Positive", "secret_value": "sk_live_51KoLx2BkF9zH8jR4aG1uWqSpL3bV7nTcX6yZ0mO8eF4vI9tP2uK5rJgS3hN7cW", "reason": "The secret value 'sk_live_51KoLx2BkF9zH8jR4aG1uWqSpL3bV7nTcX6yZ0mO8eF4vI9tP2uK5rJgS3hN7cW' is a fully-formed Stripe Live Secret API Key. This value is identified with the specific 'sk_live_' prefix, which is a definitive format indicator for this type of credential. The 40-character suffix exhibits high entropy with a random combination of alphanumeric characters, consistent with a real, machine-generated key. Unlike a placeholder, this is a specific value that poses a direct security risk by allowing anyone with access to the code to make charges against the associated Stripe account. The variable name `STRIPE_API_KEY` further confirms the value's function as a sensitive secret."}} +{"id": 26, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 27, "secret": "dckr_pat_uHj7gQ9rT4vL9yK2wF5zX8oN3aB6d", "label": "True Positive"}, "actual": {"line_number": 27, "label": "True Positive", "secret_value": "dckr_pat_uHj7gQ9rT4vL9yK2wF5zX8oN3aB6d", "reason": "The value 'dckr_pat_uHj7gQ9rT4vL9yK2wF5zX8oN3aB6d' is a high-entropy Docker Personal Access Token (PAT). The service-specific prefix 'dckr_pat_' is a definitive indicator, and the following 30-character string is a random sequence of alphanumeric characters consistent with a machine-generated credential. This is not a placeholder or example, as it lacks repeating characters or template syntax like '${...}'. The context of being assigned to a `DOCKER_PASSWORD` environment variable in a workflow file strongly confirms its purpose is to grant access to Docker Hub. hardcoding such a specific token creates a significant security risk, as it could be extracted from version control history."}} +{"id": 26, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 28, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 28, "label": "True Positive", "secret_value": "https://hooks.slack.com/services/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", "reason": "The provided value is a fully-formed Slack Incoming Webhook URL, which functions as a sensitive credential for posting messages to a channel. Its structure, matching the `https://hooks.slack.com/services///` pattern, is a strong indicator of its secret nature. The unique token part of the path (`jK1lM2nO3pQ4rS5tU6vW7xY8`) exhibits high entropy, which is characteristic of real, machine-generated tokens, and is not a generic placeholder. Hardcoding this URL allows anyone with read access to the workflow file to send messages to a private channel, making it a significant security risk."}} +{"id": 26, "index": 1, "sub_index": 2, "perfect_match": false, "error_fields": ["value"], "expected": {"line_number": 29, "secret": "apiVersion: v1\\nclusters:\\n- cluster:\\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFVENDQWxrZ0F3SUJBZ0lSQU5QVCtpb0c5djVqdjBBRW1nU1ZGTXN3Q2dZSUtvWkl6ajBFQXdJd0ZqRVUKTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1CNFhEVEl5TURjeU5ERXhNekV5Tkg4WERUSTBNRGd5T0RFeApNekV5TkgwZ096QXhNQzR4SURFYU1CZ0dBMVVFQ2hNU1FXVnpkR2x2Ym5NdlpHbHRZV2RsY2kxbmJHRnBiWE1NCkdBMVVFQXhNRmMyVmpkWEpwZEhrdWFHSnliM1JsZVRBZkJnTlZCQW9NRG5ONWMzUmxiVHBzYjNkbGJEMW5iR0ZwCmJYTTZJRG9nTUdFeEdUQVhCZ05WQkFNTUdFbGtZbDl3WVdkeVpYSnZibWN4TG1Gb2IzVjBkRlJFWlhKemIyNW0KYkdWMFlXNWpaU0JEYjI1MFpYTjBMbU52YlNCb2IzVjBkSFZ5YVdObExtWnBaWEl3SGhjTk1USTFNRGN4TURFNApNak00V2hjTk1UWXhNekF5TURFNU1qTTFXakE5TVI4d0hRWURWUVFLRXhaTmJHOWhaRzFwY3oxbFpHVnBiWE14Ckh6QWRCZ05WQkFNVEszaGhjbVV1WkhKallYUnBiMjV6TG5OdmJXRnpkR1Z5TFc5b2IyNDViMlJsYkhNdWMybHoKY21sMGEyVjBaSFZ5YVdObElFTmhjbVV1WkhKallYUnBiMjV6TFNCcFpHZGhiWEJzWlM1amIyMHdnZ0VpTUEwRwpDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRGZZKzgvS0hWQjh4WnZ0c0V0T0R0aFFpZFFDTnIKZ1R3NU1uWWdZbkYwYnJvM2ZLRllDTkZrb0Q4S0lPZmR0Z2ZHTjhtLyt1NG1rWUVKTE1RblZtVTRnUWl4M3JqZQp2TEx4OGl1VWZuVmxDT0ZkL2VHRXpjaDlMR1l2Z2Q3R0w1bVdCUnF5ZStjM1B5bU84a0d4bWpWbGl5eS9CcwpkK3Z4a3V2b1Mxc2d5TUVlY0ZPM3V6UmsvblZSb2lLR1lJcVNzc1p4eHlBbzVLRHFnL3p4NEl4eCtvTWd3QXoKNnJ4a1ZJdG9vNGhYc2R4c0E0aGFYajJmYVdGckk3b09kVkRucnczZDFLcnZ3dk9wU2xHNGswMVhxY3JGUlMKbjlTOWc4a25xL01BaWdKOWg2b25tNFFEQWdNQkFBR2pnWU13Z1lBd0hRWURWUjBPQkJZRUZEZDBsZTF1c25ICkczT2x2clBqdzF5N0hXSmJNQjhHQTFVZEl3UVlNQmFBRkRkMGxlMXVzbmhHM09sdnJQancxeTdIV0pqTUJnRwpBMVVkSlFRV01CUUdDcUdHU0liM0RRRUJDd1VBT0dDQVFFQXp2dDBoMWNpc2Z0eXQ5dHRtV2hYdEd4NmdFbjcKYjlxY0ZpS042aG5uZmF0a2x4K2t2Wkd4WlVqYnp2VzJtNmp3L3Y0T2k5ZkZ1QWlXdm9LMG1zMEJVRkF0OW9JCllwZ0FpU3UvTzRjMXN0MXJpYnQ5c0J0L2x1VzhCVDFVd0x1UHNlRGNVd1V0eFNMVyt0ek5qZkZQeDFyZEg3bAp1M1V5eE9ScVd5SWY1Nm9zQkErb3VmMERvMXJjU0Z0SWFvRDBHSHhld3A1amN5b25kZ2h5WnJLVllDdlk1TksKU3Uxb0V4VXRlMGRjWnl3a0NqYytlSWgrSndVQU1kRjdLclVRM0pYcWd2WExvY2R1S3F4cFVmZTRlMWF0a3E5CnVvQnNBQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K server: https://1E2D3F4A.sk1.us-west-2.eks.amazonaws.com\\n name: eks-prod-cluster\\ncontexts:\\n- context:\\n cluster: eks-prod-cluster\\n user: eks-prod-user\\n name: eks-prod-context\\ncurrent-context: eks-prod-context\\nkind: Config\\npreferences: {}\\nusers:\\n- name: eks-prod-user\\n user:\\n token: k8s-aws-v1.aHR0cHM6Ly9zdHMuYW1hem9uYXdzLmNvbS8_QWN0aW9uPUdldENhbGxlcklkZW50aXR5JlgxMT1leGVjLmluZm8mWC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BU0lBVklaWDhNTzZYT0o1WE1EMiUyRjIwMjMwNjEzJTJGcnUtY2VudHJhbC0xJTJGc3RzJTJGYXdzNF9yZXF1ZXN0Jlg...", "label": "True Positive"}, "actual": {"line_number": 29, "label": "True Positive", "secret_value": "apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFVENDQWxrZ0F3SUJBZ0lSQU5QVCtpb0c5djVqdjBBRW1nU1ZGTXN3Q2dZSUtvWkl6ajBFQXdJd0ZqRVUKTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1CNFhEVEl5TURjeU5ERXhNekV5Tkg4WERUSTBNRGd5T0RFeApNekV5TkgwZ096QXhNQzR4SURFYU1CZ0dBMVVFQ2hNU1FXVnpkR2x2Ym5NdlpHbHRZV2RsY2kxbmJHRnBiWE1NCkdBMVVFQXhNRmMyVmpkWEpwZEhrdWFHSnliM1JsZVRBZkJnTlZCQW9NRG5ONWMzUmxiVHBzYjNkbGJEMW5iR0ZwCmJYTTZJRG9nTUdFeEdUQVhCZ05WQkFNTUdFbGtZbDl3WVdkeVpYSnZibWN4TG1Gb2IzVjBkRlJFWlhKemIyNW0KYkdWMFlXNWpaU0JEYjI1MFpYTjBMbU52YlNCb2IzVjBkSFZ5YVdObExtWnBaWEl3SGhjTk1USTFNRGN4TURFNApNak00V2hjTk1UWXhNekF5TURFNU1qTTFXakE5TVI4d0hRWURWUVFLRXhaTmJHOWhaRzFwY3oxbFpHVnBiWE14Ckh6QWRCZ05WQkFNVEszaGhjbVV1WkhKallYUnBiMjV6TG5OdmJXRnpkR1Z5TFc5b2IyNDViMlJsYkhNdWMybHoKY21sMGEyVjBaSFZ5YVdObElFTmhjbVV1WkhKallYUnBiMjV6TFNCcFpHZGhiWEJzWlM1amIyMHdnZ0VpTUEwRwpDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRGZZKzgvS0hWQjh4WnZ0c0V0T0R0aFFpZFFDTnIKZ1R3NU1uWWdZbkYwYnJvM2ZLRllDTkZrb0Q4S0lPZmR0Z2ZHTjhtLyt1NG1rWUVKTE1RblZtVTRnUWl4M3JqZQp2TEx4OGl1VWZuVmxDT0ZkL2VHRXpjaDlMR1l2Z2Q3R0w1bVdCUnF5ZStjM1B5bU84a0d4bWpWbGl5eS9CcwpkK3Z4a3V2b1Mxc2d5TUVlY0ZPM3V6UmsvblZSb2lLR1lJcVNzc1p4eHlBbzVLRHFnL3p4NEl4eCtvTWd3QXoKNnJ4a1ZJdG9vNGhYc2R4c0E0aGFYajJmYVdGckk3b09kVkRucnczZDFLcnZ3dk9wU2xHNGswMVhxY3JGUlMKbjlTOWc4a25xL01BaWdKOWg2b25tNFFEQWdNQkFBR2pnWU13Z1lBd0hRWURWUjBPQkJZRUZEZDBsZTF1c25ICkczT2x2clBqdzF5N0hXSmJNQjhHQTFVZEl3UVlNQmFBRkRkMGxlMXVzbmhHM09sdnJQancxeTdIV0pqTUJnRwpBMVVkSlFRV01CUUdDcUdHU0liM0RRRUJDd1VBT0dDQVFFQXp2dDBoMWNpc2Z0eXQ5dHRtV2hYdEd4NmdFbjcKYjlxY0ZpS042aG5uZmF0a2x4K2t2Wkd4WlVqYnp2VzJtNmp3L3Y0T2k5ZkZ1QWlXdm9LMG1zMEJVRkF0OW9JCllwZ0FpU3UvTzRjMXN0MXJpYnQ5c0J0L2x1VzhCVDFVd0x1UHNlRGNVd1V0eFNMVyt0ek5qZkZQeDFyZEg3bAp1M1V5eE9ScVd5SWY1Nm9zQkErb3VmMERvMXJjU0Z0SWFvRDBHSHhld3A1amN5b25kZ2h5WnJLVllDdlk1TksKU3Uxb0V4VXRlMGRjWnl3a0NqYytlSWgrSndVQU1kRjdLclVRM0pYcWd2WExvY2R1S3F4cFVmZTRlMWF0a3E5CnVvQnNBQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K server: https://1E2D3F4A.sk1.us-west-2.eks.amazonaws.com\n name: eks-prod-cluster\ncontexts:\n- context:\n cluster: eks-prod-cluster\n user: eks-prod-user\n name: eks-prod-context\ncurrent-context: eks-prod-context\nkind: Config\npreferences: {}\nusers:\n- name: eks-prod-user\n user:\n token: k8s-aws-v1.aHR0cHM6Ly9zdHMuYW1hem9uYXdzLmNvbS8_QWN0aW9uPUdldENhbGxlcklkZW50aXR5JlgxMT1leGVjLmluZm8mWC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BU0lBVklaWDhNTzZYT0o1WE1EMiUyRjIwMjMwNjEzJTJGcnUtY2VudHJhbC0xJTJGc3RzJTJGYXdzNF9yZXF1ZXN0Jlg...", "reason": "The value is a complete Kubernetes configuration (`kubeconfig`) containing an embedded AWS IAM token. This is identified by its `kind: Config` structure and the multiline `KUBE_CONFIG_DATA` parameter. The `token:` field within the `user` section holds a Base64 encoded string (`aHR0cHM6Ly9zdHMuYW1hem9uYXdzLmNvbS8_QWN0aW9uPUdldENhbGxlcklkZW50aXR5J...`), which decodes into a presigned URL. This URL is a short-lived AWS security token that grants broad access to an EKS cluster. The presence of a real certificate-authority-data block and a fully-formed, functional token within a `kubeconfig` file makes this a severe security risk, as it allows the automation system to authenticate and deploy."}} +{"id": 26, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 46, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 46, "label": "True Positive", "secret_value": "AKIAY3R4WZ76X2P5QJ6M", "reason": "The value 'AKIAY3R4WZ76X2P5QJ6M' is a valid AWS Access Key ID. Its structure, specifically the 'AKIA' prefix, is a definitive identifier for this type of secret. The subsequent 16 alphanumeric characters exhibit high entropy and follow the exact format required by AWS. Although comments suggest a production file, this key is a fully-formed, non-generic credential. Unlike a placeholder such as 'AKIAXXXXXXXXXX', this value is a concrete key that, when paired with its corresponding secret access key, could grant significant access to an AWS environment. This pattern of embedding a real credential in infrastructure-as-code is a common and severe security vulnerability."}} +{"id": 26, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 47, "secret": "pL8hJk/aGvN7YcT2XrU4FzE9mBwD5+qI3oV1sSgK", "label": "True Positive"}, "actual": {"line_number": 47, "label": "True Positive", "secret_value": "pL8hJk/aGvN7YcT2XrU4FzE9mBwD5+qI3oV1sSgK", "reason": "The value 'pL8hJk/aGvN7YcT2XrU4FzE9mBwD5+qI3oV1sSgK' is a valid AWS secret access key. The value is a Base64-encoded string with high entropy, containing a random mix of uppercase letters, lowercase letters, numbers, '/', and '+', which is characteristic of this type of credential. Unlike a placeholder, this is a fully-formed, concrete value that strongly resembles a real key. Its assignment to the `secret_key` parameter within an `aws` provider block in a production Terraform file explicitly confirms its role as an authentication credential. Exposing any credential with this level of entropy is a significant security risk, as it can be used to control AWS resources."}} +{"id": 26, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 208, "secret": "Endpoint=sb://myeventhub-prod.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=jV3zK9bR4sP7xG1fH5vD2uM8qY6wL0aT+AbC=dEfGhI=", "label": "True Positive"}, "actual": {"line_number": 208, "label": "True Positive", "secret_value": "Endpoint=sb://myeventhub-prod.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=jV3zK9bR4sP7xG1fH5vD2uM8qY6wL0aT+AbC=dEfGhI=", "reason": "The value is a complete Azure Service Bus connection string, a highly sensitive credential that provides access to a specific Azure resource. This string is fully formed and contains all required components: an endpoint, a key name (`RootManageSharedAccessKey`), and a high-entropy Shared Access Key (`jV3zK9bR4sP7xG1fH5vD2uM8qY6wL0aT+AbC=dEfGhI=`). The Base64 encoded `SharedAccessKey` exhibits characteristics of a cryptographic secret, including its random mix of alphanumeric characters and special symbols. Unlike placeholders, this is a concrete key that grants administrative privileges, and its hardcoding in source code represents a significant security risk. The comment 'legacy systems' and 'Managed Identity' being 'modern setup' do not invalidate this key, as legacy systems may still be in active production."}} +{"id": 26, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 228, "secret": "SG.aV4gH9rT2pL7.xJ5sK1mF3bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mF3bZ8oN", "label": "True Positive"}, "actual": {"line_number": 228, "label": "True Positive", "secret_value": "SG.aV4gH9rT2pL7.xJ5sK1mF3bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mF3bZ8oN", "reason": "The value 'SG.aV4gH9rT2pL7.xJ5sK1mF3bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mF3bZ8oN' is a fully-formed SendGrid API key. This specific value is not a placeholder because it matches the required service format: the 'SG.' prefix, followed by a Base64-encoded segment, a '.', and a second Base64-encoded segment of sufficient length. The random characters and numbers within its parts exhibit high entropy characteristic of a real, machine-generated credential. While its origin could be test data, it is a complete, functional token that could grant access to an account. The context, where it is assigned to a variable named '_sendGridApiKey' and has an explicit 'API Key' comment, confirms its sensitive nature."}} +{"id": 26, "index": 4, "sub_index": 0, "perfect_match": false, "error_fields": ["value"], "expected": {"line_number": 127, "secret": "{\n\"type\": \"service_account\",\n\"project_id\": \"internal-data-pipeline-314159\",\n\"private_key_id\": \"a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0\",\n\"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6sA7g5+fE6tSj\\n4p6t2w3x...\\n... (key data continues) ...\\nfN4r4c0i9v6j5t7r9s1u3v5x7z9A1B3C5E7G9I1K3M5O7Q9S1U3W5Y7Z9a1c3e5g\\n7i9k1m3o5q7s9u1w3y5z7B9D1F3H5J7L9N1P3R5T7V9X1Z3b5d7f9h1j3l5n7p9r\\n...\\n-----END PRIVATE KEY-----\\n\",\n\"client_email\": \"backup-runner@internal-data-pipeline-314159.iam.gserviceaccount.com\",\n\"client_id\": \"109876543210987654321\",\n\"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\n\"token_uri\": \"https://oauth2.googleapis.com/token\",\n\"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\n\"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/backup-runner%40internal-data-pipeline-314159.iam.gserviceaccount.com\"\n}", "label": "True Positive"}, "actual": {"line_number": 127, "label": "True Positive", "secret_value": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6sA7g5+fE6tSj\n4p6t2w3x...\n... (key data continues) ...\nfN4r4c0i9v6j5t7r9s1u3v5x7z9A1B3C5E7G9I1K3M5O7Q9S1U3W5Y7Z9a1c3e5g\n7i9k1m3o5q7s9u1w3y5z7B9D1F3H5J7L9N1P3R5T7V9X1Z3b5d7f9h1j3l5n7p9r\n...\n-----END PRIVATE KEY-----", "reason": "The provided value is a complete, multi-line PEM-encoded private key, a highly sensitive credential. It is definitively identified by the standard `-----BEGIN PRIVATE KEY-----` and `-----END PRIVATE KEY-----` headers, which are non-negotiable markers for this secret type. The key data between these headers is Base64-encoded, and while parts are redacted with '...', the pattern and structure perfectly match a cryptographic private key. Unlike a placeholder, which might use generic text like ``, this represents the literal format of a key that could be used for authentication. Hardcoding credentials in this format is a critical vulnerability, regardless of whether the key is for a development or production environment."}} +{"id": 28, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 131, "secret": "sk_live_51Mv9L2ApC9eG1tZ8cRwXvWqSjU3mBhT5yE6eF2dD4cCnRbAqZgXwVvUuYtRsPaOcB9a8g", "label": "True Positive"}, "actual": {"line_number": 131, "label": "True Positive", "secret_value": "sk_live_51Mv9L2ApC9eG1tZ8cRwXvWqSjU3mBhT5yE6eF2dD4cCnRbAqZgXwVvUuYtRsPaOcB9a8g", "reason": "The value is a fully-formed Stripe live secret key, definitively identified by its `sk_live_` prefix. The alphanumeric string that follows exhibits high entropy and randomness, which are characteristic of a real API key. Although the code comment indicates the key is from a real application, hardcoding live credentials for any environment is a critical security risk. The comment itself acknowledges the unsafety of this pattern but does not provide an example or placeholder; this is a fully-fledged, usable credential. The context of its assignment to the `stripe.Key` global variable for a Stripe-related payment processing service further confirms its sensitive nature."}} +{"id": 28, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 61, "secret": "dckr_pat_f9JkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy", "label": "True Positive"}, "actual": {"line_number": 61, "label": "True Positive", "secret_value": "dckr_pat_f9JkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy", "reason": "The value 'dckr_pat_f9JkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy' is a valid Docker Personal Access Token (PAT). The value's format, starting with the service-specific prefix 'dckr_pat_', is a key identifier for this credential type. The subsequent 40-character string is Base64-URL encoded and exhibits high entropy, matching the known structure of a genuine Docker PAT. The surrounding code provides strong confirmation, as the value is used as the password argument (`-p`) for a `docker login` command, which is the precise purpose of this secret type. This is not a generic placeholder; it is a concrete, syntactically valid credential."}} +{"id": 28, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 70, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 70, "label": "True Positive", "secret_value": "https://hooks.slack.com/services/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", "reason": "The value 'https://hooks.slack.com/services/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' is a fully-formed Slack Incoming Webhook URL, which serves as a passwordless credential for posting messages. The string's structure perfectly matches the expected format, composed of a known Slack domain, a service ID, a channel ID, and a high-entropy secret token. Unlike a placeholder, the final segment 'rZ8sVn5gYh4wXj2rTq6uL3kG' is 24 random alphanumeric characters, which is characteristic of a real, machine-generated credential, not an example. Exposing this value would allow anyone to send messages to the configured Slack channel, representing a significant security risk by enabling spam or unauthorized notifications."}} +{"id": 28, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 90, "secret": "AKIAV7S4M3N2O1P6Q5R8", "label": "True Positive"}, "actual": {"line_number": 90, "label": "True Positive", "secret_value": "AKIAV7S4M3N2O1P6Q5R8", "reason": "The value 'AKIAV7S4M3N2O1P6Q5R8' is a valid AWS Access Key ID, which is sensitive credential material. The value itself is composed of the required 'AKIA' prefix followed by 16 high-entropy alphanumeric characters, perfectly matching AWS's documented format for this credential type. Unlike generic placeholders, this value is specific and lacks any indicators of example or test data. The variable name 'access_key' in a Terraform provider block strongly confirms its function as an authentication token. Hardcoding credentials in source code poses a significant security risk, as it allows anyone with code access to impersonate the account."}} +{"id": 28, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 91, "secret": "uG+hJkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy", "label": "True Positive"}, "actual": {"line_number": 91, "label": "True Positive", "secret_value": "uG+hJkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy", "reason": "The value 'uG+hJkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy' is a high-entropy string that perfectly matches the 40-character format of an AWS Secret Access Key (SAK). The string exhibits cryptographic randomness with its mix of uppercase letters, lowercase letters, numbers, and special characters ('+', '/'), lacking any discernible patterns or placeholder indicators like 'xxxx' or ''. This format is definitive of a real credential used for AWS authentication. Hardcoding the SAK directly in Terraform code is a critical security misconfiguration because it allows anyone with read access to the code to impersonate the user or role associated with the key, potentially leading to resource theft or data breaches. The context of the 'secret_key' parameter within an 'aws' provider block confirms this value is an authentication token for AWS."}} +{"id": 28, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 214, "secret": "D#fG8*jK!lM2$n P5", "label": "True Positive"}, "actual": {"line_number": 214, "label": "True Positive", "secret_value": "D#fG8*jK!lM2$n P5", "reason": "The value 'D#fG8*jK!lM2$n P5' is a high-entropy password matching the structure of a real credential. It is a 16-character string composed of random uppercase letters, lowercase letters, numbers, and special symbols (!, *, $, space, #), making it unpredictable and resistant to brute-force attacks. Unlike a placeholder (e.g., 'password123'), this value is specific and appears to be an actual key used for database authentication. The variable name `$db_pass` and its use in a `PDO` connection string directly confirm its purpose as a sensitive authentication secret."}} +{"id": 28, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 218, "secret": "key-c9a8b7d6e5f4a3b2c1d0e9f8a7b6c5d4", "label": "True Positive"}, "actual": {"line_number": 218, "label": "True Positive", "secret_value": "key-c9a8b7d6e5f4a3b2c1d0e9f8a7b6c5d4", "reason": "The value 'key-c9a8b7d6e5f4a3b2c1d0e9f8a7b6c5d4' is a classic Mailgun API key. Its specific format, a fixed 'key-' prefix followed by a 32-character hexadecimal string, is a definitive characteristic of this secret type. The substring following the prefix exhibits high entropy with a random distribution of alphanumeric characters, indicating it is a computationally generated credential rather than a placeholder. Unlike a generic example like 'key-XXXXXXXXXXXXXXXXXXXXXXXX', this is a concrete, fully-formed key. Hardcoding this value is a security risk, as it grants programmatic access to the mailgun.net API for the associated account."}} +{"id": 28, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 44, "secret": "https://b4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9@o1234567.ingest.sentry.io/8901234", "label": "True Positive"}, "actual": {"line_number": 44, "label": "True Positive", "secret_value": "https://b4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9@o1234567.ingest.sentry.io", "reason": "The value is a Sentry Data Source Name (DSN) which embeds a secret key as its hostname. The structure follows the pattern 'https://@', with the high-entropy string 'b4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9' serving as the credential. This is not a placeholder or a generic template; it's a specific, seemingly functional key that could be used to send data to a Sentry project. The hostname's structure, which includes a project ID ('o1234567'), reinforces its validity as a real credential. Although the Sentry UI may mark such keys as test-like, hardcoding them directly into client-side code poses a significant security risk as they can be extracted and misused to overload the Sentry service, leading to service interruptions and potentially exposing data if misconfigured."}} +{"id": 28, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 57, "secret": "pk.eyJ1IjoibXlicmFuZGFwcCIsImEiOiJjbGo3cDFkMGIwNTZvM3FwY3o4cGR5NThjIn0.v9a8d7C6b5a4f3e2d1c0b9a8f7e6d5c4", "label": "True Positive"}, "actual": {"line_number": 57, "label": "True Positive", "secret_value": "pk.eyJ1IjoibXlicmFuZGFwcCIsImEiOiJjbGo3cDFkMGIwNTZvM3FwY3o4cGR5NThjIn0.v9a8d7C6b5a4f3e2d1c0b9a8f7e6d5c4", "reason": "The value is a valid Mapbox Access Token, identified by its correct format 'pk..'. The payload portion, a Base64-encoded JSON string, contains specific, non-generic values for 'username' and 'apiKey', revealing its use for a particular account ('mybrandapp'). This is not a placeholder, which would use generic characters like 'xxx' or simple text. Although intended for client-side use, Mapbox tokens are considered sensitive because they are tied to a developer account and can be abused to generate unauthorized requests, potentially incurring costs or degrading service. The `accessToken` key within the `mapboxConfig` object, along with the high entropy of the signature, confirms its function as a credential."}} +{"id": 29, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 45, "secret": "AKIAU4V5M7W3XYZ6B2C4", "label": "True Positive"}, "actual": {"line_number": 45, "label": "True Positive", "secret_value": "AKIAU4V5M7W3XYZ6B2C4", "reason": "The value 'AKIAU4V5M7W3XYZ6B2C4' is a fully-formed AWS Access Key ID. The 'AKIA' prefix is a specific, well-documented identifier for AWS programmatic credentials, immediately identifying the value's purpose. The subsequent 16-character string, 'U4V5M7W3XYZ6B2C4', exhibits high entropy with its random mix of uppercase letters and digits, confirming it is not a placeholder. Unlike a template value such as 'AKIAXXXXXXXXXXXXXXXX', this is a concrete credential that could be used to authenticate to AWS services. Hardcoding an access key, even one intended for a specific environment, is a critical security risk."}} +{"id": 29, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 46, "secret": "p8m/zGqK+JtL9rU3wY2xVvNcB7hF4jD1sK0oA6bC", "label": "True Positive"}, "actual": {"line_number": 46, "label": "True Positive", "secret_value": "p8m/zGqK+JtL9rU3wY2xVvNcB7hF4jD1sK0oA6bC", "reason": "The value 'p8m/zGqK+JtL9rU3wY2xVvNcB7hF4jD1sK0oA6bC' is a high-entropy, Base64URL encoded string that perfectly matches the format of an AWS Secret Access Key (SAK). The value itself is unpredictable and contains a random distribution of upper and lower case letters, numbers, and special characters ('/' and '+'), which is characteristic of a machine-generated credential. The assignment to a variable named `aws_secret_access_key` provides explicit context confirming this is authentication material. Hardcoding a value of this format is a critical security flaw because it exposes the secret directly in source code, allowing anyone with access to the repository to impersonate the AWS user associated with the key."}} +{"id": 29, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 118, "secret": "dd-api-9871e4a2dff3b3e511d7392110427c3d", "label": "True Positive"}, "actual": {"line_number": 118, "label": "True Positive", "secret_value": "dd-api-9871e4a2dff3b3e511d7392110427c3d", "reason": "The value 'dd-api-9871e4a2dff3b3e511d7392110427c3d' is a valid Datadog API key, identified by its unique 'dd-api-' prefix. The remaining 32-character string exhibits high entropy with its random combination of hexadecimal characters, which is consistent with the format of real Datadog credentials. Although the comment on line 117 claims this key is for a 'staging environment setup,' it is a concrete, specific value, not a placeholder like ''. The fact that the key is hardcoded directly in a Terraform configuration, which manages infrastructure, poses a significant security risk as it grants the provider access to a Datadog account, even a non-production one."}} +{"id": 29, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 102, "secret": "sk_live_51Mv9L2FqA8fG1tYpKrZxvWqSjU3mH8sD7gY5bN4c3pL1kM0oJ9iR", "label": "True Positive"}, "actual": {"line_number": 102, "label": "True Positive", "secret_value": "sk_live_51Mv9L2FqA8fG1tYpKrZxvWqSjU3mH8sD7gY5bN4c3pL1kM0oJ9iR", "reason": "The value is a Stripe live secret key, definitively identified by its 'sk_live_' prefix. This pattern is a specific and reliable format for Stripe credentials, unlike generic placeholders. The remaining string is 40 characters long and exhibits high entropy with a random mix of alphanumeric characters, confirming it is a machine-generated key, not a template. Although it is a live key, hardcoding secrets into the source code represents a significant security risk as it exposes credentials used in a production environment to anyone with code access. This value matches the exact format and characteristics of a real, high-confidence Stripe live secret."}} +{"id": 29, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 105, "secret": "postgres://billing_svc:aH7#kL$pQ2s!zX9@db-payments.us-east-1.rds.amazonaws.com:5432/payments_prod", "label": "True Positive"}, "actual": {"line_number": 105, "label": "True Positive", "secret_value": "postgres://billing_svc:aH7#kL$pQ2s!zX9@db-payments.us-east-1.rds.amazonaws.com:5432", "reason": "The value is a complete PostgreSQL connection string that contains an embedded, high-entropy password. The pattern 'scheme://user:password@host:port' is a standard format for transmitting database credentials. The password component 'aH7#kL$pQ2s!zX9' exhibits significant cryptographic complexity with a random mix of uppercase letters, lowercase letters, numbers, and special characters, indicating it is a real, machine-generated secret. Unlike a placeholder, this is a fully formed credential. The hostname points to a specific Amazon RDS instance, which is a sensitive piece of infrastructure information. The presence of the user 'billing_svc' and a specific production database on AWS concrete this as a live credential for a development or staging environment."}} +{"id": 29, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 19, "secret": "dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE", "label": "True Positive"}, "actual": {"line_number": 19, "label": "True Positive", "secret_value": "dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE", "reason": "The value 'dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE' is a valid Docker Hub Personal Access Token (PAT), identified by its 'dckr_pat_' prefix. The string following the prefix, 'aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE', exhibits high entropy with a random mix of uppercase letters, lowercase letters, and digits. This specific format and high-entropy suffix are definitive characteristics of a real credential, not a placeholder. Hardcoding this token directly into the workflow file is a significant security risk as it allows anyone with access to the code repository to authenticate and push images to the Docker Hub account. While this may be a development or test token, it is still a functional secret and should be managed securely."}} +{"id": 29, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 11, "secret": "jdbc:postgresql://prod-db-replica.c9u3x4y5z6a7.us-west-2.rds.amazonaws.com:5432/analytics?user=report_user&password=7G$z#9*kL@qP!", "label": "True Positive"}, "actual": {"line_number": 11, "label": "True Positive", "secret_value": "jdbc:postgresql://prod-db-replica.c9u3x4y5z6a7.us-west-2.rds.amazonaws.com:5432/analytics?user=report_user&password=7G$z#9*kL@qP!", "reason": "This is a complete JDBC connection string containing an embedded password, which is a high-security risk. The value follows the standard `jdbc:protocol://host:port/database?user=...&password=...` format. Most critically, the value assigned to the `password` parameter, '7G$z#9*kL@qP!', is a high-entropy string with a random mix of uppercase letters, lowercase letters, numbers, and special symbols. This structure is characteristic of a real, machine-generated credential, not a placeholder like 'myPassword'. The context, which labels the database 'prod-db-replica' and sets the username as 'report_user', confirms this is a live configuration for a production environment."}} +{"id": 29, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 20, "secret": "SG.aV4gH9rT2pL7xJ5sK1mFw.bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mFw_bZ8oN6cW0qYdE", "label": "True Positive"}, "actual": {"line_number": 20, "label": "True Positive", "secret_value": "SG.aV4gH9rT2pL7xJ5sK1mFw.bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mFw_bZ8oN6cW0qYdE", "reason": "The value 'SG.aV4gH9rT2pL7xJ5sK1mFw.bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mFw_bZ8oN6cW0qYdE' is a SendGrid API Key, which is a high-entropy secret used for authentication. The value's structure is a definitive indicator of a SendGrid key: it consists of three distinct parts separated by periods. The first part 'SG.' explicitly identifies the service. The subsequent two parts are long, high-entropy strings that match the known pattern of a real credential, not a placeholder like 'YOUR_API_KEY'. The context, where the `spring.mail.username` is set to 'apikey', further validates that this value is a live authentication token."}} +{"id": 30, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 86, "secret": "postgres://reports_svc:3^z&tK9@pL!v$rR@db-reporting.c4zqm9fp1v2a.eu-west-1.rds.amazonaws.com:5432/analytics_prod", "label": "True Positive"}, "actual": {"line_number": 86, "label": "True Positive", "secret_value": "postgres://reports_svc:3^z&tK9@pL!v$rR@db-reporting.c4zqm9fp1v2a.eu-west-1.rds.amazonaws.com:5432/analytics_prod", "reason": "The value is a full PostgreSQL database connection string containing all the necessary credentials to access a real service. It embeds a username ('reports_svc'), a highly complex password ('3^z&tK9@pL!v$rR'), and a specific AWS RDS endpoint, making it a direct credential leak. The password exhibits high entropy with a mix of uppercase, lowercase, digits, and special characters, which is a strong indicator of a real, generated secret. Although a comment notes 'here for PoC', it is still a functional connection string pointing to a 'prod' database, posing a significant security risk as development examples often mirror production environments."}} +{"id": 30, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 90, "secret": "8f3d1e2a-6c5b-4a99-8d7c-3f9b1e4a2d7f", "label": "True Positive"}, "actual": {"line_number": 90, "label": "True Positive", "secret_value": "8f3d1e2a-6c5b-4a99-8d7c-3f9b1e4a2d7f", "reason": "The secret value '8f3d1e2a-6c5b-4a99-8d7c-3f9b1e4a2d7f' is a syntactically valid Universally Unique Identifier (UUID) that conforms to the standard format. The value exhibits high entropy with its random distribution of hexadecimal characters, which is a strong indicator of a credential. It is not a generic placeholder like 'xxxxxxxx-....' or a simple sequence. When used as a 'JWT_SECRET_KEY', a correctly formatted UUID is critical for securely signing and verifying JSON Web Tokens. Although the comment mentions this is a 'PoC', the key is fully formed and represents a realistic security risk, as hardcoded secrets are a common vulnerability regardless of the environment."}} +{"id": 30, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 58, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 58, "label": "True Positive", "secret_value": "AKIAY3R4WZ76X2P5QJ6M", "reason": "The value 'AKIAY3R4WZ76X2P5QJ6M' is a valid AWS Access Key ID. The value follows the exact format specified by AWS, starting with the 'AKIA' prefix and consisting of a 20-character alphanumeric string. Although it is a public identifier, hardcoding it in source control is a security risk. The combination of a uniquely identifiable prefix and a high-entropy alphanumeric string strongly points to a real credential rather than a generic placeholder like 'AKIAxxxxxxxxxxxx'. When found alongside a `secret_key` in a provider block, this type of key is part of a complete, exploitable authentication pair, confirming it is a sensitive secret."}} +{"id": 30, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 59, "secret": "pL8fG1tY9cRzXvWqSjU3mB2sL4hK7dF0aN5oP1zE", "label": "True Positive"}, "actual": {"line_number": 59, "label": "True Positive", "secret_value": "pL8fG1tY9cRzXvWqSjU3mB2sL4hK7dF0aN5oP1zE", "reason": "The value 'pL8fG1tY9cRzXvWqSjU3mB2sL4hK7dF0aN5oP1zE' is a 40-character high-entropy string which precisely matches the format of an AWS Secret Access Key. The value exhibits significant randomness with a mix of uppercase and lowercase letters, and no repetitive patterns, making it highly characteristic of a real credential. Unlike placeholders which use repetitive characters or templating syntax, this is a concrete, fully-formed value. The context explicitly confirms this, as the value is assigned to the `secret_key` argument for the `provider \"aws\"` block in a Terraform file. Hardcoding a valid secret key in infrastructure code is a critical security risk, as it grants direct programmatic access to the specified AWS environment."}} +{"id": 30, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 134, "secret": "dckr_pat_7aF9c2eD-5bG8h-4J1k-m3N4o-p6Q7rS8tU9wX", "label": "True Positive"}, "actual": {"line_number": 134, "label": "True Positive", "secret_value": "dckr_pat_7aF9c2eD-5bG8h-4J1k-m3N4o-p6Q7rS8tU9wX", "reason": "The value 'dckr_pat_7aF9c2eD-5bG8h-4J1k-m3N4o-p6Q7rS8tU9wX' is a genuine Docker Hub Personal Access Token (PAT). The value is characterized by its unique prefix 'dckr_pat_', which is a definitive identifier for this type of credential. The 32-character string following the prefix consists of high-entropy mixed-case alphanumeric characters and hyphens, matching the exact format of a real token. Unlike a placeholder, this is a specific, unique credential that provides authentication capabilities. The parameter name `password` within a `docker/login-action` block in a CI/CD pipeline context confirms that this token is intended for authentication."}} +{"id": 30, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 146, "secret": "https://hooks.slack.com/services/T01A2B3C4D5/B02E1F2G3H4/aBcDeFgHiJkLmNoPqRsTuVwX", "label": "True Positive"}, "actual": {"line_number": 146, "label": "True Positive", "secret_value": "https://hooks.slack.com/services/T01A2B3C4D5/B02E1F2G3H4/aBcDeFgHiJkLmNoPqRsTuVwX", "reason": "The value is a Slack Incoming Webhook URL, which functions as an authentication token. The format `https://hooks.slack.com/services///` is a definitive pattern for this credential type. The final path component, 'aBcDeFgHiJkLmNoPqRsTuVwX', exhibits high entropy with a random mix of characters, indicating it is a machine-generated, unique secret, not a placeholder. Exposing a webhook token grants unauthenticated ability to post messages to a specific Slack channel, making this a significant security risk."}} +{"id": 30, "index": 2, "sub_index": 2, "perfect_match": false, "error_fields": ["label"], "expected": {"line_number": 151, "secret": "https://hooks.slack.com/services/T01A2B3C4D5/B02E1F2G3H4/aBcDeFgHiJkLmNoPqRsTuVwX", "label": "True Positive"}, "actual": {"line_number": 151, "label": "False Positive", "secret_value": "https://hooks.slack.com/services/T01A2B3C4D5/B02E1F2G3H4/aBcDeFgHiJkLmNoPqRsTuVwX", "reason": "The value 'https://hooks.slack.com/services/T01A2B3C4D5/B02E1F2G3H4/aBcDeFgHiJkLmNoPqRsTuVwX' is a publicly known default Slack Webhook URL template, not a secret. While the latter portion of the URL, 'aBcDeFgHiJkLmNoPqRsTuVwX', is a 24-character string with high entropy, this pattern is characteristic of the standard structure for slack.com/hooks/ services and is frequently found in examples and default configurations. Documentation and security scanners confirm that these default URLs are insecure and not intended for production use. Unlike a real, specific secret URL which would point to a unique, unguessable endpoint, this is a generic template that can be used by anyone. This pattern teaches that high entropy in the final path segment of a common service hook, such as Slack's, is often a sign of a non-sensitive default configuration."}} +{"id": 30, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 236, "secret": "pk.eyJ1IjoiYm9iYnljb2RlcjkzIiwiYSI6ImNrdjR4cDFnMWhwMzAydnFwZXE1cHp2N3EifQ.mG5Jc4u_A5QfDtCg9C0C3A", "label": "True Positive"}, "actual": {"line_number": 236, "label": "True Positive", "secret_value": "pk.eyJ1IjoiYm9iYnljb2RlcjkzIiwiYSI6ImNrdjR4cDFnMWhwMzAydnFwZXE1cHp2N3EifQ.mG5Jc4u_A5QfDtCg9C0C3A", "reason": "The value is a valid Mapbox Access Token, identifiable by the 'pk.' prefix which signifies a public client key. The token's structure, consisting of three Base64-encoded parts separated by periods, is a direct match for Mapbox's format specification. While it's a 'public' key, it is still a sensitive credential that authenticates the client making map requests. The first two parts are public identifiers, but the final, high-entropy part provides a cryptographic signature to prevent token misuse. Therefore, hardcoding any validly formatted token, even from a public API, constitutes a security risk."}} +{"id": 30, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 241, "secret": "https://3a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d@o1234567.ingest.sentry.io/9876543", "label": "True Positive"}, "actual": {"line_number": 241, "label": "True Positive", "secret_value": "https://3a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d@o1234567.ingest.sentry.io", "reason": "The value is a Sentry Data Source Name (DSN), which contains a hardcoded secret token embedded directly in the URL structure. The token itself is the high-entropy, 32-character hexadecimal string '3a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d'. This string exhibits cryptographic randomness and is not a placeholder, making it a fully-formed credential. The surrounding 'https://' prefix, '@' symbol, and '@...ingest.sentry.io' suffix are all strong indicators of the DSN format. Even though this value is intended for client-side integration, it still acts as an authentication token that identifies the application within Sentry, and its exposure is a security risk."}} +{"id": 30, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 16, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 16, "label": "True Positive", "secret_value": "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", "reason": "The value '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' is a valid Google OAuth 2.0 Client Secret. The prefix 'GOCSPX-' is a specific, documented identifier for this credential type, providing a strong pattern match. The rest of the string is a high-entropy, random-looking series of alphanumeric characters, which is characteristic of a cryptographically generated key. Unlike a placeholder such as 'YOUR_SECRET_HERE', this is a concrete, fully-formed credential. The context of being assigned to `client-secret` and associated with a Google client ID further confirms its sensitive nature. Hardcoding this type of credential in a production properties file poses a severe security risk as it enables unauthorized access to Google APIs."}} +{"id": 30, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 23, "secret": "f1tY9cRzXvWqSjU3mB2sL4hK7dE0a#Z@p^K", "label": "True Positive"}, "actual": {"line_number": 23, "label": "True Positive", "secret_value": "f1tY9cRzXvWqSjU3mB2sL4hK7dE0a#Z@p^K", "reason": "The value 'f1tY9cRzXvWqSjU3mB2sL4hK7dE0a#Z@p^K' is a high-entropy password used for Redis authentication. The string exhibits a random combination of mixed-case letters, numbers, and special characters (`#`, `@`, `^`), which is characteristic of a strong, machine-generated credential. Unlike a placeholder, this is a concrete, concrete value that appears to be in a format used for real production services. The combination of high entropy and the explicit context of a `spring.redis.password` property confirms its sensitive nature, making it a severe security risk to have hardcoded in a development or even production configuration."}} +{"id": 31, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 92, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 92, "label": "True Positive", "secret_value": "AKIAY3R4WZ76X2P5QJ6M", "reason": "The value 'AKIAY3R4WZ76X2P5QJ6M' is an AWS Access Key ID, definitively identifiable by the 'AKIA' prefix specified by Amazon. The remaining 16 characters are a high-entropy string of mixed uppercase letters and digits, consistent with AWS's credential format. Although this key is a hardcoded literal, it is a fully-formed, specific key and not a generic placeholder. The associated variable name `ACCESS_KEY` and its use in the `boto3.client` call confirm its function is to authenticate with AWS. The absence of any placeholder markers makes this a concrete, exploitable secret."}} +{"id": 31, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 93, "secret": "kG7hF9jD2sL4mP6qR8tV0wX3zY5bA7cE9fI1kN", "label": "True Positive"}, "actual": {"line_number": 93, "label": "True Positive", "secret_value": "kG7hF9jD2sL4mP6qR8tV0wX3zY5bA7cE9fI1kN", "reason": "The value 'kG7hF9jD2sL4mP6qR8tV0wX3zY5bA7cE9fI1kN' is a 40-character high-entropy string, which is the exact format for an AWS Secret Access Key. Its composition of randomly selected, mixed-case alphanumeric characters and lack of any discernible pattern strongly indicate that it is a machine-generated credential, not a placeholder. The variable name 'SECRET_KEY' provides direct context, and its use in the `boto3.client` function to authenticate against an AWS service confirms its sensitive nature. Hardcoding such a key is a critical security risk as it grants programmatic access to cloud resources."}} +{"id": 31, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 53, "secret": "AKIAW6QXOJ2ZL5TG7FAP", "label": "True Positive"}, "actual": {"line_number": 53, "label": "True Positive", "secret_value": "AKIAW6QXOJ2ZL5TG7FAP", "reason": "The value 'AKIAW6QXOJ2ZL5TG7FAP' is a valid AWS Access Key ID. Its structure, beginning with the 'AKIA' prefix, is a definitive indicator of this specific AWS credential format. The subsequent 16 characters are a high-entropy string of alphanumeric characters, which is consistent with a real, machine-generated key rather than a placeholder. Although the context includes Terraform code which is often used for testing or infrastructure as code (IaC), the presence of a syntactically valid credential in a provider configuration block is always a security risk. Test or development environments are often connected to production resources, and an exposed access key, regardless of environment, is a major security vulnerability."}} +{"id": 31, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 54, "secret": "fG9zL2tJ4mH6cR8vB1xS5oE3dY7uW0qA9pI8nZ", "label": "True Positive"}, "actual": {"line_number": 54, "label": "True Positive", "secret_value": "fG9zL2tJ4mH6cR8vB1xS5oE3dY7uW0qA9pI8nZ", "reason": "The value 'fG9zL2tJ4mH6cR8vB1xS5oE3dY7uW0qA9pI8nZ' is a high-entropy, 40-character alphanumeric string, which is the exact format of a real AWS Secret Access Key. The string's cryptographic randomness, indicated by its mix of upper/lower case letters, numbers, and a special character, prevents it from being mistaken for a generic placeholder. Unlike a template like '' or a low-entropy sequence, this is a fully-formed, unpredictable key. The context of being assigned to a Terraform `secret_key` parameter explicitly confirms its sensitive nature, making it a critical security risk."}} +{"id": 31, "index": 1, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 74, "secret": "ae3267d64b63e8a9c2a689b0d64f0b09", "label": "True Positive"}, "actual": {"line_number": 74, "label": "True Positive", "secret_value": "ae3267d64b63e8a9c2a689b0d64f0b09", "reason": "The value 'ae3267d64b63e8a9c2a689b0d64f0b09' is a 32-character hexadecimal string with high entropy, which is the exact format for a Datadog API key. The random mix of letters and numbers strongly indicates it is a real, machine-generated credential, not a placeholder. Although it appears within a `default` block for a Terraform variable, this is a common pattern for hardcoding development or even production keys for less sensitive environments. The variable name and description explicitly identify its purpose, confirming its status as an API secret. A default value should be a non-functional example; committing a fully-formed key, regardless of its environment context, is a significant security risk."}} +{"id": 31, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 123, "secret": "pk.eyJ1IjoibWFwYWRtaW4iLCJhIjoiY2t1b2Q4c3M2MWY4aTJ2bnZkaXA2b2YzeSJ9.wG8fQzR6v4kXpL7yC9jTqA", "label": "True Positive"}, "actual": {"line_number": 123, "label": "True Positive", "secret_value": "pk.eyJ1IjoibWFwYWRtaW4iLCJhIjoiY2t1b2Q4c3M2MWY4aTJ2bnZkaXA2b2YzeSJ9.wG8fQzR6v4kXpL7yC9jTqA", "reason": "This value is a valid Mapbox public access token, identified by its 'pk.' prefix. The format consists of three Base64-encoded JSON strings separated by periods, which perfectly matches Mapbox's documentation for temporary client-side tokens. Although intended for client-side use, these tokens still function as authentication credentials and are valuable because they grant access to consume a provider's service (in this case, Mapbox maps). The value's high entropy and random character composition across its three parts confirm it is a generated credential, not a placeholder or template. Hardcoding any valid credential, even a public one, is a security risk as it is linked to a specific account and can be abused to exhaust API quotas."}} +{"id": 31, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 127, "secret": "https://a9f3b8e7d6c54a108f9b9c0e2d1a3c7f@o112233.ingest.sentry.io/45056789012345", "label": "True Positive"}, "actual": {"line_number": 127, "label": "True Positive", "secret_value": "https://a9f3b8e7d6c54a108f9b9c0e2d1a3c7f@o112233.ingest.sentry.io", "reason": "This value is a fully-formed Sentry Data Source Name (DSN), which is a hardcoded secret credential. The URL pattern is characteristic of a Sentry DSN, including the embedded public key 'a9f3b8e7d6c54a108f9b9c0e2d1a3c7f' and the organization slug 'o112233', directly preceding the ingest endpoint. The public key is an 8-character alphanumeric string with high entropy, which is a specific format for Sentry secrets. Although sometimes found in client-side code, these credentials are sensitive as they allow anyone to send data to the organization's Sentry project, leading to noise and potential abuse."}} +{"id": 31, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 43, "secret": "dckr_pat_yNv7sW3zT6jK8hL2mP5gF0xU4qR9cE1aB", "label": "True Positive"}, "actual": {"line_number": 43, "label": "True Positive", "secret_value": "dckr_pat_yNv7sW3zT6jK8hL2mP5gF0xU4qR9cE1aB", "reason": "The value 'dckr_pat_yNv7sW3zT6jK8hL2mP5gF0xU4qR9cE1aB' is a legitimate Docker Personal Access Token. Its format is specifically identified by the 'dckr_pat_' prefix, which is a recognized service-specific pattern for these credentials. The following string of 28 random alphanumeric characters (including mixed case letters and digits) possesses high entropy and perfectly matches the known structure of a real Docker PAT. Unlike a placeholder or example, this is a unique, concrete value that grants the `corp_deploy_bot` user authentication rights. The context in the YAML file, where it is used as the `password` for the `docker/login-action`, explicitly confirms its role as an authentication secret."}} +{"id": 31, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 59, "secret": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAYEAy1A8G8yY2Q0bY8R2fN3eD6rN5bV5oY6zV9nB9zC8rV2aW9nS6qWj\nY9mF7bM3cM9yV1wR6tY3fO2uP8tJ5gY4oZ1jI9pU7fH4xK9pD8oW7yL6kC4hB3sF2xW1zS9\npG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9pG+eR5sD0vM6sN1cK8v\nI4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9pG+eR5sD0vM6sN1cK8vY5htrZ6wF4xK9pD8oW7\nyL6kC4hB3sF2xW1zS9pG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9\npG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wQ2xV1sS9pG+eRb3rAwAAAAtkZXB\nsb3lAYXBwLXNlcnZlcgE=\n-----END OPENSSH PRIVATE KEY-----", "label": "True Positive"}, "actual": {"line_number": 59, "label": "True Positive", "secret_value": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\nsaAAAAAwEAAQAAAYEAy1A8G8yY2Q0bY8R2fN3eD6rN5bV5oY6zV9nB9zC8rV2aW9nS6qWj\nY9mF7bM3cM9yV1wR6tY3fO2uP8tJ5gY4oZ1jI9pU7fH4xK9pD8oW7yL6kC4hB3sF2xW1zS9\npG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9pG+eR5sD0vM6sN1cK8v\nI4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9pG+eR5sD0vM6sN1cK8vY5htrZ6wF4xK9pD8oW7\nyL6kC4hB3sF2xW1zS9pG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9\npG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wQ2xV1sS9pG+eRb3rAwAAAAtkZXB\nsb3lAYXBwLXNlcnZlcgE=\n-----END OPENSSH PRIVATE KEY-----", "reason": "The value is a complete, multi-line PEM-formatted OpenSSH private key. This format is definitively identified by the `-----BEGIN OPENSSH PRIVATE KEY-----` and `-----END OPENSSH PRIVATE KEY-----` delimiters. The large body of Base64 characters between the delimiters exhibits the high entropy characteristic of legitimate cryptographic material. Unlike a placeholder or example, this is a fully formed key. The context of being assigned to a variable named `SSH_KEY` in a CI/CD file used for SSH access confirms its purpose as an authentication credential. Hardcoding a private key, even for deployment, is a severe security risk."}} +{"id": 31, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 6, "secret": "Pg#sEcRet!P@sS_9fXz8$t", "label": "True Positive"}, "actual": {"line_number": 6, "label": "True Positive", "secret_value": "Pg#sEcRet!P@sS_9fXz8$t", "reason": "The value 'Pg#sEcRet!P@sS_9fXz8$t' is a legitimate PostgreSQL password. Its structure exhibits high entropy, combining mixed-case dictionary words ('EcRet', 'sEcRet', 'sEc'), punctuation, and random characters ('9fXz8$t'), which is a common pattern for machine-generated credentials. The value is not a placeholder because it contains a specific, non-generic sequence, unlike common examples like 'password123' or ''. This specific, concrete value has the characteristics of a real, actively used credential. Exposing it in a configuration file poses a significant security risk, as it could be used to directly access a production database, as confirmed by its assignment to a `spring.datasource.password` property."}} +{"id": 31, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 20, "secret": "sk_live_51Kx0L2BzT8gG1uY9cFzXvWqSjU3mB2hA4fD6eG8iJ1kM3nO5pR7sT9uV", "label": "True Positive"}, "actual": {"line_number": 20, "label": "True Positive", "secret_value": "sk_live_51Kx0L2BzT8gG1uY9cFzXvWqSjU3mB2hA4fD6eG8iJ1kM3nO5pR7sT9uV", "reason": "The value 'sk_live_51Kx0L2BzT8gG1uY9cFzXvWqSjU3mB2hA4fD6eG8iJ1kM3nO5pR7sT9uV' is a valid Stripe Live API key, identified definitively by the `sk_live_` prefix. This prefix is specific to Stripe for live mode keys, differentiating them from test or development versions. The value itself is a 40-character high-entropy string with a random mix of alphanumeric characters, consistent with Stripe's key format and indicating it is a generated, operational credential. Exposing a live key in source code is a severe security risk, allowing attackers to process payments on behalf of the application. The context from the comment 'Stripe configuration for payment processing' confirms its sensitive purpose."}} +{"id": 31, "index": 4, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 23, "secret": "ACf4b2e1c9d8a7f6e5d4c3b2a1a0987654", "label": "True Positive"}, "actual": {"line_number": 23, "label": "True Positive", "secret_value": "ACf4b2e1c9d8a7f6e5d4c3b2a1a0987654", "reason": "The value 'ACf4b2e1c9d8a7f6e5d4c3b2a1a0987654' is a valid Twilio Account SID. This value perfectly matches the documented format for this credential, which is the prefix 'AC' followed by a 32-character hexadecimal string that exhibits high entropy. Unlike placeholders, which use repeated characters or descriptive text, this is a concrete, unique value. The variable name `twilio.account.sid` explicitly identifies the purpose of this secret, and its presence in a production configuration file under an 'EXTERNAL API KEYS' section confirms its sensitivity. Exposing an Account SID can be a significant security risk as it is required for authentication and to retrieve other, more powerful credentials."}} +{"id": 31, "index": 4, "sub_index": 3, "perfect_match": true, "error_fields": [], "expected": {"line_number": 24, "secret": "a4b3c2d1e0f9a8b7c6d5e4f3a2b1c0d9", "label": "True Positive"}, "actual": {"line_number": 24, "label": "True Positive", "secret_value": "a4b3c2d1e0f9a8b7c6d5e4f3a2b1c0d9", "reason": "The value 'a4b3c2d1e0f9a8b7c6d5e4f3a2b1c0d9' is a 32-character hexadecimal string with high entropy, which is the exact format for a Twilio Auth Token. The value itself is unpredictable, lacking any dictionary words, sequences, or placeholders, indicating it is a real, machine-generated credential. This format is a specific and well-documented pattern for authenticating with Twilio services. The context provided by the variable name 'twilio.auth.token' explicitly confirms the value's purpose. Unlike a placeholder, this is a fully-formed credential that grants significant access to a user's account, making its exposure a severe security risk."}} +{"id": 32, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 97, "secret": "sk_live_51Mv9L2KpF7hG3tZ9cRzXvWqSjU3mB2nFk5vL6xJ7iO1pE9yC", "label": "True Positive"}, "actual": {"line_number": 97, "label": "True Positive", "secret_value": "sk_live_51Mv9L2KpF7hG3tZ9cRzXvWqSjU3mB2nFk5vL6xJ7iO1pE9yC", "reason": "The value 'sk_live_51Mv9L2KpF7hG3tZ9cRzXvWqSjU3mB2nFk5vL6xJ7iO1pE9yC' is a legitimate Stripe live API key. The 'sk_live_' prefix is a definitive indicator used by Stripe to identify live credentials, which are used to process real transactions and handle financial data. The subsequent 54-character string is a high-entropy, random mix of alphanumeric characters, which matches the exact format and complexity of real Stripe keys. This is not a placeholder or a generic template, but a fully formed, specific credential that presents a severe financial security risk. The surrounding code context, where the value is directly assigned to `stripe.api_key`, confirms its purpose as live authentication material."}} +{"id": 32, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 98, "secret": "postgres://billing_svc_user:AgH3#kL$pQ2s!bV9@db-payments-prod.c8x4z1b2q3r.us-east-1.rds.amazonaws.com:5432/payments_db", "label": "True Positive"}, "actual": {"line_number": 98, "label": "True Positive", "secret_value": "postgres://billing_svc_user:AgH3#kL$pQ2s!bV9@db-payments-prod.c8x4z1b2q3r.us-east-1.rds.amazonaws.com:5432/payments_db", "reason": "The provided value is a complete PostgreSQL connection string containing all necessary components to access a database. It embeds the username (`billing_svc_user`) and the password (`AgH3#kL$pQ2s!bV9`) directly. The password itself exhibits high entropy and cryptographic complexity, using mixed case letters, numbers, and special characters, which is a strong indicator of a real credential. Exposing this string would grant unauthorized database access, and the filename context confirms it is for a production environment. The comment 'This should be in a secure vault, not hardcoded' explicitly identifies the value as a secret."}} +{"id": 32, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 34, "secret": "AKIA4Z7P6TQ5RVN3MUEW", "label": "True Positive"}, "actual": {"line_number": 34, "label": "True Positive", "secret_value": "AKIA4Z7P6TQ5RVN3MUEW", "reason": "The value 'AKIA4Z7P6TQ5RVN3MUEW' is an AWS Access Key ID, which is a sensitive credential. The prefix 'AKIA' is a specific, well-known identifier for this type of key, differentiating it from generic string patterns. The 20-character string following the prefix exhibits high entropy, with a random mix of alphanumeric characters, which is characteristic of a machine-generated key. While the value is presented in a CI/CD pipeline, the explicit comment 'This approach is insecure' further confirms its nature as a real credential, not a placeholder. Leaking an Access Key ID is a security risk as it can grant attackers information about the user's AWS environment, even if the Secret Access Key is not immediately exposed."}} +{"id": 32, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 35, "secret": "j9mK0cH7pL6xJ2sV4gH9rT2pL7xJ5sK1mF3bZ8oN", "label": "True Positive"}, "actual": {"line_number": 35, "label": "True Positive", "secret_value": "j9mK0cH7pL6xJ2sV4gH9rT2pL7xJ5sK1mF3bZ8oN", "reason": "The value 'j9mK0cH7pL6xJ2sV4gH9rT2pL7xJ5sK1mF3bZ8oN' is a 41-character high-entropy alphanumeric string, which perfectly matches the specific format of an AWS Access Key Secret. The value itself is random and unpredictable, exhibiting no placeholder patterns like repeated characters or sequential numbers. Unlike examples, this is a concrete, specific credential string that is being used in an `aws configure` command. The variable name `aws_secret_access_key` in the command directly identifies its sensitive nature. Even though a comment flags the configuration as insecure, the credential itself is real and poses a significant security risk, as it is hardcoded in a publicly accessible pipeline file."}} +{"id": 32, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 39, "secret": "https://b4d29ca2b98e4a9e8b7c0f1e8e2b8f75@o450550.ingest.sentry.io/4505501234567890", "label": "True Positive"}, "actual": {"line_number": 39, "label": "True Positive", "secret_value": "https://b4d29ca2b98e4a9e8b7c0f1e8e2b8f75@o450550.ingest.sentry.io", "reason": "The value 'https://b4d29ca2b98e4a9e8b7c0f1e8e2b8f75@o450550.ingest.sentry.io' is a Sentry Data Source Name (DSN), which is a high-entropy string credential. The portion 'b4d29ca2b98e4a9e8b7c0f1e8e2b8f75' is the secret key, which appears to be a real credential with cryptographic randomness. Embedding this key directly within the URL makes the Sentry project susceptible to abuse, as it provides unauthenticated write access to the project's data. The use of the Sentry domain '.ingest.sentry.io' confirms the value's specific function as a secret. Unlike a placeholder, this is a complete, format-valid credential that leaks sensitive project information and access."}} +{"id": 32, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 127, "secret": "d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9", "label": "True Positive"}, "actual": {"line_number": 127, "label": "True Positive", "secret_value": "d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9", "reason": "The value 'd4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9' is a 32-character hexadecimal string, matching the exact format of a Twilio Auth Token. This value exhibits high entropy with a random distribution of numbers and letters, which is characteristic of a real credential. Although it lacks prefixes, its specific length and format are strong indicators of a Twilio token. Unlike generic placeholders (e.g., 'xxxx...'), this is a fully-formed, non-repeating string that appears to be a real credential. The context of being assigned to `twilioAuthToken` within a `const` block further confirms its role as sensitive authentication material."}} +{"id": 32, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 130, "secret": "p$qR5tU6vW7x!z#A", "label": "True Positive"}, "actual": {"line_number": 130, "label": "True Positive", "secret_value": "p$qR5tU6vW7x!z#A", "reason": "The value 'p$qR5tU6vW7x!z#A' is a high-entropy password. It exhibits strong cryptographic randomness, containing a mixture of uppercase letters, lowercase letters, numbers, and special characters without any discernible patterns or sequences. This combination of character types and its unpredictable nature are defining characteristics of a real, machine-generated password. The variable name 'redisPassword' explicitly confirms its purpose as a secret authentication credential for a Redis database. Exposing such a password, even from a test environment, creates a significant security risk as it grants unauthorized access to potentially valuable data."}} +{"id": 32, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 16, "secret": "Gv6mU_c7p-q9sR2wX4yZ0aB1dE3fG5hI7jK9lM8n", "label": "True Positive"}, "actual": {"line_number": 16, "label": "True Positive", "secret_value": "Gv6mU_c7p-q9sR2wX4yZ0aB1dE3fG5hI7jK9lM8n", "reason": "The value 'Gv6mU_c7p-q9sR2wX4yZ0aB1dE3fG5hI7jK9lM8n' is a high-entropy string that matches the format and character set of a Cloudflare API Token. The 40-character value contains a random mix of alphanumeric characters and special symbols ('_', '-') with no discernible patterns, indicating it's a unique, machine-generated credential. This value is concrete and fully formed, lacking any characteristics of a placeholder like repeated characters or template syntax. The context of the Terraform file confirms this, as the value is assigned to the `api_token` parameter for the Cloudflare provider. Hardcoding a credential with this level of entropy and format is a significant security risk, as it could grant access to manage the entire Cloudflare account."}} +{"id": 33, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 97, "secret": "ACd4f8b0e7c6a5e4d3f2c1b0a9e8d7c6b5", "label": "True Positive"}, "actual": {"line_number": 97, "label": "True Positive", "secret_value": "ACd4f8b0e7c6a5e4d3f2c1b0a9e8d7c6b5", "reason": "The value 'ACd4f8b0e7c6a5e4d3f2c1b0a9e8d7c6b5' is a valid Twilio Account SID, identified by the 'AC' prefix. This prefix is a specific and reliable pattern for this type of credential. The subsequent 32-character hexadecimal string exhibits high entropy and matches the precise format of a real SID. Unlike a placeholder, which might use repeating characters like 'x' or sequential numbers, this is a fully-formed, concrete value. The variable name `TWILIO_ACCOUNT_SID` and its use in initializing the `twilio.rest.Client` confirm its role as an authentication token. Exposing a real Account SID is a security risk as it grants access to the user's Twilio account, allowing them to make unauthorized API calls."}} +{"id": 33, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 98, "secret": "5a9f3e1b7d5c8e2a1b9f4d6c7e8b9a0c", "label": "True Positive"}, "actual": {"line_number": 98, "label": "True Positive", "secret_value": "5a9f3e1b7d5c8e2a1b9f4d6c7e8b9a0c", "reason": "The value '5a9f3e1b7d5c8e2a1b9f4d6c7e8b9a0c' is a valid Twilio Auth Token, identifiable by its 32-character hexadecimal format with high entropy. This pattern precisely matches the official specification for Twilio tokens. The value exhibits a random distribution of characters, lacking any patterns like sequences or repetition that would suggest it is a placeholder. Although the code includes a warning, the value is fully formed and appears to be a real credential. A real developer could easily make the mistake of hardcoding a recently generated token, which could be misused for sending spam or unauthorized messages, making this a genuine security risk."}} +{"id": 33, "index": 0, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 99, "secret": "postgres://notifications_svc:3rD#kS8@pGqW7!z@pg-prod-cluster-1.rds.amazonaws.com:5432/notificationsdb", "label": "True Positive"}, "actual": {"line_number": 99, "label": "True Positive", "secret_value": "postgres://notifications_svc:3rD#kS8@pGqW7!z@pg-prod-cluster-1.rds.amazonaws.com:5432/notificationsdb", "reason": "This value is a complete, hardcoded PostgreSQL database connection string containing embedded credentials. The URL structure follows the `protocol://username:password@host:port/database` format, which directly exposes both the username ('notifications_svc') and the password ('3rD#kS8@pGqW7!z'). The password component itself is a high-entropy string with a mix of uppercase letters, lowercase letters, numbers, and special characters, strongly indicating it is a real credential. Unlike a template or placeholder, this is a fully formed, exploitable connection string. Exposing this specific credential allows anyone with code access to potentially authenticate and compromise the development database."}} +{"id": 33, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 28, "secret": "AKIAUZY47P56V3IWQEXN", "label": "True Positive"}, "actual": {"line_number": 28, "label": "True Positive", "secret_value": "AKIAUZY47P56V3IWQEXN", "reason": "The value 'AKIAUZY47P56V3IWQEXN' is a valid AWS Access Key ID, identified with high confidence by its 'AKIA' prefix and 20-character format. This value exhibits strong cryptographic randomness, as it is a 16-character string of mixed-case alphanumeric characters that does not follow any predictable pattern. Unlike generic placeholders or template variables, this is a fully-formed key that is specific and unique to a user or role. The associated variable name `access_key` within a Terraform `provider \"aws\"` block provides explicit context confirming that this is a credential used for authentication with AWS."}} +{"id": 33, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 29, "secret": "pL8vGkZuJ4mR9sB7dF1aH6cE5kL0xV+yW9iO3nQz", "label": "True Positive"}, "actual": {"line_number": 29, "label": "True Positive", "secret_value": "pL8vGkZuJ4mR9sB7dF1aH6cE5kL0xV+yW9iO3nQz", "reason": "The value 'pL8vGkZuJ4mR9sB7dF1aH6cE5kL0xV+yW9iO3nQz' is a high-entropy string characteristic of a real AWS Secret Access Key. It is a 40-character alphanumeric string with a random mix of uppercase and lowercase letters, numbers, and a '+' symbol, which aligns perfectly with the format of this specific credential type. Unlike a placeholder, this is a concrete, fully-formed value with no repeated characters or simple patterns, indicating it is a genuine secret. The assignment to the 'secret_key' parameter in an AWS provider block provides definitive contextual evidence, as hardcoding a real key is a critical security anti-pattern."}} +{"id": 33, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 117, "secret": "pk.eyJ1IjoiZGF0YXZpc3VhbGl6ZXIiLCJhIjoiY2xwYTk3enRjMGJ3ZDJrcW83Z3g4bHFvMyJ9.XFp9o_k9Y0jZ7lEtUa8wWg", "label": "True Positive"}, "actual": {"line_number": 117, "label": "True Positive", "secret_value": "pk.eyJ1IjoiZGF0YXZpc3VhbGl6ZXIiLCJhIjoiY2xwYTk3enRjMGJ3ZDJrcW83Z3g4bHFvMyJ9.XFp9o_k9Y0jZ7lEtUa8wWg", "reason": "The value 'pk.eyJ1IjoiZGF0YXZpc3VhbGl6ZXIiLCJhIjoiY2xwYTk3enRjMGJ3ZDJrcW83Z3g4bHFvMyJ9.XFp9o_k9Y0jZ7lEtUa8wWg' is a complete, non-placeholder Mapbox Access Token. Its structure, a public key prefixed with 'pk.' followed by two Base64-encoded strings, perfectly matches the format specified by Mapbox. The two encoded parts represent the token's origin and its actual cryptographic key, respectively, exhibiting high entropy. This is not a generic example, as it contains a specific, non-obvious username 'datavisualization' and a long, random string for the key. Hardcoding a fully-formed, unique token like this is a common but significant security risk, as it can be scraped from client-side code and abused to generate API requests."}} +{"id": 33, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 128, "secret": "https://3a1b5c4d6e8f7g9a0b1c2d3e4f5a6b7c@o123456.ingest.sentry.io/7890123", "label": "True Positive"}, "actual": {"line_number": 128, "label": "True Positive", "secret_value": "https://3a1b5c4d6e8f7g9a0b1c2d3e4f5a6b7c@o123456.ingest.sentry.io", "reason": "The value is a complete Sentry DSN (Data Source Name), which functions as a credential to authenticate an application with a Sentry error reporting project. The structure is characteristic of an Sentry DSN, with the secret key `3a1b5c4d6e8f7g9a0b1c2d3e4f5a6b7c` embedded within a URL before the '@' symbol. This key is a 32-character hexadecimal string that exhibits high entropy and appears to be a randomly generated token, distinguishing it from a placeholder. Hardcoding DSNs is a significant security risk, as any developer with access to the codebase can send arbitrary data to the Sentry account, disrupting monitoring and potentially leading to abuse."}} +{"id": 33, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 39, "secret": "dckr_pat_aJkLpM5oN8qH7wG4sF2dR1tY9cZ", "label": "True Positive"}, "actual": {"line_number": 39, "label": "True Positive", "secret_value": "dckr_pat_aJkLpM5oN8qH7wG4sF2dR1tY9cZ", "reason": "The secret value 'dckr_pat_aJkLpM5oN8qH7wG4sF2dR1tY9cZ' is a valid Docker Personal Access Token (PAT). The value's prefix 'dckr_pat_' is a definitive format indicator for Docker Hub tokens, and the following 28-character alphanumeric string exhibits the high entropy expected of a real credential. This token is a specific, functional key, not a generic placeholder like 'dckr_pat_xxxxxxxxxxxxxxxxxxxxxxx'. The surrounding code, which is a GitHub Actions workflow file, confirms this is an authentication token intended for a 'Login to Docker Hub' step. Exposing credentials directly in CI/CD files is a common security risk."}} +{"id": 33, "index": 3, "sub_index": 1, "perfect_match": false, "error_fields": ["value"], "expected": {"line_number": 53, "secret": "|\n -----BEGIN OPENSSH PRIVATE KEY-----\n b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\n NhAAAAAwEAAQAAAYEAuc/d5v6hT+dOK4aCZyGevp5A+vM2M1m7/s3qH8nC8L5a7G9b0P2t\n Y6rW1dG7w8Z5Z0u3e6V7h9F8j4k2aG6b8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u7\n v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c9d0\n e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u7v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0k1l2m\n 3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u\n 7v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c\n 9d0e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u7v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0\n k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3\n -----END OPENSSH PRIVATE KEY-----", "label": "True Positive"}, "actual": {"line_number": 53, "label": "True Positive", "secret_value": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\nc2ggAAAAAwEAAQAAAYEAuc/d5v6hT+dOK4aCZyGevp5A+vM2M1m7/s3qH8nC8L5a7G9b0P2t\nY6rW1dG7w8Z5Z0u3e6V7h9F8j4k2aG6b8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u7\nv8w9x+y/z0A1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c9d0\ne1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u7v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0k1l2m\n3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u\n7v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c\n9d0e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u7v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0\nk1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3\n3L519k9jP/eN72bK26gE/P5z7b31fB9W3oY5U44/r2g/F69rO8gL68oP7y1Y27K4b2t\ny0WkRBYqO63a+u5a9VpX7O9jIys9Xf60E+nZ3wG+qJbYf9m6Yj84y6e+G+e7bM2gXp\nESb1/d9V9Y6p94/u3QW6N59o5mEox+s574Y6Ff1i8p1iI/Kz7K6x8h0sYfEaW+v/fR\nq2eBvIe25/P/aTfK3K0C5wJ7b8j7K8r6C5oD1bZ/E80H84Z/kP+1/Jg3kO7bK7YvS4\nT9w5Vv03LhXU+kUfD8C29gJ1z/47wE/M6J/oY/8v5M6i/c1rU1Z7l8a0J/O+fG2tT1t\n/nK0Z/0E19o7h84U9KqU7C+bO6Fk8L61q9Uf+Xv9jT1g1rY9cZcI4FzC4v09y/2F7\ncS+Xp09gq6T//5dI24vD8KjJ5Z/J6Uv7ZcI53Hh19L2/0g812c+124jS6Xw/vT1iUv\nh56QzHq2R083j5q+nFzM/j1/I7C950i8N8qH6+7h7644f9r00TjK62V0U4f54fQ5r5i\ni8s07BwUj6U5Vw9tX7r4WnQ6UvU2V8d50/TjK4r+bQY339q3V94s3u3Wd3cR3p3L\nXq1zN+e77T4P8g7zW1M3+iN6J+c/r2+pT6ZqgT55gT2O0k0o31281V6XW58E+j5k8\n/2J73j0N4/D+3Q6y90/h2p8i1/XF9L63L8+Q7u0/27d7Fq/z0Y3z8ZJ8KkLd7U5p1w\no6Z7H/b1xT6xV+L8hM0D42r/07y7g0H5v831XbVb2/vC0z1nL3mH89sX6Z3/9Z1U2\nXo80F68o/9k52N3U7PzZ1q00w+nZ266H63iR/rC87N7F8N8E/4J6w4T338CqfT+31j\nzq2fD/E/f2U+1U72v/Y7zQ4qF15jTz9oJ6d6P/4uU29vD8z369eR09vD6j24jS6\nxrX4h92k412h4m9f3w7rT0pD/5h6l5x3WzM86b3i/P99aP/51n3xZ2h4k5i6j7l\nzc492x3h4g/5y8z5i6m40e/p8+i01/L8J86Qy6/Jj4rC9vD7x84D62a0/zZ+q3V\n38N6t3S/l8J30/a9L/Z/d8r2l9jO26Q/jG0z1P9b6W/y2b6x99P0aUqG+3q3sQ6\nrZqZ9MhL+lYxW5630r9o1b2o/F2w5q/T/h9Y4tB6e9r90hT2787m6134LhXUr\nE10g/cO1q2vM2v0g3zH7f8N7Z9s+3fC0N1w6jJ4Z/X5kE/r2zQ7+t7W1tP7c/2s\ni7s7U4Z8U+n37XmY7iE7n+t9051J67b8j/84630c3z/3h9J8t49d3/7kX0z126/I\nvb2l/mD9c8s+r6mY9E+7Z837kHj/C5Y/0Y4kK0V4/Q7v27X7V/3Z3J8PjH8qV\n49lJ7t3Y7y7z7sU69H7M3p7E/vK7J13U22uQ9Yq32+Zp1Pj62Y7Y5o01m7/tK\nd9R65rM1u1yO7D8k/8lQ0B1vB73l/h8k4j5q+nFzM/j3/D976X1iJ9f9Y8/1Y5\nbhNfA8q0lC+kQfA+k5o4zH6b9KqU7L/q3T3j18tM/wB1L6k6Q2i/KjY3J7j\nZ3q2S0lB2tJ0r3h3Z3uE/U22j/662hF/U8T8u/00Q3/5Vb04WJmY74Z4K2J\nK0b8H0P7d77b+V97R8uY8Zp0q6+Zp7E0H9H99Qd6r/u3Q3b8gC1M3bXF90p\nj+U9Qn02X+p4tF8W8Nn/J9F17c4W7T91sPzJ4/l8c+23d/y75T95i/U\nvw515e025gL7Q/4Vl0hU7q2Q2Q8m26/w/0y7xV7z8PjQ9Z33XwM4V/q2/h\nT8v12s+3zP2Zl5i31hE7a5+L0T/1f23U/lP9P0g1fP2M3q/K3bN8Z24b\n141lU7k4n4+p2zX1KxV97F/nZ24eI31v/86W0z13P1l328v1n8iC27x3h5\nn6K7o+29H2r4y0h13/p4l0qZ8Q/k5+1gN+85jJ402j0w1a8gN7dZ8tP+2v\nO+zM564m6O8tqB+h57X77Z621w7V/7+t0o86q/2wY7L3x/72b6tQpB1mC8\ni2Hq2u6L/36zUo4M0bX7/D/kU/iK/fX5J5vN1273s1h59H7L4T3s8h0\nK6/I66q1p2n7p5nQ6Z2o5o0Fj03nK1t9Q1fP2sD/u32R02F71L3iM694X\ns+k832J7k03Y0B6b/H5L+a8/p9vD7fF5+42x8p6tM341lXgW5Y6h+gq\n/0j4qT0U9rQp562n5X0yM53E+r520vV36/H5N6Q2m4L+x89p2mZ9g\ntM4x+tC/c253/6qU0+W+k4Z9QxG75f2H+53f5kM6qH5lJ8P4+qK8\nP26m+t/xW15v3+6S040mK659N5u5r2T+T/626N2rU89o3n8H7d7\nzjUaT3iK4b3HwT+7pW+k5p1a5wzQ5V/2gD7J5p2427X9c+3L4h+w\nsN7v2J4i42k5Q4o9p8zY049sV+x/e4h7L1w2Q7WJt/5J6y6Q7\nX68hTfXN9X/mS3o/bS/3+k51/fUqW/w7/D8F130q16N4M/zC0+\nzV46rO9v1n04108w421/8l/vWfD8147J1+e2k5i7y7oN0lI41\nCqW5U1b1tV5eX33k74P4g3J9gQ81yM0y0s7y4h1p0V+c8w3K5\nz5pC2K+6F4/zJm/V6W8L9Q8YJvI+j8p812g3/1o124s5Z42k\n16+oJ6p2H9p9a4h82m5cM23/D7C11vK/91U15/k64O3M6o8\nD/f6F9W/M+u98A9P/P7K3Q0j01mC/43+K9k5i7y7oN2k\nh4jW1W5b3k+yHkFwUo0a4X7P/4M6gL7L5t6nJ53n4mY\n5k24X2Z0+E7Vq5fNq35J7PZ0dJ0r8v7a9Z850/O33TjI0\nvn3yV89F/Bw/kK1e/B7i/V032327768i7e31fL1pUv7s\n6rN16g664u/Z5U05L3p25iF7+92Jt9rV/8M8m6m8d+P\n7bIe3l33j+1jF0C63Xf55a+B2J/9x3M4V5J/V926\nF3Z4K4qZ747qFh31d7iVvX0+pS2V0Z6l8l5y0wJ1/m0\nT5y13Bw6O/jD10V8XwM7K7I+j44O/c8aJ+X+x42c=\n-----END OPENSSH PRIVATE KEY-----", "reason": "The secret value is a complete OpenSSH Private Key presented in standard PEM format, identified by the '-----BEGIN OPENSSH PRIVATE KEY-----' header and '-----END OPENSSH PRIVATE KEY-----' footer. The large, multiline block of Base64 encoded text between these markers exhibits high entropy and conforms to the expected structure for cryptographic keys. Unlike a placeholder, this is a fully-formed credential. It's highly improbable this represents test data, as real key generation tools produce this format, and hardcoding it exposes it to anyone with source code access. This is a critical security vulnerability, as the key grants direct access for operations like SSHing into servers."}} +{"id": 33, "index": 4, "sub_index": 0, "perfect_match": false, "error_fields": ["label"], "expected": {"line_number": 7, "secret": "jdbc:mysql://prod-db-master.cw7fkl2g3h9e.us-west-2.rds.amazonaws.com:3306/webappdb?autoReconnect=true&useSSL=false", "label": "True Positive"}, "actual": {"line_number": 7, "label": "False Positive", "secret_value": "jdbc:mysql://prod-db-master.cw7fkl2g3h9e.us-west-2.rds.amazonaws.com:3306/webappdb?autoReconnect=true&useSSL=false", "reason": "The value is a JDBC connection string, which specifies an endpoint for a database service. While connection strings can sometimes contain credentials, this specific value contains no embedded username or password; it only includes the hostname, port, and database name. The hostname itself, with the '.rds.amazonaws.com' and '.us-west-2' domains, is an indicator of a public-facing AWS RDS database endpoint, which is not a sensitive secret by itself. The key pattern is that connection strings are only secrets when they contain sensitive authentication material like a hardcoded password or token; this value lacks that critical component."}} +{"id": 33, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 9, "secret": "dJ^8g$Pq5#sT@9!rW&zK", "label": "True Positive"}, "actual": {"line_number": 9, "label": "True Positive", "secret_value": "dJ^8g$Pq5#sT@9!rW&zK", "reason": "The value 'dJ^8g$Pq5#sT@9!rW&zK' is a high-entropy, 20-character string containing a random mix of alphanumeric characters and special symbols, consistent with a strong, generated password. This is a fully-formed credential, not a placeholder like 'Pa$$w0rd' or a template variable. It exhibits cryptographic randomness and lacks any repetitive or predictable patterns. The context within the `application.properties` file confirms its purpose, as it's assigned to the `spring.datasource.password` property. Hardcoding passwords, even for development or test environments as the header might imply, is a severe security risk as it leaks active credentials and knowledge of the database structure."}} +{"id": 33, "index": 4, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 19, "secret": "fG4hJ7kL9mN2pQ5rS8uVzX3zA6bC9dE1", "label": "True Positive"}, "actual": {"line_number": 19, "label": "True Positive", "secret_value": "fG4hJ7kL9mN2pQ5rS8uVzX3zA6bC9dE1", "reason": "The value 'fG4hJ7kL9mN2pQ5rS8uVzX3zA6bC9dE1' is a high-entropy string that precisely matches the format of a Redis password token, which typically consists of a random mix of alphanumeric characters. The value is 32 characters long and exhibits a high degree of randomness with no discernible patterns, indicating it's a generated credential, not a placeholder. Unlike generic examples like 'YOUR_PASSWORD' or repeated characters, this is a specific, concrete value. The context confirms its sensitivity, as the line is `spring.redis.password` in a production configuration file. Hardcoding a credential like this is a significant security risk, as anyone with access to the code could potentially access the Redis cache."}} +{"id": 33, "index": 4, "sub_index": 3, "perfect_match": true, "error_fields": [], "expected": {"line_number": 26, "secret": "SG.kE9yT8RzQ5aW7oP3iL1uVw.bF6gH2sC4jK8mN5pS9uX1yZ3_vE7wA8qD0rO", "label": "True Positive"}, "actual": {"line_number": 26, "label": "True Positive", "secret_value": "SG.kE9yT8RzQ5aW7oP3iL1uVw.bF6gH2sC4jK8mN5pS9uX1yZ3_vE7wA8qD0rO", "reason": "The value 'SG.kE9yT8RzQ5aW7oP3iL1uVw.bF6gH2sC4jK8mN5pS9uX1yZ3_vE7wA8qD0rO' is a valid SendGrid API key. The 'SG.' prefix is the definitive, specific identifier for this service. The value consists of three distinct segments separated by dots, each containing a high-entropy string of alphanumeric characters, which perfectly matches SendGrid's format. The use of underscores and varied character cases ('zX3zA6bC9') signifies cryptographic randomness, not a placeholder. Unlike a generic template like 'SG.xxxx.yyyy', this is a fully-formed credential. The context, with the variable name `sendgrid.api.key`, and the 'Production' environment comment, strongly confirms its sensitive nature."}} +{"id": 34, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 86, "secret": "https://8f3a3a9a2c1b4e3e8f9a9a3b1a2c3d4e@o123456.ingest.sentry.io/789012", "label": "True Positive"}, "actual": {"line_number": 86, "label": "True Positive", "secret_value": "https://8f3a3a9a2c1b4e3e8f9a9a3b1a2c3d4e@o123456.ingest.sentry.io", "reason": "This value is a Sentry Data Source Name (DSN), which is an authentication token. The structure 'https://@' explicitly confirms this, with the 32-character, high-entropy hexadecimal string '8f3a3a9a2c1b4e3e8f9a9a3b1a2c3d4e' serving as the secret key. Exposing this value allows anyone to send false error reports to the configured Sentry project, which constitutes a security vulnerability. Unlike a placeholder that would use repeated characters or descriptive text, this is a fully-formed credential with high cryptographic randomness. The surrounding code confirms its use for a public-facing Sentry integration, making it critical to protect."}} +{"id": 34, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 94, "secret": "postgres://reports_user:F#9kL$pQ2s!jW@db-reports.prod.internal:5432/reporting_main", "label": "True Positive"}, "actual": {"line_number": 94, "label": "True Positive", "secret_value": "postgres://reports_user:F#9kL$pQ2s!jW@db-reports.prod.internal:5432", "reason": "The provided value is a complete PostgreSQL database connection string that embeds sensitive authentication credentials. The credential pair `reports_user:` is a legitimate, high-entropy string containing mixed-case letters, numbers, and special characters, which is a strong indicator of a real password. This value is not a generic placeholder but a specific, complex credential assigned to the `DATABASE_URL` variable. The presence of the 'postgres' scheme, 'user:password' format, the hostname 'db-reports.prod', and a specific port number confirm this is a functional connection string for a production database."}} +{"id": 34, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 58, "secret": "AKIA4WM7G3QZL5PJU7YF", "label": "True Positive"}, "actual": {"line_number": 58, "label": "True Positive", "secret_value": "AKIA4WM7G3QZL5PJU7YF", "reason": "The value 'AKIA4WM7G3QZL5PJU7YF' is a legitimate AWS Access Key ID. Its prefix 'AKIA' is a service-specific indicator used by Amazon for these types of credentials. The 20-character string consists of a mix of high-entropy alphanumeric characters, which is a defining feature of real AWS keys. Unlike placeholders such as 'AKIAXXXXXXXXXX', this is a concrete value that follows the precise format specified by AWS. Hardcoding an Access Key ID is a critical security risk, as it allows anyone to identify the compromised account, and can be paired with a secret access key to perform unauthorized actions within the AWS environment."}} +{"id": 34, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 59, "secret": "s3K9jLp7XqR4sVwYyB1zD3fG5hJ8kM0nO2pQ4rS7", "label": "True Positive"}, "actual": {"line_number": 59, "label": "True Positive", "secret_value": "s3K9jLp7XqR4sVwYyB1zD3fG5hJ8kM0nO2pQ4rS7", "reason": "The value 's3K9jLp7XqR4sVwYyB1zD3fG5hJ8kM0nO2pQ4rS7' is a high-entropy string that perfectly matches the format of an AWS secret access key, specifically the format used before the AWS credential service was introduced. Its 40-character length and its random mix of alphanumeric characters are strong indicators of a machine-generated key. The line context, where it's explicitly assigned to `aws_secret_access_key` via `aws configure`, confirms its purpose as a highly sensitive credential. Unlike a placeholder, this is a fully-formed, concrete value. Exposing this type of secret in a workflow file grants anyone with access to the repository the ability to make AWS API calls, presenting a significant security risk."}} +{"id": 34, "index": 1, "sub_index": 2, "perfect_match": false, "error_fields": ["value"], "expected": {"line_number": 77, "secret": "https://hooks.slack.com/services/T00ABCD1EFG/B00HIJK5LMN/aBcDeFgHiJkLmNoPqRsTuVwXyZ", "label": "True Positive"}, "actual": {"line_number": 77, "label": "True Positive", "secret_value": "s3K9jLp7XqR4sVwYyB1zD3fG5hJ8kM0nO2pQ4rS7", "reason": "The value 's3K9jLp7XqR4sVwYyB1zD3fG5hJ8kM0nO2pQ4rS7' is a valid AWS secret access key, identified by its service prefix. While the prefix 's3K' is unusual for a standard AWS key (which typically starts with 'AKIA' or 'ASIA'), the suffix 'K9jLp7XqR4sVwYyB1zD3fG5hJ8kM0nO2pQ4rS7' is a 20-character high-entropy string that precisely matches the known format for this credential type. This is not a generic placeholder; it's a concrete, fully-formed value. The context confirms its sensitivity, as the `aws configure set` command on line 59 assigns it to the 'aws_secret_access_key' configuration parameter. Hardcoding this key directly into a CI/CD workflow, as shown here, is a critical security flaw that allows anyone with access to the repository to impersonate AWS credentials."}} +{"id": 34, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 29, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7nD5oP6tF4gH3iJ2kL1mN0oPqRsTuVwWzXyZ", "label": "True Positive"}, "actual": {"line_number": 29, "label": "True Positive", "secret_value": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7nD5oP6tF4gH3iJ2kL1mN0oPqRsTuVwWzXyZ", "reason": "The value is a valid Stripe live secret key, clearly identified by the 'sk_live_' prefix. The 51-character alphanumeric string following the prefix has high entropy, consistent with Stripe's key format, and lacks any placeholder characteristics. The comment '// Live key for production' explicitly confirms the value's purpose. Hardcoding a live key for any service is a significant security risk, as it allows direct access to production resources. Unlike a template or test key, which would be composed of generic characters or be of insufficient length, this is a fully-formed, specific credential."}} +{"id": 34, "index": 3, "sub_index": 0, "perfect_match": false, "error_fields": ["value"], "expected": {"line_number": 125, "secret": "-----BEGIN PRIVATE KEY-----\\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6lRjV7pX+Z8bAdhQ6Y8y1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkKlMnOpQrStUvWxYzAbCdEfgH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEf1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK2qj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK/wEAAQKCAQEAy1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEf1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK2qj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkKf7g8h9iAjJkK2qj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK/wEAAoIBAQC6lRjV7pX+Z8bAdhQ6Y8y1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEf1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK2qj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK/w==\\n-----END PRIVATE KEY-----", "label": "True Positive"}, "actual": {"line_number": 125, "label": "True Positive", "secret_value": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6lRjV7pX+Z8bA\ndhQ6Y8y1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkKlMnOpQrStUvWxYzAbCdEf\ngH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEf1yqj9e2N6w8k3\nJ4a3B2c1d5e6f7g8h9iAjJkK2qj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK/wEA\nAQKCAQEAy1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkKlMnOpQrStUvWxYzAbC\ndEfH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQr\nStUvWxYzAbCdEf1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK2qj9e2N6w8k3\nJ4a3B2c1d5e6f7g8h9iAjJkKf7g8h9iAjJkK2qj9e2N6w8k3J4a3B2c1d5e6f7g8\nh9iAjJkK/wEAAoIBAQC6lRjV7pX+Z8bAdhQ6Y8y1yqj9e2N6w8k3J4a3B2c1d5e6\nf7g8h9iAjJkKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEfH2jKlM\nnOpQrStUvWxYzAbCdEf1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK2qj9e2N6\nw8k3J4a3B2c1d5e6f7g8h9iAjJkK/w==\n-----END PRIVATE KEY-----", "reason": "This value is a complete Google Cloud Platform (GCP) private key, definitively identified by the standard '-----BEGIN PRIVATE KEY-----' and '-----END PRIVATE KEY-----' markers. The Base64 encoded body between these markers represents high-entropy, cryptographic material characteristic of a real credential, not a placeholder. Even if this key is for a test environment, as the 'gcp-project-analytics-prod' name might suggest, its exposure is a significant security risk. Such keys can be misused to access, modify, or delete cloud resources, and their compromise can lead to data loss or system disruption."}} +{"id": 34, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 209, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlQGFwaS5jb20iLCJhdWQiOiJtb2JpbGUiLCJleHAiOjE3MzU2ODk2MDB9.i8XyC2FpHj9nK5VzJ7wR8bO4L6eG0pN9sT1vA3D2ZqY", "label": "True Positive"}, "actual": {"line_number": 209, "label": "True Positive", "secret_value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlQGFwaS5jb20iLCJhdWQiOiJtb2JpbGUiLCJleHAiOjE3MzU2ODk2MDB9.i8XyC2FpHj9nK5VzJ7wR8bO4L6eG0pN9sT1vA3D2ZqY", "reason": "The value is a fully-formed, 3-part JWT, which is a common authentication token. Its structure, with base64-encoded segments separated by periods, is a definitive pattern for JWTs. Unlike placeholders, this value exhibits high entropy and appears to be a real, functional token with a service-related subject and expiration timestamp. The variable name `authToken` and its use in the `Authorization` header provide strong contextual evidence that this is a hardcoded credential. Even if intended for testing, a complete, non-generic credential like this represents a significant security risk, as it could be active in a lower environment and is often more valid than default test tokens."}} +{"id": 34, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 217, "secret": "prod_a1b2c3d4e5f678901234567890abcdef12", "label": "True Positive"}, "actual": {"line_number": 217, "label": "True Positive", "secret_value": "prod_a1b2c3d4e5f678901234567890abcdef12", "reason": "The value 'prod_a1b2c3d4e5f678901234567890abcdef12' is a production API key with a recognizable format. The `prod_` prefix explicitly identifies it as a credential for a production environment, a sensitive context. The subsequent alphanumeric string 'a1b2c3d4e5f678901234567890abcdef12' is a high-entropy, pseudo-random string that perfectly matches patterns for real keys. Although the second half of the key is a simple hexadecimal sequence, the context of the `X-API-KEY` header and the `prod_` prefix confirm its sensitive nature. This value represents a significant security risk, as it allows anyone with access to the codebase to authenticate against the 'thirdparty.com' API."}} +{"id": 34, "index": 4, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 234, "secret": "prod_a1b2c3d4e5f678901234567890abcdef12", "label": "True Positive"}, "actual": {"line_number": 234, "label": "True Positive", "secret_value": "prod_a1b2c3d4e5f678901234567890abcdef12", "reason": "The value 'prod_a1b2c3d4e5f678901234567890abcdef12' is a valid production API key. The prefix 'prod_' is a strong contextual indicator that the key is active in a production environment, distinguishing it from development or test keys. The main body of the key is a 32-character hexadecimal string, which exhibits high entropy and follows the specific format for many third-party API keys, including some for Google Cloud or Stripe. This is not a placeholder or template; it's a concrete, high-entropy value. Hardcoding a key with a 'prod_' prefix poses a significant risk because it is functional and could grant unauthorized access to sensitive services."}} +{"id": 35, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 105, "secret": "postgresql://warehouse_svc:vF9@p#Z&rT7s!q@db-prod-@eu-west-1.rds.amazonaws.com:5432/analytics_data_prod", "label": "True Positive"}, "actual": {"line_number": 105, "label": "True Positive", "secret_value": "postgresql://warehouse_svc:vF9@p#Z&rT7s!q@db-prod-_eu-west-1.rds.amazonaws.com:5432/analytics_data_prod", "reason": "The provided value is a complete PostgreSQL connection string that explicitly contains embedded credentials, which is a major security anti-pattern. The value follows the standard `postgresql://user:password@host:port/database` format, where the password `vF9@p#Z&rT7s!q` is a high-entropy string with mixed-case letters, numbers, and special characters. This is a concrete, realistic credential, not a placeholder, as it uses a complex, unpredictable character set. Hardcoding a connection string with an exposed password allows unauthorized access to sensitive database systems, like the `db-prod` RDS instance mentioned. The context of a `ProductionConfig` class further confirms the value's sensitivity."}} +{"id": 35, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 113, "secret": "sk_live_51Kk0L2ApB8fG1tY9lEwJbNc5ZgHqR6vY7kO4sT3uF1gA2iXvMn9cRzXvWqSjU3mB", "label": "True Positive"}, "actual": {"line_number": 113, "label": "True Positive", "secret_value": "sk_live_51Kk0L2ApB8fG1tY9lEwJbNc5ZgHqR6vY7kO4sT3uF1gA2iXvMn9cRzXvWqSjU3mB", "reason": "The value 'sk_live_51Kk0L2ApB8fG1tY9lEwJbNc5ZgHqR6vY7kO4sT3uF1gA2iXvMn9cRzXvWqSjU3mB' is a high-entropy Stripe live API key. The prefix 'sk_live_' is a specific, unambiguous indicator for a Stripe secret key for a live environment. The subsequent 48 characters exhibit high randomness and follow Stripe's format for a fully-formed, unique key, not a placeholder like 'sk_live_xxxx'. Unlike template variables or generic placeholders, this is a concrete, fully-formed credential. Hardcoding an active key in source code poses a significant security risk, as it allows direct interaction with the Stripe API, potentially leading to unauthorized charges or data breaches."}} +{"id": 35, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 50, "secret": "{\"type\": \"service_account\",\"project_id\": \"zeta-project-345\",\"private_key_id\": \"a9c12b4f67890123d4e5f6a7b8c9d0e1f2a3b4c5\",\"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANb9g2cO5oXQfIuI\\nE5s6f8tG7b7c2bF1e5D6bY8g9f7c1m4d...\\n-----END PRIVATE KEY-----\\n\",\"client_email\": \"terraform-runner@zeta-project-345.iam.gserviceaccount.com\",\"client_id\": \"112233445566778899001\",\"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\"token_uri\": \"https://oauth2.googleapis.com/token\",\"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/terraform-runner%40zeta-project-345.iam.gserviceaccount.com\"}", "label": "True Positive"}, "actual": {"line_number": 50, "label": "True Positive", "secret_value": "-----BEGIN PRIVATE KEY-----\\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANb9g2cO5oXQfIuI\\nE5s6f8tG7b7c2bF1e5D6bY8g9f7c1m4d...\\n-----END PRIVATE KEY-----", "reason": "The value is a complete PEM-encoded private key, identified by the standard `-----BEGIN PRIVATE KEY-----` and `-----END PRIVATE KEY-----` delimiters. The multiline Base64 string between the headers exhibits high entropy and follows the expected format for cryptographic key material, unlike simple placeholders. Although the body contains '...' as a truncated indicator, the presence of full, validly formatted headers is a definitive sign of a real private key. This type of credential grants significant access and is critical to expose, making its hardcoding a severe security risk."}} +{"id": 35, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 129, "secret": "mongodb+srv://admin_orders:zR8gP2$LqW#k@prod-cluster-0.a1b2c.mongodb.net/ecom_orders?retryWrites=true&w=majority", "label": "True Positive"}, "actual": {"line_number": 129, "label": "True Positive", "secret_value": "mongodb+srv://admin_orders:zR8gP2$LqW#k@prod-cluster-0.a1b2c.mongodb.net/ecom_orders", "reason": "The value is a complete MongoDB Atlas connection string containing embedded credentials. The username 'admin_orders' and password 'zR8gP2$LqW#k' are directly in the URI. The password exhibits high entropy with a mix of uppercase letters, lowercase letters, numbers, and special characters, which is characteristic of a real, machine-generated credential, not a placeholder like 'PASSWORD' or 'xxxx'. The presence of a specific cluster domain, database name ('ecom_orders'), and '+srv' protocol confirms it is a live connection string for a production resource. Even with comments indicating a 'PoC', hardcoding this value with a valid-format credential is a significant security risk."}} +{"id": 35, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 141, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLXNlcnZpY2UiLCJzdWIiOiJzZXJ2aWNlLWFjY291bnQtb3JkZXJzIiwiaWF0IjoxNjE2MjM5MDIyLCJleHAiOjE3NzE5MjcwMDAsImF1ZCI6ImludGVybmFsLWFwaSJ9.fU4fL8yH3aQOoCxJ6V_kFpWkSgRzVjZ_qB9pWjDxYlA", "label": "True Positive"}, "actual": {"line_number": 141, "label": "True Positive", "secret_value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLXNlcnZpY2UiLCJzdWIiOiJzZXJ2aWNlLWFjY291bnQtb3JkZXJzIiwiaWF0IjoxNjE2MjM5MDIyLCJleHAiOjE3NzE5MjcwMDAsImF1ZCI6ImludGVybmFsLWFwaSJ9.fU4fL8yH3aQOoCxJ6V_kFpWkSgRzVjZ_qB9pWjDxYlA", "reason": "The value is a correctly formatted JSON Web Token (JWT), identified by the standard `header.payload.signature` structure and Base64URL encoding. The payload of this token contains sensitive information, such as issuer (`iss`), subject (`sub`), and expiration (`exp`), and the signature confirms its integrity. Although the variable name `internalAuthToken` and a comment might suggest it's a test token, hardcoding any token that is not a clear, unambiguous placeholder is a significant security risk. Real-world PoC or internal tokens frequently become production credentials over time, and this pattern teaches developers to avoid hardcoding any form of credential, regardless of intended use."}} +{"id": 35, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 90, "secret": "https://hooks.slack.com/services/T00ABCDEF/B00GHIJKL/mN7pQ8rS6tU5vW4xY3z2A1B0", "label": "True Positive"}, "actual": {"line_number": 90, "label": "True Positive", "secret_value": "https://hooks.slack.com/services/T00ABCDEF/B00GHIJKL/mN7pQ8rS6tU5vW4xY3z2A1B0", "reason": "The value is a valid Slack Incoming Webhook URL, which is a sensitive token used to post messages to a specific Slack channel. Its structure, consisting of a base URL followed by three segments, matches the precise format specified by Slack. The final segment, 'mN7pQ8rS6tU5vW4xY3z2A1B0', is a 24-character alphanumeric string with high entropy, consistent with a cryptographically generated secret. This is not a generic placeholder but a fully formed, functional URL. Exposing this token allows anyone to send arbitrary messages to the linked Slack channel, making it a significant security risk that must be kept private."}} +{"id": 35, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 214, "secret": "Server=tcp:user-db-server.database.windows.net,1433;Initial Catalog=UserProfiles;Persist Security Info=False;User ID=db_admin_svc;Password={9aB!cDeFgH2iJkLmN};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;", "label": "True Positive"}, "actual": {"line_number": 214, "label": "True Positive", "secret_value": "Password={9aB!cDeFgH2iJkLmN}", "reason": "The value represents a complete SQL Server connection string that hardcodes an administrative password. The password component itself, '{9aB!cDeFgH2iJkLmN}', is a 16-character string with a mix of uppercase letters, lowercase letters, numbers, and a special character, exhibiting high entropy characteristic of a real credential. Unlike a placeholder such as '' or repeating characters, this is a concrete value. Although the comment notes it 'should be loaded from secure configuration', its presence in the code as a functional string for an 'db_admin_svc' user constitutes a significant credential leak, as it exposes the password to anyone with access to the source code."}} +{"id": 35, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 238, "secret": "a4b1c8d7e2f5g3h9i0j6k4l2m1n0o7p3", "label": "True Positive"}, "actual": {"line_number": 238, "label": "True Positive", "secret_value": "a4b1c8d7e2f5g3h9i0j6k4l2m1n0o7p3", "reason": "The value 'a4b1c8d7e2f5g3h9i0j6k4l2m1n0o7p3' is a 28-character alphanumeric string that exhibits high entropy, a strong indicator of a machine-generated secret. The value lacks any discernible patterns, repeating characters, or dictionary words, differentiating it from placeholders or generic examples. While the function name suggests it is a 'TwilioAuthSecret', the code commits the actual credential directly to the codebase. This is a critical security anti-pattern, as hardcoded secrets, even for testing or development, can be easily exfiltrated and abused. Its concrete nature, unlike generic strings like 'YOUR_SECRET', makes it a real and exploitable credential."}} +{"id": 36, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 97, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 97, "label": "True Positive", "secret_value": "AKIAY3R4WZ76X2P5QJ6M", "reason": "The value 'AKIAY3R4WZ76X2P5QJ6M' is a validly formatted AWS Access Key ID. This specific prefix, 'AKIA', is a definitive indicator used by AWS for these credentials. The subsequent string of alphanumeric characters shows high entropy and a format that perfectly matches a real key, not a generic placeholder. While the `aws_secret_access_key` on the following line uses the word 'EXAMPLEKEY', a common pattern to flag generic test credentials, the Access Key ID is a specific, non-repeatable value that must not be hardcoded. Exposing even one part of an IAM credential set is a critical security risk, as it can be used to probe for and exploit vulnerabilities in AWS permissions. This represents a classic case of hardcoded credentials, where a combination of format, prefix, and high entropy confirms its authenticity despite the presence of a placeholder for its corresponding secret."}} +{"id": 36, "index": 0, "sub_index": 1, "perfect_match": false, "error_fields": ["label"], "expected": {"line_number": 98, "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "label": "True Positive"}, "actual": {"line_number": 98, "label": "False Positive", "secret_value": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "reason": "The secret value 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY' is an AWS secret access key example, definitively identified by the literal 'EXAMPLEKEY' suffix. This is a common, structured convention used to mark sensitive-looking keys as mock data, rendering them non-functional and harmless. The value exhibits high entropy, which is characteristic of real secrets, but the clear 'EXAMPLEKEY' text strips it of any cryptographic value. This pattern teaches that high-entropy strings appended with words like 'EXAMPLE' or 'test' are always false positives, intended for development and testing purposes only."}} +{"id": 36, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 53, "secret": "atJztmoFXGQz5k.atlasv1.gJvF8sRgDWf24zW2bF6Y8cK9tV1pL5qN7hB3xZ0mA4uC7iO6eP1sR2tG0sY3bI1aE2w", "label": "True Positive"}, "actual": {"line_number": 53, "label": "True Positive", "secret_value": "atJztmoFXGQz5k.atlasv1.gJvF8sRgDWf24zW2bF6Y8cK9tV1pL5qN7hB3xZ0mA4uC7iO6eP1sR2tG0sY3bI1aE2w", "reason": "The secret value is a long, high-entropy string that perfectly matches the format of a Terraform Cloud API token. The value's structure, which includes a 22-character random string, a '.atlasv1.' separator, and a 43-character random string, is specific to this service. Unlike generic placeholders, this is a fully-formed, concrete token. The context of being assigned to a `credentials` block for `app.terraform.io` explicitly confirms its purpose as an authentication credential. Leaking this token grants API access to the Terraform Cloud organization and workspace, posing a severe security risk."}} +{"id": 36, "index": 2, "sub_index": 0, "perfect_match": false, "error_fields": ["label"], "expected": {"line_number": 32, "secret": "autobuilder-acme", "label": "True Positive"}, "actual": {"line_number": 32, "label": "False Positive", "secret_value": "autobuilder-acme", "reason": "The value 'autobuilder-acme' is a username, not a secret credential. It is composed of human-readable dictionary words ('autobuilder', 'acme') and lacks the high entropy and randomness expected of a secret token or password. This naming convention often refers to a specific account or service bot, such as one used for automated builds in a CI/CD pipeline, as confirmed by the parent job's name 'Build and Push Docker Image'. Usernames are generally considered less sensitive public information, whereas authentication relies on the corresponding secret (in this case, the password provided on line 33). The code follows a secure practice by separating the username from the secret password."}} +{"id": 36, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 33, "secret": "dckr_pat_1VzJ8h_L9KqR7sW3tX5yGZbN0c", "label": "True Positive"}, "actual": {"line_number": 33, "label": "True Positive", "secret_value": "dckr_pat_1VzJ8h_L9KqR7sW3tX5yGZbN0c", "reason": "The value 'dckr_pat_1VzJ8h_L9KqR7sW3tX5yGZbN0c' is a valid Docker Personal Access Token (PAT). The prefix 'dckr_pat_' is a specific, machine-readable identifier for this secret type. The remainder of the string is a high-entropy, 30-character sequence of mixed-case alphanumeric characters, which is characteristic of a real, autogenerated credential. Unlike a placeholder such as '', this is a fully-formed, concrete value that presents a direct security risk. Hardcoding a token into a CI/CD workflow file like a GitHub Action YAML is a common but insecure practice, as it exposes the credential in source code."}} +{"id": 36, "index": 2, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 44, "secret": "sqp_8d4e9c3e2f5b1a0a3b8c6d7e5f0a2b3c4d5e6f7a", "label": "True Positive"}, "actual": {"line_number": 44, "label": "True Positive", "secret_value": "sqp_8d4e9c3e2f5b1a0a3b8c6d7e5f0a2b3c4d5e6f7a", "reason": "The value 'sqp_8d4e9c3e2f5b1a0a3b8c6d7e5f0a2b3c4d5e6f7a' is a SonarQube Personal Access Token. Its structure, specifically the 'sqp_' prefix followed by a 40-character hexadecimal string, is a defining format for this type of credential. The hexadecimal part exhibits high entropy, consistent with a real, machine-generated token, and is not a placeholder pattern. Unlike a generic 'TOKEN_HERE', this is a complete, concrete credential. Hardcoding a token directly into a workflow file, as shown in the `env:` block, represents a significant security risk because it becomes part of the repository's history and can be easily extracted."}} +{"id": 36, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 27, "secret": "https://a4d9aa8c6e3b4a2ab9b8b3b8c3d9aa3c@o123456.ingest.sentry.io/789012", "label": "True Positive"}, "actual": {"line_number": 27, "label": "True Positive", "secret_value": "https://a4d9aa8c6e3b4a2ab9b8b3b8c3d9aa3c@o123456.ingest.sentry.io", "reason": "The value is a Sentry Data Source Name (DSN), which is a type of credential containing sensitive information. The pattern `https://@` is a specific format for DSNs. The high-entropy string 'a4d9aa8c6e3b4a2ab9b8b3b8c3d9aa3c' is a genuine public key, while 'o123456' identifies a specific Sentry organization. Although the client-side public key itself doesn't grant broad system access, it allows any authenticated client to send events, and the entire DSN could still be abused for rate-limiting or to spam events into an organization's account. The variable name `dsn` confirms its purpose, and committing it represents a significant security risk."}} +{"id": 36, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 31, "secret": "pk.eyJ1IjoibXl1c2VybmFtZTEyMyIsImEiOiJjazg3ZzA2ZWgwYXQyM21wZHRpZTI1a2QzIn0.nB9m_gZ2vXl0qY5uP3r7Ww", "label": "True Positive"}, "actual": {"line_number": 31, "label": "True Positive", "secret_value": "pk.eyJ1IjoibXl1c2VybmFtZTEyMyIsImEiOiJjazg3ZzA2ZWgwYXQyM21wZHRpZTI1a2QzIn0.nB9m_gZ2vXl0qY5uP3r7Ww", "reason": "The value is a valid Mapbox public access token, which, despite its name, functions as a secret for rate-limiting and attribution. Its format, 'pk.' followed by a high-entropy Base64-encoded string, is a definitive indicator of this token type. The token's JSON payload confirms its function, specifying a user identifier ('myusername123') and a resource scope ('k87e06eh0at23mpdtie25kd3'). Unlike placeholders which might repeat the prefix or use generic text like 'YOUR_TOKEN', this is a fully-formed credential that exposes application details and is vulnerable to misuse."}} +{"id": 36, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 124, "secret": "postgres://prod_svc_user:Ag^9!z$K4mPQ@db-prod-cluster-1.c8xyzqrstuvw.us-west-2.rds.amazonaws.com:5432/orders_db", "label": "True Positive"}, "actual": {"line_number": 124, "label": "True Positive", "secret_value": "postgres://prod_svc_user:Ag^9!z$K4mPQ@db-prod-cluster-1.c8xyzqrstuvw.us-west-2.rds.amazonaws.com:5432/orders_db", "reason": "The value provided is a full PostgreSQL database connection string containing embedded credentials, which is a definitive true positive security risk. The string follows the standard `protocol://user:password@host:port/database` URI format, explicitly separating the username `prod_svc_user` and the password `Ag^9!z$K4mPQ`. The password component exhibits high entropy and complexity with its random mix of alphanumeric characters and symbols, indicating it is a real credential. The hostname `db-prod-cluster-1...rds.amazonaws.com` points to a specific AWS RDS database instance, identifying a production environment. Hardcoding a complete connection string with a non-generic password in source code is an extremely common but insecure pattern."}} +{"id": 37, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 121, "secret": "AKIAU4T5KR53QUZ6R3P7", "label": "True Positive"}, "actual": {"line_number": 121, "label": "True Positive", "secret_value": "AKIAU4T5KR53QUZ6R3P7", "reason": "The value 'AKIAU4T5KR53QUZ6R3P7' is a valid AWS Access Key ID, which serves as a public identifier for a specific AWS user or role. This value is not a placeholder; it perfectly matches the required format of 'AKIA' followed by 16 random alphanumeric characters. Although the secret access key is the more sensitive credential, hardcoding the access key ID is also a security risk. It allows attackers to gather information about your AWS resources and potentially launch attacks that might be rate-limited if only the secret key were used. The variable name `aws_access_key_id` provides explicit context confirming its role as an authentication component. This type of credential should always be managed securely through environment variables or IAM roles, not hardcoded in source files."}} +{"id": 37, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 122, "secret": "0jM/pG+fT2rV8sL4kH9aC1wX7yZ0bN5eQ3iU6dK+", "label": "True Positive"}, "actual": {"line_number": 122, "label": "True Positive", "secret_value": "0jM/pG+fT2rV8sL4kH9aC1wX7yZ0bN5eQ3iU6dK+", "reason": "The value '0jM/pG+fT2rV8sL4kH9aC1wX7yZ0bN5eQ3iU6dK+' is a high-entropy string that perfectly matches the format of an AWS secret access key. It contains a random combination of uppercase letters, lowercase letters, digits, and special URL-safe characters, exhibiting no placeholder patterns. Although it appears in a static dictionary named 'AWS_CONFIG', it is a fully-formed credential, not a template. The surrounding context, specifically the key name 'aws_secret_access_key' and its use in a `boto3.client` call, confirms this is a functional secret. Hardcoding credentials, even in configuration files, is a critical security anti-pattern because they are accessible to anyone with source code or build environment access."}} +{"id": 37, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 59, "secret": "glpat-sBv3yZ8xWq9kLpGfJ1cR", "label": "True Positive"}, "actual": {"line_number": 59, "label": "True Positive", "secret_value": "glpat-sBv3yZ8xWq9kLpGfJ1cR", "reason": "The secret value 'glpat-sBv3yZ8xWq9kLpGfJ1cR' is a GitLab Personal Access Token (PAT), clearly identified by its 'glpat-' prefix. This prefix is a specific, non-negotiable indicator used by GitLab to authenticate tokens. The 20-character string that follows exhibits high entropy with a random mix of alphanumeric characters, which is consistent with a real token. This value is a concrete credential, not a placeholder, and its use in a `docker login` command represents a significant security risk as it could grant access to private repositories."}} +{"id": 37, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 72, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRsYWIuY29tIiwic3ViIjoiZGVwbG95LXVzZXIiLCJhdWQiOiJkZXBsb3ltZW50LXNlcnZpY2UiLCJpYXQiOjE2NzI1MzEyMDAsImV4cCI6MTcwNDA2NzIwMH0.uLp-J7aBf8tYgPz3tQ9kRwN6eV0bV1zHhJ5aF4gC2sE", "label": "True Positive"}, "actual": {"line_number": 72, "label": "True Positive", "secret_value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRsYWIuY29tIiwic3ViIjoiZGVwbG95LXVzZXIiLCJhdWQiOiJkZXBsb3ltZW50LXNlcnZpY2UiLCJpYXQiOjE2NzI1MzEyMDAsImV4cCI6MTcwNDA2NzIwMH0.uLp-J7aBf8tYgPz3tQ9kRwN6eV0bV1zHhJ5aF4gC2sE", "reason": "The value is a high-entropy string that perfectly matches the Base64-encoded three-part structure of a JSON Web Token (JWT), a common authentication format. The value's composition of mixed-case letters, numbers, and punctuation is consistent with a real cryptographic token, not a generic placeholder like '' or 'xxxxx'. Even though the token's contents appear to be non-sensitive metadata for a deployment, it's being used as a bearer token in an 'Authorization' header. The exposure of any authentication token, regardless of its specific privileges, is a security risk as it can often be used to access internal systems or chain into higher privilege exploits."}} +{"id": 37, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 44, "secret": "postgres://analytics_svc:3#fG&pW9qJ@pg-reporting-cluster.eu-west-1.internal:5432/telemetry_data", "label": "True Positive"}, "actual": {"line_number": 44, "label": "True Positive", "secret_value": "postgres://analytics_svc:3#fG&pW9qJ@pg-reporting-cluster.eu-west-1.internal:5432/telemetry_data", "reason": "This value is a complete PostgreSQL connection string containing sensitive credentials. The format `username:password@host:port` is a standard and highly specific pattern for database credentials. The most critical part is the password, '3#fG&pW9qJ', which exhibits sufficient entropy with a mix of digits, special characters, and mixed-case letters, distinguishing it from a generic placeholder. This is not an example pattern but a concrete credential value that can grant direct access to a production database. Hardcoding such strings in source code is a severe security risk because it exposes the user, the password, and the internal database hostname in plain text."}} +{"id": 37, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 104, "secret": "7f1e03c46a67285a8f8b9d0e1f2a3b4c", "label": "True Positive"}, "actual": {"line_number": 104, "label": "True Positive", "secret_value": "7f1e03c46a67285a8f8b9d0e1f2a3b4c", "reason": "The value '7f1e03c46a67285a8f8b9d0e1f2a3b4c' is a 32-character hexadecimal string, which is the exact format for a Datadog API key. The value exhibits high entropy, with a random distribution of characters that makes it indistinguishable from a real, machine-generated credential. Unlike a placeholder such as repeated 'x' characters or template syntax like 'YOUR_API_KEY', this is a fully-formed, unique value. The assignment to the 'api_key' argument within a 'datadog' provider block in Terraform explicitly confirms its purpose as an authentication token. Hardcoding a key in this format, even in infrastructure-as-code, is a critical security vulnerability."}} +{"id": 37, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 105, "secret": "98ac7f0e1d2c3b4a567f890e1d23b45a67c8d9e0", "label": "True Positive"}, "actual": {"line_number": 105, "label": "True Positive", "secret_value": "98ac7f0e1d2c3b4a567f890e1d23b45a67c8d9e0", "reason": "The value '98ac7f0e1d2c3b4a567f890e1d23b45a67c8d9e0' is a high-entropy, 40-character hexadecimal string that perfectly matches the format of a Datadog API Key or Application Key. This value contains a random distribution of numbers and letters, lacking any discernible patterns, sequences, or placeholder characteristics. The context, where it is assigned to the `app_key` parameter within a `datadog` provider block in Terraform, explicitly identifies it as a secret for authenticating with the Datadog service. Unlike a generic placeholder like 'YOUR_APP_KEY_HERE', this is a fully-formed, concrete credential that could grant access to sensitive monitoring and logging data."}} +{"id": 37, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 75, "secret": "https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o123456.ingest.sentry.io/9876543", "label": "True Positive"}, "actual": {"line_number": 75, "label": "True Positive", "secret_value": "https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o123456.ingest.sentry.io", "reason": "The secret value is a Sentry Data Source Name (DSN), which functions as an authentication token. The value's structure is definitively identified by the 'ingest.sentry.io' endpoint. The credentials part of the URL, 'https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@', contains a 32-character, high-entropy string ('a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5') which is a valid format for a Sentry secret key. Although this may appear to be an example, it is a concrete, fully-formed credential that perfectly matches the Sentry specification. The surrounding code context, with the variable name 'sentryDsn' and the comment about error tracking, confirms this value's purpose. Unlike a placeholder that would use repeated characters or template syntax (e.g., 'YOUR_DSN'), this is a specific, functional credential that poses a security risk."}} +{"id": 37, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 79, "secret": "AIzaSyD9ZvG8hJqKp2sL6wF4xR3tU_0mIoC5bE7", "label": "True Positive"}, "actual": {"line_number": 79, "label": "True Positive", "secret_value": "AIzaSyD9ZvG8hJqKp2sL6wF4xR3tU_0mIoC5bE7", "reason": "The value 'AIzaSyD9ZvG8hJqKp2sL6wF4xR3tU_0mIoC5bE7' is a legitimate Google API key, definitively identified by its 'AIzaSy' prefix. This prefix is a public, hardcoded identifier for Google's client-side keys. The rest of the 33-character string exhibits high entropy, mixing uppercase and lowercase letters, digits, and an underscore, which is characteristic of a real credential. Although it's a client-side key and less sensitive than a server-side secret, hardcoding it still poses a security risk, as it is tied to a specific project's quotas and can be exploited if found in client-side code. Unlike a placeholder like 'YOUR_API_KEY', this is a concrete, functional credential."}} +{"id": 38, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 100, "secret": "AKIA4Z7HFV563JLXPMQO", "label": "True Positive"}, "actual": {"line_number": 100, "label": "True Positive", "secret_value": "AKIA4Z7HFV563JLXPMQO", "reason": "The value 'AKIA4Z7HFV563JLXPMQO' is a valid AWS access key ID. The 'AKIA' prefix is a definitive identifier for AWS keys, making this pattern highly specific. The following 16 characters are a random mix of uppercase letters and digits, exhibiting the high entropy and unpredictability characteristic of a real credential. Unlike a placeholder like 'AKIAXXXXXXXXXXXXXXXX', this is a concrete, unique value that could be used to make unauthorized API calls. Even in code examples, hardcoding a complete, valid credential poses a security risk, as it may belong to a developer or a development/testing environment."}} +{"id": 38, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 101, "secret": "JcKl8f/N+sWq0Yt3mZpXgBv7hR2dF9gU1aE5xH4i", "label": "True Positive"}, "actual": {"line_number": 101, "label": "True Positive", "secret_value": "JcKl8f/N+sWq0Yt3mZpXgBv7hR2dF9gU1aE5xH4i", "reason": "The value 'JcKl8f/N+sWq0Yt3mZpXgBv7hR2dF9gU1aE5xH4i' is a high-entropy Base64 encoded string, a common format for AWS access keys and secret access keys. The string exhibits a random distribution of mixed-case letters, numbers, and special characters (/+), which is a strong indicator of a real, machine-generated credential. Unlike a placeholder, this is a fully formed value without any repeating patterns, template syntax, or dictionary words. The parameter name 'aws_secret_access_key' explicitly identifies this value as a secret. Hardcoding temporary credentials of this nature, even if they belong to an IAM role, is a significant security risk as the key's validity is unknown and could be exploited if exposed."}} +{"id": 38, "index": 0, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 102, "secret": "FQoGZXIvYXdzEI///////////wEaDBpqrST2zPXCR+x5IirEA7cW9fB8E8jQkZ6I+9aC4sWxR7eK4uD6Z2mR/7vY5rWw8SzAoN0c9FgT", "label": "True Positive"}, "actual": {"line_number": 102, "label": "True Positive", "secret_value": "FQoGZXIvYXdzEI///////////wEaDBpqrST2zPXCR+x5IirEA7cW9fB8E8jQkZ6I+9aC4sWxR7eK4uD6Z2mR/7vY5rWw8SzAoN0c9FgT", "reason": "The value 'FQoGZXIvYXdzEI///////////wEaDBpqrST2zPXCR+x5IirEA7cW9fB8E8jQkZ6I+9aC4sWxR7eK4uD6Z2mR/7vY5rWw8SzAoN0c9FgT' is a fully-formed AWS temporary security token (STS token). Its Base64 encoding is apparent in its composition of uppercase letters, lowercase letters, numbers, and the `+` and `/` characters, which is a common format for AWS credentials. The value exhibits high entropy with no repetitive patterns, which is a strong indicator of a real, machine-generated token. The context of being assigned to the parameter `aws_session_token` confirms its sensitive nature. Hardcoding temporary tokens is a severe security risk, as they grant short-lived but real access permissions to cloud resources."}} +{"id": 38, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 47, "secret": "e9a8f7c6d5b4a392817f0e9d8c7b6a54", "label": "True Positive"}, "actual": {"line_number": 47, "label": "True Positive", "secret_value": "e9a8f7c6d5b4a392817f0e9d8c7b6a54", "reason": "The value 'e9a8f7c6d5b4a392817f0e9d8c7b6a54' is a hardcoded Datadog API key. The value is a 32-character hexadecimal string, which is the standard format for a Datadog API key, and exhibits high entropy with a random distribution of characters. Unlike a placeholder, this is a fully-formed credential. The context strongly supports this, as the value is directly assigned to the `api_key` parameter in a `provider \"datadog\"` block. Despite comments warning against hardcoding, this concrete value represents a genuine secret that could be used to authenticate to a Datadog account, making it a critical finding."}} +{"id": 38, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 48, "secret": "8b1fec305a4d9b6e8a7f9d0c2e3b4a591e6f7d8c", "label": "True Positive"}, "actual": {"line_number": 48, "label": "True Positive", "secret_value": "8b1fec305a4d9b6e8a7f9d0c2e3b4a591e6f7d8c", "reason": "The value '8b1fec305a4d9b6e8a7f9d0c2e3b4a591e6f7d8c' is a Datadog Application Key, identified by its format. It is a 40-character hexadecimal string exhibiting high entropy, which is characteristic of a real, cryptographically generated secret. Unlike a generic placeholder, this is a fully-formed value that can be used to authenticate with the Datadog API. The assignment to the `app_key` parameter in the `provider \"datadog\"` block is a definitive confirmation of its role as an authentication credential. Even with a comment acknowledging its insecure nature, its presence as a valid-looking credential in a Terraform provider configuration makes it a significant security risk."}} +{"id": 38, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 29, "secret": "devops_deploy_bot", "label": "True Positive"}, "actual": {"line_number": 29, "label": "True Positive", "secret_value": "devops_deploy_bot", "reason": "The value 'devops_deploy_bot' is a credential username, which is considered sensitive information because it can be used to authenticate or log in to a system. This username has high descriptive entropy as it combines technical terms ('devops', 'deploy') with a common role ('bot'), making it a specific and functional identifier. Unlike generic placeholders like 'user' or '', this is a realistic name for a service account. Exposing such credentials is a security risk as an attacker could use this username in combination with a leaked password to compromise the deployment pipeline."}} +{"id": 38, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 30, "secret": "dckr_pat_gHj8LpQ2sWzK4vB7nC1xR9yT6fU3aE5d", "label": "True Positive"}, "actual": {"line_number": 30, "label": "True Positive", "secret_value": "dckr_pat_gHj8LpQ2sWzK4vB7nC1xR9yT6fU3aE5d", "reason": "The value 'dckr_pat_gHj8LpQ2sWzK4vB7nC1xR9yT6fU3aE5d' is a valid Docker Personal Access Token (PAT). The prefix 'dckr_pat_' is a definitive marker for this specific type of secret. The remainder of the string consists of a 32-character high-entropy sequence of mixed-case alphanumeric characters, which is consistent with the format of a real, machine-generated token. Unlike a placeholder like 'dckr_pat_xxxxxxxxxxxxxx', this is a concrete value. Although it's in a CI/CD file for 'devops_deploy_bot', the bot is an active entity with real credentials, and hardcoding its PAT represents a significant credential exposure risk for the Docker Hub account."}} +{"id": 38, "index": 2, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 49, "secret": "sqp_9e8d7c6b5a4f3e2d1c0b9a8f7e6d5c4b3a2d1e0f", "label": "True Positive"}, "actual": {"line_number": 49, "label": "True Positive", "secret_value": "sqp_9e8d7c6b5a4f3e2d1c0b9a8f7e6d5c4b3a2d1e0f", "reason": "The value 'sqp_9e8d7c6b5a4f3e2d1c0b9a8f7e6d5c4b3a2d1e0f' is a valid SonarQube Personal Access Token (PAT). The 'sqp_' prefix is the definitive indicator for this secret type, confirming its purpose. The subsequent 32-character hexadecimal string exhibits high entropy with a random distribution of letters and numbers, consistent with a real, machine-generated credential. Although the hostname in the `SONAR_HOST_URL` is internal, the token itself is sensitive. Hardcoding credentials like PATs in CI/CD pipelines is a common but insecure practice, as it grants direct access to the code analysis service."}} +{"id": 38, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 64, "secret": "pk.eyJ1IjoibWFwZGVzaWduZXI4OCIsImEiOiJjbHJwaGR3ajAwMWR4MmtwOGVncjl5dWNpIn0.eFTpL6vj-57Bq2nTOs2KjQ", "label": "True Positive"}, "actual": {"line_number": 64, "label": "True Positive", "secret_value": "pk.eyJ1IjoibWFwZGVzaWduZXI4OCIsImEiOiJjbHJwaGR3ajAwMWR4MmtwOGVncjl5dWNpIn0.eFTpL6vj-57Bq2nTOs2KjQ", "reason": "The value is a valid Mapbox Access Token, a credential used to authenticate API requests. The prefix 'pk.' followed by three Base64-encoded sections is the exact format for a public-scoped token from this service. The final section, 'eFTpL6vj-57Bq2nTOs2KjQ', exhibits the high entropy and random character distribution characteristic of a real secret. Unlike a placeholder (e.g., 'pk.YOUR_TOKEN_HERE'), this is a fully-formed, functional credential. Even public tokens can be abused for abuse and rate limiting, making them a security risk when hardcoded in source code. The variable name `accessToken` further confirms the sensitive nature of this value."}} +{"id": 38, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 32, "secret": "postgres://billing_svc_user:D4fG#kS$q9!zL@pg-prod-us-east-1.c8zqg7rf1vkm.rds.amazonaws.com:5432/billing_prod?sslmode=require", "label": "True Positive"}, "actual": {"line_number": 32, "label": "True Positive", "secret_value": "postgres://billing_svc_user:D4fG#kS$q9!zL@pg-prod-us-east-1.c8zqg7rf1vkm.rds.amazonaws.com:5432/billing_prod?sslmode=require", "reason": "This value is a complete database connection string that hardcodes credentials, representing a critical secret vulnerability. The string follows the standard `scheme://username:password@host:port/database` format, which directly exposes a username (`billing_svc_user`) and its corresponding password (`D4fG#kS$q9!zL`). The password component exhibits high entropy, containing a random mix of uppercase letters, lowercase letters, digits, and special characters, indicating it is a machine-generated, real credential. Furthermore, the hostname `pg-prod-us-east-1.c8zqg7rf1vkm.rds.amazonaws.com` is an specific RDS endpoint, confirming this is a connection to a real, production AWS database. The surrounding comment explicitly warns that this is a hardcoded connection string that should be externalized, confirming its sensitive nature."}} +{"id": 39, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 108, "secret": "postgres://api_usr:aB$9fG!wP4@db-prod.us-east-1.rds.amazonaws.com:5432/users_v2", "label": "True Positive"}, "actual": {"line_number": 108, "label": "True Positive", "secret_value": "postgres://api_usr:aB$9fG!wP4@db-prod.us-east-1.rds.amazonaws.com:5432/users_v2", "reason": "The provided value is a complete PostgreSQL database connection URI that embeds sensitive credentials. The string follows the standard URL format `protocol://username:password@host:port/database`. The embedded username 'api_usr' and the high-entropy password 'aB$9fG!wP4' are concrete, unique strings, not generic placeholders. This password, containing a mix of uppercase letters, lowercase letters, numbers, and special characters, is the key component of the credential. Hardcoding a URL that contains an actual username and password is a critical security vulnerability, as anyone with access to this code snippet can potentially access the database."}} +{"id": 39, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 110, "secret": "8k@zP!qR7sT&uV*xY$zE#A%D*G-J", "label": "True Positive"}, "actual": {"line_number": 110, "label": "True Positive", "secret_value": "8k@zP!qR7sT&uV*xY$zE#A%D*G-J", "reason": "The value '8k@zP!qR7sT&uV*xY$zE#A%D*G-J' is a high-entropy cryptographic secret. It is a 32-character string composed of a random mix of lowercase letters, uppercase letters, numbers, and special symbols, a pattern characteristic of a real, machine-generated secret key. Unlike a placeholder, which would use repeated characters or descriptive text, this value is fully formed and unpredictable. Its assignment to the `JWT_SECRET_KEY` configuration variable provides explicit context that it is used for signing JSON Web Tokens. A hardcoded key of this nature is a critical security vulnerability, as it is version-controlled in source code and could be easily exposed, allowing attackers to impersonate users by forging tokens."}} +{"id": 39, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 17, "secret": "AKIA4ZUXFGY736J2L5PQ", "label": "True Positive"}, "actual": {"line_number": 17, "label": "True Positive", "secret_value": "AKIA4ZUXFGY736J2L5PQ", "reason": "The value 'AKIA4ZUXFGY736J2L5PQ' is a valid AWS Access Key ID. Its prefix 'AKIA' is a specific identifier for AWS root account or user-generated keys, and the subsequent 16 alphanumeric characters show the high entropy and random format of a real credential, not a placeholder. This is not a generic template like 'AKIAXXXXXXXXXXXX', but a complete, concrete value. Its assignment using `aws configure set aws_access_key_id` in a CI/CD pipeline confirms its purpose as a credential for automated authentication. This is a classic example of a hardcoded secret in configuration, which poses a significant security risk as it's committed directly to source control."}} +{"id": 39, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 18, "secret": "v9m8xLpQrSjW4uB7zK2fG1hJ6cE0gN3oY5aD9F3b", "label": "True Positive"}, "actual": {"line_number": 18, "label": "True Positive", "secret_value": "v9m8xLpQrSjW4uB7zK2fG1hJ6cE0gN3oY5aD9F3b", "reason": "The value 'v9m8xLpQrSjW4uB7zK2fG1hJ6cE0gN3oY5aD9F3b' is a 40-character string with high entropy, composed of a random mix of uppercase letters, lowercase letters, and digits. This format is consistent with an AWS Secret Access Key, which is typically 40 characters long. The value shows no patterns of repetition or predictable sequences, distinguishing it from a placeholder. The context explicitly confirms this classification, as the command uses 'aws configure set aws_secret_access_key', identifying the value as a sensitive AWS credential. Hardcoding a fully-formed key like this is a security vulnerability, as anyone with access to the source code will gain unauthorized AWS privileges."}} +{"id": 39, "index": 1, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 33, "secret": "https://hooks.slack.com/services/T01B2C3D4E5/B6F7G8H9I0J/aBcDeFgHiJkLmNoPqRsTuVwX", "label": "True Positive"}, "actual": {"line_number": 33, "label": "True Positive", "secret_value": "https://hooks.slack.com/services/T01B2C3D4E5/B6F7G8H9I0J/aBcDeFgHiJkLmNoPqRsTuVwX", "reason": "The value is a Slack incoming webhook URL, which functions as a secret token for sending notifications. The structure `https://hooks.slack.com/services///` is specific to this service, and the final path segment 'aBcDeFgHiJkLmNoPqRsTuVwX' contains 24 mixed-case alphanumeric characters which have the high entropy expected of a real credential. Unlike generic placeholders which use repeated characters or simple templates, this is a unique, unpredictable string. The variable name in the code ('SLACK_URL' is implied by its structure and use, though not explicitly shown) and the context of a notification step confirm its role as a sensitive credential."}} +{"id": 39, "index": 1, "sub_index": 3, "perfect_match": true, "error_fields": [], "expected": {"line_number": 38, "secret": "https://hooks.slack.com/services/T01B2C3D4E5/B6F7G8H9I0J/aBcDeFgHiJkLmNoPqRsTuVwX", "label": "True Positive"}, "actual": {"line_number": 38, "label": "True Positive", "secret_value": "aBcDeFgHiJkLmNoPqRsTuVwX", "reason": "The value 'aBcDeFgHiJkLmNoPqRsTuVwX' is a fully-formed Slack Incoming Webhook token. It matches the expected format for a Slack token, consisting of a 24-character string composed of high-entropy, mixed-case alphanumeric characters. This is not a placeholder; it is a concrete, specific credential that grants direct access to post messages to a Slack channel. Although the context of the file is a CI/CD pipeline which often handles secrets, the token itself is a sensitive value. Hardcoding a real, active webhook URL is a significant security risk, as it bypasses the need for authentication and can be easily abused if the code is leaked. The pattern teaches that even if a token is part of a URL in a script, its high-entropy format and specific length definitively identify it as a real credential."}} +{"id": 39, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 82, "secret": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io/789012", "label": "True Positive"}, "actual": {"line_number": 82, "label": "True Positive", "secret_value": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io", "reason": "The value is a Sentry Data Source Name (DSN) credential, which is a form of API key. The structure 'protocol://@' is a standard pattern for embedding authentication credentials within a URL. The key part, 'a1b2c3d4e5f67890a1b2c3d4e5f67890', is a high-entropy hexadecimal string that perfectly matches the 32-character format for a Sentry public key. In this specific value, the repeated block 'a1b2c3d4e5f67890' acts as a low-confidence identifier, but it is still hardcoded and part of a valid, real-looking credential. This value exposes the internal structure of the DSN and allows for abuse, making it a significant security risk regardless of its simple pattern."}} +{"id": 39, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 94, "secret": "pk.eyJ1IjoibWFwZGV2ZWxvcGVyIiwiYSI6ImNrcTdrYjNkcjBmbnAyd3FtdTZyOHVlYjMifQ.X9iSgK3fRb7wzLpBnA8bCg", "label": "True Positive"}, "actual": {"line_number": 94, "label": "True Positive", "secret_value": "pk.eyJ1IjoibWFwZGV2ZWxvcGVyIiwiYSI6ImNrcTdrYjNkcjBmbnAyd3FtdTZyOHVlYjMifQ.X9iSgK3fRb7wzLpBnA8bCg", "reason": "The value is a high-entropy string that perfectly matches the specific format of a Mapbox public access token. It is composed of three Base64-encoded parts, separated by dots, with a 'pk.' prefix confirming its type. The content within the JSON payload exhibits high entropy and contains structured keys like 'user' and 'a' (for application), which are consistent with public token creation parameters. This is not a placeholder because it is a fully formed, validly-structured token, not a template or a generic string. Hardcoding any active access token, even a public one, is a security risk as it could be abused or its associated permissions revoked by the service provider."}} +{"id": 39, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 32, "secret": "aZ8~9_xYpQ-rS7tV.wJ6fGhK1jL3mN5oB4c2", "label": "True Positive"}, "actual": {"line_number": 32, "label": "True Positive", "secret_value": "aZ8~9_xYpQ-rS7tV.wJ6fGhK1jL3mN5oB4c2", "reason": "The value 'aZ8~9_xYpQ-rS7tV.wJ6fGhK1jL3mN5oB4c2' is a 40-character alphanumeric string that exhibits high entropy, consistent with an Azure Active Directory client secret. This value is concrete and random, not a placeholder, indicating it is a real credential. The parameter name 'client_secret' explicitly confirms its sensitive nature, and unlike placeholders such as 'YOUR-SECRET-HERE', this is a specific, fully-formed secret. Exposing a valid client secret in a Terraform configuration is a critical security vulnerability, as it grants unauthorized access to the Azure environment defined by this provider block."}} +{"id": 39, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 21, "secret": "p@qR$tUvW*yZ!aB#cDe^fG7hJ2kL4mN6p", "label": "True Positive"}, "actual": {"line_number": 21, "label": "True Positive", "secret_value": "p@qR$tUvW*yZ!aB#cDe^fG7hJ2kL4mN6p", "reason": "The value 'p@qR$tUvW*yZ!aB#cDe^fG7hJ2kL4mN6p' is a high-entropy, complex password that exhibits strong cryptographic characteristics. It is a 32-character string containing a random mix of uppercase letters, lowercase letters, numbers, and special symbols, which is a standard format for API keys and passwords. Unlike a placeholder, which might use repeated characters or descriptive words (e.g., 'password123'), this value is unpredictable and fully formed. The assignment to the `spring.redis.password` configuration key and the preceding comment 'Use a strong password for Redis in production' explicitly confirm its role as a sensitive credential. Exposing such a secret in a configuration file poses a significant security risk, as it can grant unauthorized access to the Redis cache."}} +{"id": 39, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 27, "secret": "SG.A1B2C3d4e5_f6g7h8i9j0.kL1mN2oP3qR4sT5uV6w-X7yZ8aB9cDe0fG1hI2jK3lM_4s", "label": "True Positive"}, "actual": {"line_number": 27, "label": "True Positive", "secret_value": "SG.A1B2C3d4e5_f6g7h8i9j0.kL1mN2oP3qR4sT5uV6w-X7yZ8aB9cDe0fG1hI2jK3lM_4s", "reason": "The value 'SG.A1B2C3d4e5_f6g7h8i9j0.kL1mN2oP3qR4sT5uV6w-X7yZ8aB9cDe0fG1hI2jK3lM_4s' is a valid SendGrid API key. The value's format is composed of three parts separated by periods, with the initial 'SG.' prefix explicitly identifying it as belonging to SendGrid. The second and third segments are Base64-encoded strings that exhibit high entropy, indicating they are machine-generated credentials rather than placeholders. This structure is a definitive pattern for SendGrid keys. Hardcoding a key that matches this specific service format, even if intended for development, is a significant security risk as it could be used for malicious activity. The line comment, 'Set the SendGrid API Key...', further confirms the value's intended use as sensitive authentication material."}} +{"id": 40, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 87, "secret": "postgresql://payments_svc:a4J!zP0$fT7*bE9@db-prod.us-east-1.rds.amazonaws.com/payments_db", "label": "True Positive"}, "actual": {"line_number": 87, "label": "True Positive", "secret_value": "postgresql://payments_svc:a4J!zP0$fT7*bE9@db-prod.us-east-1.rds.amazonaws.com/payments_db", "reason": "This value is a full PostgreSQL connection string that contains an embedded password. A password, 'a4J!zP0$fT7*bE9', is present directly within the URL, which is a well-documented but insecure practice. The credential string exhibits sufficient entropy with a mix of uppercase letters, lowercase letters, numbers, and special characters, indicating it is a real, machine-generated token rather than a generic placeholder. Unlike placeholders, which use repetitive characters or the word 'password', this is a fully-formed credential. Exposing this string provides direct access to the production database, posing a critical security risk despite the accompanying comment warning against it."}} +{"id": 40, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 89, "secret": "sk_live_51Mv3UqKxVp8pLoJ9tFmW2cXa1hN6bA7vF9yR0eZlP3cT8bSgK4uL5iV6jW7bA8eV9oI0pQ1rC2sD3tF4gH5jK6lM", "label": "True Positive"}, "actual": {"line_number": 89, "label": "True Positive", "secret_value": "sk_live_51Mv3UqKxVp8pLoJ9tFmW2cXa1hN6bA7vF9yR0eZlP3cT8bSgK4uL5iV6jW7bA8eV9oI0pQ1rC2sD3tF4gH5jK6lM", "reason": "The value 'sk_live_...' is a classic Stripe secret key format, definitively identified by the 'sk_live_' prefix. The 40-character string following the prefix exhibits high entropy with a random mix of alphanumeric characters, a hallmark of a real, computer-generated credential. Unlike a placeholder like 'sk_live_xxxxxxxxxxxxxxxxxxxxxxx', this is a fully-formed, concrete value that must be protected. This specific key format is used for live production environments, making its hardcoding a significant security risk as it grants broad access to a Stripe account. The assignment to `stripe.api_key` in this Flask application's configuration explicitly confirms its sensitive role."}} +{"id": 40, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 37, "secret": "AKIA4P5X3W7RYS6BZM9N", "label": "True Positive"}, "actual": {"line_number": 37, "label": "True Positive", "secret_value": "AKIA4P5X3W7RYS6BZM9N", "reason": "The value 'AKIA4P5X3W7RYS6BZM9N' is a legitimate AWS Access Key ID. The value itself is in the correct format for an AWS key, characterized by the 'AKIA' prefix and a 20-character string containing uppercase letters and digits. The high entropy and the context of the variable name `access_key` within a `provider \"aws\"` block definitively classify it as a real credential. Unlike a placeholder, this is a concrete value that could be used for authentication. The combination of a service-specific prefix and high entropy makes this a strong and clear indicator of a hardcoded secret."}} +{"id": 40, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 38, "secret": "v9mB/LpKsR8wT7oF4gH2jA1sC3dE5fG6hI7kL8mP", "label": "True Positive"}, "actual": {"line_number": 38, "label": "True Positive", "secret_value": "v9mB/LpKsR8wT7oF4gH2jA1sC3dE5fG6hI7kL8mP", "reason": "The value 'v9mB/LpKsR8wT7oF4gH2jA1sC3dE5fG6hI7kL8mP' is a high-entropy Base64 encoded string consistent with the format of an AWS Secret Access Key. The value is 40 characters long and contains a random mix of alphanumeric characters and symbols ('/', '+'), which are hallmarks of a genuine credential designed for machine-to-machine authentication. Unlike a placeholder, this is a specific, unique string that holds real cryptographic value. The parameter name `secret_key` and its placement within an `aws` provider block in a Terraform file strongly confirm its function as a sensitive authentication token."}} +{"id": 40, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 29, "secret": "AKCp8tRLUvD1s5bYvL9T3qR7vC4kM6wN2pX8zF0aE9gH1iJ3kL5mN7oB9sD1fG2hJ4kL6eV", "label": "True Positive"}, "actual": {"line_number": 29, "label": "True Positive", "secret_value": "AKCp8tRLUvD1s5bYvL9T3qR7vC4kM6wN2pX8zF0aE9gH1iJ3kL5mN7oB9sD1fG2hJ4kL6eV", "reason": "The value 'AKCp8tRLUvD1s5bYvL9T3qR7vC4kM6wN2pX8zF0aE9gH1iJ3kL5mN7oB9sD1fG2hJ4kL6eV' is a valid Google Cloud Platform (GCP) service account access token. This value perfectly matches the pattern for a GCP token, which starts with the specific prefix 'AKCp'. The subsequent 60 characters exhibit high entropy, consisting of a random mix of alphanumeric characters, which is a strong indicator of a real credential. Unlike a placeholder, this is a fully formed, concrete value. The context confirms its sensitive nature as it is explicitly assigned to the `NPM_AUTH_TOKEN` environment variable, used for authentication with private package registries."}} +{"id": 40, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 30, "secret": "5a0f8eb8c9d44c9b8e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d", "label": "True Positive"}, "actual": {"line_number": 30, "label": "True Positive", "secret_value": "5a0f8eb8c9d44c9b8e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d", "reason": "The value '5a0f8eb8c9d44c9b8e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d' is a 32-character hexadecimal string, a common format for API authentication tokens. The value exhibits high entropy with a random distribution of characters, indicating it is a machine-generated credential, not a placeholder or pattern. Despite being assigned to an environment variable named 'SENTRY_AUTH_TOKEN' within a GitHub Actions file, which might be associated with testing, this is a concrete, fully-formed token. Leaking credentials in CI/CD pipelines, regardless of the environment, poses a significant security risk as it can grant access to services and reveal infrastructure details."}} +{"id": 40, "index": 2, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 39, "secret": "{\"type\":\"service_account\",\"project_id\":\"gcp-proj-staging-3456\",\"private_key_id\":\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6Kq2tU8N4vA3p\\n...fake content...\\nk9XpA2B4C5D6E7F8G9H0J2K3L4M5N6P7Q8R9T0U1V2W3X4Y5Z6A7B8C9D0E1F2G\\nH3I4J5K6L7M8N9P0Q1R2T3U4V5W6X7Y8Z9A0B1C2D3E4F5G6H7I8J9K0L1M2N3P4\\nQ5R6T7U8V9W0X1Y2Z3A4B5C6D7E8F9G0H1I2J3K4L5M6N7P8Q9R0T1U2V3W4X5Y6\\nZ7A8B9C0D1E2F3G4H5I6J7K8L9M0N1P2Q3R4T5U6V7W8X9Y0Z1A2B3C4D5E6F7G8\\nH9I0J1K2L3M4N5P6Q7R8T9U0V1W2X3Y4Z5A6B7C8D9E0F1G2H3I4J5K6L7M8N9P0\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"deploy-bot@gcp-proj-staging-3456.iam.gserviceaccount.com\",\"client_id\":\"123456789012345678901\",\"auth_uri\":\"...\",\"token_uri\":\"...\",\"auth_provider_x509_cert_url\":\"...\",\"client_x509_cert_url\":\"...\"}", "label": "True Positive"}, "actual": {"line_number": 39, "label": "True Positive", "secret_value": "-----BEGIN PRIVATE KEY-----\\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6Kq2tU8N4vA3p\\n...fake content...\\nk9XpA2B4C5D6E7F8G9H0J2K3L4M5N6P7Q8R9T0U1V2W3X4Y5Z6A7B8C9D0E1F2G\\nH3I4J5K6L7M8N9P0Q1R2T3U4V5W6X7Y8Z9A0B1C2D3E4F5G6H7I8J9K0L1M2N3P4\\nQ5R6T7U8V9W0X1Y2Z3A4B5C6D7E8F9G0H1I2J3K4L5M6N7P8Q9R0T1U2V3W4X5Y6\\nZ7A8B9C0D1E2F3G4H5I6J7K8L9M0N1P2Q3R4T5U6V7W8X9Y0Z1A2B3C4D5E6F7G8\\nH9I0J1K2L3M4N5P6Q7R8T9U0V1W2X3Y4Z5A6B7C8D9E0F1G2H3I4J5K6L7M8N9P0\\n-----END PRIVATE KEY-----", "reason": "The value is a complete PEM-encoded private key, a type of cryptographic material that grants powerful privileges. Its structure is definitive, identified by the standard `-----BEGIN PRIVATE KEY-----` and `-----END PRIVATE KEY-----` markers. The multi-line, Base64-encoded block between these markers contains a high-entropy representation of the actual key data, which is a strong indicator of a valid credential. Although the placeholder text `...fake content...` is present, the surrounding syntactically correct key material represents a significant security risk. Such placeholders are common patterns for real secrets and the exposure of the key's structure and surrounding text is a exploitable vulnerability."}} +{"id": 40, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 122, "secret": "https://b4a3c2d1e0f9a8b7c6d5e4f3a2b1c0d9@o450604.ingest.sentry.io/45060453321", "label": "True Positive"}, "actual": {"line_number": 122, "label": "True Positive", "secret_value": "https://b4a3c2d1e0f9a8b7c6d5e4f3a2b1c0d9@o450604.ingest.sentry.io", "reason": "This value is a Sentry Data Source Name (DSN), a public credential that is uniquely identifying but does not grant administrative access. The value's format is definitively identified by its hostname 'ingest.sentry.io' and a Base64-encoded string immediately preceding the `@` symbol, which serves as a project-specific key. This key exhibits high entropy, containing a random sequence of alphanumeric characters, which is characteristic of a real credential. Although the DSN itself is intended for client-side exposure, hardcoding it allows anyone to send events to the project, potentially leading to abuse or data pollution. It's a form of secret because it's a unique, non-public identifier tied to a specific service."}} +{"id": 40, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 123, "secret": "pk.eyJ1IjoiYmVuamFtaW5kZXYiLCJhIjoiY2xwOXA0bHUxMGZoeTJqcDkyMmh3ZDA0bCJ9.aK5fG4hT3jE2sC1dF8gH7i", "label": "True Positive"}, "actual": {"line_number": 123, "label": "True Positive", "secret_value": "pk.eyJ1IjoiYmVuamFtaW5kZXYiLCJhIjoiY2xwOXA0bHUxMGZoeTJqcDkyMmh3ZDA0bCJ9.aK5fG4hT3jE2sC1dF8gH7i", "reason": "The value 'pk.eyJ1IjoiYmVuamFtaW5kZXYiLCJhIjoiY2xwOXA0bHUxMGZoeTJqcDkyMmh3ZDA0bCJ9.aK5fG4hT3jE2sC1dF8gH7i' is a valid Mapbox Access Token. Its structure perfectly matches the known format: a 'pk.' prefix followed by two Base64-encoded parts separated by a period, and a third high-entropy part for cryptographic signature verification. The first payload part decodes to reveal {'u': 'benjamindev', 'a': 'clp9p4lu10fh2jpd922hwd04l'}, identifying a specific developer account, while the signature part ensures authenticity. This token is not a placeholder but a functional credential, as confirmed by its specific user and payload. The comment explicitly states the value should be secured, and its presence in source code makes it a significant security risk regardless of environment."}} +{"id": 40, "index": 3, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 146, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlX2FjY291bnQiLCJzY29wZSI6WyJyZWFkIiwid3JpdGUiXSwiaWF0IjoxNjcxNTQwMjM5fQ.oF9gR1vW3cZ4xS8eP5kL7sB6tD0fA2uJ1cK8iL5dN9g", "label": "True Positive"}, "actual": {"line_number": 146, "label": "True Positive", "secret_value": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlX2FjY291bnQiLCJzY29wZSI6WyJyZWFkIiwid3JpdGUiXSwiaWF0IjoxNjcxNTQwMjM5fQ.oF9gR1vW3cZ4xS8eP5kL7sB6tD0fA2uJ1cK8iL5dN9g", "reason": "The value is a complete and syntactically valid JSON Web Token (JWT) in the standard 'Bearer' format, indicated by the 'Bearer ' prefix. The Base64-encoded payload is structured with high entropy, containing predictable key-value pairs such as `alg`, `typ`, `sub`, `scope`, and `iat`, which strongly suggests it is a real credential. The cryptographic signature, the third part of the token, further confirms its authenticity. Although located in a client-side file, this hardcoded JWT is a significant secret because it represents a potentially active session or API authentication credential. Hardcoding any credential, even for development or testing, is a major security risk, as they can grant unauthorized access to sensitive resources."}} +{"id": 40, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 8, "secret": "gH7!kL#9sPqR$wXv2&yZ*bC", "label": "True Positive"}, "actual": {"line_number": 8, "label": "True Positive", "secret_value": "gH7!kL#9sPqR$wXv2&yZ*bC", "reason": "The value 'gH7!kL#9sPqR$wXv2&yZ*bC' is a high-entropy string that exhibits a random distribution of uppercase letters, lowercase letters, digits, and special characters, a classic pattern for a strong password. Unlike a placeholder or example, this is a fully formed, unique string with no repetitive or predictable elements. The context of the `spring.datasource.password` property in a production configuration file confirms its role as an authentication secret. Hardcoding a credential like this is a critical security flaw as it exposes the password directly in the source code."}} +{"id": 40, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 15, "secret": "mZ2$eR6^tY8*uI1!oP4@lK", "label": "True Positive"}, "actual": {"line_number": 15, "label": "True Positive", "secret_value": "mZ2$eR6^tY8*uI1!oP4@lK", "reason": "The secret value 'mZ2$eR6^tY8*uI1!oP4@lK' exhibits high entropy with its random mix of upper and lower case letters, numbers, and special symbols, which is a key characteristic of a strong password or token. It lacks any placeholder patterns like 'YOUR_PASSWORD' or repetitive sequences, indicating it's a concrete credential. The variable name 'rabbitmq.password' explicitly contextually labels this value as a secret. Even if the username is generic, the password itself is unique and should be protected. The parameter 'rabbitmq.ssl.enabled=true' further confirms that this password will be used to authenticate over a secure connection, making its exposure a direct security risk."}} +{"id": 40, "index": 4, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 20, "secret": "ACf1e2d3c4b5a6987e6d5c4b3a2f1e0d9c", "label": "True Positive"}, "actual": {"line_number": 20, "label": "True Positive", "secret_value": "ACf1e2d3c4b5a6987e6d5c4b3a2f1e0d9c", "reason": "The value 'ACf1e2d3c4b5a6987e6d5c4b3a2f1e0d9c' is a valid Twilio Account SID. This specific value is not a generic placeholder, but a complete, 34-character credential that follows Twilio's documented format, which is a prefix ('AC') followed by 32 hexadecimal characters. Although this value appears in what seems like a configuration file, it is a fully formed credential that can be used to identify a specific account within the Twilio platform. It is common for developers to commit real credentials from development or staging environments, posing a significant security risk. The descriptive context variable `twilio.account.sid` confirms its purpose as an authentication component, solidifying its classification as a True Positive."}} +{"id": 40, "index": 4, "sub_index": 3, "perfect_match": false, "error_fields": ["label"], "expected": {"line_number": 21, "secret": "7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2d", "label": "True Positive"}, "actual": {"line_number": 21, "label": "False Positive", "secret_value": "7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2d", "reason": "The value '7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2d' is a clear example of non-sensitive test data, despite its high entropy and random appearance. The most significant indicator is its structural flaw: it's a 32-character hexadecimal string with no prefixes or specific formatting associated with Twilio's production credentials. Real Twilio Auth Tokens are 16 characters. While the value appears random, the sequential pattern of the hexadecimal digits ('a' to 'f') and its use in a 'dev' or 'test' file context often signifies a placeholder. This pattern teaches that high entropy alone is insufficient; the value must also adhere to a known sensitive format."}} +{"id": 41, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 121, "secret": "postgres://billing_svc_user:Ac8#k$!p9F@dBe3-db.prod.us-west-2.rds.amazonaws.com:5432/payments_db", "label": "True Positive"}, "actual": {"line_number": 121, "label": "True Positive", "secret_value": "postgres://billing_svc_user:Ac8#k$!p9F@dBe3-db.prod.us-west-2.rds.amazonaws.com:5432/payments_db", "reason": "This value is a complete PostgreSQL database connection string containing embedded credentials, which is a severe security vulnerability. It follows the standard URI format 'postgres://username:password@host:port/database', which allows the database to be accessed directly. The password component, 'Ac8#k$!p9F', exhibits high entropy and is not a generic placeholder. Although a developer comment explicitly warns against using this string in production, hardcoding it makes it immediately available to anyone with access to the source code, including attackers. This provides a complete, exploitable connection string for a production database, regardless of its intended context."}} +{"id": 41, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 126, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 126, "label": "True Positive", "secret_value": "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", "reason": "The value is a valid Stripe live API key, explicitly identified by the 'sk_live_' prefix. This format is a specific, well-defined pattern for authenticating against Stripe's production environment. The 40-character alphanumeric string following the prefix exhibits high entropy with a random mix of upper/lowercase letters and numbers, characteristic of a machine-generated secret. Unlike a placeholder, this is a fully-formed, concrete credential. Although a comment warns against its use in production, it is still a sensitive key that could be abused if active, making it a critical security finding."}} +{"id": 41, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 46, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 46, "label": "True Positive", "secret_value": "AKIAY3R4WZ76X2P5QJ6M", "reason": "The value 'AKIAY3R4WZ76X2P5QJ6M' is a correctly formatted AWS Access Key. The specific 'AKIA' prefix is a definitive indicator used by AWS to identify this type of credential. The string is 20 characters long and consists of uppercase letters and numbers, which precisely matches the AWS documentation for this credential format. Unlike a generic placeholder, this is a concrete, high-entropy string that conforms to the service's structure. The parameter name 'access_key' and the surrounding code block for the 'aws' provider explicitly confirm its sensitive nature, as this is a critical authentication credential."}} +{"id": 41, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 47, "secret": "pL8vGkZ9JmN7sR2wXqF1bT4uYcV3zH5iA0oK6eB", "label": "True Positive"}, "actual": {"line_number": 47, "label": "True Positive", "secret_value": "pL8vGkZ9JmN7sR2wXqF1bT4uYcV3zH5iA0oK6eB", "reason": "The value 'pL8vGkZ9JmN7sR2wXqF1bT4uYcV3zH5iA0oK6eB' is a 40-character string that exhibits high entropy with its random mix of alphanumeric characters. The value's format is consistent with an AWS secret access key, which is its direct function as confirmed by the `secret_key` parameter. Unlike a placeholder (e.g., 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'), this is a concrete, unique value that appears to be a real credential. Although found in a Terraform file, credentials hardcoded in configuration can be used by anyone who gains access to the source code, posing a significant security risk. The combination of high entropy, specific format, and explicit parameter name makes this a clear true positive."}} +{"id": 41, "index": 2, "sub_index": 0, "perfect_match": false, "error_fields": ["value"], "expected": {"line_number": 42, "secret": "{\"type\":\"service_account\",\"project_id\":\"acme-corp-345213\",\"private_key_id\":\"a4f3b18d8b4c7c8e9f0a1b2c3d4e5f6a7b8c9d0e\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2sX2w...\\n-----END PRIVATE KEY-----\",\"client_email\":\"deploy-bot@acme-corp-345213.iam.gserviceaccount.com\",\"client_id\":\"109876543210987654321\",\"auth_uri\":\"https://accounts.google.com/o/oauth2/auth\",\"token_uri\":\"https://oauth2.googleapis.com/token\",\"auth_provider_x509_cert_url\":\"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\":\"https://www.googleapis.com/robot/v1/metadata/x509/deploy-bot%40acme-corp-345213.iam.gserviceaccount.com\"}", "label": "True Positive"}, "actual": {"line_number": 42, "label": "True Positive", "secret_value": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2sX2w...\n-----END PRIVATE KEY-----", "reason": "The value is a PEM-encoded RSA private key, definitively identified by its standard `-----BEGIN PRIVATE KEY-----` and `-----END PRIVATE KEY-----` markers. The content between these delimiters is multiline Base64 encoded data, which exhibits the high entropy and character set typical of actual cryptographic material, not a placeholder. Unlike a placeholder that might just have '...' inside, this block represents a syntactically complete and syntactically valid private key. Hardcoding a private key within a CI/CD workflow file is a severe security risk, as it allows anyone with access to the repository to impersonate the service account and potentially compromise cloud resources."}} +{"id": 41, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 59, "secret": "https://hooks.slack.com/services/T00ABCDEF/B00GHIJKL/kM3P5sR9tV1wX7Y2zN8oB4cD", "label": "True Positive"}, "actual": {"line_number": 59, "label": "True Positive", "secret_value": "https://hooks.slack.com/services/T00ABCDEF/B00GHIJKL/kM3P5sR9tV1wX7Y2zN8oB4cD", "reason": "The value is a valid Slack Incoming Webhook URL, a sensitive credential. Its structure, specifically the final path segment 'kM3P5sR9tV1wX7Y2zN8oB4cD', matches Slack's credential format and exhibits high entropy with its random assortment of uppercase letters, lowercase letters, numbers, and symbols. Unlike generic placeholders, this is a specific, fully-formed token. Slack webhook URLs are a direct method to send messages to a channel, making them a security risk if exposed. Hardcoding the URL into a workflow file is a significant security anti-pattern, as the credential is in source control and can be easily accessed."}} +{"id": 41, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 29, "secret": "AIzaSyBv4nE8tGfH3jK2L5mN7oP9qR1sT3uV5wX", "label": "True Positive"}, "actual": {"line_number": 29, "label": "True Positive", "secret_value": "AIzaSyBv4nE8tGfH3jK2L5mN7oP9qR1sT3uV5wX", "reason": "The value 'AIzaSyBv4nE8tGfH3jK2L5mN7oP9qR1sT3uV5wX' is a valid Google Firebase API key, confirmed by its standard prefix 'AIzaSy'. The following 33 characters exhibit high entropy with a random mix of alphanumeric characters, matching the precise format of a real Firebase client key. Although the filename is 'serviceKeys.ts' and includes comments about production, this is a complete, fully-formed key, not a placeholder or template. Hardcoding a real production key, even in a client-side configuration, presents a significant security risk as it can be extracted from the browser and abused."}} +{"id": 41, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 42, "secret": "pk.eyJ1IjoibXljb29sYXBwIiwiYSI6ImNrcWV3Z3NqMDBjajAyd281cDNtZGNpb3oifQ.Vv1B2C3D4E5F6G7H8I9J0K", "label": "True Positive"}, "actual": {"line_number": 42, "label": "True Positive", "secret_value": "pk.eyJ1IjoibXljb29sYXBwIiwiYSI6ImNrcWV3Z3NqMDBjajAyd281cDNtZGNpb3oifQ.Vv1B2C3D4E5F6G7H8I9J0K", "reason": "The value is a valid Mapbox Access Token, identified by the 'pk.' prefix. The token's structure consists of three distinct, high-entropy Base64 encoded segments, representing the header, payload, and signature of a JWT, which confirms it is a fully-formed credential. Unlike generic placeholders, which might use ellipses or repeated characters, this value contains specific, random-looking data. The surrounding context and the variable name 'accessToken' explicitly confirm its purpose. Even though it's placed in a file named 'serviceKeys.ts', the value itself is a functional secret, and its presence in a source-controlled file is a severe security vulnerability."}} +{"id": 41, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 88, "secret": "ZThkNDFkYzAtNzA1Mi00YjU5LTg5Y2UtMjdhMTEyMzg1ZjM5NDY0Y2ZkYjMtYTEzNC00MWI4LWJmOTItZWY5YTJjNmE1N2Jl", "label": "True Positive"}, "actual": {"line_number": 88, "label": "True Positive", "secret_value": "ZThkNDFkYzAtNzA1Mi00YjU5LTg5Y2UtMjdhMTEyMzg1ZjM5NDY0Y2ZkYjMtYTEzNC00MWI4LWJmOTItZWY5YTJjNmE1N2Jl", "reason": "The value is a high-entropy string that perfectly matches the format of a Base64-encoded UUID, which is commonly used as a JWT signing key. Its random alphanumeric characters, mixed case, and specific length are strong indicators of a real, machine-generated credential, not a placeholder. Although a comment recommends using environment variables, the value itself is a concrete, fully-formed key. The variable name `auth.jwt.signing_key` explicitly confirms its purpose for authentication, making this a significant security risk."}} +{"id": 41, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 98, "secret": "amqp://notif_worker:RpR8#bV^9sL@mq-cluster.internal:5672/vhost_prod", "label": "True Positive"}, "actual": {"line_number": 98, "label": "True Positive", "secret_value": "amqp://notif_worker:RpR8#bV^9sL@mq-cluster.internal", "reason": "The value 'amqp://notif_worker:RpR8#bV^9sL@mq-cluster.internal' is a connection string that contains hardcoded credentials. The password component 'RpR8#bV^9sL' exhibits high entropy, mixing uppercase and lowercase letters, numbers, and special characters, which is a strong indicator of a real credential. This value is embedded directly into the URI, a common anti-pattern for storing secrets. Unlike a placeholder, which would use generic characters like 'xxxx', this is a concrete, complex password that provides immediate access to the RabbitMQ message queue. The username 'notif_worker' is a non-generic identifier that further specifies a privileged user account."}} +{"id": 42, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 103, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 103, "label": "True Positive", "secret_value": "AKIAY3R4WZ76X2P5QJ6M", "reason": "The value 'AKIAY3R4WZ76X2P5QJ6M' is a valid AWS Access Key ID, identified by the prefix 'AKIA'. This specific format is a strong indicator of an AWS credential. The 20-character string is random and unpredictable, matching the expected format and high entropy of a real key, not a placeholder. This key is paired with a corresponding 'aws_secret_access_key' on the subsequent line, forming a complete, hardcoded authentication pair. Although the code contains a comment suggesting environment variables, the presence of a concrete, valid key like this is always a critical security risk, as it likely points to a real, accessible AWS environment."}} +{"id": 42, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 104, "secret": "zL8wNcU9oF7jK5dG1eH3bV2aR6tY0sP4iQ9xCmA1", "label": "True Positive"}, "actual": {"line_number": 104, "label": "True Positive", "secret_value": "zL8wNcU9oF7jK5dG1eH3bV2aR6tY0sP4iQ9xCmA1", "reason": "The value 'zL8wNcU9oF7jK5dG1eH3bV2aR6tY0sP4iQ9xCmA1' is a high-entropy AWS Secret Access Key. Its 40-character length and random mix of uppercase letters, lowercase letters, and numbers are characteristic of this secret type. Unlike a placeholder, this is a concrete, fully-formed credential that follows the exact format specified by AWS. The `aws_secret_access_key` parameter name provides definitive contextual confirmation of the value's purpose. Although a comment suggests this is for testing or should be an environment variable, the fact remains that a real, active-looking secret is hardcoded into the application source, posing a significant security risk."}} +{"id": 42, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 36, "secret": "dckr_pat_bC9xTfG3pZjL2nK5hW1vR8sY0uI7", "label": "True Positive"}, "actual": {"line_number": 36, "label": "True Positive", "secret_value": "dckr_pat_bC9xTfG3pZjL2nK5hW1vR8sY0uI7", "reason": "The value 'dckr_pat_bC9xTfG3pZjL2nK5hW1vR8sY0uI7' is a valid Docker Hub Personal Access Token (PAT). The prefix 'dckr_pat_' is a specific, unambiguous identifier for this type of credential format. The string following the prefix is 32 characters long and exhibits high entropy, consistent with cryptographic randomness required for a real token. This value is not a placeholder, as it lacks any generic markers like '' or repeated characters. The context of this value, being assigned to a 'password' parameter within a 'docker/login-action' step in a GitHub Actions workflow, explicitly confirms its use as an authentication credential. Hardcoding any live credential like this in CI/CD pipelines is a significant security risk."}} +{"id": 42, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 53, "secret": "ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7U", "label": "True Positive"}, "actual": {"line_number": 53, "label": "True Positive", "secret_value": "ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7U", "reason": "The secret value 'ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7U' is a syntactically valid GitHub Personal Access Token. The `ghp_` prefix is a definitive marker for this token type. The subsequent random string consists of mixed-case alphanumeric characters, exhibiting high entropy consistent with a real, programmatically generated secret. This is not a generic placeholder, template variable, or example token; it is a specific, unpredictable string. Its use in an 'Authorization' header for a GitHub API request confirms its purpose as an authentication credential."}} +{"id": 42, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 44, "secret": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", "label": "True Positive"}, "actual": {"line_number": 44, "label": "True Positive", "secret_value": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", "reason": "The value 'a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6' is a 32-character hexadecimal string, which is the exact format for a Datadog API key. While this value exhibits a predictable sequential pattern, it is not a generic placeholder like 'YOUR_API_KEY' or a string of repeated characters. Real-world Datadog keys can and do have weak cryptographic properties or follow predictable patterns, making this a high-risk, non-obvious secret. The high-entropy, specific-length format is the primary indicator. The contextual variable name 'api_key' within a 'provider' block for Datadog provides strong confirmation of its sensitive nature, as this key is used for authentication against the Datadog API."}} +{"id": 42, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 45, "secret": "x9y8z7w6v5u4t3s2r1q0p9o8n7m6l5k4j3i2h1g0", "label": "True Positive"}, "actual": {"line_number": 45, "label": "True Positive", "secret_value": "x9y8z7w6v5u4t3s2r1q0p9o8n7m6l5k4j3i2h1g0", "reason": "The value 'x9y8z7w6v5u4t3s2r1q0p9o8n7m6l5k4j3i2h1g0' is a high-entropy string that perfectly matches the 32-character hexadecimal format of a Datadog Application Key. The value exhibits randomness with its mix of letters and numbers and lacks any placeholder patterns like repeated characters or generic terms. Unlike a template, this is a concrete, fully-formed credential. The parameter name `app_key` in the Terraform provider block, combined with the comment recommending environment variable configuration, explicitly confirms that this is a functional key for authentication. Hardcoding such a credential in Terraform is a common security vulnerability."}} +{"id": 42, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 223, "secret": "pk.eyJ1Ijoic2hpcHBpbmdkZXYiLCJhIjoiY2w5cGdpaHVwMDFjZDN2bzhsZ2N0cDZ6MyJ9.A5w3UQqT3rVdFzPqW2bVew", "label": "True Positive"}, "actual": {"line_number": 223, "label": "True Positive", "secret_value": "pk.eyJ1Ijoic2hpcHBpbmdkZXYiLCJhIjoiY2w5cGdpaHVwMDFjZDN2bzhsZ2N0cDZ6MyJ9.A5w3UQqT3rVdFzPqW2bVew", "reason": "The value is a high-entropy string with a specific format ('pk.payload.signature') that precisely matches a Mapbox Public Access Token (PAT). The three distinct parts, separated by '.', are eachBase64-encoded, exhibiting the character set and randomness expected of a real cryptographic credential. While these tokens are public-facing, they are still considered secrets because they grant access to a paid service and can be abused to hit resource limits. Unlike a generic placeholder like 'pk.YOUR_TOKEN.YOUR_SIGNATURE', this value represents a concrete, functional credential. Exposing such tokens in frontend code is a common security risk that can lead to financial loss, making this a valid True Positive."}} +{"id": 42, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 226, "secret": "https://a8d4d03c27e44a6f95e6f64b8c9d01b2@o450616.ingest.sentry.io/4506168886", "label": "True Positive"}, "actual": {"line_number": 226, "label": "True Positive", "secret_value": "https://a8d4d03c27e44a6f95e6f64b8c9d01b2@o450616.ingest.sentry.io", "reason": "The value is a Sentry Data Source Name (DSN), which is an authentication token granting direct write access to a Sentry project. The format is explicitly structured with a secret key (`a8d4d03c27e44a6f95e6f64b8c9d01b2`) and a public project identifier, separated by an '@' symbol within the URL. The 32-character hexadecimal string exhibits high entropy and randomness, which is characteristic of a real credential, not a placeholder or example. Hardcoding this value directly in source code poses a security risk as it allows unauthorized users to post data to the developer's Sentry account."}} +{"id": 42, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 22, "secret": "prod_api_L3hV7bN9kPjR2wZ4mQ8yS6xT5", "label": "True Positive"}, "actual": {"line_number": 22, "label": "True Positive", "secret_value": "prod_api_L3hV7bN9kPjR2wZ4mQ8yS6xT5", "reason": "The value 'prod_api_L3hV7bN9kPjR2wZ4mQ8yS6xT5' exhibits high entropy and contains a specific prefix format, strongly identifying it as a secret. The `prod_api_` prefix clearly contextualizes the value as an API key for a production environment. The latter part of the string, 'L3hV7bN9kPjR2wZ4mQ8yS6xT5', is a random combination of alphanumeric characters, lacking any discernible patterns or placeholder characteristics. This high entropy is a primary indicator of a machine-generated, functional secret. Even though the variable name is `BACKEND_API_KEY` and it's within a `buildConfigField`, its direct assignment of a high-entropy literal value makes it a hardcoded credential."}} +{"id": 42, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 29, "secret": "St@bleB@tteryH0rseC0rrect", "label": "True Positive"}, "actual": {"line_number": 29, "label": "True Positive", "secret_value": "St@bleB@tteryH0rseC0rrect", "reason": "The value 'St@bleB@tteryH0rseC0rrect' is a hardcoded password, identifiable by its structure which combines real words with special characters and numbers to form a memorable passphrase. While it lacks the high entropy of a randomly generated secret, it is a concrete string value, not a generic placeholder like 'PASSWORD'. The context of the `signingConfigs` block in an Android `build.gradle` file strongly confirms its purpose as a secret used for signing application builds. Exposing a build signing password in version control is a significant security risk, as it allows anyone with repository access to forge malicious versions of the application."}} +{"id": 42, "index": 4, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 31, "secret": "C0rrectH0rseSt@bleB@ttery", "label": "True Positive"}, "actual": {"line_number": 31, "label": "True Positive", "secret_value": "C0rrectH0rseSt@bleB@ttery", "reason": "The value 'C0rrectH0rseSt@bleB@ttery' is a hardcoded password for the Android signing key. This value is a high-entropy string, as it is a Leetspeak version of a mnemonic phrase ('Correct Horse Stable Battery'), which is a strong indicator of a password. It exhibits cryptographic randomness through the use of numbers and special characters ('@') mixed with dictionary words. This is not a generic placeholder, which would use repeated characters or the word 'password' itself, but a concrete, specific value designed to lock sensitive build material. The context of this value being the `keyPassword` within a `signingConfigs` block definitively classifies it as a credential."}} +{"id": 43, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 121, "secret": "postgres://prod_user_rw:8!hG#kL$pQ2s@db-pg-prod-01.c3k4l5m6.us-east-1.rds.amazonaws.com:5432/main_app_db", "label": "True Positive"}, "actual": {"line_number": 121, "label": "True Positive", "secret_value": "postgres://prod_user_rw:8!hG#kL$pQ2s@db-pg-prod-01.c3k4l5m6.us-east-1.rds.amazonaws.com:5432/main_app_db", "reason": "This value is a complete, well-formed PostgreSQL connection string that embeds a hardcoded password. The value follows the standard `postgres://user:password@host:port/database` format, which is a critical security flaw because it exposes all components of the credential. The username `prod_user_rw` and password `8!hG#kL$pQ2s` are specific, high-entropy values that do not appear to be placeholders. This credential is for a production AWS RDS database, as confirmed by the subdomain structure, making its exposure an immediate and severe security risk."}} +{"id": 43, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 132, "secret": "eYp3s6v9y$B&E)H@McQfTjWnZr4u7x!A", "label": "True Positive"}, "actual": {"line_number": 132, "label": "True Positive", "secret_value": "eYp3s6v9y$B&E)H@McQfTjWnZr4u7x!A", "reason": "The value 'eYp3s6v9y$B&E)H@McQfTjWnZr4u7x!A' is a high-entropy password intended for authentication. The string contains a random mix of uppercase letters, lowercase letters, numbers, and special characters, which is characteristic of a strong, machine-generated credential. It shows no discernible patterns or repetitive elements, distinguishing it from common placeholders like '' or 'test'. Unlike a placeholder, this is a fully-formed, concrete value that appears to be a real production secret. The context strongly confirms this, as it is explicitly assigned to the 'password' parameter when initializing a Redis client for a production cluster. Exposing such a password, even in source code, is a major security risk."}} +{"id": 43, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 60, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 60, "label": "True Positive", "secret_value": "AKIAY3R4WZ76X2P5QJ6M", "reason": "The value 'AKIAY3R4WZ76X2P5QJ6M' is a valid AWS Access Key ID, identifiable by the 'AKIA' prefix. This is a specific, machine-readable format mandated by AWS, differentiating it from generic placeholders like 'AKIAXXXXXXXXXXXXXX'. The key body 'Y3R4WZ76X2P5QJ6M' consists of 16 high-entropy, uppercase alphanumeric characters, consistent with the format for this secret type. Hardcoding this key directly into a CI/CD pipeline script, as seen in the `aws configure` command, is a severe security risk as it grants direct programmatic access to potentially sensitive AWS resources."}} +{"id": 43, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 61, "secret": "wJalrXUtnFEMI5K7MDENGbPxRfi2qZf6sZ2c4g5b", "label": "True Positive"}, "actual": {"line_number": 61, "label": "True Positive", "secret_value": "wJalrXUtnFEMI5K7MDENGbPxRfi2qZf6sZ2c4g5b", "reason": "The value 'wJalrXUtnFEMI5K7MDENGbPxRfi2qZf6sZ2c4g5b' is a legitimate, high-entropy AWS secret access key. It is a 40-character string with a random mix of uppercase letters, lowercase letters, and numbers, which is characteristic of AWS credentials. Unlike a placeholder, this is a fully-formed value that exhibits no discernible patterns or repetition. The context of the `aws configure set aws_secret_access_key` command definitively confirms this value's purpose as a critical authentication token. Even within a CI/CD workflow, hardcoding live AWS keys in source control is a major security risk."}} +{"id": 43, "index": 1, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 79, "secret": "https://hooks.slack.com/services/T024F4SJ2/B0C3E4D5F6/aBcDeFgHiJkLmNoPqRsTuVwX", "label": "True Positive"}, "actual": {"line_number": 79, "label": "True Positive", "secret_value": "https://hooks.slack.com/services/T024F4SJ2/B0C3E4D5F6/aBcDeFgHiJkLmNoPqRsTuVwX", "reason": "The value is a complete Slack Incoming Webhook URL, which is a hardcoded secret. This specific value contains a 24-character path segment (`aBcDeFgHiJkLmNoPqRsTuVwX`) that demonstrates the high entropy and random-character composition characteristic of a real credential, not a generic placeholder. While the template placeholders in the code use lowercase words, this specific URL contains a mix of uppercase, lowercase, and numbers, indicating it is a concrete credential for a specific workspace. Hardcoding webhook URLs is a significant security risk, as it embeds a key into the codebase that grants write access to a channel."}} +{"id": 43, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 23, "secret": "B4kL9mN8oP1qR2sT3uV4wX5yZ6aB7c8D", "label": "True Positive"}, "actual": {"line_number": 23, "label": "True Positive", "secret_value": "B4kL9mN8oP1qR2sT3uV4wX5yZ6aB7c8D", "reason": "The value 'B4kL9mN8oP1qR2sT3uV4wX5yZ6aB7c8D' is a high-entropy string that precisely matches the format of a Fastly API key. It is a 32-character alphanumeric string with a random distribution of mixed-case letters and numbers, which is characteristic of a real, machine-generated credential. Unlike a placeholder, which would use repetitive characters (e.g., 'xxxx...'), this value is concrete and lacks any template markers. This format is specific enough that it is highly unlikely to be an example. Hardcoding a real key like this in infrastructure code poses a significant security risk, as it allows anyone with access to the code repository to perform authenticated actions on the Fastly account."}} +{"id": 43, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 47, "secret": "u+Hs9xL3vA7fY2zR5pQ8", "label": "True Positive"}, "actual": {"line_number": 47, "label": "True Positive", "secret_value": "u+Hs9xL3vA7fY2zR5pQ8", "reason": "The value 'u+Hs9xL3vA7fY2zR5pQ8' is a high-entropy string characteristic of a PagerDuty integration key. It consists of a random mix of uppercase letters, lowercase letters, numbers, and special symbols ('+', '/', '='), which is a strong indicator of a machine-generated credential. This is not a placeholder, template variable, or example pattern; it is a fully-formed token with the exact length and character complexity expected for this type of secret. The context confirms its sensitivity, with the variable name 'alerting_pagerduty_token' and its assignment to a PagerDuty integration explicitly defining its function. Even though the value is in a `default` block, which implies it may be used in non-production environments, hardcoding functional credentials like this is a common and dangerous anti-pattern that poses significant security risks."}} +{"id": 43, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 99, "secret": "AIzaSyB9X8c7V6D5E4F3G2H1I0jL9K8mN7pQoR", "label": "True Positive"}, "actual": {"line_number": 99, "label": "True Positive", "secret_value": "AIzaSyB9X8c7V6D5E4F3G2H1I0jL9K8mN7pQoR", "reason": "The value 'AIzaSyB9X8c7V6D5E4F3G2H1I0jL9K8mN7pQoR' is a valid Firebase Client API Key, identifiable by the 'AIzaSy' prefix and its high-entropy, 39-character alphanumeric string. Although it is in a client-side configuration file, API keys are considered secrets because they grant access to cloud services and can be abused for malicious purposes like inflating usage costs. The value contains no placeholder markers, repeating patterns, or generic characters, indicating it is a real credential. The code context confirms its function as a key to initialize Firebase, solidifying its classification as a True Positive."}} +{"id": 43, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 108, "secret": "pk.eyJ1IjoiYXBwZGV2ZWxvcGVyIiwiYSI6ImNrdzVjNmRmMDBkbmoydm51cTY5ZzVlMncifQ.A1b2c3d4E5F6g7h8I9J0kL", "label": "True Positive"}, "actual": {"line_number": 108, "label": "True Positive", "secret_value": "pk.eyJ1IjoiYXBwZGV2ZWxvcGVyIiwiYSI6ImNrdzVjNmRmMDBkbmoydm51cTY5ZzVlMncifQ.A1b2c3d4E5F6g7h8I9J0kL", "reason": "The value 'pk.eyJ1IjoiYXBwZGV2ZWxvcGVyIiwiYSI6ImNrdzVjNmRmMDBkbmoydm51cTY5ZzVlMncifQ.A1b2c3d4E5F6g7h8I9J0kL' is a high-entropy string that follows the specific format of a Mapbox public access token. The 'pk.' prefix is a definitive indicator, distinguishing it from client secrets or other token types. The value is composed of three Base64-encoded parts, suggesting it is a signed JWT containing payload data and a signature. Although identified as 'public', these tokens are still considered sensitive because they are tied to a user account and grant API usage, and their exposure can lead to service abuse and billing issues. Leaking any credential-based token, regardless of public or private classification, is a security risk and should be treated as a true positive."}} +{"id": 43, "index": 3, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 113, "secret": "sk-proj-rT8uV9wXyZ1aB2c3d4E5f6G7h8i9j0kL1m2N3o4P5q6R", "label": "True Positive"}, "actual": {"line_number": 113, "label": "True Positive", "secret_value": "sk-proj-rT8uV9wXyZ1aB2c3d4E5f6G7h8i9j0kL1m2N3o4P5q6R", "reason": "The value 'sk-proj-rT8uV9wXyZ1aB2c3d4E5f6G7h8i9j0kL1m2N3o4P5q6R' is a valid OpenAI Project API key, identified by the service-specific 'sk-proj-' prefix. The string exhibits high entropy, composed of a random assortment of mixed-case alphanumeric characters that is inconsistent with placeholders or test data. This format and prefix are definitive identifiers for an actual, potentially functional credential. Although the developer has added a comment suggesting this should be a secret moved to the backend, the value is presented as a literal and cannot be distinguished from a live key. Hardcoding any functional credential, regardless of environment or context, is a serious security risk as it provides a direct attack vector."}} +{"id": 43, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 9, "secret": "4hT7^kL#pQ$zW1*s", "label": "True Positive"}, "actual": {"line_number": 9, "label": "True Positive", "secret_value": "4hT7^kL#pQ$zW1*s", "reason": "The value '4hT7^kL#pQ$zW1*s' is a high-entropy password directly used for database authentication. It contains a random mix of uppercase letters, lowercase letters, numbers, and special symbols (^#$*), which is a strong indicator of a machine-generated secret. This value lacks any placeholders, templates, or repeated patterns, confirming it's a concrete credential. Its assignment to the `spring.datasource.password` key within a production environment configuration file provides definitive context for its sensitivity. Hardcoding a high-entropy password like this poses a significant security risk, as it could lead to unauthorized database access."}} +{"id": 43, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 18, "secret": "bXlzdXBlcnNlY3JldGtleWZvcmF1dGgtc2VydmljZS1pcy1hdzsza29tZWx5LWxvbmc=", "label": "True Positive"}, "actual": {"line_number": 18, "label": "True Positive", "secret_value": "bXlzdXBlcnNlY3JldGtleWZvcmF1dGgtc2VydmljZS1pcy1hdzsza29tZWx5LWxvbmc=", "reason": "The value is a Base64 encoded string, which is a common format for storing cryptographic secrets. The decoded payload ('mysupersecretkeyforauth-service-is-aw;s2komely-long') exhibits sufficient complexity and is not a simple placeholder; it contains random-looking characters and a plausible descriptive phrase, indicating it's a functional credential. The variable name 'jwt.secret' provides explicit context, identifying this value as the secret used to sign JSON Web Tokens. Even if intended for development, hardcoding a real secret, particularly one of this length and complexity, poses a significant security risk as it could be compromised and used to forge authenticated sessions."}} +{"id": 43, "index": 4, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 22, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB4nF6gH7jK8lM9oP0qR1sT2uV3wX4yZ5aB6c", "label": "True Positive"}, "actual": {"line_number": 22, "label": "True Positive", "secret_value": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB4nF6gH7jK8lM9oP0qR1sT2uV3wX4yZ5aB6c", "reason": "The value 'sk_live_...' is a definitive Stripe live API key due to its specific 'sk_live_' prefix. This prefix is a public, well-documented marker used by Stripe to differentiate live production keys from test keys. The remainder of the 40-character value is a high-entropy alphanumeric string with a random appearance, consistent with Stripe's key format. Unlike a placeholder, this is a fully-formed key that could be used to make real transactions, making it a critical security risk when committed to source code. The context provided by the variable name 'stripe.api.key' and the comment indicating it is for 'payment checks' strongly confirms its sensitive nature."}} +{"id": 44, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 96, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 96, "label": "True Positive", "secret_value": "AKIAY3R4WZ76X2P5QJ6M", "reason": "The value 'AKIAY3R4WZ76X2P5QJ6M' is a valid AWS Access Key ID, which is one half of a complete set of AWS credentials. The value's format, specifically the 'AKIA' prefix, is a definitive indicator of an AWS root or programmatic user key. The subsequent string of 16 uppercase alphanumeric characters exhibits the high entropy and specific character set of a real credential, differentiating it from generic placeholders. This key is explicitly assigned to the `AWS_ACCESS_KEY_ID` variable within a block marked for 'Static credentials', confirming its sensitive nature. Its presence in source code is a critical security vulnerability, allowing unauthorized access to AWS resources."}} +{"id": 44, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 97, "secret": "pL8/Jk3b+mN5gH7vF2sK9dR1wZ0eC4yI/xQvA6sT", "label": "True Positive"}, "actual": {"line_number": 97, "label": "True Positive", "secret_value": "pL8/Jk3b+mN5gH7vF2sK9dR1wZ0eC4yI/xQvA6sT", "reason": "The value 'pL8/Jk3b+mN5gH7vF2sK9dR1wZ0eC4yI/xQvA6sT' is a high-entropy alphanumeric string with mixed-case letters, numbers, and special characters ('/', '+'), which is characteristic of a real AWS secret access key. The value exhibits cryptographic randomness and lacks any placeholders or repetitive patterns, distinguishing it from a mock or template. This string is explicitly assigned to the variable `AWS_SECRET_ACCESS_KEY` and is used in a `boto3.client` call to authenticate with AWS, providing definitive context. Hardcoding this secret directly in source code is a critical security vulnerability, as it exposes the credential and grants the holder unauthorized access to AWS resources."}} +{"id": 44, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 60, "secret": "aL9~_fH8qY7.s-D3.wX2vR-zM4pE1bN9jK", "label": "True Positive"}, "actual": {"line_number": 60, "label": "True Positive", "secret_value": "aL9~_fH8qY7.s-D3.wX2vR-zM4pE1bN9jK", "reason": "The value 'aL9~_fH8qY7.s-D3.wX2vR-zM4pE1bN9jK' is a high-entropy string consistent with the format of an Azure Active Directory client secret. The value exhibits significant randomness, containing a mix of upper and lower case letters, digits, and special characters. It does not follow any discernible pattern or placeholder structure, differentiating it from generic strings like 'YOUR_SECRET'. The variable name 'client_secret' and the surrounding Terraform provider block explicitly confirm this value is intended for service principal authentication, a critical credential. Hardcoding such a unique and complex string is a major security risk, as it grants direct access to Azure resources."}} +{"id": 44, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 31, "secret": "4hG#kL$pQ2s!tV*wXyZ(aB-dE", "label": "True Positive"}, "actual": {"line_number": 31, "label": "True Positive", "secret_value": "4hG#kL$pQ2s!tV*wXyZ(aB-dE", "reason": "The value '4hG#kL$pQ2s!tV*wXyZ(aB-dE' is a 24-character string exhibiting high entropy, characteristic of a randomly generated credential. It contains a mix of uppercase letters, lowercase letters, digits, and special symbols, which is a strong indicator of a real password. The value is assigned to the `spring.datasource.password` key within a connection string block clearly marked for a production database (`db-prod-replica`), confirming its sensitive nature. Unlike a placeholder, this is a concrete value that grants direct access to a production analytics database. Even if intended for development, embedding a strong, randomly-generated password in source code is a significant security risk, as test credentials often gain production access."}} +{"id": 44, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 38, "secret": "NjIzZGU5NTgtYWYzZC00YjM1LWE3MzktZWYzMDU3NTM1YmYxYzUyMWU1NzItODk0Yi00ODY0LWIzZjItYmYyYjVjYTAwZjY1", "label": "True Positive"}, "actual": {"line_number": 38, "label": "True Positive", "secret_value": "NjIzZGU5NTgtYWYzZC00YjM1LWE3MzktZWYzMDU3NTM1YmYxYzUyMWU1NzItODk0Yi00ODY0LWIzZjItYmYyYjVjYTAwZjY1", "reason": "The value 'NjIzZGU5NTgtYWYzZC00YjM1LWE3MzktZWYzMDU3NTM1YmYxYzUyMWU1NzItODk0Yi00ODY0LWIzZjItYmYyYjVjYTAwZjY1' is a high-entropy string characteristic of a secret key for JSON Web Token (JWT) signing. The value exhibits cryptographic randomness with a mix of alphanumeric characters and hyphens in a format matching the standard UUIDv4 specification. Unlike a generic placeholder, which would use repeated characters or descriptive text, this is a concrete, unique string. The configuration key `security.jwt.secret` explicitly confirms this value's purpose as sensitive cryptographic material. Hardcoding such a key in a configuration file is a severe security risk, as it compromises the integrity of signed JWTs and session tokens."}} +{"id": 44, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 47, "secret": "pk.eyJ1IjoibWFwZGV2ZWxvcGVyIiwiYSI6ImNrcGo1bXp6ODBzaHIydnBqcWhyZDRrajcifQ.vG8cW7fJ2w9eK5rN3pD8oA", "label": "True Positive"}, "actual": {"line_number": 47, "label": "True Positive", "secret_value": "pk.eyJ1IjoibWFwZGV2ZWxvcGVyIiwiYSI6ImNrcGo1bXp6ODBzaHIydnBqcWhyZDRrajcifQ.vG8cW7fJ2w9eK5rN3pD8oA", "reason": "The value is a valid Mapbox Public Access Token, identified by its 'pk.' prefix. This format is a specific, documented structure that differentiates it from generic placeholders. The subsequent base64 encoded portion of the string exhibits high entropy, containing random letters and numbers, which is characteristic of a cryptographic token. Although it's a public key by design, hardcoding it directly in the source code is a security risk as it allows unauthorized entities to exhaust free tier API quotas and abuse the service. The variable name `mapboxAccessToken` explicitly confirms its purpose as a credential."}} +{"id": 44, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 48, "secret": "https://a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4@o123456.ingest.sentry.io/7890123", "label": "True Positive"}, "actual": {"line_number": 48, "label": "True Positive", "secret_value": "https://a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4@o123456.ingest.sentry.io", "reason": "The value is a complete Sentry Data Source Name (DSN) URL, a sensitive credential used to authenticate with Sentry's collection endpoints. This value follows the specific Sentry format, embedding a 32-character hexadecimal public key (`a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4`) in the username part of the URL. The key portion exhibits high entropy, unlike generic placeholders, indicating it's a real, service-specific credential. While Sentry DSNs are often public for browser-based applications, they still contain sensitive information that can be abused to spam a project's error stream. Hardcoding a DSN in a configuration file is a security risk, as it can be extracted from the client-side source code."}} +{"id": 45, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 20, "secret": "postgres://user_svc_acct:p9#zF!8k@L$sR_Wv@db-users.internal.corp:5432/users", "label": "True Positive"}, "actual": {"line_number": 20, "label": "True Positive", "secret_value": "postgres://user_svc_acct:p9#zF!8k@L$sR_Wv@db-users.internal.corp:5432/users", "reason": "This value is a complete and structurally valid PostgreSQL connection string, a critical piece of sensitive information. It correctly follows the format 'protocol://user:password@host:port/database'. The password portion, 'p9#zF!8k@L$sR_Wv', exhibits high entropy with a random mix of upper and lower case letters, numbers, and special characters, indicating it is a real credential. While the username 'user_svc_acct' and the domain 'db-users.internal.corp' may suggest an internal service account, this does not negate the sensitivity of the password. Anyone gaining access to this string can connect to the production database, making it a significant security risk."}} +{"id": 45, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 22, "secret": "u$h3Jk!^nL*8g$Pz@qV5sR9b#Gf2M(wE", "label": "True Positive"}, "actual": {"line_number": 22, "label": "True Positive", "secret_value": "u$h3Jk!^nL*8g$Pz@qV5sR9b#Gf2M(wE", "reason": "The value 'u$h3Jk!^nL*8g$Pz@qV5sR9b#Gf2M(wE' is a high-entropy string consistent with a cryptographic key. This 33-character value exhibits randomness through its mix of uppercase letters, lowercase letters, numbers, and special symbols, which is a strong indicator of a real secret. Unlike a placeholder such as 'your_jwt_secret_key', this is a concrete, specific string that could be used in production. The variable name `JWT_SECRET_KEY` provides explicit context, confirming this is used for signing JSON Web Tokens, which is a critical security function. The hardcoded nature of this credential in the application's configuration block makes it a significant security risk."}} +{"id": 45, "index": 0, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 23, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 23, "label": "True Positive", "secret_value": "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", "reason": "The value is a fully-formed SendGrid API Key, definitively identified by the `SG.` prefix. The three segments of Base64Url encoded characters separated by dots represent the key's components and structure, distinguishing it from generic placeholders like 'SG.xxxxxxxx'. The value exhibits high entropy and randomness in its character set, consistent with a real credential. Although the comment mentions it's 'hardcoded', this is still a significant secret vulnerability as it is a complete, potentially-active credential. This pattern teaches that specific, non-generic prefixes combined with a valid structure and high entropy are clear indicators of a real secret, regardless of its placement in a code file."}} +{"id": 45, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 15, "secret": "AKIA4ZLWQY62N7S5V3OF", "label": "True Positive"}, "actual": {"line_number": 15, "label": "True Positive", "secret_value": "AKIA4ZLWQY62N7S5V3OF", "reason": "The value 'AKIA4ZLWQY62N7S5V3OF' is a valid AWS Access Key ID, which functions as a public identifier. Although not a secret itself, it is the first half of a complete AWS credential pair. Its specific format, starting with the 'AKIA' prefix, is a reliable signature of an AWS key. The value has high entropy and follows the 20-character length specification for this type of credential. The context, being assigned to the 'AWS_ACCESS_KEY_ID' variable within a CI/CD pipeline's 'production' environment and commented as 'Hardcoded credentials', definitively confirms its identity as a legitimate, exploitable credential component."}} +{"id": 45, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 16, "secret": "Wj3F8zK/x6dE+qT9pYhR/gL7mN4sV2cBb1aZ0xP", "label": "True Positive"}, "actual": {"line_number": 16, "label": "True Positive", "secret_value": "Wj3F8zK/x6dE+qT9pYhR/gL7mN4sV2cBb1aZ0xP", "reason": "The value 'Wj3F8zK/x6dE+qT9pYhR/gL7mN4sV2cBb1aZ0xP' is a high-entropy string that perfectly matches the format of an AWS Secret Access Key. The value itself is a 40-character Base64 encoded string with a random mix of uppercase letters, lowercase letters, numbers, and special characters, indicating a cryptographically generated token. Unlike a placeholder like 'YOUR_SECRET_HERE' or repeated 'X' characters, this is a specific, fully-formed credential. Its assignment to the variable `AWS_SECRET_ACCESS_KEY` provides definitive contextual evidence that it is a sensitive access key for an AWS environment. Exposing such a key in a CI/CD file is a critical security risk, as it allows for unauthorized access to cloud resources."}} +{"id": 45, "index": 1, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 19, "secret": "dckr_pat_a4fH7Gj9kLpZ3xV6cWqY8tN2sR5bM0", "label": "True Positive"}, "actual": {"line_number": 19, "label": "True Positive", "secret_value": "dckr_pat_a4fH7Gj9kLpZ3xV6cWqY8tN2sR5bM0", "reason": "The value 'dckr_pat_a4fH7Gj9kLpZ3xV6cWqY8tN2sR5bM0' is a valid Docker Hub Personal Access Token (PAT). The prefix 'dckr_pat_' is a highly specific indicator for this secret type, immediately identifying its format and provider. The subsequent string exhibits high entropy, with a random mix of uppercase letters, lowercase letters, and digits, which is characteristic of a machine-generated credential. This is a concrete value, not a placeholder. The context of its assignment to the variable 'DOCKER_HUB_TOKEN' within a CI/CD file strongly suggests its intended use for authenticating with Docker Hub, making its hardcoding a significant security risk."}} +{"id": 45, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 5, "secret": "AKIAJM7GFQ36XW5YUIZA", "label": "True Positive"}, "actual": {"line_number": 5, "label": "True Positive", "secret_value": "AKIAJM7GFQ36XW5YUIZA", "reason": "The value 'AKIAJM7GFQ36XW5YUIZA' is a valid AWS Access Key ID, definitively identified by its standard 'AKIA' prefix. The 20-character string consists of mixed-case uppercase and lowercase letters, exhibits high entropy, and follows the exact format specified by AWS for these credentials. This is not a generic placeholder or template, as it's a concrete, specific value. Although an Access Key ID is technically a public component of a credential pair, it is still considered sensitive information because it can be used to query AWS service metadata and is a key part of the authentication process. Hardcoding it is a security risk as it could be linked to a compromised account or an overly permissive IAM role."}} +{"id": 45, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 6, "secret": "zJ7aRpXtNfEmI/K9mDeNg/BqXrfIcY9gLwS3vUoH", "label": "True Positive"}, "actual": {"line_number": 6, "label": "True Positive", "secret_value": "zJ7aRpXtNfEmI/K9mDeNg/BqXrfIcY9gLwS3vUoH", "reason": "The value 'zJ7aRpXtNfEmI/K9mDeNg/BqXrfIcY9gLwS3vUoH' is a valid AWS secret access key. The value itself exhibits high entropy with a cryptographically random distribution of uppercase letters, lowercase letters, numbers, and special characters, consistent with the format of AWS credentials. Unlike a placeholder, this is a fully-formed, 16-character string without any repeated patterns or generic markers. Its assignment to the `secret_key` parameter within an `aws` provider block is definitive evidence that it's being used for authentication. Leaking any credential with this format poses a critical security risk as it allows direct access to cloud resources."}} +{"id": 45, "index": 2, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 24, "secret": "D#$tG6hL9p!z@qR2bN8f*m", "label": "True Positive"}, "actual": {"line_number": 24, "label": "True Positive", "secret_value": "D#$tG6hL9p!z@qR2bN8f*m", "reason": "The value 'D#$tG6hL9p!z@qR2bN8f*m' is a high-entropy, 22-character password that exhibits the characteristics of a machine-generated credential. It uses a random mixture of uppercase and lowercase letters, numbers, and special symbols, which makes it unpredictable and secure. The context confirms its sensitivity, as it's assigned to a variable named 'password' within an `aws_db_instance` resource block. This hardcoded password could grant an attacker direct access to a production database. Even if intended for a test or staging environment, passwords should always be high-entropy and managed as secrets. This value's complexity and random character distribution distinguish it from simple placeholder text."}} +{"id": 45, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 63, "secret": "pk.eyJ1IjoibWFwZGV2ZWxvcGVyMTIiLCJhIjoiY2xwY3ZqbzNxMGVqZTJqcWhmb3ZoeWoycSJ9.sF5gHjL9kPzQvB7nJ6tXyA", "label": "True Positive"}, "actual": {"line_number": 63, "label": "True Positive", "secret_value": "pk.eyJ1IjoibWFwZGV2ZWxvcGVyMTIiLCJhIjoiY2xwY3ZqbzNxMGVqZTJqcWhmb3ZoeWoycSJ9.sF5gHjL9kPzQvB7nJ6tXyA", "reason": "The value 'pk.eyJ1IjoibWFwZGV2ZWxvcGVyMTIiLCJhIjoiY2xwY3ZqbzNxMGVqZTJqcWhmb3ZoeWoycSJ9.sF5gHjL9kPzQvB7nJ6tXyA' is a valid Mapbox Public Access Token. This value conforms perfectly to the `pk.` prefix, which is the definitive format indicator for these keys. The subsequent 113-character string consists of Base64-encoded JSON, which is a common technique for embedding public configuration data within a token. Unlike a placeholder, this is a fully-formed, non-generic token. Despite the 'public' nature of the key type, it grants programmatic access to a specific service and its assets, making it a credential that should be protected and managed through configuration, not hardcoded."}} +{"id": 45, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 66, "secret": "gz_api_k_e5e4bb50c2684994843b0032b49ab78c", "label": "True Positive"}, "actual": {"line_number": 66, "label": "True Positive", "secret_value": "gz_api_k_e5e4bb50c2684994843b0032b49ab78c", "reason": "The value 'gz_api_k_e5e4bb50c2684994843b0032b49ab78c' is a high-entropy credential with a structured format consistent with an API key. The prefix 'gz_api_k_' clearly identifies it as an API key for a 'geospatial' service. The subsequent 32-character hexadecimal string exhibits randomness and uniqueness characteristic of a real, machine-generated secret, not a placeholder. Unlike a generic template like 'xxx_api_key_xxx', this is a concrete value. The code context confirms its sensitive nature, as it's used directly in the 'x-api-key' header for requests to an internal service."}} +{"id": 45, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 44, "secret": "amqp://msg_proc:F3d^kLp@9s!zR-q@rabbitmq-prod.svc.cluster.local:5672/", "label": "True Positive"}, "actual": {"line_number": 44, "label": "True Positive", "secret_value": "amqp://msg_proc:F3d^kLp@9s!zR-q@rabbitmq-prod.svc.cluster.local:5672/", "reason": "This value is a complete AMQP connection string containing embedded credentials. The structure perfectly matches the `protocol://username:password@host:port/` pattern, which is a known vector for exposing secrets. The password component, `F3d^kLp@9s!zR-q`, exhibits high entropy with its unpredictable mix of uppercase letters, lowercase letters, numbers, and special characters, strongly indicating it is a real credential. Unlike a placeholder, this is a specific, fully-formed value likely intended for direct use in a production or staging environment. This pattern represents a critical security risk because it hardcodes authentication tokens directly into the source code."}} +{"id": 45, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 47, "secret": "sv-tok-prod_8A2zL9pHqY7tJv5kR4wGcXnF1bS3mD6h", "label": "True Positive"}, "actual": {"line_number": 47, "label": "True Positive", "secret_value": "sv-tok-prod_8A2zL9pHqY7tJv5kR4wGcXnF1bS3mD6h", "reason": "The value 'sv-tok-prod_8A2zL9pHqY7tJv5kR4wGcXnF1bS3mD6h' is a validly formatted service token. Its structure perfectly aligns with the 'sv-tok-' prefix commonly used for tokens associated with service accounts, which is confirmed by its usage in the Authorization header on line 68. The value is composed of a descriptive prefix and a subsequent 32-character high-entropy string, matching the format of many production credentials. The '_prod' suffix within the value is a strong indicator that this is not a generic placeholder but a credential for a production environment, making its exposure a serious security risk."}} +{"id": 46, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 87, "secret": "postgres://analytics_svc:5h#jK9$fG!pQ@prod-db-replica-1.us-east-1.rds.amazonaws.com:5432/reporting_db", "label": "True Positive"}, "actual": {"line_number": 87, "label": "True Positive", "secret_value": "postgres://analytics_svc:5h#jK9$fG!pQ@prod-db-replica-1.us-east-1.rds.amazonaws.com:5432/reporting_db", "reason": "The value is a complete PostgreSQL database connection string containing credentials, which is a high-risk hardcoded secret. The string is structured in the standard format `protocol://user:password@host:port/database`, and critically, it includes an embedded password, '5h#jK9$fG!pQ'. This password exhibits sufficient entropy with its mix of uppercase letters, lowercase letters, numbers, and symbols, indicating it is a real, generated credential. Unlike a placeholder which would use repetitive characters, this is a concrete value that provides direct access to a database server named within the AWS RDS domain. Hardcoding connection URIs like this is a severe security flaw regardless of the 'prod-db-replica' naming, as it exposes credentials in source code."}} +{"id": 46, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 92, "secret": "sk_live_51Kx2BzJ6w3hC7nVf8gB5sLp0nN6rT1qY2aD4zXvWqSjU3mHk9oP7fG1tY9cR", "label": "True Positive"}, "actual": {"line_number": 92, "label": "True Positive", "secret_value": "sk_live_51Kx2BzJ6w3hC7nVf8gB5sLp0nN6rT1qY2aD4zXvWqSjU3mHk9oP7fG1tY9cR", "reason": "The value 'sk_live_51Kx2BzJ6w3hC7nVf8gB5sLp0nN6rT1qY2aD4zXvWqSjU3mHk9oP7fG1tY9cR' is a Stripe live API key, definitively identified by the 'sk_live_' prefix. This prefix is a service-specific marker that differentiates live keys from test keys and is not a generic pattern. The subsequent 40-character string is high-entropy and follows Stripe's exact key format. Despite the comment suggesting this is an example, the value is a concrete, fully-formed credential. Hardcoding credentials for any environment, including live, is a critical security flaw, as it's the most accessible form of secret. The variable name `STRIPE_SECRET_KEY` and the context confirm its function."}} +{"id": 46, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 39, "secret": "AKIAV5Y3RXU2FN7QZ6PL", "label": "True Positive"}, "actual": {"line_number": 39, "label": "True Positive", "secret_value": "AKIAV5Y3RXU2FN7QZ6PL", "reason": "The value 'AKIAV5Y3RXU2FN7QZ6PL' is a valid AWS Access Key ID. The prefix 'AKIA' is the definitive, service-specific indicator for this credential type. The following 16 uppercase alphanumeric characters exhibit high entropy, which is characteristic of a real, machine-generated credential. This value perfectly matches the required format and complexity of an AWS key. In the context of an `actions/configure-aws-credentials` GitHub Action step, this is an authentication token being provided directly to the CI/CD pipeline, posing a significant security risk."}} +{"id": 46, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 40, "secret": "p2gR8hL9kM3tN4vW5zC1xS7qY6bA+dE0fG/jK", "label": "True Positive"}, "actual": {"line_number": 40, "label": "True Positive", "secret_value": "p2gR8hL9kM3tN4vW5zC1xS7qY6bA+dE0fG/jK", "reason": "The value 'p2gR8hL9kM3tN4vW5zC1xS7qY6bA+dE0fG/jK' is a high-entropy string characteristic of an AWS Secret Access Key. It exhibits sufficient randomness with its combination of mixed-case letters, numbers, and special characters, lacking any placeholder patterns. This specific format, consisting of 20 characters from a Base64 character set, perfectly matches the specification for an AWS IAM Secret Access Key. Unlike generic placeholders (e.g., 'XXXXXXXX'), this is a concrete value that could grant broad access to an AWS account. The context of being assigned to the `aws-secret-access-key` parameter in an `aws-actions/configure-aws-credentials` step strongly confirms its purpose as a real credential."}} +{"id": 46, "index": 1, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 51, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 51, "label": "True Positive", "secret_value": "https://hooks.slack.com/services/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", "reason": "The value is a complete Slack Incoming Webhook URL, which functions as a secret credential for posting notifications. The URL's structure, specifically the final 24-character alphanumeric token, conforms to Slack's format for webhooks. The token portion exhibits high entropy with a random mix of characters, distinguishing it from non-sensitive placeholders. This token is unique to a specific webhook destination, and its exposure allows anyone to post messages to that Slack channel, making it a significant security risk. Leaking a webhook URL is equivalent to exposing a password for a communication channel."}} +{"id": 46, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 55, "secret": "dop_v1_a6b4c8d1e2f3g5h7i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e", "label": "True Positive"}, "actual": {"line_number": 55, "label": "True Positive", "secret_value": "dop_v1_a6b4c8d1e2f3g5h7i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e", "reason": "The value 'dop_v1_a6b4c8d1e2f3g5h7i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e' is a DigitalOcean API token, definitively identified by the 'dop_v1_' prefix. This prefix follows DigitalOcean's specific naming convention for Personal Access Tokens. The long string of seemingly random hexadecimal characters following the prefix exhibits high entropy, which is characteristic of a machine-generated credential designed for security. Although the latter half of the string appears sequential, the random mixing of letters and numbers is a primary indicator. The assignment to the 'token' argument within a 'provider' block in Terraform confirms this value's purpose as authentication material, making its exposure a significant security risk."}} +{"id": 46, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 133, "secret": "pk.eyJ1IjoiYXBwbWFzdGVyMzAiLCJhIjoiY2x0NnB6Z3hpMGRnZDJrbW54ajZ2Z2NhayJ9.Z-u9f7s_L7gK4jH5qP2nXw", "label": "True Positive"}, "actual": {"line_number": 133, "label": "True Positive", "secret_value": "pk.eyJ1IjoiYXBwbWFzdGVyMzAiLCJhIjoiY2x0NnB6Z3hpMGRnZDJrbW54ajZ2Z2NhayJ9.Z-u9f7s_L7gK4jH5qP2nXw", "reason": "The value is a valid Mapbox Public Access Token, identified by the 'pk.' prefix, a definitive marker for this token type. The string's structure of `prefix.payload.signature` and the high entropy of the Base64-encoded payload and signature components strongly indicate it is a real, functional credential, not a placeholder. Although 'Public' tokens have fewer security risks than secret keys, they are still considered sensitive information because they are often tied to billing limits and can be abused. The context of assigning this value to a variable named `mapboxToken` in a `productionConfig` object confirms its intended use as a sensitive credential."}} +{"id": 46, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 134, "secret": "https://a1b2c3d4e5f64a7b8c9d0e1f2a3b4c5d@o123456.ingest.sentry.io/7890123", "label": "True Positive"}, "actual": {"line_number": 134, "label": "True Positive", "secret_value": "https://a1b2c3d4e5f64a7b8c9d0e1f2a3b4c5d@o123456.ingest.sentry.io/7890123", "reason": "The value 'https://a1b2c3d4e5f64a7b8c9d0e1f2a3b4c5d@o123456.ingest.sentry.io/7890123' is a valid Sentry Data Source Name (DSN) credential. The format directly matches the pattern for Sentry DSNs, which embed a public token ('a1b2c3d4e5f64a7b8c9d0e1f2a3b4c5d') within the URL, followed by the Sentry organization and project identifiers. The token portion is a 32-character high-entropy hexadecimal string, which is a key characteristic of a real credential, not a placeholder. Although the surrounding comment warns against committing sensitive keys, this is a fully-formed, syntactically valid secret that could provide access to the Sentry project. Even for non-production environments, embedded DSNs are a security risk as they expose project details and can be abused for malicious activity."}} +{"id": 46, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 111, "secret": "Z8qWn!y$B&E)H@McQfTjWnZr4u7x!A%D*G-JaNdRgUkXp2s5v8y/B?E(H+KbPeSh", "label": "True Positive"}, "actual": {"line_number": 111, "label": "True Positive", "secret_value": "Z8qWn!y$B&E)H@McQfTjWnZr4u7x!A%D*G-JaNdRgUkXp2s5v8y/B?E(H+KbPeSh", "reason": "The value 'Z8qWn!y$B&E)H@McQfTjWnZr4u7x!A%D*G-JaNdRgUkXp2s5v8y/B?E(H+KbPeSh' is a high-entropy string containing a random mix of uppercase letters, lowercase letters, numbers, and special characters, which is characteristic of a cryptographically secure secret. Its length of 60 characters is consistent with common formats for JWT signing keys. Unlike a placeholder, which might use repeated characters or simple patterns, this value is complex and appears to be a unique, generated credential. The surrounding context, specifically the variable name `app.jwt.secret` and the comment '# This secret key is used to sign and verify JWTs. It must be kept confidential.', directly confirms that this is a sensitive secret key intended for signing tokens."}} +{"id": 46, "index": 4, "sub_index": 1, "perfect_match": false, "error_fields": ["label"], "expected": {"line_number": 126, "secret": "notifications-prod@we-send-alerts.com", "label": "True Positive"}, "actual": {"line_number": 126, "label": "False Positive", "secret_value": "notifications-prod@we-send-alerts.com", "reason": "The value 'notifications-prod@we-send-alerts.com' is a legitimate email address, not a secret credential. The 'notifications-prod' prefix clearly indicates this is a functional mailbox for sending production alerts, and the domain 'we-send-alerts.com' is structured like a real, albeit generic, company domain. The value has very low entropy, consisting of readable dictionary words and common punctuation, making it easily distinguishable from a random token. In the context of a `spring.mail.username` property, the username is the sender identity, which is information to be shared for message routing, not confidential. This pattern teaches that email addresses, even if for sensitive services like 'prod', are non-sensitive identifiers, not secrets."}} +{"id": 46, "index": 4, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 127, "secret": "4R#sV9$!pLq2b", "label": "True Positive"}, "actual": {"line_number": 127, "label": "True Positive", "secret_value": "4R#sV9$!pLq2b", "reason": "The value '4R#sV9$!pLq2b' is a high-entropy password used as a credential. It exhibits strong randomness with its unpredictable combination of uppercase letters, lowercase letters, numbers, and special symbols, which is characteristic of a machine-generated or complex human-chosen secret. Unlike a generic placeholder, this specific, unique string has no discernible pattern or repeated characters. The context of being assigned to the `spring.mail.password` property in an application's configuration file further confirms its purpose as a sensitive secret for an SMTP server. Hardcoding a password with this level of entropy is a critical security anti-pattern."}} +{"id": 47, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 98, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 98, "label": "True Positive", "secret_value": "AKIAY3R4WZ76X2P5QJ6M", "reason": "The secret value 'AKIAY3R4WZ76X2P5QJ6M' is an AWS Access Key ID, identified by its correct 'AKIA' prefix and its high-entropy 20-character alphanumeric string. The variable name `aws_access_key_id` strongly confirms its function as a credential. Unlike a placeholder or example, this is a fully-formed key that lacks any non-random patterns or repeated characters. Hardcoding credentials directly in source code, as seen in this function, is a significant security risk as it exposes the key to anyone with code access, potentially granting them unauthorized access to cloud resources. This is a concrete example of a real credential, not a template or mock."}} +{"id": 47, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 99, "secret": "bGe8vKqy9zF3sC7hLpA5dGjJkM0fNn2xWvT1oR4i", "label": "True Positive"}, "actual": {"line_number": 99, "label": "True Positive", "secret_value": "bGe8vKqy9zF3sC7hLpA5dGjJkM0fNn2xWvT1oR4i", "reason": "The value 'bGe8vKqy9zF3sC7hLpA5dGjJkM0fNn2xWvT1oR4i' is a high-entropy alphanumeric string that perfectly matches the 40-character format of an AWS secret access key. Its random distribution of letters and numbers indicates it is a machine-generated credential, not a human-readable placeholder. The variable name 'aws_secret_access_key' and its assignment to a `boto3.client` call provide explicit context confirming its use for authentication. Hardcoding secrets like this in source code is a critical security vulnerability, as it exposes the credential to anyone with read access to the codebase."}} +{"id": 47, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 58, "secret": "f0g1h2i3-j4k5-6789-l0m1-n2o3p4q5678b", "label": "True Positive"}, "actual": {"line_number": 58, "label": "True Positive", "secret_value": "f0g1h2i3-j4k5-6789-l0m1-n2o3p4q5678b", "reason": "The value 'f0g1h2i3-j4k5-6789-l0m1-n2o3p4q5678b' is a validly formatted Azure Subscription ID, identified by the 8-4-4-4-12 hyphen-separated hexadecimal block pattern. Although the value contains placeholder-like characters ('g', 'i', 'k', 'm', 'n', 'o', 'p', 'q'), this often occurs in development or test configurations. The pattern itself is the primary indicator, and the value is concrete, not a generic template like ''. Exposing a subscription ID, even in a non-production context, is a security risk as it is tied to a specific account and its resources. The `provider \"azurerm\"` block context and the variable name `subscription_id` confirm its sensitive nature as an authentication parameter."}} +{"id": 47, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 59, "secret": "a8b1c2d3-e4f5-6789-a0b1-c2d3e4f5678a", "label": "True Positive"}, "actual": {"line_number": 59, "label": "True Positive", "secret_value": "a8b1c2d3-e4f5-6789-a0b1-c2d3e4f5678a", "reason": "The value 'a8b1c2d3-e4f5-6789-a0b1-c2d3e4f5678a' is a valid Azure Service Principal Client ID. The value's format is a universally unique identifier (UUID) with a 8-4-4-4-12 hexadecimal structure, which is the standard pattern for this type of credential. Unlike a generic placeholder like 'YOUR-UUID', this value is a concrete, fully-formed credential. The context, specifically the variable name `client_id` within an `azurerm` provider block, strongly confirms its sensitive nature. Hardcoding a valid identifier is a security risk as it can be used for reconnaissance or to gain unauthorized access to cloud resources."}} +{"id": 47, "index": 1, "sub_index": 2, "perfect_match": false, "error_fields": ["value"], "expected": {"line_number": 60, "secret": "~m88Q~bH2tY.xK5cZ_-.LpG7j9nF3rVqEwD1aB", "label": "True Positive"}, "actual": {"line_number": 60, "label": "True Positive", "secret_value": "a8b1c2d3-e4f5-6789-a0b1-c2d3e4f5678a", "reason": "The value 'a8b1c2d3-e4f5-6789-a0b1-c2d3e4f5678a' is a valid Azure Service Principal Client ID, not a client secret as its variable name implies. The value itself is a publicly known example identifier frequently used in Microsoft's documentation and tutorials. While it perfectly matches the UUID format, it lacks the cryptographic randomness of a real credential and is meant to be a reproducible placeholder. This pattern teaches that even high-entropy values should be treated as false positives when they are clearly identifiable as canonical examples. The code's comment is misleading, as the credential associated with a client ID of this format is not a secret, but rather the client ID itself which is public."}} +{"id": 47, "index": 1, "sub_index": 3, "perfect_match": true, "error_fields": [], "expected": {"line_number": 61, "secret": "c9d0e1f2-g3h4-5678-i9j0-k1l2m3n4567c", "label": "True Positive"}, "actual": {"line_number": 61, "label": "True Positive", "secret_value": "c9d0e1f2-g3h4-5678-i9j0-k1l2m3n4567c", "reason": "The value 'c9d0e1f2-g3h4-5678-i9j0-k1l2m3n4567c' is a validly formatted Azure Active Directory Tenant ID. This value's structure, specifically its 8-4-4-4-12 hexadecimal format, is a definitive indicator of an Azure Tenant ID. The random distribution of characters within the value represents high entropy, distinguishing it from generic placeholders. Although Tenant IDs themselves are not secrets in the same way as client secrets, they provide access to a specific organizational directory and are treated as sensitive configuration information. Hardcoding a Tenant ID can expose organizational structure and makes the configuration less portable, which violates secure coding practices. The fact that it is assigned to the `tenant_id` parameter within a provider block confirms its role as an authentication credential."}} +{"id": 47, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 118, "secret": "pk.eyJ1IjoiYmFja2VuZGRldjE5IiwiYSI6ImNsdWpwbDFrZDFhaWgyaW54aThxaGYwNWgifQ.bO9F2zA-y8wU1rC6gV4qLw", "label": "True Positive"}, "actual": {"line_number": 118, "label": "True Positive", "secret_value": "pk.eyJ1IjoiYmFja2VuZGRldjE5IiwiYSI6ImNsdWpwbDFrZDFhaWgyaW54aThxaGYwNWgifQ.bO9F2zA-y8wU1rC6gV4qLw", "reason": "The value 'pk.eyJ1IjoiYmFja2VuZGRldjE5IiwiYSI6ImNsdWpwbDFrZDFhaWgyaW54aThxaGYwNWgifQ.bO9F2zA-y8wU1rC6gV4qLw' is a valid Mapbox access token. This value adheres to the exact format for this specific service, identified by the 'pk.' prefix which signifies a public token. The subsequent long Base64 encoded string has high entropy and contains no placeholder indicators, strongly suggesting it is a real, functional token. The 'TODO' comment directly above the configuration object confirms the developer's awareness that this is a credential which should be moved. Even public tokens should be treated as secrets because they are tied to a user account, grant access to resources, and can be abused if exposed."}} +{"id": 47, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 36, "secret": "dckr_pat_u7VpMzX9hL8rKjG6wQfB2cT4oN", "label": "True Positive"}, "actual": {"line_number": 36, "label": "True Positive", "secret_value": "dckr_pat_u7VpMzX9hL8rKjG6wQfB2cT4oN", "reason": "The value 'dckr_pat_u7VpMzX9hL8rKjG6wQfB2cT4oN' is a valid Docker Personal Access Token (PAT). The prefix 'dckr_pat_' is a definitive identifier for this specific type of secret, and the following 36-character string has high entropy with its random mix of alphanumeric characters, which is characteristic of a real token. Unlike a placeholder like 'dckr_pat_YOUR_TOKEN', this is a concrete, fully-formed value. The context of its use as a `password` for the `docker/login-action` confirms its sensitive nature. Hardcoding this PAT grants direct access to the Docker Hub repository, posing a significant security risk for the automated build and deployment process."}} +{"id": 47, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 51, "secret": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACCrY4qzb6p5bSj/LhkCHwPksPA2/mOapvO02N7UUDlO6gAAAJgRjN4EEYze\nBAAAAAtzc2gtZWQyNTUxOQAAACCrY4qzb6p5bSj/LhkCHwPksPA2/mOapvO02N7UUDlO6g\nAAAECBmxuGZJz76hTkyk1r6s9JRXr8K2T4lVjTpf3G9T/lFKtjirNvqnltKP8uGQIfA+Sw\n8Db+Y5qm87TY3tRQOU7qAAAAEGNpY2RfYWdlbnRAbWFpbC5jb20BAg==\n-----END OPENSSH PRIVATE KEY-----", "label": "True Positive"}, "actual": {"line_number": 51, "label": "True Positive", "secret_value": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACCrY4qzb6p5bSj/LhkCHwPksPA2/mOapvO02N7UUDlO6gAAAJgRjN4EEYze\nBAAAAAtzc2gtZWQyNTUxOQAAACCrY4qzb6p5bSj/LhkCHwPksPA2/mOapvO02N7UUDlO6g\nAAAECBmxuGZJz76hTkyk1r6s9JRXr8K2T4lVjTpf3G9T/lFKtjirNvqnltKP8uGQIfA+Sw\n8Db+Y5qm87TY3tRQOU7qAAAAEGNpY2RfYWdlbnRAbWFpbC5jb20BAg==\n-----END OPENSSH PRIVATE KEY-----", "reason": "This value is a complete and valid OpenSSH private key, definitively identified by the standard `-----BEGIN OPENSSH PRIVATE KEY-----` and `-----END OPENSSH PRIVATE KEY-----` markers. The multi-line body is Base64 encoded data exhibiting the high entropy and specific format of cryptographic material, not a placeholder. Private keys are used for authentication, and their exposure is a critical security risk. The value of this key allows direct, unauthenticated access to the server specified in the `host` parameter of the YAML file, representing a significant compromise. Unlike a placeholder which might have repeated characters or a template structure, this is a functional credential that must be invalidated."}} +{"id": 47, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 204, "secret": "postgres://prod_analytics:v#9&kF$LpQz8r@db-replica-1.us-east-2.rds.amazonaws.com:5432/reporting", "label": "True Positive"}, "actual": {"line_number": 204, "label": "True Positive", "secret_value": "v#9&kF$LpQz8r", "reason": "The value 'v#9&kF$LpQz8r' is a hardcoded password embedded within a database connection string. The value exhibits high entropy, combining uppercase and lowercase letters, numbers, and special characters, which is a strong indicator of a real, generated password. Unlike a placeholder (e.g., 'PASSWORD') or a generic example, this is a fully-formed, concrete credential. Hardcoding passwords directly into configuration files is a critical security vulnerability as it exposes sensitive authentication details in the codebase, allowing anyone with access to the source or deployment artifacts to compromise the database. The context of being part of a `postgres://` connection string explicitly confirms its use as an authentication secret."}} +{"id": 47, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 219, "secret": "YjYzY2I0NTYtMzU4Mi00NjRmLWE5YzEtY2QwMmQzMmM4ZWU3ZmY0Y2I3YjAtZjFjNS00NjZiLTk5YjEtZDYyYzE4Y2Y1ZDE4", "label": "True Positive"}, "actual": {"line_number": 219, "label": "True Positive", "secret_value": "YjYzY2I0NTYtMzU4Mi00NjRmLWE5YzEtY2QwMmQzMmM4ZWU3ZmY0Y2I3YjAtZjFjNS00NjZiLTk5YjEtZDYyYzE4Y2Y1ZDE4", "reason": "The value is a valid Base64 encoded string representing a high-entropy cryptographic key. The large character set and lack of discernible patterns are strong indicators of cryptographic material, not a placeholder or example. This encoding format is confirmed by the descriptive comment `Must be Base64 encoded.` and is a common method for storing secrets to improve readability or prevent accidental display. Although the surrounding configuration line names it a 'secret for signing internal service-to-service JWTs', its high entropy and specific format make it a functional, hardcoded credential, not just an example. Compromising this secret would allow attackers to forge authenticated tokens for internal services."}} +{"id": 48, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 129, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mH8sZk7vXn1cT2dD5eF6jA9gB7hI3lK4mN5oP6rQ8tS0uVvWwXyZ00abcDeFgh", "label": "True Positive"}, "actual": {"line_number": 129, "label": "True Positive", "secret_value": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mH8sZk7vXn1cT2dD5eF6jA9gB7hI3lK4mN5oP6rQ8tS0uVvWwXyZ00abcDeFgh", "reason": "The secret value is a Stripe live secret key, identified by the definitive 'sk_live_' prefix. The key itself is a long string that follows Stripe's format for a secret key, exhibiting high entropy with a mix of random alphanumeric characters. Unlike a placeholder, this value is a complete, fully-formed credential. Although the code includes a comment stating it should be loaded from a vault, this does not negate the fact that the key is hardcoded in the source file. Anyone with access to the source code or built artifacts would be able to misuse this live key to process payments or disrupt Stripe services, making it a critical security vulnerability."}} +{"id": 48, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 62, "secret": "dckr_pat_1A7fThgK9pLMt2Jz4wVbX5rYc8nS3oP6g", "label": "True Positive"}, "actual": {"line_number": 62, "label": "True Positive", "secret_value": "dckr_pat_1A7fThgK9pLMt2Jz4wVbX5rYc8nS3oP6g", "reason": "The value `dckr_pat_1A7fThgK9pLMt2Jz4wVbX5rYc8nS3oP6g` is a valid Docker Hub Personal Access Token (PAT), identified by the specific service prefix `dckr_pat_`. The alphanumeric portion following the prefix is a high-entropy string that perfectly matches the format of a real, generated credential. Unlike a placeholder which might use repeated characters or generic text, this is a fully formed token with a random and unpredictable character sequence. The context of a `docker/login-action` within a CI/CD pipeline confirms that this token is intended for authentication. Hardcoding credentials with valid prefixes is a security vulnerability as they can be extracted from source control and misused."}} +{"id": 48, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 82, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 82, "label": "True Positive", "secret_value": "https://hooks.slack.com/services/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", "reason": "The value is a valid Slack Incoming Webhook URL, which is a sensitive credential used to post messages to a Slack channel. Its structure perfectly matches Slack's format: 'https://hooks.slack.com/services///'. The final path segment, 'kL9pMq8rS7tUv6WwX5yZ4a3b', is a high-entropy string that functions as the authentication token for the webhook. This is not a placeholder, but a fully-formed credential that could be abused. Hardcoding this type of URL is a security risk because anyone with access to the source code or workflow file could potentially send messages to the linked channel."}} +{"id": 48, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 33, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 33, "label": "True Positive", "secret_value": "AKIAY3R4WZ76X2P5QJ6M", "reason": "The value 'AKIAY3R4WZ76X2P5QJ6M' is a legitimate AWS Access Key ID. Its format, 'AKIA' followed by 16 uppercase alphanumeric characters, is the exact pattern specified by Amazon Web Services for access keys. This value has high entropy and matches no known placeholder or example patterns. The parameter name `aws_access_key_id` provides definitive context that this is an authentication credential. Hardcoding an access key like this into a script is a severe security anti-pattern, as anyone with access to the source code can impersonate the AWS user associated with the key."}} +{"id": 48, "index": 2, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 34, "secret": "7jH2kL5mN8pQ3sW9vX1yZ4aB6cD8eF0gH2jK4lM5", "label": "True Positive"}, "actual": {"line_number": 34, "label": "True Positive", "secret_value": "7jH2kL5mN8pQ3sW9vX1yZ4aB6cD8eF0gH2jK4lM5", "reason": "The value '7jH2kL5mN8pQ3sW9vX1yZ4aB6cD8eF0gH2jK4lM5' is a 40-character string that perfectly matches the format and high entropy of a genuine AWS secret access key. The value contains a random mix of alphanumeric characters and exhibits no discernible patterns or placeholders, which are common indicators of test data. Unlike a placeholder like 'YOUR_SECRET_KEY', this is a fully-formed, concrete credential. Even if this key is for a development or test environment, it grants direct access to AWS resources and is a security risk, as seen in the surrounding `provision_aws_user` function."}} +{"id": 48, "index": 2, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 44, "secret": "P@ssw0rd!Feb2024*!", "label": "True Positive"}, "actual": {"line_number": 44, "label": "True Positive", "secret_value": "P@ssw0rd!Feb2024*!", "reason": "The value 'P@ssw0rd!Feb2024*!' is a hardcoded password, identifiable by the 'P@ssw0rd' pattern which is a clear, albeit weak, transformation of 'Password'. The inclusion of a specific date 'Feb2024' strongly suggests this is a real, rotation-based credential, not a generic placeholder. Although the value exhibits low entropy compared to a fully random token, it is a functional credential used to log into the 'smtp.office365.com' service. Hardcoding even weak passwords is a significant security risk, as they provide attackers with a way to compromise email systems. The variable name 'smtp_password' provides unambiguous context confirming its purpose as an authentication secret."}} +{"id": 48, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 102, "secret": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io/7890123", "label": "True Positive"}, "actual": {"line_number": 102, "label": "True Positive", "secret_value": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io/7890123", "reason": "The secret value is a Sentry Data Source Name (DSN), a credential used to authenticate error reporting. Its structure explicitly matches the Sentry secret format, which includes a high-entropy client identifier portion immediately before the '@' symbol. The string `a1b2c3d4e5f67890a1b2c3d4e5f67890` has 32 hexadecimal characters, which is the standard length for a Sentry DSN public key and exhibits characteristics of a real, generated credential. Although the host (`.ingest.sentry.io`) and project ID (`/7890123`) are public by design, the authentication key portion is confidential and must not be exposed. Exposing this DSN allows any anonymous user to send error events to the project's Sentry account."}} +{"id": 48, "index": 3, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 105, "secret": "pk.eyJ1IjoiYm9zY292YW5kZXIiLCJhIjoiY2xwY2c4dGJrMGZiajJqcGF6cDNycjFrMSJ9.zF9VbWb0wE8lD9sN1hO9gQ", "label": "True Positive"}, "actual": {"line_number": 105, "label": "True Positive", "secret_value": "pk.eyJ1IjoiYm9zY292YW5kZXIiLCJhIjoiY2xwY2c4dGJrMGZiajJqcGF6cDNycjFrMSJ9.zF9VbWb0wE8lD9sN1hO9gQ", "reason": "The value 'pk.eyJ1IjoiYm9zY292YW5kZXIiLCJhIjoiY2xwY2c4dGJrMGZiajJqcGF6cDNycjFrMSJ9.zF9VbWb0wE8lD9sN1hO9gQ' is a valid Mapbox public access token. The 'pk.' prefix is a specific, documented format identifier for this type of credential, which distinguishes it from generic placeholders. The subsequent parts of the value are Base64 encoded JSON objects and a signature, indicating it conforms to the JWT-like structure defined by Mapbox for its tokens. Although public, these tokens are still sensitive as they authenticate a client application to a service, are often limited by usage tiers, and can be linked to a specific provider account, making their exposure a security risk. The variable name `apiKey` and context further confirm its role as a secret credential."}} +{"id": 48, "index": 3, "sub_index": 2, "perfect_match": true, "error_fields": [], "expected": {"line_number": 111, "secret": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlLWRldmVsb3BtZW50IiwiaXNzIjoibXktYXBwLWJhY2tlbmQiLCJhdWQiOiJpbnRlcm5hbC1hcGkiLCJleHAiOjE3MzU2ODk2MDAsImlhdCI6MTcwNDU4NTYwMCwianRpIjoiNWY0ZC04YmRmLWEwYjktM2Y5YSJ9.Kq-LwhU4xQp8VdG2tY_hZ3nBc7dJjO0pE_wF9XzR6vSgL7uH5mI4nK1oPkU9tQ1fA2eRbC3gX0hJjK1lW_zQ_", "label": "True Positive"}, "actual": {"line_number": 111, "label": "True Positive", "secret_value": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlLWRldmVsb3BtZW50IiwiaXNzIjoibXktYXBwLWJhY2tlbmQiLCJhdWciOiJpbnRlcm5hbC1hcGkiLCJleHAiOjE3MzU2ODk2MDAsImlhdCI6MTcwNDU4NTYwMCwianRpIjoiNWY0ZC04YmRmLWEwYjktM2Y5YSJ9.Kq-LwhU4xQp8VdG2tY_hZ3nBc7dJjO0pE_wF9XzR6vSgL7uH5mI4nK1oPkU9tQ1fA2eRbC3gX0hJjK1lW_zQ_", "reason": "The value is a correctly formatted JSON Web Token (JWT) because it follows the three-part Base64 encoded structure: header, payload, and signature. The body of the token, when decoded, contains sensitive claims that identify it as a credential, including a specific subject (`\"sub\": \"service-development\"`), issuer (`\"iss\": \"my-app-backend\"`), audience (`\"aud\": \"internal-api\"`), and an expiration time. This is not a placeholder, as it represents a concrete authentication token. Although the comment mentions it is a temporary credential for internal use, it's still a functional token with a definite expiration, making its exposure a significant security risk."}} +{"id": 48, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 25, "secret": "8!hG#kL$pQ2s@db.prod-STRONG-Pa$$wrd", "label": "True Positive"}, "actual": {"line_number": 25, "label": "True Positive", "secret_value": "8!hG#kL$pQ2s@db.prod-STRONG-Pa$$wrd", "reason": "The secret value '8!hG#kL$pQ2s@db.prod-STRONG-Pa$$wrd' is a hardcoded password for a production database, confirmed by the `db_name = \"platform_prod\"` context. It is structurally sound, possessing high entropy with a random mix of uppercase letters, lowercase letters, numbers, and special symbols. Crucially, although parts of the string contain placeholder-like terms ('prod-STRONG-Pa$$wrd'), these serve as a poorly-applied security through obscurity, not a clear indicator of a non-sensitive example. Real credentials often blend random character strings with descriptive words, making them prone to hardcoding. The use of 'prod' within the password itself, combined with the high-entropy preamble and the 'password' attribute name in a Terraform provider configuration, definitively identifies this as a real and exploitable credential."}} +{"id": 48, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 40, "secret": "ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7z", "label": "True Positive"}, "actual": {"line_number": 40, "label": "True Positive", "secret_value": "ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7z", "reason": "The secret value 'ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7z' is a high-entropy GitHub Personal Access Token. The prefix 'ghp_' is the definitive identifier for this specific secret type, immediately distinguishing it from generic strings or placeholders. The subsequent 36-character string exhibits the random mix of alphanumeric characters characteristic of an actual, machine-generated token. Unlike placeholders like 'YOUR_GITHUB_TOKEN', this value is fully formed and specific, lacking any repetitive patterns or descriptive text. This format is classic for a valid credential, making its exposure in a provider block a severe security risk. The variable name 'token' and its context within the 'github' provider block provide strong contextual reinforcement."}} +{"id": 49, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 51, "secret": "AKIAU7VDF3W5X6QZ8P4J", "label": "True Positive"}, "actual": {"line_number": 51, "label": "True Positive", "secret_value": "AKIAU7VDF3W5X6QZ8P4J", "reason": "The value 'AKIAU7VDF3W5X6QZ8P4J' is a valid AWS Access Key ID, which is a public identifier component of an AWS credential pair. The prefix 'AKIA' is a definitive marker for this specific secret type. The 20-character alphanumeric string that follows has high entropy and follows AWS's exact format, making it a concrete, machine-generated credential rather than a placeholder like 'AKIAXXX...'. Although technically public, it must be treated as sensitive because it is paired with a corresponding AWS Secret Access Key. Leaking both keys from hardcoded configurations is a common and critical security vulnerability."}} +{"id": 49, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 52, "secret": "bK9mP4wR8sL1vJ7oA2dF6gH3xN0cT5yZ/iE+qW!a", "label": "True Positive"}, "actual": {"line_number": 52, "label": "True Positive", "secret_value": "bK9mP4wR8sL1vJ7oA2dF6gH3xN0cT5yZ/iE+qW!a", "reason": "The value 'bK9mP4wR8sL1vJ7oA2dF6gH3xN0cT5yZ/iE+qW!a' is a high-entropy string consistent with an AWS Secret Access Key. Its composition of mixed-case letters, numbers, and special characters, including a '/' and '+', matches the format and cryptographic randomness of a real AWS secret. Unlike a placeholder, this is a specific and concrete value. The context provided by the variable name `AWS_SECRET_ACCESS_KEY` and its use in a `boto3.client` call explicitly confirms that this is a functional credential. Although a comment suggests moving it, the presence of a real, high-entropy key in source code is a severe security risk."}} +{"id": 49, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 19, "secret": "s$3pL!z#9FqG&vB^kY5h@m", "label": "True Positive"}, "actual": {"line_number": 19, "label": "True Positive", "secret_value": "s$3pL!z#9FqG&vB^kY5h@m", "reason": "The value 's$3pL!z#9FqG&vB^kY5h@m' is a high-entropy alphanumeric string containing mixed case letters, numbers, and symbols, which is a strong indicator of a generated credential. This value lacks any discernible pattern, sequence, or placeholder character, making it a fully formed secret. The associated variable name `spring.datasource.password` and its location in a production configuration file provide explicit context confirming this is a real password for a primary database replica. Hardcoding a unique and complex password directly into a source code file, especially a production one, is a severe security risk."}} +{"id": 49, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 31, "secret": "NzhhYjU0ZWE3YzE2NGU5YWYyMGExYzhmNDY3NzU3M2M4YjE2OTIzYjljYjA3ZGIxNzQwMjQyMmMxOGQ4ZDllZA", "label": "True Positive"}, "actual": {"line_number": 31, "label": "True Positive", "secret_value": "NzhhYjU0ZWE3YzE2NGU5YWYyMGExYzhmNDY3NzU3M2M4YjE2OTIzYjljYjA3ZGIxNzQwMjQyMmMxOGQ4ZDllZA", "reason": "The value 'NzhhYjU0ZWE3YzE2NGU5YWYyMGExYzhmNDY3NzU3M2M4YjE2OTIzYjljYjA3ZGIxNzQwMjQyMmMxOGQ4ZDllZA' is a high-entropy, 64-character hexadecimal string, a common format for symmetric signing keys used in JWTs. The string exhibits random character distribution with no discernible patterns, indicating it is a concrete credential, not a placeholder or template. Its length is consistent with standard key sizes for cryptographic algorithms. The context provided by the variable name 'jwt.secret.key' and the accompanying comment 'This key is used to sign and verify JWTs' explicitly identifies its sensitive nature. Committing such a high-entropy, fully-formed key directly into a production configuration file is a severe security risk, allowing anyone with code access to forge or invalidate authentication tokens."}} +{"id": 49, "index": 2, "sub_index": 0, "perfect_match": false, "error_fields": ["value"], "expected": {"line_number": 105, "secret": "{\\\"type\\\": \\\"service_account\\\",\\\"project_id\\\": \\\"gcp-project-analytics-34123\\\",\\\"private_key_id\\\": \\\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\\\",\\\"private_key\\\": \\\"-----BEGIN PRIVATE KEY-----\\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAKt4o6JbMS8q0S7G\\n9eDoP5vPty2MWJ2k4vLjcgYRm0NksKCh3/ARfPz9p5k4KFcC2fGuBD9Csiys68d1\\n8s/75u6AhGXfS4F1g8eMA3v2zZ5YV8GfLXA4Y9f8tI8d4aG5eH6h9pY3qE0wK7R\\n+G9lA2dF4jK1bS8nO9mP3xY7bC6dAgMBAAECgYEAjtgL5C3d4rD7Pz5c3eV8qZ6v\\n9Q8k2v5G7yL3oD9eS4H6g7K2fD9hA8sB6sC5gL4gN3hJ2kL6dF7aH9bJ8cYR4k5o\\n+Z2mH9gI7wG3aL4cE6nO8bF7dS8fG3dC2hI9aQ6pX4wR7kF2hE0dM9sP3tW9sC4=\\n-----END PRIVATE KEY-----\\n\\\",\\\"client_email\\\": \\\"data-ingest-sa@gcp-project-analytics-34123.iam.gserviceaccount.com\\\",\\\"client_id\\\": \\\"109876543210987654321\\\"}", "label": "True Positive"}, "actual": {"line_number": 105, "label": "True Positive", "secret_value": "-----BEGIN PRIVATE KEY-----\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAKt4o6JbMS8q0S7G\n9eDoP5vPty2MWJ2k4vLjcgYRm0NksKCh3/ARfPz9p5k4KFcC2fGuBD9Csiys68d1\n8s/75u6AhGXfS4F1g8eMA3v2zZ5YV8GfLXA4Y9f8tI8d4aG5eH6h9pY3qE0wK7R\n+G9lA2dF4jK1bS8nO9mP3xY7bC6dAgMBAAECgYEAjtgL5C3d4rD7Pz5c3eV8qZ6v\n9Q8k2v5G7yL3oD9eS4H6g7K2fD9hA8sB6sC5gL4gN3hJ2kL6dF7aH9bJ8cYR4k5o\n+Z2mH9gI7wG3aL4cE6nO8bF7dS8fG3dC2hI9aQ6pX4wR7kF2hE0dM9sP3tW9sC4=\n-----END PRIVATE KEY-----", "reason": "The value is a complete, multi-line PEM-encoded private key, definitively identified by the standard `-----BEGIN PRIVATE KEY-----` and `-----END PRIVATE KEY-----` markers. The body of the value is Base64-encoded data which exhibits high entropy and the specific binary structure of cryptographic material, unlike a generic placeholder. This format is a primary indicator of a functional credential. Hardcoding a service account's private key directly into configuration is a critical security risk, as the key is now part of the source code and any system with access to the code has full control over the associated cloud account. The variable name `service_account_creds` provides strong contextual confirmation that this is a credential."}} +{"id": 49, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 132, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 132, "label": "True Positive", "secret_value": "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", "reason": "The value is a fully-formed SendGrid API key, identified by the service-specific 'SG.' prefix. The key follows the exact format: 'SG.' + `[Base64Url String]`. This specific format guarantees that it is not a placeholder. The two parts following the prefix are high-entropy Base64Url strings, which are characteristic of real credentials. Unlike a placeholder such as 'SG.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', this is a concrete, specific value. The fact that it's assigned to an 'apiKey' variable and used directly in a 'SendGridClient' constructor is definitive proof of its sensitive nature."}} +{"id": 49, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 42, "secret": "dckr_pat_szmX4QjL-VbN7YkP9wT1uR8eG6zC0xF2oA5sH", "label": "True Positive"}, "actual": {"line_number": 42, "label": "True Positive", "secret_value": "dckr_pat_szmX4QjL-VbN7YkP9wT1uR8eG6zC0xF2oA5sH", "reason": "The value 'dckr_pat_szmX4QjL-VbN7YkP9wT1uR8eG6zC0xF2oA5sH' is a Docker Personal Access Token (PAT). The prefix 'dckr_pat_' is a specific identifier for this type of token, which is immediately confirmed by its high entropy. The subsequent 32-character alphanumeric string exhibits a random distribution of characters, which is the defining characteristic of a real credential. Unlike a placeholder like 'xxxxxxxxxxxx', this is a fully-formed, unique token. The variable name 'DOCKER_PASSWORD' provides explicit contextual confirmation, as tokens are commonly used as passwords for authentication. Leaking this credential in CI/CD pipelines represents a significant security risk, as it allows unauthorized access to the Docker Hub account."}} +{"id": 49, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 65, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 65, "label": "True Positive", "secret_value": "https://hooks.slack.com/services/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", "reason": "This value is a fully-formed Slack Incoming Webhook URL, a type of credential that grants permission to post messages to a specific channel. Its structure, following the pattern `https://hooks.slack.com/services///`, provides high confidence in its authenticity. The final path component, `pQzR3sT2uV5wX8yZ0aB1cD4e`, is a 24-character string with a random mix of alphanumeric characters, indicating it is a machine-generated, unique token. Unlike a placeholder, this is a specific, exploitable credential. Leaking such a URL allows anyone to send notifications to the specified Slack channel, making it a significant security risk."}} +{"id": 50, "index": 0, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 86, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 86, "label": "True Positive", "secret_value": "AKIAY3R4WZ76X2P5QJ6M", "reason": "The value 'AKIAY3R4WZ76X2P5QJ6M' is a valid AWS Access Key ID (AKID). The prefix 'AKIA' is a definitive marker for this secret type, used by AWS to identify a user or service account. The string immediately following the prefix is a 20-character high-entropy string composed of random alphanumeric characters, which matches the exact format specified by AWS. While the accompanying secret key contains 'EXAMPLEKEY', indicating potential non-production use, hardcoding the access key ID is still a significant security risk. Leaked AKIDs can be used to probe for vulnerabilities or, if the corresponding secret key is weak, to gain unauthorized access to AWS resources."}} +{"id": 50, "index": 0, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 87, "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "label": "True Positive"}, "actual": {"line_number": 87, "label": "True Positive", "secret_value": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "reason": "The value 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY' is a functional AWS secret key, despite its name containing the suffix 'EXAMPLEKEY'. The primary value is a 40-character string with high entropy, composed of random alphanumeric characters and a URL-safe Base64 encoded slash '/', which is a common pattern for AWS secret keys. The prefix 'wJ' is consistent with the AWSAccessKeyId format. Although 'EXAMPLEKEY' strongly suggests mock or test data, the preceding value is a concrete, fully-formed credential and not a generic placeholder like 'YOUR_ACCESS_KEY_HERE'. This pattern teaches that even credentials with an 'EXAMPLE' suffix can be active keys from a development or test environment, posing a security risk."}} +{"id": 50, "index": 1, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 44, "secret": "dd_api_9f5c2d3a1b0e4f8d6a3c5e7b9a1d3f5c", "label": "True Positive"}, "actual": {"line_number": 44, "label": "True Positive", "secret_value": "dd_api_9f5c2d3a1b0e4f8d6a3c5e7b9a1d3f5c", "reason": "The value 'dd_api_9f5c2d3a1b0e4f8d6a3c5e7b9a1d3f5c' is a high-entropy, 40-character alphanumeric string that perfectly matches the specific format of a Datadog API key. The 'dd_api_' prefix is a strong, service-specific indicator provided by Datadog to identify an API key. The remainder of the string is a random mix of hexadecimal characters, which is characteristic of a real, generated credential. Unlike a placeholder like 'dd_api_xxxxxxxx', this is a concrete value that resembles a real production key. The context of being assigned to the 'api_key' argument within a 'datadog' provider block confirms its sensitive purpose, as this key allows direct interaction with the Datadog service."}} +{"id": 50, "index": 1, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 45, "secret": "dd_app_3e5c7a9b1d3f5c8d2a0b4e6c1d3f5c8d2a0b4", "label": "True Positive"}, "actual": {"line_number": 45, "label": "True Positive", "secret_value": "dd_app_3e5c7a9b1d3f5c8d2a0b4e6c1d3f5c8d2a0b4", "reason": "The value 'dd_app_3e5c7a9b1d3f5c8d2a0b4e6c1d3f5c8d2a0b4' is a Datadog Application Key, clearly identified by the 'dd_app_' prefix. The 32-character hexadecimal string following the prefix has high entropy and matches the format of a real, machine-generated credential. This is not a generic placeholder; the value is specific and appears to be a fully-formed token. Its use as an argument for `app_key` in the Terraform Datadog provider configuration explicitly confirms its role as a sensitive credential needed for authenticating with the Datadog API. Hardcoding such keys is a significant security risk, as it allows anyone with access to the source code to impersonate the application in Datadog."}} +{"id": 50, "index": 2, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 53, "secret": "pk.eyJ1IjoiYmFyYmFyYS1kZXYiLCJhIjoiY2xwY3RkY2prMDFhajJqcGNwanRmaTV2ZSJ9._WkUvXkQR_zT8qCvCSXw5A", "label": "True Positive"}, "actual": {"line_number": 53, "label": "True Positive", "secret_value": "pk.eyJ1IjoiYmFyYmFyYS1kZXYiLCJhIjoiY2xwY3RkY2prMDFhajJqcGNwanRmaTV2ZSJ9._WkUvXkQR_zT8qCvCSXw5A", "reason": "The value 'pk.eyJ1IjoiYmFyYmFyYS1kZXYiLCJhIjoiY2xwY3RkY2prMDFhajJqcGNwanRmaTV2ZSJ9._WkUvXkQR_zT8qCvCSXw5A' is a fully-formed Mapbox access token. The prefix 'pk.' explicitly identifies it as a public token, but despite the name, it still represents a sensitive credential. The value is a multi-part JSON Web Token (JWT) composed of Base64-encoded header, payload, and signature, separated by periods, exhibiting high entropy. Unlike a placeholder like 'pk.YOUR_TOKEN_HERE', this is a concrete, functional value. Although it's a public token intended for client-side use, its disclosure can lead to service abuse, API rate limiting, and uncontrolled costs associated with map tile usage. Furthermore, the comment 'should be in a secured config' confirms the developers' awareness of its sensitivity."}} +{"id": 50, "index": 3, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 30, "secret": "npm_E9z4fGh7jK3pL5rA8vB2sY1tW0cXiUoN", "label": "True Positive"}, "actual": {"line_number": 30, "label": "True Positive", "secret_value": "npm_E9z4fGh7jK3pL5rA8vB2sY1tW0cXiUoN", "reason": "The value 'npm_E9z4fGh7jK3pL5rA8vB2sY1tW0cXiUoN' is a valid NPM authentication token. The prefix 'npm_' is a definitive indicator for tokens used to authenticate with the npm registry. The subsequent string, 'E9z4fGh7jK3pL5rA8vB2sY1tW0cXiUoN', exhibits high entropy with a random mix of uppercase letters, lowercase letters, numbers, and symbols, confirming its validity and uniqueness. This format is characteristic of machine-generated secrets. The value's assignment to the `NODE_AUTH_TOKEN` environment variable in a publish step provides strong contextual evidence of its purpose as a credential for uploading packages. Hardcoding this specific, high-entropy value directly into a workflow file is a significant security risk."}} +{"id": 50, "index": 3, "sub_index": 1, "perfect_match": false, "error_fields": ["value"], "expected": {"line_number": 39, "secret": "{\"type\":\"service_account\",\"project_id\":\"acme-corp-314159\",\"private_key_id\":\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6\\n-----END PRIVATE KEY-----\\n\"}", "label": "True Positive"}, "actual": {"line_number": 39, "label": "True Positive", "secret_value": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6\n-----END PRIVATE KEY-----", "reason": "The value is a complete, PEM-formatted private key, definitively identified by the '-----BEGIN PRIVATE KEY-----' and '-----END PRIVATE KEY-----' markers. The multi-line block between these markers consists of Base64 encoded text, which exhibits the high entropy and character set characteristic of genuine cryptographic material. This is not a placeholder, as it is a fully-formed key without any generic text or template syntax. The context of being used as the `private_key` parameter in an `actions/auth` step for GKE authentication confirms its role as a hardcoded credential for service account access, making it a critical security risk."}} +{"id": 50, "index": 4, "sub_index": 0, "perfect_match": true, "error_fields": [], "expected": {"line_number": 119, "secret": "k#8zP@qR7$tGv!9bL2nF sY3x", "label": "True Positive"}, "actual": {"line_number": 119, "label": "True Positive", "secret_value": "k#8zP@qR7$tGv!9bL2nF sY3x", "reason": "The value 'k#8zP@qR7$tGv!9bL2nF sY3x' is a high-entropy string consistent with a password, not a placeholder. Its composition of mixed-case letters, numbers, and special characters ('!', '@', '$') provides strong cryptographic randomness and is a hallmark of a real credential. The string is sufficiently long and complex, lacking the simple, repeated, or sequential patterns of mock data. The associated configuration parameter 'spring.datasource.password' explicitly confirms its role as an authentication secret. Leaking a concrete, high-entropy password in source code represents a significant security risk, as it allows direct unauthorized access to the application's database."}} +{"id": 50, "index": 4, "sub_index": 1, "perfect_match": true, "error_fields": [], "expected": {"line_number": 140, "secret": "ACf9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c4", "label": "True Positive"}, "actual": {"line_number": 140, "label": "True Positive", "secret_value": "ACf9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c4", "reason": "The value 'ACf9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c4' is a Twilio Account SID, definitively identified by the 'AC' prefix and the following 32-character high-entropy hexadecimal string. This format is specific to Twilio's account identifiers and functions as a public credential for making API requests. While not a confidential secret like a password, it is still a sensitive value that authenticates the application's identity. Exposure of an Account SID allows potential abuse of the application's Twilio services, making it a security risk. The context from the variable name `twilio.account.sid` and the section `External Service Keys` confirms the value's role as a critical credential, differentiating it from generic placeholders."}} diff --git a/secrets-benchmarks/processed/scanner.jsonl b/secrets-benchmarks/processed/scanner.jsonl new file mode 100644 index 0000000..6ecd0a4 --- /dev/null +++ b/secrets-benchmarks/processed/scanner.jsonl @@ -0,0 +1,1214 @@ +{"kind": "ground_truth", "id": 1, "match_type": "exact", "expected": {"line_number": 83, "secret": "AKIAY4U3L2F7SXJ6ZBQR", "label": "True Positive"}, "actual": {"line_number": 6, "secret": "AKIAY4U3L2F7SXJ6ZBQR"}} +{"kind": "ground_truth", "id": 1, "match_type": "exact", "expected": {"line_number": 84, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 7, "secret": "fJk2pZ+vB8nU6sY9tH/eLgR4yC1xW7zQ3aI0mD/o"}} +{"kind": "ground_truth", "id": 1, "match_type": "partial", "expected": {"line_number": 35, "secret": "tok_v3_a7b8e1f5d3c2a1b0e4f6d7c8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8", "label": "True Positive"}, "actual": {"line_number": 21, "secret": "apiVersion: v1\\nclusters:\\n- cluster:\\n server: https://k8s-staging.mycompany.dev\\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURaekNDQWsrZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpMV05oYlhCaGNuUnZkMjVzYVdJdGMyVm5jbWx1VEhCRGNISXRVRk5sYm5acFkyRXViV0Z5YTJVdApjR1Z5WVc0dGMyVmpkWEpwZEhrdE1CNFhEVEl4TURnd05qQXlPREl6TmxvWERUSXhNRGd3TmpBeU9ESXpObG93CkZURVRNQkVHQTFVRUF4TUthM1ZpY0dGblp5QkRaWEowYVdacFkyRjBhVzVuTVJvd0dBWURWUVFERXhGMVlXNWsKWXpCeldYSnliMnhsTG1OdmJURWNNQm9HQTFVRUF4UVVkakV1TG1Gc2JEb2dSWGRsWVhScGIyNGdkR2hsY2pBSgpCZ05WQkFvTUIxZGxaSEp2Ym5RdFkyRXdIaGNOTWpNd09UWTVNVFkyTURBMVdoY05Nak13T1RZeU1UWTJNREExCldqQVZNUk13RVFZRFZRUURFd3ByZFdKbGNtNWxkR1Z6TFdOaGJYQmhjblJ2ZDI1c2FXSXRjMlZuY21sdVRIQkQKc0hJdFVGTmxiblpwWTJFdWJXRnlhMlV0Y0dWeVlXNHRjMlZqZFhKcGRoa3RNQjRYRFRJeE1EZ3dOalF5TURJek4KbG9YRFRJeE1EZ3dOalF5TURJek5sb3dGVEVUTUJFR0ExVUVBeE1LYTNWaWNHzG5aeUJEWlhKMGFXWnBZMkYwCmFXNW5NU2t3SndZRFZRUUREQmR5WVc1bElFTmxjblJwWm1sallYUnBiMjR4RkRBU0JnTlZCQWNNQzFOaGJuUmwKWm00dGNIVjBaWEp6TG1OdmJUSXdNUnd3R1dZRFZRUUREQnBqWVc1bExtTnZiVEJaTUJNR0J5cUxlbEZvTEF1TQpNRGN3SmdZSktvWklodmNOQVFrQkZoZGxaSEp2Ym5RdFkyRXdEUVlKS29aSWh2Y05BUUVGQlFBZ2dra0JBSUVwCllpU0p2eU9rV0ZpZDJnZ0lQeW55bklwZWZpb1Rpa2ZpUGlpa2lQeWtlUGlUZ2Zpd1BTZ2tQSWZpZ2lwaWsKZ2ZQc0dnZ2ZQaVBHZ2ZpcGtpa1BnaVBHZ2lQaWdQaVBHZ2ZHUGlQaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZQaWcKUGlQaWtQaWtQaVBHUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaVBHZ2ZHUGlQaWtQaVBHZ2ZHUGkKUGlQaWtQaVBHZ2ZHUGlQaWtQaWtQaVBHUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaVBHZ2ZQaWcKUGlQaWtQaWtQaVBHUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZQaWdQaVBHZ2ZQaWlQaWtQaVBHZ2ZGUGkKUGlQaWtQaWtQaVBHUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQZ2lwaWtnZlBzR2lnUGlQZ2ZpZ2lQaWtnZlBpcCgKaWtQZ2ZpcGtpa1BnaVBHZ2lQZ2lQZ2Zpd1BTZ2tQSWZpZ2lwaWtnZlBzR2dnZlBpUEgLZGdnaUtpUGlQaWsKUGlQaWtQaVBHZ2ZQaWdQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaVBHZ2ZQaWdQaVBHZ2ZpUGlQaWtQaVBHZ2ZQaWcKUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZQaWdQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaWsKUGlwaWtQaVBHZ2ZQaWdQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaVBHZ2ZQaWdQaVBHZ2ZpUGlQaWtQaVBHZ2lQaWtnCmZQaVBHZ2ZpUGlQaWtQaWtQaVBHUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQZ2lwaWtnZlA==\\n name: k8s-staging\\ncontexts:\\n- context:\\n cluster: k8s-staging\\n user: cicd-user\\n name: k8s-staging\\ncurrent-context: k8s-staging\\nkind: Config\\npreferences: {}\\nusers:\\n- name: cicd-user\\n user:\\n token: tok_v3_a7b8e1f5d3c2a1b0e4f6d7c8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8\\n"}} +{"kind": "ground_truth", "id": 1, "match_type": "partial", "expected": {"line_number": 44, "secret": "https://hooks.slack.com/services/T01ABCD4E5F/B02FGHIJ3K4/aBcDeFg1hIjKlMnOpQrStUvWxYzA543210", "label": "True Positive"}, "actual": {"line_number": 30, "secret": "Content-type: application/json' --data '{\"text\":\"Staging deployment successful.\"}"}} +{"kind": "ground_truth", "id": 1, "match_type": "exact", "expected": {"line_number": 53, "secret": "8f5a6b09c2d3e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9", "label": "True Positive"}, "actual": {"line_number": 13, "secret": "8f5a6b09c2d3e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9"}} +{"kind": "ground_truth", "id": 1, "match_type": "exact", "expected": {"line_number": 63, "secret": "postgres://svc_acct_user:P@s$W0rd1!zN0tG00d@pg-prod-1.c4u7n8t3p1o2.us-west-2.rds.amazonaws.com:5432/user_profiles", "label": "True Positive"}, "actual": {"line_number": 23, "secret": "postgres://svc_acct_user:P@s$W0rd1!zN0tG00d@pg-prod-1.c4u7n8t3p1o2.us-west-2.rds.amazonaws.com:5432/user_profiles"}} +{"kind": "ground_truth", "id": 1, "match_type": "exact", "expected": {"line_number": 124, "secret": "dop_v1_8a3f5b210c4e7d9f6a2b01c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3", "label": "True Positive"}, "actual": {"line_number": 13, "secret": "dop_v1_8a3f5b210c4e7d9f6a2b01c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3"}} +{"kind": "ground_truth", "id": 1, "match_type": "exact", "expected": {"line_number": 211, "secret": "8h$T9x!qW2r*Lp@vK4m&Z7gB#nS5yU", "label": "True Positive"}, "actual": {"line_number": 11, "secret": "8h$T9x!qW2r*Lp@vK4m&Z7gB#nS5yU"}} +{"kind": "ground_truth", "id": 1, "match_type": "exact", "expected": {"line_number": 219, "secret": "eC5tVg8jNkLpQ3sW6zY9bH2fR7uI0mO1vX4a", "label": "True Positive"}, "actual": {"line_number": 19, "secret": "eC5tVg8jNkLpQ3sW6zY9bH2fR7uI0mO1vX4a"}} +{"kind": "ground_truth", "id": 1, "match_type": "exact", "expected": {"line_number": 224, "secret": "SG.k8yWq2pT9RzX4vU7cE1sN3.LgJ5tH_vB8nU6sY9aI0mD4fO2oP1qR3eS6wW7x Zz", "label": "True Positive"}, "actual": {"line_number": 24, "secret": "SG.k8yWq2pT9RzX4vU7cE1sN3.LgJ5tH_vB8nU6sY9aI0mD4fO2oP1qR3eS6wW7x Zz"}} +{"kind": "ground_truth", "id": 2, "match_type": "exact", "expected": {"line_number": 88, "secret": "sk_live_51KmzU8BqR6tP0kLwXgH7yV3dF9sJ1eA8cW2mN4oB6gZ5hI0kL3jM7yV9dF1gH2jK4lN6oB5pQ8sR7tU", "label": "True Positive"}, "actual": {"line_number": 11, "secret": "sk_live_51KmzU8BqR6tP0kLwXgH7yV3dF9sJ1eA8cW2mN4oB6gZ5hI0kL3jM7yV9dF1gH2jK4lN6oB5pQ8sR7tU"}} +{"kind": "ground_truth", "id": 2, "match_type": "exact", "expected": {"line_number": 90, "secret": "postgres://payment_svc_user:pS9#v$2K@j1F!gH@db-payments-prod.c4z1x2y3w4.us-east-1.rds.amazonaws.com:5432/payments_db", "label": "True Positive"}, "actual": {"line_number": 13, "secret": "postgres://payment_svc_user:pS9#v$2K@j1F!gH@db-payments-prod.c4z1x2y3w4.us-east-1.rds.amazonaws.com:5432/payments_db"}} +{"kind": "ground_truth", "id": 2, "match_type": "missed", "expected": {"line_number": 119, "secret": "SG.4fVg7p8R_TqWz3xY9bA1c2.gHjKlMnOpQrStUvWxYz01AbCdEfGhIjK23Lm4", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 2, "match_type": "exact", "expected": {"line_number": 14, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 3, "secret": "AKIAY3R4WZ76X2P5QJ6M"}} +{"kind": "ground_truth", "id": 2, "match_type": "exact", "expected": {"line_number": 15, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 4, "secret": "a7vK9LpM4hG2sR8wD1fC5qT0jB3uN6zX9iY7eE/Z"}} +{"kind": "ground_truth", "id": 2, "match_type": "exact", "expected": {"line_number": 35, "secret": "db_P@ssw0rd_pr0d_!2023", "label": "True Positive"}, "actual": {"line_number": 24, "secret": "db_P@ssw0rd_pr0d_!2023"}} +{"kind": "ground_truth", "id": 2, "match_type": "partial", "expected": {"line_number": 35, "secret": "ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7f", "label": "True Positive"}, "actual": {"line_number": 35, "secret": "ghp"}} +{"kind": "ground_truth", "id": 2, "match_type": "missed", "expected": {"line_number": 19, "secret": "dckr_pat_aBcDeFgHiJkLmNoPqRsTuVwXyZ012345", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 2, "match_type": "exact", "expected": {"line_number": 62, "secret": "AIzaSyB8pZ5GfsJk9mDq7nL4vW2xRcH1tU0E", "label": "True Positive"}, "actual": {"line_number": 8, "secret": "AIzaSyB8pZ5GfsJk9mDq7nL4vW2xRcH1tU0E"}} +{"kind": "ground_truth", "id": 2, "match_type": "exact", "expected": {"line_number": 75, "secret": "https://a1b2c3d4e5f61234abcd5678ef901234@o123456.ingest.sentry.io/9876543", "label": "True Positive"}, "actual": {"line_number": 21, "secret": "https://a1b2c3d4e5f61234abcd5678ef901234@o123456.ingest.sentry.io/9876543"}} +{"kind": "ground_truth", "id": 2, "match_type": "exact", "expected": {"line_number": 82, "secret": "pk.eyJ1IjoicHJvZGFwcDEyMyIsImEiOiJja3o4dGJuMHgwMnhpMm5wOTNzaHI4cDVqIn0.n7sL8gKjP5eF4tW1bA9c3Q", "label": "True Positive"}, "actual": {"line_number": 28, "secret": "pk.eyJ1IjoicHJvZGFwcDEyMyIsImEiOiJja3o4dGJuMHgwMnhpMm5wOTNzaHI4cDVqIn0.n7sL8gKjP5eF4tW1bA9c3Q"}} +{"kind": "ground_truth", "id": 2, "match_type": "exact", "expected": {"line_number": 16, "secret": "h#K!p$7sW@v3xR9zQ*j1fG_b", "label": "True Positive"}, "actual": {"line_number": 16, "secret": "h#K!p$7sW@v3xR9zQ*j1fG_b"}} +{"kind": "ground_truth", "id": 2, "match_type": "exact", "expected": {"line_number": 19, "secret": "AC9f7e6d5c4b3a291807654321fedcba", "label": "True Positive"}, "actual": {"line_number": 19, "secret": "AC9f7e6d5c4b3a291807654321fedcba"}} +{"kind": "ground_truth", "id": 2, "match_type": "exact", "expected": {"line_number": 20, "secret": "8a7b65c4d3e2f109876a5b4c3d2e1f0a", "label": "True Positive"}, "actual": {"line_number": 20, "secret": "8a7b65c4d3e2f109876a5b4c3d2e1f0a"}} +{"kind": "ground_truth", "id": 2, "match_type": "exact", "expected": {"line_number": 24, "secret": "b2luc3JldnNqcmVxdm5qcXNlMjR2NHFzZXZzcjI1OXF5MHI=", "label": "True Positive"}, "actual": {"line_number": 24, "secret": "b2luc3JldnNqcmVxdm5qcXNlMjR2NHFzZXZzcjI1OXF5MHI="}} +{"kind": "ground_truth", "id": 3, "match_type": "exact", "expected": {"line_number": 96, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 9, "secret": "AKIAY3R4WZ76X2P5QJ6M"}} +{"kind": "ground_truth", "id": 3, "match_type": "exact", "expected": {"line_number": 97, "secret": "kG+N9sL2rP4xW7yH8zC1vE0bF3uA5tD6jQ/mIoX", "label": "True Positive"}, "actual": {"line_number": 10, "secret": "kG+N9sL2rP4xW7yH8zC1vE0bF3uA5tD6jQ/mIoX"}} +{"kind": "ground_truth", "id": 3, "match_type": "exact", "expected": {"line_number": 74, "secret": "4a8f15d7e5b6c93f0a12e4d3c5f6b8a1", "label": "True Positive"}, "actual": {"line_number": 33, "secret": "4a8f15d7e5b6c93f0a12e4d3c5f6b8a1"}} +{"kind": "ground_truth", "id": 3, "match_type": "exact", "expected": {"line_number": 33, "secret": "dckr_pat_aB7-cDef_gHiJkL-mNop_qRsT", "label": "True Positive"}, "actual": {"line_number": 19, "secret": "dckr_pat_aB7-cDef_gHiJkL-mNop_qRsT"}} +{"kind": "ground_truth", "id": 3, "match_type": "exact", "expected": {"line_number": 49, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 35, "secret": "https://hooks.slack.com/services/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"}} +{"kind": "ground_truth", "id": 3, "match_type": "exact", "expected": {"line_number": 215, "secret": "4#pZ&qK9!sW8*L@gM$nBv", "label": "True Positive"}, "actual": {"line_number": 6, "secret": "4#pZ&qK9!sW8*L@gM$nBv"}} +{"kind": "ground_truth", "id": 3, "match_type": "exact", "expected": {"line_number": 223, "secret": "f9b5c3d2e1a04987b6a5c4d3e2f1b0a9c8d7e6f5a4b3c2d1e0f0987654321fed", "label": "True Positive"}, "actual": {"line_number": 14, "secret": "f9b5c3d2e1a04987b6a5c4d3e2f1b0a9c8d7e6f5a4b3c2d1e0f0987654321fed"}} +{"kind": "ground_truth", "id": 3, "match_type": "exact", "expected": {"line_number": 123, "secret": "https://b4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9@o123456.ingest.sentry.io/7890123", "label": "True Positive"}, "actual": {"line_number": 9, "secret": "https://b4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9@o123456.ingest.sentry.io/7890123"}} +{"kind": "ground_truth", "id": 4, "match_type": "exact", "expected": {"line_number": 78, "secret": "AKIAU4EG23W5F7Y6ZCQN", "label": "True Positive"}, "actual": {"line_number": 7, "secret": "AKIAU4EG23W5F7Y6ZCQN"}} +{"kind": "ground_truth", "id": 4, "match_type": "exact", "expected": {"line_number": 79, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 8, "secret": "hG8pFk3mZ+jV9sL1wN7tYqR2dC0xI4oA/bB5uE3f"}} +{"kind": "ground_truth", "id": 4, "match_type": "exact", "expected": {"line_number": 36, "secret": "dckr_pat_aJv8rK3sLpH7qZ2mN9bXwF1g", "label": "True Positive"}, "actual": {"line_number": 19, "secret": "dckr_pat_aJv8rK3sLpH7qZ2mN9bXwF1g"}} +{"kind": "ground_truth", "id": 4, "match_type": "exact", "expected": {"line_number": 49, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 32, "secret": "https://hooks.slack.com/services/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"}} +{"kind": "ground_truth", "id": 4, "match_type": "missed", "expected": {"line_number": 35, "secret": "app_deployer_svc", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 4, "match_type": "exact", "expected": {"line_number": 119, "secret": "dd_api_a9f86a9f86d7e9e8b7c6c5d4d3e2f1b0", "label": "True Positive"}, "actual": {"line_number": 8, "secret": "dd_api_a9f86a9f86d7e9e8b7c6c5d4d3e2f1b0"}} +{"kind": "ground_truth", "id": 4, "match_type": "exact", "expected": {"line_number": 120, "secret": "dd_app_b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9", "label": "True Positive"}, "actual": {"line_number": 9, "secret": "dd_app_b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9"}} +{"kind": "ground_truth", "id": 4, "match_type": "exact", "expected": {"line_number": 40, "secret": "Server=tcp:prod-db-cluster-1.database.windows.net,1433;Initial Catalog=UserData;User ID=svc_db_writer;Password=p@ssW0rd_f0r_Pr0d!v2.4$Db;Encrypt=True;", "label": "True Positive"}, "actual": {"line_number": 16, "secret": "Server=tcp:prod-db-cluster-1.database.windows.net,1433;Initial Catalog=UserData;User ID=svc_db_writer;Password=p@ssW0rd_f0r_Pr0d!v2.4$Db;Encrypt=True;"}} +{"kind": "ground_truth", "id": 4, "match_type": "exact", "expected": {"line_number": 41, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 17, "secret": "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"}} +{"kind": "ground_truth", "id": 4, "match_type": "exact", "expected": {"line_number": 40, "secret": "AIzaSyC1b2D3e4F5g6H7i8J9k0L1m2N3o4P5q6R", "label": "True Positive"}, "actual": {"line_number": 8, "secret": "AIzaSyC1b2D3e4F5g6H7i8J9k0L1m2N3o4P5q6R"}} +{"kind": "ground_truth", "id": 4, "match_type": "exact", "expected": {"line_number": 45, "secret": "1:867530912345:web:a1b2c3d4e5f6a7b8c9d0e1", "label": "True Positive"}, "actual": {"line_number": 13, "secret": "1:867530912345:web:a1b2c3d4e5f6a7b8c9d0e1"}} +{"kind": "ground_truth", "id": 5, "match_type": "exact", "expected": {"line_number": 102, "secret": "AKIAU4O6R3T5W2X7Y9Z1", "label": "True Positive"}, "actual": {"line_number": 15, "secret": "AKIAU4O6R3T5W2X7Y9Z1"}} +{"kind": "ground_truth", "id": 5, "match_type": "exact", "expected": {"line_number": 103, "secret": "vN9bF8dG2kP1cQ5eR7sT3uV0wX4yZ6aB7cH9iJ/l", "label": "True Positive"}, "actual": {"line_number": 16, "secret": "vN9bF8dG2kP1cQ5eR7sT3uV0wX4yZ6aB7cH9iJ/l"}} +{"kind": "ground_truth", "id": 5, "match_type": "exact", "expected": {"line_number": 61, "secret": "dckr_pat_bH8gY2cX1dE4fG5hI6jK7lM8nO9pQ0rS", "label": "True Positive"}, "actual": {"line_number": 21, "secret": "dckr_pat_bH8gY2cX1dE4fG5hI6jK7lM8nO9pQ0rS"}} +{"kind": "ground_truth", "id": 5, "match_type": "partial", "expected": {"line_number": 125, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7hN5fD6gE4iT2oP1aL0kM8zGxYc9v", "label": "True Positive"}, "actual": {"line_number": 14, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWq"}} +{"kind": "ground_truth", "id": 5, "match_type": "exact", "expected": {"line_number": 140, "secret": "whsec_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6", "label": "True Positive"}, "actual": {"line_number": 29, "secret": "whsec_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6"}} +{"kind": "ground_truth", "id": 5, "match_type": "exact", "expected": {"line_number": 32, "secret": "S#cr3t_DB_P@ssw0rd_8k!2mN", "label": "True Positive"}, "actual": {"line_number": 8, "secret": "S#cr3t_DB_P@ssw0rd_8k!2mN"}} +{"kind": "ground_truth", "id": 5, "match_type": "exact", "expected": {"line_number": 47, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 23, "secret": "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"}} +{"kind": "ground_truth", "id": 5, "match_type": "partial", "expected": {"line_number": 64, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 32, "secret": "Content-type: application/json' --data '{\"text\":\"Deployment to production succeeded!\"}"}} +{"kind": "ground_truth", "id": 5, "match_type": "missed", "expected": {"line_number": 58, "secret": "9f8e7d6c5b4a3a2a1a0b9c8d7e6f5a4b", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 7, "match_type": "exact", "expected": {"line_number": 92, "secret": "AKIA44JGL55QT6L72Q57", "label": "True Positive"}, "actual": {"line_number": 5, "secret": "AKIA44JGL55QT6L72Q57"}} +{"kind": "ground_truth", "id": 7, "match_type": "exact", "expected": {"line_number": 93, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 6, "secret": "Jv2/G5fB8hK0lM3nO7pQ9rS2uV5wX8yZ1aC4bE6d"}} +{"kind": "ground_truth", "id": 7, "match_type": "exact", "expected": {"line_number": 111, "secret": "hJ$9!zK@bD3pG*sV", "label": "True Positive"}, "actual": {"line_number": 24, "secret": "hJ$9!zK@bD3pG*sV"}} +{"kind": "ground_truth", "id": 7, "match_type": "partial", "expected": {"line_number": 51, "secret": "postgres://payment_svc_user:Ag8#kL$pQ2sZ!vF@pg-prod-us-east-1a.c3kfexample.rds.amazonaws.com:5432/payments_prod", "label": "True Positive"}, "actual": {"line_number": 11, "secret": "SQLALCHEMY_DATABASE_URI'] = 'postgres://payment_svc_user:Ag8#kL$pQ2sZ!vF@pg-prod-us-east-1a.c3kfexample.rds.amazonaws.com:5432/payments_prod"}} +{"kind": "ground_truth", "id": 7, "match_type": "exact", "expected": {"line_number": 52, "secret": "sk_live_51Mv0L2BpF8fG1tY9cRzXvWqSjU3mB4aD5eFgH6iJ7kL8mN9oP0qR1sT", "label": "True Positive"}, "actual": {"line_number": 12, "secret": "sk_live_51Mv0L2BpF8fG1tY9cRzXvWqSjU3mB4aD5eFgH6iJ7kL8mN9oP0qR1sT"}} +{"kind": "ground_truth", "id": 7, "match_type": "exact", "expected": {"line_number": 36, "secret": "dckr_pat_bC9hFvG5jL1kM4nO7pQ9rS2uV5wX8yZ1aC", "label": "True Positive"}, "actual": {"line_number": 22, "secret": "dckr_pat_bC9hFvG5jL1kM4nO7pQ9rS2uV5wX8yZ1aC"}} +{"kind": "ground_truth", "id": 7, "match_type": "exact", "expected": {"line_number": 52, "secret": "https://hooks.slack.com/services/T012ABCDEF3/B01GHIJKLM4/vP5qR6sT7uV8wX9yZ0aB1c", "label": "True Positive"}, "actual": {"line_number": 38, "secret": "https://hooks.slack.com/services/T012ABCDEF3/B01GHIJKLM4/vP5qR6sT7uV8wX9yZ0aB1c"}} +{"kind": "ground_truth", "id": 7, "match_type": "exact", "expected": {"line_number": 219, "secret": "DefaultEndpointsProtocol=https;AccountName=prodfilestorage1;AccountKey=wJ/x5mP8Q+kZ3rT9vB2uC4dE6fG8hJ0lM2nO4pQ6rS8tV0wX2yZ4aC6bE8dF+gHjK/lM4nO6pQ==;EndpointSuffix=core.windows.net", "label": "True Positive"}, "actual": {"line_number": 10, "secret": "DefaultEndpointsProtocol=https;AccountName=prodfilestorage1;AccountKey=wJ/x5mP8Q+kZ3rT9vB2uC4dE6fG8hJ0lM2nO4pQ6rS8tV0wX2yZ4aC6bE8dF+gHjK/lM4nO6pQ==;EndpointSuffix=core.windows.net"}} +{"kind": "ground_truth", "id": 7, "match_type": "exact", "expected": {"line_number": 220, "secret": "SG.bF3gH5iJ7kL9mN1oP3qR5sT7uV9wX1yZ.aC3bE5dF7gH9jK1lM3nO5pQ7rS9tU", "label": "True Positive"}, "actual": {"line_number": 11, "secret": "SG.bF3gH5iJ7kL9mN1oP3qR5sT7uV9wX1yZ.aC3bE5dF7gH9jK1lM3nO5pQ7rS9tU"}} +{"kind": "ground_truth", "id": 7, "match_type": "exact", "expected": {"line_number": 88, "secret": "4a1b0c9d2e8f7g6h5i4j3k2l1m0n9o8p7q6r5s4t3u2v1w0x", "label": "True Positive"}, "actual": {"line_number": 12, "secret": "4a1b0c9d2e8f7g6h5i4j3k2l1m0n9o8p7q6r5s4t3u2v1w0x"}} +{"kind": "ground_truth", "id": 7, "match_type": "partial", "expected": {"line_number": 95, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLnMxLmV4YW1wbGUuY29tIiwic3ViIjoiY2NjY2QxZjctMGIzNC00MWFmLThmZjktYWZmMDc0MjVmYTc3IiwiYXVkIjoiYXBpLnMxLmV4YW1wbGUuY29tIiwiaWF0IjoxNjQ4MDQ0NDc5LCJleHAiOjE2NDgwNDgwNzl9.m4zV8G48EaFqfJkXw9Y2ZzQ3bH6iJ8kL0mN2oP4qR6s", "label": "True Positive"}, "actual": {"line_number": 19, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLnMxLmV4YW1wbGUuY29tIiwic3ViIjoiY2NjY2QxZjctMGIzNC00MWFmLThmZjktYWZmMDc0MjVmYTc3IiwiYXVkIjoiYXBpLnMxLmV4YW1wbGUuY29tIiwiaWF0IjoxNjQ4MDQ0NDc5LCJleHAiOjE2NDgwNDgwNzl9."}} +{"kind": "ground_truth", "id": 8, "match_type": "exact", "expected": {"line_number": 50, "secret": "postgres://order_svc_user:pIu#9Tf$zQ5w@db-prod-main.cyabxzywzzza.us-east-1.rds.amazonaws.com:5432/orders_production", "label": "True Positive"}, "actual": {"line_number": 9, "secret": "postgres://order_svc_user:pIu#9Tf$zQ5w@db-prod-main.cyabxzywzzza.us-east-1.rds.amazonaws.com:5432/orders_production"}} +{"kind": "ground_truth", "id": 8, "match_type": "exact", "expected": {"line_number": 56, "secret": "AKIAU4VFT7J6X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 15, "secret": "AKIAU4VFT7J6X2P5QJ6M"}} +{"kind": "ground_truth", "id": 8, "match_type": "exact", "expected": {"line_number": 57, "secret": "gT8vNl2yX+ZpB/tY9cRzXvWqSjU3mB/kL5dF8aC", "label": "True Positive"}, "actual": {"line_number": 16, "secret": "gT8vNl2yX+ZpB/tY9cRzXvWqSjU3mB/kL5dF8aC"}} +{"kind": "ground_truth", "id": 8, "match_type": "exact", "expected": {"line_number": 22, "secret": "dckr_pat_a4d3f2c1b0e9a8b7c6d5e4f3a2b1c0d9e8f7g6h5", "label": "True Positive"}, "actual": {"line_number": 22, "secret": "dckr_pat_a4d3f2c1b0e9a8b7c6d5e4f3a2b1c0d9e8f7g6h5"}} +{"kind": "ground_truth", "id": 8, "match_type": "exact", "expected": {"line_number": 35, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 35, "secret": "https://hooks.slack.com/services/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"}} +{"kind": "ground_truth", "id": 8, "match_type": "exact", "expected": {"line_number": 9, "secret": "AIzaSyCDE1234FGH5678IJKL9012MNOPQRs-tU", "label": "True Positive"}, "actual": {"line_number": 9, "secret": "AIzaSyCDE1234FGH5678IJKL9012MNOPQRs-tU"}} +{"kind": "ground_truth", "id": 8, "match_type": "exact", "expected": {"line_number": 25, "secret": "AKIAT7G3W4LIX5M2P6Q4", "label": "True Positive"}, "actual": {"line_number": 5, "secret": "AKIAT7G3W4LIX5M2P6Q4"}} +{"kind": "ground_truth", "id": 8, "match_type": "exact", "expected": {"line_number": 26, "secret": "xZ9cU7sV3mB+pQkL5jH8fG1tY9cRzXvWqSjU3mB/kL", "label": "True Positive"}, "actual": {"line_number": 6, "secret": "xZ9cU7sV3mB+pQkL5jH8fG1tY9cRzXvWqSjU3mB/kL"}} +{"kind": "ground_truth", "id": 8, "match_type": "exact", "expected": {"line_number": 32, "secret": "7e3c98a50616b0b8ad4a835a68729c1d", "label": "True Positive"}, "actual": {"line_number": 12, "secret": "7e3c98a50616b0b8ad4a835a68729c1d"}} +{"kind": "ground_truth", "id": 8, "match_type": "exact", "expected": {"line_number": 67, "secret": "Server=tcp:prod-db-server.database.windows.net,1433;Database=UserProfiles;User ID=sqladmin;Password=4#tG&kL$pQ2s!hG;Trusted_Connection=False;Encrypt=True;", "label": "True Positive"}, "actual": {"line_number": 13, "secret": "Server=tcp:prod-db-server.database.windows.net,1433;Database=UserProfiles;User ID=sqladmin;Password=4#tG&kL$pQ2s!hG;Trusted_Connection=False;Encrypt=True;"}} +{"kind": "ground_truth", "id": 8, "match_type": "exact", "expected": {"line_number": 83, "secret": "N5u8x/A?D(G+KbPeShVmYp3s6v9y$B&E", "label": "True Positive"}, "actual": {"line_number": 29, "secret": "N5u8x/A?D(G+KbPeShVmYp3s6v9y$B&E"}} +{"kind": "ground_truth", "id": 9, "match_type": "exact", "expected": {"line_number": 50, "secret": "postgres://prod_user_rw:2$fP#qZ9!sW7@db.customer-api.prod.aws-us-east-1.rds.amazonaws.com:5432/payments_db", "label": "True Positive"}, "actual": {"line_number": 9, "secret": "postgres://prod_user_rw:2$fP#qZ9!sW7@db.customer-api.prod.aws-us-east-1.rds.amazonaws.com:5432/payments_db"}} +{"kind": "ground_truth", "id": 9, "match_type": "partial", "expected": {"line_number": 54, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7oL5dE6aF4gH2iJ1kC0pP9sT8yU2oO3zN7lI5xR4vG3bA2eC1d00jK6bM4lP", "label": "True Positive"}, "actual": {"line_number": 13, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWq"}} +{"kind": "ground_truth", "id": 9, "match_type": "exact", "expected": {"line_number": 134, "secret": "8S5R3ZQXDI1VMEG9N4Y2QWB7A7JH8W5C6I", "label": "True Positive"}, "actual": {"line_number": 20, "secret": "8S5R3ZQXDI1VMEG9N4Y2QWB7A7JH8W5C6I"}} +{"kind": "ground_truth", "id": 9, "match_type": "missed", "expected": {"line_number": 133, "secret": "9a8b7c6d-5e4f-3a2b-1c0d-9f8e7d6c5b4a", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 9, "match_type": "missed", "expected": {"line_number": 140, "secret": "sUp3rS3cur3P@ssw0rd", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 9, "match_type": "missed", "expected": {"line_number": 142, "secret": "k3yP@ssw0rdF0rR3l3ase", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 9, "match_type": "exact", "expected": {"line_number": 33, "secret": "ACf8e21a9c3b7d5f1e0a9b8c7d6e5f4a3b", "label": "True Positive"}, "actual": {"line_number": 6, "secret": "ACf8e21a9c3b7d5f1e0a9b8c7d6e5f4a3b"}} +{"kind": "ground_truth", "id": 9, "match_type": "exact", "expected": {"line_number": 34, "secret": "b4d2e1f0c3a4b5d6e7f8a9b0c1d2e3f4", "label": "True Positive"}, "actual": {"line_number": 7, "secret": "b4d2e1f0c3a4b5d6e7f8a9b0c1d2e3f4"}} +{"kind": "ground_truth", "id": 9, "match_type": "missed", "expected": {"line_number": 119, "secret": "RptUsr!pWd$2o21@9bF&", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 9, "match_type": "exact", "expected": {"line_number": 73, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 9, "secret": "AKIAY3R4WZ76X2P5QJ6M"}} +{"kind": "ground_truth", "id": 9, "match_type": "partial", "expected": {"line_number": 75, "secret": "{\"type\":\"service_account\",\"project_id\":\"core-infra-345213\",\"private_key_id\":\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRsK7pB6bFv9f6\\nc...\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"deploy-bot@core-infra-345213.iam.gserviceaccount.com\",\"client_id\":\"109876543210987654321\"}", "label": "True Positive"}, "actual": {"line_number": 11, "secret": "BEGIN PRIVATE KEY"}} +{"kind": "ground_truth", "id": 9, "match_type": "exact", "expected": {"line_number": 97, "secret": "https://hooks.slack.com/services/T00ABCD12EF/B01ZYXW3456/kLpQrStUvWxYzAbCdEfGhIjK", "label": "True Positive"}, "actual": {"line_number": 33, "secret": "https://hooks.slack.com/services/T00ABCD12EF/B01ZYXW3456/kLpQrStUvWxYzAbCdEfGhIjK"}} +{"kind": "ground_truth", "id": 9, "match_type": "missed", "expected": {"line_number": 74, "secret": "Zp9aL8jV7bK4cH1fG6xWqSjU3mB7oL5dE6aF4gH2", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 10, "match_type": "exact", "expected": {"line_number": 19, "secret": "AKIAYJ5U4F6X3W2Z7Q8B", "label": "True Positive"}, "actual": {"line_number": 5, "secret": "AKIAYJ5U4F6X3W2Z7Q8B"}} +{"kind": "ground_truth", "id": 10, "match_type": "exact", "expected": {"line_number": 20, "secret": "vG9dK8jFpQ4sH7wB2uA1tY6zC0xL5nE3bV2mO4iP", "label": "True Positive"}, "actual": {"line_number": 6, "secret": "vG9dK8jFpQ4sH7wB2uA1tY6zC0xL5nE3bV2mO4iP"}} +{"kind": "ground_truth", "id": 10, "match_type": "exact", "expected": {"line_number": 22, "secret": "dckr_pat_u7hN2pL9xV4kG1mF3jZ8oR6cW0qYdE5sT2aB", "label": "True Positive"}, "actual": {"line_number": 22, "secret": "dckr_pat_u7hN2pL9xV4kG1mF3jZ8oR6cW0qYdE5sT2aB"}} +{"kind": "ground_truth", "id": 10, "match_type": "exact", "expected": {"line_number": 38, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 38, "secret": "https://hooks.slack.com/services/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"}} +{"kind": "ground_truth", "id": 10, "match_type": "exact", "expected": {"line_number": 99, "secret": "postgres://chat_svc_prod:p#9sW!z$kLqY8*3f@pg-prod-us-east-1.c4fgr7h8i9j0.rds.amazonaws.com:5432/chatapp_prod", "label": "True Positive"}, "actual": {"line_number": 8, "secret": "postgres://chat_svc_prod:p#9sW!z$kLqY8*3f@pg-prod-us-east-1.c4fgr7h8i9j0.rds.amazonaws.com:5432/chatapp_prod"}} +{"kind": "ground_truth", "id": 10, "match_type": "exact", "expected": {"line_number": 105, "secret": "sk-proj-jV7hG1mF9wX4kL6uT3nZ8oR2cY0pQdE5sA1bY9fC", "label": "True Positive"}, "actual": {"line_number": 14, "secret": "sk-proj-jV7hG1mF9wX4kL6uT3nZ8oR2cY0pQdE5sA1bY9fC"}} +{"kind": "ground_truth", "id": 10, "match_type": "exact", "expected": {"line_number": 25, "secret": "pk.eyJ1IjoiZGF0YWdlbmVuZ2luZSIsImEiOiJjbHB0dGZ3ajYwZ2hrMmtvNGVsbXNqbzY4In0.v8NlU2aP4_kS7gXzFhQ9rA", "label": "True Positive"}, "actual": {"line_number": 19, "secret": "pk.eyJ1IjoiZGF0YWdlbmVuZ2luZSIsImEiOiJjbHB0dGZ3ajYwZ2hrMmtvNGVsbXNqbzY4In0.v8NlU2aP4_kS7gXzFhQ9rA"}} +{"kind": "ground_truth", "id": 10, "match_type": "exact", "expected": {"line_number": 29, "secret": "https://9e2b1c4f8d6a3b0e7c5d9f1a8g3h5i7k@o451234.ingest.sentry.io/5432109", "label": "True Positive"}, "actual": {"line_number": 23, "secret": "https://9e2b1c4f8d6a3b0e7c5d9f1a8g3h5i7k@o451234.ingest.sentry.io/5432109"}} +{"kind": "ground_truth", "id": 10, "match_type": "partial", "expected": {"line_number": 68, "secret": "AAAApcJ-Hk4:APA91bE3rZtUq_yG9sVxW5pKjL7hB8dC1fN0mO4iG2pJ6oS4tA0cQ7nV1wR9zY_lF5aK8uI3eB7fJ9dC2gH6vM5", "label": "True Positive"}, "actual": {"line_number": 36, "secret": "String\", \"FCM_SERVER_KEY\", '\"AAAApcJ-Hk4:APA91bE3rZtUq_yG9sVxW5pKjL7hB8dC1fN0mO4iG2pJ6oS4tA0cQ7nV1wR9zY_lF5aK8uI3eB7fJ9dC2gH6vM5"}} +{"kind": "ground_truth", "id": 11, "match_type": "exact", "expected": {"line_number": 97, "secret": "postgres://order_svc_user:Ac3v!tY_p@sS_8hG#kL9@prod-db-cluster-1.us-east-1.rds.amazonaws.com:5432/orders_prod", "label": "True Positive"}, "actual": {"line_number": 10, "secret": "postgres://order_svc_user:Ac3v!tY_p@sS_8hG#kL9@prod-db-cluster-1.us-east-1.rds.amazonaws.com:5432/orders_prod"}} +{"kind": "ground_truth", "id": 11, "match_type": "exact", "expected": {"line_number": 106, "secret": "sk_live_51Kk0L2ApB8fG1tY9cr4jFzT8aGb0mXnL1fVd9rT2sYcW3uE4xS5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ", "label": "True Positive"}, "actual": {"line_number": 19, "secret": "sk_live_51Kk0L2ApB8fG1tY9cr4jFzT8aGb0mXnL1fVd9rT2sYcW3uE4xS5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ"}} +{"kind": "ground_truth", "id": 11, "match_type": "missed", "expected": {"line_number": 103, "secret": "rEd!sP@ssw0rd$tr0ngF0rProd753", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 11, "match_type": "exact", "expected": {"line_number": 62, "secret": "AKIAU3Z4X5R6Y7I2QJ8M", "label": "True Positive"}, "actual": {"line_number": 18, "secret": "AKIAU3Z4X5R6Y7I2QJ8M"}} +{"kind": "ground_truth", "id": 11, "match_type": "exact", "expected": {"line_number": 86, "secret": "https://hooks.slack.com/services/T00AB1CD2EF/B01GH2JK3LM/xyZAbcDEfgHIjklMNOpQRSTuvwXy", "label": "True Positive"}, "actual": {"line_number": 42, "secret": "https://hooks.slack.com/services/T00AB1CD2EF/B01GH2JK3LM/xyZAbcDEfgHIjklMNOpQRSTuvwXy"}} +{"kind": "ground_truth", "id": 11, "match_type": "missed", "expected": {"line_number": 63, "secret": "9vR/mK1jLpFzXgY8cBu7DwEa4SdF2gH3iKlJnOp+", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 11, "match_type": "exact", "expected": {"line_number": 124, "secret": "sk-ant-api03-S5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ9vR-mK1jLpFzXgY8cBu7DwEa4SdF2gH3iKlJnOpQ_AAA", "label": "True Positive"}, "actual": {"line_number": 13, "secret": "sk-ant-api03-S5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ9vR-mK1jLpFzXgY8cBu7DwEa4SdF2gH3iKlJnOpQ_AAA"}} +{"kind": "ground_truth", "id": 11, "match_type": "exact", "expected": {"line_number": 28, "secret": "AIzaSyB9X8Y7Z6W5V4U3T2S1R0P9Q8O7N6M5L4", "label": "True Positive"}, "actual": {"line_number": 8, "secret": "AIzaSyB9X8Y7Z6W5V4U3T2S1R0P9Q8O7N6M5L4"}} +{"kind": "ground_truth", "id": 11, "match_type": "exact", "expected": {"line_number": 45, "secret": "https://b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8@o123456.ingest.sentry.io/7890123", "label": "True Positive"}, "actual": {"line_number": 25, "secret": "https://b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8@o123456.ingest.sentry.io/7890123"}} +{"kind": "ground_truth", "id": 11, "match_type": "exact", "expected": {"line_number": 48, "secret": "pk.eyJ1IjoiZGV2LWFjY291bnQiLCJhIjoiY2xwOXRzNWFjMDBsdDJrcWY2eGlrbmxmYSJ9.UThkRzFqazVwN3M0YjAyblRhbGF6UQ", "label": "True Positive"}, "actual": {"line_number": 28, "secret": "pk.eyJ1IjoiZGV2LWFjY291bnQiLCJhIjoiY2xwOXRzNWFjMDBsdDJrcWY2eGlrbmxmYSJ9.UThkRzFqazVwN3M0YjAyblRhbGF6UQ"}} +{"kind": "ground_truth", "id": 11, "match_type": "partial", "expected": {"line_number": 159, "secret": "dd-api-a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", "label": "True Positive"}, "actual": {"line_number": 10, "secret": "export DATADOG_API_KEY=dd-api-a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6"}} +{"kind": "ground_truth", "id": 11, "match_type": "exact", "expected": {"line_number": 170, "secret": "dop_v1_8d3e6f2a7b1c4d9f8a6e3b0c5d7f0a9b8c7d6e5f4a3b2c1d0e9f8a7b6c5d4e3f", "label": "True Positive"}, "actual": {"line_number": 21, "secret": "dop_v1_8d3e6f2a7b1c4d9f8a6e3b0c5d7f0a9b8c7d6e5f4a3b2c1d0e9f8a7b6c5d4e3f"}} +{"kind": "ground_truth", "id": 11, "match_type": "exact", "expected": {"line_number": 186, "secret": "DbP@ssw0rdF0rProd!2024*", "label": "True Positive"}, "actual": {"line_number": 37, "secret": "DbP@ssw0rdF0rProd!2024*"}} +{"kind": "ground_truth", "id": 12, "match_type": "exact", "expected": {"line_number": 50, "secret": "postgres://webapp_user:p$3#R7s@Q!9F@prod-db-cluster-1.c4f3g2h1i0j.us-west-2.rds.amazonaws.com:5432/main_app_db", "label": "True Positive"}, "actual": {"line_number": 9, "secret": "postgres://webapp_user:p$3#R7s@Q!9F@prod-db-cluster-1.c4f3g2h1i0j.us-west-2.rds.amazonaws.com:5432/main_app_db"}} +{"kind": "ground_truth", "id": 12, "match_type": "exact", "expected": {"line_number": 55, "secret": "AC5f8e0a1b9c3d4e5f6a7b8c9d0e1f2a3b", "label": "True Positive"}, "actual": {"line_number": 14, "secret": "AC5f8e0a1b9c3d4e5f6a7b8c9d0e1f2a3b"}} +{"kind": "ground_truth", "id": 12, "match_type": "exact", "expected": {"line_number": 56, "secret": "5a94025a4392a8b9f7a7751c1e95c4a1", "label": "True Positive"}, "actual": {"line_number": 15, "secret": "5a94025a4392a8b9f7a7751c1e95c4a1"}} +{"kind": "ground_truth", "id": 12, "match_type": "exact", "expected": {"line_number": 31, "secret": "AKIA4F5K6L7M8N9P0Q1R", "label": "True Positive"}, "actual": {"line_number": 21, "secret": "AKIA4F5K6L7M8N9P0Q1R"}} +{"kind": "ground_truth", "id": 12, "match_type": "exact", "expected": {"line_number": 55, "secret": "https://hooks.slack.com/services/T01B2C3D4E5/F6G7H8I9J0K/l1m2n3o4p5q6r7s8t9u0v1w2", "label": "True Positive"}, "actual": {"line_number": 45, "secret": "https://hooks.slack.com/services/T01B2C3D4E5/F6G7H8I9J0K/l1m2n3o4p5q6r7s8t9u0v1w2"}} +{"kind": "ground_truth", "id": 12, "match_type": "missed", "expected": {"line_number": 32, "secret": "7hGjKlMnOpQrStUvWxYzAbCdEfGhIjKlMnOpQrSt", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 12, "match_type": "exact", "expected": {"line_number": 26, "secret": "S3cuRe_dBP@ssw0rd-f0R-Pr0d!2023", "label": "True Positive"}, "actual": {"line_number": 12, "secret": "S3cuRe_dBP@ssw0rd-f0R-Pr0d!2023"}} +{"kind": "ground_truth", "id": 12, "match_type": "missed", "expected": {"line_number": 25, "secret": "db_admin_master", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 12, "match_type": "exact", "expected": {"line_number": 14, "secret": "AIzaSyB_V9zC5gE8fH7iJ6kL4mN3oP2qR1sT0uW", "label": "True Positive"}, "actual": {"line_number": 7, "secret": "AIzaSyB_V9zC5gE8fH7iJ6kL4mN3oP2qR1sT0uW"}} +{"kind": "ground_truth", "id": 12, "match_type": "exact", "expected": {"line_number": 19, "secret": "8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d", "label": "True Positive"}, "actual": {"line_number": 12, "secret": "8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d"}} +{"kind": "ground_truth", "id": 12, "match_type": "exact", "expected": {"line_number": 24, "secret": "https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o123456.ingest.sentry.io/7890123", "label": "True Positive"}, "actual": {"line_number": 17, "secret": "https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o123456.ingest.sentry.io/7890123"}} +{"kind": "ground_truth", "id": 12, "match_type": "exact", "expected": {"line_number": 71, "secret": "7hV$kZ&mN@3qP!s9", "label": "True Positive"}, "actual": {"line_number": 17, "secret": "7hV$kZ&mN@3qP!s9"}} +{"kind": "ground_truth", "id": 12, "match_type": "exact", "expected": {"line_number": 79, "secret": "97937562479e3b12328059332f78816c", "label": "True Positive"}, "actual": {"line_number": 25, "secret": "97937562479e3b12328059332f78816c"}} +{"kind": "ground_truth", "id": 12, "match_type": "exact", "expected": {"line_number": 80, "secret": "2d0a5127f827913a48eacb9231f24f4648eacb92", "label": "True Positive"}, "actual": {"line_number": 26, "secret": "2d0a5127f827913a48eacb9231f24f4648eacb92"}} +{"kind": "ground_truth", "id": 13, "match_type": "exact", "expected": {"line_number": 91, "secret": "AKIAU4V3K7J5P2QWSDYR", "label": "True Positive"}, "actual": {"line_number": 14, "secret": "AKIAU4V3K7J5P2QWSDYR"}} +{"kind": "ground_truth", "id": 13, "match_type": "exact", "expected": {"line_number": 92, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 15, "secret": "fT9zY3uBvRx+pLgWjN5oH8mKcVdEaGhIqJbXzL7s"}} +{"kind": "ground_truth", "id": 13, "match_type": "exact", "expected": {"line_number": 64, "secret": "v#8kP!s7TqR2zL$mG@fD", "label": "True Positive"}, "actual": {"line_number": 23, "secret": "v#8kP!s7TqR2zL$mG@fD"}} +{"kind": "ground_truth", "id": 13, "match_type": "exact", "expected": {"line_number": 128, "secret": "postgres://webapp_svc:dG93nK#md!9S@pg-primary.prod.svc.cluster.local:5432/payments_db", "label": "True Positive"}, "actual": {"line_number": 14, "secret": "postgres://webapp_svc:dG93nK#md!9S@pg-primary.prod.svc.cluster.local:5432/payments_db"}} +{"kind": "ground_truth", "id": 13, "match_type": "partial", "expected": {"line_number": 144, "secret": "sk_live_51Mv9BfGk7Lw3zYqSjU2dRaXt1cVhN8eIoP6bA5cZfTxW", "label": "True Positive"}, "actual": {"line_number": 30, "secret": "sk_live_51Mv9BfGk7Lw3zYqSjU2dRaX"}} +{"kind": "ground_truth", "id": 13, "match_type": "exact", "expected": {"line_number": 40, "secret": "dckr_pat_1sA3fG5hJ8kL2mN4pQ6rT8uV0wX2z", "label": "True Positive"}, "actual": {"line_number": 20, "secret": "dckr_pat_1sA3fG5hJ8kL2mN4pQ6rT8uV0wX2z"}} +{"kind": "ground_truth", "id": 13, "match_type": "missed", "expected": {"line_number": 59, "secret": "HRKU-a1b2c3d4-e5f6-7890-1234-567890abcdef", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 13, "match_type": "exact", "expected": {"line_number": 193, "secret": "SG.lI8pZ3jT9qW7eR1aV5bC0x.mK4oH6sN2yU9iO-pLgJ7fDcXvBwZqR", "label": "True Positive"}, "actual": {"line_number": 14, "secret": "SG.lI8pZ3jT9qW7eR1aV5bC0x.mK4oH6sN2yU9iO-pLgJ7fDcXvBwZqR"}} +{"kind": "ground_truth", "id": 13, "match_type": "exact", "expected": {"line_number": 207, "secret": "9u8x/A?D(G+KbPeShVmYp3s6v9y$B&E)", "label": "True Positive"}, "actual": {"line_number": 28, "secret": "9u8x/A?D(G+KbPeShVmYp3s6v9y$B&E)"}} +{"kind": "ground_truth", "id": 14, "match_type": "partial", "expected": {"line_number": 99, "secret": "postgresql://order_svc:pL3#cV8@dK!zN@prod-db-eu-west-1.c4jwk9zabcdef.rds.amazonaws.com:5432/orders_prod", "label": "True Positive"}, "actual": {"line_number": 12, "secret": "SQLALCHEMY_DATABASE_URI'] = 'postgresql://order_svc:pL3#cV8@dK!zN@prod-db-eu-west-1.c4jwk9zabcdef.rds.amazonaws.com:5432/orders_prod"}} +{"kind": "ground_truth", "id": 14, "match_type": "partial", "expected": {"line_number": 101, "secret": "sk_live_51Mv4xEAklC1kABi8gqYtY9eBpJc7dFwZ7yX2vH3uL5bNqD6kRzT0fA9gS1hJk0bVcGfI4oE3mNlP2rWqAbcDef123", "label": "True Positive"}, "actual": {"line_number": 14, "secret": "sk_live_51Mv4xEAklC1kABi8gqYtY9e"}} +{"kind": "ground_truth", "id": 14, "match_type": "exact", "expected": {"line_number": 117, "secret": "SG.s5h4z9k8TqO6y2n7v1m3pA.c4fGkRpLwE9xVbU3zJ8aQoI7tYdD5sW2iH6uX0O", "label": "True Positive"}, "actual": {"line_number": 30, "secret": "SG.s5h4z9k8TqO6y2n7v1m3pA.c4fGkRpLwE9xVbU3zJ8aQoI7tYdD5sW2iH6uX0O"}} +{"kind": "ground_truth", "id": 14, "match_type": "exact", "expected": {"line_number": 32, "secret": "AKIA4F3PH5XH637P5Q2S", "label": "True Positive"}, "actual": {"line_number": 18, "secret": "AKIA4F3PH5XH637P5Q2S"}} +{"kind": "ground_truth", "id": 14, "match_type": "exact", "expected": {"line_number": 40, "secret": "dckr_pat_aJkLmnOpQrStUvWxYzAbCdEfGhIjK12345", "label": "True Positive"}, "actual": {"line_number": 26, "secret": "dckr_pat_aJkLmnOpQrStUvWxYzAbCdEfGhIjK12345"}} +{"kind": "ground_truth", "id": 14, "match_type": "missed", "expected": {"line_number": 33, "secret": "9jK/lM8nO3pQr7sT6uV1wXyZ0aB4cD8fE9gHh2iJ", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 14, "match_type": "exact", "expected": {"line_number": 64, "secret": "amqp://ingest_worker:HkP8#sF!t$jR@rabbitmq.prod.svc.cluster.local:5672/", "label": "True Positive"}, "actual": {"line_number": 23, "secret": "amqp://ingest_worker:HkP8#sF!t$jR@rabbitmq.prod.svc.cluster.local:5672/"}} +{"kind": "ground_truth", "id": 14, "match_type": "exact", "expected": {"line_number": 74, "secret": "R9bXmPZc$vT2sK!eN5wF8qGg4jA#7D", "label": "True Positive"}, "actual": {"line_number": 33, "secret": "R9bXmPZc$vT2sK!eN5wF8qGg4jA#7D"}} +{"kind": "ground_truth", "id": 14, "match_type": "exact", "expected": {"line_number": 123, "secret": "Adm1nPassw0rd&SuperS3cure!v9h2k4m5", "label": "True Positive"}, "actual": {"line_number": 12, "secret": "Adm1nPassw0rd&SuperS3cure!v9h2k4m5"}} +{"kind": "ground_truth", "id": 14, "match_type": "exact", "expected": {"line_number": 138, "secret": "kpat_9uGvP3wFxBzQr7YtL1sJmN5cH2oVb4fD8S", "label": "True Positive"}, "actual": {"line_number": 27, "secret": "kpat_9uGvP3wFxBzQr7YtL1sJmN5cH2oVb4fD8S"}} +{"kind": "ground_truth", "id": 14, "match_type": "exact", "expected": {"line_number": 20, "secret": "pk.eyJ1Ijoiam9obmRvZWNvcnAiLCJhIjoiY2xwYzh0ZzAyMGN3ZTJqcWpybHZ0MHEzayJ9.iG8jdU1cR3vBwF2pZ5oKqQ", "label": "True Positive"}, "actual": {"line_number": 20, "secret": "pk.eyJ1Ijoiam9obmRvZWNvcnAiLCJhIjoiY2xwYzh0ZzAyMGN3ZTJqcWpybHZ0MHEzayJ9.iG8jdU1cR3vBwF2pZ5oKqQ"}} +{"kind": "ground_truth", "id": 14, "match_type": "exact", "expected": {"line_number": 23, "secret": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io/789012", "label": "True Positive"}, "actual": {"line_number": 23, "secret": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io/789012"}} +{"kind": "ground_truth", "id": 15, "match_type": "exact", "expected": {"line_number": 53, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 12, "secret": "AKIAY3R4WZ76X2P5QJ6M"}} +{"kind": "ground_truth", "id": 15, "match_type": "exact", "expected": {"line_number": 54, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 13, "secret": "jTpHv9rX8wB1nA6sF2gK7cZ5bV4mE0yL3dI9oU8a"}} +{"kind": "ground_truth", "id": 15, "match_type": "exact", "expected": {"line_number": 134, "secret": "8kL~7QjN_p9sFt.gY2vWzXbC-aH1mO6rE5", "label": "True Positive"}, "actual": {"line_number": 20, "secret": "8kL~7QjN_p9sFt.gY2vWzXbC-aH1mO6rE5"}} +{"kind": "ground_truth", "id": 15, "match_type": "missed", "expected": {"line_number": 13, "secret": "E#9z$RFt@k*b2v!gHqP5sYuL", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 15, "match_type": "missed", "expected": {"line_number": 23, "secret": "YjJkNDY3YTZlY2U1MjRiYzhmNmU5ODE5ZjQ5NjA3YjI5ZWIzMDUyN2U0NjM5NWY1OTM2NGYxYzJkNWY4N2Y1NA==", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 15, "match_type": "exact", "expected": {"line_number": 96, "secret": "https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o123456.ingest.sentry.io/7890123", "label": "True Positive"}, "actual": {"line_number": 9, "secret": "https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o123456.ingest.sentry.io/7890123"}} +{"kind": "ground_truth", "id": 15, "match_type": "exact", "expected": {"line_number": 105, "secret": "pk.eyJ1IjoiZGFzaGJvYXJkdXNlciIsImEiOiJjazlzcDU0OWowMGR2M2Vud2IzaDV2ZHJtIn0.7gU6DqR7wE5qM1vN8sY2fQ", "label": "True Positive"}, "actual": {"line_number": 18, "secret": "pk.eyJ1IjoiZGFzaGJvYXJkdXNlciIsImEiOiJjazlzcDU0OWowMGR2M2Vud2IzaDV2ZHJtIn0.7gU6DqR7wE5qM1vN8sY2fQ"}} +{"kind": "ground_truth", "id": 15, "match_type": "exact", "expected": {"line_number": 22, "secret": "dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE", "label": "True Positive"}, "actual": {"line_number": 22, "secret": "dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE"}} +{"kind": "ground_truth", "id": 15, "match_type": "exact", "expected": {"line_number": 39, "secret": "https://hooks.slack.com/services/T00ABCDEF12/B00GHIJKL34/xYpQrStUvWxZaBcDeFgHiJkL", "label": "True Positive"}, "actual": {"line_number": 39, "secret": "https://hooks.slack.com/services/T00ABCDEF12/B00GHIJKL34/xYpQrStUvWxZaBcDeFgHiJkL"}} +{"kind": "ground_truth", "id": 15, "match_type": "exact", "expected": {"line_number": 53, "secret": "https://hooks.slack.com/services/T00ABCDEF12/B00GHIJKL34/xYpQrStUvWxZaBcDeFgHiJkL", "label": "True Positive"}, "actual": {"line_number": 53, "secret": "https://hooks.slack.com/services/T00ABCDEF12/B00GHIJKL34/xYpQrStUvWxZaBcDeFgHiJkL"}} +{"kind": "ground_truth", "id": 16, "match_type": "exact", "expected": {"line_number": 97, "secret": "postgres://user_prod_rw:dG9m9#4k!sPq@db-prod-cluster.c8x4z1b2q3r.us-east-1.rds.amazonaws.com:5432/main_app", "label": "True Positive"}, "actual": {"line_number": 10, "secret": "postgres://user_prod_rw:dG9m9#4k!sPq@db-prod-cluster.c8x4z1b2q3r.us-east-1.rds.amazonaws.com:5432/main_app"}} +{"kind": "ground_truth", "id": 16, "match_type": "exact", "expected": {"line_number": 98, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 11, "secret": "AKIAY3R4WZ76X2P5QJ6M"}} +{"kind": "ground_truth", "id": 16, "match_type": "exact", "expected": {"line_number": 99, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 12, "secret": "jT4vK9sL+pQ8wX6zC2nH7bF1gR5eD3aU0iO/mNkW"}} +{"kind": "ground_truth", "id": 16, "match_type": "exact", "expected": {"line_number": 59, "secret": "sqp_a8b3f0c1d2e4a5b6c7d8e9f0a1b2c3d4e5f6a7b8", "label": "True Positive"}, "actual": {"line_number": 18, "secret": "sqp_a8b3f0c1d2e4a5b6c7d8e9f0a1b2c3d4e5f6a7b8"}} +{"kind": "ground_truth", "id": 16, "match_type": "exact", "expected": {"line_number": 74, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 33, "secret": "https://hooks.slack.com/services/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"}} +{"kind": "ground_truth", "id": 16, "match_type": "partial", "expected": {"line_number": 36, "secret": "{\\\"type\\\": \\\"service_account\\\",\\\"project_id\\\": \\\"corp-infra-314159\\\",\\\"private_key_id\\\": \\\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\\\",\\\"private_key\\\": \\\"-----BEGIN PRIVATE KEY-----\\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAO3B...\\n-----END PRIVATE KEY-----\\n\\\",\\\"client_email\\\": \\\"terraform@corp-infra-314159.iam.gserviceaccount.com\\\",\\\"client_id\\\": \\\"123456789012345678901\\\",\\\"auth_uri\\\": \\\"https://accounts.google.com/o/oauth2/auth\\\",\\\"token_uri\\\": \\\"https://oauth2.googleapis.com/token\\\",\\\"auth_provider_x509_cert_url\\\": \\\"https://www.googleapis.com/oauth2/v1/certs\\\",\\\"client_x509_cert_url\\\": \\\"https://www.googleapis.com/robot/v1/metadata/x509/terraform%40corp-infra-314159.iam.gserviceaccount.com\\\"}", "label": "True Positive"}, "actual": {"line_number": 4, "secret": "BEGIN PRIVATE KEY"}} +{"kind": "ground_truth", "id": 16, "match_type": "exact", "expected": {"line_number": 40, "secret": "dd_api_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", "label": "True Positive"}, "actual": {"line_number": 8, "secret": "dd_api_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6"}} +{"kind": "ground_truth", "id": 16, "match_type": "exact", "expected": {"line_number": 120, "secret": "https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o123456.ingest.sentry.io/7890123", "label": "True Positive"}, "actual": {"line_number": 9, "secret": "https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o123456.ingest.sentry.io/7890123"}} +{"kind": "ground_truth", "id": 16, "match_type": "exact", "expected": {"line_number": 128, "secret": "pk.eyJ1IjoibXljb29sZGV2IiwiYSI6ImNrdjRzM2l2ZDBsYjQyd3M0cGszbTNnNHAifQ.H9f_zAbCdEfGhIjKlMnOpQ", "label": "True Positive"}, "actual": {"line_number": 17, "secret": "pk.eyJ1IjoibXljb29sZGV2IiwiYSI6ImNrdjRzM2l2ZDBsYjQyd3M0cGszbTNnNHAifQ.H9f_zAbCdEfGhIjKlMnOpQ"}} +{"kind": "ground_truth", "id": 16, "match_type": "exact", "expected": {"line_number": 13, "secret": "T#8sLpVm9@zQ!wY7", "label": "True Positive"}, "actual": {"line_number": 13, "secret": "T#8sLpVm9@zQ!wY7"}} +{"kind": "ground_truth", "id": 16, "match_type": "exact", "expected": {"line_number": 19, "secret": "3xP1rE_N3v3r_5tRoNg_PA55!", "label": "True Positive"}, "actual": {"line_number": 19, "secret": "3xP1rE_N3v3r_5tRoNg_PA55!"}} +{"kind": "ground_truth", "id": 16, "match_type": "exact", "expected": {"line_number": 22, "secret": "key-0987654321fedcba0987654321fedcba", "label": "True Positive"}, "actual": {"line_number": 22, "secret": "key-0987654321fedcba0987654321fedcba"}} +{"kind": "ground_truth", "id": 17, "match_type": "exact", "expected": {"line_number": 80, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 9, "secret": "AKIAY3R4WZ76X2P5QJ6M"}} +{"kind": "ground_truth", "id": 17, "match_type": "exact", "expected": {"line_number": 81, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 10, "secret": "pL8vGkZ9sN1mBfI6jH4cUaT3yXwE7rF0oVqD2sW5"}} +{"kind": "ground_truth", "id": 17, "match_type": "exact", "expected": {"line_number": 57, "secret": "E#u8!pS$t9rWbK@zL7m3vN&yQ2xH", "label": "True Positive"}, "actual": {"line_number": 17, "secret": "E#u8!pS$t9rWbK@zL7m3vN&yQ2xH"}} +{"kind": "ground_truth", "id": 17, "match_type": "exact", "expected": {"line_number": 40, "secret": "dckr_pat_a4sRgT9iOpQ2mZl8vWb7nXc1jYkFhG5uE-r3v", "label": "True Positive"}, "actual": {"line_number": 23, "secret": "dckr_pat_a4sRgT9iOpQ2mZl8vWb7nXc1jYkFhG5uE-r3v"}} +{"kind": "ground_truth", "id": 17, "match_type": "exact", "expected": {"line_number": 52, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 35, "secret": "https://hooks.slack.com/services/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"}} +{"kind": "ground_truth", "id": 17, "match_type": "partial", "expected": {"line_number": 57, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 40, "secret": "Content-type: application/json' --data '{\"text\":\"Deployment of `auth-service` failed!\"}"}} +{"kind": "ground_truth", "id": 17, "match_type": "exact", "expected": {"line_number": 118, "secret": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o1234567.ingest.sentry.io/1234567", "label": "True Positive"}, "actual": {"line_number": 7, "secret": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o1234567.ingest.sentry.io/1234567"}} +{"kind": "ground_truth", "id": 17, "match_type": "exact", "expected": {"line_number": 124, "secret": "pk.eyJ1Ijoiam9obmRvZXVzZXIxMiIsImEiOiJjbGo4YXRzdzIwMHg4M2VudW1hYjM2ajBiIn0.5aPq3iL9bR8vJkCw1sF4nQ", "label": "True Positive"}, "actual": {"line_number": 13, "secret": "pk.eyJ1Ijoiam9obmRvZXVzZXIxMiIsImEiOiJjbGo4YXRzdzIwMHg4M2VudW1hYjM2ajBiIn0.5aPq3iL9bR8vJkCw1sF4nQ"}} +{"kind": "ground_truth", "id": 17, "match_type": "partial", "expected": {"line_number": 218, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzcnYtZGF0YS1yZXRyaWV2ZXIiLCJpc3MiOiJhdXRoLXNlcnZpY2UiLCJhdWQiOiJkYXRhLWFwaSIsImV4cCI6MTcxOTk1ODAwMCwiaWF0IjoxNzE5OTU0NDAwLCJzY29wZSI6InVzZXI6cmVhZCJ9.K4gTfH9sLw2RjZpYn7oVxC8uEaD6mXwB1qI0sPzKjJc", "label": "True Positive"}, "actual": {"line_number": 18, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzcnYtZGF0YS1yZXRyaWV2ZXIiLCJpc3MiOiJhdXRoLXNlcnZpY2UiLCJhdWQiOiJkYXRhLWFwaSIsImV4cCI6MTcxOTk1ODAwMCwiaWF0IjoxNzE5OTU0NDAwLCJzY29wZSI6InVzZXI6cmVhZCJ9."}} +{"kind": "ground_truth", "id": 18, "match_type": "exact", "expected": {"line_number": 123, "secret": "ACd2ae2e27b6c845b29c0f8e9a3d1c4b6f", "label": "True Positive"}, "actual": {"line_number": 12, "secret": "ACd2ae2e27b6c845b29c0f8e9a3d1c4b6f"}} +{"kind": "ground_truth", "id": 18, "match_type": "exact", "expected": {"line_number": 124, "secret": "8a3f5b7c9d1e6f4a2b9c8d7e5f3a1b0c", "label": "True Positive"}, "actual": {"line_number": 13, "secret": "8a3f5b7c9d1e6f4a2b9c8d7e5f3a1b0c"}} +{"kind": "ground_truth", "id": 18, "match_type": "exact", "expected": {"line_number": 136, "secret": "SG.f4Jk9sL2QpWzX8vY7uA1tG.hR3iP6oV5bN4mK1jL9cD8gE7F2sA3qB0iO6uY4eWzZ", "label": "True Positive"}, "actual": {"line_number": 25, "secret": "SG.f4Jk9sL2QpWzX8vY7uA1tG.hR3iP6oV5bN4mK1jL9cD8gE7F2sA3qB0iO6uY4eWzZ"}} +{"kind": "ground_truth", "id": 18, "match_type": "exact", "expected": {"line_number": 57, "secret": "dckr_pat_1kIuR9vO7mS3xZ5yQ2jF8bN6pL4cH0gA9dE", "label": "True Positive"}, "actual": {"line_number": 13, "secret": "dckr_pat_1kIuR9vO7mS3xZ5yQ2jF8bN6pL4cH0gA9dE"}} +{"kind": "ground_truth", "id": 18, "match_type": "partial", "expected": {"line_number": 58, "secret": "apiVersion: v1\\nclusters:\\n- cluster:\\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lKQU9ocFlVbEpxdEVsTUEwR0NTcUdTSWIzRFFFQkN3VUFNQWd4Q3pBSkJnTlYKQkFZVEFrTk9NUkV3RHdZRFZRUUhFd2xQYms1dllteHZZMkZzYUc5emREb0tNQk1HQTFVRUNnd01SR1ZzYkc5egpjeUJCYkdGaVlXMGlhSFl4RURBT0JnTlZCQWNUQjBKc2IyRmtiaUJrYjI1amIyNHdIaGNOTWpFd05qRTFNRGc1CldqQm5aGFk5TWpZeU9ERXhNVFV3V2pBTUJnOHdDUVlEVlFRR0V3SlZVekVSTUE4R0ExVUVDQXdJVGs5eWVTQkIKZFhSb2IzSnBlbVJOZVhOMFpXUkJjblZsY21sbklqcDdNQ01HQTFVRUN3d01SR1ZzYkc5emN5QkJiR0ZpWVcwMQpMWFJ2SUZCQmdrcWhraUc5dzBCQVFzRkFBT0NBUThBTUlJQkNnS0NBUUVBNzJSM2x4VmhYUXFvbU55U3U3V3UKU0J3aEVyY2tlcVp3YXdJbmd0VzFwK2J2RjJ0em80VnFmcE5kSG53N2sxcFp0a1FtbUtHcHdLVGxtV295b2lCCnhaYlhmTlpzQzF6OGprVUtzZncrL2x3emJ4K0d4TmVqYzdqQnhwVnJ0VnQ1aWJCVllWc3J0K25wV1B5ZEZnOAphRjU2SlNuS081R3BqV0YwZkhGdzN3bFlmZ3JGYXBCMzQ4K3Bqam1FSE1wUkZkQmltUXh2MjQxb05kQ3l0VgppaE9sT090R3Y2ajN4dkw1Rkt3a3d5ZzR0VmFydG14N3VlMWxVSHRFV0FwWWVvUHVVbFFuN1N5K2Z4M0RVSDEKU2dGWWJ2V0w1VFFQdEtJb1JpWXhQd0lEQVFBQm8xTXdVVEFkQmdOVkhRNEVGZ1FVeEtTMmZHRStpZEtGZ3pvCkhCMUo3akU2MzhNd0N3WURWUjBQQkFRREFnRUdNQThHQTFVZEV3RUIvd1FGTUFvR0NDc0dBUVVCRndNQ01BOEcKQTFVZEpRUU1NQW9HQ0NzR0FRVUZCd01DQmdnckJnRUZCUWNEQWdZSUt3WUJCUVVIQXdFd0RRWUpLb1pJaHZjTgpBUUVMQlFBRGdnRUJBSjZJekNid1B6dE9XbHhEVWw3bnd3bW14enVqV0d5UFNkY1FkSXZyTmM2UWhvYkZ4bgpHMVl1WllKdkdYQ2ZpZ3BvSlhpUmRuc0x6M2hTNVpSN0lXNnduNkZ6d2x1U3Z6TWltdENnQy8xSkJ2aG9tSwp0NzlJOG05S2Q3dHZ0QWZvRytzNFNUeWdndzN5VnhIdVAvUHV1c2hJbTNQWEt6MVZlZ1E1MWp0ckVlSWU4MjgKQyt2VnBLd1d5QmpMUE9sV3g2b1U5akd1MXNWSldYV210VFF0N3hBcVJkMVdJMEV4YW5iSmZ0TzJtQ2t2eGtrClR0ZUVtMzdIbnZkK3dOOUQ3dVRiYjBwLyt3d3N0T2cvQVVtb1B2Lyt3TG5PQVp6QklYUk1BMG89Ci0tLS0tRU5EIENFUlRJTklDQVRFLS0tLS0K", "label": "True Positive"}, "actual": {"line_number": 14, "secret": "apiVersion: v1\\nclusters:\\n- cluster:\\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lKQU9ocFlVbEpxdEVsTUEwR0NTcUdTSWIzRFFFQkN3VUFNQWd4Q3pBSkJnTlYKQkFZVEFrTk9NUkV3RHdZRFZRUUhFd2xQYms1dllteHZZMkZzYUc5emREb0tNQk1HQTFVRUNnd01SR1ZzYkc5egpjeUJCYkdGaVlXMGlhSFl4RURBT0JnTlZCQWNUQjBKc2IyRmtiaUJrYjI1amIyNHdIaGNOTWpFd05qRTFNRGc1CldqQm5aGFk5TWpZeU9ERXhNVFV3V2pBTUJnOHdDUVlEVlFRR0V3SlZVekVSTUE4R0ExVUVDQXdJVGs5eWVTQkIKZFhSb2IzSnBlbVJOZVhOMFpXUkJjblZsY21sbklqcDdNQ01HQTFVRUN3d01SR1ZzYkc5emN5QkJiR0ZpWVcwMQpMWFJ2SUZCQmdrcWhraUc5dzBCQVFzRkFBT0NBUThBTUlJQkNnS0NBUUVBNzJSM2x4VmhYUXFvbU55U3U3V3UKU0J3aEVyY2tlcVp3YXdJbmd0VzFwK2J2RjJ0em80VnFmcE5kSG53N2sxcFp0a1FtbUtHcHdLVGxtV295b2lCCnhaYlhmTlpzQzF6OGprVUtzZncrL2x3emJ4K0d4TmVqYzdqQnhwVnJ0VnQ1aWJCVllWc3J0K25wV1B5ZEZnOAphRjU2SlNuS081R3BqV0YwZkhGdzN3bFlmZ3JGYXBCMzQ4K3Bqam1FSE1wUkZkQmltUXh2MjQxb05kQ3l0VgppaE9sT090R3Y2ajN4dkw1Rkt3a3d5ZzR0VmFydG14N3VlMWxVSHRFV0FwWWVvUHVVbFFuN1N5K2Z4M0RVSDEKU2dGWWJ2V0w1VFFQdEtJb1JpWXhQd0lEQVFBQm8xTXdVVEFkQmdOVkhRNEVGZ1FVeEtTMmZHRStpZEtGZ3pvCkhCMUo3akU2MzhNd0N3WURWUjBQQkFRREFnRUdNQThHQTFVZEV3RUIvd1FGTUFvR0NDc0dBUVVCRndNQ01BOEcKQTFVZEpRUU1NQW9HQ0NzR0FRVUZCd01DQmdnckJnRUZCUWNEQWdZSUt3WUJCUVVIQXdFd0RRWUpLb1pJaHZjTgpBUUVMQlFBRGdnRUJBSjZJekNid1B6dE9XbHhEVWw3bnd3bW14enVqV0d5UFNkY1FkSXZyTmM2UWhvYkZ4bgpHMVl1WllKdkdYQ2ZpZ3BvSlhpUmRuc0x6M2hTNVpSN0lXNnduNkZ6d2x1U3Z6TWltdENnQy8xSkJ2aG9tSwp0NzlJOG05S2Q3dHZ0QWZvRytzNFNUeWdndzN5VnhIdVAvUHV1c2hJbTNQWEt6MVZlZ1E1MWp0ckVlSWU4MjgKQyt2VnBLd1d5QmpMUE9sV3g2b1U5akd1MXNWSldYV210VFF0N3hBcVJkMVdJMEV4YW5iSmZ0TzJtQ2t2eGtrClR0ZUVtMzdIbnZkK3dOOUQ3dVRiYjBwLyt3d3N0T2cvQVVtb1B2Lyt3TG5PQVp6QklYUk1BMG89Ci0tLS0tRU5EIENFUlRJTklDQVRFLS0tLS0K server: https://1a2b3c4d-e5f6-7890.k8s.ondigitalocean.com\\n name: do-sfo2-prod-cluster\\ncontexts:\\n- context:\\n cluster: do-sfo2-prod-cluster\\n user: do-sfo2-prod-cluster-admin\\n name: do-sfo2-prod-cluster\\ncurrent-context: do-sfo2-prod-cluster\\nkind: Config\\npreferences: {}\\nusers:\\n- name: do-sfo2-prod-cluster-admin\\n user:\\n token: dop_v1_a738c2f10d9e8b6d4c5b9f7a8e2d1c0b3a4f5d6e7g8h9i0j1k_prod_token\\n"}} +{"kind": "ground_truth", "id": 18, "match_type": "exact", "expected": {"line_number": 207, "secret": "pk.eyJ1IjoibWFwcHJvZHVjdGlvbiIsImEiOiJjazg1dGY3c2gwM3FmM21wZzRjY3Y5cGpzIn0.4k_O3Zf5xG5aE9Jd6pQxYw", "label": "True Positive"}, "actual": {"line_number": 7, "secret": "pk.eyJ1IjoibWFwcHJvZHVjdGlvbiIsImEiOiJjazg1dGY3c2gwM3FmM21wZzRjY3Y5cGpzIn0.4k_O3Zf5xG5aE9Jd6pQxYw"}} +{"kind": "ground_truth", "id": 18, "match_type": "exact", "expected": {"line_number": 213, "secret": "https://e8e7f8e6e5e44a4b8b8b9c9d0e1f2g3h@o450555.ingest.sentry.io/4505551234567890", "label": "True Positive"}, "actual": {"line_number": 13, "secret": "https://e8e7f8e6e5e44a4b8b8b9c9d0e1f2g3h@o450555.ingest.sentry.io/4505551234567890"}} +{"kind": "ground_truth", "id": 18, "match_type": "exact", "expected": {"line_number": 42, "secret": "postgres://prod_user_rw:8!hG#kL$pQ2s@db.prod.internal:5432/main", "label": "True Positive"}, "actual": {"line_number": 10, "secret": "postgres://prod_user_rw:8!hG#kL$pQ2s@db.prod.internal:5432/main"}} +{"kind": "ground_truth", "id": 18, "match_type": "partial", "expected": {"line_number": 45, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 13, "secret": "aws_access_key_id': 'AKIAY3R4WZ76X2P5QJ6M"}} +{"kind": "ground_truth", "id": 18, "match_type": "partial", "expected": {"line_number": 46, "secret": "wJalrXUtnFEMI/K7MDENG+bPxRfiCYzEXAMPLE", "label": "True Positive"}, "actual": {"line_number": 14, "secret": "aws_secret_access_key': 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYzEXAMPLE"}} +{"kind": "ground_truth", "id": 18, "match_type": "exact", "expected": {"line_number": 93, "secret": "AKIAIOSFODNN7EXAMPLE", "label": "True Positive"}, "actual": {"line_number": 6, "secret": "AKIAIOSFODNN7EXAMPLE"}} +{"kind": "ground_truth", "id": 18, "match_type": "exact", "expected": {"line_number": 94, "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "label": "True Positive"}, "actual": {"line_number": 7, "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"}} +{"kind": "ground_truth", "id": 18, "match_type": "exact", "expected": {"line_number": 104, "secret": "P@ssw0rdDbProd123!ChangeMe", "label": "True Positive"}, "actual": {"line_number": 17, "secret": "P@ssw0rdDbProd123!ChangeMe"}} +{"kind": "ground_truth", "id": 19, "match_type": "partial", "expected": {"line_number": 51, "secret": "postgres://prod_svc_user:aG#9z@K3qB$v7s@db-users-primary.c1xyz2abc3de.us-east-1.rds.amazonaws.com:5432/profiles", "label": "True Positive"}, "actual": {"line_number": 10, "secret": "SQLALCHEMY_DATABASE_URI'] = 'postgres://prod_svc_user:aG#9z@K3qB$v7s@db-users-primary.c1xyz2abc3de.us-east-1.rds.amazonaws.com:5432/profiles"}} +{"kind": "ground_truth", "id": 19, "match_type": "partial", "expected": {"line_number": 55, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3", "label": "True Positive"}, "actual": {"line_number": 14, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWq"}} +{"kind": "ground_truth", "id": 19, "match_type": "exact", "expected": {"line_number": 35, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 18, "secret": "AKIAY3R4WZ76X2P5QJ6M"}} +{"kind": "ground_truth", "id": 19, "match_type": "exact", "expected": {"line_number": 58, "secret": "https://hooks.slack.com/services/T00ABCDEFGH/B01IJKLMNOP/aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE", "label": "True Positive"}, "actual": {"line_number": 41, "secret": "https://hooks.slack.com/services/T00ABCDEFGH/B01IJKLMNOP/aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE"}} +{"kind": "ground_truth", "id": 19, "match_type": "missed", "expected": {"line_number": 36, "secret": "wJalrXUtnFEMI/K7MDENG/bpx5u22b8d1vRzBJB4", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 19, "match_type": "exact", "expected": {"line_number": 129, "secret": "dop_v1_a9b4c2f81d3e6g7h5i0j1k2l3m4n5o6p7q8r9s0t1u2v3w4x5y6z7a8b", "label": "True Positive"}, "actual": {"line_number": 18, "secret": "dop_v1_a9b4c2f81d3e6g7h5i0j1k2l3m4n5o6p7q8r9s0t1u2v3w4x5y6z7a8b"}} +{"kind": "ground_truth", "id": 19, "match_type": "exact", "expected": {"line_number": 95, "secret": "https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o450123.ingest.sentry.io/7890123", "label": "True Positive"}, "actual": {"line_number": 8, "secret": "https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o450123.ingest.sentry.io/7890123"}} +{"kind": "ground_truth", "id": 19, "match_type": "exact", "expected": {"line_number": 99, "secret": "pk.eyJ1IjoicHJvZC1tYXBib3gtZGV2IiwiYSI6ImNsOXFoOGxic2M0ZGczMnA5N3Mxa2FoNjh4In0.rAnDoMkEyNaMeCoMpLeXiBlE", "label": "True Positive"}, "actual": {"line_number": 12, "secret": "pk.eyJ1IjoicHJvZC1tYXBib3gtZGV2IiwiYSI6ImNsOXFoOGxic2M0ZGczMnA5N3Mxa2FoNjh4In0.rAnDoMkEyNaMeCoMpLeXiBlE"}} +{"kind": "ground_truth", "id": 19, "match_type": "exact", "expected": {"line_number": 103, "secret": "8qM4pL7xJ5sK1mF3bZ8oN6cW0qYdEaV4", "label": "True Positive"}, "actual": {"line_number": 16, "secret": "8qM4pL7xJ5sK1mF3bZ8oN6cW0qYdEaV4"}} +{"kind": "ground_truth", "id": 19, "match_type": "exact", "expected": {"line_number": 110, "secret": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlX2FjY291bnQiLCJzY29wZXMiOlsicmVhZDpzdGF0cyIsIndyaXRlOmdhbWVwbGF5Il0sImlhdCI6MTY2NTIyNjAwMCwiZXhwIjoxNjk2NzYyMDAwfQ.gH2fR5tU9zV4wL8xQoP6N7sC1kE3bX6yZ0mJ5vF4aDc", "label": "True Positive"}, "actual": {"line_number": 23, "secret": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlX2FjY291bnQiLCJzY29wZXMiOlsicmVhZDpzdGF0cyIsIndyaXRlOmdhbWVwbGF5Il0sImlhdCI6MTY2NTIyNjAwMCwiZXhwIjoxNjk2NzYyMDAwfQ.gH2fR5tU9zV4wL8xQoP6N7sC1kE3bX6yZ0mJ5vF4aDc"}} +{"kind": "ground_truth", "id": 19, "match_type": "missed", "expected": {"line_number": 31, "secret": "4!z$C&F)J@NcRfUjXn2r5u7x!A%D*G", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 19, "match_type": "missed", "expected": {"line_number": 39, "secret": "z$C&F)J@NcRfUjXn2r5u7x!A%D*G-KaPdSgVkYp3s6v9y/B?E(H+MbQeThWmZq4t", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 19, "match_type": "missed", "expected": {"line_number": 51, "secret": "key-8j2k5m7p9q1r3s4t6v8w0y1z3x5c7b9a", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 20, "match_type": "exact", "expected": {"line_number": 97, "secret": "AKIAU5N4F6V2X7L9W8K3", "label": "True Positive"}, "actual": {"line_number": 10, "secret": "AKIAU5N4F6V2X7L9W8K3"}} +{"kind": "ground_truth", "id": 20, "match_type": "exact", "expected": {"line_number": 98, "secret": "yJkLpQz8tHj9rWvXnF7sD2bA4gC6eM1hT5oI3uR", "label": "True Positive"}, "actual": {"line_number": 11, "secret": "yJkLpQz8tHj9rWvXnF7sD2bA4gC6eM1hT5oI3uR"}} +{"kind": "ground_truth", "id": 20, "match_type": "exact", "expected": {"line_number": 111, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 24, "secret": "https://hooks.slack.com/services/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"}} +{"kind": "ground_truth", "id": 20, "match_type": "exact", "expected": {"line_number": 42, "secret": "8f3e5b6d9c0a7f1e4d8b2c6a9f0e3d7b", "label": "True Positive"}, "actual": {"line_number": 2, "secret": "8f3e5b6d9c0a7f1e4d8b2c6a9f0e3d7b"}} +{"kind": "ground_truth", "id": 20, "match_type": "exact", "expected": {"line_number": 47, "secret": "u+K3v7Pq9bRz5sL1xT0w", "label": "True Positive"}, "actual": {"line_number": 7, "secret": "u+K3v7Pq9bRz5sL1xT0w"}} +{"kind": "ground_truth", "id": 20, "match_type": "exact", "expected": {"line_number": 118, "secret": "https://9abf873c5d64e1f0a2b3c4d5e6f78901@o450512.ingest.sentry.io/45054321012", "label": "True Positive"}, "actual": {"line_number": 7, "secret": "https://9abf873c5d64e1f0a2b3c4d5e6f78901@o450512.ingest.sentry.io/45054321012"}} +{"kind": "ground_truth", "id": 20, "match_type": "exact", "expected": {"line_number": 124, "secret": "pk.eyJ1IjoicmVhbGRldjk5IiwiYSI6ImNsdzR5Z3JqZzBmajIyaXFsMXB3dzQ2NzgifQ.w3bKgfS_h9n8FpG7S8z1Jg", "label": "True Positive"}, "actual": {"line_number": 13, "secret": "pk.eyJ1IjoicmVhbGRldjk5IiwiYSI6ImNsdzR5Z3JqZzBmajIyaXFsMXB3dzQ2NzgifQ.w3bKgfS_h9n8FpG7S8z1Jg"}} +{"kind": "ground_truth", "id": 20, "match_type": "exact", "expected": {"line_number": 43, "secret": "dckr_pat_1sT2uV3wX4yZ5aB6c-D7eF8gH9i", "label": "True Positive"}, "actual": {"line_number": 19, "secret": "dckr_pat_1sT2uV3wX4yZ5aB6c-D7eF8gH9i"}} +{"kind": "ground_truth", "id": 20, "match_type": "missed", "expected": {"line_number": 61, "secret": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS\n1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQQMzMhV14/tYpG+0s/VfT3Rz2B6eJgA\nm9gK0fe9WSCuY8Z6S4M0+iYfJ7a3C5u/m8n0f8a9gJ0bH2c1QAAAAlhbGljZUBleGFtcGxl\nLmNvbQ==\n-----END OPENSSH PRIVATE KEY-----", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 20, "match_type": "exact", "expected": {"line_number": 13, "secret": "jdbc:postgresql://db-repl-cluster-1.us-east-2.rds.amazonaws.com:5432/analytics_db", "label": "True Positive"}, "actual": {"line_number": 13, "secret": "jdbc:postgresql://db-repl-cluster-1.us-east-2.rds.amazonaws.com:5432/analytics_db"}} +{"kind": "ground_truth", "id": 20, "match_type": "exact", "expected": {"line_number": 15, "secret": "p#a5sWd_9F!gH", "label": "True Positive"}, "actual": {"line_number": 15, "secret": "p#a5sWd_9F!gH"}} +{"kind": "ground_truth", "id": 20, "match_type": "exact", "expected": {"line_number": 24, "secret": "gK9pD3rX8vLhT6bFzA4mSjR7uW1qV0iNzY5eC2oP/cE=", "label": "True Positive"}, "actual": {"line_number": 24, "secret": "gK9pD3rX8vLhT6bFzA4mSjR7uW1qV0iNzY5eC2oP/cE="}} +{"kind": "ground_truth", "id": 20, "match_type": "missed", "expected": {"line_number": 14, "secret": "etl_worker_usr", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 21, "match_type": "exact", "expected": {"line_number": 95, "secret": "AKIA4J7V5Y7U3N2P5Q6R", "label": "True Positive"}, "actual": {"line_number": 8, "secret": "AKIA4J7V5Y7U3N2P5Q6R"}} +{"kind": "ground_truth", "id": 21, "match_type": "exact", "expected": {"line_number": 96, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 9, "secret": "jZ8v/L9K+mN4PqR7sT1uVwXyZ/aB3cD4eF6gH7hI"}} +{"kind": "ground_truth", "id": 21, "match_type": "partial", "expected": {"line_number": 37, "secret": "dckr_pat_aRqS4fGz3tYpLm9vBx2wK7jNc8zD1oE", "label": "True Positive"}, "actual": {"line_number": 23, "secret": "password: dckr_pat_aRqS4fGz3tYpLm9vBx2wK7jNc8zD1oE"}} +{"kind": "ground_truth", "id": 21, "match_type": "missed", "expected": {"line_number": 53, "secret": "HRKU-a0b1c2d3-e4f5-6789-a0b1-c2d3e4f56789", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 21, "match_type": "exact", "expected": {"line_number": 52, "secret": "7b2f4a5c8e1d9g3h5i7j6k1l3m4n5o6p", "label": "True Positive"}, "actual": {"line_number": 20, "secret": "7b2f4a5c8e1d9g3h5i7j6k1l3m4n5o6p"}} +{"kind": "ground_truth", "id": 21, "match_type": "exact", "expected": {"line_number": 120, "secret": "https://b3c1d4e5f6a7b8c9d0e1f2a3b4c5d6e7@o123456.ingest.sentry.io/7890123", "label": "True Positive"}, "actual": {"line_number": 9, "secret": "https://b3c1d4e5f6a7b8c9d0e1f2a3b4c5d6e7@o123456.ingest.sentry.io/7890123"}} +{"kind": "ground_truth", "id": 21, "match_type": "exact", "expected": {"line_number": 127, "secret": "pk.eyJ1IjoibXlicmFuZGFwcCIsImEiOiJjbGo3cDF3cDAxM2QzM2VwMnR4bzBqemVyIn0.hZl8pAqK5n9bC2eR1fG0oQ", "label": "True Positive"}, "actual": {"line_number": 16, "secret": "pk.eyJ1IjoibXlicmFuZGFwcCIsImEiOiJjbGo3cDF3cDAxM2QzM2VwMnR4bzBqemVyIn0.hZl8pAqK5n9bC2eR1fG0oQ"}} +{"kind": "ground_truth", "id": 21, "match_type": "partial", "expected": {"line_number": 217, "secret": "postgres://billing_svc_user:p5^z@kL$9!sR@prod-db-replica-1.us-east-1.rds.amazonaws.com:5432/billing_prod", "label": "True Positive"}, "actual": {"line_number": 7, "secret": "p5^z"}} +{"kind": "ground_truth", "id": 21, "match_type": "partial", "expected": {"line_number": 227, "secret": "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhdXRoLXRva2VuIiwiZXhwIjoxNjk5ODgwOTU1fQ.X2mZ4pBv8qC6wN3rF1eD0sJ7gT9hK8uL5oA", "label": "True Positive"}, "actual": {"line_number": 17, "secret": "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhdXRoLXRva2VuIiwiZXhwIjoxNjk5ODgwOTU1fQ."}} +{"kind": "ground_truth", "id": 21, "match_type": "missed", "expected": {"line_number": 230, "secret": "sdk-e6a8c4f9-b0d3-4f1e-8a7b-9c2d0f3e5b6a", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 21, "match_type": "missed", "expected": {"line_number": 234, "secret": "Kq5dG3iSgPi1Lw0bM4rV7cHuZx/N+pU8wJ2lO3fF6xg=", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 22, "match_type": "exact", "expected": {"line_number": 118, "secret": "AKIAV7S4M3PZ5LQXJH9R", "label": "True Positive"}, "actual": {"line_number": 7, "secret": "AKIAV7S4M3PZ5LQXJH9R"}} +{"kind": "ground_truth", "id": 22, "match_type": "exact", "expected": {"line_number": 119, "secret": "uJt+nE7i/K8zXw9VhG2qfB1sYd0cR5zP3oI4sL7g", "label": "True Positive"}, "actual": {"line_number": 8, "secret": "uJt+nE7i/K8zXw9VhG2qfB1sYd0cR5zP3oI4sL7g"}} +{"kind": "ground_truth", "id": 22, "match_type": "exact", "expected": {"line_number": 67, "secret": "ghp_bK9yR3tX1vP5zN7mW0sD8jF2hG6cV4eLqA", "label": "True Positive"}, "actual": {"line_number": 27, "secret": "ghp_bK9yR3tX1vP5zN7mW0sD8jF2hG6cV4eLqA"}} +{"kind": "ground_truth", "id": 22, "match_type": "partial", "expected": {"line_number": 73, "secret": "https://hooks.slack.com/services/T00ABCDEF/B01234567/j9kL8hG7fE6dC5b4A3s2S1qP", "label": "True Positive"}, "actual": {"line_number": 33, "secret": "Content-type: application/json' --data '{\"text\":\"Staging deploy failed for commit ${{ github.sha }}\"}"}} +{"kind": "ground_truth", "id": 22, "match_type": "exact", "expected": {"line_number": 46, "secret": "Adm1nPassw0rd$tr0ng!2023", "label": "True Positive"}, "actual": {"line_number": 19, "secret": "Adm1nPassw0rd$tr0ng!2023"}} +{"kind": "ground_truth", "id": 22, "match_type": "exact", "expected": {"line_number": 63, "secret": "postgres://platform_admin:Adm1nPassw0rd$tr0ng!2023@${aws_db_instance.main_db.address}:5432/platformdb", "label": "True Positive"}, "actual": {"line_number": 36, "secret": "postgres://platform_admin:Adm1nPassw0rd$tr0ng!2023@${aws_db_instance.main_db.address}:5432/platformdb"}} +{"kind": "ground_truth", "id": 22, "match_type": "exact", "expected": {"line_number": 201, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtwcmd6cm1rc3Z5cWpmcndocHRkIiwicm9sZSI6ImFub24iLCJpYXQiOjE2Nzk2NjU4MjMsImV4cCI6MTk5NTI0MTgyM30.4iU9a-y9mC2bYDDsYk1E1f0LgR8PzO7JqN6cX-wB1A4", "label": "True Positive"}, "actual": {"line_number": 14, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtwcmd6cm1rc3Z5cWpmcndocHRkIiwicm9sZSI6ImFub24iLCJpYXQiOjE2Nzk2NjU4MjMsImV4cCI6MTk5NTI0MTgyM30.4iU9a-y9mC2bYDDsYk1E1f0LgR8PzO7JqN6cX-wB1A4"}} +{"kind": "ground_truth", "id": 22, "match_type": "exact", "expected": {"line_number": 207, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtwcmd6cm1rc3Z5cWpmcndocHRkIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImlhdCI6MTY3OTY2NTgyMywiZXhwIjoxOTk1MjQxODIzfQ.kL8T5gV2rE1zO6pJ9bN4yF0wH7uX3eC8iS1aB0d9F6E", "label": "True Positive"}, "actual": {"line_number": 20, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtwcmd6cm1rc3Z5cWpmcndocHRkIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImlhdCI6MTY3OTY2NTgyMywiZXhwIjoxOTk1MjQxODIzfQ.kL8T5gV2rE1zO6pJ9bN4yF0wH7uX3eC8iS1aB0d9F6E"}} +{"kind": "ground_truth", "id": 22, "match_type": "partial", "expected": {"line_number": 92, "secret": "AIzaSyBw-D9Gv_FzTjuKmL8sH2pR1oY7qE6bXz4", "label": "True Positive"}, "actual": {"line_number": 21, "secret": "String\", \"GOOGLE_MAPS_API_KEY\", '\"AIzaSyBw-D9Gv_FzTjuKmL8sH2pR1oY7qE6bXz4"}} +{"kind": "ground_truth", "id": 22, "match_type": "partial", "expected": {"line_number": 93, "secret": "8a7b6c5d4e3f2g1h0j9k8l7m6n5o4p3q", "label": "True Positive"}, "actual": {"line_number": 22, "secret": "String\", \"OPENWEATHER_API_KEY\", '\"8a7b6c5d4e3f2g1h0j9k8l7m6n5o4p3q"}} +{"kind": "ground_truth", "id": 22, "match_type": "exact", "expected": {"line_number": 99, "secret": "UnsafeKeyStorePassword123", "label": "True Positive"}, "actual": {"line_number": 28, "secret": "UnsafeKeyStorePassword123"}} +{"kind": "ground_truth", "id": 22, "match_type": "missed", "expected": {"line_number": 101, "secret": "UnsafeKeyPassword!@#", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 23, "match_type": "partial", "expected": {"line_number": 96, "secret": "postgres://report_writer:j$F9*kL2!pQ@dbr-prod-az1.c8xyzefg1234.us-east-1.rds.amazonaws.com:5432/reporting_db", "label": "True Positive"}, "actual": {"line_number": 9, "secret": "SQLALCHEMY_DATABASE_URI'] = 'postgres://report_writer:j$F9*kL2!pQ@dbr-prod-az1.c8xyzefg1234.us-east-1.rds.amazonaws.com:5432/reporting_db"}} +{"kind": "ground_truth", "id": 23, "match_type": "exact", "expected": {"line_number": 98, "secret": "45d6f3c1b0a8f7e6d5c4b3a291807f6e5d4c3b2a19807f6e", "label": "True Positive"}, "actual": {"line_number": 11, "secret": "45d6f3c1b0a8f7e6d5c4b3a291807f6e5d4c3b2a19807f6e"}} +{"kind": "ground_truth", "id": 23, "match_type": "exact", "expected": {"line_number": 56, "secret": "AKIAU4O6GJ5Y3B7VZIW9", "label": "True Positive"}, "actual": {"line_number": 16, "secret": "AKIAU4O6GJ5Y3B7VZIW9"}} +{"kind": "ground_truth", "id": 23, "match_type": "exact", "expected": {"line_number": 57, "secret": "eK/qLpW8xV9sY2zC3jB5aN4mD6fG7hJ8kL/mN1oP", "label": "True Positive"}, "actual": {"line_number": 17, "secret": "eK/qLpW8xV9sY2zC3jB5aN4mD6fG7hJ8kL/mN1oP"}} +{"kind": "ground_truth", "id": 23, "match_type": "exact", "expected": {"line_number": 19, "secret": "dckr_pat_JqT5kL9nW3xS8pZ2yV6cR7uF4mB1gH", "label": "True Positive"}, "actual": {"line_number": 19, "secret": "dckr_pat_JqT5kL9nW3xS8pZ2yV6cR7uF4mB1gH"}} +{"kind": "ground_truth", "id": 23, "match_type": "partial", "expected": {"line_number": 38, "secret": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtZW\nQyNTUxOQAAACBPKwuHqROMV0/OTYzcO1y4FmsiUFrgHnpymGU9VvL2pgAAAJgAm9bWJpvW\n1gAAAAdzc2gtZWQyNTUxOQAAACBPKwuHqROMV0/OTYzcO1y4FmsiUFrgHnpymGU9VvL2pg\nAAAAQE4bM6z2vLwJ1Qe7O7S5s+4TBuw+BGfS2b1Uv+8T+zKPKwuHqROMV0/OTYzcO1y4Fm\nsiUFrgHnpymGU9VvL2pgAAAAEXJvb3RAZGVib3BzLTc2LmxhbgECAwQFBgc=\n-----END OPENSSH PRIVATE KEY-----", "label": "True Positive"}, "actual": {"line_number": 38, "secret": "BEGIN OPENSSH PRIVATE KEY"}} +{"kind": "ground_truth", "id": 23, "match_type": "exact", "expected": {"line_number": 117, "secret": "pk.eyJ1IjoiZGF0YXZpenVzZXIiLCJhIjoiY2xwdXI2eHVhMGc3cTJrbzZ2d2k4cDFoOSJ9.gK4wV3oX9lPjQ7sR1eZfBq", "label": "True Positive"}, "actual": {"line_number": 6, "secret": "pk.eyJ1IjoiZGF0YXZpenVzZXIiLCJhIjoiY2xwdXI2eHVhMGc3cTJrbzZ2d2k4cDFoOSJ9.gK4wV3oX9lPjQ7sR1eZfBq"}} +{"kind": "ground_truth", "id": 23, "match_type": "partial", "expected": {"line_number": 14, "secret": "SG.rTk8wX3qS7iE9fG2hJ5kL.pZ6xV7yW1zB4cE6fG8hJ0kM2nO4qR6sT8uV9wY1zA3b", "label": "True Positive"}, "actual": {"line_number": 14, "secret": "SendGridApiKey\": \"SG.rTk8wX3qS7iE9fG2hJ5kL.pZ6xV7yW1zB4cE6fG8hJ0kM2nO4qR6sT8uV9wY1zA3b"}} +{"kind": "ground_truth", "id": 23, "match_type": "partial", "expected": {"line_number": 23, "secret": "DefaultEndpointsProtocol=https;AccountName=prodblobstore987;AccountKey=zXcVbN6mPqR9sT2uW4xY7zC3jB5aN4mD6fG8hJ0kM2nO4qR6sT8uV9wY1zA3bE5fG7hJ8kL+A==;EndpointSuffix=core.windows.net", "label": "True Positive"}, "actual": {"line_number": 23, "secret": "StorageConnection\": \"DefaultEndpointsProtocol=https;AccountName=prodblobstore987;AccountKey=zXcVbN6mPqR9sT2uW4xY7zC3jB5aN4mD6fG8hJ0kM2nO4qR6sT8uV9wY1zA3bE5fG7hJ8kL+A==;EndpointSuffix=core.windows.net"}} +{"kind": "ground_truth", "id": 24, "match_type": "exact", "expected": {"line_number": 101, "secret": "postgres://auth_svc_user:gH#kL$pQ2s!8fT@prod-db-master.c8d9e0f.us-east-1.rds.amazonaws.com:5432/user_auth_prod", "label": "True Positive"}, "actual": {"line_number": 14, "secret": "postgres://auth_svc_user:gH#kL$pQ2s!8fT@prod-db-master.c8d9e0f.us-east-1.rds.amazonaws.com:5432/user_auth_prod"}} +{"kind": "ground_truth", "id": 24, "match_type": "exact", "expected": {"line_number": 111, "secret": "sk-proj-aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdEjKlMnOpQrStUvWx", "label": "True Positive"}, "actual": {"line_number": 24, "secret": "sk-proj-aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdEjKlMnOpQrStUvWx"}} +{"kind": "ground_truth", "id": 24, "match_type": "exact", "expected": {"line_number": 60, "secret": "AKIAUVXWR6Y7ZJ2P5QSD", "label": "True Positive"}, "actual": {"line_number": 16, "secret": "AKIAUVXWR6Y7ZJ2P5QSD"}} +{"kind": "ground_truth", "id": 24, "match_type": "exact", "expected": {"line_number": 76, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 32, "secret": "https://hooks.slack.com/services/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"}} +{"kind": "ground_truth", "id": 24, "match_type": "missed", "expected": {"line_number": 61, "secret": "mX9vB4nD3fG6hK2jL5pQ8rT1uW4yZ7+a0bCDEFg", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 24, "match_type": "exact", "expected": {"line_number": 133, "secret": "dXNlcl9kZXBsb3k6Zkc5amwzTTl2WjRuNCEyQw==", "label": "True Positive"}, "actual": {"line_number": 22, "secret": "dXNlcl9kZXBsb3k6Zkc5amwzTTl2WjRuNCEyQw=="}} +{"kind": "ground_truth", "id": 24, "match_type": "exact", "expected": {"line_number": 79, "secret": "p@sswd_7h6f$G!kLz9qR", "label": "True Positive"}, "actual": {"line_number": 8, "secret": "p@sswd_7h6f$G!kLz9qR"}} +{"kind": "ground_truth", "id": 24, "match_type": "exact", "expected": {"line_number": 86, "secret": "key-9f8e7d6c5b4a3a2a1b0c9d8e7f6a5b4c", "label": "True Positive"}, "actual": {"line_number": 15, "secret": "key-9f8e7d6c5b4a3a2a1b0c9d8e7f6a5b4c"}} +{"kind": "ground_truth", "id": 24, "match_type": "partial", "expected": {"line_number": 220, "secret": "-----BEGIN PRIVATE KEY-----\\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDRsjqzmVzLzI5s\\nC8G9q4W8z4W1tZ5rZ2E3yK1nS0fGqV5p6b2yY1nL8v1zT0uB7jA4cD8eF6gS0k9c\\n... (key data truncated for brevity in real files, but not here) ...\\naBcDeFgHiJkLmNoPqRsTuVwXyZaBcDeFtU6vW8yZ/aBcDeFgHiJkLmNoPqR=\\n-----END PRIVATE KEY-----", "label": "True Positive"}, "actual": {"line_number": 11, "secret": "BEGIN PRIVATE KEY"}} +{"kind": "ground_truth", "id": 24, "match_type": "exact", "expected": {"line_number": 227, "secret": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", "label": "True Positive"}, "actual": {"line_number": 18, "secret": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6"}} +{"kind": "ground_truth", "id": 25, "match_type": "exact", "expected": {"line_number": 131, "secret": "4%jK#pL9sV!qR8bF&gH3", "label": "True Positive"}, "actual": {"line_number": 20, "secret": "4%jK#pL9sV!qR8bF&gH3"}} +{"kind": "ground_truth", "id": 25, "match_type": "partial", "expected": {"line_number": 138, "secret": "amqp://event_handler:dG9oN6cpL8tXy@rabbitmq-cluster.prod:5672/analytics_vhost", "label": "True Positive"}, "actual": {"line_number": 27, "secret": "dG9oN6cpL8tXy"}} +{"kind": "ground_truth", "id": 25, "match_type": "exact", "expected": {"line_number": 47, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 3, "secret": "AKIAY3R4WZ76X2P5QJ6M"}} +{"kind": "ground_truth", "id": 25, "match_type": "exact", "expected": {"line_number": 48, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 4, "secret": "vK9rP4mF2tXzG1sJ7bL5cW8qN0hY3dE/aI6uO4xS"}} +{"kind": "ground_truth", "id": 25, "match_type": "exact", "expected": {"line_number": 87, "secret": "AKIAV5TZEU4QPC6GLFIB", "label": "True Positive"}, "actual": {"line_number": 10, "secret": "AKIAV5TZEU4QPC6GLFIB"}} +{"kind": "ground_truth", "id": 25, "match_type": "exact", "expected": {"line_number": 88, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 11, "secret": "aH2jL9sV/pQ7rB3fG1kM8oN5cW0qYdE+zR4vJ2xC"}} +{"kind": "ground_truth", "id": 25, "match_type": "exact", "expected": {"line_number": 29, "secret": "pk.eyJ1IjoibW9iaWxlLXVzZXIxMiIsImEiOiJjbHB4dWRjc3QwYWR5MmtvNmg2cHl6ZzVyIn0.aF9rP2gS1tY8cE4jK6oMvQ", "label": "True Positive"}, "actual": {"line_number": 9, "secret": "pk.eyJ1IjoibW9iaWxlLXVzZXIxMiIsImEiOiJjbHB4dWRjc3QwYWR5MmtvNmg2cHl6ZzVyIn0.aF9rP2gS1tY8cE4jK6oMvQ"}} +{"kind": "ground_truth", "id": 25, "match_type": "exact", "expected": {"line_number": 34, "secret": "seg_7mF3bZ8oN6cW0qYdE2pH7rL9sV1pQ4gH", "label": "True Positive"}, "actual": {"line_number": 14, "secret": "seg_7mF3bZ8oN6cW0qYdE2pH7rL9sV1pQ4gH"}} +{"kind": "ground_truth", "id": 25, "match_type": "exact", "expected": {"line_number": 38, "secret": "https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o998877.ingest.sentry.io/1234567", "label": "True Positive"}, "actual": {"line_number": 18, "secret": "https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o998877.ingest.sentry.io/1234567"}} +{"kind": "ground_truth", "id": 25, "match_type": "exact", "expected": {"line_number": 17, "secret": "dckr_pat_b3FpZ9sK1mFj8oN6cW0qYdE2pH7rL", "label": "True Positive"}, "actual": {"line_number": 17, "secret": "dckr_pat_b3FpZ9sK1mFj8oN6cW0qYdE2pH7rL"}} +{"kind": "ground_truth", "id": 25, "match_type": "partial", "expected": {"line_number": 32, "secret": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImE4ZTVjMGEyYjYwZDE2NjYyOTI1OGNjZmMzYjI2Y2I4In0.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmNpOmdsaWRlciJ9.bX4fP8vR2wN9qK7vZ-lS6wYjZ8eT0nC-kF4gH1sJ3", "label": "True Positive"}, "actual": {"line_number": 32, "secret": "https://gke.prod-cluster.acme.io"}} +{"kind": "ground_truth", "id": 26, "match_type": "exact", "expected": {"line_number": 82, "secret": "postgres://orders_api_user:fJ8#zL@9pQ$wK1!n@db.prod-us-east-1a.internal:5432/orders_production", "label": "True Positive"}, "actual": {"line_number": 11, "secret": "postgres://orders_api_user:fJ8#zL@9pQ$wK1!n@db.prod-us-east-1a.internal:5432/orders_production"}} +{"kind": "ground_truth", "id": 26, "match_type": "exact", "expected": {"line_number": 90, "secret": "sk_live_51KoLx2BkF9zH8jR4aG1uWqSpL3bV7nTcX6yZ0mO8eF4vI9tP2uK5rJgS3hN7cW", "label": "True Positive"}, "actual": {"line_number": 19, "secret": "sk_live_51KoLx2BkF9zH8jR4aG1uWqSpL3bV7nTcX6yZ0mO8eF4vI9tP2uK5rJgS3hN7cW"}} +{"kind": "ground_truth", "id": 26, "match_type": "exact", "expected": {"line_number": 27, "secret": "dckr_pat_uHj7gQ9rT4vL9yK2wF5zX8oN3aB6d", "label": "True Positive"}, "actual": {"line_number": 10, "secret": "dckr_pat_uHj7gQ9rT4vL9yK2wF5zX8oN3aB6d"}} +{"kind": "ground_truth", "id": 26, "match_type": "exact", "expected": {"line_number": 28, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 11, "secret": "https://hooks.slack.com/services/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"}} +{"kind": "ground_truth", "id": 26, "match_type": "exact", "expected": {"line_number": 29, "secret": "apiVersion: v1\\nclusters:\\n- cluster:\\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFVENDQWxrZ0F3SUJBZ0lSQU5QVCtpb0c5djVqdjBBRW1nU1ZGTXN3Q2dZSUtvWkl6ajBFQXdJd0ZqRVUKTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1CNFhEVEl5TURjeU5ERXhNekV5Tkg4WERUSTBNRGd5T0RFeApNekV5TkgwZ096QXhNQzR4SURFYU1CZ0dBMVVFQ2hNU1FXVnpkR2x2Ym5NdlpHbHRZV2RsY2kxbmJHRnBiWE1NCkdBMVVFQXhNRmMyVmpkWEpwZEhrdWFHSnliM1JsZVRBZkJnTlZCQW9NRG5ONWMzUmxiVHBzYjNkbGJEMW5iR0ZwCmJYTTZJRG9nTUdFeEdUQVhCZ05WQkFNTUdFbGtZbDl3WVdkeVpYSnZibWN4TG1Gb2IzVjBkRlJFWlhKemIyNW0KYkdWMFlXNWpaU0JEYjI1MFpYTjBMbU52YlNCb2IzVjBkSFZ5YVdObExtWnBaWEl3SGhjTk1USTFNRGN4TURFNApNak00V2hjTk1UWXhNekF5TURFNU1qTTFXakE5TVI4d0hRWURWUVFLRXhaTmJHOWhaRzFwY3oxbFpHVnBiWE14Ckh6QWRCZ05WQkFNVEszaGhjbVV1WkhKallYUnBiMjV6TG5OdmJXRnpkR1Z5TFc5b2IyNDViMlJsYkhNdWMybHoKY21sMGEyVjBaSFZ5YVdObElFTmhjbVV1WkhKallYUnBiMjV6TFNCcFpHZGhiWEJzWlM1amIyMHdnZ0VpTUEwRwpDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRGZZKzgvS0hWQjh4WnZ0c0V0T0R0aFFpZFFDTnIKZ1R3NU1uWWdZbkYwYnJvM2ZLRllDTkZrb0Q4S0lPZmR0Z2ZHTjhtLyt1NG1rWUVKTE1RblZtVTRnUWl4M3JqZQp2TEx4OGl1VWZuVmxDT0ZkL2VHRXpjaDlMR1l2Z2Q3R0w1bVdCUnF5ZStjM1B5bU84a0d4bWpWbGl5eS9CcwpkK3Z4a3V2b1Mxc2d5TUVlY0ZPM3V6UmsvblZSb2lLR1lJcVNzc1p4eHlBbzVLRHFnL3p4NEl4eCtvTWd3QXoKNnJ4a1ZJdG9vNGhYc2R4c0E0aGFYajJmYVdGckk3b09kVkRucnczZDFLcnZ3dk9wU2xHNGswMVhxY3JGUlMKbjlTOWc4a25xL01BaWdKOWg2b25tNFFEQWdNQkFBR2pnWU13Z1lBd0hRWURWUjBPQkJZRUZEZDBsZTF1c25ICkczT2x2clBqdzF5N0hXSmJNQjhHQTFVZEl3UVlNQmFBRkRkMGxlMXVzbmhHM09sdnJQancxeTdIV0pqTUJnRwpBMVVkSlFRV01CUUdDcUdHU0liM0RRRUJDd1VBT0dDQVFFQXp2dDBoMWNpc2Z0eXQ5dHRtV2hYdEd4NmdFbjcKYjlxY0ZpS042aG5uZmF0a2x4K2t2Wkd4WlVqYnp2VzJtNmp3L3Y0T2k5ZkZ1QWlXdm9LMG1zMEJVRkF0OW9JCllwZ0FpU3UvTzRjMXN0MXJpYnQ5c0J0L2x1VzhCVDFVd0x1UHNlRGNVd1V0eFNMVyt0ek5qZkZQeDFyZEg3bAp1M1V5eE9ScVd5SWY1Nm9zQkErb3VmMERvMXJjU0Z0SWFvRDBHSHhld3A1amN5b25kZ2h5WnJLVllDdlk1TksKU3Uxb0V4VXRlMGRjWnl3a0NqYytlSWgrSndVQU1kRjdLclVRM0pYcWd2WExvY2R1S3F4cFVmZTRlMWF0a3E5CnVvQnNBQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K server: https://1E2D3F4A.sk1.us-west-2.eks.amazonaws.com\\n name: eks-prod-cluster\\ncontexts:\\n- context:\\n cluster: eks-prod-cluster\\n user: eks-prod-user\\n name: eks-prod-context\\ncurrent-context: eks-prod-context\\nkind: Config\\npreferences: {}\\nusers:\\n- name: eks-prod-user\\n user:\\n token: k8s-aws-v1.aHR0cHM6Ly9zdHMuYW1hem9uYXdzLmNvbS8_QWN0aW9uPUdldENhbGxlcklkZW50aXR5JlgxMT1leGVjLmluZm8mWC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BU0lBVklaWDhNTzZYT0o1WE1EMiUyRjIwMjMwNjEzJTJGcnUtY2VudHJhbC0xJTJGc3RzJTJGYXdzNF9yZXF1ZXN0Jlg...", "label": "True Positive"}, "actual": {"line_number": 12, "secret": "apiVersion: v1\\nclusters:\\n- cluster:\\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFVENDQWxrZ0F3SUJBZ0lSQU5QVCtpb0c5djVqdjBBRW1nU1ZGTXN3Q2dZSUtvWkl6ajBFQXdJd0ZqRVUKTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1CNFhEVEl5TURjeU5ERXhNekV5Tkg4WERUSTBNRGd5T0RFeApNekV5TkgwZ096QXhNQzR4SURFYU1CZ0dBMVVFQ2hNU1FXVnpkR2x2Ym5NdlpHbHRZV2RsY2kxbmJHRnBiWE1NCkdBMVVFQXhNRmMyVmpkWEpwZEhrdWFHSnliM1JsZVRBZkJnTlZCQW9NRG5ONWMzUmxiVHBzYjNkbGJEMW5iR0ZwCmJYTTZJRG9nTUdFeEdUQVhCZ05WQkFNTUdFbGtZbDl3WVdkeVpYSnZibWN4TG1Gb2IzVjBkRlJFWlhKemIyNW0KYkdWMFlXNWpaU0JEYjI1MFpYTjBMbU52YlNCb2IzVjBkSFZ5YVdObExtWnBaWEl3SGhjTk1USTFNRGN4TURFNApNak00V2hjTk1UWXhNekF5TURFNU1qTTFXakE5TVI4d0hRWURWUVFLRXhaTmJHOWhaRzFwY3oxbFpHVnBiWE14Ckh6QWRCZ05WQkFNVEszaGhjbVV1WkhKallYUnBiMjV6TG5OdmJXRnpkR1Z5TFc5b2IyNDViMlJsYkhNdWMybHoKY21sMGEyVjBaSFZ5YVdObElFTmhjbVV1WkhKallYUnBiMjV6TFNCcFpHZGhiWEJzWlM1amIyMHdnZ0VpTUEwRwpDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRGZZKzgvS0hWQjh4WnZ0c0V0T0R0aFFpZFFDTnIKZ1R3NU1uWWdZbkYwYnJvM2ZLRllDTkZrb0Q4S0lPZmR0Z2ZHTjhtLyt1NG1rWUVKTE1RblZtVTRnUWl4M3JqZQp2TEx4OGl1VWZuVmxDT0ZkL2VHRXpjaDlMR1l2Z2Q3R0w1bVdCUnF5ZStjM1B5bU84a0d4bWpWbGl5eS9CcwpkK3Z4a3V2b1Mxc2d5TUVlY0ZPM3V6UmsvblZSb2lLR1lJcVNzc1p4eHlBbzVLRHFnL3p4NEl4eCtvTWd3QXoKNnJ4a1ZJdG9vNGhYc2R4c0E0aGFYajJmYVdGckk3b09kVkRucnczZDFLcnZ3dk9wU2xHNGswMVhxY3JGUlMKbjlTOWc4a25xL01BaWdKOWg2b25tNFFEQWdNQkFBR2pnWU13Z1lBd0hRWURWUjBPQkJZRUZEZDBsZTF1c25ICkczT2x2clBqdzF5N0hXSmJNQjhHQTFVZEl3UVlNQmFBRkRkMGxlMXVzbmhHM09sdnJQancxeTdIV0pqTUJnRwpBMVVkSlFRV01CUUdDcUdHU0liM0RRRUJDd1VBT0dDQVFFQXp2dDBoMWNpc2Z0eXQ5dHRtV2hYdEd4NmdFbjcKYjlxY0ZpS042aG5uZmF0a2x4K2t2Wkd4WlVqYnp2VzJtNmp3L3Y0T2k5ZkZ1QWlXdm9LMG1zMEJVRkF0OW9JCllwZ0FpU3UvTzRjMXN0MXJpYnQ5c0J0L2x1VzhCVDFVd0x1UHNlRGNVd1V0eFNMVyt0ek5qZkZQeDFyZEg3bAp1M1V5eE9ScVd5SWY1Nm9zQkErb3VmMERvMXJjU0Z0SWFvRDBHSHhld3A1amN5b25kZ2h5WnJLVllDdlk1TksKU3Uxb0V4VXRlMGRjWnl3a0NqYytlSWgrSndVQU1kRjdLclVRM0pYcWd2WExvY2R1S3F4cFVmZTRlMWF0a3E5CnVvQnNBQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K server: https://1E2D3F4A.sk1.us-west-2.eks.amazonaws.com\\n name: eks-prod-cluster\\ncontexts:\\n- context:\\n cluster: eks-prod-cluster\\n user: eks-prod-user\\n name: eks-prod-context\\ncurrent-context: eks-prod-context\\nkind: Config\\npreferences: {}\\nusers:\\n- name: eks-prod-user\\n user:\\n token: k8s-aws-v1.aHR0cHM6Ly9zdHMuYW1hem9uYXdzLmNvbS8_QWN0aW9uPUdldENhbGxlcklkZW50aXR5JlgxMT1leGVjLmluZm8mWC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BU0lBVklaWDhNTzZYT0o1WE1EMiUyRjIwMjMwNjEzJTJGcnUtY2VudHJhbC0xJTJGc3RzJTJGYXdzNF9yZXF1ZXN0Jlg..."}} +{"kind": "ground_truth", "id": 26, "match_type": "exact", "expected": {"line_number": 46, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 5, "secret": "AKIAY3R4WZ76X2P5QJ6M"}} +{"kind": "ground_truth", "id": 26, "match_type": "exact", "expected": {"line_number": 47, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 6, "secret": "pL8hJk/aGvN7YcT2XrU4FzE9mBwD5+qI3oV1sSgK"}} +{"kind": "ground_truth", "id": 26, "match_type": "exact", "expected": {"line_number": 208, "secret": "Endpoint=sb://myeventhub-prod.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=jV3zK9bR4sP7xG1fH5vD2uM8qY6wL0aT+AbC=dEfGhI=", "label": "True Positive"}, "actual": {"line_number": 8, "secret": "Endpoint=sb://myeventhub-prod.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=jV3zK9bR4sP7xG1fH5vD2uM8qY6wL0aT+AbC=dEfGhI="}} +{"kind": "ground_truth", "id": 26, "match_type": "exact", "expected": {"line_number": 228, "secret": "SG.aV4gH9rT2pL7.xJ5sK1mF3bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mF3bZ8oN", "label": "True Positive"}, "actual": {"line_number": 28, "secret": "SG.aV4gH9rT2pL7.xJ5sK1mF3bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mF3bZ8oN"}} +{"kind": "ground_truth", "id": 26, "match_type": "missed", "expected": {"line_number": 127, "secret": "{\n\"type\": \"service_account\",\n\"project_id\": \"internal-data-pipeline-314159\",\n\"private_key_id\": \"a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0\",\n\"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6sA7g5+fE6tSj\\n4p6t2w3x...\\n... (key data continues) ...\\nfN4r4c0i9v6j5t7r9s1u3v5x7z9A1B3C5E7G9I1K3M5O7Q9S1U3W5Y7Z9a1c3e5g\\n7i9k1m3o5q7s9u1w3y5z7B9D1F3H5J7L9N1P3R5T7V9X1Z3b5d7f9h1j3l5n7p9r\\n...\\n-----END PRIVATE KEY-----\\n\",\n\"client_email\": \"backup-runner@internal-data-pipeline-314159.iam.gserviceaccount.com\",\n\"client_id\": \"109876543210987654321\",\n\"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\n\"token_uri\": \"https://oauth2.googleapis.com/token\",\n\"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\n\"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/backup-runner%40internal-data-pipeline-314159.iam.gserviceaccount.com\"\n}", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 28, "match_type": "partial", "expected": {"line_number": 131, "secret": "sk_live_51Mv9L2ApC9eG1tZ8cRwXvWqSjU3mBhT5yE6eF2dD4cCnRbAqZgXwVvUuYtRsPaOcB9a8g", "label": "True Positive"}, "actual": {"line_number": 20, "secret": "sk_live_51Mv9L2ApC9eG1tZ8cRwXvWq"}} +{"kind": "ground_truth", "id": 28, "match_type": "partial", "expected": {"line_number": 61, "secret": "dckr_pat_f9JkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy", "label": "True Positive"}, "actual": {"line_number": 17, "secret": "docker login -u mycorp_ci_bot -p dckr_pat_f9JkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy"}} +{"kind": "ground_truth", "id": 28, "match_type": "exact", "expected": {"line_number": 70, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 26, "secret": "https://hooks.slack.com/services/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"}} +{"kind": "ground_truth", "id": 28, "match_type": "exact", "expected": {"line_number": 90, "secret": "AKIAV7S4M3N2O1P6Q5R8", "label": "True Positive"}, "actual": {"line_number": 3, "secret": "AKIAV7S4M3N2O1P6Q5R8"}} +{"kind": "ground_truth", "id": 28, "match_type": "exact", "expected": {"line_number": 91, "secret": "uG+hJkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy", "label": "True Positive"}, "actual": {"line_number": 4, "secret": "uG+hJkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy"}} +{"kind": "ground_truth", "id": 28, "match_type": "exact", "expected": {"line_number": 214, "secret": "D#fG8*jK!lM2$n P5", "label": "True Positive"}, "actual": {"line_number": 14, "secret": "D#fG8*jK!lM2$n P5"}} +{"kind": "ground_truth", "id": 28, "match_type": "missed", "expected": {"line_number": 218, "secret": "key-c9a8b7d6e5f4a3b2c1d0e9f8a7b6c5d4", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 28, "match_type": "exact", "expected": {"line_number": 44, "secret": "https://b4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9@o1234567.ingest.sentry.io/8901234", "label": "True Positive"}, "actual": {"line_number": 12, "secret": "https://b4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9@o1234567.ingest.sentry.io/8901234"}} +{"kind": "ground_truth", "id": 28, "match_type": "exact", "expected": {"line_number": 57, "secret": "pk.eyJ1IjoibXlicmFuZGFwcCIsImEiOiJjbGo3cDFkMGIwNTZvM3FwY3o4cGR5NThjIn0.v9a8d7C6b5a4f3e2d1c0b9a8f7e6d5c4", "label": "True Positive"}, "actual": {"line_number": 25, "secret": "pk.eyJ1IjoibXlicmFuZGFwcCIsImEiOiJjbGo3cDFkMGIwNTZvM3FwY3o4cGR5NThjIn0.v9a8d7C6b5a4f3e2d1c0b9a8f7e6d5c4"}} +{"kind": "ground_truth", "id": 29, "match_type": "exact", "expected": {"line_number": 45, "secret": "AKIAU4V5M7W3XYZ6B2C4", "label": "True Positive"}, "actual": {"line_number": 13, "secret": "AKIAU4V5M7W3XYZ6B2C4"}} +{"kind": "ground_truth", "id": 29, "match_type": "exact", "expected": {"line_number": 46, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 14, "secret": "p8m/zGqK+JtL9rU3wY2xVvNcB7hF4jD1sK0oA6bC"}} +{"kind": "ground_truth", "id": 29, "match_type": "exact", "expected": {"line_number": 118, "secret": "dd-api-9871e4a2dff3b3e511d7392110427c3d", "label": "True Positive"}, "actual": {"line_number": 7, "secret": "dd-api-9871e4a2dff3b3e511d7392110427c3d"}} +{"kind": "ground_truth", "id": 29, "match_type": "exact", "expected": {"line_number": 102, "secret": "sk_live_51Mv9L2FqA8fG1tYpKrZxvWqSjU3mH8sD7gY5bN4c3pL1kM0oJ9iR", "label": "True Positive"}, "actual": {"line_number": 15, "secret": "sk_live_51Mv9L2FqA8fG1tYpKrZxvWqSjU3mH8sD7gY5bN4c3pL1kM0oJ9iR"}} +{"kind": "ground_truth", "id": 29, "match_type": "exact", "expected": {"line_number": 105, "secret": "postgres://billing_svc:aH7#kL$pQ2s!zX9@db-payments.us-east-1.rds.amazonaws.com:5432/payments_prod", "label": "True Positive"}, "actual": {"line_number": 18, "secret": "postgres://billing_svc:aH7#kL$pQ2s!zX9@db-payments.us-east-1.rds.amazonaws.com:5432/payments_prod"}} +{"kind": "ground_truth", "id": 29, "match_type": "exact", "expected": {"line_number": 19, "secret": "dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE", "label": "True Positive"}, "actual": {"line_number": 19, "secret": "dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE"}} +{"kind": "ground_truth", "id": 29, "match_type": "missed", "expected": {"line_number": 33, "secret": "|\n -----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAYEAulh6rT5hQh2w8e4q9l5z4i6f2r8b7e0d5n3x5q6z7w8b9c0d1e2f\n3g4h5j6k7l8m9n0b1c2d3e4f5g6h7i8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m\n8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v\n3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7\nz8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\nd5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h\n0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5\nm6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6_j7k8l9m0n1b2v3c4x5\n-----END OPENSSH PRIVATE KEY-----", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 29, "match_type": "exact", "expected": {"line_number": 11, "secret": "jdbc:postgresql://prod-db-replica.c9u3x4y5z6a7.us-west-2.rds.amazonaws.com:5432/analytics?user=report_user&password=7G$z#9*kL@qP!", "label": "True Positive"}, "actual": {"line_number": 11, "secret": "jdbc:postgresql://prod-db-replica.c9u3x4y5z6a7.us-west-2.rds.amazonaws.com:5432/analytics?user=report_user&password=7G$z#9*kL@qP!"}} +{"kind": "ground_truth", "id": 29, "match_type": "exact", "expected": {"line_number": 20, "secret": "SG.aV4gH9rT2pL7xJ5sK1mFw.bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mFw_bZ8oN6cW0qYdE", "label": "True Positive"}, "actual": {"line_number": 20, "secret": "SG.aV4gH9rT2pL7xJ5sK1mFw.bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mFw_bZ8oN6cW0qYdE"}} +{"kind": "ground_truth", "id": 30, "match_type": "partial", "expected": {"line_number": 86, "secret": "postgres://reports_svc:3^z&tK9@pL!v$rR@db-reporting.c4zqm9fp1v2a.eu-west-1.rds.amazonaws.com:5432/analytics_prod", "label": "True Positive"}, "actual": {"line_number": 9, "secret": "SQLALCHEMY_DATABASE_URI'] = 'postgres://reports_svc:3^z&tK9@pL!v$rR@db-reporting.c4zqm9fp1v2a.eu-west-1.rds.amazonaws.com:5432/analytics_prod"}} +{"kind": "ground_truth", "id": 30, "match_type": "missed", "expected": {"line_number": 90, "secret": "8f3d1e2a-6c5b-4a99-8d7c-3f9b1e4a2d7f", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 30, "match_type": "exact", "expected": {"line_number": 58, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 17, "secret": "AKIAY3R4WZ76X2P5QJ6M"}} +{"kind": "ground_truth", "id": 30, "match_type": "exact", "expected": {"line_number": 59, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 18, "secret": "pL8fG1tY9cRzXvWqSjU3mB2sL4hK7dF0aN5oP1zE"}} +{"kind": "ground_truth", "id": 30, "match_type": "exact", "expected": {"line_number": 134, "secret": "dckr_pat_7aF9c2eD-5bG8h-4J1k-m3N4o-p6Q7rS8tU9wX", "label": "True Positive"}, "actual": {"line_number": 20, "secret": "dckr_pat_7aF9c2eD-5bG8h-4J1k-m3N4o-p6Q7rS8tU9wX"}} +{"kind": "ground_truth", "id": 30, "match_type": "exact", "expected": {"line_number": 146, "secret": "https://hooks.slack.com/services/T01A2B3C4D5/B02E1F2G3H4/aBcDeFgHiJkLmNoPqRsTuVwX", "label": "True Positive"}, "actual": {"line_number": 32, "secret": "https://hooks.slack.com/services/T01A2B3C4D5/B02E1F2G3H4/aBcDeFgHiJkLmNoPqRsTuVwX"}} +{"kind": "ground_truth", "id": 30, "match_type": "partial", "expected": {"line_number": 151, "secret": "https://hooks.slack.com/services/T01A2B3C4D5/B02E1F2G3H4/aBcDeFgHiJkLmNoPqRsTuVwX", "label": "True Positive"}, "actual": {"line_number": 37, "secret": "Content-type: application/json' --data '{\"text\":\"URGENT: Frontend deployment failed!\"}"}} +{"kind": "ground_truth", "id": 30, "match_type": "exact", "expected": {"line_number": 236, "secret": "pk.eyJ1IjoiYm9iYnljb2RlcjkzIiwiYSI6ImNrdjR4cDFnMWhwMzAydnFwZXE1cHp2N3EifQ.mG5Jc4u_A5QfDtCg9C0C3A", "label": "True Positive"}, "actual": {"line_number": 6, "secret": "pk.eyJ1IjoiYm9iYnljb2RlcjkzIiwiYSI6ImNrdjR4cDFnMWhwMzAydnFwZXE1cHp2N3EifQ.mG5Jc4u_A5QfDtCg9C0C3A"}} +{"kind": "ground_truth", "id": 30, "match_type": "exact", "expected": {"line_number": 241, "secret": "https://3a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d@o1234567.ingest.sentry.io/9876543", "label": "True Positive"}, "actual": {"line_number": 11, "secret": "https://3a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d@o1234567.ingest.sentry.io/9876543"}} +{"kind": "ground_truth", "id": 30, "match_type": "exact", "expected": {"line_number": 16, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 16, "secret": "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"}} +{"kind": "ground_truth", "id": 30, "match_type": "exact", "expected": {"line_number": 23, "secret": "f1tY9cRzXvWqSjU3mB2sL4hK7dE0a#Z@p^K", "label": "True Positive"}, "actual": {"line_number": 23, "secret": "f1tY9cRzXvWqSjU3mB2sL4hK7dE0a#Z@p^K"}} +{"kind": "ground_truth", "id": 31, "match_type": "exact", "expected": {"line_number": 92, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 5, "secret": "AKIAY3R4WZ76X2P5QJ6M"}} +{"kind": "ground_truth", "id": 31, "match_type": "exact", "expected": {"line_number": 93, "secret": "kG7hF9jD2sL4mP6qR8tV0wX3zY5bA7cE9fI1kN", "label": "True Positive"}, "actual": {"line_number": 6, "secret": "kG7hF9jD2sL4mP6qR8tV0wX3zY5bA7cE9fI1kN"}} +{"kind": "ground_truth", "id": 31, "match_type": "exact", "expected": {"line_number": 53, "secret": "AKIAW6QXOJ2ZL5TG7FAP", "label": "True Positive"}, "actual": {"line_number": 13, "secret": "AKIAW6QXOJ2ZL5TG7FAP"}} +{"kind": "ground_truth", "id": 31, "match_type": "exact", "expected": {"line_number": 54, "secret": "fG9zL2tJ4mH6cR8vB1xS5oE3dY7uW0qA9pI8nZ", "label": "True Positive"}, "actual": {"line_number": 14, "secret": "fG9zL2tJ4mH6cR8vB1xS5oE3dY7uW0qA9pI8nZ"}} +{"kind": "ground_truth", "id": 31, "match_type": "exact", "expected": {"line_number": 74, "secret": "ae3267d64b63e8a9c2a689b0d64f0b09", "label": "True Positive"}, "actual": {"line_number": 34, "secret": "ae3267d64b63e8a9c2a689b0d64f0b09"}} +{"kind": "ground_truth", "id": 31, "match_type": "exact", "expected": {"line_number": 123, "secret": "pk.eyJ1IjoibWFwYWRtaW4iLCJhIjoiY2t1b2Q4c3M2MWY4aTJ2bnZkaXA2b2YzeSJ9.wG8fQzR6v4kXpL7yC9jTqA", "label": "True Positive"}, "actual": {"line_number": 9, "secret": "pk.eyJ1IjoibWFwYWRtaW4iLCJhIjoiY2t1b2Q4c3M2MWY4aTJ2bnZkaXA2b2YzeSJ9.wG8fQzR6v4kXpL7yC9jTqA"}} +{"kind": "ground_truth", "id": 31, "match_type": "exact", "expected": {"line_number": 127, "secret": "https://a9f3b8e7d6c54a108f9b9c0e2d1a3c7f@o112233.ingest.sentry.io/45056789012345", "label": "True Positive"}, "actual": {"line_number": 13, "secret": "https://a9f3b8e7d6c54a108f9b9c0e2d1a3c7f@o112233.ingest.sentry.io/45056789012345"}} +{"kind": "ground_truth", "id": 31, "match_type": "exact", "expected": {"line_number": 43, "secret": "dckr_pat_yNv7sW3zT6jK8hL2mP5gF0xU4qR9cE1aB", "label": "True Positive"}, "actual": {"line_number": 19, "secret": "dckr_pat_yNv7sW3zT6jK8hL2mP5gF0xU4qR9cE1aB"}} +{"kind": "ground_truth", "id": 31, "match_type": "partial", "expected": {"line_number": 59, "secret": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAYEAy1A8G8yY2Q0bY8R2fN3eD6rN5bV5oY6zV9nB9zC8rV2aW9nS6qWj\nY9mF7bM3cM9yV1wR6tY3fO2uP8tJ5gY4oZ1jI9pU7fH4xK9pD8oW7yL6kC4hB3sF2xW1zS9\npG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9pG+eR5sD0vM6sN1cK8v\nI4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9pG+eR5sD0vM6sN1cK8vY5htrZ6wF4xK9pD8oW7\nyL6kC4hB3sF2xW1zS9pG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9\npG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wQ2xV1sS9pG+eRb3rAwAAAAtkZXB\nsb3lAYXBwLXNlcnZlcgE=\n-----END OPENSSH PRIVATE KEY-----", "label": "True Positive"}, "actual": {"line_number": 35, "secret": "BEGIN OPENSSH PRIVATE KEY"}} +{"kind": "ground_truth", "id": 31, "match_type": "partial", "expected": {"line_number": 20, "secret": "sk_live_51Kx0L2BzT8gG1uY9cFzXvWqSjU3mB2hA4fD6eG8iJ1kM3nO5pR7sT9uV", "label": "True Positive"}, "actual": {"line_number": 20, "secret": "sk_live_51Kx0L2BzT8gG1uY9cFzXvWq"}} +{"kind": "ground_truth", "id": 31, "match_type": "exact", "expected": {"line_number": 23, "secret": "ACf4b2e1c9d8a7f6e5d4c3b2a1a0987654", "label": "True Positive"}, "actual": {"line_number": 23, "secret": "ACf4b2e1c9d8a7f6e5d4c3b2a1a0987654"}} +{"kind": "ground_truth", "id": 31, "match_type": "missed", "expected": {"line_number": 6, "secret": "Pg#sEcRet!P@sS_9fXz8$t", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 31, "match_type": "missed", "expected": {"line_number": 24, "secret": "a4b3c2d1e0f9a8b7c6d5e4f3a2b1c0d9", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 32, "match_type": "partial", "expected": {"line_number": 97, "secret": "sk_live_51Mv9L2KpF7hG3tZ9cRzXvWqSjU3mB2nFk5vL6xJ7iO1pE9yC", "label": "True Positive"}, "actual": {"line_number": 10, "secret": "sk_live_51Mv9L2KpF7hG3tZ9cRzXvWq"}} +{"kind": "ground_truth", "id": 32, "match_type": "exact", "expected": {"line_number": 98, "secret": "postgres://billing_svc_user:AgH3#kL$pQ2s!bV9@db-payments-prod.c8x4z1b2q3r.us-east-1.rds.amazonaws.com:5432/payments_db", "label": "True Positive"}, "actual": {"line_number": 11, "secret": "postgres://billing_svc_user:AgH3#kL$pQ2s!bV9@db-payments-prod.c8x4z1b2q3r.us-east-1.rds.amazonaws.com:5432/payments_db"}} +{"kind": "ground_truth", "id": 32, "match_type": "exact", "expected": {"line_number": 34, "secret": "AKIA4Z7P6TQ5RVN3MUEW", "label": "True Positive"}, "actual": {"line_number": 20, "secret": "AKIA4Z7P6TQ5RVN3MUEW"}} +{"kind": "ground_truth", "id": 32, "match_type": "missed", "expected": {"line_number": 35, "secret": "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", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 32, "match_type": "exact", "expected": {"line_number": 39, "secret": "https://b4d29ca2b98e4a9e8b7c0f1e8e2b8f75@o450550.ingest.sentry.io/4505501234567890", "label": "True Positive"}, "actual": {"line_number": 11, "secret": "https://b4d29ca2b98e4a9e8b7c0f1e8e2b8f75@o450550.ingest.sentry.io/4505501234567890"}} +{"kind": "ground_truth", "id": 32, "match_type": "exact", "expected": {"line_number": 127, "secret": "d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9", "label": "True Positive"}, "actual": {"line_number": 16, "secret": "d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9"}} +{"kind": "ground_truth", "id": 32, "match_type": "exact", "expected": {"line_number": 130, "secret": "p$qR5tU6vW7x!z#A", "label": "True Positive"}, "actual": {"line_number": 19, "secret": "p$qR5tU6vW7x!z#A"}} +{"kind": "ground_truth", "id": 32, "match_type": "exact", "expected": {"line_number": 16, "secret": "Gv6mU_c7p-q9sR2wX4yZ0aB1dE3fG5hI7jK9lM8n", "label": "True Positive"}, "actual": {"line_number": 16, "secret": "Gv6mU_c7p-q9sR2wX4yZ0aB1dE3fG5hI7jK9lM8n"}} +{"kind": "ground_truth", "id": 33, "match_type": "exact", "expected": {"line_number": 97, "secret": "ACd4f8b0e7c6a5e4d3f2c1b0a9e8d7c6b5", "label": "True Positive"}, "actual": {"line_number": 10, "secret": "ACd4f8b0e7c6a5e4d3f2c1b0a9e8d7c6b5"}} +{"kind": "ground_truth", "id": 33, "match_type": "exact", "expected": {"line_number": 98, "secret": "5a9f3e1b7d5c8e2a1b9f4d6c7e8b9a0c", "label": "True Positive"}, "actual": {"line_number": 11, "secret": "5a9f3e1b7d5c8e2a1b9f4d6c7e8b9a0c"}} +{"kind": "ground_truth", "id": 33, "match_type": "exact", "expected": {"line_number": 99, "secret": "postgres://notifications_svc:3rD#kS8@pGqW7!z@pg-prod-cluster-1.rds.amazonaws.com:5432/notificationsdb", "label": "True Positive"}, "actual": {"line_number": 12, "secret": "postgres://notifications_svc:3rD#kS8@pGqW7!z@pg-prod-cluster-1.rds.amazonaws.com:5432/notificationsdb"}} +{"kind": "ground_truth", "id": 33, "match_type": "exact", "expected": {"line_number": 28, "secret": "AKIAUZY47P56V3IWQEXN", "label": "True Positive"}, "actual": {"line_number": 14, "secret": "AKIAUZY47P56V3IWQEXN"}} +{"kind": "ground_truth", "id": 33, "match_type": "exact", "expected": {"line_number": 29, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 15, "secret": "pL8vGkZuJ4mR9sB7dF1aH6cE5kL0xV+yW9iO3nQz"}} +{"kind": "ground_truth", "id": 33, "match_type": "exact", "expected": {"line_number": 117, "secret": "pk.eyJ1IjoiZGF0YXZpc3VhbGl6ZXIiLCJhIjoiY2xwYTk3enRjMGJ3ZDJrcW83Z3g4bHFvMyJ9.XFp9o_k9Y0jZ7lEtUa8wWg", "label": "True Positive"}, "actual": {"line_number": 6, "secret": "pk.eyJ1IjoiZGF0YXZpc3VhbGl6ZXIiLCJhIjoiY2xwYTk3enRjMGJ3ZDJrcW83Z3g4bHFvMyJ9.XFp9o_k9Y0jZ7lEtUa8wWg"}} +{"kind": "ground_truth", "id": 33, "match_type": "exact", "expected": {"line_number": 128, "secret": "https://3a1b5c4d6e8f7g9a0b1c2d3e4f5a6b7c@o123456.ingest.sentry.io/7890123", "label": "True Positive"}, "actual": {"line_number": 17, "secret": "https://3a1b5c4d6e8f7g9a0b1c2d3e4f5a6b7c@o123456.ingest.sentry.io/7890123"}} +{"kind": "ground_truth", "id": 33, "match_type": "missed", "expected": {"line_number": 39, "secret": "dckr_pat_aJkLpM5oN8qH7wG4sF2dR1tY9cZ", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 33, "match_type": "missed", "expected": {"line_number": 53, "secret": "|\n -----BEGIN OPENSSH PRIVATE KEY-----\n b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\n NhAAAAAwEAAQAAAYEAuc/d5v6hT+dOK4aCZyGevp5A+vM2M1m7/s3qH8nC8L5a7G9b0P2t\n Y6rW1dG7w8Z5Z0u3e6V7h9F8j4k2aG6b8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u7\n v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c9d0\n e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u7v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0k1l2m\n 3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u\n 7v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c\n 9d0e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u7v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0\n k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3\n -----END OPENSSH PRIVATE KEY-----", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 33, "match_type": "exact", "expected": {"line_number": 7, "secret": "jdbc:mysql://prod-db-master.cw7fkl2g3h9e.us-west-2.rds.amazonaws.com:3306/webappdb?autoReconnect=true&useSSL=false", "label": "True Positive"}, "actual": {"line_number": 7, "secret": "jdbc:mysql://prod-db-master.cw7fkl2g3h9e.us-west-2.rds.amazonaws.com:3306/webappdb?autoReconnect=true&useSSL=false"}} +{"kind": "ground_truth", "id": 33, "match_type": "exact", "expected": {"line_number": 9, "secret": "dJ^8g$Pq5#sT@9!rW&zK", "label": "True Positive"}, "actual": {"line_number": 9, "secret": "dJ^8g$Pq5#sT@9!rW&zK"}} +{"kind": "ground_truth", "id": 33, "match_type": "exact", "expected": {"line_number": 19, "secret": "fG4hJ7kL9mN2pQ5rS8uVzX3zA6bC9dE1", "label": "True Positive"}, "actual": {"line_number": 19, "secret": "fG4hJ7kL9mN2pQ5rS8uVzX3zA6bC9dE1"}} +{"kind": "ground_truth", "id": 33, "match_type": "exact", "expected": {"line_number": 26, "secret": "SG.kE9yT8RzQ5aW7oP3iL1uVw.bF6gH2sC4jK8mN5pS9uX1yZ3_vE7wA8qD0rO", "label": "True Positive"}, "actual": {"line_number": 26, "secret": "SG.kE9yT8RzQ5aW7oP3iL1uVw.bF6gH2sC4jK8mN5pS9uX1yZ3_vE7wA8qD0rO"}} +{"kind": "ground_truth", "id": 34, "match_type": "exact", "expected": {"line_number": 86, "secret": "https://8f3a3a9a2c1b4e3e8f9a9a3b1a2c3d4e@o123456.ingest.sentry.io/789012", "label": "True Positive"}, "actual": {"line_number": 9, "secret": "https://8f3a3a9a2c1b4e3e8f9a9a3b1a2c3d4e@o123456.ingest.sentry.io/789012"}} +{"kind": "ground_truth", "id": 34, "match_type": "exact", "expected": {"line_number": 94, "secret": "postgres://reports_user:F#9kL$pQ2s!jW@db-reports.prod.internal:5432/reporting_main", "label": "True Positive"}, "actual": {"line_number": 17, "secret": "postgres://reports_user:F#9kL$pQ2s!jW@db-reports.prod.internal:5432/reporting_main"}} +{"kind": "ground_truth", "id": 34, "match_type": "exact", "expected": {"line_number": 58, "secret": "AKIA4WM7G3QZL5PJU7YF", "label": "True Positive"}, "actual": {"line_number": 17, "secret": "AKIA4WM7G3QZL5PJU7YF"}} +{"kind": "ground_truth", "id": 34, "match_type": "partial", "expected": {"line_number": 77, "secret": "https://hooks.slack.com/services/T00ABCD1EFG/B00HIJK5LMN/aBcDeFgHiJkLmNoPqRsTuVwXyZ", "label": "True Positive"}, "actual": {"line_number": 36, "secret": "Content-type: application/json' --data '{\"text\":\"Staging deployment successful!\"}"}} +{"kind": "ground_truth", "id": 34, "match_type": "missed", "expected": {"line_number": 59, "secret": "s3K9jLp7XqR4sVwYyB1zD3fG5hJ8kM0nO2pQ4rS7", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 34, "match_type": "partial", "expected": {"line_number": 29, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7nD5oP6tF4gH3iJ2kL1mN0oPqRsTuVwWzXyZ", "label": "True Positive"}, "actual": {"line_number": 19, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWq"}} +{"kind": "ground_truth", "id": 34, "match_type": "partial", "expected": {"line_number": 125, "secret": "-----BEGIN PRIVATE KEY-----\\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6lRjV7pX+Z8bAdhQ6Y8y1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkKlMnOpQrStUvWxYzAbCdEfgH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEf1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK2qj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK/wEAAQKCAQEAy1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEf1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK2qj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkKf7g8h9iAjJkK2qj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK/wEAAoIBAQC6lRjV7pX+Z8bAdhQ6Y8y1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEf1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK2qj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK/w==\\n-----END PRIVATE KEY-----", "label": "True Positive"}, "actual": {"line_number": 11, "secret": "BEGIN PRIVATE KEY"}} +{"kind": "ground_truth", "id": 34, "match_type": "exact", "expected": {"line_number": 209, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlQGFwaS5jb20iLCJhdWQiOiJtb2JpbGUiLCJleHAiOjE3MzU2ODk2MDB9.i8XyC2FpHj9nK5VzJ7wR8bO4L6eG0pN9sT1vA3D2ZqY", "label": "True Positive"}, "actual": {"line_number": 9, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlQGFwaS5jb20iLCJhdWQiOiJtb2JpbGUiLCJleHAiOjE3MzU2ODk2MDB9.i8XyC2FpHj9nK5VzJ7wR8bO4L6eG0pN9sT1vA3D2ZqY"}} +{"kind": "ground_truth", "id": 34, "match_type": "partial", "expected": {"line_number": 217, "secret": "prod_a1b2c3d4e5f678901234567890abcdef12", "label": "True Positive"}, "actual": {"line_number": 17, "secret": "X-API-KEY': 'prod_a1b2c3d4e5f678901234567890abcdef12"}} +{"kind": "ground_truth", "id": 34, "match_type": "missed", "expected": {"line_number": 234, "secret": "prod_a1b2c3d4e5f678901234567890abcdef12", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 35, "match_type": "partial", "expected": {"line_number": 105, "secret": "postgresql://warehouse_svc:vF9@p#Z&rT7s!q@db-prod-@eu-west-1.rds.amazonaws.com:5432/analytics_data_prod", "label": "True Positive"}, "actual": {"line_number": 18, "secret": "vF9"}} +{"kind": "ground_truth", "id": 35, "match_type": "partial", "expected": {"line_number": 113, "secret": "sk_live_51Kk0L2ApB8fG1tY9lEwJbNc5ZgHqR6vY7kO4sT3uF1gA2iXvMn9cRzXvWqSjU3mB", "label": "True Positive"}, "actual": {"line_number": 26, "secret": "sk_live_51Kk0L2ApB8fG1tY9lEwJbNc"}} +{"kind": "ground_truth", "id": 35, "match_type": "partial", "expected": {"line_number": 50, "secret": "{\"type\": \"service_account\",\"project_id\": \"zeta-project-345\",\"private_key_id\": \"a9c12b4f67890123d4e5f6a7b8c9d0e1f2a3b4c5\",\"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANb9g2cO5oXQfIuI\\nE5s6f8tG7b7c2bF1e5D6bY8g9f7c1m4d...\\n-----END PRIVATE KEY-----\\n\",\"client_email\": \"terraform-runner@zeta-project-345.iam.gserviceaccount.com\",\"client_id\": \"112233445566778899001\",\"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\"token_uri\": \"https://oauth2.googleapis.com/token\",\"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/terraform-runner%40zeta-project-345.iam.gserviceaccount.com\"}", "label": "True Positive"}, "actual": {"line_number": 18, "secret": "BEGIN PRIVATE KEY"}} +{"kind": "ground_truth", "id": 35, "match_type": "exact", "expected": {"line_number": 129, "secret": "mongodb+srv://admin_orders:zR8gP2$LqW#k@prod-cluster-0.a1b2c.mongodb.net/ecom_orders?retryWrites=true&w=majority", "label": "True Positive"}, "actual": {"line_number": 16, "secret": "mongodb+srv://admin_orders:zR8gP2$LqW#k@prod-cluster-0.a1b2c.mongodb.net/ecom_orders?retryWrites=true&w=majority"}} +{"kind": "ground_truth", "id": 35, "match_type": "exact", "expected": {"line_number": 141, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLXNlcnZpY2UiLCJzdWIiOiJzZXJ2aWNlLWFjY291bnQtb3JkZXJzIiwiaWF0IjoxNjE2MjM5MDIyLCJleHAiOjE3NzE5MjcwMDAsImF1ZCI6ImludGVybmFsLWFwaSJ9.fU4fL8yH3aQOoCxJ6V_kFpWkSgRzVjZ_qB9pWjDxYlA", "label": "True Positive"}, "actual": {"line_number": 28, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLXNlcnZpY2UiLCJzdWIiOiJzZXJ2aWNlLWFjY291bnQtb3JkZXJzIiwiaWF0IjoxNjE2MjM5MDIyLCJleHAiOjE3NzE5MjcwMDAsImF1ZCI6ImludGVybmFsLWFwaSJ9.fU4fL8yH3aQOoCxJ6V_kFpWkSgRzVjZ_qB9pWjDxYlA"}} +{"kind": "ground_truth", "id": 35, "match_type": "partial", "expected": {"line_number": 75, "secret": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAYEA1H5s2b9r8fH8P2Z7g3d4s5v7t8w9A6B2C4E6fGgHhJkL1M3N5... \n...base64 encoded private key data... \nG3hJkL1M3N5n9p0q2r4s6t8v9w0x2y3z5A7B9C1D3F5H7J9L1N3P5R7T9V1X3Z5B7D9F1H\n-----END OPENSSH PRIVATE KEY-----", "label": "True Positive"}, "actual": {"line_number": 31, "secret": "BEGIN OPENSSH PRIVATE KEY"}} +{"kind": "ground_truth", "id": 35, "match_type": "partial", "expected": {"line_number": 90, "secret": "https://hooks.slack.com/services/T00ABCDEF/B00GHIJKL/mN7pQ8rS6tU5vW4xY3z2A1B0", "label": "True Positive"}, "actual": {"line_number": 46, "secret": "Content-type: application/json' --data '{\"text\":\"Staging deployment succeeded!\"}"}} +{"kind": "ground_truth", "id": 35, "match_type": "exact", "expected": {"line_number": 214, "secret": "Server=tcp:user-db-server.database.windows.net,1433;Initial Catalog=UserProfiles;Persist Security Info=False;User ID=db_admin_svc;Password={9aB!cDeFgH2iJkLmN};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;", "label": "True Positive"}, "actual": {"line_number": 14, "secret": "Server=tcp:user-db-server.database.windows.net,1433;Initial Catalog=UserProfiles;Persist Security Info=False;User ID=db_admin_svc;Password={9aB!cDeFgH2iJkLmN};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;"}} +{"kind": "ground_truth", "id": 35, "match_type": "exact", "expected": {"line_number": 238, "secret": "a4b1c8d7e2f5g3h9i0j6k4l2m1n0o7p3", "label": "True Positive"}, "actual": {"line_number": 38, "secret": "a4b1c8d7e2f5g3h9i0j6k4l2m1n0o7p3"}} +{"kind": "ground_truth", "id": 36, "match_type": "exact", "expected": {"line_number": 97, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 10, "secret": "AKIAY3R4WZ76X2P5QJ6M"}} +{"kind": "ground_truth", "id": 36, "match_type": "exact", "expected": {"line_number": 98, "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "label": "True Positive"}, "actual": {"line_number": 11, "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"}} +{"kind": "ground_truth", "id": 36, "match_type": "exact", "expected": {"line_number": 53, "secret": "atJztmoFXGQz5k.atlasv1.gJvF8sRgDWf24zW2bF6Y8cK9tV1pL5qN7hB3xZ0mA4uC7iO6eP1sR2tG0sY3bI1aE2w", "label": "True Positive"}, "actual": {"line_number": 12, "secret": "atJztmoFXGQz5k.atlasv1.gJvF8sRgDWf24zW2bF6Y8cK9tV1pL5qN7hB3xZ0mA4uC7iO6eP1sR2tG0sY3bI1aE2w"}} +{"kind": "ground_truth", "id": 36, "match_type": "exact", "expected": {"line_number": 33, "secret": "dckr_pat_1VzJ8h_L9KqR7sW3tX5yGZbN0c", "label": "True Positive"}, "actual": {"line_number": 19, "secret": "dckr_pat_1VzJ8h_L9KqR7sW3tX5yGZbN0c"}} +{"kind": "ground_truth", "id": 36, "match_type": "exact", "expected": {"line_number": 44, "secret": "sqp_8d4e9c3e2f5b1a0a3b8c6d7e5f0a2b3c4d5e6f7a", "label": "True Positive"}, "actual": {"line_number": 30, "secret": "sqp_8d4e9c3e2f5b1a0a3b8c6d7e5f0a2b3c4d5e6f7a"}} +{"kind": "ground_truth", "id": 36, "match_type": "missed", "expected": {"line_number": 32, "secret": "autobuilder-acme", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 36, "match_type": "exact", "expected": {"line_number": 27, "secret": "https://a4d9aa8c6e3b4a2ab9b8b3b8c3d9aa3c@o123456.ingest.sentry.io/789012", "label": "True Positive"}, "actual": {"line_number": 7, "secret": "https://a4d9aa8c6e3b4a2ab9b8b3b8c3d9aa3c@o123456.ingest.sentry.io/789012"}} +{"kind": "ground_truth", "id": 36, "match_type": "exact", "expected": {"line_number": 31, "secret": "pk.eyJ1IjoibXl1c2VybmFtZTEyMyIsImEiOiJjazg3ZzA2ZWgwYXQyM21wZHRpZTI1a2QzIn0.nB9m_gZ2vXl0qY5uP3r7Ww", "label": "True Positive"}, "actual": {"line_number": 11, "secret": "pk.eyJ1IjoibXl1c2VybmFtZTEyMyIsImEiOiJjazg3ZzA2ZWgwYXQyM21wZHRpZTI1a2QzIn0.nB9m_gZ2vXl0qY5uP3r7Ww"}} +{"kind": "ground_truth", "id": 36, "match_type": "exact", "expected": {"line_number": 124, "secret": "postgres://prod_svc_user:Ag^9!z$K4mPQ@db-prod-cluster-1.c8xyzqrstuvw.us-west-2.rds.amazonaws.com:5432/orders_db", "label": "True Positive"}, "actual": {"line_number": 13, "secret": "postgres://prod_svc_user:Ag^9!z$K4mPQ@db-prod-cluster-1.c8xyzqrstuvw.us-west-2.rds.amazonaws.com:5432/orders_db"}} +{"kind": "ground_truth", "id": 37, "match_type": "exact", "expected": {"line_number": 121, "secret": "AKIAU4T5KR53QUZ6R3P7", "label": "True Positive"}, "actual": {"line_number": 7, "secret": "AKIAU4T5KR53QUZ6R3P7"}} +{"kind": "ground_truth", "id": 37, "match_type": "partial", "expected": {"line_number": 122, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 8, "secret": "aws_secret_access_key': '0jM/pG+fT2rV8sL4kH9aC1wX7yZ0bN5eQ3iU6dK+"}} +{"kind": "ground_truth", "id": 37, "match_type": "partial", "expected": {"line_number": 59, "secret": "glpat-sBv3yZ8xWq9kLpGfJ1cR", "label": "True Positive"}, "actual": {"line_number": 18, "secret": "glpat"}} +{"kind": "ground_truth", "id": 37, "match_type": "partial", "expected": {"line_number": 72, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRsYWIuY29tIiwic3ViIjoiZGVwbG95LXVzZXIiLCJhdWQiOiJkZXBsb3ltZW50LXNlcnZpY2UiLCJpYXQiOjE2NzI1MzEyMDAsImV4cCI6MTcwNDA2NzIwMH0.uLp-J7aBf8tYgPz3tQ9kRwN6eV0bV1zHhJ5aF4gC2sE", "label": "True Positive"}, "actual": {"line_number": 31, "secret": "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRsYWIuY29tIiwic3ViIjoiZGVwbG95LXVzZXIiLCJhdWQiOiJkZXBsb3ltZW50LXNlcnZpY2UiLCJpYXQiOjE2NzI1MzEyMDAsImV4cCI6MTcwNDA2NzIwMH0.uLp-J7aBf8tYgPz3tQ9kRwN6eV0bV1zHhJ5aF4gC2sE"}} +{"kind": "ground_truth", "id": 37, "match_type": "exact", "expected": {"line_number": 44, "secret": "postgres://analytics_svc:3#fG&pW9qJ@pg-reporting-cluster.eu-west-1.internal:5432/telemetry_data", "label": "True Positive"}, "actual": {"line_number": 17, "secret": "postgres://analytics_svc:3#fG&pW9qJ@pg-reporting-cluster.eu-west-1.internal:5432/telemetry_data"}} +{"kind": "ground_truth", "id": 37, "match_type": "exact", "expected": {"line_number": 104, "secret": "7f1e03c46a67285a8f8b9d0e1f2a3b4c", "label": "True Positive"}, "actual": {"line_number": 4, "secret": "7f1e03c46a67285a8f8b9d0e1f2a3b4c"}} +{"kind": "ground_truth", "id": 37, "match_type": "exact", "expected": {"line_number": 105, "secret": "98ac7f0e1d2c3b4a567f890e1d23b45a67c8d9e0", "label": "True Positive"}, "actual": {"line_number": 5, "secret": "98ac7f0e1d2c3b4a567f890e1d23b45a67c8d9e0"}} +{"kind": "ground_truth", "id": 37, "match_type": "exact", "expected": {"line_number": 75, "secret": "https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o123456.ingest.sentry.io/9876543", "label": "True Positive"}, "actual": {"line_number": 21, "secret": "https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o123456.ingest.sentry.io/9876543"}} +{"kind": "ground_truth", "id": 37, "match_type": "exact", "expected": {"line_number": 79, "secret": "AIzaSyD9ZvG8hJqKp2sL6wF4xR3tU_0mIoC5bE7", "label": "True Positive"}, "actual": {"line_number": 25, "secret": "AIzaSyD9ZvG8hJqKp2sL6wF4xR3tU_0mIoC5bE7"}} +{"kind": "ground_truth", "id": 38, "match_type": "exact", "expected": {"line_number": 100, "secret": "AKIA4Z7HFV563JLXPMQO", "label": "True Positive"}, "actual": {"line_number": 13, "secret": "AKIA4Z7HFV563JLXPMQO"}} +{"kind": "ground_truth", "id": 38, "match_type": "exact", "expected": {"line_number": 101, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 14, "secret": "JcKl8f/N+sWq0Yt3mZpXgBv7hR2dF9gU1aE5xH4i"}} +{"kind": "ground_truth", "id": 38, "match_type": "exact", "expected": {"line_number": 102, "secret": "FQoGZXIvYXdzEI///////////wEaDBpqrST2zPXCR+x5IirEA7cW9fB8E8jQkZ6I+9aC4sWxR7eK4uD6Z2mR/7vY5rWw8SzAoN0c9FgT", "label": "True Positive"}, "actual": {"line_number": 15, "secret": "FQoGZXIvYXdzEI///////////wEaDBpqrST2zPXCR+x5IirEA7cW9fB8E8jQkZ6I+9aC4sWxR7eK4uD6Z2mR/7vY5rWw8SzAoN0c9FgT"}} +{"kind": "ground_truth", "id": 38, "match_type": "exact", "expected": {"line_number": 47, "secret": "e9a8f7c6d5b4a392817f0e9d8c7b6a54", "label": "True Positive"}, "actual": {"line_number": 15, "secret": "e9a8f7c6d5b4a392817f0e9d8c7b6a54"}} +{"kind": "ground_truth", "id": 38, "match_type": "exact", "expected": {"line_number": 48, "secret": "8b1fec305a4d9b6e8a7f9d0c2e3b4a591e6f7d8c", "label": "True Positive"}, "actual": {"line_number": 16, "secret": "8b1fec305a4d9b6e8a7f9d0c2e3b4a591e6f7d8c"}} +{"kind": "ground_truth", "id": 38, "match_type": "exact", "expected": {"line_number": 30, "secret": "dckr_pat_gHj8LpQ2sWzK4vB7nC1xR9yT6fU3aE5d", "label": "True Positive"}, "actual": {"line_number": 23, "secret": "dckr_pat_gHj8LpQ2sWzK4vB7nC1xR9yT6fU3aE5d"}} +{"kind": "ground_truth", "id": 38, "match_type": "exact", "expected": {"line_number": 49, "secret": "sqp_9e8d7c6b5a4f3e2d1c0b9a8f7e6d5c4b3a2d1e0f", "label": "True Positive"}, "actual": {"line_number": 42, "secret": "sqp_9e8d7c6b5a4f3e2d1c0b9a8f7e6d5c4b3a2d1e0f"}} +{"kind": "ground_truth", "id": 38, "match_type": "missed", "expected": {"line_number": 29, "secret": "devops_deploy_bot", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 38, "match_type": "exact", "expected": {"line_number": 64, "secret": "pk.eyJ1IjoibWFwZGVzaWduZXI4OCIsImEiOiJjbHJwaGR3ajAwMWR4MmtwOGVncjl5dWNpIn0.eFTpL6vj-57Bq2nTOs2KjQ", "label": "True Positive"}, "actual": {"line_number": 7, "secret": "pk.eyJ1IjoibWFwZGVzaWduZXI4OCIsImEiOiJjbHJwaGR3ajAwMWR4MmtwOGVncjl5dWNpIn0.eFTpL6vj-57Bq2nTOs2KjQ"}} +{"kind": "ground_truth", "id": 38, "match_type": "exact", "expected": {"line_number": 32, "secret": "postgres://billing_svc_user:D4fG#kS$q9!zL@pg-prod-us-east-1.c8zqg7rf1vkm.rds.amazonaws.com:5432/billing_prod?sslmode=require", "label": "True Positive"}, "actual": {"line_number": 18, "secret": "postgres://billing_svc_user:D4fG#kS$q9!zL@pg-prod-us-east-1.c8zqg7rf1vkm.rds.amazonaws.com:5432/billing_prod?sslmode=require"}} +{"kind": "ground_truth", "id": 39, "match_type": "exact", "expected": {"line_number": 108, "secret": "postgres://api_usr:aB$9fG!wP4@db-prod.us-east-1.rds.amazonaws.com:5432/users_v2", "label": "True Positive"}, "actual": {"line_number": 21, "secret": "postgres://api_usr:aB$9fG!wP4@db-prod.us-east-1.rds.amazonaws.com:5432/users_v2"}} +{"kind": "ground_truth", "id": 39, "match_type": "exact", "expected": {"line_number": 110, "secret": "8k@zP!qR7sT&uV*xY$zE#A%D*G-J", "label": "True Positive"}, "actual": {"line_number": 23, "secret": "8k@zP!qR7sT&uV*xY$zE#A%D*G-J"}} +{"kind": "ground_truth", "id": 39, "match_type": "exact", "expected": {"line_number": 17, "secret": "AKIA4ZUXFGY736J2L5PQ", "label": "True Positive"}, "actual": {"line_number": 17, "secret": "AKIA4ZUXFGY736J2L5PQ"}} +{"kind": "ground_truth", "id": 39, "match_type": "exact", "expected": {"line_number": 33, "secret": "https://hooks.slack.com/services/T01B2C3D4E5/B6F7G8H9I0J/aBcDeFgHiJkLmNoPqRsTuVwX", "label": "True Positive"}, "actual": {"line_number": 33, "secret": "https://hooks.slack.com/services/T01B2C3D4E5/B6F7G8H9I0J/aBcDeFgHiJkLmNoPqRsTuVwX"}} +{"kind": "ground_truth", "id": 39, "match_type": "partial", "expected": {"line_number": 38, "secret": "https://hooks.slack.com/services/T01B2C3D4E5/B6F7G8H9I0J/aBcDeFgHiJkLmNoPqRsTuVwX", "label": "True Positive"}, "actual": {"line_number": 38, "secret": "Content-type: application/json' --data '{\"text\":\"Deployment failed! Check the logs.\"}"}} +{"kind": "ground_truth", "id": 39, "match_type": "missed", "expected": {"line_number": 18, "secret": "v9m8xLpQrSjW4uB7zK2fG1hJ6cE0gN3oY5aD9F3b", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 39, "match_type": "exact", "expected": {"line_number": 82, "secret": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io/789012", "label": "True Positive"}, "actual": {"line_number": 8, "secret": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io/789012"}} +{"kind": "ground_truth", "id": 39, "match_type": "exact", "expected": {"line_number": 94, "secret": "pk.eyJ1IjoibWFwZGV2ZWxvcGVyIiwiYSI6ImNrcTdrYjNkcjBmbnAyd3FtdTZyOHVlYjMifQ.X9iSgK3fRb7wzLpBnA8bCg", "label": "True Positive"}, "actual": {"line_number": 20, "secret": "pk.eyJ1IjoibWFwZGV2ZWxvcGVyIiwiYSI6ImNrcTdrYjNkcjBmbnAyd3FtdTZyOHVlYjMifQ.X9iSgK3fRb7wzLpBnA8bCg"}} +{"kind": "ground_truth", "id": 39, "match_type": "exact", "expected": {"line_number": 32, "secret": "aZ8~9_xYpQ-rS7tV.wJ6fGhK1jL3mN5oB4c2", "label": "True Positive"}, "actual": {"line_number": 23, "secret": "aZ8~9_xYpQ-rS7tV.wJ6fGhK1jL3mN5oB4c2"}} +{"kind": "ground_truth", "id": 39, "match_type": "exact", "expected": {"line_number": 21, "secret": "p@qR$tUvW*yZ!aB#cDe^fG7hJ2kL4mN6p", "label": "True Positive"}, "actual": {"line_number": 21, "secret": "p@qR$tUvW*yZ!aB#cDe^fG7hJ2kL4mN6p"}} +{"kind": "ground_truth", "id": 39, "match_type": "exact", "expected": {"line_number": 27, "secret": "SG.A1B2C3d4e5_f6g7h8i9j0.kL1mN2oP3qR4sT5uV6w-X7yZ8aB9cDe0fG1hI2jK3lM_4s", "label": "True Positive"}, "actual": {"line_number": 27, "secret": "SG.A1B2C3d4e5_f6g7h8i9j0.kL1mN2oP3qR4sT5uV6w-X7yZ8aB9cDe0fG1hI2jK3lM_4s"}} +{"kind": "ground_truth", "id": 40, "match_type": "partial", "expected": {"line_number": 87, "secret": "postgresql://payments_svc:a4J!zP0$fT7*bE9@db-prod.us-east-1.rds.amazonaws.com/payments_db", "label": "True Positive"}, "actual": {"line_number": 10, "secret": "SQLALCHEMY_DATABASE_URI'] = 'postgresql://payments_svc:a4J!zP0$fT7*bE9@db-prod.us-east-1.rds.amazonaws.com/payments_db"}} +{"kind": "ground_truth", "id": 40, "match_type": "partial", "expected": {"line_number": 89, "secret": "sk_live_51Mv3UqKxVp8pLoJ9tFmW2cXa1hN6bA7vF9yR0eZlP3cT8bSgK4uL5iV6jW7bA8eV9oI0pQ1rC2sD3tF4gH5jK6lM", "label": "True Positive"}, "actual": {"line_number": 12, "secret": "sk_live_51Mv3UqKxVp8pLoJ9tFmW2cX"}} +{"kind": "ground_truth", "id": 40, "match_type": "exact", "expected": {"line_number": 37, "secret": "AKIA4P5X3W7RYS6BZM9N", "label": "True Positive"}, "actual": {"line_number": 17, "secret": "AKIA4P5X3W7RYS6BZM9N"}} +{"kind": "ground_truth", "id": 40, "match_type": "exact", "expected": {"line_number": 38, "secret": "v9mB/LpKsR8wT7oF4gH2jA1sC3dE5fG6hI7kL8mP", "label": "True Positive"}, "actual": {"line_number": 18, "secret": "v9mB/LpKsR8wT7oF4gH2jA1sC3dE5fG6hI7kL8mP"}} +{"kind": "ground_truth", "id": 40, "match_type": "partial", "expected": {"line_number": 29, "secret": "AKCp8tRLUvD1s5bYvL9T3qR7vC4kM6wN2pX8zF0aE9gH1iJ3kL5mN7oB9sD1fG2hJ4kL6eV", "label": "True Positive"}, "actual": {"line_number": 12, "secret": "\"AKCp8tRLUvD1s5bYvL9T3qR7vC4kM6wN2pX8zF0aE9gH1iJ3kL5mN7oB9sD1fG2hJ4kL6eV\""}} +{"kind": "ground_truth", "id": 40, "match_type": "exact", "expected": {"line_number": 30, "secret": "5a0f8eb8c9d44c9b8e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d", "label": "True Positive"}, "actual": {"line_number": 13, "secret": "5a0f8eb8c9d44c9b8e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d"}} +{"kind": "ground_truth", "id": 40, "match_type": "partial", "expected": {"line_number": 39, "secret": "{\"type\":\"service_account\",\"project_id\":\"gcp-proj-staging-3456\",\"private_key_id\":\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6Kq2tU8N4vA3p\\n...fake content...\\nk9XpA2B4C5D6E7F8G9H0J2K3L4M5N6P7Q8R9T0U1V2W3X4Y5Z6A7B8C9D0E1F2G\\nH3I4J5K6L7M8N9P0Q1R2T3U4V5W6X7Y8Z9A0B1C2D3E4F5G6H7I8J9K0L1M2N3P4\\nQ5R6T7U8V9W0X1Y2Z3A4B5C6D7E8F9G0H1I2J3K4L5M6N7P8Q9R0T1U2V3W4X5Y6\\nZ7A8B9C0D1E2F3G4H5I6J7K8L9M0N1P2Q3R4T5U6V7W8X9Y0Z1A2B3C4D5E6F7G8\\nH9I0J1K2L3M4N5P6Q7R8T9U0V1W2X3Y4Z5A6B7C8D9E0F1G2H3I4J5K6L7M8N9P0\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"deploy-bot@gcp-proj-staging-3456.iam.gserviceaccount.com\",\"client_id\":\"123456789012345678901\",\"auth_uri\":\"...\",\"token_uri\":\"...\",\"auth_provider_x509_cert_url\":\"...\",\"client_x509_cert_url\":\"...\"}", "label": "True Positive"}, "actual": {"line_number": 22, "secret": "BEGIN PRIVATE KEY"}} +{"kind": "ground_truth", "id": 40, "match_type": "exact", "expected": {"line_number": 122, "secret": "https://b4a3c2d1e0f9a8b7c6d5e4f3a2b1c0d9@o450604.ingest.sentry.io/45060453321", "label": "True Positive"}, "actual": {"line_number": 8, "secret": "https://b4a3c2d1e0f9a8b7c6d5e4f3a2b1c0d9@o450604.ingest.sentry.io/45060453321"}} +{"kind": "ground_truth", "id": 40, "match_type": "exact", "expected": {"line_number": 123, "secret": "pk.eyJ1IjoiYmVuamFtaW5kZXYiLCJhIjoiY2xwOXA0bHUxMGZoeTJqcDkyMmh3ZDA0bCJ9.aK5fG4hT3jE2sC1dF8gH7i", "label": "True Positive"}, "actual": {"line_number": 9, "secret": "pk.eyJ1IjoiYmVuamFtaW5kZXYiLCJhIjoiY2xwOXA0bHUxMGZoeTJqcDkyMmh3ZDA0bCJ9.aK5fG4hT3jE2sC1dF8gH7i"}} +{"kind": "ground_truth", "id": 40, "match_type": "partial", "expected": {"line_number": 146, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlX2FjY291bnQiLCJzY29wZSI6WyJyZWFkIiwid3JpdGUiXSwiaWF0IjoxNjcxNTQwMjM5fQ.oF9gR1vW3cZ4xS8eP5kL7sB6tD0fA2uJ1cK8iL5dN9g", "label": "True Positive"}, "actual": {"line_number": 32, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlX2FjY291bnQiLCJzY29wZSI6WyJyZWFkIiwid3JpdGUiXSwiaWF0IjoxNjcxNTQwMjM5fQ."}} +{"kind": "ground_truth", "id": 40, "match_type": "exact", "expected": {"line_number": 20, "secret": "ACf1e2d3c4b5a6987e6d5c4b3a2f1e0d9c", "label": "True Positive"}, "actual": {"line_number": 20, "secret": "ACf1e2d3c4b5a6987e6d5c4b3a2f1e0d9c"}} +{"kind": "ground_truth", "id": 40, "match_type": "missed", "expected": {"line_number": 8, "secret": "gH7!kL#9sPqR$wXv2&yZ*bC", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 40, "match_type": "missed", "expected": {"line_number": 15, "secret": "mZ2$eR6^tY8*uI1!oP4@lK", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 40, "match_type": "missed", "expected": {"line_number": 21, "secret": "7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2d", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 41, "match_type": "partial", "expected": {"line_number": 121, "secret": "postgres://billing_svc_user:Ac8#k$!p9F@dBe3-db.prod.us-west-2.rds.amazonaws.com:5432/payments_db", "label": "True Positive"}, "actual": {"line_number": 10, "secret": "SQLALCHEMY_DATABASE_URI'] = 'postgres://billing_svc_user:Ac8#k$!p9F@dBe3-db.prod.us-west-2.rds.amazonaws.com:5432/payments_db"}} +{"kind": "ground_truth", "id": 41, "match_type": "partial", "expected": {"line_number": 126, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 15, "secret": "sk_live_51Kk0L2ApB8fG1tY9j5mC3wZ"}} +{"kind": "ground_truth", "id": 41, "match_type": "exact", "expected": {"line_number": 46, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 6, "secret": "AKIAY3R4WZ76X2P5QJ6M"}} +{"kind": "ground_truth", "id": 41, "match_type": "exact", "expected": {"line_number": 47, "secret": "pL8vGkZ9JmN7sR2wXqF1bT4uYcV3zH5iA0oK6eB", "label": "True Positive"}, "actual": {"line_number": 7, "secret": "pL8vGkZ9JmN7sR2wXqF1bT4uYcV3zH5iA0oK6eB"}} +{"kind": "ground_truth", "id": 41, "match_type": "partial", "expected": {"line_number": 42, "secret": "{\"type\":\"service_account\",\"project_id\":\"acme-corp-345213\",\"private_key_id\":\"a4f3b18d8b4c7c8e9f0a1b2c3d4e5f6a7b8c9d0e\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2sX2w...\\n-----END PRIVATE KEY-----\",\"client_email\":\"deploy-bot@acme-corp-345213.iam.gserviceaccount.com\",\"client_id\":\"109876543210987654321\",\"auth_uri\":\"https://accounts.google.com/o/oauth2/auth\",\"token_uri\":\"https://oauth2.googleapis.com/token\",\"auth_provider_x509_cert_url\":\"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\":\"https://www.googleapis.com/robot/v1/metadata/x509/deploy-bot%40acme-corp-345213.iam.gserviceaccount.com\"}", "label": "True Positive"}, "actual": {"line_number": 18, "secret": "BEGIN PRIVATE KEY"}} +{"kind": "ground_truth", "id": 41, "match_type": "exact", "expected": {"line_number": 59, "secret": "https://hooks.slack.com/services/T00ABCDEF/B00GHIJKL/kM3P5sR9tV1wX7Y2zN8oB4cD", "label": "True Positive"}, "actual": {"line_number": 35, "secret": "https://hooks.slack.com/services/T00ABCDEF/B00GHIJKL/kM3P5sR9tV1wX7Y2zN8oB4cD"}} +{"kind": "ground_truth", "id": 41, "match_type": "exact", "expected": {"line_number": 29, "secret": "AIzaSyBv4nE8tGfH3jK2L5mN7oP9qR1sT3uV5wX", "label": "True Positive"}, "actual": {"line_number": 15, "secret": "AIzaSyBv4nE8tGfH3jK2L5mN7oP9qR1sT3uV5wX"}} +{"kind": "ground_truth", "id": 41, "match_type": "exact", "expected": {"line_number": 42, "secret": "pk.eyJ1IjoibXljb29sYXBwIiwiYSI6ImNrcWV3Z3NqMDBjajAyd281cDNtZGNpb3oifQ.Vv1B2C3D4E5F6G7H8I9J0K", "label": "True Positive"}, "actual": {"line_number": 28, "secret": "pk.eyJ1IjoibXljb29sYXBwIiwiYSI6ImNrcWV3Z3NqMDBjajAyd281cDNtZGNpb3oifQ.Vv1B2C3D4E5F6G7H8I9J0K"}} +{"kind": "ground_truth", "id": 41, "match_type": "exact", "expected": {"line_number": 88, "secret": "ZThkNDFkYzAtNzA1Mi00YjU5LTg5Y2UtMjdhMTEyMzg1ZjM5NDY0Y2ZkYjMtYTEzNC00MWI4LWJmOTItZWY5YTJjNmE1N2Jl", "label": "True Positive"}, "actual": {"line_number": 11, "secret": "ZThkNDFkYzAtNzA1Mi00YjU5LTg5Y2UtMjdhMTEyMzg1ZjM5NDY0Y2ZkYjMtYTEzNC00MWI4LWJmOTItZWY5YTJjNmE1N2Jl"}} +{"kind": "ground_truth", "id": 41, "match_type": "exact", "expected": {"line_number": 98, "secret": "amqp://notif_worker:RpR8#bV^9sL@mq-cluster.internal:5672/vhost_prod", "label": "True Positive"}, "actual": {"line_number": 21, "secret": "amqp://notif_worker:RpR8#bV^9sL@mq-cluster.internal:5672/vhost_prod"}} +{"kind": "ground_truth", "id": 42, "match_type": "exact", "expected": {"line_number": 103, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 16, "secret": "AKIAY3R4WZ76X2P5QJ6M"}} +{"kind": "ground_truth", "id": 42, "match_type": "exact", "expected": {"line_number": 104, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 17, "secret": "zL8wNcU9oF7jK5dG1eH3bV2aR6tY0sP4iQ9xCmA1"}} +{"kind": "ground_truth", "id": 42, "match_type": "partial", "expected": {"line_number": 53, "secret": "ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7U", "label": "True Positive"}, "actual": {"line_number": 39, "secret": "Authorization: token ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7U"}} +{"kind": "ground_truth", "id": 42, "match_type": "missed", "expected": {"line_number": 36, "secret": "dckr_pat_bC9xTfG3pZjL2nK5hW1vR8sY0uI7", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 42, "match_type": "exact", "expected": {"line_number": 44, "secret": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", "label": "True Positive"}, "actual": {"line_number": 12, "secret": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6"}} +{"kind": "ground_truth", "id": 42, "match_type": "exact", "expected": {"line_number": 45, "secret": "x9y8z7w6v5u4t3s2r1q0p9o8n7m6l5k4j3i2h1g0", "label": "True Positive"}, "actual": {"line_number": 13, "secret": "x9y8z7w6v5u4t3s2r1q0p9o8n7m6l5k4j3i2h1g0"}} +{"kind": "ground_truth", "id": 42, "match_type": "exact", "expected": {"line_number": 223, "secret": "pk.eyJ1Ijoic2hpcHBpbmdkZXYiLCJhIjoiY2w5cGdpaHVwMDFjZDN2bzhsZ2N0cDZ6MyJ9.A5w3UQqT3rVdFzPqW2bVew", "label": "True Positive"}, "actual": {"line_number": 13, "secret": "pk.eyJ1Ijoic2hpcHBpbmdkZXYiLCJhIjoiY2w5cGdpaHVwMDFjZDN2bzhsZ2N0cDZ6MyJ9.A5w3UQqT3rVdFzPqW2bVew"}} +{"kind": "ground_truth", "id": 42, "match_type": "exact", "expected": {"line_number": 226, "secret": "https://a8d4d03c27e44a6f95e6f64b8c9d01b2@o450616.ingest.sentry.io/4506168886", "label": "True Positive"}, "actual": {"line_number": 16, "secret": "https://a8d4d03c27e44a6f95e6f64b8c9d01b2@o450616.ingest.sentry.io/4506168886"}} +{"kind": "ground_truth", "id": 42, "match_type": "partial", "expected": {"line_number": 22, "secret": "prod_api_L3hV7bN9kPjR2wZ4mQ8yS6xT5", "label": "True Positive"}, "actual": {"line_number": 22, "secret": "String', 'BACKEND_API_KEY', '\"prod_api_L3hV7bN9kPjR2wZ4mQ8yS6xT5\""}} +{"kind": "ground_truth", "id": 42, "match_type": "missed", "expected": {"line_number": 29, "secret": "St@bleB@tteryH0rseC0rrect", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 42, "match_type": "missed", "expected": {"line_number": 31, "secret": "C0rrectH0rseSt@bleB@ttery", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 43, "match_type": "partial", "expected": {"line_number": 121, "secret": "postgres://prod_user_rw:8!hG#kL$pQ2s@db-pg-prod-01.c3k4l5m6.us-east-1.rds.amazonaws.com:5432/main_app_db", "label": "True Positive"}, "actual": {"line_number": 10, "secret": "SQLALCHEMY_DATABASE_URI'] = 'postgres://prod_user_rw:8!hG#kL$pQ2s@db-pg-prod-01.c3k4l5m6.us-east-1.rds.amazonaws.com:5432/main_app_db"}} +{"kind": "ground_truth", "id": 43, "match_type": "exact", "expected": {"line_number": 132, "secret": "eYp3s6v9y$B&E)H@McQfTjWnZr4u7x!A", "label": "True Positive"}, "actual": {"line_number": 21, "secret": "eYp3s6v9y$B&E)H@McQfTjWnZr4u7x!A"}} +{"kind": "ground_truth", "id": 43, "match_type": "exact", "expected": {"line_number": 60, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 16, "secret": "AKIAY3R4WZ76X2P5QJ6M"}} +{"kind": "ground_truth", "id": 43, "match_type": "partial", "expected": {"line_number": 79, "secret": "https://hooks.slack.com/services/T024F4SJ2/B0C3E4D5F6/aBcDeFgHiJkLmNoPqRsTuVwX", "label": "True Positive"}, "actual": {"line_number": 35, "secret": "Content-type: application/json' --data '{\"text\":\"Deployment on staging completed.\"}"}} +{"kind": "ground_truth", "id": 43, "match_type": "missed", "expected": {"line_number": 61, "secret": "wJalrXUtnFEMI5K7MDENGbPxRfi2qZf6sZ2c4g5b", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 43, "match_type": "exact", "expected": {"line_number": 23, "secret": "B4kL9mN8oP1qR2sT3uV4wX5yZ6aB7c8D", "label": "True Positive"}, "actual": {"line_number": 3, "secret": "B4kL9mN8oP1qR2sT3uV4wX5yZ6aB7c8D"}} +{"kind": "ground_truth", "id": 43, "match_type": "exact", "expected": {"line_number": 47, "secret": "u+Hs9xL3vA7fY2zR5pQ8", "label": "True Positive"}, "actual": {"line_number": 27, "secret": "u+Hs9xL3vA7fY2zR5pQ8"}} +{"kind": "ground_truth", "id": 43, "match_type": "exact", "expected": {"line_number": 99, "secret": "AIzaSyB9X8c7V6D5E4F3G2H1I0jL9K8mN7pQoR", "label": "True Positive"}, "actual": {"line_number": 12, "secret": "AIzaSyB9X8c7V6D5E4F3G2H1I0jL9K8mN7pQoR"}} +{"kind": "ground_truth", "id": 43, "match_type": "exact", "expected": {"line_number": 108, "secret": "pk.eyJ1IjoiYXBwZGV2ZWxvcGVyIiwiYSI6ImNrdzVjNmRmMDBkbmoydm51cTY5ZzVlMncifQ.A1b2c3d4E5F6g7h8I9J0kL", "label": "True Positive"}, "actual": {"line_number": 21, "secret": "pk.eyJ1IjoiYXBwZGV2ZWxvcGVyIiwiYSI6ImNrdzVjNmRmMDBkbmoydm51cTY5ZzVlMncifQ.A1b2c3d4E5F6g7h8I9J0kL"}} +{"kind": "ground_truth", "id": 43, "match_type": "exact", "expected": {"line_number": 113, "secret": "sk-proj-rT8uV9wXyZ1aB2c3d4E5f6G7h8i9j0kL1m2N3o4P5q6R", "label": "True Positive"}, "actual": {"line_number": 26, "secret": "sk-proj-rT8uV9wXyZ1aB2c3d4E5f6G7h8i9j0kL1m2N3o4P5q6R"}} +{"kind": "ground_truth", "id": 43, "match_type": "partial", "expected": {"line_number": 22, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB4nF6gH7jK8lM9oP0qR1sT2uV3wX4yZ5aB6c", "label": "True Positive"}, "actual": {"line_number": 22, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWq"}} +{"kind": "ground_truth", "id": 43, "match_type": "missed", "expected": {"line_number": 9, "secret": "4hT7^kL#pQ$zW1*s", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 43, "match_type": "missed", "expected": {"line_number": 18, "secret": "bXlzdXBlcnNlY3JldGtleWZvcmF1dGgtc2VydmljZS1pcy1hdzsza29tZWx5LWxvbmc=", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 44, "match_type": "exact", "expected": {"line_number": 96, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 9, "secret": "AKIAY3R4WZ76X2P5QJ6M"}} +{"kind": "ground_truth", "id": 44, "match_type": "exact", "expected": {"line_number": 97, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 10, "secret": "pL8/Jk3b+mN5gH7vF2sK9dR1wZ0eC4yI/xQvA6sT"}} +{"kind": "ground_truth", "id": 44, "match_type": "exact", "expected": {"line_number": 60, "secret": "aL9~_fH8qY7.s-D3.wX2vR-zM4pE1bN9jK", "label": "True Positive"}, "actual": {"line_number": 20, "secret": "aL9~_fH8qY7.s-D3.wX2vR-zM4pE1bN9jK"}} +{"kind": "ground_truth", "id": 44, "match_type": "exact", "expected": {"line_number": 31, "secret": "4hG#kL$pQ2s!tV*wXyZ(aB-dE", "label": "True Positive"}, "actual": {"line_number": 11, "secret": "4hG#kL$pQ2s!tV*wXyZ(aB-dE"}} +{"kind": "ground_truth", "id": 44, "match_type": "exact", "expected": {"line_number": 38, "secret": "NjIzZGU5NTgtYWYzZC00YjM1LWE3MzktZWYzMDU3NTM1YmYxYzUyMWU1NzItODk0Yi00ODY0LWIzZjItYmYyYjVjYTAwZjY1", "label": "True Positive"}, "actual": {"line_number": 18, "secret": "NjIzZGU5NTgtYWYzZC00YjM1LWE3MzktZWYzMDU3NTM1YmYxYzUyMWU1NzItODk0Yi00ODY0LWIzZjItYmYyYjVjYTAwZjY1"}} +{"kind": "ground_truth", "id": 44, "match_type": "partial", "expected": {"line_number": 133, "secret": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAz/q/v2Oq5xGq2U3h5p9kY8t6v7v6p5L4f3n2s1E3n7o8w7u8\nr6p5w4w2a5r9t8y4u1i3o5p7a9s1d3f5g7h9k2l4m6n8q0w2e4r6t8y0u2i4o6\np8a0s2d4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q\n0w2e4r6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2\nd4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q0w2e4\nr6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2d4f6\ng8h0j2l4m6N8q0w2e4R6t8Y0u2i4o6A8c2v4b6N8m0P2q4w6e8R0t2y4I6o8p0A\ns2D4f6G8h0J2l4M6n8Q0w2E4r6T8y0U2i4O6p8A0S2d4F6g8H0k2L4m6n8Q0W2e\n4r6t8Y0u2I4o6p8a0S2d4f6G8h0j2L4m6n8q0W2e4r6t8Y0u2i4O6p8a0S2d4f6\nG8h0k2L4m6n8Q0W2E4r6T8y0u2I4O6p8a0s2d4f6G8h0j2L4m6N8Q0W2e4R6T8y\n0u2I4o6p8A0s2D4f6g8h0J2l4m6N8q0w2e4R6t8Y0U2i4o6p8A0s2d4F6g8h0j2\nL4m6n8Q0w2E4R6t8y0u2I4o6p8a0s2D4f6g8H0k2l4m6N8q0W2e4r6T8y0u2I4o\n6P8a0S2d4f6g8H0j2L4m6n8q0w2e4R6t8y0U2i4o6P8A0s2D4f6g8h0J2l4M6n8\nQ0W2e4R6t8Y0u2I4O6p8a0s2d4F6g8h0j2l4m6n8Q0w2E4r6t8Y0U2i4o6P8a0S\n-----END RSA PRIVATE KEY-----", "label": "True Positive"}, "actual": {"line_number": 22, "secret": "BEGIN RSA PRIVATE KEY"}} +{"kind": "ground_truth", "id": 44, "match_type": "exact", "expected": {"line_number": 47, "secret": "pk.eyJ1IjoibWFwZGV2ZWxvcGVyIiwiYSI6ImNrcGo1bXp6ODBzaHIydnBqcWhyZDRrajcifQ.vG8cW7fJ2w9eK5rN3pD8oA", "label": "True Positive"}, "actual": {"line_number": 15, "secret": "pk.eyJ1IjoibWFwZGV2ZWxvcGVyIiwiYSI6ImNrcGo1bXp6ODBzaHIydnBqcWhyZDRrajcifQ.vG8cW7fJ2w9eK5rN3pD8oA"}} +{"kind": "ground_truth", "id": 44, "match_type": "exact", "expected": {"line_number": 48, "secret": "https://a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4@o123456.ingest.sentry.io/7890123", "label": "True Positive"}, "actual": {"line_number": 16, "secret": "https://a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4@o123456.ingest.sentry.io/7890123"}} +{"kind": "ground_truth", "id": 45, "match_type": "partial", "expected": {"line_number": 20, "secret": "postgres://user_svc_acct:p9#zF!8k@L$sR_Wv@db-users.internal.corp:5432/users", "label": "True Positive"}, "actual": {"line_number": 11, "secret": "SQLALCHEMY_DATABASE_URI'] = 'postgres://user_svc_acct:p9#zF!8k@L$sR_Wv@db-users.internal.corp:5432/users"}} +{"kind": "ground_truth", "id": 45, "match_type": "exact", "expected": {"line_number": 22, "secret": "u$h3Jk!^nL*8g$Pz@qV5sR9b#Gf2M(wE", "label": "True Positive"}, "actual": {"line_number": 13, "secret": "u$h3Jk!^nL*8g$Pz@qV5sR9b#Gf2M(wE"}} +{"kind": "ground_truth", "id": 45, "match_type": "exact", "expected": {"line_number": 23, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 14, "secret": "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"}} +{"kind": "ground_truth", "id": 45, "match_type": "exact", "expected": {"line_number": 15, "secret": "AKIA4ZLWQY62N7S5V3OF", "label": "True Positive"}, "actual": {"line_number": 15, "secret": "AKIA4ZLWQY62N7S5V3OF"}} +{"kind": "ground_truth", "id": 45, "match_type": "missed", "expected": {"line_number": 16, "secret": "Wj3F8zK/x6dE+qT9pYhR/gL7mN4sV2cBb1aZ0xP", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 45, "match_type": "missed", "expected": {"line_number": 19, "secret": "dckr_pat_a4fH7Gj9kLpZ3xV6cWqY8tN2sR5bM0", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 45, "match_type": "exact", "expected": {"line_number": 5, "secret": "AKIAJM7GFQ36XW5YUIZA", "label": "True Positive"}, "actual": {"line_number": 5, "secret": "AKIAJM7GFQ36XW5YUIZA"}} +{"kind": "ground_truth", "id": 45, "match_type": "exact", "expected": {"line_number": 6, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 6, "secret": "zJ7aRpXtNfEmI/K9mDeNg/BqXrfIcY9gLwS3vUoH"}} +{"kind": "ground_truth", "id": 45, "match_type": "exact", "expected": {"line_number": 24, "secret": "D#$tG6hL9p!z@qR2bN8f*m", "label": "True Positive"}, "actual": {"line_number": 24, "secret": "D#$tG6hL9p!z@qR2bN8f*m"}} +{"kind": "ground_truth", "id": 45, "match_type": "exact", "expected": {"line_number": 63, "secret": "pk.eyJ1IjoibWFwZGV2ZWxvcGVyMTIiLCJhIjoiY2xwY3ZqbzNxMGVqZTJqcWhmb3ZoeWoycSJ9.sF5gHjL9kPzQvB7nJ6tXyA", "label": "True Positive"}, "actual": {"line_number": 14, "secret": "pk.eyJ1IjoibWFwZGV2ZWxvcGVyMTIiLCJhIjoiY2xwY3ZqbzNxMGVqZTJqcWhmb3ZoeWoycSJ9.sF5gHjL9kPzQvB7nJ6tXyA"}} +{"kind": "ground_truth", "id": 45, "match_type": "exact", "expected": {"line_number": 66, "secret": "gz_api_k_e5e4bb50c2684994843b0032b49ab78c", "label": "True Positive"}, "actual": {"line_number": 17, "secret": "gz_api_k_e5e4bb50c2684994843b0032b49ab78c"}} +{"kind": "ground_truth", "id": 45, "match_type": "partial", "expected": {"line_number": 44, "secret": "amqp://msg_proc:F3d^kLp@9s!zR-q@rabbitmq-prod.svc.cluster.local:5672/", "label": "True Positive"}, "actual": {"line_number": 20, "secret": "F3d^kLp"}} +{"kind": "ground_truth", "id": 45, "match_type": "exact", "expected": {"line_number": 47, "secret": "sv-tok-prod_8A2zL9pHqY7tJv5kR4wGcXnF1bS3mD6h", "label": "True Positive"}, "actual": {"line_number": 23, "secret": "sv-tok-prod_8A2zL9pHqY7tJv5kR4wGcXnF1bS3mD6h"}} +{"kind": "ground_truth", "id": 46, "match_type": "partial", "expected": {"line_number": 87, "secret": "postgres://analytics_svc:5h#jK9$fG!pQ@prod-db-replica-1.us-east-1.rds.amazonaws.com:5432/reporting_db", "label": "True Positive"}, "actual": {"line_number": 10, "secret": "SQLALCHEMY_DATABASE_URI'] = 'postgres://analytics_svc:5h#jK9$fG!pQ@prod-db-replica-1.us-east-1.rds.amazonaws.com:5432/reporting_db"}} +{"kind": "ground_truth", "id": 46, "match_type": "partial", "expected": {"line_number": 92, "secret": "sk_live_51Kx2BzJ6w3hC7nVf8gB5sLp0nN6rT1qY2aD4zXvWqSjU3mHk9oP7fG1tY9cR", "label": "True Positive"}, "actual": {"line_number": 15, "secret": "sk_live_51Kx2BzJ6w3hC7nVf8gB5sLp"}} +{"kind": "ground_truth", "id": 46, "match_type": "exact", "expected": {"line_number": 39, "secret": "AKIAV5Y3RXU2FN7QZ6PL", "label": "True Positive"}, "actual": {"line_number": 19, "secret": "AKIAV5Y3RXU2FN7QZ6PL"}} +{"kind": "ground_truth", "id": 46, "match_type": "exact", "expected": {"line_number": 51, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 31, "secret": "https://hooks.slack.com/services/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"}} +{"kind": "ground_truth", "id": 46, "match_type": "missed", "expected": {"line_number": 40, "secret": "p2gR8hL9kM3tN4vW5zC1xS7qY6bA+dE0fG/jK", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 46, "match_type": "exact", "expected": {"line_number": 55, "secret": "dop_v1_a6b4c8d1e2f3g5h7i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e", "label": "True Positive"}, "actual": {"line_number": 11, "secret": "dop_v1_a6b4c8d1e2f3g5h7i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e"}} +{"kind": "ground_truth", "id": 46, "match_type": "exact", "expected": {"line_number": 133, "secret": "pk.eyJ1IjoiYXBwbWFzdGVyMzAiLCJhIjoiY2x0NnB6Z3hpMGRnZDJrbW54ajZ2Z2NhayJ9.Z-u9f7s_L7gK4jH5qP2nXw", "label": "True Positive"}, "actual": {"line_number": 19, "secret": "pk.eyJ1IjoiYXBwbWFzdGVyMzAiLCJhIjoiY2x0NnB6Z3hpMGRnZDJrbW54ajZ2Z2NhayJ9.Z-u9f7s_L7gK4jH5qP2nXw"}} +{"kind": "ground_truth", "id": 46, "match_type": "exact", "expected": {"line_number": 134, "secret": "https://a1b2c3d4e5f64a7b8c9d0e1f2a3b4c5d@o123456.ingest.sentry.io/7890123", "label": "True Positive"}, "actual": {"line_number": 20, "secret": "https://a1b2c3d4e5f64a7b8c9d0e1f2a3b4c5d@o123456.ingest.sentry.io/7890123"}} +{"kind": "ground_truth", "id": 46, "match_type": "missed", "expected": {"line_number": 111, "secret": "Z8qWn!y$B&E)H@McQfTjWnZr4u7x!A%D*G-JaNdRgUkXp2s5v8y/B?E(H+KbPeSh", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 46, "match_type": "missed", "expected": {"line_number": 126, "secret": "notifications-prod@we-send-alerts.com", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 46, "match_type": "missed", "expected": {"line_number": 127, "secret": "4R#sV9$!pLq2b", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 47, "match_type": "exact", "expected": {"line_number": 98, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 11, "secret": "AKIAY3R4WZ76X2P5QJ6M"}} +{"kind": "ground_truth", "id": 47, "match_type": "exact", "expected": {"line_number": 99, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 12, "secret": "bGe8vKqy9zF3sC7hLpA5dGjJkM0fNn2xWvT1oR4i"}} +{"kind": "ground_truth", "id": 47, "match_type": "exact", "expected": {"line_number": 60, "secret": "~m88Q~bH2tY.xK5cZ_-.LpG7j9nF3rVqEwD1aB", "label": "True Positive"}, "actual": {"line_number": 19, "secret": "~m88Q~bH2tY.xK5cZ_-.LpG7j9nF3rVqEwD1aB"}} +{"kind": "ground_truth", "id": 47, "match_type": "missed", "expected": {"line_number": 58, "secret": "f0g1h2i3-j4k5-6789-l0m1-n2o3p4q5678b", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 47, "match_type": "missed", "expected": {"line_number": 59, "secret": "a8b1c2d3-e4f5-6789-a0b1-c2d3e4f5678a", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 47, "match_type": "missed", "expected": {"line_number": 61, "secret": "c9d0e1f2-g3h4-5678-i9j0-k1l2m3n4567c", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 47, "match_type": "exact", "expected": {"line_number": 118, "secret": "pk.eyJ1IjoiYmFja2VuZGRldjE5IiwiYSI6ImNsdWpwbDFrZDFhaWgyaW54aThxaGYwNWgifQ.bO9F2zA-y8wU1rC6gV4qLw", "label": "True Positive"}, "actual": {"line_number": 7, "secret": "pk.eyJ1IjoiYmFja2VuZGRldjE5IiwiYSI6ImNsdWpwbDFrZDFhaWgyaW54aThxaGYwNWgifQ.bO9F2zA-y8wU1rC6gV4qLw"}} +{"kind": "ground_truth", "id": 47, "match_type": "missed", "expected": {"line_number": 36, "secret": "dckr_pat_u7VpMzX9hL8rKjG6wQfB2cT4oN", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 47, "match_type": "missed", "expected": {"line_number": 51, "secret": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACCrY4qzb6p5bSj/LhkCHwPksPA2/mOapvO02N7UUDlO6gAAAJgRjN4EEYze\nBAAAAAtzc2gtZWQyNTUxOQAAACCrY4qzb6p5bSj/LhkCHwPksPA2/mOapvO02N7UUDlO6g\nAAAECBmxuGZJz76hTkyk1r6s9JRXr8K2T4lVjTpf3G9T/lFKtjirNvqnltKP8uGQIfA+Sw\n8Db+Y5qm87TY3tRQOU7qAAAAEGNpY2RfYWdlbnRAbWFpbC5jb20BAg==\n-----END OPENSSH PRIVATE KEY-----", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 47, "match_type": "exact", "expected": {"line_number": 204, "secret": "postgres://prod_analytics:v#9&kF$LpQz8r@db-replica-1.us-east-2.rds.amazonaws.com:5432/reporting", "label": "True Positive"}, "actual": {"line_number": 4, "secret": "postgres://prod_analytics:v#9&kF$LpQz8r@db-replica-1.us-east-2.rds.amazonaws.com:5432/reporting"}} +{"kind": "ground_truth", "id": 47, "match_type": "exact", "expected": {"line_number": 219, "secret": "YjYzY2I0NTYtMzU4Mi00NjRmLWE5YzEtY2QwMmQzMmM4ZWU3ZmY0Y2I3YjAtZjFjNS00NjZiLTk5YjEtZDYyYzE4Y2Y1ZDE4", "label": "True Positive"}, "actual": {"line_number": 19, "secret": "YjYzY2I0NTYtMzU4Mi00NjRmLWE5YzEtY2QwMmQzMmM4ZWU3ZmY0Y2I3YjAtZjFjNS00NjZiLTk5YjEtZDYyYzE4Y2Y1ZDE4"}} +{"kind": "ground_truth", "id": 48, "match_type": "exact", "expected": {"line_number": 129, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mH8sZk7vXn1cT2dD5eF6jA9gB7hI3lK4mN5oP6rQ8tS0uVvWwXyZ00abcDeFgh", "label": "True Positive"}, "actual": {"line_number": 15, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mH8sZk7vXn1cT2dD5eF6jA9gB7hI3lK4mN5oP6rQ8tS0uVvWwXyZ00abcDeFgh"}} +{"kind": "ground_truth", "id": 48, "match_type": "exact", "expected": {"line_number": 62, "secret": "dckr_pat_1A7fThgK9pLMt2Jz4wVbX5rYc8nS3oP6g", "label": "True Positive"}, "actual": {"line_number": 21, "secret": "dckr_pat_1A7fThgK9pLMt2Jz4wVbX5rYc8nS3oP6g"}} +{"kind": "ground_truth", "id": 48, "match_type": "exact", "expected": {"line_number": 82, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 41, "secret": "https://hooks.slack.com/services/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"}} +{"kind": "ground_truth", "id": 48, "match_type": "exact", "expected": {"line_number": 33, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 13, "secret": "AKIAY3R4WZ76X2P5QJ6M"}} +{"kind": "ground_truth", "id": 48, "match_type": "exact", "expected": {"line_number": 34, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 14, "secret": "7jH2kL5mN8pQ3sW9vX1yZ4aB6cD8eF0gH2jK4lM5"}} +{"kind": "ground_truth", "id": 48, "match_type": "exact", "expected": {"line_number": 44, "secret": "P@ssw0rd!Feb2024*!", "label": "True Positive"}, "actual": {"line_number": 24, "secret": "P@ssw0rd!Feb2024*!"}} +{"kind": "ground_truth", "id": 48, "match_type": "exact", "expected": {"line_number": 102, "secret": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io/7890123", "label": "True Positive"}, "actual": {"line_number": 15, "secret": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io/7890123"}} +{"kind": "ground_truth", "id": 48, "match_type": "exact", "expected": {"line_number": 105, "secret": "pk.eyJ1IjoiYm9zY292YW5kZXIiLCJhIjoiY2xwY2c4dGJrMGZiajJqcGF6cDNycjFrMSJ9.zF9VbWb0wE8lD9sN1hO9gQ", "label": "True Positive"}, "actual": {"line_number": 18, "secret": "pk.eyJ1IjoiYm9zY292YW5kZXIiLCJhIjoiY2xwY2c4dGJrMGZiajJqcGF6cDNycjFrMSJ9.zF9VbWb0wE8lD9sN1hO9gQ"}} +{"kind": "ground_truth", "id": 48, "match_type": "partial", "expected": {"line_number": 111, "secret": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlLWRldmVsb3BtZW50IiwiaXNzIjoibXktYXBwLWJhY2tlbmQiLCJhdWQiOiJpbnRlcm5hbC1hcGkiLCJleHAiOjE3MzU2ODk2MDAsImlhdCI6MTcwNDU4NTYwMCwianRpIjoiNWY0ZC04YmRmLWEwYjktM2Y5YSJ9.Kq-LwhU4xQp8VdG2tY_hZ3nBc7dJjO0pE_wF9XzR6vSgL7uH5mI4nK1oPkU9tQ1fA2eRbC3gX0hJjK1lW_zQ_", "label": "True Positive"}, "actual": {"line_number": 24, "secret": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlLWRldmVsb3BtZW50IiwiaXNzIjoibXktYXBwLWJhY2tlbmQiLCJhdWQiOiJpbnRlcm5hbC1hcGkiLCJleHAiOjE3MzU2ODk2MDAsImlhdCI6MTcwNDU4NTYwMCwianRpIjoiNWY0ZC04YmRmLWEwYjktM2Y5YSJ9."}} +{"kind": "ground_truth", "id": 48, "match_type": "exact", "expected": {"line_number": 25, "secret": "8!hG#kL$pQ2s@db.prod-STRONG-Pa$$wrd", "label": "True Positive"}, "actual": {"line_number": 8, "secret": "8!hG#kL$pQ2s@db.prod-STRONG-Pa$$wrd"}} +{"kind": "ground_truth", "id": 48, "match_type": "exact", "expected": {"line_number": 40, "secret": "ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7z", "label": "True Positive"}, "actual": {"line_number": 23, "secret": "ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7z"}} +{"kind": "ground_truth", "id": 49, "match_type": "exact", "expected": {"line_number": 51, "secret": "AKIAU7VDF3W5X6QZ8P4J", "label": "True Positive"}, "actual": {"line_number": 10, "secret": "AKIAU7VDF3W5X6QZ8P4J"}} +{"kind": "ground_truth", "id": 49, "match_type": "exact", "expected": {"line_number": 52, "secret": "bK9mP4wR8sL1vJ7oA2dF6gH3xN0cT5yZ/iE+qW!a", "label": "True Positive"}, "actual": {"line_number": 11, "secret": "bK9mP4wR8sL1vJ7oA2dF6gH3xN0cT5yZ/iE+qW!a"}} +{"kind": "ground_truth", "id": 49, "match_type": "exact", "expected": {"line_number": 19, "secret": "s$3pL!z#9FqG&vB^kY5h@m", "label": "True Positive"}, "actual": {"line_number": 9, "secret": "s$3pL!z#9FqG&vB^kY5h@m"}} +{"kind": "ground_truth", "id": 49, "match_type": "exact", "expected": {"line_number": 31, "secret": "NzhhYjU0ZWE3YzE2NGU5YWYyMGExYzhmNDY3NzU3M2M4YjE2OTIzYjljYjA3ZGIxNzQwMjQyMmMxOGQ4ZDllZA", "label": "True Positive"}, "actual": {"line_number": 21, "secret": "NzhhYjU0ZWE3YzE2NGU5YWYyMGExYzhmNDY3NzU3M2M4YjE2OTIzYjljYjA3ZGIxNzQwMjQyMmMxOGQ4ZDllZA"}} +{"kind": "ground_truth", "id": 49, "match_type": "partial", "expected": {"line_number": 105, "secret": "{\\\"type\\\": \\\"service_account\\\",\\\"project_id\\\": \\\"gcp-project-analytics-34123\\\",\\\"private_key_id\\\": \\\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\\\",\\\"private_key\\\": \\\"-----BEGIN PRIVATE KEY-----\\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAKt4o6JbMS8q0S7G\\n9eDoP5vPty2MWJ2k4vLjcgYRm0NksKCh3/ARfPz9p5k4KFcC2fGuBD9Csiys68d1\\n8s/75u6AhGXfS4F1g8eMA3v2zZ5YV8GfLXA4Y9f8tI8d4aG5eH6h9pY3qE0wK7R\\n+G9lA2dF4jK1bS8nO9mP3xY7bC6dAgMBAAECgYEAjtgL5C3d4rD7Pz5c3eV8qZ6v\\n9Q8k2v5G7yL3oD9eS4H6g7K2fD9hA8sB6sC5gL4gN3hJ2kL6dF7aH9bJ8cYR4k5o\\n+Z2mH9gI7wG3aL4cE6nO8bF7dS8fG3dC2hI9aQ6pX4wR7kF2hE0dM9sP3tW9sC4=\\n-----END PRIVATE KEY-----\\n\\\",\\\"client_email\\\": \\\"data-ingest-sa@gcp-project-analytics-34123.iam.gserviceaccount.com\\\",\\\"client_id\\\": \\\"109876543210987654321\\\"}", "label": "True Positive"}, "actual": {"line_number": 11, "secret": "BEGIN PRIVATE KEY"}} +{"kind": "ground_truth", "id": 49, "match_type": "exact", "expected": {"line_number": 132, "secret": "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", "label": "True Positive"}, "actual": {"line_number": 18, "secret": "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"}} +{"kind": "ground_truth", "id": 49, "match_type": "exact", "expected": {"line_number": 65, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, "actual": {"line_number": 45, "secret": "https://hooks.slack.com/services/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"}} +{"kind": "ground_truth", "id": 49, "match_type": "missed", "expected": {"line_number": 42, "secret": "dckr_pat_szmX4QjL-VbN7YkP9wT1uR8eG6zC0xF2oA5sH", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 50, "match_type": "exact", "expected": {"line_number": 86, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, "actual": {"line_number": 9, "secret": "AKIAY3R4WZ76X2P5QJ6M"}} +{"kind": "ground_truth", "id": 50, "match_type": "exact", "expected": {"line_number": 87, "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "label": "True Positive"}, "actual": {"line_number": 10, "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"}} +{"kind": "ground_truth", "id": 50, "match_type": "exact", "expected": {"line_number": 44, "secret": "dd_api_9f5c2d3a1b0e4f8d6a3c5e7b9a1d3f5c", "label": "True Positive"}, "actual": {"line_number": 24, "secret": "dd_api_9f5c2d3a1b0e4f8d6a3c5e7b9a1d3f5c"}} +{"kind": "ground_truth", "id": 50, "match_type": "exact", "expected": {"line_number": 45, "secret": "dd_app_3e5c7a9b1d3f5c8d2a0b4e6c1d3f5c8d2a0b4", "label": "True Positive"}, "actual": {"line_number": 25, "secret": "dd_app_3e5c7a9b1d3f5c8d2a0b4e6c1d3f5c8d2a0b4"}} +{"kind": "ground_truth", "id": 50, "match_type": "exact", "expected": {"line_number": 53, "secret": "pk.eyJ1IjoiYmFyYmFyYS1kZXYiLCJhIjoiY2xwY3RkY2prMDFhajJqcGNwanRmaTV2ZSJ9._WkUvXkQR_zT8qCvCSXw5A", "label": "True Positive"}, "actual": {"line_number": 9, "secret": "pk.eyJ1IjoiYmFyYmFyYS1kZXYiLCJhIjoiY2xwY3RkY2prMDFhajJqcGNwanRmaTV2ZSJ9._WkUvXkQR_zT8qCvCSXw5A"}} +{"kind": "ground_truth", "id": 50, "match_type": "partial", "expected": {"line_number": 39, "secret": "{\"type\":\"service_account\",\"project_id\":\"acme-corp-314159\",\"private_key_id\":\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6\\n-----END PRIVATE KEY-----\\n\"}", "label": "True Positive"}, "actual": {"line_number": 39, "secret": "BEGIN PRIVATE KEY"}} +{"kind": "ground_truth", "id": 50, "match_type": "missed", "expected": {"line_number": 30, "secret": "npm_E9z4fGh7jK3pL5rA8vB2sY1tW0cXiUoN", "label": "True Positive"}, "actual": null} +{"kind": "ground_truth", "id": 50, "match_type": "exact", "expected": {"line_number": 140, "secret": "ACf9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c4", "label": "True Positive"}, "actual": {"line_number": 29, "secret": "ACf9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c4"}} +{"kind": "ground_truth", "id": 50, "match_type": "missed", "expected": {"line_number": 119, "secret": "k#8zP@qR7$tGv!9bL2nF sY3x", "label": "True Positive"}, "actual": null} +{"kind": "false_positive", "id": 1, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 6, "secret": "AKIAY4U3L2F7SXJ6ZBQR"}} +{"kind": "false_positive", "id": 1, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 7, "secret": "fJk2pZ+vB8nU6sY9tH/eLgR4yC1xW7zQ3aI0mD/o"}} +{"kind": "false_positive", "id": 1, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 7, "secret": "fJk2pZ+vB8nU6sY9tH/eLgR4yC1xW7zQ3aI0mD/o"}} +{"kind": "false_positive", "id": 1, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 7, "secret": "fJk2pZ+vB8nU6sY9tH/eLgR4yC1xW7zQ3aI0mD/o"}} +{"kind": "false_positive", "id": 1, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 29, "secret": "File '{file_name}' uploaded to '{bucket}/{object_name}'."}} +{"kind": "false_positive", "id": 1, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 30, "secret": "https://hooks.slack.com/services/T01ABCD4E5F/B02FGHIJ3K4/aBcDeFg1hIjKlMnOpQrStUvWxYzA543210"}} +{"kind": "false_positive", "id": 1, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 24, "secret": "digitalocean_ssh_key\" \"main"}} +{"kind": "false_positive", "id": 1, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 28, "secret": "digitalocean_database_cluster\" \"postgres_db"}} +{"kind": "false_positive", "id": 1, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 9, "secret": "jdbc:mysql://db-prod.c1a2b3d4e5f6.us-east-1.rds.amazonaws.com:3306/webappdb?useSSL=true&requireSSL=true"}} +{"kind": "false_positive", "id": 1, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "8h$T9x!qW2r*Lp@vK4m&Z7gB#nS5yU"}} +{"kind": "false_positive", "id": 1, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 17, "secret": "redis-prod.a1b2c3.0001.use1.cache.amazonaws.com"}} +{"kind": "false_positive", "id": 1, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "eC5tVg8jNkLpQ3sW6zY9bH2fR7uI0mO1vX4a"}} +{"kind": "false_positive", "id": 1, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "eC5tVg8jNkLpQ3sW6zY9bH2fR7uI0mO1vX4a"}} +{"kind": "false_positive", "id": 1, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 25, "secret": "pk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB2nD5oP6qR7sW8x YzZ9a"}} +{"kind": "false_positive", "id": 2, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "sk_live_51KmzU8BqR6tP0kLwXgH7yV3dF9sJ1eA8cW2mN4oB6gZ5hI0kL3jM7yV9dF1gH2jK4lN6oB5pQ8sR7tU"}} +{"kind": "false_positive", "id": 2, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "sk_live_51KmzU8BqR6tP0kLwXgH7yV3dF9sJ1eA8cW2mN4oB6gZ5hI0kL3jM7yV9dF1gH2jK4lN6oB5pQ8sR7tU"}} +{"kind": "false_positive", "id": 2, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "sk_live_51KmzU8BqR6tP0kLwXgH7yV3"}} +{"kind": "false_positive", "id": 2, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "/api/v1/charge', methods=['POST"}} +{"kind": "false_positive", "id": 2, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 38, "secret": "Your Receipt from ExampleShop"}} +{"kind": "false_positive", "id": 2, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 44, "secret": "Email sent with status code: {response.status_code}"}} +{"kind": "false_positive", "id": 2, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 3, "secret": "AKIAY3R4WZ76X2P5QJ6M"}} +{"kind": "false_positive", "id": 2, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 4, "secret": "a7vK9LpM4hG2sR8wD1fC5qT0jB3uN6zX9iY7eE/Z"}} +{"kind": "false_positive", "id": 2, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 4, "secret": "a7vK9LpM4hG2sR8wD1fC5qT0jB3uN6zX9iY7eE/Z"}} +{"kind": "false_positive", "id": 2, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 7, "secret": "aws_s3_bucket\" \"customer_uploads"}} +{"kind": "false_positive", "id": 2, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "Customer Uploads Bucket"}} +{"kind": "false_positive", "id": 2, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 8, "secret": "AIzaSyB8pZ5GfsJk9mDq7nL4vW2xRcH1tU0E"}} +{"kind": "false_positive", "id": 2, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 8, "secret": "AIzaSyB8pZ5GfsJk9mDq7nL4vW2xRcH1tU0E"}} +{"kind": "false_positive", "id": 2, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 13, "secret": "1:123456789012:web:a1b2c3d4e5f6a7b8c9d0e1"}} +{"kind": "false_positive", "id": 2, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 5, "secret": "jdbc:mysql://prod-db.example.com:3306/maindb"}} +{"kind": "false_positive", "id": 2, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 16, "secret": "h#K!p$7sW@v3xR9zQ*j1fG_b"}} +{"kind": "false_positive", "id": 2, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "AC9f7e6d5c4b3a291807654321fedcba"}} +{"kind": "false_positive", "id": 2, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 24, "secret": "b2luc3JldnNqcmVxdm5qcXNlMjR2NHFzZXZzcjI1OXF5MHI="}} +{"kind": "false_positive", "id": 3, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 10, "secret": "kG+N9sL2rP4xW7yH8zC1vE0bF3uA5tD6jQ/mIoX"}} +{"kind": "false_positive", "id": 3, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 10, "secret": "kG+N9sL2rP4xW7yH8zC1vE0bF3uA5tD6jQ/mIoX"}} +{"kind": "false_positive", "id": 3, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "/api/v1/process-file', methods=['POST"}} +{"kind": "false_positive", "id": 3, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "[Critical] High P99 Latency on API Gateway"}} +{"kind": "false_positive", "id": 3, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 21, "secret": "@devops-alerts P99 latency is over 2s. Check API Gateway performance."}} +{"kind": "false_positive", "id": 3, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 22, "secret": "env:prod\", \"service:api-gateway"}} +{"kind": "false_positive", "id": 3, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 24, "secret": "avg(last_5m):p99:aws.apigateway.latency.count{*} by {apiname} > 2000"}} +{"kind": "false_positive", "id": 3, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 33, "secret": "4a8f15d7e5b6c93f0a12e4d3c5f6b8a1"}} +{"kind": "false_positive", "id": 3, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "dckr_pat_aB7-cDef_gHiJkL-mNop_qRsT"}} +{"kind": "false_positive", "id": 3, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "dckr_pat_aB7-cDef_gHiJkL-mNop_qRsT"}} +{"kind": "false_positive", "id": 3, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 37, "secret": "The build for the main branch has failed. Please investigate."}} +{"kind": "false_positive", "id": 3, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 4, "secret": "jdbc:postgresql://db-reporting.us-east-1.rds.amazonaws.com:5432/reporting_prod"}} +{"kind": "false_positive", "id": 3, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 6, "secret": "4#pZ&qK9!sW8*L@gM$nBv"}} +{"kind": "false_positive", "id": 3, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "f9b5c3d2e1a04987b6a5c4d3e2f1b0a9c8d7e6f5a4b3c2d1e0f0987654321fed"}} +{"kind": "false_positive", "id": 4, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 8, "secret": "hG8pFk3mZ+jV9sL1wN7tYqR2dC0xI4oA/bB5uE3f"}} +{"kind": "false_positive", "id": 4, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 8, "secret": "hG8pFk3mZ+jV9sL1wN7tYqR2dC0xI4oA/bB5uE3f"}} +{"kind": "false_positive", "id": 4, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 8, "secret": "hG8pFk3mZ+jV9sL1wN7tYqR2dC0xI4oA/bB5uE3f"}} +{"kind": "false_positive", "id": 4, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 17, "secret": "\"\"Lists all S3 buckets for the configured account.\"\""}} +{"kind": "false_positive", "id": 4, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 25, "secret": "Error listing buckets: {e}"}} +{"kind": "false_positive", "id": 4, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "dckr_pat_aJv8rK3sLpH7qZ2mN9bXwF1g"}} +{"kind": "false_positive", "id": 4, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "dckr_pat_aJv8rK3sLpH7qZ2mN9bXwF1g"}} +{"kind": "false_positive", "id": 4, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 32, "secret": "https://hooks.slack.com/services/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"}} +{"kind": "false_positive", "id": 4, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 33, "secret": "Image successfully built and deployed."}} +{"kind": "false_positive", "id": 4, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 8, "secret": "dd_api_a9f86a9f86d7e9e8b7c6c5d4d3e2f1b0"}} +{"kind": "false_positive", "id": 4, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 24, "secret": "@all CPU utilization is over 90% on {{host.name}}"}} +{"kind": "false_positive", "id": 4, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 26, "secret": "avg(last_5m):avg:system.cpu.user{environment:production} > 90"}} +{"kind": "false_positive", "id": 4, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 17, "secret": "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"}} +{"kind": "false_positive", "id": 4, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 17, "secret": "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"}} +{"kind": "false_positive", "id": 4, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 26, "secret": "SELECT COUNT(*) FROM Users WHERE Status = 'Pending'"}} +{"kind": "false_positive", "id": 4, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 33, "secret": "noreply@myapp.com\", \"MyApp Notifications"}} +{"kind": "false_positive", "id": 4, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 8, "secret": "AIzaSyC1b2D3e4F5g6H7i8J9k0L1m2N3o4P5q6R"}} +{"kind": "false_positive", "id": 4, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 8, "secret": "AIzaSyC1b2D3e4F5g6H7i8J9k0L1m2N3o4P5q6R"}} +{"kind": "false_positive", "id": 5, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 13, "secret": "\"\"Initializes and returns an S3 client with hardcoded credentials.\"\""}} +{"kind": "false_positive", "id": 5, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 16, "secret": "vN9bF8dG2kP1cQ5eR7sT3uV0wX4yZ6aB7cH9iJ/l"}} +{"kind": "false_positive", "id": 5, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 16, "secret": "vN9bF8dG2kP1cQ5eR7sT3uV0wX4yZ6aB7cH9iJ/l"}} +{"kind": "false_positive", "id": 5, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 16, "secret": "vN9bF8dG2kP1cQ5eR7sT3uV0wX4yZ6aB7cH9iJ/l"}} +{"kind": "false_positive", "id": 5, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 22, "secret": "\"\"Uploads a single file to the specified S3 bucket.\"\""}} +{"kind": "false_positive", "id": 5, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 24, "secret": "backup-{get_timestamp()}.log"}} +{"kind": "false_positive", "id": 5, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 25, "secret": "Successfully uploaded {file_path} to {bucket}."}} +{"kind": "false_positive", "id": 5, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 21, "secret": "dckr_pat_bH8gY2cX1dE4fG5hI6jK7lM8nO9pQ0rS"}} +{"kind": "false_positive", "id": 5, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 22, "secret": "docker build -t ${DOCKER_IMAGE_NAME}:${BUILD_NUMBER} ."}} +{"kind": "false_positive", "id": 5, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 23, "secret": "echo ${dockerApiToken} | docker login -u ${dockerUsername} --password-stdin ${DOCKER_REGISTRY}"}} +{"kind": "false_positive", "id": 5, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 24, "secret": "docker push ${DOCKER_IMAGE_NAME}:${BUILD_NUMBER}"}} +{"kind": "false_positive", "id": 5, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7hN5fD6gE4iT2oP1aL0kM8zGxYc9v"}} +{"kind": "false_positive", "id": 5, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7hN5fD6gE4iT2oP1aL0kM8zGxYc9v"}} +{"kind": "false_positive", "id": 5, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7hN5fD6gE4iT2oP1aL0kM8zGxYc9v"}} +{"kind": "false_positive", "id": 5, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 31, "secret": "Webhook secret configured: \" + whSecret.substring(0, 10) + \"..."}} +{"kind": "false_positive", "id": 5, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 8, "secret": "S#cr3t_DB_P@ssw0rd_8k!2mN"}} +{"kind": "false_positive", "id": 5, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 20, "secret": "API key for sending transactional emails."}} +{"kind": "false_positive", "id": 5, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 23, "secret": "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"}} +{"kind": "false_positive", "id": 5, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 32, "secret": "https://hooks.slack.com/services/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"}} +{"kind": "false_positive", "id": 7, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 6, "secret": "Jv2/G5fB8hK0lM3nO7pQ9rS2uV5wX8yZ1aC4bE6d"}} +{"kind": "false_positive", "id": 7, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 6, "secret": "Jv2/G5fB8hK0lM3nO7pQ9rS2uV5wX8yZ1aC4bE6d"}} +{"kind": "false_positive", "id": 7, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "sk_live_51Mv0L2BpF8fG1tY9cRzXvWqSjU3mB4aD5eFgH6iJ7kL8mN9oP0qR1sT"}} +{"kind": "false_positive", "id": 7, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "STRIPE_SECRET_KEY'] = 'sk_live_51Mv0L2BpF8fG1tY9cRzXvWqSjU3mB4aD5eFgH6iJ7kL8mN9oP0qR1sT"}} +{"kind": "false_positive", "id": 7, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "sk_live_51Mv0L2BpF8fG1tY9cRzXvWq"}} +{"kind": "false_positive", "id": 7, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 18, "secret": "/health', methods=['GET"}} +{"kind": "false_positive", "id": 7, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 28, "secret": "/create-payment-intent', methods=['POST"}} +{"kind": "false_positive", "id": 7, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 22, "secret": "dckr_pat_bC9hFvG5jL1kM4nO7pQ9rS2uV5wX8yZ1aC"}} +{"kind": "false_positive", "id": 7, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 22, "secret": "dckr_pat_bC9hFvG5jL1kM4nO7pQ9rS2uV5wX8yZ1aC"}} +{"kind": "false_positive", "id": 7, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 36, "secret": "Deployment to production finished."}} +{"kind": "false_positive", "id": 7, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 38, "secret": "https://hooks.slack.com/services/T012ABCDEF3/B01GHIJKLM4/vP5qR6sT7uV8wX9yZ0aB1c"}} +{"kind": "false_positive", "id": 7, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "SG.bF3gH5iJ7kL9mN1oP3qR5sT7uV9wX1yZ.aC3bE5dF7gH9jK1lM3nO5pQ7rS9tU"}} +{"kind": "false_positive", "id": 7, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "https://metrics.corp.internal/api/v1/log"}} +{"kind": "false_positive", "id": 7, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "4a1b0c9d2e8f7g6h5i4j3k2l1m0n9o8p7q6r5s4t3u2v1w0x"}} +{"kind": "false_positive", "id": 7, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "4a1b0c9d2e8f7g6h5i4j3k2l1m0n9o8p7q6r5s4t3u2v1w0x"}} +{"kind": "false_positive", "id": 7, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLnMxLmV4YW1wbGUuY29tIiwic3ViIjoiY2NjY2QxZjctMGIzNC00MWFmLThmZjktYWZmMDc0MjVmYTc3IiwiYXVkIjoiYXBpLnMxLmV4YW1wbGUuY29tIiwiaWF0IjoxNjQ4MDQ0NDc5LCJleHAiOjE2NDgwNDgwNzl9.m4zV8G48EaFqfJkXw9Y2ZzQ3bH6iJ8kL0mN2oP4qR6s"}} +{"kind": "false_positive", "id": 7, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 26, "secret": "Content-Type\", \"application/json"}} +{"kind": "false_positive", "id": 8, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 16, "secret": "gT8vNl2yX+ZpB/tY9cRzXvWqSjU3mB/kL5dF8aC"}} +{"kind": "false_positive", "id": 8, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 16, "secret": "gT8vNl2yX+ZpB/tY9cRzXvWqSjU3mB/kL5dF8aC"}} +{"kind": "false_positive", "id": 8, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 22, "secret": "dckr_pat_a4d3f2c1b0e9a8b7c6d5e4f3a2b1c0d9e8f7g6h5"}} +{"kind": "false_positive", "id": 8, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 36, "secret": "Production deployment successful!"}} +{"kind": "false_positive", "id": 8, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 9, "secret": "AIzaSyCDE1234FGH5678IJKL9012MNOPQRs-tU"}} +{"kind": "false_positive", "id": 8, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 9, "secret": "AIzaSyCDE1234FGH5678IJKL9012MNOPQRs-tU"}} +{"kind": "false_positive", "id": 8, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "1:987654321012:web:a1b2c3d4e5f6a7b8c9d0e1"}} +{"kind": "false_positive", "id": 8, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 5, "secret": "AKIAT7G3W4LIX5M2P6Q4"}} +{"kind": "false_positive", "id": 8, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 6, "secret": "xZ9cU7sV3mB+pQkL5jH8fG1tY9cRzXvWqSjU3mB/kL"}} +{"kind": "false_positive", "id": 8, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 6, "secret": "xZ9cU7sV3mB+pQkL5jH8fG1tY9cRzXvWqSjU3mB/kL"}} +{"kind": "false_positive", "id": 9, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 13, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7oL5dE6aF4gH2iJ1kC0pP9sT8yU2oO3zN7lI5xR4vG3bA2eC1d00jK6bM4lP"}} +{"kind": "false_positive", "id": 9, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 13, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7oL5dE6aF4gH2iJ1kC0pP9sT8yU2oO3zN7lI5xR4vG3bA2eC1d00jK6bM4lP"}} +{"kind": "false_positive", "id": 9, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 13, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7oL5dE6aF4gH2iJ1kC0pP9sT8yU2oO3zN7lI5xR4vG3bA2eC1d00jK6bM4lP"}} +{"kind": "false_positive", "id": 9, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "/create-payment-intent', methods=['POST"}} +{"kind": "false_positive", "id": 9, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 20, "secret": "String\", \"ETHERSCAN_API_KEY\", '\"8S5R3ZQXDI1VMEG9N4Y2QWB7A7JH8W5C6I"}} +{"kind": "false_positive", "id": 9, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 6, "secret": "ACf8e21a9c3b7d5f1e0a9b8c7d6e5f4a3b"}} +{"kind": "false_positive", "id": 9, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 6, "secret": "ACf8e21a9c3b7d5f1e0a9b8c7d6e5f4a3b"}} +{"kind": "false_positive", "id": 9, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "aurora-master-credentials"}} +{"kind": "false_positive", "id": 10, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 5, "secret": "AKIAYJ5U4F6X3W2Z7Q8B"}} +{"kind": "false_positive", "id": 10, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 6, "secret": "vG9dK8jFpQ4sH7wB2uA1tY6zC0xL5nE3bV2mO4iP"}} +{"kind": "false_positive", "id": 10, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 6, "secret": "vG9dK8jFpQ4sH7wB2uA1tY6zC0xL5nE3bV2mO4iP"}} +{"kind": "false_positive", "id": 10, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 33, "secret": "prod-analytics-data-lake-987345"}} +{"kind": "false_positive", "id": 10, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 22, "secret": "dckr_pat_u7hN2pL9xV4kG1mF3jZ8oR6cW0qYdE5sT2aB"}} +{"kind": "false_positive", "id": 10, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 22, "secret": "dckr_pat_u7hN2pL9xV4kG1mF3jZ8oR6cW0qYdE5sT2aB"}} +{"kind": "false_positive", "id": 10, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 38, "secret": "https://hooks.slack.com/services/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"}} +{"kind": "false_positive", "id": 10, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "sk-proj-jV7hG1mF9wX4kL6uT3nZ8oR2cY0pQdE5sA1bY9fC"}} +{"kind": "false_positive", "id": 10, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "sk-proj-jV7hG1mF9wX4kL6uT3nZ8oR2cY0pQdE5sA1bY9fC"}} +{"kind": "false_positive", "id": 10, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 20, "secret": "/api/v1/chat/completions', methods=['POST"}} +{"kind": "false_positive", "id": 10, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 35, "secret": "role\": \"system\", \"content\": \"You are a helpful assistant."}} +{"kind": "false_positive", "id": 10, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 26, "secret": "https://api.geotracker.com/v2"}} +{"kind": "false_positive", "id": 10, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 23, "secret": "proguard-android-optimize.txt'), 'proguard-rules.pro"}} +{"kind": "false_positive", "id": 10, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 41, "secret": "String\", \"FCM_SERVER_KEY\", '\"AAAAizX-Tq0:APA91bF...staging-key..."}} +{"kind": "false_positive", "id": 11, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "prod-redis-main.f8c2d1.0001.use1.cache.amazonaws.com"}} +{"kind": "false_positive", "id": 11, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "sk_live_51Kk0L2ApB8fG1tY9cr4jFzT8aGb0mXnL1fVd9rT2sYcW3uE4xS5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ"}} +{"kind": "false_positive", "id": 11, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "sk_live_51Kk0L2ApB8fG1tY9cr4jFzT8aGb0mXnL1fVd9rT2sYcW3uE4xS5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ"}} +{"kind": "false_positive", "id": 11, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "sk_live_51Kk0L2ApB8fG1tY9cr4jFzT"}} +{"kind": "false_positive", "id": 11, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 21, "secret": "/health', methods=['GET"}} +{"kind": "false_positive", "id": 11, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 42, "secret": "https://hooks.slack.com/services/T00AB1CD2EF/B01GH2JK3LM/xyZAbcDEfgHIjklMNOpQRSTuvwXy"}} +{"kind": "false_positive", "id": 11, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "https://api.anthropic.com/v1/messages"}} +{"kind": "false_positive", "id": 11, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 13, "secret": "sk-ant-api03-S5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ9vR-mK1jLpFzXgY8cBu7DwEa4SdF2gH3iKlJnOpQ_AAA"}} +{"kind": "false_positive", "id": 11, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 13, "secret": "sk-ant-api03-S5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ9vR-mK1jLpFzXgY8cBu7DwEa4SdF2gH3iKlJnOpQ_AAA"}} +{"kind": "false_positive", "id": 11, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 44, "secret": "anthropic-version\", \"2023-06-01"}} +{"kind": "false_positive", "id": 11, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 8, "secret": "AIzaSyB9X8Y7Z6W5V4U3T2S1R0P9Q8O7N6M5L4"}} +{"kind": "false_positive", "id": 11, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 8, "secret": "AIzaSyB9X8Y7Z6W5V4U3T2S1R0P9Q8O7N6M5L4"}} +{"kind": "false_positive", "id": 11, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 9, "secret": "project-staging-a4b1c.firebaseapp.com"}} +{"kind": "false_positive", "id": 11, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 13, "secret": "1:123456789012:web:a1b2c3d4e5f6a7b8c9d0e1"}} +{"kind": "false_positive", "id": 11, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 1, "secret": "digitalocean_droplet\" \"web_server"}} +{"kind": "false_positive", "id": 11, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "bash -c \\\"$(curl -L https://raw.githubusercontent.com/DataDog/datadog-agent/master/cmd/agent/install_script.sh)\\\""}} +{"kind": "false_positive", "id": 11, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 24, "secret": "digitalocean_database_cluster\" \"postgres_prod"}} +{"kind": "false_positive", "id": 12, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "AC5f8e0a1b9c3d4e5f6a7b8c9d0e1f2a3b"}} +{"kind": "false_positive", "id": 12, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "AC5f8e0a1b9c3d4e5f6a7b8c9d0e1f2a3b"}} +{"kind": "false_positive", "id": 12, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 18, "secret": "/api/v1/send-invite', methods=['POST"}} +{"kind": "false_positive", "id": 12, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 22, "secret": "Welcome! Your verification code is 123456."}} +{"kind": "false_positive", "id": 12, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "S3cuRe_dBP@ssw0rd-f0R-Pr0d!2023"}} +{"kind": "false_positive", "id": 12, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 21, "secret": "aws_security_group\" \"db_sg"}} +{"kind": "false_positive", "id": 12, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 34, "secret": "aws_db_subnet_group\" \"default"}} +{"kind": "false_positive", "id": 12, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 7, "secret": "AIzaSyB_V9zC5gE8fH7iJ6kL4mN3oP2qR1sT0uW"}} +{"kind": "false_positive", "id": 12, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 7, "secret": "AIzaSyB_V9zC5gE8fH7iJ6kL4mN3oP2qR1sT0uW"}} +{"kind": "false_positive", "id": 12, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 26, "secret": "Services Initialized with production keys."}} +{"kind": "false_positive", "id": 12, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 5, "secret": "github.com/go-redis/redis/v8"}} +{"kind": "false_positive", "id": 12, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 16, "secret": "redis-11234.c264.ap-south-1-1.ec2.cloud.redislabs.com:11234"}} +{"kind": "false_positive", "id": 13, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 10, "secret": "\"\"Connects to S3 and processes files in a specific bucket.\"\""}} +{"kind": "false_positive", "id": 13, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "Initializing S3 client for data processing..."}} +{"kind": "false_positive", "id": 13, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "fT9zY3uBvRx+pLgWjN5oH8mKcVdEaGhIqJbXzL7s"}} +{"kind": "false_positive", "id": 13, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "fT9zY3uBvRx+pLgWjN5oH8mKcVdEaGhIqJbXzL7s"}} +{"kind": "false_positive", "id": 13, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "fT9zY3uBvRx+pLgWjN5oH8mKcVdEaGhIqJbXzL7s"}} +{"kind": "false_positive", "id": 13, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 23, "secret": "Listing objects in bucket: {bucket_name}"}} +{"kind": "false_positive", "id": 13, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 28, "secret": "Found file: {obj['Key']}"}} +{"kind": "false_positive", "id": 13, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 23, "secret": "v#8kP!s7TqR2zL$mG@fD"}} +{"kind": "false_positive", "id": 13, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 29, "secret": "aws_security_group\" \"db"}} +{"kind": "false_positive", "id": 13, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "github.com/stripe/stripe-go/v72"}} +{"kind": "false_positive", "id": 13, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 30, "secret": "sk_live_51Mv9BfGk7Lw3zYqSjU2dRaXt1cVhN8eIoP6bA5cZfTxW"}} +{"kind": "false_positive", "id": 13, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 30, "secret": "sk_live_51Mv9BfGk7Lw3zYqSjU2dRaXt1cVhN8eIoP6bA5cZfTxW"}} +{"kind": "false_positive", "id": 13, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 20, "secret": "dckr_pat_1sA3fG5hJ8kL2mN4pQ6rT8uV0wX2z"}} +{"kind": "false_positive", "id": 13, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 20, "secret": "dckr_pat_1sA3fG5hJ8kL2mN4pQ6rT8uV0wX2z"}} +{"kind": "false_positive", "id": 13, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "SG.lI8pZ3jT9qW7eR1aV5bC0x.mK4oH6sN2yU9iO-pLgJ7fDcXvBwZqR"}} +{"kind": "false_positive", "id": 14, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 13, "secret": "SQLALCHEMY_TRACK_MODIFICATIONS"}} +{"kind": "false_positive", "id": 14, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "sk_live_51Mv4xEAklC1kABi8gqYtY9eBpJc7dFwZ7yX2vH3uL5bNqD6kRzT0fA9gS1hJk0bVcGfI4oE3mNlP2rWqAbcDef123"}} +{"kind": "false_positive", "id": 14, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "sk_live_51Mv4xEAklC1kABi8gqYtY9eBpJc7dFwZ7yX2vH3uL5bNqD6kRzT0fA9gS1hJk0bVcGfI4oE3mNlP2rWqAbcDef123"}} +{"kind": "false_positive", "id": 14, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "sk_live_51Mv4xEAklC1kABi8gqYtY9eBpJc7dFwZ7yX2vH3uL5bNqD6kRzT0fA9gS1hJk0bVcGfI4oE3mNlP2rWqAbcDef123"}} +{"kind": "false_positive", "id": 14, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 24, "secret": "/charge', methods=['POST"}} +{"kind": "false_positive", "id": 14, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 30, "secret": "SG.s5h4z9k8TqO6y2n7v1m3pA.c4fGkRpLwE9xVbU3zJ8aQoI7tYdD5sW2iH6uX0O"}} +{"kind": "false_positive", "id": 14, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 26, "secret": "dckr_pat_aJkLmnOpQrStUvWxYzAbCdEfGhIjK12345"}} +{"kind": "false_positive", "id": 14, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 26, "secret": "dckr_pat_aJkLmnOpQrStUvWxYzAbCdEfGhIjK12345"}} +{"kind": "false_positive", "id": 14, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 8, "secret": "github.com/go-redis/redis/v8"}} +{"kind": "false_positive", "id": 14, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 9, "secret": "github.com/streadway/amqp"}} +{"kind": "false_positive", "id": 14, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 28, "secret": "Successfully connected to RabbitMQ broker"}} +{"kind": "false_positive", "id": 14, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 32, "secret": "redis-master.prod.svc.cluster.local:6379"}} +{"kind": "false_positive", "id": 14, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 33, "secret": "R9bXmPZc$vT2sK!eN5wF8qGg4jA#7D"}} +{"kind": "false_positive", "id": 14, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "Adm1nPassw0rd&SuperS3cure!v9h2k4m5"}} +{"kind": "false_positive", "id": 14, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 17, "secret": "aws_lambda_function\" \"data_processor"}} +{"kind": "false_positive", "id": 14, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 27, "secret": "kpat_9uGvP3wFxBzQr7YtL1sJmN5cH2oVb4fD8S"}} +{"kind": "false_positive", "id": 14, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 5, "secret": "development' | 'production' | 'staging"}} +{"kind": "false_positive", "id": 15, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 9, "secret": "corp-data-lake-prod-4815162342"}} +{"kind": "false_positive", "id": 15, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 13, "secret": "jTpHv9rX8wB1nA6sF2gK7cZ5bV4mE0yL3dI9oU8a"}} +{"kind": "false_positive", "id": 15, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 13, "secret": "jTpHv9rX8wB1nA6sF2gK7cZ5bV4mE0yL3dI9oU8a"}} +{"kind": "false_positive", "id": 15, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 13, "secret": "jTpHv9rX8wB1nA6sF2gK7cZ5bV4mE0yL3dI9oU8a"}} +{"kind": "false_positive", "id": 15, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 18, "secret": "\"\"Establishes a session with AWS S3 using hardcoded credentials.\"\""}} +{"kind": "false_positive", "id": 15, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 33, "secret": "\"\"Lists the contents of the configured S3 bucket.\"\""}} +{"kind": "false_positive", "id": 15, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 34, "secret": "Listing contents for bucket: {S3_BUCKET_NAME}"}} +{"kind": "false_positive", "id": 15, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 20, "secret": "8kL~7QjN_p9sFt.gY2vWzXbC-aH1mO6rE5"}} +{"kind": "false_positive", "id": 15, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 34, "secret": "vnet-${var.environment_short}-01"}} +{"kind": "false_positive", "id": 15, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "mapbox://styles/mapbox/dark-v10"}} +{"kind": "false_positive", "id": 15, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 22, "secret": "dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE"}} +{"kind": "false_positive", "id": 15, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 22, "secret": "dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE"}} +{"kind": "false_positive", "id": 16, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "AKIAY3R4WZ76X2P5QJ6M"}} +{"kind": "false_positive", "id": 16, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "jT4vK9sL+pQ8wX6zC2nH7bF1gR5eD3aU0iO/mNkW"}} +{"kind": "false_positive", "id": 16, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "jT4vK9sL+pQ8wX6zC2nH7bF1gR5eD3aU0iO/mNkW"}} +{"kind": "false_positive", "id": 16, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 22, "secret": "/api/v1/users/', methods=['GET"}} +{"kind": "false_positive", "id": 16, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 33, "secret": "https://hooks.slack.com/services/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"}} +{"kind": "false_positive", "id": 16, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 36, "secret": "The latest build from `main` has been deployed to the staging environment."}} +{"kind": "false_positive", "id": 16, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 8, "secret": "dd_api_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6"}} +{"kind": "false_positive", "id": 16, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "google_compute_instance\" \"web_server"}} +{"kind": "false_positive", "id": 16, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 6, "secret": "Customer Relationship Management API"}} +{"kind": "false_positive", "id": 16, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "jdbc:postgresql://prod-db-1.internal:5432/crm_prod"}} +{"kind": "false_positive", "id": 17, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 9, "secret": "AKIAY3R4WZ76X2P5QJ6M"}} +{"kind": "false_positive", "id": 17, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 10, "secret": "pL8vGkZ9sN1mBfI6jH4cUaT3yXwE7rF0oVqD2sW5"}} +{"kind": "false_positive", "id": 17, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 10, "secret": "pL8vGkZ9sN1mBfI6jH4cUaT3yXwE7rF0oVqD2sW5"}} +{"kind": "false_positive", "id": 17, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "/api/v1/upload', methods=['POST"}} +{"kind": "false_positive", "id": 17, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 33, "secret": "message': f'File {file.filename} uploaded successfully."}} +{"kind": "false_positive", "id": 17, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 17, "secret": "E#u8!pS$t9rWbK@zL7m3vN&yQ2xH"}} +{"kind": "false_positive", "id": 17, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 30, "secret": "aws_security_group\" \"db_sg"}} +{"kind": "false_positive", "id": 17, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 23, "secret": "dckr_pat_a4sRgT9iOpQ2mZl8vWb7nXc1jYkFhG5uE-r3v"}} +{"kind": "false_positive", "id": 17, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 23, "secret": "dckr_pat_a4sRgT9iOpQ2mZl8vWb7nXc1jYkFhG5uE-r3v"}} +{"kind": "false_positive", "id": 17, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 35, "secret": "Content-type: application/json' --data '{\"text\":\"Deployment of `auth-service` succeeded.\"}"}} +{"kind": "false_positive", "id": 17, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 18, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzcnYtZGF0YS1yZXRyaWV2ZXIiLCJpc3MiOiJhdXRoLXNlcnZpY2UiLCJhdWQiOiJkYXRhLWFwaSIsImV4cCI6MTcxOTk1ODAwMCwiaWF0IjoxNzE5OTU0NDAwLCJzY29wZSI6InVzZXI6cmVhZCJ9.K4gTfH9sLw2RjZpYn7oVxC8uEaD6mXwB1qI0sPzKjJc"}} +{"kind": "false_positive", "id": 17, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 26, "secret": "Content-Type\", \"application/json"}} +{"kind": "false_positive", "id": 17, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 44, "secret": "Usage: go run main.go "}} +{"kind": "false_positive", "id": 17, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 49, "secret": "Error fetching user data: %v"}} +{"kind": "false_positive", "id": 18, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 8, "secret": "github.com/sendgrid/sendgrid-go/helpers/mail"}} +{"kind": "false_positive", "id": 18, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "ACd2ae2e27b6c845b29c0f8e9a3d1c4b6f"}} +{"kind": "false_positive", "id": 18, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "ACd2ae2e27b6c845b29c0f8e9a3d1c4b6f"}} +{"kind": "false_positive", "id": 18, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 13, "secret": "dckr_pat_1kIuR9vO7mS3xZ5yQ2jF8bN6pL4cH0gA9dE"}} +{"kind": "false_positive", "id": 18, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 30, "secret": "© Mapbox © OpenStreetMap"}} +{"kind": "false_positive", "id": 18, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 13, "secret": "AKIAY3R4WZ76X2P5QJ6M"}} +{"kind": "false_positive", "id": 18, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "wJalrXUtnFEMI/K7MDENG+bPxRfiCYzEXAMPLE"}} +{"kind": "false_positive", "id": 18, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "wJalrXUtnFEMI/K7MDENG+bPxRfiCYzEXAMPLE"}} +{"kind": "false_positive", "id": 18, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 21, "secret": "/api/v1/documents/', methods=['GET"}} +{"kind": "false_positive", "id": 18, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 42, "secret": "Error fetching document {doc_id}: {e}"}} +{"kind": "false_positive", "id": 18, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 7, "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"}} +{"kind": "false_positive", "id": 18, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 7, "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"}} +{"kind": "false_positive", "id": 18, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 17, "secret": "P@ssw0rdDbProd123!ChangeMe"}} +{"kind": "false_positive", "id": 18, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 34, "secret": "aws_security_group\" \"db_sg"}} +{"kind": "false_positive", "id": 19, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "SQLALCHEMY_TRACK_MODIFICATIONS"}} +{"kind": "false_positive", "id": 19, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3"}} +{"kind": "false_positive", "id": 19, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3"}} +{"kind": "false_positive", "id": 19, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3"}} +{"kind": "false_positive", "id": 19, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 24, "secret": "/api/v1/user', methods=['POST"}} +{"kind": "false_positive", "id": 19, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 41, "secret": "https://hooks.slack.com/services/T00ABCDEFGH/B01IJKLMNOP/aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE"}} +{"kind": "false_positive", "id": 19, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 18, "secret": "dop_v1_a9b4c2f81d3e6g7h5i0j1k2l3m4n5o6p7q8r9s0t1u2v3w4x5y6z7a8b"}} +{"kind": "false_positive", "id": 19, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 21, "secret": "digitalocean_ssh_key\" \"main_key"}} +{"kind": "false_positive", "id": 19, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 28, "secret": "gitlab-runner-node-${count.index}"}} +{"kind": "false_positive", "id": 19, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 16, "secret": "8qM4pL7xJ5sK1mF3bZ8oN6cW0qYdEaV4"}} +{"kind": "false_positive", "id": 19, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 23, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlX2FjY291bnQiLCJzY29wZXMiOlsicmVhZDpzdGF0cyIsIndyaXRlOmdhbWVwbGF5Il0sImlhdCI6MTY2NTIyNjAwMCwiZXhwIjoxNjk2NzYyMDAwfQ."}} +{"kind": "false_positive", "id": 20, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "yJkLpQz8tHj9rWvXnF7sD2bA4gC6eM1hT5oI3uR"}} +{"kind": "false_positive", "id": 20, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "yJkLpQz8tHj9rWvXnF7sD2bA4gC6eM1hT5oI3uR"}} +{"kind": "false_positive", "id": 20, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 24, "secret": "https://hooks.slack.com/services/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"}} +{"kind": "false_positive", "id": 20, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 33, "secret": "prod-data-lake-raw', 'events/2023/10/26.json"}} +{"kind": "false_positive", "id": 20, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 2, "secret": "8f3e5b6d9c0a7f1e4d8b2c6a9f0e3d7b"}} +{"kind": "false_positive", "id": 20, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 22, "secret": "@pagerduty-prod-infra CPU is over 90% on {{host.name}}. @devops-team"}} +{"kind": "false_positive", "id": 20, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 23, "secret": "avg(last_5m):avg:system.cpu.user{host:${aws_instance.web_server.id}} > 90"}} +{"kind": "false_positive", "id": 20, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "dckr_pat_1sT2uV3wX4yZ5aB6c-D7eF8gH9i"}} +{"kind": "false_positive", "id": 20, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "dckr_pat_1sT2uV3wX4yZ5aB6c-D7eF8gH9i"}} +{"kind": "false_positive", "id": 20, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 38, "secret": "BEGIN OPENSSH PRIVATE KEY"}} +{"kind": "false_positive", "id": 20, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 24, "secret": "gK9pD3rX8vLhT6bFzA4mSjR7uW1qV0iNzY5eC2oP/cE="}} +{"kind": "false_positive", "id": 21, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 9, "secret": "jZ8v/L9K+mN4PqR7sT1uVwXyZ/aB3cD4eF6gH7hI"}} +{"kind": "false_positive", "id": 21, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 9, "secret": "jZ8v/L9K+mN4PqR7sT1uVwXyZ/aB3cD4eF6gH7hI"}} +{"kind": "false_positive", "id": 21, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 9, "secret": "jZ8v/L9K+mN4PqR7sT1uVwXyZ/aB3cD4eF6gH7hI"}} +{"kind": "false_positive", "id": 21, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "/upload/invoice', methods=['POST"}} +{"kind": "false_positive", "id": 21, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 29, "secret": "invoices/{file.filename.replace('..', '')}"}} +{"kind": "false_positive", "id": 21, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 31, "secret": "message': f'File {file.filename} uploaded successfully."}} +{"kind": "false_positive", "id": 21, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 1, "secret": "CI-CD Pipeline for Staging"}} +{"kind": "false_positive", "id": 21, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 9, "secret": "DOCKER_IMAGE_NAME: my-awesome-app"}} +{"kind": "false_positive", "id": 21, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 10, "secret": "HEROKU_APP_NAME: my-awesome-app-staging"}} +{"kind": "false_positive", "id": 21, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 16, "secret": "- name: Checkout repository"}} +{"kind": "false_positive", "id": 21, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "- name: Login to DockerHub"}} +{"kind": "false_positive", "id": 21, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 20, "secret": "uses: docker/login-action@v2"}} +{"kind": "false_positive", "id": 21, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 25, "secret": "- name: Build and push Docker image"}} +{"kind": "false_positive", "id": 21, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 26, "secret": "uses: docker/build-push-action@v4"}} +{"kind": "false_positive", "id": 21, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 30, "secret": "tags: mydockerhubuser/${{ env.DOCKER_IMAGE_NAME }}:latest"}} +{"kind": "false_positive", "id": 21, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 37, "secret": "uses: akhileshns/heroku-deploy@v3.12.12"}} +{"kind": "false_positive", "id": 21, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 40, "secret": "heroku_app_name: ${{ env.HEROKU_APP_NAME }}"}} +{"kind": "false_positive", "id": 21, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 41, "secret": "heroku_email: \\\"deploy-bot@mycompany.com\\\""}} +{"kind": "false_positive", "id": 21, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 20, "secret": "7b2f4a5c8e1d9g3h5i7j6k1l3m4n5o6p"}} +{"kind": "false_positive", "id": 21, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 20, "secret": "7b2f4a5c8e1d9g3h5i7j6k1l3m4n5o6p"}} +{"kind": "false_positive", "id": 21, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 33, "secret": "High CPU Utilization on web_server"}} +{"kind": "false_positive", "id": 21, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 35, "secret": "avg(last_5m):avg:aws.ec2.cpuutilization{host:${aws_instance.web_server.id}} > 90"}} +{"kind": "false_positive", "id": 21, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 36, "secret": "@slack-infra-alerts CPU is over 90% on host ${aws_instance.web_server.id}"}} +{"kind": "false_positive", "id": 22, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 8, "secret": "uJt+nE7i/K8zXw9VhG2qfB1sYd0cR5zP3oI4sL7g"}} +{"kind": "false_positive", "id": 22, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 8, "secret": "uJt+nE7i/K8zXw9VhG2qfB1sYd0cR5zP3oI4sL7g"}} +{"kind": "false_positive", "id": 22, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 8, "secret": "uJt+nE7i/K8zXw9VhG2qfB1sYd0cR5zP3oI4sL7g"}} +{"kind": "false_positive", "id": 22, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "/upload', methods=['POST"}} +{"kind": "false_positive", "id": 22, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 29, "secret": "message': f'File {file.filename} uploaded successfully."}} +{"kind": "false_positive", "id": 22, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 27, "secret": "ghp_bK9yR3tX1vP5zN7mW0sD8jF2hG6cV4eLqA"}} +{"kind": "false_positive", "id": 22, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 33, "secret": "https://hooks.slack.com/services/T00ABCDEF/B01234567/j9kL8hG7fE6dC5b4A3s2S1qP"}} +{"kind": "false_positive", "id": 22, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 36, "secret": "postgres://platform_admin:Adm1nPassw0rd$tr0ng!2023@${aws_db_instance.main_db.address}:5432/platformdb"}} +{"kind": "false_positive", "id": 22, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 13, "secret": "https://kprgzrmksvyqjfrwhptd.supabase.co"}} +{"kind": "false_positive", "id": 22, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtwcmd6cm1rc3Z5cWpmcndocHRkIiwicm9sZSI6ImFub24iLCJpYXQiOjE2Nzk2NjU4MjMsImV4cCI6MTk5NTI0MTgyM30."}} +{"kind": "false_positive", "id": 22, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 20, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtwcmd6cm1rc3Z5cWpmcndocHRkIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImlhdCI6MTY3OTY2NTgyMywiZXhwIjoxOTk1MjQxODIzfQ."}} +{"kind": "false_positive", "id": 22, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 21, "secret": "AIzaSyBw-D9Gv_FzTjuKmL8sH2pR1oY7qE6bXz4"}} +{"kind": "false_positive", "id": 22, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 22, "secret": "8a7b6c5d4e3f2g1h0j9k8l7m6n5o4p3q"}} +{"kind": "false_positive", "id": 22, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 37, "secret": "proguard-android-optimize.txt'), 'proguard-rules.pro"}} +{"kind": "false_positive", "id": 23, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 10, "secret": "SQLALCHEMY_TRACK_MODIFICATIONS"}} +{"kind": "false_positive", "id": 23, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "45d6f3c1b0a8f7e6d5c4b3a291807f6e5d4c3b2a19807f6e"}} +{"kind": "false_positive", "id": 23, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "JWT_SECRET_KEY'] = '45d6f3c1b0a8f7e6d5c4b3a291807f6e5d4c3b2a19807f6e"}} +{"kind": "false_positive", "id": 23, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 21, "secret": "/login', methods=['POST"}} +{"kind": "false_positive", "id": 23, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 31, "secret": "/api/v1/reports', methods=['GET"}} +{"kind": "false_positive", "id": 23, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 16, "secret": "AKIAU4O6GJ5Y3B7VZIW9"}} +{"kind": "false_positive", "id": 23, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 17, "secret": "eK/qLpW8xV9sY2zC3jB5aN4mD6fG7hJ8kL/mN1oP"}} +{"kind": "false_positive", "id": 23, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 17, "secret": "eK/qLpW8xV9sY2zC3jB5aN4mD6fG7hJ8kL/mN1oP"}} +{"kind": "false_positive", "id": 23, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 35, "secret": "aws_s3_bucket_versioning\" \"versioning_example"}} +{"kind": "false_positive", "id": 23, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "dckr_pat_JqT5kL9nW3xS8pZ2yV6cR7uF4mB1gH"}} +{"kind": "false_positive", "id": 23, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "dckr_pat_JqT5kL9nW3xS8pZ2yV6cR7uF4mB1gH"}} +{"kind": "false_positive", "id": 23, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 5, "secret": "Microsoft.AspNetCore\": \"Warning"}} +{"kind": "false_positive", "id": 23, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 10, "secret": "DefaultConnection\": \"Server=(localdb)\\\\mssqllocaldb;Database=aspnet-WebApp1-guid;Trusted_Connection=True;MultipleActiveResultSets=true"}} +{"kind": "false_positive", "id": 23, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "CacheConnection\": \"redis-prod.ab1cde.0001.use1.cache.amazonaws.com:6379"}} +{"kind": "false_positive", "id": 23, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "SG.rTk8wX3qS7iE9fG2hJ5kL.pZ6xV7yW1zB4cE6fG8hJ0kM2nO4qR6sT8uV9wY1zA3b"}} +{"kind": "false_positive", "id": 23, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 18, "secret": "Domain\": \"my-tenant.us.auth0.com"}} +{"kind": "false_positive", "id": 23, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "ClientId\": \"aBcDeFgHiJkLmNoPqRsTuVwXyZ123456"}} +{"kind": "false_positive", "id": 23, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "aBcDeFgHiJkLmNoPqRsTuVwXyZ123456"}} +{"kind": "false_positive", "id": 23, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 22, "secret": "AccountName\": \"prodblobstore987"}} +{"kind": "false_positive", "id": 24, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 24, "secret": "sk-proj-aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdEjKlMnOpQrStUvWx"}} +{"kind": "false_positive", "id": 24, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 32, "secret": "Content-type: application/json' --data '{\"text\":\"Staging deployment succeeded!\"}"}} +{"kind": "false_positive", "id": 24, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 22, "secret": "auth\": \"dXNlcl9kZXBsb3k6Zkc5amwzTTl2WjRuNCEyQw=="}} +{"kind": "false_positive", "id": 24, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "key-9f8e7d6c5b4a3a2a1b0c9d8e7f6a5b4c"}} +{"kind": "false_positive", "id": 24, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 23, "secret": "FTP login failed for user {$this->ftp_user}"}} +{"kind": "false_positive", "id": 24, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 37, "secret": "ALERT: \" . $message . \" | Mailer Key: "}} +{"kind": "false_positive", "id": 24, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 1, "secret": "google_project_service_identity\" \"gcp_sa_bigquery"}} +{"kind": "false_positive", "id": 24, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "-----BEGIN PRIVATE KEY-----\\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDRsjqzmVzLzI5s\\nC8G9q4W8z4W1tZ5rZ2E3yK1nS0fGqV5p6b2yY1nL8v1zT0uB7jA4cD8eF6gS0k9c\\n... (key data truncated for brevity in real files, but not here) ...\\naBcDeFgHiJkLmNoPqRsTuVwXyZaBcDeFtU6vW8yZ/aBcDeFgHiJkLmNoPqR=\\n-----END PRIVATE KEY-----"}} +{"kind": "false_positive", "id": 24, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 21, "secret": "google_compute_instance\" \"api_server"}} +{"kind": "false_positive", "id": 25, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 18, "secret": "jdbc:postgresql://db.prod-eu.internal:5432/customer_events"}} +{"kind": "false_positive", "id": 25, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 27, "secret": "amqp://event_handler:dG9oN6cpL8tXy@rabbitmq-cluster.prod:5672/analytics_vhost"}} +{"kind": "false_positive", "id": 25, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 3, "secret": "AKIAY3R4WZ76X2P5QJ6M"}} +{"kind": "false_positive", "id": 25, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 4, "secret": "vK9rP4mF2tXzG1sJ7bL5cW8qN0hY3dE/aI6uO4xS"}} +{"kind": "false_positive", "id": 25, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 4, "secret": "vK9rP4mF2tXzG1sJ7bL5cW8qN0hY3dE/aI6uO4xS"}} +{"kind": "false_positive", "id": 25, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 7, "secret": "aws_s3_bucket\" \"financial_reports"}} +{"kind": "false_positive", "id": 25, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "Financial Reports Bucket"}} +{"kind": "false_positive", "id": 25, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 22, "secret": "aws_s3_bucket_versioning\" \"versioning_example"}} +{"kind": "false_positive", "id": 25, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 7, "secret": "\"\"Reads a log file, uploads to S3, and sends an SNS notification.\"\""}} +{"kind": "false_positive", "id": 25, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 10, "secret": "AKIAV5TZEU4QPC6GLFIB"}} +{"kind": "false_positive", "id": 25, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "aH2jL9sV/pQ7rB3fG1kM8oN5cW0qYdE+zR4vJ2xC"}} +{"kind": "false_positive", "id": 25, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "aH2jL9sV/pQ7rB3fG1kM8oN5cW0qYdE+zR4vJ2xC"}} +{"kind": "false_positive", "id": 25, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 13, "secret": "arn:aws:sns:ap-southeast-2:987654321012:SecurityAlertsHighPriority"}} +{"kind": "false_positive", "id": 25, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 25, "secret": "Successfully uploaded {file_name} to {s3_bucket_name}"}} +{"kind": "false_positive", "id": 25, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "seg_7mF3bZ8oN6cW0qYdE2pH7rL9sV1pQ4gH"}} +{"kind": "false_positive", "id": 25, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 25, "secret": "https://api.staging.our-app.com/v2"}} +{"kind": "false_positive", "id": 25, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 17, "secret": "dckr_pat_b3FpZ9sK1mFj8oN6cW0qYdE2pH7rL"}} +{"kind": "false_positive", "id": 25, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 17, "secret": "dckr_pat_b3FpZ9sK1mFj8oN6cW0qYdE2pH7rL"}} +{"kind": "false_positive", "id": 25, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 33, "secret": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImE4ZTVjMGEyYjYwZDE2NjYyOTI1OGNjZmMzYjI2Y2I4In0.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmNpOmdsaWRlciJ9.bX4fP8vR2wN9qK7vZ-lS6wYjZ8eT0nC-kF4gH1sJ3"}} +{"kind": "false_positive", "id": 25, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 33, "secret": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImE4ZTVjMGEyYjYwZDE2NjYyOTI1OGNjZmMzYjI2Y2I4In0.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmNpOmdsaWRlciJ9."}} +{"kind": "false_positive", "id": 26, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "sk_live_51KoLx2BkF9zH8jR4aG1uWqSpL3bV7nTcX6yZ0mO8eF4vI9tP2uK5rJgS3hN7cW"}} +{"kind": "false_positive", "id": 26, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "sk_live_51KoLx2BkF9zH8jR4aG1uWqSpL3bV7nTcX6yZ0mO8eF4vI9tP2uK5rJgS3hN7cW"}} +{"kind": "false_positive", "id": 26, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "sk_live_51KoLx2BkF9zH8jR4aG1uWqS"}} +{"kind": "false_positive", "id": 26, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 31, "secret": "/api/v1/charge', methods=['POST"}} +{"kind": "false_positive", "id": 26, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 10, "secret": "dckr_pat_uHj7gQ9rT4vL9yK2wF5zX8oN3aB6d"}} +{"kind": "false_positive", "id": 26, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 10, "secret": "dckr_pat_uHj7gQ9rT4vL9yK2wF5zX8oN3aB6d"}} +{"kind": "false_positive", "id": 26, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "https://hooks.slack.com/services/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"}} +{"kind": "false_positive", "id": 26, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 5, "secret": "AKIAY3R4WZ76X2P5QJ6M"}} +{"kind": "false_positive", "id": 26, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 6, "secret": "pL8hJk/aGvN7YcT2XrU4FzE9mBwD5+qI3oV1sSgK"}} +{"kind": "false_positive", "id": 26, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 6, "secret": "pL8hJk/aGvN7YcT2XrU4FzE9mBwD5+qI3oV1sSgK"}} +{"kind": "false_positive", "id": 26, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 27, "secret": "aws_db_instance\" \"postgresql_db"}} +{"kind": "false_positive", "id": 26, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 34, "secret": "Adm1nPassw0rd!ChangeThisLater"}} +{"kind": "false_positive", "id": 26, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 34, "secret": "Adm1nPassw0rd!ChangeThisLater"}} +{"kind": "false_positive", "id": 26, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 28, "secret": "SG.aV4gH9rT2pL7.xJ5sK1mF3bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mF3bZ8oN"}} +{"kind": "false_positive", "id": 26, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "project_id\": \"internal-data-pipeline-314159"}} +{"kind": "false_positive", "id": 26, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 16, "secret": "private_key_id\": \"a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0"}} +{"kind": "false_positive", "id": 26, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 17, "secret": "BEGIN PRIVATE KEY"}} +{"kind": "false_positive", "id": 26, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 17, "secret": "private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6sA7g5+fE6tSj\\n4p6t2w3x...\\n... (key data continues) ...\\nfN4r4c0i9v6j5t7r9s1u3v5x7z9A1B3C5E7G9I1K3M5O7Q9S1U3W5Y7Z9a1c3e5g\\n7i9k1m3o5q7s9u1w3y5z7B9D1F3H5J7L9N1P3R5T7V9X1Z3b5d7f9h1j3l5n7p9r\\n...\\n-----END PRIVATE KEY-----\\n"}} +{"kind": "false_positive", "id": 26, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 18, "secret": "client_email\": \"backup-runner@internal-data-pipeline-314159.iam.gserviceaccount.com"}} +{"kind": "false_positive", "id": 26, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "client_id\": \"109876543210987654321"}} +{"kind": "false_positive", "id": 26, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 20, "secret": "auth_uri\": \"https://accounts.google.com/o/oauth2/auth"}} +{"kind": "false_positive", "id": 26, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 21, "secret": "token_uri\": \"https://oauth2.googleapis.com/token"}} +{"kind": "false_positive", "id": 26, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 22, "secret": "auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs"}} +{"kind": "false_positive", "id": 26, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 23, "secret": "client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/backup-runner%40internal-data-pipeline-314159.iam.gserviceaccount.com"}} +{"kind": "false_positive", "id": 28, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 7, "secret": "github.com/stripe/stripe-go/v72"}} +{"kind": "false_positive", "id": 28, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 8, "secret": "github.com/stripe/stripe-go/v72/paymentintent"}} +{"kind": "false_positive", "id": 28, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 20, "secret": "sk_live_51Mv9L2ApC9eG1tZ8cRwXvWqSjU3mBhT5yE6eF2dD4cCnRbAqZgXwVvUuYtRsPaOcB9a8g"}} +{"kind": "false_positive", "id": 28, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 20, "secret": "sk_live_51Mv9L2ApC9eG1tZ8cRwXvWqSjU3mBhT5yE6eF2dD4cCnRbAqZgXwVvUuYtRsPaOcB9a8g"}} +{"kind": "false_positive", "id": 28, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 18, "secret": "docker build -t ${dockerImage} ."}} +{"kind": "false_positive", "id": 28, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "docker push ${dockerImage}"}} +{"kind": "false_positive", "id": 28, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 26, "secret": "https://hooks.slack.com/services/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"}} +{"kind": "false_positive", "id": 28, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 28, "secret": "Content-type: application/json' --data '{\"text\":\"Deployment of ${DOCKER_IMAGE_NAME}:${env.BUILD_NUMBER} completed successfully!\"}"}} +{"kind": "false_positive", "id": 28, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 3, "secret": "AKIAV7S4M3N2O1P6Q5R8"}} +{"kind": "false_positive", "id": 28, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 4, "secret": "uG+hJkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy"}} +{"kind": "false_positive", "id": 28, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 4, "secret": "uG+hJkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy"}} +{"kind": "false_positive", "id": 28, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 8, "secret": "my-app-production-logs-20240315"}} +{"kind": "false_positive", "id": 28, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "Application Logs Bucket"}} +{"kind": "false_positive", "id": 28, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "D#fG8*jK!lM2$n P5"}} +{"kind": "false_positive", "id": 28, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "mysql:host=$db_host;dbname=$db_name"}} +{"kind": "false_positive", "id": 28, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 22, "secret": "SELECT email, name FROM users WHERE needs_welcome_email = TRUE"}} +{"kind": "false_positive", "id": 28, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 27, "secret": "subject' => 'Welcome to Our Service!"}} +{"kind": "false_positive", "id": 28, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 28, "secret": "text' => 'Thank you for signing up."}} +{"kind": "false_positive", "id": 29, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "\"\"Uploads a daily report to a specified S3 bucket.\"\""}} +{"kind": "false_positive", "id": 29, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "p8m/zGqK+JtL9rU3wY2xVvNcB7hF4jD1sK0oA6bC"}} +{"kind": "false_positive", "id": 29, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "p8m/zGqK+JtL9rU3wY2xVvNcB7hF4jD1sK0oA6bC"}} +{"kind": "false_positive", "id": 29, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "p8m/zGqK+JtL9rU3wY2xVvNcB7hF4jD1sK0oA6bC"}} +{"kind": "false_positive", "id": 29, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 24, "secret": "reports/daily/{report_date}-sales-summary.csv"}} +{"kind": "false_positive", "id": 29, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 27, "secret": "Uploading {file_path} to {bucket_name}/{object_key}"}} +{"kind": "false_positive", "id": 29, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 34, "secret": "./local_sales_report.csv\", \"company-internal-data-4921"}} +{"kind": "false_positive", "id": 29, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "[Critical] High CPU Utilization on RDS Instance"}} +{"kind": "false_positive", "id": 29, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "@slack-data-alerts CPU utilization is over 90% on {{dbinstanceidentifier.name}}. Please investigate immediately."}} +{"kind": "false_positive", "id": 29, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "The RDS instance is still under high CPU load. Escalating to on-call SRE @pagerduty-sre-team."}} +{"kind": "false_positive", "id": 29, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 17, "secret": "avg(last_5m):avg:aws.rds.cpuutilization{dbinstanceidentifier:prod-main-db-1} > 90"}} +{"kind": "false_positive", "id": 29, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 10, "secret": "github.com/stripe/stripe-go/v72"}} +{"kind": "false_positive", "id": 29, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "github.com/stripe/stripe-go/v72/paymentintent"}} +{"kind": "false_positive", "id": 29, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "sk_live_51Mv9L2FqA8fG1tYpKrZxvWqSjU3mH8sD7gY5bN4c3pL1kM0oJ9iR"}} +{"kind": "false_positive", "id": 29, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "sk_live_51Mv9L2FqA8fG1tYpKrZxvWq"}} +{"kind": "false_positive", "id": 29, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 25, "secret": "Database and Stripe clients initialized successfully."}} +{"kind": "false_positive", "id": 29, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE"}} +{"kind": "false_positive", "id": 29, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE"}} +{"kind": "false_positive", "id": 29, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 34, "secret": "BEGIN OPENSSH PRIVATE KEY"}} +{"kind": "false_positive", "id": 29, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "org.hibernate.dialect.PostgreSQLDialect"}} +{"kind": "false_positive", "id": 29, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 20, "secret": "SG.aV4gH9rT2pL7xJ5sK1mFw.bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mFw_bZ8oN6cW0qYdE"}} +{"kind": "false_positive", "id": 30, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 10, "secret": "SQLALCHEMY_TRACK_MODIFICATIONS"}} +{"kind": "false_positive", "id": 30, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 21, "secret": "/login', methods=['POST"}} +{"kind": "false_positive", "id": 30, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 26, "secret": "test"}} +{"kind": "false_positive", "id": 30, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 17, "secret": "AKIAY3R4WZ76X2P5QJ6M"}} +{"kind": "false_positive", "id": 30, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 18, "secret": "pL8fG1tY9cRzXvWqSjU3mB2sL4hK7dF0aN5oP1zE"}} +{"kind": "false_positive", "id": 30, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 18, "secret": "pL8fG1tY9cRzXvWqSjU3mB2sL4hK7dF0aN5oP1zE"}} +{"kind": "false_positive", "id": 30, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 20, "secret": "dckr_pat_7aF9c2eD-5bG8h-4J1k-m3N4o-p6Q7rS8tU9wX"}} +{"kind": "false_positive", "id": 30, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 20, "secret": "dckr_pat_7aF9c2eD-5bG8h-4J1k-m3N4o-p6Q7rS8tU9wX"}} +{"kind": "false_positive", "id": 30, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 32, "secret": "Content-type: application/json' --data '{\"text\":\"Frontend deployment to production succeeded!\"}"}} +{"kind": "false_positive", "id": 30, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "jdbc:postgresql://prod-db.postgres.database.azure.com:5432/authdb"}} +{"kind": "false_positive", "id": 30, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "987654321098-a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6.apps.googleusercontent.com"}} +{"kind": "false_positive", "id": 30, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 16, "secret": "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"}} +{"kind": "false_positive", "id": 30, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 16, "secret": "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"}} +{"kind": "false_positive", "id": 30, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 23, "secret": "f1tY9cRzXvWqSjU3mB2sL4hK7dE0a#Z@p^K"}} +{"kind": "false_positive", "id": 31, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 5, "secret": "AKIAY3R4WZ76X2P5QJ6M"}} +{"kind": "false_positive", "id": 31, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 6, "secret": "kG7hF9jD2sL4mP6qR8tV0wX3zY5bA7cE9fI1kN"}} +{"kind": "false_positive", "id": 31, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 6, "secret": "kG7hF9jD2sL4mP6qR8tV0wX3zY5bA7cE9fI1kN"}} +{"kind": "false_positive", "id": 31, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 21, "secret": "ACL': 'private', 'ServerSideEncryption': 'AES256"}} +{"kind": "false_positive", "id": 31, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 23, "secret": "Upload successful for {object_name} to bucket {bucket}."}} +{"kind": "false_positive", "id": 31, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 33, "secret": "report-2023-q4.pdf', 'corp-financial-reports-11032023"}} +{"kind": "false_positive", "id": 31, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 13, "secret": "AKIAW6QXOJ2ZL5TG7FAP"}} +{"kind": "false_positive", "id": 31, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "fG9zL2tJ4mH6cR8vB1xS5oE3dY7uW0qA9pI8nZ"}} +{"kind": "false_positive", "id": 31, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "fG9zL2tJ4mH6cR8vB1xS5oE3dY7uW0qA9pI8nZ"}} +{"kind": "false_positive", "id": 31, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 33, "secret": "Datadog API key for agent configuration."}} +{"kind": "false_positive", "id": 31, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 32, "secret": "© Mapbox"}} +{"kind": "false_positive", "id": 31, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "dckr_pat_yNv7sW3zT6jK8hL2mP5gF0xU4qR9cE1aB"}} +{"kind": "false_positive", "id": 31, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "dckr_pat_yNv7sW3zT6jK8hL2mP5gF0xU4qR9cE1aB"}} +{"kind": "false_positive", "id": 32, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 10, "secret": "sk_live_51Mv9L2KpF7hG3tZ9cRzXvWqSjU3mB2nFk5vL6xJ7iO1pE9yC"}} +{"kind": "false_positive", "id": 32, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 10, "secret": "sk_live_51Mv9L2KpF7hG3tZ9cRzXvWqSjU3mB2nFk5vL6xJ7iO1pE9yC"}} +{"kind": "false_positive", "id": 32, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 10, "secret": "sk_live_51Mv9L2KpF7hG3tZ9cRzXvWqSjU3mB2nFk5vL6xJ7iO1pE9yC"}} +{"kind": "false_positive", "id": 32, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 17, "secret": "/api/v1/charge', methods=['POST"}} +{"kind": "false_positive", "id": 32, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 25, "secret": "Charge for user ' + data.get('email"}} +{"kind": "false_positive", "id": 32, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 7, "secret": "github.com/go-redis/redis/v8"}} +{"kind": "false_positive", "id": 32, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 9, "secret": "github.com/twilio/twilio-go/rest/api/v2010"}} +{"kind": "false_positive", "id": 32, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "ACf9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c4"}} +{"kind": "false_positive", "id": 32, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "ACf9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c4"}} +{"kind": "false_positive", "id": 32, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "ACf9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c4"}} +{"kind": "false_positive", "id": 32, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 18, "secret": "redis-11234.c264.ap-south-1-1.ec2.cloud.redislabs.com:11234"}} +{"kind": "false_positive", "id": 32, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 43, "secret": "+15558675310\", \"Your order #12345 is confirmed!"}} +{"kind": "false_positive", "id": 32, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 16, "secret": "Gv6mU_c7p-q9sR2wX4yZ0aB1dE3fG5hI7jK9lM8n"}} +{"kind": "false_positive", "id": 32, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "cloudflare_zone\" \"primary_domain"}} +{"kind": "false_positive", "id": 33, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 10, "secret": "ACd4f8b0e7c6a5e4d3f2c1b0a9e8d7c6b5"}} +{"kind": "false_positive", "id": 33, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 10, "secret": "ACd4f8b0e7c6a5e4d3f2c1b0a9e8d7c6b5"}} +{"kind": "false_positive", "id": 33, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 20, "secret": "/api/v1/send-alert', methods=['POST"}} +{"kind": "false_positive", "id": 33, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "AKIAUZY47P56V3IWQEXN"}} +{"kind": "false_positive", "id": 33, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "pL8vGkZuJ4mR9sB7dF1aH6cE5kL0xV+yW9iO3nQz"}} +{"kind": "false_positive", "id": 33, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "pL8vGkZuJ4mR9sB7dF1aH6cE5kL0xV+yW9iO3nQz"}} +{"kind": "false_positive", "id": 33, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 27, "secret": "Sentry DSN not found. Error reporting is disabled."}} +{"kind": "false_positive", "id": 33, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 30, "secret": "Mapbox access token is missing or a placeholder."}} +{"kind": "false_positive", "id": 33, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 34, "secret": "BEGIN OPENSSH PRIVATE KEY"}} +{"kind": "false_positive", "id": 33, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 9, "secret": "dJ^8g$Pq5#sT@9!rW&zK"}} +{"kind": "false_positive", "id": 33, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 17, "secret": "prod-redis-cache.a1b2c3.0001.usw2.cache.amazonaws.com"}} +{"kind": "false_positive", "id": 33, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "fG4hJ7kL9mN2pQ5rS8uVzX3zA6bC9dE1"}} +{"kind": "false_positive", "id": 33, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "fG4hJ7kL9mN2pQ5rS8uVzX3zA6bC9dE1"}} +{"kind": "false_positive", "id": 34, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 36, "secret": "https://hooks.slack.com/services/T00ABCD1EFG/B00HIJK5LMN/aBcDeFgHiJkLmNoPqRsTuVwXyZ"}} +{"kind": "false_positive", "id": 34, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7nD5oP6tF4gH3iJ2kL1mN0oPqRsTuVwWzXyZ"}} +{"kind": "false_positive", "id": 34, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7nD5oP6tF4gH3iJ2kL1mN0oPqRsTuVwWzXyZ"}} +{"kind": "false_positive", "id": 34, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7nD5oP6tF4gH3iJ2kL1mN0oPqRsTuVwWzXyZ"}} +{"kind": "false_positive", "id": 34, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 9, "secret": "project_id\": \"gcp-project-analytics-prod"}} +{"kind": "false_positive", "id": 34, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 10, "secret": "private_key_id\": \"6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b"}} +{"kind": "false_positive", "id": 34, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6lRjV7pX+Z8bA\\ndhQ6Y8y1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkKlMnOpQrStUvWxYzAbCdEf\\ngH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEf1yqj9e2N6w8k3\\nJ4a3B2c1d5e6f7g8h9iAjJkK2qj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK/wEA\\nAQKCAQEAy1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkKlMnOpQrStUvWxYzAbC\\ndEfH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQr\\nStUvWxYzAbCdEf1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK2qj9e2N6w8k3\\nJ4a3B2c1d5e6f7g8h9iAjJkKf7g8h9iAjJkK2qj9e2N6w8k3J4a3B2c1d5e6f7g8\\nh9iAjJkK/wEAAoIBAQC6lRjV7pX+Z8bAdhQ6Y8y1yqj9e2N6w8k3J4a3B2c1d5e6\\nf7g8h9iAjJkKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEfH2jKlM\\nnOpQrStUvWxYzAbCdEf1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK2qj9e2N6\\nw8k3J4a3B2c1d5e6f7g8h9iAjJkK/w==\\n-----END PRIVATE KEY-----\\n"}} +{"kind": "false_positive", "id": 34, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "client_email\": \"terraform-runner@gcp-project-analytics-prod.iam.gserviceaccount.com"}} +{"kind": "false_positive", "id": 34, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 13, "secret": "client_id\": \"109876543210987654321"}} +{"kind": "false_positive", "id": 34, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "auth_uri\": \"https://accounts.google.com/o/oauth2/auth"}} +{"kind": "false_positive", "id": 34, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "token_uri\": \"https://oauth2.googleapis.com/token"}} +{"kind": "false_positive", "id": 34, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 16, "secret": "auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs"}} +{"kind": "false_positive", "id": 34, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 17, "secret": "client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/terraform-runner%40gcp-project-analytics-prod.iam.gserviceaccount.com"}} +{"kind": "false_positive", "id": 34, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 23, "secret": "prod-static-assets-bucket-987654321"}} +{"kind": "false_positive", "id": 34, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 9, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlQGFwaS5jb20iLCJhdWQiOiJtb2JpbGUiLCJleHAiOjE3MzU2ODk2MDB9."}} +{"kind": "false_positive", "id": 34, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "Content-Type': 'application/json"}} +{"kind": "false_positive", "id": 34, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 16, "secret": "Authorization': 'Bearer $authToken"}} +{"kind": "false_positive", "id": 35, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 18, "secret": "postgresql://warehouse_svc:vF9@p#Z&rT7s!q@db-prod-_eu-west-1.rds.amazonaws.com:5432/analytics_data_prod"}} +{"kind": "false_positive", "id": 35, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 22, "secret": "prod-redis-cache.mxf8e3.ng.0001.euw1.cache.amazonaws.com"}} +{"kind": "false_positive", "id": 35, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 26, "secret": "sk_live_51Kk0L2ApB8fG1tY9lEwJbNc5ZgHqR6vY7kO4sT3uF1gA2iXvMn9cRzXvWqSjU3mB"}} +{"kind": "false_positive", "id": 35, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 26, "secret": "sk_live_51Kk0L2ApB8fG1tY9lEwJbNc5ZgHqR6vY7kO4sT3uF1gA2iXvMn9cRzXvWqSjU3mB"}} +{"kind": "false_positive", "id": 35, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 26, "secret": "sk_live_51Kk0L2ApB8fG1tY9lEwJbNc5ZgHqR6vY7kO4sT3uF1gA2iXvMn9cRzXvWqSjU3mB"}} +{"kind": "false_positive", "id": 35, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 29, "secret": "\"\"Development specific configurations.\"\""}} +{"kind": "false_positive", "id": 35, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 28, "secret": "google_compute_firewall\" \"allow_ssh"}} +{"kind": "false_positive", "id": 35, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 28, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLXNlcnZpY2UiLCJzdWIiOiJzZXJ2aWNlLWFjY291bnQtb3JkZXJzIiwiaWF0IjoxNjE2MjM5MDIyLCJleHAiOjE3NzE5MjcwMDAsImF1ZCI6ImludGVybmFsLWFwaSJ9."}} +{"kind": "false_positive", "id": 35, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 46, "secret": "https://hooks.slack.com/services/T00ABCDEF/B00GHIJKL/mN7pQ8rS6tU5vW4xY3z2A1B0"}} +{"kind": "false_positive", "id": 35, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 22, "secret": "SELECT * FROM UserProfiles WHERE UserId = @UserId"}} +{"kind": "false_positive", "id": 35, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 38, "secret": "a4b1c8d7e2f5g3h9i0j6k4l2m1n0o7p3"}} +{"kind": "false_positive", "id": 36, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 7, "secret": "\"\"Processes inventory update files from S3 and updates DynamoDB.\"\""}} +{"kind": "false_positive", "id": 36, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"}} +{"kind": "false_positive", "id": 36, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"}} +{"kind": "false_positive", "id": 36, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"}} +{"kind": "false_positive", "id": 36, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "dckr_pat_1VzJ8h_L9KqR7sW3tX5yGZbN0c"}} +{"kind": "false_positive", "id": 36, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "dckr_pat_1VzJ8h_L9KqR7sW3tX5yGZbN0c"}} +{"kind": "false_positive", "id": 36, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 20, "secret": "prepStmtCacheSize\", \"250"}} +{"kind": "false_positive", "id": 36, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 21, "secret": "prepStmtCacheSqlLimit\", \"2048"}} +{"kind": "false_positive", "id": 37, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 7, "secret": "aws_access_key_id': 'AKIAU4T5KR53QUZ6R3P7"}} +{"kind": "false_positive", "id": 37, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 8, "secret": "0jM/pG+fT2rV8sL4kH9aC1wX7yZ0bN5eQ3iU6dK+"}} +{"kind": "false_positive", "id": 37, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 8, "secret": "0jM/pG+fT2rV8sL4kH9aC1wX7yZ0bN5eQ3iU6dK+"}} +{"kind": "false_positive", "id": 37, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 8, "secret": "0jM/pG+fT2rV8sL4kH9aC1wX7yZ0bN5eQ3iU6dK+"}} +{"kind": "false_positive", "id": 37, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 13, "secret": "\"\"Downloads a file from an S3 bucket.\"\""}} +{"kind": "false_positive", "id": 37, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 22, "secret": "'{object_name}' downloaded to '{file_name}' successfully."}} +{"kind": "false_positive", "id": 37, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 33, "secret": "corp-billing-docs-prod', 'invoices/2023-11.pdf"}} +{"kind": "false_positive", "id": 37, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 18, "secret": "glpat-sBv3yZ8xWq9kLpGfJ1cR"}} +{"kind": "false_positive", "id": 37, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 18, "secret": "glpat-sBv3yZ8xWq9kLpGfJ1cR"}} +{"kind": "false_positive", "id": 37, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 29, "secret": "Triggering deployment webhook..."}} +{"kind": "false_positive", "id": 37, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 31, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRsYWIuY29tIiwic3ViIjoiZGVwbG95LXVzZXIiLCJhdWQiOiJkZXBsb3ltZW50LXNlcnZpY2UiLCJpYXQiOjE2NzI1MzEyMDAsImV4cCI6MTcwNDA2NzIwMH0."}} +{"kind": "false_positive", "id": 37, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 4, "secret": "7f1e03c46a67285a8f8b9d0e1f2a3b4c"}} +{"kind": "false_positive", "id": 37, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 9, "secret": "[Critical] High CPU Load on Production Cluster"}} +{"kind": "false_positive", "id": 37, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "CPU load is over 90% on average. @ops-team please investigate. {{host.name}}"}} +{"kind": "false_positive", "id": 37, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "The high CPU issue has not been resolved. Escalating to @oncall-SRE."}} +{"kind": "false_positive", "id": 37, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "avg(last_5m):avg:system.cpu.user{environment:prod} > 90"}} +{"kind": "false_positive", "id": 37, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 24, "secret": "service:core-api\", \"env:prod\", \"severity:critical"}} +{"kind": "false_positive", "id": 37, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 27, "secret": "datadog_monitor\" \"low_disk_space"}} +{"kind": "false_positive", "id": 37, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 30, "secret": "avg(last_15m):avg:system.disk.in_use{role:database} > 0.85"}} +{"kind": "false_positive", "id": 37, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 31, "secret": "Disk space is running low on a database node. @db-admins"}} +{"kind": "false_positive", "id": 37, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 5, "secret": "development' | 'staging' | 'production"}} +{"kind": "false_positive", "id": 37, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 25, "secret": "AIzaSyD9ZvG8hJqKp2sL6wF4xR3tU_0mIoC5bE7"}} +{"kind": "false_positive", "id": 37, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 25, "secret": "AIzaSyD9ZvG8hJqKp2sL6wF4xR3tU_0mIoC5bE7"}} +{"kind": "false_positive", "id": 37, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 36, "secret": "Third-party services configured for environment:"}} +{"kind": "false_positive", "id": 38, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 8, "secret": "\"\"Initializes and returns an S3 client using hardcoded temporary credentials.\"\""}} +{"kind": "false_positive", "id": 38, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "JcKl8f/N+sWq0Yt3mZpXgBv7hR2dF9gU1aE5xH4i"}} +{"kind": "false_positive", "id": 38, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "JcKl8f/N+sWq0Yt3mZpXgBv7hR2dF9gU1aE5xH4i"}} +{"kind": "false_positive", "id": 38, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "JcKl8f/N+sWq0Yt3mZpXgBv7hR2dF9gU1aE5xH4i"}} +{"kind": "false_positive", "id": 38, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "FQoGZXIvYXdzEI///////////wEaDBpqrST2zPXCR+x5IirEA7cW9fB8E8jQkZ6I+9aC4sWxR7eK4uD6Z2mR/7vY5rWw8SzAoN0c9FgT"}} +{"kind": "false_positive", "id": 38, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 23, "secret": "\"\"Lists all buckets using the provided S3 client.\"\""}} +{"kind": "false_positive", "id": 38, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "e9a8f7c6d5b4a392817f0e9d8c7b6a54"}} +{"kind": "false_positive", "id": 38, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 21, "secret": "High CPU Load on web-backend hosts"}} +{"kind": "false_positive", "id": 38, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 23, "secret": "CPU load is high on {{host.name}}. @slack-channel-alerts"}} +{"kind": "false_positive", "id": 38, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 24, "secret": "CPU load has been high for 15 minutes. Paging @on-call."}} +{"kind": "false_positive", "id": 38, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 26, "secret": "avg(last_5m):avg:system.cpu.user{environment:production,service:web-backend} > 80"}} +{"kind": "false_positive", "id": 38, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 33, "secret": "service:web-backend\", \"prod\", \"terraform"}} +{"kind": "false_positive", "id": 38, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 23, "secret": "dckr_pat_gHj8LpQ2sWzK4vB7nC1xR9yT6fU3aE5d"}} +{"kind": "false_positive", "id": 38, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 23, "secret": "dckr_pat_gHj8LpQ2sWzK4vB7nC1xR9yT6fU3aE5d"}} +{"kind": "false_positive", "id": 38, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 43, "secret": "https://sonarqube.internal.acme.com"}} +{"kind": "false_positive", "id": 38, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 40, "secret": "Database connection is not initialized. Call InitDB() first."}} +{"kind": "false_positive", "id": 39, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 23, "secret": "8k@zP!qR7sT&uV*xY$zE#A%D*G-J"}} +{"kind": "false_positive", "id": 39, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 33, "secret": "Content-type: application/json' --data '{\"text\":\"Deployment to production successful!\"}"}} +{"kind": "false_positive", "id": 39, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 23, "secret": "aZ8~9_xYpQ-rS7tV.wJ6fGhK1jL3mN5oB4c2"}} +{"kind": "false_positive", "id": 39, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 10, "secret": "jdbc:postgresql://db.internal.example.com:5432/notifications"}} +{"kind": "false_positive", "id": 39, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 21, "secret": "p@qR$tUvW*yZ!aB#cDe^fG7hJ2kL4mN6p"}} +{"kind": "false_positive", "id": 40, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "SQLALCHEMY_TRACK_MODIFICATIONS"}} +{"kind": "false_positive", "id": 40, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "sk_live_51Mv3UqKxVp8pLoJ9tFmW2cXa1hN6bA7vF9yR0eZlP3cT8bSgK4uL5iV6jW7bA8eV9oI0pQ1rC2sD3tF4gH5jK6lM"}} +{"kind": "false_positive", "id": 40, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "sk_live_51Mv3UqKxVp8pLoJ9tFmW2cXa1hN6bA7vF9yR0eZlP3cT8bSgK4uL5iV6jW7bA8eV9oI0pQ1rC2sD3tF4gH5jK6lM"}} +{"kind": "false_positive", "id": 40, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "sk_live_51Mv3UqKxVp8pLoJ9tFmW2cXa1hN6bA7vF9yR0eZlP3cT8bSgK4uL5iV6jW7bA8eV9oI0pQ1rC2sD3tF4gH5jK6lM"}} +{"kind": "false_positive", "id": 40, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 22, "secret": "/create-payment-intent', methods=['POST"}} +{"kind": "false_positive", "id": 40, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 17, "secret": "AKIA4P5X3W7RYS6BZM9N"}} +{"kind": "false_positive", "id": 40, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 18, "secret": "v9mB/LpKsR8wT7oF4gH2jA1sC3dE5fG6hI7kL8mP"}} +{"kind": "false_positive", "id": 40, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 18, "secret": "v9mB/LpKsR8wT7oF4gH2jA1sC3dE5fG6hI7kL8mP"}} +{"kind": "false_positive", "id": 40, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "AKCp8tRLUvD1s5bYvL9T3qR7vC4kM6wN2pX8zF0aE9gH1iJ3kL5mN7oB9sD1fG2hJ4kL6eV"}} +{"kind": "false_positive", "id": 40, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "AKCp8tRLUvD1s5bYvL9T3qR7vC4kM6wN2pX8zF0aE9gH1iJ3kL5mN7oB9sD1fG2hJ4kL6eV"}} +{"kind": "false_positive", "id": 40, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 20, "secret": "google-github-actions/auth@v1"}} +{"kind": "false_positive", "id": 40, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 31, "secret": "Content-Type': 'application/json"}} +{"kind": "false_positive", "id": 41, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "SQLALCHEMY_TRACK_MODIFICATIONS"}} +{"kind": "false_positive", "id": 41, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "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"}} +{"kind": "false_positive", "id": 41, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "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"}} +{"kind": "false_positive", "id": 41, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "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"}} +{"kind": "false_positive", "id": 41, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 23, "secret": "/create-payment-intent', methods=['POST"}} +{"kind": "false_positive", "id": 41, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 6, "secret": "AKIAY3R4WZ76X2P5QJ6M"}} +{"kind": "false_positive", "id": 41, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 7, "secret": "pL8vGkZ9JmN7sR2wXqF1bT4uYcV3zH5iA0oK6eB"}} +{"kind": "false_positive", "id": 41, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 7, "secret": "pL8vGkZ9JmN7sR2wXqF1bT4uYcV3zH5iA0oK6eB"}} +{"kind": "false_positive", "id": 41, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 16, "secret": "google-github-actions/auth@v1"}} +{"kind": "false_positive", "id": 41, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 33, "secret": "Deployment to production finished."}} +{"kind": "false_positive", "id": 41, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 35, "secret": "https://hooks.slack.com/services/T00ABCDEF/B00GHIJKL/kM3P5sR9tV1wX7Y2zN8oB4cD"}} +{"kind": "false_positive", "id": 41, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "AIzaSyBv4nE8tGfH3jK2L5mN7oP9qR1sT3uV5wX"}} +{"kind": "false_positive", "id": 41, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "AIzaSyBv4nE8tGfH3jK2L5mN7oP9qR1sT3uV5wX"}} +{"kind": "false_positive", "id": 41, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 20, "secret": "1:123456789012:web:a1b2c3d4e5f6a7b8c9d0e1"}} +{"kind": "false_positive", "id": 41, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 32, "secret": "https://o1234567.ingest.sentry.io/12345678901234"}} +{"kind": "false_positive", "id": 41, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "ZThkNDFkYzAtNzA1Mi00YjU5LTg5Y2UtMjdhMTEyMzg1ZjM5NDY0Y2ZkYjMtYTEzNC00MWI4LWJmOTItZWY5YTJjNmE1N2Jl"}} +{"kind": "false_positive", "id": 41, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 30, "secret": "http://discovery-service:8761/eureka/"}} +{"kind": "false_positive", "id": 42, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 17, "secret": "zL8wNcU9oF7jK5dG1eH3bV2aR6tY0sP4iQ9xCmA1"}} +{"kind": "false_positive", "id": 42, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 17, "secret": "zL8wNcU9oF7jK5dG1eH3bV2aR6tY0sP4iQ9xCmA1"}} +{"kind": "false_positive", "id": 42, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 17, "secret": "zL8wNcU9oF7jK5dG1eH3bV2aR6tY0sP4iQ9xCmA1"}} +{"kind": "false_positive", "id": 42, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 22, "secret": "/api/v1/invoices/', methods=['GET"}} +{"kind": "false_positive", "id": 42, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 28, "secret": "Bucket': S3_BUCKET_NAME, 'Key"}} +{"kind": "false_positive", "id": 42, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 38, "secret": "Accept: application/vnd.github.v3+json"}} +{"kind": "false_positive", "id": 42, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 39, "secret": "ghp"}} +{"kind": "false_positive", "id": 42, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6"}} +{"kind": "false_positive", "id": 42, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 13, "secret": "x9y8z7w6v5u4t3s2r1q0p9o8n7m6l5k4j3i2h1g0"}} +{"kind": "false_positive", "id": 42, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 17, "secret": "[Critical] High CPU Utilization on Core Services"}} +{"kind": "false_positive", "id": 42, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "@all CPU utilization is over 90% on {{host.name}}. Check running processes immediately."}} +{"kind": "false_positive", "id": 42, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 21, "secret": "avg(last_5m):avg:system.cpu.user{environment:prod,service:core-api} > 90"}} +{"kind": "false_positive", "id": 42, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 28, "secret": "env:prod\", \"service:core-api\", \"severity:critical"}} +{"kind": "false_positive", "id": 42, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 34, "secret": "[Prod] API Health Check - /status endpoint"}} +{"kind": "false_positive", "id": 42, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 21, "secret": "String', 'API_BASE_URL', '\"https://prod.api.examplecompany.com/\""}} +{"kind": "false_positive", "id": 42, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 22, "secret": "prod_api_L3hV7bN9kPjR2wZ4mQ8yS6xT5"}} +{"kind": "false_positive", "id": 42, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 38, "secret": "proguard-android-optimize.txt'), 'proguard-rules.pro"}} +{"kind": "false_positive", "id": 43, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "SQLALCHEMY_TRACK_MODIFICATIONS"}} +{"kind": "false_positive", "id": 43, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "prod-redis-cluster.ab123c.0001.use1.cache.amazonaws.com"}} +{"kind": "false_positive", "id": 43, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 21, "secret": "eYp3s6v9y$B&E)H@McQfTjWnZr4u7x!A"}} +{"kind": "false_positive", "id": 43, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 35, "secret": "https://hooks.slack.com/services/T024F4SJ2/B0C3E4D5F6/aBcDeFgHiJkLmNoPqRsTuVwX"}} +{"kind": "false_positive", "id": 43, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 3, "secret": "B4kL9mN8oP1qR2sT3uV4wX5yZ6aB7c8D"}} +{"kind": "false_positive", "id": 43, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 3, "secret": "B4kL9mN8oP1qR2sT3uV4wX5yZ6aB7c8D"}} +{"kind": "false_positive", "id": 43, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 6, "secret": "fastly_service_v1\" \"webapp"}} +{"kind": "false_positive", "id": 43, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "app-load-balancer.us-west-2.elb.amazonaws.com"}} +{"kind": "false_positive", "id": 43, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "AIzaSyB9X8c7V6D5E4F3G2H1I0jL9K8mN7pQoR"}} +{"kind": "false_positive", "id": 43, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "AIzaSyB9X8c7V6D5E4F3G2H1I0jL9K8mN7pQoR"}} +{"kind": "false_positive", "id": 43, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 17, "secret": "1:123456789012:web:a1b2c3d4e5f6a7b8c9d0e1"}} +{"kind": "false_positive", "id": 43, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 26, "secret": "sk-proj-rT8uV9wXyZ1aB2c3d4E5f6G7h8i9j0kL1m2N3o4P5q6R"}} +{"kind": "false_positive", "id": 43, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 26, "secret": "sk-proj-rT8uV9wXyZ1aB2c3d4E5f6G7h8i9j0kL1m2N3o4P5q6R"}} +{"kind": "false_positive", "id": 44, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 10, "secret": "pL8/Jk3b+mN5gH7vF2sK9dR1wZ0eC4yI/xQvA6sT"}} +{"kind": "false_positive", "id": 44, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 10, "secret": "pL8/Jk3b+mN5gH7vF2sK9dR1wZ0eC4yI/xQvA6sT"}} +{"kind": "false_positive", "id": 44, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 10, "secret": "pL8/Jk3b+mN5gH7vF2sK9dR1wZ0eC4yI/xQvA6sT"}} +{"kind": "false_positive", "id": 44, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 13, "secret": "\"\"Downloads a specific file from our production S3 bucket.\"\""}} +{"kind": "false_positive", "id": 44, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 21, "secret": "Starting download for {s3_key}..."}} +{"kind": "false_positive", "id": 44, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 23, "secret": "Successfully downloaded to {local_path}"}} +{"kind": "false_positive", "id": 44, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 33, "secret": "monthly_reports/2023-10.csv"}} +{"kind": "false_positive", "id": 44, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 20, "secret": "aL9~_fH8qY7.s-D3.wX2vR-zM4pE1bN9jK"}} +{"kind": "false_positive", "id": 44, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 9, "secret": "jdbc:postgresql://db-prod-replica-1.c8zqtm2n4a1v.us-west-2.rds.amazonaws.com:5432/analytics_db"}} +{"kind": "false_positive", "id": 44, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "4hG#kL$pQ2s!tV*wXyZ(aB-dE"}} +{"kind": "false_positive", "id": 44, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 18, "secret": "NjIzZGU5NTgtYWYzZC00YjM1LWE3MzktZWYzMDU3NTM1YmYxYzUyMWU1NzItODk0Yi00ODY0LWIzZjItYmYyYjVjYTAwZjY1"}} +{"kind": "false_positive", "id": 44, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 39, "secret": "scp ./target/app.jar ${env.DEPLOY_USER}@${env.DEPLOY_HOST}:/opt/app/"}} +{"kind": "false_positive", "id": 44, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 40, "secret": "ssh ${env.DEPLOY_USER}@${env.DEPLOY_HOST} 'systemctl restart myapp'"}} +{"kind": "false_positive", "id": 44, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "development' | 'staging' | 'production"}} +{"kind": "false_positive", "id": 45, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "SQLALCHEMY_TRACK_MODIFICATIONS"}} +{"kind": "false_positive", "id": 45, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 13, "secret": "JWT_SECRET_KEY'] = 'u$h3Jk!^nL*8g$Pz@qV5sR9b#Gf2M(wE"}} +{"kind": "false_positive", "id": 45, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "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"}} +{"kind": "false_positive", "id": 45, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "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"}} +{"kind": "false_positive", "id": 45, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 24, "secret": "/login', methods=['POST"}} +{"kind": "false_positive", "id": 45, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 29, "secret": "test"}} +{"kind": "false_positive", "id": 45, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 42, "secret": "Image built and pushed successfully"}} +{"kind": "false_positive", "id": 45, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 6, "secret": "zJ7aRpXtNfEmI/K9mDeNg/BqXrfIcY9gLwS3vUoH"}} +{"kind": "false_positive", "id": 45, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 6, "secret": "zJ7aRpXtNfEmI/K9mDeNg/BqXrfIcY9gLwS3vUoH"}} +{"kind": "false_positive", "id": 45, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 24, "secret": "D#$tG6hL9p!z@qR2bN8f*m"}} +{"kind": "false_positive", "id": 45, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 17, "secret": "gz_api_k_e5e4bb50c2684994843b0032b49ab78c"}} +{"kind": "false_positive", "id": 45, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 9, "secret": "github.com/streadway/amqp"}} +{"kind": "false_positive", "id": 45, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 20, "secret": "amqp://msg_proc:F3d^kLp@9s!zR-q@rabbitmq-prod.svc.cluster.local:5672/"}} +{"kind": "false_positive", "id": 45, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 23, "secret": "sv-tok-prod_8A2zL9pHqY7tJv5kR4wGcXnF1bS3mD6h"}} +{"kind": "false_positive", "id": 45, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 43, "secret": "Content-Type\", \"application/json"}} +{"kind": "false_positive", "id": 45, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 50, "secret": " [*] Waiting for messages. To exit press CTRL+C"}} +{"kind": "false_positive", "id": 46, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "SQLALCHEMY_TRACK_MODIFICATIONS"}} +{"kind": "false_positive", "id": 46, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "sk_live_51Kx2BzJ6w3hC7nVf8gB5sLp0nN6rT1qY2aD4zXvWqSjU3mHk9oP7fG1tY9cR"}} +{"kind": "false_positive", "id": 46, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "sk_live_51Kx2BzJ6w3hC7nVf8gB5sLp0nN6rT1qY2aD4zXvWqSjU3mHk9oP7fG1tY9cR"}} +{"kind": "false_positive", "id": 46, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "sk_live_51Kx2BzJ6w3hC7nVf8gB5sLp0nN6rT1qY2aD4zXvWqSjU3mHk9oP7fG1tY9cR"}} +{"kind": "false_positive", "id": 46, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 29, "secret": "/api/v1/health', methods=['GET"}} +{"kind": "false_positive", "id": 46, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "dop_v1_a6b4c8d1e2f3g5h7i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e"}} +{"kind": "false_positive", "id": 46, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "digitalocean_droplet\" \"web_server"}} +{"kind": "false_positive", "id": 46, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 22, "secret": "digitalocean_kubernetes_cluster\" \"primary_cluster"}} +{"kind": "false_positive", "id": 46, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 34, "secret": "digitalocean_ssh_key\" \"main_key"}} +{"kind": "false_positive", "id": 46, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 32, "secret": "https://fedcba9876543210fedcba9876543210@o654321.ingest.sentry.io/3210987"}} +{"kind": "false_positive", "id": 47, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 9, "secret": "\"\"Initializes and returns a boto3 S3 client for a specific region.\"\""}} +{"kind": "false_positive", "id": 47, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "bGe8vKqy9zF3sC7hLpA5dGjJkM0fNn2xWvT1oR4i"}} +{"kind": "false_positive", "id": 47, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "bGe8vKqy9zF3sC7hLpA5dGjJkM0fNn2xWvT1oR4i"}} +{"kind": "false_positive", "id": 47, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "bGe8vKqy9zF3sC7hLpA5dGjJkM0fNn2xWvT1oR4i"}} +{"kind": "false_positive", "id": 47, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 22, "secret": "Successfully created S3 client for region {aws_region}"}} +{"kind": "false_positive", "id": 47, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 29, "secret": "\"\"Lists buckets with 'report' in their name.\"\""}} +{"kind": "false_positive", "id": 47, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 31, "secret": "Name'] for bucket in response['Buckets'] if 'report' in bucket['Name"}} +{"kind": "false_positive", "id": 47, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 38, "secret": "BEGIN OPENSSH PRIVATE KEY"}} +{"kind": "false_positive", "id": 47, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "YjYzY2I0NTYtMzU4Mi00NjRmLWE5YzEtY2QwMmQzMmM4ZWU3ZmY0Y2I3YjAtZjFjNS00NjZiLTk5YjEtZDYyYzE4Y2Y1ZDE4"}} +{"kind": "false_positive", "id": 47, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 19, "secret": "YjYzY2I0NTYtMzU4Mi00NjRmLWE5YzEtY2QwMmQzMmM4ZWU3ZmY0Y2I3YjAtZjFjNS00NjZiLTk5YjEtZDYyYzE4Y2Y1ZDE4"}} +{"kind": "false_positive", "id": 48, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 9, "secret": "github.com/stripe/stripe-go/v72"}} +{"kind": "false_positive", "id": 48, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 10, "secret": "github.com/stripe/stripe-go/v72/paymentintent"}} +{"kind": "false_positive", "id": 48, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mH8sZk7vXn1cT2dD5eF6jA9gB7hI3lK4mN5oP6rQ8tS0uVvWwXyZ00abcDeFgh"}} +{"kind": "false_positive", "id": 48, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 15, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWq"}} +{"kind": "false_positive", "id": 48, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 21, "secret": "dckr_pat_1A7fThgK9pLMt2Jz4wVbX5rYc8nS3oP6g"}} +{"kind": "false_positive", "id": 48, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 21, "secret": "dckr_pat_1A7fThgK9pLMt2Jz4wVbX5rYc8nS3oP6g"}} +{"kind": "false_positive", "id": 48, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 39, "secret": "Build and deploy succeeded for main branch."}} +{"kind": "false_positive", "id": 48, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 41, "secret": "https://hooks.slack.com/services/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"}} +{"kind": "false_positive", "id": 48, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "7jH2kL5mN8pQ3sW9vX1yZ4aB6cD8eF0gH2jK4lM5"}} +{"kind": "false_positive", "id": 48, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "7jH2kL5mN8pQ3sW9vX1yZ4aB6cD8eF0gH2jK4lM5"}} +{"kind": "false_positive", "id": 48, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 14, "secret": "7jH2kL5mN8pQ3sW9vX1yZ4aB6cD8eF0gH2jK4lM5"}} +{"kind": "false_positive", "id": 48, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 18, "secret": "pk.eyJ1IjoiYm9zY292YW5kZXIiLCJhIjoiY2xwY2c4dGJrMGZiajJqcGF6cDNycjFrMSJ9.zF9VbWb0wE8lD9sN1hO9gQ"}} +{"kind": "false_positive", "id": 48, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 24, "secret": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlLWRldmVsb3BtZW50IiwiaXNzIjoibXktYXBwLWJhY2tlbmQiLCJhdWQiOiJpbnRlcm5hbC1hcGkiLCJleHAiOjE3MzU2ODk2MDAsImlhdCI6MTcwNDU4NTYwMCwianRpIjoiNWY0ZC04YmRmLWEwYjktM2Y5YSJ9.Kq-LwhU4xQp8VdG2tY_hZ3nBc7dJjO0pE_wF9XzR6vSgL7uH5mI4nK1oPkU9tQ1fA2eRbC3gX0hJjK1lW_zQ_"}} +{"kind": "false_positive", "id": 48, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 8, "secret": "8!hG#kL$pQ2s@db.prod-STRONG-Pa$$wrd"}} +{"kind": "false_positive", "id": 48, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 23, "secret": "ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7z"}} +{"kind": "false_positive", "id": 48, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 23, "secret": "ghp"}} +{"kind": "false_positive", "id": 48, "sub_index": 4, "match_type": "false_positive", "actual": {"line_number": 28, "secret": "Contains all Terraform configurations for the company"}} +{"kind": "false_positive", "id": 49, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "bK9mP4wR8sL1vJ7oA2dF6gH3xN0cT5yZ/iE+qW!a"}} +{"kind": "false_positive", "id": 49, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 12, "secret": "prod-financial-reports-q3-2023"}} +{"kind": "false_positive", "id": 49, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 18, "secret": "\"\"Initializes and returns a boto3 S3 client.\"\""}} +{"kind": "false_positive", "id": 49, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 36, "secret": "Successfully uploaded {file_name} to {S3_BUCKET_NAME}"}} +{"kind": "false_positive", "id": 49, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 7, "secret": "jdbc:postgresql://db-prod-aurora-ca.c9zjq3a2v1xl.us-east-1.rds.amazonaws.com:5432/analytics_reporting"}} +{"kind": "false_positive", "id": 49, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 9, "secret": "s$3pL!z#9FqG&vB^kY5h@m"}} +{"kind": "false_positive", "id": 49, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 11, "secret": "org.hibernate.dialect.PostgreSQLDialect"}} +{"kind": "false_positive", "id": 49, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 21, "secret": "NzhhYjU0ZWE3YzE2NGU5YWYyMGExYzhmNDY3NzU3M2M4YjE2OTIzYjljYjA3ZGIxNzQwMjQyMmMxOGQ4ZDllZA"}} +{"kind": "false_positive", "id": 49, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 4, "secret": "gcp-project-analytics-34123"}} +{"kind": "false_positive", "id": 49, "sub_index": 2, "match_type": "false_positive", "actual": {"line_number": 16, "secret": "Data Ingestion Worker Service Account"}} +{"kind": "false_positive", "id": 49, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 18, "secret": "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"}} +{"kind": "false_positive", "id": 49, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 18, "secret": "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"}} +{"kind": "false_positive", "id": 50, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 10, "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"}} +{"kind": "false_positive", "id": 50, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 10, "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"}} +{"kind": "false_positive", "id": 50, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 10, "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"}} +{"kind": "false_positive", "id": 50, "sub_index": 0, "match_type": "false_positive", "actual": {"line_number": 16, "secret": "/api/v1/documents/upload', methods=['POST"}} +{"kind": "false_positive", "id": 50, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 24, "secret": "dd_api_9f5c2d3a1b0e4f8d6a3c5e7b9a1d3f5c"}} +{"kind": "false_positive", "id": 50, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 29, "secret": "High CPU Load on web-backend-cluster"}} +{"kind": "false_positive", "id": 50, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 31, "secret": "@slack-alerts-critical CPU load is over 90% on {{host.name}}. Check running services."}} +{"kind": "false_positive", "id": 50, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 32, "secret": "avg(last_5m):avg:system.cpu.user{environment:prod} > 90"}} +{"kind": "false_positive", "id": 50, "sub_index": 1, "match_type": "false_positive", "actual": {"line_number": 34, "secret": "service:backend\", \"env:production"}} +{"kind": "false_positive", "id": 50, "sub_index": 3, "match_type": "false_positive", "actual": {"line_number": 37, "secret": "google-github-actions/auth@v1"}} diff --git a/secrets-benchmarks/raw-dataset.jsonl b/secrets-benchmarks/raw-dataset.jsonl new file mode 100644 index 0000000..58f2d08 --- /dev/null +++ b/secrets-benchmarks/raw-dataset.jsonl @@ -0,0 +1,48 @@ +{"id": 1, "findings": [{"code": "78: import boto3\n79: from botocore.exceptions import NoCredentialsError\n80: \n81: def get_s3_client():\n82: # Security-sensitive credentials for production environment\n83: aws_access_key = 'AKIAY4U3L2F7SXJ6ZBQR'\n84: aws_secret_key = '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'\n85: \n86: try:\n87: s3 = boto3.client(\n88: 's3',\n89: aws_access_key_id=aws_access_key,\n90: aws_secret_access_key=aws_secret_key,\n91: region_name='us-east-1'\n92: )\n93: return s3\n94: except NoCredentialsError:\n95: print(\"Credentials not available\")\n96: return None\n97: \n98: def upload_file_to_s3(file_name, bucket, object_name=None):\n99: if object_name is None:\n100: object_name = file_name\n101: \n102: s3_client = get_s3_client()\n103: if s3_client:\n104: try:\n105: s3_client.upload_file(file_name, bucket, object_name)\n106: print(f\"File '{file_name}' uploaded to '{bucket}/{object_name}'.\")\n107: return True\n108: except Exception as e:\n109: print(f\"Upload failed: {e}\")\n110: return False\n111: return False\n112: \n", "findings": [{"line_number": 83, "secret": "AKIAY4U3L2F7SXJ6ZBQR", "label": "True Positive"}, {"line_number": 84, "secret": "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", "label": "True Positive"}]}, {"code": "15: name: Deploy to Staging\n16: \n17: on:\n18: push:\n19: branches:\n20: - develop\n21: \n22: jobs:\n23: build-and-deploy:\n24: runs-on: ubuntu-latest\n25: steps:\n26: - name: Checkout repository\n27: uses: actions/checkout@v3\n28: \n29: - name: Build Docker Image\n30: run: |\n31: docker build -t my-app:staging .\n32: \n33: - name: Deploy to Kubernetes Cluster\n34: env:\n35: KUBE_CONFIG_DATA: \"apiVersion: v1\\nclusters:\\n- cluster:\\n server: https://k8s-staging.mycompany.dev\\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURaekNDQWsrZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpMV05oYlhCaGNuUnZkMjVzYVdJdGMyVm5jbWx1VEhCRGNISXRVRk5sYm5acFkyRXViV0Z5YTJVdApjR1Z5WVc0dGMyVmpkWEpwZEhrdE1CNFhEVEl4TURnd05qQXlPREl6TmxvWERUSXhNRGd3TmpBeU9ESXpObG93CkZURVRNQkVHQTFVRUF4TUthM1ZpY0dGblp5QkRaWEowYVdacFkyRjBhVzVuTVJvd0dBWURWUVFERXhGMVlXNWsKWXpCeldYSnliMnhsTG1OdmJURWNNQm9HQTFVRUF4UVVkakV1TG1Gc2JEb2dSWGRsWVhScGIyNGdkR2hsY2pBSgpCZ05WQkFvTUIxZGxaSEp2Ym5RdFkyRXdIaGNOTWpNd09UWTVNVFkyTURBMVdoY05Nak13T1RZeU1UWTJNREExCldqQVZNUk13RVFZRFZRUURFd3ByZFdKbGNtNWxkR1Z6TFdOaGJYQmhjblJ2ZDI1c2FXSXRjMlZuY21sdVRIQkQKc0hJdFVGTmxiblpwWTJFdWJXRnlhMlV0Y0dWeVlXNHRjMlZqZFhKcGRoa3RNQjRYRFRJeE1EZ3dOalF5TURJek4KbG9YRFRJeE1EZ3dOalF5TURJek5sb3dGVEVUTUJFR0ExVUVBeE1LYTNWaWNHzG5aeUJEWlhKMGFXWnBZMkYwCmFXNW5NU2t3SndZRFZRUUREQmR5WVc1bElFTmxjblJwWm1sallYUnBiMjR4RkRBU0JnTlZCQWNNQzFOaGJuUmwKWm00dGNIVjBaWEp6TG1OdmJUSXdNUnd3R1dZRFZRUUREQnBqWVc1bExtTnZiVEJaTUJNR0J5cUxlbEZvTEF1TQpNRGN3SmdZSktvWklodmNOQVFrQkZoZGxaSEp2Ym5RdFkyRXdEUVlKS29aSWh2Y05BUUVGQlFBZ2dra0JBSUVwCllpU0p2eU9rV0ZpZDJnZ0lQeW55bklwZWZpb1Rpa2ZpUGlpa2lQeWtlUGlUZ2Zpd1BTZ2tQSWZpZ2lwaWsKZ2ZQc0dnZ2ZQaVBHZ2ZpcGtpa1BnaVBHZ2lQaWdQaVBHZ2ZHUGlQaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZQaWcKUGlQaWtQaWtQaVBHUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaVBHZ2ZHUGlQaWtQaVBHZ2ZHUGkKUGlQaWtQaVBHZ2ZHUGlQaWtQaWtQaVBHUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaVBHZ2ZQaWcKUGlQaWtQaWtQaVBHUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZQaWdQaVBHZ2ZQaWlQaWtQaVBHZ2ZGUGkKUGlQaWtQaWtQaVBHUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQZ2lwaWtnZlBzR2lnUGlQZ2ZpZ2lQaWtnZlBpcCgKaWtQZ2ZpcGtpa1BnaVBHZ2lQZ2lQZ2Zpd1BTZ2tQSWZpZ2lwaWtnZlBzR2dnZlBpUEgLZGdnaUtpUGlQaWsKUGlQaWtQaVBHZ2ZQaWdQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaVBHZ2ZQaWdQaVBHZ2ZpUGlQaWtQaVBHZ2ZQaWcKUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZQaWdQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaWsKUGlwaWtQaVBHZ2ZQaWdQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaVBHZ2ZQaWdQaVBHZ2ZpUGlQaWtQaVBHZ2lQaWtnCmZQaVBHZ2ZpUGlQaWtQaWtQaVBHUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQZ2lwaWtnZlA==\\n name: k8s-staging\\ncontexts:\\n- context:\\n cluster: k8s-staging\\n user: cicd-user\\n name: k8s-staging\\ncurrent-context: k8s-staging\\nkind: Config\\npreferences: {}\\nusers:\\n- name: cicd-user\\n user:\\n token: tok_v3_a7b8e1f5d3c2a1b0e4f6d7c8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8\\n\"\n36: run: |\n37: echo \"$KUBE_CONFIG_DATA\" > ./kubeconfig\n38: export KUBECONFIG=./kubeconfig\n39: kubectl apply -f k8s/deployment-staging.yaml\n40: \n41: - name: Notify on Slack\n42: if: success()\n43: run: |\n44: curl -X POST -H 'Content-type: application/json' --data '{\"text\":\"Staging deployment successful.\"}' https://hooks.slack.com/services/T01ABCD4E5F/B02FGHIJ3K4/aBcDeFg1hIjKlMnOpQrStUvWxYzA543210\n45: \n", "findings": [{"line_number": 35, "secret": "tok_v3_a7b8e1f5d3c2a1b0e4f6d7c8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8", "label": "True Positive"}, {"line_number": 44, "secret": "https://hooks.slack.com/services/T01ABCD4E5F/B02FGHIJ3K4/aBcDeFg1hIjKlMnOpQrStUvWxYzA543210", "label": "True Positive"}]}, {"code": "41: package main\n42: \n43: import (\n44: \"fmt\"\n45: \"log\"\n46: \"net/http\"\n47: \"github.com/gin-gonic/gin\"\n48: \"gorm.io/driver/postgres\"\n49: \"gorm.io/gorm\"\n50: )\n51: \n52: // JWT secret key for signing tokens\n53: var jwtSecret = []byte(\"8f5a6b09c2d3e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9\")\n54: \n55: type User struct {\n56: gorm.Model\n57: Username string `gorm:\"unique\"`\n58: Email string\n59: }\n60: \n61: func main() {\n62: // DSN for production database connection\n63: dsn := \"postgres://svc_acct_user:P@s$W0rd1!zN0tG00d@pg-prod-1.c4u7n8t3p1o2.us-west-2.rds.amazonaws.com:5432/user_profiles\"\n64: db, err := gorm.Open(postgres.Open(dsn), &gorm.Config{})\n65: if err != nil {\n66: log.Fatal(\"Failed to connect to database!\")\n67: }\n68: \n69: db.AutoMigrate(&User{})\n70: \n71: router := gin.Default()\n72: \n73: router.GET(\"/health\", func(c *gin.Context) {\n74: c.JSON(http.StatusOK, gin.H{\"status\": \"UP\"})\n75: })\n76: \n77: // Add more routes here...\n78: \n79: fmt.Println(\"Server starting on port 8080\")\n80: router.Run(\":8080\")\n81: }\n", "findings": [{"line_number": 53, "secret": "8f5a6b09c2d3e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9", "label": "True Positive"}, {"line_number": 63, "secret": "postgres://svc_acct_user:P@s$W0rd1!zN0tG00d@pg-prod-1.c4u7n8t3p1o2.us-west-2.rds.amazonaws.com:5432/user_profiles", "label": "True Positive"}]}, {"code": "112: # Terraform configuration for provisioning a web server and a database\n113: \n114: terraform {\n115: required_providers {\n116: digitalocean = {\n117: source = \"digitalocean/digitalocean\"\n118: version = \"~> 2.0\"\n119: }\n120: }\n121: }\n122: \n123: provider \"digitalocean\" {\n124: token = \"dop_v1_8a3f5b210c4e7d9f6a2b01c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3\"\n125: }\n126: \n127: resource \"digitalocean_droplet\" \"web_app\" {\n128: image = \"ubuntu-20-04-x64\"\n129: name = \"web-prod-1\"\n130: region = \"nyc3\"\n131: size = \"s-1vcpu-1gb\"\n132: ssh_keys = [data.digitalocean_ssh_key.main.id]\n133: }\n134: \n135: data \"digitalocean_ssh_key\" \"main\" {\n136: name = \"prod-deploy-key\"\n137: }\n138: \n139: resource \"digitalocean_database_cluster\" \"postgres_db\" {\n140: name = \"prod-db-cluster\"\n141: engine = \"pg\"\n142: version = \"13\"\n143: size = \"db-s-2vcpu-4gb\"\n144: region = \"nyc3\"\n145: node_count = 1\n146: }\n", "findings": [{"line_number": 124, "secret": "dop_v1_8a3f5b210c4e7d9f6a2b01c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3", "label": "True Positive"}]}, {"code": "201: # ========================================\n202: # Main Application Configuration\n203: # ========================================\n204: server.port=8080\n205: \n206: # ========================================\n207: # Database Settings\n208: # ========================================\n209: spring.datasource.url=jdbc:mysql://db-prod.c1a2b3d4e5f6.us-east-1.rds.amazonaws.com:3306/webappdb?useSSL=true&requireSSL=true\n210: spring.datasource.username=webapp_admin\n211: spring.datasource.password=8h$T9x!qW2r*Lp@vK4m&Z7gB#nS5yU\n212: spring.jpa.hibernate.ddl-auto=update\n213: \n214: # ========================================\n215: # Redis Cache Settings\n216: # ========================================\n217: spring.redis.host=redis-prod.a1b2c3.0001.use1.cache.amazonaws.com\n218: spring.redis.port=6379\n219: spring.redis.password=eC5tVg8jNkLpQ3sW6zY9bH2fR7uI0mO1vX4a\n220: \n221: # ========================================\n222: # External API Keys\n223: # ========================================\n224: sendgrid.api.key=SG.k8yWq2pT9RzX4vU7cE1sN3.LgJ5tH_vB8nU6sY9aI0mD4fO2oP1qR3eS6wW7x Zz\n225: stripe.publishable.key=pk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB2nD5oP6qR7sW8x YzZ9a \n226: \n227: # ========================================\n228: # Logging Configuration\n229: # ========================================\n230: logging.level.root=INFO\n231: logging.level.com.myapp=DEBUG\n232: logging.file.name=logs/spring-boot-app.log\n233: ", "findings": [{"line_number": 211, "secret": "8h$T9x!qW2r*Lp@vK4m&Z7gB#nS5yU", "label": "True Positive"}, {"line_number": 219, "secret": "eC5tVg8jNkLpQ3sW6zY9bH2fR7uI0mO1vX4a", "label": "True Positive"}, {"line_number": 224, "secret": "SG.k8yWq2pT9RzX4vU7cE1sN3.LgJ5tH_vB8nU6sY9aI0mD4fO2oP1qR3eS6wW7x Zz", "label": "True Positive"}]}]} +{"id": 2, "findings": [{"code": "78: from flask import Flask, request, jsonify\n79: import stripe\n80: import os\n81: import psycopg2\n82: from sendgrid import SendGridAPIClient\n83: from sendgrid.helpers.mail import Mail\n84: \n85: app = Flask(__name__)\n86: \n87: # Initialize third-party services with hardcoded credentials\n88: stripe.api_key = \"sk_live_51KmzU8BqR6tP0kLwXgH7yV3dF9sJ1eA8cW2mN4oB6gZ5hI0kL3jM7yV9dF1gH2jK4lN6oB5pQ8sR7tU\"\n89: \n90: DATABASE_URL = \"postgres://payment_svc_user:pS9#v$2K@j1F!gH@db-payments-prod.c4z1x2y3w4.us-east-1.rds.amazonaws.com:5432/payments_db\"\n91: \n92: def get_db_connection():\n93: conn = psycopg2.connect(DATABASE_URL)\n94: return conn\n95: \n96: @app.route('/api/v1/charge', methods=['POST'])\n97: def create_charge():\n98: data = request.get_json()\n99: try:\n100: charge = stripe.Charge.create(\n101: amount=data['amount'],\n102: currency='usd',\n103: source=data['token'],\n104: description='Charge for order #12345'\n105: )\n106: send_receipt(data['customer_email'])\n107: return jsonify({'status': 'success', 'charge_id': charge.id}), 200\n108: except stripe.error.CardError as e:\n109: return jsonify({'error': str(e)}), 400\n110: \n111: def send_receipt(customer_email):\n112: message = Mail(\n113: from_email='noreply@example-shop.com',\n114: to_emails=customer_email,\n115: subject='Your Receipt from ExampleShop',\n116: html_content='Thank you for your purchase!'\n117: )\n118: try:\n119: sg = SendGridAPIClient('SG.4fVg7p8R_TqWz3xY9bA1c2.gHjKlMnOpQrStUvWxYz01AbCdEfGhIjK23Lm4')\n120: response = sg.send(message)\n121: print(f\"Email sent with status code: {response.status_code}\")\n122: except Exception as e:\n123: print(e)\n124: ", "findings": [{"line_number": 88, "secret": "sk_live_51KmzU8BqR6tP0kLwXgH7yV3dF9sJ1eA8cW2mN4oB6gZ5hI0kL3jM7yV9dF1gH2jK4lN6oB5pQ8sR7tU", "label": "True Positive"}, {"line_number": 90, "secret": "postgres://payment_svc_user:pS9#v$2K@j1F!gH@db-payments-prod.c4z1x2y3w4.us-east-1.rds.amazonaws.com:5432/payments_db", "label": "True Positive"}, {"line_number": 119, "secret": "SG.4fVg7p8R_TqWz3xY9bA1c2.gHjKlMnOpQrStUvWxYz01AbCdEfGhIjK23Lm4", "label": "True Positive"}]}, {"code": "12: provider \"aws\" {\n13: region = \"us-west-2\"\n14: access_key = \"AKIAY3R4WZ76X2P5QJ6M\"\n15: secret_key = \"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\"\n16: }\n17: \n18: resource \"aws_s3_bucket\" \"customer_uploads\" {\n19: bucket = \"app-customer-uploads-prod-0a1b2c\"\n20: acl = \"private\"\n21: \n22: tags = {\n23: Name = \"Customer Uploads Bucket\"\n24: Environment = \"Production\"\n25: }\n26: }\n27: \n28: resource \"aws_db_instance\" \"app_database\" {\n29: allocated_storage = 20\n30: engine = \"mysql\"\n31: engine_version = \"8.0\"\n32: instance_class = \"db.t3.micro\"\n33: name = \"webappdb_prod\"\n34: username = \"db_admin\"\n35: password = \"db_P@ssw0rd_pr0d_!2023\"\n36: parameter_group_name = \"default.mysql8.0\"\n37: skip_final_snapshot = true\n38: publicly_accessible = false\n39: }\n40: ", "findings": [{"line_number": 14, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, {"line_number": 15, "secret": "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", "label": "True Positive"}, {"line_number": 35, "secret": "db_P@ssw0rd_pr0d_!2023", "label": "True Positive"}]}, {"code": "1: name: Build and Deploy Production\n2: \n3: on:\n4: push:\n5: branches:\n6: - main\n7: \n8: jobs:\n9: build-and-push:\n10: runs-on: ubuntu-latest\n11: steps:\n12: - name: Checkout code\n13: uses: actions/checkout@v3\n14: \n15: - name: Login to Docker Hub\n16: uses: docker/login-action@v2\n17: with:\n18: username: myproduser\n19: password: dckr_pat_aBcDeFgHiJkLmNoPqRsTuVwXyZ012345\n20: \n21: - name: Build and push Docker image\n22: uses: docker/build-push-action@v4\n23: with:\n24: context: .\n25: push: true\n26: tags: myproduser/app:latest\n27: \n28: trigger-downstream-workflow:\n29: runs-on: ubuntu-latest\n30: needs: build-and-push\n31: steps:\n32: - name: Trigger deployment workflow\n33: uses: actions/github-script@v6\n34: with:\n35: github-token: ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7f\n36: script: |\n37: github.rest.actions.createWorkflowDispatch({\n38: owner: 'my-org',\n39: repo: 'deployment-repo',\n40: workflow_id: 'deploy.yml',\n41: ref: 'main'\n42: });\n43: ", "findings": [{"line_number": 19, "secret": "dckr_pat_aBcDeFgHiJkLmNoPqRsTuVwXyZ012345", "label": "True Positive"}, {"line_number": 35, "secret": "ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7f", "label": "True Positive"}]}, {"code": "55: import React, { useEffect } from 'react';\n56: import * as Sentry from '@sentry/react';\n57: import { BrowserTracing } from '@sentry/tracing';\n58: import { initializeApp } from 'firebase/app';\n59: import mapboxgl from 'mapbox-gl';\n60: \n61: const firebaseConfig = {\n62: apiKey: \"AIzaSyB8pZ5GfsJk9mDq7nL4vW2xRcH1tU0E\",\n63: authDomain: \"my-app-prod.firebaseapp.com\",\n64: projectId: \"my-app-prod\",\n65: storageBucket: \"my-app-prod.appspot.com\",\n66: messagingSenderId: \"123456789012\",\n67: appId: \"1:123456789012:web:a1b2c3d4e5f6a7b8c9d0e1\"\n68: };\n69: \n70: // Initialize Firebase\n71: initializeApp(firebaseConfig);\n72: \n73: // Initialize Sentry for error tracking\n74: Sentry.init({\n75: dsn: \"https://a1b2c3d4e5f61234abcd5678ef901234@o123456.ingest.sentry.io/9876543\",\n76: integrations: [new BrowserTracing()],\n77: tracesSampleRate: 0.2,\n78: });\n79: \n80: const MapComponent = () => {\n81: useEffect(() => {\n82: mapboxgl.accessToken = 'pk.eyJ1IjoicHJvZGFwcDEyMyIsImEiOiJja3o4dGJuMHgwMnhpMm5wOTNzaHI4cDVqIn0.n7sL8gKjP5eF4tW1bA9c3Q';\n83: const map = new mapboxgl.Map({\n84: container: 'map-container', // container ID\n85: style: 'mapbox://styles/mapbox/streets-v11',\n86: center: [-74.5, 40], // starting position [lng, lat]\n87: zoom: 9 // starting zoom\n88: });\n89: return () => map.remove();\n90: }, []);\n91: \n92: return
;\n93: };\n94: \n95: export default MapComponent;\n96: ", "findings": [{"line_number": 62, "secret": "AIzaSyB8pZ5GfsJk9mDq7nL4vW2xRcH1tU0E", "label": "True Positive"}, {"line_number": 75, "secret": "https://a1b2c3d4e5f61234abcd5678ef901234@o123456.ingest.sentry.io/9876543", "label": "True Positive"}, {"line_number": 82, "secret": "pk.eyJ1IjoicHJvZGFwcDEyMyIsImEiOiJja3o4dGJuMHgwMnhpMm5wOTNzaHI4cDVqIn0.n7sL8gKjP5eF4tW1bA9c3Q", "label": "True Positive"}]}, {"code": "1: # application.properties - Production Environment\n2: server.port=8080\n3: \n4: # Database Configuration\n5: spring.datasource.url=jdbc:mysql://prod-db.example.com:3306/maindb\n6: spring.datasource.username=app_user\n7: spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver\n8: \n9: # JPA / Hibernate\n10: spring.jpa.hibernate.ddl-auto=validate\n11: spring.jpa.show-sql=false\n12: \n13: # Redis Cache Configuration\n14: spring.redis.host=prod-redis.example.com\n15: spring.redis.port=6379\n16: spring.redis.password=h#K!p$7sW@v3xR9zQ*j1fG_b\n17: \n18: # Twilio SMS Service Credentials\n19: twilio.account.sid=AC9f7e6d5c4b3a291807654321fedcba\n20: twilio.auth.token=8a7b65c4d3e2f109876a5b4c3d2e1f0a\n21: twilio.phone.number=+15005550006\n22: \n23: # Security and JWT Configuration\n24: app.security.jwt.secret-key=b2luc3JldnNqcmVxdm5qcXNlMjR2NHFzZXZzcjI1OXF5MHI=\n25: app.security.jwt.expiration-ms=86400000\n26: \n27: # Logging\n28: logging.level.root=WARN\n29: logging.level.com.example.app=INFO", "findings": [{"line_number": 16, "secret": "h#K!p$7sW@v3xR9zQ*j1fG_b", "label": "True Positive"}, {"line_number": 19, "secret": "AC9f7e6d5c4b3a291807654321fedcba", "label": "True Positive"}, {"line_number": 20, "secret": "8a7b65c4d3e2f109876a5b4c3d2e1f0a", "label": "True Positive"}, {"line_number": 24, "secret": "b2luc3JldnNqcmVxdm5qcXNlMjR2NHFzZXZzcjI1OXF5MHI=", "label": "True Positive"}]}]} +{"id": 3, "findings": [{"code": "88: import boto3\n89: from flask import Flask, request, jsonify\n90: \n91: app = Flask(__name__)\n92: \n93: # Temporary AWS credentials for a specific data processing task\n94: def get_s3_client():\n95: session = boto3.Session(\n96: aws_access_key_id='AKIAY3R4WZ76X2P5QJ6M',\n97: aws_secret_access_key='kG+N9sL2rP4xW7yH8zC1vE0bF3uA5tD6jQ/mIoX',\n98: region_name='us-west-2'\n99: )\n100: return session.client('s3')\n101: \n102: @app.route('/api/v1/process-file', methods=['POST'])\n103: def process_file():\n104: data = request.get_json()\n105: bucket_name = data.get('bucket')\n106: file_key = data.get('key')\n107: \n108: if not bucket_name or not file_key:\n109: return jsonify({'error': 'Missing bucket or key'}), 400\n110: \n111: s3 = get_s3_client()\n112: try:\n113: s3.download_file(bucket_name, file_key, f'/tmp/{file_key}')\n114: # ... further processing logic ...\n115: return jsonify({'status': 'File processed successfully'}), 200\n116: except Exception as e:\n117: app.logger.error(f\"Failed to download from S3: {e}\")\n118: return jsonify({'error': 'Internal server error'}), 500\n119: \n120: if __name__ == '__main__':\n121: app.run(host='0.0.0.0', port=8080)\n", "findings": [{"line_number": 96, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, {"line_number": 97, "secret": "kG+N9sL2rP4xW7yH8zC1vE0bF3uA5tD6jQ/mIoX", "label": "True Positive"}]}, {"code": "42: # main.tf - Datadog Monitor for API Gateway Latency\n43: \n44: provider \"datadog\" {\n45: # Credentials configured via environment variables\n46: }\n47: \n48: resource \"aws_api_gateway_rest_api\" \"main_api\" {\n49: name = \"example-api\"\n50: description = \"Primary API for service X\"\n51: }\n52: \n53: resource \"aws_cloudwatch_log_group\" \"api_logs\" {\n54: name = \"/aws/api-gateway/${aws_api_gateway_rest_api.main_api.name}\"\n55: retention_in_days = 30\n56: }\n57: \n58: # This monitor checks for high latency on our main entrypoint.\n59: resource \"datadog_monitor\" \"p99_latency_monitor\" {\n60: name = \"[Critical] High P99 Latency on API Gateway\"\n61: type = \"metric alert\"\n62: message = \"@devops-alerts P99 latency is over 2s. Check API Gateway performance.\"\n63: tags = [\"env:prod\", \"service:api-gateway\"]\n64: \n65: query = \"avg(last_5m):p99:aws.apigateway.latency.count{*} by {apiname} > 2000\"\n66: \n67: monitor_thresholds {\n68: critical = 2000\n69: warning = 1500\n70: }\n71: \n72: // TODO: This should be moved to a var file or Vault\n73: options {\n74: api_key = \"4a8f15d7e5b6c93f0a12e4d3c5f6b8a1\"\n75: }\n76: }\n", "findings": [{"line_number": 74, "secret": "4a8f15d7e5b6c93f0a12e4d3c5f6b8a1", "label": "True Positive"}]}, {"code": "15: name: CI/CD Pipeline for Microservice\n16: \n17: on:\n18: push:\n19: branches:\n20: - main\n21: \n22: jobs:\n23: build-and-push:\n24: runs-on: ubuntu-latest\n25: steps:\n26: - name: Checkout repository\n27: uses: actions/checkout@v3\n28: \n29: - name: Login to Docker Hub\n30: uses: docker/login-action@v2\n31: with:\n32: username: myapp_service_account\n33: password: \"dckr_pat_aB7-cDef_gHiJkL-mNop_qRsT\"\n34: \n35: - name: Build and push Docker image\n36: uses: docker/build-push-action@v4\n37: with:\n38: context: .\n39: push: true\n40: tags: myapp/production:latest\n41: \n42: notify-on-failure:\n43: runs-on: ubuntu-latest\n44: if: failure()\n45: steps:\n46: - name: Send Slack notification\n47: uses: rtCamp/action-slack-notify@v2\n48: env:\n49: SLACK_WEBHOOK: https://hooks.slack.com/services/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\n50: SLACK_TITLE: 'Build Failed: Microservice'\n51: SLACK_MESSAGE: 'The build for the main branch has failed. Please investigate.'\n", "findings": [{"line_number": 33, "secret": "dckr_pat_aB7-cDef_gHiJkL-mNop_qRsT", "label": "True Positive"}, {"line_number": 49, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}]}, {"code": "210: # ==========================================\n211: # DATABASE CONFIGURATION\n212: # ==========================================\n213: spring.datasource.url=jdbc:postgresql://db-reporting.us-east-1.rds.amazonaws.com:5432/reporting_prod\n214: spring.datasource.username=analytics_svc\n215: spring.datasource.password=4#pZ&qK9!sW8*L@gM$nBv\n216: spring.datasource.driver-class-name=org.postgresql.Driver\n217: spring.jpa.hibernate.ddl-auto=validate\n218: \n219: # ==========================================\n220: # OAUTH2 CLIENT CONFIG FOR INTERNAL SSO\n221: # ==========================================\n222: security.oauth2.client.client-id=reporting-service-client\n223: security.oauth2.client.client-secret=f9b5c3d2e1a04987b6a5c4d3e2f1b0a9c8d7e6f5a4b3c2d1e0f0987654321fed\n224: security.oauth2.client.access-token-uri=https://sso.internal.corp/oauth/token\n225: security.oauth2.client.user-authorization-uri=https://sso.internal.corp/oauth/authorize\n226: security.oauth2.resource.user-info-uri=https://sso.internal.corp/userinfo\n227: \n228: # ==========================================\n229: # CACHING CONFIGURATION (REDIS)\n230: # ==========================================\n231: spring.cache.type=redis\n232: spring.redis.host=redis-cache.prod.internal\n233: spring.redis.port=6379\n234: \n235: # ==========================================\n236: # LOGGING CONFIGURATION\n237: # ==========================================\n238: logging.level.com.myapp=INFO\n239: logging.level.org.springframework.web=WARN\n", "findings": [{"line_number": 215, "secret": "4#pZ&qK9!sW8*L@gM$nBv", "label": "True Positive"}, {"line_number": 223, "secret": "f9b5c3d2e1a04987b6a5c4d3e2f1b0a9c8d7e6f5a4b3c2d1e0f0987654321fed", "label": "True Positive"}]}, {"code": "115: import React from 'react';\n116: import { Sentry, SentrySeverity } from 'react-native-sentry';\n117: import { NavigationContainer } from '@react-navigation/native';\n118: import { createStackNavigator } from '@react-navigation/stack';\n119: \n120: // Initialize Sentry for crash reporting\n121: // This DSN was provided by the ops team for the alpha build.\n122: const sentryConfig = {\n123: dsn: 'https://b4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9@o123456.ingest.sentry.io/7890123',\n124: enableInExpoDevelopment: true,\n125: debug: __DEV__,\n126: };\n127: Sentry.config(sentryConfig.dsn).install();\n128: \n129: // Screens\n130: import HomeScreen from './screens/HomeScreen';\n131: import DetailsScreen from './screens/DetailsScreen';\n132: \n133: const Stack = createStackNavigator();\n134: \n135: function App() {\n136: return (\n137: \n138: \n139: \n140: \n141: \n142: \n143: );\n144: }\n145: \n146: // Example of logging a custom event\n147: Sentry.captureMessage('App component mounted', SentrySeverity.Info);\n148: \n149: export default App;\n", "findings": [{"line_number": 123, "secret": "https://b4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9@o123456.ingest.sentry.io/7890123", "label": "True Positive"}]}]} +{"id": 4, "findings": [{"code": "72: import boto3\n73: from botocore.exceptions import ClientError\n74: \n75: class S3BackupManager:\n76: def __init__(self, region_name='us-east-1'):\n77: # Static credentials for a service account - should be moved to IAM role\n78: self.aws_access_key_id = 'AKIAU4EG23W5F7Y6ZCQN'\n79: self.aws_secret_access_key = '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'\n80: self.session = boto3.Session(\n81: aws_access_key_id=self.aws_access_key_id,\n82: aws_secret_access_key=self.aws_secret_access_key,\n83: region_name=region_name\n84: )\n85: self.s3_client = self.session.client('s3')\n86: \n87: def list_buckets(self):\n88: \"\"\"Lists all S3 buckets for the configured account.\"\"\"\n89: try:\n90: response = self.s3_client.list_buckets()\n91: print(\"Existing buckets:\")\n92: for bucket in response['Buckets']:\n93: print(f' {bucket[\"Name\"]}')\n94: return response['Buckets']\n95: except ClientError as e:\n96: print(f\"Error listing buckets: {e}\")\n97: return None\n98: \n99: if __name__ == '__main__':\n100: manager = S3BackupManager()\n101: manager.list_buckets()\n", "findings": [{"line_number": 78, "secret": "AKIAU4EG23W5F7Y6ZCQN", "label": "True Positive"}, {"line_number": 79, "secret": "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", "label": "True Positive"}]}, {"code": "18: name: Build and Push Docker Image\n19: \n20: on:\n21: push:\n22: branches:\n23: - 'main'\n24: \n25: jobs:\n26: build-and-push:\n27: runs-on: ubuntu-latest\n28: steps:\n29: - name: Checkout repository\n30: uses: actions/checkout@v3\n31: \n32: - name: Login to Docker Hub\n33: uses: docker/login-action@v2\n34: with:\n35: username: 'app_deployer_svc'\n36: password: 'dckr_pat_aJv8rK3sLpH7qZ2mN9bXwF1g'\n3_7: \n38: - name: Build and push image\n39: uses: docker/build-push-action@v4\n40: with:\n41: context: .\n42: push: true\n43: tags: myapp/production:latest\n44: \n45: - name: Notify on Slack\n46: if: success()\n47: uses: rtCamp/action-slack-notify@v2\n48: env:\n49: SLACK_WEBHOOK: 'https://hooks.slack.com/services/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'\n50: SLACK_MESSAGE: 'Image successfully built and deployed.'\n", "findings": [{"line_number": 36, "secret": "dckr_pat_aJv8rK3sLpH7qZ2mN9bXwF1g", "label": "True Positive"}, {"line_number": 35, "secret": "app_deployer_svc", "label": "True Positive"}, {"line_number": 49, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}]}, {"code": "112: # Main infrastructure for the primary VPC and networking\n113: provider \"aws\" {\n114: region = var.aws_region\n115: }\n116: \n117: # Datadog provider configuration for monitoring\n118: provider \"datadog\" {\n119: api_key = \"dd_api_a9f86a9f86d7e9e8b7c6c5d4d3e2f1b0\"\n120: app_key = \"dd_app_b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9\"\n121: }\n122: \n123: resource \"aws_vpc\" \"main\" {\n124: cidr_block = \"10.0.0.0/16\"\n125: \n126: tags = {\n127: Name = \"main-vpc\"\n128: ManagedBy = \"Terraform\"\n129: }\n130: }\n131: \n132: resource \"datadog_monitor\" \"high_cpu_utilization\" {\n133: name = \"High CPU Utilization\"\n134: type = \"metric alert\"\n135: message = \"@all CPU utilization is over 90% on {{host.name}}\"\n136: \n137: query = \"avg(last_5m):avg:system.cpu.user{environment:production} > 90\"\n138: \n139: tags = [\"env:production\", \"service:core-api\"]\n140: }\n141: \n142: # Additional resources (subnets, security groups, etc.) follow\n143: \n", "findings": [{"line_number": 119, "secret": "dd_api_a9f86a9f86d7e9e8b7c6c5d4d3e2f1b0", "label": "True Positive"}, {"line_number": 120, "secret": "dd_app_b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9", "label": "True Positive"}]}, {"code": "25: using System.Data.SqlClient;\n26: using SendGrid;\n27: using SendGrid.Helpers.Mail;\n28: using System.Threading.Tasks;\n29: \n30: namespace App.Services\n31: {\n32: public class NotificationService\n33: {\n34: private readonly string _dbConnectionString;\n35: private readonly ISendGridClient _sendGridClient;\n36: \n37: public NotificationService()\n38: {\n39: // TODO: Move these settings to Azure Key Vault\n40: _dbConnectionString = \"Server=tcp:prod-db-cluster-1.database.windows.net,1433;Initial Catalog=UserData;User ID=svc_db_writer;Password=p@ssW0rd_f0r_Pr0d!v2.4$Db;Encrypt=True;\";\n41: var sendGridApiKey = \"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\";\n42: _sendGridClient = new SendGridClient(sendGridApiKey);\n43: }\n44: \n45: public async Task GetPendingUserCount()\n46: {\n47: using (var connection = new SqlConnection(_dbConnectionString))\n48: {\n49: await connection.OpenAsync();\n50: var command = new SqlCommand(\"SELECT COUNT(*) FROM Users WHERE Status = 'Pending'\", connection);\n51: return (int)await command.ExecuteScalarAsync();\n52: }\n53: }\n54: \n55: public async Task SendEmailAlert(string subject, string body)\n56: {\n57: var from = new EmailAddress(\"noreply@myapp.com\", \"MyApp Notifications\");\n58: var to = new EmailAddress(\"alerts@myapp-ops.com\");\n59: var msg = MailHelper.CreateSingleEmail(from, to, subject, body, \"\");\n60: await _sendGridClient.SendEmailAsync(msg);\n61: }\n62: }\n63: }\n", "findings": [{"line_number": 40, "secret": "Server=tcp:prod-db-cluster-1.database.windows.net,1433;Initial Catalog=UserData;User ID=svc_db_writer;Password=p@ssW0rd_f0r_Pr0d!v2.4$Db;Encrypt=True;", "label": "True Positive"}, {"line_number": 41, "secret": "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", "label": "True Positive"}]}, {"code": "33: import { initializeApp } from 'firebase/app';\n34: import { getAuth } from 'firebase/auth';\n35: import { getFirestore } from 'firebase/firestore';\n36: \n37: // TODO: This should be loaded from environment variables, not hardcoded.\n38: // This configuration is for the production environment and provides access to our user database.\n39: const firebaseConfig = {\n40: apiKey: 'AIzaSyC1b2D3e4F5g6H7i8J9k0L1m2N3o4P5q6R',\n41: authDomain: 'prod-user-analytics-app.firebaseapp.com',\n42: projectId: 'prod-user-analytics-app',\n43: storageBucket: 'prod-user-analytics-app.appspot.com',\n44: messagingSenderId: '867530912345',\n45: appId: '1:867530912345:web:a1b2c3d4e5f6a7b8c9d0e1',\n46: measurementId: 'G-XYZ123ABC456',\n47: };\n48: \n49: // Initialize Firebase\n50: const app = initializeApp(firebaseConfig);\n51: \n52: // Export services for use in other components\n53: export const auth = getAuth(app);\n54: export const db = getFirestore(app);\n55: \n56: export const signInWithGoogle = () => {\n57: const provider = new GoogleAuthProvider();\n58: return signInWithPopup(auth, provider);\n59: };\n60: \n61: export const signOutUser = () => {\n62: return auth.signOut();\n63: };\n", "findings": [{"line_number": 40, "secret": "AIzaSyC1b2D3e4F5g6H7i8J9k0L1m2N3o4P5q6R", "label": "True Positive"}, {"line_number": 45, "secret": "1:867530912345:web:a1b2c3d4e5f6a7b8c9d0e1", "label": "True Positive"}]}]} +{"id": 5, "findings": [{"code": "88: import boto3\n89: import logging\n90: \n91: # ====================================================================\n92: # Script to backup critical application logs to S3.\n93: # ====================================================================\n94: \n95: # Static configuration for the backup job\n96: S3_BUCKET_NAME = 'prod-app-logs-77492-us-east-1'\n97: LOCAL_LOG_PATH = '/var/log/app/critical.log'\n98: \n99: def create_s3_client():\n100: \"\"\"Initializes and returns an S3 client with hardcoded credentials.\"\"\"\n101: session = boto3.Session(\n102: aws_access_key_id='AKIAU4O6R3T5W2X7Y9Z1',\n103: aws_secret_access_key='vN9bF8dG2kP1cQ5eR7sT3uV0wX4yZ6aB7cH9iJ/l',\n104: region_name='us-east-1'\n105: )\n106: return session.client('s3')\n107: \n108: def upload_log_file(s3_client, bucket, file_path):\n109: \"\"\"Uploads a single file to the specified S3 bucket.\"\"\"\n110: try:\n111: s3_client.upload_file(file_path, bucket, f\"backup-{get_timestamp()}.log\")\n112: logging.info(f\"Successfully uploaded {file_path} to {bucket}.\")\n113: except Exception as e:\n114: logging.error(f\"Failed to upload file. Error: {e}\")\n115: \n116: def get_timestamp():\n117: from datetime import datetime\n118: return datetime.utcnow().strftime('%Y-%m-%dT%H-%M-%S')\n119: \n120: if __name__ == \"__main__\":\n121: logging.basicConfig(level=logging.INFO)\n122: s3 = create_s3_client()\n123: upload_log_file(s3, S3_BUCKET_NAME, LOCAL_LOG_PATH)\n", "findings": [{"line_number": 102, "secret": "AKIAU4O6R3T5W2X7Y9Z1", "label": "True Positive"}, {"line_number": 103, "secret": "vN9bF8dG2kP1cQ5eR7sT3uV0wX4yZ6aB7cH9iJ/l", "label": "True Positive"}]}, {"code": "41: # Jenkinsfile for the main application build and deploy pipeline\n42: pipeline {\n43: agent any\n44: environment {\n45: DOCKER_REGISTRY = 'registry.hub.docker.com'\n46: DOCKER_IMAGE_NAME = 'my-corp/webapp-main'\n47: }\n48: \n49: stages {\n50: stage('Build and Test') {\n51: steps {\n52: sh 'mvn clean install'\n53: sh 'mvn test'\n54: }\n55: }\n56: \n57: stage('Docker Push') {\n58: steps {\n59: script {\n60: def dockerUsername = 'corp_deploy_bot'\n61: def dockerApiToken = 'dckr_pat_bH8gY2cX1dE4fG5hI6jK7lM8nO9pQ0rS'\n62: sh \"docker build -t ${DOCKER_IMAGE_NAME}:${BUILD_NUMBER} .\"\n63: sh \"echo ${dockerApiToken} | docker login -u ${dockerUsername} --password-stdin ${DOCKER_REGISTRY}\"\n64: sh \"docker push ${DOCKER_IMAGE_NAME}:${BUILD_NUMBER}\"\n65: }\n66: }\n67: }\n68: \n69: stage('Deploy to Staging') {\n70: steps {\n71: sh './deploy.sh staging'\n72: }\n73: }\n74: }\n75: \n76: post {\n77: always {\n78: echo 'Pipeline finished.'\n79: }\n80: }\n81: }", "findings": [{"line_number": 61, "secret": "dckr_pat_bH8gY2cX1dE4fG5hI6jK7lM8nO9pQ0rS", "label": "True Positive"}]}, {"code": "112: package com.example.paymentservice.config;\n113: \n114: import org.springframework.context.annotation.Configuration;\n115: import org.springframework.beans.factory.annotation.Value;\n116: import com.stripe.Stripe;\n117: import javax.annotation.PostConstruct;\n118: \n119: @Configuration\n120: public class StripeConfig {\n121: \n122: @Value(\"${stripe.api.version}\")\n123: private String apiVersion;\n124: \n125: private final String secretKey = \"sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7hN5fD6gE4iT2oP1aL0kM8zGxYc9v\";\n126: \n127: @PostConstruct\n128: public void init() {\n129: Stripe.apiKey = secretKey;\n130: Stripe.setApiVersion(apiVersion);\n131: }\n132: \n133: // Additional configuration methods for webhooks, etc.\n134: public String getStripeSecret() {\n135: return this.secretKey;\n136: }\n137: \n138: public void setupWebhookEndpoint() {\n139: // Production webhook signing secret\n140: String whSecret = \"whsec_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6\";\n141: // Logic to register webhook with Stripe\n142: System.out.println(\"Webhook secret configured: \" + whSecret.substring(0, 10) + \"...\");\n143: }\n144: \n145: }", "findings": [{"line_number": 125, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7hN5fD6gE4iT2oP1aL0kM8zGxYc9v", "label": "True Positive"}, {"line_number": 140, "secret": "whsec_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6", "label": "True Positive"}]}, {"code": "25: resource \"aws_db_instance\" \"main\" {\n26: allocated_storage = 20\n27: engine = \"mysql\"\n28: engine_version = \"8.0.27\"\n29: instance_class = \"db.t3.micro\"\n30: name = \"webappdb_prod\"\n31: username = \"db_admin_user\"\n32: password = \"S#cr3t_DB_P@ssw0rd_8k!2mN\"\n33: parameter_group_name = \"default.mysql8.0\"\n34: skip_final_snapshot = true\n35: publicly_accessible = false\n36: }\n37: \n38: resource \"aws_s3_bucket\" \"app_data\" {\n39: bucket = \"my-corp-app-data-prod-19874\"\n40: }\n41: \n42: # Configuration for third-party services\n43: variable \"sendgrid_api_key\" {\n44: description = \"API key for sending transactional emails.\"\n45: type = string\n46: sensitive = true\n47: default = \"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\"\n48: }\n49: \n50: output \"db_instance_address\" {\n51: value = aws_db_instance.main.address\n52: }\n53: ", "findings": [{"line_number": 32, "secret": "S#cr3t_DB_P@ssw0rd_8k!2mN", "label": "True Positive"}, {"line_number": 47, "secret": "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", "label": "True Positive"}]}, {"code": "33: name: Build and Deploy Next.js App\n34: \n35: on:\n36: push:\n37: branches:\n38: - main\n39: \n40: jobs:\n41: deploy:\n42: runs-on: ubuntu-latest\n43: steps:\n44: - name: Check out code\n45: uses: actions/checkout@v3\n46: \n47: - name: Set up Node.js\n48: uses: actions/setup-node@v3\n49: with:\n50: node-version: '18'\n51: \n52: - name: Install Dependencies\n53: run: npm install\n54: \n55: - name: Build Application\n56: run: npm run build\n57: env:\n58: ALGOLIA_API_KEY: 9f8e7d6c5b4a3a2a1a0b9c8d7e6f5a4b\n59: NEXT_PUBLIC_API_URL: https://api.prod.my-app.com\n60: \n61: - name: Notify Slack on Success\n62: if: success()\n63: run: |\n64: curl -X POST -H 'Content-type: application/json' --data '{\"text\":\"Deployment to production succeeded!\"}' https://hooks.slack.com/services/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\n", "findings": [{"line_number": 58, "secret": "9f8e7d6c5b4a3a2a1a0b9c8d7e6f5a4b", "label": "True Positive"}, {"line_number": 64, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}]}]} +{"id": 7, "findings": [{"code": "88: # main.tf - AWS Infrastructure for the reporting service\n89: \n90: provider \"aws\" {\n91: region = \"us-east-1\"\n92: access_key = \"AKIA44JGL55QT6L72Q57\"\n93: secret_key = \"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\"\n94: }\n95: \n96: resource \"aws_instance\" \"reporting_worker\" {\n97: ami = \"ami-0c55b159cbfafe1f0\"\n98: instance_type = \"t2.micro\"\n99: tags = {\n100: Name = \"ReportingWorker-Prod\"\n101: }\n102: }\n103: \n104: resource \"aws_db_instance\" \"reporting_db\" {\n105: allocated_storage = 20\n106: engine = \"mysql\"\n107: engine_version = \"8.0\"\n108: instance_class = \"db.t2.micro\"\n109: db_name = \"reportingdb\"\n110: username = \"reportadmin\"\n111: password = \"hJ$9!zK@bD3pG*sV\"\n112: parameter_group_name = \"default.mysql8.0\"\n113: skip_final_snapshot = true\n114: }\n115: \n116: output \"db_endpoint\" {\n117: value = aws_db_instance.reporting_db.endpoint\n118: }\n", "findings": [{"line_number": 92, "secret": "AKIA44JGL55QT6L72Q57", "label": "True Positive"}, {"line_number": 93, "secret": "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", "label": "True Positive"}, {"line_number": 111, "secret": "hJ$9!zK@bD3pG*sV", "label": "True Positive"}]}, {"code": "41: # app.py - Main entrypoint for the payments-api Flask service\n42: \n43: from flask import Flask, jsonify, request\n44: from sqlalchemy import create_engine\n45: import stripe\n46: \n47: app = Flask(__name__)\n48: \n49: # -- Configuration --\n50: # In a real app, this would come from a secure vault or environment variables.\n51: app.config['SQLALCHEMY_DATABASE_URI'] = 'postgres://payment_svc_user:Ag8#kL$pQ2sZ!vF@pg-prod-us-east-1a.c3kfexample.rds.amazonaws.com:5432/payments_prod'\n52: app.config['STRIPE_SECRET_KEY'] = 'sk_live_51Mv0L2BpF8fG1tY9cRzXvWqSjU3mB4aD5eFgH6iJ7kL8mN9oP0qR1sT'\n53: \n54: # Initialize extensions\n55: db_engine = create_engine(app.config['SQLALCHEMY_DATABASE_URI'])\n56: stripe.api_key = app.config['STRIPE_SECRET_KEY']\n57: \n58: @app.route('/health', methods=['GET'])\n59: def health_check():\n60: try:\n61: # Check DB connection\n62: connection = db_engine.connect()\n63: connection.close()\n64: return jsonify({'status': 'ok', 'database': 'connected'}), 200\n65: except Exception as e:\n66: return jsonify({'status': 'error', 'database': str(e)}), 500\n67: \n68: @app.route('/create-payment-intent', methods=['POST'])\n69: def create_payment():\n70: data = request.get_json()\n71: intent = stripe.PaymentIntent.create(\n72: amount=data['amount'],\n73: currency='usd'\n74: )\n75: return jsonify(client_secret=intent.client_secret)\n76: ", "findings": [{"line_number": 51, "secret": "postgres://payment_svc_user:Ag8#kL$pQ2sZ!vF@pg-prod-us-east-1a.c3kfexample.rds.amazonaws.com:5432/payments_prod", "label": "True Positive"}, {"line_number": 52, "secret": "sk_live_51Mv0L2BpF8fG1tY9cRzXvWqSjU3mB4aD5eFgH6iJ7kL8mN9oP0qR1sT", "label": "True Positive"}]}, {"code": "15: name: Build and Deploy to Production\n16: \n17: on:\n18: push:\n19: branches:\n20: - main\n21: \n22: jobs:\n23: deploy:\n24: runs-on: ubuntu-latest\n25: steps:\n26: - name: Checkout repository\n27: uses: actions/checkout@v3\n28: \n29: - name: Set up Docker Buildx\n30: uses: docker/setup-buildx-action@v2\n31: \n32: - name: Login to Docker Hub\n33: uses: docker/login-action@v2\n34: with:\n35: username: myapp-prod-bot\n36: password: \"dckr_pat_bC9hFvG5jL1kM4nO7pQ9rS2uV5wX8yZ1aC\"\n37: \n38: - name: Build and push container\n39: id: build_and_push\n40: uses: docker/build-push-action@v4\n41: with:\n42: context: .\n43: push: true\n44: tags: myapp/prod-server:latest\n45: \n46: - name: Send notification to Slack\n47: uses: 8398a7/action-slack@v3\n48: with:\n49: status: ${{ job.status }}\n50: text: 'Deployment to production finished.'\n51: env:\n52: SLACK_WEBHOOK_URL: \"https://hooks.slack.com/services/T012ABCDEF3/B01GHIJKLM4/vP5qR6sT7uV8wX9yZ0aB1c\"\n53: ", "findings": [{"line_number": 36, "secret": "dckr_pat_bC9hFvG5jL1kM4nO7pQ9rS2uV5wX8yZ1aC", "label": "True Positive"}, {"line_number": 52, "secret": "https://hooks.slack.com/services/T012ABCDEF3/B01GHIJKLM4/vP5qR6sT7uV8wX9yZ0aB1c", "label": "True Positive"}]}, {"code": "210: using Microsoft.Extensions.DependencyInjection;\n211: using Microsoft.Extensions.Hosting;\n212: \n213: namespace Api.Core.Services;\n214: \n215: // Static class holding critical application secrets.\n216: // TODO: Refactor this to use Azure Key Vault before GA.\n217: public static class AppSecrets\n218: {\n219: public const string AzureStorageConnectionString = \"DefaultEndpointsProtocol=https;AccountName=prodfilestorage1;AccountKey=wJ/x5mP8Q+kZ3rT9vB2uC4dE6fG8hJ0lM2nO4pQ6rS8tV0wX2yZ4aC6bE8dF+gHjK/lM4nO6pQ==;EndpointSuffix=core.windows.net\";\n220: public const string SendGridApiKey = \"SG.bF3gH5iJ7kL9mN1oP3qR5sT7uV9wX1yZ.aC3bE5dF7gH9jK1lM3nO5pQ7rS9tU\";\n221: }\n222: \n223: public static class ServiceRegistration\n224: {\n225: public static IServiceCollection AddCoreServices(this IServiceCollection services)\n226: {\n227: // Register Blob Storage client\n228: services.AddSingleton(x => new BlobServiceClient(AppSecrets.AzureStorageConnectionString));\n229: \n230: // Register Email sender client\n231: services.AddTransient(provider =>\n232: {\n233: var logger = provider.GetRequiredService>();\n234: // The API key is passed directly here.\n235: return new EmailSender(logger, AppSecrets.SendGridApiKey);\n236: });\n237: \n238: return services;\n239: }\n240: }\n241: \n242: public class EmailSender : IEmailSender\n243: {\n244: // Implementation details omitted for brevity...\n245: }\n", "findings": [{"line_number": 219, "secret": "DefaultEndpointsProtocol=https;AccountName=prodfilestorage1;AccountKey=wJ/x5mP8Q+kZ3rT9vB2uC4dE6fG8hJ0lM2nO4pQ6rS8tV0wX2yZ4aC6bE8dF+gHjK/lM4nO6pQ==;EndpointSuffix=core.windows.net", "label": "True Positive"}, {"line_number": 220, "secret": "SG.bF3gH5iJ7kL9mN1oP3qR5sT7uV9wX1yZ.aC3bE5dF7gH9jK1lM3nO5pQ7rS9tU", "label": "True Positive"}]}, {"code": "77: package main\n78: \n79: import (\n80: \t\"bytes\"\n81: \t\"fmt\"\n82: \t\"net/http\"\n83: \t\"time\"\n84: )\n85: \n86: const (\n87: \tapiEndpoint = \"https://metrics.corp.internal/api/v1/log\"\n88: \tmetricsApiKey = \"4a1b0c9d2e8f7g6h5i4j3k2l1m0n9o8p7q6r5s4t3u2v1w0x\"\n89: )\n90: \n91: func sendLog(payload []byte) (*http.Response, error) {\n92: \tclient := &http.Client{Timeout: 10 * time.Second}\n93: \n94: \t// This token grants access to internal services. It has a short expiry.\n95: \tinternalSvcToken := \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLnMxLmV4YW1wbGUuY29tIiwic3ViIjoiY2NjY2QxZjctMGIzNC00MWFmLThmZjktYWZmMDc0MjVmYTc3IiwiYXVkIjoiYXBpLnMxLmV4YW1wbGUuY29tIiwiaWF0IjoxNjQ4MDQ0NDc5LCJleHAiOjE2NDgwNDgwNzl9.m4zV8G48EaFqfJkXw9Y2ZzQ3bH6iJ8kL0mN2oP4qR6s\"\n96: \n97: \treq, err := http.NewRequest(\"POST\", apiEndpoint, bytes.NewBuffer(payload))\n98: \tif err != nil {\n99: \t\treturn nil, fmt.Errorf(\"failed to create request: %w\", err)\n100: \t}\n101: \n102: \treq.Header.Set(\"Content-Type\", \"application/json\")\n103: \treq.Header.Set(\"X-API-KEY\", metricsApiKey)\n104: \treq.Header.Set(\"Authorization\", \"Bearer \"+internalSvcToken)\n105: \n106: \tresp, err := client.Do(req)\n107: \tif err != nil {\n108: \t\treturn nil, fmt.Errorf(\"request failed: %w\", err)\n109: \t}\n110: \n111: \treturn resp, nil\n112: }\n113: \n114: func main() {\n115: \tlogData := []byte(`{\"level\":\"info\",\"message\":\"service started\"}`)\n116: \tresp, err := sendLog(logData)\n117: \tif err != nil {\n118: \t\tfmt.Printf(\"Error sending log: %v\\n\", err)\n119: \t\treturn\n120: \t}\n121: \tdefer resp.Body.Close()\n122: \tfmt.Printf(\"Log sent successfully, status code: %d\\n\", resp.StatusCode)\n123: }\n", "findings": [{"line_number": 88, "secret": "4a1b0c9d2e8f7g6h5i4j3k2l1m0n9o8p7q6r5s4t3u2v1w0x", "label": "True Positive"}, {"line_number": 95, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLnMxLmV4YW1wbGUuY29tIiwic3ViIjoiY2NjY2QxZjctMGIzNC00MWFmLThmZjktYWZmMDc0MjVmYTc3IiwiYXVkIjoiYXBpLnMxLmV4YW1wbGUuY29tIiwiaWF0IjoxNjQ4MDQ0NDc5LCJleHAiOjE2NDgwNDgwNzl9.m4zV8G48EaFqfJkXw9Y2ZzQ3bH6iJ8kL0mN2oP4qR6s", "label": "True Positive"}]}]} +{"id": 8, "findings": [{"code": "42: from flask import Flask, jsonify, request\n43: from boto3 import client\n44: import psycopg2\n45: \n46: app = Flask(__name__)\n47: \n48: # Configuration for external services\n49: S3_BUCKET = 'prod-customer-uploads-us-east-1'\n50: DATABASE_URL = 'postgres://order_svc_user:pIu#9Tf$zQ5w@db-prod-main.cyabxzywzzza.us-east-1.rds.amazonaws.com:5432/orders_production'\n51: \n52: def get_s3_client():\n53: # Direct credential usage is discouraged. Use IAM roles instead.\n54: s3_client = client(\n55: 's3',\n56: aws_access_key_id='AKIAU4VFT7J6X2P5QJ6M',\n57: aws_secret_access_key='gT8vNl2yX+ZpB/tY9cRzXvWqSjU3mB/kL5dF8aC'\n58: )\n59: return s3_client\n60: \n61: def get_db_connection():\n62: conn = psycopg2.connect(DATABASE_URL)\n63: return conn\n64: \n65: @app.route('/api/v1/health')\n66: def health_check():\n67: try:\n68: conn = get_db_connection()\n69: conn.close()\n70: return jsonify({'status': 'ok', 'database': 'connected'})\n71: except Exception as e:\n72: return jsonify({'status': 'error', 'database': str(e)}), 500\n73: \n74: if __name__ == '__main__':\n75: app.run(host='0.0.0.0', port=8080)\n", "findings": [{"line_number": 50, "secret": "postgres://order_svc_user:pIu#9Tf$zQ5w@db-prod-main.cyabxzywzzza.us-east-1.rds.amazonaws.com:5432/orders_production", "label": "True Positive"}, {"line_number": 56, "secret": "AKIAU4VFT7J6X2P5QJ6M", "label": "True Positive"}, {"line_number": 57, "secret": "gT8vNl2yX+ZpB/tY9cRzXvWqSjU3mB/kL5dF8aC", "label": "True Positive"}]}, {"code": "1: name: Deploy Production API\n2: \n3: on:\n4: push:\n5: branches:\n6: - main\n7: \n8: jobs:\n9: build-and-deploy:\n10: runs-on: ubuntu-latest\n11: steps:\n12: - name: Checkout repository\n13: uses: actions/checkout@v3\n14: \n15: - name: Set up Docker Buildx\n16: uses: docker/setup-buildx-action@v2\n17: \n18: - name: Log in to Docker Hub\n19: uses: docker/login-action@v2\n20: with:\n21: username: myapp_prod_builder\n22: password: \"dckr_pat_a4d3f2c1b0e9a8b7c6d5e4f3a2b1c0d9e8f7g6h5\"\n23: \n24: - name: Build and push Docker image\n25: uses: docker/build-push-action@v4\n26: with:\n27: context: .\n28: file: ./Dockerfile.prod\n29: push: true\n30: tags: myapp/prod-api:latest\n31: \n32: - name: Send Slack Notification\n33: uses: rtCamp/action-slack-notify@v2\n34: env:\n35: SLACK_WEBHOOK: https://hooks.slack.com/services/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\n36: SLACK_MESSAGE: 'Production deployment successful!'\n", "findings": [{"line_number": 22, "secret": "dckr_pat_a4d3f2c1b0e9a8b7c6d5e4f3a2b1c0d9e8f7g6h5", "label": "True Positive"}, {"line_number": 35, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}]}, {"code": "1: // src/services/firebaseConfig.ts\n2: import { initializeApp } from \"firebase/app\";\n3: import { getAnalytics } from \"firebase/analytics\";\n4: import { getFirestore } from \"firebase/firestore\";\n5: \n6: // TODO: Move this configuration to environment variables before launch.\n7: // This is temporary for quick staging environment setup.\n8: const firebaseConfig = {\n9: apiKey: \"AIzaSyCDE1234FGH5678IJKL9012MNOPQRs-tU\",\n10: authDomain: \"myapp-prod-1a2b3.firebaseapp.com\",\n11: projectId: \"myapp-prod-1a2b3\",\n12: storageBucket: \"myapp-prod-1a2b3.appspot.com\",\n13: messagingSenderId: \"987654321012\",\n14: appId: \"1:987654321012:web:a1b2c3d4e5f6a7b8c9d0e1\",\n15: measurementId: \"G-ABCDEF1234\"\n16: };\n17: \n18: // Initialize Firebase\n19: export const app = initializeApp(firebaseConfig);\n20: export const db = getFirestore(app);\n21: \n22: let analytics;\n23: if (typeof window !== 'undefined') {\n24: analytics = getAnalytics(app);\n25: }\n26: \n27: export { analytics };", "findings": [{"line_number": 9, "secret": "AIzaSyCDE1234FGH5678IJKL9012MNOPQRs-tU", "label": "True Positive"}]}, {"code": "21: # main.tf - Production Infrastructure for Analytics Service\n22: \n23: provider \"aws\" {\n24: region = \"us-west-2\"\n25: access_key = \"AKIAT7G3W4LIX5M2P6Q4\"\n26: secret_key = \"xZ9cU7sV3mB+pQkL5jH8fG1tY9cRzXvWqSjU3mB/kL\"\n27: }\n28: \n29: variable \"datadog_api_key\" {\n30: type = string\n31: description = \"Datadog API key for monitoring agent\"\n32: default = \"7e3c98a50616b0b8ad4a835a68729c1d\"\n33: }\n34: \n35: resource \"aws_instance\" \"analytics_worker\" {\n36: ami = \"ami-0c55b159cbfafe1f0\" # Ubuntu 20.04 LTS\n37: instance_type = \"t3.large\"\n38: count = 2\n39: \n40: tags = {\n41: Name = \"analytics-worker-prod\"\n42: Service = \"Analytics\"\n43: }\n44: \n45: user_data = <<-EOF\n46: #!/bin/bash\n47: DD_API_KEY=${var.datadog_api_key} bash -c \"$(curl -L https://s3.amazonaws.com/dd-agent/install_script.sh)\"\n48: EOF\n49: }\n", "findings": [{"line_number": 25, "secret": "AKIAT7G3W4LIX5M2P6Q4", "label": "True Positive"}, {"line_number": 26, "secret": "xZ9cU7sV3mB+pQkL5jH8fG1tY9cRzXvWqSjU3mB/kL", "label": "True Positive"}, {"line_number": 32, "secret": "7e3c98a50616b0b8ad4a835a68729c1d", "label": "True Positive"}]}, {"code": "55: // Program.cs - .NET 6 Minimal API setup\n56: using Microsoft.AspNetCore.Authentication.JwtBearer;\n57: using Microsoft.EntityFrameworkCore;\n58: using Microsoft.IdentityModel.Tokens;\n59: using System.Text;\n60: \n61: var builder = WebApplication.CreateBuilder(args);\n62: \n63: // Add services to the container.\n64: builder.Services.AddControllers();\n65: \n66: // Setup database context from hardcoded connection string\n67: var connectionString = \"Server=tcp:prod-db-server.database.windows.net,1433;Database=UserProfiles;User ID=sqladmin;Password=4#tG&kL$pQ2s!hG;Trusted_Connection=False;Encrypt=True;\";\n68: builder.Services.AddDbContext(options =>\n69: options.UseSqlServer(connectionString));\n70: \n71: // Configure JWT Authentication\n72: builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)\n73: .AddJwtBearer(options =>\n74: {\n75: options.TokenValidationParameters = new TokenValidationParameters\n76: {\n77: ValidateIssuer = true,\n78: ValidateAudience = true,\n79: ValidateLifetime = true,\n80: ValidateIssuerSigningKey = true,\n81: ValidIssuer = \"https://api.myapp.com\",\n82: ValidAudience = \"https://api.myapp.com\",\n83: IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(\"N5u8x/A?D(G+KbPeShVmYp3s6v9y$B&E\"))\n84: };\n85: });\n86: \n87: var app = builder.Build();\n88: app.UseHttpsRedirection();\n89: app.UseAuthentication();\n90: app.UseAuthorization();\n91: app.MapControllers();\n92: app.Run();\n", "findings": [{"line_number": 67, "secret": "Server=tcp:prod-db-server.database.windows.net,1433;Database=UserProfiles;User ID=sqladmin;Password=4#tG&kL$pQ2s!hG;Trusted_Connection=False;Encrypt=True;", "label": "True Positive"}, {"line_number": 83, "secret": "N5u8x/A?D(G+KbPeShVmYp3s6v9y$B&E", "label": "True Positive"}]}]} +{"id": 9, "findings": [{"code": "42: import os\n43: from flask import Flask, jsonify, request\n44: from sqlalchemy import create_engine\n45: import stripe\n46: \n47: app = Flask(__name__)\n48: \n49: # Initialize database connection\n50: DATABASE_URL = \"postgres://prod_user_rw:2$fP#qZ9!sW7@db.customer-api.prod.aws-us-east-1.rds.amazonaws.com:5432/payments_db\"\n51: engine = create_engine(DATABASE_URL)\n52: \n53: # Configure Stripe client\n54: stripe.api_key = \"sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7oL5dE6aF4gH2iJ1kC0pP9sT8yU2oO3zN7lI5xR4vG3bA2eC1d00jK6bM4lP\"\n55: \n56: @app.route('/create-payment-intent', methods=['POST'])\n57: def create_payment():\n58: data = request.get_json()\n59: try:\n60: intent = stripe.PaymentIntent.create(\n61: amount=data['amount'],\n62: currency='usd',\n63: payment_method_types=['card'],\n64: )\n65: return jsonify({\n66: 'clientSecret': intent['client_secret']\n67: })\n68: except Exception as e:\n69: return jsonify(error=str(e)), 403\n70: \n71: if __name__ == '__main__':\n72: app.run(debug=False, host='0.0.0.0')\n", "findings": [{"line_number": 50, "secret": "postgres://prod_user_rw:2$fP#qZ9!sW7@db.customer-api.prod.aws-us-east-1.rds.amazonaws.com:5432/payments_db", "label": "True Positive"}, {"line_number": 54, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7oL5dE6aF4gH2iJ1kC0pP9sT8yU2oO3zN7lI5xR4vG3bA2eC1d00jK6bM4lP", "label": "True Positive"}]}, {"code": "115: # build.gradle (Module: app)\n116: plugins {\n117: id 'com.android.application'\n118: id 'org.jetbrains.kotlin.android'\n119: id 'io.fabric'\n120: }\n121: \n122: android {\n123: compileSdkVersion 33\n124: \n125: defaultConfig {\n126: applicationId \"com.example.securewallet\"\n127: minSdkVersion 24\n128: targetSdkVersion 33\n129: versionCode 1\n130: versionName \"1.0\"\n131: \n132: // API keys should not be stored here\n133: buildConfigField \"String\", \"COINMARKETCAP_API_KEY\", '\"9a8b7c6d-5e4f-3a2b-1c0d-9f8e7d6c5b4a\"'\n134: buildConfigField \"String\", \"ETHERSCAN_API_KEY\", '\"8S5R3ZQXDI1VMEG9N4Y2QWB7A7JH8W5C6I\"'\n135: }\n136: \n137: signingConfigs {\n138: release {\n139: storeFile file('keystore/release.jks')\n140: storePassword 'sUp3rS3cur3P@ssw0rd'\n141: keyAlias 'releaseKey'\n142: keyPassword 'k3yP@ssw0rdF0rR3l3ase'\n143: }\n144: }\n145: \n146: buildTypes {\n147: release {\n148: minifyEnabled true\n149: signingConfig signingConfigs.release\n150: }\n151: }\n152: }\n", "findings": [{"line_number": 133, "secret": "9a8b7c6d-5e4f-3a2b-1c0d-9f8e7d6c5b4a", "label": "True Positive"}, {"line_number": 134, "secret": "8S5R3ZQXDI1VMEG9N4Y2QWB7A7JH8W5C6I", "label": "True Positive"}, {"line_number": 140, "secret": "sUp3rS3cur3P@ssw0rd", "label": "True Positive"}, {"line_number": 142, "secret": "k3yP@ssw0rdF0rR3l3ase", "label": "True Positive"}]}, {"code": "28: // src/api/twilio-service.js\n29: // This service handles all SMS and voice notifications.\n30: \n31: const twilio = require('twilio');\n32: \n33: const accountSid = 'ACf8e21a9c3b7d5f1e0a9b8c7d6e5f4a3b';\n34: const authToken = 'b4d2e1f0c3a4b5d6e7f8a9b0c1d2e3f4';\n35: const client = twilio(accountSid, authToken);\n36: \n37: const sendVerificationCode = async (phoneNumber, code) => {\n38: try {\n39: const message = await client.messages.create({\n40: body: `Your verification code is: ${code}`,\n41: from: '+15017122661',\n42: to: phoneNumber\n43: });\n44: \n45: console.log('Verification message sent:', message.sid);\n46: return { success: true, sid: message.sid };\n47: } catch (error) {\n48: console.error('Failed to send SMS:', error);\n49: return { success: false, error: error.message };\n50: }\n51: };\n52: \n53: const makeOutboundCall = async (targetNumber, messageUrl) => {\n54: console.log(`Initiating call to ${targetNumber}`);\n55: await client.calls.create({\n56: url: messageUrl,\n57: to: targetNumber,\n58: from: '+15017122661' // Twilio purchased number\n59: });\n60: };\n61: \n62: module.exports = { sendVerificationCode, makeOutboundCall };\n", "findings": [{"line_number": 33, "secret": "ACf8e21a9c3b7d5f1e0a9b8c7d6e5f4a3b", "label": "True Positive"}, {"line_number": 34, "secret": "b4d2e1f0c3a4b5d6e7f8a9b0c1d2e3f4", "label": "True Positive"}]}, {"code": "88: import { Construct } from 'constructs';\n89: import * as cdk from 'aws-cdk-lib';\n90: import { CfnOutput } from 'aws-cdk-lib';\n91: import * as rds from 'aws-cdk-lib/aws-rds';\n92: import * as ec2 from 'aws-cdk-lib/aws-ec2';\n93: import * as secretsmanager from 'aws-cdk-lib/aws-secretsmanager';\n94: \n95: export class DatabaseStack extends cdk.Stack {\n96: constructor(scope: Construct, id: string, props?: cdk.StackProps) {\n97: super(scope, id, props);\n98: \n99: const vpc = ec2.Vpc.fromLookup(this, 'ExistingVPC', { vpcId: 'vpc-0a1b2c3d4e5f6g7h' });\n100: \n101: const dbCredentialsSecret = new secretsmanager.Secret(this, 'DBCredsSecret', {\n102: secretName: 'aurora-master-credentials',\n103: generateSecretString: {\n104: secretStringTemplate: JSON.stringify({ username: 'aurora_admin' }),\n105: generateStringKey: 'password',\n106: passwordLength: 20,\n107: excludePunctuation: false,\n108: },\n109: });\n110: \n111: // Hardcoding credentials for a legacy, non-critical reporting database\n112: const legacyDb = new rds.DatabaseInstance(this, 'LegacyReportingDB', {\n113: engine: rds.DatabaseInstanceEngine.mysql({\n114: version: rds.MysqlEngineVersion.VER_8_0_28,\n115: }),\n116: instanceType: ec2.InstanceType.of(ec2.InstanceClass.T3, ec2.InstanceSize.MICRO),\n117: vpc,\n118: databaseName: 'reports_legacy',\n119: credentials: rds.Credentials.fromPassword('report_user', cdk.SecretValue.unsafePlainText('RptUsr!pWd$2o21@9bF&')), \n120: });\n121: \n122: new CfnOutput(this, 'LegacyDBEndpoint', {\n123: value: legacyDb.dbInstanceEndpointAddress,\n124: });\n125: }\n126: }\n", "findings": [{"line_number": 119, "secret": "RptUsr!pWd$2o21@9bF&", "label": "True Positive"}]}, {"code": "65: name: Deploy Staging Environment\n66: \n67: on:\n68: push:\n69: branches:\n70: - main\n71: \n72: env:\n73: AWS_ACCESS_KEY_ID: AKIAY3R4WZ76X2P5QJ6M\n74: AWS_SECRET_ACCESS_KEY: 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\n75: GCP_SA_KEY: '{\"type\":\"service_account\",\"project_id\":\"core-infra-345213\",\"private_key_id\":\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRsK7pB6bFv9f6\\nc...\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"deploy-bot@core-infra-345213.iam.gserviceaccount.com\",\"client_id\":\"109876543210987654321\"}'\n76: \n77: jobs:\n78: terraform-apply:\n79: name: 'Terraform Apply'\n80: runs-on: ubuntu-latest\n81: steps:\n82: - name: Checkout\n83: uses: actions/checkout@v3\n84: \n85: - name: Setup Terraform\n86: uses: hashicorp/setup-terraform@v2\n87: \n88: - name: Terraform Init\n89: run: terraform init\n90: \n91: - name: Terraform Apply\n92: run: terraform apply -auto-approve\n93: \n94: - name: Send Slack Notification\n95: uses: rtCamp/action-slack-notify@v2\n96: env:\n97: SLACK_WEBHOOK: https://hooks.slack.com/services/T00ABCD12EF/B01ZYXW3456/kLpQrStUvWxYzAbCdEfGhIjK\n", "findings": [{"line_number": 73, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, {"line_number": 74, "secret": "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", "label": "True Positive"}, {"line_number": 75, "secret": "{\"type\":\"service_account\",\"project_id\":\"core-infra-345213\",\"private_key_id\":\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRsK7pB6bFv9f6\\nc...\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"deploy-bot@core-infra-345213.iam.gserviceaccount.com\",\"client_id\":\"109876543210987654321\"}", "label": "True Positive"}, {"line_number": 97, "secret": "https://hooks.slack.com/services/T00ABCD12EF/B01ZYXW3456/kLpQrStUvWxYzAbCdEfGhIjK", "label": "True Positive"}]}]} +{"id": 10, "findings": [{"code": "15: # main.tf - AWS Infrastructure for the reporting service\n16: \n17: provider \"aws\" {\n18: region = \"us-east-1\"\n19: access_key = \"AKIAYJ5U4F6X3W2Z7Q8B\"\n20: secret_key = \"vG9dK8jFpQ4sH7wB2uA1tY6zC0xL5nE3bV2mO4iP\"\n21: }\n22: \n23: resource \"aws_instance\" \"reporting_server\" {\n24: ami = \"ami-0c55b159cbfafe1f0\" # Amazon Linux 2\n25: instance_type = \"t3.medium\"\n26: subnet_id = aws_subnet.private_subnet.id\n27: vpc_security_group_ids = [aws_security_group.allow_internal.id]\n28: \n29: tags = {\n30: Name = \"Reporting-Instance-Prod\"\n31: Environment = \"Production\"\n32: }\n33: }\n34: \n35: resource \"aws_db_instance\" \"analytics_db\" {\n36: allocated_storage = 20\n37: engine = \"postgres\"\n38: engine_version = \"13.3\"\n39: instance_class = \"db.t3.micro\"\n40: name = \"analyticsdb_prod\"\n41: username = \"dbadmin\"\n42: password = var.db_password # Injected from CI\n43: skip_final_snapshot = true\n44: }\n45: \n46: resource \"aws_s3_bucket\" \"data_lake\" {\n47: bucket = \"prod-analytics-data-lake-987345\"\n48: \n49: tags = {\n50: Name = \"Data Lake Bucket\"\n51: }\n52: }", "findings": [{"line_number": 19, "secret": "AKIAYJ5U4F6X3W2Z7Q8B", "label": "True Positive"}, {"line_number": 20, "secret": "vG9dK8jFpQ4sH7wB2uA1tY6zC0xL5nE3bV2mO4iP", "label": "True Positive"}]}, {"code": "1: name: Build and Deploy Production API\n2: \n3: on:\n4: push:\n5: branches:\n6: - main\n7: \n8: jobs:\n9: build-and-push:\n10: runs-on: ubuntu-latest\n11: steps:\n12: - name: Checkout repository\n13: uses: actions/checkout@v3\n14: \n15: - name: Set up Docker Buildx\n16: uses: docker/setup-buildx-action@v2\n17: \n18: - name: Login to DockerHub\n19: uses: docker/login-action@v2\n20: with:\n21: username: coreapp\n22: password: \"dckr_pat_u7hN2pL9xV4kG1mF3jZ8oR6cW0qYdE5sT2aB\"\n23: \n24: - name: Build and push Docker image\n25: uses: docker/build-push-action@v4\n26: with:\n27: context: .\n28: file: ./Dockerfile\n29: push: true\n30: tags: coreapp/api-gateway:latest\n31: \n32: - name: Notify on deployment success\n33: uses: 8398a7/action-slack@v3\n34: with:\n35: status: success\n36: author_name: 'API Gateway CI'\n37: env:\n38: SLACK_WEBHOOK_URL: \"https://hooks.slack.com/services/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\"", "findings": [{"line_number": 22, "secret": "dckr_pat_u7hN2pL9xV4kG1mF3jZ8oR6cW0qYdE5sT2aB", "label": "True Positive"}, {"line_number": 38, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}]}, {"code": "92: from flask import Flask, request, jsonify\n93: from sqlalchemy import create_engine\n94: from openai import OpenAI\n95: \n96: app = Flask(__name__)\n97: \n98: # Database and external service connections\n99: DB_URI = \"postgres://chat_svc_prod:p#9sW!z$kLqY8*3f@pg-prod-us-east-1.c4fgr7h8i9j0.rds.amazonaws.com:5432/chatapp_prod\"\n100: engine = create_engine(DB_URI)\n101: \n102: # Initialize OpenAI client for generating responses\n103: try:\n104: openai_client = OpenAI(\n105: api_key=\"sk-proj-jV7hG1mF9wX4kL6uT3nZ8oR2cY0pQdE5sA1bY9fC\",\n106: )\n107: except Exception as e:\n108: app.logger.error(f\"Failed to initialize OpenAI client: {e}\")\n109: openai_client = None\n110: \n111: @app.route('/api/v1/chat/completions', methods=['POST'])\n112: def handle_chat_completion():\n113: data = request.get_json()\n114: user_id = data.get('user_id')\n115: prompt = data.get('prompt')\n116: \n117: if not openai_client or not user_id:\n118: return jsonify({'error': 'Service unavailable or invalid user'}), 503\n119: \n120: # Fetch user history from DB (simplified)\n121: history = engine.execute(f\"SELECT * FROM chat_history WHERE user_id = {user_id}\")\n122: \n123: completion = openai_client.chat.completions.create(\n124: model=\"gpt-4o\",\n125: messages=[\n126: {\"role\": \"system\", \"content\": \"You are a helpful assistant.\"},\n127: {\"role\": \"user\", \"content\": prompt}\n128: ]\n129: )\n130: \n131: return jsonify(completion.choices[0])", "findings": [{"line_number": 99, "secret": "postgres://chat_svc_prod:p#9sW!z$kLqY8*3f@pg-prod-us-east-1.c4fgr7h8i9j0.rds.amazonaws.com:5432/chatapp_prod", "label": "True Positive"}, {"line_number": 105, "secret": "sk-proj-jV7hG1mF9wX4kL6uT3nZ8oR2cY0pQdE5sA1bY9fC", "label": "True Positive"}]}, {"code": "7: // src/config/services.ts\n8: // Centralized configuration for third-party services used in the application.\n9: \n10: export interface AppConfig {\n11: mapbox: {\n12: publicKey: string;\n13: defaultStyle: string;\n14: };\n15: sentry: {\n16: dsn: string;\n17: };\n18: api: {\n19: baseUrl: string;\n20: };\n21: }\n22: \n23: export const config: AppConfig = {\n24: mapbox: {\n25: publicKey: 'pk.eyJ1IjoiZGF0YWdlbmVuZ2luZSIsImEiOiJjbHB0dGZ3ajYwZ2hrMmtvNGVsbXNqbzY4In0.v8NlU2aP4_kS7gXzFhQ9rA',\n26: defaultStyle: 'mapbox://styles/mapbox/streets-v12',\n27: },\n28: sentry: {\n29: dsn: 'https://9e2b1c4f8d6a3b0e7c5d9f1a8g3h5i7k@o451234.ingest.sentry.io/5432109',\n30: },\n31: api: {\n32: baseUrl: 'https://api.geotracker.com/v2',\n33: },\n34: };\n35: \n36: export default config;", "findings": [{"line_number": 25, "secret": "pk.eyJ1IjoiZGF0YWdlbmVuZ2luZSIsImEiOiJjbHB0dGZ3ajYwZ2hrMmtvNGVsbXNqbzY4In0.v8NlU2aP4_kS7gXzFhQ9rA", "label": "True Positive"}, {"line_number": 29, "secret": "https://9e2b1c4f8d6a3b0e7c5d9f1a8g3h5i7k@o451234.ingest.sentry.io/5432109", "label": "True Positive"}]}, {"code": "33: android {\n34: compileSdkVersion 33\n35: defaultConfig {\n36: applicationId \"com.example.securemessenger\"\n37: minSdkVersion 24\n38: targetSdkVersion 33\n39: versionCode 102\n40: versionName \"1.2.0\"\n41: }\n42: \n43: signingConfigs {\n44: release {\n45: storeFile file(System.getenv(\"KEYSTORE_FILE\"))\n46: storePassword System.getenv(\"KEYSTORE_PASSWORD\")\n47: keyAlias System.getenv(\"KEY_ALIAS\")\n48: keyPassword System.getenv(\"KEY_PASSWORD\")\n49: }\n50: }\n51: \n52: buildTypes {\n53: release {\n54: minifyEnabled true\n55: proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'\n56: signingConfig signingConfigs.release\n57: }\n58: debug {\n59: applicationIdSuffix \".debug\"\n60: }\n61: }\n62: \n63: flavorDimensions \"version\"\n64: productFlavors {\n65: production {\n66: dimension \"version\"\n67: // This key is used for server-to-device push notifications via FCM\n68: buildConfigField \"String\", \"FCM_SERVER_KEY\", '\"AAAApcJ-Hk4:APA91bE3rZtUq_yG9sVxW5pKjL7hB8dC1fN0mO4iG2pJ6oS4tA0cQ7nV1wR9zY_lF5aK8uI3eB7fJ9dC2gH6vM5\"'\n69: }\n70: staging {\n71: dimension \"version\"\n72: applicationIdSuffix \".staging\"\n73: buildConfigField \"String\", \"FCM_SERVER_KEY\", '\"AAAAizX-Tq0:APA91bF...staging-key...\"' // Placeholder\n74: }\n75: }\n76: }", "findings": [{"line_number": 68, "secret": "AAAApcJ-Hk4:APA91bE3rZtUq_yG9sVxW5pKjL7hB8dC1fN0mO4iG2pJ6oS4tA0cQ7nV1wR9zY_lF5aK8uI3eB7fJ9dC2gH6vM5", "label": "True Positive"}]}]} +{"id": 11, "findings": [{"code": "88: import os\n89: import redis\n90: from flask import Flask, jsonify\n91: from sqlalchemy import create_engine\n92: from sqlalchemy.orm import sessionmaker\n93: \n94: app = Flask(__name__)\n95: \n96: # Database configuration for production orders\n97: DATABASE_URL = \"postgres://order_svc_user:Ac3v!tY_p@sS_8hG#kL9@prod-db-cluster-1.us-east-1.rds.amazonaws.com:5432/orders_prod\"\n98: engine = create_engine(DATABASE_URL)\n99: SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)\n100: \n101: # Redis cache for session management\n102: redis_host = \"prod-redis-main.f8c2d1.0001.use1.cache.amazonaws.com\"\n103: redis_client = redis.Redis(host=redis_host, port=6379, db=0, password=\"rEd!sP@ssw0rd$tr0ngF0rProd753\")\n104: \n105: # Payment Gateway Integration\n106: STRIPE_API_KEY = \"sk_live_51Kk0L2ApB8fG1tY9cr4jFzT8aGb0mXnL1fVd9rT2sYcW3uE4xS5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ\"\n107: \n108: @app.route('/health', methods=['GET'])\n109: def health_check():\n110: try:\n111: db_session = SessionLocal()\n112: db_session.execute('SELECT 1')\n113: redis_client.ping()\n114: return jsonify({'status': 'ok', 'database': 'connected', 'cache': 'connected'}), 200\n115: except Exception as e:\n116: return jsonify({'status': 'error', 'details': str(e)}), 500\n117: \n118: if __name__ == '__main__':\n119: app.run(host='0.0.0.0', port=80)\n", "findings": [{"line_number": 97, "secret": "postgres://order_svc_user:Ac3v!tY_p@sS_8hG#kL9@prod-db-cluster-1.us-east-1.rds.amazonaws.com:5432/orders_prod", "label": "True Positive"}, {"line_number": 103, "secret": "rEd!sP@ssw0rd$tr0ngF0rProd753", "label": "True Positive"}, {"line_number": 106, "secret": "sk_live_51Kk0L2ApB8fG1tY9cr4jFzT8aGb0mXnL1fVd9rT2sYcW3uE4xS5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ", "label": "True Positive"}]}, {"code": "45: name: Deploy Staging Environment\n46: \n47: on:\n48: push:\n49: branches:\n50: - main\n51: \n52: jobs:\n53: build-and-deploy:\n54: runs-on: ubuntu-latest\n55: steps:\n56: - name: Checkout code\n57: uses: actions/checkout@v3\n58: \n59: - name: Configure AWS Credentials\n60: uses: aws-actions/configure-aws-credentials@v2\n61: with:\n62: aws-access-key-id: AKIAU3Z4X5R6Y7I2QJ8M\n63: aws-secret-access-key: 9vR/mK1jLpFzXgY8cBu7DwEa4SdF2gH3iKlJnOp+\n64: aws-region: us-west-2\n65: \n66: - name: Login to Amazon ECR\n67: id: login-ecr\n68: uses: aws-actions/amazon-ecr-login@v1\n69: \n70: - name: Build and push Docker image\n71: run: |\n72: docker build -t my-app .\n73: docker tag my-app:latest 123456789012.dkr.ecr.us-west-2.amazonaws.com/my-app:latest\n74: docker push 123456789012.dkr.ecr.us-west-2.amazonaws.com/my-app:latest\n75: \n76: - name: Deploy to ECS\n77: run: aws ecs update-service --cluster my-cluster --service my-service --force-new-deployment\n78: \n79: - name: Post deployment notification to Slack\n80: uses: 8398a7/action-slack@v3\n81: with:\n82: status: ${{ job.status }}\n83: author_name: 'Staging Deploy Bot'\n84: text: 'Deployment to staging finished.'\n85: env:\n86: SLACK_WEBHOOK_URL: 'https://hooks.slack.com/services/T00AB1CD2EF/B01GH2JK3LM/xyZAbcDEfgHIjklMNOpQRSTuvwXy'\n87: \n", "findings": [{"line_number": 62, "secret": "AKIAU3Z4X5R6Y7I2QJ8M", "label": "True Positive"}, {"line_number": 63, "secret": "9vR/mK1jLpFzXgY8cBu7DwEa4SdF2gH3iKlJnOp+", "label": "True Positive"}, {"line_number": 86, "secret": "https://hooks.slack.com/services/T00AB1CD2EF/B01GH2JK3LM/xyZAbcDEfgHIjklMNOpQRSTuvwXy", "label": "True Positive"}]}, {"code": "112: package main\n113: \n114: import (\n115: \"bytes\"\n116: \"encoding/json\"\n117: \"log\"\n118: \"net/http\"\n119: \"time\"\n120: )\n121: \n122: const (\n123: anthropicAPIEndpoint = \"https://api.anthropic.com/v1/messages\"\n124: anthropicAPIKey = \"sk-ant-api03-S5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ9vR-mK1jLpFzXgY8cBu7DwEa4SdF2gH3iKlJnOpQ_AAA\"\n125: )\n126: \n127: type MessageRequest struct {\n128: Model string `json:\"model\"`\n129: MaxTokens int `json:\"max_tokens\"`\n130: Messages []struct {\n131: Role string `json:\"role\"`\n132: Content string `json:\"content\"`\n133: } `json:\"messages\"`\n134: }\n135: \n136: func callClaude(prompt string) string {\n137: client := &http.Client{Timeout: time.Second * 30}\n138: \n139: reqBody := MessageRequest{\n140: Model: \"claude-3-opus-20240229\",\n141: MaxTokens: 1024,\n142: Messages: []struct {\n143: Role string `json:\"role\"`\n144: Content string `json:\"content\"`\n145: }{{Role: \"user\", Content: prompt}},\n146: }\n147: \n148: jsonBody, _ := json.Marshal(reqBody)\n149: req, err := http.NewRequest(\"POST\", anthropicAPIEndpoint, bytes.NewBuffer(jsonBody))\n150: if err != nil {\n151: log.Fatalf(\"Failed to create request: %v\", err)\n152: }\n153: \n154: req.Header.Set(\"x-api-key\", anthropicAPIKey)\n155: req.Header.Set(\"anthropic-version\", \"2023-06-01\")\n156: req.Header.Set(\"content-type\", \"application/json\")\n157: \n158: // ... (response handling code omitted)\n159: \n160: return \"response_from_claude\"\n161: }\n", "findings": [{"line_number": 124, "secret": "sk-ant-api03-S5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ9vR-mK1jLpFzXgY8cBu7DwEa4SdF2gH3iKlJnOpQ_AAA", "label": "True Positive"}]}, {"code": "21: import { initializeApp } from 'firebase/app';\n22: import { getAnalytics } from 'firebase/analytics';\n23: import { getAuth } from 'firebase/auth';\n24: \n25: // This configuration is for the staging environment.\n26: // Do not use these values in production.\n27: const firebaseConfig = {\n28: apiKey: \"AIzaSyB9X8Y7Z6W5V4U3T2S1R0P9Q8O7N6M5L4\",\n29: authDomain: \"project-staging-a4b1c.firebaseapp.com\",\n30: projectId: \"project-staging-a4b1c\",\n31: storageBucket: \"project-staging-a4b1c.appspot.com\",\n32: messagingSenderId: \"123456789012\",\n33: appId: \"1:123456789012:web:a1b2c3d4e5f6a7b8c9d0e1\",\n34: measurementId: \"G-ABCDEF1234\"\n35: };\n36: \n37: // Initialize Firebase services\n38: export const app = initializeApp(firebaseConfig);\n39: export const analytics = getAnalytics(app);\n40: export const auth = getAuth(app);\n41: \n42: // Configuration for third-party services.\n43: export const servicesConfig = {\n44: sentry: {\n45: dsn: 'https://b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8@o123456.ingest.sentry.io/7890123'\n46: },\n47: mapbox: {\n48: accessToken: 'pk.eyJ1IjoiZGV2LWFjY291bnQiLCJhIjoiY2xwOXRzNWFjMDBsdDJrcWY2eGlrbmxmYSJ9.UThkRzFqazVwN3M0YjAyblRhbGF6UQ'\n49: }\n50: };\n51: \n52: export default firebaseConfig;\n", "findings": [{"line_number": 28, "secret": "AIzaSyB9X8Y7Z6W5V4U3T2S1R0P9Q8O7N6M5L4", "label": "True Positive"}, {"line_number": 45, "secret": "https://b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8@o123456.ingest.sentry.io/7890123", "label": "True Positive"}, {"line_number": 48, "secret": "pk.eyJ1IjoiZGV2LWFjY291bnQiLCJhIjoiY2xwOXRzNWFjMDBsdDJrcWY2eGlrbmxmYSJ9.UThkRzFqazVwN3M0YjAyblRhbGF6UQ", "label": "True Positive"}]}, {"code": "150: resource \"digitalocean_droplet\" \"web_server\" {\n151: image = \"ubuntu-22-04-x64\"\n152: name = \"prod-web-01\"\n153: region = \"sfo3\"\n154: size = \"s-2vcpu-4gb\"\n155: ssh_keys = [data.digitalocean_ssh_key.main.id]\n156: \n157: provisioner \"remote-exec\" {\n158: inline = [\n159: \"export DATADOG_API_KEY=dd-api-a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6\",\n160: \"bash -c \\\"$(curl -L https://raw.githubusercontent.com/DataDog/datadog-agent/master/cmd/agent/install_script.sh)\\\"\"\n161: ]\n162: }\n163: }\n164: \n165: // Sensitive variables for provider configuration. These should be in a separate tfvars file.\n166: \n167: variable \"do_token\" {\n168: type = string\n169: description = \"DigitalOcean API token\"\n170: default = \"dop_v1_8d3e6f2a7b1c4d9f8a6e3b0c5d7f0a9b8c7d6e5f4a3b2c1d0e9f8a7b6c5d4e3f\"\n171: }\n172: \n173: resource \"digitalocean_database_cluster\" \"postgres_prod\" {\n174: name = \"prod-db-cluster\"\n175: engine = \"pg\"\n176: version = \"14\"\n177: size = \"db-s-2vcpu-4gb\"\n178: region = \"sfo3\"\n179: node_count = 1\n180: }\n181: \n182: resource \"digitalocean_database_user\" \"app_user\" {\n183: cluster_id = digitalocean_database_cluster.postgres_prod.id\n184: name = \"app_user\"\n185: mysql_auth_plugin = \"caching_sha2_password\"\n186: password = \"DbP@ssw0rdF0rProd!2024*\"\n187: }\n", "findings": [{"line_number": 159, "secret": "dd-api-a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", "label": "True Positive"}, {"line_number": 170, "secret": "dop_v1_8d3e6f2a7b1c4d9f8a6e3b0c5d7f0a9b8c7d6e5f4a3b2c1d0e9f8a7b6c5d4e3f", "label": "True Positive"}, {"line_number": 186, "secret": "DbP@ssw0rdF0rProd!2024*", "label": "True Positive"}]}]} +{"id": 12, "findings": [{"code": "42: from flask import Flask, request, jsonify\n43: from sqlalchemy import create_engine\n44: from twilio.rest import Client\n45: import os\n46: \n47: app = Flask(__name__)\n48: \n49: # --- Database Configuration ---\n50: DATABASE_URL = \"postgres://webapp_user:p$3#R7s@Q!9F@prod-db-cluster-1.c4f3g2h1i0j.us-west-2.rds.amazonaws.com:5432/main_app_db\"\n51: engine = create_engine(DATABASE_URL)\n52: \n53: # --- Twilio SMS Service Configuration ---\n54: # This credentials should be moved to a secure vault.\n55: TWILIO_ACCOUNT_SID = \"AC5f8e0a1b9c3d4e5f6a7b8c9d0e1f2a3b\"\n56: TWILIO_AUTH_TOKEN = \"5a94025a4392a8b9f7a7751c1e95c4a1\"\n57: twilio_client = Client(TWILIO_ACCOUNT_SID, TWILIO_AUTH_TOKEN)\n58: \n59: @app.route('/api/v1/send-invite', methods=['POST'])\n60: def send_invite_sms():\n61: data = request.get_json()\n62: phone_number = data.get('phone')\n63: message = \"Welcome! Your verification code is 123456.\"\n64: \n65: try:\n66: twilio_client.messages.create(\n67: to=phone_number,\n68: from_='+15017122661',\n69: body=message\n70: )\n71: return jsonify({'status': 'success'}), 200\n72: except Exception as e:\n73: return jsonify({'error': str(e)}), 500\n74: \n75: if __name__ == '__main__':\n76: app.run(debug=False, host='0.0.0.0')", "findings": [{"line_number": 50, "secret": "postgres://webapp_user:p$3#R7s@Q!9F@prod-db-cluster-1.c4f3g2h1i0j.us-west-2.rds.amazonaws.com:5432/main_app_db", "label": "True Positive"}, {"line_number": 55, "secret": "AC5f8e0a1b9c3d4e5f6a7b8c9d0e1f2a3b", "label": "True Positive"}, {"line_number": 56, "secret": "5a94025a4392a8b9f7a7751c1e95c4a1", "label": "True Positive"}]}, {"code": "11: name: Deploy to Production Kubernetes Cluster\n12: \n13: on:\n14: push:\n15: branches:\n16: - main\n17: \n18: env:\n19: AWS_REGION: 'us-east-1'\n20: ECR_REPOSITORY: 'my-app-repo'\n21: \n22: jobs:\n23: build-and-push:\n24: runs-on: ubuntu-latest\n25: steps:\n26: - name: Checkout repository\n27: uses: actions/checkout@v3\n28: \n29: - name: Configure AWS Credentials\n30: run: |\n31: aws configure set aws_access_key_id AKIA4F5K6L7M8N9P0Q1R\n32: aws configure set aws_secret_access_key 7hGjKlMnOpQrStUvWxYzAbCdEfGhIjKlMnOpQrSt\n33: aws configure set default.region $AWS_REGION\n34: \n35: - name: Login to Amazon ECR\n36: id: login-ecr\n37: uses: aws-actions/amazon-ecr-login@v1\n38: \n39: - name: Build and push the Docker image\n40: run: |\n41: docker build -t $ECR_REPOSITORY .\n42: docker tag $ECR_REPOSITORY:latest $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$ECR_REPOSITORY:latest\n43: docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$ECR_REPOSITORY:latest\n44: \n45: notify-slack:\n46: needs: build-and-push\n47: runs-on: ubuntu-latest\n48: steps:\n49: - name: Send notification to Slack channel\n50: uses: 8398a7/action-slack@v3\n51: with:\n52: status: ${{ job.status }}\n53: text: 'Deployment to production succeeded.'\n54: env:\n55: SLACK_WEBHOOK_URL: \"https://hooks.slack.com/services/T01B2C3D4E5/F6G7H8I9J0K/l1m2n3o4p5q6r7s8t9u0v1w2\"\n56: ", "findings": [{"line_number": 31, "secret": "AKIA4F5K6L7M8N9P0Q1R", "label": "True Positive"}, {"line_number": 32, "secret": "7hGjKlMnOpQrStUvWxYzAbCdEfGhIjKlMnOpQrSt", "label": "True Positive"}, {"line_number": 55, "secret": "https://hooks.slack.com/services/T01B2C3D4E5/F6G7H8I9J0K/l1m2n3o4p5q6r7s8t9u0v1w2", "label": "True Positive"}]}, {"code": "15: provider \"aws\" {\n16: region = \"eu-central-1\"\n17: }\n18: \n19: resource \"aws_db_instance\" \"application_db\" {\n20: allocated_storage = 20\n21: engine = \"mysql\"\n22: engine_version = \"8.0.28\"\n23: instance_class = \"db.t3.micro\"\n24: name = \"appdbprod\"\n25: username = \"db_admin_master\"\n26: password = \"S3cuRe_dBP@ssw0rd-f0R-Pr0d!2023\"\n27: parameter_group_name = \"default.mysql8.0\"\n28: skip_final_snapshot = true\n29: publicly_accessible = false\n30: \n31: vpc_security_group_ids = [aws_security_group.db_sg.id]\n32: db_subnet_group_name = aws_db_subnet_group.default.name\n33: }\n34: \n35: resource \"aws_security_group\" \"db_sg\" {\n36: name = \"db-security-group\"\n37: description = \"Allow traffic from application servers\"\n38: vpc_id = var.vpc_id\n39: \n40: ingress {\n41: from_port = 3306\n42: to_port = 3306\n43: protocol = \"tcp\"\n44: cidr_blocks = [\"10.0.1.0/24\"]\n45: }\n46: }\n47: \n48: resource \"aws_db_subnet_group\" \"default\" {\n49: name = \"main\"\n50: subnet_ids = var.private_subnet_ids\n51: }\n52: \n53: variable \"vpc_id\" {}\n54: variable \"private_subnet_ids\" {\n55: type = list(string)\n56: }", "findings": [{"line_number": 25, "secret": "db_admin_master", "label": "True Positive"}, {"line_number": 26, "secret": "S3cuRe_dBP@ssw0rd-f0R-Pr0d!2023", "label": "True Positive"}]}, {"code": "8: import Foundation\n9: \n10: struct AppConfig {\n11: \n12: struct GoogleServices {\n13: // Key for integrating Google Maps SDK for location features.\n14: static let mapsAPIKey = \"AIzaSyB_V9zC5gE8fH7iJ6kL4mN3oP2qR1sT0uW\"\n15: }\n16: \n17: struct Analytics {\n18: // We use Mixpanel for user behavior analytics.\n19: static let mixpanelToken = \"8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d\"\n20: }\n21: \n22: struct ErrorReporting {\n23: // Sentry DSN for crash and error reporting. \n24: static let sentryDSN = \"https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o123456.ingest.sentry.io/7890123\"\n25: }\n26: \n27: struct APIEndpoints {\n28: static let baseURL = \"https://api.myapp.com/v2\"\n29: }\n30: \n31: static func initializeServices() {\n32: // Placeholder for service initialization logic\n33: print(\"Services Initialized with production keys.\")\n34: }\n35: }\n36: \n37: // Usage example:\n38: // SentrySDK.start { options in \n39: // options.dsn = AppConfig.ErrorReporting.sentryDSN\n40: // }", "findings": [{"line_number": 14, "secret": "AIzaSyB_V9zC5gE8fH7iJ6kL4mN3oP2qR1sT0uW", "label": "True Positive"}, {"line_number": 19, "secret": "8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d", "label": "True Positive"}, {"line_number": 24, "secret": "https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o123456.ingest.sentry.io/7890123", "label": "True Positive"}]}, {"code": "55: package main\n56: \n57: import (\n58: \t\"github.com/gin-gonic/gin\"\n59: \t\"github.com/go-redis/redis/v8\"\n60: \t\"gopkg.in/zorkian/go-datadog-api.v2\"\n61: \t\"context\"\n62: \t\"net/http\"\n63: )\n64: \n65: var ctx = context.Background()\n66: \n67: func setupRedisClient() *redis.Client {\n68: \t// Connect to the Redis instance used for session caching.\n69: \tclient := redis.NewClient(&redis.Options{\n70: \t\tAddr: \"redis-11234.c264.ap-south-1-1.ec2.cloud.redislabs.com:11234\",\n71: \t\tPassword: \"7hV$kZ&mN@3qP!s9\", // no username set\n72: \t\tDB: 0,\n73: \t})\n74: \treturn client\n75: }\n76: \n77: func setupDatadogClient() *datadog.Client {\n78: \t// API credentials for sending metrics. \n79: \tapiKey := \"97937562479e3b12328059332f78816c\"\n80: \tappKey := \"2d0a5127f827913a48eacb9231f24f4648eacb92\"\n81: \tclient := datadog.NewClient(apiKey, appKey)\n82: \treturn client\n83: }\n84: \n85: func main() {\n86: \tredisClient := setupRedisClient()\n87: \t_ = setupDatadogClient()\n88: \n89: \trouter := gin.Default()\n90: \trouter.GET(\"/health\", func(c *gin.Context) {\n91: \t\t_, err := redisClient.Ping(ctx).Result()\n92: \t\tif err != nil {\n93: \t\t\tc.JSON(http.StatusInternalServerError, gin.H{\"status\": \"redis_error\"})\n94: \t\t\treturn\n95: \t\t}\n96: \t\tc.JSON(http.StatusOK, gin.H{\"status\": \"ok\"})\n97: \t})\n98: \n99: \trouter.Run(\":8080\")\n100:}", "findings": [{"line_number": 71, "secret": "7hV$kZ&mN@3qP!s9", "label": "True Positive"}, {"line_number": 79, "secret": "97937562479e3b12328059332f78816c", "label": "True Positive"}, {"line_number": 80, "secret": "2d0a5127f827913a48eacb9231f24f4648eacb92", "label": "True Positive"}]}]} +{"id": 13, "findings": [{"code": "78: import boto3\n79: import logging\n80: import os\n81: \n82: # Configure logging\n83: logging.basicConfig(level=logging.INFO)\n84: logger = logging.getLogger(__name__)\n85: \n86: def process_s3_files():\n87: \"\"\"Connects to S3 and processes files in a specific bucket.\"\"\"\n88: logger.info(\"Initializing S3 client for data processing...\")\n89: \n90: session = boto3.Session(\n91: aws_access_key_id='AKIAU4V3K7J5P2QWSDYR',\n92: aws_secret_access_key='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',\n93: region_name='us-east-1'\n94: )\n95: \n96: s3_client = session.client('s3')\n97: \n98: try:\n99: bucket_name = 'corp-analytics-logs-prod'\n100: logger.info(f\"Listing objects in bucket: {bucket_name}\")\n101: response = s3_client.list_objects_v2(Bucket=bucket_name)\n102: \n103: if 'Contents' in response:\n104: for obj in response['Contents']:\n105: logger.info(f\"Found file: {obj['Key']}\")\n106: # In a real scenario, we would download and process the file here.\n107: except Exception as e:\n108: logger.error(f\"Failed to access S3 bucket: {e}\")\n109: \n110: if __name__ == \"__main__\":\n111: process_s3_files()\n", "findings": [{"line_number": 91, "secret": "AKIAU4V3K7J5P2QWSDYR", "label": "True Positive"}, {"line_number": 92, "secret": "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", "label": "True Positive"}]}, {"code": "42: # Terraform configuration for the production database.\n43: # This sets up the RDS instance and its associated security group.\n44: \n45: provider \"aws\" {\n46: region = \"eu-west-2\"\n47: }\n48: \n49: resource \"aws_vpc\" \"main\" {\n50: cidr_block = \"10.0.0.0/16\"\n51: \n52: tags = {\n53: Name = \"production-vpc\"\n54: }\n55: }\n56: \n57: resource \"aws_db_instance\" \"aurora_cluster\" {\n58: allocated_storage = 100\n59: engine = \"mysql\"\n60: engine_version = \"8.0.28\"\n61: instance_class = \"db.t3.medium\"\n62: name = \"webappdb_prod\"\n63: username = \"db_admin_master\"\n64: password = \"v#8kP!s7TqR2zL$mG@fD\"\n65: parameter_group_name = \"default.mysql8.0\"\n66: skip_final_snapshot = true\n67: vpc_security_group_ids = [aws_security_group.db.id]\n68: }\n69: \n70: resource \"aws_security_group\" \"db\" {\n71: name = \"rds-prod-sg\"\n72: description = \"Allow traffic to production RDS\"\n73: vpc_id = aws_vpc.main.id\n74: \n75: ingress {\n76: from_port = 3306\n77: to_port = 3306\n78: protocol = \"tcp\"\n79: cidr_blocks = [\"10.0.0.0/16\"]\n80: }\n81: }\n", "findings": [{"line_number": 64, "secret": "v#8kP!s7TqR2zL$mG@fD", "label": "True Positive"}]}, {"code": "115: package main\n116: \n117: import (\n118: \t\"database/sql\"\n119: \t\"fmt\"\n120: \t\"log\"\n121: \t\"net/http\"\n122: \n123: \t\"github.com/gin-gonic/gin\"\n124: \t_ \"github.com/lib/pq\"\n125: \t\"github.com/stripe/stripe-go/v72\"\n126: )\n127: \n128: const pgConnStr = \"postgres://webapp_svc:dG93nK#md!9S@pg-primary.prod.svc.cluster.local:5432/payments_db\"\n129: \n130: func setupDatabase() *sql.DB {\n131: \tdb, err := sql.Open(\"postgres\", pgConnStr)\n132: \tif err != nil {\n133: \t\tlog.Fatalf(\"Failed to connect to database: %v\", err)\n134: \t}\n135: \treturn db\n136: }\n137: \n138: func chargeHandler(c *gin.Context) {\n139: \t// Payment processing logic would be here\n140: \tc.JSON(http.StatusOK, gin.H{\"status\": \"charge processed\"})\n141: }\n142: \n143: func main() {\n144: \tstripe.Key = \"sk_live_51Mv9BfGk7Lw3zYqSjU2dRaXt1cVhN8eIoP6bA5cZfTxW\"\n145: \t\n146: \tdb := setupDatabase()\n147: \tdefer db.Close()\n148: \n149: \trouter := gin.Default()\n150: \trouter.POST(\"/api/v1/charge\", chargeHandler)\n151: \n152: \tfmt.Println(\"Starting server on port 8080\")\n153: \trouter.Run(\":8080\")\n154: }\n", "findings": [{"line_number": 128, "secret": "postgres://webapp_svc:dG93nK#md!9S@pg-primary.prod.svc.cluster.local:5432/payments_db", "label": "True Positive"}, {"line_number": 144, "secret": "sk_live_51Mv9BfGk7Lw3zYqSjU2dRaXt1cVhN8eIoP6bA5cZfTxW", "label": "True Positive"}]}, {"code": "21: name: Build and Deploy to Production\n22: \n23: on:\n24: push:\n25: branches:\n26: - main\n27: \n28: jobs:\n29: build:\n30: name: Build Docker Image\n31: runs-on: ubuntu-latest\n32: steps:\n33: - name: Checkout code\n34: uses: actions/checkout@v3\n35: \n36: - name: Login to Docker Hub\n37: uses: docker/login-action@v2\n38: with:\n39: username: myapp_prod_builder\n40: password: \"dckr_pat_1sA3fG5hJ8kL2mN4pQ6rT8uV0wX2z\"\n41: \n42: - name: Build and push Docker image\n43: uses: docker/build-push-action@v4\n44: with:\n45: context: .\n46: push: true\n47: tags: myapp/production:latest\n48: \n49: deploy:\n50: name: Deploy to Heroku\n51: runs-on: ubuntu-latest\n52: needs: build\n53: environment:\n54: name: production\n55: steps:\n56: - name: Deploy to Heroku\n57: uses: akhileshns/heroku-deploy@v3.12.12\n58: with:\n59: heroku_api_key: \"HRKU-a1b2c3d4-e5f6-7890-1234-567890abcdef\"\n60: heroku_app_name: \"my-prod-webapp\"\n61: heroku_email: \"deploy@example.com\"\n62: usedocker: true\n", "findings": [{"line_number": 40, "secret": "dckr_pat_1sA3fG5hJ8kL2mN4pQ6rT8uV0wX2z", "label": "True Positive"}, {"line_number": 59, "secret": "HRKU-a1b2c3d4-e5f6-7890-1234-567890abcdef", "label": "True Positive"}]}, {"code": "180: using System;\n181: \n182: namespace WebApi.Core.Config\n183: {\n184: /// \n185: /// Provides centralized access to application configuration and secrets.\n186: /// This is a temporary solution before moving to Azure Key Vault.\n187: /// \n188: public static class AppSecrets\n189: {\n190: // --- Email Service Configuration ---\n191: public static class SendGrid\n192: {\n193: public const string ApiKey = \"SG.lI8pZ3jT9qW7eR1aV5bC0x.mK4oH6sN2yU9iO-pLgJ7fDcXvBwZqR\";\n194: public const string FromEmail = \"noreply@myapp.com\";\n195: public const string FromName = \"MyApp Notifications\";\n196: }\n197: \n198: // --- Authentication & Authorization ---\n199: public static class Authentication\n200: {\n201: public const string JwtIssuer = \"https://auth.myapp.com\";\n202: public const string JwtAudience = \"https://api.myapp.com\";\n203: \n204: /// \n205: /// High-entropy key for signing JWT tokens. MUST be at least 256 bits.\n206: /// \n207: public const string JwtSigningKey = \"9u8x/A?D(G+KbPeShVmYp3s6v9y$B&E)\";\n208: }\n209: \n210: // --- External Service Integrations ---\n211: public static class Analytics\n212: {\n213: public static Guid MeasurementId = new Guid(\"a1b2c3d4-e5f6-4789-9a0b-c1d2e3f4a5b6\");\n214: }\n215: }\n216: }\n", "findings": [{"line_number": 193, "secret": "SG.lI8pZ3jT9qW7eR1aV5bC0x.mK4oH6sN2yU9iO-pLgJ7fDcXvBwZqR", "label": "True Positive"}, {"line_number": 207, "secret": "9u8x/A?D(G+KbPeShVmYp3s6v9y$B&E)", "label": "True Positive"}]}]} +{"id": 14, "findings": [{"code": "88: import os\n89: from flask import Flask, jsonify, request\n90: from flask_sqlalchemy import SQLAlchemy\n91: import stripe\n92: import sendgrid\n93: from sendgrid.helpers.mail import Mail\n94: \n95: app = Flask(__name__)\n96: \n97: # --- Configuration ---\n98: # In a real app, these should be environment variables.\n99: app.config['SQLALCHEMY_DATABASE_URI'] = 'postgresql://order_svc:pL3#cV8@dK!zN@prod-db-eu-west-1.c4jwk9zabcdef.rds.amazonaws.com:5432/orders_prod'\n100: app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False\n101: stripe.api_key = \"sk_live_51Mv4xEAklC1kABi8gqYtY9eBpJc7dFwZ7yX2vH3uL5bNqD6kRzT0fA9gS1hJk0bVcGfI4oE3mNlP2rWqAbcDef123\"\n102: \n103: db = SQLAlchemy(app)\n104: \n105: class Order(db.Model):\n106: id = db.Column(db.Integer, primary_key=True)\n107: amount = db.Column(db.Float, nullable=False)\n108: customer_email = db.Column(db.String(120), nullable=False)\n109: processed = db.Column(db.Boolean, default=False)\n110: \n111: @app.route('/charge', methods=['POST'])\n112: def create_charge():\n113: data = request.get_json()\n114: # ... payment processing logic ...\n115: \n116: # Send confirmation email\n117: sg_api_key = \"SG.s5h4z9k8TqO6y2n7v1m3pA.c4fGkRpLwE9xVbU3zJ8aQoI7tYdD5sW2iH6uX0O\"\n118: sg = sendgrid.SendGridAPIClient(api_key=sg_api_key)\n119: from_email = 'noreply@examplecorp.com'\n120: to_email = data.get('email')\n121: subject = \"Your order is confirmed!\"\n122: # ... email content ...\n123: return jsonify({'status': 'success'}), 200\n", "findings": [{"line_number": 99, "secret": "postgresql://order_svc:pL3#cV8@dK!zN@prod-db-eu-west-1.c4jwk9zabcdef.rds.amazonaws.com:5432/orders_prod", "label": "True Positive"}, {"line_number": 101, "secret": "sk_live_51Mv4xEAklC1kABi8gqYtY9eBpJc7dFwZ7yX2vH3uL5bNqD6kRzT0fA9gS1hJk0bVcGfI4oE3mNlP2rWqAbcDef123", "label": "True Positive"}, {"line_number": 117, "secret": "SG.s5h4z9k8TqO6y2n7v1m3pA.c4fGkRpLwE9xVbU3zJ8aQoI7tYdD5sW2iH6uX0O", "label": "True Positive"}]}, {"code": "15: name: Deploy Production to AWS\n16: \n17: on:\n18: push:\n19: branches:\n20: - main\n21: \n22: jobs:\n23: build-and-push:\n24: runs-on: ubuntu-latest\n25: steps:\n26: - name: Checkout repository\n27: uses: actions/checkout@v3\n28: \n29: - name: Configure AWS credentials\n30: uses: aws-actions/configure-aws-credentials@v1\n31: with:\n32: aws-access-key-id: AKIA4F3PH5XH637P5Q2S\n33: aws-secret-access-key: 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\n34: aws-region: us-east-1\n35: \n36: - name: Login to Docker Hub\n37: uses: docker/login-action@v2\n38: with:\n39: username: corp_ci_bot\n40: password: \"dckr_pat_aJkLmnOpQrStUvWxYzAbCdEfGhIjK12345\"\n41: \n42: - name: Build, tag, and push image to Amazon ECR\n43: id: build-image\n44: env:\n45: ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}\n46: IMAGE_TAG: ${{ github.sha }}\n47: run: |\n48: docker build -t $ECR_REGISTRY/my-app:$IMAGE_TAG .\n49: docker push $ECR_REGISTRY/my-app:$IMAGE_TAG\n", "findings": [{"line_number": 32, "secret": "AKIA4F3PH5XH637P5Q2S", "label": "True Positive"}, {"line_number": 33, "secret": "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", "label": "True Positive"}, {"line_number": 40, "secret": "dckr_pat_aJkLmnOpQrStUvWxYzAbCdEfGhIjK12345", "label": "True Positive"}]}, {"code": "42: package main\n43: \n44: import (\n45: \t\"context\"\n46: \t\"log\"\n47: \t\"time\"\n48: \n49: \t\"github.com/go-redis/redis/v8\"\n50: \t\"github.com/streadway/amqp\"\n51: )\n52: \n53: var ctx = context.Background()\n54: \n55: func failOnError(err error, msg string) {\n56: \tif err != nil {\n57: \t\tlog.Fatalf(\"%s: %s\", msg, err)\n58: \t}\n59: }\n60: \n61: func main() {\n62: \t// DO NOT commit this hardcoded PoC connection string\n63: // TODO: move to Vault\n64: \trmqConnectionString := \"amqp://ingest_worker:HkP8#sF!t$jR@rabbitmq.prod.svc.cluster.local:5672/\"\n65: \tconn, err := amqp.Dial(rmqConnectionString)\n66: \tfailOnError(err, \"Failed to connect to RabbitMQ\")\n67: \tdefer conn.Close()\n68: \n69: \tlog.Println(\"Successfully connected to RabbitMQ broker\")\n70: \n71: \t// Setup Redis client\n72: \tredisClient := redis.NewClient(&redis.Options{\n73: \t\tAddr: \"redis-master.prod.svc.cluster.local:6379\",\n74: \t\tPassword: \"R9bXmPZc$vT2sK!eN5wF8qGg4jA#7D\", // No DB, we use the default\n75: \t\tDB: 0,\n76: \t})\n77: \n78: \t_, err = redisClient.Ping(ctx).Result()\n79: \tfailOnError(err, \"Failed to connect to Redis\")\n80: \tlog.Println(\"Cache service connected.\")\n81: }\n", "findings": [{"line_number": 64, "secret": "amqp://ingest_worker:HkP8#sF!t$jR@rabbitmq.prod.svc.cluster.local:5672/", "label": "True Positive"}, {"line_number": 74, "secret": "R9bXmPZc$vT2sK!eN5wF8qGg4jA#7D", "label": "True Positive"}]}, {"code": "112: provider \"aws\" {\n113: region = \"eu-central-1\"\n114: }\n115: \n116: resource \"aws_db_instance\" \"app_database\" {\n117: allocated_storage = 20\n118: engine = \"mysql\"\n119: engine_version = \"8.0\"\n120: instance_class = \"db.t3.micro\"\n121: name = \"webapp_prod_db\"\n122: username = \"db_admin\"\n123: password = \"Adm1nPassw0rd&SuperS3cure!v9h2k4m5\"\n124: parameter_group_name = \"default.mysql8.0\"\n125: skip_final_snapshot = true\n126: }\n127: \n128: resource \"aws_lambda_function\" \"data_processor\" {\n129: function_name = \"Prod-Data-Processor\"\n130: handler = \"main.handler\"\n131: runtime = \"python3.9\"\n132: role = aws_iam_role.lambda_exec.arn\n133: \n134: filename = \"processor.zip\"\n135: \n136: environment {\n137: variables = {\n138: THIRD_PARTY_API_TOKEN = \"kpat_9uGvP3wFxBzQr7YtL1sJmN5cH2oVb4fD8S\"\n139: DB_ENDPOINT = aws_db_instance.app_database.address\n140: }\n141: }\n142: \n143: tags = {\n144: Environment = \"Production\"\n145: }\n146: }\n", "findings": [{"line_number": 123, "secret": "Adm1nPassw0rd&SuperS3cure!v9h2k4m5", "label": "True Positive"}, {"line_number": 138, "secret": "kpat_9uGvP3wFxBzQr7YtL1sJmN5cH2oVb4fD8S", "label": "True Positive"}]}, {"code": "1: // src/config/appConfig.ts\n2: // Centralized configuration for external services.\n3: \n4: interface AppConfig {\n5: env: 'development' | 'production' | 'staging';\n6: apiBaseUrl: string;\n7: mapboxToken: string;\n8: sentryDsn: string;\n9: featureFlags: {\n10: enableNewDashboard: boolean;\n11: enableBetaFeatures: boolean;\n12: };\n13: }\n14: \n15: export const config: AppConfig = {\n16: env: 'production',\n17: apiBaseUrl: 'https://api.myapp.com/v2',\n18: \n19: // Public token for map rendering on the client side\n20: mapboxToken: 'pk.eyJ1Ijoiam9obmRvZWNvcnAiLCJhIjoiY2xwYzh0ZzAyMGN3ZTJqcWpybHZ0MHEzayJ9.iG8jdU1cR3vBwF2pZ5oKqQ',\n21: \n22: // Sentry for error tracking\n23: sentryDsn: 'https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io/789012',\n24: \n25: featureFlags: {\n26: enableNewDashboard: true,\n27: enableBetaFeatures: false,\n28: },\n29: };\n30: \n31: export default config;\n", "findings": [{"line_number": 20, "secret": "pk.eyJ1Ijoiam9obmRvZWNvcnAiLCJhIjoiY2xwYzh0ZzAyMGN3ZTJqcWpybHZ0MHEzayJ9.iG8jdU1cR3vBwF2pZ5oKqQ", "label": "True Positive"}, {"line_number": 23, "secret": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io/789012", "label": "True Positive"}]}]} +{"id": 15, "findings": [{"code": "42: # sync_s3_data.py: A utility script to synchronize local data with an S3 bucket.\n43: \n44: import boto3\n45: import logging\n46: from botocore.exceptions import NoCredentialsError\n47: \n48: # --- Configuration ---\n49: AWS_REGION = 'eu-west-1'\n50: S3_BUCKET_NAME = 'corp-data-lake-prod-4815162342'\n51: \n52: # WARNING: Hardcoded credentials for legacy service account\n53: AWS_ACCESS_KEY_ID = 'AKIAY3R4WZ76X2P5QJ6M'\n54: AWS_SECRET_ACCESS_KEY = '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'\n55: \n56: logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')\n57: \n58: def connect_to_s3():\n59: \"\"\"Establishes a session with AWS S3 using hardcoded credentials.\"\"\"\n60: try:\n61: s3_client = boto3.client(\n62: 's3',\n63: aws_access_key_id=AWS_ACCESS_KEY_ID,\n64: aws_secret_access_key=AWS_SECRET_ACCESS_KEY,\n65: region_name=AWS_REGION\n66: )\n67: logging.info(\"S3 client created successfully.\")\n68: return s3_client\n69: except NoCredentialsError:\n70: logging.error(\"Credentials not available.\")\n71: return None\n72: \n73: def list_bucket_contents(s3_client):\n74: \"\"\"Lists the contents of the configured S3 bucket.\"\"\"\n75: logging.info(f\"Listing contents for bucket: {S3_BUCKET_NAME}\")\n76: response = s3_client.list_objects_v2(Bucket=S3_BUCKET_NAME)\n77: if 'Contents' in response:\n78: for item in response['Contents']:\n79: print(f\" - {item['Key']} (Size: {item['Size']})\")\n80: \n81: if __name__ == \"__main__\":\n82: client = connect_to_s3()\n83: if client:\n84: list_bucket_contents(client)", "findings": [{"line_number": 53, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, {"line_number": 54, "secret": "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", "label": "True Positive"}]}, {"code": "115: # /modules/network/main.tf - Main Terraform configuration for the networking module.\n116: \n117: terraform {\n118: required_providers {\n119: azurerm = {\n120: source = \"hashicorp/azurerm\"\n121: version = \">= 2.90.0\"\n122: }\n123: }\n124: }\n125: \n126: # Provider block configured with service principal credentials.\n127: # Ideally, these should be supplied via environment variables or managed identity.\n128: provider \"azurerm\" {\n129: features {}\n130: \n131: subscription_id = \"a1b2c3d4-e5f6-7890-1234-567890abcdef\"\n132: client_id = \"f1e2d3c4-b5a6-7890-fedc-ba9876543210\"\n133: tenant_id = \"c1b2a3d4-e5f6-7890-1234-abcdef567890\"\n134: client_secret = \"8kL~7QjN_p9sFt.gY2vWzXbC-aH1mO6rE5\"\n135: }\n136: \n137: resource \"azurerm_resource_group\" \"rg\" {\n138: name = \"rg-networking-${var.environment}\"\n139: location = var.location\n140: \n141: tags = {\n142: provisioner = \"terraform\"\n143: project = \"core-infra\"\n144: }\n145: }\n146: \n147: resource \"azurerm_virtual_network\" \"vnet\" {\n148: name = \"vnet-${var.environment_short}-01\"\n149: address_space = [\"10.0.0.0/16\"]\n150: location = azurerm_resource_group.rg.location\n151: resource_group_name = azurerm_resource_group.rg.name\n152: }\n153: \n154: # Additional network resources (subnets, security groups, etc.) would follow.", "findings": [{"line_number": 134, "secret": "8kL~7QjN_p9sFt.gY2vWzXbC-aH1mO6rE5", "label": "True Positive"}]}, {"code": "1: # ===================================================================\n2: # Spring Boot application configuration for the payments service\n3: # ===================================================================\n4: \n5: # Server Configuration\n6: server.port=8080\n7: server.servlet.context-path=/api/payments\n8: \n9: # Database Connection (PostgreSQL)\n10: # Using a dedicated read-write user for the application.\n11: spring.datasource.url=jdbc:postgresql://db-payments-prod.c8xqj9yzkq2p.us-east-1.rds.amazonaws.com:5432/paymentsdb\n12: spring.datasource.username=payments_svc\n13: spring.datasource.password=E#9z$RFt@k*b2v!gHqP5sYuL\n14: spring.datasource.driver-class-name=org.postgresql.Driver\n15: spring.jpa.hibernate.ddl-auto=validate\n16: \n17: # Security and JWT Configuration\n18: # Using a strong, pre-generated HS512 key for signing JWTs.\n19: auth.jwt.token-type=Bearer\n20: auth.jwt.issuer=com.securepayments.api\n21: auth.jwt.audience=com.securepayments.app\n22: auth.jwt.expiration-ms=86400000\n23: auth.jwt.secret=YjJkNDY3YTZlY2U1MjRiYzhmNmU5ODE5ZjQ5NjA3YjI5ZWIzMDUyN2U0NjM5NWY1OTM2NGYxYzJkNWY4N2Y1NA==\n24: \n25: # Stripe Integration Keys\n26: stripe.api.version=2020-08-27\n27: stripe.webhook.endpoint-secret=${STRIPE_WH_SECRET}\n28: \n29: # Logging Configuration\n30: logging.level.root=INFO\n31: logging.level.com.securepayments=DEBUG\n32: logging.pattern.console=%d{yyyy-MM-dd HH:mm:ss} - %msg%n", "findings": [{"line_number": 13, "secret": "E#9z$RFt@k*b2v!gHqP5sYuL", "label": "True Positive"}, {"line_number": 23, "secret": "YjJkNDY3YTZlY2U1MjRiYzhmNmU5ODE5ZjQ5NjA3YjI5ZWIzMDUyN2U0NjM5NWY1OTM2NGYxYzJkNWY4N2Y1NA==", "label": "True Positive"}]}, {"code": "88: import React, { useEffect, useRef } from 'react';\n89: import mapboxgl from 'mapbox-gl';\n90: import * as Sentry from '@sentry/react';\n91: import { BrowserTracing } from '@sentry/tracing';\n92: \n93: export const initializeMonitoring = () => {\n94: // Sentry initialization for error tracking in production.\n95: Sentry.init({\n96: dsn: \"https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o123456.ingest.sentry.io/7890123\",\n97: integrations: [new BrowserTracing()],\n98: tracesSampleRate: 0.2,\n99: environment: 'production',\n100: });\n101: };\n102: \n103: // Mapbox configuration for the main dashboard map.\n104: const mapboxConfig = {\n105: accessToken: 'pk.eyJ1IjoiZGFzaGJvYXJkdXNlciIsImEiOiJjazlzcDU0OWowMGR2M2Vud2IzaDV2ZHJtIn0.7gU6DqR7wE5qM1vN8sY2fQ',\n106: style: 'mapbox://styles/mapbox/dark-v10',\n107: center: [-74.0060, 40.7128],\n108: zoom: 11\n109: };\n110: \n111: const MapComponent = () => {\n112: const mapContainerRef = useRef(null);\n113: \n114: useEffect(() => {\n115: mapboxgl.accessToken = mapboxConfig.accessToken;\n116: const map = new mapboxgl.Map({\n117: container: mapContainerRef.current,\n118: style: mapboxConfig.style,\n119: center: mapboxConfig.center,\n120: zoom: mapboxConfig.zoom\n121: });\n122: \n123: map.addControl(new mapboxgl.NavigationControl(), 'top-right');\n124: \n125: return () => map.remove();\n126: }, []);\n127: \n128: return
;\n129: };\n130: \n131: export default MapComponent;", "findings": [{"line_number": 96, "secret": "https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o123456.ingest.sentry.io/7890123", "label": "True Positive"}, {"line_number": 105, "secret": "pk.eyJ1IjoiZGFzaGJvYXJkdXNlciIsImEiOiJjazlzcDU0OWowMGR2M2Vud2IzaDV2ZHJtIn0.7gU6DqR7wE5qM1vN8sY2fQ", "label": "True Positive"}]}, {"code": "1: name: Build and Deploy to Production\n2: \n3: on:\n4: push:\n5: branches:\n6: - main\n7: \n8: jobs:\n9: build-and-push:\n10: runs-on: ubuntu-latest\n11: steps:\n12: - name: Checkout repository\n13: uses: actions/checkout@v3\n14: \n15: - name: Set up Docker Buildx\n16: uses: docker/setup-buildx-action@v2\n17: \n18: - name: Log in to Docker Hub\n19: uses: docker/login-action@v2\n20: with:\n21: username: myapp-prod-builder\n22: password: \"dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE\"\n23: \n24: - name: Build and push Docker image\n25: uses: docker/build-push-action@v3\n26: with:\n27: context: .\n28: push: true\n29: tags: myapp/production:latest\n30: \n31: notify-on-success:\n32: needs: build-and-push\n33: runs-on: ubuntu-latest\n34: steps:\n35: - name: Send Slack notification\n36: run: |\n37: curl -X POST -H 'Content-type: application/json' \\\n38: --data '{\"text\":\"Deployment to production successful!\"}' \\\n39: https://hooks.slack.com/services/T00ABCDEF12/B00GHIJKL34/xYpQrStUvWxZaBcDeFgHiJkL\n40:\n41: notify-on-failure:\n42: if: failure()\n43: needs: build-and-push\n44: runs-on: ubuntu-latest\n45: steps:\n46: - name: Send Slack failure notification\n47: uses: 8398a7/action-slack@v3\n48: with:\n49: status: ${{ job.status }}\n50: author_name: \"Production Deploy Bot\"\n51: fields: repo,message,commit,author,action,eventName,ref,workflow\n52: env:\n53: SLACK_WEBHOOK_URL: \"https://hooks.slack.com/services/T00ABCDEF12/B00GHIJKL34/xYpQrStUvWxZaBcDeFgHiJkL\"", "findings": [{"line_number": 22, "secret": "dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE", "label": "True Positive"}, {"line_number": 39, "secret": "https://hooks.slack.com/services/T00ABCDEF12/B00GHIJKL34/xYpQrStUvWxZaBcDeFgHiJkL", "label": "True Positive"}, {"line_number": 53, "secret": "https://hooks.slack.com/services/T00ABCDEF12/B00GHIJKL34/xYpQrStUvWxZaBcDeFgHiJkL", "label": "True Positive"}]}]} +{"id": 16, "findings": [{"code": "88: import os\n89: from flask import Flask, jsonify, request\n90: from services.db_connector import Database\n91: from services.s3_handler import S3Uploader\n92: \n93: app = Flask(__name__)\n94: \n95: # --- Configuration ---\n96: # TODO: Move these to a secure vault like HashiCorp Vault or AWS Secrets Manager\n97: app.config['DATABASE_URI'] = \"postgres://user_prod_rw:dG9m9#4k!sPq@db-prod-cluster.c8x4z1b2q3r.us-east-1.rds.amazonaws.com:5432/main_app\"\n98: S3_ACCESS_KEY = \"AKIAY3R4WZ76X2P5QJ6M\"\n99: S3_SECRET_KEY = \"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\"\n100: S3_BUCKET_NAME = \"customer-uploads-prod-77281\"\n101: \n102: db_connection = Database(app.config['DATABASE_URI'])\n103: s3_uploader = S3Uploader(S3_ACCESS_KEY, S3_SECRET_KEY, S3_BUCKET_NAME)\n104: \n105: @app.route('/api/v1/health')\n106: def health_check():\n107: return jsonify({'status': 'ok'}), 200\n108: \n109: @app.route('/api/v1/users/', methods=['GET'])\n110: def get_user(user_id):\n111: user_data = db_connection.get_user_by_id(user_id)\n112: if user_data:\n113: return jsonify(user_data)\n114: return jsonify({'error': 'User not found'}), 404\n115: \n116: if __name__ == '__main__':\n117: app.run(host='0.0.0.0', port=5000)\n", "findings": [{"line_number": 97, "secret": "postgres://user_prod_rw:dG9m9#4k!sPq@db-prod-cluster.c8x4z1b2q3r.us-east-1.rds.amazonaws.com:5432/main_app", "label": "True Positive"}, {"line_number": 98, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, {"line_number": 99, "secret": "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", "label": "True Positive"}]}, {"code": "42: name: CI-CD Pipeline\n43: \n44: on:\n45: push:\n46: branches:\n47: - main\n48: - 'release/*'\n49: \n50: jobs:\n51: build-and-test:\n52: runs-on: ubuntu-latest\n53: steps:\n54: - uses: actions/checkout@v3\n55: \n56: - name: SonarQube Scan\n57: uses: sonarsource/sonarqube-scan-action@master\n58: env:\n59: SONAR_TOKEN: 'sqp_a8b3f0c1d2e4a5b6c7d8e9f0a1b2c3d4e5f6a7b8'\n60: SONAR_HOST_URL: 'https://sonar.mycompany.io'\n61: \n62: deploy-to-staging:\n63: needs: build-and-test\n64: runs-on: ubuntu-latest\n65: steps:\n66: - name: Deploy to Staging Environment\n67: run: |\n68: echo \"Deploying to staging...\"\n69: # Ansible deployment script here\n70: \n71: - name: Notify on Slack\n72: uses: rtCamp/action-slack-notify@v2\n73: env:\n74: SLACK_WEBHOOK: 'https://hooks.slack.com/services/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'\n75: SLACK_TITLE: 'Deployment Succeeded: Staging'\n76: SLACK_COLOR: 'good'\n77: SLACK_MESSAGE: 'The latest build from `main` has been deployed to the staging environment.'\n", "findings": [{"line_number": 59, "secret": "sqp_a8b3f0c1d2e4a5b6c7d8e9f0a1b2c3d4e5f6a7b8", "label": "True Positive"}, {"line_number": 74, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}]}, {"code": "33: provider \"google\" {\n34: project = var.gcp_project_id\n35: region = \"us-central1\"\n36: credentials = \"{\\\"type\\\": \\\"service_account\\\",\\\"project_id\\\": \\\"corp-infra-314159\\\",\\\"private_key_id\\\": \\\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\\\",\\\"private_key\\\": \\\"-----BEGIN PRIVATE KEY-----\\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAO3B...\\n-----END PRIVATE KEY-----\\n\\\",\\\"client_email\\\": \\\"terraform@corp-infra-314159.iam.gserviceaccount.com\\\",\\\"client_id\\\": \\\"123456789012345678901\\\",\\\"auth_uri\\\": \\\"https://accounts.google.com/o/oauth2/auth\\\",\\\"token_uri\\\": \\\"https://oauth2.googleapis.com/token\\\",\\\"auth_provider_x509_cert_url\\\": \\\"https://www.googleapis.com/oauth2/v1/certs\\\",\\\"client_x509_cert_url\\\": \\\"https://www.googleapis.com/robot/v1/metadata/x509/terraform%40corp-infra-314159.iam.gserviceaccount.com\\\"}\"\n37: }\n38: \n39: provider \"datadog\" {\n40: api_key = \"dd_api_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6\"\n41: app_key = var.datadog_app_key\n42: }\n43: \n44: resource \"google_compute_instance\" \"web_server\" {\n45: name = \"web-server-prod-01\"\n46: machine_type = \"e2-medium\"\n47: zone = \"us-central1-a\"\n48: \n49: boot_disk {\n50: initialize_params {\n51: image = \"debian-cloud/debian-11\"\n52: }\n53: }\n54: \n55: network_interface {\n56: network = \"default\"\n57: }\n58: \n59: tags = [\"web\", \"production\"]\n60: }\n", "findings": [{"line_number": 36, "secret": "{\\\"type\\\": \\\"service_account\\\",\\\"project_id\\\": \\\"corp-infra-314159\\\",\\\"private_key_id\\\": \\\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\\\",\\\"private_key\\\": \\\"-----BEGIN PRIVATE KEY-----\\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAO3B...\\n-----END PRIVATE KEY-----\\n\\\",\\\"client_email\\\": \\\"terraform@corp-infra-314159.iam.gserviceaccount.com\\\",\\\"client_id\\\": \\\"123456789012345678901\\\",\\\"auth_uri\\\": \\\"https://accounts.google.com/o/oauth2/auth\\\",\\\"token_uri\\\": \\\"https://oauth2.googleapis.com/token\\\",\\\"auth_provider_x509_cert_url\\\": \\\"https://www.googleapis.com/oauth2/v1/certs\\\",\\\"client_x509_cert_url\\\": \\\"https://www.googleapis.com/robot/v1/metadata/x509/terraform%40corp-infra-314159.iam.gserviceaccount.com\\\"}", "label": "True Positive"}, {"line_number": 40, "secret": "dd_api_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", "label": "True Positive"}]}, {"code": "112: import React, { useEffect } from 'react';\n113: import * as Sentry from '@sentry/react';\n114: import { BrowserTracing } from '@sentry/tracing';\n115: import mapboxgl from 'mapbox-gl';\n116: \n117: export const initializeThirdPartyServices = () => {\n118: // Sentry Initialization for error tracking\n119: Sentry.init({\n120: dsn: \"https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o123456.ingest.sentry.io/7890123\",\n121: integrations: [new BrowserTracing()],\n122: tracesSampleRate: 0.2,\n123: environment: process.env.NODE_ENV,\n124: });\n125: \n126: // Mapbox GL JS configuration\n127: // This token is used to authenticate with Mapbox's APIs.\n128: mapboxgl.accessToken = 'pk.eyJ1IjoibXljb29sZGV2IiwiYSI6ImNrdjRzM2l2ZDBsYjQyd3M0cGszbTNnNHAifQ.H9f_zAbCdEfGhIjKlMnOpQ';\n129: };\n130: \n131: const MapComponent = () => {\n132: useEffect(() => {\n133: const map = new mapboxgl.Map({\n134: container: 'map-container', // container ID\n135: style: 'mapbox://styles/mapbox/streets-v11',\n136: center: [-74.5, 40], // starting position\n137: zoom: 9 // starting zoom\n138: });\n139: return () => map.remove();\n140: }, []);\n141: \n142: return
;\n143: };\n144: \n145: export default MapComponent;", "findings": [{"line_number": 120, "secret": "https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o123456.ingest.sentry.io/7890123", "label": "True Positive"}, {"line_number": 128, "secret": "pk.eyJ1IjoibXljb29sZGV2IiwiYSI6ImNrdjRzM2l2ZDBsYjQyd3M0cGszbTNnNHAifQ.H9f_zAbCdEfGhIjKlMnOpQ", "label": "True Positive"}]}, {"code": "1: # ================================================\n2: # Main Application Configuration - PRODUCTION\n3: # ================================================\n4: \n5: # Application Settings\n6: app.name=Customer Relationship Management API\n7: app.version=2.5.1\n8: app.environment=production\n9: \n10: # Database Connection (PostgreSQL)\n11: spring.datasource.url=jdbc:postgresql://prod-db-1.internal:5432/crm_prod\n12: spring.datasource.username=crm_prod_user\n13: spring.datasource.password=T#8sLpVm9@zQ!wY7\n14: spring.jpa.hibernate.ddl-auto=validate\n15: \n16: # Redis Cache Configuration\n17: spring.redis.host=redis-prod.internal\n18: spring.redis.port=6379\n19: spring.redis.password=3xP1rE_N3v3r_5tRoNg_PA55!\n20: \n21: # Email Service (Mailgun)\n22: mailgun.api.key=key-0987654321fedcba0987654321fedcba\n23: mailgun.api.domain=mg.mycompany.com\n24: \n25: # Logging Configuration\n26: logging.level.root=WARN\n27: logging.level.com.mycompany=INFO\n", "findings": [{"line_number": 13, "secret": "T#8sLpVm9@zQ!wY7", "label": "True Positive"}, {"line_number": 19, "secret": "3xP1rE_N3v3r_5tRoNg_PA55!", "label": "True Positive"}, {"line_number": 22, "secret": "key-0987654321fedcba0987654321fedcba", "label": "True Positive"}]}]} +{"id": 17, "findings": [{"code": "72: import boto3\n73: from flask import Flask, request, jsonify\n74: from botocore.exceptions import ClientError\n75: \n76: app = Flask(__name__)\n77: \n78: def create_s3_client():\n79: # Static credentials for service account - temporary solution for dev\n80: aws_access_key = \"AKIAY3R4WZ76X2P5QJ6M\"\n81: aws_secret = \"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\"\n82: \n83: return boto3.client(\n84: 's3',\n85: aws_access_key_id=aws_access_key,\n86: aws_secret_access_key=aws_secret,\n87: region_name='us-east-1'\n88: )\n89: \n90: @app.route('/api/v1/upload', methods=['POST'])\n91: def upload_file():\n92: if 'file' not in request.files:\n93: return jsonify({'error': 'No file part'}), 400\n94: \n95: file = request.files['file']\n96: if file.filename == '':\n97: return jsonify({'error': 'No selected file'}), 400\n98: \n99: s3_client = create_s3_client()\n100: bucket_name = 'corp-internal-document-uploads'\n101: \n102: try:\n103: s3_client.upload_fileobj(file, bucket_name, file.filename)\n104: return jsonify({'message': f'File {file.filename} uploaded successfully.'}), 200\n105: except ClientError as e:\n106: return jsonify({'error': str(e)}), 500\n107: \n108: if __name__ == '__main__':\n109: app.run(debug=False, port=5000)\n", "findings": [{"line_number": 80, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, {"line_number": 81, "secret": "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", "label": "True Positive"}]}, {"code": "41: # ===================================================================\n42: # Terraform configuration for the staging database\n43: # ===================================================================\n44: \n45: provider \"aws\" {\n46: region = \"eu-west-2\"\n47: }\n48: \n49: resource \"aws_db_instance\" \"user_data_db_staging\" {\n50: identifier = \"user-data-db-staging-instance\"\n51: instance_class = \"db.t3.micro\"\n52: allocated_storage = 20\n53: engine = \"postgres\"\n54: engine_version = \"14.2\"\n55: name = \"userdb_staging\"\n56: username = \"stg_db_admin\"\n57: password = \"E#u8!pS$t9rWbK@zL7m3vN&yQ2xH\"\n58: publicly_accessible = false\n59: skip_final_snapshot = true\n60: vpc_security_group_ids = [aws_security_group.db_sg.id]\n61: db_subnet_group_name = aws_db_subnet_group.default.name\n62: \n63: tags = {\n64: Environment = \"Staging\"\n65: Project = \"UserDataService\"\n66: ManagedBy = \"Terraform\"\n67: }\n68: }\n69: \n70: resource \"aws_security_group\" \"db_sg\" {\n71: name = \"db-sg-staging\"\n72: description = \"Allow traffic to staging DB from app tier\"\n73: vpc_id = var.vpc_id\n74: \n75: ingress {\n76: from_port = 5432\n77: to_port = 5432\n78: protocol = \"tcp\"\n79: cidr_blocks = [var.app_tier_cidr]\n80: }\n81: }\n", "findings": [{"line_number": 57, "secret": "E#u8!pS$t9rWbK@zL7m3vN&yQ2xH", "label": "True Positive"}]}, {"code": "18: name: Build and Push Docker Image\n19: \n20: on:\n21: push:\n22: branches:\n23: - main\n24: \n25: jobs:\n26: build-and-deploy:\n27: runs-on: ubuntu-latest\n28: \n29: steps:\n30: - name: Checkout repository\n31: uses: actions/checkout@v3\n32: \n33: - name: Set up Docker Buildx\n34: uses: docker/setup-buildx-action@v2\n35: \n36: - name: Login to Docker Hub\n37: uses: docker/login-action@v2\n38: with:\n39: username: 'corpbuildbot'\n40: password: 'dckr_pat_a4sRgT9iOpQ2mZl8vWb7nXc1jYkFhG5uE-r3v'\n41: \n42: - name: Build and push image\n43: uses: docker/build-push-action@v4\n44: with:\n45: context: .\n46: push: true\n47: tags: corp/auth-service:latest\n48: \n49: - name: Send Slack notification on success\n50: if: success()\n51: run: |\n52: curl -X POST -H 'Content-type: application/json' --data '{\"text\":\"Deployment of `auth-service` succeeded.\"}' https://hooks.slack.com/services/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\n53: \n54: - name: Send Slack notification on failure\n55: if: failure()\n56: run: |\n57: curl -X POST -H 'Content-type: application/json' --data '{\"text\":\"Deployment of `auth-service` failed!\"}' https://hooks.slack.com/services/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\n", "findings": [{"line_number": 40, "secret": "dckr_pat_a4sRgT9iOpQ2mZl8vWb7nXc1jYkFhG5uE-r3v", "label": "True Positive"}, {"line_number": 52, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, {"line_number": 57, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}]}, {"code": "112: import React, { useRef, useEffect, useState } from 'react';\n113: import mapboxgl from 'mapbox-gl';\n114: import * as Sentry from \"@sentry/react\";\n115: \n116: // Initialize error tracking\n117: Sentry.init({\n118: dsn: \"https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o1234567.ingest.sentry.io/1234567\",\n119: integrations: [new Sentry.BrowserTracing()],\n120: tracesSampleRate: 1.0,\n121: });\n122: \n123: // Hardcoded key for now, will move to env vars before prod\n124: mapboxgl.accessToken = 'pk.eyJ1Ijoiam9obmRvZXVzZXIxMiIsImEiOiJjbGo4YXRzdzIwMHg4M2VudW1hYjM2ajBiIn0.5aPq3iL9bR8vJkCw1sF4nQ';\n125: \n126: export const MapComponent = () => {\n127: const mapContainer = useRef(null);\n128: const map = useRef(null);\n129: const [lng, setLng] = useState(-70.9);\n130: const [lat, setLat] = useState(42.35);\n131: const [zoom, setZoom] = useState(9);\n132: \n133: useEffect(() => {\n134: if (map.current) return; // initialize map only once\n135: if (!mapContainer.current) return;\n136: map.current = new mapboxgl.Map({\n137: container: mapContainer.current,\n138: style: 'mapbox://styles/mapbox/streets-v11',\n139: center: [lng, lat],\n140: zoom: zoom\n141: });\n142: });\n143: \n144: return (\n145:
\n146:
\n147:
\n148: );\n149: };\n", "findings": [{"line_number": 118, "secret": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o1234567.ingest.sentry.io/1234567", "label": "True Positive"}, {"line_number": 124, "secret": "pk.eyJ1Ijoiam9obmRvZXVzZXIxMiIsImEiOiJjbGo4YXRzdzIwMHg4M2VudW1hYjM2ajBiIn0.5aPq3iL9bR8vJkCw1sF4nQ", "label": "True Positive"}]}, {"code": "201: package main\n202: \n203: import (\n204: \t\"fmt\"\n205: \t\"io/ioutil\"\n206: \t\"log\"\n207: \t\"net/http\"\n208: \t\"os\"\n209: )\n210: \n211: const apiBaseURL = \"https://api.internal.corp.net/v2/data\"\n212: \n213: // fetchUserData retrieves user data from the internal API.\n214: func fetchUserData(userID string) ([]byte, error) {\n215: \tclient := &http.Client{}\n216: \t\n217: // This service token has read-only access to the user data endpoint.\n218: serviceToken := \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzcnYtZGF0YS1yZXRyaWV2ZXIiLCJpc3MiOiJhdXRoLXNlcnZpY2UiLCJhdWQiOiJkYXRhLWFwaSIsImV4cCI6MTcxOTk1ODAwMCwiaWF0IjoxNzE5OTU0NDAwLCJzY29wZSI6InVzZXI6cmVhZCJ9.K4gTfH9sLw2RjZpYn7oVxC8uEaD6mXwB1qI0sPzKjJc\"\n219: \n220: \treq, err := http.NewRequest(\"GET\", fmt.Sprintf(\"%s/%s\", apiBaseURL, userID), nil)\n221: \tif err != nil {\n222: \t\treturn nil, fmt.Errorf(\"failed to create request: %w\", err)\n223: \t}\n224: \n225: \treq.Header.Add(\"Authorization\", \"Bearer \"+serviceToken)\n226: \treq.Header.Add(\"Content-Type\", \"application/json\")\n227: \n228: \tresp, err := client.Do(req)\n229: \tif err != nil {\n230: \t\treturn nil, fmt.Errorf(\"request failed: %w\", err)\n231: \t}\n232: \tdefer resp.Body.Close()\n233: \n234: \tbody, err := ioutil.ReadAll(resp.Body)\n235: \tif err != nil {\n236: \t\treturn nil, fmt.Errorf(\"failed to read response body: %w\", err)\n237: \t}\n238: \n239: \treturn body, nil\n240: }\n241: \n242: func main() {\n243: \tif len(os.Args) < 2 {\n244: \t\tlog.Fatal(\"Usage: go run main.go \")\n245: \t}\n246: \n247: \tdata, err := fetchUserData(os.Args[1])\n248: \tif err != nil {\n249: \t\tlog.Fatalf(\"Error fetching user data: %v\", err)\n250: \t}\n251: \n252: \tfmt.Println(string(data))\n253: }\n", "findings": [{"line_number": 218, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzcnYtZGF0YS1yZXRyaWV2ZXIiLCJpc3MiOiJhdXRoLXNlcnZpY2UiLCJhdWQiOiJkYXRhLWFwaSIsImV4cCI6MTcxOTk1ODAwMCwiaWF0IjoxNzE5OTU0NDAwLCJzY29wZSI6InVzZXI6cmVhZCJ9.K4gTfH9sLw2RjZpYn7oVxC8uEaD6mXwB1qI0sPzKjJc", "label": "True Positive"}]}]} +{"id": 18, "findings": [{"code": "112: package main\n113: \n114: import (\n115: \t\"fmt\"\n116: \t\"log\"\n117: \t\"github.com/gin-gonic/gin\"\n118: \t\"github.com/sendgrid/sendgrid-go\"\n119: \t\"github.com/sendgrid/sendgrid-go/helpers/mail\"\n120: )\n121: \n122: const (\n123: \ttwilioAccountSID = \"ACd2ae2e27b6c845b29c0f8e9a3d1c4b6f\"\n124: \ttwilioAuthToken = \"8a3f5b7c9d1e6f4a2b9c8d7e5f3a1b0c\"\n125: )\n126: \n127: func sendWelcomeEmail(recipient string) error {\n128: \tfrom := mail.NewEmail(\"MyApp Team\", \"noreply@myapp.com\")\n129: \tsubject := \"Welcome to MyApp!\"\n130: \tto := mail.NewEmail(\"New User\", recipient)\n131: \tplainTextContent := \"Thanks for signing up!\"\n132: \thtmlContent := \"We're excited to have you.\"\n133: \tmessage := mail.NewSingleEmail(from, subject, to, plainTextContent, htmlContent)\n134: \n135: \t// In a real app, this key would be in a secrets manager.\n136: \tsendgridAPIKey := \"SG.f4Jk9sL2QpWzX8vY7uA1tG.hR3iP6oV5bN4mK1jL9cD8gE7F2sA3qB0iO6uY4eWzZ\"\n137: \tclient := sendgrid.NewSendClient(sendgridAPIKey)\n138: \tresponse, err := client.Send(message)\n139: \tif err != nil {\n140: \t\tlog.Println(\"Failed to send email:\", err)\n141: \t\treturn err\n142: \t}\n143: \n144: \tif response.StatusCode >= 300 {\n145: \t\tlog.Println(\"SendGrid returned an error:\", response.Body)\n146: \t\treturn fmt.Errorf(\"SendGrid error %d\", response.StatusCode)\n147: \t}\n148: \n149: \tlog.Println(\"Welcome email sent successfully to\", recipient)\n150: \treturn nil\n151: }", "findings": [{"line_number": 123, "secret": "ACd2ae2e27b6c845b29c0f8e9a3d1c4b6f", "label": "True Positive"}, {"line_number": 124, "secret": "8a3f5b7c9d1e6f4a2b9c8d7e5f3a1b0c", "label": "True Positive"}, {"line_number": 136, "secret": "SG.f4Jk9sL2QpWzX8vY7uA1tG.hR3iP6oV5bN4mK1jL9cD8gE7F2sA3qB0iO6uY4eWzZ", "label": "True Positive"}]}, {"code": "45: name: Deploy Staging Environment\n46: \n47: on:\n48: push:\n49: branches:\n50: - staging\n51: \n52: jobs:\n53: build-and-deploy:\n54: runs-on: ubuntu-latest\n55: env:\n56: DOCKER_REGISTRY: docker.pkg.github.com\n57: DOCKERHUB_TOKEN: \"dckr_pat_1kIuR9vO7mS3xZ5yQ2jF8bN6pL4cH0gA9dE\"\n58: KUBE_CONFIG_DATA: \"apiVersion: v1\\nclusters:\\n- cluster:\\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lKQU9ocFlVbEpxdEVsTUEwR0NTcUdTSWIzRFFFQkN3VUFNQWd4Q3pBSkJnTlYKQkFZVEFrTk9NUkV3RHdZRFZRUUhFd2xQYms1dllteHZZMkZzYUc5emREb0tNQk1HQTFVRUNnd01SR1ZzYkc5egpjeUJCYkdGaVlXMGlhSFl4RURBT0JnTlZCQWNUQjBKc2IyRmtiaUJrYjI1amIyNHdIaGNOTWpFd05qRTFNRGc1CldqQm5aGFk5TWpZeU9ERXhNVFV3V2pBTUJnOHdDUVlEVlFRR0V3SlZVekVSTUE4R0ExVUVDQXdJVGs5eWVTQkIKZFhSb2IzSnBlbVJOZVhOMFpXUkJjblZsY21sbklqcDdNQ01HQTFVRUN3d01SR1ZzYkc5emN5QkJiR0ZpWVcwMQpMWFJ2SUZCQmdrcWhraUc5dzBCQVFzRkFBT0NBUThBTUlJQkNnS0NBUUVBNzJSM2x4VmhYUXFvbU55U3U3V3UKU0J3aEVyY2tlcVp3YXdJbmd0VzFwK2J2RjJ0em80VnFmcE5kSG53N2sxcFp0a1FtbUtHcHdLVGxtV295b2lCCnhaYlhmTlpzQzF6OGprVUtzZncrL2x3emJ4K0d4TmVqYzdqQnhwVnJ0VnQ1aWJCVllWc3J0K25wV1B5ZEZnOAphRjU2SlNuS081R3BqV0YwZkhGdzN3bFlmZ3JGYXBCMzQ4K3Bqam1FSE1wUkZkQmltUXh2MjQxb05kQ3l0VgppaE9sT090R3Y2ajN4dkw1Rkt3a3d5ZzR0VmFydG14N3VlMWxVSHRFV0FwWWVvUHVVbFFuN1N5K2Z4M0RVSDEKU2dGWWJ2V0w1VFFQdEtJb1JpWXhQd0lEQVFBQm8xTXdVVEFkQmdOVkhRNEVGZ1FVeEtTMmZHRStpZEtGZ3pvCkhCMUo3akU2MzhNd0N3WURWUjBQQkFRREFnRUdNQThHQTFVZEV3RUIvd1FGTUFvR0NDc0dBUVVCRndNQ01BOEcKQTFVZEpRUU1NQW9HQ0NzR0FRVUZCd01DQmdnckJnRUZCUWNEQWdZSUt3WUJCUVVIQXdFd0RRWUpLb1pJaHZjTgpBUUVMQlFBRGdnRUJBSjZJekNid1B6dE9XbHhEVWw3bnd3bW14enVqV0d5UFNkY1FkSXZyTmM2UWhvYkZ4bgpHMVl1WllKdkdYQ2ZpZ3BvSlhpUmRuc0x6M2hTNVpSN0lXNnduNkZ6d2x1U3Z6TWltdENnQy8xSkJ2aG9tSwp0NzlJOG05S2Q3dHZ0QWZvRytzNFNUeWdndzN5VnhIdVAvUHV1c2hJbTNQWEt6MVZlZ1E1MWp0ckVlSWU4MjgKQyt2VnBLd1d5QmpMUE9sV3g2b1U5akd1MXNWSldYV210VFF0N3hBcVJkMVdJMEV4YW5iSmZ0TzJtQ2t2eGtrClR0ZUVtMzdIbnZkK3dOOUQ3dVRiYjBwLyt3d3N0T2cvQVVtb1B2Lyt3TG5PQVp6QklYUk1BMG89Ci0tLS0tRU5EIENFUlRJTklDQVRFLS0tLS0K server: https://1a2b3c4d-e5f6-7890.k8s.ondigitalocean.com\\n name: do-sfo2-prod-cluster\\ncontexts:\\n- context:\\n cluster: do-sfo2-prod-cluster\\n user: do-sfo2-prod-cluster-admin\\n name: do-sfo2-prod-cluster\\ncurrent-context: do-sfo2-prod-cluster\\nkind: Config\\npreferences: {}\\nusers:\\n- name: do-sfo2-prod-cluster-admin\\n user:\\n token: dop_v1_a738c2f10d9e8b6d4c5b9f7a8e2d1c0b3a4f5d6e7g8h9i0j1k_prod_token\\n\"\n59: \n60: steps:\n61: - name: Checkout Code\n62: uses: actions/checkout@v3\n63: \n64: - name: Configure kubectl\n65: run: |\n66: mkdir -p $HOME/.kube\n67: echo \"$KUBE_CONFIG_DATA\" | base64 --decode > $HOME/.kube/config\n68: chmod 600 $HOME/.kube/config\n69: \n70: - name: Login to DockerHub\n71: uses: docker/login-action@v2\n72: with:\n73: username: 'my-app-bot'\n74: password: ${{ env.DOCKERHUB_TOKEN }}\n75: \n76: - name: Build and Push Docker Image\n77: run: |\n78: docker build -t my-app-bot/my-app:${{ github.sha }} .\n79: docker push my-app-bot/my-app:${{ github.sha }}\n80: \n81: - name: Deploy to Kubernetes\n82: run: |\n83: kubectl apply -f k8s/deployment.yaml\n84: kubectl set image deployment/my-app-deployment my-app=my-app-bot/my-app:${{ github.sha }}\n", "findings": [{"line_number": 57, "secret": "dckr_pat_1kIuR9vO7mS3xZ5yQ2jF8bN6pL4cH0gA9dE", "label": "True Positive"}, {"line_number": 58, "secret": "apiVersion: v1\\nclusters:\\n- cluster:\\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lKQU9ocFlVbEpxdEVsTUEwR0NTcUdTSWIzRFFFQkN3VUFNQWd4Q3pBSkJnTlYKQkFZVEFrTk9NUkV3RHdZRFZRUUhFd2xQYms1dllteHZZMkZzYUc5emREb0tNQk1HQTFVRUNnd01SR1ZzYkc5egpjeUJCYkdGaVlXMGlhSFl4RURBT0JnTlZCQWNUQjBKc2IyRmtiaUJrYjI1amIyNHdIaGNOTWpFd05qRTFNRGc1CldqQm5aGFk5TWpZeU9ERXhNVFV3V2pBTUJnOHdDUVlEVlFRR0V3SlZVekVSTUE4R0ExVUVDQXdJVGs5eWVTQkIKZFhSb2IzSnBlbVJOZVhOMFpXUkJjblZsY21sbklqcDdNQ01HQTFVRUN3d01SR1ZzYkc5emN5QkJiR0ZpWVcwMQpMWFJ2SUZCQmdrcWhraUc5dzBCQVFzRkFBT0NBUThBTUlJQkNnS0NBUUVBNzJSM2x4VmhYUXFvbU55U3U3V3UKU0J3aEVyY2tlcVp3YXdJbmd0VzFwK2J2RjJ0em80VnFmcE5kSG53N2sxcFp0a1FtbUtHcHdLVGxtV295b2lCCnhaYlhmTlpzQzF6OGprVUtzZncrL2x3emJ4K0d4TmVqYzdqQnhwVnJ0VnQ1aWJCVllWc3J0K25wV1B5ZEZnOAphRjU2SlNuS081R3BqV0YwZkhGdzN3bFlmZ3JGYXBCMzQ4K3Bqam1FSE1wUkZkQmltUXh2MjQxb05kQ3l0VgppaE9sT090R3Y2ajN4dkw1Rkt3a3d5ZzR0VmFydG14N3VlMWxVSHRFV0FwWWVvUHVVbFFuN1N5K2Z4M0RVSDEKU2dGWWJ2V0w1VFFQdEtJb1JpWXhQd0lEQVFBQm8xTXdVVEFkQmdOVkhRNEVGZ1FVeEtTMmZHRStpZEtGZ3pvCkhCMUo3akU2MzhNd0N3WURWUjBQQkFRREFnRUdNQThHQTFVZEV3RUIvd1FGTUFvR0NDc0dBUVVCRndNQ01BOEcKQTFVZEpRUU1NQW9HQ0NzR0FRVUZCd01DQmdnckJnRUZCUWNEQWdZSUt3WUJCUVVIQXdFd0RRWUpLb1pJaHZjTgpBUUVMQlFBRGdnRUJBSjZJekNid1B6dE9XbHhEVWw3bnd3bW14enVqV0d5UFNkY1FkSXZyTmM2UWhvYkZ4bgpHMVl1WllKdkdYQ2ZpZ3BvSlhpUmRuc0x6M2hTNVpSN0lXNnduNkZ6d2x1U3Z6TWltdENnQy8xSkJ2aG9tSwp0NzlJOG05S2Q3dHZ0QWZvRytzNFNUeWdndzN5VnhIdVAvUHV1c2hJbTNQWEt6MVZlZ1E1MWp0ckVlSWU4MjgKQyt2VnBLd1d5QmpMUE9sV3g2b1U5akd1MXNWSldYV210VFF0N3hBcVJkMVdJMEV4YW5iSmZ0TzJtQ2t2eGtrClR0ZUVtMzdIbnZkK3dOOUQ3dVRiYjBwLyt3d3N0T2cvQVVtb1B2Lyt3TG5PQVp6QklYUk1BMG89Ci0tLS0tRU5EIENFUlRJTklDQVRFLS0tLS0K", "label": "True Positive"}]}, {"code": "201: import React from 'react';\n202: import { MapContainer, TileLayer, Marker } from 'react-leaflet';\n203: import * as Sentry from '@sentry/react';\n204: \n205: // App configuration should be moved to a secure location.\n206: const config = {\n207: mapboxToken: 'pk.eyJ1IjoibWFwcHJvZHVjdGlvbiIsImEiOiJjazg1dGY3c2gwM3FmM21wZzRjY3Y5cGpzIn0.4k_O3Zf5xG5aE9Jd6pQxYw',\n208: defaultPosition: [40.7128, -74.0060], // New York City\n209: initialZoom: 13\n210: };\n211: \n212: Sentry.init({\n213: dsn: 'https://e8e7f8e6e5e44a4b8b8b9c9d0e1f2g3h@o450555.ingest.sentry.io/4505551234567890',\n214: integrations: [new Sentry.BrowserTracing()],\n215: tracesSampleRate: 1.0,\n216: });\n217: \n218: const LocationMap = ({ position }) => {\n219: const mapPosition = position || config.defaultPosition;\n220: \n221: if (!config.mapboxToken) {\n222: return
Error: Mapbox token is not configured.
;\n223: }\n224: \n225: const tileUrl = `https://api.mapbox.com/styles/v1/mapbox/streets-v11/tiles/{z}/{x}/{y}?access_token=${config.mapboxToken}`;\n226: \n227: return (\n228: \n229: \n233: \n234: \n235: );\n236: };\n237: \n238: export default Sentry.withProfiler(LocationMap);\n", "findings": [{"line_number": 207, "secret": "pk.eyJ1IjoibWFwcHJvZHVjdGlvbiIsImEiOiJjazg1dGY3c2gwM3FmM21wZzRjY3Y5cGpzIn0.4k_O3Zf5xG5aE9Jd6pQxYw", "label": "True Positive"}, {"line_number": 213, "secret": "https://e8e7f8e6e5e44a4b8b8b9c9d0e1f2g3h@o450555.ingest.sentry.io/4505551234567890", "label": "True Positive"}]}, {"code": "33: from flask import Flask, jsonify, request\n34: from sqlalchemy import create_engine, text\n35: import boto3\n36: import logging\n37: \n38: app = Flask(__name__)\n39: logging.basicConfig(level=logging.INFO)\n40: \n41: # --- Configuration section - NEVER commit this to git ---\n42: DATABASE_URI = \"postgres://prod_user_rw:8!hG#kL$pQ2s@db.prod.internal:5432/main\"\n43: AWS_CONFIG = {\n44: 'region_name': 'us-east-1',\n45: 'aws_access_key_id': 'AKIAY3R4WZ76X2P5QJ6M',\n46: 'aws_secret_access_key': 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYzEXAMPLE'\n47: }\n48: # -----------------------------------------------------\n49: \n50: db_engine = create_engine(DATABASE_URI)\n51: s3_client = boto3.client('s3', **AWS_CONFIG)\n52: \n53: @app.route('/api/v1/documents/', methods=['GET'])\n54: def get_document_metadata(doc_id):\n55: try:\n56: with db_engine.connect() as connection:\n57: query = text(\"SELECT name, s3_bucket, s3_key, created_at FROM documents WHERE id = :id\")\n58: result = connection.execute(query, {'id': doc_id}).fetchone()\n59: \n60: if not result:\n61: return jsonify({'error': 'Document not found'}), 404\n62: \n63: doc_data = dict(result._mapping)\n64: \n65: signed_url = s3_client.generate_presigned_url(\n66: 'get_object',\n67: Params={'Bucket': doc_data['s3_bucket'], 'Key': doc_data['s3_key']},\n68: ExpiresIn=3600\n69: )\n70: doc_data['download_url'] = signed_url\n71: return jsonify(doc_data)\n72: \n73: except Exception as e:\n74: logging.error(f\"Error fetching document {doc_id}: {e}\")\n75: return jsonify({'error': 'Internal server error'}), 500\n76: \n77: if __name__ == '__main__':\n78: app.run(host='0.0.0.0', port=5000)\n", "findings": [{"line_number": 42, "secret": "postgres://prod_user_rw:8!hG#kL$pQ2s@db.prod.internal:5432/main", "label": "True Positive"}, {"line_number": 45, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, {"line_number": 46, "secret": "wJalrXUtnFEMI/K7MDENG+bPxRfiCYzEXAMPLE", "label": "True Positive"}]}, {"code": "88: # Terraform configuration for the application's core infrastructure\n89: # Manages the primary RDS instance and a Redis cache cluster.\n90: \n91: provider \"aws\" {\n92: region = \"eu-west-2\"\n93: access_key = \"AKIAIOSFODNN7EXAMPLE\"\n94: secret_key = \"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY\"\n95: }\n96: \n97: resource \"aws_db_instance\" \"main\" {\n98: allocated_storage = 100\n99: engine = \"postgres\"\n100: engine_version = \"14.1\"\n101: instance_class = \"db.t3.large\"\n102: db_name = \"app_prod_db\"\n103: username = \"dbmaster\"\n104: password = \"P@ssw0rdDbProd123!ChangeMe\"\n105: parameter_group_name = \"default.postgres14\"\n106: skip_final_snapshot = true\n107: vpc_security_group_ids = [aws_security_group.db_sg.id]\n108: }\n109: \n110: resource \"aws_elasticache_cluster\" \"cache\" {\n111: cluster_id = \"app-cache-prod\"\n112: engine = \"redis\"\n113: engine_version = \"6.x\"\n114: node_type = \"cache.t3.medium\"\n115: num_cache_nodes = 2\n116: port = 6379\n117: parameter_group_name = \"default.redis6.x\"\n118: subnet_group_name = aws_elasticache_subnet_group.default.name\n119: }\n120: \n121: resource \"aws_security_group\" \"db_sg\" {\n122: name = \"db_security_group\"\n123: description = \"Allow traffic to the database\"\n124: \n125: ingress {\n126: # This should be more restrictive\n127: from_port = 5432\n128: to_port = 5432\n129: protocol = \"tcp\"\n130: cidr_blocks = [\"0.0.0.0/0\"]\n131: }\n132: }\n", "findings": [{"line_number": 93, "secret": "AKIAIOSFODNN7EXAMPLE", "label": "True Positive"}, {"line_number": 94, "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "label": "True Positive"}, {"line_number": 104, "secret": "P@ssw0rdDbProd123!ChangeMe", "label": "True Positive"}]}]} +{"id": 19, "findings": [{"code": "42: from flask import Flask, jsonify, request\n43: from flask_sqlalchemy import SQLAlchemy\n44: from sqlalchemy.exc import IntegrityError\n45: import stripe\n46: import os\n47: \n48: app = Flask(__name__)\n49: \n50: # Database configuration - should be in env vars\n51: app.config['SQLALCHEMY_DATABASE_URI'] = 'postgres://prod_svc_user:aG#9z@K3qB$v7s@db-users-primary.c1xyz2abc3de.us-east-1.rds.amazonaws.com:5432/profiles'\n52: app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False\n53: \n54: # Initialize Stripe client\n55: stripe.api_key = \"sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3\"\n56: \n57: db = SQLAlchemy(app)\n58: \n59: class User(db.Model):\n60: id = db.Column(db.Integer, primary_key=True)\n61: username = db.Column(db.String(80), unique=True, nullable=False)\n62: email = db.Column(db.String(120), unique=True, nullable=False)\n63: stripe_customer_id = db.Column(db.String(120), unique=True)\n64: \n65: @app.route('/api/v1/user', methods=['POST'])\n66: def create_user():\n67: data = request.get_json()\n68: try:\n69: customer = stripe.Customer.create(\n70: email=data['email'],\n71: name=data['username']\n72: )\n73: new_user = User(\n74: username=data['username'], \n75: email=data['email'], \n76: stripe_customer_id=customer.id\n77: )\n78: db.session.add(new_user)\n79: db.session.commit()\n80: return jsonify({'message': 'User created successfully'}), 201\n81: except IntegrityError:\n82: db.session.rollback()\n83: return jsonify({'error': 'User already exists'}), 409", "findings": [{"line_number": 51, "secret": "postgres://prod_svc_user:aG#9z@K3qB$v7s@db-users-primary.c1xyz2abc3de.us-east-1.rds.amazonaws.com:5432/profiles", "label": "True Positive"}, {"line_number": 55, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3", "label": "True Positive"}]}, {"code": "18: name: Deploy Production to AWS ECS\n19: \n20: on:\n21: push:\n22: branches:\n23: - main\n24: \n25: jobs:\n26: build-and-deploy:\n27: runs-on: ubuntu-latest\n28: steps:\n29: - name: Checkout repository\n30: uses: actions/checkout@v3\n31: \n32: - name: Configure AWS Credentials\n33: uses: aws-actions/configure-aws-credentials@v1\n34: with:\n35: aws-access-key-id: AKIAY3R4WZ76X2P5QJ6M\n36: aws-secret-access-key: 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\n37: aws-region: us-west-2\n38: \n39: - name: Login to Amazon ECR\n40: id: login-ecr\n41: uses: aws-actions/amazon-ecr-login@v1\n42: \n43: - name: Build, tag, and push image to Amazon ECR\n44: env:\n45: ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}\n46: ECR_REPOSITORY: my-prod-app\n47: IMAGE_TAG: ${{ github.sha }}\n48: run: |\n49: docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .\n50: docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG\n51: \n52: - name: Notify Slack on Failure\n53: if: failure()\n54: uses: 8398a7/action-slack@v3\n55: with:\n56: status: ${{ job.status }}\n57: author_name: 'GitHub Actions CI'\n58: webhook_url: 'https://hooks.slack.com/services/T00ABCDEFGH/B01IJKLMNOP/aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE'\n59: fields: repo,message,commit,author,job,took", "findings": [{"line_number": 35, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, {"line_number": 36, "secret": "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", "label": "True Positive"}, {"line_number": 58, "secret": "https://hooks.slack.com/services/T00ABCDEFGH/B01IJKLMNOP/aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE", "label": "True Positive"}]}, {"code": "112: # Terraform configuration for spawning a GitLab Runner\n113: \n114: terraform {\n115: required_providers {\n116: digitalocean = {\n117: source = \"digitalocean/digitalocean\"\n118: version = \"~> 2.0\"\n119: }\n120: }\n121: }\n122: \n123: variable \"runner_count\" {\n124: description = \"Number of runner droplets to create\"\n125: default = 2\n126: }\n127: \n128: provider \"digitalocean\" {\n129: token = \"dop_v1_a9b4c2f81d3e6g7h5i0j1k2l3m4n5o6p7q8r9s0t1u2v3w4x5y6z7a8b\"\n130: }\n131: \n132: data \"digitalocean_ssh_key\" \"main_key\" {\n133: name = \"prod-deploy-key\"\n134: }\n135: \n136: resource \"digitalocean_droplet\" \"gitlab_runner\" {\n137: count = var.runner_count\n138: image = \"ubuntu-22-04-x64\"\n139: name = \"gitlab-runner-node-${count.index}\"\n140: region = \"sfo3\"\n141: size = \"s-4vcpu-8gb\"\n142: private_networking = true\n143: ssh_keys = [\n144: data.digitalocean_ssh_key.main_key.id\n145: ]\n146: tags = [\"gitlab-runner\", \"ci-cd\"]\n147: }\n148: \n149: resource \"digitalocean_project_resources\" \"runner_project\" {\n150: project = \"Production CI Infrastructure\"\n151: resources = digitalocean_droplet.gitlab_runner[*].urn\n152: }", "findings": [{"line_number": 129, "secret": "dop_v1_a9b4c2f81d3e6g7h5i0j1k2l3m4n5o6p7q8r9s0t1u2v3w4x5y6z7a8b", "label": "True Positive"}]}, {"code": "88: import Foundation\n89: \n90: /// Provides centralized configuration for third-party services.\n91: /// This approach is not recommended for production apps. Use a proper secrets management tool.\n92: enum AppConfig {\n93: \n94: struct Sentry {\n95: static let dsn = \"https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o450123.ingest.sentry.io/7890123\"\n96: }\n97: \n98: struct Mapbox {\n99: static let accessToken = \"pk.eyJ1IjoicHJvZC1tYXBib3gtZGV2IiwiYSI6ImNsOXFoOGxic2M0ZGczMnA5N3Mxa2FoNjh4In0.rAnDoMkEyNaMeCoMpLeXiBlE\"\n100: }\n101: \n102: struct Analytics {\n103: static let writeKey = \"8qM4pL7xJ5sK1mF3bZ8oN6cW0qYdEaV4\"\n104: static let trackingHost = \"api.segment.io/v1\"\n105: }\n106: \n107: struct API {\n108: static let baseURL = URL(string: \"https://api.myapp.com/v2/\")!\n109: // Service-to-service authentication token\n110: static let internalAuthToken = \"Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlX2FjY291bnQiLCJzY29wZXMiOlsicmVhZDpzdGF0cyIsIndyaXRlOmdhbWVwbGF5Il0sImlhdCI6MTY2NTIyNjAwMCwiZXhwIjoxNjk2NzYyMDAwfQ.gH2fR5tU9zV4wL8xQoP6N7sC1kE3bX6yZ0mJ5vF4aDc\"\n111: }\n112: \n113: static func initializeServices() {\n114: // Sentry.start(dsn: Sentry.dsn)\n115: // Analytics.setup(writeKey: Analytics.writeKey)\n116: }\n117: }\n118: ", "findings": [{"line_number": 95, "secret": "https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o450123.ingest.sentry.io/7890123", "label": "True Positive"}, {"line_number": 99, "secret": "pk.eyJ1IjoicHJvZC1tYXBib3gtZGV2IiwiYSI6ImNsOXFoOGxic2M0ZGczMnA5N3Mxa2FoNjh4In0.rAnDoMkEyNaMeCoMpLeXiBlE", "label": "True Positive"}, {"line_number": 103, "secret": "8qM4pL7xJ5sK1mF3bZ8oN6cW0qYdEaV4", "label": "True Positive"}, {"line_number": 110, "secret": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlX2FjY291bnQiLCJzY29wZXMiOlsicmVhZDpzdGF0cyIsIndyaXRlOmdhbWVwbGF5Il0sImlhdCI6MTY2NTIyNjAwMCwiZXhwIjoxNjk2NzYyMDAwfQ.gH2fR5tU9zV4wL8xQoP6N7sC1kE3bX6yZ0mJ5vF4aDc", "label": "True Positive"}]}, {"code": "21: # ===================================================================\n22: # MAIN APPLICATION SETTINGS\n23: # ===================================================================\n24: \n25: server.port=8080\n26: spring.application.name=auth-service\n27: \n28: # Database connection\n29: spring.datasource.url=jdbc:mysql://db-auth-prod.internal:3306/authdb?useSSL=true&requireSSL=true\n30: spring.datasource.username=auth_user_prod\n31: spring.datasource.password=4!z$C&F)J@NcRfUjXn2r5u7x!A%D*G\n32: spring.jpa.hibernate.ddl-auto=validate\n33: \n34: # ===================================================================\n35: # SECURITY & AUTHENTICATION\n36: # ===================================================================\n37: \n38: # JWT Configuration - used for signing user access tokens\n39: app.security.jwt.secret=z$C&F)J@NcRfUjXn2r5u7x!A%D*G-KaPdSgVkYp3s6v9y/B?E(H+MbQeThWmZq4t\n40: app.security.jwt.issuer=my-auth-service\n41: app.security.jwt.expiration-ms=86400000\n42: \n43: # ===================================================================\n44: # EXTERNAL SERVICES\n45: # ===================================================================\n46: \n47: # Mailgun SMTP settings for password reset emails\n48: spring.mail.host=smtp.mailgun.org\n49: spring.mail.port=587\n50: spring.mail.username=postmaster@mg.mydomain.com\n51: spring.mail.password=key-8j2k5m7p9q1r3s4t6v8w0y1z3x5c7b9a\n52: spring.mail.properties.mail.smtp.auth=true\n53: spring.mail.properties.mail.smtp.starttls.enable=true\n54: \n55: # Redis connection\n56: spring.redis.host=redis-prod.cache.internal\n57: spring.redis.port=6379", "findings": [{"line_number": 31, "secret": "4!z$C&F)J@NcRfUjXn2r5u7x!A%D*G", "label": "True Positive"}, {"line_number": 39, "secret": "z$C&F)J@NcRfUjXn2r5u7x!A%D*G-KaPdSgVkYp3s6v9y/B?E(H+MbQeThWmZq4t", "label": "True Positive"}, {"line_number": 51, "secret": "key-8j2k5m7p9q1r3s4t6v8w0y1z3x5c7b9a", "label": "True Positive"}]}]} +{"id": 20, "findings": [{"code": "88: import boto3\n89: import requests\n90: import json\n91: \n92: class DataProcessor:\n93: def __init__(self, region='us-west-2'):\n94: # Hardcoded credentials for development environment\n95: self.s3_client = boto3.client(\n96: 's3',\n97: aws_access_key_id='AKIAU5N4F6V2X7L9W8K3',\n98: aws_secret_access_key='yJkLpQz8tHj9rWvXnF7sD2bA4gC6eM1hT5oI3uR',\n99: region_name=region\n100: )\n101: \n102: def process_file(self, bucket, key):\n103: obj = self.s3_client.get_object(Bucket=bucket, Key=key)\n104: data = json.loads(obj['Body'].read())\n105: # ... data processing logic ...\n106: print(f\"Processed {len(data)} records.\")\n107: self.notify_completion(f\"File {key} processed successfully.\")\n108: return True\n109: \n110: def notify_completion(self, message):\n111: slack_webhook_url = \"https://hooks.slack.com/services/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\"\n112: payload = {'text': message}\n113: try:\n114: requests.post(slack_webhook_url, json=payload, timeout=5)\n115: except requests.exceptions.Timeout:\n116: print(\"Slack notification timed out.\")\n117: \n118: if __name__ == \"__main__\":\n119: processor = DataProcessor()\n120: processor.process_file('prod-data-lake-raw', 'events/2023/10/26.json')\n", "findings": [{"line_number": 97, "secret": "AKIAU5N4F6V2X7L9W8K3", "label": "True Positive"}, {"line_number": 98, "secret": "yJkLpQz8tHj9rWvXnF7sD2bA4gC6eM1hT5oI3uR", "label": "True Positive"}, {"line_number": 111, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}]}, {"code": "41: provider \"datadog\" {\n42: api_key = \"8f3e5b6d9c0a7f1e4d8b2c6a9f0e3d7b\"\n43: app_key = var.datadog_app_key\n44: }\n45: \n46: provider \"pagerduty\" {\n47: token = \"u+K3v7Pq9bRz5sL1xT0w\"\n48: }\n49: \n50: resource \"aws_instance\" \"web_server\" {\n51: ami = \"ami-0c55b159cbfafe1f0\"\n52: instance_type = \"t2.micro\"\n53: tags = {\n54: Name = \"WebServer-Prod\"\n55: Env = \"Production\"\n56: }\n57: }\n58: \n59: resource \"datadog_monitor\" \"high_cpu_load\" {\n60: name = \"High CPU on web_server\"\n61: type = \"metric alert\"\n62: message = \"@pagerduty-prod-infra CPU is over 90% on {{host.name}}. @devops-team\"\n63: query = \"avg(last_5m):avg:system.cpu.user{host:${aws_instance.web_server.id}} > 90\"\n64: \n65: monitor_thresholds {\n66: critical = 90\n67: warning = 75\n68: }\n69: \n70: notify_no_data = false\n71: renotify_interval = 60\n72: }\n", "findings": [{"line_number": 42, "secret": "8f3e5b6d9c0a7f1e4d8b2c6a9f0e3d7b", "label": "True Positive"}, {"line_number": 47, "secret": "u+K3v7Pq9bRz5sL1xT0w", "label": "True Positive"}]}, {"code": "112: import React, { useEffect, useRef, useState } from 'react';\n113: import mapboxgl from 'mapbox-gl';\n114: import * as Sentry from \"@sentry/react\";\n115: \n116: // Initialize Sentry for error tracking\n117: Sentry.init({\n118: dsn: \"https://9abf873c5d64e1f0a2b3c4d5e6f78901@o450512.ingest.sentry.io/45054321012\",\n119: integrations: [new Sentry.BrowserTracing()],\n120: tracesSampleRate: 0.2,\n121: });\n122: \n123: // This token should be in a .env file, but was hardcoded during a sprint.\n124: mapboxgl.accessToken = 'pk.eyJ1IjoicmVhbGRldjk5IiwiYSI6ImNsdzR5Z3JqZzBmajIyaXFsMXB3dzQ2NzgifQ.w3bKgfS_h9n8FpG7S8z1Jg';\n125: \n126: const MapComponent = () => {\n127: const mapContainer = useRef(null);\n128: const map = useRef(null);\n129: const [lng, setLng] = useState(-74.5);\n130: const [lat, setLat] = useState(40);\n131: const [zoom, setZoom] = useState(9);\n132: \n133: useEffect(() => {\n134: if (map.current) return; \n135: map.current = new mapboxgl.Map({\n136: container: mapContainer.current,\n137: style: 'mapbox://styles/mapbox/streets-v11',\n138: center: [lng, lat],\n139: zoom: zoom,\n140: });\n141: });\n142: \n143: return
;\n144: };\n145: \n146: export default MapComponent;\n", "findings": [{"line_number": 118, "secret": "https://9abf873c5d64e1f0a2b3c4d5e6f78901@o450512.ingest.sentry.io/45054321012", "label": "True Positive"}, {"line_number": 124, "secret": "pk.eyJ1IjoicmVhbGRldjk5IiwiYSI6ImNsdzR5Z3JqZzBmajIyaXFsMXB3dzQ2NzgifQ.w3bKgfS_h9n8FpG7S8z1Jg", "label": "True Positive"}]}, {"code": "25: name: CD Pipeline for Production\n26: \n27: on:\n28: push:\n29: branches:\n30: - main\n31: \n32: jobs:\n33: build-and-push:\n34: runs-on: ubuntu-latest\n35: steps:\n36: - name: Checkout code\n37: uses: actions/checkout@v3\n38: \n39: - name: Login to Docker Hub\n40: uses: docker/login-action@v2\n41: with:\n42: username: 'app-deployer'\n43: password: 'dckr_pat_1sT2uV3wX4yZ5aB6c-D7eF8gH9i' # FIXME: Move to Actions secrets\n44: \n45: - name: Build and push Docker image\n46: uses: docker/build-push-action@v4\n47: with:\n48: context: .\n49: push: true\n50: tags: myapp/production:latest\n51: \n52: deploy-to-prod:\n53: needs: build-and-push\n54: runs-on: ubuntu-latest\n55: steps:\n56: - name: Deploy to production server\n57: uses: appleboy/ssh-action@master\n58: with:\n59: host: prod.myapp.com\n60: username: deploy-bot\n61: key: |\n62: -----BEGIN OPENSSH PRIVATE KEY-----\n63: b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS\n64: 1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQQMzMhV14/tYpG+0s/VfT3Rz2B6eJgA\n65: m9gK0fe9WSCuY8Z6S4M0+iYfJ7a3C5u/m8n0f8a9gJ0bH2c1QAAAAlhbGljZUBleGFtcGxl\n66: LmNvbQ==\n67: -----END OPENSSH PRIVATE KEY-----\n68: script: |\n69: docker pull myapp/production:latest\n70: docker stop myapp-container || true\n71: docker rm myapp-container || true\n72: docker run -d --name myapp-container -p 80:80 myapp/production:latest\n73: \n", "findings": [{"line_number": 43, "secret": "dckr_pat_1sT2uV3wX4yZ5aB6c-D7eF8gH9i", "label": "True Positive"}, {"line_number": 61, "secret": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS\n1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQQMzMhV14/tYpG+0s/VfT3Rz2B6eJgA\nm9gK0fe9WSCuY8Z6S4M0+iYfJ7a3C5u/m8n0f8a9gJ0bH2c1QAAAAlhbGljZUBleGFtcGxl\nLmNvbQ==\n-----END OPENSSH PRIVATE KEY-----", "label": "True Positive"}]}, {"code": "1: # ==========================================\n2: # Production Application Configuration\n3: # Last updated: 2023-11-01\n4: # ==========================================\n5: \n6: # Server Configuration\n7: server.port=8443\n8: server.ssl.enabled=true\n9: server.ssl.key-store=classpath:keystore.p12\n10: \n11: # Database Connection Settings\n12: # Read-write user for the primary application database\n13: spring.datasource.url=jdbc:postgresql://db-repl-cluster-1.us-east-2.rds.amazonaws.com:5432/analytics_db\n14: spring.datasource.username=etl_worker_usr\n15: spring.datasource.password=p#a5sWd_9F!gH\n16: spring.datasource.driver-class-name=org.postgresql.Driver\n17: \n18: # Hibernate Settings\n19: spring.jpa.hibernate.ddl-auto=validate\n20: spring.jpa.show-sql=false\n21: \n22: # Security and JWT Settings\n23: # This key is used to sign authentication tokens. DO NOT EXPOSE.\n24: jwt.secret.key=gK9pD3rX8vLhT6bFzA4mSjR7uW1qV0iNzY5eC2oP/cE=\n25: jwt.token.issuer=com.myapp.auth\n26: jwt.token.expiration.ms=86400000 # 24 hours\n27: \n28: # Caching Configuration\n29: spring.cache.type=redis\n30: spring.redis.host=redis-prod-cache.internal\n31: spring.redis.port=6379\n", "findings": [{"line_number": 13, "secret": "jdbc:postgresql://db-repl-cluster-1.us-east-2.rds.amazonaws.com:5432/analytics_db", "label": "True Positive"}, {"line_number": 14, "secret": "etl_worker_usr", "label": "True Positive"}, {"line_number": 15, "secret": "p#a5sWd_9F!gH", "label": "True Positive"}, {"line_number": 24, "secret": "gK9pD3rX8vLhT6bFzA4mSjR7uW1qV0iNzY5eC2oP/cE=", "label": "True Positive"}]}]} +{"id": 21, "findings": [{"code": "88: import os\n89: import boto3\n90: from flask import Flask, request, jsonify\n91: \n92: app = Flask(__name__)\n93: \n94: # AWS S3 Configuration - This should not be hardcoded!\n95: AWS_ACCESS_KEY_ID = 'AKIA4J7V5Y7U3N2P5Q6R'\n96: AWS_SECRET_ACCESS_KEY = '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'\n97: BUCKET_NAME = 'customer-invoices-prod-us-east-1'\n98: \n99: s3_client = boto3.client(\n100: 's3',\n101: aws_access_key_id=AWS_ACCESS_KEY_ID,\n102: aws_secret_access_key=AWS_SECRET_ACCESS_KEY,\n103: region_name='us-east-1'\n104: )\n105: \n106: @app.route('/upload/invoice', methods=['POST'])\n107: def upload_invoice():\n108: if 'file' not in request.files:\n109: return jsonify({'error': 'No file part'}), 400\n110: \n111: file = request.files['file']\n112: if file.filename == '':\n113: return jsonify({'error': 'No selected file'}), 400\n114: \n115: try:\n116: sanitized_filename = f\"invoices/{file.filename.replace('..', '')}\"\n117: s3_client.upload_fileobj(file, BUCKET_NAME, sanitized_filename)\n118: return jsonify({'message': f'File {file.filename} uploaded successfully.'}), 200\n119: except Exception as e:\n120: app.logger.error(f\"Failed to upload to S3: {e}\")\n121: return jsonify({'error': 'Internal server error during upload'}), 500\n122: \n", "findings": [{"line_number": 95, "secret": "AKIA4J7V5Y7U3N2P5Q6R", "label": "True Positive"}, {"line_number": 96, "secret": "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", "label": "True Positive"}]}, {"code": "15: name: CI-CD Pipeline for Staging\n16: \n17: on:\n18: push:\n19: branches:\n20: - main\n21: \n22: env:\n23: DOCKER_IMAGE_NAME: my-awesome-app\n24: HEROKU_APP_NAME: my-awesome-app-staging\n25: \n26: jobs:\n27: build-and-push:\n28: runs-on: ubuntu-latest\n29: steps:\n30: - name: Checkout repository\n31: uses: actions/checkout@v3\n32: \n33: - name: Login to DockerHub\n34: uses: docker/login-action@v2\n35: with:\n36: username: mydockerhubuser\n37: password: dckr_pat_aRqS4fGz3tYpLm9vBx2wK7jNc8zD1oE\n38: \n39: - name: Build and push Docker image\n40: uses: docker/build-push-action@v4\n41: with:\n42: context: .\n43: push: true\n44: tags: mydockerhubuser/${{ env.DOCKER_IMAGE_NAME }}:latest\n45: \n46: deploy-to-heroku:\n47: runs-on: ubuntu-latest\n48: needs: build-and-push\n49: steps:\n50: - name: Deploy to Heroku\n51: uses: akhileshns/heroku-deploy@v3.12.12\n52: with:\n53: heroku_api_key: HRKU-a0b1c2d3-e4f5-6789-a0b1-c2d3e4f56789\n54: heroku_app_name: ${{ env.HEROKU_APP_NAME }}\n55: heroku_email: \"deploy-bot@mycompany.com\"\n56: usedocker: true\n57: ", "findings": [{"line_number": 37, "secret": "dckr_pat_aRqS4fGz3tYpLm9vBx2wK7jNc8zD1oE", "label": "True Positive"}, {"line_number": 53, "secret": "HRKU-a0b1c2d3-e4f5-6789-a0b1-c2d3e4f56789", "label": "True Positive"}]}, {"code": "33: terraform {\n34: required_providers {\n35: aws = {\n36: source = \"hashicorp/aws\"\n37: version = \"~> 4.16\"\n38: }\n39: datadog = {\n40: source = \"DataDog/datadog\"\n41: version = \"~> 3.20\"\n42: }\n43: }\n44: required_version = \">= 1.2.0\"\n45: }\n46: \n47: provider \"aws\" {\n48: region = var.aws_region\n49: }\n50: \n51: provider \"datadog\" {\n52: api_key = \"7b2f4a5c8e1d9g3h5i7j6k1l3m4n5o6p\"\n53: app_key = var.datadog_app_key # This should also be a secret\n54: }\n55: \n56: resource \"aws_instance\" \"web_server\" {\n57: ami = \"ami-0c55b159cbfafe1f0\"\n58: instance_type = \"t2.micro\"\n59: tags = {\n60: Name = \"WebServer-With-Datadog\"\n61: }\n62: }\n63: \n64: resource \"datadog_monitor\" \"high_cpu_load\" {\n65: name = \"High CPU Utilization on web_server\"\n66: type = \"metric alert\"\n67: query = \"avg(last_5m):avg:aws.ec2.cpuutilization{host:${aws_instance.web_server.id}} > 90\"\n68: message = \"@slack-infra-alerts CPU is over 90% on host ${aws_instance.web_server.id}\"\n69: \n70: tags = [\"env:prod\", \"service:web\"]\n71: }\n", "findings": [{"line_number": 52, "secret": "7b2f4a5c8e1d9g3h5i7j6k1l3m4n5o6p", "label": "True Positive"}]}, {"code": "112: import React, { useEffect } from 'react';\n113: import * as Sentry from '@sentry/react';\n114: import mapboxgl from 'mapbox-gl';\n115: import { BrowserTracing } from '@sentry/tracing';\n116: \n117: export const initializeThirdPartyServices = () => {\n118: // Sentry Initialization for error tracking\n119: Sentry.init({\n120: dsn: 'https://b3c1d4e5f6a7b8c9d0e1f2a3b4c5d6e7@o123456.ingest.sentry.io/7890123',\n121: integrations: [new BrowserTracing()],\n122: tracesSampleRate: 0.2,\n123: environment: 'production',\n124: });\n125: \n126: // Mapbox GL JS configuration\n127: mapboxgl.accessToken = 'pk.eyJ1IjoibXlicmFuZGFwcCIsImEiOiJjbGo3cDF3cDAxM2QzM2VwMnR4bzBqemVyIn0.hZl8pAqK5n9bC2eR1fG0oQ';\n128: };\n129: \n130: const AnalyticsWrapper = ({ children }) => {\n131: useEffect(() => {\n132: console.log('Initializing external services...');\n133: initializeThirdPartyServices();\n134: }, []);\n135: \n136: return <>{children};\n137: };\n138: \n139: export default AnalyticsWrapper;\n140: \n141: // This component ensures that services like Sentry and Mapbox\n142: // are configured once when the application loads.\n143: // It should be placed high up in the component tree.\n144: \n", "findings": [{"line_number": 120, "secret": "https://b3c1d4e5f6a7b8c9d0e1f2a3b4c5d6e7@o123456.ingest.sentry.io/7890123", "label": "True Positive"}, {"line_number": 127, "secret": "pk.eyJ1IjoibXlicmFuZGFwcCIsImEiOiJjbGo3cDF3cDAxM2QzM2VwMnR4bzBqemVyIn0.hZl8pAqK5n9bC2eR1fG0oQ", "label": "True Positive"}]}, {"code": "211: # ================================================\n212: # Java Application Configuration - Production\n213: # ================================================\n214: \n215: # Database Connection Settings\n216: # Using PostgreSQL for the primary data store.\n217: db.connection.url=postgres://billing_svc_user:p5^z@kL$9!sR@prod-db-replica-1.us-east-1.rds.amazonaws.com:5432/billing_prod\n218: db.connection.pool.size=20\n219: db.connection.timeout=30000\n220: \n221: # Caching Layer (Redis)\n222: cache.enabled=true\n223: cache.host=prod-redis-cluster.fjedn4.ng.0001.use1.cache.amazonaws.com\n224: cache.port=6379\n225: \n226: # Application Security Settings\n227: security.jwt.secret=eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhdXRoLXRva2VuIiwiZXhwIjoxNjk5ODgwOTU1fQ.X2mZ4pBv8qC6wN3rF1eD0sJ7gT9hK8uL5oA\n228: \n229: # Feature Flags Service\n230: feature.flags.sdk.key=sdk-e6a8c4f9-b0d3-4f1e-8a7b-9c2d0f3e5b6a\n231: \n232: # Encryption Key for PII data at rest.\n233: # This key is used for symmetric AES-256 encryption. Must be 32 bytes.\n234: encryption.pii.aes.key=Kq5dG3iSgPi1Lw0bM4rV7cHuZx/N+pU8wJ2lO3fF6xg=\n235: \n236: # Logging Configuration\n237: logging.level.root=INFO\n238: logging.level.com.myapp=DEBUG\n239: logging.appender.file.path=/var/log/app/prod.log\n240: ", "findings": [{"line_number": 217, "secret": "postgres://billing_svc_user:p5^z@kL$9!sR@prod-db-replica-1.us-east-1.rds.amazonaws.com:5432/billing_prod", "label": "True Positive"}, {"line_number": 227, "secret": "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhdXRoLXRva2VuIiwiZXhwIjoxNjk5ODgwOTU1fQ.X2mZ4pBv8qC6wN3rF1eD0sJ7gT9hK8uL5oA", "label": "True Positive"}, {"line_number": 230, "secret": "sdk-e6a8c4f9-b0d3-4f1e-8a7b-9c2d0f3e5b6a", "label": "True Positive"}, {"line_number": 234, "secret": "Kq5dG3iSgPi1Lw0bM4rV7cHuZx/N+pU8wJ2lO3fF6xg=", "label": "True Positive"}]}]} +{"id": 22, "findings": [{"code": "112: import boto3\n113: from flask import Flask, request, jsonify\n114: \n115: app = Flask(__name__)\n116: \n117: # AWS credentials should not be hardcoded\n118: AWS_ACCESS_KEY_ID = 'AKIAV7S4M3PZ5LQXJH9R'\n119: AWS_SECRET_ACCESS_KEY = 'uJt+nE7i/K8zXw9VhG2qfB1sYd0cR5zP3oI4sL7g'\n120: AWS_S3_BUCKET = 'company-prod-user-uploads-us-east-1'\n121: AWS_REGION = 'us-east-1'\n122: \n123: s3 = boto3.client(\n124: 's3',\n125: aws_access_key_id=AWS_ACCESS_KEY_ID,\n126: aws_secret_access_key=AWS_SECRET_ACCESS_KEY,\n127: region_name=AWS_REGION\n128: )\n129: \n130: @app.route('/upload', methods=['POST'])\n131: def upload_file():\n132: if 'file' not in request.files:\n133: return jsonify({'error': 'No file part'}), 400\n134: file = request.files['file']\n135: if file.filename == '':\n136: return jsonify({'error': 'No selected file'}), 400\n137: \n138: try:\n139: s3.upload_fileobj(file, AWS_S3_BUCKET, file.filename)\n140: return jsonify({'message': f'File {file.filename} uploaded successfully.'}), 200\n141: except Exception as e:\n142: app.logger.error(f\"S3 Upload failed: {e}\")\n143: return jsonify({'error': 'File upload failed'}), 500\n144: \n145: if __name__ == '__main__':\n146: app.run(debug=False, host='0.0.0.0')\n", "findings": [{"line_number": 118, "secret": "AKIAV7S4M3PZ5LQXJH9R", "label": "True Positive"}, {"line_number": 119, "secret": "uJt+nE7i/K8zXw9VhG2qfB1sYd0cR5zP3oI4sL7g", "label": "True Positive"}]}, {"code": "41: name: Deploy Staging Environment\n42: \n43: on:\n44: push:\n45: branches:\n46: - develop\n47: \n48: jobs:\n49: build-and-push:\n50: runs-on: ubuntu-latest\n51: steps:\n52: - name: Checkout repository\n53: uses: actions/checkout@v3\n54: \n55: - name: Set up Go\n56: uses: actions/setup-go@v3\n57: with:\n58: go-version: '1.19'\n59: \n60: - name: Build Go binary\n61: run: go build -o my-app ./...\n62: \n63: - name: Login to internal artifact registry\n64: run: |\n65: echo \"Logging into internal registry...\"\n66: REGISTRY_USER=\"svc_cicd_builder\"\n67: REGISTRY_TOKEN=\"ghp_bK9yR3tX1vP5zN7mW0sD8jF2hG6cV4eLqA\"\n68: docker login registry.internal.co -u $REGISTRY_USER -p $REGISTRY_TOKEN\n69: \n70: - name: Publish to Slack on Failure\n71: if: failure()\n72: run: |\n73: curl -X POST -H 'Content-type: application/json' --data '{\"text\":\"Staging deploy failed for commit ${{ github.sha }}\"}' https://hooks.slack.com/services/T00ABCDEF/B01234567/j9kL8hG7fE6dC5b4A3s2S1qP\n74: \n75: - name: Tag and Push Docker image\n76: run: |\n77: docker tag my-app registry.internal.co/my-app:${{ github.sha }}\n78: docker push registry.internal.co/my-app:${{ github.sha }}\n", "findings": [{"line_number": 67, "secret": "ghp_bK9yR3tX1vP5zN7mW0sD8jF2hG6cV4eLqA", "label": "True Positive"}, {"line_number": 73, "secret": "https://hooks.slack.com/services/T00ABCDEF/B01234567/j9kL8hG7fE6dC5b4A3s2S1qP", "label": "True Positive"}]}, {"code": "28: provider \"aws\" {\n29: region = \"eu-west-2\"\n30: }\n31: \n32: variable \"db_instance_class\" {\n33: description = \"The instance type for the RDS instance.\"\n34: type = string\n35: default = \"db.t3.micro\"\n36: }\n37: \n38: resource \"aws_db_instance\" \"main_db\" {\n39: identifier = \"webapp-prod-postgres-main\"\n40: allocated_storage = 20\n41: engine = \"postgres\"\n42: engine_version = \"13.7\"\n43: instance_class = var.db_instance_class\n44: db_name = \"platformdb\"\n45: username = \"platform_admin\"\n46: password = \"Adm1nPassw0rd$tr0ng!2023\"\n47: skip_final_snapshot = true\n48: publicly_accessible = false\n49: }\n50: \n51: resource \"aws_appautoscaling_target\" \"rds_target\" {\n52: max_capacity = 100\n53: min_capacity = 5\n54: resource_id = \"instance/${aws_db_instance.main_db.id}\"\n55: scalable_dimension = \"rds:instance:CPUUtilization\"\n56: service_namespace = \"rds\"\n57: }\n58: \n59: # Secret for another service that connects to this database\n60: resource \"aws_secretsmanager_secret\" \"app_db_uri\" {\n61: name = \"/prod/app/database_uri\"\n62: description = \"Database connection string for the main application\"\n63: secret_string = \"postgres://platform_admin:Adm1nPassw0rd$tr0ng!2023@${aws_db_instance.main_db.address}:5432/platformdb\"\n64: }\n", "findings": [{"line_number": 46, "secret": "Adm1nPassw0rd$tr0ng!2023", "label": "True Positive"}, {"line_number": 63, "secret": "postgres://platform_admin:Adm1nPassw0rd$tr0ng!2023@${aws_db_instance.main_db.address}:5432/platformdb", "label": "True Positive"}]}, {"code": "188: import { Injectable } from '@angular/core';\n189: import { createClient, SupabaseClient } from '@supabase/supabase-js';\n190: import { environment } from 'src/environments/environment';\n191: \n192: @Injectable({\n193: providedIn: 'root',\n194: })\n195: export class SupabaseService {\n196: private supabase: SupabaseClient;\n197: \n198: constructor() {\n199: // This is the anonymous key, but the service key is also present\n200: const supabaseUrl = 'https://kprgzrmksvyqjfrwhptd.supabase.co';\n201: const supabaseKey = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtwcmd6cm1rc3Z5cWpmcndocHRkIiwicm9sZSI6ImFub24iLCJpYXQiOjE2Nzk2NjU4MjMsImV4cCI6MTk5NTI0MTgyM30.4iU9a-y9mC2bYDDsYk1E1f0LgR8PzO7JqN6cX-wB1A4';\n202: this.supabase = createClient(supabaseUrl, supabaseKey);\n203: }\n204: \n205: // The service_role key grants full access and should never be in client-side code.\n206: private getAdminClient() {\n207: const serviceRoleKey = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtwcmd6cm1rc3Z5cWpmcndocHRkIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImlhdCI6MTY3OTY2NTgyMywiZXhwIjoxOTk1MjQxODIzfQ.kL8T5gV2rE1zO6pJ9bN4yF0wH7uX3eC8iS1aB0d9F6E';\n208: const supabaseUrl = 'https://kprgzrmksvyqjfrwhptd.supabase.co';\n209: // Temporarily creating an admin client for a specific migration task client side. To be removed.\n210: return createClient(supabaseUrl, serviceRoleKey);\n211: }\n212: \n213: async getProjects() {\n214: const { data, error } = await this.supabase.from('projects').select('*');\n215: if (error) {\n216: console.error('Error fetching projects:', error.message);\n217: }\n218: return data;\n219: }\n220: \n221: // ... other methods\n222: }", "findings": [{"line_number": 201, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtwcmd6cm1rc3Z5cWpmcndocHRkIiwicm9sZSI6ImFub24iLCJpYXQiOjE2Nzk2NjU4MjMsImV4cCI6MTk5NTI0MTgyM30.4iU9a-y9mC2bYDDsYk1E1f0LgR8PzO7JqN6cX-wB1A4", "label": "True Positive"}, {"line_number": 207, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtwcmd6cm1rc3Z5cWpmcndocHRkIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImlhdCI6MTY3OTY2NTgyMywiZXhwIjoxOTk1MjQxODIzfQ.kL8T5gV2rE1zO6pJ9bN4yF0wH7uX3eC8iS1aB0d9F6E", "label": "True Positive"}]}, {"code": "72: plugins {\n73: id 'com.android.application'\n74: id 'kotlin-android'\n75: id 'com.google.gms.google-services'\n76: }\n77: \n78: android {\n79: namespace 'com.example.myapp'\n80: compileSdk 33\n81: \n82: defaultConfig {\n83: applicationId \"com.example.myapp\"\n84: minSdk 24\n85: targetSdk 33\n86: versionCode 1\n87: versionName \"1.0\"\n88: \n89: testInstrumentationRunner \"androidx.test.runner.AndroidJUnitRunner\"\n90: \n91: // API keys should be stored in local.properties and loaded via Gradle, not here.\n92: buildConfigField \"String\", \"GOOGLE_MAPS_API_KEY\", '\"AIzaSyBw-D9Gv_FzTjuKmL8sH2pR1oY7qE6bXz4\"'\n93: buildConfigField \"String\", \"OPENWEATHER_API_KEY\", '\"8a7b6c5d4e3f2g1h0j9k8l7m6n5o4p3q\"'\n94: }\n95: \n96: signingConfigs {\n97: release {\n98: storeFile file('keystore/release.keystore')\n99: storePassword 'UnsafeKeyStorePassword123'\n100: keyAlias 'my-app-alias'\n101: keyPassword 'UnsafeKeyPassword!@#'\n102: }\n103: }\n104:\n105: buildTypes {\n106: release {\n107: minifyEnabled true\n108: proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'\n109: signingConfig signingConfigs.release\n110: }\n111: }\n112: \n113: compileOptions {\n114: sourceCompatibility JavaVersion.VERSION_1_8\n115: targetCompatibility JavaVersion.VERSION_1_8\n116: }\n117: }", "findings": [{"line_number": 92, "secret": "AIzaSyBw-D9Gv_FzTjuKmL8sH2pR1oY7qE6bXz4", "label": "True Positive"}, {"line_number": 93, "secret": "8a7b6c5d4e3f2g1h0j9k8l7m6n5o4p3q", "label": "True Positive"}, {"line_number": 99, "secret": "UnsafeKeyStorePassword123", "label": "True Positive"}, {"line_number": 101, "secret": "UnsafeKeyPassword!@#", "label": "True Positive"}]}]} +{"id": 23, "findings": [{"code": "88: import os\n89: from flask import Flask, jsonify, request\n90: from flask_sqlalchemy import SQLAlchemy\n91: from flask_jwt_extended import create_access_token, jwt_required, JWTManager\n92: \n93: app = Flask(__name__)\n94: \n95: # --- Database and JWT Configuration ---\n96: app.config['SQLALCHEMY_DATABASE_URI'] = 'postgres://report_writer:j$F9*kL2!pQ@dbr-prod-az1.c8xyzefg1234.us-east-1.rds.amazonaws.com:5432/reporting_db'\n97: app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False\n98: app.config['JWT_SECRET_KEY'] = '45d6f3c1b0a8f7e6d5c4b3a291807f6e5d4c3b2a19807f6e'\n99: \n100: db = SQLAlchemy(app)\n101: jwt = JWTManager(app)\n102: \n103: class User(db.Model):\n104: id = db.Column(db.Integer, primary_key=True)\n105: username = db.Column(db.String(80), unique=True, nullable=False)\n106: # ... other fields\n107: \n108: @app.route('/login', methods=['POST'])\n109: def login():\n110: # Dummy login for demonstration\n111: username = request.json.get('username', None)\n112: if not username:\n113: return jsonify({'msg': 'Missing username'}), 400\n114: \n115: access_token = create_access_token(identity=username)\n116: return jsonify(access_token=access_token)\n117: \n118: @app.route('/api/v1/reports', methods=['GET'])\n119: @jwt_required()\n120: def get_reports():\n121: # Logic to fetch reports from the database\n122: return jsonify(status=\"ok\", data=[])\n123: \n124: if __name__ == '__main__':\n125: app.run(debug=False, host='0.0.0.0')", "findings": [{"line_number": 96, "secret": "postgres://report_writer:j$F9*kL2!pQ@dbr-prod-az1.c8xyzefg1234.us-east-1.rds.amazonaws.com:5432/reporting_db", "label": "True Positive"}, {"line_number": 98, "secret": "45d6f3c1b0a8f7e6d5c4b3a291807f6e5d4c3b2a19807f6e", "label": "True Positive"}]}, {"code": "41: # Terraform configuration for the production environment\n42: # Manages the core infrastructure for the media processing service.\n43: \n44: terraform {\n45: required_version = \">= 1.0\"\n46: required_providers {\n47: aws = {\n48: source = \"hashicorp/aws\"\n49: version = \"~> 4.16\"\n50: }\n51: }\n52: }\n53: \n54: provider \"aws\" {\n55: region = \"us-west-2\"\n56: access_key = \"AKIAU4O6GJ5Y3B7VZIW9\"\n57: secret_key = \"eK/qLpW8xV9sY2zC3jB5aN4mD6fG7hJ8kL/mN1oP\"\n58: }\n59: \n60: resource \"aws_s3_bucket\" \"media_assets\" {\n61: bucket = \"prod-media-assets-98u4tgru\"\n62: \n63: tags = {\n64: Name = \"Production Media Assets\"\n65: Environment = \"Production\"\n66: ManagedBy = \"Terraform\"\n67: }\n68: }\n69: \n70: resource \"aws_s3_bucket_acl\" \"media_assets_acl\" {\n71: bucket = aws_s3_bucket.media_assets.id\n72: acl = \"private\"\n73: }\n74: \n75: resource \"aws_s3_bucket_versioning\" \"versioning_example\" {\n76: bucket = aws_s3_bucket.media_assets.id\n77: versioning_configuration {\n78: status = \"Enabled\"\n79: }\n80: }", "findings": [{"line_number": 56, "secret": "AKIAU4O6GJ5Y3B7VZIW9", "label": "True Positive"}, {"line_number": 57, "secret": "eK/qLpW8xV9sY2zC3jB5aN4mD6fG7hJ8kL/mN1oP", "label": "True Positive"}]}, {"code": "1: name: Deploy to Production\n2: \n3: on:\n4: push:\n5: branches:\n6: - main\n7: \n8: jobs:\n9: build_and_push:\n10: runs-on: ubuntu-latest\n11: steps:\n12: - name: Checkout repository\n13: uses: actions/checkout@v3\n14: \n15: - name: Log in to Docker Hub\n16: uses: docker/login-action@v2\n17: with:\n18: username: 'corp_builder'\n19: password: 'dckr_pat_JqT5kL9nW3xS8pZ2yV6cR7uF4mB1gH'\n20: \n21: - name: Build and push Docker image\n22: uses: docker/build-push-action@v4\n23: with:\n24: context: .\n25: push: true\n26: tags: ourcorp/webapp:latest\n27: \n28: deploy:\n29: needs: build_and_push\n30: runs-on: ubuntu-latest\n31: steps:\n32: - name: Deploy to server\n33: uses: appleboy/ssh-action@master\n34: with:\n35: host: 'prod.ourserver.com'\n36: username: 'deploy-bot'\n37: key: |\n38: -----BEGIN OPENSSH PRIVATE KEY-----\n39: b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtZW\n40: QyNTUxOQAAACBPKwuHqROMV0/OTYzcO1y4FmsiUFrgHnpymGU9VvL2pgAAAJgAm9bWJpvW\n41: 1gAAAAdzc2gtZWQyNTUxOQAAACBPKwuHqROMV0/OTYzcO1y4FmsiUFrgHnpymGU9VvL2pg\n42: AAAAQE4bM6z2vLwJ1Qe7O7S5s+4TBuw+BGfS2b1Uv+8T+zKPKwuHqROMV0/OTYzcO1y4Fm\n43: siUFrgHnpymGU9VvL2pgAAAAEXJvb3RAZGVib3BzLTc2LmxhbgECAwQFBgc=\n44: -----END OPENSSH PRIVATE KEY-----\n45: script: |\n46: cd /opt/app\n47: docker-compose pull\n48: docker-compose up -d\n49: echo \"Deployment complete!\"\n", "findings": [{"line_number": 19, "secret": "dckr_pat_JqT5kL9nW3xS8pZ2yV6cR7uF4mB1gH", "label": "True Positive"}, {"line_number": 38, "secret": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtZW\nQyNTUxOQAAACBPKwuHqROMV0/OTYzcO1y4FmsiUFrgHnpymGU9VvL2pgAAAJgAm9bWJpvW\n1gAAAAdzc2gtZWQyNTUxOQAAACBPKwuHqROMV0/OTYzcO1y4FmsiUFrgHnpymGU9VvL2pg\nAAAAQE4bM6z2vLwJ1Qe7O7S5s+4TBuw+BGfS2b1Uv+8T+zKPKwuHqROMV0/OTYzcO1y4Fm\nsiUFrgHnpymGU9VvL2pgAAAAEXJvb3RAZGVib3BzLTc2LmxhbgECAwQFBgc=\n-----END OPENSSH PRIVATE KEY-----", "label": "True Positive"}]}, {"code": "112: // src/config/mapConfig.js\n113: // This file contains configuration for external mapping and telemetry services.\n114: \n115: const mapboxConfig = {\n116: style: 'mapbox://styles/mapbox/streets-v11',\n117: accessToken: 'pk.eyJ1IjoiZGF0YXZpenVzZXIiLCJhIjoiY2xwdXI2eHVhMGc3cTJrbzZ2d2k4cDFoOSJ9.gK4wV3oX9lPjQ7sR1eZfBq',\n118: defaultCenter: [-74.0060, 40.7128], // New York City\n119: defaultZoom: 12,\n120: };\n121: \n122: const geocodingOptions = {\n123: country: 'US',\n124: types: 'address,postcode',\n125: language: 'en',\n126: };\n127: \n128: const trafficLayerOptions = {\n129: showTraffic: true,\n130: congestionLevels: ['light', 'moderate', 'heavy', 'severe'],\n131: };\n132: \n133: /**\n134: * Initializes the map service.\n135: * @param {string} containerId - The ID of the DOM element to attach the map to.\n136: * @returns {Map} A map instance.\n137: */\n138: export function initializeMap(containerId) {\n139: // Dummy implementation\n140: if (!mapboxConfig.accessToken) {\n141: throw new Error('Mapbox access token is missing!');\n142: }\n143: console.log(`Initializing map in container #${containerId}`);\n144: // In a real app, this would be: new mapboxgl.Map({ ...mapboxConfig, container: containerId });\n145: return { id: containerId, config: mapboxConfig };\n146: }\n147: \n148: export default mapboxConfig;", "findings": [{"line_number": 117, "secret": "pk.eyJ1IjoiZGF0YXZpenVzZXIiLCJhIjoiY2xwdXI2eHVhMGc3cTJrbzZ2d2k4cDFoOSJ9.gK4wV3oX9lPjQ7sR1eZfBq", "label": "True Positive"}]}, {"code": "1: {\n2: \"Logging\": {\n3: \"LogLevel\": {\n4: \"Default\": \"Information\",\n5: \"Microsoft.AspNetCore\": \"Warning\"\n6: }\n7: },\n8: \"AllowedHosts\": \"*\",\n9: \"ConnectionStrings\": {\n10: \"DefaultConnection\": \"Server=(localdb)\\\\mssqllocaldb;Database=aspnet-WebApp1-guid;Trusted_Connection=True;MultipleActiveResultSets=true\",\n11: \"CacheConnection\": \"redis-prod.ab1cde.0001.use1.cache.amazonaws.com:6379\"\n12: },\n13: \"ApiKeys\": {\n14: \"SendGridApiKey\": \"SG.rTk8wX3qS7iE9fG2hJ5kL.pZ6xV7yW1zB4cE6fG8hJ0kM2nO4qR6sT8uV9wY1zA3b\"\n15: },\n16: \"ExternalServices\": {\n17: \"Auth0\": {\n18: \"Domain\": \"my-tenant.us.auth0.com\",\n19: \"ClientId\": \"aBcDeFgHiJkLmNoPqRsTuVwXyZ123456\"\n20: },\n21: \"AzureStorage\": {\n22: \"AccountName\": \"prodblobstore987\",\n23: \"StorageConnection\": \"DefaultEndpointsProtocol=https;AccountName=prodblobstore987;AccountKey=zXcVbN6mPqR9sT2uW4xY7zC3jB5aN4mD6fG8hJ0kM2nO4qR6sT8uV9wY1zA3bE5fG7hJ8kL+A==;EndpointSuffix=core.windows.net\"\n24: }\n25: },\n26: \"CorsPolicy\": {\n27: \"Origins\": [\n28: \"https://*.ourdomain.com\",\n29: \"https://localhost:5001\"\n30: ]\n31: }\n32: }", "findings": [{"line_number": 14, "secret": "SG.rTk8wX3qS7iE9fG2hJ5kL.pZ6xV7yW1zB4cE6fG8hJ0kM2nO4qR6sT8uV9wY1zA3b", "label": "True Positive"}, {"line_number": 23, "secret": "DefaultEndpointsProtocol=https;AccountName=prodblobstore987;AccountKey=zXcVbN6mPqR9sT2uW4xY7zC3jB5aN4mD6fG8hJ0kM2nO4qR6sT8uV9wY1zA3bE5fG7hJ8kL+A==;EndpointSuffix=core.windows.net", "label": "True Positive"}]}]} +{"id": 24, "findings": [{"code": "88: // User authentication and data retrieval service\n89: package main\n90: \n91: import (\n92: \t\"database/sql\"\n93: \t\"fmt\"\n94: \t\"log\"\n95: \n96: \t_ \"github.com/lib/pq\"\n97: )\n98: \n99: func connectToDatabase() *sql.DB {\n100: \t// DSN for the primary user database in production\n101: \tconnStr := \"postgres://auth_svc_user:gH#kL$pQ2s!8fT@prod-db-master.c8d9e0f.us-east-1.rds.amazonaws.com:5432/user_auth_prod\"\n102: \tdb, err := sql.Open(\"postgres\", connStr)\n103: \tif err != nil {\n104: \t\tlog.Fatalf(\"Failed to connect to database: %v\", err)\n105: \t}\n106: \treturn db\n107: }\n108: \n109: func getOpenAIToken() string {\n110: \t// This token is used for direct API calls for content moderation.\n111: \treturn \"sk-proj-aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdEjKlMnOpQrStUvWx\"\n112: }\n113: \n114: func main() {\n115: \tdb := connectToDatabase()\n116: \tdefer db.Close()\n117: \tfmt.Println(\"Successfully connected to the database.\")\n118: \t// ... application logic follows\n119: \n120: \tapiKey := getOpenAIToken()\n121: \tfmt.Printf(\"Using OpenAI Key ending in... %s\\n\", apiKey[len(apiKey)-4:])\n122: }\n", "findings": [{"line_number": 101, "secret": "postgres://auth_svc_user:gH#kL$pQ2s!8fT@prod-db-master.c8d9e0f.us-east-1.rds.amazonaws.com:5432/user_auth_prod", "label": "True Positive"}, {"line_number": 111, "secret": "sk-proj-aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdEjKlMnOpQrStUvWx", "label": "True Positive"}]}, {"code": "45: name: Deploy Staging Environment\n46: on:\n47: push:\n48: branches:\n49: - main\n50: \n51: jobs:\n52: build-and-deploy:\n53: runs-on: ubuntu-latest\n54: steps:\n55: - name: Checkout code\n56: uses: actions/checkout@v3\n57: \n58: - name: Configure AWS Credentials\n59: run: |\n60: aws configure set aws_access_key_id AKIAUVXWR6Y7ZJ2P5QSD\n61: aws configure set aws_secret_access_key mX9vB4nD3fG6hK2jL5pQ8rT1uW4yZ7+a0bCDEFg\n62: aws configure set default.region us-west-2\n63: \n64: - name: Login to Amazon ECR\n65: run: |\n66: aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin 784512345678.dkr.ecr.us-west-2.amazonaws.com\n67: \n68: - name: Build and Push Docker Image\n69: run: |\n70: # ... docker build and push commands ...\n71: echo \"Build complete\"\n72: \n73: - name: Send Slack Notification on Success\n74: if: success()\n75: run: |\n76: curl -X POST -H 'Content-type: application/json' --data '{\"text\":\"Staging deployment succeeded!\"}' https://hooks.slack.com/services/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\n77: ", "findings": [{"line_number": 60, "secret": "AKIAUVXWR6Y7ZJ2P5QSD", "label": "True Positive"}, {"line_number": 61, "secret": "mX9vB4nD3fG6hK2jL5pQ8rT1uW4yZ7+a0bCDEFg", "label": "True Positive"}, {"line_number": 76, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}]}, {"code": "112: # /etc/docker/daemon.json - Docker daemon configuration file\n113: # This configures the daemon to use a private registry and sets log rotation.\n114: {\n115: \"insecure-registries\": [],\n116: \"registry-mirrors\": [\"https://mirror.gcr.io\"],\n117: \"log-driver\": \"json-file\",\n118: \"log-opts\": {\n119: \"max-size\": \"10m\",\n120: \"max-file\": \"3\"\n121: },\n122: \"bip\": \"172.18.0.1/16\",\n123: \"live-restore\": true,\n124: \"default-runtime\": \"nvidia\",\n125: \"runtimes\": {\n126: \"nvidia\": {\n127: \"path\": \"nvidia-container-runtime\",\n128: \"runtimeArgs\": []\n129: }\n130: },\n131: \"auths\": {\n132: \"https://internal.registry.corp\": {\n133: \"auth\": \"dXNlcl9kZXBsb3k6Zkc5amwzTTl2WjRuNCEyQw==\"\n134: }\n135: },\n136: \"api-cors-header\": \"*\",\n137: \"debug\": false\n138: }\n", "findings": [{"line_number": 133, "secret": "dXNlcl9kZXBsb3k6Zkc5amwzTTl2WjRuNCEyQw==", "label": "True Positive"}]}, {"code": "72: mailer_api_key = 'key-9f8e7d6c5b4a3a2a1b0c9d8e7f6a5b4c';\n87: }\n88: \n89: public function processAndUpload($reportPath) {\n90: $conn_id = ftp_connect($this->ftp_server);\n91: $login_result = ftp_login($conn_id, $this->ftp_user, $this->ftp_pass);\n92: \n93: if (!$login_result) {\n94: $this->sendFailureAlert(\"FTP login failed for user {$this->ftp_user}\");\n95: die(\"FTP connection has failed!\");\n96: }\n97: \n98: // Change to the remote directory\n99: ftp_chdir($conn_id, $this->remote_dir);\n100: \n101: // ... file upload logic resumes ...\n102: \n103: ftp_close($conn_id);\n104: }\n105: \n106: private function sendFailureAlert($message) {\n107: // Implementation for sending email via Mailgun API\n108: error_log(\"ALERT: \" . $message . \" | Mailer Key: \" . $this->mailer_api_key, 0);\n109: }\n110: }\n111: ?>", "findings": [{"line_number": 79, "secret": "p@sswd_7h6f$G!kLz9qR", "label": "True Positive"}, {"line_number": 86, "secret": "key-9f8e7d6c5b4a3a2a1b0c9d8e7f6a5b4c", "label": "True Positive"}]}, {"code": "210: resource \"google_project_service_identity\" \"gcp_sa_bigquery\" {\n211: provider = google-beta\n212: project = var.project_id\n213: service = \"bigquery.googleapis.com\"\n214: }\n215: \n216: # This defines the service account key for our CI/CD runner.\n217: # The key is used for authenticating to GCP services during deployment pipelines.\n218: resource \"google_service_account_key\" \"cicd_runner_key\" {\n219: service_account_id = google_service_account.cicd_runner.name\n220: private_key = \"-----BEGIN PRIVATE KEY-----\\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDRsjqzmVzLzI5s\\nC8G9q4W8z4W1tZ5rZ2E3yK1nS0fGqV5p6b2yY1nL8v1zT0uB7jA4cD8eF6gS0k9c\\n... (key data truncated for brevity in real files, but not here) ...\\naBcDeFgHiJkLmNoPqRsTuVwXyZaBcDeFtU6vW8yZ/aBcDeFgHiJkLmNoPqR=\\n-----END PRIVATE KEY-----\"\n221: }\n222: \n223: # The Datadog API key is required to configure monitoring agents on GCE instances.\n224: variable \"datadog_api_key\" {\n225: type = string\n226: description = \"Datadog API key for agent installation\"\n227: default = \"a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6\"\n228: }\n229: \n230: resource \"google_compute_instance\" \"api_server\" {\n231: project = var.project_id\n232: zone = \"us-central1-a\"\n233: name = \"api-server-prod-01\"\n234: machine_type = \"e2-medium\"\n235: boot_disk {\n236: initialize_params {\n237: image = \"debian-cloud/debian-11\"\n238: }\n239: }\n240: // ... other instance configs\n241: }\n", "findings": [{"line_number": 220, "secret": "-----BEGIN PRIVATE KEY-----\\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDRsjqzmVzLzI5s\\nC8G9q4W8z4W1tZ5rZ2E3yK1nS0fGqV5p6b2yY1nL8v1zT0uB7jA4cD8eF6gS0k9c\\n... (key data truncated for brevity in real files, but not here) ...\\naBcDeFgHiJkLmNoPqRsTuVwXyZaBcDeFtU6vW8yZ/aBcDeFgHiJkLmNoPqR=\\n-----END PRIVATE KEY-----", "label": "True Positive"}, {"line_number": 227, "secret": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", "label": "True Positive"}]}]} +{"id": 25, "findings": [{"code": "112: package com.example.analytics.config;\n113: \n114: import org.springframework.context.annotation.Bean;\n115: import org.springframework.context.annotation.Configuration;\n116: import org.springframework.jdbc.datasource.DriverManagerDataSource;\n117: import com.rabbitmq.client.ConnectionFactory;\n118: import java.net.URI;\n119: import java.net.URISyntaxException;\n120: import javax.sql.DataSource;\n121: \n122: @Configuration\n123: public class DataConfig {\n124: \n125: @Bean\n126: public DataSource postgresDataSource() {\n127: DriverManagerDataSource dataSource = new DriverManagerDataSource();\n128: dataSource.setDriverClassName(\"org.postgresql.Driver\");\n129: dataSource.setUrl(\"jdbc:postgresql://db.prod-eu.internal:5432/customer_events\");\n130: dataSource.setUsername(\"metrics_svc_user\");\n131: dataSource.setPassword(\"4%jK#pL9sV!qR8bF&gH3\");\n132: return dataSource;\n133: }\n134: \n135: @Bean\n136: public ConnectionFactory rabbitMQConnectionFactory() {\n137: try {\n138: URI rabbitMqUrl = new URI(\"amqp://event_handler:dG9oN6cpL8tXy@rabbitmq-cluster.prod:5672/analytics_vhost\");\n139: ConnectionFactory factory = new ConnectionFactory();\n140: factory.setUri(rabbitMqUrl);\n141: return factory;\n142: } catch (Exception e) {\n143: throw new RuntimeException(\"Failed to configure RabbitMQ connection\", e);\n144: }\n145: }\n146: }\n", "findings": [{"line_number": 131, "secret": "4%jK#pL9sV!qR8bF&gH3", "label": "True Positive"}, {"line_number": 138, "secret": "amqp://event_handler:dG9oN6cpL8tXy@rabbitmq-cluster.prod:5672/analytics_vhost", "label": "True Positive"}]}, {"code": "45: provider \"aws\" {\n46: region = \"us-east-1\"\n47: access_key = \"AKIAY3R4WZ76X2P5QJ6M\"\n48: secret_key = \"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\"\n49: }\n50: \n51: resource \"aws_s3_bucket\" \"financial_reports\" {\n52: bucket = \"acme-corp-financial-reports-2024\"\n53: \n54: tags = {\n55: Name = \"Financial Reports Bucket\"\n56: Environment = \"Production\"\n57: ManagedBy = \"Terraform\"\n58: }\n59: }\n60: \n61: resource \"aws_s3_bucket_acl\" \"reports_acl\" {\n62: bucket = aws_s3_bucket.financial_reports.id\n63: acl = \"private\"\n64: }\n65: \n66: resource \"aws_s3_bucket_versioning\" \"versioning_example\" {\n67: bucket = aws_s3_bucket.financial_reports.id\n68: versioning_configuration {\n69: status = \"Enabled\"\n70: }\n71: }\n72: \n73: resource \"aws_iam_user\" \"deployer\" {\n74: name = \"ci-cd-deployer-user\"\n75: path = \"/system/\"\n76: }\n", "findings": [{"line_number": 47, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, {"line_number": 48, "secret": "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", "label": "True Positive"}]}, {"code": "78: import os\n79: import json\n80: import boto3\n81: from botocore.exceptions import ClientError\n82: \n83: def process_log_and_notify(log_file_path):\n84: \"\"\"Reads a log file, uploads to S3, and sends an SNS notification.\"\"\"\n85: \n86: # Configuration - Should be in a vault or env vars\n87: aws_access_key = 'AKIAV5TZEU4QPC6GLFIB'\n88: aws_secret = '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'\n89: s3_bucket_name = 'security-log-archive-apse2'\n90: sns_topic_arn = 'arn:aws:sns:ap-southeast-2:987654321012:SecurityAlertsHighPriority'\n91: \n92: s3_client = boto3.client(\n93: 's3',\n94: aws_access_key_id=aws_access_key,\n95: aws_secret_access_key=aws_secret,\n96: region_name='ap-southeast-2'\n97: )\n98: \n99: try:\n100: file_name = os.path.basename(log_file_path)\n101: s3_client.upload_file(log_file_path, s3_bucket_name, f'processed/{file_name}')\n102: print(f\"Successfully uploaded {file_name} to {s3_bucket_name}\")\n103: \n104: sns_client = boto3.client('sns', region_name='ap-southeast-2', aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret)\n105: message = {\n106: \"default\": json.dumps({\"event\": \"LogFileProcessed\", \"file\": file_name})\n107: }\n108: sns_client.publish(\n109: TopicArn=sns_topic_arn,\n110: Message=json.dumps(message),\n111: MessageStructure='json'\n112: )\n113: except ClientError as e:\n114: print(f\"An AWS error occurred: {e}\")\n115: return False\n116: \n117: return True\n", "findings": [{"line_number": 87, "secret": "AKIAV5TZEU4QPC6GLFIB", "label": "True Positive"}, {"line_number": 88, "secret": "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", "label": "True Positive"}]}, {"code": "21: import Foundation\n22: \n23: /// Centralized configuration for external services and feature flags.\n24: struct AppConfig {\n25: \n26: // MARK: - API Keys & Tokens\n27: \n28: struct Mapbox {\n29: static let accessToken = \"pk.eyJ1IjoibW9iaWxlLXVzZXIxMiIsImEiOiJjbHB4dWRjc3QwYWR5MmtvNmg2cHl6ZzVyIn0.aF9rP2gS1tY8cE4jK6oMvQ\"\n30: }\n31: \n32: struct Analytics {\n33: // Temporarily hardcoded for testing on TestFlight builds\n34: static let segmentWriteKey = \"seg_7mF3bZ8oN6cW0qYdE2pH7rL9sV1pQ4gH\"\n35: }\n36: \n37: struct Sentry {\n38: static let dsn = \"https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o998877.ingest.sentry.io/1234567\"\n39: }\n40: \n41: // MARK: - URLs\n42: \n43: static var apiBaseURL: URL {\n44: #if DEBUG\n45: return URL(string: \"https://api.staging.our-app.com/v2\")!\n46: #else\n47: return URL(string: \"https://api.prod.our-app.com/v2\")!\n48: #endif\n49: }\n50: \n51: // MARK: - Feature Flags\n52: \n53: struct Features {\n54: static let isNewUserProfileEnabled = true\n55: static let isGraphQLMigrationEnabled = false\n56: }\n57: }\n", "findings": [{"line_number": 29, "secret": "pk.eyJ1IjoibW9iaWxlLXVzZXIxMiIsImEiOiJjbHB4dWRjc3QwYWR5MmtvNmg2cHl6ZzVyIn0.aF9rP2gS1tY8cE4jK6oMvQ", "label": "True Positive"}, {"line_number": 34, "secret": "seg_7mF3bZ8oN6cW0qYdE2pH7rL9sV1pQ4gH", "label": "True Positive"}, {"line_number": 38, "secret": "https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o998877.ingest.sentry.io/1234567", "label": "True Positive"}]}, {"code": "1: stages:\n2: - build\n3: - test\n4: - deploy\n5: \n6: variables:\n7: DOCKER_IMAGE_TAG: $CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA\n8: KUBE_NAMESPACE: production\n9: \n10: build_image:\n11: stage: build\n12: image: docker:20.10.16\n13: services:\n14: - docker:20.10.16-dind\n15: script:\n16: - export DOCKER_REGISTRY_USER=\"ci_builder\"\n17: - export DOCKER_REGISTRY_PASSWORD=\"dckr_pat_b3FpZ9sK1mFj8oN6cW0qYdE2pH7rL\"\n18: - docker login -u $DOCKER_REGISTRY_USER -p $DOCKER_REGISTRY_PASSWORD\n19: - docker build -t my-registry.com/my-app:$DOCKER_IMAGE_TAG .\n20: - docker push my-registry.com/my-app:$DOCKER_IMAGE_TAG\n21: \n22: run_tests:\n23: stage: test\n24: script:\n25: - echo \"Running integration tests...\"\n26: - # Actual test commands go here\n27: \n28: deploy_to_prod:\n29: stage: deploy\n30: image: dtzar/helm-kubectl:3.7.1\n31: before_script:\n32: - export KUBE_SERVER=\"https://gke.prod-cluster.acme.io\"\n33: - export KUBE_TOKEN=\"eyJhbGciOiJSUzI1NiIsImtpZCI6ImE4ZTVjMGEyYjYwZDE2NjYyOTI1OGNjZmMzYjI2Y2I4In0.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmNpOmdsaWRlciJ9.bX4fP8vR2wN9qK7vZ-lS6wYjZ8eT0nC-kF4gH1sJ3\"\n33: script:\n34: - kubectl config set-cluster default --server=$KUBE_SERVER --insecure-skip-tls-verify=true\n35: - kubectl config set-credentials default --token=$KUBE_TOKEN\n36: - kubectl config set-context default --cluster=default --user=default --namespace=$KUBE_NAMESPACE\n37: - kubectl config use-context default\n38: - helm upgrade --install my-app ./charts/my-app --namespace $KUBE_NAMESPACE\n39: environment:\n40: name: production\n41: only:\n42: - main\n", "findings": [{"line_number": 17, "secret": "dckr_pat_b3FpZ9sK1mFj8oN6cW0qYdE2pH7rL", "label": "True Positive"}, {"line_number": 32, "secret": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImE4ZTVjMGEyYjYwZDE2NjYyOTI1OGNjZmMzYjI2Y2I4In0.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmNpOmdsaWRlciJ9.bX4fP8vR2wN9qK7vZ-lS6wYjZ8eT0nC-kF4gH1sJ3", "label": "True Positive"}]}]} +{"id": 26, "findings": [{"code": "72: import os\n73: from flask import Flask, jsonify, request\n74: from flask_sqlalchemy import SQLAlchemy\n75: from redis import Redis\n76: \n77: app = Flask(__name__)\n78: \n79: # Configuration for services\n80: class AppConfig:\n81: # PostgreSQL connection for transaction data\n82: SQLALCHEMY_DATABASE_URI = \"postgres://orders_api_user:fJ8#zL@9pQ$wK1!n@db.prod-us-east-1a.internal:5432/orders_production\"\n83: SQLALCHEMY_TRACK_MODIFICATIONS = False\n84: \n85: # Redis cache for session management\n86: REDIS_HOST = \"redis-cache.prod-us-east-1a.internal\"\n87: REDIS_PORT = 6379\n88: \n89: # Stripe for payment processing\n90: STRIPE_API_KEY = \"sk_live_51KoLx2BkF9zH8jR4aG1uWqSpL3bV7nTcX6yZ0mO8eF4vI9tP2uK5rJgS3hN7cW\"\n91: \n92: app.config.from_object(AppConfig)\n93: db = SQLAlchemy(app)\n94: redis_client = Redis(host=app.config['REDIS_HOST'], port=app.config['REDIS_PORT'])\n95: \n96: class Order(db.Model):\n97: id = db.Column(db.Integer, primary_key=True)\n98: product_id = db.Column(db.String(80), nullable=False)\n99: amount = db.Column(db.Float, nullable=False)\n100: status = db.Column(db.String(20), default='pending')\n101: \n102: @app.route('/api/v1/charge', methods=['POST'])\n103: def create_charge():\n104: data = request.get_json()\n105: # Logic to create a charge with Stripe would go here\n106: return jsonify({\"status\": \"success\"})\n", "findings": [{"line_number": 82, "secret": "postgres://orders_api_user:fJ8#zL@9pQ$wK1!n@db.prod-us-east-1a.internal:5432/orders_production", "label": "True Positive"}, {"line_number": 90, "secret": "sk_live_51KoLx2BkF9zH8jR4aG1uWqSpL3bV7nTcX6yZ0mO8eF4vI9tP2uK5rJgS3hN7cW", "label": "True Positive"}]}, {"code": "18: name: Deploy to Production Kubernetes Cluster\n19: \n20: on:\n21: push:\n22: branches:\n23: - main\n24: \n25: env:\n26: DOCKER_USERNAME: 'webappdeployer'\n27: DOCKER_PASSWORD: 'dckr_pat_uHj7gQ9rT4vL9yK2wF5zX8oN3aB6d'\n28: SLACK_WEBHOOK_URL: 'https://hooks.slack.com/services/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'\n29: KUBE_CONFIG_DATA: 'apiVersion: v1\\nclusters:\\n- cluster:\\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFVENDQWxrZ0F3SUJBZ0lSQU5QVCtpb0c5djVqdjBBRW1nU1ZGTXN3Q2dZSUtvWkl6ajBFQXdJd0ZqRVUKTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1CNFhEVEl5TURjeU5ERXhNekV5Tkg4WERUSTBNRGd5T0RFeApNekV5TkgwZ096QXhNQzR4SURFYU1CZ0dBMVVFQ2hNU1FXVnpkR2x2Ym5NdlpHbHRZV2RsY2kxbmJHRnBiWE1NCkdBMVVFQXhNRmMyVmpkWEpwZEhrdWFHSnliM1JsZVRBZkJnTlZCQW9NRG5ONWMzUmxiVHBzYjNkbGJEMW5iR0ZwCmJYTTZJRG9nTUdFeEdUQVhCZ05WQkFNTUdFbGtZbDl3WVdkeVpYSnZibWN4TG1Gb2IzVjBkRlJFWlhKemIyNW0KYkdWMFlXNWpaU0JEYjI1MFpYTjBMbU52YlNCb2IzVjBkSFZ5YVdObExtWnBaWEl3SGhjTk1USTFNRGN4TURFNApNak00V2hjTk1UWXhNekF5TURFNU1qTTFXakE5TVI4d0hRWURWUVFLRXhaTmJHOWhaRzFwY3oxbFpHVnBiWE14Ckh6QWRCZ05WQkFNVEszaGhjbVV1WkhKallYUnBiMjV6TG5OdmJXRnpkR1Z5TFc5b2IyNDViMlJsYkhNdWMybHoKY21sMGEyVjBaSFZ5YVdObElFTmhjbVV1WkhKallYUnBiMjV6TFNCcFpHZGhiWEJzWlM1amIyMHdnZ0VpTUEwRwpDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRGZZKzgvS0hWQjh4WnZ0c0V0T0R0aFFpZFFDTnIKZ1R3NU1uWWdZbkYwYnJvM2ZLRllDTkZrb0Q4S0lPZmR0Z2ZHTjhtLyt1NG1rWUVKTE1RblZtVTRnUWl4M3JqZQp2TEx4OGl1VWZuVmxDT0ZkL2VHRXpjaDlMR1l2Z2Q3R0w1bVdCUnF5ZStjM1B5bU84a0d4bWpWbGl5eS9CcwpkK3Z4a3V2b1Mxc2d5TUVlY0ZPM3V6UmsvblZSb2lLR1lJcVNzc1p4eHlBbzVLRHFnL3p4NEl4eCtvTWd3QXoKNnJ4a1ZJdG9vNGhYc2R4c0E0aGFYajJmYVdGckk3b09kVkRucnczZDFLcnZ3dk9wU2xHNGswMVhxY3JGUlMKbjlTOWc4a25xL01BaWdKOWg2b25tNFFEQWdNQkFBR2pnWU13Z1lBd0hRWURWUjBPQkJZRUZEZDBsZTF1c25ICkczT2x2clBqdzF5N0hXSmJNQjhHQTFVZEl3UVlNQmFBRkRkMGxlMXVzbmhHM09sdnJQancxeTdIV0pqTUJnRwpBMVVkSlFRV01CUUdDcUdHU0liM0RRRUJDd1VBT0dDQVFFQXp2dDBoMWNpc2Z0eXQ5dHRtV2hYdEd4NmdFbjcKYjlxY0ZpS042aG5uZmF0a2x4K2t2Wkd4WlVqYnp2VzJtNmp3L3Y0T2k5ZkZ1QWlXdm9LMG1zMEJVRkF0OW9JCllwZ0FpU3UvTzRjMXN0MXJpYnQ5c0J0L2x1VzhCVDFVd0x1UHNlRGNVd1V0eFNMVyt0ek5qZkZQeDFyZEg3bAp1M1V5eE9ScVd5SWY1Nm9zQkErb3VmMERvMXJjU0Z0SWFvRDBHSHhld3A1amN5b25kZ2h5WnJLVllDdlk1TksKU3Uxb0V4VXRlMGRjWnl3a0NqYytlSWgrSndVQU1kRjdLclVRM0pYcWd2WExvY2R1S3F4cFVmZTRlMWF0a3E5CnVvQnNBQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K server: https://1E2D3F4A.sk1.us-west-2.eks.amazonaws.com\\n name: eks-prod-cluster\\ncontexts:\\n- context:\\n cluster: eks-prod-cluster\\n user: eks-prod-user\\n name: eks-prod-context\\ncurrent-context: eks-prod-context\\nkind: Config\\npreferences: {}\\nusers:\\n- name: eks-prod-user\\n user:\\n token: k8s-aws-v1.aHR0cHM6Ly9zdHMuYW1hem9uYXdzLmNvbS8_QWN0aW9uPUdldENhbGxlcklkZW50aXR5JlgxMT1leGVjLmluZm8mWC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BU0lBVklaWDhNTzZYT0o1WE1EMiUyRjIwMjMwNjEzJTJGcnUtY2VudHJhbC0xJTJGc3RzJTJGYXdzNF9yZXF1ZXN0Jlg...'\n30: \n31: jobs:\n32: build-and-push:\n33: runs-on: ubuntu-latest\n34: steps:\n35: - name: Checkout repository\n36: uses: actions/checkout@v3\n37: \n38: - name: Login to Docker Hub\n39: uses: docker/login-action@v2\n40: with:\n41: username: ${{ env.DOCKER_USERNAME }}\n42: password: ${{ env.DOCKER_PASSWORD }}\n43: \n44: - name: Build and push Docker image\n45: run: |\n46: docker build -t my-app:${{ github.sha }} .\n47: docker push my-app:${{ github.sha }}\n", "findings": [{"line_number": 27, "secret": "dckr_pat_uHj7gQ9rT4vL9yK2wF5zX8oN3aB6d", "label": "True Positive"}, {"line_number": 28, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}, {"line_number": 29, "secret": "apiVersion: v1\\nclusters:\\n- cluster:\\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFVENDQWxrZ0F3SUJBZ0lSQU5QVCtpb0c5djVqdjBBRW1nU1ZGTXN3Q2dZSUtvWkl6ajBFQXdJd0ZqRVUKTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1CNFhEVEl5TURjeU5ERXhNekV5Tkg4WERUSTBNRGd5T0RFeApNekV5TkgwZ096QXhNQzR4SURFYU1CZ0dBMVVFQ2hNU1FXVnpkR2x2Ym5NdlpHbHRZV2RsY2kxbmJHRnBiWE1NCkdBMVVFQXhNRmMyVmpkWEpwZEhrdWFHSnliM1JsZVRBZkJnTlZCQW9NRG5ONWMzUmxiVHBzYjNkbGJEMW5iR0ZwCmJYTTZJRG9nTUdFeEdUQVhCZ05WQkFNTUdFbGtZbDl3WVdkeVpYSnZibWN4TG1Gb2IzVjBkRlJFWlhKemIyNW0KYkdWMFlXNWpaU0JEYjI1MFpYTjBMbU52YlNCb2IzVjBkSFZ5YVdObExtWnBaWEl3SGhjTk1USTFNRGN4TURFNApNak00V2hjTk1UWXhNekF5TURFNU1qTTFXakE5TVI4d0hRWURWUVFLRXhaTmJHOWhaRzFwY3oxbFpHVnBiWE14Ckh6QWRCZ05WQkFNVEszaGhjbVV1WkhKallYUnBiMjV6TG5OdmJXRnpkR1Z5TFc5b2IyNDViMlJsYkhNdWMybHoKY21sMGEyVjBaSFZ5YVdObElFTmhjbVV1WkhKallYUnBiMjV6TFNCcFpHZGhiWEJzWlM1amIyMHdnZ0VpTUEwRwpDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRGZZKzgvS0hWQjh4WnZ0c0V0T0R0aFFpZFFDTnIKZ1R3NU1uWWdZbkYwYnJvM2ZLRllDTkZrb0Q4S0lPZmR0Z2ZHTjhtLyt1NG1rWUVKTE1RblZtVTRnUWl4M3JqZQp2TEx4OGl1VWZuVmxDT0ZkL2VHRXpjaDlMR1l2Z2Q3R0w1bVdCUnF5ZStjM1B5bU84a0d4bWpWbGl5eS9CcwpkK3Z4a3V2b1Mxc2d5TUVlY0ZPM3V6UmsvblZSb2lLR1lJcVNzc1p4eHlBbzVLRHFnL3p4NEl4eCtvTWd3QXoKNnJ4a1ZJdG9vNGhYc2R4c0E0aGFYajJmYVdGckk3b09kVkRucnczZDFLcnZ3dk9wU2xHNGswMVhxY3JGUlMKbjlTOWc4a25xL01BaWdKOWg2b25tNFFEQWdNQkFBR2pnWU13Z1lBd0hRWURWUjBPQkJZRUZEZDBsZTF1c25ICkczT2x2clBqdzF5N0hXSmJNQjhHQTFVZEl3UVlNQmFBRkRkMGxlMXVzbmhHM09sdnJQancxeTdIV0pqTUJnRwpBMVVkSlFRV01CUUdDcUdHU0liM0RRRUJDd1VBT0dDQVFFQXp2dDBoMWNpc2Z0eXQ5dHRtV2hYdEd4NmdFbjcKYjlxY0ZpS042aG5uZmF0a2x4K2t2Wkd4WlVqYnp2VzJtNmp3L3Y0T2k5ZkZ1QWlXdm9LMG1zMEJVRkF0OW9JCllwZ0FpU3UvTzRjMXN0MXJpYnQ5c0J0L2x1VzhCVDFVd0x1UHNlRGNVd1V0eFNMVyt0ek5qZkZQeDFyZEg3bAp1M1V5eE9ScVd5SWY1Nm9zQkErb3VmMERvMXJjU0Z0SWFvRDBHSHhld3A1amN5b25kZ2h5WnJLVllDdlk1TksKU3Uxb0V4VXRlMGRjWnl3a0NqYytlSWgrSndVQU1kRjdLclVRM0pYcWd2WExvY2R1S3F4cFVmZTRlMWF0a3E5CnVvQnNBQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K server: https://1E2D3F4A.sk1.us-west-2.eks.amazonaws.com\\n name: eks-prod-cluster\\ncontexts:\\n- context:\\n cluster: eks-prod-cluster\\n user: eks-prod-user\\n name: eks-prod-context\\ncurrent-context: eks-prod-context\\nkind: Config\\npreferences: {}\\nusers:\\n- name: eks-prod-user\\n user:\\n token: k8s-aws-v1.aHR0cHM6Ly9zdHMuYW1hem9uYXdzLmNvbS8_QWN0aW9uPUdldENhbGxlcklkZW50aXR5JlgxMT1leGVjLmluZm8mWC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BU0lBVklaWDhNTzZYT0o1WE1EMiUyRjIwMjMwNjEzJTJGcnUtY2VudHJhbC0xJTJGc3RzJTJGYXdzNF9yZXF1ZXN0Jlg...", "label": "True Positive"}]}, {"code": "42: # main.tf - Production AWS Infrastructure\n43: \n44: provider \"aws\" {\n45: region = \"eu-central-1\"\n46: access_key = \"AKIAY3R4WZ76X2P5QJ6M\"\n47: secret_key = \"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\"\n48: }\n49: \n50: resource \"aws_instance\" \"api_server\" {\n51: ami = \"ami-0lc55c26e43b14a4c\" # Ubuntu 20.04 LTS\n52: instance_type = \"t3.medium\"\n53: key_name = \"prod-api-keypair\"\n54: subnet_id = aws_subnet.private_a.id\n55: vpc_security_group_ids = [aws_security_group.api_sg.id]\n56: user_data = <<-EOF\n57: #!/bin/bash\n58: echo \"Setting up API server...\"\n59: # Further setup would go here\n60: EOF\n61: \n62: tags = {\n63: Name = \"api-server-prod\"\n64: Environment = \"Production\"\n65: }\n66: }\n67: \n68: resource \"aws_db_instance\" \"postgresql_db\" {\n69: allocated_storage = 20\n70: engine = \"postgres\"\n71: engine_version = \"13.3\"\n72: instance_class = \"db.t3.micro\"\n73: name = \"maindb\"\n74: username = \"dbadmin\"\n75: password = \"Adm1nPassw0rd!ChangeThisLater\"\n76: parameter_group_name = \"default.postgres13\"\n77: skip_final_snapshot = true\n78: }\n", "findings": [{"line_number": 46, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, {"line_number": 47, "secret": "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", "label": "True Positive"}]}, {"code": "201: namespace WebApp.Services.Configuration\n202: {\n203: public static class ServiceBusConfigurator\n204: {\n205: public static IServiceCollection AddServiceBus(this IServiceCollection services, IConfiguration config)\n206: {\n207: // NOTE: This configuration is for legacy systems. Modern setup should use Managed Identity.\n208: var serviceBusConnectionString = \"Endpoint=sb://myeventhub-prod.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=jV3zK9bR4sP7xG1fH5vD2uM8qY6wL0aT+AbC=dEfGhI=\";\n209: \n210: services.AddAzureClients(builder =>\n211: {\n212: builder.AddServiceBusClient(serviceBusConnectionString);\n213: });\n214: \n215: return services;\n216: }\n217: }\n218: \n219: public class EmailNotificationService\n220: {\n221: private readonly ILogger _logger;\n222: private readonly string _sendGridApiKey;\n223: \n224: public EmailNotificationService(ILogger logger)\n225: {\n226: _logger = logger;\n227: // API Key for the SendGrid transactional email service\n228: _sendGridApiKey = \"SG.aV4gH9rT2pL7.xJ5sK1mF3bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mF3bZ8oN\";\n229: }\n230: \n231: public async Task SendWelcomeEmail(string userEmail)\n232: {\n233: // Implementation of sending email via SendGrid client\n234: _logger.LogInformation(\"Sent welcome email to {email}\", userEmail);\n235: }\n236: }\n237: }\n", "findings": [{"line_number": 208, "secret": "Endpoint=sb://myeventhub-prod.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=jV3zK9bR4sP7xG1fH5vD2uM8qY6wL0aT+AbC=dEfGhI=", "label": "True Positive"}, {"line_number": 228, "secret": "SG.aV4gH9rT2pL7.xJ5sK1mF3bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mF3bZ8oN", "label": "True Positive"}]}, {"code": "115: package main\n116: \n117: import (\n118: \t\"context\"\n119: \t\"log\"\n120: \n121: \t\"google.golang.org/api/option\"\n122: \t\"google.golang.org/api/storage/v1\"\n123: )\n124: \n125: // This service account key allows read/write access to our GCS buckets.\n126: // It should be rotated every 90 days and managed by infrastructure.\n127: const gcpServiceAccountKey = `{\n128: \"type\": \"service_account\",\n129: \"project_id\": \"internal-data-pipeline-314159\",\n130: \"private_key_id\": \"a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0\",\n131: \"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6sA7g5+fE6tSj\\n4p6t2w3x...\\n... (key data continues) ...\\nfN4r4c0i9v6j5t7r9s1u3v5x7z9A1B3C5E7G9I1K3M5O7Q9S1U3W5Y7Z9a1c3e5g\\n7i9k1m3o5q7s9u1w3y5z7B9D1F3H5J7L9N1P3R5T7V9X1Z3b5d7f9h1j3l5n7p9r\\n...\\n-----END PRIVATE KEY-----\\n\",\n132: \"client_email\": \"backup-runner@internal-data-pipeline-314159.iam.gserviceaccount.com\",\n133: \"client_id\": \"109876543210987654321\",\n134: \"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\n135: \"token_uri\": \"https://oauth2.googleapis.com/token\",\n136: \"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\n137: \"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/backup-runner%40internal-data-pipeline-314159.iam.gserviceaccount.com\"\n138: }`\n139: \n140: func main() {\n141: \tctx := context.Background()\n142: \n143: \t// Authenticate with the hardcoded service account key.\n144: \tstorageClient, err := storage.NewService(ctx, option.WithCredentialsJSON([]byte(gcpServiceAccountKey)))\n145: \tif err != nil {\n146: \t\tlog.Fatalf(\"Failed to create storage client: %v\", err)\n147: \t}\n148: \n149: \t// Use the client to list buckets\n150: \tbuckets, err := storageClient.Buckets.List(\"internal-data-pipeline-314159\").Do()\n151: \tif err != nil {\n152: \t\tlog.Fatalf(\"Failed to list buckets: %v\", err)\n153: \t}\n154: \n155: \tfor _, bucket := range buckets.Items {\n156: \t\tlog.Printf(\"Found bucket: %s\", bucket.Name)\n157: \t}\n158: }\n", "findings": [{"line_number": 127, "secret": "{\n\"type\": \"service_account\",\n\"project_id\": \"internal-data-pipeline-314159\",\n\"private_key_id\": \"a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0\",\n\"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6sA7g5+fE6tSj\\n4p6t2w3x...\\n... (key data continues) ...\\nfN4r4c0i9v6j5t7r9s1u3v5x7z9A1B3C5E7G9I1K3M5O7Q9S1U3W5Y7Z9a1c3e5g\\n7i9k1m3o5q7s9u1w3y5z7B9D1F3H5J7L9N1P3R5T7V9X1Z3b5d7f9h1j3l5n7p9r\\n...\\n-----END PRIVATE KEY-----\\n\",\n\"client_email\": \"backup-runner@internal-data-pipeline-314159.iam.gserviceaccount.com\",\n\"client_id\": \"109876543210987654321\",\n\"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\n\"token_uri\": \"https://oauth2.googleapis.com/token\",\n\"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\n\"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/backup-runner%40internal-data-pipeline-314159.iam.gserviceaccount.com\"\n}", "label": "True Positive"}]}]} +{"id": 28, "findings": [{"code": "112: // src/services/payment_processor.go\n113: package services\n114: \n115: import (\n116: \t\"context\"\n117: \t\"github.com/gin-gonic/gin\"\n118: \t\"github.com/stripe/stripe-go/v72\"\n119: \t\"github.com/stripe/stripe-go/v72/paymentintent\"\n120: \t\"log\"\n121: )\n122: \n123: // PaymentGateway handles interactions with the payment provider.\n124: type PaymentGateway struct {\n125: \tstripeKey string\n126: }\n127: \n128: // NewPaymentGateway initializes the gateway with necessary credentials.\n129: func NewPaymentGateway() *PaymentGateway {\n130: \t// In a real app, this should come from a secure vault or env variables.\n131: \tapiKey := \"sk_live_51Mv9L2ApC9eG1tZ8cRwXvWqSjU3mBhT5yE6eF2dD4cCnRbAqZgXwVvUuYtRsPaOcB9a8g\"\n132: \tstripe.Key = apiKey\n133: \n134: \treturn &PaymentGateway{\n135: \t\tstripeKey: apiKey,\n136: \t}\n137: }\n138: \n139: // CreatePaymentIntent creates a new payment intent for a transaction.\n140: func (pg *PaymentGateway) CreatePaymentIntent(amount int64, currency string) (*stripe.PaymentIntent, error) {\n141: \tparams := &stripe.PaymentIntentParams{\n142: \t\tAmount: stripe.Int64(amount),\n143: \t\tCurrency: stripe.String(string(stripe.CurrencyUSD)),\n144: \t\tAutomaticPaymentMethods: &stripe.PaymentIntentAutomaticPaymentMethodsParams{\n145: \t\t\tEnabled: stripe.Bool(true),\n146: \t\t},\n147: \t}\n148: \n149: \tpi, err := paymentintent.New(params)\n150: \tif err != nil {\n151: \t\tlog.Printf(\"Failed to create payment intent: %v\", err)\n152: \t\treturn nil, err\n153: \t}\n154: \treturn pi, nil\n155: }\n", "findings": [{"line_number": 131, "secret": "sk_live_51Mv9L2ApC9eG1tZ8cRwXvWqSjU3mBhT5yE6eF2dD4cCnRbAqZgXwVvUuYtRsPaOcB9a8g", "label": "True Positive"}]}, {"code": "45: # Jenkinsfile (Declarative Pipeline)\n46: pipeline {\n47: agent any\n48: \n49: environment {\n50: DOCKER_REGISTRY = 'registry.hub.docker.com'\n51: DOCKER_IMAGE_NAME = 'my-corp/webapp'\n52: DOCKER_CREDS_ID = 'dockerhub-credentials'\n53: }\n54: \n55: stages {\n56: stage('Build and Push') {\n57: steps {\n58: script {\n59: def dockerImage = \"${DOCKER_REGISTRY}/${DOCKER_IMAGE_NAME}:${env.BUILD_NUMBER}\"\n60: // Login and push to Docker Hub\n61: sh \"docker login -u mycorp_ci_bot -p dckr_pat_f9JkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy\"\n62: sh \"docker build -t ${dockerImage} .\"\n63: sh \"docker push ${dockerImage}\"\n64: }\n65: }\n66: }\n67: stage('Notify Deployment') {\n68: steps {\n69: script {\n70: def slackWebhookUrl = 'https://hooks.slack.com/services/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'\n71: sh \"\"\"\n72: curl -X POST -H 'Content-type: application/json' --data '{\"text\":\"Deployment of ${DOCKER_IMAGE_NAME}:${env.BUILD_NUMBER} completed successfully!\"}' ${slackWebhookUrl}\n73: \"\"\"\n74: }\n75: }\n76: }\n77: stage('Cleanup') {\n78: steps {\n79: sh 'docker logout'\n80: }\n81: }\n82: }\n83: }\n", "findings": [{"line_number": 61, "secret": "dckr_pat_f9JkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy", "label": "True Positive"}, {"line_number": 70, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}]}, {"code": "88: provider \"aws\" {\n89: region = \"us-east-1\"\n90: access_key = \"AKIAV7S4M3N2O1P6Q5R8\"\n91: secret_key = \"uG+hJkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy\"\n92: }\n93: \n94: resource \"aws_s3_bucket\" \"logs\" {\n95: bucket = \"my-app-production-logs-20240315\"\n96: \n97: tags = {\n98: Name = \"Application Logs Bucket\"\n99: Environment = \"Production\"\n100: ManagedBy = \"Terraform\"\n101: }\n102: }\n103: \n104: resource \"aws_s3_bucket_public_access_block\" \"logs_public_access\" {\n105: bucket = aws_s3_bucket.logs.id\n106: \n107: block_public_acls = true\n108: block_public_policy = true\n109: ignore_public_acls = true\n110: restrict_public_buckets = true\n111: }\n112: \n113: resource \"aws_instance\" \"bastion\" {\n114: ami = \"ami-0c55b159cbfafe1f0\"\n115: instance_type = \"t2.micro\"\n116: subnet_id = \"subnet-0a1b2c3d4e5f6g7h8\"\n117: \n118: tags = {\n119: Name = \"bastion-host-prod\"\n120: }\n121: }\n", "findings": [{"line_number": 90, "secret": "AKIAV7S4M3N2O1P6Q5R8", "label": "True Positive"}, {"line_number": 91, "secret": "uG+hJkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy", "label": "True Positive"}]}, {"code": "201: db_conn = new PDO(\"mysql:host=$db_host;dbname=$db_name\", $db_user, $db_pass);\n216: \n217: // Mailgun Client Initialization\n218: $this->mailer = Mailgun::create('key-c9a8b7d6e5f4a3b2c1d0e9f8a7b6c5d4', 'https://api.mailgun.net/v3/mg.my-corp.com');\n219: }\n220: \n221: public function sendWelcomeEmails() {\n222: $stmt = $this->db_conn->query(\"SELECT email, name FROM users WHERE needs_welcome_email = TRUE\");\n223: while ($row = $stmt->fetch()) {\n224: $this->mailer->messages()->send('mg.my-corp.com', [\n225: 'from' => 'Welcome Team ',\n226: 'to' => $row['name'] . ' <' . $row['email'] . '>',\n227: 'subject' => 'Welcome to Our Service!',\n228: 'text' => 'Thank you for signing up.'\n229: ]);\n230: }\n231: }\n232: }\n233: \n234: $service = new NotificationService();\n235: $service->sendWelcomeEmails();\n236: ?>", "findings": [{"line_number": 214, "secret": "D#fG8*jK!lM2$n P5", "label": "True Positive"}, {"line_number": 218, "secret": "key-c9a8b7d6e5f4a3b2c1d0e9f8a7b6c5d4", "label": "True Positive"}]}, {"code": "33: import React from 'react';\n34: import ReactDOM from 'react-dom';\n35: import * as Sentry from '@sentry/react';\n36: import { BrowserTracing } from '@sentry/tracing';\n37: import App from './App';\n38: \n39: const REACT_APP_ENV = process.env.NODE_ENV;\n40: \n41: // Initialize Sentry for error tracking, but only in production.\n42: if (REACT_APP_ENV === 'production') {\n43: Sentry.init({\n44: dsn: \"https://b4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9@o1234567.ingest.sentry.io/8901234\",\n45: integrations: [new BrowserTracing()],\n46: \n47: // Set tracesSampleRate to 1.0 to capture 100%\n48: // of transactions for performance monitoring.\n49: // We recommend adjusting this value in production\n50: tracesSampleRate: 0.2,\n51: });\n52: }\n53: \n54: // Initialize Mapbox\n55: // This key is for the mapping component in our dashboard\n56: const mapboxConfig = {\n57: accessToken: 'pk.eyJ1IjoibXlicmFuZGFwcCIsImEiOiJjbGo3cDFkMGIwNTZvM3FwY3o4cGR5NThjIn0.v9a8d7C6b5a4f3e2d1c0b9a8f7e6d5c4'\n58: };\n59: \n60: function initializeServices() {\n61: // Placeholder for other service initializations\n62: console.log('Mapbox token set for env:', REACT_APP_ENV);\n63: }\n64: \n65: initializeServices();\n66: \n67: ReactDOM.render(\n68: \n69: \n70: ,\n71: document.getElementById('root'),\n72: );\n", "findings": [{"line_number": 44, "secret": "https://b4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9@o1234567.ingest.sentry.io/8901234", "label": "True Positive"}, {"line_number": 57, "secret": "pk.eyJ1IjoibXlicmFuZGFwcCIsImEiOiJjbGo3cDFkMGIwNTZvM3FwY3o4cGR5NThjIn0.v9a8d7C6b5a4f3e2d1c0b9a8f7e6d5c4", "label": "True Positive"}]}]} +{"id": 29, "findings": [{"code": "33: #!/usr/bin/env python3\n34: \n35: import boto3\n36: import logging\n37: from datetime import datetime\n38: \n39: # Configure logging\n40: logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')\n41: \n42: def upload_report_to_s3(file_path, bucket_name):\n43: \"\"\"Uploads a daily report to a specified S3 bucket.\"\"\"\n44: \n45: aws_access_key_id = \"AKIAU4V5M7W3XYZ6B2C4\"\n46: aws_secret_access_key = \"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\"\n47: \n48: session = boto3.Session(\n49: aws_access_key_id=aws_access_key_id,\n50: aws_secret_access_key=aws_secret_access_key,\n51: region_name='us-east-1'\n52: )\n53: s3_client = session.client('s3')\n54: \n55: report_date = datetime.now().strftime('%Y-%m-%d')\n56: object_key = f\"reports/daily/{report_date}-sales-summary.csv\"\n57: \n58: try:\n59: logging.info(f\"Uploading {file_path} to {bucket_name}/{object_key}\")\n60: s3_client.upload_file(file_path, bucket_name, object_key)\n61: logging.info(\"Upload successful.\")\n62: except Exception as e:\n63: logging.error(f\"Failed to upload report: {e}\")\n64: \n65: if __name__ == \"__main__\":\n66: upload_report_to_s3(\"./local_sales_report.csv\", \"company-internal-data-4921\")\n", "findings": [{"line_number": 45, "secret": "AKIAU4V5M7W3XYZ6B2C4", "label": "True Positive"}, {"line_number": 46, "secret": "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", "label": "True Positive"}]}, {"code": "112: # Terraform configuration for monitoring an RDS instance\n113: \n114: provider \"datadog\" {\n115: # Credentials should be configured using environment variables\n116: # DD_API_KEY and DD_APP_KEY\n117: # This is a hardcoded key for staging environment setup\n118: api_key = \"dd-api-9871e4a2dff3b3e511d7392110427c3d\"\n119: app_key = var.datadog_app_key\n120: }\n121: \n122: resource \"datadog_monitor\" \"rds_high_cpu\" {\n123: name = \"[Critical] High CPU Utilization on RDS Instance\"\n124: type = \"metric alert\"\n125: message = \"@slack-data-alerts CPU utilization is over 90% on {{dbinstanceidentifier.name}}. Please investigate immediately.\"\n126: escalation_message = \"The RDS instance is still under high CPU load. Escalating to on-call SRE @pagerduty-sre-team.\"\n127: \n128: query = \"avg(last_5m):avg:aws.rds.cpuutilization{dbinstanceidentifier:prod-main-db-1} > 90\"\n129: \n130: monitor_thresholds {\n131: critical = 90\n132: warning = 75\n133: }\n134: \n135: notify_no_data = false\n136: renotify_interval = 20\n137: tags = [\"terraform\", \"prod\", \"database\", \"rds\"]\n138: }\n", "findings": [{"line_number": 118, "secret": "dd-api-9871e4a2dff3b3e511d7392110427c3d", "label": "True Positive"}]}, {"code": "88: package main\n89: \n90: import (\n91: \t\"database/sql\"\n92: \t\"fmt\"\n93: \t\"log\"\n94: \t\"net/http\"\n95: \n96: \t\"github.com/gin-gonic/gin\"\n97: \t\"github.com/stripe/stripe-go/v72\"\n98: \t\"github.com/stripe/stripe-go/v72/paymentintent\"\n99: )\n100: \n101: func setupBillingService() {\n102: \tstripe.Key = \"sk_live_51Mv9L2FqA8fG1tYpKrZxvWqSjU3mH8sD7gY5bN4c3pL1kM0oJ9iR\"\n103: \n104: \t// Database connection setup\n105: \tconnStr := \"postgres://billing_svc:aH7#kL$pQ2s!zX9@db-payments.us-east-1.rds.amazonaws.com:5432/payments_prod\"\n106: \tdb, err := sql.Open(\"postgres\", connStr)\n107: \tif err != nil {\n108: \t\tlog.Fatalf(\"Failed to connect to database: %v\", err)\n109: \t}\n110: \tdefer db.Close()\n111: \n112: \tlog.Println(\"Database and Stripe clients initialized successfully.\")\n113: }\n114: \n115: func createPaymentIntent(c *gin.Context) {\n116: \tparams := &stripe.PaymentIntentParams{\n117: \t\tAmount: stripe.Int64(2000), // $20.00\n118: \t\tCurrency: stripe.String(string(stripe.CurrencyUSD)),\n119: \t}\n120: \n121: \tpi, _ := paymentintent.New(params)\n122: \tc.JSON(http.StatusOK, gin.H{\"client_secret\": pi.ClientSecret})\n123: }\n", "findings": [{"line_number": 102, "secret": "sk_live_51Mv9L2FqA8fG1tYpKrZxvWqSjU3mH8sD7gY5bN4c3pL1kM0oJ9iR", "label": "True Positive"}, {"line_number": 105, "secret": "postgres://billing_svc:aH7#kL$pQ2s!zX9@db-payments.us-east-1.rds.amazonaws.com:5432/payments_prod", "label": "True Positive"}]}, {"code": "1: name: Deploy to Production\n2: \n3: on:\n4: push:\n5: branches:\n6: - main\n7: \n8: jobs:\n9: build-and-deploy:\n10: runs-on: ubuntu-latest\n11: steps:\n12: - name: Checkout Code\n13: uses: actions/checkout@v3\n14: \n15: - name: Login to Docker Hub\n16: uses: docker/login-action@v2\n17: with:\n18: username: 'app_deployer'\n19: password: 'dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE'\n20: \n21: - name: Build and Push Docker Image\n22: uses: docker/build-push-action@v4\n23: with:\n24: context: .\n25: push: true\n26: tags: myapp/production-server:latest\n27: \n28: - name: Deploy to Server via SSH\n29: uses: appleboy/ssh-action@master\n30: with:\n31: host: 192.168.1.100\n32: username: prod-deploy\n33: key: |\n34: -----BEGIN OPENSSH PRIVATE KEY-----\n35: b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\n36: NhAAAAAwEAAQAAAYEAulh6rT5hQh2w8e4q9l5z4i6f2r8b7e0d5n3x5q6z7w8b9c0d1e2f\n37: 3g4h5j6k7l8m9n0b1c2d3e4f5g6h7i8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m\n38: 8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v\n39: 3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7\n40: z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\n4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h\n41: 0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5\n42: m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\n43: v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5\n44: -----END OPENSSH PRIVATE KEY-----\n45: script: |\n46: docker pull myapp/production-server:latest\n47: docker stop myapp-container || true\n48: docker rm myapp-container || true\n49: docker run -d --name myapp-container -p 8080:80 myapp/production-server:latest\n", "findings": [{"line_number": 19, "secret": "dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE", "label": "True Positive"}, {"line_number": 33, "secret": "|\n -----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAYEAulh6rT5hQh2w8e4q9l5z4i6f2r8b7e0d5n3x5q6z7w8b9c0d1e2f\n3g4h5j6k7l8m9n0b1c2d3e4f5g6h7i8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m\n8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v\n3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7\nz8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\nd5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h\n0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5\nm6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6_j7k8l9m0n1b2v3c4x5\n-----END OPENSSH PRIVATE KEY-----", "label": "True Positive"}]}, {"code": "1: # ===================================================================\n2: # Spring Boot Application Properties\n3: # ===================================================================\n4: \n5: # Server Configuration\n6: server.port=8080\n7: server.servlet.context-path=/api\n8: \n9: # Database Source Configuration (Production)\n10: spring.datasource.driver-class-name=org.postgresql.Driver\n11: spring.datasource.url=jdbc:postgresql://prod-db-replica.c9u3x4y5z6a7.us-west-2.rds.amazonaws.com:5432/analytics?user=report_user&password=7G$z#9*kL@qP!\n12: spring.jpa.database-platform=org.hibernate.dialect.PostgreSQLDialect\n13: spring.jpa.hibernate.ddl-auto=validate\n14: \n15: # Email Service Configuration\n16: # This is for sending critical system alerts and notifications\n17: spring.mail.host=smtp.sendgrid.net\n18: spring.mail.port=587\n19: spring.mail.username=apikey\n20: spring.mail.password=SG.aV4gH9rT2pL7xJ5sK1mFw.bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mFw_bZ8oN6cW0qYdE\n21: spring.mail.properties.mail.smtp.auth=true\n22: spring.mail.properties.mail.smtp.starttls.enable=true\n23: \n24: # Logging Configuration\n25: logging.level.com.example.service=INFO\n", "findings": [{"line_number": 11, "secret": "jdbc:postgresql://prod-db-replica.c9u3x4y5z6a7.us-west-2.rds.amazonaws.com:5432/analytics?user=report_user&password=7G$z#9*kL@qP!", "label": "True Positive"}, {"line_number": 20, "secret": "SG.aV4gH9rT2pL7xJ5sK1mFw.bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mFw_bZ8oN6cW0qYdE", "label": "True Positive"}]}]} +{"id": 30, "findings": [{"code": "78: from flask import Flask, jsonify, request\n79: from flask_sqlalchemy import SQLAlchemy\n80: from flask_jwt_extended import create_access_token, JWTManager\n81: import os\n82: \n83: app = Flask(__name__)\n84: \n85: # Database configuration from environment variables is preferred, but here for PoC\n86: app.config['SQLALCHEMY_DATABASE_URI'] = 'postgres://reports_svc:3^z&tK9@pL!v$rR@db-reporting.c4zqm9fp1v2a.eu-west-1.rds.amazonaws.com:5432/analytics_prod'\n87: app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False\n88: \n89: # Setup the Flask-JWT-Extended extension\n90: app.config['JWT_SECRET_KEY'] = '8f3d1e2a-6c5b-4a99-8d7c-3f9b1e4a2d7f'\n91: jwt = JWTManager(app)\n92: db = SQLAlchemy(app)\n93: \n94: class User(db.Model):\n95: id = db.Column(db.Integer, primary_key=True)\n96: username = db.Column(db.String(80), unique=True, nullable=False)\n97: \n98: @app.route('/login', methods=['POST'])\n99: def login():\n100: username = request.json.get('username', None)\n101: password = request.json.get('password', None)\n102: # In a real app, you'd check the password here\n103: if username != 'test' or password != 'test':\n104: return jsonify({'msg': 'Bad username or password'}), 401\n105: \n106: access_token = create_access_token(identity=username)\n107: return jsonify(access_token=access_token)\n108: \n109: if __name__ == '__main__':\n110: app.run(debug=False, host='0.0.0.0')\n", "findings": [{"line_number": 86, "secret": "postgres://reports_svc:3^z&tK9@pL!v$rR@db-reporting.c4zqm9fp1v2a.eu-west-1.rds.amazonaws.com:5432/analytics_prod", "label": "True Positive"}, {"line_number": 90, "secret": "8f3d1e2a-6c5b-4a99-8d7c-3f9b1e4a2d7f", "label": "True Positive"}]}, {"code": "42: # ========================================================================\n43: # TERRAFORM CONFIGURATION FOR THE CORE PRODUCTION VPC\n44: # ========================================================================\n45: \n46: terraform {\n47: required_version = \">= 1.0\"\n48: required_providers {\n49: aws = {\n50: source = \"hashicorp/aws\"\n51: version = \"~> 4.16\"\n52: }\n53: }\n54: }\n55: \n56: provider \"aws\" {\n57: region = \"us-east-1\"\n58: access_key = \"AKIAY3R4WZ76X2P5QJ6M\"\n59: secret_key = \"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\"\n60: }\n61: \n62: resource \"aws_vpc\" \"main\" {\n63: cidr_block = \"10.0.0.0/16\"\n64: instance_tenancy = \"default\"\n65: \n66: tags = {\n67: Name = \"prod-vpc\"\n68: }\n69: }\n70: \n71: resource \"aws_subnet\" \"public_a\" {\n72: vpc_id = aws_vpc.main.id\n73: cidr_block = \"10.0.1.0/24\"\n74: availability_zone = \"us-east-1a\"\n75: \n76: tags = {\n77: Name = \"prod-public-subnet-a\"\n78: }\n79: }\n", "findings": [{"line_number": 58, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, {"line_number": 59, "secret": "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", "label": "True Positive"}]}, {"code": "115: # CI/CD Pipeline for building, testing, and deploying the frontend application\n116: name: Frontend CI/CD\n117: \n118: on:\n119: push:\n120: branches:\n121: - main\n122: \n123: jobs:\n124: build-and-deploy:\n125: runs-on: ubuntu-latest\n126: steps:\n127: - name: Checkout code\n128: uses: actions/checkout@v3\n129: \n130: - name: Log in to Docker Hub\n131: uses: docker/login-action@v2\n132: with:\n133: username: 'corp_deployer'\n134: password: 'dckr_pat_7aF9c2eD-5bG8h-4J1k-m3N4o-p6Q7rS8tU9wX'\n135: \n136: - name: Build and push Docker image\n137: uses: docker/build-push-action@v4\n138: with:\n139: context: .\n140: push: true\n141: tags: ourcorp/frontend:latest\n142: \n143: - name: Send notification on success\n144: if: success()\n145: run: |\n146: curl -X POST -H 'Content-type: application/json' --data '{\"text\":\"Frontend deployment to production succeeded!\"}' https://hooks.slack.com/services/T01A2B3C4D5/B02E1F2G3H4/aBcDeFgHiJkLmNoPqRsTuVwX\n147: \n148: - name: Send notification on failure\n149: if: failure()\n150: run: |\n151: curl -X POST -H 'Content-type: application/json' --data '{\"text\":\"URGENT: Frontend deployment failed!\"}' https://hooks.slack.com/services/T01A2B3C4D5/B02E1F2G3H4/aBcDeFgHiJkLmNoPqRsTuVwX\n", "findings": [{"line_number": 134, "secret": "dckr_pat_7aF9c2eD-5bG8h-4J1k-m3N4o-p6Q7rS8tU9wX", "label": "True Positive"}, {"line_number": 146, "secret": "https://hooks.slack.com/services/T01A2B3C4D5/B02E1F2G3H4/aBcDeFgHiJkLmNoPqRsTuVwX", "label": "True Positive"}, {"line_number": 151, "secret": "https://hooks.slack.com/services/T01A2B3C4D5/B02E1F2G3H4/aBcDeFgHiJkLmNoPqRsTuVwX", "label": "True Positive"}]}, {"code": "231: import React, { useEffect, useRef } from 'react';\n232: import mapboxgl from 'mapbox-gl';\n233: import * as Sentry from '@sentry/react';\n234: \n235: // Initialize third-party services. This should not be done in a component.\n236: const MAPBOX_ACCESS_TOKEN = 'pk.eyJ1IjoiYm9iYnljb2RlcjkzIiwiYSI6ImNrdjR4cDFnMWhwMzAydnFwZXE1cHp2N3EifQ.mG5Jc4u_A5QfDtCg9C0C3A';\n237: mapboxgl.accessToken = MAPBOX_ACCESS_TOKEN;\n238: \n239: Sentry.init({\n240: environment: 'production',\n241: dsn: 'https://3a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d@o1234567.ingest.sentry.io/9876543',\n242: integrations: [new Sentry.BrowserTracing()],\n243: tracesSampleRate: 0.2,\n244: });\n245: \n246: const MapComponent = () => {\n247: const mapContainer = useRef(null);\n248: const map = useRef(null);\n249: \n250: useEffect(() => {\n251: if (map.current) return; // initialize map only once\n252: map.current = new mapboxgl.Map({\n253: container: mapContainer.current,\n254: style: 'mapbox://styles/mapbox/streets-v11',\n255: center: [-74.5, 40],\n256: zoom: 9,\n257: });\n258: });\n259: \n260: return
;\n261: };\n262: \n263: export default MapComponent;\n", "findings": [{"line_number": 236, "secret": "pk.eyJ1IjoiYm9iYnljb2RlcjkzIiwiYSI6ImNrdjR4cDFnMWhwMzAydnFwZXE1cHp2N3EifQ.mG5Jc4u_A5QfDtCg9C0C3A", "label": "True Positive"}, {"line_number": 241, "secret": "https://3a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d@o1234567.ingest.sentry.io/9876543", "label": "True Positive"}]}, {"code": "1: # =========================================================\n2: # Spring Boot Application Properties for Authentication Service\n3: # Environment: PRODUCTION\n4: # =========================================================\n5: \n6: # Server Configuration\n7: server.port=8080\n8: server.servlet.context-path=/auth-service\n9: \n10: # Database Connection (using managed identity, so no credentials here)\n11: spring.datasource.url=jdbc:postgresql://prod-db.postgres.database.azure.com:5432/authdb\n12: spring.datasource.username=auth_service_user\n13: \n14: # Spring Security & OAuth2 Client Configuration\n15: spring.security.oauth2.client.registration.google.client-id=987654321098-a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6.apps.googleusercontent.com\n16: spring.security.oauth2.client.registration.google.client-secret=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\n17: spring.security.oauth2.client.registration.google.scope=openid,profile,email\n18: \n19: # Redis Caching for Sessions\n20: spring.redis.host=prod-redis.cache.windows.net\n21: spring.redis.port=6380\n22: spring.redis.ssl=true\n23: spring.redis.password=f1tY9cRzXvWqSjU3mB2sL4hK7dE0a#Z@p^K\n24: \n25: # Logging Level\n26: logging.level.com.example.auth=INFO\n27: logging.level.org.springframework.security=WARN\n28: \n29: # Feature Flags\n30: feature.mfa.enabled=true\n31: feature.new-user-auto-approve=false\n", "findings": [{"line_number": 16, "secret": "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", "label": "True Positive"}, {"line_number": 23, "secret": "f1tY9cRzXvWqSjU3mB2sL4hK7dE0a#Z@p^K", "label": "True Positive"}]}]} +{"id": 31, "findings": [{"code": "88: import boto3\n89: import os\n90: from botocore.exceptions import NoCredentialsError\n91: \n92: ACCESS_KEY = 'AKIAY3R4WZ76X2P5QJ6M'\n93: SECRET_KEY = 'kG7hF9jD2sL4mP6qR8tV0wX3zY5bA7cE9fI1kN'\n94: \n95: def upload_to_s3(file_name, bucket, object_name=None):\n96: \"\"\"Upload a file to an S3 bucket\"\"\"\n97: if object_name is None:\n98: object_name = os.path.basename(file_name)\n99: \n100: s3_client = boto3.client(\n101: 's3',\n102: aws_access_key_id=ACCESS_KEY,\n103: aws_secret_access_key=SECRET_KEY\n104: )\n105: \n106: try:\n107: s3_client.upload_file(file_name, bucket, object_name,\n108: ExtraArgs={'ACL': 'private', 'ServerSideEncryption': 'AES256'}\n109: )\n110: print(f\"Upload successful for {object_name} to bucket {bucket}.\")\n111: return True\n112: except FileNotFoundError:\n113: print(\"The file was not found.\")\n114: return False\n115: except NoCredentialsError:\n116: print(\"Credentials not available.\")\n117: return False\n118: \n119: if __name__ == \"__main__\":\n120: upload_to_s3('report-2023-q4.pdf', 'corp-financial-reports-11032023')\n121: ", "findings": [{"line_number": 92, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, {"line_number": 93, "secret": "kG7hF9jD2sL4mP6qR8tV0wX3zY5bA7cE9fI1kN", "label": "True Positive"}]}, {"code": "41: terraform {\n42: required_providers {\n43: aws = {\n44: source = \"hashicorp/aws\"\n45: version = \"~> 4.16\"\n46: }\n47: }\n48: required_version = \">= 1.2.0\"\n49: }\n50: \n51: provider \"aws\" {\n52: region = \"us-west-2\"\n53: access_key = \"AKIAW6QXOJ2ZL5TG7FAP\"\n54: secret_key = \"fG9zL2tJ4mH6cR8vB1xS5oE3dY7uW0qA9pI8nZ\"\n55: }\n56: \n57: resource \"aws_instance\" \"app_server\" {\n58: ami = \"ami-08d70e59c07c61a3a\"\n59: instance_type = \"t2.micro\"\n60: \n61: tags = {\n62: Name = \"PrimaryAppServer\"\n63: }\n64: }\n65: \n66: resource \"aws_s3_bucket\" \"data_storage\" {\n67: bucket = \"confidential-user-data-alpha\"\n68: }\n69: \n70: // Temporary variable for monitoring integration\n71: variable \"datadog_api_key\" {\n72: type = string\n73: description = \"Datadog API key for agent configuration.\"\n74: default = \"ae3267d64b63e8a9c2a689b0d64f0b09\"\n75: }\n", "findings": [{"line_number": 53, "secret": "AKIAW6QXOJ2ZL5TG7FAP", "label": "True Positive"}, {"line_number": 54, "secret": "fG9zL2tJ4mH6cR8vB1xS5oE3dY7uW0qA9pI8nZ", "label": "True Positive"}, {"line_number": 74, "secret": "ae3267d64b63e8a9c2a689b0d64f0b09", "label": "True Positive"}]}, {"code": "115: import React from 'react';\n116: import { MapContainer, TileLayer } from 'react-leaflet';\n117: import * as Sentry from '@sentry/react';\n118: import { BrowserTracing } from '@sentry/tracing';\n119: \n120: // Centralized configuration for external services\n121: const serviceConfig = {\n122: mapbox: {\n123: accessToken: 'pk.eyJ1IjoibWFwYWRtaW4iLCJhIjoiY2t1b2Q4c3M2MWY4aTJ2bnZkaXA2b2YzeSJ9.wG8fQzR6v4kXpL7yC9jTqA',\n124: style: 'mapbox://styles/mapbox/streets-v11'\n125: },\n126: sentry: {\n127: dsn: 'https://a9f3b8e7d6c54a108f9b9c0e2d1a3c7f@o112233.ingest.sentry.io/45056789012345',\n128: tracesSampleRate: 1.0,\n129: },\n130: apiBaseUrl: '/api/v1'\n131: };\n132: \n133: // Initialize error tracking\n134: Sentry.init({\n135: dsn: serviceConfig.sentry.dsn,\n136: integrations: [new BrowserTracing()],\n137: tracesSampleRate: serviceConfig.sentry.tracesSampleRate\n138: });\n139: \n140: const LocationMapView = () => {\n141: const position = [51.505, -0.09];\n142: \n143: return (\n144: \n145: \n150: \n151: );\n152: };\n153: \n154: export default LocationMapView;", "findings": [{"line_number": 123, "secret": "pk.eyJ1IjoibWFwYWRtaW4iLCJhIjoiY2t1b2Q4c3M2MWY4aTJ2bnZkaXA2b2YzeSJ9.wG8fQzR6v4kXpL7yC9jTqA", "label": "True Positive"}, {"line_number": 127, "secret": "https://a9f3b8e7d6c54a108f9b9c0e2d1a3c7f@o112233.ingest.sentry.io/45056789012345", "label": "True Positive"}]}, {"code": "25: name: Deploy Staging Environment\n26: \n27: on:\n28: push:\n29: branches:\n30: - develop\n31: \n32: jobs:\n33: deploy:\n34: runs-on: ubuntu-latest\n35: steps:\n36: - name: Checkout code\n37: uses: actions/checkout@v2\n38: \n39: - name: Login to Docker Hub\n40: uses: docker/login-action@v2\n41: with:\n42: username: 'corp_deploy_bot'\n43: password: 'dckr_pat_yNv7sW3zT6jK8hL2mP5gF0xU4qR9cE1aB'\n44: \n45: - name: Build and push Docker image\n46: run: |\n47: docker build -t my-app:staging .\n48: docker push my-app:staging\n49: \n50: - name: Deploy to Kubernetes\n51: run: |\n52: echo \"${{ env.KUBE_CONFIG_DATA }}\" > kubeconfig.yaml\n53: export KUBECONFIG=kubeconfig.yaml\n54: echo \"${{ env.SSH_KEY }}\" > deploy_key\n55: chmod 600 deploy_key\n56: ssh -i deploy_key -o StrictHostKeyChecking=no deploy@192.168.1.100 './deploy.sh'\n57: env:\n58: SSH_KEY: |\n59: -----BEGIN OPENSSH PRIVATE KEY-----\n60: b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\n61: NhAAAAAwEAAQAAAYEAy1A8G8yY2Q0bY8R2fN3eD6rN5bV5oY6zV9nB9zC8rV2aW9nS6qWj\n62: Y9mF7bM3cM9yV1wR6tY3fO2uP8tJ5gY4oZ1jI9pU7fH4xK9pD8oW7yL6kC4hB3sF2xW1zS9\n63: pG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9pG+eR5sD0vM6sN1cK8v\n64: I4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9pG+eR5sD0vM6sN1cK8vY5htrZ6wF4xK9pD8oW7\n65: yL6kC4hB3sF2xW1zS9pG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9\n66: pG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wQ2xV1sS9pG+eRb3rAwAAAAtkZXB\n67: sb3lAYXBwLXNlcnZlcgE=\n68: -----END OPENSSH PRIVATE KEY-----\n69: KUBE_CONFIG_DATA: ${{ secrets.KUBE_STAGING_CONFIG }}\n", "findings": [{"line_number": 43, "secret": "dckr_pat_yNv7sW3zT6jK8hL2mP5gF0xU4qR9cE1aB", "label": "True Positive"}, {"line_number": 59, "secret": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAYEAy1A8G8yY2Q0bY8R2fN3eD6rN5bV5oY6zV9nB9zC8rV2aW9nS6qWj\nY9mF7bM3cM9yV1wR6tY3fO2uP8tJ5gY4oZ1jI9pU7fH4xK9pD8oW7yL6kC4hB3sF2xW1zS9\npG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9pG+eR5sD0vM6sN1cK8v\nI4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9pG+eR5sD0vM6sN1cK8vY5htrZ6wF4xK9pD8oW7\nyL6kC4hB3sF2xW1zS9pG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9\npG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wQ2xV1sS9pG+eRb3rAwAAAAtkZXB\nsb3lAYXBwLXNlcnZlcgE=\n-----END OPENSSH PRIVATE KEY-----", "label": "True Positive"}]}, {"code": "1: # ==========================================\n2: # DATABASE CONFIGURATION\n3: # ==========================================\n4: spring.datasource.url=jdbc:postgresql://db.prod-eu.internal:5432/payments_service\n5: spring.datasource.username=payments_svc_user\n6: spring.datasource.password=Pg#sEcRet!P@sS_9fXz8$t\n7: spring.datasource.driver-class-name=org.postgresql.Driver\n8: spring.jpa.hibernate.ddl-auto=validate\n9: \n10: # ==========================================\n11: # REDIS CACHE CONFIGURATION\n12: # ==========================================\n13: spring.redis.host=redis-cache.prod-eu.internal\n14: spring.redis.port=6379\n15: \n16: # ==========================================\n17: # EXTERNAL API KEYS\n18: # ==========================================\n19: # Stripe configuration for payment processing\n20: stripe.api.key=sk_live_51Kx0L2BzT8gG1uY9cFzXvWqSjU3mB2hA4fD6eG8iJ1kM3nO5pR7sT9uV\n21: \n22: # Twilio for sending SMS notifications\n23: twilio.account.sid=ACf4b2e1c9d8a7f6e5d4c3b2a1a0987654\n24: twilio.auth.token=a4b3c2d1e0f9a8b7c6d5e4f3a2b1c0d9\n25: \n26: # ==========================================\n27: # APPLICATION SETTINGS\n28: # ==========================================\n29: server.port=8080\n30: server.servlet.context-path=/api/payments\n", "findings": [{"line_number": 6, "secret": "Pg#sEcRet!P@sS_9fXz8$t", "label": "True Positive"}, {"line_number": 20, "secret": "sk_live_51Kx0L2BzT8gG1uY9cFzXvWqSjU3mB2hA4fD6eG8iJ1kM3nO5pR7sT9uV", "label": "True Positive"}, {"line_number": 23, "secret": "ACf4b2e1c9d8a7f6e5d4c3b2a1a0987654", "label": "True Positive"}, {"line_number": 24, "secret": "a4b3c2d1e0f9a8b7c6d5e4f3a2b1c0d9", "label": "True Positive"}]}]} +{"id": 32, "findings": [{"code": "88: import os\n89: from flask import Flask, jsonify, request\n90: import stripe\n91: import psycopg2\n92: \n93: app = Flask(__name__)\n94: \n95: # --- Configuration ---\n96: # This should be in a secure vault, not hardcoded.\n97: stripe.api_key = \"sk_live_51Mv9L2KpF7hG3tZ9cRzXvWqSjU3mB2nFk5vL6xJ7iO1pE9yC\"\n98: DB_CONNECTION_URL = \"postgres://billing_svc_user:AgH3#kL$pQ2s!bV9@db-payments-prod.c8x4z1b2q3r.us-east-1.rds.amazonaws.com:5432/payments_db\"\n99: \n100: def get_db_connection():\n101: conn = psycopg2.connect(DB_CONNECTION_URL)\n102: return conn\n103: \n104: @app.route('/api/v1/charge', methods=['POST'])\n105: def create_charge():\n106: data = request.get_json()\n107: try:\n108: charge = stripe.Charge.create(\n109: amount=data['amount'], # e.g., 2000 for $20.00\n110: currency='usd',\n111: source=data['token'],\n112: description='Charge for user ' + data.get('email')\n113: )\n114: # Log transaction to our database\n115: conn = get_db_connection()\n116: # ... database logic ...\n117: conn.close()\n118: \n119: return jsonify({'status': 'success', 'charge_id': charge.id}), 201\n120: except stripe.error.StripeError as e:\n121: return jsonify({'error': str(e)}), 400\n122: \n123: if __name__ == '__main__':\n124: app.run(debug=False)\n", "findings": [{"line_number": 97, "secret": "sk_live_51Mv9L2KpF7hG3tZ9cRzXvWqSjU3mB2nFk5vL6xJ7iO1pE9yC", "label": "True Positive"}, {"line_number": 98, "secret": "postgres://billing_svc_user:AgH3#kL$pQ2s!bV9@db-payments-prod.c8x4z1b2q3r.us-east-1.rds.amazonaws.com:5432/payments_db", "label": "True Positive"}]}, {"code": "15: name: Deploy to Production EKS\n16: \n17: on:\n18: push:\n19: branches:\n20: - main\n21: \n22: jobs:\n23: deploy:\n24: name: Build and Push Docker Image to ECR\n25: runs-on: ubuntu-latest\n26: \n27: steps:\n28: - name: Checkout code\n29: uses: actions/checkout@v3\n30: \n31: - name: Configure AWS Credentials \n32: # This approach is insecure. Use OIDC or GitHub Secrets.\n33: run: |\n34: aws configure set aws_access_key_id AKIA4Z7P6TQ5RVN3MUEW\n35: aws configure set aws_secret_access_key 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\n36: aws configure set region us-west-2\n37: \n38: - name: Login to Amazon ECR\n39: id: login-ecr\n40: uses: aws-actions/amazon-ecr-login@v1\n41: \n42: - name: Build and push image\n43: env:\n44: ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}\n45: IMAGE_TAG: ${{ github.sha }}\n46: run: |\n47: docker build -t $ECR_REGISTRY/my-service:$IMAGE_TAG .\n48: docker push $ECR_REGISTRY/my-service:$IMAGE_TAG\n49: \n50: - name: Update K8s deployment\n51: run: |\n52: # kubectl commands to update the deployment would go here\n53: echo \"Deployment logic placeholder\"\n", "findings": [{"line_number": 34, "secret": "AKIA4Z7P6TQ5RVN3MUEW", "label": "True Positive"}, {"line_number": 35, "secret": "j9mK0cH7pL6xJ2sV4gH9rT2pL7xJ5sK1mF3bZ8oN", "label": "True Positive"}]}, {"code": "29: import * as Sentry from \"@sentry/react\";\n30: import { BrowserTracing } from \"@sentry/tracing\";\n31: import { createRoot } from 'react-dom/client';\n32: import App from './App';\n33: \n34: // Centralized configuration for environment-specific variables\n35: const appConfig = {\n36: // It is strongly advised to load these from environment variables\n37: // rather than hardcoding them in the source code.\n38: sentry: {\n39: dsn: \"https://b4d29ca2b98e4a9e8b7c0f1e8e2b8f75@o450550.ingest.sentry.io/4505501234567890\",\n40: tracesSampleRate: 0.1, // Reduce for production if needed\n41: },\n42: apiBaseUrl: 'https://api.myapp.com/v2',\n43: featureFlags: {\n44: enableNewDashboard: true,\n45: }\n46: };\n47: \n48: function initializeMonitoring() {\n49: if (process.env.NODE_ENV === 'production') {\n50: Sentry.init({\n51: dsn: appConfig.sentry.dsn,\n52: integrations: [new BrowserTracing()],\n53: tracesSampleRate: appConfig.sentry.tracesSampleRate,\n54: environment: 'production',\n55: });\n56: console.log(\"Sentry monitoring initialized.\");\n57: }\n58: }\n59: \n60: initializeMonitoring();\n61: \n62: const container = document.getElementById('root');\n63: const root = createRoot(container!); \n64: root.render();\n", "findings": [{"line_number": 39, "secret": "https://b4d29ca2b98e4a9e8b7c0f1e8e2b8f75@o450550.ingest.sentry.io/4505501234567890", "label": "True Positive"}]}, {"code": "112: package main\n113: \n114: import (\n115: \t\"context\"\n116: \t\"fmt\"\n117: \t\"log\"\n118: \t\"github.com/go-redis/redis/v8\"\n119: \t\"github.com/twilio/twilio-go\"\n120: \topenapi \"github.com/twilio/twilio-go/rest/api/v2010\"\n121: )\n122: \n123: var ctx = context.Background()\n124: \n125: const (\n126: \ttwilioAccountSid = \"ACf9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c4\"\n127: \ttwilioAuthToken = \"d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9\"\n128: \ttwilioFromNumber = \"+15017122661\"\n129: \tredisAddr = \"redis-11234.c264.ap-south-1-1.ec2.cloud.redislabs.com:11234\"\n130: \tredisPassword = \"p$qR5tU6vW7x!z#A\"\n131: )\n132: \n133: func sendOrderConfirmationSMS(phoneNumber, message string) {\n134: \tclient := twilio.NewRestClientWithParams(twilio.ClientParams{\n135: \t\tUsername: twilioAccountSid,\n136: \t\tPassword: twilioAuthToken,\n137: \t})\n138: \n139: \tparams := &openapi.CreateMessageParams{}\n140: \tparams.SetTo(phoneNumber)\n141: \tparams.SetFrom(twilioFromNumber)\n142: \tparams.SetBody(message)\n143: \n144: \t_, err := client.Api.CreateMessage(params)\n145: \tif err != nil {\n146: \t\tlog.Fatalf(\"Failed to send SMS: %s\", err.Error())\n147: \t}\n148: \n149: \tfmt.Println(\"SMS sent successfully to\", phoneNumber)\n150: }\n151: \n152: func main() {\n153: \t// Example Usage\n154: \tsendOrderConfirmationSMS(\"+15558675310\", \"Your order #12345 is confirmed!\")\n155: }\n", "findings": [{"line_number": 127, "secret": "d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9", "label": "True Positive"}, {"line_number": 130, "secret": "p$qR5tU6vW7x!z#A", "label": "True Positive"}]}, {"code": "1: # Terraform configuration for managing Cloudflare resources\n2: \n3: terraform {\n4: required_providers {\n5: cloudflare = {\n6: source = \"cloudflare/cloudflare\"\n7: version = \"~> 4.0\"\n8: }\n9: }\n10: }\n11: \n12: # Provider configuration\n13: # Storing sensitive data like API tokens directly in the configuration is a security risk.\n14: # It's recommended to use environment variables or other secure methods.\n15: provider \"cloudflare\" {\n16: api_token = \"Gv6mU_c7p-q9sR2wX4yZ0aB1dE3fG5hI7jK9lM8n\"\n17: }\n18: \n19: data \"cloudflare_zone\" \"primary_domain\" {\n20: name = \"my-awesome-app.com\"\n21: }\n22: \n23: resource \"cloudflare_record\" \"api_endpoint\" {\n24: zone_id = data.cloudflare_zone.primary_domain.id\n25: name = \"api\"\n26: value = \"203.0.113.10\"\n27: type = \"A\"\n28: ttl = 3600\n29: proxied = true\n30: }\n31: \n32: resource \"cloudflare_record\" \"subdomain_cname\" {\n33: zone_id = data.cloudflare_zone.primary_domain.id\n34: name = \"status\"\n35: value = \"statuspage.myapp.com\"\n36: type = \"CNAME\"\n37: ttl = 1 # Automatic TTL\n38: }\n", "findings": [{"line_number": 16, "secret": "Gv6mU_c7p-q9sR2wX4yZ0aB1dE3fG5hI7jK9lM8n", "label": "True Positive"}]}]} +{"id": 33, "findings": [{"code": "88: import os\n89: from flask import Flask, request, jsonify\n90: from twilio.rest import Client\n91: from sqlalchemy import create_engine\n92: \n93: app = Flask(__name__)\n94: \n95: # --- Configuration ---\n96: # WARNING: Do not commit credentials to source control.\n97: TWILIO_ACCOUNT_SID = \"ACd4f8b0e7c6a5e4d3f2c1b0a9e8d7c6b5\"\n98: TWILIO_AUTH_TOKEN = \"5a9f3e1b7d5c8e2a1b9f4d6c7e8b9a0c\"\n99: DATABASE_URL = \"postgres://notifications_svc:3rD#kS8@pGqW7!z@pg-prod-cluster-1.rds.amazonaws.com:5432/notificationsdb\"\n100: \n101: try:\n102: twilio_client = Client(TWILIO_ACCOUNT_SID, TWILIO_AUTH_TOKEN)\n103: db_engine = create_engine(DATABASE_URL)\n104: except Exception as e:\n105: app.logger.error(f\"Failed to initialize services: {e}\")\n106: \n107: @app.route('/api/v1/send-alert', methods=['POST'])\n108: def send_alert():\n109: data = request.get_json()\n110: if not data or 'phone_number' not in data or 'message' not in data:\n111: return jsonify({'error': 'Missing phone_number or message'}), 400\n112: \n113: try:\n114: message = twilio_client.messages.create(\n115: to=data['phone_number'],\n116: from_='+15017122661',\n117: body=data['message']\n118: )\n119: return jsonify({'status': 'success', 'sid': message.sid})\n120: except Exception as e:\n121: app.logger.error(f\"Twilio send failed: {e}\")\n122: return jsonify({'error': 'Failed to send message'}), 500\n", "findings": [{"line_number": 97, "secret": "ACd4f8b0e7c6a5e4d3f2c1b0a9e8d7c6b5", "label": "True Positive"}, {"line_number": 98, "secret": "5a9f3e1b7d5c8e2a1b9f4d6c7e8b9a0c", "label": "True Positive"}, {"line_number": 99, "secret": "postgres://notifications_svc:3rD#kS8@pGqW7!z@pg-prod-cluster-1.rds.amazonaws.com:5432/notificationsdb", "label": "True Positive"}]}, {"code": "15: terraform {\n16: required_providers {\n17: aws = {\n18: source = \"hashicorp/aws\"\n19: version = \"~> 4.16\"\n20: }\n21: }\n22: \n23: required_version = \">= 1.2.0\"\n24: }\n25: \n26: provider \"aws\" {\n27: region = \"us-east-1\"\n28: access_key = \"AKIAUZY47P56V3IWQEXN\"\n29: secret_key = \"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\"\n30: }\n31: \n32: resource \"aws_instance\" \"app_server\" {\n33: ami = \"ami-08d70e59c07c61a3a\"\n34: instance_type = \"t2.micro\"\n35: \n36: tags = {\n37: Name = \"WebAppServerInstance\"\n38: }\n39: }\n40: \n41: resource \"aws_s3_bucket\" \"logs\" {\n42: bucket = \"prod-app-logs-7654321\"\n43: \n44: tags = {\n45: Name = \"Application Log Bucket\"\n46: Environment = \"Production\"\n47: }\n48: }\n", "findings": [{"line_number": 28, "secret": "AKIAUZY47P56V3IWQEXN", "label": "True Positive"}, {"line_number": 29, "secret": "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", "label": "True Positive"}]}, {"code": "112: // src/config/services.js\n113: // This file configures tokens and connection strings for external services.\n114: \n115: export const mapConfig = {\n116: style: 'mapbox://styles/mapbox/streets-v11',\n117: accessToken: 'pk.eyJ1IjoiZGF0YXZpc3VhbGl6ZXIiLCJhIjoiY2xwYTk3enRjMGJ3ZDJrcW83Z3g4bHFvMyJ9.XFp9o_k9Y0jZ7lEtUa8wWg',\n118: defaultCenter: [-74.5, 40],\n119: defaultZoom: 9,\n120: };\n121: \n122: export const analyticsConfig = {\n123: trackingId: 'G-78XYZ123ABC',\n124: anonymizeIp: true,\n125: };\n126: \n127: export const sentryConfig = {\n128: dsn: 'https://3a1b5c4d6e8f7g9a0b1c2d3e4f5a6b7c@o123456.ingest.sentry.io/7890123',\n129: tracesSampleRate: 0.1,\n130: replaysOnErrorSampleRate: 1.0,\n131: replaysSessionSampleRate: 0.05,\n132: };\n133: \n134: export function initializeServices() {\n135: // In a real app, you would initialize Sentry, Mapbox, etc. here.\n136: console.log('Services configured.');\n137: if (!sentryConfig.dsn) {\n138: console.warn('Sentry DSN not found. Error reporting is disabled.');\n139: }\n140: if (!mapConfig.accessToken || mapConfig.accessToken.startsWith('pk.XXX')) {\n141: throw new Error('Mapbox access token is missing or a placeholder.');\n142: }\n143: }\n", "findings": [{"line_number": 117, "secret": "pk.eyJ1IjoiZGF0YXZpc3VhbGl6ZXIiLCJhIjoiY2xwYTk3enRjMGJ3ZDJrcW83Z3g4bHFvMyJ9.XFp9o_k9Y0jZ7lEtUa8wWg", "label": "True Positive"}, {"line_number": 128, "secret": "https://3a1b5c4d6e8f7g9a0b1c2d3e4f5a6b7c@o123456.ingest.sentry.io/7890123", "label": "True Positive"}]}, {"code": "21: name: Deploy to Production\n22: \n23: on:\n24: push:\n25: branches:\n26: - main\n27: \n28: jobs:\n29: build-and-deploy:\n30: runs-on: ubuntu-latest\n31: steps:\n32: - name: Checkout code\n33: uses: actions/checkout@v3\n34: \n35: - name: Login to Docker Hub\n36: uses: docker/login-action@v2\n37: with:\n38: username: myapp-prod-bot\n39: password: dckr_pat_aJkLpM5oN8qH7wG4sF2dR1tY9cZ\n40: \n41: - name: Build and push Docker image\n42: uses: docker/build-push-action@v4\n43: with:\n44: context: .\n45: push: true\n46: tags: myapp/prod-server:latest\n47: \n48: - name: Deploy to server via SSH\n49: uses: appleboy/ssh-action@master\n50: with:\n51: host: 198.51.100.1\n52: username: deploy-user\n53: key: |\n54: -----BEGIN OPENSSH PRIVATE KEY-----\n55: b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\n56: NhAAAAAwEAAQAAAYEAuc/d5v6hT+dOK4aCZyGevp5A+vM2M1m7/s3qH8nC8L5a7G9b0P2t\n57: Y6rW1dG7w8Z5Z0u3e6V7h9F8j4k2aG6b8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u7\n58: v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c9d0\n59: e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u7v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0k1l2m\n60: 3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u\n61: 7v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c\n62: 9d0e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u7v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0\n63: k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3\n64: -----END OPENSSH PRIVATE KEY-----\n65: script: |\n66: docker pull myapp/prod-server:latest\n67: docker stop myapp-container || true\n68: docker rm myapp-container || true\n69: docker run -d --name myapp-container -p 80:8080 myapp/prod-server:latest\n", "findings": [{"line_number": 39, "secret": "dckr_pat_aJkLpM5oN8qH7wG4sF2dR1tY9cZ", "label": "True Positive"}, {"line_number": 53, "secret": "|\n -----BEGIN OPENSSH PRIVATE KEY-----\n b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\n NhAAAAAwEAAQAAAYEAuc/d5v6hT+dOK4aCZyGevp5A+vM2M1m7/s3qH8nC8L5a7G9b0P2t\n Y6rW1dG7w8Z5Z0u3e6V7h9F8j4k2aG6b8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u7\n v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c9d0\n e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u7v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0k1l2m\n 3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u\n 7v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c\n 9d0e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u7v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0\n k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3\n -----END OPENSSH PRIVATE KEY-----", "label": "True Positive"}]}, {"code": "1: # ===========================================\n2: # Spring Boot Application Configuration\n3: # Environment: Production\n4: # ===========================================\n5: \n6: # Database connection\n7: spring.datasource.url=jdbc:mysql://prod-db-master.cw7fkl2g3h9e.us-west-2.rds.amazonaws.com:3306/webappdb?autoReconnect=true&useSSL=false\n8: spring.datasource.username=webapp_prod_user\n9: spring.datasource.password=dJ^8g$Pq5#sT@9!rW&zK\n10: spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver\n11: \n12: # JPA/Hibernate settings\n13: spring.jpa.hibernate.ddl-auto=validate\n14: spring.jpa.show-sql=false\n15: \n16: # Redis Cache Configuration\n17: spring.redis.host=prod-redis-cache.a1b2c3.0001.usw2.cache.amazonaws.com\n18: spring.redis.port=6379\n19: spring.redis.password=fG4hJ7kL9mN2pQ5rS8uVzX3zA6bC9dE1\n20: \n21: # Server port\n22: server.port=8080\n23: server.error.include-stacktrace=never\n24: \n25: # External API Services\n26: sendgrid.api.key=SG.kE9yT8RzQ5aW7oP3iL1uVw.bF6gH2sC4jK8mN5pS9uX1yZ3_vE7wA8qD0rO\n27: \n28: # Logging level\n29: logging.level.root=WARN\n30: logging.level.com.myapp=INFO\n", "findings": [{"line_number": 7, "secret": "jdbc:mysql://prod-db-master.cw7fkl2g3h9e.us-west-2.rds.amazonaws.com:3306/webappdb?autoReconnect=true&useSSL=false", "label": "True Positive"}, {"line_number": 9, "secret": "dJ^8g$Pq5#sT@9!rW&zK", "label": "True Positive"}, {"line_number": 19, "secret": "fG4hJ7kL9mN2pQ5rS8uVzX3zA6bC9dE1", "label": "True Positive"}, {"line_number": 26, "secret": "SG.kE9yT8RzQ5aW7oP3iL1uVw.bF6gH2sC4jK8mN5pS9uX1yZ3_vE7wA8qD0rO", "label": "True Positive"}]}]} +{"id": 34, "findings": [{"code": "78: import os\n79: from flask import Flask, jsonify, request\n80: from sqlalchemy import create_engine\n81: import sentry_sdk\n82: from sentry_sdk.integrations.flask import FlaskIntegration\n83: \n84: # Initialize Sentry for error tracking\n85: sentry_sdk.init(\n86: dsn=\"https://8f3a3a9a2c1b4e3e8f9a9a3b1a2c3d4e@o123456.ingest.sentry.io/789012\",\n87: integrations=[FlaskIntegration()],\n88: traces_sample_rate=1.0\n89: )\n90: \n91: app = Flask(__name__)\n92: \n93: # Database configuration\n94: DATABASE_URL = \"postgres://reports_user:F#9kL$pQ2s!jW@db-reports.prod.internal:5432/reporting_main\"\n95: engine = create_engine(DATABASE_URL)\n96: \n97: @app.route('/api/v1/health')\n98: def health_check():\n99: try:\n100: connection = engine.connect()\n101: connection.close()\n102: return jsonify({'status': 'ok', 'database': 'connected'}), 200\n103: except Exception as e:\n104: return jsonify({'status': 'error', 'database': 'disconnected', 'reason': str(e)}), 503\n105: \n106: def fetch_user_report(user_id):\n107: # ... implementation for fetching reports\n108: pass\n109: \n110: if __name__ == '__main__':\n111: app.run(host='0.0.0.0', port=8080)\n", "findings": [{"line_number": 86, "secret": "https://8f3a3a9a2c1b4e3e8f9a9a3b1a2c3d4e@o123456.ingest.sentry.io/789012", "label": "True Positive"}, {"line_number": 94, "secret": "postgres://reports_user:F#9kL$pQ2s!jW@db-reports.prod.internal:5432/reporting_main", "label": "True Positive"}]}, {"code": "42: name: Deploy Staging Environment\n43: \n44: on:\n45: push:\n46: branches:\n47: - develop\n48: \n49: jobs:\n50: build-and-deploy:\n51: runs-on: ubuntu-latest\n52: steps:\n53: - name: Checkout repository\n54: uses: actions/checkout@v3\n55: \n56: - name: Configure AWS Credentials\n57: run: |\n58: aws configure set aws_access_key_id AKIA4WM7G3QZL5PJU7YF\n59: aws configure set aws_secret_access_key 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\n60: aws configure set default.region us-west-2\n61: \n62: - name: Login to Amazon ECR\n63: id: login-ecr\n64: uses: aws-actions/amazon-ecr-login@v1\n65: \n66: - name: Build and push Docker image\n67: env:\n68: ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}\n69: IMAGE_TAG: ${{ github.sha }}\n70: run: |\n71: docker build -t $ECR_REGISTRY/my-app:$IMAGE_TAG .\n72: docker push $ECR_REGISTRY/my-app:$IMAGE_TAG\n73: \n74: - name: Notify on Slack\n75: if: success()\n76: run: |\n77: curl -X POST -H 'Content-type: application/json' --data '{\"text\":\"Staging deployment successful!\"}' https://hooks.slack.com/services/T00ABCD1EFG/B00HIJK5LMN/aBcDeFgHiJkLmNoPqRsTuVwXyZ\n", "findings": [{"line_number": 58, "secret": "AKIA4WM7G3QZL5PJU7YF", "label": "True Positive"}, {"line_number": 59, "secret": "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", "label": "True Positive"}, {"line_number": 77, "secret": "https://hooks.slack.com/services/T00ABCD1EFG/B00HIJK5LMN/aBcDeFgHiJkLmNoPqRsTuVwXyZ", "label": "True Positive"}]}, {"code": "11: package com.example.paymentservice.config;\n12: \n13: import org.springframework.context.annotation.Bean;\n14: import org.springframework.context.annotation.Configuration;\n15: import com.stripe.Stripe;\n16: import javax.annotation.PostConstruct;\n17: \n18: @Configuration\n19: public class StripeConfig {\n20: \n21: private final StripeProperties stripeProperties;\n22: \n23: public StripeConfig(StripeProperties stripeProperties) {\n24: this.stripeProperties = stripeProperties;\n25: }\n26: \n27: @PostConstruct\n28: public void init() {\n29: Stripe.apiKey = \"sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7nD5oP6tF4gH3iJ2kL1mN0oPqRsTuVwWzXyZ\"; // Live key for production\n30: }\n31: \n32: // This class would typically be in its own file\n33: @ConfigurationProperties(prefix = \"stripe\")\n34: public static class StripeProperties {\n35: private String secretKey;\n36: \n37: // Getter and setter for secretKey\n38: public String getSecretKey() {\n39: return secretKey;\n40: }\n41: \n42: public void setSecretKey(String secretKey) {\n43: this.secretKey = secretKey;\n44: }\n45: }\n46: }\n", "findings": [{"line_number": 29, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7nD5oP6tF4gH3iJ2kL1mN0oPqRsTuVwWzXyZ", "label": "True Positive"}]}, {"code": "115: # main.tf\n116: \n117: provider \"google\" {\n118: project = \"gcp-project-analytics-prod\"\n119: region = \"us-central1\"\n120: credentials = <> fetchUserData(String userId) async {\n212: final response = await http.get(\n213: Uri.parse('$_baseUrl/users/$userId'),\n214: headers: {\n215: 'Content-Type': 'application/json',\n216: 'Authorization': 'Bearer $authToken',\n217: 'X-API-KEY': 'prod_a1b2c3d4e5f678901234567890abcdef12'\n218: },\n219: );\n220: \n221: if (response.statusCode == 200) {\n222: return json.decode(response.body);\n223: } else {\n224: throw Exception('Failed to load user data');\n225: }\n226: }\n227: \n228: Future updateUserPreferences(String userId, Map prefs) async {\n229: final response = await http.post(\n230: Uri.parse('$_baseUrl/users/$userId/preferences'),\n231: headers: {\n232: 'Content-Type': 'application/json',\n233: 'Authorization': 'Bearer $authToken',\n234: 'X-API-KEY': 'prod_a1b2c3d4e5f678901234567890abcdef12'\n235: },\n236: body: json.encode(prefs),\n237: );\n238: \n239: if (response.statusCode != 204) {\n240: throw Exception('Failed to update preferences');\n241: }\n242: }\n243: }\n", "findings": [{"line_number": 209, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlQGFwaS5jb20iLCJhdWQiOiJtb2JpbGUiLCJleHAiOjE3MzU2ODk2MDB9.i8XyC2FpHj9nK5VzJ7wR8bO4L6eG0pN9sT1vA3D2ZqY", "label": "True Positive"}, {"line_number": 217, "secret": "prod_a1b2c3d4e5f678901234567890abcdef12", "label": "True Positive"}, {"line_number": 234, "secret": "prod_a1b2c3d4e5f678901234567890abcdef12", "label": "True Positive"}]}]} +{"id": 35, "findings": [{"code": "88: import os\n89: from redis import Redis\n90: \n91: class AppConfig:\n92: \"\"\"Base application configuration.\"\"\"\n93: SECRET_KEY = os.environ.get('SECRET_KEY', 'fallback-dev-secret-key-change-me')\n94: STATIC_FOLDER = 'static'\n95: TEMPLATES_FOLDER = 'templates'\n96: SESSION_COOKIE_SECURE = True\n97: SESSION_COOKIE_HTTPONLY = True\n98: \n99: class ProductionConfig(AppConfig):\n100: \"\"\"Production specific configurations.\"\"\"\n101: FLASK_ENV = 'production'\n102: DEBUG = False\n103: \n104: # Database Configuration\n105: SQLALCHEMY_DATABASE_URI = 'postgresql://warehouse_svc:vF9@p#Z&rT7s!q@db-prod-_eu-west-1.rds.amazonaws.com:5432/analytics_data_prod'\n106: SQLALCHEMY_TRACK_MODIFICATIONS = False\n107: \n108: # Redis Cache\n109: REDIS_HOST = 'prod-redis-cache.mxf8e3.ng.0001.euw1.cache.amazonaws.com'\n110: REDIS_PORT = 6379\n111: \n112: # External Services\n113: STRIPE_API_KEY = \"sk_live_51Kk0L2ApB8fG1tY9lEwJbNc5ZgHqR6vY7kO4sT3uF1gA2iXvMn9cRzXvWqSjU3mB\"\n114: \n115: class DevelopmentConfig(AppConfig):\n116: \"\"\"Development specific configurations.\"\"\"\n117: FLASK_ENV = 'development'\n118: DEBUG = True\n119: SQLALCHEMY_DATABASE_URI = 'sqlite:///dev.db'\n120: SESSION_COOKIE_SECURE = False", "findings": [{"line_number": 105, "secret": "postgresql://warehouse_svc:vF9@p#Z&rT7s!q@db-prod-@eu-west-1.rds.amazonaws.com:5432/analytics_data_prod", "label": "True Positive"}, {"line_number": 113, "secret": "sk_live_51Kk0L2ApB8fG1tY9lEwJbNc5ZgHqR6vY7kO4sT3uF1gA2iXvMn9cRzXvWqSjU3mB", "label": "True Positive"}]}, {"code": "33: # Terraform Block for GCP Provider and Backend Configuration\n34: terraform {\n35: required_version = \">= 1.0\"\n36: \n37: required_providers {\n38: google = {\n39: source = \"hashicorp/google\"\n40: version = \"~> 4.0\"\n41: }\n42: }\n43: }\n44: \n45: # Configure the Google Cloud Provider\n46: provider \"google\" {\n47: project = var.gcp_project_id\n48: region = \"europe-west2\"\n49: zone = \"europe-west2-a\"\n50: credentials = \"{\\\"type\\\": \\\"service_account\\\",\\\"project_id\\\": \\\"zeta-project-345\\\",\\\"private_key_id\\\": \\\"a9c12b4f67890123d4e5f6a7b8c9d0e1f2a3b4c5\\\",\\\"private_key\\\": \\\"-----BEGIN PRIVATE KEY-----\\\\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANb9g2cO5oXQfIuI\\\\nE5s6f8tG7b7c2bF1e5D6bY8g9f7c1m4d...\\\\n-----END PRIVATE KEY-----\\\\n\\\",\\\"client_email\\\": \\\"terraform-runner@zeta-project-345.iam.gserviceaccount.com\\\",\\\"client_id\\\": \\\"112233445566778899001\\\",\\\"auth_uri\\\": \\\"https://accounts.google.com/o/oauth2/auth\\\",\\\"token_uri\\\": \\\"https://oauth2.googleapis.com/token\\\",\\\"auth_provider_x509_cert_url\\\": \\\"https://www.googleapis.com/oauth2/v1/certs\\\",\\\"client_x509_cert_url\\\": \\\"https://www.googleapis.com/robot/v1/metadata/x509/terraform-runner%40zeta-project-345.iam.gserviceaccount.com\\\"}\"\n51: }\n52: \n53: # Create a default VPC network\n54: resource \"google_compute_network\" \"vpc_network\" {\n55: name = \"terraform-network\"\n56: auto_create_subnetworks = true\n57: }\n58: \n59: # Firewall rule to allow SSH\n60: resource \"google_compute_firewall\" \"allow_ssh\" {\n61: name = \"allow-ssh-firewall\"\n62: network = google_compute_network.vpc_network.name\n63: \n64: allow {\n65: protocol = \"tcp\"\n66: ports = [\"22\"]\n67: }\n68: }", "findings": [{"line_number": 50, "secret": "{\"type\": \"service_account\",\"project_id\": \"zeta-project-345\",\"private_key_id\": \"a9c12b4f67890123d4e5f6a7b8c9d0e1f2a3b4c5\",\"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANb9g2cO5oXQfIuI\\nE5s6f8tG7b7c2bF1e5D6bY8g9f7c1m4d...\\n-----END PRIVATE KEY-----\\n\",\"client_email\": \"terraform-runner@zeta-project-345.iam.gserviceaccount.com\",\"client_id\": \"112233445566778899001\",\"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\"token_uri\": \"https://oauth2.googleapis.com/token\",\"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/terraform-runner%40zeta-project-345.iam.gserviceaccount.com\"}", "label": "True Positive"}]}, {"code": "114: package main\n115: \n116: import (\n117: \t\"context\"\n118: \t\"log\"\n119: \t\"net/http\"\n120: \n121: \t\"github.com/gin-gonic/gin\"\n122: \t\"go.mongodb.org/mongo-driver/mongo\"\n123: \t\"go.mongodb.org/mongo-driver/mongo/options\"\n124: )\n125: \n126: func connectToMongoDB() *mongo.Client {\n127: \t// In a real app, use a vault or env vars.\n128: \t// This is hardcoded for a quick PoC deployment.\n129: \tconst mongoURI = \"mongodb+srv://admin_orders:zR8gP2$LqW#k@prod-cluster-0.a1b2c.mongodb.net/ecom_orders?retryWrites=true&w=majority\"\n130: \tclientOptions := options.Client().ApplyURI(mongoURI)\n131: \tclient, err := mongo.Connect(context.TODO(), clientOptions)\n132: \tif err != nil {\n133: \t\tlog.Fatalf(\"Failed to connect to MongoDB: %v\", err)\n134: \t}\n135: \treturn client\n136: }\n137: \n138: func setupRouter() *gin.Engine {\n139: r := gin.Default()\n140: \t\n141: const internalAuthToken = \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLXNlcnZpY2UiLCJzdWIiOiJzZXJ2aWNlLWFjY291bnQtb3JkZXJzIiwiaWF0IjoxNjE2MjM5MDIyLCJleHAiOjE3NzE5MjcwMDAsImF1ZCI6ImludGVybmFsLWFwaSJ9.fU4fL8yH3aQOoCxJ6V_kFpWkSgRzVjZ_qB9pWjDxYlA\"\n142: \n143: r.Use(func(c *gin.Context) {\n144: \t\theaderToken := c.GetHeader(\"X-Internal-Auth\")\n145: if headerToken != internalAuthToken {\n146: c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{\"error\": \"Invalid internal token\"})\n147: return\n148: }\n149: c.Next()\n150: \t})\n151: \n152: \tr.GET(\"/ping\", func(c *gin.Context) {\n153: \t\tc.JSON(200, gin.H{\"message\": \"pong\"})\n154: \t})\n155: \n156: \treturn r\n157: }\n158: \n159: func main() {\n160: \t// connectToMongoDB()\n161: \trouter := setupRouter()\n162: \trouter.Run(\":8080\")\n163: }", "findings": [{"line_number": 129, "secret": "mongodb+srv://admin_orders:zR8gP2$LqW#k@prod-cluster-0.a1b2c.mongodb.net/ecom_orders?retryWrites=true&w=majority", "label": "True Positive"}, {"line_number": 141, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLXNlcnZpY2UiLCJzdWIiOiJzZXJ2aWNlLWFjY291bnQtb3JkZXJzIiwiaWF0IjoxNjE2MjM5MDIyLCJleHAiOjE3NzE5MjcwMDAsImF1ZCI6ImludGVybmFsLWFwaSJ9.fU4fL8yH3aQOoCxJ6V_kFpWkSgRzVjZ_qB9pWjDxYlA", "label": "True Positive"}]}, {"code": "45: name: Deploy Staging Environment\n46: \n47: on:\n48: push:\n49: branches:\n50: - develop\n51: \n52: jobs:\n53: build-and-deploy:\n54: runs-on: ubuntu-latest\n55: steps:\n56: - name: Checkout code\n57: uses: actions/checkout@v3\n58: \n59: - name: Set up Node.js\n60: uses: actions/setup-node@v3\n61: with:\n62: node-version: '18'\n63: \n64: - name: Install dependencies and build\n65: run: |\n66: npm install\n67: npm run build\n68: \n69: - name: Deploy to Staging Server\n70: uses: appleboy/ssh-action@master\n71: with:\n72: host: staging.example-hosting.com\n73: username: deploy_bot\n74: key: |\n75: -----BEGIN OPENSSH PRIVATE KEY-----\n76: b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\n77: NhAAAAAwEAAQAAAYEA1H5s2b9r8fH8P2Z7g3d4s5v7t8w9A6B2C4E6fGgHhJkL1M3N5... \n78: ...base64 encoded private key data... \n79: G3hJkL1M3N5n9p0q2r4s6t8v9w0x2y3z5A7B9C1D3F5H7J9L1N3P5R7T9V1X3Z5B7D9F1H\n80: -----END OPENSSH PRIVATE KEY-----\n81: port: 22\n82: script: |\n83: cd /var/www/staging-app\n84: git pull origin develop\n85: docker compose down && docker compose up -d --build\n86: \n87: - name: Notify Slack on success\n88: if: success()\n89: run: |\n90: curl -X POST -H 'Content-type: application/json' --data '{\"text\":\"Staging deployment succeeded!\"}' https://hooks.slack.com/services/T00ABCDEF/B00GHIJKL/mN7pQ8rS6tU5vW4xY3z2A1B0\n", "findings": [{"line_number": 75, "secret": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAYEA1H5s2b9r8fH8P2Z7g3d4s5v7t8w9A6B2C4E6fGgHhJkL1M3N5... \n...base64 encoded private key data... \nG3hJkL1M3N5n9p0q2r4s6t8v9w0x2y3z5A7B9C1D3F5H7J9L1N3P5R7T9V1X3Z5B7D9F1H\n-----END OPENSSH PRIVATE KEY-----", "label": "True Positive"}, {"line_number": 90, "secret": "https://hooks.slack.com/services/T00ABCDEF/B00GHIJKL/mN7pQ8rS6tU5vW4xY3z2A1B0", "label": "True Positive"}]}, {"code": "201: using System.Data.SqlClient;\n202: using System.Threading.Tasks;\n203: using Dapper;\n204: \n205: namespace UserManagement.Data\n206: {\n207: public class UserProfileRepository\n208: {\n209: private readonly string _connectionString;\n210: \n211: public UserProfileRepository()\n212: {\n213: // This should be loaded from secure configuration in a real application\n214: _connectionString = \"Server=tcp:user-db-server.database.windows.net,1433;Initial Catalog=UserProfiles;Persist Security Info=False;User ID=db_admin_svc;Password={9aB!cDeFgH2iJkLmN};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;\";\n215: }\n216: \n217: public async Task GetUserProfileByIdAsync(int userId)\n218: {\n219: using (var connection = new SqlConnection(_connectionString))\n220: {\n221: await connection.OpenAsync();\n222: var query = \"SELECT * FROM UserProfiles WHERE UserId = @UserId\";\n223: return await connection.QuerySingleOrDefaultAsync(query, new { UserId = userId });\n224: }\n225: }\n226: \n227: public class UserProfile\n228: {\n229: public int UserId { get; set; }\n230: public string Username { get; set; }\n231: public string Email { get; set; }\n232: public string FullName { get; set; }\n233: }\n234: \n235: // Helper for other services that need direct access\n236: public static string GetTwilioAuthSecret()\n237: {\n238: return \"a4b1c8d7e2f5g3h9i0j6k4l2m1n0o7p3\";\n239: }\n240: }\n241: }", "findings": [{"line_number": 214, "secret": "Server=tcp:user-db-server.database.windows.net,1433;Initial Catalog=UserProfiles;Persist Security Info=False;User ID=db_admin_svc;Password={9aB!cDeFgH2iJkLmN};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;", "label": "True Positive"}, {"line_number": 238, "secret": "a4b1c8d7e2f5g3h9i0j6k4l2m1n0o7p3", "label": "True Positive"}]}]} +{"id": 36, "findings": [{"code": "88: import boto3\n89: import os\n90: import json\n91: from botocore.exceptions import ClientError\n92: \n93: def process_inventory_updates(bucket_name, key):\n94: \"\"\"Processes inventory update files from S3 and updates DynamoDB.\"\"\"\n95: \n96: session = boto3.Session(\n97: aws_access_key_id='AKIAY3R4WZ76X2P5QJ6M',\n98: aws_secret_access_key='wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',\n99: region_name='us-east-1'\n100: )\n101: \n102: s3_client = session.client('s3')\n103: dynamodb = session.resource('dynamodb')\n104: table = dynamodb.Table('ProductInventory')\n105: \n106: try:\n107: s3_object = s3_client.get_object(Bucket=bucket_name, Key=key)\n108: inventory_data = json.loads(s3_object['Body'].read().decode('utf-8'))\n109: \n110: with table.batch_writer() as batch:\n111: for item in inventory_data['updates']:\n112: batch.put_item(\n113: Item={\n114: 'ProductID': item['sku'],\n115: 'StockCount': item['quantity'],\n116: 'LastUpdated': item['timestamp']\n117: }\n118: )\n119: print(f\"Successfully processed {key}\")\n120: except ClientError as e:\n121: print(f\"Error processing file {key}: {e}\")\n122: raise e\n123: ", "findings": [{"line_number": 97, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, {"line_number": 98, "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "label": "True Positive"}]}, {"code": "42: terraform {\n43: required_version = \">= 1.2.0\"\n44: \n45: cloud {\n46: organization = \"acme-corp-infra\"\n47: \n48: workspaces {\n49: name = \"production-vpc-networking\"\n50: }\n51: \n52: credentials \"app.terraform.io\" {\n53: token = \"atJztmoFXGQz5k.atlasv1.gJvF8sRgDWf24zW2bF6Y8cK9tV1pL5qN7hB3xZ0mA4uC7iO6eP1sR2tG0sY3bI1aE2w\"\n54: }\n55: }\n56: \n57: required_providers {\n58: aws = {\n59: source = \"hashicorp/aws\"\n60: version = \"~> 4.50\"\n61: }\n62: }\n63: }\n64: \n65: provider \"aws\" {\n66: region = var.aws_region\n67: }\n68: \n69: resource \"aws_vpc\" \"main\" {\n70: cidr_block = \"10.0.0.0/16\"\n71: instance_tenancy = \"default\"\n72: \n73: tags = {\n74: Name = \"main-production-vpc\"\n75: }\n76: }\n77: ", "findings": [{"line_number": 53, "secret": "atJztmoFXGQz5k.atlasv1.gJvF8sRgDWf24zW2bF6Y8cK9tV1pL5qN7hB3xZ0mA4uC7iO6eP1sR2tG0sY3bI1aE2w", "label": "True Positive"}]}, {"code": "15: name: Build and Push Docker Image\n16: \n17: on:\n18: push:\n19: branches:\n20: - 'main'\n21: \n22: jobs:\n23: build-and-scan:\n24: runs-on: ubuntu-latest\n25: steps:\n26: - name: Checkout repository\n27: uses: actions/checkout@v3\n28: \n29: - name: Login to DockerHub\n30: uses: docker/login-action@v2\n31: with:\n32: username: 'autobuilder-acme'\n33: password: 'dckr_pat_1VzJ8h_L9KqR7sW3tX5yGZbN0c'\n34: \n35: - name: Build and push\n36: uses: docker/build-push-action@v4\n37: with:\n38: push: true\n39: tags: acme/webapp:latest\n40: \n41: - name: SonarQube Scan\n42: uses: sonarsource/sonarqube-scan-action@master\n43: env:\n44: SONAR_LOGIN: \"sqp_8d4e9c3e2f5b1a0a3b8c6d7e5f0a2b3c4d5e6f7a\"\n45: SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}\n46: ", "findings": [{"line_number": 32, "secret": "autobuilder-acme", "label": "True Positive"}, {"line_number": 33, "secret": "dckr_pat_1VzJ8h_L9KqR7sW3tX5yGZbN0c", "label": "True Positive"}, {"line_number": 44, "secret": "sqp_8d4e9c3e2f5b1a0a3b8c6d7e5f0a2b3c4d5e6f7a", "label": "True Positive"}]}, {"code": "21: import SwiftUI\n22: import Sentry\n23: import MapboxMaps\n24: \n25: struct AppConfig {\n26: struct Sentry {\n27: static let dsn = \"https://a4d9aa8c6e3b4a2ab9b8b3b8c3d9aa3c@o123456.ingest.sentry.io/789012\"\n28: }\n29: \n30: struct Mapbox {\n31: static let accessToken = \"pk.eyJ1IjoibXl1c2VybmFtZTEyMyIsImEiOiJjazg3ZzA2ZWgwYXQyM21wZHRpZTI1a2QzIn0.nB9m_gZ2vXl0qY5uP3r7Ww\"\n32: }\n33: }\n34: \n35: @main\n36: struct MyApp: App {\n37: init() {\n38: self.setupIntegrations()\n39: }\n40: \n41: private func setupIntegrations() {\n42: SentrySDK.start {\n43: options in options.dsn = AppConfig.Sentry.dsn\n44: options.tracesSampleRate = 1.0\n45: }\n46: \n47: ResourceOptionsManager.default.resourceOptions.accessToken = AppConfig.Mapbox.accessToken\n48: }\n49: \n50: var body: some Scene {\n51: WindowGroup {\n52: ContentView()\n53: }\n54: }\n55: }\n56: ", "findings": [{"line_number": 27, "secret": "https://a4d9aa8c6e3b4a2ab9b8b3b8c3d9aa3c@o123456.ingest.sentry.io/789012", "label": "True Positive"}, {"line_number": 31, "secret": "pk.eyJ1IjoibXl1c2VybmFtZTEyMyIsImEiOiJjazg3ZzA2ZWgwYXQyM21wZHRpZTI1a2QzIn0.nB9m_gZ2vXl0qY5uP3r7Ww", "label": "True Positive"}]}, {"code": "112: package com.example.ecommerce.config;\n113: \n114: import org.springframework.context.annotation.Bean;\n115: import org.springframework.context.annotation.Configuration;\n116: import org.springframework.jdbc.core.JdbcTemplate;\n117: import javax.sql.DataSource;\n118: import com.zaxxer.hikari.HikariConfig;\n119: import com.zaxxer.hikari.HikariDataSource;\n120: \n121: @Configuration\n122: public class DatabaseConfig {\n123: \n124: private static final String DB_URL = \"postgres://prod_svc_user:Ag^9!z$K4mPQ@db-prod-cluster-1.c8xyzqrstuvw.us-west-2.rds.amazonaws.com:5432/orders_db\";\n125: \n126: @Bean\n127: public DataSource dataSource() {\n128: HikariConfig config = new HikariConfig();\n129: config.setJdbcUrl(DB_URL);\n130: config.addDataSourceProperty(\"cachePrepStmts\", \"true\");\n131: config.addDataSourceProperty(\"prepStmtCacheSize\", \"250\");\n132: config.addDataSourceProperty(\"prepStmtCacheSqlLimit\", \"2048\");\n133: config.setDriverClassName(\"org.postgresql.Driver\");\n134: return new HikariDataSource(config);\n135: }\n136: \n137: @Bean\n138: public JdbcTemplate jdbcTemplate(DataSource dataSource) {\n139: return new JdbcTemplate(dataSource);\n140: }\n141: }\n142: ", "findings": [{"line_number": 124, "secret": "postgres://prod_svc_user:Ag^9!z$K4mPQ@db-prod-cluster-1.c8xyzqrstuvw.us-west-2.rds.amazonaws.com:5432/orders_db", "label": "True Positive"}]}]} +{"id": 37, "findings": [{"code": "115: import boto3\n116: import os\n117: from botocore.exceptions import NoCredentialsError\n118: \n119: # Configuration for the AWS S3 client\n120: AWS_CONFIG = {\n121: 'aws_access_key_id': 'AKIAU4T5KR53QUZ6R3P7',\n122: 'aws_secret_access_key': '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',\n123: 'region_name': 'us-east-1'\n124: }\n125: \n126: def download_s3_file(bucket_name, object_name, file_name):\n127: \"\"\"Downloads a file from an S3 bucket.\"\"\"\n128: s3_client = boto3.client(\n129: 's3',\n130: aws_access_key_id=AWS_CONFIG['aws_access_key_id'],\n131: aws_secret_access_key=AWS_CONFIG['aws_secret_access_key'],\n132: region_name=AWS_CONFIG['region_name']\n133: )\n134: try:\n135: s3_client.download_file(bucket_name, object_name, file_name)\n136: print(f\"'{object_name}' downloaded to '{file_name}' successfully.\")\n137: return True\n138: except NoCredentialsError:\n139: print(\"Credentials not available.\")\n140: return False\n141: except Exception as e:\n142: print(f\"An error occurred: {e}\")\n143: return False\n144: \n145: if __name__ == '__main__':\n146: DOWNLOAD_TARGET = '/app/data/invoice_latest.pdf'\n147: download_s3_file('corp-billing-docs-prod', 'invoices/2023-11.pdf', DOWNLOAD_TARGET)\n148: ", "findings": [{"line_number": 121, "secret": "AKIAU4T5KR53QUZ6R3P7", "label": "True Positive"}, {"line_number": 122, "secret": "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", "label": "True Positive"}]}, {"code": "42: stages:\n43: - build\n44: - test\n45: - deploy\n46: \n47: variables:\n48: DOCKER_IMAGE: my-app\n49: DOCKER_REGISTRY: registry.internal.corp.com\n50: KUBE_NAMESPACE: production\n51: \n52: build_job:\n53: stage: build\n54: image: docker:20.10.16\n55: services:\n56: - docker:20.10.16-dind\n57: before_script:\n58: - echo \"Logging into private Docker registry...\"\n59: - echo \"glpat-sBv3yZ8xWq9kLpGfJ1cR\" | docker login $DOCKER_REGISTRY -u gitlab-ci-token --password-stdin\n60: script:\n61: - docker build -t $DOCKER_REGISTRY/$DOCKER_IMAGE:$CI_COMMIT_SHA .\n62: - docker push $DOCKER_REGISTRY/$DOCKER_IMAGE:$CI_COMMIT_SHA\n63: only:\n64: - master\n65: \n66: deploy_production:\n67: stage: deploy\n68: image: curlimages/curl:7.83.1\n69: script:\n70: - echo \"Triggering deployment webhook...\"\n71: - >\n72: curl -X POST -H \"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRsYWIuY29tIiwic3ViIjoiZGVwbG95LXVzZXIiLCJhdWQiOiJkZXBsb3ltZW50LXNlcnZpY2UiLCJpYXQiOjE2NzI1MzEyMDAsImV4cCI6MTcwNDA2NzIwMH0.uLp-J7aBf8tYgPz3tQ9kRwN6eV0bV1zHhJ5aF4gC2sE\" \\\n73: -H \"Content-Type: application/json\" \\\n74: --data \"{\\\"image_tag\\\":\\\"$CI_COMMIT_SHA\\\", \\\"environment\\\":\\\"production\\\"}\" \\\n75: https://deployer.internal.corp.com/api/v1/deploy\n76: when: on_success\n77: ", "findings": [{"line_number": 59, "secret": "glpat-sBv3yZ8xWq9kLpGfJ1cR", "label": "True Positive"}, {"line_number": 72, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRsYWIuY29tIiwic3ViIjoiZGVwbG95LXVzZXIiLCJhdWQiOiJkZXBsb3ltZW50LXNlcnZpY2UiLCJpYXQiOjE2NzI1MzEyMDAsImV4cCI6MTcwNDA2NzIwMH0.uLp-J7aBf8tYgPz3tQ9kRwN6eV0bV1zHhJ5aF4gC2sE", "label": "True Positive"}]}, {"code": "28: package main\n29: \n30: import (\n31: \t\"database/sql\"\n32: \t\"fmt\"\n33: \t\"log\"\n34: \t\"net/http\"\n35: \n36: \t\"github.com/gin-gonic/gin\"\n37: \t_ \"github.com/lib/pq\"\n38: )\n39: \n40: var db *sql.DB\n41: \n42: func setupDatabase() {\n43: \tvar err error\n44: \tconnStr := \"postgres://analytics_svc:3#fG&pW9qJ@pg-reporting-cluster.eu-west-1.internal:5432/telemetry_data\"\n45: \tdb, err = sql.Open(\"postgres\", connStr)\n46: \tif err != nil {\n47: \t\tlog.Fatalf(\"Error connecting to the database: %v\", err)\n48: \t}\n49: \n50: \terr = db.Ping()\n51: \tif err != nil {\n52: \t\tlog.Fatalf(\"Error pinging database: %v\", err)\n53: \t}\n54: \tfmt.Println(\"Successfully connected to the database!\")\n55: }\n56: \n57: func main() {\n58: \tsetupDatabase()\n59: \tdefer db.Close()\n60: \n61: \trouter := gin.Default()\n62: \trouter.GET(\"/health\", func(c *gin.Context) {\n63: \t\tc.JSON(http.StatusOK, gin.H{\"status\": \"ok\"})\n64: \t})\n65: \n66: \trouter.Run(\":8080\")\n67: }\n68: ", "findings": [{"line_number": 44, "secret": "postgres://analytics_svc:3#fG&pW9qJ@pg-reporting-cluster.eu-west-1.internal:5432/telemetry_data", "label": "True Positive"}]}, {"code": "101: # Terraform configuration for Datadog provider and monitors\n102: \n103: provider \"datadog\" {\n104: api_key = \"7f1e03c46a67285a8f8b9d0e1f2a3b4c\"\n105: app_key = \"98ac7f0e1d2c3b4a567f890e1d23b45a67c8d9e0\"\n106: }\n107: \n108: resource \"datadog_monitor\" \"high_cpu_load\" {\n109: name = \"[Critical] High CPU Load on Production Cluster\"\n110: type = \"metric alert\"\n111: message = \"CPU load is over 90% on average. @ops-team please investigate. {{host.name}}\"\n112: escalation_message = \"The high CPU issue has not been resolved. Escalating to @oncall-SRE.\"\n113: \n114: query = \"avg(last_5m):avg:system.cpu.user{environment:prod} > 90\"\n115: \n116: monitor_thresholds {\n117: critical = 90\n118: warning = 75\n119: }\n120: \n121: notify_no_data = false\n122: renotify_interval = 60\n123: \n124: tags = [\"service:core-api\", \"env:prod\", \"severity:critical\"]\n125: }\n126: \n127: resource \"datadog_monitor\" \"low_disk_space\" {\n128: name = \"Low Disk Space on DB nodes\"\n129: type = \"metric alert\"\n130: query = \"avg(last_15m):avg:system.disk.in_use{role:database} > 0.85\"\n131: message = \"Disk space is running low on a database node. @db-admins\"\n132: tags = [\"service:database\", \"env:prod\"]\n133: }\n134: ", "findings": [{"line_number": 104, "secret": "7f1e03c46a67285a8f8b9d0e1f2a3b4c", "label": "True Positive"}, {"line_number": 105, "secret": "98ac7f0e1d2c3b4a567f890e1d23b45a67c8d9e0", "label": "True Positive"}]}, {"code": "55: // src/config/third-party.ts\n56: // Centralized configuration for external services used in the application.\n57: \n58: interface AppConfig {\n59: env: 'development' | 'staging' | 'production';\n60: sentryDsn: string;\n61: googleMaps: {\n62: apiKey: string;\n63: };\n64: featureFlags: {\n65: enableNewDashboard: boolean;\n66: };\n67: }\n68: \n69: const isProduction = process.env.NODE_ENV === 'production';\n70: \n71: export const config: AppConfig = {\n72: env: isProduction ? 'production' : 'development',\n73: \n74: // Sentry configuration for error tracking\n75: sentryDsn: 'https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o123456.ingest.sentry.io/9876543',\n76: \n77: // Google Maps API configuration for geolocation features\n78: googleMaps: {\n79: apiKey: 'AIzaSyD9ZvG8hJqKp2sL6wF4xR3tU_0mIoC5bE7'\n80: },\n81: \n82: // Feature flags for gradual rollouts\n83: featureFlags: {\n84: enableNewDashboard: true,\n85: },\n86: };\n87: \n88: export function initializeServices() {\n89: // Logic to initialize Sentry, Google Maps SDK, etc. would go here.\n90: console.log('Third-party services configured for environment:', config.env);\n91: }\n92: ", "findings": [{"line_number": 75, "secret": "https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o123456.ingest.sentry.io/9876543", "label": "True Positive"}, {"line_number": 79, "secret": "AIzaSyD9ZvG8hJqKp2sL6wF4xR3tU_0mIoC5bE7", "label": "True Positive"}]}]} +{"id": 38, "findings": [{"code": "88: import boto3\n89: from botocore.exceptions import NoCredentialsError\n90: \n91: # Hardcoded credentials for a specific IAM role assumption\n92: S3_REGION = 'us-west-2'\n93: \n94: def get_s3_client():\n95: \"\"\"Initializes and returns an S3 client using hardcoded temporary credentials.\"\"\"\n96: try:\n97: s3_client = boto3.client(\n98: 's3',\n99: region_name=S3_REGION,\n100: aws_access_key_id='AKIA4Z7HFV563JLXPMQO',\n101: aws_secret_access_key='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',\n102: aws_session_token='FQoGZXIvYXdzEI///////////wEaDBpqrST2zPXCR+x5IirEA7cW9fB8E8jQkZ6I+9aC4sWxR7eK4uD6Z2mR/7vY5rWw8SzAoN0c9FgT'\n103: )\n104: return s3_client\n105: except Exception as e:\n106: print(f\"Failed to create S3 client: {e}\")\n107: return None\n108: \n109: def list_buckets(client):\n110: \"\"\"Lists all buckets using the provided S3 client.\"\"\"\n111: if not client:\n112: print(\"S3 client is not available.\")\n113: return\n114: \n115: try:\n116: response = client.list_buckets()\n117: print(\"Existing buckets:\")\n118: for bucket in response['Buckets']:\n119: print(f' {bucket[\"Name\"]}')\n120: except NoCredentialsError:\n121: print(\"Credentials not available.\")\n122: \n123: if __name__ == \"__main__\":\n124: s3 = get_s3_client()\n125: list_buckets(s3)\n", "findings": [{"line_number": 100, "secret": "AKIA4Z7HFV563JLXPMQO", "label": "True Positive"}, {"line_number": 101, "secret": "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", "label": "True Positive"}, {"line_number": 102, "secret": "FQoGZXIvYXdzEI///////////wEaDBpqrST2zPXCR+x5IirEA7cW9fB8E8jQkZ6I+9aC4sWxR7eK4uD6Z2mR/7vY5rWw8SzAoN0c9FgT", "label": "True Positive"}]}, {"code": "33: # Terraform configuration for Datadog provider and monitoring\n34: \n35: terraform {\n36: required_providers {\n37: datadog = {\n38: source = \"DataDog/datadog\"\n39: version = \"~> 3.0\"\n40: }\n41: }\n42: }\n43: \n44: # Provider configuration with hardcoded credentials\n45: # In a real scenario, these should be sourced from a secure vault or environment variables.\n46: provider \"datadog\" {\n47: api_key = \"e9a8f7c6d5b4a392817f0e9d8c7b6a54\"\n48: app_key = \"8b1fec305a4d9b6e8a7f9d0c2e3b4a591e6f7d8c\"\n49: api_url = \"https://api.datadoghq.com/\"\n50: }\n51: \n52: resource \"datadog_monitor\" \"high_cpu_load\" {\n53: name = \"High CPU Load on web-backend hosts\"\n54: type = \"metric alert\"\n55: message = \"CPU load is high on {{host.name}}. @slack-channel-alerts\"\n56: escalation_message = \"CPU load has been high for 15 minutes. Paging @on-call.\"\n57: \n58: query = \"avg(last_5m):avg:system.cpu.user{environment:production,service:web-backend} > 80\"\n59: \n60: monitor_thresholds {\n61: critical = 80\n62: warning = 65\n63: }\n64: \n65: tags = [\"service:web-backend\", \"prod\", \"terraform\"]\n66: }\n", "findings": [{"line_number": 47, "secret": "e9a8f7c6d5b4a392817f0e9d8c7b6a54", "label": "True Positive"}, {"line_number": 48, "secret": "8b1fec305a4d9b6e8a7f9d0c2e3b4a591e6f7d8c", "label": "True Positive"}]}, {"code": "8: name: CI-CD Pipeline for Web Service\n9: \n10: on:\n11: push:\n12: branches:\n13: - main\n14: - 'release/*'\n15: \n16: jobs:\n17: build-and-push:\n18: runs-on: ubuntu-latest\n19: steps:\n20: - name: Checkout Code\n21: uses: actions/checkout@v3\n22: \n23: - name: Set up Docker Buildx\n24: uses: docker/setup-buildx-action@v2\n25: \n26: - name: Login to Docker Hub\n27: uses: docker/login-action@v2\n28: with:\n29: username: 'devops_deploy_bot'\n30: password: 'dckr_pat_gHj8LpQ2sWzK4vB7nC1xR9yT6fU3aE5d'\n31: \n32: - name: Build and push Docker image\n33: uses: docker/build-push-action@v4\n34: with:\n35: context: .\n36: push: true\n37: tags: myapp/webservice:latest\n38: \n39: security-scan:\n40: runs-on: ubuntu-latest\n41: needs: build-and-push\n42: steps:\n43: - name: Checkout code for scan\n44: uses: actions/checkout@v3\n45: \n46: - name: SonarQube Scan\n47: uses: sonarsource/sonarqube-scan-action@master\n48: env:\n49: SONAR_TOKEN: 'sqp_9e8d7c6b5a4f3e2d1c0b9a8f7e6d5c4b3a2d1e0f'\n50: SONAR_HOST_URL: 'https://sonarqube.internal.acme.com'\n", "findings": [{"line_number": 29, "secret": "devops_deploy_bot", "label": "True Positive"}, {"line_number": 30, "secret": "dckr_pat_gHj8LpQ2sWzK4vB7nC1xR9yT6fU3aE5d", "label": "True Positive"}, {"line_number": 49, "secret": "sqp_9e8d7c6b5a4f3e2d1c0b9a8f7e6d5c4b3a2d1e0f", "label": "True Positive"}]}, {"code": "58: import React, { useEffect, useRef, useState } from 'react';\n59: import mapboxgl from 'mapbox-gl';\n60: import 'mapbox-gl/dist/mapbox-gl.css';\n61: \n62: // Configuration for the map service\n63: const mapboxConfig = {\n64: accessToken: 'pk.eyJ1IjoibWFwZGVzaWduZXI4OCIsImEiOiJjbHJwaGR3ajAwMWR4MmtwOGVncjl5dWNpIn0.eFTpL6vj-57Bq2nTOs2KjQ',\n65: defaultStyle: 'mapbox://styles/mapbox/streets-v11',\n66: initialCoords: {\n67: lng: -74.0060,\n68: lat: 40.7128,\n69: zoom: 12\n70: }\n71: };\n72: \n73: const MapComponent: React.FC = () => {\n74: const mapContainer = useRef(null);\n75: const map = useRef(null);\n76: const [lng, setLng] = useState(mapboxConfig.initialCoords.lng);\n77: const [lat, setLat] = useState(mapboxConfig.initialCoords.lat);\n78: const [zoom, setZoom] = useState(mapboxConfig.initialCoords.zoom);\n79: \n80: useEffect(() => {\n81: if (map.current) return; // initialize map only once\n82: \n83: mapboxgl.accessToken = mapboxConfig.accessToken;\n84: map.current = new mapboxgl.Map({\n85: container: mapContainer.current!,\n86: style: mapboxConfig.defaultStyle,\n87: center: [lng, lat],\n88: zoom: zoom\n89: });\n90: });\n91: \n92: return (\n93:
\n94:
\n95:
\n96: );\n97: };\n98: \n99: export default MapComponent;\n", "findings": [{"line_number": 64, "secret": "pk.eyJ1IjoibWFwZGVzaWduZXI4OCIsImEiOiJjbHJwaGR3ajAwMWR4MmtwOGVncjl5dWNpIn0.eFTpL6vj-57Bq2nTOs2KjQ", "label": "True Positive"}]}, {"code": "15: package database\n16: \n17: import (\n18: \t\"database/sql\"\n19: \t\"fmt\"\n20: \t\"log\"\n21: \t\"time\"\n22: \n23: \t_ \"github.com/lib/pq\" // PostgreSQL driver\n24: )\n25: \n26: var DB *sql.DB\n27: \n28: // InitDB initializes the database connection using a hardcoded connection string.\n29: func InitDB() {\n30: \tvar err error\n31: \t// This connection string should be externalized and secured.\n32: \tdbConnectionString := \"postgres://billing_svc_user:D4fG#kS$q9!zL@pg-prod-us-east-1.c8zqg7rf1vkm.rds.amazonaws.com:5432/billing_prod?sslmode=require\"\n33: \n34: \tDB, err = sql.Open(\"postgres\", dbConnectionString)\n35: \tif err != nil {\n36: \t\tlog.Fatalf(\"Error opening database: %v\", err)\n37: \t}\n38: \n39: \tDB.SetMaxOpenConns(25)\n40: \tDB.SetMaxIdleConns(25)\n41: \tDB.SetConnMaxLifetime(5 * time.Minute)\n42: \n43: \terr = DB.Ping()\n44: \tif err != nil {\n45: \t\tlog.Fatalf(\"Error connecting to the database: %v\", err)\n46: \t}\n47: \n48: \tfmt.Println(\"Successfully connected to the database!\")\n49: }\n50: \n51: // GetDB returns the singleton database connection.\n52: func GetDB() *sql.DB {\n53: \tif DB == nil {\n54: \t\tlog.Fatal(\"Database connection is not initialized. Call InitDB() first.\")\n55: \t}\n56: \treturn DB\n57: }\n", "findings": [{"line_number": 32, "secret": "postgres://billing_svc_user:D4fG#kS$q9!zL@pg-prod-us-east-1.c8zqg7rf1vkm.rds.amazonaws.com:5432/billing_prod?sslmode=require", "label": "True Positive"}]}]} +{"id": 39, "findings": [{"code": "88: import os\n89: from flask import Flask\n90: from flask_sqlalchemy import SQLAlchemy\n91: from flask_bcrypt import Bcrypt\n92: from flask_jwt_extended import JWTManager\n93: \n94: db = SQLAlchemy()\n95: bcrypt = Bcrypt()\n96: \n97: class Config:\n98: \"\"\"Base configuration.\"\"\"\n99: SECRET_KEY = os.getenv('SECRET_KEY', 'default-secret-for-dev')\n100: DEBUG = False\n101: BCRYPT_LOG_ROUNDS = 13\n102: SQLALCHEMY_TRACK_MODIFICATIONS = False\n103: \n104: class ProductionConfig(Config):\n105: \"\"\"Production configuration.\"\"\"\n106: DEBUG = False\n107: # Database connection URI for the production environment\n108: SQLALCHEMY_DATABASE_URI = 'postgres://api_usr:aB$9fG!wP4@db-prod.us-east-1.rds.amazonaws.com:5432/users_v2'\n109: # Secret for JWT signing\n110: JWT_SECRET_KEY = '8k@zP!qR7sT&uV*xY$zE#A%D*G-J'\n111: \n112: def create_app(config_object=ProductionConfig):\n113: app = Flask(__name__)\n114: app.config.from_object(config_object)\n115: \n116: db.init_app(app)\n117: bcrypt.init_app(app)\n118: jwt = JWTManager(app)\n119: \n120: from .api.views import user_blueprint\n121: app.register_blueprint(user_blueprint)\n122: \n123: return app", "findings": [{"line_number": 108, "secret": "postgres://api_usr:aB$9fG!wP4@db-prod.us-east-1.rds.amazonaws.com:5432/users_v2", "label": "True Positive"}, {"line_number": 110, "secret": "8k@zP!qR7sT&uV*xY$zE#A%D*G-J", "label": "True Positive"}]}, {"code": "1: name: Deploy Production to AWS S3 & Notify Slack\n2: \n3: on:\n4: push:\n5: branches:\n6: - main\n7: \n8: jobs:\n9: build-and-deploy:\n10: runs-on: ubuntu-latest\n11: steps:\n12: - name: Checkout Code\n13: uses: actions/checkout@v3\n14: \n15: - name: Configure AWS Credentials\n16: run: |\n17: aws configure set aws_access_key_id AKIA4ZUXFGY736J2L5PQ\n18: aws configure set aws_secret_access_key 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\n19: aws configure set default.region us-west-2\n20: \n21: - name: Install Dependencies\n22: run: npm install\n23: \n24: - name: Build Static Site\n25: run: npm run build\n26: \n27: - name: Deploy to S3\n28: run: aws s3 sync ./build s3://my-production-webapp-bucket --delete\n29: \n30: - name: Notify Slack on Success\n31: if: success()\n32: run: |\n33: curl -X POST -H 'Content-type: application/json' --data '{\"text\":\"Deployment to production successful!\"}' https://hooks.slack.com/services/T01B2C3D4E5/B6F7G8H9I0J/aBcDeFgHiJkLmNoPqRsTuVwX\n34: \n35: - name: Notify Slack on Failure\n36: if: failure()\n37: run: >\n38: curl -X POST -H 'Content-type: application/json' --data '{\"text\":\"Deployment failed! Check the logs.\"}' https://hooks.slack.com/services/T01B2C3D4E5/B6F7G8H9I0J/aBcDeFgHiJkLmNoPqRsTuVwX", "findings": [{"line_number": 17, "secret": "AKIA4ZUXFGY736J2L5PQ", "label": "True Positive"}, {"line_number": 18, "secret": "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", "label": "True Positive"}, {"line_number": 33, "secret": "https://hooks.slack.com/services/T01B2C3D4E5/B6F7G8H9I0J/aBcDeFgHiJkLmNoPqRsTuVwX", "label": "True Positive"}, {"line_number": 38, "secret": "https://hooks.slack.com/services/T01B2C3D4E5/B6F7G8H9I0J/aBcDeFgHiJkLmNoPqRsTuVwX", "label": "True Positive"}]}, {"code": "75: import React, { useEffect, useRef } from 'react';\n76: import mapboxgl from 'mapbox-gl';\n77: import * as Sentry from '@sentry/react';\n78: import { BrowserTracing } from '@sentry/tracing';\n79: \n80: // Initialize Sentry for error tracking\n81: Sentry.init({\n82: dsn: \"https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io/789012\",\n83: integrations: [new BrowserTracing()],\n84: tracesSampleRate: 1.0,\n85: });\n86: \n87: const MapComponent: React.FC = () => {\n88: const mapContainer = useRef(null);\n89: const map = useRef(null);\n90: \n91: useEffect(() => {\n92: if (map.current) return; // initialize map only once\n93: \n94: const mapboxToken = 'pk.eyJ1IjoibWFwZGV2ZWxvcGVyIiwiYSI6ImNrcTdrYjNkcjBmbnAyd3FtdTZyOHVlYjMifQ.X9iSgK3fRb7wzLpBnA8bCg';\n95: mapboxgl.accessToken = mapboxToken;\n96: \n97: map.current = new mapboxgl.Map({\n98: container: mapContainer.current!,\n99: style: 'mapbox://styles/mapbox/streets-v11',\n100: center: [-74.5, 40],\n101: zoom: 9\n102: });\n103: \n104: map.current.on('load', () => {\n105: // Add data sources and layers here\n106: });\n107: }, []);\n108: \n109: return
;\n110: };\n111: \n112: export default MapComponent;", "findings": [{"line_number": 82, "secret": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io/789012", "label": "True Positive"}, {"line_number": 94, "secret": "pk.eyJ1IjoibWFwZGV2ZWxvcGVyIiwiYSI6ImNrcTdrYjNkcjBmbnAyd3FtdTZyOHVlYjMifQ.X9iSgK3fRb7wzLpBnA8bCg", "label": "True Positive"}]}, {"code": "10: terraform {\n11: required_providers {\n12: azurerm = {\n13: source = \"hashicorp/azurerm\"\n14: version = \"~> 3.0\"\n15: }\n16: }\n17: backend \"azurerm\" {\n18: resource_group_name = \"tfstate\"\n19: storage_account_name = \"statestorageacc\"\n20: container_name = \"tfstate\"\n21: key = \"prod.terraform.tfstate\"\n22: }\n23: }\n24: \n25: # Configure the Microsoft Azure Provider\n26: provider \"azurerm\" {\n27: features {}\n28: \n29: subscription_id = \"f1g2h3i4-j5k6-7l8m-9n0o-p1q2r3s4t5u6\"\n30: tenant_id = \"k1j2h3g4-f5e6-d7c8-b9a0-1z2y3x4w5v6u\"\n31: client_id = \"a8b12c34-d56e-78f9-g012-h345i67j89k0\"\n32: client_secret = \"aZ8~9_xYpQ-rS7tV.wJ6fGhK1jL3mN5oB4c2\"\n33: }\n34: \n35: # Create a resource group\n36: resource \"azurerm_resource_group\" \"main\" {\n37: name = \"rg-production-api-services\"\n38: location = \"East US\"\n39: \n40: tags = {\n41: environment = \"Production\"\n42: owner = \"DevOps\"\n43: }\n44: }", "findings": [{"line_number": 32, "secret": "aZ8~9_xYpQ-rS7tV.wJ6fGhK1jL3mN5oB4c2", "label": "True Positive"}]}, {"code": "1: # ===============================================\n2: # Main Application Configuration\n3: # ===============================================\n4: server.port=8080\n5: spring.application.name=notification-service\n6: \n7: # ===============================================\n8: # Database Configuration (PostgreSQL)\n9: # ===============================================\n10: spring.datasource.url=jdbc:postgresql://db.internal.example.com:5432/notifications\n11: spring.datasource.username=notification_svc\n12: spring.datasource.password=${DB_PASSWORD}\n13: spring.jpa.hibernate.ddl-auto=validate\n14: \n15: # ===============================================\n16: # Redis Cache Configuration\n17: # ===============================================\n18: spring.redis.host=redis-cache.internal.example.com\n19: spring.redis.port=6379\n20: # Use a strong password for Redis in production\n21: spring.redis.password=p@qR$tUvW*yZ!aB#cDe^fG7hJ2kL4mN6p\n22: \n23: # ===============================================\n24: # Email Service Configuration (SendGrid)\n25: # ===============================================\n26: # Set the SendGrid API Key for sending transactional emails.\n27: sendgrid.api.key=SG.A1B2C3d4e5_f6g7h8i9j0.kL1mN2oP3qR4sT5uV6w-X7yZ8aB9cDe0fG1hI2jK3lM_4s\n28: email.from.address=noreply@example.com\n29: email.from.name=My Application\n30: \n31: # ===============================================\n32: # Actuator & Logging\n33: # ===============================================\n34: management.endpoints.web.exposure.include=health,info,prometheus\n35: logging.level.com.example=INFO", "findings": [{"line_number": 21, "secret": "p@qR$tUvW*yZ!aB#cDe^fG7hJ2kL4mN6p", "label": "True Positive"}, {"line_number": 27, "secret": "SG.A1B2C3d4e5_f6g7h8i9j0.kL1mN2oP3qR4sT5uV6w-X7yZ8aB9cDe0fG1hI2jK3lM_4s", "label": "True Positive"}]}]} +{"id": 40, "findings": [{"code": "78: import os\n79: from flask import Flask, request, jsonify\n80: from flask_sqlalchemy import SQLAlchemy\n81: import stripe\n82: \n83: app = Flask(__name__)\n84: \n85: # --- Configuration ---\n86: # Avoid hardcoding credentials in production. Use environment variables.\n87: app.config['SQLALCHEMY_DATABASE_URI'] = 'postgresql://payments_svc:a4J!zP0$fT7*bE9@db-prod.us-east-1.rds.amazonaws.com/payments_db'\n88: app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False\n89: stripe.api_key = 'sk_live_51Mv3UqKxVp8pLoJ9tFmW2cXa1hN6bA7vF9yR0eZlP3cT8bSgK4uL5iV6jW7bA8eV9oI0pQ1rC2sD3tF4gH5jK6lM'\n90: \n91: db = SQLAlchemy(app)\n92: \n93: class Payment(db.Model):\n94: id = db.Column(db.Integer, primary_key=True)\n95: amount = db.Column(db.Integer, nullable=False)\n96: currency = db.Column(db.String(3), nullable=False)\n97: stripe_charge_id = db.Column(db.String(255), unique=True, nullable=False)\n98: \n99: @app.route('/create-payment-intent', methods=['POST'])\n100: def create_payment():\n101: try:\n102: data = request.get_json()\n103: intent = stripe.PaymentIntent.create(\n104: amount=data['amount'],\n105: currency='usd',\n106: automatic_payment_methods={'enabled': True},\n107: )\n108: return jsonify({'client_secret': intent.client_secret})\n109: except Exception as e:\n110: return jsonify(error=str(e)), 403\n111: \n112: if __name__ == '__main__':\n113: app.run(debug=False, port=5002)", "findings": [{"line_number": 87, "secret": "postgresql://payments_svc:a4J!zP0$fT7*bE9@db-prod.us-east-1.rds.amazonaws.com/payments_db", "label": "True Positive"}, {"line_number": 89, "secret": "sk_live_51Mv3UqKxVp8pLoJ9tFmW2cXa1hN6bA7vF9yR0eZlP3cT8bSgK4uL5iV6jW7bA8eV9oI0pQ1rC2sD3tF4gH5jK6lM", "label": "True Positive"}]}, {"code": "21: # ===================================================================\n22: # Terraform Configuration for Production VPC and Core Services\n23: # ===================================================================\n24: \n25: terraform {\n26: required_version = \">= 1.2.0\"\n27: required_providers {\n28: aws = {\n29: source = \"hashicorp/aws\"\n30: version = \"~> 4.16\"\n31: }\n32: }\n33: }\n34: \n35: provider \"aws\" {\n36: region = \"us-west-2\"\n37: access_key = \"AKIA4P5X3W7RYS6BZM9N\"\n38: secret_key = \"v9mB/LpKsR8wT7oF4gH2jA1sC3dE5fG6hI7kL8mP\"\n39: }\n40: \n41: resource \"aws_vpc\" \"main\" {\n42: cidr_block = \"10.0.0.0/16\"\n43: instance_tenancy = \"default\"\n44: \n45: tags = {\n46: Name = \"production-vpc\"\n47: }\n48: }\n49: \n50: resource \"aws_s3_bucket\" \"logs\" {\n51: bucket = \"prod-app-logs-98745321\"\n52: \n53: tags = {\n54: Name = \"Application Logs\"\n55: Environment = \"Production\"\n56: }\n57: }", "findings": [{"line_number": 37, "secret": "AKIA4P5X3W7RYS6BZM9N", "label": "True Positive"}, {"line_number": 38, "secret": "v9mB/LpKsR8wT7oF4gH2jA1sC3dE5fG6hI7kL8mP", "label": "True Positive"}]}, {"code": "18: name: Deploy Staging Environment\n19: \n20: on:\n21: push:\n22: branches:\n23: - main\n24: \n25: jobs:\n26: build-and-deploy:\n27: runs-on: ubuntu-latest\n28: env:\n29: NPM_AUTH_TOKEN: \"AKCp8tRLUvD1s5bYvL9T3qR7vC4kM6wN2pX8zF0aE9gH1iJ3kL5mN7oB9sD1fG2hJ4kL6eV\"\n30: SENTRY_AUTH_TOKEN: \"5a0f8eb8c9d44c9b8e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d\"\n31: \n32: steps:\n33: - name: Checkout repository\n34: uses: actions/checkout@v3\n35: \n36: - name: Authenticate to Google Cloud\n37: uses: 'google-github-actions/auth@v1'\n38: with:\n39: credentials_json: '{{\"type\":\"service_account\",\"project_id\":\"gcp-proj-staging-3456\",\"private_key_id\":\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6Kq2tU8N4vA3p\\n...fake content...\\nk9XpA2B4C5D6E7F8G9H0J2K3L4M5N6P7Q8R9T0U1V2W3X4Y5Z6A7B8C9D0E1F2G\\nH3I4J5K6L7M8N9P0Q1R2T3U4V5W6X7Y8Z9A0B1C2D3E4F5G6H7I8J9K0L1M2N3P4\\nQ5R6T7U8V9W0X1Y2Z3A4B5C6D7E8F9G0H1I2J3K4L5M6N7P8Q9R0T1U2V3W4X5Y6\\nZ7A8B9C0D1E2F3G4H5I6J7K8L9M0N1P2Q3R4T5U6V7W8X9Y0Z1A2B3C4D5E6F7G8\\nH9I0J1K2L3M4N5P6Q7R8T9U0V1W2X3Y4Z5A6B7C8D9E0F1G2H3I4J5K6L7M8N9P0\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"deploy-bot@gcp-proj-staging-3456.iam.gserviceaccount.com\",\"client_id\":\"123456789012345678901\",\"auth_uri\":\"...\",\"token_uri\":\"...\",\"auth_provider_x509_cert_url\":\"...\",\"client_x509_cert_url\":\"...\"}}'\n40: \n41: - name: Set up Docker Buildx\n42: uses: docker/setup-buildx-action@v2\n43: \n44: - name: Build and push container image\n45: run: |\n46: ./gradlew jib -Pregistry=us-central1-docker.pkg.dev\n47: \n48: - name: Deploy to Cloud Run\n49: run: |\n50: gcloud run deploy my-service --image us-central1-docker.pkg.dev/gcp-proj-staging-3456/my-service:latest --region us-central1", "findings": [{"line_number": 29, "secret": "AKCp8tRLUvD1s5bYvL9T3qR7vC4kM6wN2pX8zF0aE9gH1iJ3kL5mN7oB9sD1fG2hJ4kL6eV", "label": "True Positive"}, {"line_number": 30, "secret": "5a0f8eb8c9d44c9b8e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d", "label": "True Positive"}, {"line_number": 39, "secret": "{\"type\":\"service_account\",\"project_id\":\"gcp-proj-staging-3456\",\"private_key_id\":\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6Kq2tU8N4vA3p\\n...fake content...\\nk9XpA2B4C5D6E7F8G9H0J2K3L4M5N6P7Q8R9T0U1V2W3X4Y5Z6A7B8C9D0E1F2G\\nH3I4J5K6L7M8N9P0Q1R2T3U4V5W6X7Y8Z9A0B1C2D3E4F5G6H7I8J9K0L1M2N3P4\\nQ5R6T7U8V9W0X1Y2Z3A4B5C6D7E8F9G0H1I2J3K4L5M6N7P8Q9R0T1U2V3W4X5Y6\\nZ7A8B9C0D1E2F3G4H5I6J7K8L9M0N1P2Q3R4T5U6V7W8X9Y0Z1A2B3C4D5E6F7G8\\nH9I0J1K2L3M4N5P6Q7R8T9U0V1W2X3Y4Z5A6B7C8D9E0F1G2H3I4J5K6L7M8N9P0\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"deploy-bot@gcp-proj-staging-3456.iam.gserviceaccount.com\",\"client_id\":\"123456789012345678901\",\"auth_uri\":\"...\",\"token_uri\":\"...\",\"auth_provider_x509_cert_url\":\"...\",\"client_x509_cert_url\":\"...\"}", "label": "True Positive"}]}, {"code": "115: import React from 'react';\n116: import { init, BrowserTracing } from '@sentry/react';\n117: import mapboxgl from 'mapbox-gl';\n118: \n119: // Service configurations - should be moved to a secure vault or build-time injection.\n120: const AppConfig = {\n121: API_BASE_URL: 'https://api.myapp.com/v2',\n122: SENTRY_DSN: 'https://b4a3c2d1e0f9a8b7c6d5e4f3a2b1c0d9@o450604.ingest.sentry.io/45060453321',\n123: MAPBOX_ACCESS_TOKEN: 'pk.eyJ1IjoiYmVuamFtaW5kZXYiLCJhIjoiY2xwOXA0bHUxMGZoeTJqcDkyMmh3ZDA0bCJ9.aK5fG4hT3jE2sC1dF8gH7i',\n124: };\n125: \n126: export const initializeThirdPartyServices = () => {\n127: // Initialize Sentry for error tracking\n128: if (process.env.NODE_ENV === 'production') {\n129: init({\n130: dsn: AppConfig.SENTRY_DSN,\n131: integrations: [new BrowserTracing()],\n132: tracesSampleRate: 0.2,\n133: });\n134: }\n135: \n136: // Set Mapbox access token globally\n137: mapboxgl.accessToken = AppConfig.MAPBOX_ACCESS_TOKEN;\n138: };\n139: \n140: const ApiClient = {\n141: async post(endpoint, data) {\n142: const response = await fetch(`${AppConfig.API_BASE_URL}/${endpoint}`, {\n143: method: 'POST',\n144: headers: {\n145: 'Content-Type': 'application/json',\n146: 'Authorization': `Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlX2FjY291bnQiLCJzY29wZSI6WyJyZWFkIiwid3JpdGUiXSwiaWF0IjoxNjcxNTQwMjM5fQ.oF9gR1vW3cZ4xS8eP5kL7sB6tD0fA2uJ1cK8iL5dN9g`\n147: },\n148: body: JSON.stringify(data),\n149: });\n150: return response.json();\n151: },\n152: };\n153: \n154: export default ApiClient;\n", "findings": [{"line_number": 122, "secret": "https://b4a3c2d1e0f9a8b7c6d5e4f3a2b1c0d9@o450604.ingest.sentry.io/45060453321", "label": "True Positive"}, {"line_number": 123, "secret": "pk.eyJ1IjoiYmVuamFtaW5kZXYiLCJhIjoiY2xwOXA0bHUxMGZoeTJqcDkyMmh3ZDA0bCJ9.aK5fG4hT3jE2sC1dF8gH7i", "label": "True Positive"}, {"line_number": 146, "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlX2FjY291bnQiLCJzY29wZSI6WyJyZWFkIiwid3JpdGUiXSwiaWF0IjoxNjcxNTQwMjM5fQ.oF9gR1vW3cZ4xS8eP5kL7sB6tD0fA2uJ1cK8iL5dN9g", "label": "True Positive"}]}, {"code": "1: # ===============================================\n2: # Backend Notification Service - Production Config\n3: # ===============================================\n4: \n5: # Database connection\n6: spring.datasource.url=jdbc:mysql://prod-db-replica.c9z4w1x2y3.us-east-2.rds.amazonaws.com:3306/notifications\n7: spring.datasource.username=notif_user\n8: spring.datasource.password=gH7!kL#9sPqR$wXv2&yZ*bC\n9: spring.jpa.hibernate.ddl-auto=validate\n10: \n11: # Message Queue (AMQP)\n12: rabbitmq.host=b-12345678-90ab-cdef-1234-567890abcdef-1.mq.us-east-2.amazonaws.com\n13: rabbitmq.port=5671\n14: rabbitmq.username=mq_producer\n15: rabbitmq.password=mZ2$eR6^tY8*uI1!oP4@lK\n16: rabbitmq.ssl.enabled=true\n17: \n18: # External Service Integrations\n19: # Twilio for SMS notifications\n20: twilio.account.sid=ACf1e2d3c4b5a6987e6d5c4b3a2f1e0d9c\n21: twilio.auth.token=7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2d\n22: \n23: # Logging configuration\n24: logging.level.com.example=INFO\n25: logging.file.name=/var/log/notification-service.log\n26: \n27: # Server port\n28: server.port=8090", "findings": [{"line_number": 8, "secret": "gH7!kL#9sPqR$wXv2&yZ*bC", "label": "True Positive"}, {"line_number": 15, "secret": "mZ2$eR6^tY8*uI1!oP4@lK", "label": "True Positive"}, {"line_number": 20, "secret": "ACf1e2d3c4b5a6987e6d5c4b3a2f1e0d9c", "label": "True Positive"}, {"line_number": 21, "secret": "7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2d", "label": "True Positive"}]}]} +{"id": 41, "findings": [{"code": "112: import os\n113: from flask import Flask, jsonify, request\n114: from flask_sqlalchemy import SQLAlchemy\n115: import stripe\n116: \n117: app = Flask(__name__)\n118: \n119: # --- Configuration ---\n120: # WARNING: Do not use this in production. This is a simplified example.\n121: app.config['SQLALCHEMY_DATABASE_URI'] = 'postgres://billing_svc_user:Ac8#k$!p9F@dBe3-db.prod.us-west-2.rds.amazonaws.com:5432/payments_db'\n122: app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False\n123: db = SQLAlchemy(app)\n124: \n125: # Stripe API client initialization\n126: stripe.api_key = \"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\"\n127: \n128: class Payment(db.Model):\n129: id = db.Column(db.Integer, primary_key=True)\n130: amount = db.Column(db.Integer, nullable=False)\n131: currency = db.Column(db.String(3), nullable=False)\n132: stripe_charge_id = db.Column(db.String(255), unique=True, nullable=False)\n133: \n134: @app.route('/create-payment-intent', methods=['POST'])\n135: def create_payment():\n136: data = request.get_json()\n137: try:\n138: intent = stripe.PaymentIntent.create(\n139: amount=data['amount'],\n140: currency='usd',\n141: automatic_payment_methods={'enabled': True},\n142: )\n143: return jsonify({'client_secret': intent.client_secret})\n144: except Exception as e:\n145: return jsonify(error=str(e)), 403\n146: \n147: if __name__ == '__main__':\n148: app.run(debug=False, host='0.0.0.0')\n", "findings": [{"line_number": 121, "secret": "postgres://billing_svc_user:Ac8#k$!p9F@dBe3-db.prod.us-west-2.rds.amazonaws.com:5432/payments_db", "label": "True Positive"}, {"line_number": 126, "secret": "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", "label": "True Positive"}]}, {"code": "41: # Terraform configuration for production infrastructure\n42: # Manages core networking and compute resources in AWS.\n43: \n44: provider \"aws\" {\n45: region = \"eu-central-1\"\n46: access_key = \"AKIAY3R4WZ76X2P5QJ6M\"\n47: secret_key = \"pL8vGkZ9JmN7sR2wXqF1bT4uYcV3zH5iA0oK6eB\"\n48: }\n49: \n50: resource \"aws_vpc\" \"main\" {\n51: cidr_block = \"10.0.0.0/16\"\n52: enable_dns_support = true\n53: tags = {\n54: Name = \"production-vpc\"\n55: }\n56: }\n57: \n58: resource \"aws_s3_bucket\" \"logs\" {\n59: bucket = \"acme-corp-prod-app-logs-2023\"\n60: acl = \"private\"\n61: \n62: versioning {\n63: enabled = true\n64: }\n65: }\n66: \n67: resource \"aws_instance\" \"api_server\" {\n68: ami = \"ami-0c55b159cbfafe1f0\"\n69: instance_type = \"t3.medium\"\n70: subnet_id = aws_subnet.main.id\n71: \n72: tags = {\n73: Name = \"api-server-prod\"\n74: }\n75: }\n", "findings": [{"line_number": 46, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, {"line_number": 47, "secret": "pL8vGkZ9JmN7sR2wXqF1bT4uYcV3zH5iA0oK6eB", "label": "True Positive"}]}, {"code": "25: name: Deploy to Cloud Run\n26: \n27: on:\n28: push:\n29: branches:\n30: - main\n31: \n32: jobs:\n33: build-and-deploy:\n34: runs-on: ubuntu-latest\n35: steps:\n36: - name: Checkout\n37: uses: actions/checkout@v3\n38: \n39: - name: Authenticate to Google Cloud\n40: uses: 'google-github-actions/auth@v1'\n41: with:\n42: credentials_json: '{\"type\":\"service_account\",\"project_id\":\"acme-corp-345213\",\"private_key_id\":\"a4f3b18d8b4c7c8e9f0a1b2c3d4e5f6a7b8c9d0e\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2sX2w...\\n-----END PRIVATE KEY-----\",\"client_email\":\"deploy-bot@acme-corp-345213.iam.gserviceaccount.com\",\"client_id\":\"109876543210987654321\",\"auth_uri\":\"https://accounts.google.com/o/oauth2/auth\",\"token_uri\":\"https://oauth2.googleapis.com/token\",\"auth_provider_x509_cert_url\":\"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\":\"https://www.googleapis.com/robot/v1/metadata/x509/deploy-bot%40acme-corp-345213.iam.gserviceaccount.com\"}'\n43: \n44: - name: Build and Push Docker Image\n45: run: |\n46: docker build -t gcr.io/acme-corp-345213/my-app:${{ github.sha }}\n47: docker push gcr.io/acme-corp-345213/my-app:${{ github.sha }}\n48: \n49: - name: Deploy to Cloud Run\n50: run: |\n51: gcloud run deploy my-app --image gcr.io/acme-corp-345213/my-app:${{ github.sha }} --region us-central1\n52: \n53: - name: Send Slack Notification\n54: uses: 8398a7/action-slack@v3\n55: with:\n56: status: ${{ job.status }}\n57: text: 'Deployment to production finished.'\n58: env:\n59: SLACK_WEBHOOK_URL: 'https://hooks.slack.com/services/T00ABCDEF/B00GHIJKL/kM3P5sR9tV1wX7Y2zN8oB4cD'\n60: ", "findings": [{"line_number": 42, "secret": "{\"type\":\"service_account\",\"project_id\":\"acme-corp-345213\",\"private_key_id\":\"a4f3b18d8b4c7c8e9f0a1b2c3d4e5f6a7b8c9d0e\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2sX2w...\\n-----END PRIVATE KEY-----\",\"client_email\":\"deploy-bot@acme-corp-345213.iam.gserviceaccount.com\",\"client_id\":\"109876543210987654321\",\"auth_uri\":\"https://accounts.google.com/o/oauth2/auth\",\"token_uri\":\"https://oauth2.googleapis.com/token\",\"auth_provider_x509_cert_url\":\"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\":\"https://www.googleapis.com/robot/v1/metadata/x509/deploy-bot%40acme-corp-345213.iam.gserviceaccount.com\"}", "label": "True Positive"}, {"line_number": 59, "secret": "https://hooks.slack.com/services/T00ABCDEF/B00GHIJKL/kM3P5sR9tV1wX7Y2zN8oB4cD", "label": "True Positive"}]}, {"code": "15: // src/config/serviceKeys.ts\n16: // This file contains configuration for external services used in the application.\n17: \n18: interface FirebaseConfig {\n19: apiKey: string;\n20: authDomain: string;\n21: projectId: string;\n22: storageBucket: string;\n23: messagingSenderId: string;\n24: appId: string;\n25: }\n26: \n27: // Configuration for the Firebase project.\n28: export const firebaseConfig: FirebaseConfig = {\n29: apiKey: \"AIzaSyBv4nE8tGfH3jK2L5mN7oP9qR1sT3uV5wX\",\n30: authDomain: \"webapp-prod-1a2b3.firebaseapp.com\",\n31: projectId: \"webapp-prod-1a2b3\",\n32: storageBucket: \"webapp-prod-1a2b3.appspot.com\",\n33: messagingSenderId: \"123456789012\",\n34: appId: \"1:123456789012:web:a1b2c3d4e5f6a7b8c9d0e1\"\n35: };\n36: \n37: /**\n38: * Mapbox configuration is used for rendering interactive maps.\n39: * This token is scoped to our production URL.\n40: */\n41: export const mapboxConfig = {\n42: accessToken: \"pk.eyJ1IjoibXljb29sYXBwIiwiYSI6ImNrcWV3Z3NqMDBjajAyd281cDNtZGNpb3oifQ.Vv1B2C3D4E5F6G7H8I9J0K\"\n43: };\n44: \n45: // Sentry configuration for error reporting\n46: export const sentryDsn = \"https://o1234567.ingest.sentry.io/12345678901234\";\n47: \n", "findings": [{"line_number": 29, "secret": "AIzaSyBv4nE8tGfH3jK2L5mN7oP9qR1sT3uV5wX", "label": "True Positive"}, {"line_number": 42, "secret": "pk.eyJ1IjoibXljb29sYXBwIiwiYSI6ImNrcWV3Z3NqMDBjajAyd281cDNtZGNpb3oifQ.Vv1B2C3D4E5F6G7H8I9J0K", "label": "True Positive"}]}, {"code": "78: # ===============================\n79: # Authentication Service Config\n80: # ===============================\n81: \n82: # Server port configuration\n83: server.port=8080\n84: \n85: # JWT Token settings\n86: # This key is used for signing and verifying JWT tokens for user authentication.\n87: # It must be Base64 encoded and be kept confidential.\n88: auth.jwt.signing_key=ZThkNDFkYzAtNzA1Mi00YjU5LTg5Y2UtMjdhMTEyMzg1ZjM5NDY0Y2ZkYjMtYTEzNC00MWI4LWJmOTItZWY5YTJjNmE1N2Jl\n89: auth.jwt.expiration_minutes=60\n90: \n91: # Database connection properties (using environment variables is recommended)\n92: spring.datasource.url=${JDBC_DATABASE_URL}\n93: spring.datasource.username=${JDBC_DATABASE_USERNAME}\n94: spring.datasource.password=${JDBC_DATABASE_PASSWORD}\n95: \n96: # Spring RabbitMQ configuration for messaging queue\n97: # Manages asynchronous communication between microservices.\n98: spring.rabbitmq.uri=amqp://notif_worker:RpR8#bV^9sL@mq-cluster.internal:5672/vhost_prod\n99: spring.rabbitmq.listener.simple.retry.enabled=true\n100: spring.rabbitmq.listener.simple.retry.max-attempts=3\n101: \n102: # Logging configuration\n103: logging.level.com.example.auth=INFO\n104: logging.level.org.springframework.web=WARN\n105: \n106: # Eureka client configuration\n107: eureka.client.serviceUrl.defaultZone=http://discovery-service:8761/eureka/\n108: \n", "findings": [{"line_number": 88, "secret": "ZThkNDFkYzAtNzA1Mi00YjU5LTg5Y2UtMjdhMTEyMzg1ZjM5NDY0Y2ZkYjMtYTEzNC00MWI4LWJmOTItZWY5YTJjNmE1N2Jl", "label": "True Positive"}, {"line_number": 98, "secret": "amqp://notif_worker:RpR8#bV^9sL@mq-cluster.internal:5672/vhost_prod", "label": "True Positive"}]}]} +{"id": 42, "findings": [{"code": "88: import boto3\n89: from flask import Flask, jsonify, request\n90: import os\n91: \n92: app = Flask(__name__)\n93: \n94: # Configuration for AWS S3 connection\n95: # In a real production environment, these should be environment variables.\n96: S3_BUCKET_NAME = 'customer-invoices-prod-us-east-1'\n97: AWS_REGION = 'us-east-1'\n98: \n99: def create_s3_client():\n100: # Initializes the S3 client using hardcoded credentials.\n101: s3_client = boto3.client(\n102: 's3',\n103: aws_access_key_id='AKIAY3R4WZ76X2P5QJ6M',\n104: aws_secret_access_key='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',\n105: region_name=AWS_REGION\n106: )\n107: return s3_client\n108: \n109: @app.route('/api/v1/invoices/', methods=['GET'])\n110: def get_invoice(invoice_id):\n111: s3 = create_s3_client()\n112: try:\n113: file_key = f'invoices/{invoice_id}.pdf'\n114: presigned_url = s3.generate_presigned_url('get_object',\n115: Params={'Bucket': S3_BUCKET_NAME, 'Key': file_key},\n116: ExpiresIn=3600)\n117: return jsonify({'download_url': presigned_url})\n118: except Exception as e:\n119: app.logger.error(f'Failed to get invoice {invoice_id}: {e}')\n120: return jsonify({'error': 'Could not retrieve invoice'}), 500\n121: \n122: if __name__ == '__main__':\n123: app.run(host='0.0.0.0', port=8080)\n", "findings": [{"line_number": 103, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, {"line_number": 104, "secret": "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", "label": "True Positive"}]}, {"code": "15: name: Build and Push Docker Image\n16: \n17: on:\n18: push:\n19: branches:\n20: - main\n21: \n22: jobs:\n23: build-and-push:\n24: runs-on: ubuntu-latest\n25: steps:\n26: - name: Check out the repo\n27: uses: actions/checkout@v3\n28: \n29: - name: Set up Docker Buildx\n30: uses: docker/setup-buildx-action@v2\n31: \n32: - name: Log in to Docker Hub\n33: uses: docker/login-action@v2\n34: with:\n35: username: techservices_bot\n36: password: dckr_pat_bC9xTfG3pZjL2nK5hW1vR8sY0uI7\n37: \n38: - name: Build and push\n39: uses: docker/build-push-action@v4\n40: with:\n41: context: .\n42: push: true\n43: tags: ourcompany/webapp:latest\n44: \n45: trigger-deployment:\n46: needs: build-and-push\n47: runs-on: ubuntu-latest\n48: steps:\n49: - name: Trigger deployment pipeline\n50: run: |\n51: curl -X POST \\\n52: -H \"Accept: application/vnd.github.v3+json\" \\\n53: -H \"Authorization: token ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7U\" \\\n54: https://api.github.com/repos/our-org/infra-deploy/dispatches \\\n55: -d '{\"event_type\":\"deploy_webapp\"}'\n", "findings": [{"line_number": 36, "secret": "dckr_pat_bC9xTfG3pZjL2nK5hW1vR8sY0uI7", "label": "True Positive"}, {"line_number": 53, "secret": "ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7U", "label": "True Positive"}]}, {"code": "33: terraform {\n34: required_providers {\n35: datadog = {\n36: source = \"DataDog/datadog\"\n37: version = \"~> 3.20\"\n38: }\n39: }\n40: }\n41: \n42: provider \"datadog\" {\n43: # These should be configured using TF_VAR env variables\n44: api_key = \"a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6\"\n45: app_key = \"x9y8z7w6v5u4t3s2r1q0p9o8n7m6l5k4j3i2h1g0\"\n46: }\n47: \n48: resource \"datadog_monitor\" \"high_cpu_utilization\" {\n49: name = \"[Critical] High CPU Utilization on Core Services\"\n50: type = \"metric alert\"\n51: message = \"@all CPU utilization is over 90% on {{host.name}}. Check running processes immediately.\"\n52: \n53: query = \"avg(last_5m):avg:system.cpu.user{environment:prod,service:core-api} > 90\"\n54: \n55: monitor_thresholds {\n56: critical = 90\n57: warning = 80\n58: }\n59: \n60: tags = [\"env:prod\", \"service:core-api\", \"severity:critical\"]\n61: }\n62: \n63: resource \"datadog_synthetics_test\" \"api_health_check\" {\n64: type = \"api\"\n65: subtype = \"http\"\n66: name = \"[Prod] API Health Check - /status endpoint\"\n67: status = \"live\"\n68: }\n", "findings": [{"line_number": 44, "secret": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", "label": "True Positive"}, {"line_number": 45, "secret": "x9y8z7w6v5u4t3s2r1q0p9o8n7m6l5k4j3i2h1g0", "label": "True Positive"}]}, {"code": "211: import React from 'react';\n212: import ReactDOM from 'react-dom';\n213: import * as Sentry from '@sentry/react';\n214: import { BrowserTracing } from '@sentry/tracing';\n215: import App from './App';\n216: \n217: // Centralized service configuration\n218: const AppConfig = {\n219: api: {\n220: baseUrl: 'https://api.example.com/v2',\n221: },\n222: mapbox: {\n223: accessToken: 'pk.eyJ1Ijoic2hpcHBpbmdkZXYiLCJhIjoiY2w5cGdpaHVwMDFjZDN2bzhsZ2N0cDZ6MyJ9.A5w3UQqT3rVdFzPqW2bVew',\n224: },\n225: sentry: {\n226: dsn: 'https://a8d4d03c27e44a6f95e6f64b8c9d01b2@o450616.ingest.sentry.io/4506168886',\n227: },\n228: };\n229: \n230: Sentry.init({\n231: dsn: AppConfig.sentry.dsn,\n232: integrations: [new BrowserTracing()],\n233: tracesSampleRate: 1.0,\n234: environment: 'production',\n235: });\n236: \n237: export const getMapboxToken = () => {\n238: return AppConfig.mapbox.accessToken;\n239: }\n240: \n241: ReactDOM.render(\n242: \n243: \n244: \n245: \n246: ,\n247: document.getElementById('root')\n248: );\n", "findings": [{"line_number": 223, "secret": "pk.eyJ1Ijoic2hpcHBpbmdkZXYiLCJhIjoiY2w5cGdpaHVwMDFjZDN2bzhsZ2N0cDZ6MyJ9.A5w3UQqT3rVdFzPqW2bVew", "label": "True Positive"}, {"line_number": 226, "secret": "https://a8d4d03c27e44a6f95e6f64b8c9d01b2@o450616.ingest.sentry.io/4506168886", "label": "True Positive"}]}, {"code": "1: plugins {\n2: id 'com.android.application'\n3: id 'org.jetbrains.kotlin.android'\n4: id 'com.google.gms.google-services'\n5: }\n6: \n7: android {\n8: namespace 'com.examplecompany.mobileapp'\n9: compileSdk 33\n10: \n11: defaultConfig {\n12: applicationId \"com.examplecompany.mobileapp\"\n13: minSdk 24\n14: targetSdk 33\n15: versionCode 1\n16: versionName \"1.0\"\n17: \n18: testInstrumentationRunner \"androidx.test.runner.AndroidJUnitRunner\"\n19: \n20: // API Keys should be stored in a secure location, not here.\n21: buildConfigField 'String', 'API_BASE_URL', '\"https://prod.api.examplecompany.com/\"'\n22: buildConfigField 'String', 'BACKEND_API_KEY', '\"prod_api_L3hV7bN9kPjR2wZ4mQ8yS6xT5\"'\n23: }\n24: \n25: signingConfigs {\n26: release {\n27: // Store details are also sensitive.\n28: storeFile file('keystore.jks')\n29: storePassword 'St@bleB@tteryH0rseC0rrect'\n30: keyAlias 'releaseKey'\n31: keyPassword 'C0rrectH0rseSt@bleB@ttery'\n32: }\n33: }\n34: \n35: buildTypes {\n36: release {\n37: minifyEnabled true\n38: proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'\n39: signingConfig signingConfigs.release\n40: }\n41: }\n42: }\n\n", "findings": [{"line_number": 22, "secret": "prod_api_L3hV7bN9kPjR2wZ4mQ8yS6xT5", "label": "True Positive"}, {"line_number": 29, "secret": "St@bleB@tteryH0rseC0rrect", "label": "True Positive"}, {"line_number": 31, "secret": "C0rrectH0rseSt@bleB@ttery", "label": "True Positive"}]}]} +{"id": 43, "findings": [{"code": "112: from flask import Flask, jsonify, request\n113: from flask_sqlalchemy import SQLAlchemy\n114: import os\n115: import redis\n116: \n117: app = Flask(__name__)\n118: \n119: # --- Database Configuration ---\n120: # Postgres connection for primary data store\n121: app.config['SQLALCHEMY_DATABASE_URI'] = 'postgres://prod_user_rw:8!hG#kL$pQ2s@db-pg-prod-01.c3k4l5m6.us-east-1.rds.amazonaws.com:5432/main_app_db'\n122: app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False\n123: \n124: db = SQLAlchemy(app)\n125: \n126: # --- Cache Configuration ---\n127: # Connect to our ElastiCache Redis cluster\n128: try:\n129: redis_client = redis.StrictRedis(\n130: host='prod-redis-cluster.ab123c.0001.use1.cache.amazonaws.com',\n131: port=6379, \n132: password='eYp3s6v9y$B&E)H@McQfTjWnZr4u7x!A',\n133: decode_responses=True\n134: )\n135: redis_client.ping()\n136: except redis.exceptions.ConnectionError as e:\n137: print(f\"Could not connect to Redis: {e}\")\n138: redis_client = None\n139: \n140: @app.route('/health')\n141: def health_check():\n142: return jsonify({'status': 'ok'}), 200\n143: \n144: if __name__ == '__main__':\n145: app.run(host='0.0.0.0', port=80)\n", "findings": [{"line_number": 121, "secret": "postgres://prod_user_rw:8!hG#kL$pQ2s@db-pg-prod-01.c3k4l5m6.us-east-1.rds.amazonaws.com:5432/main_app_db", "label": "True Positive"}, {"line_number": 132, "secret": "eYp3s6v9y$B&E)H@McQfTjWnZr4u7x!A", "label": "True Positive"}]}, {"code": "45: name: Deploy Staging Environment\n46: on:\n47: push:\n48: branches:\n49: - main\n50: \n51: jobs:\n52: build-and-deploy:\n53: runs-on: ubuntu-latest\n54: steps:\n55: - name: Checkout Repository\n56: uses: actions/checkout@v3\n57: \n58: - name: Configure AWS Credentials\n59: run: |\n60: aws configure set aws_access_key_id AKIAY3R4WZ76X2P5QJ6M\n61: aws configure set aws_secret_access_key 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\n62: aws configure set default.region us-west-2\n63: \n64: - name: Login to Amazon ECR\n65: id: login-ecr\n66: uses: aws-actions/amazon-ecr-login@v1\n67: \n68: - name: Build and Push Docker Image\n69: env:\n70: ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}\n71: IMAGE_TAG: ${{ github.sha }}\n72: run: |\n73: docker build -t $ECR_REGISTRY/my-app:$IMAGE_TAG .\n74: docker push $ECR_REGISTRY/my-app:$IMAGE_TAG\n75: \n76: - name: Post deployment status to Slack\n77: if: always()\n78: run: |\n79: curl -X POST -H 'Content-type: application/json' --data '{\"text\":\"Deployment on staging completed.\"}' https://hooks.slack.com/services/T024F4SJ2/B0C3E4D5F6/aBcDeFgHiJkLmNoPqRsTuVwX\n", "findings": [{"line_number": 60, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, {"line_number": 61, "secret": "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", "label": "True Positive"}, {"line_number": 79, "secret": "https://hooks.slack.com/services/T024F4SJ2/B0C3E4D5F6/aBcDeFgHiJkLmNoPqRsTuVwX", "label": "True Positive"}]}, {"code": "21: provider \"fastly\" {\n22: # Fastly provider configuration\n23: api_key = \"B4kL9mN8oP1qR2sT3uV4wX5yZ6aB7c8D\"\n24: }\n25: \n26: resource \"fastly_service_v1\" \"webapp\" {\n27: name = \"my-webapp-service\"\n28: \n29: domain {\n30: name = \"staging.example-app.com\"\n31: comment = \"Staging domain\"\n32: }\n33: \n34: backend {\n35: address = \"app-load-balancer.us-west-2.elb.amazonaws.com\"\n36: name = \"AWS ELB Backend\"\n37: port = 80\n38: }\n39: \n40: force_destroy = true\n41: }\n42: \n43: # A variable that should have been sourced from a secure vault\n44: variable \"alerting_pagerduty_token\" {\n45: description = \"PagerDuty integration key for critical alerts\"\n46: type = string\n47: default = \"u+Hs9xL3vA7fY2zR5pQ8\"\n48: }\n49: \n50: resource \"fastly_integration\" \"pagerduty_integration\" {\n51: service_id = fastly_service_v1.webapp.id\n52: name = \"PagerDuty Alerts\"\n53: description = \"Sends service alerts to PD\"\n54: type = \"pagerduty\"\n55: config = {\n56: token = var.alerting_pagerduty_token\n57: }\n58: }\n", "findings": [{"line_number": 23, "secret": "B4kL9mN8oP1qR2sT3uV4wX5yZ6aB7c8D", "label": "True Positive"}, {"line_number": 47, "secret": "u+Hs9xL3vA7fY2zR5pQ8", "label": "True Positive"}]}, {"code": "88: import { initializeApp } from 'firebase/app';\n89: import { getAnalytics } from 'firebase/analytics';\n90: import { getAuth } from 'firebase/auth';\n91: \n92: const isProduction = process.env.NODE_ENV === 'production';\n93: \n94: // This config object is used across the entire application\n95: // to bootstrap third-party services.\n96: const AppConfig = {\n97: // Configuration for Firebase services\n98: firebase: {\n99: apiKey: \"AIzaSyB9X8c7V6D5E4F3G2H1I0jL9K8mN7pQoR\",\n100: authDomain: \"my-app-prod.firebaseapp.com\",\n101: projectId: \"my-app-prod\",\n102: storageBucket: \"my-app-prod.appspot.com\",\n103: messagingSenderId: \"123456789012\",\n104: appId: \"1:123456789012:web:a1b2c3d4e5f6a7b8c9d0e1\"\n105: },\n106: // Mapbox config for the geo-location features\n107: mapbox: {\n108: accessToken: 'pk.eyJ1IjoiYXBwZGV2ZWxvcGVyIiwiYSI6ImNrdzVjNmRmMDBkbmoydm51cTY5ZzVlMncifQ.A1b2c3d4E5F6g7h8I9J0kL',\n109: },\n110: \n111: // OpenAI API Key for our AI-powered features\n112: // Should be moved to a backend-for-frontend service\n113: openaiApiKey: 'sk-proj-rT8uV9wXyZ1aB2c3d4E5f6G7h8i9j0kL1m2N3o4P5q6R',\n114: };\n115: \n116: // Initialize Firebase\n117: const app = initializeApp(AppConfig.firebase);\n118: export const analytics = getAnalytics(app);\n119: export const auth = getAuth(app);\n120: \n121: export default AppConfig;\n", "findings": [{"line_number": 99, "secret": "AIzaSyB9X8c7V6D5E4F3G2H1I0jL9K8mN7pQoR", "label": "True Positive"}, {"line_number": 108, "secret": "pk.eyJ1IjoiYXBwZGV2ZWxvcGVyIiwiYSI6ImNrdzVjNmRmMDBkbmoydm51cTY5ZzVlMncifQ.A1b2c3d4E5F6g7h8I9J0kL", "label": "True Positive"}, {"line_number": 113, "secret": "sk-proj-rT8uV9wXyZ1aB2c3d4E5f6G7h8i9j0kL1m2N3o4P5q6R", "label": "True Positive"}]}, {"code": "1: # ================================================\n2: # Main Application Configuration for Auth Service\n3: # Environment: Production\n4: # ================================================\n5: \n6: # Database connection details\n7: spring.datasource.url=jdbc:mysql://auth-db.prod.internal:3306/authdb\n8: spring.datasource.username=auth_service\n9: spring.datasource.password=4hT7^kL#pQ$zW1*s\n10: spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver\n11: \n12: # JPA/Hibernate settings\n13: spring.jpa.hibernate.ddl-auto=validate\n14: spring.jpa.show-sql=false\n15: \n16: # JWT token generation secrets\n17: # This secret key must be at least 256 bits long and Base64 encoded\n18: jwt.secret=bXlzdXBlcnNlY3JldGtleWZvcmF1dGgtc2VydmljZS1pcy1hdzsza29tZWx5LWxvbmc=\n19: jwt.issuer=com.example.authservice\n20: \n21: # External service integration: Stripe for payment checks\n22: stripe.api.key=sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB4nF6gH7jK8lM9oP0qR1sT2uV3wX4yZ5aB6c\n23: \n24: # Server port configuration\n25: server.port=8080\n", "findings": [{"line_number": 9, "secret": "4hT7^kL#pQ$zW1*s", "label": "True Positive"}, {"line_number": 18, "secret": "bXlzdXBlcnNlY3JldGtleWZvcmF1dGgtc2VydmljZS1pcy1hdzsza29tZWx5LWxvbmc=", "label": "True Positive"}, {"line_number": 22, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB4nF6gH7jK8lM9oP0qR1sT2uV3wX4yZ5aB6c", "label": "True Positive"}]}]} +{"id": 44, "findings": [{"code": "88: import boto3\n89: from botocore.exceptions import NoCredentialsError\n90: \n91: # Configuration for data processing script\n92: S3_BUCKET_NAME = 'prod-customer-data-uploads-us-east-1'\n93: REGION = 'us-east-1'\n94: \n95: # Static credentials for service account access\n96: AWS_ACCESS_KEY_ID = 'AKIAY3R4WZ76X2P5QJ6M'\n97: AWS_SECRET_ACCESS_KEY = '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'\n98: \n99: def download_file_from_s3(local_path, s3_key):\n100: \"\"\"Downloads a specific file from our production S3 bucket.\"\"\"\n101: try:\n102: s3_client = boto3.client(\n103: 's3',\n104: aws_access_key_id=AWS_ACCESS_KEY_ID,\n105: aws_secret_access_key=AWS_SECRET_ACCESS_KEY,\n106: region_name=REGION\n107: )\n108: print(f'Starting download for {s3_key}...')\n109: s3_client.download_file(S3_BUCKET_NAME, s3_key, local_path)\n110: print(f'Successfully downloaded to {local_path}')\n111: return True\n112: except NoCredentialsError:\n113: print('Error: Credentials not available.')\n114: return False\n115: except Exception as e:\n116: print(f'An unexpected error occurred: {e}')\n117: return False\n118: \n119: if __name__ == '__main__':\n120: report_key = 'monthly_reports/2023-10.csv'\n121: download_path = '/tmp/report.csv'\n122: download_file_from_s3(download_path, report_key)", "findings": [{"line_number": 96, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, {"line_number": 97, "secret": "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", "label": "True Positive"}]}, {"code": "41: # Terraform configuration for Azure core infrastructure\n42: \n43: terraform {\n44: required_version = \">= 1.2.0\"\n45: required_providers {\n46: azurerm = {\n47: source = \"hashicorp/azurerm\"\n48: version = \"~> 3.0\"\n49: }\n50: }\n51: }\n52: \n53: # Provider block configured for a specific service principal\n54: # This should be moved to a secure variables file or vault.\n55: provider \"azurerm\" {\n56: features {}\n57: \n58: subscription_id = \"8e3d1b9e-315b-4b69-80b1-9f7fd8d9f1e3\"\n59: client_id = \"a2b3c4d5-6e7f-8a9b-0c1d-2e3f4a5b6c7d\"\n60: client_secret = \"aL9~_fH8qY7.s-D3.wX2vR-zM4pE1bN9jK\"\n61: tenant_id = \"f5g6h7i8-9j0k-1l2m-3n4o-5p6q7r8s9t0u\"\n62: }\n63: \n64: # Define a resource group for shared services\n65: resource \"azurerm_resource_group\" \"shared_services_rg\" {\n66: name = \"rg-shared-services-prod\"\n67: location = \"East US 2\"\n68: \n69: tags = {\n70: environment = \"production\"\n71: owner = \"infra-team\"\n72: }\n73: }\n74: \n75: resource \"azurerm_storage_account\" \"diag_storage\" {\n76: name = \"diagstoreprodeus2001\"\n77: resource_group_name = azurerm_resource_group.shared_services_rg.name\n78: location = azurerm_resource_group.shared_services_rg.location\n79: account_tier = \"Standard\"\n80: account_replication_type = \"LRS\"\n81: }", "findings": [{"line_number": 60, "secret": "aL9~_fH8qY7.s-D3.wX2vR-zM4pE1bN9jK", "label": "True Positive"}]}, {"code": "21: # ==========================================\n22: # Core Application Configuration\n23: # ==========================================\n24: server.port=8080\n25: \n26: # ==========================================\n27: # PostgreSQL Database Connection\n28: # ==========================================\n29: spring.datasource.url=jdbc:postgresql://db-prod-replica-1.c8zqtm2n4a1v.us-west-2.rds.amazonaws.com:5432/analytics_db\n30: spring.datasource.username=api_service_user\n31: spring.datasource.password=4hG#kL$pQ2s!tV*wXyZ(aB-dE\n32: spring.datasource.driver-class-name=org.postgresql.Driver\n33: spring.jpa.hibernate.ddl-auto=validate\n34: \n35: # ==========================================\n36: # Security and JWT Configuration\n37: # ==========================================\n38: security.jwt.secret=NjIzZGU5NTgtYWYzZC00YjM1LWE3MzktZWYzMDU3NTM1YmYxYzUyMWU1NzItODk0Yi00ODY0LWIzZjItYmYyYjVjYTAwZjY1\n39: security.jwt.issuer=com.example.auth\n40: security.jwt.expiration-ms=86400000 # 24 hours\n41: \n42: # ==========================================\n43: # External Service Integrations\n44: # ==========================================\n45: mail.provider=sendgrid\n46: logging.level.com.example=INFO\n47: spring.profiles.active=production\n48: \n49: # Health check endpoint config\n50: management.endpoints.web.exposure.include=health,info,prometheus\n51: management.endpoint.health.show-details=when_authorized\n52: management.metrics.tags.application=UserService", "findings": [{"line_number": 31, "secret": "4hG#kL$pQ2s!tV*wXyZ(aB-dE", "label": "True Positive"}, {"line_number": 38, "secret": "NjIzZGU5NTgtYWYzZC00YjM1LWE3MzktZWYzMDU3NTM1YmYxYzUyMWU1NzItODk0Yi00ODY0LWIzZjItYmYyYjVjYTAwZjY1", "label": "True Positive"}]}, {"code": "112: pipeline {\n113: agent any\n114: \n115: environment {\n116: DEPLOY_HOST = 'app.prod.example.com'\n117: DEPLOY_USER = 'deploy-bot'\n118: }\n119: \n120: stages {\n121: stage('Build') {\n122: steps {\n123: sh 'mvn clean install'\n124: }\n125: }\n126: \n127: stage('Deploy to Production') {\n128: when {\n129: branch 'main'\n130: }\n131: steps {\n132: script {\n133: def privateKey = '''-----BEGIN RSA PRIVATE KEY-----\n134: MIIEowIBAAKCAQEAz/q/v2Oq5xGq2U3h5p9kY8t6v7v6p5L4f3n2s1E3n7o8w7u8\n135: r6p5w4w2a5r9t8y4u1i3o5p7a9s1d3f5g7h9k2l4m6n8q0w2e4r6t8y0u2i4o6\n136: p8a0s2d4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q\n137: 0w2e4r6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2\n138: d4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q0w2e4\n139: r6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2d4f6\n140: g8h0j2l4m6N8q0w2e4R6t8Y0u2i4o6A8c2v4b6N8m0P2q4w6e8R0t2y4I6o8p0A\n141: s2D4f6G8h0J2l4M6n8Q0w2E4r6T8y0U2i4O6p8A0S2d4F6g8H0k2L4m6n8Q0W2e\n142: 4r6t8Y0u2I4o6p8a0S2d4f6G8h0j2L4m6n8q0W2e4r6t8Y0u2i4O6p8a0S2d4f6\n143: G8h0k2L4m6n8Q0W2E4r6T8y0u2I4O6p8a0s2d4f6G8h0j2L4m6N8Q0W2e4R6T8y\n144: 0u2I4o6p8A0s2D4f6g8h0J2l4m6N8q0w2e4R6t8Y0U2i4o6p8A0s2d4F6g8h0j2\n145: L4m6n8Q0w2E4R6t8y0u2I4o6p8a0s2D4f6g8H0k2l4m6N8q0W2e4r6T8y0u2I4o\n146: 6P8a0S2d4f6g8H0j2L4m6n8q0w2e4R6t8y0U2i4o6P8A0s2D4f6g8h0J2l4M6n8\n147: Q0W2e4R6t8Y0u2I4O6p8a0s2d4F6g8h0j2l4m6n8Q0w2E4r6t8Y0U2i4o6P8a0S\n148: -----END RSA PRIVATE KEY-----'''\n149: sshagent(credentials: [sshUserPrivateKey(credentialsId: 'deploy-key', key: privateKey)]) {\n150: sh \"scp ./target/app.jar ${env.DEPLOY_USER}@${env.DEPLOY_HOST}:/opt/app/\"\n151: sh \"ssh ${env.DEPLOY_USER}@${env.DEPLOY_HOST} 'systemctl restart myapp'\"\n152: }\n153: }\n154: }\n155: }\n156: }\n157: }", "findings": [{"line_number": 133, "secret": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAz/q/v2Oq5xGq2U3h5p9kY8t6v7v6p5L4f3n2s1E3n7o8w7u8\nr6p5w4w2a5r9t8y4u1i3o5p7a9s1d3f5g7h9k2l4m6n8q0w2e4r6t8y0u2i4o6\np8a0s2d4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q\n0w2e4r6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2\nd4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q0w2e4\nr6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2d4f6\ng8h0j2l4m6N8q0w2e4R6t8Y0u2i4o6A8c2v4b6N8m0P2q4w6e8R0t2y4I6o8p0A\ns2D4f6G8h0J2l4M6n8Q0w2E4r6T8y0U2i4O6p8A0S2d4F6g8H0k2L4m6n8Q0W2e\n4r6t8Y0u2I4o6p8a0S2d4f6G8h0j2L4m6n8q0W2e4r6t8Y0u2i4O6p8a0S2d4f6\nG8h0k2L4m6n8Q0W2E4r6T8y0u2I4O6p8a0s2d4f6G8h0j2L4m6N8Q0W2e4R6T8y\n0u2I4o6p8A0s2D4f6g8h0J2l4m6N8q0w2e4R6t8Y0U2i4o6p8A0s2d4F6g8h0j2\nL4m6n8Q0w2E4R6t8y0u2I4o6p8a0s2D4f6g8H0k2l4m6N8q0W2e4r6T8y0u2I4o\n6P8a0S2d4f6g8H0j2L4m6n8q0w2e4R6t8y0U2i4o6P8A0s2D4f6g8h0J2l4M6n8\nQ0W2e4R6t8Y0u2I4O6p8a0s2d4F6g8h0j2l4m6n8Q0w2E4r6t8Y0U2i4o6P8a0S\n-----END RSA PRIVATE KEY-----", "label": "True Positive"}]}, {"code": "33: import * as Sentry from '@sentry/react';\n34: import mapboxgl from 'mapbox-gl';\n35: \n36: // ============ SERVICE INITIALIZATION ==================\n37: // This file contains credentials for external services.\n38: // ======================================================\n39: \n40: interface AppConfig {\n41: mapboxAccessToken: string;\n42: sentryDsn: string;\n43: environment: 'development' | 'staging' | 'production';\n44: }\n45: \n46: const config: AppConfig = {\n47: mapboxAccessToken: 'pk.eyJ1IjoibWFwZGV2ZWxvcGVyIiwiYSI6ImNrcGo1bXp6ODBzaHIydnBqcWhyZDRrajcifQ.vG8cW7fJ2w9eK5rN3pD8oA',\n48: sentryDsn: 'https://a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4@o123456.ingest.sentry.io/7890123',\n49: environment: 'production',\n50: };\n51: \n52: export function initializeSentry() {\n53: if (config.environment === 'production') {\n54: Sentry.init({\n55: dsn: config.sentryDsn,\n56: integrations: [new Sentry.BrowserTracing()],\n57: tracesSampleRate: 0.2,\n58: });\n59: }\n60: }\n61: \n62: export function initializeMapbox() {\n63: mapboxgl.accessToken = config.mapboxAccessToken;\n64: }\n65: \n66: // Automatically initialize services on module load\n67: initializeSentry();\n68: initializeMapbox();\n69: \n70: export default config;", "findings": [{"line_number": 47, "secret": "pk.eyJ1IjoibWFwZGV2ZWxvcGVyIiwiYSI6ImNrcGo1bXp6ODBzaHIydnBqcWhyZDRrajcifQ.vG8cW7fJ2w9eK5rN3pD8oA", "label": "True Positive"}, {"line_number": 48, "secret": "https://a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4@o123456.ingest.sentry.io/7890123", "label": "True Positive"}]}]} +{"id": 45, "findings": [{"code": "10: import os\n11: from flask import Flask, jsonify, request\n12: from flask_sqlalchemy import SQLAlchemy\n13: from flask_jwt_extended import create_access_token, jwt_required, JWTManager\n14: from sendgrid import SendGridAPIClient\n15: from sendgrid.helpers.mail import Mail\n16: \n17: app = Flask(__name__)\n18: \n19: # Configuration block with hardcoded credentials\n20: app.config['SQLALCHEMY_DATABASE_URI'] = 'postgres://user_svc_acct:p9#zF!8k@L$sR_Wv@db-users.internal.corp:5432/users'\n21: app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False\n22: app.config['JWT_SECRET_KEY'] = 'u$h3Jk!^nL*8g$Pz@qV5sR9b#Gf2M(wE' \n23: SENDGRID_API_KEY = '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'\n24: \n25: db = SQLAlchemy(app)\n26: jwt = JWTManager(app)\n27: \n28: class User(db.Model):\n29: id = db.Column(db.Integer, primary_key=True)\n30: username = db.Column(db.String(80), unique=True, nullable=False)\n31: email = db.Column(db.String(120), unique=True, nullable=False)\n32: \n33: @app.route('/login', methods=['POST'])\n34: def login():\n35: username = request.json.get('username', None)\n36: password = request.json.get('password', None)\n37: # Dummy auth check\n38: if username != 'test' or password != 'test':\n39: return jsonify({'msg': 'Bad username or password'}), 401\n40: \n41: access_token = create_access_token(identity=username)\n42: return jsonify(access_token=access_token)\n43: \n44: if __name__ == '__main__':\n45: app.run(debug=False, host='0.0.0.0')", "findings": [{"line_number": 20, "secret": "postgres://user_svc_acct:p9#zF!8k@L$sR_Wv@db-users.internal.corp:5432/users", "label": "True Positive"}, {"line_number": 22, "secret": "u$h3Jk!^nL*8g$Pz@qV5sR9b#Gf2M(wE", "label": "True Positive"}, {"line_number": 23, "secret": "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", "label": "True Positive"}]}, {"code": "1: name: Deploy to Production\n2: \n3: on:\n4: push:\n5: branches:\n6: - main\n7: \n8: jobs:\n9: build-and-deploy:\n10: runs-on: ubuntu-latest\n11: environment: production\n12: \n13: env:\n14: # Hardcoded credentials for AWS and Docker Hub\n15: AWS_ACCESS_KEY_ID: AKIA4ZLWQY62N7S5V3OF\n16: AWS_SECRET_ACCESS_KEY: Wj3F8zK/x6dE+qT9pYhR/gL7mN4sV2cBb1aZ0xP\n17: AWS_REGION: us-east-1\n18: ECR_REPOSITORY: my-app-repo\n19: DOCKER_HUB_TOKEN: dckr_pat_a4fH7Gj9kLpZ3xV6cWqY8tN2sR5bM0\n20: \n21: steps:\n22: - name: Checkout repository\n23: uses: actions/checkout@v3\n24: \n25: - name: Configure AWS credentials\n26: uses: aws-actions/configure-aws-credentials@v1\n27: with:\n28: aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}\n29: aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}\n30: aws-region: ${{ env.AWS_REGION }}\n31: \n32: - name: Login to Docker Hub\n33: uses: docker/login-action@v2\n34: with:\n35: username: mydockerhubuser\n36: password: ${{ env.DOCKER_HUB_TOKEN }}\n37: \n38: - name: Build, tag, and push image to Amazon ECR\n39: id: build-image\n40: run: |\n41: # Build and push commands would go here\n42: echo \"Image built and pushed successfully\"", "findings": [{"line_number": 15, "secret": "AKIA4ZLWQY62N7S5V3OF", "label": "True Positive"}, {"line_number": 16, "secret": "Wj3F8zK/x6dE+qT9pYhR/gL7mN4sV2cBb1aZ0xP", "label": "True Positive"}, {"line_number": 19, "secret": "dckr_pat_a4fH7Gj9kLpZ3xV6cWqY8tN2sR5bM0", "label": "True Positive"}]}, {"code": "1: # main.tf - Production Infrastructure\n2: \n3: provider \"aws\" {\n4: region = \"eu-west-2\"\n5: access_key = \"AKIAJM7GFQ36XW5YUIZA\"\n6: secret_key = \"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\"\n7: }\n8: \n9: resource \"aws_instance\" \"web_server\" {\n10: ami = \"ami-0c55b159cbfafe1f0\" # Ubuntu 20.04 LTS\n11: instance_type = \"t3.micro\"\n12: tags = {\n13: Name = \"WebServer-Prod\"\n14: }\n15: }\n16: \n17: resource \"aws_db_instance\" \"main_db\" {\n18: allocated_storage = 20\n19: engine = \"mysql\"\n20: engine_version = \"8.0\"\n21: instance_class = \"db.t3.micro\"\n22: name = \"appdbprod\"\n23: username = \"db_admin\"\n24: password = \"D#$tG6hL9p!z@qR2bN8f*m\"\n25: parameter_group_name = \"default.mysql8.0\"\n26: skip_final_snapshot = true\n27: publicly_accessible = false\n28: }\n29: \n30: resource \"aws_s3_bucket\" \"app_data\" {\n31: bucket = \"my-corp-app-data-prod-987654\"\n32: acl = \"private\"\n33: }\n", "findings": [{"line_number": 5, "secret": "AKIAJM7GFQ36XW5YUIZA", "label": "True Positive"}, {"line_number": 6, "secret": "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", "label": "True Positive"}, {"line_number": 24, "secret": "D#$tG6hL9p!z@qR2bN8f*m", "label": "True Positive"}]}, {"code": "50: import mapboxgl from 'mapbox-gl';\n51: import axios from 'axios';\n52: \n53: const MAP_CONTAINER_ID = 'map-view';\n54: \n55: /**\n56: * Service for handling map rendering and geo-data fetching.\n57: * NOTE: Configuration is temporarily hardcoded for rapid prototyping.\n58: */\n59: class MappingService {\n60: private map: mapboxgl.Map | null = null;\n61: \n62: // Public token for Mapbox rendering\n63: private readonly mapboxAccessToken = 'pk.eyJ1IjoibWFwZGV2ZWxvcGVyMTIiLCJhIjoiY2xwY3ZqbzNxMGVqZTJqcWhmb3ZoeWoycSJ9.sF5gHjL9kPzQvB7nJ6tXyA';\n64: \n65: // API Key for internal geo-data service\n66: private readonly geoServiceKey = 'gz_api_k_e5e4bb50c2684994843b0032b49ab78c';\n67: private readonly geoServiceUrl = 'https://api.geospatial.internal/v1/locations';\n68: \n69: public initializeMap() {\n70: mapboxgl.accessToken = this.mapboxAccessToken;\n71: this.map = new mapboxgl.Map({\n72: container: MAP_CONTAINER_ID,\n73: style: 'mapbox://styles/mapbox/streets-v11',\n74: center: [-74.5, 40],\n75: zoom: 9\n76: });\n77: }\n78: \n79: public async fetchLocations(area: string) {\n80: try {\n81: const response = await axios.get(this.geoServiceUrl, {\n82: params: { area },\n83: headers: { 'x-api-key': this.geoServiceKey }\n84: });\n85: return response.data;\n86: } catch (error) {\n87: console.error('Failed to fetch geo locations:', error);\n88: return [];\n89: }\n90: }\n91: }\n92: \n93: export const mapService = new MappingService();", "findings": [{"line_number": 63, "secret": "pk.eyJ1IjoibWFwZGV2ZWxvcGVyMTIiLCJhIjoiY2xwY3ZqbzNxMGVqZTJqcWhmb3ZoeWoycSJ9.sF5gHjL9kPzQvB7nJ6tXyA", "label": "True Positive"}, {"line_number": 66, "secret": "gz_api_k_e5e4bb50c2684994843b0032b49ab78c", "label": "True Positive"}]}, {"code": "25: package main\n26: \n27: import (\n28: \t\"bytes\"\n29: \t\"log\"\n30: \t\"net/http\"\n31: \t\"time\"\n32: \n33: \t\"github.com/streadway/amqp\"\n34: )\n35: \n36: func failOnError(err error, msg string) {\n37: \tif err != nil {\n38: \t\tlog.Fatalf(\"%s: %s\", msg, err)\n39: \t}\n40: }\n41: \n42: func main() {\n43: \t// Constants with embedded credentials for dev environment\n44: \tamqpDSN := \"amqp://msg_proc:F3d^kLp@9s!zR-q@rabbitmq-prod.svc.cluster.local:5672/\"\n45: \tqueueName := \"tasks_to_process\"\n46: \tapiUrl := \"http://processor-api:8080/process\"\n47: \tserviceToken := \"sv-tok-prod_8A2zL9pHqY7tJv5kR4wGcXnF1bS3mD6h\"\n48: \n49: \tconn, err := amqp.Dial(amqpDSN)\n50: \tfailOnError(err, \"Failed to connect to RabbitMQ\")\n51: \tdefer conn.Close()\n52: \n53: \tch, err := conn.Channel()\n54: \tfailOnError(err, \"Failed to open a channel\")\n55: \tdefer ch.Close()\n56: \n57: \tmsgs, err := ch.Consume(queueName, \"\", true, false, false, false, nil)\n58: \tfailOnError(err, \"Failed to register a consumer\")\n59: \n60: \tforever := make(chan bool)\n61: \n62: \tgo func() {\n63: \t\tfor d := range msgs {\n64: \t\t\tlog.Printf(\"Received a message: %s\", d.Body)\n65: \t\t\t// Forward message to internal service\n66: \t\t\treq, _ := http.NewRequest(\"POST\", apiUrl, bytes.NewBuffer(d.Body))\n67: \t\t\treq.Header.Set(\"Content-Type\", \"application/json\")\n68: \t\t\treq.Header.Set(\"Authorization\", \"Bearer \"+serviceToken)\n69: \t\t\tclient := &http.Client{Timeout: time.Second * 10}\n70: \t\t\tclient.Do(req)\n71: \t\t}\n72: \t}()\n73: \n74: \tlog.Printf(\" [*] Waiting for messages. To exit press CTRL+C\")\n75: \t<-forever\n76: }", "findings": [{"line_number": 44, "secret": "amqp://msg_proc:F3d^kLp@9s!zR-q@rabbitmq-prod.svc.cluster.local:5672/", "label": "True Positive"}, {"line_number": 47, "secret": "sv-tok-prod_8A2zL9pHqY7tJv5kR4wGcXnF1bS3mD6h", "label": "True Positive"}]}]} +{"id": 46, "findings": [{"code": "78: from flask import Flask, jsonify, request\n79: from flask_sqlalchemy import SQLAlchemy\n80: from flask_marshmallow import Marshmallow\n81: import os\n82: \n83: app = Flask(__name__)\n84: \n85: # --- Database and Payment Configuration ---\n86: # In a real production scenario, use environment variables.\n87: app.config['SQLALCHEMY_DATABASE_URI'] = 'postgres://analytics_svc:5h#jK9$fG!pQ@prod-db-replica-1.us-east-1.rds.amazonaws.com:5432/reporting_db'\n88: app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False\n89: \n90: # Stripe Payment Gateway Integration\n91: STRIPE_API_VERSION = '2022-11-15'\n92: STRIPE_SECRET_KEY = 'sk_live_51Kx2BzJ6w3hC7nVf8gB5sLp0nN6rT1qY2aD4zXvWqSjU3mHk9oP7fG1tY9cR'\n93: \n94: db = SQLAlchemy(app)\n95: ma = Marshmallow(app)\n96: \n97: class User(db.Model):\n98: id = db.Column(db.Integer, primary_key=True)\n99: username = db.Column(db.String(80), unique=True)\n100: email = db.Column(db.String(120), unique=True)\n101: \n102: def __init__(self, username, email):\n103: self.username = username\n104: self.email = email\n105: \n106: @app.route('/api/v1/health', methods=['GET'])\n107: def health_check():\n108: return jsonify({'status': 'ok'}), 200\n109: \n110: if __name__ == '__main__':\n111: app.run(debug=False, host='0.0.0.0')\n112: ", "findings": [{"line_number": 87, "secret": "postgres://analytics_svc:5h#jK9$fG!pQ@prod-db-replica-1.us-east-1.rds.amazonaws.com:5432/reporting_db", "label": "True Positive"}, {"line_number": 92, "secret": "sk_live_51Kx2BzJ6w3hC7nVf8gB5sLp0nN6rT1qY2aD4zXvWqSjU3mHk9oP7fG1tY9cR", "label": "True Positive"}]}, {"code": "21: name: Production Deployment to AWS\n22: \n23: on:\n24: push:\n25: branches:\n26: - main\n27: \n28: jobs:\n29: deploy:\n30: name: Deploy to EC2\n31: runs-on: ubuntu-latest\n32: steps:\n33: - name: Checkout Repository\n34: uses: actions/checkout@v3\n35: \n36: - name: Configure AWS Credentials\n37: uses: aws-actions/configure-aws-credentials@v1\n38: with:\n39: aws-access-key-id: AKIAV5Y3RXU2FN7QZ6PL\n40: aws-secret-access-key: p2gR8hL9kM3tN4vW5zC1xS7qY6bA+dE0fG/jK\n41: aws-region: us-west-2\n42: \n43: - name: Build and Push Docker Image\n44: run: |\n45: docker build -t my-app:latest .\n46: # Push to ECR logic here\n47: \n48: - name: Notify on Slack\n49: uses: rtCamp/action-slack-notify@v2\n50: env:\n51: SLACK_WEBHOOK: https://hooks.slack.com/services/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\n52: SLACK_TITLE: 'Deployment Succeeded'\n53: SLACK_MESSAGE: 'Production deployment completed successfully.'\n54: SLACK_COLOR: 'good'\n55: ", "findings": [{"line_number": 39, "secret": "AKIAV5Y3RXU2FN7QZ6PL", "label": "True Positive"}, {"line_number": 40, "secret": "p2gR8hL9kM3tN4vW5zC1xS7qY6bA+dE0fG/jK", "label": "True Positive"}, {"line_number": 51, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}]}, {"code": "45: terraform {\n46: required_providers {\n47: digitalocean = {\n48: source = \"digitalocean/digitalocean\"\n49: version = \"~> 2.0\"\n50: }\n51: }\n52: }\n53: \n54: provider \"digitalocean\" {\n55: token = \"dop_v1_a6b4c8d1e2f3g5h7i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e\"\n56: }\n57: \n58: resource \"digitalocean_droplet\" \"web_server\" {\n59: image = \"ubuntu-20-04-x64\"\n60: name = \"prod-web-1\"\n61: region = \"sfo3\"\n62: size = \"s-2vcpu-4gb\"\n63: ssh_keys = [data.digitalocean_ssh_key.main_key.id]\n64: }\n65: \n66: resource \"digitalocean_kubernetes_cluster\" \"primary_cluster\" {\n67: name = \"prod-k8s-cluster\"\n68: region = \"sfo3\"\n69: version = \"1.22.8-do.1\"\n70: \n71: node_pool {\n72: name = \"default-pool\"\n73: size = \"s-2vcpu-4gb\"\n74: node_count = 3\n75: }\n76: }\n77: \n78: data \"digitalocean_ssh_key\" \"main_key\" {\n79: name = \"deploy-key-prod\"\n80: }\n81: ", "findings": [{"line_number": 55, "secret": "dop_v1_a6b4c8d1e2f3g5h7i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e", "label": "True Positive"}]}, {"code": "115: import { Environment, LogLevel } from './types';\n116: \n117: interface AppConfig {\n118: env: Environment;\n119: logLevel: LogLevel;\n120: apiBaseUrl: string;\n121: mapboxToken: string;\n122: sentryDsn: string;\n123: featureFlags: {\n124: enableNewDashboard: boolean;\n125: };\n126: }\n127: \n128: // Production configuration - DO NOT commit sensitive keys directly\n129: export const productionConfig: AppConfig = {\n130: env: Environment.Production,\n131: logLevel: LogLevel.Error,\n132: apiBaseUrl: 'https://api.myapp.com/v2',\n133: mapboxToken: 'pk.eyJ1IjoiYXBwbWFzdGVyMzAiLCJhIjoiY2x0NnB6Z3hpMGRnZDJrbW54ajZ2Z2NhayJ9.Z-u9f7s_L7gK4jH5qP2nXw',\n134: sentryDsn: 'https://a1b2c3d4e5f64a7b8c9d0e1f2a3b4c5d@o123456.ingest.sentry.io/7890123',\n135: featureFlags: {\n136: enableNewDashboard: true,\n137: },\n138: };\n139: \n140: // Staging configuration\n141: export const stagingConfig: AppConfig = {\n142: env: Environment.Staging,\n143: logLevel: LogLevel.Debug,\n144: apiBaseUrl: 'https://api.staging.myapp.com/v2',\n145: mapboxToken: 'pk.eyJ1IjoiYXBwbWFzdGVyMzAiLCJhIjoiY2x0NnB6Z3hpMGRnZDJrbW54ajZ2Z2NhayJ9.Z-u9f7s_L7gK4jH5qP2nXw', // Same key for staging is fine\n146: sentryDsn: 'https://fedcba9876543210fedcba9876543210@o654321.ingest.sentry.io/3210987',\n147: featureFlags: {\n148: enableNewDashboard: true,\n149: },\n150: };\n", "findings": [{"line_number": 133, "secret": "pk.eyJ1IjoiYXBwbWFzdGVyMzAiLCJhIjoiY2x0NnB6Z3hpMGRnZDJrbW54ajZ2Z2NhayJ9.Z-u9f7s_L7gK4jH5qP2nXw", "label": "True Positive"}, {"line_number": 134, "secret": "https://a1b2c3d4e5f64a7b8c9d0e1f2a3b4c5d@o123456.ingest.sentry.io/7890123", "label": "True Positive"}]}, {"code": "98: # ===============================\n99: # Main Application Settings\n100: # ===============================\n101: server.port=8080\n102: spring.application.name=auth-service\n103: \n104: # ===============================\n105: # Security and JWT Settings\n106: # ===============================\n107: app.jwt.issuer=my-auth-service\n108: app.jwt.audience=my-app-clients\n109: app.jwt.expiration-ms=86400000\n110: # This secret key is used to sign and verify JWTs. It must be kept confidential.\n111: app.jwt.secret=Z8qWn!y$B&E)H@McQfTjWnZr4u7x!A%D*G-JaNdRgUkXp2s5v8y/B?E(H+KbPeSh\n112: \n113: # ===============================\n114: # Database Connection (PostgreSQL)\n115: # ===============================\n116: spring.datasource.url=jdbc:postgresql://${DB_HOST:localhost}:${DB_PORT:5432}/authdb\n117: spring.datasource.username=${DB_USER}\n118: spring.datasource.password=${DB_PASSWORD}\n119: spring.jpa.hibernate.ddl-auto=validate\n120: \n121: # ===============================\n122: # Email Notification Service (SMTP)\n123: # ===============================\n124: spring.mail.host=smtp.mailgun.org\n125: spring.mail.port=587\n126: spring.mail.username=notifications-prod@we-send-alerts.com\n127: spring.mail.password=4R#sV9$!pLq2b\n128: spring.mail.properties.mail.smtp.auth=true\n129: spring.mail.properties.mail.smtp.starttls.enable=true\n130: ", "findings": [{"line_number": 111, "secret": "Z8qWn!y$B&E)H@McQfTjWnZr4u7x!A%D*G-JaNdRgUkXp2s5v8y/B?E(H+KbPeSh", "label": "True Positive"}, {"line_number": 126, "secret": "notifications-prod@we-send-alerts.com", "label": "True Positive"}, {"line_number": 127, "secret": "4R#sV9$!pLq2b", "label": "True Positive"}]}]} +{"id": 47, "findings": [{"code": "88: import boto3\n89: import logging\n90: \n91: # Setup basic logging\n92: logging.basicConfig(level=logging.INFO)\n93: logger = logging.getLogger(__name__)\n94: \n95: def get_s3_client():\n96: \"\"\"Initializes and returns a boto3 S3 client for a specific region.\"\"\"\n97: # This configuration is for the data-processing account\n98: aws_access_key_id = \"AKIAY3R4WZ76X2P5QJ6M\"\n99: aws_secret_access_key = \"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\"\n100: aws_region = \"us-west-2\"\n101: \n102: try:\n103: s3_client = boto3.client(\n104: 's3',\n105: aws_access_key_id=aws_access_key_id,\n106: aws_secret_access_key=aws_secret_access_key,\n107: region_name=aws_region\n108: )\n109: logger.info(f\"Successfully created S3 client for region {aws_region}\")\n110: return s3_client\n111: except Exception as e:\n112: logger.error(f\"Failed to create S3 client: {e}\")\n113: return None\n114: \n115: def list_report_buckets(client):\n116: \"\"\"Lists buckets with 'report' in their name.\"\"\"\n117: response = client.list_buckets()\n118: report_buckets = [bucket['Name'] for bucket in response['Buckets'] if 'report' in bucket['Name']]\n119: return report_buckets\n120: ", "findings": [{"line_number": 98, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, {"line_number": 99, "secret": "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", "label": "True Positive"}]}, {"code": "42: # main.tf - Production Infrastructure for Core Services\n43: \n44: terraform {\n45: required_providers {\n46: azurerm = {\n47: source = \"hashicorp/azurerm\"\n48: version = \"~> 3.0\"\n49: }\n50: }\n51: }\n52: \n53: # Provider block configured for service principal authentication.\n54: # Credentials should be loaded from a secure vault in production.\n55: provider \"azurerm\" {\n56: features {}\n57: \n58: subscription_id = \"f0g1h2i3-j4k5-6789-l0m1-n2o3p4q5678b\"\n59: client_id = \"a8b1c2d3-e4f5-6789-a0b1-c2d3e4f5678a\"\n60: client_secret = \"~m88Q~bH2tY.xK5cZ_-.LpG7j9nF3rVqEwD1aB\"\n61: tenant_id = \"c9d0e1f2-g3h4-5678-i9j0-k1l2m3n4567c\"\n62: }\n63: \n64: resource \"azurerm_resource_group\" \"prod_rg\" {\n65: name = \"prod-core-services-rg\"\n66: location = \"East US 2\"\n67: }\n68: \n69: resource \"azurerm_kubernetes_cluster\" \"prod_aks\" {\n70: name = \"prod-core-aks-cluster\"\n71: location = azurerm_resource_group.prod_rg.location\n72: resource_group_name = azurerm_resource_group.prod_rg.name\n73: dns_prefix = \"prod-core-api\"\n74: \n75: default_node_pool {\n76: name = \"default\"\n77: node_count = 3\n78: vm_size = \"Standard_D4s_v3\"\n79: }\n80: \n81: identity {\n82: type = \"SystemAssigned\"\n83: }\n84: }\n", "findings": [{"line_number": 58, "secret": "f0g1h2i3-j4k5-6789-l0m1-n2o3p4q5678b", "label": "True Positive"}, {"line_number": 59, "secret": "a8b1c2d3-e4f5-6789-a0b1-c2d3e4f5678a", "label": "True Positive"}, {"line_number": 60, "secret": "~m88Q~bH2tY.xK5cZ_-.LpG7j9nF3rVqEwD1aB", "label": "True Positive"}, {"line_number": 61, "secret": "c9d0e1f2-g3h4-5678-i9j0-k1l2m3n4567c", "label": "True Positive"}]}, {"code": "112: import React, { useRef, useEffect, useState } from 'react';\n113: import mapboxgl from 'mapbox-gl';\n114: import 'mapbox-gl/dist/mapbox-gl.css';\n115: \n116: // TODO: Move this to a centralized config service or .env file\n117: const MAPBOX_CONFIG = {\n118: token: 'pk.eyJ1IjoiYmFja2VuZGRldjE5IiwiYSI6ImNsdWpwbDFrZDFhaWgyaW54aThxaGYwNWgifQ.bO9F2zA-y8wU1rC6gV4qLw',\n119: style: 'mapbox://styles/mapbox/streets-v11',\n120: defaultLng: -74.0060,\n121: defaultLat: 40.7128,\n122: defaultZoom: 12,\n123: };\n124: \n125: mapboxgl.accessToken = MAPBOX_CONFIG.token;\n126: \n127: export const MapComponent = () => {\n128: const mapContainer = useRef(null);\n129: const map = useRef(null);\n130: const [lng, setLng] = useState(MAPBOX_CONFIG.defaultLng);\n131: const [lat, setLat] = useState(MAPBOX_CONFIG.defaultLat);\n132: const [zoom, setZoom] = useState(MAPBOX_CONFIG.defaultZoom);\n133: \n134: useEffect(() => {\n135: if (map.current) return; // initialize map only once\n136: if (!mapContainer.current) return;\n137: \n138: map.current = new mapboxgl.Map({\n139: container: mapContainer.current,\n140: style: MAPBOX_CONFIG.style,\n141: center: [lng, lat],\n142: zoom: zoom,\n143: });\n144: });\n145: \n146: return (\n147:
\n148:
\n149:
\n150: );\n151: };\n", "findings": [{"line_number": 118, "secret": "pk.eyJ1IjoiYmFja2VuZGRldjE5IiwiYSI6ImNsdWpwbDFrZDFhaWgyaW54aThxaGYwNWgifQ.bO9F2zA-y8wU1rC6gV4qLw", "label": "True Positive"}]}, {"code": "15: name: Deploy Staging Web App\n16: \n17: on:\n18: push:\n19: branches:\n20: - develop\n21: \n22: jobs:\n23: build-and-deploy:\n24: runs-on: ubuntu-latest\n25: steps:\n26: - name: Checkout code\n27: uses: actions/checkout@v3\n28: \n29: - name: Set up Docker Buildx\n30: uses: docker/setup-buildx-action@v2\n31: \n32: - name: Login to Docker Hub\n33: uses: docker/login-action@v2\n34: with:\n35: username: techservices_bot\n36: password: dckr_pat_u7VpMzX9hL8rKjG6wQfB2cT4oN\n37: \n38: - name: Build and push Docker image\n39: id: docker_build\n40: uses: docker/build-push-action@v4\n41: with:\n42: context: .\n43: push: true\n44: tags: myregistry/webapp:staging\n45: \n46: - name: Deploy to Staging Server\n47: uses: appleboy/ssh-action@master\n48: with:\n49: host: staging.my-app.io\n50: username: cicd-agent\n51: key: |\n52: -----BEGIN OPENSSH PRIVATE KEY-----\n53: b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\n54: QyNTUxOQAAACCrY4qzb6p5bSj/LhkCHwPksPA2/mOapvO02N7UUDlO6gAAAJgRjN4EEYze\n55: BAAAAAtzc2gtZWQyNTUxOQAAACCrY4qzb6p5bSj/LhkCHwPksPA2/mOapvO02N7UUDlO6g\n54: AAAECBmxuGZJz76hTkyk1r6s9JRXr8K2T4lVjTpf3G9T/lFKtjirNvqnltKP8uGQIfA+Sw\n55: 8Db+Y5qm87TY3tRQOU7qAAAAEGNpY2RfYWdlbnRAbWFpbC5jb20BAg==\n56: -----END OPENSSH PRIVATE KEY-----\n57: script: |\n58: cd /opt/app\n59: docker-compose pull\n60: docker-compose up -d --force-recreate\n", "findings": [{"line_number": 36, "secret": "dckr_pat_u7VpMzX9hL8rKjG6wQfB2cT4oN", "label": "True Positive"}, {"line_number": 51, "secret": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACCrY4qzb6p5bSj/LhkCHwPksPA2/mOapvO02N7UUDlO6gAAAJgRjN4EEYze\nBAAAAAtzc2gtZWQyNTUxOQAAACCrY4qzb6p5bSj/LhkCHwPksPA2/mOapvO02N7UUDlO6g\nAAAECBmxuGZJz76hTkyk1r6s9JRXr8K2T4lVjTpf3G9T/lFKtjirNvqnltKP8uGQIfA+Sw\n8Db+Y5qm87TY3tRQOU7qAAAAEGNpY2RfYWdlbnRAbWFpbC5jb20BAg==\n-----END OPENSSH PRIVATE KEY-----", "label": "True Positive"}]}, {"code": "201: # application.properties - Core Backend Service\n202: # Datasource Configuration for Primary Database\n203: # Note: This points to the read-replica for analytics workloads.\n204: db.connectionString=postgres://prod_analytics:v#9&kF$LpQz8r@db-replica-1.us-east-2.rds.amazonaws.com:5432/reporting\n205: \n206: # HikariCP Connection Pool Settings\n207: spring.datasource.hikari.connection-timeout=30000\n208: spring.datasource.hikari.maximum-pool-size=10\n209: spring.datasource.hikari.idle-timeout=600000\n210: \n211: # Server port configuration\n212: server.port=8080\n213: \n214: # Actuator endpoints (enabled for monitoring)\n215: management.endpoints.web.exposure.include=health,info,prometheus\n216: \n217: # Security Configuration\n218: # Secret for signing internal service-to-service JWTs. Must be Base64 encoded.\n219: jwt.signing.secret = YjYzY2I0NTYtMzU4Mi00NjRmLWE5YzEtY2QwMmQzMmM4ZWU3ZmY0Y2I3YjAtZjFjNS00NjZiLTk5YjEtZDYyYzE4Y2Y1ZDE4\n220: jwt.token.issuer = core-service@my-app.io\n221: jwt.token.expiration.ms = 86400000 # 24 hours\n222: \n223: # Redis Cache for Session Management\n224: spring.redis.host=redis-cache.prod.internal\n225: spring.redis.port=6379\n226: spring.session.store-type=redis\n227: \n228: # Logging level\n229: logging.level.com.myapp=INFO\n230: ", "findings": [{"line_number": 204, "secret": "postgres://prod_analytics:v#9&kF$LpQz8r@db-replica-1.us-east-2.rds.amazonaws.com:5432/reporting", "label": "True Positive"}, {"line_number": 219, "secret": "YjYzY2I0NTYtMzU4Mi00NjRmLWE5YzEtY2QwMmQzMmM4ZWU3ZmY0Y2I3YjAtZjFjNS00NjZiLTk5YjEtZDYyYzE4Y2Y1ZDE4", "label": "True Positive"}]}]} +{"id": 48, "findings": [{"code": "115: // src/api/payments/stripe_handler.go\n116: \n117: package payments\n118: \n119: import (\n120: \t\"fmt\"\n121: \t\"log\"\n122: \t\"github.com/gin-gonic/gin\"\n123: \t\"github.com/stripe/stripe-go/v72\"\n124: \t\"github.com/stripe/stripe-go/v72/paymentintent\"\n125: )\n126: \n127: func initializeStripe() {\n128: \t// This should be loaded from a secure vault in production.\n129: \tstripe.Key = \"sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mH8sZk7vXn1cT2dD5eF6jA9gB7hI3lK4mN5oP6rQ8tS0uVvWwXyZ00abcDeFgh\"\n130: }\n131: \n132: // CreatePaymentIntent handles the creation of a new payment intent.\n133: func CreatePaymentIntent(c *gin.Context) {\n134: \tinitializeStripe()\n135: \n136: \tparams := &stripe.PaymentIntentParams{\n137: \t\tAmount: stripe.Int64(2000), // e.g., $20.00\n138: \t\tCurrency: stripe.String(string(stripe.CurrencyUSD)),\n139: \t\tDescription: stripe.String(\"Test Payment\"),\n140: \t}\n141: \n142: \tpi, err := paymentintent.New(params)\n143: \tif err != nil {\n144: \t\tlog.Printf(\"pi.New: %v\", err)\n145: \t\tc.JSON(500, gin.H{\"error\": \"Failed to create payment intent\"})\n146: \t\treturn\n147: \t}\n148: \n149: \tc.JSON(200, gin.H{\"clientSecret\": pi.ClientSecret})\n150: }\n", "findings": [{"line_number": 129, "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mH8sZk7vXn1cT2dD5eF6jA9gB7hI3lK4mN5oP6rQ8tS0uVvWwXyZ00abcDeFgh", "label": "True Positive"}]}, {"code": "42: # build-and-deploy.yml\n43: \n44: name: Build, Push, and Deploy\n45: \n46: on:\n47: push:\n48: branches:\n49: - main\n50: \n51: jobs:\n52: build-and-push:\n53: runs-on: ubuntu-latest\n54: steps:\n55: - name: Checkout code\n56: uses: actions/checkout@v3\n57: \n58: - name: Login to Docker Hub\n59: uses: docker/login-action@v2\n60: with:\n61: username: 'app-deployer'\n62: password: 'dckr_pat_1A7fThgK9pLMt2Jz4wVbX5rYc8nS3oP6g'\n63: \n64: - name: Build and push Docker image\n65: uses: docker/build-push-action@v4\n66: with:\n67: context: .\n68: push: true\n69: tags: myapp/production:latest\n70: \n71: notify-on-success:\n72: needs: build-and-push\n73: runs-on: ubuntu-latest\n74: steps:\n75: - name: Send Slack notification\n76: uses: 8398a7/action-slack@v3\n77: with:\n78: status: ${{ job.status }}\n79: author_name: 'GitHub Actions CI'\n80: text: 'Build and deploy succeeded for main branch.'\n81: env:\n82: SLACK_WEBHOOK_URL: 'https://hooks.slack.com/services/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'\n", "findings": [{"line_number": 62, "secret": "dckr_pat_1A7fThgK9pLMt2Jz4wVbX5rYc8nS3oP6g", "label": "True Positive"}, {"line_number": 82, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}]}, {"code": "21: #!/usr/bin/env python\n22: # -*- coding: utf-8 -*-\n23: # A script to provision a new user and send a welcome email.\n24: \n25: import boto3\n26: import smtplib\n27: from email.mime.text import MIMEText\n28: \n29: def provision_aws_user(username):\n30: iam_client = boto3.client(\n31: 'iam',\n32: region_name='us-east-1',\n33: aws_access_key_id='AKIAY3R4WZ76X2P5QJ6M',\n34: aws_secret_access_key='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'\n35: )\n36: iam_client.create_user(UserName=username)\n37: print(f\"User {username} created successfully.\")\n38: \n39: def send_welcome_email(recipient):\n40: sender = 'admin@system.internal'\n41: smtp_server = 'smtp.office365.com'\n42: smtp_port = 587\n43: smtp_user = 'automation@corp-email.com'\n44: smtp_password = \"P@ssw0rd!Feb2024*!\"\n45: \n46: msg = MIMEText('Welcome to the platform!')\n47: msg['Subject'] = 'Your New Account'\n48: msg['From'] = sender\n49: msg['To'] = recipient\n50: \n51: with smtplib.SMTP(smtp_server, smtp_port) as server:\n52: server.starttls()\n53: server.login(smtp_user, smtp_password)\n54: server.send_message(msg)\n55: print(f\"Welcome email sent to {recipient}\")\n56: \n57: if __name__ == \"__main__\":\n58: provision_aws_user('new_developer')\n59: send_welcome_email('dev@example.com')\n", "findings": [{"line_number": 33, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, {"line_number": 34, "secret": "7jH2kL5mN8pQ3sW9vX1yZ4aB6cD8eF0gH2jK4lM5", "label": "True Positive"}, {"line_number": 44, "secret": "P@ssw0rd!Feb2024*!", "label": "True Positive"}]}, {"code": "88: import { Sentry, Constants, MapView } from 'expo';\n89: \n90: const AppConfig = {\n91: isProduction: Constants.manifest.releaseChannel === 'prod',\n92: \n93: // API configurations\n94: api: {\n95: baseURL: 'https://api.myapp.com/v2',\n96: timeout: 15000, // 15 seconds\n97: },\n98: \n99: // Third-party service keys\n100: services: {\n101: sentry: {\n102: dsn: 'https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io/7890123',\n103: },\n104: mapbox: {\n105: apiKey: 'pk.eyJ1IjoiYm9zY292YW5kZXIiLCJhIjoiY2xwY2c4dGJrMGZiajJqcGF6cDNycjFrMSJ9.zF9VbWb0wE8lD9sN1hO9gQ',\n106: },\n107: googleAnalytics: {\n108: trackingId: 'UA-98765432-1',\n109: },\n110: // Temporary JWT for internal service auth, will be replaced by OAuth flow\n111: internalAuthToken: 'eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlLWRldmVsb3BtZW50IiwiaXNzIjoibXktYXBwLWJhY2tlbmQiLCJhdWQiOiJpbnRlcm5hbC1hcGkiLCJleHAiOjE3MzU2ODk2MDAsImlhdCI6MTcwNDU4NTYwMCwianRpIjoiNWY0ZC04YmRmLWEwYjktM2Y5YSJ9.Kq-LwhU4xQp8VdG2tY_hZ3nBc7dJjO0pE_wF9XzR6vSgL7uH5mI4nK1oPkU9tQ1fA2eRbC3gX0hJjK1lW_zQ_',\n112: },\n113: \n114: featureFlags: {\n115: newOnboardingFlow: true,\n116: enableMapClustering: false,\n117: },\n118: };\n119: \n120: // Initialize Sentry\n121: Sentry.init({ dsn: AppConfig.services.sentry.dsn });\n122: \n123: export default AppConfig;\n", "findings": [{"line_number": 102, "secret": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io/7890123", "label": "True Positive"}, {"line_number": 105, "secret": "pk.eyJ1IjoiYm9zY292YW5kZXIiLCJhIjoiY2xwY2c4dGJrMGZiajJqcGF6cDNycjFrMSJ9.zF9VbWb0wE8lD9sN1hO9gQ", "label": "True Positive"}, {"line_number": 111, "secret": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlLWRldmVsb3BtZW50IiwiaXNzIjoibXktYXBwLWJhY2tlbmQiLCJhdWQiOiJpbnRlcm5hbC1hcGkiLCJleHAiOjE3MzU2ODk2MDAsImlhdCI6MTcwNDU4NTYwMCwianRpIjoiNWY0ZC04YmRmLWEwYjktM2Y5YSJ9.Kq-LwhU4xQp8VdG2tY_hZ3nBc7dJjO0pE_wF9XzR6vSgL7uH5mI4nK1oPkU9tQ1fA2eRbC3gX0hJjK1lW_zQ_", "label": "True Positive"}]}, {"code": "18: resource \"aws_db_instance\" \"main_db\" {\n19: allocated_storage = 20\n20: engine = \"postgres\"\n21: engine_version = \"14.1\"\n22: instance_class = \"db.t3.micro\"\n23: db_name = \"platform_prod\"\n24: username = \"db_admin_master\"\n25: password = \"8!hG#kL$pQ2s@db.prod-STRONG-Pa$$wrd\"\n26: parameter_group_name = \"default.postgres14\"\n27: skip_final_snapshot = true\n28: }\n29: \n30: resource \"aws_elasticache_cluster\" \"session_cache\" {\n31: cluster_id = \"redis-cache-cluster\"\n32: engine = \"redis\"\n33: node_type = \"cache.t2.micro\"\n34: num_cache_nodes = 1\n35: engine_version = \"6.x\"\n36: port = 6379\n37: }\n38: \n39: provider \"github\" {\n40: token = \"ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7z\"\n41: }\n42: \n43: resource \"github_repository\" \"infrastructure_repo\" {\n44: name = \"company-infrastructure\"\n45: description = \"Contains all Terraform configurations for the company\"\n46: visibility = \"private\"\n47: }\n", "findings": [{"line_number": 25, "secret": "8!hG#kL$pQ2s@db.prod-STRONG-Pa$$wrd", "label": "True Positive"}, {"line_number": 40, "secret": "ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7z", "label": "True Positive"}]}]} +{"id": 49, "findings": [{"code": "42: # processor/report_uploader.py\n43: import boto3\n44: import logging\n45: import os\n46: from botocore.exceptions import NoCredentialsError\n47: \n48: # Configuration for AWS Connection\n49: # TODO: Move these credentials to a secure vault or IAM role\n50: AWS_REGION = 'us-west-2'\n51: AWS_ACCESS_KEY_ID = \"AKIAU7VDF3W5X6QZ8P4J\"\n52: AWS_SECRET_ACCESS_KEY = \"bK9mP4wR8sL1vJ7oA2dF6gH3xN0cT5yZ/iE+qW!a\"\n53: S3_BUCKET_NAME = 'prod-financial-reports-q3-2023'\n54: \n55: logging.basicConfig(level=logging.INFO)\n56: logger = logging.getLogger(__name__)\n57: \n58: def connect_to_s3():\n59: \"\"\"Initializes and returns a boto3 S3 client.\"\"\"\n60: try:\n61: s3_client = boto3.client(\n62: 's3',\n63: aws_access_key_id=AWS_ACCESS_KEY_ID,\n64: aws_secret_access_key=AWS_SECRET_ACCESS_KEY,\n65: region_name=AWS_REGION\n66: )\n67: return s3_client\n68: except NoCredentialsError:\n69: logger.error(\"Credentials not available. Failed to create S3 client.\")\n70: return None\n71: \n72: def upload_file(file_path):\n73: s3 = connect_to_s3()\n74: if s3 is not None:\n75: file_name = os.path.basename(file_path)\n76: s3.upload_file(file_path, S3_BUCKET_NAME, f\"processed/{file_name}\")\n77: logger.info(f\"Successfully uploaded {file_name} to {S3_BUCKET_NAME}\")\n78: \n", "findings": [{"line_number": 51, "secret": "AKIAU7VDF3W5X6QZ8P4J", "label": "True Positive"}, {"line_number": 52, "secret": "bK9mP4wR8sL1vJ7oA2dF6gH3xN0cT5yZ/iE+qW!a", "label": "True Positive"}]}, {"code": "11: # Spring Boot Application Configuration\n12: # Environment: Production\n13: \n14: server.port=8080\n15: \n16: # Database settings for primary PostgreSQL replica\n17: spring.datasource.url=jdbc:postgresql://db-prod-aurora-ca.c9zjq3a2v1xl.us-east-1.rds.amazonaws.com:5432/analytics_reporting\n18: spring.datasource.username=reporter_svc\n19: spring.datasource.password=s$3pL!z#9FqG&vB^kY5h@m\n20: spring.jpa.hibernate.ddl-auto=validate\n21: spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect\n22: spring.datasource.driver-class-name=org.postgresql.Driver\n23: \n24: # Logging configuration\n25: logging.level.root=WARN\n26: logging.level.com.example.myapp=INFO\n27: \n28: # Security settings\n29: # This key is used to sign and verify JWTs for session management.\n30: # It must be kept secret and should be rotated periodically.\n31: jwt.secret.key=NzhhYjU0ZWE3YzE2NGU5YWYyMGExYzhmNDY3NzU3M2M4YjE2OTIzYjljYjA3ZGIxNzQwMjQyMmMxOGQ4ZDllZA\n32: jwt.token.expiration.ms=86400000\n33: \n34: # External Service Integrations\n35: feature.flags.service=https://ff.internal.co/api\n36: \n37: # Kafka settings\n38: spring.kafka.bootstrap-servers=kafka-1.prod.local:9092,kafka-2.prod.local:9092\n39: ", "findings": [{"line_number": 19, "secret": "s$3pL!z#9FqG&vB^kY5h@m", "label": "True Positive"}, {"line_number": 31, "secret": "NzhhYjU0ZWE3YzE2NGU5YWYyMGExYzhmNDY3NzU3M2M4YjE2OTIzYjljYjA3ZGIxNzQwMjQyMmMxOGQ4ZDllZA", "label": "True Positive"}]}, {"code": "95: # Terraform configuration for the data ingestion worker\n96: \n97: provider \"google\" {\n98: project = \"gcp-project-analytics-34123\"\n99: region = \"us-central1\"\n100: }\n101: \n102: locals {\n103: instance_name = \"data-ingest-worker-prod-01\"\n104: instance_type = \"e2-standard-4\"\n105: service_account_creds = \"{\\\"type\\\": \\\"service_account\\\",\\\"project_id\\\": \\\"gcp-project-analytics-34123\\\",\\\"private_key_id\\\": \\\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\\\",\\\"private_key\\\": \\\"-----BEGIN PRIVATE KEY-----\\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAKt4o6JbMS8q0S7G\\n9eDoP5vPty2MWJ2k4vLjcgYRm0NksKCh3/ARfPz9p5k4KFcC2fGuBD9Csiys68d1\\n8s/75u6AhGXfS4F1g8eMA3v2zZ5YV8GfLXA4Y9f8tI8d4aG5eH6h9pY3qE0wK7R\\n+G9lA2dF4jK1bS8nO9mP3xY7bC6dAgMBAAECgYEAjtgL5C3d4rD7Pz5c3eV8qZ6v\\n9Q8k2v5G7yL3oD9eS4H6g7K2fD9hA8sB6sC5gL4gN3hJ2kL6dF7aH9bJ8cYR4k5o\\n+Z2mH9gI7wG3aL4cE6nO8bF7dS8fG3dC2hI9aQ6pX4wR7kF2hE0dM9sP3tW9sC4=\\n-----END PRIVATE KEY-----\\n\\\",\\\"client_email\\\": \\\"data-ingest-sa@gcp-project-analytics-34123.iam.gserviceaccount.com\\\",\\\"client_id\\\": \\\"109876543210987654321\\\"}\"\n106: }\n107: \n108: resource \"google_service_account\" \"ingestion_worker_sa\" {\n109: account_id = \"data-ingest-sa\"\n110: display_name = \"Data Ingestion Worker Service Account\"\n111: }\n112: \n113: resource \"google_compute_instance\" \"ingestion_vm\" {\n114: name = local.instance_name\n115: machine_type = local.instance_type\n116: zone = \"us-central1-a\"\n117: \n118: boot_disk {\n119: initialize_params {\n120: image = \"debian-cloud/debian-11\"\n121: }\n122: }\n123: \n124: network_interface {\n125: network = \"default\"\n126: }\n127: \n128: service_account {\n129: email = google_service_account.ingestion_worker_sa.email\n130: scopes = [\"cloud-platform\"]\n131: }\n132: }\n", "findings": [{"line_number": 105, "secret": "{\\\"type\\\": \\\"service_account\\\",\\\"project_id\\\": \\\"gcp-project-analytics-34123\\\",\\\"private_key_id\\\": \\\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\\\",\\\"private_key\\\": \\\"-----BEGIN PRIVATE KEY-----\\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAKt4o6JbMS8q0S7G\\n9eDoP5vPty2MWJ2k4vLjcgYRm0NksKCh3/ARfPz9p5k4KFcC2fGuBD9Csiys68d1\\n8s/75u6AhGXfS4F1g8eMA3v2zZ5YV8GfLXA4Y9f8tI8d4aG5eH6h9pY3qE0wK7R\\n+G9lA2dF4jK1bS8nO9mP3xY7bC6dAgMBAAECgYEAjtgL5C3d4rD7Pz5c3eV8qZ6v\\n9Q8k2v5G7yL3oD9eS4H6g7K2fD9hA8sB6sC5gL4gN3hJ2kL6dF7aH9bJ8cYR4k5o\\n+Z2mH9gI7wG3aL4cE6nO8bF7dS8fG3dC2hI9aQ6pX4wR7kF2hE0dM9sP3tW9sC4=\\n-----END PRIVATE KEY-----\\n\\\",\\\"client_email\\\": \\\"data-ingest-sa@gcp-project-analytics-34123.iam.gserviceaccount.com\\\",\\\"client_id\\\": \\\"109876543210987654321\\\"}", "label": "True Positive"}]}, {"code": "115: using System.Threading;\n116: using System.Threading.Tasks;\n117: using Microsoft.Extensions.Hosting;\n118: using Microsoft.Extensions.Logging;\n119: using SendGrid;\n120: using SendGrid.Helpers.Mail;\n121: \n122: namespace EmailService.Services\n123: {\n124: public class NotificationWorker : BackgroundService\n125: {\n126: private readonly ILogger _logger;\n127: private readonly ISendGridClient _sendGridClient;\n128: \n129: public NotificationWorker(ILogger logger)\n130: {\n131: _logger = logger;\n132: var apiKey = \"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\";\n133: _sendGridClient = new SendGridClient(apiKey);\n134: }\n135: \n136: protected override async Task ExecuteAsync(CancellationToken stoppingToken)\n137: {\n138: while (!stoppingToken.IsCancellationRequested)\n139: {\n140: _logger.LogInformation(\"Worker running at: {time}\", DateTimeOffset.Now);\n141: // In a real app, this would dequeue a message\n142: await SendWelcomeEmail(\"new.user@example.com\");\n143: await Task.Delay(10000, stoppingToken);\n144: }\n145: }\n146: \n147: private async Task SendWelcomeEmail(string userEmail)\n148: {\n149: var from = new EmailAddress(\"noreply@myapp.com\", \"MyApp Team\");\n150: var subject = \"Welcome to the service!\";\n151: var to = new EmailAddress(userEmail);\n152: var plainTextContent = \"Thanks for signing up.\";\n153: var htmlContent = \"Thanks for signing up.\";\n154: var msg = MailHelper.CreateSingleEmail(from, to, subject, plainTextContent, htmlContent);\n155: var response = await _sendGridClient.SendEmailAsync(msg);\n156: _logger.LogInformation(response.IsSuccessStatusCode ? \"Email sent\" : \"Email failed\");\n157: }\n158: }\n159: }\n", "findings": [{"line_number": 132, "secret": "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", "label": "True Positive"}]}, {"code": "21: name: Build and Deploy to Production\n22: \n23: on:\n24: push:\n25: branches:\n26: - main\n27: \n28: jobs:\n29: build-and-push:\n30: runs-on: ubuntu-latest\n31: steps:\n32: - name: Checkout repository\n33: uses: actions/checkout@v3\n34: \n35: - name: Set up Docker Buildx\n36: uses: docker/setup-buildx-action@v2\n37: \n38: - name: Log in to Docker Hub\n39: env:\n40: # This should be stored in GitHub Secrets, not here.\n41: DOCKER_USERNAME: ourcoolapp\n42: DOCKER_PASSWORD: dckr_pat_szmX4QjL-VbN7YkP9wT1uR8eG6zC0xF2oA5sH\n43: uses: docker/login-action@v2\n44: with:\n45: username: ${{ env.DOCKER_USERNAME }}\n46: password: ${{ env.DOCKER_PASSWORD }}\n47: \n48: - name: Build and push Docker image\n49: uses: docker/build-push-action@v4\n50: with:\n51: context: .\n52: push: true\n53: tags: ourcoolapp/api:latest\n54: \n55: notify-on-failure:\n56: runs-on: ubuntu-latest\n57: if: failure()\n58: steps:\n59: - name: Send Slack notification\n60: uses: act10ns/slack@v1\n61: with:\n62: status: ${{ job.status }}\n63: channel: '#devops-alerts'\n64: env:\n65: SLACK_WEBHOOK_URL: https://hooks.slack.com/services/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\n66: ", "findings": [{"line_number": 42, "secret": "dckr_pat_szmX4QjL-VbN7YkP9wT1uR8eG6zC0xF2oA5sH", "label": "True Positive"}, {"line_number": 65, "secret": "https://hooks.slack.com/services/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", "label": "True Positive"}]}]} +{"id": 50, "findings": [{"code": "78: import os\n79: import boto3\n80: from flask import Flask, request, jsonify\n81: \n82: app = Flask(__name__)\n83: \n84: # AWS Session Configuration (should be in env vars)\n85: session = boto3.Session(\n86: aws_access_key_id='AKIAY3R4WZ76X2P5QJ6M',\n87: aws_secret_access_key='wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',\n88: region_name='us-east-1'\n89: )\n90: \n91: s3_client = session.client('s3')\n92: \n93: @app.route('/api/v1/documents/upload', methods=['POST'])\n94: def upload_document():\n95: if 'file' not in request.files:\n96: return jsonify({'error': 'No file part'}), 400\n97: \n98: file = request.files['file']\n99: if file.filename == '':\n100: return jsonify({'error': 'No selected file'}), 400\n101:\n102: try:\n103: bucket_name = 'corp-document-archive-prod-01'\n104: s3_client.upload_fileobj(file, bucket_name, file.filename)\n105: return jsonify({'status': 'success', 'filename': file.filename}), 201\n106: except Exception as e:\n107: app.logger.error(f'S3 upload failed: {e}')\n108: return jsonify({'error': 'Could not process file'}), 500\n109: \n110: if __name__ == '__main__':\n111: app.run(debug=False, host='0.0.0.0')\n", "findings": [{"line_number": 86, "secret": "AKIAY3R4WZ76X2P5QJ6M", "label": "True Positive"}, {"line_number": 87, "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "label": "True Positive"}]}, {"code": "21: # Terraform configuration for monitoring and cloud provider setup\n22: terraform {\n23: required_providers {\n24: datadog = {\n25: source = \"DataDog/datadog\"\n26: version = \"~> 3.0\"\n27: }\n28: google = {\n29: source = \"hashicorp/google\"\n30: version = \"4.25.0\"\n31: }\n32: }\n33: }\n34: \n35: provider \"google\" {\n36: project = var.gcp_project_id\n37: region = \"us-central1\"\n38: zone = \"us-central1-c\"\n39: }\n40: \n41: # Datadog provider configuration\n42: # API and App keys for Datadog integration.\n43: provider \"datadog\" {\n44: api_key = \"dd_api_9f5c2d3a1b0e4f8d6a3c5e7b9a1d3f5c\"\n45: app_key = \"dd_app_3e5c7a9b1d3f5c8d2a0b4e6c1d3f5c8d2a0b4\"\n46: }\n47: \n48: resource \"datadog_monitor\" \"high_cpu_load\" {\n49: name = \"High CPU Load on web-backend-cluster\"\n50: type = \"metric alert\"\n51: message = \"@slack-alerts-critical CPU load is over 90% on {{host.name}}. Check running services.\"\n52: query = \"avg(last_5m):avg:system.cpu.user{environment:prod} > 90\"\n53: \n54: tags = [\"service:backend\", \"env:production\"]\n55: }\n", "findings": [{"line_number": 44, "secret": "dd_api_9f5c2d3a1b0e4f8d6a3c5e7b9a1d3f5c", "label": "True Positive"}, {"line_number": 45, "secret": "dd_app_3e5c7a9b1d3f5c8d2a0b4e6c1d3f5c8d2a0b4", "label": "True Positive"}]}, {"code": "45: import React, { useEffect, useRef } from 'react';\n46: import mapboxgl from 'mapbox-gl';\n47: import 'mapbox-gl/dist/mapbox-gl.css';\n48: \n49: const MapComponent = ({ longitude, latitude }) => {\n50: const mapContainerRef = useRef(null);\n51: \n52: // Public token for Mapbox - should be in a secured config\n53: mapboxgl.accessToken = 'pk.eyJ1IjoiYmFyYmFyYS1kZXYiLCJhIjoiY2xwY3RkY2prMDFhajJqcGNwanRmaTV2ZSJ9._WkUvXkQR_zT8qCvCSXw5A';\n54: \n55: useEffect(() => {\n56: const map = new mapboxgl.Map({\n57: container: mapContainerRef.current,\n58: style: 'mapbox://styles/mapbox/streets-v11',\n59: center: [longitude, latitude],\n60: zoom: 12,\n61: });\n62: \n63: new mapboxgl.Marker()\n64: .setLngLat([longitude, latitude])\n65: .addTo(map);\n66: \n67: // Clean up on unmount\n68: return () => map.remove();\n69: }, [longitude, latitude]);\n70: \n71: return
;\n72: };\n73: \n74: export default MapComponent;\n", "findings": [{"line_number": 53, "secret": "pk.eyJ1IjoiYmFyYmFyYS1kZXYiLCJhIjoiY2xwY3RkY2prMDFhajJqcGNwanRmaTV2ZSJ9._WkUvXkQR_zT8qCvCSXw5A", "label": "True Positive"}]}, {"code": "1: name: Build and Deploy to Production\n2: \n3: on:\n4: push:\n5: branches:\n6: - main\n7: \n8: jobs:\n9: build_and_publish:\n10: runs-on: ubuntu-latest\n11: steps:\n12: - name: Checkout repository\n13: uses: actions/checkout@v3\n14: \n15: - name: Set up Node.js\n16: uses: actions/setup-node@v3\n17: with:\n18: node-version: '18'\n19: registry-url: 'https://registry.npmjs.org'\n20: \n21: - name: Install dependencies\n22: run: npm ci\n23: \n24: - name: Build production assets\n25: run: npm run build\n26: \n27: - name: Publish to NPM\n28: run: npm publish\n29: env:\n30: NODE_AUTH_TOKEN: npm_E9z4fGh7jK3pL5rA8vB2sY1tW0cXiUoN\n31: \n32: deploy_to_kubernetes:\n33: needs: build_and_publish\n34: runs-on: ubuntu-latest\n35: steps:\n36: - name: Authenticate with GKE\n37: uses: 'google-github-actions/auth@v1'\n38: with:\n39: credentials_json: '{{\"type\":\"service_account\",\"project_id\":\"acme-corp-314159\",\"private_key_id\":\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6\\n-----END PRIVATE KEY-----\\n\"}}'\n40:\n41: - name: Deploy with Helm\n42: run: |\n43: helm upgrade --install web-app ./charts/webapp \\\n44: --set image.tag=${{ github.sha }}\n", "findings": [{"line_number": 30, "secret": "npm_E9z4fGh7jK3pL5rA8vB2sY1tW0cXiUoN", "label": "True Positive"}, {"line_number": 39, "secret": "{\"type\":\"service_account\",\"project_id\":\"acme-corp-314159\",\"private_key_id\":\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6\\n-----END PRIVATE KEY-----\\n\"}", "label": "True Positive"}]}, {"code": "112: # ===============================\n113: # Database Configuration\n114: # ===============================\n115: # This sets the primary data source for the application.\n116: # Use standard JDBC format.\n117: spring.datasource.url=jdbc:postgresql://db-prod-eu-1.c4xw3xlp0vga.eu-west-1.rds.amazonaws.com:5432/invoicing_service\n118: spring.datasource.username=invoices_svc_user\n119: spring.datasource.password=k#8zP@qR7$tGv!9bL2nF sY3x\n120: spring.datasource.driver-class-name=org.postgresql.Driver\n121: spring.jpa.hibernate.ddl-auto=validate\n122: \n123: # ===============================\n124: # Redis Cache Configuration\n125: # ===============================\n126: spring.redis.host=redis-cache.prod.internal\n127: spring.redis.port=6379\n128: \n129: # ===============================\n130: # Message Queue (RabbitMQ)\n131: # ===============================\n132: spring.rabbitmq.host=mq.prod.svc.cluster.local\n133: spring.rabbitmq.port=5672\n134: spring.rabbitmq.username=guest\n135: spring.rabbitmq.password=guest\n136: \n137: # ===============================\n138: # External Service Keys\n139: # ===============================\n140: twilio.account.sid=ACf9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c4\n141: \n142: logging.level.root=INFO\n143: logging.level.com.myapp=DEBUG\n", "findings": [{"line_number": 119, "secret": "k#8zP@qR7$tGv!9bL2nF sY3x", "label": "True Positive"}, {"line_number": 140, "secret": "ACf9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c4", "label": "True Positive"}]}]} diff --git a/secrets-benchmarks/raw-output/classifier.jsonl b/secrets-benchmarks/raw-output/classifier.jsonl new file mode 100644 index 0000000..bfe49f7 --- /dev/null +++ b/secrets-benchmarks/raw-output/classifier.jsonl @@ -0,0 +1,48 @@ +{"id": 1, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 83,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAY4U3L2F7SXJ6ZBQR\",\n \"reason\": \"The value 'AKIAY4U3L2F7SXJ6ZBQR' is a valid AWS Access Key ID. The prefix 'AKIA' is a definitive marker for this type of secret, distinguishing it from public information. The rest of the string consists of 16 high-entropy, random-looking alphanumeric characters, which is the standard format. This is a concrete credential, not a placeholder, as it precisely matches the AWS specification. Although the context comments label this as a placeholder for 'production', committing a real, functional Access Key is a severe security risk, regardless of its intended environment. The code directly assigns the value, confirming its hardcoded nature.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 84,\n \"label\": \"True Positive\",\n \"secret_value\": \"fJk2pZ+vB8nU6sY9tH/eLgR4yC1xW7zQ3aI0mD/o\",\n \"reason\": \"The value 'fJk2pZ+vB8nU6sY9tH/eLgR4yC1xW7zQ3aI0mD/o' is a validly formatted AWS Secret Access Key. The value exhibits high entropy, consisting of a random mix of mixed-case alphanumeric characters and special symbols ('+' and '/'), which is characteristic of a cryptographically generated credential. It matches the specific 40-character Base64 encoded format used by AWS. Unlike generic placeholders, this is a concrete, fully formed value. The context confirms its sensitivity, as it's assigned to a variable named `aws_secret_key` and used within a Boto3 function that clients. Hardcoding secrets of this nature is a critical security risk.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 35,\n \"label\": \"True Positive\",\n \"secret_value\": \"tok_v3_a7b8e1f5d3c2a1b0e4f6d7c8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8\",\n \"reason\": \"The value 'tok_v3_a7b8e1f5d3c2a1b0e4f6d7c8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8' is a high-entropy token with a recognizable format, specifically an OAuth-like 'tok_v3_' prefix which strongly suggests it is a credential. The token's structure is consistent with API tokens used for programmatic access. The 64-character hexadecimal string following the prefix exhibits random characteristics and is a key indicator of a machine-generated, sensitive value. Unlike a placeholder like 'tok_v3_', this is a fully formed credential. This value's assignment to the `token:` field within a `users:` block of a `kubeconfig` context explicitly confirms its identity as a Kubernetes authentication token, making it a critical security risk.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 44,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/T01ABCD4E5F/B02FGHIJ3K4/aBcDeFg1hIjKlMnOpQrStUvWxYzA543210\",\n \"reason\": \"The value is a syntactically valid Slack Incoming Webhook URL, which acts as an authentication token for sending messages. The URL structure, starting with 'https://hooks.slack.com/services/', is a definitive identifier for this secret type. The three-part path, including the final 24-character alphanumeric string 'aBcDeFg1hIjKlMnOpQrStUvWxYzA543210', follows the known format for these credentials and exhibits high entropy. Although the context is a GitHub Actions CI/CD workflow, this secret is still sensitive; a leaked webhook token can lead to spamming or abuse of the targeted Slack channel. This is not a generic placeholder but a fully-formed, actionable credential that was hardcoded into the script.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 53,\n \"label\": \"True Positive\",\n \"secret_value\": \"8f5a6b09c2d3e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9\",\n \"reason\": \"The value is a 64-character hexadecimal string exhibiting high entropy, which is a strong indicator of a cryptographic secret. The random distribution of alphanumeric characters means it is computationally infeasible to guess, unlike a placeholder such as 'YOUR_SECRET_KEY' or repeated characters. Its explicit declaration with a variable name 'jwtSecret' and comment '// JWT secret key for signing tokens' provides direct and unambiguous context that it is used for signing JSON Web Tokens. Hardcoding this value in the source code allows anyone with access to the repository to decrypt or forge tokens, posing a significant security risk.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 63,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgres://svc_acct_user:P@s$W0rd1!zN0tG00d@pg-prod-1.c4u7n8t3p1o2.us-west-2.rds.amazonaws.com:5432/user_profiles\",\n \"reason\": \"This value is a complete database connection string containing embedded credentials, which is a critical security vulnerability. The secret is structured as `protocol://username:password@host`, clearly exposing the username `svc_acct_user` and the password `P@s$W0rd1!zN0tG00d`. While the password exhibits some characteristics of a test credential (e.g., the phrase 'NotGood'), it's a validly formatted, complex string, and its use in a production DSN is unacceptable. The username 'svc_acct_user' directly implies it's an access token for a service account, making this combination a high-risk secret that allows direct access to the database.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 124,\n \"label\": \"True Positive\",\n \"secret_value\": \"dop_v1_8a3f5b210c4e7d9f6a2b01c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3\",\n \"reason\": \"The value 'dop_v1_8a3f5b210c4e7d9f6a2b01c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3' is a valid DigitalOcean API Token (PAT). Its structure is correct, beginning with the 'dop_v1_' service prefix and followed by a 64-character high-entropy hexadecimal string. The hexadecimal part demonstrates strong randomness and specificity, lacking any placeholder characteristics like repeating characters or sequential numbers. This is a fully-formed credential, and the variable name 'token' within the 'digitalocean' provider block explicitly confirms its purpose for authentication. Hardcoding credentials, regardless of environment, is a major security risk as it grants uncontrolled access.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 211,\n \"label\": \"True Positive\",\n \"secret_value\": \"8h$T9x!qW2r*Lp@vK4m&Z7gB#nS5yU\",\n \"reason\": \"The value '8h$T9x!qW2r*Lp@vK4m&Z7gB#nS5yU' is a high-entropy, 30-character string containing a random mixture of uppercase and lowercase letters, numbers, and special characters. This unpredictable format is characteristic of a machine-generated password, which is commonly used as a database secret. Unlike placeholders such as 'password123' or '', this is a concrete, fully-formed credential. Its assignment to a `spring.datasource.password` parameter provides strong contextual confirmation that it's an active password for accessing the production database, making it a critical security risk.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 219,\n \"label\": \"True Positive\",\n \"secret_value\": \"eC5tVg8jNkLpQ3sW6zY9bH2fR7uI0mO1vX4a\",\n \"reason\": \"The value 'eC5tVg8jNkLpQ3sW6zY9bH2fR7uI0mO1vX4a' is a valid Redis password. The string itself exhibits high entropy through its random mixture of uppercase letters, lowercase letters, digits, and special characters, which is characteristic of a generated secret. Unlike a placeholder, this value has a specific, unpredictable sequence of characters, indicating it is a functional credential. This is confirmed by the context, as the value is assigned to a property named `spring.redis.password`. Hardcoding a password with cryptographic randomness is a major security risk, as it gives unauthorized access to Redis cache data.\"\n}\n"}, {"index": 4, "sub_index": 2, "completion": "\n{\n \"line_number\": 224,\n \"label\": \"True Positive\",\n \"secret_value\": \"SG.k8yWq2pT9RzX4vU7cE1sN3.LgJ5tH_vB8nU6sY9aI0mD4fO2oP1qR3eS6wW7x Zz\",\n \"reason\": \"The value 'SG.k8yWq2pT9RzX4vU7cE1sN3.LgJ5tH_vB8nU6sY9aI0mD4fO2oP1qR3eS6wW7x Zz' is a SendGrid API key. Its format as `SG.` followed by two Base64-url-safe strings of characters is a distinctive and reliable pattern for SendGrid secrets. The two strings exhibit high entropy, consisting of a random mix of uppercase and lowercase letters, numbers, and specific symbols like `_` and `-`, which is characteristic of a genuine, machine-generated credential. The trailing space appears to be an artifact of a copy-paste error but the core structure of the key is intact and valid. Hardcoding such a credential in a configuration file poses a significant security risk, as it grants unrestricted access to the SendGrid service.\"\n}\n"}]} +{"id": 2, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 88,\n \"label\": \"True Positive\",\n \"secret_value\": \"sk_live_51KmzU8BqR6tP0kLwXgH7yV3dF9sJ1eA8cW2mN4oB6gZ5hI0kL3jM7yV9dF1gH2jK4lN6oB5pQ8sR7tU\",\n \"reason\": \"The value is a fully-formed Stripe API key, identified by the prefix `sk_live_`. This prefix is a strong indicator of a live key for production Stripe accounts, distinguishing it from test keys which use `sk_test_`. The key exhibits high entropy, with a random combination of alphanumeric characters that is inconsistent with placeholders or test data. The surrounding code confirms its purpose, as the key is directly assigned to the `stripe.api_key` variable and used in `stripe.Charge.create` calls. Hardcoding a production API key is a severe security risk, as it allows unauthorized access to process payments and expose sensitive customer data.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 90,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgres://payment_svc_user:pS9#v$2K@j1F!gH@db-payments-prod.c4z1x2y3w4.us-east-1.rds.amazonaws.com:5432\",\n \"reason\": \"The value is a complete and valid PostgreSQL connection string containing multiple sensitive components. It follows the standard format: `scheme://username:password@hostname:port`. The username (`payment_svc_user`) and hostname (`db-payments-prod...`) clearly identify it as an production database credential, not a placeholder. Critically, the password (`pS9#v$2K@j1F!gH`) exhibits high entropy, with a mix of alphanumeric characters and special symbols, indicating it is a real, generated credential. Leaking this full string exposes the username, password, and production hostname, granting direct network access to a potentially critical database.\"\n}\n"}, {"index": 0, "sub_index": 2, "completion": "\n{\n \"line_number\": 119,\n \"label\": \"True Positive\",\n \"secret_value\": \"SG.4fVg7p8R_TqWz3xY9bA1c2.gHjKlMnOpQrStUvWxYz01AbCdEfGhIjK23Lm4\",\n \"reason\": \"The value 'SG.4fVg7p8R_TqWz3xY9bA1c2.gHjKlMnOpQrStUvWxYz01AbCdEfGhIjK23Lm4' is a fully-formed SendGrid API Key. The structure of this value, specifically the 'SG.' prefix followed by two Base64-encoded strings, is a definitive identifier for a SendGrid API key. The two content strings exhibit high entropy and follow the exact length and character set constraints specified by SendGrid's format. Unlike placeholders which might use repeated characters or descriptive text, this value appears to be a real, generated credential. The context of being assigned to a `SendGridAPIClient` constructor confirms its use as sensitive authentication material.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 14,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAY3R4WZ76X2P5QJ6M\",\n \"reason\": \"The value 'AKIAY3R4WZ76X2P5QJ6M' is a valid AWS Access Key ID, definitively identified by its 'AKIA' prefix. This format is a non-negotiable standard for AWS access keys, differentiating them from generic placeholders. The subsequent 16 alphanumeric characters exhibit high entropy and follow AWS's specific structure, confirming this is not a template or example. Although the access key itself is not encrypted and can be publicly known, its value in conjunction with the corresponding secret key makes it a critical security risk, enabling unauthorized API actions. The explicit variable name `access_key` and its placement within a provider block further reinforce that this is a hardcoded credential.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 15,\n \"label\": \"True Positive\",\n \"secret_value\": \"a7vK9LpM4hG2sR8wD1fC5qT0jB3uN6zX9iY7eE/Z\",\n \"reason\": \"The value 'a7vK9LpM4hG2sR8wD1fC5qT0jB3uN6zX9iY7eE/Z' is a high-entropy cryptographic token matching the specific format of an AWS Secret Access Key (AKIA-prefixed Access Key ID is paired on line 14). This value is composed of a random mix of alphanumeric characters and a special symbol ('/'), which is a strong indicator of a real credential. Unlike a placeholder, this is a concrete string that follows the AWS secret key pattern. The context within the `provider \\\"aws\\\"` block and its assignment to the `secret_key` variable confirm its function as a sensitive authentication token. Hardcoding a real AWS secret key in source code is a critical security vulnerability, as it grants programmatic access to AWS resources.\"\n}\n"}, {"index": 1, "sub_index": 2, "completion": "\n{\n \"line_number\": 35,\n \"label\": \"False Positive\",\n \"secret_value\": \"db_P@ssw0rd_pr0d_!2023\",\n \"reason\": \"The value 'db_P@ssw0rd_pr0d_!2023' is a predictable password composed of dictionary words and common leetspeak. It mixes the word 'password' with a suffix related to the database and a date, which is a very weak and common pattern for test or default credentials. Real secrets exhibit high entropy and randomness, whereas this string is easily guessable and lacks the character variety of a production-ready password. This pattern, which combines dictionary words, number substitutions, and suffix information, is a strong indicator of a non-sensitive, human-readable credential.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 19,\n \"label\": \"True Positive\",\n \"secret_value\": \"dckr_pat_aBcDeFgHiJkLmNoPqRsTuVwXyZ012345\",\n \"reason\": \"The value 'dckr_pat_aBcDeFgHiJkLmNoPqRsTuVwXyZ012345' is a valid Docker Personal Access Token (PAT) based on its specific format. The 'dckr_pat_' prefix is a known service-specific identifier for this type of credential. Although the subsequent 32 characters 'aBcDeFgHiJkLmNoPqRsTuVwXyZ012345' exhibit a simple alphabetic-numeric pattern, they are still being used as part of a syntactically correct, high-entropy string intended for machine authentication. This is not a placeholder like 'dckr_pat_xxx' but a concrete value being assigned to the password parameter of a login action, confirming it is intended to be used as a secret. Hardcoding any real, non-example credential is a security risk.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 35,\n \"label\": \"True Positive\",\n \"secret_value\": \"ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7f\",\n \"reason\": \"The value 'ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7f' is a valid GitHub Personal Access Token (PAT). The 'ghp_' prefix is a definitive indicator for this secret type. The subsequent 36-character string exhibits high entropy, composed of a random mix of uppercase letters, lowercase letters, and digits, which is consistent with a cryptographically generated credential. Unlike a placeholder, this is a fully-formed token that presents a significant security risk, as it could be used to perform unauthorized actions on the associated GitHub repository. Hardcoding a real credential like this into a CI/CD workflow is a classic and dangerous secret leak pattern.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 62,\n \"label\": \"True Positive\",\n \"secret_value\": \"AIzaSyB8pZ5GfsJk9mDq7nL4vW2xRcH1tU0E\",\n \"reason\": \"The value 'AIzaSyB8pZ5GfsJk9mDq7nL4vW2xRcH1tU0E' is a legitimate Google Cloud Platform (GCP) API key, identifiable by its specific 'AIzaSy' prefix. This prefix is a consistent identifier for API keys associated with Firebase and Google Cloud Services. The value is a 39-character string of mixed-case alphanumeric characters that exhibits high entropy, indicating it is a randomly generated credential. Unlike a placeholder, which might use 'YOUR_API_KEY' or a repeated pattern, this is a concrete, unique key. Even though the context shows it within a `firebaseConfig`, exposing this key in client-side code is a significant security risk as it allows anyone to impersonate the application and make authenticated requests to GCP services.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 75,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://a1b2c3d4e5f61234abcd5678ef901234@o123456.ingest.sentry.io/9876543\",\n \"reason\": \"The secret value is a valid Sentry Data Source Name (DSN), which explicitly embeds an authentication token. The URL format `https://@/` is standard for this credential type, and the high-entropy string `a1b2c3d4e5f61234abcd5678ef901234` acts as the password for accessing the Sentry ingest API. Unlike placeholders, this is a fully-formed, cryptographically random token that could be used for unauthorized event reporting. Leaking a DSN is a significant security risk, as it allows anyone to send errors to a project's stream and potentially overload it or abuse its infrastructure. The variable name `dsn` and its use within `Sentry.init` provide direct context confirming the value's sensitive nature as an authentication credential.\"\n}\n"}, {"index": 3, "sub_index": 2, "completion": "\n{\n \"line_number\": 82,\n \"label\": \"True Positive\",\n \"secret_value\": \"pk.eyJ1IjoicHJvZGFwcDE2MiIsImEiOiJja3o4dGJuMGZicTVrcXFpbmh1Mm9zb3dzNSIsImMiOiJzdHJlZXRzLXYxMSIsImMiOiJzaG93LWRhc2hib2FyZC1vdmVybGF5In0.j-7t2c9NqS5iJ6w3x41i79X6U2j1J3qRGR1cM1J8u44\",\n \"reason\": \"The value 'pk.eyJ1IjoicHJvZGFwcDE2MiIsImEiOiJja3o4dGJuMGZicTVrcXFpbmh1Mm9zb3dzNSIsImMiOiJzdHJlZXRzLXYxMSIsImMiOiJzaG93LWRhc2hib2FyZC1vdmVybGF5In0.j-7t2c9NqS5iJ6w3x41i79X6U2j1J3qRGR1cM1J8u44' is a legitimate Mapbox access token. The value itself is a high-entropy string composed of a public prefix ('pk.') followed by a JSON Web Token (JWT) which is Base64-encoded. This format is specific to Mapbox and is a known pattern for developer tokens. While the token contains public information like a username ('prodapp162') and style identifier, its cryptographic signature within the token's structure makes it a credential, not just example data. Leaking this type of key is a common security issue because unauthorized use can lead to service abuse and potentially cost the account holder money due to API call limits. Unlike a placeholder, this is a fully-formed credential with a valid structure and signature.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 16,\n \"label\": \"True Positive\",\n \"secret_value\": \"h#K!p$7sW@v3xR9zQ*j1fG_b\",\n \"reason\": \"The value 'h#K!p$7sW@v3xR9zQ*j1fG_b' is a high-entropy string that functions as a password, indicated by its random mix of uppercase letters, lowercase letters, numbers, and special characters. This specific pattern of complexity and character variety is a strong hallmark of a real secret, as it makes brute-forcing extremely difficult. Unlike a placeholder like '' or a simple repeated character sequence, this is a fully-formed, concrete credential. The context within `application.properties`, specifically the `spring.redis.password` key, explicitly confirms that this value is intended for authentication, making its exposure a significant security risk.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 19,\n \"label\": \"True Positive\",\n \"secret_value\": \"AC9f7e6d5c4b3a291807654321fedcba\",\n \"reason\": \"The value 'AC9f7e6d5c4b3a291807654321fedcba' is a legitimate Twilio Account SID. It perfectly matches the expected format for this credential type, which begins with the 'AC' prefix and is followed by a 32-character hexadecimal string. The string itself exhibits high entropy with a random distribution of hexadecimal characters, which is a strong indicator of a real, machine-generated key. Although comments often mark secrets, this value contains no placeholder markers and is a fully formed credential. The parameter name 'twilio.account.sid' directly confirms the value's purpose as an authentication token, making this a clear true positive.\"\n}\n"}, {"index": 4, "sub_index": 2, "completion": "\n{\n \"line_number\": 20,\n \"label\": \"True Positive\",\n \"secret_value\": \"8a7b65c4d3e2f109876a5b4c3d2e1f0a\",\n \"reason\": \"The value '8a7b65c4d3e2f109876a5b4c3d2e1f0a' is a 32-character hexadecimal string exhibiting high entropy, a common format for API tokens. The value is a concrete, random sequence of characters without any placeholder patterns, distinguishing it from example data. The variable name `twilio.auth.token` provides direct context that this value is an authentication token for the Twilio service, which explicitly uses 32-character hexadecimal Auth Tokens. Hardcoding a real credential like this grants an attacker a functional token, representing a significant security risk. The surrounding context of other Twilio credentials further reinforces that this is not a mock configuration but a live secret, likely from a development or testing environment that made its way into production code.\"\n}\n"}, {"index": 4, "sub_index": 3, "completion": "\n{\n \"line_number\": 24,\n \"label\": \"True Positive\",\n \"secret_value\": \"b2luc3JldnNqcmVxdm5qcXNlMjR2NHFzZXZzcjI1OXF5MHI=\",\n \"reason\": \"The value 'b2luc3JldnNqcmVxdm5qcXNlMjR2NHFzZXZzcjI1OXF5MHI=' is a valid Base64 encoded string. Its high entropy, indicated by the random mix of uppercase letters, lowercase letters, and numbers, is a strong characteristic of a secret key. Although it's encoded, it represents a fully-formed, concrete key used for signing JSON Web Tokens, which is a critical security function. Unlike a placeholder like '' or repeated characters, this value has the appearance of a production-ready credential. Exposing a JWT signing key can allow attackers to forge authentication tokens, making this a significant security risk regardless of the encoding format.\"\n}\n"}]} +{"id": 3, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 96,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAY3R4WZ76X2P5QJ6M\",\n \"reason\": \"The value 'AKIAY3R4WZ76X2P5QJ6M' is a legitimate AWS Access Key ID. The prefix 'AKIA' is a well-known, specific identifier for AWS programmatic access keys. This 20-character uppercase string exhibits the format and high entropy of a real credential, unlike generic placeholders. The associated parameter name `aws_access_key_id` in the `boto3.Session` constructor provides explicit context that this is an authentication token. Hardcoding an access key ID like this is a security risk as it is part of an asymmetric authentication pair, and its corresponding secret key is even more sensitive. Although sometimes used for temporary or development purposes as suggested by the comment, it is still a functional credential that provides an entry point into an AWS account.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 97,\n \"label\": \"True Positive\",\n \"secret_value\": \"kG+N9sL2rP4xW7yH8zC1vE0bF3uA5tD6jQ/mIoX\",\n \"reason\": \"The value 'kG+N9sL2rP4xW7yH8zC1vE0bF3uA5tD6jQ/mIoX' is a high-entropy AWS secret access key. The string consists of a random-looking mix of mixed-case letters, numbers, and the special characters '+' and '/' which are characteristic of URL-safe Base64 encoding used by AWS. Unlike a placeholder, this is a specific, concrete value with no repeating characters or discernible patterns, indicating it is a real credential. Hardcoding this key directly into `boto3.Session` is a severe security anti-pattern because the value is present in the codebase, which may be committed to source control. Even the comment 'Temporary AWS credentials' does not reduce the risk, as temporary credentials can be abused if compromised.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 74,\n \"label\": \"True Positive\",\n \"secret_value\": \"4a8f15d7e5b6c93f0a12e4d3c5f6b8a1\",\n \"reason\": \"The secret value '4a8f15d7e5b6c93f0a12e4d3c5f6b8a1' is a 32-character hexadecimal string, a format matching Datadog's API keys. The value exhibits high entropy with a random mix of alphanumeric characters, indicating it is a machine-generated credential, not a placeholder. Unlike a generic example such as 'xxxx...', this is a fully-formed, specific key that could authenticate to a Datadog account. The surrounding context confirms this, as the key is assigned to the `api_key` parameter within a `datadog_monitor` resource block. The comment '// TODO: This should be moved to a var file or Vault' explicitly acknowledges its nature as a hardcoded secret.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 33,\n \"label\": \"True Positive\",\n \"secret_value\": \"dckr_pat_aB7-cDef_gHiJkL-mNop_qRsT\",\n \"reason\": \"The value 'dckr_pat_aB7-cDef_gHiJkL-mNop_qRsT' is a high-entropy string that perfectly matches the format of a Docker Personal Access Token (PAT). The prefix 'dckr_pat_' is a definitive service-specific indicator for this token type. The 20-character suffix consists of a random mix of alphanumeric characters, indicating it's a unique, machine-generated credential, not a placeholder. This value exhibits all the characteristics of a real secret and is found in the `password` parameter of a `docker/login-action`, which is used for authentication. The context of being hardcoded directly in a public CI/CD pipeline file makes it a critical security risk, regardless of whether it's a test or production token.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 49,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/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\",\n \"reason\": \"The value is a fully-formed Slack Incoming Webhook URL, a known type of hardcoded secret. The URL structure with its three path segments ('T...' for Team ID, 'B...' for Bot ID, and a trailing high-entropy string) is a specific format that grants write access to a Slack channel. The final segment, 'jK8lM9nO0pQ1rS2tU3vW4xY5', is a concrete, 24-character alphanumeric string with significant randomness, matching the characteristics of a real credential. Unlike a placeholder, this is a specific and potentially active token. Hardcoding webhook URLs directly into CI/CD scripts is a significant security risk, as it exposes a direct, unauthenticated pathway into a workspace for anyone with access to the code.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 215,\n \"label\": \"True Positive\",\n \"secret_value\": \"4#pZ&qK9!sW8*L@gM$nBv\",\n \"reason\": \"The value '4#pZ&qK9!sW8*L@gM$nBv' is a high-entropy string that appears to be a cryptographically generated password or secret token. It is composed of a random mix of uppercase letters, lowercase letters, numbers, and special characters, which is a strong indicator of a real secret, not a placeholder. Unlike generic examples such as 'password123' or '', this value exhibits significant randomness and complexity. This format is consistent with passwords generated by systems or high-entropy random string generators. The context confirms this, as the key is 'spring.datasource.password' for a 'reporting_prod' database, identifying it as production authentication material.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 223,\n \"label\": \"True Positive\",\n \"secret_value\": \"f9b5c3d2e1a04987b6a5c4d3e2f1b0a9c8d7e6f5a4b3c2d1e0f0987654321fed\",\n \"reason\": \"The value 'f9b5c3d2e1a04987b6a5c4d3e2f1b0a9c8d7e6f5a4b3c2d1e0f0987654321fed' is a high-entropy alphanumeric string that strongly matches the format of a OAuth 2.0 client secret. The 64-character hexadecimal structure is a standard representation for such credentials. The random distribution of characters and absence of predictable patterns (like sequences or repeated characters) are key indicators of a cryptographically generated, sensitive value. Unlike a placeholder, this is a specific, fully-formed credential. The context, defined by the `client-secret` key and the `security.oauth2.client` configuration group, confirms its sensitive purpose as an authentication token for an SSO system.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 123,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://b4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9@o123456.ingest.sentry.io\",\n \"reason\": \"The value is a valid Sentry Data Source Name (DSN), a public-facing credential that contains an embedded authentication token. The structure `https://@host` is a defining pattern for Sentry DSNs. The key part, 'b4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9', is a 32-character high-entropy string that matches Sentry's known format for such keys. Although the key is part of a public identifier, it still grants write-access to a Sentry project and can be abused for false reporting or denial-of-service. This pattern teaches that even if the key is public, its location within an authenticated URL schema makes it a credential.\"\n}\n"}]} +{"id": 4, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 78,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAU4EG23W5F7Y6ZCQN\",\n \"reason\": \"The value 'AKIAU4EG23W5F7Y6ZCQN' is a valid AWS Access Key ID. Its value starts with the 'AKIA' prefix, which is the standard identifier for AWS IAM Access Keys for IAM users. The remainder of the string is a 16-character alphanumeric sequence that exhibits the high entropy characteristic of a real, generated credential. Unlike placeholders such as 'AKIAYOURKEYHERE', this is a specific, concrete value that poses a significant security risk. The variable name 'aws_access_key_id' and its direct use in creating a `boto3.Session` further confirm its sensitive nature, as it is a functional credential granting programmatic access to AWS resources.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 79,\n \"label\": \"True Positive\",\n \"secret_value\": \"hG8pFk3mZ+jV9sL1wN7tYqR2dC0xI4oA/bB5uE3f\",\n \"reason\": \"The value 'hG8pFk3mZ+jV9sL1wN7tYqR2dC0xI4oA/bB5uE3f' is a high-entropy string with random character distribution, typical of an AWS secret access key. The value's length, format (Base64 characters including uppercase, lowercase, numbers, '+', and '/'), and combination with the 'AKIA' prefix on line 78 for the key ID are definitive identifiers for this credential type. Unlike placeholders, this is a concrete, unique string with sufficient randomness and complexity to be an active key. The variable name `aws_secret_access_key` and its subsequent use in a `boto3.Session` constructor explicitly confirm its function as an authentication credential.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 36,\n \"label\": \"True Positive\",\n \"secret_value\": \"dckr_pat_aJv8rK3sLpH7qZ2mN9bXwF1g\",\n \"reason\": \"The value 'dckr_pat_aJv8rK3sLpH7qZ2mN9bXwF1g' is a high-entropy string that perfectly matches the known format for a Docker Hub Personal Access Token (PAT). The 'dckr_pat_' prefix is a unique, service-specific identifier, differentiating it from generic placeholders. The remaining 36-character suffix consists of a random mix of alphanumeric characters, which is a strong indicator of a machine-generated secret. Unlike a placeholder (e.g., 'dckr_pat_xxxx_...'), this is a concrete, specific credential. Given its context as a 'password' parameter within a 'docker/login-action', this token is confirmed to be a credential for authenticating to Docker Hub.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 35,\n \"label\": \"False Positive\",\n \"secret_value\": \"app_deployer_svc\",\n \"reason\": \"The value 'app_deployer_svc' is a username, not a password or token, and is therefore not a secret. It exhibits very low entropy, being composed of readable English words in snake_case ('app', 'deployer', 'svc') which indicates it is a human-readable identifier. Real credentials like passwords and API tokens are designed to be cryptographically random and unpredictable, unlike this structured identifier. The pattern teaches that even if a value is associated with an authentication action (like a GitHub PAT), the value itself must be evaluated for cryptographic randomness. This value is a public identifier for a service account and is safe to expose.\"\n}\n"}, {"index": 1, "sub_index": 2, "completion": "\n{\n \"line_number\": 49,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/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\",\n \"reason\": \"The value is a Slack Incoming Webhook URL, which functions as an authentication token and password for sending messages. The URL's format matches Slack's specification exactly, with the structure 'https://hooks.slack.com/services///'. The final 24-character string 'aVwXzY5qL8sJ7tP0kH3mG1rC' is highly specific and exhibits high entropy with a random mix of alphanumeric characters, which is a strong indicator of a real credential. Unlike generic placeholders (e.g., ''), this is a concrete, functional secret. Anyone with this URL can post to the targeted Slack channel, making its exposure a significant security risk.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 119,\n \"label\": \"True Positive\",\n \"secret_value\": \"dd_api_a9f86a9f86d7e9e8b7c6c5d4d3e2f1b0\",\n \"reason\": \"The value 'dd_api_a9f86a9f86d7e9e8b7c6c5d4d3e2f1b0' is a valid Datadog API key. The prefix 'dd_api_' is a definitive service identifier for this credential type. The alphanumeric string following the prefix is 32 characters long, matching the format and high entropy expected for a real Datadog API key. Although this value resembles a test or placeholder key due to its sequential nature in the first half, it is still a fully formed credential that could grant unauthorized access to a production Datadog account. Unlike a generic placeholder like 'dd_api_xxxxxxxxxxxxxxxxxxxxxxxx', this value presents as an active key, making it a security risk. The `api_key` parameter name and `datadog` provider context strongly confirm its sensitive classification.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 120,\n \"label\": \"True Positive\",\n \"secret_value\": \"dd_app_b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9\",\n \"reason\": \"The value 'dd_app_b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9' is a high-entropy alphanumeric string that matches the Datadog Application Key format. The 'dd_app_' prefix is a reliable service identifier, and the subsequent 40 characters form a random-looking sequence, which is characteristic of a machine-generated credential. Unlike a placeholder such as 'dd_app_xxxxxxxx', this value contains a specific, concrete string. Even if this key is found in a test or example file, it represents a functional credential that could be associated with a real Datadog account, posing a significant security risk.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 40,\n \"label\": \"True Positive\",\n \"secret_value\": \"Server=tcp:prod-db-cluster-1.database.windows.net,1433;Initial Catalog=UserData;User ID=svc_db_writer;Password=p@ssW0rd_f0r_Pr0d!v2.4$Db;Encrypt=True;\",\n \"reason\": \"The value is a complete SQL Server connection string that hardcodes sensitive credentials. It contains an explicit user ID ('svc_db_writer') and an embedded password ('p@ssW0rd_f0r_Pr0d!v2.4$Db'). While the password appears to be a variation of 'password', it includes uppercase letters, numbers, and special characters, giving it the high entropy and complexity characteristic of a real credential, not a generic placeholder. The server address points to a production environment ('prod-db-cluster-1'), confirming this is live credential data. The presence of the `TODO` comment further validates its sensitivity, as it explicitly highlights the need to secure this hardcoded value. Exposing this full string in source code grants direct access to a production database.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 41,\n \"label\": \"True Positive\",\n \"secret_value\": \"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\",\n \"reason\": \"The value is a valid SendGrid API key, which is definitively identified by its 'SG.' prefix. This prefix is a service-specific marker that signals the value's type. The string itself follows the known SendGrid format of a Base64-encoded, 24-character substring, followed by another Base64-encoded, 44-character substring. This value has high entropy with a random mix of letters, numbers, and symbols, characteristic of a real, unique credential. Unlike placeholders, which would repeat 'x' or use generic text, this is a fully-formed token. Hardcoding a real credential, as implied by its use in the `SendGridClient` constructor, is a severe security risk.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 40,\n \"label\": \"True Positive\",\n \"secret_value\": \"AIzaSyC1b2D3e4F5g6H7i8J9k0L1m2N3o4P5q6R\",\n \"reason\": \"The value 'AIzaSyC1b2D3e4F5g6H7i8J9k0L1m2N3o4P5q6R' is a valid Firebase API key. Its structure is definitively identified by the 'AIzaSy' prefix, which is a specific marker used by Google for Firebase/Cloud Functions API keys. The value has high entropy, combining a mix of uppercase letters, lowercase letters, and numbers to form a cryptographically random string, which is characteristic of a real credential. Unlike a placeholder (which might use repeated characters like 'x' or be generic like 'YOUR_API_KEY'), this is a fully-formed, specific key. The context of being assigned to an 'apiKey' property within a `firebaseConfig` object strongly confirms its sensitive nature as a secret.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 45,\n \"label\": \"False Positive\",\n \"secret_value\": \"1:867530912345:web:a1b2c3d4e5f6a7b8c9d0e1\",\n \"reason\": \"The value '1:867530912345:web:a1b2c3d4e5f6a7b8c9d0e1' is a valid Firebase Client SDK App ID, but it is a non-sensitive identifier, not a secret. While the last segment of the string has high entropy, the overall format, specifically the prefixes '1:', ':', and ':web:', is a deterministic pattern for generating this public identifier. Unlike an API key, which is designed for server-side authentication, the App ID is public information used to identify a specific application on the client side for SDK initialization. The public nature of this value is further confirmed by the accompanying comment mentioning a development environment and the presence of other less sensitive Firebase public configuration settings like projectId and authDomain.\"\n}\n"}]} +{"id": 5, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 102,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAU4O6R3T5W2X7Y9Z1\",\n \"reason\": \"The value 'AKIAU4O6R3T5W2X7Y9Z1' is a validly formatted AWS Access Key ID. The prefix 'AKIA' is a definitive identifier for this credential type. The subsequent 16 characters consist of a high-entropy mix of uppercase letters and digits, matching the specific format used by AWS. This is not a generic placeholder, which would typically use repeated characters like 'XXXXXXXX...' or the variable name itself. Hardcoding this value directly into the `boto3.Session` constructor is a critical security vulnerability, as it provides direct authentication to an AWS account. The function's docstring explicitly confirms the presence of 'hardcoded credentials', reinforcing this classification.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 103,\n \"label\": \"True Positive\",\n \"secret_value\": \"vN9bF8dG2kP1cQ5eR7sT3uV0wX4yZ6aB7cH9iJ/l\",\n \"reason\": \"The value 'vN9bF8dG2kP1cQ5eR7sT3uV0wX4yZ6aB7cH9iJ/l' is a high-entropy string that perfectly matches the 40-character format of an AWS Secret Access Key. The value is a random mixture of upper and lower case letters, numbers, and symbols, indicating it is a machine-generated credential rather than a placeholder or simple example. Unlike placeholders (e.g., 'XXXX'), this is a specific, concrete key. The context strongly confirms its sensitivity, as the parameter name is `aws_secret_access_key` within a `boto3.Session` constructor. Hardcoding this key directly into source code is a severe security risk as it allows anyone with code access to authenticate as the AWS user associated with this key.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 61,\n \"label\": \"True Positive\",\n \"secret_value\": \"dckr_pat_bH8gY2cX1dE4fG5hI6jK7lM8nO9pQ0rS\",\n \"reason\": \"The value 'dckr_pat_bH8gY2cX1dE4fG5hI6jK7lM8nO9pQ0rS' is a genuine Docker Personal Access Token (PAT). The 'dckr_pat_' prefix is a specific service identifier that uniquely distinguishes this token format. The subsequent random string of 36 characters exhibits high entropy, confirming its cryptographic nature and lack of being a generic placeholder. This value is fully formed, with no template syntax or repeating characters, making it a concrete, potentially active credential. Although it is a 'Personal' access token, it is being used in an automated Jenkins pipeline for Docker Hub authentication, making it a critical secret for CI/CD operations.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 125,\n \"label\": \"True Positive\",\n \"secret_value\": \"sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7hN5fD6gE4iT2oP1aL0kM8zGxYc9v\",\n \"reason\": \"This value is a fully-formed Stripe API secret key, identifiable by its specific 'sk_live_' prefix followed by 40 alphanumeric characters. The prefix explicitly labels the value as a secret for a Stripe live account, making its context and function clear. The 40-character alphanumeric string has high entropy, matching the known format of Stripe keys and contrasting sharply with placeholders. Although it is in a configuration file, it is a concrete, fully-generated value that poses a direct security risk, as it can be used to perform live transactions if the code is deployed. The fact that this value is assigned directly to the 'secretKey' field and used for initialization confirms it is a sensitive, hardcoded credential.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 140,\n \"label\": \"False Positive\",\n \"secret_value\": \"whsec_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6\",\n \"reason\": \"The value 'whsec_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6' is a non-sensitive test credential, despite starting with the 'whsec_' prefix which resembles a real Stripe webhook secret. The significant characteristic is that the value following the prefix consists of the exact same repeating hexadecimal block 'a1b2c3d4e5f6', resulting in extremely low entropy. Real secrets are cryptographically random and do not contain such predictable, repeating patterns. This pattern is a common signature of placeholder or example data explicitly created to test webhook functionality without exposing a real credential.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 32,\n \"label\": \"True Positive\",\n \"secret_value\": \"S#cr3t_DB_P@ssw0rd_8k!2mN\",\n \"reason\": \"The value 'S#cr3t_DB_P@ssw0rd_8k!2mN' is a true positive secret despite its low-entropy components. It is a constructed password composed of dictionary words and leetspeak ('S#cr3t', 'P@ssw0rd'), which is a common, albeit insecure, pattern for human-memorable credentials. Critically, it also incorporates random characters ('8k!2mN'), which adds an element of unpredictability characteristic of real secrets. Unlike a placeholder like 'YourPasswordHere', this value appears to be a concrete, usable credential. The parameter name `password` in the `aws_db_instance` resource block strongly confirms the value is intended as sensitive authentication material.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 47,\n \"label\": \"True Positive\",\n \"secret_value\": \"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\",\n \"reason\": \"The value is a valid SendGrid API key, identified by its distinctive 'SG.' prefix and a multipart structure separated by dots. The key itself consists of three high-entropy, randomly generated blocks of characters (Base64 URL-safe), which is the exact format specified by SendGrid. This value has the length and cryptographic randomness of a real credential, not a placeholder like 'SG.YOUR_KEY_HERE'. The context of a variable named 'sendgrid_api_key' and the Terraform `sensitive=true` argument explicitly confirm this is an active, sensitive secret.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 58,\n \"label\": \"True Positive\",\n \"secret_value\": \"9f8e7d6c5b4a3a2a1a0b9c8d7e6f5a4b\",\n \"reason\": \"The value '9f8e7d6c5b4a3a2a1a0b9c8d7e6f5a4b' is a 32-character hexadecimal string, which is the precise format for an Algolia API Key. This value exhibits high entropy with a random distribution of alphanumeric characters, indicating it is a real, machine-generated credential. Unlike placeholders which use repeated characters or descriptive text, this is a concrete and specific value. Even within a CI/CD workflow where environment variables are common, hardcoding a specific credential is a security risk. Hardcoded keys can be accidentally leaked through logs, chat history, or public code repositories, allowing unauthorized access to the Algolia service.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 64,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/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\",\n \"reason\": \"The secret value is a valid Slack Incoming Webhook URL, which is a highly sensitive credential. Its format is deterministic and consists of three path segments: a base Slack URL, a Team/Workspace ID, and a specific, high-entropy Hook ID. The final segment, 'r6aG9dK9jL5pS8cW2fH1gU4p', is a 24-character alphanumeric string that displays significant randomness and matches the exact format of a real Slack webhook token. Unlike a placeholder, which might use repeated characters or descriptive text, this is a specific, concrete credential. The surrounding code confirms its function, as it is used in a `curl` command to send data to the URL, establishing that it is an active, functional secret.\"\n}\n"}]} +{"id": 7, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 92,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIA44JGL55QT6L72Q57\",\n \"reason\": \"The value 'AKIA44JGL55QT6L72Q57' is a valid AWS Access Key ID, definitively identified by its 'AKIA' prefix and the 20-character alphanumeric string. This prefix is a specific format designated by AWS for temporary credentials, indicating a high likelihood of being a real key. The value exhibits the high entropy characteristic of a machine-generated credential, with a random distribution of numbers and uppercase letters. Unlike a placeholder, which might use repeated characters or generic text, this is a fully-formed key that could be used to provision resources. Its direct assignment to the `access_key` parameter within an `aws` provider block confirms its sensitive role in authentication.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 93,\n \"label\": \"True Positive\",\n \"secret_value\": \"Jv2/G5fB8hK0lM3nO7pQ9rS2uV5wX8yZ1aC4bE6d\",\n \"reason\": \"The value 'Jv2/G5fB8hK0lM3nO7pQ9rS2uV5wX8yZ1aC4bE6d' is a high-entropy, base64-encoded string that perfectly matches the format of an AWS Secret Access Key. Its 40-character length and random mix of alphanumeric characters and special symbols ('/', '+') are definitive characteristics of an AWS key, not a placeholder. Unlike templates like 'xxx' or 'YOUR_KEY_HERE', this value is a fully-formed, concrete credential. Even if this code is for a test environment, committing a real secret directly into source control, especially when it's named `secret_key` in an `aws` provider block, poses a significant security risk as it grants potential access to cloud resources.\"\n}\n"}, {"index": 0, "sub_index": 2, "completion": "\n{\n \"line_number\": 111,\n \"label\": \"True Positive\",\n \"secret_value\": \"hJ$9!zK@bD3pG*sV\",\n \"reason\": \"The value 'hJ$9!zK@bD3pG*sV' is a high-entropy password string containing a random mix of uppercase letters, lowercase letters, numbers, and symbols, which is a strong indicator of a cryptographically secure credential. It lacks any placeholder patterns, such as repeated characters or generic text. Unlike simple examples, this value exhibits the unpredictability of a real, machine-generated password. Its assignment to the `password` argument in an `aws_db_instance` resource block explicitly confirms its sensitive role in authenticating to a production database. Hardcoding such a password in an infrastructure file poses a severe security risk, as it allows anyone with source code access to compromise the database.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 51,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgres://payment_svc_user:Ag8#kL$pQ2sZ!vF@pg-prod-us-east-1a.c3kfexample.rds.amazonaws.com:5432/payments_prod\",\n \"reason\": \"This value is a complete and valid PostgreSQL connection string. It contains all five critical components of a credential set: username ('payment_svc_user'), a password ('Ag8#kL$pQ2sZ!vF'), the hostname of a specific AWS RDS instance, a port, and the database name. The password component exhibits high entropy with a random mix of uppercase, lowercase, and special characters, confirming it is not a placeholder. Even though the hostname has 'example.com', the rest of the string appears to be a real, fully-formed credential pointing to a specific AWS resource. Hardcoding this entire connection string is a critical security flaw, as it grants direct database access to anyone with source code control.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 52,\n \"label\": \"True Positive\",\n \"secret_value\": \"sk_live_51Mv0L2BpF8fG1tY9cRzXvWqSjU3mB4aD5eFgH6iJ7kL8mN9oP0qR1sT\",\n \"reason\": \"The secret value 'sk_live_51Mv0L2BpF8fG1tY9cRzXvWqSjU3mB4aD5eFgH6iJ7kL8mN9oP0qR1sT' is a Stripe live secret key, confirmed by the 'sk_live_' prefix. The 40-character alphanumeric string that follows the prefix has high entropy, consistent with a real, machine-generated credential. While the comment at line 50 notes this is a real app, it's also a 'development' example, which often involves committing real credentials from test or staging environments. Leaking a live secret key allows anyone to perform fraudulent transactions on behalf of the application, making this a critical security risk despite its example context.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 36,\n \"label\": \"True Positive\",\n \"secret_value\": \"dckr_pat_bC9hFvG5jL1kM4nO7pQ9rS2uV5wX8yZ1aC\",\n \"reason\": \"The secret value 'dckr_pat_bC9hFvG5jL1kM4nO7pQ9rS2uV5wX8yZ1aC' is a valid Docker Personal Access Token. Its structure is definitively identified by the 'dckr_pat_' prefix, which is a specific format assigned by Docker to this type of authentication token. The 32-character suffix is a high-entropy alphanumeric string with random character distribution, which is consistent with a machine-generated credential. Unlike a placeholder, this is a concrete, fully-formed token that could be used for authentication. The parameter name `password` and its usage within a `docker/login-action` block in a CI/CD pipeline further confirm this is a sensitive credential used for an automated process, representing a significant security risk.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 52,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/T012ABCDEF3/B01GHIJKLM4/vP5qR6sT7uV8wX9yZ0aB1c\",\n \"reason\": \"This value is a valid Slack Incoming Webhook URL, which functions as a secret token. The URL has the specific format required by Slack, which includes a `hooks.slack.com` domain followed by a series of path segments (`/services/...`). The final path component, `vP5qR6sT7uV8wX9yZ0aB1c`, is a high-entropy string that matches the pattern of a randomly generated authentication token. Unlike a placeholder, this is a complete and specific credential. Anyone possessing this URL can send arbitrary messages to a specified Slack channel, making its exposure a significant security risk.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 219,\n \"label\": \"True Positive\",\n \"secret_value\": \"DefaultEndpointsProtocol=https;AccountName=prodfilestorage1;AccountKey=wJ/x5mP8Q+kZ3rT9vB2uC4dE6fG8hJ0lM2nO4pQ6rS8tV0wX2yZ4aC6bE8dF+gHjK/lM4nO6pQ==;EndpointSuffix=core.windows.net\",\n \"reason\": \"This value is a complete Azure Storage Account Connection String, a highly sensitive credential. The format `DefaultEndpointsProtocol=...;AccountName=...;AccountKey=...;` is specific to Azure services. The AccountKey part `wJ/x5mP8Q+kZ3rT9vB2uC4dE6fG8hJ0lM2nO4pQ6rS8tV0wX2yZ4aC6bE8dF+gHjK/lM4nO6pQ==` is a valid, high-entropy Base64-encoded string that shows no signs of being a placeholder. Unlike an example like ``, this is a fully-formed, concrete credential. The variable name `AzureStorageConnectionString` and the comment `// Static class holding critical application secrets.` explicitly confirm its purpose. Even in a production environment, this value is exposed in source code and should be treated as a severe security risk.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 220,\n \"label\": \"True Positive\",\n \"secret_value\": \"SG.bF3gH5iJ7kL9mN1oP3qR5sT7uV9wX1yZ.aC3bE5dF7gH9jK1lM3nO5pQ7rS9tU\",\n \"reason\": \"The value 'SG.bF3gH5iJ7kL9mN1oP3qR5sT7uV9wX1yZ.aC3bE5dF7gH9jK1lM3nO5pQ7rS9tU' is a valid SendGrid API key, which is identified by the 'SG.' prefix. This value exhibits high entropy in all segments, which is a strong indicator of a real, computationally generated key. Unlike placeholders, it is a fully-formed, unique string consistent with SendGrid's published token format. The variable name 'SendGridApiKey' provides explicit confirmation of the value's purpose. Even though this might be a development key, it's still considered a secret because it could be used to abuse the service, send spam, or compromise the user's account. The presence of comments like 'TODO: Refactor this to use Azure Key Vault before GA.' only serves as further evidence that this is a functional, albeit non-ideal, secret being used in development.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 88,\n \"label\": \"True Positive\",\n \"secret_value\": \"4a1b0c9d2e8f7g6h5i4j3k2l1m0n9o8p7q6r5s4t3u2v1w0x\",\n \"reason\": \"The value '4a1b0c9d2e8f7g6h5i4j3k2l1m0n9o8p7q6r5s4t3u2v1w0x' is a high-entropy alphanumeric string characteristic of an API key or secret. The value exhibits cryptographic randomness with a mix of lowercase letters and numbers, and lacks any repetitive or placeholder patterns like 'xxx' or sequential characters. Although it contains one non-standard character 'g', this does not invalidate its nature as a secret; many service providers allow special characters. The contextual variable name 'metricsApiKey' provides explicit confirmation that this value is a credential. Hardcoding a secret key of this complexity poses a significant security risk, as it allows anyone with access to the source code to authenticate against the target service.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 95,\n \"label\": \"True Positive\",\n \"secret_value\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLnMxLmV4YW1wbGUuY29tIiwic3ViIjoiY2NjY2QxZjctMGIzNC00MWFmLThmZjktYWZmMDc0MjVmYTc3IiwiYXVkIjoiYXBpLnMxLmV4YW1wbGUuY29tIiwiaWF0IjoxNjQ4MDQ0NDc5LCJleHAiOjE2NDgwNDgwNzl9.m4zV8G48EaFqfJkXw9Y2ZzQ3bH6iJ8kL0mN2oP4qR6s\",\n \"reason\": \"The value is a fully-formed JSON Web Token (JWT), identifiable by its 'header.payload.signature' structure and Base64 encoded segments. The components exhibit high entropy and follow the exact specification for a JWT, unlike simple placeholders. The presence of 'is_service' and 'user_id' claims, along with a specific 'iat' (issued at) and 'exp' (expiration) timestamp, confirms it is a real, potentially active credential. Although the domain is generic (`example.com`), the format is concrete and represents a valid security artifact that grants authorization, making it a clear true positive.\"\n}\n"}]} +{"id": 8, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 50,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgres://order_svc_user:pIu#9Tf$zQ5w@db-prod-main.cyabxzywzzza.us-east-1.rds.amazonaws.com:5432/orders_production\",\n \"reason\": \"The value is a complete PostgreSQL connection string that explicitly embeds a username ('order_svc_user') and a password ('pIu#9Tf$zQ5w'). The password portion, 'pIu#9Tf$zQ5w', exhibits high entropy with a random mix of mixed-case letters, numbers, and special characters, indicating it is a real credential, not a placeholder. Including credentials directly in a connection string is a classic secret leaking vulnerability. Although the host is an RDS instance name, the string reveals a valid connection pathway to a production database, posing a significant security risk if exposed.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 56,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAU4VFT7J6X2P5QJ6M\",\n \"reason\": \"The value 'AKIAU4VFT7J6X2P5QJ6M' is an AWS Access Key ID, definitively identified by the standard 'AKIA' prefix. The 20-character string following the prefix is a random combination of upper and lower case letters, which perfectly matches the format and high entropy of an active AWS credential. This is a concrete, fully-formed value, not a generic placeholder like 'AKIAXXXXXXXXXXXXXXXXXXXX'. While the code itself contains a discouraging comment, the value itself is a real, active key used to authenticate to an AWS service. Hardcoding such credentials, even in a development or test file, is a critical security risk that allows unauthorized access.\"\n}\n"}, {"index": 0, "sub_index": 2, "completion": "\n{\n \"line_number\": 57,\n \"label\": \"True Positive\",\n \"secret_value\": \"gT8vNl2yX+ZpB/tY9cRzXvWqSjU3mB/kL5dF8aC\",\n \"reason\": \"The value 'gT8vNl2yX+ZpB/tY9cRzXvWqSjU3mB/kL5dF8aC' is a fully-formed AWS secret access key. It is a 41-character string with high entropy, composed of mixed-case alphanumeric characters, '+', '/', and '=', which are all valid parts of a Base64 encoded key. This value perfectly matches the specific format and length requirement for this type of credential. Unlike a placeholder, which would use repeated characters or descriptive terms, this is a concrete, unique value. The context of its assignment to the `aws_secret_access_key` parameter within an `boto3.client('s3', ...)` call provides direct and unambiguous evidence that it's intended as live authentication material for accessing AWS services, posing a significant security risk.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 22,\n \"label\": \"True Positive\",\n \"secret_value\": \"dckr_pat_a4d3f2c1b0e9a8b7c6d5e4f3a2b1c0d9e8f7g6h5\",\n \"reason\": \"The value 'dckr_pat_a4d3f2c1b0e9a8b7c6d5e4f3a2b1c0d9e8f7g6h5' is a valid Docker Personal Access Token (PAT). The prefix 'dckr_pat_' is a definitive identifier for this specific secret type. The remainder of the string, 'a4d3f2c1b0e9a8b7c6d5e4f3a2b1c0d9e8f7g6h5', exhibits high entropy with a random distribution of alphanumeric characters, consistent with a cryptographically generated credential. Unlike a placeholder, this is a concrete, fully formed token with no repeating patterns or generic template elements. Its assignment to the 'password' parameter in a 'docker/login-action' context provides strong contextual confirmation of its purpose as an authentication token. Exposing this token in a workflow file grants unauthorized access to the associated Docker Hub repository, making it a critical secret.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 35,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/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\",\n \"reason\": \"The value is a complete Slack Incoming Webhook URL, which is an authentication token. The URL format follows Slack's specific pattern for webhooks (`.../services/TEAM_ID/CHANNEL_ID/SLACK_TOKEN`), and the final 24-character segment, 'kLmN8oPqR0sT1uV2wX3yZ4aB', is the secret component. This segment exhibits high entropy with its random mix of mixed-case letters and numbers, consistent with a real, machine-generated credential, and is not a generic placeholder like 'YOUR_TOKEN'. The context, where it is assigned to the `SLACK_WEBHOOK` environment variable in a GitHub Actions workflow step, strongly confirms its use as a live secret for authenticating messages to a Slack channel.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 9,\n \"label\": \"True Positive\",\n \"secret_value\": \"AIzaSyCDE1234FGH5678IJKL9012MNOPQRs-tU\",\n \"reason\": \"The value 'AIzaSyCDE1234FGH5678IJKL9012MNOPQRs-tU' is a validly-formatted Firebase API key, confirmed by its distinctive prefix 'AIzaSy'. The string exhibits high entropy, with a random mix of alphanumeric characters that is characteristic of a machine-generated secret. Although the latter half of the key uses placeholder-like segments (e.g., '1234FGH5678'), this does not make it a safe example. Real keys often contain some predictable or template-like components alongside cryptographic randomness. Furthermore, the value's context as the `apiKey` property in a `firebaseConfig` object and its 39-character length strongly validate its identity as a credential, which poses a significant security risk even in a development configuration.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 25,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAT7G3W4LIX5M2P6Q4\",\n \"reason\": \"The value 'AKIAT7G3W4LIX5M2P6Q4' is a valid AWS Access Key ID, definitively identified by its specific 'AKIAT' prefix. The prefix is a critical pattern that distinguishes AWS keys from non-sensitive identifiers. The following 16 uppercase alphanumeric characters are randomly generated, exhibiting high entropy consistent with a cryptographically secure credential. Unlike a placeholder such as 'AKIATXXXXXXXXXXXXXXXXXXXXX', this is a fully-formed, concrete key that poses a direct security risk. Hardcoding an access key is a major anti-pattern as it exposes the credential in version control, providing an attacker with a potentially exploitable entry point to an AWS environment.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 26,\n \"label\": \"True Positive\",\n \"secret_value\": \"xZ9cU7sV3mB+pQkL5jH8fG1tY9cRzXvWqSjU3mB/kL\",\n \"reason\": \"The value 'xZ9cU7sV3mB+pQkL5jH8fG1tY9cRzXvWqSjU3mB/kL' is a high-entropy, 43-character string consistent with the format of an AWS Secret Access Key (SK). The value exhibits the randomness expected of a real credential, containing a mix of upper and lower case letters, numbers, and special characters ('+', '/', '='). Unlike a placeholder, it's a concrete, fully-formed value. The context of being assigned to the `secret_key` argument within an `aws` provider block explicitly confirms its purpose as an authentication token for AWS. Hardcoding this value directly into a Terraform file poses a severe security risk as it grants the attacker permissions to interact with the AWS account.\"\n}\n"}, {"index": 3, "sub_index": 2, "completion": "\n{\n \"line_number\": 32,\n \"label\": \"True Positive\",\n \"secret_value\": \"7e3c98a50616b0b8ad4a835a68729c1d\",\n \"reason\": \"The value '7e3c98a50616b0b8ad4a835a68729c1d' is a 32-character hexadecimal string, which is a common format for Datadog API keys. This value exhibits high entropy with its random mix of letters and numbers and lacks any placeholder characteristics, such as repeated characters or simple sequences. The variable name 'datadog_api_key' explicitly confirms the value's purpose as a Datadog credential. Although this value appears in a 'default' block within a Terraform variable definition, it is a concrete credential, not an example or template. Hardcoding any real credential, even in a default setting, is a security risk as it could be an active key from a developer's account and provide unwanted access or expose the key's existence.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 67,\n \"label\": \"True Positive\",\n \"secret_value\": \"Server=tcp:prod-db-server.database.windows.net,1433;Database=UserProfiles;User ID=sqladmin;Password=4#tG&kL$pQ2s!hG;Trusted_Connection=False;Encrypt=True;\",\n \"reason\": \"This value is a complete SQL connection string that contains multiple sensitive components. Most critically, it embeds a plaintext password, 'Password=4#tG&kL$pQ2s!hG', which exhibits high entropy and is not a placeholder pattern. The string also includes a specific server address ('prod-db-server.database.windows.net'), a username ('sqladmin'), and the database name, all of which are confidential details about the application's backend infrastructure. Hardcoding an entire connection string is a severe security risk, as it exposes credentials and location details directly in the codebase, making it accessible to anyone who can view the source.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 83,\n \"label\": \"True Positive\",\n \"secret_value\": \"N5u8x/A?D(G+KbPeShVmYp3s6v9y$B&E\",\n \"reason\": \"The value 'N5u8x/A?D(G+KbPeShVmYp3s6v9y$B&E' is a high-entropy cryptographic secret used as an `IssuerSigningKey` for JWT authentication. The value is a 28-character string containing a random mix of upper and lower-case letters, numbers, and special symbols, which is characteristic of a real, generated key. This specific value is not a placeholder; it is a concrete, fully-formed string used in an `SymmetricSecurityKey` object. Hardcoding this key allows anyone with access to the source code to forge valid JWTs for the 'https://api.myapp.com' issuer, enabling unauthorized access to protected resources. The variable name `IssuerSigningKey` and its context within `TokenValidationParameters` definitively mark this as a secret.\"\n}\n"}]} +{"id": 9, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 50,\n \"label\": \"False Positive\",\n \"secret_value\": \"postgres://prod_user_rw:2$fP#qZ9!sW7@db.customer-api.prod.aws-us-east-1.rds.amazonaws.com\",\n \"reason\": \"The value is a PostgreSQL connection string, but it contains a placeholder for the actual database password. The password portion, '2$fP#qZ9!sW7', while having high entropy, appears to be a generic test credential. This is confirmed by its use in a connection string targeting an RDS instance clearly marked as 'prod' but hosted on what is likely a developer-managed domain structure ('customer-api.prod.aws-us-east-1.rds.amazonaws.com'). The combination of a generic password format and a non-standard AWSRDS subdomain structure are strong indicators of a non-production environment credential. Real database passwords in production would be managed via secrets stores, not hardcoded in source code, even in a 'prod' folder.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 54,\n \"label\": \"True Positive\",\n \"secret_value\": \"sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7oL5dE6aF4gH2iJ1kC0pP9sT8yU2oO3zN7lI5xR4vG3bA2eC1d00jK6bM4lP\",\n \"reason\": \"The value is a Stripe live API key, definitively identified by its 'sk_live_' prefix. This format is a well-known, specific pattern for Stripe secret keys, differentiating them from test or other credential types. The 50-character alphanumeric string following the prefix exhibits high entropy and conforms to Stripe's specification, making it indistinguishable from a production credential. Unlike a placeholder like 'sk_live_test_key', this is a fully-formed, syntactically valid key that could be active in a production environment. Even if intended for testing, hardcoding a validly formatted key for a live service is a critical security risk, as it confirms the existence of a Stripe account and could potentially be abused.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 133,\n \"label\": \"True Positive\",\n \"secret_value\": \"9a8b7c6d-5e4f-3a2b-1c0d-9f8e7d6c5b4a\",\n \"reason\": \"The value '9a8b7c6d-5e4f-3a2b-1c0d-9f8e7d6c5b4a' is a valid Universally Unique Identifier (UUID) in the 8-4-4-4-12 hexadecimal format. It exhibits high entropy and adheres to a standard for unique credential generation. Although placeholders often mimic UUIDs, this specific value is not a generic example; it is a fully-formed, concrete credential. The context confirms its sensitivity, as the value is assigned to a variable explicitly named 'COINMARKETCAP_API_KEY'. Exposing keys in build files, even if they are in 'defaultConfig', is a significant security risk as they can be easily extracted from version control history and the application's bytecode.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 134,\n \"label\": \"True Positive\",\n \"secret_value\": \"8S5R3ZQXDI1VMEG9N4Y2QWB7A7JH8W5C6I\",\n \"reason\": \"The secret value '8S5R3ZQXDI1VMEG9N4Y2QWB7A7JH8W5C6I' is a high-entropy alphanumeric string consistent with the format of an Etherscan API key. The 40-character value exhibits random distribution of uppercase letters and numbers, a strong indicator of a real credential rather than a placeholder. Although the value itself is the secret, its exposure is confirmed by its assignment to a `buildConfigField` named 'ETHERSCAN_API_KEY' in an Android build file. This pattern of embedding API keys in application configurations is a common and dangerous practice that makes keys accessible to anyone who decompiles the application. The comment '# API keys should not be stored here' further validates the sensitivity of this hardcoded credential.\"\n}\n"}, {"index": 1, "sub_index": 2, "completion": "\n{\n \"line_number\": 140,\n \"label\": \"True Positive\",\n \"secret_value\": \"sUp3rS3cur3P@ssw0rd\",\n \"reason\": \"The value 'sUp3rS3cur3P@ssw0rd' is a hardcoded password for a signing keystore. While the value uses common password construction patterns, it is still a functional credential assigned to a real keystore. The context confirms its sensitivity, as it is used to unlock the `release` signing configuration in a `build.gradle` file for releasing an Android application. Hardcoded passwords like this pose a significant risk because anyone with access to the source code can extract them and sign malicious builds of the application. The pattern teaches that any password-like string used to unlock a signing key is a critical, exploitable secret, regardless of its perceived complexity.\"\n}\n"}, {"index": 1, "sub_index": 3, "completion": "\n{\n \"line_number\": 142,\n \"label\": \"True Positive\",\n \"secret_value\": \"k3yP@ssw0rdF0rR3l3ase\",\n \"reason\": \"The value 'k3yP@ssw0rdF0rR3l3ase' is a hardcoded password, even though it uses a common, low-complexity pattern. This is not a generic placeholder like 'password' because it contains a specific mix of dictionary words, numbers, and special characters, which is characteristic of a real, albeit weakly-chosen, credential. The surrounding `signingConfigs` context in the `build.gradle` file explicitly identifies `keyPassword` as a sensitive value used for signing Android application builds. Exposing this password anywhere in source control is a significant security risk, as it can allow anyone to impersonate the application. The value itself is the literal, exploitable credential, not a variable reference or template.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 33,\n \"label\": \"True Positive\",\n \"secret_value\": \"ACf8e21a9c3b7d5f1e0a9b8c7d6e5f4a3b\",\n \"reason\": \"The value 'ACf8e21a9c3b7d5f1e0a9b8c7d6e5f4a3b' is a valid Twilio Account SID, identifiable by the 'AC' prefix followed by 32 high-entropy hexadecimal characters. The string itself exhibits significant randomness and matches the exact format specified by Twilio for production credentials. This is not a placeholder or example, but a fully-formed credential that appears to be for an active account. Exposing an Account SID, even when paired with an authentication token, is a critical security risk as it provides a direct link to the owner's Twilio account.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 34,\n \"label\": \"True Positive\",\n \"secret_value\": \"b4d2e1f0c3a4b5d6e7f8a9b0c1d2e3f4\",\n \"reason\": \"The value 'b4d2e1f0c3a4b5d6e7f8a9b0c1d2e3f4' is a high-entropy, 32-character hexadecimal string that precisely matches the format for a Twilio Auth Token. The value's random character distribution and lack of any patterns (like repetition or sequence) strongly indicate it is a real, machine-generated credential, not a placeholder. The context provided by the variable name 'authToken' and its usage to initialize the 'twilio' client object confirms its role as a sensitive authentication token. The file path './src/api/twilio-service.js' further validates its sensitivity, as this code is likely part of a production service responsible for making authenticated API calls. Hardcoding such a token poses a security risk as it allows anyone with source code access to impersonate the application's Twilio account.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 119,\n \"label\": \"True Positive\",\n \"secret_value\": \"RptUsr!pWd$2o21@9bF&\",\n \"reason\": \"The value 'RptUsr!pWd$2o21@9bF&' is a high-entropy password, not a placeholder. The string exhibits significant randomness through its combination of dictionary words ('Rpt', 'Usr', 'pWd'), numbers, and special characters, fulfilling the structural requirements of a strong credential. Unlike generic patterns like 'Password123' or template variables, this specific, complex string lacks any repetitive or sequential nature. The context of being passed to `rds.Credentials.fromPassword` and wrapped in `cdk.SecretValue.unsafePlainText` confirms its purpose is to provision sensitive authentication material. This value represents a real credential hardcoded into the infrastructure, which is a critical security flaw regardless of comments about database criticality.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 73,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAY3R4WZ76X2P5QJ6M\",\n \"reason\": \"The value 'AKIAY3R4WZ76X2P5QJ6M' is a valid AWS Access Key ID, identifiable by its specific prefix 'AKIA'. This 20-character string exhibits high entropy with a random combination of mixed-case letters and numbers, which is characteristic of a real AWS credential. The variable name `AWS_ACCESS_KEY_ID` provides strong contextual confirmation of the value's sensitive nature. Exposing an AWS access key is a critical security risk, as it can be used to perform actions and incur costs on the associated AWS account. This value is not a placeholder; it matches a known, concrete format and should always be treated as a real credential.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 74,\n \"label\": \"True Positive\",\n \"secret_value\": \"Zp9aL8jV7bK4cH1fG6xWqSjU3mB7oL5dE6aF4gH2\",\n \"reason\": \"The value 'Zp9aL8jV7bK4cH1fG6xWqSjU3mB7oL5dE6aF4gH2' is a high-entropy, random 40-character string which matches the exact format of an AWS Secret Access Key. This string lacks any human-readable components, dictionary words, or repetitive sequences, indicating it is a cryptographically generated secret. The variable name `AWS_SECRET_ACCESS_KEY` in the surrounding YAML context is a definitive identifier that confirms this value is intended for authenticating with Amazon Web Services. While it appears in a CI/CD pipeline, it is a concrete, fully-formed key, not a placeholder, and its exposure provides direct credentials to an AWS account.\"\n}\n"}, {"index": 4, "sub_index": 2, "completion": "\n{\n \"line_number\": 75,\n \"label\": \"True Positive\",\n \"secret_value\": \"{\\\"type\\\":\\\"service_account\\\",\\\"project_id\\\":\\\"core-infra-345213\\\",\\\"private_key_id\\\":\\\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\\\",\\\"private_key\\\":\\\"-----BEGIN PRIVATE KEY-----\\\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRsK7pB6bFv9f6\\nc...\\n-----END PRIVATE KEY-----\\\",\\\"client_email\\\":\\\"deploy-bot@core-infra-345213.iam.gserviceaccount.com\\\",\\\"client_id\\\":\\\"109876543210987654321\\\"}\",\n \"reason\": \"The value is a complete Google Cloud Service Account Key in JSON format, which contains multiple high-entropy secrets. The `private_key` field is the most critical component, identified by the PEM format `-----BEGIN PRIVATE KEY-----` and a long, Base64 encoded value which exhibits high entropy. While `private_key_id` and `client_id` have lower entropy, they are still sensitive identifiers tied to the credential. The complete package, containing type, credentials, and a fully formed private key, represents a fully-functional secret. Even if the key in this example is incomplete ('c...'), the presence of valid PEM headers and a Base64 block means the structure is real, which is a severe risk as an incomplete key could belong to a development or test environment that is still exploitable.\"\n}\n"}, {"index": 4, "sub_index": 3, "completion": "\n{\n \"line_number\": 97,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/T00ABCD12EF/B01ZYXW3456/kLpQrStUvWxYzAbCdEfGhIjK\",\n \"reason\": \"The value is a Slack Incoming Webhook URL, which is a type of webhook token used for authenticating messages to a Slack channel. The value's structure, `https://hooks.slack.com/services/TEAM_ID/CHANNEL_ID/TOKEN`, is a definitive pattern for this secret type. The latter part of the URL, `kLpQrStUvWxYzAbCdEfGhIjK`, is a 24-character high-entropy string with mixed case and random alphanumeric characters, which is consistent with a real Slack token. While the team and channel IDs contain placeholder-like characters, the token itself lacks any placeholder indicators and appears fully formed. The use of this format is a critical security risk because anyone possessing the URL can post messages to the associated Slack channel, allowing for spam or misinformation.\"\n}\n"}]} +{"id": 10, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 19,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAYJ5U4F6X3W2Z7Q8B\",\n \"reason\": \"The value 'AKIAYJ5U4F6X3W2Z7Q8B' is a valid AWS access key ID, directly identified by its standard `AKIA` prefix. The subsequent 16 alphanumeric characters exhibit high entropy, conforming to the exact format specified by Amazon Web Services for these keys. This is not a placeholder or example; it is a concrete credential that grants read/write permissions to an AWS account. Hardcoding a fully formed Access Key ID is a significant security risk, as it confirms a valid secret is in source control, and even without its corresponding Secret Access Key, it leaks information about a specific user or service account. The variable name `access_key` within an `aws` provider block provides unambiguous confirmation of its sensitive nature.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 20,\n \"label\": \"True Positive\",\n \"secret_value\": \"vG9dK8jFpQ4sH7wB2uA1tY6zC0xL5nE3bV2mO4iP\",\n \"reason\": \"The value 'vG9dK8jFpQ4sH7wB2uA1tY6zC0xL5nE3bV2mO4iP' is a high-entropy alphanumeric string that perfectly matches the format of an AWS Secret Access Key. The value exhibits significant randomness across its length, which is a primary indicator of a real credential. Unlike a placeholder like 'YOUR_SECRET', this is a concrete, fully-formed value that could be active. The context confirms this, as it's assigned to the `secret_key` argument within an `aws` provider block. Hardcoding a credential like this provides direct authentication access to an AWS account, posing a severe security risk regardless of its intended environment.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 22,\n \"label\": \"True Positive\",\n \"secret_value\": \"dckr_pat_u7hN2pL9xV4kG1mF3jZ8oR6cW0qYdE5sT2aB\",\n \"reason\": \"The value `dckr_pat_u7hN2pL9xV4kG1mF3jZ8oR6cW0qYdE5sT2aB` is a valid Docker Personal Access Token (PAT). Its format is definitively identified by the service-specific prefix `dckr_pat_`. The long, random string of mixed-case letters and numbers following the prefix has high entropy and conforms precisely to the structure of a real credential. Unlike placeholders, this is a fully-formed, concrete value. The context confirms its sensitivity, as it is used as the `password` parameter for the `docker/login-action`, a critical authentication step.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 38,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/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\",\n \"reason\": \"This value is a valid Slack Incoming Webhook URL, a type of token used for posting messages to specific Slack channels. The URL follows the precise Slack format, including the base path and the characteristic `/services/` segment. The three-part structure `/T.../B.../...` clearly delineates Slack workspace, bot, and unique secret tokens. The final part, `gH7vW2rP5zX1yC6jB8qA9tE0`, is a 32-character, high-entropy string matching Slack's credential format, distinguishing it from generic placeholders. Leaking this URL allows anyone to post messages to the configured Slack channel, which is a significant security risk.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 99,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgres://chat_svc_prod:p#9sW!z$kLqY8*3f@pg-prod-us-east-1.c4fgr7h8i9j0.rds.amazonaws.com\",\n \"reason\": \"This is a complete and valid PostgreSQL database connection string containing hardcoded credentials. It follows the standard `postgres://username:password@hostname:port` format. The credential pair 'chat_svc_prod' and 'p#9sW!z$kLqY8*3f' exhibits high entropy and complexity, making it a strong indicator of a real secret, not a placeholder. The password 'p#9sW!z$kLqY8*3f' uses a random mix of numbers, upper/lowercase letters, and symbols, confirming its nature as a credential. The presence of a real AWS RDS hostname further reinforces that this string is a connection string for a production environment.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 105,\n \"label\": \"True Positive\",\n \"secret_value\": \"sk-proj-jV7hG1mF9wX4kL6uT3nZ8oR2cY0pQdE5sA1bY9fC\",\n \"reason\": \"The value 'sk-proj-jV7hG1mF9wX4kL6uT3nZ8oR2cY0pQdE5sA1bY9fC' is a valid OpenAI API key. It is characterized by the specific prefix 'sk-proj-', which identifies it as a project-level key for OpenAI, distinct from organization or personal keys. The remainder of the string, a 40-character alphanumeric sequence, exhibits high entropy and precisely matches the format of a real OpenAI secret. Unlike placeholders such as 'sk-xxxx-...' or ' YOUR_API_KEY ', this is a concrete, specific credential. Exposing such a key could lead to unauthorized usage and billing against the owner's account, making this a critical security risk.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 25,\n \"label\": \"True Positive\",\n \"secret_value\": \"pk.eyJ1IjoiZGF0YWdlbmVuZ2luZSIsImEiOiJjbHB0dGZ3ajYwZ2hrMmtvNGVsbXNqbzY4In0.v8NlU2aP4_kS7gXzFhQ9rA\",\n \"reason\": \"The value is a valid Mapbox Public Access Token (PKT), identified by the 'pk.' prefix. The subsequent, multi-part structure, including Base64 encoded JSON and a cryptographically signed segment, exhibits high entropy and matches the token's specific format. Although the 'publicKey' field name suggests it is not a secret, it functions as an authentication credential that, if compromised or misused, can lead to significant API abuse and potential costs, especially in services that bill per-use. Unlike a generic placeholder, this is a fully formed, syntactically valid token that could be active. It should be classified as a true positive because hardcoded credentials, even public-facing ones, pose a security risk.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 29,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://9e2b1c4f8d6a3b0e7c5d9f1a8g3h5i7k@o451234.ingest.sentry.io\",\n \"reason\": \"The value is a complete Sentry Data Source Name (DSN), which inherently functions as a secret credential. The structure matches the Sentry format of `https://@.ingest.sentry.io`. The portion `9e2b1c4f8d6a3b0e7c5d9f1a8g3h5i7k` is a high-entropy string that appears to be a real, randomly generated access key. Unlike a placeholder like `` or a repeated character, this is a specific, unpredictable value. The combination of a high-entropy key and the Sentry ingest URL makes this a definitive credential, as it allows any attacker with this DSN to post errors to the specified Sentry project.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 68,\n \"label\": \"True Positive\",\n \"secret_value\": \"AAAApcJ-Hk4:APA91bE3rZtUq_yG9sVxW5pKjL7hB8dC1fN0mO4iG2pJ6oS4tA0cQ7nV1wR9zY_lF5aK8uI3eB7fJ9dC2gH6vM5\",\n \"reason\": \"This value is a Firebase Cloud Messaging (FCM) Server Key, a type of secret used for authenticating server-to-device push notifications. The value conforms to the exact format of an FCM key: an initial 11-character identifier followed by a colon and a long, high-entropy Base64 string (`API...`). The actual credential portion exhibits cryptographic randomness with its mix of upper/lowercase letters, digits, and special characters, which is a hallmark of a real, functional secret. This is not a placeholder or example; it is a concrete, specific key. Leaking an FCM key allows anyone to send arbitrary notifications to devices targeted by the application, posing a significant security risk.\"\n}\n"}]} +{"id": 11, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 97,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgres://order_svc_user:Ac3v!tY_p@sS_8hG#kL9@prod-db-cluster-1.us-east-1.rds.amazonaws.com\",\n \"reason\": \"This value is a complete PostgreSQL database connection string that directly embeds user credentials. The format is a classic, but insecure, pattern: `protocol://user:password@host`. The password component, 'Ac3v!tY_p@sS_8hG#kL9', is a high-entropy string with mixed case letters, numbers, and special characters, which is typical of a real credential rather than a placeholder. Hardcoding connection strings like this is a significant security risk because it leaks authentication details and can be easily extracted from source code. The URL also specifies a 'prod-db-cluster', confirming this is not a development or example value.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 103,\n \"label\": \"True Positive\",\n \"secret_value\": \"rEd!sP@ssw0rd$tr0ngF0rProd753\",\n \"reason\": \"The value 'rEd!sP@ssw0rd$tr0ngF0rProd753' is a strong, hardcoded password. Although it's designed to appear random using a mix of uppercase, lowercase, numbers, and special characters, it contains recognizable dictionary words like 'password', 'strong', and 'prod', which are common patterns in developer-chosen credentials. This combination makes it a well-formed password that could grant access to a production system, unlike a generic placeholder such as 'mysecretpassword'. The parameter name 'password' in the `redis.Redis` call explicitly identifies this value as a credential, and committing it directly to source code is a significant security risk as it provides an attacker with the means to access Redis data.\"\n}\n"}, {"index": 0, "sub_index": 2, "completion": "\n{\n \"line_number\": 106,\n \"label\": \"True Positive\",\n \"secret_value\": \"sk_live_51Kk0L2ApB8fG1tY9cr4jFzT8aGb0mXnL1fVd9rT2sYcW3uE4xS5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ\",\n \"reason\": \"The secret value is a Stripe Live API Key, identified by its service-specific prefix 'sk_live_'. The 40-character alphanumeric string following the prefix has high entropy and matches the exact format specified by Stripe for live environment credentials. Unlike a placeholder like 'sk_live_XXXXXXXXXXXXXXXX', this is a concrete, fully-formed key. The variable name `STRIPE_API_KEY` and the surrounding context of payment gateway integration further confirm that this value is a live credential. Committing a real, active Stripe key to source code is a critical security risk, allowing attackers to perform unauthorized transactions on behalf of the application.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 62,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAU3Z4X5R6Y7I2QJ8M\",\n \"reason\": \"The value 'AKIAU3Z4X5R6Y7I2QJ8M' is a validly formatted AWS Access Key ID. The prefix 'AKIA' is a specific, registered marker for this credential type used by Amazon Web Services. The remaining 16 characters are a high-entropy alphanumeric string, consistent with the format and random nature of a real AWS key. Although this value is part of a GitHub Actions workflow, a common place to find these credentials, its format is not generic. Unlike a placeholder like 'AKIAXXXXXXXXXXXXXXXXXXXX', this is a concrete, fully-formed value that represents a live key.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 63,\n \"label\": \"True Positive\",\n \"secret_value\": \"9vR/mK1jLpFzXgY8cBu7DwEa4SdF2gH3iKlJnOp+\",\n \"reason\": \"The value '9vR/mK1jLpFzXgY8cBu7DwEa4SdF2gH3iKlJnOp+' is a high-entropy string that conforms to the specific format of an AWS Secret Access Key. The value consists of a random mix of uppercase letters, lowercase letters, numbers, and special characters ('/', '+'), which is a strong indicator of a real, machine-generated secret. Unlike placeholders, this is a fully-formed key with no repetitive patterns, sequential characters, or generic markers. Its assignment to the `aws-secret-access-key` parameter in an `aws-actions/configure-aws-credentials` step confirms its function as a credential. Hardcoding a key with this level of cryptographic randomness and specific format is a critical security risk, as it provides direct access to cloud resources.\"\n}\n"}, {"index": 1, "sub_index": 2, "completion": "\n{\n \"line_number\": 86,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/T00AB1CD2EF/B01GH2JK3LM/xyZAbcDEfgHIjklMNOpQRSTuvwXy\",\n \"reason\": \"The value is a valid Slack Incoming Webhook URL, which is a high-sensitivity credential. The URL structure 'https://hooks.slack.com/services/[TEAM-ID]/[CHANNEL-ID]/[SECRET-TOKEN]' is a definitive pattern. The final path segment, 'xyZAbcDEfgHIjklMNOpQRSTuvwXy', is a 24-character string with high entropy, mixing alphanumeric characters, and matches the format of a real Slack webhook token. This is not a placeholder, which would use repeated characters or template syntax. These webhook tokens grant direct privileges to post messages into a specified Slack channel, making their compromise a significant security risk.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 124,\n \"label\": \"True Positive\",\n \"secret_value\": \"sk-ant-api03-S5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ9vR-mK1jLpFzXgY8cBu7DwEa4SdF2gH3iKlJnOpQ_AAA\",\n \"reason\": \"The value 'sk-ant-api03-S5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ9vR-mK1jLpFzXgY8cBu7DwEa4SdF2gH3iKlJnOpQ_AAA' is a valid Anthropic API key. Its structure, starting with the service-specific 'sk-ant-api03-' prefix and followed by a 50-character high-entropy string, precisely matches Anthropic's key format. The key's long length and combination of uppercase letters, lowercase letters, numbers, and special characters indicate it is a real, computationally generated credential. This is not a placeholder, which would typically use repeating characters like 'x' or be a template. The assignment to a variable named `anthropicAPIKey` and its use in an `x-api-key` header provides explicit confirmation of its function as an authentication token.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 28,\n \"label\": \"True Positive\",\n \"secret_value\": \"AIzaSyB9X8Y7Z6W5V4U3T2S1R0P9Q8O7N6M5L4\",\n \"reason\": \"The value 'AIzaSyB9X8Y7Z6W5V4U3T2S1R0P9Q8O7N6M5L4' is a valid Firebase API Key. Its structure perfectly matches the known format for these secrets, beginning with the 'AIzaSy' prefix. The subsequent 33-character string exhibits high entropy with a random mix of uppercase letters, lowercase letters, numbers, and symbols, which is characteristic of a machine-generated credential. Unlike placeholders, this is a concrete value without any repetitive or generic characters. Although comments indicate staging, this is still a functional key that could be exploited for abuse or data leakage, making it a significant security risk when hardcoded in client-side code.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 45,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8@o123456.ingest.sentry.io\",\n \"reason\": \"The value is a Sentry Data Source Name (DSN), which is a credential used to authenticate events sent to the Sentry service. It follows the standard Sentry format: `https://@`. The key part of the value, 'b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8', is an 8-character high-entropy hexadecimal string, which is characteristic of a real, machine-generated credential. Unlike placeholders which use repeated characters (e.g., 'xxxxxxxx'), this value is fully-formed and unpredictable. Even when used in a non-production configuration, a DSN is a sensitive secret because it grants a client application permission to send data to a specific service account, enabling potential abuse and data integrity issues.\"\n}\n"}, {"index": 3, "sub_index": 2, "completion": "\n{\n \"line_number\": 48,\n \"label\": \"True Positive\",\n \"secret_value\": \"pk.eyJ1IjoiZGV2LWFjY291bnQiLCJhIjoiY2xwOXRzNWFjMDBsdDJrcWY2eGlrbmxmYSJ9.UThkRzFqazVwN3M0YjAyblRhbGF6UQ\",\n \"reason\": \"The value 'pk.eyJ1IjoiZGV2LWFjY291bnQiLCJhIjoiY2xwOXRzNWFjMDBsdDJrcWY2eGlrbmxmYSJ9.UThkRzFqazVwN3M0YjAyblRhbGF6UQ' is a valid Mapbox API token. The prefix 'pk.' is a definitive, public identifier for this service type. The subsequent two blocks of Base64 encoded JSON represent a structured header, a body with account details (where 'de-account' is visible, confirming it's development-related), and a signature, creating a high-entropy value that is not a generic placeholder. Even though the associated context comments it as 'development', this is a functional credential that leaks information about the development environment and account structure. It is common practice to treat development API keys as secrets due to their security and informational value.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 159,\n \"label\": \"True Positive\",\n \"secret_value\": \"dd-api-a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6\",\n \"reason\": \"The value 'dd-api-a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6' is a valid-format DataDog API key. Its structure, comprising the 'dd-api-' prefix followed by 32 hexadecimal characters, is a well-known pattern for DataDog keys. While the latter part of the string has a somewhat predictable sequence, it does not invalidate the finding; such sequences can occur in production keys due to generation algorithms or specific company policies. The value is not a generic placeholder like 'dd-api-xxxx' and presents a credible, unique credential. The surrounding Terraform code context, which sets this key for an agent installation script, further confirms its sensitive nature as it will grant the agent permissions to interact with a DataDog account.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 170,\n \"label\": \"True Positive\",\n \"secret_value\": \"dop_v1_8d3e6f2a7b1c4d9f8a6e3b0c5d7f0a9b8c7d6e5f4a3b2c1d0e9f8a7b6c5d4e3f\",\n \"reason\": \"The value 'dop_v1_8d3e6f2a7b1c4d9f8a6e3b0c5d7f0a9b8c7d6e5f4a3b2c1d0e9f8a7b6c5d4e3f' is a valid DigitalOcean API token, identified by the 'dop_v1_' prefix. The alphanumeric string that follows the prefix is 64 characters long and exhibits high entropy, characteristic of a randomly generated credential. Although this value is part of a `variable` block and uses a `default`, it represents a concrete and fully-formed credential, not a placeholder. Developers often hardcode default secrets from development or test environments into variable defaults. The explicit `description` further confirms its purpose: 'DigitalOcean API token', making it a sensitive piece of information that must be secured.\"\n}\n"}, {"index": 4, "sub_index": 2, "completion": "\n{\n \"line_number\": 186,\n \"label\": \"False Positive\",\n \"secret_value\": \"DbP@ssw0rdF0rProd!2024*\",\n \"reason\": \"The value 'DbP@ssw0rdF0rProd!2024*' is a clear example of a weak password template, not a real secret. The value itself is composed of readable, concatenated dictionary words like 'Password', 'For', and 'Prod', making it highly predictable. A cryptographic password should be a string of random characters, not a recognizable phrase. While it follows the complexity rule (uppercase, lowercase, number, special character), its semantic structure and dictionary basis are strong indicators of a template used in documentation or development. This pattern teaches that readable, descriptive strings, even those containing password-like characters, should be classified as false positives as they lack the required cryptographic randomness and confidentiality.\"\n}\n"}]} +{"id": 12, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 50,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgres://webapp_user:p$3#R7s@Q!9F@prod-db-cluster-1.c4f3g2h1i0j.us-west-2.rds.amazonaws.com:5432/main_app_db\",\n \"reason\": \"This value is a complete and functional PostgreSQL database connection string, which is a high-sensitivity credential. The credential follows the standard URI format `scheme://username:password@host:port/database`, providing all necessary components for database access. The password portion, 'p$3#R7s@Q!9F', exhibits high entropy with its random mix of alphanumeric characters and special symbols, indicating it is a real, machine-generated secret, not a generic placeholder. The hostname and RDS domain clearly identify this as pointing to a production AWS resource. Exposing a connection string is a critical security risk as it grants direct access to application data.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 55,\n \"label\": \"True Positive\",\n \"secret_value\": \"AC5f8e0a1b9c3d4e5f6a7b8c9d0e1f2a3b\",\n \"reason\": \"The value 'AC5f8e0a1b9c3d4e5f6a7b8c9d0e1f2a3b' is a valid Twilio Account SID. The value is a 34-character string, which matches the exact format specified by Twilio, and its long, random string of hexadecimal characters exhibits high entropy, characteristic of a machine-generated secret. The 'AC' prefix is a definitive pattern for this specific credential type. Despite being in a code file, this is a fully formed, concrete credential, not a placeholder. The accompanying comment '# This credentials should be moved to a secure vault' explicitly confirms its sensitive nature and purpose as an authentication token.\"\n}\n"}, {"index": 0, "sub_index": 2, "completion": "\n{\n \"line_number\": 56,\n \"label\": \"True Positive\",\n \"secret_value\": \"5a94025a4392a8b9f7a7751c1e95c4a1\",\n \"reason\": \"The value '5a94025a4392a8b9f7a7751c1e95c4a1' is a legitimate Twilio Authentication Token, identified by its specific 32-character hexadecimal format and high entropy. The value contains a random, unpredictable mix of letters and numbers, which is characteristic of a real cryptographic credential. This is a functional token, as confirmed by its assignment to the variable `TWILIO_AUTH_TOKEN` and its use in instantiating a `Client`. Although the comment correctly notes it should be in a vault, the value itself is a concrete, active secret that has been hardcoded. The presence of a real credential like this is a security risk, as it grants access to a third-party service.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 31,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIA4F5K6L7M8N9P0Q1R\",\n \"reason\": \"The value 'AKIA4F5K6L7M8N9P0Q1R' is an AWS Access Key ID, which is a high-entropy string confirming its authenticity as a credential. It perfectly matches the AWS format, starting with the 'AKIA' prefix and consisting of 20 mixed-case alphanumeric characters. Unlike a placeholder such as 'AKIAXXXXXXXXXXXXXXXX', this is a concrete value that could be active. The surrounding code context, where it's used with the `aws configure set aws_access_key_id` command in a CI/CD pipeline script, confirms its role as a security token. Leaking an Access Key ID, even if its corresponding secret key is also exposed, is a significant security risk as it grants an attacker the ability to impersonate an AWS user or role.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 32,\n \"label\": \"True Positive\",\n \"secret_value\": \"7hGjKlMnOpQrStUvWxYzAbCdEfGhIjKlMnOpQrSt\",\n \"reason\": \"The value '7hGjKlMnOpQrStUvWxYzAbCdEfGhIjKlMnOpQrSt' is a high-entropy alphanumeric string consistent with an AWS Access Key Secret. The value exhibits cryptographic randomness, with a mix of upper and lower-case letters and no discernible patterns, which is the defining characteristic of a machine-generated secret. Unlike placeholders, this is a concrete value that functions as an active credential. The surrounding context explicitly confirms this, as the `aws configure set aws_secret_access_key` command assigns this value to the secret key, marking it as a genuine, hardcoded secret.\"\n}\n"}, {"index": 1, "sub_index": 2, "completion": "\n{\n \"line_number\": 55,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/T01B2C3D4E5/F6G7H8I9J0K/l1m2n3o4p5q6r7s8t9u0v1w2\",\n \"reason\": \"The value is a complete Slack Incoming Webhook URL, which is a high-entropy secret. It perfectly matches the service's well-documented URL format, consisting of the fixed base, a team ID, a channel ID, and a unique token. The final path component, 'l1m2n3o4p5q6r7s8t9u0v1w2', is a 24-character string with a random-looking mix of alphanumeric characters, indicating it is a real, unique credential. Unlike placeholders, this is a fully formed URL that grants permission to post messages to a specific Slack channel. The variable name `SLACK_WEBHOOK_URL` and its assignment within an `env` block in a CI/CD file strongly confirm its role as a secret credential.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 25,\n \"label\": \"False Positive\",\n \"secret_value\": \"db_admin_master\",\n \"reason\": \"The value 'db_admin_master' is a low-entropy username, not a secret credential. It is constructed from human-readable, descriptive dictionary words ('db', 'admin', 'master') joined by underscores, which is a common programming convention for naming resources. Real secrets typically have high entropy and are composed of random, unpredictable characters. The value lacks the specific format, character set, or randomness expected of an API key or password. This pattern teaches that structured, readable names are public identifiers, not sensitive data, even when they refer to administrative roles.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 26,\n \"label\": \"True Positive\",\n \"secret_value\": \"S3cuRe_dBP@ssw0rd-f0R-Pr0d!2023\",\n \"reason\": \"The value 'S3cuRe_dBP@ssw0rd-f0R-Pr0d!2023' is a True Positive because it is a complex, manually-crafted password that exhibits high entropy. The value uses a Leetspeak variant ('S3cuRe', 'dBP@ssw0rd', 'f0R', 'Pr0d'), which is a common technique for creating memorable yet strong passwords by replacing letters with numbers or symbols. The mix of uppercase letters, lowercase letters, numbers, and special characters (@, !, -) makes the value unpredictable. Unlike a placeholder like 'password123', this is a fully-formed, concrete credential. The variable name `password` and its context within a database resource block provide direct and unambiguous confirmation that this is an authentication secret.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 14,\n \"label\": \"True Positive\",\n \"secret_value\": \"AIzaSyB_V9zC5gE8fH7iJ6kL4mN3oP2qR1sT0uW\",\n \"reason\": \"The value 'AIzaSyB_V9zC5gE8fH7iJ6kL4mN3oP2qR1sT0uW' is a valid Google API Key, which functions as a secret credential. The prefix 'AIzaSyB' is a specific marker for Google's keys. The string has high entropy, consisting of a random 25-character mixture of alphanumeric characters (including '_'), which is characteristic of a real, programmatically generated key. Unlike a placeholder, this is a concrete value that appears to follow the exact format. Hardcoding a real key in source code is a significant vulnerability, as it can be extracted and abused by anyone with access to the repository.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 19,\n \"label\": \"True Positive\",\n \"secret_value\": \"8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d\",\n \"reason\": \"The value '8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d' is a 32-character hexadecimal string that exhibits high entropy, a common format for authentication tokens. Although the value is predictable by construction (it's a simple repeating sequence of hexadecimal characters), its format and the context of the variable name 'mixpanelToken' are strong indicators of a real credential. Secrets can sometimes follow simple patterns and still be valid for development or staging environments. This value is not a generic placeholder like 'YOUR_TOKEN_HERE' or a template variable; it's a fully-formed, concrete credential string. The presence of a specific API key format and an informative variable name make this a clear true positive.\"\n}\n"}, {"index": 3, "sub_index": 2, "completion": "\n{\n \"line_number\": 24,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o123456.ingest.sentry.io\",\n \"reason\": \"The value is a Sentry Data Source Name (DSN), a common type of credential. Its format, 'https://@', is a clear identifier for this secret type. The public UUID, 'a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6', exhibits high entropy with a random mix of hexadecimal characters, which is characteristic of a real credential, not a placeholder. While the Sentry organization ID (`o123456`) is generic, the presence of a high-entropy, specific UUID as the authentication token within the DSN makes the entire value a security risk. Hardcoding this value allows anyone with access to the source code to send potentially malicious error events to the specified Sentry project.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 71,\n \"label\": \"True Positive\",\n \"secret_value\": \"7hV$kZ&mN@3qP!s9\",\n \"reason\": \"The value '7hV$kZ&mN@3qP!s9' is a high-entropy password. It exhibits strong signs of a real credential due to its combination of mixed-case letters, numbers, and special characters, creating a random and unpredictable pattern. This specific value has sufficient length and complexity, distinguishing it from generic placeholders or low-entropy examples. The context confirms its sensitivity, as it's assigned to the `Password` field in a `redis.Options` struct, a classic pattern for hardcoded Redis authentication credentials. Developers sometimes commit such credentials from local or development environments, and they pose a significant security risk even if they grant limited access.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 79,\n \"label\": \"True Positive\",\n \"secret_value\": \"97937562479e3b12328059332f78816c\",\n \"reason\": \"The value '97937562479e3b12328059332f78816c' is a high-entropy string consistent with the format of a Datadog API key. The 32-character hexadecimal string exhibits cryptographic randomness with no discernible patterns or placeholder characters. Its format perfectly matches the specific specification for Datadog API keys. The variable name `apiKey` and the comment `// API credentials for sending metrics.` provide strong contextual evidence that this value is an active credential. Hardcoding such a specific key is a significant security risk, as it grants direct access to the Datadog account it represents.\"\n}\n"}, {"index": 4, "sub_index": 2, "completion": "\n{\n \"line_number\": 80,\n \"label\": \"True Positive\",\n \"secret_value\": \"2d0a5127f827913a48eacb9231f24f4648eacb92\",\n \"reason\": \"The value '2d0a5127f827913a48eacb9231f24f4648eacb92' is a 40-character hexadecimal string, which is the precise format for a Datadog Application Key. The string exhibits high entropy with a random mix of letters and numbers, indicating it is a cryptographically generated credential, not a placeholder. Unlike a generic example like 'xxxxxxxx...', this is a fully-formed key. This is confirmed by its usage, where it is assigned to the variable `appKey` and passed as an argument to the `datadog.NewClient` function. Even if found in example code, such a concrete, high-entropy value represents a significant security risk as it could be a real, active key.\"\n}\n"}]} +{"id": 13, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 91,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAU4V3K7J5P2QWSDYR\",\n \"reason\": \"The value 'AKIAU4V3K7J5P2QWSDYR' is a valid AWS Access Key ID (AKID). It perfectly matches the AWS format, starting with the 'AKIA' prefix and followed by 16 uppercase alphanumeric characters. This string has high entropy and lacks any placeholder characteristics like repetition or generic terms, indicating it is a real credential. The associated parameter `aws_access_key_id` provides explicit context that this value is intended for authentication. Although Akids are typically used with a corresponding secret key, the AKID itself is a hardcoded credential and must be treated as a secret, as it identifies an AWS account.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 92,\n \"label\": \"True Positive\",\n \"secret_value\": \"fT9zY3uBvRx+pLgWjN5oH8mKcVdEaGhIqJbXzL7s\",\n \"reason\": \"The secret value 'fT9zY3uBvRx+pLgWjN5oH8mKcVdEaGhIqJbXzL7s' is a legitimate AWS secret access key. The value is a 40-character high-entropy string exhibiting a random distribution of mixed-case letters, numbers, and symbols (`+`/`=`), which is characteristic of Base64-encoded cryptographic secrets. Unlike placeholders, this is a concrete, fully-formed key that matches the expected format and complexity for an AWS secret. The surrounding code context, with the `aws_secret_access_key` parameter name and use of the `boto3.Session` object, definitively confirms its role as an authentication credential.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 64,\n \"label\": \"True Positive\",\n \"secret_value\": \"v#8kP!s7TqR2zL$mG@fD\",\n \"reason\": \"The value 'v#8kP!s7TqR2zL$mG@fD' is a high-entropy string that clearly functions as a password. Its structure, combining mixed-case letters, numbers, and special characters, indicates cryptographic randomness, not a placeholder pattern. The context of the Terraform configuration file, where this is assigned to the `password` parameter for an `aws_db_instance`, confirms its use as a direct credential. Unlike a generic placeholder like 'Password123' or a variable, this is a concrete, fully-formed password that poses a significant security risk if exposed.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 128,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgres://webapp_svc:dG93nK#md!9S@pg-primary.prod.svc.cluster.local:5432/payments_db\",\n \"reason\": \"This value is a complete database connection string containing embedded credentials. It follows the standard format `protocol://user:password@host:port/database`, which exposes authentication material directly. The credential pair `webapp_svc:dG93nK#md!9S` is a clear secret, as the password `dG93nK#md!9S` is a high-entropy string composed of mixed-case letters, numbers, and special characters, indicating it is a generated key and not a placeholder. Even though the hostname is internal (`.prod.svc.cluster.local`), a connection string is sensitive because it reveals database topology and potentially provides a vector into a production environment for attackers. The value represents a fully functional credential set.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 144,\n \"label\": \"True Positive\",\n \"secret_value\": \"sk_live_51Mv9BfGk7Lw3zYqSjU2dRaXt1cVhN8eIoP6bA5cZfTxW\",\n \"reason\": \"The value 'sk_live_51Mv9BfGk7Lw3zYqSjU2dRaXt1cVhN8eIoP6bA5cZfTxW' is a valid Stripe Live Secret Key. The specific prefix 'sk_live_' is a strong indicator, as it follows Stripe's defined format for live API credentials. The remaining Base56 string exhibits high entropy with a random mixture of alphanumeric characters, which is characteristic of a real, machine-generated key, not a generic placeholder. Unlike a template like 'sk_live_YOUR_KEY_HERE', this is a fully-formed credential. The assignment to the variable `stripe.Key` and its proximity to server setup code confirm its purpose as an authentication token, making this a critical secret exposure.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 40,\n \"label\": \"True Positive\",\n \"secret_value\": \"dckr_pat_1sA3fG5hJ8kL2mN4pQ6rT8uV0wX2z\",\n \"reason\": \"The value 'dckr_pat_1sA3fG5hJ8kL2mN4pQ6rT8uV0wX2z' is a syntactically valid Docker Personal Access Token (PAT). The prefix 'dckr_pat_' is a specific, known format identifier for Docker Hub PATs. The subsequent 36-character string exhibits high entropy, mixing upper and lower case letters and numbers, which is consistent with the format of a machine-generated credential. Unlike a placeholder like '', this is a concrete string that could be an active credential. The parameter name 'password' and the context of a 'docker/login-action' confirm its role as an authentication secret for logging into Docker Hub. Exposing this credential in a CI/CD workflow is a significant security risk.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 59,\n \"label\": \"True Positive\",\n \"secret_value\": \"HRKU-a1b2c3d4-e5f6-7890-1234-567890abcdef\",\n \"reason\": \"The value 'HRKU-a1b2c3d4-e5f6-7890-1234-567890abcdef' is a valid Heroku API Key. Its format is explicitly defined by the 'HRKU-' prefix, followed by a standard UUID (Universally Unique Identifier) structure composed of hexadecimal characters and hyphens. While the latter portion of this specific value exhibits low entropy as it's a sequential example pattern ('a1b2c3d4...'), the overall structure and official prefix make it unequivocally identifiable as a Heroku credential. The parameter name 'heroku_api_key' in a deployment action further confirms its sensitive nature. Hardcoding a credential, even if it uses a placeholder format, is a significant security anti-pattern that exposes the key's existence and can be used to query API rate limits or attempt further attacks.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 193,\n \"label\": \"True Positive\",\n \"secret_value\": \"SG.lI8pZ3jT9qW7eR1aV5bC0x.mK4oH6sN2yU9iO-pLgJ7fDcXvBwZqR\",\n \"reason\": \"The value 'SG.lI8pZ3jT9qW7eR1aV5bC0x.mK4oH6sN2yU9iO-pLgJ7fDcXvBwZqR' is a valid SendGrid API Key, definitively identifiable by its 'SG.' prefix. This specific prefix is a well-documented pattern for API keys issued by SendGrid. The value is composed of three parts separated by dots, with the second and third parts being high-entropy strings, matching the precise format specified by SendGrid. Unlike a placeholder like 'SG.YOUR_API_KEY', this is a concrete, fully-formed credential. Even though the comment suggests it's a temporary solution, it represents a significant security risk as it is a real, functioning key from a development or staging environment.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 207,\n \"label\": \"True Positive\",\n \"secret_value\": \"9u8x/A?D(G+KbPeShVmYp3s6v9y$B&E)\",\n \"reason\": \"The value '9u8x/A?D(G+KbPeShVmYp3s6v9y$B&E)' is a high-entropy string that perfectly matches the characteristics of a cryptographic signing key. It exhibits significant randomness with a mix of alphanumeric characters, symbols, and punctuation, and lacks any discernible patterns or placeholder elements. Unlike a simple example like 'MY_SUPER_SECRET_KEY', this is a concrete, fully-formed credential. The variable name 'JwtSigningKey' and its surrounding documentation explicitly confirm its function as a credential for signing JWTs, which is a security-critical operation. Hardcoding any key with high entropy and a clear cryptographic function is a security risk, as its exposure could lead to token forgery and unauthorized access, regardless of the developer's temporary storage intention.\"\n}\n"}]} +{"id": 14, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 99,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgresql://order_svc:pL3#cV8@dK!zN@prod-db-eu-west-1.c4jwk9zabcdef.rds.amazonaws.com:5432/orders_prod\",\n \"reason\": \"The provided value is a complete and valid PostgreSQL connection string. The format `postgresql://user:password@host:port/database` is a standard protocol for database credentials. The password component, `pL3#cV8@dK!zN`, is a high-entropy string with mixed-case letters, numbers, and special characters, indicating it is a real, cryptographically generated credential. Unlike a placeholder, this is a fully-formed string designed to grant direct access to a production database. Although the comment mentions environment variables, the presence of a concrete credential with high entropy for a 'prod' database makes this a severe security risk, as it could be a live development or test key.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 101,\n \"label\": \"True Positive\",\n \"secret_value\": \"sk_live_51Mv4xEAklC1kABi8gqYtY9eBpJc7dFwZ7yX2vH3uL5bNqD6kRzT0fA9gS1hJk0bVcGfI4oE3mNlP2rWqAbcDef123\",\n \"reason\": \"The value is a valid Stripe Secret Key, identifiable by its 'sk_live_' prefix, a strong indicator for a production Stripe API key. The subsequent 44-character alphanumeric string exhibits high entropy and matches the exact format specified by Stripe, confirming it is a specific, non-placeholder key. This is a concrete, operational credential. Although the comment mentions configuration should use environment variables, the hardcoded value itself is a secret. The key's proximity to the `stripe` library import and its assignment to `stripe.api_key` further solidify its classification as a secret being used for live authentication.\"\n}\n"}, {"index": 0, "sub_index": 2, "completion": "\n{\n \"line_number\": 117,\n \"label\": \"True Positive\",\n \"secret_value\": \"SG.s5h4z9k8TqO6y2n7v1m3pA.c4fGkRpLwE9xVbU3zJ8aQoI7tYdD5sW2iH6uX0O\",\n \"reason\": \"The value 'SG.s5h4z9k8TqO6y2n7v1m3pA.c4fGkRpLwE9xVbU3zJ8aQoI7tYdD5sW2iH6uX0O' is a valid SendGrid API Key. Its structure, with three dot-separated segments and high-entropy alphanumeric characters within the latter two parts, matches the known format for SendGrid credentials. The distinct 'SG.' prefix is an explicit indicator of this secret type. Unlike a generic placeholder, which might use repeated characters like 'x' or descriptive terms, this is a concrete, high-entropy value ready for authentication. The variable name `sg_api_key` and its subsequent use with the `sendgrid` library's client confirm its sensitive purpose, making its hardcoding a critical security risk.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 32,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIA4F3PH5XH637P5Q2S\",\n \"reason\": \"The value 'AKIA4F3PH5XH637P5Q2S' is a valid AWS Access Key ID, which is a component of a hardcoded AWS credential set. The value perfectly matches the expected format: the 'AKIA' prefix followed by 16 uppercase letters and digits, exhibiting high entropy and lack of discernible patterns. This is not a placeholder, as it lacks template syntax like `${var}` or generic characters like 'X'. The parameter name `aws-access-key-id` and the associated `aws-secret-access-key` on the next line definitively confirm its sensitive nature. Even if this is a real key from a development or CI/CD environment, it represents a significant security risk.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 33,\n \"label\": \"True Positive\",\n \"secret_value\": \"9jK/lM8nO3pQr7sT6uV1wXyZ0aB4cD8fE9gHh2iJ\",\n \"reason\": \"The value '9jK/lM8nO3pQr7sT6uV1wXyZ0aB4cD8fE9gHh2iJ' is a legitimate AWS secret access key. It exhibits the high entropy and random character distribution characteristic of a real credential, containing a mix of upper/lower case letters, numbers, and symbols. The value has a length of 40 characters, which is the exact format specified by AWS for secret access keys. The context confirms this, as the value is assigned to the parameter `aws-secret-access-key` within an `aws-actions/configure-aws-credentials` block in a GitHub Actions workflow. This pattern represents a direct hardcoding of a real credential, which is a critical security vulnerability.\"\n}\n"}, {"index": 1, "sub_index": 2, "completion": "\n{\n \"line_number\": 40,\n \"label\": \"True Positive\",\n \"secret_value\": \"dckr_pat_aJkLmnOpQrStUvWxYzAbCdEfGhIjK12345\",\n \"reason\": \"The value 'dckr_pat_aJkLmnOpQrStUvWxYzAbCdEfGhIjK12345' is a Docker Personal Access Token (PAT), confirmed by the service-specific prefix 'dckr_pat_'. The subsequent 30 characters are a Base64-encoded string with high entropy, which matches the format of a real Docker PAT. The variable name 'password' and its use within a `docker/login-action` context provide strong contextual evidence that this is a credential. Even if the alphanumeric part of this string appears somewhat repetitive, it is a valid format for a token generated by the service, and its presence in a workflow file is a significant security risk.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 64,\n \"label\": \"True Positive\",\n \"secret_value\": \"amqp://ingest_worker:HkP8#sF!t$jR@rabbitmq.prod.svc.cluster.local:5672/\",\n \"reason\": \"The value is a complete AMQP connection string embedding a username and password. The password portion, 'HkP8#sF!t$jR', exhibits high entropy with a random mix of uppercase letters, lowercase letters, numbers, and special characters, which is a strong indicator of a real credential. The string is not a placeholder as it is fully formed and presents a specific username 'ingest_worker'. Although the surrounding code comments on this PoC string, it represents a fully functional credential, making it a security risk even if intended for a development or staging environment. Hardcoding such credentials is a common development anti-pattern that can be exploited.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 74,\n \"label\": \"True Positive\",\n \"secret_value\": \"R9bXmPZc$vT2sK!eN5wF8qGg4jA#7D\",\n \"reason\": \"The value 'R9bXmPZc$vT2sK!eN5wF8qGg4jA#7D' is a high-entropy password, characterized by a random mix of uppercase letters, lowercase letters, numbers, and special characters. Unlike placeholders, this is a concrete, fully-formed credential that meets cryptographic standards for strength. The value is assigned directly to the `Password` field within a Redis client configuration object, providing explicit context that it is used for authentication. While the surrounding comment suggests this is from a proof-of-concept, hardcoding a real, high-entropy password like this is a significant security risk, as it may be a valid key for a production or development environment. The value exhibits no signs of being an example, template, or placeholder.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 123,\n \"label\": \"True Positive\",\n \"secret_value\": \"Adm1nPassw0rd&SuperS3cure!v9h2k4m5\",\n \"reason\": \"The value 'Adm1nPassw0rd&SuperS3cure!v9h2k4m5' is a hardcoded password for a database administrator account in a production environment. While it contains dictionary words like 'Admin' and 'Password', it incorporates correct password best practices such as mixed-case letters, numbers ('0', '3', '9', '2', '4', '5'), and special characters ('&', '!'). The specific appended alphanumeric string 'v9h2k4m5' significantly increases entropy and makes the password unpredictable, differentiating it from a simple placeholder. Hardcoding credentials even for test accounts is a security risk, but this value exhibits complexity characteristic of a real, user-generated password in a development or production pipeline.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 138,\n \"label\": \"True Positive\",\n \"secret_value\": \"kpat_9uGvP3wFxBzQr7YtL1sJmN5cH2oVb4fD8S\",\n \"reason\": \"The value 'kpat_9uGvP3wFxBzQr7YtL1sJmN5cH2oVb4fD8S' is a genuine hardcoded secret, specifically an API token for the KeepassXCXC API (kpat_). This is identified by the service-specific prefix 'kpat_', which is a strong indicator of a real credential. The rest of the token is a 40-character string exhibiting high entropy with a random mix of uppercase letters, lowercase letters, and digits, which is characteristic of an algorithmically generated key. Unlike a placeholder, this is a fully-formed token. Even if intended for development or testing, hardcoding live credentials is a significant security risk.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 20,\n \"label\": \"True Positive\",\n \"secret_value\": \"pk.eyJ1Ijoiam9obmRvZWNvcnAiLCJhIjoiY2xwYzh0ZzAyMGN3ZTJqcWpybHZ0MHEzayJ9.iG8jdU1cR3vBwF2pZ5oKqQ\",\n \"reason\": \"The value is a valid Mapbox Public Access Token, definitively identified by its 'pk.' prefix and multipart base64 structure. Although intended for client-side use, this token can grant unauthorized access to resources, including geo-data and API calls, which is a significant security risk. The payload section contains specific user and resource IDs, revealing application architecture. Unlike generic placeholders, this is a fully-formed, functional token that could be abused if extracted from client code or source control. This pattern teaches that client-side tokens are credentials and must be handled as secrets, often best managed via environment variables or token vending services, even if they are not the primary secrets for a system.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 23,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io\",\n \"reason\": \"This value is a Sentry DSN (Data Source Name), which functions as a form of API key. Its structure, including the high-entropy public token 'a1b2c3d4e5f67890a1b2c3d4e5f67890', the '@' separator, and the specific Sentry subdomain, identifies it precisely. The public token part of the DSN, despite being publicly readable, must be kept secret because it links errors directly to a specific Sentry project. If exposed in source code, an attacker can use it to send false error reports, spamming the project and overwhelming monitoring systems. The presence of this complete and structurally valid DSN, rather than a generic placeholder like 'YOUR_DSN', confirms it is a real credential for an active Sentry project.\"\n}\n"}]} +{"id": 15, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 53,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAY3R4WZ76X2P5QJ6M\",\n \"reason\": \"The value 'AKIAY3R4WZ76X2P5QJ6M' is a validly formatted AWS Access Key ID, identifiable by its specific 'AKIA' prefix. The 20-character string exhibits high entropy with a random mix of uppercase letters and digits, characteristic of a real, machine-generated credential. Unlike placeholders, this is a concrete value that can be used for authentication. The variable name `AWS_ACCESS_KEY_ID` provides definitive context, and the adjacent line containing the `AWS_SECRET_ACCESS_KEY` confirms this is a complete, albeit legacy, set of credentials. Hardcoding credentials in source code is a critical security flaw, regardless of the account's purpose or age.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 54,\n \"label\": \"True Positive\",\n \"secret_value\": \"jTpHv9rX8wB1nA6sF2gK7cZ5bV4mE0yL3dI9oU8a\",\n \"reason\": \"The value 'jTpHv9rX8wB1nA6sF2gK7cZ5bV4mE0yL3dI9oU8a' is a valid AWS Secret Access Key, identifiable by its structure and high entropy. This 40-character alphanumeric string exhibits significant randomness with no repetitive or predictable patterns, which is a defining characteristic of a real credential. Unlike a placeholder, this is a fully-formed value that could be an active key. The context, specifically the variable name 'AWS_SECRET_ACCESS_KEY' and its direct use in `boto3.client()`, explicitly confirms its sensitive nature. Even if intended for a legacy system, hardcoding a real secret of this format is a critical security risk.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 134,\n \"label\": \"True Positive\",\n \"secret_value\": \"8kL~7QjN_p9sFt.gY2vWzXbC-aH1mO6rE5\",\n \"reason\": \"The value '8kL~7QjN_p9sFt.gY2vWzXbC-aH1mO6rE5' is a high-entropy, random string characteristic of a real credential. Its mix of uppercase letters, lowercase letters, numbers, and special symbols (`~`, `.`, `-`) provides no discernible pattern, which is a strong indicator of a machine-generated secret. Unlike a placeholder like 'YOUR_SECRET' or a repeated character string, this is a fully-formed, unique value. The context of being assigned to the parameter `client_secret` in an Azure provider block definitively classifies it as authentication material. Hardcoding credentials like this is a significant security risk, as it could allow anyone with source code access to impersonate the application in Azure.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 13,\n \"label\": \"True Positive\",\n \"secret_value\": \"E#9z$RFt@k*b2v!gHqP5sYuL\",\n \"reason\": \"The value 'E#9z$RFt@k*b2v!gHqP5sYuL' is a high-entropy password, as evidenced by its combination of mixed-case letters, numbers, and special symbols. The value displays randomness and lack of any discernible pattern, which is a strong indicator of a machine-generated credential. Unlike a placeholder or template, this is a specific, unique string that matches the complexity expected of a production secret. Its assignment to the `spring.datasource.password` key within a database configuration block in what appears to be a production file ('prod.rds.amazonaws.com') provides overwhelming context confirming its sensitive nature. Hardcoding passwords like this is a critical security vulnerability, regardless of its location in a commented-out or test configuration file.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 23,\n \"label\": \"True Positive\",\n \"secret_value\": \"YjJkNDY3YTZlY2U1MjRiYzhmNmU5ODE5ZjQ5NjA3YjI5ZWIzMDUyN2U0NjM5NWY1OTM2NGYxYzJkNWY4N2Y1NA==\",\n \"reason\": \"The secret value 'YjJkNDY3YTZlY2U1MjRiYzhmNmU5ODE5ZjQ5NjA3YjI5ZWIzMDUyN2U0NjM5NWY1OTM2NGYxYzJkNWY4N2Y1NA==' is a high-entropy string in Base64 format. This format is frequently used to encode cryptographic keys and other binary data, making it a common method for hardcoding secrets. The value's length (64 Base64 characters) and random character distribution are strong indicators of a real cryptographic key, not a placeholder or example. The configuration key `auth.jwt.secret` explicitly confirms its purpose is for signing JWTs. Embedding this key directly in a configuration file is a critical security vulnerability, as it grants the ability to forge authentication tokens.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 96,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o123456.ingest.sentry.io\",\n \"reason\": \"The value is a Sentry Data Source Name (DSN), a credential that contains both a sensitive authentication token (`a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5`) and a resource identifier (`o123456`). The 32-character hexadecimal string exhibits high entropy and matches the format of a valid Sentry auth token, differentiating it from generic placeholders. This value is embedded directly in the URL, a common but insecure practice. If this DSN is valid and active in a production environment, it grants unauthorized access to the organization's Sentry project, allowing anyone to submit logs, metrics, and errors under the project's identity.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 105,\n \"label\": \"True Positive\",\n \"secret_value\": \"pk.eyJ1IjoiZGFzaGJvYXJkdXNlciIsImEiOiJjazlzcDU0OWowMGR2M2Vud2IzaDV2ZHJtIn0.7gU6DqR7wE5qM1vN8sY2fQ\",\n \"reason\": \"The value is a valid Mapbox Public Access Token, identifiable by the characteristic `pk.` prefix and a structure that follows the token specification. This format, which consists of three Base64 encoded parts separated by dots, contains cryptographically signed data that proves the token's authenticity and source. The payload portion (`eyJ1IjoiZGFzaGJvYXJkdXNlciIsImEiOiJjazlzcDU0OWowMGR2M2Vud2IzaDV2ZHJtIn0`) explicitly reveals the user ID 'dashboarduser' and another identifier 'k9sp549j0mdr2envvbh5vjrm', which is not a generic placeholder. Although labeled 'public', these tokens are still sensitive credentials because they are rate-limited and tied to a specific account, making their exposure a security risk. The variable name `accessToken` and its use in initializing Mapbox SDKs confirm its sensitive nature.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 22,\n \"label\": \"True Positive\",\n \"secret_value\": \"dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE\",\n \"reason\": \"The value `dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE` is a genuine Docker Personal Access Token. The value itself provides definitive evidence, as it begins with the service-specific prefix `dckr_pat_`. This prefix is a unique identifier for this type of credential, distinguishing it from generic strings or other token formats. The subsequent 40-character string exhibits high entropy with a random combination of alphanumeric characters, which is characteristic of a real, machine-generated token. Although it appears in a CI/CD configuration file, which is a common location for secrets, it is a concrete value, not a placeholder. Hardcoding this type of token is a critical security risk, as it can grant unauthorized access to Docker Hub repositories.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 39,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/T00ABCDEF12/B00GHIJKL34/xYpQrStUvWxZaBcDeFgHiJkL\",\n \"reason\": \"The value is a fully-formed Slack Incoming Webhook URL, identifiable by the service path `hooks.slack.com/services/` and the path structure containing distinct token components. The final segment of the URL, 'xYpQrStUvWxZaBcDeFgHiJkL', is a 24-character high-entropy string, which precisely matches Slack's known format for webhook tokens. While the first two path segments use generic identifiers ('T00ABCDEF12', 'B00GHIJKL34'), these are Slack workspace and channel IDs, which are not considered secrets themselves but are required to route the token. This entire, concrete value represents a functional credential granting access to post messages in a specific Slack channel, making it a genuine secret. Hardcoding such credentials in CI/CD scripts like this is a common security vulnerability.\"\n}\n"}, {"index": 4, "sub_index": 2, "completion": "\n{\n \"line_number\": 53,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/T00ABCDEF12/B00GHIJKL34/xYpQrStUvWxZaBcDeFgHiJkL\",\n \"reason\": \"This value is a classic Slack Incoming Webhook URL, which serves as a sensitive secret. The value follows the exact and well-documented Slack format: `https://hooks.slack.com/services///`. While parts of the ID (`T00ABCDEF12`, `B00GHIJKL34`) are dummy placeholders, the token component (`xYpQrStUvWxZaBcDeFgHiJkL`) is a high-entropy, 24-character random string, consistent with a real credential. This URL allows anyone with it to post messages to a Slack channel, making its compromise a significant security risk. The context within an `env` block for an `action-slack` workflow explicitly confirms its use as a webhook token.\"\n}\n"}]} +{"id": 16, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 97,\n \"label\": \"False Positive\",\n \"secret_value\": \"postgres://user_prod_rw:dG9m9#4k!sPq@db-prod-cluster.c8x4z1b2q3r.us-east-1.rds.amazonaws.com:5432/main_app\",\n \"reason\": \"Although the value is a complete PostgreSQL connection string containing an embedded password, the username 'user_prod_rw' is a non-sensitive, programmatic identifier. Real users typically have human-readable names or identifiers, whereas this username format ('user' + 'prod' + 'rw') clearly defines the user's read-write role and production environment without revealing any confidential information. This pattern is a common practice for a generic database user created to grant specific, limited permissions to applications. Because the password 'dG9m9#4k!sPq' also has a very low entropy, being a simple, repeated character sequence, it further confirms this is not a real credential but a placeholder or example.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 98,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAY3R4WZ76X2P5QJ6M\",\n \"reason\": \"The value 'AKIAY3R4WZ76X2P5QJ6M' is a valid AWS Access Key ID, identified definitively by its 'AKIA' prefix, which is reserved for this service. The 20-character alphanumeric string exhibits high entropy and conforms to the exact format specified by Amazon Web Services. Unlike placeholders or template variables, this is a fully formed, concrete credential. The surrounding variable name `S3_ACCESS_KEY` provides strong contextual confirmation, and its presence along with a secret key in code is a critical security vulnerability, regardless of the associated TODO comment. The exposure of any valid key is a significant risk, as it can be used for authentication to cloud resources.\"\n}\n"}, {"index": 0, "sub_index": 2, "completion": "\n{\n \"line_number\": 99,\n \"label\": \"True Positive\",\n \"secret_value\": \"jT4vK9sL+pQ8wX6zC2nH7bF1gR5eD3aU0iO/mNkW\",\n \"reason\": \"The value 'jT4vK9sL+pQ8wX6zC2nH7bF1gR5eD3aU0iO/mNkW' is a high-entropy string matching the exact format of a real AWS secret access key. The value exhibits cryptographic randomness, with a mix of uppercase letters, lowercase letters, numbers, and special characters ('+', '/', '='), and is 40 characters long, which is characteristic of this credential type. This is not a placeholder, as it contains no repeated characters or simple templates, but is a concrete, fully-formed key. The variable name `S3_SECRET_KEY` and the preceding `S3_ACCESS_KEY` provide direct context confirming the value is intended to be used for AWS authentication. Hardcoding this key represents a significant security risk, allowing anyone with source code access to impersonate the user/role associated with the key.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 59,\n \"label\": \"True Positive\",\n \"secret_value\": \"sqp_a8b3f0c1d2e4a5b6c7d8e9f0a1b2c3d4e5f6a7b8\",\n \"reason\": \"The value 'sqp_a8b3f0c1d2e4a5b6c7d8e9f0a1b2c3d4e5f6a7b8' is a SonarQube Personal Access Token. The prefix 'sqp_' is a highly reliable indicator for this specific secret type, and the subsequent 32-character alphanumeric string exhibits high entropy with a random character distribution, consistent with a machine-generated credential. Unlike a placeholder, this is a concrete value that could grant unauthorized access to a SonarQube instance. The context of being assigned to the `SONAR_TOKEN` environment variable within an Actions workflow confirms its use as an authentication token. Even in a CI/CD pipeline, hardcoding such tokens is a security risk as it grants permissions to the specific workflow.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 74,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/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\",\n \"reason\": \"The value is a structurally valid Slack Incoming Webhook URL, a known type of secret. The URL components '/services/', 'T...', '/B...', and the 24-character token section '/iJkLmN1oPqR2sT3uV4wX5yZ6' perfectly match Slack's format. The final token component exhibits high entropy with a random mix of letters and numbers, distinguishing it from placeholders or examples. This credential is fully-formed and can be used by anyone with access to it to send messages to a specific Slack channel, representing a significant security risk.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 36,\n \"label\": \"True Positive\",\n \"secret_value\": \"-----BEGIN PRIVATE KEY-----\\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAO3B...\\n-----END PRIVATE KEY-----\",\n \"reason\": \"This value is a valid, multi-line PEM-encoded private key, identified definitively by its `-----BEGIN PRIVATE KEY-----` and `-----END PRIVATE KEY-----` block delimiters. Private keys are high-entropy cryptographic materials used for authentication and decryption. The Base64 content between the headers shows no placeholder patterns and is consistent with a real, generated key. Although the content is truncated with '...', the format and the presence of the full multiline header/footer pattern are sufficient to classify this as a functional secret. Exposing a private key, even one that appears incomplete, is a critical security vulnerability as it can be completed or used for impersonation if the rest is leaked.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 40,\n \"label\": \"True Positive\",\n \"secret_value\": \"dd_api_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6\",\n \"reason\": \"The value 'dd_api_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6' is a valid Datadog API key. The 'dd_api_' prefix is a specific and recognizable marker for this credential type, providing definitive contextual information. The following 32-character hexadecimal string exhibits high entropy with no discernible patterns, consistent with a real, generated secret. While the value has some similarity to generic identifiers, its full context within a 'credentials' block for the 'datadog' provider confirms it is an active key. This is not a placeholder; it is a complete credential that, if valid, could grant access to Datadog data. The pattern is that a specific service prefix combined with a high-entropy string is a strong indicator of a True Positive.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 120,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o123456.ingest.sentry.io/7890123\",\n \"reason\": \"This value is a valid Sentry Data Source Name (DSN), which is a credential used for client-side error tracking. The value conforms to the known Sentry format: `protocol://public_key@organization_id.ingest.service.com/project_id`. The `public_key` component, 'a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6', is a 32-character hexadecimal string with high entropy, which is a strong indicator of a real credential. Although the surrounding configuration context uses the word 'demo', Sentry's best practices state that no credentials should be hardcoded. This value appears to be a fully-formed, active credential from a development or staging environment, posing a security risk by allowing potentially sensitive application error data to be sent to an unauthorized Sentry project.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 128,\n \"label\": \"True Positive\",\n \"secret_value\": \"pk.eyJ1IjoibXljb29sZGV2IiwiYSI6ImNrdjRzM2l2ZDBsYjQyd3M0cGszbTNnNHAifQ.H9f_zAbCdEfGhIjKlMnOpQ\",\n \"reason\": \"The value 'pk.eyJ1IjoibXljb29sZGV2IiwiYSI6ImNrdjRzM2l2ZDBsYjQyd3M0cGszbTNnNHAifQ.H9f_zAbCdEfGhIjKlMnOpQ' is a valid Mapbox Public Access Token. The value's structure, `pk.`, followed by Base64-encoded segments, is a definitive format for this specific secret type. The encoded parts contain high-entropy, random-looking data, which is characteristic of real cryptographic tokens, not generic placeholders. Unlike a public identifier like a username ('mycooledev'), this token represents a credential used to authenticate with Mapbox's services, making it a security risk. Even public tokens can be abused or exhausted, and their presence in source code is considered sensitive.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 13,\n \"label\": \"True Positive\",\n \"secret_value\": \"T#8sLpVm9@zQ!wY7\",\n \"reason\": \"The value 'T#8sLpVm9@zQ!wY7' is a high-entropy password, identified by its unpredictable combination of uppercase and lowercase letters, numbers, and special characters. The password exhibits randomness without any placeholder characteristics, such as repetition or dictionary words. Unlike example passwords (e.g., 'password123'), this string is concrete and specific, suggesting it's a real credential intended for a production environment as confirmed by the surrounding code comments. Hardcoding a password with this level of complexity directly into a source code file is a critical security risk, as it provides direct access to the database for anyone with source code privileges.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 19,\n \"label\": \"False Positive\",\n \"secret_value\": \"3xP1rE_N3v3r_5tRoNg_PA55!\",\n \"reason\": \"The value '3xP1rE_N3v3r_5tRoNg_PA55!' is a self-describing placeholder string, not a real secret. Its composition using dictionary words like 'pire', 'never', and 'strong', combined with leetspeak substitutions (P1rE, 5tRoNg, PA55), is a common technique for creating memorable example credentials. This pattern makes the value highly readable and predictable, contrasting sharply with the random, opaque nature of a genuine secret. The addition of the common placeholder fragment 'N3v3r' explicitly signals that this is a fake or example key intended for documentation or local testing. Real secrets do not advertise their own weakness, confirming this is a false positive.\"\n}\n"}, {"index": 4, "sub_index": 2, "completion": "\n{\n \"line_number\": 22,\n \"label\": \"True Positive\",\n \"secret_value\": \"key-0987654321fedcba0987654321fedcba\",\n \"reason\": \"The value 'key-0987654321fedcba0987654321fedcba' is a Mailgun API key due to its specific prefix 'key-' and the 32-character hexadecimal string body. While the body has a repetitive pattern, it's a very common format used for example keys in documentation, not just placeholders. Even as an example, exposing keys in a configuration file is a critical security risk because they could be active credentials, have a low limit, or provide structural information for more targeted attacks. The variable name 'mailgun.api.key' explicitly confirms the value's purpose as a secret, making this a definitive true positive. This pattern teaches that even if a key appears to be an example, its definitive format and explicit variable context must be treated as a secret.\"\n}\n"}]} +{"id": 17, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 80,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAY3R4WZ76X2P5QJ6M\",\n \"reason\": \"The value 'AKIAY3R4WZ76X2P5QJ6M' is a valid AWS Access Key ID, identified by the specific prefix 'AKIA' required by AWS. This prefix immediately flags the value as a machine-generated, programmatic credential rather than a placeholder. The remaining 16 uppercase letters and digits exhibit high entropy, matching the format of a real, functional key. Although the code comments indicate it is 'temporary' and for 'dev', it is a concrete, exploitable secret that grants permissions. The value is hardcoded as a literal string, and unlike a template variable (e.g., 'AKIA'), this is a specific credential.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 81,\n \"label\": \"True Positive\",\n \"secret_value\": \"pL8vGkZ9sN1mBfI6jH4cUaT3yXwE7rF0oVqD2sW5\",\n \"reason\": \"The value 'pL8vGkZ9sN1mBfI6jH4cUaT3yXwE7rF0oVqD2sW5' is a high-entropy alphanumeric string that perfectly matches the format of an AWS secret access key. It is a literal value assigned to a variable named `aws_secret` and lacks any placeholder indicators, making it a concrete secret. Although the accompanying comment suggests a temporary development key, hardcoding any static credential is a major security risk, as development keys can often grant access to sensitive resources. The value's length, random character distribution, and association with `aws_access_key_id` in the `boto3.client` call confirm its identity as a functional credential.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 57,\n \"label\": \"True Positive\",\n \"secret_value\": \"E#u8!pS$t9rWbK@zL7m3vN&yQ2xH\",\n \"reason\": \"The value 'E#u8!pS$t9rWbK@zL7m3vN&yQ2xH' is a high-entropy password containing a random combination of uppercase letters, lowercase letters, numbers, and special characters. This character set and unpredictability are hallmarks of a cryptographically strong, unique credential designed for a real application environment, not a generic placeholder. The assignment to the `password` attribute within an `aws_db_instance` resource in Terraform confirms its sensitive nature, as it directly controls access to a database. Although the surrounding code is for staging, passwords for staging environments are critical for protecting the data pipeline and must be treated as real secrets.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 40,\n \"label\": \"True Positive\",\n \"secret_value\": \"dckr_pat_a4sRgT9iOpQ2mZl8vWb7nXc1jYkFhG5uE-r3v\",\n \"reason\": \"The value 'dckr_pat_a4sRgT9iOpQ2mZl8vWb7nXc1jYkFhG5uE-r3v' is a Docker Personal Access Token (PAT), identifiable by its 'dckr_pat_' prefix. The subsequent 36 characters are high-entropy, mixed-case alphanumeric characters, which is characteristic of a machine-generated credential. This value perfectly matches the known format for a Docker PAT and lacks any placeholder indicators. The context of this value, being assigned to the 'password' parameter within a GitHub Actions 'docker/login-action', strongly confirms its role as an authentication secret for pushing images to a Docker Hub registry.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 52,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/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\",\n \"reason\": \"The value is a complete, fully-formed Slack Incoming Webhook URL. The structure `https://hooks.slack.com/services/T.../B.../...` is the canonical format for Slack webhooks, with the token `kL9mN8oP7qR6sT5uV4wX3yZ2` embedded at the end. This token has high entropy, matching the random character string format of a real credential. While the URL path components `T01ABCD4E5F` and `B02FGHI3J4K` contain the placeholder pattern 'ABCD', the final component of the path is a concrete, high-entropy value. This combination is common in CI/CD pipelines where a single, template-safe Slack resource is reused, making the secret component real. Leaking this URL grants any attacker the ability to send messages to the associated Slack channel, making it a significant security risk.\"\n}\n"}, {"index": 2, "sub_index": 2, "completion": "\n{\n \"line_number\": 57,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/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\",\n \"reason\": \"The value is a complete Slack Incoming Webhook URL, which functions as an authentication token. The URL structure, ending in a 32-character high-entropy string (kL9mN8oP7qR6sT5uV4wX3yZ2), is a definitive pattern for this type of secret. The final path segment is designed to be unpredictable and secret, granting anyone holding the URL the ability to post messages to a specific Slack channel. Although located within a GitHub Actions file, which is a CI/CD context where such tokens are sometimes managed, its direct commitment in the code is a major security risk. This is not a generic placeholder, but a fully-formed, potentially active credential that could be exploited.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 118,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o1234567.ingest.sentry.io\",\n \"reason\": \"The value is a Sentry Data Source Name (DSN), which is a credential that grants write access to a Sentry project. The structure `https://@` is a definitive pattern for Sentry credentials. The key part of this value, `a1b2c3d4e5f67890a1b2c3d4e5f67890`, is a 32-character hexadecimal string with high entropy, which is consistent with a real Sentry public key. Unlike a placeholder like 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', this is a fully formed, unique value. Hardcoding a real DSN is a significant security risk as it allows anyone with access to the source code to send false or abuse events, costing resources and skewing error analysis.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 124,\n \"label\": \"True Positive\",\n \"secret_value\": \"pk.eyJ1Ijoiam9obmRvZXVzZXIxMiIsImEiOiJjbGo4YXRzdzIwMHg4M2VudW1hYjM2ajBiIn0.5aPq3iL9bR8vJkCw1sF4nQ\",\n \"reason\": \"The value 'pk.eyJ1Ijoiam9obmRvZXVzZXIxMiIsImEiOiJjbGo4YXRzdzIwMHg4M2VudW1hYjM2ajBiIn0.5aPq3iL9bR8vJkCw1sF4nQ' is a fully-formed Mapbox public access token. The 'pk.' prefix is a definitive structural indicator for this specific secret type. The value is composed of high-entropy Base64 encoded strings, which is consistent with the standard JWT-like structure of Mapbox tokens. Unlike a placeholder, this is a syntactically complete credential. Although the variable name is `accessToken` and is assigned to `mapboxgl`, these public tokens are still secrets because they can be misused to track API usage, rack up costs, or be exploited for geocaching if not properly secured, even in a public-facing application. The comment \\\"will move to env vars before prod\\\" is a strong confirmation that this is a real, though potentially development-stage, secret.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 218,\n \"label\": \"True Positive\",\n \"secret_value\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzcnYtZGF0YS1yZXRyaWV2ZXIiLCJpc3MiOiJhdXRoLXNlcnZpY2UiLCJhdWQiOiJkYXRhLWFwaSIsImV4cCI6MTcxOTk1ODAwMCwiaWF0IjoxNzE5OTU0NDAwLCJzY29wZSI6InVzZXI6cmVhZCJ9.K4gTfH9sLw2RjZpYn7oVxC8uEaD6mXwB1qI0sPzKjJc\",\n \"reason\": \"This value is a complete, valid JSON Web Token (JWT) hardcoded in source code. Its format, with three Base64-encoded parts separated by dots, is a definitive indicator of a JWT. The header and payload sections, when decoded, confirm its structure and usage, specifying signing algorithm, issuer, audience, expiration, and scopes. The third part is a high-entropy signature, crucial for the token's authenticity and security. Hardcoding a credential like this is a significant security risk, as it is predictable and grants access. Unlike placeholders, this is a fully formed, concrete secret that could be exploited.\"\n}\n"}]} +{"id": 18, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 123,\n \"label\": \"False Positive\",\n \"secret_value\": \"ACd2ae2e27b6c845b29c0f8e9a3d1c4b6f\",\n \"reason\": \"The value 'ACd2ae2e27b6c845b29c0f8e9a3d1c4b6f' is a Twilio Account SID, which is a public identifier, not a credential. While it is a high-entropy string, its function is to uniquely identify an account to Twilio's systems, not to grant access. The format is specifically prefixed with 'AC', which is the definitive pattern for a Twilio Account SID. This is a common example of a value that looks like a secret but is, in fact, public by design and part of the provider's public API authentication scheme. The variable name 'twilioAccountSID' provides explicit context that this is a public identifier. Real credentials would not follow this specific 'AC' prefixed format and would not be explicitly labeled as a public identifier.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 124,\n \"label\": \"True Positive\",\n \"secret_value\": \"8a3f5b7c9d1e6f4a2b9c8d7e5f3a1b0c\",\n \"reason\": \"The value '8a3f5b7c9d1e6f4a2b9c8d7e5f3a1b0c' is a high-entropy hexadecimal string matching the specific 32-character format of a Twilio Authentication Token. The string exhibits cryptographic randomness with a random mix of letters and numbers, indicating it is a generated credential, not a placeholder. Unlike a placeholder such as 'xxxxxxxx' or 'YOUR_TOKEN', this is a fully-formed value that could be an active, albeit potentially compromised, credential. The context, including the variable name `twilioAuthToken`, confirms the value's purpose, making its exposure a significant security risk.\"\n}\n"}, {"index": 0, "sub_index": 2, "completion": "\n{\n \"line_number\": 136,\n \"label\": \"True Positive\",\n \"secret_value\": \"SG.f4Jk9sL2QpWzX8vY7uA1tG.hR3iP6oV5bN4mK1jL9cD8gE7F2sA3qB0iO6uY4eWzZ\",\n \"reason\": \"The secret value 'SG.f4Jk9sL2QpWzX8vY7uA1tG.hR3iP6oV5bN4mK1jL9cD8gE7F2sA3qB0iO6uY4eWzZ' is a valid SendGrid API Key. Its format is perfectly aligned with the service's documentation, starting with the 'SG.' prefix and followed by two Base64-encoded string segments separated by a dot. This value exhibits high entropy, characteristic of a real credential, and is a specific, concrete string, not a generic placeholder. Despite the comment indicating this is for testing purposes, a credential hardcoded in source control is a significant security risk, as it can be extracted from version history. This represents a real, functional key that should have been managed externally.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 57,\n \"label\": \"True Positive\",\n \"secret_value\": \"dckr_pat_1kIuR9vO7mS3xZ5yQ2jF8bN6pL4cH0gA9dE\",\n \"reason\": \"The value 'dckr_pat_1kIuR9vO7mS3xZ5yQ2jF8bN6pL4cH0gA9dE' is a valid Docker Personal Access Token (PAT). The prefix 'dckr_pat_' is a deterministic identifier for this specific token type. The subsequent part of the value exhibits high entropy, with a random mix of alphanumeric characters, which is characteristic of a real authentication token, not a generic placeholder. Unlike a template like '${{ env.DOCKERHUB_TOKEN }}' or a low-entropy string like 'xxxxxxxx', this is a concrete, fully-formed credential. The context in the GitHub Actions file, where it is used as the 'password' for a 'docker/login-action', explicitly confirms its purpose as an authentication token.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 58,\n \"label\": \"True Positive\",\n \"secret_value\": \"apiVersion: v1\\nclusters:\\n- cluster:\\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lKQU9ocFlVbEpxdEVsTUEwR0NTcUdTSWIzRFFFQkN3VUFNQWd4Q3pBSkJnTlYKQkFZVEFrTk9NUkV3RHdZRFZRUUhFd2xQYms1dllteHZZMkZzYUc5emREb0tNQk1HQTFVRUNnd01SR1ZzYkc5egpjeUJCYkdGaVlXMGlhSFl4RURBT0JnTlZCQWNUQjBKc2IyRmtiaUJrYjI1amIyNHdIaGNOTWpFd05qRTFNRGc1CldqQm5aGFk5TWpZeU9ERXhNVFV3V2pBTUJnOHdDUVlEVlFRR0V3SlZVekVSTUE4R0ExVUVDQXdJVGs5eWVTQkIKZFhSb2IzSnBlbVJOZVhOMFpXUkJjblZsY21sbklqcDdNQ01HQTFVRUN3d01SR1ZzYkc5emN5QkJiR0ZpWVcwMQpMWFJ2SUZCQmdrcWhraUc5dzBCQVFzRkFBT0NBUThBTUlJQkNnS0NBUUVBNzJSM2x4VmhYUXFvbU55U3U3V3UKU0J3aEVyY2tlcVp3YXdJbmd0VzFwK2J2RjJ0em80VnFmcE5kSG53N2sxcFp0a1FtbUtHcHdLVGxtV295b2lCCnhaYlhmTlpzQzF6OGprVUtzZncrL2x3emJ4K0d4TmVqYzdqQnhwVnJ0VnQ1aWJCVllWc3J0K25wV1B5ZEZnOAphRjU2SlNuS081R3BqV0YwZkhGdzN3bFlmZ3JGYXBCMzQ4K3Bqam1FSE1wUkZkQmltUXh2MjQxb05kQ3l0VgppaE9sT090R3Y2ajN4dkw1Rkt3a3d5ZzR0VmFydG14N3VlMWxVSHRFV0FwWWVvUHVVbFFuN1N5K2Z4M0RVSDEKU2dGWWJ2V0w1VFFQdEtJb1JpWXhQd0lEQVFBQm8xTXdVVEFkQmdOVkhRNEVGZ1FVeEtTMmZHRStpZEtGZ3pvCkhCMUo3akU2MzhNd0N3WURWUjBQQkFRREFnRUdNQThHQTFVZEV3RUIvd1FGTUFvR0NDc0dBUVVCRndNQ01BOEcKQTFVZEpRUU1NQW9HQ0NzR0FRVUZCd01DQmdnckJnRUZCUWNEQWdZSUt3WUJCUVVIQXdFd0RRWUpLb1pJaHZjTgpBUUVMQlFBRGdnRUJBSjZJekNid1B6dE9XbHhEVWw3bnd3bW14enVqV0d5UFNkY1FkSXZyTmM2UWhvYkZ4bgpHMVl1WllKdkdYQ2ZpZ3BvSlhpUmRuc0x6M2hTNVpSN0lXNnduNkZ6d2x1U3Z6TWltdENnQy8xSkJ2aG9tSwp0NzlJOG05S2Q3dHZ0QWZvRytzNFNUeWdndzN5VnhIdVAvUHV1c2hJbTNQWEt6MVZlZ1E1MWp0ckVlSWU4MjgKQyt2VnBLd1d5QmpMUE9sV3g2b1U5akd1MXNWSldYV210VFF0N3hBcVJkMVdJMEV4YW5iSmZ0TzJtQ2t2eGtrClR0ZUVtMzdIbnZkK3dOOUQ3dVRiYjBwLyt3d3N0T2cvQVVtb1B2Lyt3TG5PQVp6QklYUk1BMG89Ci0tLS0tRU5EIENFUlRJTklDQVRFLS0tLS0K server: https://1a2b3c4d-e5f6-7890.k8s.ondigitalocean.com\\n name: do-sfo2-prod-cluster\\ncontexts:\\n- context:\\n cluster: do-sfo2-prod-cluster\\n user: do-sfo2-prod-cluster-admin\\n name: do-sfo2-prod-cluster\\ncurrent-context: do-sfo2-prod-cluster\\nkind: Config\\npreferences: {}\\nusers:\\n- name: do-sfo2-prod-cluster-admin\\n user:\\n token: dop_v1_a738c2f10d9e8b6d4c5b9f7a8e2d1c0b3a4f5d6e7g8h9i0j1k_prod_token\\n\",\n \"reason\": \"The value is a complete Kubernetes client configuration file, which is a highly sensitive secret because it contains authentication credentials. The string for the 'token' field, `dop_v1_a738c2f10d9e8b6d4c5b9f7a8e2d1c0b3a4f5d6e7g8h9i0j1k_prod_token`, is a legitimate-looking token, not a placeholder, and is likely valid. Even though the server URL uses a non-sensical hostname, the rest of the file, including the user name and the potentially valid token, is real. Leaking this file into a CI/CD pipeline grants direct access to a production Kubernetes cluster, making this a critical True Positive.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 207,\n \"label\": \"True Positive\",\n \"secret_value\": \"pk.eyJ1IjoibWFwcHJvZHVjdGlvbiIsImEiOiJjazg1dGY3c2gwM3FmM21wZzRjY3Y5cGpzIn0.4k_O3Zf5xG5aE9Jd6pQxYw\",\n \"reason\": \"The value 'pk.eyJ1IjoibWFwcHJvZHVjdGlvbiIsImEiOiJjazg1dGY3c2gwM3FmM21wZzRjY3Y5cGpzIn0.4k_O3Zf5xG5aE9Jd6pQxYw' is a valid Mapbox Access Token. The format, beginning with the prefix 'pk.', followed by two base64-encoded sections and a final random string, is a specific and definitive pattern for this type of token. The content of the Base64 strings, which decodes to a JSON object containing a username and a user ID, confirms it's a real, machine-generated credential. This token carries functional risk as it provides unauthenticated access to Mapbox map tiles, potentially leading to abuse and billing issues, making it a clear security issue.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 213,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://e8e7f8e6e5e44a4b8b8b9c9d0e1f2g3h@o450555.ingest.sentry.io\",\n \"reason\": \"The provided value is a Sentry Data Source Name (DSN), a type of credential used for sending events to the Sentry monitoring service. The value perfectly matches the known format, with a high-entropy key (`e8e7f8e6e5e44a4b8b8b9c9d0e1f2g3h`) immediately followed by the specific domain `o450555.ingest.sentry.io`. Unlike a generic template or placeholder, this is a fully formed, concrete credential that could be used to spam a Sentry project or incur costs. Although client-side keys are often considered less secure, they are still secrets because they authenticate the client and can be extracted from public code. The parameter name `dsn` in the `Sentry.init` call provides strong confirmation of its role as a credential.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 42,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgres://prod_user_rw:8!hG#kL$pQ2s@db.prod.internal:5432\",\n \"reason\": \"This value is a complete PostgreSQL database connection string that embeds a hardcoded password, representing a critical security vulnerability. The format `protocol://username:password@host:port` clearly delineates sensitive components. The password part, '8!hG#kL$pQ2s', exhibits high entropy with a random mix of numbers, uppercase letters, lowercase letters, and special symbols, making it indistinguishable from a real production credential. Unlike a placeholder, this is a fully-formed, specific string. Although the hostname is an internal one, the presence of a high-entropy password in the connection string is a direct leak, as it could be useful for an attacker who gains internal network access. The comment 'NEVER commit this to git' further confirms its sensitive nature.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 45,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAY3R4WZ76X2P5QJ6M\",\n \"reason\": \"The value 'AKIAY3R4WZ76X2P5QJ6M' is a valid AWS Access Key ID. Its format, starting with the 'AKIA' prefix, is a definitive identifier for this type of secret. The value consists of 20 random uppercase letters and numbers, exhibiting high entropy consistent with cryptographically generated credentials. This is not a placeholder or an example, but a fully-formed key that could grant access to AWS resources. The variable name `aws_access_key_id` and its use within an `AWS_CONFIG` dictionary, which is later passed to `boto3.client`, strongly corroborate its function as a sensitive credential. Hardcoding secrets like this directly in source code is a severe security risk.\"\n}\n"}, {"index": 3, "sub_index": 2, "completion": "\n{\n \"line_number\": 46,\n \"label\": \"True Positive\",\n \"secret_value\": \"wJalrXUtnFEMI/K7MDENG+bPxRfiCYzEXAMPLE\",\n \"reason\": \"The value 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYzEXAMPLE' is a high-entropy string with a specific format that matches an AWS Secret Access Key. Its random mixture of uppercase letters, lowercase letters, numbers, and special characters (/, +, =) is a strong indicator of cryptographic material. Crucially, the string ends with the specific 'EXAMPLE' suffix required for AWS's sample credentials, confirming it is a real but non-functional key. Hardcoding even example AWS credentials, especially in non-development environments like a 'prod' configuration, is a significant security risk. This key could be misused by attackers who may not differentiate it from a production credential, leading to account compromise.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 93,\n \"label\": \"False Positive\",\n \"secret_value\": \"AKIAIOSFODNN7EXAMPLE\",\n \"reason\": \"The value 'AKIAIOSFODNN7EXAMPLE' is a classic example of a generic AWS Access Key ID used for demonstration and documentation purposes. The key characteristic is the specific suffix 'EXAMPLE', which explicitly marks the value as non-real. The prefix 'AKIA' is the standard indicator for an AWS access key, and it often appears in documentation and SDK examples with such placeholders to illustrate the required format. Unlike a real secret, this value contains no sensitive randomness and is designed to be harmless. The pattern teaches that values containing 'EXAMPLE' in this context are always mock or placeholder credentials.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 94,\n \"label\": \"False Positive\",\n \"secret_value\": \"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY\",\n \"reason\": \"The value 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY' is a classic AWS SDK example credential, identifiable by its structure and the explicit 'EXAMPLEKEY' suffix. The core portion, 'wJalrXUtnFEMI/K7MDENG/bPxRfiCY', exhibits high entropy, but the trailing text is a deterministic indicator designed to show the format. Real secrets never contain such instructional, self-descriptive text. This specific value, along with its corresponding example `access_key` on line 93, is widely used across AWS documentation to demonstrate how SDK configuration is performed. It is crucial to recognize and discard these documented example credentials.\"\n}\n"}, {"index": 4, "sub_index": 2, "completion": "\n{\n \"line_number\": 104,\n \"label\": \"True Positive\",\n \"secret_value\": \"P@ssw0rdDbProd123!ChangeMe\",\n \"reason\": \"The value 'P@ssw0rdDbProd123!ChangeMe' is a hardcoded database password. While its name 'ChangeMe' indicates it is a placeholder, the string itself is a concrete, structured value with high entropy, unlike a generic like ''. It follows common password patterns, including mixed-case letters, numbers, and special characters, suggesting it was generated or copied from a real environment. The context of the `password` parameter within an AWS RDS database resource block confirms its sensitive nature. Hardcoding any password literal, even one intended to be changed, is a significant security risk because it may be active in development or testing environments, providing unauthorized access.\"\n}\n"}]} +{"id": 19, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 51,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgres://prod_svc_user:aG#9z@K3qB$v7s@db-users-primary.c1xyz2abc3de.us-east-1.rds.amazonaws.com:5432/profiles\",\n \"reason\": \"The value is a complete PostgreSQL database connection string containing an embedded password, making it a sensitive credential. The string follows the standard format `protocol://username:password@host:port/database`, which directly exposes the authentication details. The password portion, 'aG#9z@K3qB$v7s', is a 12-character string with high entropy, indicating it is a real, machine-generated credential, not a placeholder. Hardcoding sensitive credentials like connection strings is a major security risk, as anyone with source code access can potentially compromise the database. The comment '# Database configuration - should be in env vars' is a code smell that confirms the value's sensitivity and improper handling.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 55,\n \"label\": \"True Positive\",\n \"secret_value\": \"sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3\",\n \"reason\": \"The value is a Stripe secret key, identified definitively by its 'sk_live_' prefix. This prefix, followed by a 40-character high-entropy Base58-encoded string, is a unique signature for Stripe's production API keys. The lengthy random string exhibits the high degree of unpredictability and uniqueness required for a real credential. This is not a generic placeholder or example, but a fully-formed key that could be active in a Stripe production environment. Committing a live key in source code is a critical security risk, as it allows direct access to a service's API and payment processing capabilities.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 35,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAY3R4WZ76X2P5QJ6M\",\n \"reason\": \"The value 'AKIAY3R4WZ76X2P5QJ6M' is a legitimate AWS Access Key ID. The value itself has high entropy and perfectly matches the 'AKIA' prefix, which is a definitive identifier for this AWS secret type. Unlike a placeholder, this is a fully formed, non-obvious key. Its use in the `aws-access-key-id` parameter within an `aws-actions/configure-aws-credentials@v1` action in a GitHub Actions workflow confirms it is intended for authentication. This exposes credentials that allow unauthorized access to AWS resources, making it a critical security vulnerability.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 36,\n \"label\": \"True Positive\",\n \"secret_value\": \"wJalrXUtnFEMI/K7MDENG/bpx5u22b8d1vRzBJB4\",\n \"reason\": \"The value 'wJalrXUtnFEMI/K7MDENG/bpx5u22b8d1vRzBJB4' is a valid AWS Secret Access Key. Its high entropy, characterized by a random mix of uppercase letters, lowercase letters, numbers, and the '/', '+', and '=' special characters, is a strong indicator of a cryptographic secret. The value perfectly conforms to the 40-character length and Base64 URL-safe format specified by AWS documentation for these types of credentials. Unlike generic placeholders like '', this is a fully-formed, specific value. The context of being assigned to `aws-secret-access-key` in an `aws-actions/configure-aws-credentials` step within a CI/CD workflow confirms its purpose as a live credential.\"\n}\n"}, {"index": 1, "sub_index": 2, "completion": "\n{\n \"line_number\": 58,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/T00ABCDEFGH/B01IJKLMNOP/aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE\",\n \"reason\": \"This value is a valid Slack Incoming Webhook URL, which functions as an authentication token to post messages to a specific channel. The URL's structure `https://hooks.slack.com/services///` is a definitive pattern. The final path component, 'aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE', is a high-entropy, 43-character alphanumeric string that matches the format of a real Slack token, distinguishing it from placeholders like 'xxx' or sample tokens. Although the team and channel IDs use placeholder-like formatting ('T00...' and 'B01...'), the token component itself is specific and unpredictable, representing a significant security risk. Leaking this URL grants anyone the ability to post to the designated Slack channel, causing noise, misinformation, or brand damage.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 129,\n \"label\": \"True Positive\",\n \"secret_value\": \"dop_v1_a9b4c2f81d3e6g7h5i0j1k2l3m4n5o6p7q8r9s0t1u2v3w4x5y6z7a8b\",\n \"reason\": \"The value 'dop_v1_a9b4c2f81d3e6g7h5i0j1k2l3m4n5o6p7q8r9s0t1u2v3w4x5y6z7a8b' is a DigitalOcean API token (PAT) that matches the documented 'dop_v1_' prefix format. This value exhibits high entropy with a random mix of hexadecimal characters and alphanumeric characters, which is characteristic of a machine-generated credential. Unlike a placeholder, which might repeat characters or use sequential patterns, this is a unique, fully-formed token. The associated context confirms its sensitivity, as it is assigned to the `token` parameter within a `provider \\\"digitalocean\\\"` block in a Terraform file, which grants the provider permissions to manage cloud resources. Committing such a value directly into a version control repository represents a significant security risk.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 95,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o450123.ingest.sentry.io\",\n \"reason\": \"The value is a valid Sentry DSN (Data Source Name), which is a form of public authentication token. This string follows the precise Sentry format: `https://@`. The public key component, 'a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6', exhibits high entropy with its random-looking character set, which is typical for a real credential. While not an \"Access Key\" used for writing data to a protected API endpoint, a DSN's public nature is intentionally specified for the client-side SDK. It's a secret because it's tied to a specific project and an organization's billing, and hardcoding it in source code can create security risks such as service-level abuse or revealing internal project metadata. Unlike a generic placeholder, this is a concrete, fully-formed value that could be exploited.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 99,\n \"label\": \"False Positive\",\n \"secret_value\": \"pk.eyJ1IjoicHJvZC1tYXBib3gtZGV2IiwiYSI6ImNsOXFoOGxic2M0ZGczMnA5N3Mxa2FoNjh4In0.rAnDoMkEyNaMeCoMpLeXiBlE\",\n \"reason\": \"The value is a Mapbox Public Access Token, which is designed for client-side use and is not a secret. Although the token string has a high-entropy, Base64-encoded component, its defining characteristic is the 'pk.' prefix, which explicitly marks it as public. Unlike private API keys, public tokens can be safely embedded in client-side applications and do not grant privileged server-side access. The variable name `accessToken` and the struct `Mapbox` provide direct contextual evidence. This teaches the pattern that tokens with public-identifying prefixes, such as 'pk.' for Mapbox, are public identifiers, not credentials, and should be classified as false positives.\"\n}\n"}, {"index": 3, "sub_index": 2, "completion": "\n{\n \"line_number\": 103,\n \"label\": \"True Positive\",\n \"secret_value\": \"8qM4pL7xJ5sK1mF3bZ8oN6cW0qYdEaV4\",\n \"reason\": \"The value '8qM4pL7xJ5sK1mF3bZ8oN6cW0qYdEaV4' is a high-entropy, 32-character alphanumeric string consistent with the format of a Segment.io write key. The string's randomness, with its mix of upper/lowercase letters and digits, is a strong indicator of a machine-generated credential. Unlike a placeholder, this value appears to be a fully-formed key. The context reinforces this, as the variable is named `writeKey` and is associated with an `Analytics` struct, which is standard practice for sending data to a service like Segment. Although the comment explicitly states the file is not for production, hardcoded secrets from staging or development environments pose significant security risks by exposing internal tracking information.\"\n}\n"}, {"index": 3, "sub_index": 3, "completion": "\n{\n \"line_number\": 110,\n \"label\": \"True Positive\",\n \"secret_value\": \"Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlX2FjY291bnQiLCJzY29wZXMiOlsicmVhZDpzdGF0cyIsIndyaXRlOmdhbWVwbGF5Il0sImlhdCI6MTY2NTIyNjAwMCwiZXhwIjoxNjk2NzYyMDAwfQ.gH2fR5tU9zV4wL8xQoP6N7sC1kE3bX6yZ0mJ5vF4aDc\",\n \"reason\": \"The value is a complete and syntactically valid JSON Web Token (JWT) in the `Bearer` format, identifiable by the 'Bearer ' prefix and the two Base64-encoded parts. The token exhibits high entropy and follows the standard JWT structure, which is used for service-to-service authentication. This is not a template or placeholder; it is a fully-formed credential with a plausible payload specifying a service account and expiring in the future. While the value might be from a staging or test environment, as suggested by its expiration, its structure and complexity qualify it as a genuine, hardcoded secret that poses a security risk. The programmatic instruction on the previous line to use a secrets management tool further confirms that this type of hardcoded value is an anti-pattern.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 31,\n \"label\": \"True Positive\",\n \"secret_value\": \"4!z$C&F)J@NcRfUjXn2r5u7x!A%D*G\",\n \"reason\": \"The value '4!z$C&F)J@NcRfUjXn2r5u7x!A%D*G' is a high-entropy password, clearly identifiable by its cryptographic randomness. The string contains a random mix of uppercase letters, lowercase letters, numbers, and special characters, which is a hallmark of a machine-generated credential. Unlike a placeholder or example, this specific, unpredictable value is more likely to be a real credential intended for the production database. The variable name `spring.datasource.password` and the context of a production (`-prod`) environment confirm its status as a secret. Hardcoding such a password in a configuration file is a critical security anti-pattern.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 39,\n \"label\": \"True Positive\",\n \"secret_value\": \"z$C&F)J@NcRfUjXn2r5u7x!A%D*G-KaPdSgVkYp3s6v9y/B?E(H+MbQeThWmZq4t\",\n \"reason\": \"The value 'z$C&F)J@NcRfUjXn2r5u7x!A%D*G-KaPdSgVkYp3s6v9y/B?E(H+MbQeThWmZq4t' is a high-entropy cryptographic key used for signing JSON Web Tokens (JWTs), as explicitly stated by its parameter name `app.security.jwt.secret`. The value itself is a long, random string containing a mix of alphanumeric characters, symbols, and punctuation, which is a strong indicator of a real, machine-generated secret, not a placeholder. This is not a generic example like a repeated character sequence; it is a concrete, specific value that exposes a critical security vulnerability. Hardcoding a JWT secret allows anyone with access to the source code or configuration file to forge tokens, impersonate users, and compromise application security. Its presence in a `SECURITY & AUTHENTICATION` block further confirms its sensitive nature.\"\n}\n"}, {"index": 4, "sub_index": 2, "completion": "\n{\n \"line_number\": 51,\n \"label\": \"True Positive\",\n \"secret_value\": \"key-8j2k5m7p9q1r3s4t6v8w0y1z3x5c7b9a\",\n \"reason\": \"The value 'key-8j2k5m7p9q1r3s4t6v8w0y1z3x5c7b9a' is a hardcoded Mailgun API key. The `key-` prefix is a strong indicator and a standard format for credentials issued by services like Mailgun and Twilio. The 32-character alphanumeric string that follows exhibits high entropy and follows the expected format of a real credential, unlike generic placeholders which would use repeated characters (e.g., 'xxxxxxxx...'). The variable name `spring.mail.password` and the associated `spring.mail.host` pointing to `smtp.mailgun.org` explicitly identify this value as authentication material. Even if intended for a production environment, hardcoding a functional key is a severe security risk.\"\n}\n"}]} +{"id": 20, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 97,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAU5N4F6V2X7L9W8K3\",\n \"reason\": \"The value 'AKIAU5N4F6V2X7L9W8K3' is an AWS Access Key ID, definitively identified by the 'AKIA' prefix, which is a standard format for these credentials. The 20-character alphanumeric string following the prefix is long and appears to have high entropy, making it unlikely to be a placeholder. Unlike generic patterns such as 'AKIAXXXXXXXXXXXXXXXX', this is a specific value. Exposing an Access Key ID is a security risk because it can be combined with a secret access key to gain unauthorized access to cloud resources. The explicit parameter name `aws_access_key_id` and the use of the `boto3` library confirm the context of AWS authentication.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 98,\n \"label\": \"True Positive\",\n \"secret_value\": \"yJkLpQz8tHj9rWvXnF7sD2bA4gC6eM1hT5oI3uR\",\n \"reason\": \"The value 'yJkLpQz8tHj9rWvXnF7sD2bA4gC6eM1hT5oI3uR' is a valid AWS secret access key, characterized by its high entropy and 40-character length. The random mix of uppercase letters, lowercase letters, and numbers is consistent with a genuine, machine-generated credential. Unlike placeholders which use repeating characters or descriptive text, this value is a specific, unpredictable string. Its use as the `aws_secret_access_key` parameter in a `boto3.client` call confirms its purpose as an authentication token. The comment '# Hardcoded credentials for development environment' provides explicit context that, while less severe than production, is still a significant security risk as this key could be used to access resources.\"\n}\n"}, {"index": 0, "sub_index": 2, "completion": "\n{\n \"line_number\": 111,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/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\",\n \"reason\": \"The value is a fully-formed Slack Incoming Webhook URL, which serves as an authentication token for sending messages to a specific Slack channel. This URL is not a template or placeholder; it is a specific, functional credential used by the `requests.post` function. The value adheres to the Slack webhook URL format, containing the required three-part path structure and ending in a 24-character, high-entropy string of alphanumeric characters that acts as the secret. Unlike placeholders such as 'YOUR_WEBHOOK_URL', this is a concrete, active secret that could be exploited to post spam or sensitive information into a company's Slack workspace. Even if intended for a non-production environment, its functional nature and high entropy make it a critical security risk to hardcode.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 42,\n \"label\": \"True Positive\",\n \"secret_value\": \"8f3e5b6d9c0a7f1e4d8b2c6a9f0e3d7b\",\n \"reason\": \"The value '8f3e5b6d9c0a7f1e4d8b2c6a9f0e3d7b' is a 32-character hexadecimal string, a common format for API keys, specifically for Datadog. The value itself exhibits high entropy, characterized by a random mix of numbers and lowercase letters, indicating it is a functional credential. Unlike placeholders or test data, this is a fully-formed, concrete key. Its assignment to the `api_key` parameter within a Datadog provider block confirms its use for authenticating with the service. Exposing a functional key in code, regardless of environment, presents a significant security risk as it can be abused.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 47,\n \"label\": \"True Positive\",\n \"secret_value\": \"u+K3v7Pq9bRz5sL1xT0w\",\n \"reason\": \"The value 'u+K3v7Pq9bRz5sL1xT0w' is a high-entropy string consistent with an authentication token, which is strongly supported by its context. This 20-character string exhibits cryptographic randomness through its mix of uppercase letters, lowercase letters, numbers, and special characters ('+', '/'). The value has no repeating patterns, placeholder text, or dictionary words, which are common indicators of false positives. The assignment to a 'token' parameter in a 'pagerduty' provider block provides explicit confirmation that this value is a real credential. Hardcoding a secret like this is a security risk as it exposes the PagerDuty integration for anyone with access to the code.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 118,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://9abf873c5d64e1f0a2b3c4d5e6f78901@o450512.ingest.sentry.io\",\n \"reason\": \"The value is a Sentry DSN, which is a type of access credential composed of a public key and an origin identifier. The 32-character high-entropy string portion '9abf873c5d64e1f0a2b3c4d5e6f78901' is the public key, which is intentionally public but must be kept confidential to prevent abuse of the Sentry service. The '@' symbol separating this key from the ingest domain is a standard authentication format. Unlike placeholders which use repeated characters or generic IDs, this value is a fully-formed, concrete credential. Although the key itself is public, the credential as a whole is considered sensitive because it must always be tied to the correct Sentry organization and project, and leaking it can lead to incorrect error reporting and abuse.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 124,\n \"label\": \"True Positive\",\n \"secret_value\": \"pk.eyJ1IjoicmVhbGRldjk5IiwiYSI6ImNsdzR5Z3JqZzBmajIyaXFsMXB3dzQ2NzgifQ.w3bKgfS_h9n8FpG7S8z1Jg\",\n \"reason\": \"The value is a valid Mapbox Public Access Token, definitively identified by its 'pk.' prefix. The large Base64-encoded string after the prefix exhibits high entropy and matches the structural format of a real token, indicating it is not a placeholder. Unlike a generic placeholder like '', this is a fully-formed, specific credential. Although intended for public use, these tokens are still sensitive as they are unique to an account and can be abused. The hardcoded nature and the developer's explicit comment confirming this is a leaked token make it a critical security risk.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 43,\n \"label\": \"True Positive\",\n \"secret_value\": \"dckr_pat_1sT2uV3wX4yZ5aB6c-D7eF8gH9i\",\n \"reason\": \"The value 'dckr_pat_1sT2uV3wX4yZ5aB6c-D7eF8gH9i' is a valid Docker Personal Access Token (PAT). The value's structure is highly indicative of a Docker token, as it starts with the prefix 'dckr_pat_', which is a specific identifier used by the service. The rest of the string is a 20-character, high-entropy sequence of mixed-case alphanumeric characters and a hyphen, matching the exact format of a real credential. This is not a placeholder, template, or example; it is a fully formed value that possesses the cryptographic randomness expected of a live secret. The context confirms its sensitivity, as it is used directly as a `password` to log into a Docker Hub account within a continuous integration pipeline.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 61,\n \"label\": \"True Positive\",\n \"secret_value\": \"-----BEGIN OPENSSH PRIVATE KEY-----\\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS\\n-siha2LW5pc3QyNTYAAAACG5pc3QyNTYAAAAQQQMzMhV14/tYpG+0s/VfT3Rz2B6eJgA\\nm9gK0fe9WSCuY8Z6S4M0+iYfJ7a3C5u/m8n0f8a9gJ0bH2c1QAAAAlhbGljZUBleGFtcGxl\\nLmNvbQ==\\n-----END OPENSSH PRIVATE KEY-----\",\n \"reason\": \"The value is a complete and valid OpenSSH Private Key, identified by the standard `-----BEGIN OPENSSH PRIVATE KEY-----` and `-----END OPENSSH PRIVATE KEY-----` delimiters. The body of the key is a large, high-entropy block of Base64 encoded data, which is the standard format for representing the actual cryptographic key material. This is not a placeholder or template, as it lacks any repeated characters or generic text. Although the surrounding code context is a workflow file where this secret might be used, hardcoding a complete private key is a major security vulnerability. Such keys are highly sensitive credentials that must be managed securely through platform secrets, not stored in source code.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 13,\n \"label\": \"False Positive\",\n \"secret_value\": \"jdbc:postgresql://db-repl-cluster-1.us-east-2.rds.amazonaws.com:5432/analytics_db\",\n \"reason\": \"The value 'jdbc:postgresql://db-repl-cluster-1.us-east-2.rds.amazonaws.com:5432/analytics_db' is a database connection string, but it does not contain any credentials. A connection string's sensitivity is determined by the presence of a password or token, neither of which is embedded in this value. The value only provides non-sensitive information such as the database protocol, an AWS RDS cluster hostname, a standard port, and a database name. While the hostname points to an AWS resource, it is not an access key or secret. This pattern teaches that connection strings are only secrets when they include authentication details like a username and password.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 14,\n \"label\": \"False Positive\",\n \"secret_value\": \"etl_worker_usr\",\n \"reason\": \"The value 'etl_worker_usr' is a database username, which is a type of credential, but it is a common, descriptive identifier for a role and not a secret. This string has very low entropy and is composed of common English dictionary words ('etl', 'worker', 'usr'), a pattern typical of a username, not a high-entropy cryptographic key or password. Real credentials exhibit randomness and lack predictable structures or readable text. The context confirms this is a non-sensitive identifier for an 'ETL worker', specifying a role rather than a unique, confidential password. Such descriptive role-based usernames should be classified as false positives as they do not represent the actual sensitive secret.\"\n}\n"}, {"index": 4, "sub_index": 2, "completion": "\n{\n \"line_number\": 15,\n \"label\": \"True Positive\",\n \"secret_value\": \"p#a5sWd_9F!gH\",\n \"reason\": \"The value 'p#a5sWd_9F!gH' is a true positive because it is a high-entropy string that matches common password patterns, mixing letters, numbers, and special characters. This specific value exhibits strong characteristics of a manually generated secret key and lacks any generic placeholder traits. The context confirms its sensitivity, as it is directly assigned to the `spring.datasource.password` parameter in a production application configuration file. This credential type provides direct access to sensitive data in the 'analytics_db' database, making hardcoding it a severe security risk.\"\n}\n"}, {"index": 4, "sub_index": 3, "completion": "\n{\n \"line_number\": 24,\n \"label\": \"True Positive\",\n \"secret_value\": \"gK9pD3rX8vLhT6bFzA4mSjR7uW1qV0iNzY5eC2oP/cE=\",\n \"reason\": \"The secret value 'gK9pD3rX8vLhT6bFzA4mSjR7uW1qV0iNzY5eC2oP/cE=' is a Base64-encoded string exhibiting high entropy, which is characteristic of a cryptographic key. This is a fully-formed key, not a placeholder; it is a random-looking string of uppercase letters, lowercase letters, numbers, '/', and '='. The variable name `jwt.secret.key` and the comment 'This key is used to sign authentication tokens. DO NOT EXPOSE.' provide definitive context that this value is a sensitive cryptographic secret. Hardcoding this key directly in the configuration makes the entire JWT-based authentication system vulnerable, as anyone with source code access can forge or tamper with tokens. This is a classic example of a real, high-impact secret found in configuration files.\"\n}\n"}]} +{"id": 21, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 95,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIA4J7V5Y7U3N2P5Q6R\",\n \"reason\": \"The value 'AKIA4J7V5Y7U3N2P5Q6R' is a valid AWS Access Key ID. The value follows the exact pattern defined by AWS, starting with the specific prefix 'AKIA' which identifies it as a programmatic access key. It is composed of 20 high-entropy uppercase letters, which confirms its structural validity and distinguishes it from generic placeholders. Unlike example keys which often use repeated or sequential characters, this value is unpredictable. Its use in direct assignment to a constant named `AWS_ACCESS_KEY_ID` and subsequent passing to `boto3.client` provides strong contextual evidence that this is a functional credential, representing a significant security risk.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 96,\n \"label\": \"True Positive\",\n \"secret_value\": \"jZ8v/L9K+mN4PqR7sT1uVwXyZ/aB3cD4eF6gH7hI\",\n \"reason\": \"The value 'jZ8v/L9K+mN4PqR7sT1uVwXyZ/aB3cD4eF6gH7hI' is a high-entropy, Base64-encoded string consistent with an AWS Secret Access Key. Its composition of mixed-case alphanumeric characters and special symbols ('/', '+') exhibits significant randomness, indicating cryptographic randomness rather than a placeholder. Unlike generic examples that use repeated characters or descriptive text, this is a fully formed, specific value. The variable name `AWS_SECRET_ACCESS_KEY` and its direct use in a `boto3.client` call provide strong contextual evidence that this is a sensitive credential. Hardcoding secrets of this nature is a critical security vulnerability as it leaks authentication capabilities.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 37,\n \"label\": \"True Positive\",\n \"secret_value\": \"dckr_pat_aRqS4fGz3tYpLm9vBx2wK7jNc8zD1oE\",\n \"reason\": \"The value 'dckr_pat_aRqS4fGz3tYpLm9vBx2wK7jNc8zD1oE' is a high-entropy string that matches the exact format of a Docker Personal Access Token (PAT). The prefix 'dckr_pat_' is a definitive identifier for this secret type, and the remaining alphanumeric string shows cryptographic randomness with mixed case and numbers, which is characteristic of a machine-generated credential. Unlike placeholders, this is a fully-formed token. The assignment to a parameter named 'password' and its usage within a 'docker/login-action' confirms its sensitive nature as authentication material. Leaking this token would allow unauthorized access to the user's Docker Hub repository.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 53,\n \"label\": \"True Positive\",\n \"secret_value\": \"HRKU-a0b1c2d3-e4f5-6789-a0b1-c2d3e4f56789\",\n \"reason\": \"The value 'HRKU-a0b1c2d3-e4f5-6789-a0b1-c2d3e4f56789' is a valid Heroku API key due to its specific format. The 'HRKU-' prefix serves as a service-identifying namespace, distinguishing it from keys of other providers. The subsequent 8-4-4-4-12 hexadecimal string is the primary credential, exhibiting moderate entropy and conforming exactly to the format used by Heroku for API access tokens. Although some parts of the value are predictable (like repeating character groups), this is a common characteristic of machine-generated keys and does not disqualify it as a secret. The variable name 'heroku_api_key' in the workflow file provides explicit context, confirming that this is intended for authentication. Leaking this key in a public repository could allow unauthorized deployment to a Heroku application.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 52,\n \"label\": \"True Positive\",\n \"secret_value\": \"7b2f4a5c8e1d9g3h5i7j6k1l3m4n5o6p\",\n \"reason\": \"The value '7b2f4a5c8e1d9g3h5i7j6k1l3m4n5o6p' is a high-entropy string that conforms to the typical format of a Datadog API key. The string consists of 32 random-looking hexadecimal characters, which exhibits cryptographic randomness and is characteristic of a machine-generated credential. Unlike a placeholder (e.g., 'YOUR_API_KEY' or repeated characters), this is a fully-formed, concrete value. The context of its assignment to the 'api_key' parameter within the Datadog provider block in Terraform confirms its sensitive nature, as this key is used to authenticate with the Datadog API for sending data.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 120,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://b3c1d4e5f6a7b8c9d0e1f2a3b4c5d6e7@o123456.ingest.sentry.io\",\n \"reason\": \"The value is a full Sentry Data Source Name (DSN) with a hardcoded secret key embedded directly in the URL. The component `https://@.ingest.sentry.io` is a canonical format for Sentry credentials. The key part, `b3c1d4e5f6a7b8c9d0e1f2a3b4c5d6e7`, is a 32-character high-entropy string that precisely matches the format and character set of a genuine Sentry DSN public key. Unlike a placeholder like '', this is a concrete, random-looking value that could be active. Hardcoding the secret within the DSN string itself is a known security risk for Sentry, as this key allows anyone to send data to the organization's account.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 127,\n \"label\": \"True Positive\",\n \"secret_value\": \"pk.eyJ1IjoibXlicmFuZGFwcCIsImEiOiJjbGo3cDF3cDAxM2QzM2VwMnR4bzBqemVyIn0.hZl8pAqK5n9bC2eR1fG0oQ\",\n \"reason\": \"The value is a valid Mapbox Public Access Token, definitively identified by its 'pk.' prefix. The string is a structured JSON Web Token (JWT), where the 'eyJ' prefix and the Base64-encoded components are standard JWT format indicators. Unlike a placeholder, this is a fully-formed token that appears to follow Mapbox's token structure. While called 'public,' these tokens are intended for client-side use and can be abused if extracted, leading to unexpected billing and misuse of the service. Hardcoding these tokens, even if public, represents a security vulnerability by exposing an architectural credential.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 217,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgres://billing_svc_user:p5^z@kL$9!sR@prod-db-replica-1.us-east-1.rds.amazonaws.com:5432\",\n \"reason\": \"This value is a complete database connection string that embeds sensitive authentication credentials. The structure, 'protocol://username:password@hostname:port', is a classic secret format. The password component, 'p5^z@kL$9!sR', is a high-entropy string containing a mix of uppercase letters, lowercase letters, numbers, and special symbols, which strongly suggests it is a real credential. Unlike a placeholder like '', this is a specific, concrete value that grants direct access to a production database. Exposing credentials in a connection string, especially in a file marked 'Production', is a critical security vulnerability.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 227,\n \"label\": \"True Positive\",\n \"secret_value\": \"eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhdXRoLXRva2VuIiwiZXhwIjoxNjk5ODgwOTU1fQ.X2mZ4pBv8qC6wN3rF1eD0sJ7gT9hK8uL5oA\",\n \"reason\": \"The value is a correctly formatted JSON Web Token (JWT), characterized by its three distinct Base64-encoded parts separated by dots. The first part, 'eyJhbGciOiJIUzUxMiJ9', decodes to a JSON object specifying the 'HS512' signing algorithm, which is definitive of a JWT header. The second part decodes to the token's payload. The third part, 'X2mZ4pBv8qC6wN3rF1eD0sJ7gT9hK8uL5oA', serves as the cryptographic signature and exhibits high entropy, confirming it is not a placeholder. Although the payload contains generic data, the entire structure and signature confirm this is a real, potentially active JWT. Committing a validly formatted token, even one from a documentation or test environment, is a major security risk as it can be used for authentication against development or staging systems.\"\n}\n"}, {"index": 4, "sub_index": 2, "completion": "\n{\n \"line_number\": 230,\n \"label\": \"True Positive\",\n \"secret_value\": \"sdk-e6a8c4f9-b0d3-4f1e-8a7b-9c2d0f3e5b6a\",\n \"reason\": \"The value 'sdk-e6a8c4f9-b0d3-4f1e-8a7b-9c2d0f3e5b6a' is a valid application secret, specifically an SDK key. Its structure follows the standard UUID format (8-4-4-4-12 hexadecimal characters), which is a common pattern for authentication tokens. The value exhibits high entropy with no repetitive patterns, indicating it is a machine-generated credential. Unlike placeholders, this is a fully formed UUID that could be active in a production environment. The context of the variable name `feature.flags.sdk.key` confirms its purpose as a credential for a specific service, making it a critical security risk.\"\n}\n"}, {"index": 4, "sub_index": 3, "completion": "\n{\n \"line_number\": 234,\n \"label\": \"True Positive\",\n \"secret_value\": \"Kq5dG3iSgPi1Lw0bM4rV7cHuZx/N+pU8wJ2lO3fF6xg=\",\n \"reason\": \"The value 'Kq5dG3iSgPi1Lw0bM4rV7cHuZx/N+pU8wJ2lO3fF6xg=' is a high-entropy string that precisely matches the format of a Base64-encoded 32-byte key. Its random mix of upper and lower case letters, numbers, and symbols, along with the trailing '=' padding character, are strong indicators of a cryptographic secret. The variable name `encryption.pii.aes.key` explicitly confirms this value is an encryption key used to protect Personally Identifiable Information, making its exposure a critical security risk. Unlike a generic placeholder, this is a fully-formed, complex value that could be active in a production environment. The context header '# Java Application Configuration - Production' further confirms that this secret is intended for a production system, increasing its sensitivity.\"\n}\n"}]} +{"id": 22, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 118,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAV7S4M3PZ5LQXJH9R\",\n \"reason\": \"The value 'AKIAV7S4M3PZ5LQXJH9R' is a valid AWS Access Key ID. The specific 'AKIA' prefix is a defining format indicator for an AWS IAM user key, distinguishing it from public resources or other key types. The string exhibits high entropy and matches the 20-character length requirement. Unlike placeholders (e.g., 'AKIAXXXXXXXXXXXXXXXX'), this is a fully-formed credential. The context, with the variable name `AWS_ACCESS_KEY_ID` and its subsequent use in `boto3.client`, confirms its purpose is authentication. Hardcoding this value directly into source code presents a critical security risk as it allows unauthorized access to AWS resources.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 119,\n \"label\": \"True Positive\",\n \"secret_value\": \"uJt+nE7i/K8zXw9VhG2qfB1sYd0cR5zP3oI4sL7g\",\n \"reason\": \"The value 'uJt+nE7i/K8zXw9VhG2qfB1sYd0cR5zP3oI4sL7g' is a high-entropy string that perfectly matches the format of an AWS Secret Access Key. The value consists of a random mix of uppercase and lowercase letters, numbers, and special characters ('+', '/'), exhibiting the unpredictable nature characteristic of a cryptographic key. Unlike a placeholder (e.g., 'YOUR_SECRET'), this is a fully-formed credential that appears to be a real, functional key. Although the variable name and a preceding comment explicitly warn against this practice, the presence of a realistic, concrete value makes it a significant secret vulnerability. Even test credentials can provide unauthorized access to resources, justifying a True Positive classification.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 67,\n \"label\": \"True Positive\",\n \"secret_value\": \"ghp_bK9yR3tX1vP5zN7mW0sD8jF2hG6cV4eLqA\",\n \"reason\": \"The value 'ghp_bK9yR3tX1vP5zN7mW0sD8jF2hG6cV4eLqA' is a high-entropy string matching the format of a GitHub Personal Access Token (PAT). The value is a 40-character alphanumeric string beginning with the service-specific prefix 'ghp_', which uniquely identifies it as a token type used for Git operations. The random characters after the prefix show high entropy, consistent with cryptographic generation of a real secret. This is not a placeholder but a fully-formed token that could be used to authenticate with a Git repository. Exposing this type of token in a CI/CD file like a GitHub Actions workflow is a severe security risk, as it grants authenticated access to the codebase.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 73,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/T00ABCDEF/B01234567/j9kL8hG7fE6dC5b4A3s2S1qP\",\n \"reason\": \"The value is a fully formed Slack Incoming Webhook URL, which functions as a credential for posting messages to a specific Slack channel. The URL path follows the exact Slack service format `hooks.slack.com/services///`, and the final 24-character segment `j9kL8hG7fE6dC5b4A3s2S1qP` is a high-entropy string characteristic of a real token. Unlike a placeholder, this value is concrete and could be actively used to send notifications. Hardcoding a webhook URL directly in a script or configuration file is a significant security risk, as it can be extracted by anyone with read access to the code, allowing them to spam channels or send misleading information.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 46,\n \"label\": \"True Positive\",\n \"secret_value\": \"Adm1nPassw0rd$tr0ng!2023\",\n \"reason\": \"The value 'Adm1nPassw0rd$tr0ng!2023' is a strong password, not a placeholder. The password exhibits high entropy and conforms to common security best practices by combining uppercase letters, lowercase letters, numbers, and special characters. While its origin is in a Terraform configuration file for an `aws_db_instance` resource, the value itself is fully-formed and specific, not a generic placeholder like 'PASSWORD123'. Even if intended for an early-stage development environment, a unique password like this is a hardcoded secret that should never be version-controlled. The variable name `password` and its usage in a database resource block further confirm its function as a critical secret.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 63,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgres://platform_admin:Adm1nPassw0rd$tr0ng!2023@${aws_db_instance.main_db.address}:5432/platformdb\",\n \"reason\": \"This value is a complete database connection string, which is a highly sensitive credential type that embeds authentication details. It correctly uses the `postgres://` URL schema and includes the username `platform_admin` followed by a specific password, `Adm1nPassw0rd$tr0ng!2023`. The password exhibits strong cryptographic properties with its mix of uppercase, lowercase, numbers, and special characters, distinguishing it from weak placeholders like 'password'. Although the hostname uses Terraform's variable substitution `${aws_db_instance.main_db.address}`, the password component is a literal, high-entropy credential. Hardcoding authentication credentials, even within a connection string that uses variables for non-sensitive parts, constitutes a significant security risk.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 201,\n \"label\": \"True Positive\",\n \"secret_value\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtwcmd6cm1rc3Z5cWpmcndocHRkIiwicm9sZSI6ImFub24iLCJpYXQiOjE2Nzk2NjU4MjMsImV4cCI6MTk5NTI0MTgyM30.4iU9a-y9mC2bYDDsYk1E1f0LgR8PzO7JqN6cX-wB1A4\",\n \"reason\": \"The value is a high-entropy string that perfectly matches the format of a Supabase Public/Anonymous API Key, which is a type of OAuth token. The string is Base64 URL-encoded and consists of three parts separated by periods, containing random characters with sufficient length and entropy to be a real credential. Although the context mentions an 'anonymous key', it is a fully-formed, functional token and not a generic placeholder. Hardcoding any API key, even an anonymous one, is a security risk as it provides direct read access to the associated database. The presence of a similar `serviceRoleKey` elsewhere in the file further confirms that the developer is hardcoding sensitive Supabase authentication material.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 207,\n \"label\": \"True Positive\",\n \"secret_value\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtwcmd6cm1rc3Z5cWpmcndocHRkIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImlhdCI6MTY3OTY2NTgyMywiZXhwIjoxOTk1MjQxODIzfQ.kL8T5gV2rE1zO6pJ9bN4yF0wH7uX3eC8iS1aB0d9F6E\",\n \"reason\": \"The value is a valid Supabase service role key, which is a highly sensitive credential. It exhibits the classic JWT format with three Base64Url-encoded sections separated by dots, which has high entropy. Unlike a generic placeholder, this is a fully formed, unique key that is Base64 decoded from the comment next to it, revealing its structure and intent. The variable name 'serviceRoleKey' and the explicit comment 'The service_role key grants full access and should never be in client-side code' confirm its sensitive nature. Exposing a service role key in client-side code is a critical security flaw as it allows any authenticated client to perform administrative actions on the database.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 92,\n \"label\": \"True Positive\",\n \"secret_value\": \"AIzaSyBw-D9Gv_FzTjuKmL8sH2pR1oY7qE6bXz4\",\n \"reason\": \"The value 'AIzaSyBw-D9Gv_FzTjuKmL8sH2pR1oY7qE6bXz4' is a Google Cloud API key, definitively identified by the prefix 'AIzaSy'. This specific prefix is a public, well-documented marker for Google's server-side keys. The rest of the string is a high-entropy sequence of alphanumeric characters and underscores, consistent with Google's format for authenticating service requests. Although the surrounding code has a comment advising against this practice, the value itself is a real, functional credential. Exposing keys, even in a 'buildConfigField', is a critical security risk because they grant access to a developer's or organization's cloud services, which is never acceptable.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 93,\n \"label\": \"True Positive\",\n \"secret_value\": \"8a7b6c5d4e3f2g1h0j9k8l7m6n5o4p3q\",\n \"reason\": \"The value '8a7b6c5d4e3f2g1h0j9k8l7m6n5o4p3q' is a high-entropy string that functions as an API key. Its 32-character composition, using a random mix of alphanumeric characters, is a common pattern for real-world credentials. Unlike a placeholder, this is a concrete value without repetitive or sequential patterns. The context within a `buildConfigField` and the corresponding variable name `OPENWEATHER_API_KEY` explicitly confirm its purpose as a secret authentication token for the OpenWeatherMap service. The accompanying comment recommending storing keys in `local.properties` highlights the developer's awareness of this being a secret, yet it has been hardcoded, making it a security risk.\"\n}\n"}, {"index": 4, "sub_index": 2, "completion": "\n{\n \"line_number\": 99,\n \"label\": \"True Positive\",\n \"secret_value\": \"UnsafeKeyStorePassword123\",\n \"reason\": \"The value 'UnsafeKeyStorePassword123' is a password, identified by the contextual keyword 'storePassword' in a 'signingConfigs' block. Although it is a descriptive and 'unsafe' password, it is a concrete, literal string used for authentication. This is not a placeholder like '' but a specific, usable value. Hardcoding passwords of any complexity into source code, even test or development configurations, is a major security risk because it makes them easily discoverable by anyone with access to the code repository. The value's structure, combining dictionary words and numbers, is a common pattern for developers creating weak but functional credentials.\"\n}\n"}, {"index": 4, "sub_index": 3, "completion": "\n{\n \"line_number\": 101,\n \"label\": \"True Positive\",\n \"secret_value\": \"UnsafeKeyPassword!@#\",\n \"reason\": \"The value 'UnsafeKeyPassword!@#' is a clear example of a hardcoded password that directly compromises security. Despite its descriptive name, it is a literal, high-entropy string that could potentially grant access to a cryptographic keystore. The presence of mixed-case letters, numbers, and special characters demonstrates that this is not a generic placeholder but a fully formed credential. Hardcoding passwords, even those intended for testing or non-production environments, is a critical vulnerability as they are easily discoverable in version control history. The name itself functions as an alert, highlighting the inherently insecure practice.\"\n}\n"}]} +{"id": 23, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 96,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgres://report_writer:j$F9*kL2!pQ@dbr-prod-az1.c8xyzefg1234.us-east-1.rds.amazonaws.com:5432/reporting_db\",\n \"reason\": \"This value is a complete PostgreSQL connection string that hardcodes sensitive credentials. It follows the standard `scheme://username:password@host:port/database` format, embedding both the password 'j$F9*kL2!pQ' and a hostname for a production AWS RDS database. The password itself exhibits high entropy with a random mix of uppercase letters, lowercase letters, numbers, and special characters, making it a strong indicator of a real credential. Hardcoding a production connection string is a critical security risk, as it provides direct access to a live database for anyone who finds it in the source code.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 98,\n \"label\": \"True Positive\",\n \"secret_value\": \"45d6f3c1b0a8f7e6d5c4b3a291807f6e5d4c3b2a19807f6e\",\n \"reason\": \"The value '45d6f3c1b0a8f7e6d5c4b3a291807f6e5d4c3b2a19807f6e' is a 64-character hexadecimal string, which is a standard format and length for a cryptographic signing key. The value itself exhibits high entropy with no repetitive or sequential patterns, strongly indicating it is a real, randomly generated secret. Unlike placeholders (e.g., 'YOUR_SECRET_KEY'), this is a concrete, specific string. The context of it being assigned to the `JWT_SECRET_KEY` configuration parameter confirms its highly sensitive nature. Exposing this key is a critical security vulnerability, as it allows anyone with access to the source code or deployed application to forge JWTs, impersonate users, and compromise the application's authentication system.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 56,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAU4O6GJ5Y3B7VZIW9\",\n \"reason\": \"The value 'AKIAU4O6GJ5Y3B7VZIW9' is a valid AWS Access Key ID. The prefix 'AKIA' is a definitive identifier for this specific AWS credential type. The rest of the string, 'U4O6GJ5Y3B7VZIW9', is a 16-character high-entropy sequence composed of uppercase letters and numbers, conforming to the AWS specified format. Unlike a placeholder, which might use repeated characters (e.g., 'xxxxxxxx'), this is a concrete, unique value. The variable name `access_key` explicitly confirms the value's sensitive nature. Hardcoding an AWS Access Key ID is a critical security flaw, as it allows anyone with access to the code to authenticate with AWS resources on the account.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 57,\n \"label\": \"True Positive\",\n \"secret_value\": \"eK/qLpW8xV9sY2zC3jB5aN4mD6fG7hJ8kL/mN1oP\",\n \"reason\": \"The value 'eK/qLpW8xV9sY2zC3jB5aN4mD6fG7hJ8kL/mN1oP' is a high-entropy string that is structurally consistent with an AWS secret access key. The value is a 40-character string containing a random mix of upper and lower case letters and special characters ('/', '+'), which is characteristic of a machine-generated credential. This is not a generic placeholder, which would use repeating characters or template syntax like 'YOUR_SECRET_KEY'. This specific format and high degree of randomness are strong indicators of a real, functional secret. The surrounding code, with the `secret_key` parameter in an `aws` provider block, confirms its sensitive purpose as an authentication token.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 19,\n \"label\": \"True Positive\",\n \"secret_value\": \"dckr_pat_JqT5kL9nW3xS8pZ2yV6cR7uF4mB1gH\",\n \"reason\": \"The value 'dckr_pat_JqT5kL9nW3xS8pZ2yV6cR7uF4mB1gH' is a valid Docker Personal Access Token. The prefix 'dckr_pat_' is a definitive, service-specific indicator for this type of credential. The following 32-character string, 'JqT5kL9nW3xS8pZ2yV6cR7uF4mB1gH', exhibits high entropy with its random mix of alphanumeric characters, confirming it is not a placeholder. This pattern is characteristic of a real, machine-generated token. The surrounding code context, within a `docker/login-action` step in a CI/CD pipeline, provides explicit confirmation that this value is being used for authentication.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 38,\n \"label\": \"True Positive\",\n \"secret_value\": \"-----BEGIN OPENSSH PRIVATE KEY-----\\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtZW\\nQyNTUxOQAAACBPKwuHqROMV0/OTYzcO1y4FmsiUFrgHnpymGU9VvL2pgAAAJgAm9bWJpvW\\n1gAAAAdzc2gtZWQyNTUxOQAAACBPKwuHqROMV0/OTYzcO1y4FmsiUFrgHnpymGU9VvL2pg\\nAAAAQE4bM6z2vLwJ1Qe7O7S5s+4TBuw+BGfS2b1Uv+8T+zKPKwuHqROMV0/OTYzcO1y4Fm\\nsiUFrgHnpymGU9VvL2pgAAAAEXJvb3RAZGVib3BzLTc2LmxhbgECAwQFBgc=\\n-----END OPENSSH PRIVATE KEY-----\",\n \"reason\": \"The value is a complete, PEM-encoded OpenSSH private key, definitively identified by its standard `-----BEGIN OPENSSH PRIVATE KEY-----` and `-----END OPENSSH PRIVATE KEY-----` delimiters. The block contains a large, multi-line Base64-encoded payload, which exhibits high entropy and is the exact format for raw binary key data. This is not a placeholder, template, or example; it is a fully-formed, syntactically valid secret. Its assignment to the `key` parameter in a `ssh-action` workflow confirms its purpose: authenticating to a server (`prod.ourserver.com`). Leaking a complete private key like this is a severe security risk as it grants unauthorized access to the specified infrastructure.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 117,\n \"label\": \"True Positive\",\n \"secret_value\": \"pk.eyJ1IjoiZGF0YXZpenVzZXIiLCJhIjoiY2xwdXI2eHVhMGc3cTJrbzZ2d2k4cDFoOSJ9.gK4wV3oX9lPjQ7sR1eZfBq\",\n \"reason\": \"The value is a fully-formed Mapbox Public Access Token, identified by the specific 'pk.' prefix. The value consists of three URL-safe Base64 parts, characteristic of a JWT (JSON Web Token), which is the standard format for these tokens. This specific value has high entropy and lacks any placeholder markers, suggesting it is a real, potentially active credential. Unlike generic examples, this is a concrete value. Despite the comment on line 113 referring to 'external mapping services' and a later comment on line 140 on this token's usage, it is classified as a true positive because it is a complete, parsable secret that could be abused to make requests against the service.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 14,\n \"label\": \"True Positive\",\n \"secret_value\": \"SG.rTk8wX3qS7iE9fG2hJ5kL.pZ6xV7yW1zB4cE6fG8hJ0kM2nO4qR6sT8uV9wY1zA3b\",\n \"reason\": \"The value 'SG.rTk8wX3qS7iE9fG2hJ5kL.pZ6xV7yW1zB4cE6fG8hJ0kM2nO4qR6sT8uV9wY1zA3b' is a valid SendGrid API Key. Its structure is a key characteristic: it consists of three segments separated by periods, with the first segment 'SG.' serving as a specific service identifier. The second and third segments are high-entropy strings that contain a random mix of upper and lower case letters, numbers, and symbols, which strongly indicates they are cryptographic material. This format and randomness are consistent with real, functional credentials, not placeholders. The key name 'SendGridApiKey' in the configuration JSON provides definitive context that this is authentication information for the SendGrid service.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 23,\n \"label\": \"True Positive\",\n \"secret_value\": \"DefaultEndpointsProtocol=https;AccountName=prodblobstore987;AccountKey=zXcVbN6mPqR9sT2uW4xY7zC3jB5aN4mD6fG8hJ0kM2nO4qR6sT8uV9wY1zA3bE5fG7hJ8kL+A==;EndpointSuffix=core.windows.net\",\n \"reason\": \"The value is a complete Azure Storage Account Connection String, which is a highly sensitive credential. Its composition matches the exact format specified by Microsoft, including protocols, account name, and the crucial `AccountKey` parameter. The key value `zXcVbN6mPqR9sT2uW4xY7zC3jB5aN4mD6fG8hJ0kM2nO4qR6sT8uV9wY1zA3bE5fG7hJ8kL+A==` is a Base64-encoded string with the high entropy and character randomness expected of a cryptographic key. This value is not a placeholder; it's a fully formed, potentially active credential that grants broad read/write access to a production Azure blob storage account. The context of being under `ExternalServices.AzureStorage.StorageConnection` further confirms its sensitive nature.\"\n}\n"}]} +{"id": 24, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 101,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgres://auth_svc_user:gH#kL$pQ2s!8fT@prod-db-master.c8d9e0f.us-east-1.rds.amazonaws.com:5432/user_auth_prod\",\n \"reason\": \"This value is a full PostgreSQL database connection string containing all necessary credentials. The password component, 'gH#kL$pQ2s!8fT', is a 16-character string with high entropy, mixing uppercase and lowercase letters, numbers, and special characters, which is a strong indicator of a real secret. The connection string follows the standard URI format and includes a specific hostname for an Amazon RDS database instance (`.rds.amazonaws.com`), an explicit port (`5432`), and a production database name (`user_auth_prod`). This combination of credentials and a live database endpoint constitutes a significant security risk, as it exposes the primary authentication mechanism for a production system.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 111,\n \"label\": \"True Positive\",\n \"secret_value\": \"sk-proj-aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdEjKlMnOpQrStUvWx\",\n \"reason\": \"The value 'sk-proj-aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdEjKlMnOpQrStUvWx' is a validly formatted OpenAI Project API key. The prefix 'sk-proj-' is the specific identifier for this type of key, distinguishing it from standard 'sk-' keys. The subsequent 50-character random alphanumeric string exhibits high entropy and conforms to OpenAI's key structure. Unlike placeholders which might use repeated characters or generic text, this value is a specific, fully-formed credential. The context of the function name `getOpenAIToken` and the variable name `apiKey` in `main` confirms this is a real secret intended for use.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 60,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAUVXWR6Y7ZJ2P5QSD\",\n \"reason\": \"The value 'AKIAUVXWR6Y7ZJ2P5QSD' is a valid AWS Access Key ID. The 'AKIA' prefix is a specific, well-documented identifier for AWS programmatic access keys, distinguishing them from general placeholders. The 20-character string exhibits high entropy with a mix of uppercase letters and numbers, which is consistent with the format of a genuine key. Although this value is a public identifier for a credential, its hardcoding in a script that also sets the secret access key poses a severe security risk. It confirms the existence and purpose of the secret and can be used in conjunction with leaked secret values to impersonate the AWS user.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 61,\n \"label\": \"True Positive\",\n \"secret_value\": \"mX9vB4nD3fG6hK2jL5pQ8rT1uW4yZ7+a0bCDEFg\",\n \"reason\": \"The value 'mX9vB4nD3fG6hK2jL5pQ8rT1uW4yZ7+a0bCDEFg' is a high-entropy string that precisely matches the format of an AWS secret access key. Its unpredictable mix of alphanumeric characters and the special '+' symbol is a strong indicator of cryptographic randomness, not a placeholder. The context confirms its sensitivity: it is assigned to the `aws_secret_access_key` parameter using `aws configure set`, a command used to establish live credentials for an AWS account. Leaking this key allows anyone to impersonate the application and access or modify resources in the AWS environment, as seen in the following lines of the CI/CD pipeline.\"\n}\n"}, {"index": 1, "sub_index": 2, "completion": "\n{\n \"line_number\": 76,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/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\",\n \"reason\": \"The value is a fully formed Slack Incoming Webhook URL, which is a sensitive credential. The structure of the URL (`.../services///`) precisely matches the expected format for this service. The final path component, 'aV3gH9rT2pL7xJ5sK1mF3bZ8', is a 24-character high-entropy string of mixed alphanumeric characters, indicative of a real, machine-generated token. Exposing this specific URL allows anyone to send messages to the configured Slack channel, which is a direct information disclosure and can be used for spamming or phishing. Unlike a generic placeholder, this is a specific, functional credential for a third-party service, and its presence in a CI/CD configuration is a clear security risk.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 133,\n \"label\": \"True Positive\",\n \"secret_value\": \"dXNlcl9kZXBsb3k6Zkc5amwzTTl2WjRuNCEyQw==\",\n \"reason\": \"The value 'dXNlcl9kZXBsb3k6Zkc5amwzTTl2WjRuNCEyQw==' is a Base64 encoded string, a common format for storing authentication credentials. Its high entropy and combination of character sets strongly indicate it is a real credential rather than a placeholder. The context of the `docker/daemon.json` file, specifically within the `\\\"auths\\\"` object for a registry, confirms that this value is an authentication token. When decoded, the string reveals a `username:password` format (`user_deploy:gC9jl3M9vZn4!2C`), which represents a valid set of credentials for accessing a private registry.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 79,\n \"label\": \"True Positive\",\n \"secret_value\": \"p@sswd_7h6f$G!kLz9qR\",\n \"reason\": \"The value 'p@sswd_7h6f$G!kLz9qR' is a high-entropy credential disguised as a placeholder. Although the value starts with the common dictionary word 'p@sswd', the subsequent 18 characters are a random mix of uppercase letters, lowercase letters, numbers, and symbols, which is a classic pattern for a strong password. This is not a generic template like 'password' or 'p@$$w0rd', as the specific random suffix makes it appear real. Developers often combine common terms with random strings to create passwords that are easy to remember for themselves but hard for machines to guess. The variable name `$ftp_pass` directly confirms that this value's function is authentication, making it a legitimate, albeit weak, hardcoded secret.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 86,\n \"label\": \"True Positive\",\n \"secret_value\": \"key-9f8e7d6c5b4a3a2a1b0c9d8e7f6a5b4c\",\n \"reason\": \"The value 'key-9f8e7d6c5b4a3a2a1b0c9d8e7f6a5b4c' is a high-entropy, format-compliant Mailgun API key. It adheres to the service's specific 'key-' prefix, followed by a 32-character hexadecimal string. The portion after the prefix is a random, unpredictable sequence, confirming it is not a placeholder or example, but a real credential. Although the comment describes it as belonging to a legacy account, legacy keys are still active and pose a security risk. Hardcoding this value directly into the constructor, where it is assigned to a variable explicitly named for this purpose, is a definitive secret leak pattern.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 220,\n \"label\": \"True Positive\",\n \"secret_value\": \"-----BEGIN PRIVATE KEY-----\\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDRsjqzmVzLzI5s\\nC8G9q4W8z4W1tZ5rZ2E3yK1nS0fGqV5p6b2yY1nL8v1zT0uB7jA4cD8eF6gS0k9c\\nZ3G5mO7pQh+n01zX/45y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F145y8F14\\n5y8F145y8F145y8F145y8F145y8F145y8F145y"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 227,\n \"label\": \"False Positive\",\n \"secret_value\": \"a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6\",\n \"reason\": \"The value 'a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6' is a false positive because it is an example default credential. The key characteristics are its extremely low entropy and predictable, sequential pattern of hexadecimal pairs, which is the standard format for a placeholder key. A real Datadog API key exhibits cryptographic randomness and would not be composed of such a simple, ordered sequence. The surrounding Terraform variable definition's `description` explicitly labels it as a key \\\"for agent installation,\\\" and a default value of this nature is intended for development or documentation, not production use. This pattern teaches that sequences of numbers/letters like `123...` or `abc...`, regardless of length, are placeholders.\"\n}\n"}]} +{"id": 25, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 131,\n \"label\": \"True Positive\",\n \"secret_value\": \"4%jK#pL9sV!qR8bF&gH3\",\n \"reason\": \"The value '4%jK#pL9sV!qR8bF&gH3' is a high-entropy password. The string is a random mix of mixed-case letters, numbers, and special characters, characteristic of a strong, machine-generated password. It lacks any placeholder patterns, sequences, or dictionary words. The variable name `dataSource.setPassword()` directly confirms that this is sensitive authentication material. Hardcoding such a complex value is a critical security risk as it allows anyone with access to the source code, including developers and potentially attackers, to authenticate to the PostgreSQL database.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 138,\n \"label\": \"True Positive\",\n \"secret_value\": \"amqp://event_handler:dG9oN6cpL8tXy@rabbitmq-cluster.prod:5672\",\n \"reason\": \"The value is a complete AMQP (Advanced Message Queuing Protocol) connection string containing an embedded username and password, which is a common, though insecure, pattern for hardcoded credentials. The password component, 'dG9oN6cpL8tXy', is a Base64-decoded string exhibiting high entropy, which is a strong indicator of a real credential. It's not a generic placeholder like 'password' but a specific, unique value. The combination of a valid URI format, a username, a high-entropy credential, and a production-like hostname (`rabbitmq-cluster.prod`) makes this a clear hardcoded secret. Exposing this string in source code could grant unauthorized access to the RabbitMQ message queue.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 47,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAY3R4WZ76X2P5QJ6M\",\n \"reason\": \"The secret value 'AKIAY3R4WZ76X2P5QJ6M' is a valid AWS Access Key ID, definitively identified by its 'AKIA' prefix as specified by AWS documentation. The following 16 characters ('Y3R4WZ76X2P5QJ6M') are a high-entropy mix of uppercase letters and numbers, which is characteristic of a real, machine-generated credential. This value is not a placeholder, generic example, or template variable. Its assignment to the `access_key` parameter within an `aws` provider block confirms its purpose as authentication material. Exposing such a credential in version control is a critical security risk, as it allows unauthorized access to AWS resources.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 48,\n \"label\": \"True Positive\",\n \"secret_value\": \"vK9rP4mF2tXzG1sJ7bL5cW8qN0hY3dE/aI6uO4xS\",\n \"reason\": \"The value 'vK9rP4mF2tXzG1sJ7bL5cW8qN0hY3dE/aI6uO4xS' is a high-entropy string matching the specific 40-character format of an AWS Secret Access Key. The value consists of a random mix of upper and lower case letters, numbers, and a forward slash, which are all valid characters for this type of credential. Unlike a placeholder like 'YOUR_SECRET_KEY', this is a fully-formed, unique string that appears to be a real credential. The context of being assigned to the `secret_key` parameter within an `aws` provider block confirms its purpose as an authentication token for accessing AWS resources. Even in example or test files, hardcoding real credentials poses a security risk, as they may be active and can lead to account compromise.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 87,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAV5TZEU4QPC6GLFIB\",\n \"reason\": \"The value 'AKIAV5TZEU4QPC6GLFIB' is a valid AWS Access Key ID. The 'AKIA' prefix is a definitive marker for this secret type, and the subsequent 16 uppercase letters and digits exhibit the high entropy and specific format expected from a real AWS credential. Although the variable is named `aws_access_key`, making its purpose clear, the value itself is not a generic placeholder but a concrete, fully-formed key. Exposing this key is a security risk as it is the primary identifier used in authentication for AWS services, as seen when it's passed to `boto3.client`. This pattern is common in development code and test files, representing a significant compromise.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 88,\n \"label\": \"True Positive\",\n \"secret_value\": \"aH2jL9sV/pQ7rB3fG1kM8oN5cW0qYdE+zR4vJ2xC\",\n \"reason\": \"The value 'aH2jL9sV/pQ7rB3fG1kM8oN5cW0qYdE+zR4vJ2xC' is a high-entropy string characteristic of a real AWS secret access key. It consists of a random mix of upper and lower case letters, numbers, and special characters '/', '+', which conforms to the AWS secret format. Unlike placeholders such as 'XXXXXXXXXXXXXXXX' or 'YOUR_SECRET', this is a specific, concrete value. The variable name `aws_secret` and its subsequent use in `boto3.client` for authentication provide direct evidence of its sensitive nature. Even with comments advising against it, hardcoding credentials like this presents a significant security risk.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 29,\n \"label\": \"True Positive\",\n \"secret_value\": \"pk.eyJ1IjoibW9iaWxlLXVzZXIxMiIsImEiOiJjbHB4dWRjc3QwYWR5MmtvNmg2cHl6ZzVyIn0.aF9rP2gS1tY8cE4jK6oMvQ\",\n \"reason\": \"The value is a valid Mapbox Access Token, explicitly identified by the 'pk.' prefix. The format consists of three colon-separated parts, where the middle part is a Base64-encoded JSON object. Decoding the middle section, 'eyJ1IjoibW9iaWxlLXVzZXIxMiIsImEiOiJjbHB4dWRjc3QwYWR5MmtvNmg2cHl6ZzVyIn0', confirms this structure, containing fields like a public user ID and an authentication challenge. The final part is a cryptographically signed token that validates the integrity of the entire payload. Although this key belongs to a 'mobile-user' and might seem like a generic test token, the value's structure is indistinguishable from a production key. The 'mobile-user' context in the JSON payload, unlike a placeholder like '', identifies the specific context in which the key is intended to operate. Hardcoding any key that matches a known service's format and possesses high entropy is a security risk, as the specific user or context is less important than the exposure of the credential itself.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 34,\n \"label\": \"True Positive\",\n \"secret_value\": \"seg_7mF3bZ8oN6cW0qYdE2pH7rL9sV1pQ4gH\",\n \"reason\": \"The value 'seg_7mF3bZ8oN6cW0qYdE2pH7rL9sV1pQ4gH' is a valid Segment.com write key, confirmed by its distinctive 'seg_' prefix. The body of the value is a 40-character high-entropy string of mixed-case letters and numbers, which is characteristic of a real credential. Although the comment mentions temporary testing, the value is fully formed and has not been redacted or replaced with a placeholder. The variable name 'segmentWriteKey' and its location in the 'Analytics' struct further solidify its purpose as a hardcoded secret. Compromise of this key allows for anonymous data ingestion into a production analytics pipeline.\"\n}\n"}, {"index": 3, "sub_index": 2, "completion": "\n{\n \"line_number\": 38,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o998877.ingest.sentry.io\",\n \"reason\": \"The value is a Sentry Data Source Name (DSN), a credential for sending events to an Sentry project. Its format is a perfect match for the Sentry DSN specification, with the sensitive credential component (`a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5`) hardcoded directly into the username part of the URL before the '@' symbol. The 32-character hexadecimal string has high entropy and perfectly aligns with the expected structure of a real Sentry public DSN. This is not a placeholder or template; it is a complete, functional secret that points to a specific Sentry project, making its leakage a significant security risk.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 17,\n \"label\": \"True Positive\",\n \"secret_value\": \"dckr_pat_b3FpZ9sK1mFj8oN6cW0qYdE2pH7rL\",\n \"reason\": \"The value 'dckr_pat_b3FpZ9sK1mFj8oN6cW0qYdE2pH7rL' is a valid Docker Personal Access Token. The specific prefix 'dckr_pat_' is a strong indicator that the value is a credential for Docker Hub or a similar registry, a fact confirmed by the 'docker login' command on the subsequent line. The main body of the token, 'b3FpZ9sK1mFj8oN6cW0qYdE2pH7rL', exhibits high entropy with its random mix of uppercase letters, lowercase letters, and numbers, a key characteristic of a real, machine-generated secret. This is not a placeholder, but a fully formed, functional credential used for CI/CD authentication.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 32,\n \"label\": \"False Positive\",\n \"secret_value\": \"https://gke.prod-cluster.acme.io\",\n \"reason\": \"The value 'https://gke.prod-cluster.acme.io' is a public endpoint URL, not a secret. It is used for the KUBE_SERVER configuration, which tells a client where to connect to a Kubernetes cluster. This endpoint address is publicly addressable infrastructure information and does not grant any authentication or access. While it specifies a 'production' environment, its value is a hostname which has zero cryptographic entropy and is a predictable component of cluster naming. A Kubernetes token or API key is the actual secret credential associated with this server, not the server's network address. This pattern teaches that public cluster endpoints are configuration data, not credentials.\"\n}\n"}]} +{"id": 26, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 82,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgres://orders_api_user:fJ8#zL@9pQ$wK1!n@db.prod-us-east-1a.internal:5432/orders_production\",\n \"reason\": \"The value is a complete PostgreSQL connection string that contains an embedded password, which is a critical hardcoded secret. The secret component is the password 'fJ8#zL@9pQ$wK1!n', a high-entropy string with a random mix of letters, numbers, and special characters, which is characteristic of a real credential. The password is directly observable within the URL string, making it a significant security vulnerability regardless of it being part of a non-standard class structure. Unlike a placeholder, this is a fully-formed string that appears to be intended for use in a production environment.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 90,\n \"label\": \"True Positive\",\n \"secret_value\": \"sk_live_51KoLx2BkF9zH8jR4aG1uWqSpL3bV7nTcX6yZ0mO8eF4vI9tP2uK5rJgS3hN7cW\",\n \"reason\": \"The secret value 'sk_live_51KoLx2BkF9zH8jR4aG1uWqSpL3bV7nTcX6yZ0mO8eF4vI9tP2uK5rJgS3hN7cW' is a fully-formed Stripe Live Secret API Key. This value is identified with the specific 'sk_live_' prefix, which is a definitive format indicator for this type of credential. The 40-character suffix exhibits high entropy with a random combination of alphanumeric characters, consistent with a real, machine-generated key. Unlike a placeholder, this is a specific value that poses a direct security risk by allowing anyone with access to the code to make charges against the associated Stripe account. The variable name `STRIPE_API_KEY` further confirms the value's function as a sensitive secret.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 27,\n \"label\": \"True Positive\",\n \"secret_value\": \"dckr_pat_uHj7gQ9rT4vL9yK2wF5zX8oN3aB6d\",\n \"reason\": \"The value 'dckr_pat_uHj7gQ9rT4vL9yK2wF5zX8oN3aB6d' is a high-entropy Docker Personal Access Token (PAT). The service-specific prefix 'dckr_pat_' is a definitive indicator, and the following 30-character string is a random sequence of alphanumeric characters consistent with a machine-generated credential. This is not a placeholder or example, as it lacks repeating characters or template syntax like '${...}'. The context of being assigned to a `DOCKER_PASSWORD` environment variable in a workflow file strongly confirms its purpose is to grant access to Docker Hub. hardcoding such a specific token creates a significant security risk, as it could be extracted from version control history.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 28,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/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\",\n \"reason\": \"The provided value is a fully-formed Slack Incoming Webhook URL, which functions as a sensitive credential for posting messages to a channel. Its structure, matching the `https://hooks.slack.com/services///` pattern, is a strong indicator of its secret nature. The unique token part of the path (`jK1lM2nO3pQ4rS5tU6vW7xY8`) exhibits high entropy, which is characteristic of real, machine-generated tokens, and is not a generic placeholder. Hardcoding this URL allows anyone with read access to the workflow file to send messages to a private channel, making it a significant security risk.\"\n}\n"}, {"index": 1, "sub_index": 2, "completion": "\n{\n \"line_number\": 29,\n \"label\": \"True Positive\",\n \"secret_value\": \"apiVersion: v1\\nclusters:\\n- cluster:\\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFVENDQWxrZ0F3SUJBZ0lSQU5QVCtpb0c5djVqdjBBRW1nU1ZGTXN3Q2dZSUtvWkl6ajBFQXdJd0ZqRVUKTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1CNFhEVEl5TURjeU5ERXhNekV5Tkg4WERUSTBNRGd5T0RFeApNekV5TkgwZ096QXhNQzR4SURFYU1CZ0dBMVVFQ2hNU1FXVnpkR2x2Ym5NdlpHbHRZV2RsY2kxbmJHRnBiWE1NCkdBMVVFQXhNRmMyVmpkWEpwZEhrdWFHSnliM1JsZVRBZkJnTlZCQW9NRG5ONWMzUmxiVHBzYjNkbGJEMW5iR0ZwCmJYTTZJRG9nTUdFeEdUQVhCZ05WQkFNTUdFbGtZbDl3WVdkeVpYSnZibWN4TG1Gb2IzVjBkRlJFWlhKemIyNW0KYkdWMFlXNWpaU0JEYjI1MFpYTjBMbU52YlNCb2IzVjBkSFZ5YVdObExtWnBaWEl3SGhjTk1USTFNRGN4TURFNApNak00V2hjTk1UWXhNekF5TURFNU1qTTFXakE5TVI4d0hRWURWUVFLRXhaTmJHOWhaRzFwY3oxbFpHVnBiWE14Ckh6QWRCZ05WQkFNVEszaGhjbVV1WkhKallYUnBiMjV6TG5OdmJXRnpkR1Z5TFc5b2IyNDViMlJsYkhNdWMybHoKY21sMGEyVjBaSFZ5YVdObElFTmhjbVV1WkhKallYUnBiMjV6TFNCcFpHZGhiWEJzWlM1amIyMHdnZ0VpTUEwRwpDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRGZZKzgvS0hWQjh4WnZ0c0V0T0R0aFFpZFFDTnIKZ1R3NU1uWWdZbkYwYnJvM2ZLRllDTkZrb0Q4S0lPZmR0Z2ZHTjhtLyt1NG1rWUVKTE1RblZtVTRnUWl4M3JqZQp2TEx4OGl1VWZuVmxDT0ZkL2VHRXpjaDlMR1l2Z2Q3R0w1bVdCUnF5ZStjM1B5bU84a0d4bWpWbGl5eS9CcwpkK3Z4a3V2b1Mxc2d5TUVlY0ZPM3V6UmsvblZSb2lLR1lJcVNzc1p4eHlBbzVLRHFnL3p4NEl4eCtvTWd3QXoKNnJ4a1ZJdG9vNGhYc2R4c0E0aGFYajJmYVdGckk3b09kVkRucnczZDFLcnZ3dk9wU2xHNGswMVhxY3JGUlMKbjlTOWc4a25xL01BaWdKOWg2b25tNFFEQWdNQkFBR2pnWU13Z1lBd0hRWURWUjBPQkJZRUZEZDBsZTF1c25ICkczT2x2clBqdzF5N0hXSmJNQjhHQTFVZEl3UVlNQmFBRkRkMGxlMXVzbmhHM09sdnJQancxeTdIV0pqTUJnRwpBMVVkSlFRV01CUUdDcUdHU0liM0RRRUJDd1VBT0dDQVFFQXp2dDBoMWNpc2Z0eXQ5dHRtV2hYdEd4NmdFbjcKYjlxY0ZpS042aG5uZmF0a2x4K2t2Wkd4WlVqYnp2VzJtNmp3L3Y0T2k5ZkZ1QWlXdm9LMG1zMEJVRkF0OW9JCllwZ0FpU3UvTzRjMXN0MXJpYnQ5c0J0L2x1VzhCVDFVd0x1UHNlRGNVd1V0eFNMVyt0ek5qZkZQeDFyZEg3bAp1M1V5eE9ScVd5SWY1Nm9zQkErb3VmMERvMXJjU0Z0SWFvRDBHSHhld3A1amN5b25kZ2h5WnJLVllDdlk1TksKU3Uxb0V4VXRlMGRjWnl3a0NqYytlSWgrSndVQU1kRjdLclVRM0pYcWd2WExvY2R1S3F4cFVmZTRlMWF0a3E5CnVvQnNBQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K server: https://1E2D3F4A.sk1.us-west-2.eks.amazonaws.com\\n name: eks-prod-cluster\\ncontexts:\\n- context:\\n cluster: eks-prod-cluster\\n user: eks-prod-user\\n name: eks-prod-context\\ncurrent-context: eks-prod-context\\nkind: Config\\npreferences: {}\\nusers:\\n- name: eks-prod-user\\n user:\\n token: k8s-aws-v1.aHR0cHM6Ly9zdHMuYW1hem9uYXdzLmNvbS8_QWN0aW9uPUdldENhbGxlcklkZW50aXR5JlgxMT1leGVjLmluZm8mWC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BU0lBVklaWDhNTzZYT0o1WE1EMiUyRjIwMjMwNjEzJTJGcnUtY2VudHJhbC0xJTJGc3RzJTJGYXdzNF9yZXF1ZXN0Jlg...\",\n \"reason\": \"The value is a complete Kubernetes configuration (`kubeconfig`) containing an embedded AWS IAM token. This is identified by its `kind: Config` structure and the multiline `KUBE_CONFIG_DATA` parameter. The `token:` field within the `user` section holds a Base64 encoded string (`aHR0cHM6Ly9zdHMuYW1hem9uYXdzLmNvbS8_QWN0aW9uPUdldENhbGxlcklkZW50aXR5J...`), which decodes into a presigned URL. This URL is a short-lived AWS security token that grants broad access to an EKS cluster. The presence of a real certificate-authority-data block and a fully-formed, functional token within a `kubeconfig` file makes this a severe security risk, as it allows the automation system to authenticate and deploy.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 46,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAY3R4WZ76X2P5QJ6M\",\n \"reason\": \"The value 'AKIAY3R4WZ76X2P5QJ6M' is a valid AWS Access Key ID. Its structure, specifically the 'AKIA' prefix, is a definitive identifier for this type of secret. The subsequent 16 alphanumeric characters exhibit high entropy and follow the exact format required by AWS. Although comments suggest a production file, this key is a fully-formed, non-generic credential. Unlike a placeholder such as 'AKIAXXXXXXXXXX', this value is a concrete key that, when paired with its corresponding secret access key, could grant significant access to an AWS environment. This pattern of embedding a real credential in infrastructure-as-code is a common and severe security vulnerability.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 47,\n \"label\": \"True Positive\",\n \"secret_value\": \"pL8hJk/aGvN7YcT2XrU4FzE9mBwD5+qI3oV1sSgK\",\n \"reason\": \"The value 'pL8hJk/aGvN7YcT2XrU4FzE9mBwD5+qI3oV1sSgK' is a valid AWS secret access key. The value is a Base64-encoded string with high entropy, containing a random mix of uppercase letters, lowercase letters, numbers, '/', and '+', which is characteristic of this type of credential. Unlike a placeholder, this is a fully-formed, concrete value that strongly resembles a real key. Its assignment to the `secret_key` parameter within an `aws` provider block in a production Terraform file explicitly confirms its role as an authentication credential. Exposing any credential with this level of entropy is a significant security risk, as it can be used to control AWS resources.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 208,\n \"label\": \"True Positive\",\n \"secret_value\": \"Endpoint=sb://myeventhub-prod.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=jV3zK9bR4sP7xG1fH5vD2uM8qY6wL0aT+AbC=dEfGhI=\",\n \"reason\": \"The value is a complete Azure Service Bus connection string, a highly sensitive credential that provides access to a specific Azure resource. This string is fully formed and contains all required components: an endpoint, a key name (`RootManageSharedAccessKey`), and a high-entropy Shared Access Key (`jV3zK9bR4sP7xG1fH5vD2uM8qY6wL0aT+AbC=dEfGhI=`). The Base64 encoded `SharedAccessKey` exhibits characteristics of a cryptographic secret, including its random mix of alphanumeric characters and special symbols. Unlike placeholders, this is a concrete key that grants administrative privileges, and its hardcoding in source code represents a significant security risk. The comment 'legacy systems' and 'Managed Identity' being 'modern setup' do not invalidate this key, as legacy systems may still be in active production.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 228,\n \"label\": \"True Positive\",\n \"secret_value\": \"SG.aV4gH9rT2pL7.xJ5sK1mF3bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mF3bZ8oN\",\n \"reason\": \"The value 'SG.aV4gH9rT2pL7.xJ5sK1mF3bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mF3bZ8oN' is a fully-formed SendGrid API key. This specific value is not a placeholder because it matches the required service format: the 'SG.' prefix, followed by a Base64-encoded segment, a '.', and a second Base64-encoded segment of sufficient length. The random characters and numbers within its parts exhibit high entropy characteristic of a real, machine-generated credential. While its origin could be test data, it is a complete, functional token that could grant access to an account. The context, where it is assigned to a variable named '_sendGridApiKey' and has an explicit 'API Key' comment, confirms its sensitive nature.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 127,\n \"label\": \"True Positive\",\n \"secret_value\": \"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6sA7g5+fE6tSj\\n4p6t2w3x...\\n... (key data continues) ...\\nfN4r4c0i9v6j5t7r9s1u3v5x7z9A1B3C5E7G9I1K3M5O7Q9S1U3W5Y7Z9a1c3e5g\\n7i9k1m3o5q7s9u1w3y5z7B9D1F3H5J7L9N1P3R5T7V9X1Z3b5d7f9h1j3l5n7p9r\\n...\\n-----END PRIVATE KEY-----\",\n \"reason\": \"The provided value is a complete, multi-line PEM-encoded private key, a highly sensitive credential. It is definitively identified by the standard `-----BEGIN PRIVATE KEY-----` and `-----END PRIVATE KEY-----` headers, which are non-negotiable markers for this secret type. The key data between these headers is Base64-encoded, and while parts are redacted with '...', the pattern and structure perfectly match a cryptographic private key. Unlike a placeholder, which might use generic text like ``, this represents the literal format of a key that could be used for authentication. Hardcoding credentials in this format is a critical vulnerability, regardless of whether the key is for a development or production environment.\"\n}\n"}]} +{"id": 28, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 131,\n \"label\": \"True Positive\",\n \"secret_value\": \"sk_live_51Mv9L2ApC9eG1tZ8cRwXvWqSjU3mBhT5yE6eF2dD4cCnRbAqZgXwVvUuYtRsPaOcB9a8g\",\n \"reason\": \"The value is a fully-formed Stripe live secret key, definitively identified by its `sk_live_` prefix. The alphanumeric string that follows exhibits high entropy and randomness, which are characteristic of a real API key. Although the code comment indicates the key is from a real application, hardcoding live credentials for any environment is a critical security risk. The comment itself acknowledges the unsafety of this pattern but does not provide an example or placeholder; this is a fully-fledged, usable credential. The context of its assignment to the `stripe.Key` global variable for a Stripe-related payment processing service further confirms its sensitive nature.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 61,\n \"label\": \"True Positive\",\n \"secret_value\": \"dckr_pat_f9JkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy\",\n \"reason\": \"The value 'dckr_pat_f9JkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy' is a valid Docker Personal Access Token (PAT). The value's format, starting with the service-specific prefix 'dckr_pat_', is a key identifier for this credential type. The subsequent 40-character string is Base64-URL encoded and exhibits high entropy, matching the known structure of a genuine Docker PAT. The surrounding code provides strong confirmation, as the value is used as the password argument (`-p`) for a `docker login` command, which is the precise purpose of this secret type. This is not a generic placeholder; it is a concrete, syntactically valid credential.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 70,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/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\",\n \"reason\": \"The value 'https://hooks.slack.com/services/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' is a fully-formed Slack Incoming Webhook URL, which serves as a passwordless credential for posting messages. The string's structure perfectly matches the expected format, composed of a known Slack domain, a service ID, a channel ID, and a high-entropy secret token. Unlike a placeholder, the final segment 'rZ8sVn5gYh4wXj2rTq6uL3kG' is 24 random alphanumeric characters, which is characteristic of a real, machine-generated credential, not an example. Exposing this value would allow anyone to send messages to the configured Slack channel, representing a significant security risk by enabling spam or unauthorized notifications.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 90,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAV7S4M3N2O1P6Q5R8\",\n \"reason\": \"The value 'AKIAV7S4M3N2O1P6Q5R8' is a valid AWS Access Key ID, which is sensitive credential material. The value itself is composed of the required 'AKIA' prefix followed by 16 high-entropy alphanumeric characters, perfectly matching AWS's documented format for this credential type. Unlike generic placeholders, this value is specific and lacks any indicators of example or test data. The variable name 'access_key' in a Terraform provider block strongly confirms its function as an authentication token. Hardcoding credentials in source code poses a significant security risk, as it allows anyone with code access to impersonate the account.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 91,\n \"label\": \"True Positive\",\n \"secret_value\": \"uG+hJkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy\",\n \"reason\": \"The value 'uG+hJkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy' is a high-entropy string that perfectly matches the 40-character format of an AWS Secret Access Key (SAK). The string exhibits cryptographic randomness with its mix of uppercase letters, lowercase letters, numbers, and special characters ('+', '/'), lacking any discernible patterns or placeholder indicators like 'xxxx' or ''. This format is definitive of a real credential used for AWS authentication. Hardcoding the SAK directly in Terraform code is a critical security misconfiguration because it allows anyone with read access to the code to impersonate the user or role associated with the key, potentially leading to resource theft or data breaches. The context of the 'secret_key' parameter within an 'aws' provider block confirms this value is an authentication token for AWS.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 214,\n \"label\": \"True Positive\",\n \"secret_value\": \"D#fG8*jK!lM2$n P5\",\n \"reason\": \"The value 'D#fG8*jK!lM2$n P5' is a high-entropy password matching the structure of a real credential. It is a 16-character string composed of random uppercase letters, lowercase letters, numbers, and special symbols (!, *, $, space, #), making it unpredictable and resistant to brute-force attacks. Unlike a placeholder (e.g., 'password123'), this value is specific and appears to be an actual key used for database authentication. The variable name `$db_pass` and its use in a `PDO` connection string directly confirm its purpose as a sensitive authentication secret.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 218,\n \"label\": \"True Positive\",\n \"secret_value\": \"key-c9a8b7d6e5f4a3b2c1d0e9f8a7b6c5d4\",\n \"reason\": \"The value 'key-c9a8b7d6e5f4a3b2c1d0e9f8a7b6c5d4' is a classic Mailgun API key. Its specific format, a fixed 'key-' prefix followed by a 32-character hexadecimal string, is a definitive characteristic of this secret type. The substring following the prefix exhibits high entropy with a random distribution of alphanumeric characters, indicating it is a computationally generated credential rather than a placeholder. Unlike a generic example like 'key-XXXXXXXXXXXXXXXXXXXXXXXX', this is a concrete, fully-formed key. Hardcoding this value is a security risk, as it grants programmatic access to the mailgun.net API for the associated account.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 44,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://b4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9@o1234567.ingest.sentry.io\",\n \"reason\": \"The value is a Sentry Data Source Name (DSN) which embeds a secret key as its hostname. The structure follows the pattern 'https://@', with the high-entropy string 'b4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9' serving as the credential. This is not a placeholder or a generic template; it's a specific, seemingly functional key that could be used to send data to a Sentry project. The hostname's structure, which includes a project ID ('o1234567'), reinforces its validity as a real credential. Although the Sentry UI may mark such keys as test-like, hardcoding them directly into client-side code poses a significant security risk as they can be extracted and misused to overload the Sentry service, leading to service interruptions and potentially exposing data if misconfigured.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 57,\n \"label\": \"True Positive\",\n \"secret_value\": \"pk.eyJ1IjoibXlicmFuZGFwcCIsImEiOiJjbGo3cDFkMGIwNTZvM3FwY3o4cGR5NThjIn0.v9a8d7C6b5a4f3e2d1c0b9a8f7e6d5c4\",\n \"reason\": \"The value is a valid Mapbox Access Token, identified by its correct format 'pk..'. The payload portion, a Base64-encoded JSON string, contains specific, non-generic values for 'username' and 'apiKey', revealing its use for a particular account ('mybrandapp'). This is not a placeholder, which would use generic characters like 'xxx' or simple text. Although intended for client-side use, Mapbox tokens are considered sensitive because they are tied to a developer account and can be abused to generate unauthorized requests, potentially incurring costs or degrading service. The `accessToken` key within the `mapboxConfig` object, along with the high entropy of the signature, confirms its function as a credential.\"\n}\n"}]} +{"id": 29, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 45,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAU4V5M7W3XYZ6B2C4\",\n \"reason\": \"The value 'AKIAU4V5M7W3XYZ6B2C4' is a fully-formed AWS Access Key ID. The 'AKIA' prefix is a specific, well-documented identifier for AWS programmatic credentials, immediately identifying the value's purpose. The subsequent 16-character string, 'U4V5M7W3XYZ6B2C4', exhibits high entropy with its random mix of uppercase letters and digits, confirming it is not a placeholder. Unlike a template value such as 'AKIAXXXXXXXXXXXXXXXX', this is a concrete credential that could be used to authenticate to AWS services. Hardcoding an access key, even one intended for a specific environment, is a critical security risk.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 46,\n \"label\": \"True Positive\",\n \"secret_value\": \"p8m/zGqK+JtL9rU3wY2xVvNcB7hF4jD1sK0oA6bC\",\n \"reason\": \"The value 'p8m/zGqK+JtL9rU3wY2xVvNcB7hF4jD1sK0oA6bC' is a high-entropy, Base64URL encoded string that perfectly matches the format of an AWS Secret Access Key (SAK). The value itself is unpredictable and contains a random distribution of upper and lower case letters, numbers, and special characters ('/' and '+'), which is characteristic of a machine-generated credential. The assignment to a variable named `aws_secret_access_key` provides explicit context confirming this is authentication material. Hardcoding a value of this format is a critical security flaw because it exposes the secret directly in source code, allowing anyone with access to the repository to impersonate the AWS user associated with the key.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 118,\n \"label\": \"True Positive\",\n \"secret_value\": \"dd-api-9871e4a2dff3b3e511d7392110427c3d\",\n \"reason\": \"The value 'dd-api-9871e4a2dff3b3e511d7392110427c3d' is a valid Datadog API key, identified by its unique 'dd-api-' prefix. The remaining 32-character string exhibits high entropy with its random combination of hexadecimal characters, which is consistent with the format of real Datadog credentials. Although the comment on line 117 claims this key is for a 'staging environment setup,' it is a concrete, specific value, not a placeholder like ''. The fact that the key is hardcoded directly in a Terraform configuration, which manages infrastructure, poses a significant security risk as it grants the provider access to a Datadog account, even a non-production one.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 102,\n \"label\": \"True Positive\",\n \"secret_value\": \"sk_live_51Mv9L2FqA8fG1tYpKrZxvWqSjU3mH8sD7gY5bN4c3pL1kM0oJ9iR\",\n \"reason\": \"The value is a Stripe live secret key, definitively identified by its 'sk_live_' prefix. This pattern is a specific and reliable format for Stripe credentials, unlike generic placeholders. The remaining string is 40 characters long and exhibits high entropy with a random mix of alphanumeric characters, confirming it is a machine-generated key, not a template. Although it is a live key, hardcoding secrets into the source code represents a significant security risk as it exposes credentials used in a production environment to anyone with code access. This value matches the exact format and characteristics of a real, high-confidence Stripe live secret.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 105,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgres://billing_svc:aH7#kL$pQ2s!zX9@db-payments.us-east-1.rds.amazonaws.com:5432\",\n \"reason\": \"The value is a complete PostgreSQL connection string that contains an embedded, high-entropy password. The pattern 'scheme://user:password@host:port' is a standard format for transmitting database credentials. The password component 'aH7#kL$pQ2s!zX9' exhibits significant cryptographic complexity with a random mix of uppercase letters, lowercase letters, numbers, and special characters, indicating it is a real, machine-generated secret. Unlike a placeholder, this is a fully formed credential. The hostname points to a specific Amazon RDS instance, which is a sensitive piece of infrastructure information. The presence of the user 'billing_svc' and a specific production database on AWS concrete this as a live credential for a development or staging environment.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 19,\n \"label\": \"True Positive\",\n \"secret_value\": \"dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE\",\n \"reason\": \"The value 'dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE' is a valid Docker Hub Personal Access Token (PAT), identified by its 'dckr_pat_' prefix. The string following the prefix, 'aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE', exhibits high entropy with a random mix of uppercase letters, lowercase letters, and digits. This specific format and high-entropy suffix are definitive characteristics of a real credential, not a placeholder. Hardcoding this token directly into the workflow file is a significant security risk as it allows anyone with access to the code repository to authenticate and push images to the Docker Hub account. While this may be a development or test token, it is still a functional secret and should be managed securely.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 33,\n \"label\": \"True Positive\",\n \"secret_value\": \"-----BEGIN OPENSSH PRIVATE KEY-----\\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\\nsaAAAAAwEAAQAAAYEAulh6rT5hQh2w8e4q9l5z4i6f2r8b7e0d5n3x5q6z7w8b9c0d1e2f\\n3g4h5j6k7l8m9n0b1c2d3e4f5g6h7i8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m\\n8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v\\n3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7\\nz8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\n4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h\\n0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5\\nm6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5\\nz6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d\\n1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h\\n6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l\\n1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b\\n6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x\\n1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s\\n6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g\\n1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k\\n6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n\\n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5\\nc6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z\\n0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4\\nd5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g\\n9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3\\nk4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m\\n8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v\\n3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7\\nz8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4\\nx5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8\\na9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\\nd3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g\\n7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k\\n2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5m\\n6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 11,\n \"label\": \"True Positive\",\n \"secret_value\": \"jdbc:postgresql://prod-db-replica.c9u3x4y5z6a7.us-west-2.rds.amazonaws.com:5432/analytics?user=report_user&password=7G$z#9*kL@qP!\",\n \"reason\": \"This is a complete JDBC connection string containing an embedded password, which is a high-security risk. The value follows the standard `jdbc:protocol://host:port/database?user=...&password=...` format. Most critically, the value assigned to the `password` parameter, '7G$z#9*kL@qP!', is a high-entropy string with a random mix of uppercase letters, lowercase letters, numbers, and special symbols. This structure is characteristic of a real, machine-generated credential, not a placeholder like 'myPassword'. The context, which labels the database 'prod-db-replica' and sets the username as 'report_user', confirms this is a live configuration for a production environment.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 20,\n \"label\": \"True Positive\",\n \"secret_value\": \"SG.aV4gH9rT2pL7xJ5sK1mFw.bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mFw_bZ8oN6cW0qYdE\",\n \"reason\": \"The value 'SG.aV4gH9rT2pL7xJ5sK1mFw.bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mFw_bZ8oN6cW0qYdE' is a SendGrid API Key, which is a high-entropy secret used for authentication. The value's structure is a definitive indicator of a SendGrid key: it consists of three distinct parts separated by periods. The first part 'SG.' explicitly identifies the service. The subsequent two parts are long, high-entropy strings that match the known pattern of a real credential, not a placeholder like 'YOUR_API_KEY'. The context, where the `spring.mail.username` is set to 'apikey', further validates that this value is a live authentication token.\"\n}\n"}]} +{"id": 30, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 86,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgres://reports_svc:3^z&tK9@pL!v$rR@db-reporting.c4zqm9fp1v2a.eu-west-1.rds.amazonaws.com:5432/analytics_prod\",\n \"reason\": \"The value is a full PostgreSQL database connection string containing all the necessary credentials to access a real service. It embeds a username ('reports_svc'), a highly complex password ('3^z&tK9@pL!v$rR'), and a specific AWS RDS endpoint, making it a direct credential leak. The password exhibits high entropy with a mix of uppercase, lowercase, digits, and special characters, which is a strong indicator of a real, generated secret. Although a comment notes 'here for PoC', it is still a functional connection string pointing to a 'prod' database, posing a significant security risk as development examples often mirror production environments.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 90,\n \"label\": \"True Positive\",\n \"secret_value\": \"8f3d1e2a-6c5b-4a99-8d7c-3f9b1e4a2d7f\",\n \"reason\": \"The secret value '8f3d1e2a-6c5b-4a99-8d7c-3f9b1e4a2d7f' is a syntactically valid Universally Unique Identifier (UUID) that conforms to the standard format. The value exhibits high entropy with its random distribution of hexadecimal characters, which is a strong indicator of a credential. It is not a generic placeholder like 'xxxxxxxx-....' or a simple sequence. When used as a 'JWT_SECRET_KEY', a correctly formatted UUID is critical for securely signing and verifying JSON Web Tokens. Although the comment mentions this is a 'PoC', the key is fully formed and represents a realistic security risk, as hardcoded secrets are a common vulnerability regardless of the environment.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 58,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAY3R4WZ76X2P5QJ6M\",\n \"reason\": \"The value 'AKIAY3R4WZ76X2P5QJ6M' is a valid AWS Access Key ID. The value follows the exact format specified by AWS, starting with the 'AKIA' prefix and consisting of a 20-character alphanumeric string. Although it is a public identifier, hardcoding it in source control is a security risk. The combination of a uniquely identifiable prefix and a high-entropy alphanumeric string strongly points to a real credential rather than a generic placeholder like 'AKIAxxxxxxxxxxxx'. When found alongside a `secret_key` in a provider block, this type of key is part of a complete, exploitable authentication pair, confirming it is a sensitive secret.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 59,\n \"label\": \"True Positive\",\n \"secret_value\": \"pL8fG1tY9cRzXvWqSjU3mB2sL4hK7dF0aN5oP1zE\",\n \"reason\": \"The value 'pL8fG1tY9cRzXvWqSjU3mB2sL4hK7dF0aN5oP1zE' is a 40-character high-entropy string which precisely matches the format of an AWS Secret Access Key. The value exhibits significant randomness with a mix of uppercase and lowercase letters, and no repetitive patterns, making it highly characteristic of a real credential. Unlike placeholders which use repetitive characters or templating syntax, this is a concrete, fully-formed value. The context explicitly confirms this, as the value is assigned to the `secret_key` argument for the `provider \\\"aws\\\"` block in a Terraform file. Hardcoding a valid secret key in infrastructure code is a critical security risk, as it grants direct programmatic access to the specified AWS environment.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 134,\n \"label\": \"True Positive\",\n \"secret_value\": \"dckr_pat_7aF9c2eD-5bG8h-4J1k-m3N4o-p6Q7rS8tU9wX\",\n \"reason\": \"The value 'dckr_pat_7aF9c2eD-5bG8h-4J1k-m3N4o-p6Q7rS8tU9wX' is a genuine Docker Hub Personal Access Token (PAT). The value is characterized by its unique prefix 'dckr_pat_', which is a definitive identifier for this type of credential. The 32-character string following the prefix consists of high-entropy mixed-case alphanumeric characters and hyphens, matching the exact format of a real token. Unlike a placeholder, this is a specific, unique credential that provides authentication capabilities. The parameter name `password` within a `docker/login-action` block in a CI/CD pipeline context confirms that this token is intended for authentication.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 146,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/T01A2B3C4D5/B02E1F2G3H4/aBcDeFgHiJkLmNoPqRsTuVwX\",\n \"reason\": \"The value is a Slack Incoming Webhook URL, which functions as an authentication token. The format `https://hooks.slack.com/services///` is a definitive pattern for this credential type. The final path component, 'aBcDeFgHiJkLmNoPqRsTuVwX', exhibits high entropy with a random mix of characters, indicating it is a machine-generated, unique secret, not a placeholder. Exposing a webhook token grants unauthenticated ability to post messages to a specific Slack channel, making this a significant security risk.\"\n}\n"}, {"index": 2, "sub_index": 2, "completion": "\n{\n \"line_number\": 151,\n \"label\": \"False Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/T01A2B3C4D5/B02E1F2G3H4/aBcDeFgHiJkLmNoPqRsTuVwX\",\n \"reason\": \"The value 'https://hooks.slack.com/services/T01A2B3C4D5/B02E1F2G3H4/aBcDeFgHiJkLmNoPqRsTuVwX' is a publicly known default Slack Webhook URL template, not a secret. While the latter portion of the URL, 'aBcDeFgHiJkLmNoPqRsTuVwX', is a 24-character string with high entropy, this pattern is characteristic of the standard structure for slack.com/hooks/ services and is frequently found in examples and default configurations. Documentation and security scanners confirm that these default URLs are insecure and not intended for production use. Unlike a real, specific secret URL which would point to a unique, unguessable endpoint, this is a generic template that can be used by anyone. This pattern teaches that high entropy in the final path segment of a common service hook, such as Slack's, is often a sign of a non-sensitive default configuration.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 236,\n \"label\": \"True Positive\",\n \"secret_value\": \"pk.eyJ1IjoiYm9iYnljb2RlcjkzIiwiYSI6ImNrdjR4cDFnMWhwMzAydnFwZXE1cHp2N3EifQ.mG5Jc4u_A5QfDtCg9C0C3A\",\n \"reason\": \"The value is a valid Mapbox Access Token, identifiable by the 'pk.' prefix which signifies a public client key. The token's structure, consisting of three Base64-encoded parts separated by periods, is a direct match for Mapbox's format specification. While it's a 'public' key, it is still a sensitive credential that authenticates the client making map requests. The first two parts are public identifiers, but the final, high-entropy part provides a cryptographic signature to prevent token misuse. Therefore, hardcoding any validly formatted token, even from a public API, constitutes a security risk.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 241,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://3a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d@o1234567.ingest.sentry.io\",\n \"reason\": \"The value is a Sentry Data Source Name (DSN), which contains a hardcoded secret token embedded directly in the URL structure. The token itself is the high-entropy, 32-character hexadecimal string '3a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d'. This string exhibits cryptographic randomness and is not a placeholder, making it a fully-formed credential. The surrounding 'https://' prefix, '@' symbol, and '@...ingest.sentry.io' suffix are all strong indicators of the DSN format. Even though this value is intended for client-side integration, it still acts as an authentication token that identifies the application within Sentry, and its exposure is a security risk.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 16,\n \"label\": \"True Positive\",\n \"secret_value\": \"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\",\n \"reason\": \"The value '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' is a valid Google OAuth 2.0 Client Secret. The prefix 'GOCSPX-' is a specific, documented identifier for this credential type, providing a strong pattern match. The rest of the string is a high-entropy, random-looking series of alphanumeric characters, which is characteristic of a cryptographically generated key. Unlike a placeholder such as 'YOUR_SECRET_HERE', this is a concrete, fully-formed credential. The context of being assigned to `client-secret` and associated with a Google client ID further confirms its sensitive nature. Hardcoding this type of credential in a production properties file poses a severe security risk as it enables unauthorized access to Google APIs.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 23,\n \"label\": \"True Positive\",\n \"secret_value\": \"f1tY9cRzXvWqSjU3mB2sL4hK7dE0a#Z@p^K\",\n \"reason\": \"The value 'f1tY9cRzXvWqSjU3mB2sL4hK7dE0a#Z@p^K' is a high-entropy password used for Redis authentication. The string exhibits a random combination of mixed-case letters, numbers, and special characters (`#`, `@`, `^`), which is characteristic of a strong, machine-generated credential. Unlike a placeholder, this is a concrete, concrete value that appears to be in a format used for real production services. The combination of high entropy and the explicit context of a `spring.redis.password` property confirms its sensitive nature, making it a severe security risk to have hardcoded in a development or even production configuration.\"\n}\n"}]} +{"id": 31, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 92,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAY3R4WZ76X2P5QJ6M\",\n \"reason\": \"The value 'AKIAY3R4WZ76X2P5QJ6M' is an AWS Access Key ID, definitively identifiable by the 'AKIA' prefix specified by Amazon. The remaining 16 characters are a high-entropy string of mixed uppercase letters and digits, consistent with AWS's credential format. Although this key is a hardcoded literal, it is a fully-formed, specific key and not a generic placeholder. The associated variable name `ACCESS_KEY` and its use in the `boto3.client` call confirm its function is to authenticate with AWS. The absence of any placeholder markers makes this a concrete, exploitable secret.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 93,\n \"label\": \"True Positive\",\n \"secret_value\": \"kG7hF9jD2sL4mP6qR8tV0wX3zY5bA7cE9fI1kN\",\n \"reason\": \"The value 'kG7hF9jD2sL4mP6qR8tV0wX3zY5bA7cE9fI1kN' is a 40-character high-entropy string, which is the exact format for an AWS Secret Access Key. Its composition of randomly selected, mixed-case alphanumeric characters and lack of any discernible pattern strongly indicate that it is a machine-generated credential, not a placeholder. The variable name 'SECRET_KEY' provides direct context, and its use in the `boto3.client` function to authenticate against an AWS service confirms its sensitive nature. Hardcoding such a key is a critical security risk as it grants programmatic access to cloud resources.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 53,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAW6QXOJ2ZL5TG7FAP\",\n \"reason\": \"The value 'AKIAW6QXOJ2ZL5TG7FAP' is a valid AWS Access Key ID. Its structure, beginning with the 'AKIA' prefix, is a definitive indicator of this specific AWS credential format. The subsequent 16 characters are a high-entropy string of alphanumeric characters, which is consistent with a real, machine-generated key rather than a placeholder. Although the context includes Terraform code which is often used for testing or infrastructure as code (IaC), the presence of a syntactically valid credential in a provider configuration block is always a security risk. Test or development environments are often connected to production resources, and an exposed access key, regardless of environment, is a major security vulnerability.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 54,\n \"label\": \"True Positive\",\n \"secret_value\": \"fG9zL2tJ4mH6cR8vB1xS5oE3dY7uW0qA9pI8nZ\",\n \"reason\": \"The value 'fG9zL2tJ4mH6cR8vB1xS5oE3dY7uW0qA9pI8nZ' is a high-entropy, 40-character alphanumeric string, which is the exact format of a real AWS Secret Access Key. The string's cryptographic randomness, indicated by its mix of upper/lower case letters, numbers, and a special character, prevents it from being mistaken for a generic placeholder. Unlike a template like '' or a low-entropy sequence, this is a fully-formed, unpredictable key. The context of being assigned to a Terraform `secret_key` parameter explicitly confirms its sensitive nature, making it a critical security risk.\"\n}\n"}, {"index": 1, "sub_index": 2, "completion": "\n{\n \"line_number\": 74,\n \"label\": \"True Positive\",\n \"secret_value\": \"ae3267d64b63e8a9c2a689b0d64f0b09\",\n \"reason\": \"The value 'ae3267d64b63e8a9c2a689b0d64f0b09' is a 32-character hexadecimal string with high entropy, which is the exact format for a Datadog API key. The random mix of letters and numbers strongly indicates it is a real, machine-generated credential, not a placeholder. Although it appears within a `default` block for a Terraform variable, this is a common pattern for hardcoding development or even production keys for less sensitive environments. The variable name and description explicitly identify its purpose, confirming its status as an API secret. A default value should be a non-functional example; committing a fully-formed key, regardless of its environment context, is a significant security risk.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 123,\n \"label\": \"True Positive\",\n \"secret_value\": \"pk.eyJ1IjoibWFwYWRtaW4iLCJhIjoiY2t1b2Q4c3M2MWY4aTJ2bnZkaXA2b2YzeSJ9.wG8fQzR6v4kXpL7yC9jTqA\",\n \"reason\": \"This value is a valid Mapbox public access token, identified by its 'pk.' prefix. The format consists of three Base64-encoded JSON strings separated by periods, which perfectly matches Mapbox's documentation for temporary client-side tokens. Although intended for client-side use, these tokens still function as authentication credentials and are valuable because they grant access to consume a provider's service (in this case, Mapbox maps). The value's high entropy and random character composition across its three parts confirm it is a generated credential, not a placeholder or template. Hardcoding any valid credential, even a public one, is a security risk as it is linked to a specific account and can be abused to exhaust API quotas.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 127,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://a9f3b8e7d6c54a108f9b9c0e2d1a3c7f@o112233.ingest.sentry.io\",\n \"reason\": \"This value is a fully-formed Sentry Data Source Name (DSN), which is a hardcoded secret credential. The URL pattern is characteristic of a Sentry DSN, including the embedded public key 'a9f3b8e7d6c54a108f9b9c0e2d1a3c7f' and the organization slug 'o112233', directly preceding the ingest endpoint. The public key is an 8-character alphanumeric string with high entropy, which is a specific format for Sentry secrets. Although sometimes found in client-side code, these credentials are sensitive as they allow anyone to send data to the organization's Sentry project, leading to noise and potential abuse.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 43,\n \"label\": \"True Positive\",\n \"secret_value\": \"dckr_pat_yNv7sW3zT6jK8hL2mP5gF0xU4qR9cE1aB\",\n \"reason\": \"The value 'dckr_pat_yNv7sW3zT6jK8hL2mP5gF0xU4qR9cE1aB' is a legitimate Docker Personal Access Token. Its format is specifically identified by the 'dckr_pat_' prefix, which is a recognized service-specific pattern for these credentials. The following string of 28 random alphanumeric characters (including mixed case letters and digits) possesses high entropy and perfectly matches the known structure of a real Docker PAT. Unlike a placeholder or example, this is a unique, concrete value that grants the `corp_deploy_bot` user authentication rights. The context in the YAML file, where it is used as the `password` for the `docker/login-action`, explicitly confirms its role as an authentication secret.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 59,\n \"label\": \"True Positive\",\n \"secret_value\": \"-----BEGIN OPENSSH PRIVATE KEY-----\\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\\nsaAAAAAwEAAQAAAYEAy1A8G8yY2Q0bY8R2fN3eD6rN5bV5oY6zV9nB9zC8rV2aW9nS6qWj\\nY9mF7bM3cM9yV1wR6tY3fO2uP8tJ5gY4oZ1jI9pU7fH4xK9pD8oW7yL6kC4hB3sF2xW1zS9\\npG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9pG+eR5sD0vM6sN1cK8v\\nI4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9pG+eR5sD0vM6sN1cK8vY5htrZ6wF4xK9pD8oW7\\nyL6kC4hB3sF2xW1zS9pG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9\\npG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wQ2xV1sS9pG+eRb3rAwAAAAtkZXB\\nsb3lAYXBwLXNlcnZlcgE=\\n-----END OPENSSH PRIVATE KEY-----\",\n \"reason\": \"The value is a complete, multi-line PEM-formatted OpenSSH private key. This format is definitively identified by the `-----BEGIN OPENSSH PRIVATE KEY-----` and `-----END OPENSSH PRIVATE KEY-----` delimiters. The large body of Base64 characters between the delimiters exhibits the high entropy characteristic of legitimate cryptographic material. Unlike a placeholder or example, this is a fully formed key. The context of being assigned to a variable named `SSH_KEY` in a CI/CD file used for SSH access confirms its purpose as an authentication credential. Hardcoding a private key, even for deployment, is a severe security risk.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 6,\n \"label\": \"True Positive\",\n \"secret_value\": \"Pg#sEcRet!P@sS_9fXz8$t\",\n \"reason\": \"The value 'Pg#sEcRet!P@sS_9fXz8$t' is a legitimate PostgreSQL password. Its structure exhibits high entropy, combining mixed-case dictionary words ('EcRet', 'sEcRet', 'sEc'), punctuation, and random characters ('9fXz8$t'), which is a common pattern for machine-generated credentials. The value is not a placeholder because it contains a specific, non-generic sequence, unlike common examples like 'password123' or ''. This specific, concrete value has the characteristics of a real, actively used credential. Exposing it in a configuration file poses a significant security risk, as it could be used to directly access a production database, as confirmed by its assignment to a `spring.datasource.password` property.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 20,\n \"label\": \"True Positive\",\n \"secret_value\": \"sk_live_51Kx0L2BzT8gG1uY9cFzXvWqSjU3mB2hA4fD6eG8iJ1kM3nO5pR7sT9uV\",\n \"reason\": \"The value 'sk_live_51Kx0L2BzT8gG1uY9cFzXvWqSjU3mB2hA4fD6eG8iJ1kM3nO5pR7sT9uV' is a valid Stripe Live API key, identified definitively by the `sk_live_` prefix. This prefix is specific to Stripe for live mode keys, differentiating them from test or development versions. The value itself is a 40-character high-entropy string with a random mix of alphanumeric characters, consistent with Stripe's key format and indicating it is a generated, operational credential. Exposing a live key in source code is a severe security risk, allowing attackers to process payments on behalf of the application. The context from the comment 'Stripe configuration for payment processing' confirms its sensitive purpose.\"\n}\n"}, {"index": 4, "sub_index": 2, "completion": "\n{\n \"line_number\": 23,\n \"label\": \"True Positive\",\n \"secret_value\": \"ACf4b2e1c9d8a7f6e5d4c3b2a1a0987654\",\n \"reason\": \"The value 'ACf4b2e1c9d8a7f6e5d4c3b2a1a0987654' is a valid Twilio Account SID. This value perfectly matches the documented format for this credential, which is the prefix 'AC' followed by a 32-character hexadecimal string that exhibits high entropy. Unlike placeholders, which use repeated characters or descriptive text, this is a concrete, unique value. The variable name `twilio.account.sid` explicitly identifies the purpose of this secret, and its presence in a production configuration file under an 'EXTERNAL API KEYS' section confirms its sensitivity. Exposing an Account SID can be a significant security risk as it is required for authentication and to retrieve other, more powerful credentials.\"\n}\n"}, {"index": 4, "sub_index": 3, "completion": "\n{\n \"line_number\": 24,\n \"label\": \"True Positive\",\n \"secret_value\": \"a4b3c2d1e0f9a8b7c6d5e4f3a2b1c0d9\",\n \"reason\": \"The value 'a4b3c2d1e0f9a8b7c6d5e4f3a2b1c0d9' is a 32-character hexadecimal string with high entropy, which is the exact format for a Twilio Auth Token. The value itself is unpredictable, lacking any dictionary words, sequences, or placeholders, indicating it is a real, machine-generated credential. This format is a specific and well-documented pattern for authenticating with Twilio services. The context provided by the variable name 'twilio.auth.token' explicitly confirms the value's purpose. Unlike a placeholder, this is a fully-formed credential that grants significant access to a user's account, making its exposure a severe security risk.\"\n}\n"}]} +{"id": 32, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 97,\n \"label\": \"True Positive\",\n \"secret_value\": \"sk_live_51Mv9L2KpF7hG3tZ9cRzXvWqSjU3mB2nFk5vL6xJ7iO1pE9yC\",\n \"reason\": \"The value 'sk_live_51Mv9L2KpF7hG3tZ9cRzXvWqSjU3mB2nFk5vL6xJ7iO1pE9yC' is a legitimate Stripe live API key. The 'sk_live_' prefix is a definitive indicator used by Stripe to identify live credentials, which are used to process real transactions and handle financial data. The subsequent 54-character string is a high-entropy, random mix of alphanumeric characters, which matches the exact format and complexity of real Stripe keys. This is not a placeholder or a generic template, but a fully formed, specific credential that presents a severe financial security risk. The surrounding code context, where the value is directly assigned to `stripe.api_key`, confirms its purpose as live authentication material.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 98,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgres://billing_svc_user:AgH3#kL$pQ2s!bV9@db-payments-prod.c8x4z1b2q3r.us-east-1.rds.amazonaws.com:5432/payments_db\",\n \"reason\": \"The provided value is a complete PostgreSQL connection string containing all necessary components to access a database. It embeds the username (`billing_svc_user`) and the password (`AgH3#kL$pQ2s!bV9`) directly. The password itself exhibits high entropy and cryptographic complexity, using mixed case letters, numbers, and special characters, which is a strong indicator of a real credential. Exposing this string would grant unauthorized database access, and the filename context confirms it is for a production environment. The comment 'This should be in a secure vault, not hardcoded' explicitly identifies the value as a secret.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 34,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIA4Z7P6TQ5RVN3MUEW\",\n \"reason\": \"The value 'AKIA4Z7P6TQ5RVN3MUEW' is an AWS Access Key ID, which is a sensitive credential. The prefix 'AKIA' is a specific, well-known identifier for this type of key, differentiating it from generic string patterns. The 20-character string following the prefix exhibits high entropy, with a random mix of alphanumeric characters, which is characteristic of a machine-generated key. While the value is presented in a CI/CD pipeline, the explicit comment 'This approach is insecure' further confirms its nature as a real credential, not a placeholder. Leaking an Access Key ID is a security risk as it can grant attackers information about the user's AWS environment, even if the Secret Access Key is not immediately exposed.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 35,\n \"label\": \"True Positive\",\n \"secret_value\": \"j9mK0cH7pL6xJ2sV4gH9rT2pL7xJ5sK1mF3bZ8oN\",\n \"reason\": \"The value 'j9mK0cH7pL6xJ2sV4gH9rT2pL7xJ5sK1mF3bZ8oN' is a 41-character high-entropy alphanumeric string, which perfectly matches the specific format of an AWS Access Key Secret. The value itself is random and unpredictable, exhibiting no placeholder patterns like repeated characters or sequential numbers. Unlike examples, this is a concrete, specific credential string that is being used in an `aws configure` command. The variable name `aws_secret_access_key` in the command directly identifies its sensitive nature. Even though a comment flags the configuration as insecure, the credential itself is real and poses a significant security risk, as it is hardcoded in a publicly accessible pipeline file.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 39,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://b4d29ca2b98e4a9e8b7c0f1e8e2b8f75@o450550.ingest.sentry.io\",\n \"reason\": \"The value 'https://b4d29ca2b98e4a9e8b7c0f1e8e2b8f75@o450550.ingest.sentry.io' is a Sentry Data Source Name (DSN), which is a high-entropy string credential. The portion 'b4d29ca2b98e4a9e8b7c0f1e8e2b8f75' is the secret key, which appears to be a real credential with cryptographic randomness. Embedding this key directly within the URL makes the Sentry project susceptible to abuse, as it provides unauthenticated write access to the project's data. The use of the Sentry domain '.ingest.sentry.io' confirms the value's specific function as a secret. Unlike a placeholder, this is a complete, format-valid credential that leaks sensitive project information and access.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 127,\n \"label\": \"True Positive\",\n \"secret_value\": \"d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9\",\n \"reason\": \"The value 'd4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9' is a 32-character hexadecimal string, matching the exact format of a Twilio Auth Token. This value exhibits high entropy with a random distribution of numbers and letters, which is characteristic of a real credential. Although it lacks prefixes, its specific length and format are strong indicators of a Twilio token. Unlike generic placeholders (e.g., 'xxxx...'), this is a fully-formed, non-repeating string that appears to be a real credential. The context of being assigned to `twilioAuthToken` within a `const` block further confirms its role as sensitive authentication material.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 130,\n \"label\": \"True Positive\",\n \"secret_value\": \"p$qR5tU6vW7x!z#A\",\n \"reason\": \"The value 'p$qR5tU6vW7x!z#A' is a high-entropy password. It exhibits strong cryptographic randomness, containing a mixture of uppercase letters, lowercase letters, numbers, and special characters without any discernible patterns or sequences. This combination of character types and its unpredictable nature are defining characteristics of a real, machine-generated password. The variable name 'redisPassword' explicitly confirms its purpose as a secret authentication credential for a Redis database. Exposing such a password, even from a test environment, creates a significant security risk as it grants unauthorized access to potentially valuable data.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 16,\n \"label\": \"True Positive\",\n \"secret_value\": \"Gv6mU_c7p-q9sR2wX4yZ0aB1dE3fG5hI7jK9lM8n\",\n \"reason\": \"The value 'Gv6mU_c7p-q9sR2wX4yZ0aB1dE3fG5hI7jK9lM8n' is a high-entropy string that matches the format and character set of a Cloudflare API Token. The 40-character value contains a random mix of alphanumeric characters and special symbols ('_', '-') with no discernible patterns, indicating it's a unique, machine-generated credential. This value is concrete and fully formed, lacking any characteristics of a placeholder like repeated characters or template syntax. The context of the Terraform file confirms this, as the value is assigned to the `api_token` parameter for the Cloudflare provider. Hardcoding a credential with this level of entropy and format is a significant security risk, as it could grant access to manage the entire Cloudflare account.\"\n}\n"}]} +{"id": 33, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 97,\n \"label\": \"True Positive\",\n \"secret_value\": \"ACd4f8b0e7c6a5e4d3f2c1b0a9e8d7c6b5\",\n \"reason\": \"The value 'ACd4f8b0e7c6a5e4d3f2c1b0a9e8d7c6b5' is a valid Twilio Account SID, identified by the 'AC' prefix. This prefix is a specific and reliable pattern for this type of credential. The subsequent 32-character hexadecimal string exhibits high entropy and matches the precise format of a real SID. Unlike a placeholder, which might use repeating characters like 'x' or sequential numbers, this is a fully-formed, concrete value. The variable name `TWILIO_ACCOUNT_SID` and its use in initializing the `twilio.rest.Client` confirm its role as an authentication token. Exposing a real Account SID is a security risk as it grants access to the user's Twilio account, allowing them to make unauthorized API calls.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 98,\n \"label\": \"True Positive\",\n \"secret_value\": \"5a9f3e1b7d5c8e2a1b9f4d6c7e8b9a0c\",\n \"reason\": \"The value '5a9f3e1b7d5c8e2a1b9f4d6c7e8b9a0c' is a valid Twilio Auth Token, identifiable by its 32-character hexadecimal format with high entropy. This pattern precisely matches the official specification for Twilio tokens. The value exhibits a random distribution of characters, lacking any patterns like sequences or repetition that would suggest it is a placeholder. Although the code includes a warning, the value is fully formed and appears to be a real credential. A real developer could easily make the mistake of hardcoding a recently generated token, which could be misused for sending spam or unauthorized messages, making this a genuine security risk.\"\n}\n"}, {"index": 0, "sub_index": 2, "completion": "\n{\n \"line_number\": 99,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgres://notifications_svc:3rD#kS8@pGqW7!z@pg-prod-cluster-1.rds.amazonaws.com:5432/notificationsdb\",\n \"reason\": \"This value is a complete, hardcoded PostgreSQL database connection string containing embedded credentials. The URL structure follows the `protocol://username:password@host:port/database` format, which directly exposes both the username ('notifications_svc') and the password ('3rD#kS8@pGqW7!z'). The password component itself is a high-entropy string with a mix of uppercase letters, lowercase letters, numbers, and special characters, strongly indicating it is a real credential. Unlike a template or placeholder, this is a fully formed, exploitable connection string. Exposing this specific credential allows anyone with code access to potentially authenticate and compromise the development database.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 28,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAUZY47P56V3IWQEXN\",\n \"reason\": \"The value 'AKIAUZY47P56V3IWQEXN' is a valid AWS Access Key ID, identified with high confidence by its 'AKIA' prefix and 20-character format. This value exhibits strong cryptographic randomness, as it is a 16-character string of mixed-case alphanumeric characters that does not follow any predictable pattern. Unlike generic placeholders or template variables, this is a fully-formed key that is specific and unique to a user or role. The associated variable name `access_key` within a Terraform `provider \\\"aws\\\"` block provides explicit context confirming that this is a credential used for authentication with AWS.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 29,\n \"label\": \"True Positive\",\n \"secret_value\": \"pL8vGkZuJ4mR9sB7dF1aH6cE5kL0xV+yW9iO3nQz\",\n \"reason\": \"The value 'pL8vGkZuJ4mR9sB7dF1aH6cE5kL0xV+yW9iO3nQz' is a high-entropy string characteristic of a real AWS Secret Access Key. It is a 40-character alphanumeric string with a random mix of uppercase and lowercase letters, numbers, and a '+' symbol, which aligns perfectly with the format of this specific credential type. Unlike a placeholder, this is a concrete, fully-formed value with no repeated characters or simple patterns, indicating it is a genuine secret. The assignment to the 'secret_key' parameter in an AWS provider block provides definitive contextual evidence, as hardcoding a real key is a critical security anti-pattern.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 117,\n \"label\": \"True Positive\",\n \"secret_value\": \"pk.eyJ1IjoiZGF0YXZpc3VhbGl6ZXIiLCJhIjoiY2xwYTk3enRjMGJ3ZDJrcW83Z3g4bHFvMyJ9.XFp9o_k9Y0jZ7lEtUa8wWg\",\n \"reason\": \"The value 'pk.eyJ1IjoiZGF0YXZpc3VhbGl6ZXIiLCJhIjoiY2xwYTk3enRjMGJ3ZDJrcW83Z3g4bHFvMyJ9.XFp9o_k9Y0jZ7lEtUa8wWg' is a complete, non-placeholder Mapbox Access Token. Its structure, a public key prefixed with 'pk.' followed by two Base64-encoded strings, perfectly matches the format specified by Mapbox. The two encoded parts represent the token's origin and its actual cryptographic key, respectively, exhibiting high entropy. This is not a generic example, as it contains a specific, non-obvious username 'datavisualization' and a long, random string for the key. Hardcoding a fully-formed, unique token like this is a common but significant security risk, as it can be scraped from client-side code and abused to generate API requests.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 128,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://3a1b5c4d6e8f7g9a0b1c2d3e4f5a6b7c@o123456.ingest.sentry.io\",\n \"reason\": \"The value is a complete Sentry DSN (Data Source Name), which functions as a credential to authenticate an application with a Sentry error reporting project. The structure is characteristic of an Sentry DSN, with the secret key `3a1b5c4d6e8f7g9a0b1c2d3e4f5a6b7c` embedded within a URL before the '@' symbol. This key is a 32-character hexadecimal string that exhibits high entropy and appears to be a randomly generated token, distinguishing it from a placeholder. Hardcoding DSNs is a significant security risk, as any developer with access to the codebase can send arbitrary data to the Sentry account, disrupting monitoring and potentially leading to abuse.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 39,\n \"label\": \"True Positive\",\n \"secret_value\": \"dckr_pat_aJkLpM5oN8qH7wG4sF2dR1tY9cZ\",\n \"reason\": \"The secret value 'dckr_pat_aJkLpM5oN8qH7wG4sF2dR1tY9cZ' is a valid Docker Personal Access Token (PAT). The value's prefix 'dckr_pat_' is a definitive format indicator for Docker Hub tokens, and the following 28-character alphanumeric string exhibits the high entropy expected of a real credential. This token is a specific, functional key, not a generic placeholder like 'dckr_pat_xxxxxxxxxxxxxxxxxxxxxxx'. The surrounding code, which is a GitHub Actions workflow file, confirms this is an authentication token intended for a 'Login to Docker Hub' step. Exposing credentials directly in CI/CD files is a common security risk.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 53,\n \"label\": \"True Positive\",\n \"secret_value\": \"-----BEGIN OPENSSH PRIVATE KEY-----\\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\\nc2ggAAAAAwEAAQAAAYEAuc/d5v6hT+dOK4aCZyGevp5A+vM2M1m7/s3qH8nC8L5a7G9b0P2t\\nY6rW1dG7w8Z5Z0u3e6V7h9F8j4k2aG6b8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u7\\nv8w9x+y/z0A1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c9d0\\ne1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u7v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0k1l2m\\n3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u\\n7v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c\\n9d0e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u7v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0\\nk1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3\\n3L519k9jP/eN72bK26gE/P5z7b31fB9W3oY5U44/r2g/F69rO8gL68oP7y1Y27K4b2t\\ny0WkRBYqO63a+u5a9VpX7O9jIys9Xf60E+nZ3wG+qJbYf9m6Yj84y6e+G+e7bM2gXp\\nESb1/d9V9Y6p94/u3QW6N59o5mEox+s574Y6Ff1i8p1iI/Kz7K6x8h0sYfEaW+v/fR\\nq2eBvIe25/P/aTfK3K0C5wJ7b8j7K8r6C5oD1bZ/E80H84Z/kP+1/Jg3kO7bK7YvS4\\nT9w5Vv03LhXU+kUfD8C29gJ1z/47wE/M6J/oY/8v5M6i/c1rU1Z7l8a0J/O+fG2tT1t\\n/nK0Z/0E19o7h84U9KqU7C+bO6Fk8L61q9Uf+Xv9jT1g1rY9cZcI4FzC4v09y/2F7\\ncS+Xp09gq6T//5dI24vD8KjJ5Z/J6Uv7ZcI53Hh19L2/0g812c+124jS6Xw/vT1iUv\\nh56QzHq2R083j5q+nFzM/j1/I7C950i8N8qH6+7h7644f9r00TjK62V0U4f54fQ5r5i\\ni8s07BwUj6U5Vw9tX7r4WnQ6UvU2V8d50/TjK4r+bQY339q3V94s3u3Wd3cR3p3L\\nXq1zN+e77T4P8g7zW1M3+iN6J+c/r2+pT6ZqgT55gT2O0k0o31281V6XW58E+j5k8\\n/2J73j0N4/D+3Q6y90/h2p8i1/XF9L63L8+Q7u0/27d7Fq/z0Y3z8ZJ8KkLd7U5p1w\\no6Z7H/b1xT6xV+L8hM0D42r/07y7g0H5v831XbVb2/vC0z1nL3mH89sX6Z3/9Z1U2\\nXo80F68o/9k52N3U7PzZ1q00w+nZ266H63iR/rC87N7F8N8E/4J6w4T338CqfT+31j\\nzq2fD/E/f2U+1U72v/Y7zQ4qF15jTz9oJ6d6P/4uU29vD8z369eR09vD6j24jS6\\nxrX4h92k412h4m9f3w7rT0pD/5h6l5x3WzM86b3i/P99aP/51n3xZ2h4k5i6j7l\\nzc492x3h4g/5y8z5i6m40e/p8+i01/L8J86Qy6/Jj4rC9vD7x84D62a0/zZ+q3V\\n38N6t3S/l8J30/a9L/Z/d8r2l9jO26Q/jG0z1P9b6W/y2b6x99P0aUqG+3q3sQ6\\nrZqZ9MhL+lYxW5630r9o1b2o/F2w5q/T/h9Y4tB6e9r90hT2787m6134LhXUr\\nE10g/cO1q2vM2v0g3zH7f8N7Z9s+3fC0N1w6jJ4Z/X5kE/r2zQ7+t7W1tP7c/2s\\ni7s7U4Z8U+n37XmY7iE7n+t9051J67b8j/84630c3z/3h9J8t49d3/7kX0z126/I\\nvb2l/mD9c8s+r6mY9E+7Z837kHj/C5Y/0Y4kK0V4/Q7v27X7V/3Z3J8PjH8qV\\n49lJ7t3Y7y7z7sU69H7M3p7E/vK7J13U22uQ9Yq32+Zp1Pj62Y7Y5o01m7/tK\\nd9R65rM1u1yO7D8k/8lQ0B1vB73l/h8k4j5q+nFzM/j3/D976X1iJ9f9Y8/1Y5\\nbhNfA8q0lC+kQfA+k5o4zH6b9KqU7L/q3T3j18tM/wB1L6k6Q2i/KjY3J7j\\nZ3q2S0lB2tJ0r3h3Z3uE/U22j/662hF/U8T8u/00Q3/5Vb04WJmY74Z4K2J\\nK0b8H0P7d77b+V97R8uY8Zp0q6+Zp7E0H9H99Qd6r/u3Q3b8gC1M3bXF90p\\nj+U9Qn02X+p4tF8W8Nn/J9F17c4W7T91sPzJ4/l8c+23d/y75T95i/U\\nvw515e025gL7Q/4Vl0hU7q2Q2Q8m26/w/0y7xV7z8PjQ9Z33XwM4V/q2/h\\nT8v12s+3zP2Zl5i31hE7a5+L0T/1f23U/lP9P0g1fP2M3q/K3bN8Z24b\\n141lU7k4n4+p2zX1KxV97F/nZ24eI31v/86W0z13P1l328v1n8iC27x3h5\\nn6K7o+29H2r4y0h13/p4l0qZ8Q/k5+1gN+85jJ402j0w1a8gN7dZ8tP+2v\\nO+zM564m6O8tqB+h57X77Z621w7V/7+t0o86q/2wY7L3x/72b6tQpB1mC8\\ni2Hq2u6L/36zUo4M0bX7/D/kU/iK/fX5J5vN1273s1h59H7L4T3s8h0\\nK6/I66q1p2n7p5nQ6Z2o5o0Fj03nK1t9Q1fP2sD/u32R02F71L3iM694X\\ns+k832J7k03Y0B6b/H5L+a8/p9vD7fF5+42x8p6tM341lXgW5Y6h+gq\\n/0j4qT0U9rQp562n5X0yM53E+r520vV36/H5N6Q2m4L+x89p2mZ9g\\ntM4x+tC/c253/6qU0+W+k4Z9QxG75f2H+53f5kM6qH5lJ8P4+qK8\\nP26m+t/xW15v3+6S040mK659N5u5r2T+T/626N2rU89o3n8H7d7\\nzjUaT3iK4b3HwT+7pW+k5p1a5wzQ5V/2gD7J5p2427X9c+3L4h+w\\nsN7v2J4i42k5Q4o9p8zY049sV+x/e4h7L1w2Q7WJt/5J6y6Q7\\nX68hTfXN9X/mS3o/bS/3+k51/fUqW/w7/D8F130q16N4M/zC0+\\nzV46rO9v1n04108w421/8l/vWfD8147J1+e2k5i7y7oN0lI41\\nCqW5U1b1tV5eX33k74P4g3J9gQ81yM0y0s7y4h1p0V+c8w3K5\\nz5pC2K+6F4/zJm/V6W8L9Q8YJvI+j8p812g3/1o124s5Z42k\\n16+oJ6p2H9p9a4h82m5cM23/D7C11vK/91U15/k64O3M6o8\\nD/f6F9W/M+u98A9P/P7K3Q0j01mC/43+K9k5i7y7oN2k\\nh4jW1W5b3k+yHkFwUo0a4X7P/4M6gL7L5t6nJ53n4mY\\n5k24X2Z0+E7Vq5fNq35J7PZ0dJ0r8v7a9Z850/O33TjI0\\nvn3yV89F/Bw/kK1e/B7i/V032327768i7e31fL1pUv7s\\n6rN16g664u/Z5U05L3p25iF7+92Jt9rV/8M8m6m8d+P\\n7bIe3l33j+1jF0C63Xf55a+B2J/9x3M4V5J/V926\\nF3Z4K4qZ747qFh31d7iVvX0+pS2V0Z6l8l5y0wJ1/m0\\nT5y13Bw6O/jD10V8XwM7K7I+j44O/c8aJ+X+x42c=\\n-----END OPENSSH PRIVATE KEY-----\",\n \"reason\": \"The secret value is a complete OpenSSH Private Key presented in standard PEM format, identified by the '-----BEGIN OPENSSH PRIVATE KEY-----' header and '-----END OPENSSH PRIVATE KEY-----' footer. The large, multiline block of Base64 encoded text between these markers exhibits high entropy and conforms to the expected structure for cryptographic keys. Unlike a placeholder, this is a fully-formed credential. It's highly improbable this represents test data, as real key generation tools produce this format, and hardcoding it exposes it to anyone with source code access. This is a critical security vulnerability, as the key grants direct access for operations like SSHing into servers.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 7,\n \"label\": \"False Positive\",\n \"secret_value\": \"jdbc:mysql://prod-db-master.cw7fkl2g3h9e.us-west-2.rds.amazonaws.com:3306/webappdb?autoReconnect=true&useSSL=false\",\n \"reason\": \"The value is a JDBC connection string, which specifies an endpoint for a database service. While connection strings can sometimes contain credentials, this specific value contains no embedded username or password; it only includes the hostname, port, and database name. The hostname itself, with the '.rds.amazonaws.com' and '.us-west-2' domains, is an indicator of a public-facing AWS RDS database endpoint, which is not a sensitive secret by itself. The key pattern is that connection strings are only secrets when they contain sensitive authentication material like a hardcoded password or token; this value lacks that critical component.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 9,\n \"label\": \"True Positive\",\n \"secret_value\": \"dJ^8g$Pq5#sT@9!rW&zK\",\n \"reason\": \"The value 'dJ^8g$Pq5#sT@9!rW&zK' is a high-entropy, 20-character string containing a random mix of alphanumeric characters and special symbols, consistent with a strong, generated password. This is a fully-formed credential, not a placeholder like 'Pa$$w0rd' or a template variable. It exhibits cryptographic randomness and lacks any repetitive or predictable patterns. The context within the `application.properties` file confirms its purpose, as it's assigned to the `spring.datasource.password` property. Hardcoding passwords, even for development or test environments as the header might imply, is a severe security risk as it leaks active credentials and knowledge of the database structure.\"\n}\n"}, {"index": 4, "sub_index": 2, "completion": "\n{\n \"line_number\": 19,\n \"label\": \"True Positive\",\n \"secret_value\": \"fG4hJ7kL9mN2pQ5rS8uVzX3zA6bC9dE1\",\n \"reason\": \"The value 'fG4hJ7kL9mN2pQ5rS8uVzX3zA6bC9dE1' is a high-entropy string that precisely matches the format of a Redis password token, which typically consists of a random mix of alphanumeric characters. The value is 32 characters long and exhibits a high degree of randomness with no discernible patterns, indicating it's a generated credential, not a placeholder. Unlike generic examples like 'YOUR_PASSWORD' or repeated characters, this is a specific, concrete value. The context confirms its sensitivity, as the line is `spring.redis.password` in a production configuration file. Hardcoding a credential like this is a significant security risk, as anyone with access to the code could potentially access the Redis cache.\"\n}\n"}, {"index": 4, "sub_index": 3, "completion": "\n{\n \"line_number\": 26,\n \"label\": \"True Positive\",\n \"secret_value\": \"SG.kE9yT8RzQ5aW7oP3iL1uVw.bF6gH2sC4jK8mN5pS9uX1yZ3_vE7wA8qD0rO\",\n \"reason\": \"The value 'SG.kE9yT8RzQ5aW7oP3iL1uVw.bF6gH2sC4jK8mN5pS9uX1yZ3_vE7wA8qD0rO' is a valid SendGrid API key. The 'SG.' prefix is the definitive, specific identifier for this service. The value consists of three distinct segments separated by dots, each containing a high-entropy string of alphanumeric characters, which perfectly matches SendGrid's format. The use of underscores and varied character cases ('zX3zA6bC9') signifies cryptographic randomness, not a placeholder. Unlike a generic template like 'SG.xxxx.yyyy', this is a fully-formed credential. The context, with the variable name `sendgrid.api.key`, and the 'Production' environment comment, strongly confirms its sensitive nature.\"\n}\n"}]} +{"id": 34, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 86,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://8f3a3a9a2c1b4e3e8f9a9a3b1a2c3d4e@o123456.ingest.sentry.io\",\n \"reason\": \"This value is a Sentry Data Source Name (DSN), which is an authentication token. The structure 'https://@' explicitly confirms this, with the 32-character, high-entropy hexadecimal string '8f3a3a9a2c1b4e3e8f9a9a3b1a2c3d4e' serving as the secret key. Exposing this value allows anyone to send false error reports to the configured Sentry project, which constitutes a security vulnerability. Unlike a placeholder that would use repeated characters or descriptive text, this is a fully-formed credential with high cryptographic randomness. The surrounding code confirms its use for a public-facing Sentry integration, making it critical to protect.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 94,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgres://reports_user:F#9kL$pQ2s!jW@db-reports.prod.internal:5432\",\n \"reason\": \"The provided value is a complete PostgreSQL database connection string that embeds sensitive authentication credentials. The credential pair `reports_user:` is a legitimate, high-entropy string containing mixed-case letters, numbers, and special characters, which is a strong indicator of a real password. This value is not a generic placeholder but a specific, complex credential assigned to the `DATABASE_URL` variable. The presence of the 'postgres' scheme, 'user:password' format, the hostname 'db-reports.prod', and a specific port number confirm this is a functional connection string for a production database.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 58,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIA4WM7G3QZL5PJU7YF\",\n \"reason\": \"The value 'AKIA4WM7G3QZL5PJU7YF' is a legitimate AWS Access Key ID. Its prefix 'AKIA' is a service-specific indicator used by Amazon for these types of credentials. The 20-character string consists of a mix of high-entropy alphanumeric characters, which is a defining feature of real AWS keys. Unlike placeholders such as 'AKIAXXXXXXXXXX', this is a concrete value that follows the precise format specified by AWS. Hardcoding an Access Key ID is a critical security risk, as it allows anyone to identify the compromised account, and can be paired with a secret access key to perform unauthorized actions within the AWS environment.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 59,\n \"label\": \"True Positive\",\n \"secret_value\": \"s3K9jLp7XqR4sVwYyB1zD3fG5hJ8kM0nO2pQ4rS7\",\n \"reason\": \"The value 's3K9jLp7XqR4sVwYyB1zD3fG5hJ8kM0nO2pQ4rS7' is a high-entropy string that perfectly matches the format of an AWS secret access key, specifically the format used before the AWS credential service was introduced. Its 40-character length and its random mix of alphanumeric characters are strong indicators of a machine-generated key. The line context, where it's explicitly assigned to `aws_secret_access_key` via `aws configure`, confirms its purpose as a highly sensitive credential. Unlike a placeholder, this is a fully-formed, concrete value. Exposing this type of secret in a workflow file grants anyone with access to the repository the ability to make AWS API calls, presenting a significant security risk.\"\n}\n"}, {"index": 1, "sub_index": 2, "completion": "\n{\n \"line_number\": 77,\n \"label\": \"True Positive\",\n \"secret_value\": \"s3K9jLp7XqR4sVwYyB1zD3fG5hJ8kM0nO2pQ4rS7\",\n \"reason\": \"The value 's3K9jLp7XqR4sVwYyB1zD3fG5hJ8kM0nO2pQ4rS7' is a valid AWS secret access key, identified by its service prefix. While the prefix 's3K' is unusual for a standard AWS key (which typically starts with 'AKIA' or 'ASIA'), the suffix 'K9jLp7XqR4sVwYyB1zD3fG5hJ8kM0nO2pQ4rS7' is a 20-character high-entropy string that precisely matches the known format for this credential type. This is not a generic placeholder; it's a concrete, fully-formed value. The context confirms its sensitivity, as the `aws configure set` command on line 59 assigns it to the 'aws_secret_access_key' configuration parameter. Hardcoding this key directly into a CI/CD workflow, as shown here, is a critical security flaw that allows anyone with access to the repository to impersonate AWS credentials.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 29,\n \"label\": \"True Positive\",\n \"secret_value\": \"sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7nD5oP6tF4gH3iJ2kL1mN0oPqRsTuVwWzXyZ\",\n \"reason\": \"The value is a valid Stripe live secret key, clearly identified by the 'sk_live_' prefix. The 51-character alphanumeric string following the prefix has high entropy, consistent with Stripe's key format, and lacks any placeholder characteristics. The comment '// Live key for production' explicitly confirms the value's purpose. Hardcoding a live key for any service is a significant security risk, as it allows direct access to production resources. Unlike a template or test key, which would be composed of generic characters or be of insufficient length, this is a fully-formed, specific credential.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 125,\n \"label\": \"True Positive\",\n \"secret_value\": \"-----BEGIN PRIVATE KEY-----\\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6lRjV7pX+Z8bA\\ndhQ6Y8y1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkKlMnOpQrStUvWxYzAbCdEf\\ngH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEf1yqj9e2N6w8k3\\nJ4a3B2c1d5e6f7g8h9iAjJkK2qj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK/wEA\\nAQKCAQEAy1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkKlMnOpQrStUvWxYzAbC\\ndEfH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQr\\nStUvWxYzAbCdEf1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK2qj9e2N6w8k3\\nJ4a3B2c1d5e6f7g8h9iAjJkKf7g8h9iAjJkK2qj9e2N6w8k3J4a3B2c1d5e6f7g8\\nh9iAjJkK/wEAAoIBAQC6lRjV7pX+Z8bAdhQ6Y8y1yqj9e2N6w8k3J4a3B2c1d5e6\\nf7g8h9iAjJkKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEfH2jKlM\\nnOpQrStUvWxYzAbCdEf1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK2qj9e2N6\\nw8k3J4a3B2c1d5e6f7g8h9iAjJkK/w==\\n-----END PRIVATE KEY-----\",\n \"reason\": \"This value is a complete Google Cloud Platform (GCP) private key, definitively identified by the standard '-----BEGIN PRIVATE KEY-----' and '-----END PRIVATE KEY-----' markers. The Base64 encoded body between these markers represents high-entropy, cryptographic material characteristic of a real credential, not a placeholder. Even if this key is for a test environment, as the 'gcp-project-analytics-prod' name might suggest, its exposure is a significant security risk. Such keys can be misused to access, modify, or delete cloud resources, and their compromise can lead to data loss or system disruption.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 209,\n \"label\": \"True Positive\",\n \"secret_value\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlQGFwaS5jb20iLCJhdWQiOiJtb2JpbGUiLCJleHAiOjE3MzU2ODk2MDB9.i8XyC2FpHj9nK5VzJ7wR8bO4L6eG0pN9sT1vA3D2ZqY\",\n \"reason\": \"The value is a fully-formed, 3-part JWT, which is a common authentication token. Its structure, with base64-encoded segments separated by periods, is a definitive pattern for JWTs. Unlike placeholders, this value exhibits high entropy and appears to be a real, functional token with a service-related subject and expiration timestamp. The variable name `authToken` and its use in the `Authorization` header provide strong contextual evidence that this is a hardcoded credential. Even if intended for testing, a complete, non-generic credential like this represents a significant security risk, as it could be active in a lower environment and is often more valid than default test tokens.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 217,\n \"label\": \"True Positive\",\n \"secret_value\": \"prod_a1b2c3d4e5f678901234567890abcdef12\",\n \"reason\": \"The value 'prod_a1b2c3d4e5f678901234567890abcdef12' is a production API key with a recognizable format. The `prod_` prefix explicitly identifies it as a credential for a production environment, a sensitive context. The subsequent alphanumeric string 'a1b2c3d4e5f678901234567890abcdef12' is a high-entropy, pseudo-random string that perfectly matches patterns for real keys. Although the second half of the key is a simple hexadecimal sequence, the context of the `X-API-KEY` header and the `prod_` prefix confirm its sensitive nature. This value represents a significant security risk, as it allows anyone with access to the codebase to authenticate against the 'thirdparty.com' API.\"\n}\n"}, {"index": 4, "sub_index": 2, "completion": "\n{\n \"line_number\": 234,\n \"label\": \"True Positive\",\n \"secret_value\": \"prod_a1b2c3d4e5f678901234567890abcdef12\",\n \"reason\": \"The value 'prod_a1b2c3d4e5f678901234567890abcdef12' is a valid production API key. The prefix 'prod_' is a strong contextual indicator that the key is active in a production environment, distinguishing it from development or test keys. The main body of the key is a 32-character hexadecimal string, which exhibits high entropy and follows the specific format for many third-party API keys, including some for Google Cloud or Stripe. This is not a placeholder or template; it's a concrete, high-entropy value. Hardcoding a key with a 'prod_' prefix poses a significant risk because it is functional and could grant unauthorized access to sensitive services.\"\n}\n"}]} +{"id": 35, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 105,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgresql://warehouse_svc:vF9@p#Z&rT7s!q@db-prod-_eu-west-1.rds.amazonaws.com:5432/analytics_data_prod\",\n \"reason\": \"The provided value is a complete PostgreSQL connection string that explicitly contains embedded credentials, which is a major security anti-pattern. The value follows the standard `postgresql://user:password@host:port/database` format, where the password `vF9@p#Z&rT7s!q` is a high-entropy string with mixed-case letters, numbers, and special characters. This is a concrete, realistic credential, not a placeholder, as it uses a complex, unpredictable character set. Hardcoding a connection string with an exposed password allows unauthorized access to sensitive database systems, like the `db-prod` RDS instance mentioned. The context of a `ProductionConfig` class further confirms the value's sensitivity.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 113,\n \"label\": \"True Positive\",\n \"secret_value\": \"sk_live_51Kk0L2ApB8fG1tY9lEwJbNc5ZgHqR6vY7kO4sT3uF1gA2iXvMn9cRzXvWqSjU3mB\",\n \"reason\": \"The value 'sk_live_51Kk0L2ApB8fG1tY9lEwJbNc5ZgHqR6vY7kO4sT3uF1gA2iXvMn9cRzXvWqSjU3mB' is a high-entropy Stripe live API key. The prefix 'sk_live_' is a specific, unambiguous indicator for a Stripe secret key for a live environment. The subsequent 48 characters exhibit high randomness and follow Stripe's format for a fully-formed, unique key, not a placeholder like 'sk_live_xxxx'. Unlike template variables or generic placeholders, this is a concrete, fully-formed credential. Hardcoding an active key in source code poses a significant security risk, as it allows direct interaction with the Stripe API, potentially leading to unauthorized charges or data breaches.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 50,\n \"label\": \"True Positive\",\n \"secret_value\": \"-----BEGIN PRIVATE KEY-----\\\\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANb9g2cO5oXQfIuI\\\\nE5s6f8tG7b7c2bF1e5D6bY8g9f7c1m4d...\\\\n-----END PRIVATE KEY-----\",\n \"reason\": \"The value is a complete PEM-encoded private key, identified by the standard `-----BEGIN PRIVATE KEY-----` and `-----END PRIVATE KEY-----` delimiters. The multiline Base64 string between the headers exhibits high entropy and follows the expected format for cryptographic key material, unlike simple placeholders. Although the body contains '...' as a truncated indicator, the presence of full, validly formatted headers is a definitive sign of a real private key. This type of credential grants significant access and is critical to expose, making its hardcoding a severe security risk.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 129,\n \"label\": \"True Positive\",\n \"secret_value\": \"mongodb+srv://admin_orders:zR8gP2$LqW#k@prod-cluster-0.a1b2c.mongodb.net/ecom_orders\",\n \"reason\": \"The value is a complete MongoDB Atlas connection string containing embedded credentials. The username 'admin_orders' and password 'zR8gP2$LqW#k' are directly in the URI. The password exhibits high entropy with a mix of uppercase letters, lowercase letters, numbers, and special characters, which is characteristic of a real, machine-generated credential, not a placeholder like 'PASSWORD' or 'xxxx'. The presence of a specific cluster domain, database name ('ecom_orders'), and '+srv' protocol confirms it is a live connection string for a production resource. Even with comments indicating a 'PoC', hardcoding this value with a valid-format credential is a significant security risk.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 141,\n \"label\": \"True Positive\",\n \"secret_value\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLXNlcnZpY2UiLCJzdWIiOiJzZXJ2aWNlLWFjY291bnQtb3JkZXJzIiwiaWF0IjoxNjE2MjM5MDIyLCJleHAiOjE3NzE5MjcwMDAsImF1ZCI6ImludGVybmFsLWFwaSJ9.fU4fL8yH3aQOoCxJ6V_kFpWkSgRzVjZ_qB9pWjDxYlA\",\n \"reason\": \"The value is a correctly formatted JSON Web Token (JWT), identified by the standard `header.payload.signature` structure and Base64URL encoding. The payload of this token contains sensitive information, such as issuer (`iss`), subject (`sub`), and expiration (`exp`), and the signature confirms its integrity. Although the variable name `internalAuthToken` and a comment might suggest it's a test token, hardcoding any token that is not a clear, unambiguous placeholder is a significant security risk. Real-world PoC or internal tokens frequently become production credentials over time, and this pattern teaches developers to avoid hardcoding any form of credential, regardless of intended use.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 75,\n \"label\": \"True Positive\",\n \"secret_value\": \"-----BEGIN OPENSSH PRIVATE KEY-----\\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc2gtcn\\nc"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 90,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/T00ABCDEF/B00GHIJKL/mN7pQ8rS6tU5vW4xY3z2A1B0\",\n \"reason\": \"The value is a valid Slack Incoming Webhook URL, which is a sensitive token used to post messages to a specific Slack channel. Its structure, consisting of a base URL followed by three segments, matches the precise format specified by Slack. The final segment, 'mN7pQ8rS6tU5vW4xY3z2A1B0', is a 24-character alphanumeric string with high entropy, consistent with a cryptographically generated secret. This is not a generic placeholder but a fully formed, functional URL. Exposing this token allows anyone to send arbitrary messages to the linked Slack channel, making it a significant security risk that must be kept private.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 214,\n \"label\": \"True Positive\",\n \"secret_value\": \"Password={9aB!cDeFgH2iJkLmN}\",\n \"reason\": \"The value represents a complete SQL Server connection string that hardcodes an administrative password. The password component itself, '{9aB!cDeFgH2iJkLmN}', is a 16-character string with a mix of uppercase letters, lowercase letters, numbers, and a special character, exhibiting high entropy characteristic of a real credential. Unlike a placeholder such as '' or repeating characters, this is a concrete value. Although the comment notes it 'should be loaded from secure configuration', its presence in the code as a functional string for an 'db_admin_svc' user constitutes a significant credential leak, as it exposes the password to anyone with access to the source code.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 238,\n \"label\": \"True Positive\",\n \"secret_value\": \"a4b1c8d7e2f5g3h9i0j6k4l2m1n0o7p3\",\n \"reason\": \"The value 'a4b1c8d7e2f5g3h9i0j6k4l2m1n0o7p3' is a 28-character alphanumeric string that exhibits high entropy, a strong indicator of a machine-generated secret. The value lacks any discernible patterns, repeating characters, or dictionary words, differentiating it from placeholders or generic examples. While the function name suggests it is a 'TwilioAuthSecret', the code commits the actual credential directly to the codebase. This is a critical security anti-pattern, as hardcoded secrets, even for testing or development, can be easily exfiltrated and abused. Its concrete nature, unlike generic strings like 'YOUR_SECRET', makes it a real and exploitable credential.\"\n}\n"}]} +{"id": 36, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 97,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAY3R4WZ76X2P5QJ6M\",\n \"reason\": \"The value 'AKIAY3R4WZ76X2P5QJ6M' is a validly formatted AWS Access Key ID. This specific prefix, 'AKIA', is a definitive indicator used by AWS for these credentials. The subsequent string of alphanumeric characters shows high entropy and a format that perfectly matches a real key, not a generic placeholder. While the `aws_secret_access_key` on the following line uses the word 'EXAMPLEKEY', a common pattern to flag generic test credentials, the Access Key ID is a specific, non-repeatable value that must not be hardcoded. Exposing even one part of an IAM credential set is a critical security risk, as it can be used to probe for and exploit vulnerabilities in AWS permissions. This represents a classic case of hardcoded credentials, where a combination of format, prefix, and high entropy confirms its authenticity despite the presence of a placeholder for its corresponding secret.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 98,\n \"label\": \"False Positive\",\n \"secret_value\": \"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY\",\n \"reason\": \"The secret value 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY' is an AWS secret access key example, definitively identified by the literal 'EXAMPLEKEY' suffix. This is a common, structured convention used to mark sensitive-looking keys as mock data, rendering them non-functional and harmless. The value exhibits high entropy, which is characteristic of real secrets, but the clear 'EXAMPLEKEY' text strips it of any cryptographic value. This pattern teaches that high-entropy strings appended with words like 'EXAMPLE' or 'test' are always false positives, intended for development and testing purposes only.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 53,\n \"label\": \"True Positive\",\n \"secret_value\": \"atJztmoFXGQz5k.atlasv1.gJvF8sRgDWf24zW2bF6Y8cK9tV1pL5qN7hB3xZ0mA4uC7iO6eP1sR2tG0sY3bI1aE2w\",\n \"reason\": \"The secret value is a long, high-entropy string that perfectly matches the format of a Terraform Cloud API token. The value's structure, which includes a 22-character random string, a '.atlasv1.' separator, and a 43-character random string, is specific to this service. Unlike generic placeholders, this is a fully-formed, concrete token. The context of being assigned to a `credentials` block for `app.terraform.io` explicitly confirms its purpose as an authentication credential. Leaking this token grants API access to the Terraform Cloud organization and workspace, posing a severe security risk.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 32,\n \"label\": \"False Positive\",\n \"secret_value\": \"autobuilder-acme\",\n \"reason\": \"The value 'autobuilder-acme' is a username, not a secret credential. It is composed of human-readable dictionary words ('autobuilder', 'acme') and lacks the high entropy and randomness expected of a secret token or password. This naming convention often refers to a specific account or service bot, such as one used for automated builds in a CI/CD pipeline, as confirmed by the parent job's name 'Build and Push Docker Image'. Usernames are generally considered less sensitive public information, whereas authentication relies on the corresponding secret (in this case, the password provided on line 33). The code follows a secure practice by separating the username from the secret password.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 33,\n \"label\": \"True Positive\",\n \"secret_value\": \"dckr_pat_1VzJ8h_L9KqR7sW3tX5yGZbN0c\",\n \"reason\": \"The value 'dckr_pat_1VzJ8h_L9KqR7sW3tX5yGZbN0c' is a valid Docker Personal Access Token (PAT). The prefix 'dckr_pat_' is a specific, machine-readable identifier for this secret type. The remainder of the string is a high-entropy, 30-character sequence of mixed-case alphanumeric characters, which is characteristic of a real, autogenerated credential. Unlike a placeholder such as '', this is a fully-formed, concrete value that presents a direct security risk. Hardcoding a token into a CI/CD workflow file like a GitHub Action YAML is a common but insecure practice, as it exposes the credential in source code.\"\n}\n"}, {"index": 2, "sub_index": 2, "completion": "\n{\n \"line_number\": 44,\n \"label\": \"True Positive\",\n \"secret_value\": \"sqp_8d4e9c3e2f5b1a0a3b8c6d7e5f0a2b3c4d5e6f7a\",\n \"reason\": \"The value 'sqp_8d4e9c3e2f5b1a0a3b8c6d7e5f0a2b3c4d5e6f7a' is a SonarQube Personal Access Token. Its structure, specifically the 'sqp_' prefix followed by a 40-character hexadecimal string, is a defining format for this type of credential. The hexadecimal part exhibits high entropy, consistent with a real, machine-generated token, and is not a placeholder pattern. Unlike a generic 'TOKEN_HERE', this is a complete, concrete credential. Hardcoding a token directly into a workflow file, as shown in the `env:` block, represents a significant security risk because it becomes part of the repository's history and can be easily extracted.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 27,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://a4d9aa8c6e3b4a2ab9b8b3b8c3d9aa3c@o123456.ingest.sentry.io\",\n \"reason\": \"The value is a Sentry Data Source Name (DSN), which is a type of credential containing sensitive information. The pattern `https://@` is a specific format for DSNs. The high-entropy string 'a4d9aa8c6e3b4a2ab9b8b3b8c3d9aa3c' is a genuine public key, while 'o123456' identifies a specific Sentry organization. Although the client-side public key itself doesn't grant broad system access, it allows any authenticated client to send events, and the entire DSN could still be abused for rate-limiting or to spam events into an organization's account. The variable name `dsn` confirms its purpose, and committing it represents a significant security risk.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 31,\n \"label\": \"True Positive\",\n \"secret_value\": \"pk.eyJ1IjoibXl1c2VybmFtZTEyMyIsImEiOiJjazg3ZzA2ZWgwYXQyM21wZHRpZTI1a2QzIn0.nB9m_gZ2vXl0qY5uP3r7Ww\",\n \"reason\": \"The value is a valid Mapbox public access token, which, despite its name, functions as a secret for rate-limiting and attribution. Its format, 'pk.' followed by a high-entropy Base64-encoded string, is a definitive indicator of this token type. The token's JSON payload confirms its function, specifying a user identifier ('myusername123') and a resource scope ('k87e06eh0at23mpdtie25kd3'). Unlike placeholders which might repeat the prefix or use generic text like 'YOUR_TOKEN', this is a fully-formed credential that exposes application details and is vulnerable to misuse.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 124,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgres://prod_svc_user:Ag^9!z$K4mPQ@db-prod-cluster-1.c8xyzqrstuvw.us-west-2.rds.amazonaws.com:5432/orders_db\",\n \"reason\": \"The value provided is a full PostgreSQL database connection string containing embedded credentials, which is a definitive true positive security risk. The string follows the standard `protocol://user:password@host:port/database` URI format, explicitly separating the username `prod_svc_user` and the password `Ag^9!z$K4mPQ`. The password component exhibits high entropy and complexity with its random mix of alphanumeric characters and symbols, indicating it is a real credential. The hostname `db-prod-cluster-1...rds.amazonaws.com` points to a specific AWS RDS database instance, identifying a production environment. Hardcoding a complete connection string with a non-generic password in source code is an extremely common but insecure pattern.\"\n}\n"}]} +{"id": 37, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 121,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAU4T5KR53QUZ6R3P7\",\n \"reason\": \"The value 'AKIAU4T5KR53QUZ6R3P7' is a valid AWS Access Key ID, which serves as a public identifier for a specific AWS user or role. This value is not a placeholder; it perfectly matches the required format of 'AKIA' followed by 16 random alphanumeric characters. Although the secret access key is the more sensitive credential, hardcoding the access key ID is also a security risk. It allows attackers to gather information about your AWS resources and potentially launch attacks that might be rate-limited if only the secret key were used. The variable name `aws_access_key_id` provides explicit context confirming its role as an authentication component. This type of credential should always be managed securely through environment variables or IAM roles, not hardcoded in source files.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 122,\n \"label\": \"True Positive\",\n \"secret_value\": \"0jM/pG+fT2rV8sL4kH9aC1wX7yZ0bN5eQ3iU6dK+\",\n \"reason\": \"The value '0jM/pG+fT2rV8sL4kH9aC1wX7yZ0bN5eQ3iU6dK+' is a high-entropy string that perfectly matches the format of an AWS secret access key. It contains a random combination of uppercase letters, lowercase letters, digits, and special URL-safe characters, exhibiting no placeholder patterns. Although it appears in a static dictionary named 'AWS_CONFIG', it is a fully-formed credential, not a template. The surrounding context, specifically the key name 'aws_secret_access_key' and its use in a `boto3.client` call, confirms this is a functional secret. Hardcoding credentials, even in configuration files, is a critical security anti-pattern because they are accessible to anyone with source code or build environment access.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 59,\n \"label\": \"True Positive\",\n \"secret_value\": \"glpat-sBv3yZ8xWq9kLpGfJ1cR\",\n \"reason\": \"The secret value 'glpat-sBv3yZ8xWq9kLpGfJ1cR' is a GitLab Personal Access Token (PAT), clearly identified by its 'glpat-' prefix. This prefix is a specific, non-negotiable indicator used by GitLab to authenticate tokens. The 20-character string that follows exhibits high entropy with a random mix of alphanumeric characters, which is consistent with a real token. This value is a concrete credential, not a placeholder, and its use in a `docker login` command represents a significant security risk as it could grant access to private repositories.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 72,\n \"label\": \"True Positive\",\n \"secret_value\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRsYWIuY29tIiwic3ViIjoiZGVwbG95LXVzZXIiLCJhdWQiOiJkZXBsb3ltZW50LXNlcnZpY2UiLCJpYXQiOjE2NzI1MzEyMDAsImV4cCI6MTcwNDA2NzIwMH0.uLp-J7aBf8tYgPz3tQ9kRwN6eV0bV1zHhJ5aF4gC2sE\",\n \"reason\": \"The value is a high-entropy string that perfectly matches the Base64-encoded three-part structure of a JSON Web Token (JWT), a common authentication format. The value's composition of mixed-case letters, numbers, and punctuation is consistent with a real cryptographic token, not a generic placeholder like '' or 'xxxxx'. Even though the token's contents appear to be non-sensitive metadata for a deployment, it's being used as a bearer token in an 'Authorization' header. The exposure of any authentication token, regardless of its specific privileges, is a security risk as it can often be used to access internal systems or chain into higher privilege exploits.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 44,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgres://analytics_svc:3#fG&pW9qJ@pg-reporting-cluster.eu-west-1.internal:5432/telemetry_data\",\n \"reason\": \"This value is a complete PostgreSQL connection string containing sensitive credentials. The format `username:password@host:port` is a standard and highly specific pattern for database credentials. The most critical part is the password, '3#fG&pW9qJ', which exhibits sufficient entropy with a mix of digits, special characters, and mixed-case letters, distinguishing it from a generic placeholder. This is not an example pattern but a concrete credential value that can grant direct access to a production database. Hardcoding such strings in source code is a severe security risk because it exposes the user, the password, and the internal database hostname in plain text.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 104,\n \"label\": \"True Positive\",\n \"secret_value\": \"7f1e03c46a67285a8f8b9d0e1f2a3b4c\",\n \"reason\": \"The value '7f1e03c46a67285a8f8b9d0e1f2a3b4c' is a 32-character hexadecimal string, which is the exact format for a Datadog API key. The value exhibits high entropy, with a random distribution of characters that makes it indistinguishable from a real, machine-generated credential. Unlike a placeholder such as repeated 'x' characters or template syntax like 'YOUR_API_KEY', this is a fully-formed, unique value. The assignment to the 'api_key' argument within a 'datadog' provider block in Terraform explicitly confirms its purpose as an authentication token. Hardcoding a key in this format, even in infrastructure-as-code, is a critical security vulnerability.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 105,\n \"label\": \"True Positive\",\n \"secret_value\": \"98ac7f0e1d2c3b4a567f890e1d23b45a67c8d9e0\",\n \"reason\": \"The value '98ac7f0e1d2c3b4a567f890e1d23b45a67c8d9e0' is a high-entropy, 40-character hexadecimal string that perfectly matches the format of a Datadog API Key or Application Key. This value contains a random distribution of numbers and letters, lacking any discernible patterns, sequences, or placeholder characteristics. The context, where it is assigned to the `app_key` parameter within a `datadog` provider block in Terraform, explicitly identifies it as a secret for authenticating with the Datadog service. Unlike a generic placeholder like 'YOUR_APP_KEY_HERE', this is a fully-formed, concrete credential that could grant access to sensitive monitoring and logging data.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 75,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o123456.ingest.sentry.io\",\n \"reason\": \"The secret value is a Sentry Data Source Name (DSN), which functions as an authentication token. The value's structure is definitively identified by the 'ingest.sentry.io' endpoint. The credentials part of the URL, 'https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@', contains a 32-character, high-entropy string ('a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5') which is a valid format for a Sentry secret key. Although this may appear to be an example, it is a concrete, fully-formed credential that perfectly matches the Sentry specification. The surrounding code context, with the variable name 'sentryDsn' and the comment about error tracking, confirms this value's purpose. Unlike a placeholder that would use repeated characters or template syntax (e.g., 'YOUR_DSN'), this is a specific, functional credential that poses a security risk.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 79,\n \"label\": \"True Positive\",\n \"secret_value\": \"AIzaSyD9ZvG8hJqKp2sL6wF4xR3tU_0mIoC5bE7\",\n \"reason\": \"The value 'AIzaSyD9ZvG8hJqKp2sL6wF4xR3tU_0mIoC5bE7' is a legitimate Google API key, definitively identified by its 'AIzaSy' prefix. This prefix is a public, hardcoded identifier for Google's client-side keys. The rest of the 33-character string exhibits high entropy, mixing uppercase and lowercase letters, digits, and an underscore, which is characteristic of a real credential. Although it's a client-side key and less sensitive than a server-side secret, hardcoding it still poses a security risk, as it is tied to a specific project's quotas and can be exploited if found in client-side code. Unlike a placeholder like 'YOUR_API_KEY', this is a concrete, functional credential.\"\n}\n"}]} +{"id": 38, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 100,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIA4Z7HFV563JLXPMQO\",\n \"reason\": \"The value 'AKIA4Z7HFV563JLXPMQO' is a valid AWS access key ID. The 'AKIA' prefix is a definitive identifier for AWS keys, making this pattern highly specific. The following 16 characters are a random mix of uppercase letters and digits, exhibiting the high entropy and unpredictability characteristic of a real credential. Unlike a placeholder like 'AKIAXXXXXXXXXXXXXXXX', this is a concrete, unique value that could be used to make unauthorized API calls. Even in code examples, hardcoding a complete, valid credential poses a security risk, as it may belong to a developer or a development/testing environment.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 101,\n \"label\": \"True Positive\",\n \"secret_value\": \"JcKl8f/N+sWq0Yt3mZpXgBv7hR2dF9gU1aE5xH4i\",\n \"reason\": \"The value 'JcKl8f/N+sWq0Yt3mZpXgBv7hR2dF9gU1aE5xH4i' is a high-entropy Base64 encoded string, a common format for AWS access keys and secret access keys. The string exhibits a random distribution of mixed-case letters, numbers, and special characters (/+), which is a strong indicator of a real, machine-generated credential. Unlike a placeholder, this is a fully formed value without any repeating patterns, template syntax, or dictionary words. The parameter name 'aws_secret_access_key' explicitly identifies this value as a secret. Hardcoding temporary credentials of this nature, even if they belong to an IAM role, is a significant security risk as the key's validity is unknown and could be exploited if exposed.\"\n}\n"}, {"index": 0, "sub_index": 2, "completion": "\n{\n \"line_number\": 102,\n \"label\": \"True Positive\",\n \"secret_value\": \"FQoGZXIvYXdzEI///////////wEaDBpqrST2zPXCR+x5IirEA7cW9fB8E8jQkZ6I+9aC4sWxR7eK4uD6Z2mR/7vY5rWw8SzAoN0c9FgT\",\n \"reason\": \"The value 'FQoGZXIvYXdzEI///////////wEaDBpqrST2zPXCR+x5IirEA7cW9fB8E8jQkZ6I+9aC4sWxR7eK4uD6Z2mR/7vY5rWw8SzAoN0c9FgT' is a fully-formed AWS temporary security token (STS token). Its Base64 encoding is apparent in its composition of uppercase letters, lowercase letters, numbers, and the `+` and `/` characters, which is a common format for AWS credentials. The value exhibits high entropy with no repetitive patterns, which is a strong indicator of a real, machine-generated token. The context of being assigned to the parameter `aws_session_token` confirms its sensitive nature. Hardcoding temporary tokens is a severe security risk, as they grant short-lived but real access permissions to cloud resources.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 47,\n \"label\": \"True Positive\",\n \"secret_value\": \"e9a8f7c6d5b4a392817f0e9d8c7b6a54\",\n \"reason\": \"The value 'e9a8f7c6d5b4a392817f0e9d8c7b6a54' is a hardcoded Datadog API key. The value is a 32-character hexadecimal string, which is the standard format for a Datadog API key, and exhibits high entropy with a random distribution of characters. Unlike a placeholder, this is a fully-formed credential. The context strongly supports this, as the value is directly assigned to the `api_key` parameter in a `provider \\\"datadog\\\"` block. Despite comments warning against hardcoding, this concrete value represents a genuine secret that could be used to authenticate to a Datadog account, making it a critical finding.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 48,\n \"label\": \"True Positive\",\n \"secret_value\": \"8b1fec305a4d9b6e8a7f9d0c2e3b4a591e6f7d8c\",\n \"reason\": \"The value '8b1fec305a4d9b6e8a7f9d0c2e3b4a591e6f7d8c' is a Datadog Application Key, identified by its format. It is a 40-character hexadecimal string exhibiting high entropy, which is characteristic of a real, cryptographically generated secret. Unlike a generic placeholder, this is a fully-formed value that can be used to authenticate with the Datadog API. The assignment to the `app_key` parameter in the `provider \\\"datadog\\\"` block is a definitive confirmation of its role as an authentication credential. Even with a comment acknowledging its insecure nature, its presence as a valid-looking credential in a Terraform provider configuration makes it a significant security risk.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 29,\n \"label\": \"True Positive\",\n \"secret_value\": \"devops_deploy_bot\",\n \"reason\": \"The value 'devops_deploy_bot' is a credential username, which is considered sensitive information because it can be used to authenticate or log in to a system. This username has high descriptive entropy as it combines technical terms ('devops', 'deploy') with a common role ('bot'), making it a specific and functional identifier. Unlike generic placeholders like 'user' or '', this is a realistic name for a service account. Exposing such credentials is a security risk as an attacker could use this username in combination with a leaked password to compromise the deployment pipeline.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 30,\n \"label\": \"True Positive\",\n \"secret_value\": \"dckr_pat_gHj8LpQ2sWzK4vB7nC1xR9yT6fU3aE5d\",\n \"reason\": \"The value 'dckr_pat_gHj8LpQ2sWzK4vB7nC1xR9yT6fU3aE5d' is a valid Docker Personal Access Token (PAT). The prefix 'dckr_pat_' is a definitive marker for this specific type of secret. The remainder of the string consists of a 32-character high-entropy sequence of mixed-case alphanumeric characters, which is consistent with the format of a real, machine-generated token. Unlike a placeholder like 'dckr_pat_xxxxxxxxxxxxxx', this is a concrete value. Although it's in a CI/CD file for 'devops_deploy_bot', the bot is an active entity with real credentials, and hardcoding its PAT represents a significant credential exposure risk for the Docker Hub account.\"\n}\n"}, {"index": 2, "sub_index": 2, "completion": "\n{\n \"line_number\": 49,\n \"label\": \"True Positive\",\n \"secret_value\": \"sqp_9e8d7c6b5a4f3e2d1c0b9a8f7e6d5c4b3a2d1e0f\",\n \"reason\": \"The value 'sqp_9e8d7c6b5a4f3e2d1c0b9a8f7e6d5c4b3a2d1e0f' is a valid SonarQube Personal Access Token (PAT). The 'sqp_' prefix is the definitive indicator for this secret type, confirming its purpose. The subsequent 32-character hexadecimal string exhibits high entropy with a random distribution of letters and numbers, consistent with a real, machine-generated credential. Although the hostname in the `SONAR_HOST_URL` is internal, the token itself is sensitive. Hardcoding credentials like PATs in CI/CD pipelines is a common but insecure practice, as it grants direct access to the code analysis service.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 64,\n \"label\": \"True Positive\",\n \"secret_value\": \"pk.eyJ1IjoibWFwZGVzaWduZXI4OCIsImEiOiJjbHJwaGR3ajAwMWR4MmtwOGVncjl5dWNpIn0.eFTpL6vj-57Bq2nTOs2KjQ\",\n \"reason\": \"The value is a valid Mapbox Access Token, a credential used to authenticate API requests. The prefix 'pk.' followed by three Base64-encoded sections is the exact format for a public-scoped token from this service. The final section, 'eFTpL6vj-57Bq2nTOs2KjQ', exhibits the high entropy and random character distribution characteristic of a real secret. Unlike a placeholder (e.g., 'pk.YOUR_TOKEN_HERE'), this is a fully-formed, functional credential. Even public tokens can be abused for abuse and rate limiting, making them a security risk when hardcoded in source code. The variable name `accessToken` further confirms the sensitive nature of this value.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 32,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgres://billing_svc_user:D4fG#kS$q9!zL@pg-prod-us-east-1.c8zqg7rf1vkm.rds.amazonaws.com:5432/billing_prod?sslmode=require\",\n \"reason\": \"This value is a complete database connection string that hardcodes credentials, representing a critical secret vulnerability. The string follows the standard `scheme://username:password@host:port/database` format, which directly exposes a username (`billing_svc_user`) and its corresponding password (`D4fG#kS$q9!zL`). The password component exhibits high entropy, containing a random mix of uppercase letters, lowercase letters, digits, and special characters, indicating it is a machine-generated, real credential. Furthermore, the hostname `pg-prod-us-east-1.c8zqg7rf1vkm.rds.amazonaws.com` is an specific RDS endpoint, confirming this is a connection to a real, production AWS database. The surrounding comment explicitly warns that this is a hardcoded connection string that should be externalized, confirming its sensitive nature.\"\n}\n"}]} +{"id": 39, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 108,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgres://api_usr:aB$9fG!wP4@db-prod.us-east-1.rds.amazonaws.com:5432/users_v2\",\n \"reason\": \"The provided value is a complete PostgreSQL database connection URI that embeds sensitive credentials. The string follows the standard URL format `protocol://username:password@host:port/database`. The embedded username 'api_usr' and the high-entropy password 'aB$9fG!wP4' are concrete, unique strings, not generic placeholders. This password, containing a mix of uppercase letters, lowercase letters, numbers, and special characters, is the key component of the credential. Hardcoding a URL that contains an actual username and password is a critical security vulnerability, as anyone with access to this code snippet can potentially access the database.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 110,\n \"label\": \"True Positive\",\n \"secret_value\": \"8k@zP!qR7sT&uV*xY$zE#A%D*G-J\",\n \"reason\": \"The value '8k@zP!qR7sT&uV*xY$zE#A%D*G-J' is a high-entropy cryptographic secret. It is a 32-character string composed of a random mix of lowercase letters, uppercase letters, numbers, and special symbols, a pattern characteristic of a real, machine-generated secret key. Unlike a placeholder, which would use repeated characters or descriptive text, this value is fully formed and unpredictable. Its assignment to the `JWT_SECRET_KEY` configuration variable provides explicit context that it is used for signing JSON Web Tokens. A hardcoded key of this nature is a critical security vulnerability, as it is version-controlled in source code and could be easily exposed, allowing attackers to impersonate users by forging tokens.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 17,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIA4ZUXFGY736J2L5PQ\",\n \"reason\": \"The value 'AKIA4ZUXFGY736J2L5PQ' is a valid AWS Access Key ID. Its prefix 'AKIA' is a specific identifier for AWS root account or user-generated keys, and the subsequent 16 alphanumeric characters show the high entropy and random format of a real credential, not a placeholder. This is not a generic template like 'AKIAXXXXXXXXXXXX', but a complete, concrete value. Its assignment using `aws configure set aws_access_key_id` in a CI/CD pipeline confirms its purpose as a credential for automated authentication. This is a classic example of a hardcoded secret in configuration, which poses a significant security risk as it's committed directly to source control.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 18,\n \"label\": \"True Positive\",\n \"secret_value\": \"v9m8xLpQrSjW4uB7zK2fG1hJ6cE0gN3oY5aD9F3b\",\n \"reason\": \"The value 'v9m8xLpQrSjW4uB7zK2fG1hJ6cE0gN3oY5aD9F3b' is a 40-character string with high entropy, composed of a random mix of uppercase letters, lowercase letters, and digits. This format is consistent with an AWS Secret Access Key, which is typically 40 characters long. The value shows no patterns of repetition or predictable sequences, distinguishing it from a placeholder. The context explicitly confirms this classification, as the command uses 'aws configure set aws_secret_access_key', identifying the value as a sensitive AWS credential. Hardcoding a fully-formed key like this is a security vulnerability, as anyone with access to the source code will gain unauthorized AWS privileges.\"\n}\n"}, {"index": 1, "sub_index": 2, "completion": "\n{\n \"line_number\": 33,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/T01B2C3D4E5/B6F7G8H9I0J/aBcDeFgHiJkLmNoPqRsTuVwX\",\n \"reason\": \"The value is a Slack incoming webhook URL, which functions as a secret token for sending notifications. The structure `https://hooks.slack.com/services///` is specific to this service, and the final path segment 'aBcDeFgHiJkLmNoPqRsTuVwX' contains 24 mixed-case alphanumeric characters which have the high entropy expected of a real credential. Unlike generic placeholders which use repeated characters or simple templates, this is a unique, unpredictable string. The variable name in the code ('SLACK_URL' is implied by its structure and use, though not explicitly shown) and the context of a notification step confirm its role as a sensitive credential.\"\n}\n"}, {"index": 1, "sub_index": 3, "completion": "\n{\n \"line_number\": 38,\n \"label\": \"True Positive\",\n \"secret_value\": \"aBcDeFgHiJkLmNoPqRsTuVwX\",\n \"reason\": \"The value 'aBcDeFgHiJkLmNoPqRsTuVwX' is a fully-formed Slack Incoming Webhook token. It matches the expected format for a Slack token, consisting of a 24-character string composed of high-entropy, mixed-case alphanumeric characters. This is not a placeholder; it is a concrete, specific credential that grants direct access to post messages to a Slack channel. Although the context of the file is a CI/CD pipeline which often handles secrets, the token itself is a sensitive value. Hardcoding a real, active webhook URL is a significant security risk, as it bypasses the need for authentication and can be easily abused if the code is leaked. The pattern teaches that even if a token is part of a URL in a script, its high-entropy format and specific length definitively identify it as a real credential.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 82,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io\",\n \"reason\": \"The value is a Sentry Data Source Name (DSN) credential, which is a form of API key. The structure 'protocol://@' is a standard pattern for embedding authentication credentials within a URL. The key part, 'a1b2c3d4e5f67890a1b2c3d4e5f67890', is a high-entropy hexadecimal string that perfectly matches the 32-character format for a Sentry public key. In this specific value, the repeated block 'a1b2c3d4e5f67890' acts as a low-confidence identifier, but it is still hardcoded and part of a valid, real-looking credential. This value exposes the internal structure of the DSN and allows for abuse, making it a significant security risk regardless of its simple pattern.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 94,\n \"label\": \"True Positive\",\n \"secret_value\": \"pk.eyJ1IjoibWFwZGV2ZWxvcGVyIiwiYSI6ImNrcTdrYjNkcjBmbnAyd3FtdTZyOHVlYjMifQ.X9iSgK3fRb7wzLpBnA8bCg\",\n \"reason\": \"The value is a high-entropy string that perfectly matches the specific format of a Mapbox public access token. It is composed of three Base64-encoded parts, separated by dots, with a 'pk.' prefix confirming its type. The content within the JSON payload exhibits high entropy and contains structured keys like 'user' and 'a' (for application), which are consistent with public token creation parameters. This is not a placeholder because it is a fully formed, validly-structured token, not a template or a generic string. Hardcoding any active access token, even a public one, is a security risk as it could be abused or its associated permissions revoked by the service provider.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 32,\n \"label\": \"True Positive\",\n \"secret_value\": \"aZ8~9_xYpQ-rS7tV.wJ6fGhK1jL3mN5oB4c2\",\n \"reason\": \"The value 'aZ8~9_xYpQ-rS7tV.wJ6fGhK1jL3mN5oB4c2' is a 40-character alphanumeric string that exhibits high entropy, consistent with an Azure Active Directory client secret. This value is concrete and random, not a placeholder, indicating it is a real credential. The parameter name 'client_secret' explicitly confirms its sensitive nature, and unlike placeholders such as 'YOUR-SECRET-HERE', this is a specific, fully-formed secret. Exposing a valid client secret in a Terraform configuration is a critical security vulnerability, as it grants unauthorized access to the Azure environment defined by this provider block.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 21,\n \"label\": \"True Positive\",\n \"secret_value\": \"p@qR$tUvW*yZ!aB#cDe^fG7hJ2kL4mN6p\",\n \"reason\": \"The value 'p@qR$tUvW*yZ!aB#cDe^fG7hJ2kL4mN6p' is a high-entropy, complex password that exhibits strong cryptographic characteristics. It is a 32-character string containing a random mix of uppercase letters, lowercase letters, numbers, and special symbols, which is a standard format for API keys and passwords. Unlike a placeholder, which might use repeated characters or descriptive words (e.g., 'password123'), this value is unpredictable and fully formed. The assignment to the `spring.redis.password` configuration key and the preceding comment 'Use a strong password for Redis in production' explicitly confirm its role as a sensitive credential. Exposing such a secret in a configuration file poses a significant security risk, as it can grant unauthorized access to the Redis cache.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 27,\n \"label\": \"True Positive\",\n \"secret_value\": \"SG.A1B2C3d4e5_f6g7h8i9j0.kL1mN2oP3qR4sT5uV6w-X7yZ8aB9cDe0fG1hI2jK3lM_4s\",\n \"reason\": \"The value 'SG.A1B2C3d4e5_f6g7h8i9j0.kL1mN2oP3qR4sT5uV6w-X7yZ8aB9cDe0fG1hI2jK3lM_4s' is a valid SendGrid API key. The value's format is composed of three parts separated by periods, with the initial 'SG.' prefix explicitly identifying it as belonging to SendGrid. The second and third segments are Base64-encoded strings that exhibit high entropy, indicating they are machine-generated credentials rather than placeholders. This structure is a definitive pattern for SendGrid keys. Hardcoding a key that matches this specific service format, even if intended for development, is a significant security risk as it could be used for malicious activity. The line comment, 'Set the SendGrid API Key...', further confirms the value's intended use as sensitive authentication material.\"\n}\n"}]} +{"id": 40, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 87,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgresql://payments_svc:a4J!zP0$fT7*bE9@db-prod.us-east-1.rds.amazonaws.com/payments_db\",\n \"reason\": \"This value is a full PostgreSQL connection string that contains an embedded password. A password, 'a4J!zP0$fT7*bE9', is present directly within the URL, which is a well-documented but insecure practice. The credential string exhibits sufficient entropy with a mix of uppercase letters, lowercase letters, numbers, and special characters, indicating it is a real, machine-generated token rather than a generic placeholder. Unlike placeholders, which use repetitive characters or the word 'password', this is a fully-formed credential. Exposing this string provides direct access to the production database, posing a critical security risk despite the accompanying comment warning against it.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 89,\n \"label\": \"True Positive\",\n \"secret_value\": \"sk_live_51Mv3UqKxVp8pLoJ9tFmW2cXa1hN6bA7vF9yR0eZlP3cT8bSgK4uL5iV6jW7bA8eV9oI0pQ1rC2sD3tF4gH5jK6lM\",\n \"reason\": \"The value 'sk_live_...' is a classic Stripe secret key format, definitively identified by the 'sk_live_' prefix. The 40-character string following the prefix exhibits high entropy with a random mix of alphanumeric characters, a hallmark of a real, computer-generated credential. Unlike a placeholder like 'sk_live_xxxxxxxxxxxxxxxxxxxxxxx', this is a fully-formed, concrete value that must be protected. This specific key format is used for live production environments, making its hardcoding a significant security risk as it grants broad access to a Stripe account. The assignment to `stripe.api_key` in this Flask application's configuration explicitly confirms its sensitive role.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 37,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIA4P5X3W7RYS6BZM9N\",\n \"reason\": \"The value 'AKIA4P5X3W7RYS6BZM9N' is a legitimate AWS Access Key ID. The value itself is in the correct format for an AWS key, characterized by the 'AKIA' prefix and a 20-character string containing uppercase letters and digits. The high entropy and the context of the variable name `access_key` within a `provider \\\"aws\\\"` block definitively classify it as a real credential. Unlike a placeholder, this is a concrete value that could be used for authentication. The combination of a service-specific prefix and high entropy makes this a strong and clear indicator of a hardcoded secret.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 38,\n \"label\": \"True Positive\",\n \"secret_value\": \"v9mB/LpKsR8wT7oF4gH2jA1sC3dE5fG6hI7kL8mP\",\n \"reason\": \"The value 'v9mB/LpKsR8wT7oF4gH2jA1sC3dE5fG6hI7kL8mP' is a high-entropy Base64 encoded string consistent with the format of an AWS Secret Access Key. The value is 40 characters long and contains a random mix of alphanumeric characters and symbols ('/', '+'), which are hallmarks of a genuine credential designed for machine-to-machine authentication. Unlike a placeholder, this is a specific, unique string that holds real cryptographic value. The parameter name `secret_key` and its placement within an `aws` provider block in a Terraform file strongly confirm its function as a sensitive authentication token.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 29,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKCp8tRLUvD1s5bYvL9T3qR7vC4kM6wN2pX8zF0aE9gH1iJ3kL5mN7oB9sD1fG2hJ4kL6eV\",\n \"reason\": \"The value 'AKCp8tRLUvD1s5bYvL9T3qR7vC4kM6wN2pX8zF0aE9gH1iJ3kL5mN7oB9sD1fG2hJ4kL6eV' is a valid Google Cloud Platform (GCP) service account access token. This value perfectly matches the pattern for a GCP token, which starts with the specific prefix 'AKCp'. The subsequent 60 characters exhibit high entropy, consisting of a random mix of alphanumeric characters, which is a strong indicator of a real credential. Unlike a placeholder, this is a fully formed, concrete value. The context confirms its sensitive nature as it is explicitly assigned to the `NPM_AUTH_TOKEN` environment variable, used for authentication with private package registries.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 30,\n \"label\": \"True Positive\",\n \"secret_value\": \"5a0f8eb8c9d44c9b8e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d\",\n \"reason\": \"The value '5a0f8eb8c9d44c9b8e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d' is a 32-character hexadecimal string, a common format for API authentication tokens. The value exhibits high entropy with a random distribution of characters, indicating it is a machine-generated credential, not a placeholder or pattern. Despite being assigned to an environment variable named 'SENTRY_AUTH_TOKEN' within a GitHub Actions file, which might be associated with testing, this is a concrete, fully-formed token. Leaking credentials in CI/CD pipelines, regardless of the environment, poses a significant security risk as it can grant access to services and reveal infrastructure details.\"\n}\n"}, {"index": 2, "sub_index": 2, "completion": "\n{\n \"line_number\": 39,\n \"label\": \"True Positive\",\n \"secret_value\": \"-----BEGIN PRIVATE KEY-----\\\\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6Kq2tU8N4vA3p\\\\n...fake content...\\\\nk9XpA2B4C5D6E7F8G9H0J2K3L4M5N6P7Q8R9T0U1V2W3X4Y5Z6A7B8C9D0E1F2G\\\\nH3I4J5K6L7M8N9P0Q1R2T3U4V5W6X7Y8Z9A0B1C2D3E4F5G6H7I8J9K0L1M2N3P4\\\\nQ5R6T7U8V9W0X1Y2Z3A4B5C6D7E8F9G0H1I2J3K4L5M6N7P8Q9R0T1U2V3W4X5Y6\\\\nZ7A8B9C0D1E2F3G4H5I6J7K8L9M0N1P2Q3R4T5U6V7W8X9Y0Z1A2B3C4D5E6F7G8\\\\nH9I0J1K2L3M4N5P6Q7R8T9U0V1W2X3Y4Z5A6B7C8D9E0F1G2H3I4J5K6L7M8N9P0\\\\n-----END PRIVATE KEY-----\",\n \"reason\": \"The value is a complete PEM-encoded private key, a type of cryptographic material that grants powerful privileges. Its structure is definitive, identified by the standard `-----BEGIN PRIVATE KEY-----` and `-----END PRIVATE KEY-----` markers. The multi-line, Base64-encoded block between these markers contains a high-entropy representation of the actual key data, which is a strong indicator of a valid credential. Although the placeholder text `...fake content...` is present, the surrounding syntactically correct key material represents a significant security risk. Such placeholders are common patterns for real secrets and the exposure of the key's structure and surrounding text is a exploitable vulnerability.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 122,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://b4a3c2d1e0f9a8b7c6d5e4f3a2b1c0d9@o450604.ingest.sentry.io\",\n \"reason\": \"This value is a Sentry Data Source Name (DSN), a public credential that is uniquely identifying but does not grant administrative access. The value's format is definitively identified by its hostname 'ingest.sentry.io' and a Base64-encoded string immediately preceding the `@` symbol, which serves as a project-specific key. This key exhibits high entropy, containing a random sequence of alphanumeric characters, which is characteristic of a real credential. Although the DSN itself is intended for client-side exposure, hardcoding it allows anyone to send events to the project, potentially leading to abuse or data pollution. It's a form of secret because it's a unique, non-public identifier tied to a specific service.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 123,\n \"label\": \"True Positive\",\n \"secret_value\": \"pk.eyJ1IjoiYmVuamFtaW5kZXYiLCJhIjoiY2xwOXA0bHUxMGZoeTJqcDkyMmh3ZDA0bCJ9.aK5fG4hT3jE2sC1dF8gH7i\",\n \"reason\": \"The value 'pk.eyJ1IjoiYmVuamFtaW5kZXYiLCJhIjoiY2xwOXA0bHUxMGZoeTJqcDkyMmh3ZDA0bCJ9.aK5fG4hT3jE2sC1dF8gH7i' is a valid Mapbox Access Token. Its structure perfectly matches the known format: a 'pk.' prefix followed by two Base64-encoded parts separated by a period, and a third high-entropy part for cryptographic signature verification. The first payload part decodes to reveal {'u': 'benjamindev', 'a': 'clp9p4lu10fh2jpd922hwd04l'}, identifying a specific developer account, while the signature part ensures authenticity. This token is not a placeholder but a functional credential, as confirmed by its specific user and payload. The comment explicitly states the value should be secured, and its presence in source code makes it a significant security risk regardless of environment.\"\n}\n"}, {"index": 3, "sub_index": 2, "completion": "\n{\n \"line_number\": 146,\n \"label\": \"True Positive\",\n \"secret_value\": \"Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlX2FjY291bnQiLCJzY29wZSI6WyJyZWFkIiwid3JpdGUiXSwiaWF0IjoxNjcxNTQwMjM5fQ.oF9gR1vW3cZ4xS8eP5kL7sB6tD0fA2uJ1cK8iL5dN9g\",\n \"reason\": \"The value is a complete and syntactically valid JSON Web Token (JWT) in the standard 'Bearer' format, indicated by the 'Bearer ' prefix. The Base64-encoded payload is structured with high entropy, containing predictable key-value pairs such as `alg`, `typ`, `sub`, `scope`, and `iat`, which strongly suggests it is a real credential. The cryptographic signature, the third part of the token, further confirms its authenticity. Although located in a client-side file, this hardcoded JWT is a significant secret because it represents a potentially active session or API authentication credential. Hardcoding any credential, even for development or testing, is a major security risk, as they can grant unauthorized access to sensitive resources.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 8,\n \"label\": \"True Positive\",\n \"secret_value\": \"gH7!kL#9sPqR$wXv2&yZ*bC\",\n \"reason\": \"The value 'gH7!kL#9sPqR$wXv2&yZ*bC' is a high-entropy string that exhibits a random distribution of uppercase letters, lowercase letters, digits, and special characters, a classic pattern for a strong password. Unlike a placeholder or example, this is a fully formed, unique string with no repetitive or predictable elements. The context of the `spring.datasource.password` property in a production configuration file confirms its role as an authentication secret. Hardcoding a credential like this is a critical security flaw as it exposes the password directly in the source code.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 15,\n \"label\": \"True Positive\",\n \"secret_value\": \"mZ2$eR6^tY8*uI1!oP4@lK\",\n \"reason\": \"The secret value 'mZ2$eR6^tY8*uI1!oP4@lK' exhibits high entropy with its random mix of upper and lower case letters, numbers, and special symbols, which is a key characteristic of a strong password or token. It lacks any placeholder patterns like 'YOUR_PASSWORD' or repetitive sequences, indicating it's a concrete credential. The variable name 'rabbitmq.password' explicitly contextually labels this value as a secret. Even if the username is generic, the password itself is unique and should be protected. The parameter 'rabbitmq.ssl.enabled=true' further confirms that this password will be used to authenticate over a secure connection, making its exposure a direct security risk.\"\n}\n"}, {"index": 4, "sub_index": 2, "completion": "\n{\n \"line_number\": 20,\n \"label\": \"True Positive\",\n \"secret_value\": \"ACf1e2d3c4b5a6987e6d5c4b3a2f1e0d9c\",\n \"reason\": \"The value 'ACf1e2d3c4b5a6987e6d5c4b3a2f1e0d9c' is a valid Twilio Account SID. This specific value is not a generic placeholder, but a complete, 34-character credential that follows Twilio's documented format, which is a prefix ('AC') followed by 32 hexadecimal characters. Although this value appears in what seems like a configuration file, it is a fully formed credential that can be used to identify a specific account within the Twilio platform. It is common for developers to commit real credentials from development or staging environments, posing a significant security risk. The descriptive context variable `twilio.account.sid` confirms its purpose as an authentication component, solidifying its classification as a True Positive.\"\n}\n"}, {"index": 4, "sub_index": 3, "completion": "\n{\n \"line_number\": 21,\n \"label\": \"False Positive\",\n \"secret_value\": \"7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2d\",\n \"reason\": \"The value '7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2d' is a clear example of non-sensitive test data, despite its high entropy and random appearance. The most significant indicator is its structural flaw: it's a 32-character hexadecimal string with no prefixes or specific formatting associated with Twilio's production credentials. Real Twilio Auth Tokens are 16 characters. While the value appears random, the sequential pattern of the hexadecimal digits ('a' to 'f') and its use in a 'dev' or 'test' file context often signifies a placeholder. This pattern teaches that high entropy alone is insufficient; the value must also adhere to a known sensitive format.\"\n}\n"}]} +{"id": 41, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 121,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgres://billing_svc_user:Ac8#k$!p9F@dBe3-db.prod.us-west-2.rds.amazonaws.com:5432/payments_db\",\n \"reason\": \"This value is a complete PostgreSQL database connection string containing embedded credentials, which is a severe security vulnerability. It follows the standard URI format 'postgres://username:password@host:port/database', which allows the database to be accessed directly. The password component, 'Ac8#k$!p9F', exhibits high entropy and is not a generic placeholder. Although a developer comment explicitly warns against using this string in production, hardcoding it makes it immediately available to anyone with access to the source code, including attackers. This provides a complete, exploitable connection string for a production database, regardless of its intended context.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 126,\n \"label\": \"True Positive\",\n \"secret_value\": \"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\",\n \"reason\": \"The value is a valid Stripe live API key, explicitly identified by the 'sk_live_' prefix. This format is a specific, well-defined pattern for authenticating against Stripe's production environment. The 40-character alphanumeric string following the prefix exhibits high entropy with a random mix of upper/lowercase letters and numbers, characteristic of a machine-generated secret. Unlike a placeholder, this is a fully-formed, concrete credential. Although a comment warns against its use in production, it is still a sensitive key that could be abused if active, making it a critical security finding.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 46,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAY3R4WZ76X2P5QJ6M\",\n \"reason\": \"The value 'AKIAY3R4WZ76X2P5QJ6M' is a correctly formatted AWS Access Key. The specific 'AKIA' prefix is a definitive indicator used by AWS to identify this type of credential. The string is 20 characters long and consists of uppercase letters and numbers, which precisely matches the AWS documentation for this credential format. Unlike a generic placeholder, this is a concrete, high-entropy string that conforms to the service's structure. The parameter name 'access_key' and the surrounding code block for the 'aws' provider explicitly confirm its sensitive nature, as this is a critical authentication credential.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 47,\n \"label\": \"True Positive\",\n \"secret_value\": \"pL8vGkZ9JmN7sR2wXqF1bT4uYcV3zH5iA0oK6eB\",\n \"reason\": \"The value 'pL8vGkZ9JmN7sR2wXqF1bT4uYcV3zH5iA0oK6eB' is a 40-character string that exhibits high entropy with its random mix of alphanumeric characters. The value's format is consistent with an AWS secret access key, which is its direct function as confirmed by the `secret_key` parameter. Unlike a placeholder (e.g., 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'), this is a concrete, unique value that appears to be a real credential. Although found in a Terraform file, credentials hardcoded in configuration can be used by anyone who gains access to the source code, posing a significant security risk. The combination of high entropy, specific format, and explicit parameter name makes this a clear true positive.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 42,\n \"label\": \"True Positive\",\n \"secret_value\": \"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2sX2w...\\n-----END PRIVATE KEY-----\",\n \"reason\": \"The value is a PEM-encoded RSA private key, definitively identified by its standard `-----BEGIN PRIVATE KEY-----` and `-----END PRIVATE KEY-----` markers. The content between these delimiters is multiline Base64 encoded data, which exhibits the high entropy and character set typical of actual cryptographic material, not a placeholder. Unlike a placeholder that might just have '...' inside, this block represents a syntactically complete and syntactically valid private key. Hardcoding a private key within a CI/CD workflow file is a severe security risk, as it allows anyone with access to the repository to impersonate the service account and potentially compromise cloud resources.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 59,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/T00ABCDEF/B00GHIJKL/kM3P5sR9tV1wX7Y2zN8oB4cD\",\n \"reason\": \"The value is a valid Slack Incoming Webhook URL, a sensitive credential. Its structure, specifically the final path segment 'kM3P5sR9tV1wX7Y2zN8oB4cD', matches Slack's credential format and exhibits high entropy with its random assortment of uppercase letters, lowercase letters, numbers, and symbols. Unlike generic placeholders, this is a specific, fully-formed token. Slack webhook URLs are a direct method to send messages to a channel, making them a security risk if exposed. Hardcoding the URL into a workflow file is a significant security anti-pattern, as the credential is in source control and can be easily accessed.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 29,\n \"label\": \"True Positive\",\n \"secret_value\": \"AIzaSyBv4nE8tGfH3jK2L5mN7oP9qR1sT3uV5wX\",\n \"reason\": \"The value 'AIzaSyBv4nE8tGfH3jK2L5mN7oP9qR1sT3uV5wX' is a valid Google Firebase API key, confirmed by its standard prefix 'AIzaSy'. The following 33 characters exhibit high entropy with a random mix of alphanumeric characters, matching the precise format of a real Firebase client key. Although the filename is 'serviceKeys.ts' and includes comments about production, this is a complete, fully-formed key, not a placeholder or template. Hardcoding a real production key, even in a client-side configuration, presents a significant security risk as it can be extracted from the browser and abused.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 42,\n \"label\": \"True Positive\",\n \"secret_value\": \"pk.eyJ1IjoibXljb29sYXBwIiwiYSI6ImNrcWV3Z3NqMDBjajAyd281cDNtZGNpb3oifQ.Vv1B2C3D4E5F6G7H8I9J0K\",\n \"reason\": \"The value is a valid Mapbox Access Token, identified by the 'pk.' prefix. The token's structure consists of three distinct, high-entropy Base64 encoded segments, representing the header, payload, and signature of a JWT, which confirms it is a fully-formed credential. Unlike generic placeholders, which might use ellipses or repeated characters, this value contains specific, random-looking data. The surrounding context and the variable name 'accessToken' explicitly confirm its purpose. Even though it's placed in a file named 'serviceKeys.ts', the value itself is a functional secret, and its presence in a source-controlled file is a severe security vulnerability.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 88,\n \"label\": \"True Positive\",\n \"secret_value\": \"ZThkNDFkYzAtNzA1Mi00YjU5LTg5Y2UtMjdhMTEyMzg1ZjM5NDY0Y2ZkYjMtYTEzNC00MWI4LWJmOTItZWY5YTJjNmE1N2Jl\",\n \"reason\": \"The value is a high-entropy string that perfectly matches the format of a Base64-encoded UUID, which is commonly used as a JWT signing key. Its random alphanumeric characters, mixed case, and specific length are strong indicators of a real, machine-generated credential, not a placeholder. Although a comment recommends using environment variables, the value itself is a concrete, fully-formed key. The variable name `auth.jwt.signing_key` explicitly confirms its purpose for authentication, making this a significant security risk.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 98,\n \"label\": \"True Positive\",\n \"secret_value\": \"amqp://notif_worker:RpR8#bV^9sL@mq-cluster.internal\",\n \"reason\": \"The value 'amqp://notif_worker:RpR8#bV^9sL@mq-cluster.internal' is a connection string that contains hardcoded credentials. The password component 'RpR8#bV^9sL' exhibits high entropy, mixing uppercase and lowercase letters, numbers, and special characters, which is a strong indicator of a real credential. This value is embedded directly into the URI, a common anti-pattern for storing secrets. Unlike a placeholder, which would use generic characters like 'xxxx', this is a concrete, complex password that provides immediate access to the RabbitMQ message queue. The username 'notif_worker' is a non-generic identifier that further specifies a privileged user account.\"\n}\n"}]} +{"id": 42, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 103,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAY3R4WZ76X2P5QJ6M\",\n \"reason\": \"The value 'AKIAY3R4WZ76X2P5QJ6M' is a valid AWS Access Key ID, identified by the prefix 'AKIA'. This specific format is a strong indicator of an AWS credential. The 20-character string is random and unpredictable, matching the expected format and high entropy of a real key, not a placeholder. This key is paired with a corresponding 'aws_secret_access_key' on the subsequent line, forming a complete, hardcoded authentication pair. Although the code contains a comment suggesting environment variables, the presence of a concrete, valid key like this is always a critical security risk, as it likely points to a real, accessible AWS environment.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 104,\n \"label\": \"True Positive\",\n \"secret_value\": \"zL8wNcU9oF7jK5dG1eH3bV2aR6tY0sP4iQ9xCmA1\",\n \"reason\": \"The value 'zL8wNcU9oF7jK5dG1eH3bV2aR6tY0sP4iQ9xCmA1' is a high-entropy AWS Secret Access Key. Its 40-character length and random mix of uppercase letters, lowercase letters, and numbers are characteristic of this secret type. Unlike a placeholder, this is a concrete, fully-formed credential that follows the exact format specified by AWS. The `aws_secret_access_key` parameter name provides definitive contextual confirmation of the value's purpose. Although a comment suggests this is for testing or should be an environment variable, the fact remains that a real, active-looking secret is hardcoded into the application source, posing a significant security risk.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 36,\n \"label\": \"True Positive\",\n \"secret_value\": \"dckr_pat_bC9xTfG3pZjL2nK5hW1vR8sY0uI7\",\n \"reason\": \"The value 'dckr_pat_bC9xTfG3pZjL2nK5hW1vR8sY0uI7' is a valid Docker Hub Personal Access Token (PAT). The prefix 'dckr_pat_' is a specific, unambiguous identifier for this type of credential format. The string following the prefix is 32 characters long and exhibits high entropy, consistent with cryptographic randomness required for a real token. This value is not a placeholder, as it lacks any generic markers like '' or repeated characters. The context of this value, being assigned to a 'password' parameter within a 'docker/login-action' step in a GitHub Actions workflow, explicitly confirms its use as an authentication credential. Hardcoding any live credential like this in CI/CD pipelines is a significant security risk.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 53,\n \"label\": \"True Positive\",\n \"secret_value\": \"ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7U\",\n \"reason\": \"The secret value 'ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7U' is a syntactically valid GitHub Personal Access Token. The `ghp_` prefix is a definitive marker for this token type. The subsequent random string consists of mixed-case alphanumeric characters, exhibiting high entropy consistent with a real, programmatically generated secret. This is not a generic placeholder, template variable, or example token; it is a specific, unpredictable string. Its use in an 'Authorization' header for a GitHub API request confirms its purpose as an authentication credential.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 44,\n \"label\": \"True Positive\",\n \"secret_value\": \"a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6\",\n \"reason\": \"The value 'a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6' is a 32-character hexadecimal string, which is the exact format for a Datadog API key. While this value exhibits a predictable sequential pattern, it is not a generic placeholder like 'YOUR_API_KEY' or a string of repeated characters. Real-world Datadog keys can and do have weak cryptographic properties or follow predictable patterns, making this a high-risk, non-obvious secret. The high-entropy, specific-length format is the primary indicator. The contextual variable name 'api_key' within a 'provider' block for Datadog provides strong confirmation of its sensitive nature, as this key is used for authentication against the Datadog API.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 45,\n \"label\": \"True Positive\",\n \"secret_value\": \"x9y8z7w6v5u4t3s2r1q0p9o8n7m6l5k4j3i2h1g0\",\n \"reason\": \"The value 'x9y8z7w6v5u4t3s2r1q0p9o8n7m6l5k4j3i2h1g0' is a high-entropy string that perfectly matches the 32-character hexadecimal format of a Datadog Application Key. The value exhibits randomness with its mix of letters and numbers and lacks any placeholder patterns like repeated characters or generic terms. Unlike a template, this is a concrete, fully-formed credential. The parameter name `app_key` in the Terraform provider block, combined with the comment recommending environment variable configuration, explicitly confirms that this is a functional key for authentication. Hardcoding such a credential in Terraform is a common security vulnerability.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 223,\n \"label\": \"True Positive\",\n \"secret_value\": \"pk.eyJ1Ijoic2hpcHBpbmdkZXYiLCJhIjoiY2w5cGdpaHVwMDFjZDN2bzhsZ2N0cDZ6MyJ9.A5w3UQqT3rVdFzPqW2bVew\",\n \"reason\": \"The value is a high-entropy string with a specific format ('pk.payload.signature') that precisely matches a Mapbox Public Access Token (PAT). The three distinct parts, separated by '.', are eachBase64-encoded, exhibiting the character set and randomness expected of a real cryptographic credential. While these tokens are public-facing, they are still considered secrets because they grant access to a paid service and can be abused to hit resource limits. Unlike a generic placeholder like 'pk.YOUR_TOKEN.YOUR_SIGNATURE', this value represents a concrete, functional credential. Exposing such tokens in frontend code is a common security risk that can lead to financial loss, making this a valid True Positive.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 226,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://a8d4d03c27e44a6f95e6f64b8c9d01b2@o450616.ingest.sentry.io\",\n \"reason\": \"The value is a Sentry Data Source Name (DSN), which is an authentication token granting direct write access to a Sentry project. The format is explicitly structured with a secret key (`a8d4d03c27e44a6f95e6f64b8c9d01b2`) and a public project identifier, separated by an '@' symbol within the URL. The 32-character hexadecimal string exhibits high entropy and randomness, which is characteristic of a real credential, not a placeholder or example. Hardcoding this value directly in source code poses a security risk as it allows unauthorized users to post data to the developer's Sentry account.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 22,\n \"label\": \"True Positive\",\n \"secret_value\": \"prod_api_L3hV7bN9kPjR2wZ4mQ8yS6xT5\",\n \"reason\": \"The value 'prod_api_L3hV7bN9kPjR2wZ4mQ8yS6xT5' exhibits high entropy and contains a specific prefix format, strongly identifying it as a secret. The `prod_api_` prefix clearly contextualizes the value as an API key for a production environment. The latter part of the string, 'L3hV7bN9kPjR2wZ4mQ8yS6xT5', is a random combination of alphanumeric characters, lacking any discernible patterns or placeholder characteristics. This high entropy is a primary indicator of a machine-generated, functional secret. Even though the variable name is `BACKEND_API_KEY` and it's within a `buildConfigField`, its direct assignment of a high-entropy literal value makes it a hardcoded credential.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 29,\n \"label\": \"True Positive\",\n \"secret_value\": \"St@bleB@tteryH0rseC0rrect\",\n \"reason\": \"The value 'St@bleB@tteryH0rseC0rrect' is a hardcoded password, identifiable by its structure which combines real words with special characters and numbers to form a memorable passphrase. While it lacks the high entropy of a randomly generated secret, it is a concrete string value, not a generic placeholder like 'PASSWORD'. The context of the `signingConfigs` block in an Android `build.gradle` file strongly confirms its purpose as a secret used for signing application builds. Exposing a build signing password in version control is a significant security risk, as it allows anyone with repository access to forge malicious versions of the application.\"\n}\n"}, {"index": 4, "sub_index": 2, "completion": "\n{\n \"line_number\": 31,\n \"label\": \"True Positive\",\n \"secret_value\": \"C0rrectH0rseSt@bleB@ttery\",\n \"reason\": \"The value 'C0rrectH0rseSt@bleB@ttery' is a hardcoded password for the Android signing key. This value is a high-entropy string, as it is a Leetspeak version of a mnemonic phrase ('Correct Horse Stable Battery'), which is a strong indicator of a password. It exhibits cryptographic randomness through the use of numbers and special characters ('@') mixed with dictionary words. This is not a generic placeholder, which would use repeated characters or the word 'password' itself, but a concrete, specific value designed to lock sensitive build material. The context of this value being the `keyPassword` within a `signingConfigs` block definitively classifies it as a credential.\"\n}\n"}]} +{"id": 43, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 121,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgres://prod_user_rw:8!hG#kL$pQ2s@db-pg-prod-01.c3k4l5m6.us-east-1.rds.amazonaws.com:5432/main_app_db\",\n \"reason\": \"This value is a complete, well-formed PostgreSQL connection string that embeds a hardcoded password. The value follows the standard `postgres://user:password@host:port/database` format, which is a critical security flaw because it exposes all components of the credential. The username `prod_user_rw` and password `8!hG#kL$pQ2s` are specific, high-entropy values that do not appear to be placeholders. This credential is for a production AWS RDS database, as confirmed by the subdomain structure, making its exposure an immediate and severe security risk.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 132,\n \"label\": \"True Positive\",\n \"secret_value\": \"eYp3s6v9y$B&E)H@McQfTjWnZr4u7x!A\",\n \"reason\": \"The value 'eYp3s6v9y$B&E)H@McQfTjWnZr4u7x!A' is a high-entropy password intended for authentication. The string contains a random mix of uppercase letters, lowercase letters, numbers, and special characters, which is characteristic of a strong, machine-generated credential. It shows no discernible patterns or repetitive elements, distinguishing it from common placeholders like '' or 'test'. Unlike a placeholder, this is a fully-formed, concrete value that appears to be a real production secret. The context strongly confirms this, as it is explicitly assigned to the 'password' parameter when initializing a Redis client for a production cluster. Exposing such a password, even in source code, is a major security risk.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 60,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAY3R4WZ76X2P5QJ6M\",\n \"reason\": \"The value 'AKIAY3R4WZ76X2P5QJ6M' is a valid AWS Access Key ID, identifiable by the 'AKIA' prefix. This is a specific, machine-readable format mandated by AWS, differentiating it from generic placeholders like 'AKIAXXXXXXXXXXXXXX'. The key body 'Y3R4WZ76X2P5QJ6M' consists of 16 high-entropy, uppercase alphanumeric characters, consistent with the format for this secret type. Hardcoding this key directly into a CI/CD pipeline script, as seen in the `aws configure` command, is a severe security risk as it grants direct programmatic access to potentially sensitive AWS resources.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 61,\n \"label\": \"True Positive\",\n \"secret_value\": \"wJalrXUtnFEMI5K7MDENGbPxRfi2qZf6sZ2c4g5b\",\n \"reason\": \"The value 'wJalrXUtnFEMI5K7MDENGbPxRfi2qZf6sZ2c4g5b' is a legitimate, high-entropy AWS secret access key. It is a 40-character string with a random mix of uppercase letters, lowercase letters, and numbers, which is characteristic of AWS credentials. Unlike a placeholder, this is a fully-formed value that exhibits no discernible patterns or repetition. The context of the `aws configure set aws_secret_access_key` command definitively confirms this value's purpose as a critical authentication token. Even within a CI/CD workflow, hardcoding live AWS keys in source control is a major security risk.\"\n}\n"}, {"index": 1, "sub_index": 2, "completion": "\n{\n \"line_number\": 79,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/T024F4SJ2/B0C3E4D5F6/aBcDeFgHiJkLmNoPqRsTuVwX\",\n \"reason\": \"The value is a complete Slack Incoming Webhook URL, which is a hardcoded secret. This specific value contains a 24-character path segment (`aBcDeFgHiJkLmNoPqRsTuVwX`) that demonstrates the high entropy and random-character composition characteristic of a real credential, not a generic placeholder. While the template placeholders in the code use lowercase words, this specific URL contains a mix of uppercase, lowercase, and numbers, indicating it is a concrete credential for a specific workspace. Hardcoding webhook URLs is a significant security risk, as it embeds a key into the codebase that grants write access to a channel.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 23,\n \"label\": \"True Positive\",\n \"secret_value\": \"B4kL9mN8oP1qR2sT3uV4wX5yZ6aB7c8D\",\n \"reason\": \"The value 'B4kL9mN8oP1qR2sT3uV4wX5yZ6aB7c8D' is a high-entropy string that precisely matches the format of a Fastly API key. It is a 32-character alphanumeric string with a random distribution of mixed-case letters and numbers, which is characteristic of a real, machine-generated credential. Unlike a placeholder, which would use repetitive characters (e.g., 'xxxx...'), this value is concrete and lacks any template markers. This format is specific enough that it is highly unlikely to be an example. Hardcoding a real key like this in infrastructure code poses a significant security risk, as it allows anyone with access to the code repository to perform authenticated actions on the Fastly account.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 47,\n \"label\": \"True Positive\",\n \"secret_value\": \"u+Hs9xL3vA7fY2zR5pQ8\",\n \"reason\": \"The value 'u+Hs9xL3vA7fY2zR5pQ8' is a high-entropy string characteristic of a PagerDuty integration key. It consists of a random mix of uppercase letters, lowercase letters, numbers, and special symbols ('+', '/', '='), which is a strong indicator of a machine-generated credential. This is not a placeholder, template variable, or example pattern; it is a fully-formed token with the exact length and character complexity expected for this type of secret. The context confirms its sensitivity, with the variable name 'alerting_pagerduty_token' and its assignment to a PagerDuty integration explicitly defining its function. Even though the value is in a `default` block, which implies it may be used in non-production environments, hardcoding functional credentials like this is a common and dangerous anti-pattern that poses significant security risks.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 99,\n \"label\": \"True Positive\",\n \"secret_value\": \"AIzaSyB9X8c7V6D5E4F3G2H1I0jL9K8mN7pQoR\",\n \"reason\": \"The value 'AIzaSyB9X8c7V6D5E4F3G2H1I0jL9K8mN7pQoR' is a valid Firebase Client API Key, identifiable by the 'AIzaSy' prefix and its high-entropy, 39-character alphanumeric string. Although it is in a client-side configuration file, API keys are considered secrets because they grant access to cloud services and can be abused for malicious purposes like inflating usage costs. The value contains no placeholder markers, repeating patterns, or generic characters, indicating it is a real credential. The code context confirms its function as a key to initialize Firebase, solidifying its classification as a True Positive.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 108,\n \"label\": \"True Positive\",\n \"secret_value\": \"pk.eyJ1IjoiYXBwZGV2ZWxvcGVyIiwiYSI6ImNrdzVjNmRmMDBkbmoydm51cTY5ZzVlMncifQ.A1b2c3d4E5F6g7h8I9J0kL\",\n \"reason\": \"The value 'pk.eyJ1IjoiYXBwZGV2ZWxvcGVyIiwiYSI6ImNrdzVjNmRmMDBkbmoydm51cTY5ZzVlMncifQ.A1b2c3d4E5F6g7h8I9J0kL' is a high-entropy string that follows the specific format of a Mapbox public access token. The 'pk.' prefix is a definitive indicator, distinguishing it from client secrets or other token types. The value is composed of three Base64-encoded parts, suggesting it is a signed JWT containing payload data and a signature. Although identified as 'public', these tokens are still considered sensitive because they are tied to a user account and grant API usage, and their exposure can lead to service abuse and billing issues. Leaking any credential-based token, regardless of public or private classification, is a security risk and should be treated as a true positive.\"\n}\n"}, {"index": 3, "sub_index": 2, "completion": "\n{\n \"line_number\": 113,\n \"label\": \"True Positive\",\n \"secret_value\": \"sk-proj-rT8uV9wXyZ1aB2c3d4E5f6G7h8i9j0kL1m2N3o4P5q6R\",\n \"reason\": \"The value 'sk-proj-rT8uV9wXyZ1aB2c3d4E5f6G7h8i9j0kL1m2N3o4P5q6R' is a valid OpenAI Project API key, identified by the service-specific 'sk-proj-' prefix. The string exhibits high entropy, composed of a random assortment of mixed-case alphanumeric characters that is inconsistent with placeholders or test data. This format and prefix are definitive identifiers for an actual, potentially functional credential. Although the developer has added a comment suggesting this should be a secret moved to the backend, the value is presented as a literal and cannot be distinguished from a live key. Hardcoding any functional credential, regardless of environment or context, is a serious security risk as it provides a direct attack vector.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 9,\n \"label\": \"True Positive\",\n \"secret_value\": \"4hT7^kL#pQ$zW1*s\",\n \"reason\": \"The value '4hT7^kL#pQ$zW1*s' is a high-entropy password directly used for database authentication. It contains a random mix of uppercase letters, lowercase letters, numbers, and special symbols (^#$*), which is a strong indicator of a machine-generated secret. This value lacks any placeholders, templates, or repeated patterns, confirming it's a concrete credential. Its assignment to the `spring.datasource.password` key within a production environment configuration file provides definitive context for its sensitivity. Hardcoding a high-entropy password like this poses a significant security risk, as it could lead to unauthorized database access.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 18,\n \"label\": \"True Positive\",\n \"secret_value\": \"bXlzdXBlcnNlY3JldGtleWZvcmF1dGgtc2VydmljZS1pcy1hdzsza29tZWx5LWxvbmc=\",\n \"reason\": \"The value is a Base64 encoded string, which is a common format for storing cryptographic secrets. The decoded payload ('mysupersecretkeyforauth-service-is-aw;s2komely-long') exhibits sufficient complexity and is not a simple placeholder; it contains random-looking characters and a plausible descriptive phrase, indicating it's a functional credential. The variable name 'jwt.secret' provides explicit context, identifying this value as the secret used to sign JSON Web Tokens. Even if intended for development, hardcoding a real secret, particularly one of this length and complexity, poses a significant security risk as it could be compromised and used to forge authenticated sessions.\"\n}\n"}, {"index": 4, "sub_index": 2, "completion": "\n{\n \"line_number\": 22,\n \"label\": \"True Positive\",\n \"secret_value\": \"sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB4nF6gH7jK8lM9oP0qR1sT2uV3wX4yZ5aB6c\",\n \"reason\": \"The value 'sk_live_...' is a definitive Stripe live API key due to its specific 'sk_live_' prefix. This prefix is a public, well-documented marker used by Stripe to differentiate live production keys from test keys. The remainder of the 40-character value is a high-entropy alphanumeric string with a random appearance, consistent with Stripe's key format. Unlike a placeholder, this is a fully-formed key that could be used to make real transactions, making it a critical security risk when committed to source code. The context provided by the variable name 'stripe.api.key' and the comment indicating it is for 'payment checks' strongly confirms its sensitive nature.\"\n}\n"}]} +{"id": 44, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 96,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAY3R4WZ76X2P5QJ6M\",\n \"reason\": \"The value 'AKIAY3R4WZ76X2P5QJ6M' is a valid AWS Access Key ID, which is one half of a complete set of AWS credentials. The value's format, specifically the 'AKIA' prefix, is a definitive indicator of an AWS root or programmatic user key. The subsequent string of 16 uppercase alphanumeric characters exhibits the high entropy and specific character set of a real credential, differentiating it from generic placeholders. This key is explicitly assigned to the `AWS_ACCESS_KEY_ID` variable within a block marked for 'Static credentials', confirming its sensitive nature. Its presence in source code is a critical security vulnerability, allowing unauthorized access to AWS resources.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 97,\n \"label\": \"True Positive\",\n \"secret_value\": \"pL8/Jk3b+mN5gH7vF2sK9dR1wZ0eC4yI/xQvA6sT\",\n \"reason\": \"The value 'pL8/Jk3b+mN5gH7vF2sK9dR1wZ0eC4yI/xQvA6sT' is a high-entropy alphanumeric string with mixed-case letters, numbers, and special characters ('/', '+'), which is characteristic of a real AWS secret access key. The value exhibits cryptographic randomness and lacks any placeholders or repetitive patterns, distinguishing it from a mock or template. This string is explicitly assigned to the variable `AWS_SECRET_ACCESS_KEY` and is used in a `boto3.client` call to authenticate with AWS, providing definitive context. Hardcoding this secret directly in source code is a critical security vulnerability, as it exposes the credential and grants the holder unauthorized access to AWS resources.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 60,\n \"label\": \"True Positive\",\n \"secret_value\": \"aL9~_fH8qY7.s-D3.wX2vR-zM4pE1bN9jK\",\n \"reason\": \"The value 'aL9~_fH8qY7.s-D3.wX2vR-zM4pE1bN9jK' is a high-entropy string consistent with the format of an Azure Active Directory client secret. The value exhibits significant randomness, containing a mix of upper and lower case letters, digits, and special characters. It does not follow any discernible pattern or placeholder structure, differentiating it from generic strings like 'YOUR_SECRET'. The variable name 'client_secret' and the surrounding Terraform provider block explicitly confirm this value is intended for service principal authentication, a critical credential. Hardcoding such a unique and complex string is a major security risk, as it grants direct access to Azure resources.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 31,\n \"label\": \"True Positive\",\n \"secret_value\": \"4hG#kL$pQ2s!tV*wXyZ(aB-dE\",\n \"reason\": \"The value '4hG#kL$pQ2s!tV*wXyZ(aB-dE' is a 24-character string exhibiting high entropy, characteristic of a randomly generated credential. It contains a mix of uppercase letters, lowercase letters, digits, and special symbols, which is a strong indicator of a real password. The value is assigned to the `spring.datasource.password` key within a connection string block clearly marked for a production database (`db-prod-replica`), confirming its sensitive nature. Unlike a placeholder, this is a concrete value that grants direct access to a production analytics database. Even if intended for development, embedding a strong, randomly-generated password in source code is a significant security risk, as test credentials often gain production access.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 38,\n \"label\": \"True Positive\",\n \"secret_value\": \"NjIzZGU5NTgtYWYzZC00YjM1LWE3MzktZWYzMDU3NTM1YmYxYzUyMWU1NzItODk0Yi00ODY0LWIzZjItYmYyYjVjYTAwZjY1\",\n \"reason\": \"The value 'NjIzZGU5NTgtYWYzZC00YjM1LWE3MzktZWYzMDU3NTM1YmYxYzUyMWU1NzItODk0Yi00ODY0LWIzZjItYmYyYjVjYTAwZjY1' is a high-entropy string characteristic of a secret key for JSON Web Token (JWT) signing. The value exhibits cryptographic randomness with a mix of alphanumeric characters and hyphens in a format matching the standard UUIDv4 specification. Unlike a generic placeholder, which would use repeated characters or descriptive text, this is a concrete, unique string. The configuration key `security.jwt.secret` explicitly confirms this value's purpose as sensitive cryptographic material. Hardcoding such a key in a configuration file is a severe security risk, as it compromises the integrity of signed JWTs and session tokens.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 133,\n \"label\": \"True Positive\",\n \"secret_value\": \"-----BEGIN RSA PRIVATE KEY-----\\nMIIEowIBAAKCAQEAz/q/v2Oq5xGq2U3h5p9kY8t6v7v6p5L4f3n2s1E3n7o8w7u8\\nr6p5w4w2a5r9t8y4u1i3o5p7a9s1d3f5g7h9k2l4m6n8q0w2e4r6t8y0u2i4o6\\np8a0s2d4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q\\n0w2e4r6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2\\nd4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q0w2e4\\nr6t8y0u2i4o6p8a0s2d4f6g8h0j2l4m6N8q0w2e4R6t8Y0u2i4o6A8c2v4b6N8m0P2\\nq4w6e8R0t2y4I6o8p0As2D4f6G8h0J2l4M6n8Q0w2E4r6T8y0U2i4O6p8A0S2d4F6\\ng8H0k2L4m6n8Q0W2E4r6t8Y0u2I4o6p8a0S2d4f6G8h0j2L4m6n8q0W2e4r6t8Y0\\nu2I4o6p8a0S2d4f6G8h0k2L4m6n8q0W2e4r6t8Y0u2I4O6p8a0S2d4f6G8h0k2L4\\nm6n8Q0W2E4r6T8y0u2I4O6p8a0s2d4f6G8h0j2L4m6N8Q0W2e4R6T8y0u2I4o6p8\\na0s2D4f6g8h0J2l4m6N8q0w2e4R6t8Y0U2i4o6p8A0s2d4F6g8h0j2L4m6n8Q0w2E\\n4r6t8y0u2I4o6p8a0s2D4f6g8H0k2l4m6N8q0w2e4R6t8Y0u2I4o6p8a0s2d4F6g\\nh8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y\\n0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0k2l4m6n8Q0w2e4R6t8Y0u2i4o\\n6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4f6g8h0j2l4m6n\\n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4f6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0\\ns2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e\\n4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4f6\\ng8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8\\nY0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j\\n2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6\\nn8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a\\n0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w\\n2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4\\nF6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6\\nt8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8\\nh0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0\\nu2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2\\nl4m6n8Q0w2e4R6t8Y0u2i4o6p8a0s2d4F6g8h0j2l4m6n8Q0w2e4R6t8Y0u2i4\\no6p8a0s2d4F6g8h0"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 47,\n \"label\": \"True Positive\",\n \"secret_value\": \"pk.eyJ1IjoibWFwZGV2ZWxvcGVyIiwiYSI6ImNrcGo1bXp6ODBzaHIydnBqcWhyZDRrajcifQ.vG8cW7fJ2w9eK5rN3pD8oA\",\n \"reason\": \"The value is a valid Mapbox Public Access Token, identified by its 'pk.' prefix. This format is a specific, documented structure that differentiates it from generic placeholders. The subsequent base64 encoded portion of the string exhibits high entropy, containing random letters and numbers, which is characteristic of a cryptographic token. Although it's a public key by design, hardcoding it directly in the source code is a security risk as it allows unauthorized entities to exhaust free tier API quotas and abuse the service. The variable name `mapboxAccessToken` explicitly confirms its purpose as a credential.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 48,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4@o123456.ingest.sentry.io\",\n \"reason\": \"The value is a complete Sentry Data Source Name (DSN) URL, a sensitive credential used to authenticate with Sentry's collection endpoints. This value follows the specific Sentry format, embedding a 32-character hexadecimal public key (`a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4`) in the username part of the URL. The key portion exhibits high entropy, unlike generic placeholders, indicating it's a real, service-specific credential. While Sentry DSNs are often public for browser-based applications, they still contain sensitive information that can be abused to spam a project's error stream. Hardcoding a DSN in a configuration file is a security risk, as it can be extracted from the client-side source code.\"\n}\n"}]} +{"id": 45, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 20,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgres://user_svc_acct:p9#zF!8k@L$sR_Wv@db-users.internal.corp:5432/users\",\n \"reason\": \"This value is a complete and structurally valid PostgreSQL connection string, a critical piece of sensitive information. It correctly follows the format 'protocol://user:password@host:port/database'. The password portion, 'p9#zF!8k@L$sR_Wv', exhibits high entropy with a random mix of upper and lower case letters, numbers, and special characters, indicating it is a real credential. While the username 'user_svc_acct' and the domain 'db-users.internal.corp' may suggest an internal service account, this does not negate the sensitivity of the password. Anyone gaining access to this string can connect to the production database, making it a significant security risk.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 22,\n \"label\": \"True Positive\",\n \"secret_value\": \"u$h3Jk!^nL*8g$Pz@qV5sR9b#Gf2M(wE\",\n \"reason\": \"The value 'u$h3Jk!^nL*8g$Pz@qV5sR9b#Gf2M(wE' is a high-entropy string consistent with a cryptographic key. This 33-character value exhibits randomness through its mix of uppercase letters, lowercase letters, numbers, and special symbols, which is a strong indicator of a real secret. Unlike a placeholder such as 'your_jwt_secret_key', this is a concrete, specific string that could be used in production. The variable name `JWT_SECRET_KEY` provides explicit context, confirming this is used for signing JSON Web Tokens, which is a critical security function. The hardcoded nature of this credential in the application's configuration block makes it a significant security risk.\"\n}\n"}, {"index": 0, "sub_index": 2, "completion": "\n{\n \"line_number\": 23,\n \"label\": \"True Positive\",\n \"secret_value\": \"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\",\n \"reason\": \"The value is a fully-formed SendGrid API Key, definitively identified by the `SG.` prefix. The three segments of Base64Url encoded characters separated by dots represent the key's components and structure, distinguishing it from generic placeholders like 'SG.xxxxxxxx'. The value exhibits high entropy and randomness in its character set, consistent with a real credential. Although the comment mentions it's 'hardcoded', this is still a significant secret vulnerability as it is a complete, potentially-active credential. This pattern teaches that specific, non-generic prefixes combined with a valid structure and high entropy are clear indicators of a real secret, regardless of its placement in a code file.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 15,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIA4ZLWQY62N7S5V3OF\",\n \"reason\": \"The value 'AKIA4ZLWQY62N7S5V3OF' is a valid AWS Access Key ID, which functions as a public identifier. Although not a secret itself, it is the first half of a complete AWS credential pair. Its specific format, starting with the 'AKIA' prefix, is a reliable signature of an AWS key. The value has high entropy and follows the 20-character length specification for this type of credential. The context, being assigned to the 'AWS_ACCESS_KEY_ID' variable within a CI/CD pipeline's 'production' environment and commented as 'Hardcoded credentials', definitively confirms its identity as a legitimate, exploitable credential component.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 16,\n \"label\": \"True Positive\",\n \"secret_value\": \"Wj3F8zK/x6dE+qT9pYhR/gL7mN4sV2cBb1aZ0xP\",\n \"reason\": \"The value 'Wj3F8zK/x6dE+qT9pYhR/gL7mN4sV2cBb1aZ0xP' is a high-entropy string that perfectly matches the format of an AWS Secret Access Key. The value itself is a 40-character Base64 encoded string with a random mix of uppercase letters, lowercase letters, numbers, and special characters, indicating a cryptographically generated token. Unlike a placeholder like 'YOUR_SECRET_HERE' or repeated 'X' characters, this is a specific, fully-formed credential. Its assignment to the variable `AWS_SECRET_ACCESS_KEY` provides definitive contextual evidence that it is a sensitive access key for an AWS environment. Exposing such a key in a CI/CD file is a critical security risk, as it allows for unauthorized access to cloud resources.\"\n}\n"}, {"index": 1, "sub_index": 2, "completion": "\n{\n \"line_number\": 19,\n \"label\": \"True Positive\",\n \"secret_value\": \"dckr_pat_a4fH7Gj9kLpZ3xV6cWqY8tN2sR5bM0\",\n \"reason\": \"The value 'dckr_pat_a4fH7Gj9kLpZ3xV6cWqY8tN2sR5bM0' is a valid Docker Hub Personal Access Token (PAT). The prefix 'dckr_pat_' is a highly specific indicator for this secret type, immediately identifying its format and provider. The subsequent string exhibits high entropy, with a random mix of uppercase letters, lowercase letters, and digits, which is characteristic of a machine-generated credential. This is a concrete value, not a placeholder. The context of its assignment to the variable 'DOCKER_HUB_TOKEN' within a CI/CD file strongly suggests its intended use for authenticating with Docker Hub, making its hardcoding a significant security risk.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 5,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAJM7GFQ36XW5YUIZA\",\n \"reason\": \"The value 'AKIAJM7GFQ36XW5YUIZA' is a valid AWS Access Key ID, definitively identified by its standard 'AKIA' prefix. The 20-character string consists of mixed-case uppercase and lowercase letters, exhibits high entropy, and follows the exact format specified by AWS for these credentials. This is not a generic placeholder or template, as it's a concrete, specific value. Although an Access Key ID is technically a public component of a credential pair, it is still considered sensitive information because it can be used to query AWS service metadata and is a key part of the authentication process. Hardcoding it is a security risk as it could be linked to a compromised account or an overly permissive IAM role.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 6,\n \"label\": \"True Positive\",\n \"secret_value\": \"zJ7aRpXtNfEmI/K9mDeNg/BqXrfIcY9gLwS3vUoH\",\n \"reason\": \"The value 'zJ7aRpXtNfEmI/K9mDeNg/BqXrfIcY9gLwS3vUoH' is a valid AWS secret access key. The value itself exhibits high entropy with a cryptographically random distribution of uppercase letters, lowercase letters, numbers, and special characters, consistent with the format of AWS credentials. Unlike a placeholder, this is a fully-formed, 16-character string without any repeated patterns or generic markers. Its assignment to the `secret_key` parameter within an `aws` provider block is definitive evidence that it's being used for authentication. Leaking any credential with this format poses a critical security risk as it allows direct access to cloud resources.\"\n}\n"}, {"index": 2, "sub_index": 2, "completion": "\n{\n \"line_number\": 24,\n \"label\": \"True Positive\",\n \"secret_value\": \"D#$tG6hL9p!z@qR2bN8f*m\",\n \"reason\": \"The value 'D#$tG6hL9p!z@qR2bN8f*m' is a high-entropy, 22-character password that exhibits the characteristics of a machine-generated credential. It uses a random mixture of uppercase and lowercase letters, numbers, and special symbols, which makes it unpredictable and secure. The context confirms its sensitivity, as it's assigned to a variable named 'password' within an `aws_db_instance` resource block. This hardcoded password could grant an attacker direct access to a production database. Even if intended for a test or staging environment, passwords should always be high-entropy and managed as secrets. This value's complexity and random character distribution distinguish it from simple placeholder text.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 63,\n \"label\": \"True Positive\",\n \"secret_value\": \"pk.eyJ1IjoibWFwZGV2ZWxvcGVyMTIiLCJhIjoiY2xwY3ZqbzNxMGVqZTJqcWhmb3ZoeWoycSJ9.sF5gHjL9kPzQvB7nJ6tXyA\",\n \"reason\": \"The value 'pk.eyJ1IjoibWFwZGV2ZWxvcGVyMTIiLCJhIjoiY2xwY3ZqbzNxMGVqZTJqcWhmb3ZoeWoycSJ9.sF5gHjL9kPzQvB7nJ6tXyA' is a valid Mapbox Public Access Token. This value conforms perfectly to the `pk.` prefix, which is the definitive format indicator for these keys. The subsequent 113-character string consists of Base64-encoded JSON, which is a common technique for embedding public configuration data within a token. Unlike a placeholder, this is a fully-formed, non-generic token. Despite the 'public' nature of the key type, it grants programmatic access to a specific service and its assets, making it a credential that should be protected and managed through configuration, not hardcoded.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 66,\n \"label\": \"True Positive\",\n \"secret_value\": \"gz_api_k_e5e4bb50c2684994843b0032b49ab78c\",\n \"reason\": \"The value 'gz_api_k_e5e4bb50c2684994843b0032b49ab78c' is a high-entropy credential with a structured format consistent with an API key. The prefix 'gz_api_k_' clearly identifies it as an API key for a 'geospatial' service. The subsequent 32-character hexadecimal string exhibits randomness and uniqueness characteristic of a real, machine-generated secret, not a placeholder. Unlike a generic template like 'xxx_api_key_xxx', this is a concrete value. The code context confirms its sensitive nature, as it's used directly in the 'x-api-key' header for requests to an internal service.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 44,\n \"label\": \"True Positive\",\n \"secret_value\": \"amqp://msg_proc:F3d^kLp@9s!zR-q@rabbitmq-prod.svc.cluster.local:5672/\",\n \"reason\": \"This value is a complete AMQP connection string containing embedded credentials. The structure perfectly matches the `protocol://username:password@host:port/` pattern, which is a known vector for exposing secrets. The password component, `F3d^kLp@9s!zR-q`, exhibits high entropy with its unpredictable mix of uppercase letters, lowercase letters, numbers, and special characters, strongly indicating it is a real credential. Unlike a placeholder, this is a specific, fully-formed value likely intended for direct use in a production or staging environment. This pattern represents a critical security risk because it hardcodes authentication tokens directly into the source code.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 47,\n \"label\": \"True Positive\",\n \"secret_value\": \"sv-tok-prod_8A2zL9pHqY7tJv5kR4wGcXnF1bS3mD6h\",\n \"reason\": \"The value 'sv-tok-prod_8A2zL9pHqY7tJv5kR4wGcXnF1bS3mD6h' is a validly formatted service token. Its structure perfectly aligns with the 'sv-tok-' prefix commonly used for tokens associated with service accounts, which is confirmed by its usage in the Authorization header on line 68. The value is composed of a descriptive prefix and a subsequent 32-character high-entropy string, matching the format of many production credentials. The '_prod' suffix within the value is a strong indicator that this is not a generic placeholder but a credential for a production environment, making its exposure a serious security risk.\"\n}\n"}]} +{"id": 46, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 87,\n \"label\": \"True Positive\",\n \"secret_value\": \"postgres://analytics_svc:5h#jK9$fG!pQ@prod-db-replica-1.us-east-1.rds.amazonaws.com:5432/reporting_db\",\n \"reason\": \"The value is a complete PostgreSQL database connection string containing credentials, which is a high-risk hardcoded secret. The string is structured in the standard format `protocol://user:password@host:port/database`, and critically, it includes an embedded password, '5h#jK9$fG!pQ'. This password exhibits sufficient entropy with its mix of uppercase letters, lowercase letters, numbers, and symbols, indicating it is a real, generated credential. Unlike a placeholder which would use repetitive characters, this is a concrete value that provides direct access to a database server named within the AWS RDS domain. Hardcoding connection URIs like this is a severe security flaw regardless of the 'prod-db-replica' naming, as it exposes credentials in source code.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 92,\n \"label\": \"True Positive\",\n \"secret_value\": \"sk_live_51Kx2BzJ6w3hC7nVf8gB5sLp0nN6rT1qY2aD4zXvWqSjU3mHk9oP7fG1tY9cR\",\n \"reason\": \"The value 'sk_live_51Kx2BzJ6w3hC7nVf8gB5sLp0nN6rT1qY2aD4zXvWqSjU3mHk9oP7fG1tY9cR' is a Stripe live API key, definitively identified by the 'sk_live_' prefix. This prefix is a service-specific marker that differentiates live keys from test keys and is not a generic pattern. The subsequent 40-character string is high-entropy and follows Stripe's exact key format. Despite the comment suggesting this is an example, the value is a concrete, fully-formed credential. Hardcoding credentials for any environment, including live, is a critical security flaw, as it's the most accessible form of secret. The variable name `STRIPE_SECRET_KEY` and the context confirm its function.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 39,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAV5Y3RXU2FN7QZ6PL\",\n \"reason\": \"The value 'AKIAV5Y3RXU2FN7QZ6PL' is a valid AWS Access Key ID. The prefix 'AKIA' is the definitive, service-specific indicator for this credential type. The following 16 uppercase alphanumeric characters exhibit high entropy, which is characteristic of a real, machine-generated credential. This value perfectly matches the required format and complexity of an AWS key. In the context of an `actions/configure-aws-credentials` GitHub Action step, this is an authentication token being provided directly to the CI/CD pipeline, posing a significant security risk.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 40,\n \"label\": \"True Positive\",\n \"secret_value\": \"p2gR8hL9kM3tN4vW5zC1xS7qY6bA+dE0fG/jK\",\n \"reason\": \"The value 'p2gR8hL9kM3tN4vW5zC1xS7qY6bA+dE0fG/jK' is a high-entropy string characteristic of an AWS Secret Access Key. It exhibits sufficient randomness with its combination of mixed-case letters, numbers, and special characters, lacking any placeholder patterns. This specific format, consisting of 20 characters from a Base64 character set, perfectly matches the specification for an AWS IAM Secret Access Key. Unlike generic placeholders (e.g., 'XXXXXXXX'), this is a concrete value that could grant broad access to an AWS account. The context of being assigned to the `aws-secret-access-key` parameter in an `aws-actions/configure-aws-credentials` step strongly confirms its purpose as a real credential.\"\n}\n"}, {"index": 1, "sub_index": 2, "completion": "\n{\n \"line_number\": 51,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/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\",\n \"reason\": \"The value is a complete Slack Incoming Webhook URL, which functions as a secret credential for posting notifications. The URL's structure, specifically the final 24-character alphanumeric token, conforms to Slack's format for webhooks. The token portion exhibits high entropy with a random mix of characters, distinguishing it from non-sensitive placeholders. This token is unique to a specific webhook destination, and its exposure allows anyone to post messages to that Slack channel, making it a significant security risk. Leaking a webhook URL is equivalent to exposing a password for a communication channel.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 55,\n \"label\": \"True Positive\",\n \"secret_value\": \"dop_v1_a6b4c8d1e2f3g5h7i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e\",\n \"reason\": \"The value 'dop_v1_a6b4c8d1e2f3g5h7i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e' is a DigitalOcean API token, definitively identified by the 'dop_v1_' prefix. This prefix follows DigitalOcean's specific naming convention for Personal Access Tokens. The long string of seemingly random hexadecimal characters following the prefix exhibits high entropy, which is characteristic of a machine-generated credential designed for security. Although the latter half of the string appears sequential, the random mixing of letters and numbers is a primary indicator. The assignment to the 'token' argument within a 'provider' block in Terraform confirms this value's purpose as authentication material, making its exposure a significant security risk.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 133,\n \"label\": \"True Positive\",\n \"secret_value\": \"pk.eyJ1IjoiYXBwbWFzdGVyMzAiLCJhIjoiY2x0NnB6Z3hpMGRnZDJrbW54ajZ2Z2NhayJ9.Z-u9f7s_L7gK4jH5qP2nXw\",\n \"reason\": \"The value is a valid Mapbox Public Access Token, identified by the 'pk.' prefix, a definitive marker for this token type. The string's structure of `prefix.payload.signature` and the high entropy of the Base64-encoded payload and signature components strongly indicate it is a real, functional credential, not a placeholder. Although 'Public' tokens have fewer security risks than secret keys, they are still considered sensitive information because they are often tied to billing limits and can be abused. The context of assigning this value to a variable named `mapboxToken` in a `productionConfig` object confirms its intended use as a sensitive credential.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 134,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://a1b2c3d4e5f64a7b8c9d0e1f2a3b4c5d@o123456.ingest.sentry.io/7890123\",\n \"reason\": \"The value 'https://a1b2c3d4e5f64a7b8c9d0e1f2a3b4c5d@o123456.ingest.sentry.io/7890123' is a valid Sentry Data Source Name (DSN) credential. The format directly matches the pattern for Sentry DSNs, which embed a public token ('a1b2c3d4e5f64a7b8c9d0e1f2a3b4c5d') within the URL, followed by the Sentry organization and project identifiers. The token portion is a 32-character high-entropy hexadecimal string, which is a key characteristic of a real credential, not a placeholder. Although the surrounding comment warns against committing sensitive keys, this is a fully-formed, syntactically valid secret that could provide access to the Sentry project. Even for non-production environments, embedded DSNs are a security risk as they expose project details and can be abused for malicious activity.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 111,\n \"label\": \"True Positive\",\n \"secret_value\": \"Z8qWn!y$B&E)H@McQfTjWnZr4u7x!A%D*G-JaNdRgUkXp2s5v8y/B?E(H+KbPeSh\",\n \"reason\": \"The value 'Z8qWn!y$B&E)H@McQfTjWnZr4u7x!A%D*G-JaNdRgUkXp2s5v8y/B?E(H+KbPeSh' is a high-entropy string containing a random mix of uppercase letters, lowercase letters, numbers, and special characters, which is characteristic of a cryptographically secure secret. Its length of 60 characters is consistent with common formats for JWT signing keys. Unlike a placeholder, which might use repeated characters or simple patterns, this value is complex and appears to be a unique, generated credential. The surrounding context, specifically the variable name `app.jwt.secret` and the comment '# This secret key is used to sign and verify JWTs. It must be kept confidential.', directly confirms that this is a sensitive secret key intended for signing tokens.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 126,\n \"label\": \"False Positive\",\n \"secret_value\": \"notifications-prod@we-send-alerts.com\",\n \"reason\": \"The value 'notifications-prod@we-send-alerts.com' is a legitimate email address, not a secret credential. The 'notifications-prod' prefix clearly indicates this is a functional mailbox for sending production alerts, and the domain 'we-send-alerts.com' is structured like a real, albeit generic, company domain. The value has very low entropy, consisting of readable dictionary words and common punctuation, making it easily distinguishable from a random token. In the context of a `spring.mail.username` property, the username is the sender identity, which is information to be shared for message routing, not confidential. This pattern teaches that email addresses, even if for sensitive services like 'prod', are non-sensitive identifiers, not secrets.\"\n}\n"}, {"index": 4, "sub_index": 2, "completion": "\n{\n \"line_number\": 127,\n \"label\": \"True Positive\",\n \"secret_value\": \"4R#sV9$!pLq2b\",\n \"reason\": \"The value '4R#sV9$!pLq2b' is a high-entropy password used as a credential. It exhibits strong randomness with its unpredictable combination of uppercase letters, lowercase letters, numbers, and special symbols, which is characteristic of a machine-generated or complex human-chosen secret. Unlike a generic placeholder, this specific, unique string has no discernible pattern or repeated characters. The context of being assigned to the `spring.mail.password` property in an application's configuration file further confirms its purpose as a sensitive secret for an SMTP server. Hardcoding a password with this level of entropy is a critical security anti-pattern.\"\n}\n"}]} +{"id": 47, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 98,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAY3R4WZ76X2P5QJ6M\",\n \"reason\": \"The secret value 'AKIAY3R4WZ76X2P5QJ6M' is an AWS Access Key ID, identified by its correct 'AKIA' prefix and its high-entropy 20-character alphanumeric string. The variable name `aws_access_key_id` strongly confirms its function as a credential. Unlike a placeholder or example, this is a fully-formed key that lacks any non-random patterns or repeated characters. Hardcoding credentials directly in source code, as seen in this function, is a significant security risk as it exposes the key to anyone with code access, potentially granting them unauthorized access to cloud resources. This is a concrete example of a real credential, not a template or mock.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 99,\n \"label\": \"True Positive\",\n \"secret_value\": \"bGe8vKqy9zF3sC7hLpA5dGjJkM0fNn2xWvT1oR4i\",\n \"reason\": \"The value 'bGe8vKqy9zF3sC7hLpA5dGjJkM0fNn2xWvT1oR4i' is a high-entropy alphanumeric string that perfectly matches the 40-character format of an AWS secret access key. Its random distribution of letters and numbers indicates it is a machine-generated credential, not a human-readable placeholder. The variable name 'aws_secret_access_key' and its assignment to a `boto3.client` call provide explicit context confirming its use for authentication. Hardcoding secrets like this in source code is a critical security vulnerability, as it exposes the credential to anyone with read access to the codebase.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 58,\n \"label\": \"True Positive\",\n \"secret_value\": \"f0g1h2i3-j4k5-6789-l0m1-n2o3p4q5678b\",\n \"reason\": \"The value 'f0g1h2i3-j4k5-6789-l0m1-n2o3p4q5678b' is a validly formatted Azure Subscription ID, identified by the 8-4-4-4-12 hyphen-separated hexadecimal block pattern. Although the value contains placeholder-like characters ('g', 'i', 'k', 'm', 'n', 'o', 'p', 'q'), this often occurs in development or test configurations. The pattern itself is the primary indicator, and the value is concrete, not a generic template like ''. Exposing a subscription ID, even in a non-production context, is a security risk as it is tied to a specific account and its resources. The `provider \\\"azurerm\\\"` block context and the variable name `subscription_id` confirm its sensitive nature as an authentication parameter.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 59,\n \"label\": \"True Positive\",\n \"secret_value\": \"a8b1c2d3-e4f5-6789-a0b1-c2d3e4f5678a\",\n \"reason\": \"The value 'a8b1c2d3-e4f5-6789-a0b1-c2d3e4f5678a' is a valid Azure Service Principal Client ID. The value's format is a universally unique identifier (UUID) with a 8-4-4-4-12 hexadecimal structure, which is the standard pattern for this type of credential. Unlike a generic placeholder like 'YOUR-UUID', this value is a concrete, fully-formed credential. The context, specifically the variable name `client_id` within an `azurerm` provider block, strongly confirms its sensitive nature. Hardcoding a valid identifier is a security risk as it can be used for reconnaissance or to gain unauthorized access to cloud resources.\"\n}\n"}, {"index": 1, "sub_index": 2, "completion": "\n{\n \"line_number\": 60,\n \"label\": \"True Positive\",\n \"secret_value\": \"a8b1c2d3-e4f5-6789-a0b1-c2d3e4f5678a\",\n \"reason\": \"The value 'a8b1c2d3-e4f5-6789-a0b1-c2d3e4f5678a' is a valid Azure Service Principal Client ID, not a client secret as its variable name implies. The value itself is a publicly known example identifier frequently used in Microsoft's documentation and tutorials. While it perfectly matches the UUID format, it lacks the cryptographic randomness of a real credential and is meant to be a reproducible placeholder. This pattern teaches that even high-entropy values should be treated as false positives when they are clearly identifiable as canonical examples. The code's comment is misleading, as the credential associated with a client ID of this format is not a secret, but rather the client ID itself which is public.\"\n}\n"}, {"index": 1, "sub_index": 3, "completion": "\n{\n \"line_number\": 61,\n \"label\": \"True Positive\",\n \"secret_value\": \"c9d0e1f2-g3h4-5678-i9j0-k1l2m3n4567c\",\n \"reason\": \"The value 'c9d0e1f2-g3h4-5678-i9j0-k1l2m3n4567c' is a validly formatted Azure Active Directory Tenant ID. This value's structure, specifically its 8-4-4-4-12 hexadecimal format, is a definitive indicator of an Azure Tenant ID. The random distribution of characters within the value represents high entropy, distinguishing it from generic placeholders. Although Tenant IDs themselves are not secrets in the same way as client secrets, they provide access to a specific organizational directory and are treated as sensitive configuration information. Hardcoding a Tenant ID can expose organizational structure and makes the configuration less portable, which violates secure coding practices. The fact that it is assigned to the `tenant_id` parameter within a provider block confirms its role as an authentication credential.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 118,\n \"label\": \"True Positive\",\n \"secret_value\": \"pk.eyJ1IjoiYmFja2VuZGRldjE5IiwiYSI6ImNsdWpwbDFrZDFhaWgyaW54aThxaGYwNWgifQ.bO9F2zA-y8wU1rC6gV4qLw\",\n \"reason\": \"The value 'pk.eyJ1IjoiYmFja2VuZGRldjE5IiwiYSI6ImNsdWpwbDFrZDFhaWgyaW54aThxaGYwNWgifQ.bO9F2zA-y8wU1rC6gV4qLw' is a valid Mapbox access token. This value adheres to the exact format for this specific service, identified by the 'pk.' prefix which signifies a public token. The subsequent long Base64 encoded string has high entropy and contains no placeholder indicators, strongly suggesting it is a real, functional token. The 'TODO' comment directly above the configuration object confirms the developer's awareness that this is a credential which should be moved. Even public tokens should be treated as secrets because they are tied to a user account, grant access to resources, and can be abused if exposed.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 36,\n \"label\": \"True Positive\",\n \"secret_value\": \"dckr_pat_u7VpMzX9hL8rKjG6wQfB2cT4oN\",\n \"reason\": \"The value 'dckr_pat_u7VpMzX9hL8rKjG6wQfB2cT4oN' is a valid Docker Personal Access Token (PAT). The prefix 'dckr_pat_' is a definitive identifier for this specific type of secret, and the following 36-character string has high entropy with its random mix of alphanumeric characters, which is characteristic of a real token. Unlike a placeholder like 'dckr_pat_YOUR_TOKEN', this is a concrete, fully-formed value. The context of its use as a `password` for the `docker/login-action` confirms its sensitive nature. Hardcoding this PAT grants direct access to the Docker Hub repository, posing a significant security risk for the automated build and deployment process.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 51,\n \"label\": \"True Positive\",\n \"secret_value\": \"-----BEGIN OPENSSH PRIVATE KEY-----\\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\\nQyNTUxOQAAACCrY4qzb6p5bSj/LhkCHwPksPA2/mOapvO02N7UUDlO6gAAAJgRjN4EEYze\\nBAAAAAtzc2gtZWQyNTUxOQAAACCrY4qzb6p5bSj/LhkCHwPksPA2/mOapvO02N7UUDlO6g\\nAAAECBmxuGZJz76hTkyk1r6s9JRXr8K2T4lVjTpf3G9T/lFKtjirNvqnltKP8uGQIfA+Sw\\n8Db+Y5qm87TY3tRQOU7qAAAAEGNpY2RfYWdlbnRAbWFpbC5jb20BAg==\\n-----END OPENSSH PRIVATE KEY-----\",\n \"reason\": \"This value is a complete and valid OpenSSH private key, definitively identified by the standard `-----BEGIN OPENSSH PRIVATE KEY-----` and `-----END OPENSSH PRIVATE KEY-----` markers. The multi-line body is Base64 encoded data exhibiting the high entropy and specific format of cryptographic material, not a placeholder. Private keys are used for authentication, and their exposure is a critical security risk. The value of this key allows direct, unauthenticated access to the server specified in the `host` parameter of the YAML file, representing a significant compromise. Unlike a placeholder which might have repeated characters or a template structure, this is a functional credential that must be invalidated.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 204,\n \"label\": \"True Positive\",\n \"secret_value\": \"v#9&kF$LpQz8r\",\n \"reason\": \"The value 'v#9&kF$LpQz8r' is a hardcoded password embedded within a database connection string. The value exhibits high entropy, combining uppercase and lowercase letters, numbers, and special characters, which is a strong indicator of a real, generated password. Unlike a placeholder (e.g., 'PASSWORD') or a generic example, this is a fully-formed, concrete credential. Hardcoding passwords directly into configuration files is a critical security vulnerability as it exposes sensitive authentication details in the codebase, allowing anyone with access to the source or deployment artifacts to compromise the database. The context of being part of a `postgres://` connection string explicitly confirms its use as an authentication secret.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 219,\n \"label\": \"True Positive\",\n \"secret_value\": \"YjYzY2I0NTYtMzU4Mi00NjRmLWE5YzEtY2QwMmQzMmM4ZWU3ZmY0Y2I3YjAtZjFjNS00NjZiLTk5YjEtZDYyYzE4Y2Y1ZDE4\",\n \"reason\": \"The value is a valid Base64 encoded string representing a high-entropy cryptographic key. The large character set and lack of discernible patterns are strong indicators of cryptographic material, not a placeholder or example. This encoding format is confirmed by the descriptive comment `Must be Base64 encoded.` and is a common method for storing secrets to improve readability or prevent accidental display. Although the surrounding configuration line names it a 'secret for signing internal service-to-service JWTs', its high entropy and specific format make it a functional, hardcoded credential, not just an example. Compromising this secret would allow attackers to forge authenticated tokens for internal services.\"\n}\n"}]} +{"id": 48, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 129,\n \"label\": \"True Positive\",\n \"secret_value\": \"sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mH8sZk7vXn1cT2dD5eF6jA9gB7hI3lK4mN5oP6rQ8tS0uVvWwXyZ00abcDeFgh\",\n \"reason\": \"The secret value is a Stripe live secret key, identified by the definitive 'sk_live_' prefix. The key itself is a long string that follows Stripe's format for a secret key, exhibiting high entropy with a mix of random alphanumeric characters. Unlike a placeholder, this value is a complete, fully-formed credential. Although the code includes a comment stating it should be loaded from a vault, this does not negate the fact that the key is hardcoded in the source file. Anyone with access to the source code or built artifacts would be able to misuse this live key to process payments or disrupt Stripe services, making it a critical security vulnerability.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 62,\n \"label\": \"True Positive\",\n \"secret_value\": \"dckr_pat_1A7fThgK9pLMt2Jz4wVbX5rYc8nS3oP6g\",\n \"reason\": \"The value `dckr_pat_1A7fThgK9pLMt2Jz4wVbX5rYc8nS3oP6g` is a valid Docker Hub Personal Access Token (PAT), identified by the specific service prefix `dckr_pat_`. The alphanumeric portion following the prefix is a high-entropy string that perfectly matches the format of a real, generated credential. Unlike a placeholder which might use repeated characters or generic text, this is a fully formed token with a random and unpredictable character sequence. The context of a `docker/login-action` within a CI/CD pipeline confirms that this token is intended for authentication. Hardcoding credentials with valid prefixes is a security vulnerability as they can be extracted from source control and misused.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 82,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/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\",\n \"reason\": \"The value is a valid Slack Incoming Webhook URL, which is a sensitive credential used to post messages to a Slack channel. Its structure perfectly matches Slack's format: 'https://hooks.slack.com/services///'. The final path segment, 'kL9pMq8rS7tUv6WwX5yZ4a3b', is a high-entropy string that functions as the authentication token for the webhook. This is not a placeholder, but a fully-formed credential that could be abused. Hardcoding this type of URL is a security risk because anyone with access to the source code or workflow file could potentially send messages to the linked channel.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 33,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAY3R4WZ76X2P5QJ6M\",\n \"reason\": \"The value 'AKIAY3R4WZ76X2P5QJ6M' is a legitimate AWS Access Key ID. Its format, 'AKIA' followed by 16 uppercase alphanumeric characters, is the exact pattern specified by Amazon Web Services for access keys. This value has high entropy and matches no known placeholder or example patterns. The parameter name `aws_access_key_id` provides definitive context that this is an authentication credential. Hardcoding an access key like this into a script is a severe security anti-pattern, as anyone with access to the source code can impersonate the AWS user associated with the key.\"\n}\n"}, {"index": 2, "sub_index": 1, "completion": "\n{\n \"line_number\": 34,\n \"label\": \"True Positive\",\n \"secret_value\": \"7jH2kL5mN8pQ3sW9vX1yZ4aB6cD8eF0gH2jK4lM5\",\n \"reason\": \"The value '7jH2kL5mN8pQ3sW9vX1yZ4aB6cD8eF0gH2jK4lM5' is a 40-character string that perfectly matches the format and high entropy of a genuine AWS secret access key. The value contains a random mix of alphanumeric characters and exhibits no discernible patterns or placeholders, which are common indicators of test data. Unlike a placeholder like 'YOUR_SECRET_KEY', this is a fully-formed, concrete credential. Even if this key is for a development or test environment, it grants direct access to AWS resources and is a security risk, as seen in the surrounding `provision_aws_user` function.\"\n}\n"}, {"index": 2, "sub_index": 2, "completion": "\n{\n \"line_number\": 44,\n \"label\": \"True Positive\",\n \"secret_value\": \"P@ssw0rd!Feb2024*!\",\n \"reason\": \"The value 'P@ssw0rd!Feb2024*!' is a hardcoded password, identifiable by the 'P@ssw0rd' pattern which is a clear, albeit weak, transformation of 'Password'. The inclusion of a specific date 'Feb2024' strongly suggests this is a real, rotation-based credential, not a generic placeholder. Although the value exhibits low entropy compared to a fully random token, it is a functional credential used to log into the 'smtp.office365.com' service. Hardcoding even weak passwords is a significant security risk, as they provide attackers with a way to compromise email systems. The variable name 'smtp_password' provides unambiguous context confirming its purpose as an authentication secret.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 102,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io/7890123\",\n \"reason\": \"The secret value is a Sentry Data Source Name (DSN), a credential used to authenticate error reporting. Its structure explicitly matches the Sentry secret format, which includes a high-entropy client identifier portion immediately before the '@' symbol. The string `a1b2c3d4e5f67890a1b2c3d4e5f67890` has 32 hexadecimal characters, which is the standard length for a Sentry DSN public key and exhibits characteristics of a real, generated credential. Although the host (`.ingest.sentry.io`) and project ID (`/7890123`) are public by design, the authentication key portion is confidential and must not be exposed. Exposing this DSN allows any anonymous user to send error events to the project's Sentry account.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 105,\n \"label\": \"True Positive\",\n \"secret_value\": \"pk.eyJ1IjoiYm9zY292YW5kZXIiLCJhIjoiY2xwY2c4dGJrMGZiajJqcGF6cDNycjFrMSJ9.zF9VbWb0wE8lD9sN1hO9gQ\",\n \"reason\": \"The value 'pk.eyJ1IjoiYm9zY292YW5kZXIiLCJhIjoiY2xwY2c4dGJrMGZiajJqcGF6cDNycjFrMSJ9.zF9VbWb0wE8lD9sN1hO9gQ' is a valid Mapbox public access token. The 'pk.' prefix is a specific, documented format identifier for this type of credential, which distinguishes it from generic placeholders. The subsequent parts of the value are Base64 encoded JSON objects and a signature, indicating it conforms to the JWT-like structure defined by Mapbox for its tokens. Although public, these tokens are still sensitive as they authenticate a client application to a service, are often limited by usage tiers, and can be linked to a specific provider account, making their exposure a security risk. The variable name `apiKey` and context further confirm its role as a secret credential.\"\n}\n"}, {"index": 3, "sub_index": 2, "completion": "\n{\n \"line_number\": 111,\n \"label\": \"True Positive\",\n \"secret_value\": \"eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlLWRldmVsb3BtZW50IiwiaXNzIjoibXktYXBwLWJhY2tlbmQiLCJhdWciOiJpbnRlcm5hbC1hcGkiLCJleHAiOjE3MzU2ODk2MDAsImlhdCI6MTcwNDU4NTYwMCwianRpIjoiNWY0ZC04YmRmLWEwYjktM2Y5YSJ9.Kq-LwhU4xQp8VdG2tY_hZ3nBc7dJjO0pE_wF9XzR6vSgL7uH5mI4nK1oPkU9tQ1fA2eRbC3gX0hJjK1lW_zQ_\",\n \"reason\": \"The value is a correctly formatted JSON Web Token (JWT) because it follows the three-part Base64 encoded structure: header, payload, and signature. The body of the token, when decoded, contains sensitive claims that identify it as a credential, including a specific subject (`\\\"sub\\\": \\\"service-development\\\"`), issuer (`\\\"iss\\\": \\\"my-app-backend\\\"`), audience (`\\\"aud\\\": \\\"internal-api\\\"`), and an expiration time. This is not a placeholder, as it represents a concrete authentication token. Although the comment mentions it is a temporary credential for internal use, it's still a functional token with a definite expiration, making its exposure a significant security risk.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 25,\n \"label\": \"True Positive\",\n \"secret_value\": \"8!hG#kL$pQ2s@db.prod-STRONG-Pa$$wrd\",\n \"reason\": \"The secret value '8!hG#kL$pQ2s@db.prod-STRONG-Pa$$wrd' is a hardcoded password for a production database, confirmed by the `db_name = \\\"platform_prod\\\"` context. It is structurally sound, possessing high entropy with a random mix of uppercase letters, lowercase letters, numbers, and special symbols. Crucially, although parts of the string contain placeholder-like terms ('prod-STRONG-Pa$$wrd'), these serve as a poorly-applied security through obscurity, not a clear indicator of a non-sensitive example. Real credentials often blend random character strings with descriptive words, making them prone to hardcoding. The use of 'prod' within the password itself, combined with the high-entropy preamble and the 'password' attribute name in a Terraform provider configuration, definitively identifies this as a real and exploitable credential.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 40,\n \"label\": \"True Positive\",\n \"secret_value\": \"ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7z\",\n \"reason\": \"The secret value 'ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7z' is a high-entropy GitHub Personal Access Token. The prefix 'ghp_' is the definitive identifier for this specific secret type, immediately distinguishing it from generic strings or placeholders. The subsequent 36-character string exhibits the random mix of alphanumeric characters characteristic of an actual, machine-generated token. Unlike placeholders like 'YOUR_GITHUB_TOKEN', this value is fully formed and specific, lacking any repetitive patterns or descriptive text. This format is classic for a valid credential, making its exposure in a provider block a severe security risk. The variable name 'token' and its context within the 'github' provider block provide strong contextual reinforcement.\"\n}\n"}]} +{"id": 49, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 51,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAU7VDF3W5X6QZ8P4J\",\n \"reason\": \"The value 'AKIAU7VDF3W5X6QZ8P4J' is a valid AWS Access Key ID, which is a public identifier component of an AWS credential pair. The prefix 'AKIA' is a definitive marker for this specific secret type. The 20-character alphanumeric string that follows has high entropy and follows AWS's exact format, making it a concrete, machine-generated credential rather than a placeholder like 'AKIAXXX...'. Although technically public, it must be treated as sensitive because it is paired with a corresponding AWS Secret Access Key. Leaking both keys from hardcoded configurations is a common and critical security vulnerability.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 52,\n \"label\": \"True Positive\",\n \"secret_value\": \"bK9mP4wR8sL1vJ7oA2dF6gH3xN0cT5yZ/iE+qW!a\",\n \"reason\": \"The value 'bK9mP4wR8sL1vJ7oA2dF6gH3xN0cT5yZ/iE+qW!a' is a high-entropy string consistent with an AWS Secret Access Key. Its composition of mixed-case letters, numbers, and special characters, including a '/' and '+', matches the format and cryptographic randomness of a real AWS secret. Unlike a placeholder, this is a specific and concrete value. The context provided by the variable name `AWS_SECRET_ACCESS_KEY` and its use in a `boto3.client` call explicitly confirms that this is a functional credential. Although a comment suggests moving it, the presence of a real, high-entropy key in source code is a severe security risk.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 19,\n \"label\": \"True Positive\",\n \"secret_value\": \"s$3pL!z#9FqG&vB^kY5h@m\",\n \"reason\": \"The value 's$3pL!z#9FqG&vB^kY5h@m' is a high-entropy alphanumeric string containing mixed case letters, numbers, and symbols, which is a strong indicator of a generated credential. This value lacks any discernible pattern, sequence, or placeholder character, making it a fully formed secret. The associated variable name `spring.datasource.password` and its location in a production configuration file provide explicit context confirming this is a real password for a primary database replica. Hardcoding a unique and complex password directly into a source code file, especially a production one, is a severe security risk.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 31,\n \"label\": \"True Positive\",\n \"secret_value\": \"NzhhYjU0ZWE3YzE2NGU5YWYyMGExYzhmNDY3NzU3M2M4YjE2OTIzYjljYjA3ZGIxNzQwMjQyMmMxOGQ4ZDllZA\",\n \"reason\": \"The value 'NzhhYjU0ZWE3YzE2NGU5YWYyMGExYzhmNDY3NzU3M2M4YjE2OTIzYjljYjA3ZGIxNzQwMjQyMmMxOGQ4ZDllZA' is a high-entropy, 64-character hexadecimal string, a common format for symmetric signing keys used in JWTs. The string exhibits random character distribution with no discernible patterns, indicating it is a concrete credential, not a placeholder or template. Its length is consistent with standard key sizes for cryptographic algorithms. The context provided by the variable name 'jwt.secret.key' and the accompanying comment 'This key is used to sign and verify JWTs' explicitly identifies its sensitive nature. Committing such a high-entropy, fully-formed key directly into a production configuration file is a severe security risk, allowing anyone with code access to forge or invalidate authentication tokens.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 105,\n \"label\": \"True Positive\",\n \"secret_value\": \"-----BEGIN PRIVATE KEY-----\\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAKt4o6JbMS8q0S7G\\n9eDoP5vPty2MWJ2k4vLjcgYRm0NksKCh3/ARfPz9p5k4KFcC2fGuBD9Csiys68d1\\n8s/75u6AhGXfS4F1g8eMA3v2zZ5YV8GfLXA4Y9f8tI8d4aG5eH6h9pY3qE0wK7R\\n+G9lA2dF4jK1bS8nO9mP3xY7bC6dAgMBAAECgYEAjtgL5C3d4rD7Pz5c3eV8qZ6v\\n9Q8k2v5G7yL3oD9eS4H6g7K2fD9hA8sB6sC5gL4gN3hJ2kL6dF7aH9bJ8cYR4k5o\\n+Z2mH9gI7wG3aL4cE6nO8bF7dS8fG3dC2hI9aQ6pX4wR7kF2hE0dM9sP3tW9sC4=\\n-----END PRIVATE KEY-----\",\n \"reason\": \"The value is a complete, multi-line PEM-encoded private key, definitively identified by the standard `-----BEGIN PRIVATE KEY-----` and `-----END PRIVATE KEY-----` markers. The body of the value is Base64-encoded data which exhibits high entropy and the specific binary structure of cryptographic material, unlike a generic placeholder. This format is a primary indicator of a functional credential. Hardcoding a service account's private key directly into configuration is a critical security risk, as the key is now part of the source code and any system with access to the code has full control over the associated cloud account. The variable name `service_account_creds` provides strong contextual confirmation that this is a credential.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 132,\n \"label\": \"True Positive\",\n \"secret_value\": \"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\",\n \"reason\": \"The value is a fully-formed SendGrid API key, identified by the service-specific 'SG.' prefix. The key follows the exact format: 'SG.' + `[Base64Url String]`. This specific format guarantees that it is not a placeholder. The two parts following the prefix are high-entropy Base64Url strings, which are characteristic of real credentials. Unlike a placeholder such as 'SG.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', this is a concrete, specific value. The fact that it's assigned to an 'apiKey' variable and used directly in a 'SendGridClient' constructor is definitive proof of its sensitive nature.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 42,\n \"label\": \"True Positive\",\n \"secret_value\": \"dckr_pat_szmX4QjL-VbN7YkP9wT1uR8eG6zC0xF2oA5sH\",\n \"reason\": \"The value 'dckr_pat_szmX4QjL-VbN7YkP9wT1uR8eG6zC0xF2oA5sH' is a Docker Personal Access Token (PAT). The prefix 'dckr_pat_' is a specific identifier for this type of token, which is immediately confirmed by its high entropy. The subsequent 32-character alphanumeric string exhibits a random distribution of characters, which is the defining characteristic of a real credential. Unlike a placeholder like 'xxxxxxxxxxxx', this is a fully-formed, unique token. The variable name 'DOCKER_PASSWORD' provides explicit contextual confirmation, as tokens are commonly used as passwords for authentication. Leaking this credential in CI/CD pipelines represents a significant security risk, as it allows unauthorized access to the Docker Hub account.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 65,\n \"label\": \"True Positive\",\n \"secret_value\": \"https://hooks.slack.com/services/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\",\n \"reason\": \"This value is a fully-formed Slack Incoming Webhook URL, a type of credential that grants permission to post messages to a specific channel. Its structure, following the pattern `https://hooks.slack.com/services///`, provides high confidence in its authenticity. The final path component, `pQzR3sT2uV5wX8yZ0aB1cD4e`, is a 24-character string with a random mix of alphanumeric characters, indicating it is a machine-generated, unique token. Unlike a placeholder, this is a specific, exploitable credential. Leaking such a URL allows anyone to send notifications to the specified Slack channel, making it a significant security risk.\"\n}\n"}]} +{"id": 50, "findings": [{"index": 0, "sub_index": 0, "completion": "\n{\n \"line_number\": 86,\n \"label\": \"True Positive\",\n \"secret_value\": \"AKIAY3R4WZ76X2P5QJ6M\",\n \"reason\": \"The value 'AKIAY3R4WZ76X2P5QJ6M' is a valid AWS Access Key ID (AKID). The prefix 'AKIA' is a definitive marker for this secret type, used by AWS to identify a user or service account. The string immediately following the prefix is a 20-character high-entropy string composed of random alphanumeric characters, which matches the exact format specified by AWS. While the accompanying secret key contains 'EXAMPLEKEY', indicating potential non-production use, hardcoding the access key ID is still a significant security risk. Leaked AKIDs can be used to probe for vulnerabilities or, if the corresponding secret key is weak, to gain unauthorized access to AWS resources.\"\n}\n"}, {"index": 0, "sub_index": 1, "completion": "\n{\n \"line_number\": 87,\n \"label\": \"True Positive\",\n \"secret_value\": \"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY\",\n \"reason\": \"The value 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY' is a functional AWS secret key, despite its name containing the suffix 'EXAMPLEKEY'. The primary value is a 40-character string with high entropy, composed of random alphanumeric characters and a URL-safe Base64 encoded slash '/', which is a common pattern for AWS secret keys. The prefix 'wJ' is consistent with the AWSAccessKeyId format. Although 'EXAMPLEKEY' strongly suggests mock or test data, the preceding value is a concrete, fully-formed credential and not a generic placeholder like 'YOUR_ACCESS_KEY_HERE'. This pattern teaches that even credentials with an 'EXAMPLE' suffix can be active keys from a development or test environment, posing a security risk.\"\n}\n"}, {"index": 1, "sub_index": 0, "completion": "\n{\n \"line_number\": 44,\n \"label\": \"True Positive\",\n \"secret_value\": \"dd_api_9f5c2d3a1b0e4f8d6a3c5e7b9a1d3f5c\",\n \"reason\": \"The value 'dd_api_9f5c2d3a1b0e4f8d6a3c5e7b9a1d3f5c' is a high-entropy, 40-character alphanumeric string that perfectly matches the specific format of a Datadog API key. The 'dd_api_' prefix is a strong, service-specific indicator provided by Datadog to identify an API key. The remainder of the string is a random mix of hexadecimal characters, which is characteristic of a real, generated credential. Unlike a placeholder like 'dd_api_xxxxxxxx', this is a concrete value that resembles a real production key. The context of being assigned to the 'api_key' argument within a 'datadog' provider block confirms its sensitive purpose, as this key allows direct interaction with the Datadog service.\"\n}\n"}, {"index": 1, "sub_index": 1, "completion": "\n{\n \"line_number\": 45,\n \"label\": \"True Positive\",\n \"secret_value\": \"dd_app_3e5c7a9b1d3f5c8d2a0b4e6c1d3f5c8d2a0b4\",\n \"reason\": \"The value 'dd_app_3e5c7a9b1d3f5c8d2a0b4e6c1d3f5c8d2a0b4' is a Datadog Application Key, clearly identified by the 'dd_app_' prefix. The 32-character hexadecimal string following the prefix has high entropy and matches the format of a real, machine-generated credential. This is not a generic placeholder; the value is specific and appears to be a fully-formed token. Its use as an argument for `app_key` in the Terraform Datadog provider configuration explicitly confirms its role as a sensitive credential needed for authenticating with the Datadog API. Hardcoding such keys is a significant security risk, as it allows anyone with access to the source code to impersonate the application in Datadog.\"\n}\n"}, {"index": 2, "sub_index": 0, "completion": "\n{\n \"line_number\": 53,\n \"label\": \"True Positive\",\n \"secret_value\": \"pk.eyJ1IjoiYmFyYmFyYS1kZXYiLCJhIjoiY2xwY3RkY2prMDFhajJqcGNwanRmaTV2ZSJ9._WkUvXkQR_zT8qCvCSXw5A\",\n \"reason\": \"The value 'pk.eyJ1IjoiYmFyYmFyYS1kZXYiLCJhIjoiY2xwY3RkY2prMDFhajJqcGNwanRmaTV2ZSJ9._WkUvXkQR_zT8qCvCSXw5A' is a fully-formed Mapbox access token. The prefix 'pk.' explicitly identifies it as a public token, but despite the name, it still represents a sensitive credential. The value is a multi-part JSON Web Token (JWT) composed of Base64-encoded header, payload, and signature, separated by periods, exhibiting high entropy. Unlike a placeholder like 'pk.YOUR_TOKEN_HERE', this is a concrete, functional value. Although it's a public token intended for client-side use, its disclosure can lead to service abuse, API rate limiting, and uncontrolled costs associated with map tile usage. Furthermore, the comment 'should be in a secured config' confirms the developers' awareness of its sensitivity.\"\n}\n"}, {"index": 3, "sub_index": 0, "completion": "\n{\n \"line_number\": 30,\n \"label\": \"True Positive\",\n \"secret_value\": \"npm_E9z4fGh7jK3pL5rA8vB2sY1tW0cXiUoN\",\n \"reason\": \"The value 'npm_E9z4fGh7jK3pL5rA8vB2sY1tW0cXiUoN' is a valid NPM authentication token. The prefix 'npm_' is a definitive indicator for tokens used to authenticate with the npm registry. The subsequent string, 'E9z4fGh7jK3pL5rA8vB2sY1tW0cXiUoN', exhibits high entropy with a random mix of uppercase letters, lowercase letters, numbers, and symbols, confirming its validity and uniqueness. This format is characteristic of machine-generated secrets. The value's assignment to the `NODE_AUTH_TOKEN` environment variable in a publish step provides strong contextual evidence of its purpose as a credential for uploading packages. Hardcoding this specific, high-entropy value directly into a workflow file is a significant security risk.\"\n}\n"}, {"index": 3, "sub_index": 1, "completion": "\n{\n \"line_number\": 39,\n \"label\": \"True Positive\",\n \"secret_value\": \"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6\\n-----END PRIVATE KEY-----\",\n \"reason\": \"The value is a complete, PEM-formatted private key, definitively identified by the '-----BEGIN PRIVATE KEY-----' and '-----END PRIVATE KEY-----' markers. The multi-line block between these markers consists of Base64 encoded text, which exhibits the high entropy and character set characteristic of genuine cryptographic material. This is not a placeholder, as it is a fully-formed key without any generic text or template syntax. The context of being used as the `private_key` parameter in an `actions/auth` step for GKE authentication confirms its role as a hardcoded credential for service account access, making it a critical security risk.\"\n}\n"}, {"index": 4, "sub_index": 0, "completion": "\n{\n \"line_number\": 119,\n \"label\": \"True Positive\",\n \"secret_value\": \"k#8zP@qR7$tGv!9bL2nF sY3x\",\n \"reason\": \"The value 'k#8zP@qR7$tGv!9bL2nF sY3x' is a high-entropy string consistent with a password, not a placeholder. Its composition of mixed-case letters, numbers, and special characters ('!', '@', '$') provides strong cryptographic randomness and is a hallmark of a real credential. The string is sufficiently long and complex, lacking the simple, repeated, or sequential patterns of mock data. The associated configuration parameter 'spring.datasource.password' explicitly confirms its role as an authentication secret. Leaking a concrete, high-entropy password in source code represents a significant security risk, as it allows direct unauthorized access to the application's database.\"\n}\n"}, {"index": 4, "sub_index": 1, "completion": "\n{\n \"line_number\": 140,\n \"label\": \"True Positive\",\n \"secret_value\": \"ACf9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c4\",\n \"reason\": \"The value 'ACf9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c4' is a Twilio Account SID, definitively identified by the 'AC' prefix and the following 32-character high-entropy hexadecimal string. This format is specific to Twilio's account identifiers and functions as a public credential for making API requests. While not a confidential secret like a password, it is still a sensitive value that authenticates the application's identity. Exposure of an Account SID allows potential abuse of the application's Twilio services, making it a security risk. The context from the variable name `twilio.account.sid` and the section `External Service Keys` confirms the value's role as a critical credential, differentiating it from generic placeholders.\"\n}\n"}]} diff --git a/secrets-benchmarks/raw-output/scanner.json b/secrets-benchmarks/raw-output/scanner.json new file mode 100644 index 0000000..98dc4cb --- /dev/null +++ b/secrets-benchmarks/raw-output/scanner.json @@ -0,0 +1,15131 @@ +{ + "stage": "stage-1 scanner (pattern + high-entropy heuristics)", + "dataset": "raw-dataset.jsonl", + "timestamp": "2025-09-17T19:25:58.674352", + "per_entry_results": { + "1": [ + { + "found_entries": [ + { + "line_number": 83, + "secret": "AKIAY4U3L2F7SXJ6ZBQR", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpk2fz7po7/code.txt", + "line_number": 6, + "secret": "AKIAY4U3L2F7SXJ6ZBQR", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 84, + "secret": "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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpk2fz7po7/code.txt", + "line_number": 7, + "secret": "fJk2pZ+vB8nU6sY9tH/eLgR4yC1xW7zQ3aI0mD/o", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpk2fz7po7/code.txt", + "line_number": 6, + "secret": "AKIAY4U3L2F7SXJ6ZBQR", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpk2fz7po7/code.txt", + "line_number": 7, + "secret": "fJk2pZ+vB8nU6sY9tH/eLgR4yC1xW7zQ3aI0mD/o", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpk2fz7po7/code.txt", + "line_number": 7, + "secret": "fJk2pZ+vB8nU6sY9tH/eLgR4yC1xW7zQ3aI0mD/o", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpk2fz7po7/code.txt", + "line_number": 7, + "secret": "fJk2pZ+vB8nU6sY9tH/eLgR4yC1xW7zQ3aI0mD/o", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpk2fz7po7/code.txt", + "line_number": 29, + "secret": "File '{file_name}' uploaded to '{bucket}/{object_name}'.", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 5 + }, + { + "found_entries": [ + { + "line_number": 35, + "secret": "tok_v3_a7b8e1f5d3c2a1b0e4f6d7c8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpeh0pei3d/code.txt", + "line_number": 21, + "secret": "apiVersion: v1\\nclusters:\\n- cluster:\\n server: https://k8s-staging.mycompany.dev\\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURaekNDQWsrZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpMV05oYlhCaGNuUnZkMjVzYVdJdGMyVm5jbWx1VEhCRGNISXRVRk5sYm5acFkyRXViV0Z5YTJVdApjR1Z5WVc0dGMyVmpkWEpwZEhrdE1CNFhEVEl4TURnd05qQXlPREl6TmxvWERUSXhNRGd3TmpBeU9ESXpObG93CkZURVRNQkVHQTFVRUF4TUthM1ZpY0dGblp5QkRaWEowYVdacFkyRjBhVzVuTVJvd0dBWURWUVFERXhGMVlXNWsKWXpCeldYSnliMnhsTG1OdmJURWNNQm9HQTFVRUF4UVVkakV1TG1Gc2JEb2dSWGRsWVhScGIyNGdkR2hsY2pBSgpCZ05WQkFvTUIxZGxaSEp2Ym5RdFkyRXdIaGNOTWpNd09UWTVNVFkyTURBMVdoY05Nak13T1RZeU1UWTJNREExCldqQVZNUk13RVFZRFZRUURFd3ByZFdKbGNtNWxkR1Z6TFdOaGJYQmhjblJ2ZDI1c2FXSXRjMlZuY21sdVRIQkQKc0hJdFVGTmxiblpwWTJFdWJXRnlhMlV0Y0dWeVlXNHRjMlZqZFhKcGRoa3RNQjRYRFRJeE1EZ3dOalF5TURJek4KbG9YRFRJeE1EZ3dOalF5TURJek5sb3dGVEVUTUJFR0ExVUVBeE1LYTNWaWNHzG5aeUJEWlhKMGFXWnBZMkYwCmFXNW5NU2t3SndZRFZRUUREQmR5WVc1bElFTmxjblJwWm1sallYUnBiMjR4RkRBU0JnTlZCQWNNQzFOaGJuUmwKWm00dGNIVjBaWEp6TG1OdmJUSXdNUnd3R1dZRFZRUUREQnBqWVc1bExtTnZiVEJaTUJNR0J5cUxlbEZvTEF1TQpNRGN3SmdZSktvWklodmNOQVFrQkZoZGxaSEp2Ym5RdFkyRXdEUVlKS29aSWh2Y05BUUVGQlFBZ2dra0JBSUVwCllpU0p2eU9rV0ZpZDJnZ0lQeW55bklwZWZpb1Rpa2ZpUGlpa2lQeWtlUGlUZ2Zpd1BTZ2tQSWZpZ2lwaWsKZ2ZQc0dnZ2ZQaVBHZ2ZpcGtpa1BnaVBHZ2lQaWdQaVBHZ2ZHUGlQaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZQaWcKUGlQaWtQaWtQaVBHUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaVBHZ2ZHUGlQaWtQaVBHZ2ZHUGkKUGlQaWtQaVBHZ2ZHUGlQaWtQaWtQaVBHUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaVBHZ2ZQaWcKUGlQaWtQaWtQaVBHUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZQaWdQaVBHZ2ZQaWlQaWtQaVBHZ2ZGUGkKUGlQaWtQaWtQaVBHUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQZ2lwaWtnZlBzR2lnUGlQZ2ZpZ2lQaWtnZlBpcCgKaWtQZ2ZpcGtpa1BnaVBHZ2lQZ2lQZ2Zpd1BTZ2tQSWZpZ2lwaWtnZlBzR2dnZlBpUEgLZGdnaUtpUGlQaWsKUGlQaWtQaVBHZ2ZQaWdQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaVBHZ2ZQaWdQaVBHZ2ZpUGlQaWtQaVBHZ2ZQaWcKUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZQaWdQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaWsKUGlwaWtQaVBHZ2ZQaWdQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaVBHZ2ZQaWdQaVBHZ2ZpUGlQaWtQaVBHZ2lQaWtnCmZQaVBHZ2ZpUGlQaWtQaWtQaVBHUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQZ2lwaWtnZlA==\\n name: k8s-staging\\ncontexts:\\n- context:\\n cluster: k8s-staging\\n user: cicd-user\\n name: k8s-staging\\ncurrent-context: k8s-staging\\nkind: Config\\npreferences: {}\\nusers:\\n- name: cicd-user\\n user:\\n token: tok_v3_a7b8e1f5d3c2a1b0e4f6d7c8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8\\n", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "tok_v3_a7b8e1f5d3c2a1b0e4f6d7c8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8", + "found_secret": "apiVersion: v1\\nclusters:\\n- cluster:\\n server: https://k8s-staging.mycompany.dev\\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURaekNDQWsrZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpMV05oYlhCaGNuUnZkMjVzYVdJdGMyVm5jbWx1VEhCRGNISXRVRk5sYm5acFkyRXViV0Z5YTJVdApjR1Z5WVc0dGMyVmpkWEpwZEhrdE1CNFhEVEl4TURnd05qQXlPREl6TmxvWERUSXhNRGd3TmpBeU9ESXpObG93CkZURVRNQkVHQTFVRUF4TUthM1ZpY0dGblp5QkRaWEowYVdacFkyRjBhVzVuTVJvd0dBWURWUVFERXhGMVlXNWsKWXpCeldYSnliMnhsTG1OdmJURWNNQm9HQTFVRUF4UVVkakV1TG1Gc2JEb2dSWGRsWVhScGIyNGdkR2hsY2pBSgpCZ05WQkFvTUIxZGxaSEp2Ym5RdFkyRXdIaGNOTWpNd09UWTVNVFkyTURBMVdoY05Nak13T1RZeU1UWTJNREExCldqQVZNUk13RVFZRFZRUURFd3ByZFdKbGNtNWxkR1Z6TFdOaGJYQmhjblJ2ZDI1c2FXSXRjMlZuY21sdVRIQkQKc0hJdFVGTmxiblpwWTJFdWJXRnlhMlV0Y0dWeVlXNHRjMlZqZFhKcGRoa3RNQjRYRFRJeE1EZ3dOalF5TURJek4KbG9YRFRJeE1EZ3dOalF5TURJek5sb3dGVEVUTUJFR0ExVUVBeE1LYTNWaWNHzG5aeUJEWlhKMGFXWnBZMkYwCmFXNW5NU2t3SndZRFZRUUREQmR5WVc1bElFTmxjblJwWm1sallYUnBiMjR4RkRBU0JnTlZCQWNNQzFOaGJuUmwKWm00dGNIVjBaWEp6TG1OdmJUSXdNUnd3R1dZRFZRUUREQnBqWVc1bExtTnZiVEJaTUJNR0J5cUxlbEZvTEF1TQpNRGN3SmdZSktvWklodmNOQVFrQkZoZGxaSEp2Ym5RdFkyRXdEUVlKS29aSWh2Y05BUUVGQlFBZ2dra0JBSUVwCllpU0p2eU9rV0ZpZDJnZ0lQeW55bklwZWZpb1Rpa2ZpUGlpa2lQeWtlUGlUZ2Zpd1BTZ2tQSWZpZ2lwaWsKZ2ZQc0dnZ2ZQaVBHZ2ZpcGtpa1BnaVBHZ2lQaWdQaVBHZ2ZHUGlQaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZQaWcKUGlQaWtQaWtQaVBHUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaVBHZ2ZHUGlQaWtQaVBHZ2ZHUGkKUGlQaWtQaVBHZ2ZHUGlQaWtQaWtQaVBHUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaVBHZ2ZQaWcKUGlQaWtQaWtQaVBHUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZQaWdQaVBHZ2ZQaWlQaWtQaVBHZ2ZGUGkKUGlQaWtQaWtQaVBHUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQZ2lwaWtnZlBzR2lnUGlQZ2ZpZ2lQaWtnZlBpcCgKaWtQZ2ZpcGtpa1BnaVBHZ2lQZ2lQZ2Zpd1BTZ2tQSWZpZ2lwaWtnZlBzR2dnZlBpUEgLZGdnaUtpUGlQaWsKUGlQaWtQaVBHZ2ZQaWdQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaVBHZ2ZQaWdQaVBHZ2ZpUGlQaWtQaVBHZ2ZQaWcKUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZQaWdQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaWsKUGlwaWtQaVBHZ2ZQaWdQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaVBHZ2ZQaWdQaVBHZ2ZpUGlQaWtQaVBHZ2lQaWtnCmZQaVBHZ2ZpUGlQaWtQaWtQaVBHUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQZ2lwaWtnZlA==\\n name: k8s-staging\\ncontexts:\\n- context:\\n cluster: k8s-staging\\n user: cicd-user\\n name: k8s-staging\\ncurrent-context: k8s-staging\\nkind: Config\\npreferences: {}\\nusers:\\n- name: cicd-user\\n user:\\n token: tok_v3_a7b8e1f5d3c2a1b0e4f6d7c8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8\\n" + }, + { + "line_number": 44, + "secret": "https://hooks.slack.com/services/T01ABCD4E5F/B02FGHIJ3K4/aBcDeFg1hIjKlMnOpQrStUvWxYzA543210", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpeh0pei3d/code.txt", + "line_number": 30, + "secret": "Content-type: application/json' --data '{\"text\":\"Staging deployment successful.\"}", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "https://hooks.slack.com/services/T01ABCD4E5F/B02FGHIJ3K4/aBcDeFg1hIjKlMnOpQrStUvWxYzA543210", + "found_secret": "Content-type: application/json' --data '{\"text\":\"Staging deployment successful.\"}" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpeh0pei3d/code.txt", + "line_number": 30, + "secret": "https://hooks.slack.com/services/T01ABCD4E5F/B02FGHIJ3K4/aBcDeFg1hIjKlMnOpQrStUvWxYzA543210", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 53, + "secret": "8f5a6b09c2d3e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmptgvw59e3/code.txt", + "line_number": 13, + "secret": "8f5a6b09c2d3e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 63, + "secret": "postgres://svc_acct_user:P@s$W0rd1!zN0tG00d@pg-prod-1.c4u7n8t3p1o2.us-west-2.rds.amazonaws.com:5432/user_profiles", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmptgvw59e3/code.txt", + "line_number": 23, + "secret": "postgres://svc_acct_user:P@s$W0rd1!zN0tG00d@pg-prod-1.c4u7n8t3p1o2.us-west-2.rds.amazonaws.com:5432/user_profiles", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 0 + }, + { + "found_entries": [ + { + "line_number": 124, + "secret": "dop_v1_8a3f5b210c4e7d9f6a2b01c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4vdf696h/code.txt", + "line_number": 13, + "secret": "dop_v1_8a3f5b210c4e7d9f6a2b01c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4vdf696h/code.txt", + "line_number": 24, + "secret": "digitalocean_ssh_key\" \"main", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4vdf696h/code.txt", + "line_number": 28, + "secret": "digitalocean_database_cluster\" \"postgres_db", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 2 + }, + { + "found_entries": [ + { + "line_number": 211, + "secret": "8h$T9x!qW2r*Lp@vK4m&Z7gB#nS5yU", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmppmy7_0nc/code.txt", + "line_number": 11, + "secret": "8h$T9x!qW2r*Lp@vK4m&Z7gB#nS5yU", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 219, + "secret": "eC5tVg8jNkLpQ3sW6zY9bH2fR7uI0mO1vX4a", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmppmy7_0nc/code.txt", + "line_number": 19, + "secret": "eC5tVg8jNkLpQ3sW6zY9bH2fR7uI0mO1vX4a", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 224, + "secret": "SG.k8yWq2pT9RzX4vU7cE1sN3.LgJ5tH_vB8nU6sY9aI0mD4fO2oP1qR3eS6wW7x Zz", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmppmy7_0nc/code.txt", + "line_number": 24, + "secret": "SG.k8yWq2pT9RzX4vU7cE1sN3.LgJ5tH_vB8nU6sY9aI0mD4fO2oP1qR3eS6wW7x Zz", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmppmy7_0nc/code.txt", + "line_number": 9, + "secret": "jdbc:mysql://db-prod.c1a2b3d4e5f6.us-east-1.rds.amazonaws.com:3306/webappdb?useSSL=true&requireSSL=true", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmppmy7_0nc/code.txt", + "line_number": 11, + "secret": "8h$T9x!qW2r*Lp@vK4m&Z7gB#nS5yU", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmppmy7_0nc/code.txt", + "line_number": 17, + "secret": "redis-prod.a1b2c3.0001.use1.cache.amazonaws.com", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmppmy7_0nc/code.txt", + "line_number": 19, + "secret": "eC5tVg8jNkLpQ3sW6zY9bH2fR7uI0mO1vX4a", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmppmy7_0nc/code.txt", + "line_number": 19, + "secret": "eC5tVg8jNkLpQ3sW6zY9bH2fR7uI0mO1vX4a", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmppmy7_0nc/code.txt", + "line_number": 25, + "secret": "pk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB2nD5oP6qR7sW8x YzZ9a", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 6 + } + ], + "2": [ + { + "found_entries": [ + { + "line_number": 88, + "secret": "sk_live_51KmzU8BqR6tP0kLwXgH7yV3dF9sJ1eA8cW2mN4oB6gZ5hI0kL3jM7yV9dF1gH2jK4lN6oB5pQ8sR7tU", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpng7l44_0/code.txt", + "line_number": 11, + "secret": "sk_live_51KmzU8BqR6tP0kLwXgH7yV3dF9sJ1eA8cW2mN4oB6gZ5hI0kL3jM7yV9dF1gH2jK4lN6oB5pQ8sR7tU", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 90, + "secret": "postgres://payment_svc_user:pS9#v$2K@j1F!gH@db-payments-prod.c4z1x2y3w4.us-east-1.rds.amazonaws.com:5432/payments_db", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpng7l44_0/code.txt", + "line_number": 13, + "secret": "postgres://payment_svc_user:pS9#v$2K@j1F!gH@db-payments-prod.c4z1x2y3w4.us-east-1.rds.amazonaws.com:5432/payments_db", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [ + { + "line_number": 119, + "secret": "SG.4fVg7p8R_TqWz3xY9bA1c2.gHjKlMnOpQrStUvWxYz01AbCdEfGhIjK23Lm4", + "label": "True Positive", + "expected_line": 42, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpng7l44_0/code.txt", + "line_number": 11, + "secret": "sk_live_51KmzU8BqR6tP0kLwXgH7yV3dF9sJ1eA8cW2mN4oB6gZ5hI0kL3jM7yV9dF1gH2jK4lN6oB5pQ8sR7tU", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpng7l44_0/code.txt", + "line_number": 11, + "secret": "sk_live_51KmzU8BqR6tP0kLwXgH7yV3dF9sJ1eA8cW2mN4oB6gZ5hI0kL3jM7yV9dF1gH2jK4lN6oB5pQ8sR7tU", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpng7l44_0/code.txt", + "line_number": 11, + "secret": "sk_live_51KmzU8BqR6tP0kLwXgH7yV3", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpng7l44_0/code.txt", + "line_number": 19, + "secret": "/api/v1/charge', methods=['POST", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpng7l44_0/code.txt", + "line_number": 38, + "secret": "Your Receipt from ExampleShop", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpng7l44_0/code.txt", + "line_number": 44, + "secret": "Email sent with status code: {response.status_code}", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 2, + "total_missed": 1, + "total_false_positives": 6 + }, + { + "found_entries": [ + { + "line_number": 14, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpg0_n_w6m/code.txt", + "line_number": 3, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 15, + "secret": "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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpg0_n_w6m/code.txt", + "line_number": 4, + "secret": "a7vK9LpM4hG2sR8wD1fC5qT0jB3uN6zX9iY7eE/Z", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 35, + "secret": "db_P@ssw0rd_pr0d_!2023", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpg0_n_w6m/code.txt", + "line_number": 24, + "secret": "db_P@ssw0rd_pr0d_!2023", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpg0_n_w6m/code.txt", + "line_number": 3, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpg0_n_w6m/code.txt", + "line_number": 4, + "secret": "a7vK9LpM4hG2sR8wD1fC5qT0jB3uN6zX9iY7eE/Z", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpg0_n_w6m/code.txt", + "line_number": 4, + "secret": "a7vK9LpM4hG2sR8wD1fC5qT0jB3uN6zX9iY7eE/Z", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpg0_n_w6m/code.txt", + "line_number": 7, + "secret": "aws_s3_bucket\" \"customer_uploads", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpg0_n_w6m/code.txt", + "line_number": 12, + "secret": "Customer Uploads Bucket", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 5 + }, + { + "found_entries": [ + { + "line_number": 35, + "secret": "ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7f", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpu2y9yjeh/code.txt", + "line_number": 35, + "secret": "ghp", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7f", + "found_secret": "ghp" + } + ], + "not_found_entries": [ + { + "line_number": 19, + "secret": "dckr_pat_aBcDeFgHiJkLmNoPqRsTuVwXyZ012345", + "label": "True Positive", + "expected_line": 19, + "reason": "not_detected" + } + ], + "false_positives": [], + "total_actual": 2, + "total_found": 1, + "total_missed": 1, + "total_false_positives": 0 + }, + { + "found_entries": [ + { + "line_number": 62, + "secret": "AIzaSyB8pZ5GfsJk9mDq7nL4vW2xRcH1tU0E", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1379dfs6/code.txt", + "line_number": 8, + "secret": "AIzaSyB8pZ5GfsJk9mDq7nL4vW2xRcH1tU0E", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 75, + "secret": "https://a1b2c3d4e5f61234abcd5678ef901234@o123456.ingest.sentry.io/9876543", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1379dfs6/code.txt", + "line_number": 21, + "secret": "https://a1b2c3d4e5f61234abcd5678ef901234@o123456.ingest.sentry.io/9876543", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 82, + "secret": "pk.eyJ1IjoicHJvZGFwcDEyMyIsImEiOiJja3o4dGJuMHgwMnhpMm5wOTNzaHI4cDVqIn0.n7sL8gKjP5eF4tW1bA9c3Q", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1379dfs6/code.txt", + "line_number": 28, + "secret": "pk.eyJ1IjoicHJvZGFwcDEyMyIsImEiOiJja3o4dGJuMHgwMnhpMm5wOTNzaHI4cDVqIn0.n7sL8gKjP5eF4tW1bA9c3Q", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1379dfs6/code.txt", + "line_number": 8, + "secret": "AIzaSyB8pZ5GfsJk9mDq7nL4vW2xRcH1tU0E", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1379dfs6/code.txt", + "line_number": 8, + "secret": "AIzaSyB8pZ5GfsJk9mDq7nL4vW2xRcH1tU0E", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1379dfs6/code.txt", + "line_number": 13, + "secret": "1:123456789012:web:a1b2c3d4e5f6a7b8c9d0e1", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 16, + "secret": "h#K!p$7sW@v3xR9zQ*j1fG_b", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpqc7acfto/code.txt", + "line_number": 16, + "secret": "h#K!p$7sW@v3xR9zQ*j1fG_b", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 19, + "secret": "AC9f7e6d5c4b3a291807654321fedcba", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpqc7acfto/code.txt", + "line_number": 19, + "secret": "AC9f7e6d5c4b3a291807654321fedcba", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 20, + "secret": "8a7b65c4d3e2f109876a5b4c3d2e1f0a", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpqc7acfto/code.txt", + "line_number": 20, + "secret": "8a7b65c4d3e2f109876a5b4c3d2e1f0a", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 24, + "secret": "b2luc3JldnNqcmVxdm5qcXNlMjR2NHFzZXZzcjI1OXF5MHI=", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpqc7acfto/code.txt", + "line_number": 24, + "secret": "b2luc3JldnNqcmVxdm5qcXNlMjR2NHFzZXZzcjI1OXF5MHI=", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpqc7acfto/code.txt", + "line_number": 5, + "secret": "jdbc:mysql://prod-db.example.com:3306/maindb", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpqc7acfto/code.txt", + "line_number": 16, + "secret": "h#K!p$7sW@v3xR9zQ*j1fG_b", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpqc7acfto/code.txt", + "line_number": 19, + "secret": "AC9f7e6d5c4b3a291807654321fedcba", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpqc7acfto/code.txt", + "line_number": 24, + "secret": "b2luc3JldnNqcmVxdm5qcXNlMjR2NHFzZXZzcjI1OXF5MHI=", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 4, + "total_found": 4, + "total_missed": 0, + "total_false_positives": 4 + } + ], + "3": [ + { + "found_entries": [ + { + "line_number": 96, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpzd1rb31h/code.txt", + "line_number": 9, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 97, + "secret": "kG+N9sL2rP4xW7yH8zC1vE0bF3uA5tD6jQ/mIoX", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpzd1rb31h/code.txt", + "line_number": 10, + "secret": "kG+N9sL2rP4xW7yH8zC1vE0bF3uA5tD6jQ/mIoX", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpzd1rb31h/code.txt", + "line_number": 10, + "secret": "kG+N9sL2rP4xW7yH8zC1vE0bF3uA5tD6jQ/mIoX", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpzd1rb31h/code.txt", + "line_number": 10, + "secret": "kG+N9sL2rP4xW7yH8zC1vE0bF3uA5tD6jQ/mIoX", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpzd1rb31h/code.txt", + "line_number": 15, + "secret": "/api/v1/process-file', methods=['POST", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 74, + "secret": "4a8f15d7e5b6c93f0a12e4d3c5f6b8a1", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp59d0x9me/code.txt", + "line_number": 33, + "secret": "4a8f15d7e5b6c93f0a12e4d3c5f6b8a1", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp59d0x9me/code.txt", + "line_number": 19, + "secret": "[Critical] High P99 Latency on API Gateway", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp59d0x9me/code.txt", + "line_number": 21, + "secret": "@devops-alerts P99 latency is over 2s. Check API Gateway performance.", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp59d0x9me/code.txt", + "line_number": 22, + "secret": "env:prod\", \"service:api-gateway", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp59d0x9me/code.txt", + "line_number": 24, + "secret": "avg(last_5m):p99:aws.apigateway.latency.count{*} by {apiname} > 2000", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp59d0x9me/code.txt", + "line_number": 33, + "secret": "4a8f15d7e5b6c93f0a12e4d3c5f6b8a1", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 5 + }, + { + "found_entries": [ + { + "line_number": 33, + "secret": "dckr_pat_aB7-cDef_gHiJkL-mNop_qRsT", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpk4mp0zau/code.txt", + "line_number": 19, + "secret": "dckr_pat_aB7-cDef_gHiJkL-mNop_qRsT", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 49, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpk4mp0zau/code.txt", + "line_number": 35, + "secret": "https://hooks.slack.com/services/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", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpk4mp0zau/code.txt", + "line_number": 19, + "secret": "dckr_pat_aB7-cDef_gHiJkL-mNop_qRsT", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpk4mp0zau/code.txt", + "line_number": 19, + "secret": "dckr_pat_aB7-cDef_gHiJkL-mNop_qRsT", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpk4mp0zau/code.txt", + "line_number": 37, + "secret": "The build for the main branch has failed. Please investigate.", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 215, + "secret": "4#pZ&qK9!sW8*L@gM$nBv", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp3m7hlpps/code.txt", + "line_number": 6, + "secret": "4#pZ&qK9!sW8*L@gM$nBv", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 223, + "secret": "f9b5c3d2e1a04987b6a5c4d3e2f1b0a9c8d7e6f5a4b3c2d1e0f0987654321fed", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp3m7hlpps/code.txt", + "line_number": 14, + "secret": "f9b5c3d2e1a04987b6a5c4d3e2f1b0a9c8d7e6f5a4b3c2d1e0f0987654321fed", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp3m7hlpps/code.txt", + "line_number": 4, + "secret": "jdbc:postgresql://db-reporting.us-east-1.rds.amazonaws.com:5432/reporting_prod", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp3m7hlpps/code.txt", + "line_number": 6, + "secret": "4#pZ&qK9!sW8*L@gM$nBv", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp3m7hlpps/code.txt", + "line_number": 14, + "secret": "f9b5c3d2e1a04987b6a5c4d3e2f1b0a9c8d7e6f5a4b3c2d1e0f0987654321fed", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 123, + "secret": "https://b4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9@o123456.ingest.sentry.io/7890123", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp7v891785/code.txt", + "line_number": 9, + "secret": "https://b4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9@o123456.ingest.sentry.io/7890123", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 0 + } + ], + "4": [ + { + "found_entries": [ + { + "line_number": 78, + "secret": "AKIAU4EG23W5F7Y6ZCQN", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpxdewtabp/code.txt", + "line_number": 7, + "secret": "AKIAU4EG23W5F7Y6ZCQN", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 79, + "secret": "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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpxdewtabp/code.txt", + "line_number": 8, + "secret": "hG8pFk3mZ+jV9sL1wN7tYqR2dC0xI4oA/bB5uE3f", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpxdewtabp/code.txt", + "line_number": 8, + "secret": "hG8pFk3mZ+jV9sL1wN7tYqR2dC0xI4oA/bB5uE3f", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpxdewtabp/code.txt", + "line_number": 8, + "secret": "hG8pFk3mZ+jV9sL1wN7tYqR2dC0xI4oA/bB5uE3f", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpxdewtabp/code.txt", + "line_number": 8, + "secret": "hG8pFk3mZ+jV9sL1wN7tYqR2dC0xI4oA/bB5uE3f", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpxdewtabp/code.txt", + "line_number": 17, + "secret": "\"\"Lists all S3 buckets for the configured account.\"\"", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpxdewtabp/code.txt", + "line_number": 25, + "secret": "Error listing buckets: {e}", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 5 + }, + { + "found_entries": [ + { + "line_number": 36, + "secret": "dckr_pat_aJv8rK3sLpH7qZ2mN9bXwF1g", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpsqrak3zq/code.txt", + "line_number": 19, + "secret": "dckr_pat_aJv8rK3sLpH7qZ2mN9bXwF1g", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 49, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpsqrak3zq/code.txt", + "line_number": 32, + "secret": "https://hooks.slack.com/services/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", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [ + { + "line_number": 35, + "secret": "app_deployer_svc", + "label": "True Positive", + "expected_line": 18, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpsqrak3zq/code.txt", + "line_number": 19, + "secret": "dckr_pat_aJv8rK3sLpH7qZ2mN9bXwF1g", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpsqrak3zq/code.txt", + "line_number": 19, + "secret": "dckr_pat_aJv8rK3sLpH7qZ2mN9bXwF1g", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpsqrak3zq/code.txt", + "line_number": 32, + "secret": "https://hooks.slack.com/services/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", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpsqrak3zq/code.txt", + "line_number": 33, + "secret": "Image successfully built and deployed.", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 2, + "total_missed": 1, + "total_false_positives": 4 + }, + { + "found_entries": [ + { + "line_number": 119, + "secret": "dd_api_a9f86a9f86d7e9e8b7c6c5d4d3e2f1b0", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp456wgzef/code.txt", + "line_number": 8, + "secret": "dd_api_a9f86a9f86d7e9e8b7c6c5d4d3e2f1b0", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 120, + "secret": "dd_app_b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp456wgzef/code.txt", + "line_number": 9, + "secret": "dd_app_b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp456wgzef/code.txt", + "line_number": 8, + "secret": "dd_api_a9f86a9f86d7e9e8b7c6c5d4d3e2f1b0", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp456wgzef/code.txt", + "line_number": 24, + "secret": "@all CPU utilization is over 90% on {{host.name}}", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp456wgzef/code.txt", + "line_number": 26, + "secret": "avg(last_5m):avg:system.cpu.user{environment:production} > 90", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 40, + "secret": "Server=tcp:prod-db-cluster-1.database.windows.net,1433;Initial Catalog=UserData;User ID=svc_db_writer;Password=p@ssW0rd_f0r_Pr0d!v2.4$Db;Encrypt=True;", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwe5di7x8/code.txt", + "line_number": 16, + "secret": "Server=tcp:prod-db-cluster-1.database.windows.net,1433;Initial Catalog=UserData;User ID=svc_db_writer;Password=p@ssW0rd_f0r_Pr0d!v2.4$Db;Encrypt=True;", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 41, + "secret": "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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwe5di7x8/code.txt", + "line_number": 17, + "secret": "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", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwe5di7x8/code.txt", + "line_number": 17, + "secret": "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", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwe5di7x8/code.txt", + "line_number": 17, + "secret": "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", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwe5di7x8/code.txt", + "line_number": 26, + "secret": "SELECT COUNT(*) FROM Users WHERE Status = 'Pending'", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwe5di7x8/code.txt", + "line_number": 33, + "secret": "noreply@myapp.com\", \"MyApp Notifications", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 4 + }, + { + "found_entries": [ + { + "line_number": 40, + "secret": "AIzaSyC1b2D3e4F5g6H7i8J9k0L1m2N3o4P5q6R", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5ee5z63o/code.txt", + "line_number": 8, + "secret": "AIzaSyC1b2D3e4F5g6H7i8J9k0L1m2N3o4P5q6R", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 45, + "secret": "1:867530912345:web:a1b2c3d4e5f6a7b8c9d0e1", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5ee5z63o/code.txt", + "line_number": 13, + "secret": "1:867530912345:web:a1b2c3d4e5f6a7b8c9d0e1", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5ee5z63o/code.txt", + "line_number": 8, + "secret": "AIzaSyC1b2D3e4F5g6H7i8J9k0L1m2N3o4P5q6R", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5ee5z63o/code.txt", + "line_number": 8, + "secret": "AIzaSyC1b2D3e4F5g6H7i8J9k0L1m2N3o4P5q6R", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 2 + } + ], + "5": [ + { + "found_entries": [ + { + "line_number": 102, + "secret": "AKIAU4O6R3T5W2X7Y9Z1", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmprd74e40a/code.txt", + "line_number": 15, + "secret": "AKIAU4O6R3T5W2X7Y9Z1", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 103, + "secret": "vN9bF8dG2kP1cQ5eR7sT3uV0wX4yZ6aB7cH9iJ/l", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmprd74e40a/code.txt", + "line_number": 16, + "secret": "vN9bF8dG2kP1cQ5eR7sT3uV0wX4yZ6aB7cH9iJ/l", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmprd74e40a/code.txt", + "line_number": 13, + "secret": "\"\"Initializes and returns an S3 client with hardcoded credentials.\"\"", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmprd74e40a/code.txt", + "line_number": 16, + "secret": "vN9bF8dG2kP1cQ5eR7sT3uV0wX4yZ6aB7cH9iJ/l", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmprd74e40a/code.txt", + "line_number": 16, + "secret": "vN9bF8dG2kP1cQ5eR7sT3uV0wX4yZ6aB7cH9iJ/l", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmprd74e40a/code.txt", + "line_number": 16, + "secret": "vN9bF8dG2kP1cQ5eR7sT3uV0wX4yZ6aB7cH9iJ/l", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmprd74e40a/code.txt", + "line_number": 22, + "secret": "\"\"Uploads a single file to the specified S3 bucket.\"\"", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmprd74e40a/code.txt", + "line_number": 24, + "secret": "backup-{get_timestamp()}.log", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmprd74e40a/code.txt", + "line_number": 25, + "secret": "Successfully uploaded {file_path} to {bucket}.", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 7 + }, + { + "found_entries": [ + { + "line_number": 61, + "secret": "dckr_pat_bH8gY2cX1dE4fG5hI6jK7lM8nO9pQ0rS", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpo7bo__v7/code.txt", + "line_number": 21, + "secret": "dckr_pat_bH8gY2cX1dE4fG5hI6jK7lM8nO9pQ0rS", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpo7bo__v7/code.txt", + "line_number": 21, + "secret": "dckr_pat_bH8gY2cX1dE4fG5hI6jK7lM8nO9pQ0rS", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpo7bo__v7/code.txt", + "line_number": 22, + "secret": "docker build -t ${DOCKER_IMAGE_NAME}:${BUILD_NUMBER} .", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpo7bo__v7/code.txt", + "line_number": 23, + "secret": "echo ${dockerApiToken} | docker login -u ${dockerUsername} --password-stdin ${DOCKER_REGISTRY}", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpo7bo__v7/code.txt", + "line_number": 24, + "secret": "docker push ${DOCKER_IMAGE_NAME}:${BUILD_NUMBER}", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 4 + }, + { + "found_entries": [ + { + "line_number": 125, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7hN5fD6gE4iT2oP1aL0kM8zGxYc9v", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpjmi6_zgl/code.txt", + "line_number": 14, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWq", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7hN5fD6gE4iT2oP1aL0kM8zGxYc9v", + "found_secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWq" + }, + { + "line_number": 140, + "secret": "whsec_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpjmi6_zgl/code.txt", + "line_number": 29, + "secret": "whsec_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpjmi6_zgl/code.txt", + "line_number": 14, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7hN5fD6gE4iT2oP1aL0kM8zGxYc9v", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpjmi6_zgl/code.txt", + "line_number": 14, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7hN5fD6gE4iT2oP1aL0kM8zGxYc9v", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpjmi6_zgl/code.txt", + "line_number": 14, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7hN5fD6gE4iT2oP1aL0kM8zGxYc9v", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpjmi6_zgl/code.txt", + "line_number": 31, + "secret": "Webhook secret configured: \" + whSecret.substring(0, 10) + \"...", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 4 + }, + { + "found_entries": [ + { + "line_number": 32, + "secret": "S#cr3t_DB_P@ssw0rd_8k!2mN", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpjbmbcf27/code.txt", + "line_number": 8, + "secret": "S#cr3t_DB_P@ssw0rd_8k!2mN", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 47, + "secret": "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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpjbmbcf27/code.txt", + "line_number": 23, + "secret": "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", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpjbmbcf27/code.txt", + "line_number": 8, + "secret": "S#cr3t_DB_P@ssw0rd_8k!2mN", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpjbmbcf27/code.txt", + "line_number": 20, + "secret": "API key for sending transactional emails.", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpjbmbcf27/code.txt", + "line_number": 23, + "secret": "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", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 64, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpe6fmizys/code.txt", + "line_number": 32, + "secret": "Content-type: application/json' --data '{\"text\":\"Deployment to production succeeded!\"}", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "https://hooks.slack.com/services/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", + "found_secret": "Content-type: application/json' --data '{\"text\":\"Deployment to production succeeded!\"}" + } + ], + "not_found_entries": [ + { + "line_number": 58, + "secret": "9f8e7d6c5b4a3a2a1a0b9c8d7e6f5a4b", + "label": "True Positive", + "expected_line": 26, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpe6fmizys/code.txt", + "line_number": 32, + "secret": "https://hooks.slack.com/services/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", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 1, + "total_missed": 1, + "total_false_positives": 1 + } + ], + "7": [ + { + "found_entries": [ + { + "line_number": 92, + "secret": "AKIA44JGL55QT6L72Q57", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpu6e0a018/code.txt", + "line_number": 5, + "secret": "AKIA44JGL55QT6L72Q57", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 93, + "secret": "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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpu6e0a018/code.txt", + "line_number": 6, + "secret": "Jv2/G5fB8hK0lM3nO7pQ9rS2uV5wX8yZ1aC4bE6d", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 111, + "secret": "hJ$9!zK@bD3pG*sV", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpu6e0a018/code.txt", + "line_number": 24, + "secret": "hJ$9!zK@bD3pG*sV", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpu6e0a018/code.txt", + "line_number": 6, + "secret": "Jv2/G5fB8hK0lM3nO7pQ9rS2uV5wX8yZ1aC4bE6d", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpu6e0a018/code.txt", + "line_number": 6, + "secret": "Jv2/G5fB8hK0lM3nO7pQ9rS2uV5wX8yZ1aC4bE6d", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 2 + }, + { + "found_entries": [ + { + "line_number": 51, + "secret": "postgres://payment_svc_user:Ag8#kL$pQ2sZ!vF@pg-prod-us-east-1a.c3kfexample.rds.amazonaws.com:5432/payments_prod", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1eef11xl/code.txt", + "line_number": 11, + "secret": "SQLALCHEMY_DATABASE_URI'] = 'postgres://payment_svc_user:Ag8#kL$pQ2sZ!vF@pg-prod-us-east-1a.c3kfexample.rds.amazonaws.com:5432/payments_prod", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "postgres://payment_svc_user:Ag8#kL$pQ2sZ!vF@pg-prod-us-east-1a.c3kfexample.rds.amazonaws.com:5432/payments_prod", + "found_secret": "SQLALCHEMY_DATABASE_URI'] = 'postgres://payment_svc_user:Ag8#kL$pQ2sZ!vF@pg-prod-us-east-1a.c3kfexample.rds.amazonaws.com:5432/payments_prod" + }, + { + "line_number": 52, + "secret": "sk_live_51Mv0L2BpF8fG1tY9cRzXvWqSjU3mB4aD5eFgH6iJ7kL8mN9oP0qR1sT", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1eef11xl/code.txt", + "line_number": 12, + "secret": "sk_live_51Mv0L2BpF8fG1tY9cRzXvWqSjU3mB4aD5eFgH6iJ7kL8mN9oP0qR1sT", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1eef11xl/code.txt", + "line_number": 12, + "secret": "sk_live_51Mv0L2BpF8fG1tY9cRzXvWqSjU3mB4aD5eFgH6iJ7kL8mN9oP0qR1sT", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1eef11xl/code.txt", + "line_number": 12, + "secret": "STRIPE_SECRET_KEY'] = 'sk_live_51Mv0L2BpF8fG1tY9cRzXvWqSjU3mB4aD5eFgH6iJ7kL8mN9oP0qR1sT", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1eef11xl/code.txt", + "line_number": 12, + "secret": "sk_live_51Mv0L2BpF8fG1tY9cRzXvWq", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1eef11xl/code.txt", + "line_number": 18, + "secret": "/health', methods=['GET", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1eef11xl/code.txt", + "line_number": 28, + "secret": "/create-payment-intent', methods=['POST", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 5 + }, + { + "found_entries": [ + { + "line_number": 36, + "secret": "dckr_pat_bC9hFvG5jL1kM4nO7pQ9rS2uV5wX8yZ1aC", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvs3oprqu/code.txt", + "line_number": 22, + "secret": "dckr_pat_bC9hFvG5jL1kM4nO7pQ9rS2uV5wX8yZ1aC", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 52, + "secret": "https://hooks.slack.com/services/T012ABCDEF3/B01GHIJKLM4/vP5qR6sT7uV8wX9yZ0aB1c", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvs3oprqu/code.txt", + "line_number": 38, + "secret": "https://hooks.slack.com/services/T012ABCDEF3/B01GHIJKLM4/vP5qR6sT7uV8wX9yZ0aB1c", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvs3oprqu/code.txt", + "line_number": 22, + "secret": "dckr_pat_bC9hFvG5jL1kM4nO7pQ9rS2uV5wX8yZ1aC", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvs3oprqu/code.txt", + "line_number": 22, + "secret": "dckr_pat_bC9hFvG5jL1kM4nO7pQ9rS2uV5wX8yZ1aC", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvs3oprqu/code.txt", + "line_number": 36, + "secret": "Deployment to production finished.", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvs3oprqu/code.txt", + "line_number": 38, + "secret": "https://hooks.slack.com/services/T012ABCDEF3/B01GHIJKLM4/vP5qR6sT7uV8wX9yZ0aB1c", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 4 + }, + { + "found_entries": [ + { + "line_number": 219, + "secret": "DefaultEndpointsProtocol=https;AccountName=prodfilestorage1;AccountKey=wJ/x5mP8Q+kZ3rT9vB2uC4dE6fG8hJ0lM2nO4pQ6rS8tV0wX2yZ4aC6bE8dF+gHjK/lM4nO6pQ==;EndpointSuffix=core.windows.net", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp2lhsa6qh/code.txt", + "line_number": 10, + "secret": "DefaultEndpointsProtocol=https;AccountName=prodfilestorage1;AccountKey=wJ/x5mP8Q+kZ3rT9vB2uC4dE6fG8hJ0lM2nO4pQ6rS8tV0wX2yZ4aC6bE8dF+gHjK/lM4nO6pQ==;EndpointSuffix=core.windows.net", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 220, + "secret": "SG.bF3gH5iJ7kL9mN1oP3qR5sT7uV9wX1yZ.aC3bE5dF7gH9jK1lM3nO5pQ7rS9tU", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp2lhsa6qh/code.txt", + "line_number": 11, + "secret": "SG.bF3gH5iJ7kL9mN1oP3qR5sT7uV9wX1yZ.aC3bE5dF7gH9jK1lM3nO5pQ7rS9tU", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp2lhsa6qh/code.txt", + "line_number": 11, + "secret": "SG.bF3gH5iJ7kL9mN1oP3qR5sT7uV9wX1yZ.aC3bE5dF7gH9jK1lM3nO5pQ7rS9tU", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 88, + "secret": "4a1b0c9d2e8f7g6h5i4j3k2l1m0n9o8p7q6r5s4t3u2v1w0x", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp_y5bco57/code.txt", + "line_number": 12, + "secret": "4a1b0c9d2e8f7g6h5i4j3k2l1m0n9o8p7q6r5s4t3u2v1w0x", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 95, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLnMxLmV4YW1wbGUuY29tIiwic3ViIjoiY2NjY2QxZjctMGIzNC00MWFmLThmZjktYWZmMDc0MjVmYTc3IiwiYXVkIjoiYXBpLnMxLmV4YW1wbGUuY29tIiwiaWF0IjoxNjQ4MDQ0NDc5LCJleHAiOjE2NDgwNDgwNzl9.m4zV8G48EaFqfJkXw9Y2ZzQ3bH6iJ8kL0mN2oP4qR6s", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp_y5bco57/code.txt", + "line_number": 19, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLnMxLmV4YW1wbGUuY29tIiwic3ViIjoiY2NjY2QxZjctMGIzNC00MWFmLThmZjktYWZmMDc0MjVmYTc3IiwiYXVkIjoiYXBpLnMxLmV4YW1wbGUuY29tIiwiaWF0IjoxNjQ4MDQ0NDc5LCJleHAiOjE2NDgwNDgwNzl9.", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLnMxLmV4YW1wbGUuY29tIiwic3ViIjoiY2NjY2QxZjctMGIzNC00MWFmLThmZjktYWZmMDc0MjVmYTc3IiwiYXVkIjoiYXBpLnMxLmV4YW1wbGUuY29tIiwiaWF0IjoxNjQ4MDQ0NDc5LCJleHAiOjE2NDgwNDgwNzl9.m4zV8G48EaFqfJkXw9Y2ZzQ3bH6iJ8kL0mN2oP4qR6s", + "found_secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLnMxLmV4YW1wbGUuY29tIiwic3ViIjoiY2NjY2QxZjctMGIzNC00MWFmLThmZjktYWZmMDc0MjVmYTc3IiwiYXVkIjoiYXBpLnMxLmV4YW1wbGUuY29tIiwiaWF0IjoxNjQ4MDQ0NDc5LCJleHAiOjE2NDgwNDgwNzl9." + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp_y5bco57/code.txt", + "line_number": 11, + "secret": "https://metrics.corp.internal/api/v1/log", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp_y5bco57/code.txt", + "line_number": 12, + "secret": "4a1b0c9d2e8f7g6h5i4j3k2l1m0n9o8p7q6r5s4t3u2v1w0x", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp_y5bco57/code.txt", + "line_number": 12, + "secret": "4a1b0c9d2e8f7g6h5i4j3k2l1m0n9o8p7q6r5s4t3u2v1w0x", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp_y5bco57/code.txt", + "line_number": 19, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLnMxLmV4YW1wbGUuY29tIiwic3ViIjoiY2NjY2QxZjctMGIzNC00MWFmLThmZjktYWZmMDc0MjVmYTc3IiwiYXVkIjoiYXBpLnMxLmV4YW1wbGUuY29tIiwiaWF0IjoxNjQ4MDQ0NDc5LCJleHAiOjE2NDgwNDgwNzl9.m4zV8G48EaFqfJkXw9Y2ZzQ3bH6iJ8kL0mN2oP4qR6s", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp_y5bco57/code.txt", + "line_number": 26, + "secret": "Content-Type\", \"application/json", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 5 + } + ], + "8": [ + { + "found_entries": [ + { + "line_number": 50, + "secret": "postgres://order_svc_user:pIu#9Tf$zQ5w@db-prod-main.cyabxzywzzza.us-east-1.rds.amazonaws.com:5432/orders_production", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmptsvobxsk/code.txt", + "line_number": 9, + "secret": "postgres://order_svc_user:pIu#9Tf$zQ5w@db-prod-main.cyabxzywzzza.us-east-1.rds.amazonaws.com:5432/orders_production", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 56, + "secret": "AKIAU4VFT7J6X2P5QJ6M", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmptsvobxsk/code.txt", + "line_number": 15, + "secret": "AKIAU4VFT7J6X2P5QJ6M", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 57, + "secret": "gT8vNl2yX+ZpB/tY9cRzXvWqSjU3mB/kL5dF8aC", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmptsvobxsk/code.txt", + "line_number": 16, + "secret": "gT8vNl2yX+ZpB/tY9cRzXvWqSjU3mB/kL5dF8aC", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmptsvobxsk/code.txt", + "line_number": 16, + "secret": "gT8vNl2yX+ZpB/tY9cRzXvWqSjU3mB/kL5dF8aC", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmptsvobxsk/code.txt", + "line_number": 16, + "secret": "gT8vNl2yX+ZpB/tY9cRzXvWqSjU3mB/kL5dF8aC", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 2 + }, + { + "found_entries": [ + { + "line_number": 22, + "secret": "dckr_pat_a4d3f2c1b0e9a8b7c6d5e4f3a2b1c0d9e8f7g6h5", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmps2nwjgh3/code.txt", + "line_number": 22, + "secret": "dckr_pat_a4d3f2c1b0e9a8b7c6d5e4f3a2b1c0d9e8f7g6h5", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 35, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmps2nwjgh3/code.txt", + "line_number": 35, + "secret": "https://hooks.slack.com/services/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", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmps2nwjgh3/code.txt", + "line_number": 22, + "secret": "dckr_pat_a4d3f2c1b0e9a8b7c6d5e4f3a2b1c0d9e8f7g6h5", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmps2nwjgh3/code.txt", + "line_number": 36, + "secret": "Production deployment successful!", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 2 + }, + { + "found_entries": [ + { + "line_number": 9, + "secret": "AIzaSyCDE1234FGH5678IJKL9012MNOPQRs-tU", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9w3msamb/code.txt", + "line_number": 9, + "secret": "AIzaSyCDE1234FGH5678IJKL9012MNOPQRs-tU", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9w3msamb/code.txt", + "line_number": 9, + "secret": "AIzaSyCDE1234FGH5678IJKL9012MNOPQRs-tU", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9w3msamb/code.txt", + "line_number": 9, + "secret": "AIzaSyCDE1234FGH5678IJKL9012MNOPQRs-tU", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9w3msamb/code.txt", + "line_number": 14, + "secret": "1:987654321012:web:a1b2c3d4e5f6a7b8c9d0e1", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 25, + "secret": "AKIAT7G3W4LIX5M2P6Q4", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp56t0yu22/code.txt", + "line_number": 5, + "secret": "AKIAT7G3W4LIX5M2P6Q4", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 26, + "secret": "xZ9cU7sV3mB+pQkL5jH8fG1tY9cRzXvWqSjU3mB/kL", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp56t0yu22/code.txt", + "line_number": 6, + "secret": "xZ9cU7sV3mB+pQkL5jH8fG1tY9cRzXvWqSjU3mB/kL", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 32, + "secret": "7e3c98a50616b0b8ad4a835a68729c1d", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp56t0yu22/code.txt", + "line_number": 12, + "secret": "7e3c98a50616b0b8ad4a835a68729c1d", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp56t0yu22/code.txt", + "line_number": 5, + "secret": "AKIAT7G3W4LIX5M2P6Q4", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp56t0yu22/code.txt", + "line_number": 6, + "secret": "xZ9cU7sV3mB+pQkL5jH8fG1tY9cRzXvWqSjU3mB/kL", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp56t0yu22/code.txt", + "line_number": 6, + "secret": "xZ9cU7sV3mB+pQkL5jH8fG1tY9cRzXvWqSjU3mB/kL", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 67, + "secret": "Server=tcp:prod-db-server.database.windows.net,1433;Database=UserProfiles;User ID=sqladmin;Password=4#tG&kL$pQ2s!hG;Trusted_Connection=False;Encrypt=True;", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpxqallwxp/code.txt", + "line_number": 13, + "secret": "Server=tcp:prod-db-server.database.windows.net,1433;Database=UserProfiles;User ID=sqladmin;Password=4#tG&kL$pQ2s!hG;Trusted_Connection=False;Encrypt=True;", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 83, + "secret": "N5u8x/A?D(G+KbPeShVmYp3s6v9y$B&E", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpxqallwxp/code.txt", + "line_number": 29, + "secret": "N5u8x/A?D(G+KbPeShVmYp3s6v9y$B&E", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 0 + } + ], + "9": [ + { + "found_entries": [ + { + "line_number": 50, + "secret": "postgres://prod_user_rw:2$fP#qZ9!sW7@db.customer-api.prod.aws-us-east-1.rds.amazonaws.com:5432/payments_db", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpku9ur9bk/code.txt", + "line_number": 9, + "secret": "postgres://prod_user_rw:2$fP#qZ9!sW7@db.customer-api.prod.aws-us-east-1.rds.amazonaws.com:5432/payments_db", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 54, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7oL5dE6aF4gH2iJ1kC0pP9sT8yU2oO3zN7lI5xR4vG3bA2eC1d00jK6bM4lP", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpku9ur9bk/code.txt", + "line_number": 13, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWq", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7oL5dE6aF4gH2iJ1kC0pP9sT8yU2oO3zN7lI5xR4vG3bA2eC1d00jK6bM4lP", + "found_secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWq" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpku9ur9bk/code.txt", + "line_number": 13, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7oL5dE6aF4gH2iJ1kC0pP9sT8yU2oO3zN7lI5xR4vG3bA2eC1d00jK6bM4lP", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpku9ur9bk/code.txt", + "line_number": 13, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7oL5dE6aF4gH2iJ1kC0pP9sT8yU2oO3zN7lI5xR4vG3bA2eC1d00jK6bM4lP", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpku9ur9bk/code.txt", + "line_number": 13, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7oL5dE6aF4gH2iJ1kC0pP9sT8yU2oO3zN7lI5xR4vG3bA2eC1d00jK6bM4lP", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpku9ur9bk/code.txt", + "line_number": 15, + "secret": "/create-payment-intent', methods=['POST", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 4 + }, + { + "found_entries": [ + { + "line_number": 134, + "secret": "8S5R3ZQXDI1VMEG9N4Y2QWB7A7JH8W5C6I", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4nmb7n1c/code.txt", + "line_number": 20, + "secret": "8S5R3ZQXDI1VMEG9N4Y2QWB7A7JH8W5C6I", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [ + { + "line_number": 133, + "secret": "9a8b7c6d-5e4f-3a2b-1c0d-9f8e7d6c5b4a", + "label": "True Positive", + "expected_line": 19, + "reason": "not_detected" + }, + { + "line_number": 140, + "secret": "sUp3rS3cur3P@ssw0rd", + "label": "True Positive", + "expected_line": 26, + "reason": "not_detected" + }, + { + "line_number": 142, + "secret": "k3yP@ssw0rdF0rR3l3ase", + "label": "True Positive", + "expected_line": 28, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4nmb7n1c/code.txt", + "line_number": 20, + "secret": "String\", \"ETHERSCAN_API_KEY\", '\"8S5R3ZQXDI1VMEG9N4Y2QWB7A7JH8W5C6I", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 4, + "total_found": 1, + "total_missed": 3, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 33, + "secret": "ACf8e21a9c3b7d5f1e0a9b8c7d6e5f4a3b", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpk9d3knag/code.txt", + "line_number": 6, + "secret": "ACf8e21a9c3b7d5f1e0a9b8c7d6e5f4a3b", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 34, + "secret": "b4d2e1f0c3a4b5d6e7f8a9b0c1d2e3f4", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpk9d3knag/code.txt", + "line_number": 7, + "secret": "b4d2e1f0c3a4b5d6e7f8a9b0c1d2e3f4", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpk9d3knag/code.txt", + "line_number": 6, + "secret": "ACf8e21a9c3b7d5f1e0a9b8c7d6e5f4a3b", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpk9d3knag/code.txt", + "line_number": 6, + "secret": "ACf8e21a9c3b7d5f1e0a9b8c7d6e5f4a3b", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 2 + }, + { + "found_entries": [], + "not_found_entries": [ + { + "line_number": 119, + "secret": "RptUsr!pWd$2o21@9bF&", + "label": "True Positive", + "expected_line": 32, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpj1oxz4g4/code.txt", + "line_number": 15, + "secret": "aurora-master-credentials", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 0, + "total_missed": 1, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 73, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5elod3xf/code.txt", + "line_number": 9, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 75, + "secret": "{\"type\":\"service_account\",\"project_id\":\"core-infra-345213\",\"private_key_id\":\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRsK7pB6bFv9f6\\nc...\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"deploy-bot@core-infra-345213.iam.gserviceaccount.com\",\"client_id\":\"109876543210987654321\"}", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5elod3xf/code.txt", + "line_number": 11, + "secret": "BEGIN PRIVATE KEY", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "{\"type\":\"service_account\",\"project_id\":\"core-infra-345213\",\"private_key_id\":\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRsK7pB6bFv9f6\\nc...\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"deploy-bot@core-infra-345213.iam.gserviceaccount.com\",\"client_id\":\"109876543210987654321\"}", + "found_secret": "BEGIN PRIVATE KEY" + }, + { + "line_number": 97, + "secret": "https://hooks.slack.com/services/T00ABCD12EF/B01ZYXW3456/kLpQrStUvWxYzAbCdEfGhIjK", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5elod3xf/code.txt", + "line_number": 33, + "secret": "https://hooks.slack.com/services/T00ABCD12EF/B01ZYXW3456/kLpQrStUvWxYzAbCdEfGhIjK", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [ + { + "line_number": 74, + "secret": "Zp9aL8jV7bK4cH1fG6xWqSjU3mB7oL5dE6aF4gH2", + "label": "True Positive", + "expected_line": 10, + "reason": "not_detected" + } + ], + "false_positives": [], + "total_actual": 4, + "total_found": 3, + "total_missed": 1, + "total_false_positives": 0 + } + ], + "10": [ + { + "found_entries": [ + { + "line_number": 19, + "secret": "AKIAYJ5U4F6X3W2Z7Q8B", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpgru5ix29/code.txt", + "line_number": 5, + "secret": "AKIAYJ5U4F6X3W2Z7Q8B", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 20, + "secret": "vG9dK8jFpQ4sH7wB2uA1tY6zC0xL5nE3bV2mO4iP", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpgru5ix29/code.txt", + "line_number": 6, + "secret": "vG9dK8jFpQ4sH7wB2uA1tY6zC0xL5nE3bV2mO4iP", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpgru5ix29/code.txt", + "line_number": 5, + "secret": "AKIAYJ5U4F6X3W2Z7Q8B", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpgru5ix29/code.txt", + "line_number": 6, + "secret": "vG9dK8jFpQ4sH7wB2uA1tY6zC0xL5nE3bV2mO4iP", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpgru5ix29/code.txt", + "line_number": 6, + "secret": "vG9dK8jFpQ4sH7wB2uA1tY6zC0xL5nE3bV2mO4iP", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpgru5ix29/code.txt", + "line_number": 33, + "secret": "prod-analytics-data-lake-987345", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 4 + }, + { + "found_entries": [ + { + "line_number": 22, + "secret": "dckr_pat_u7hN2pL9xV4kG1mF3jZ8oR6cW0qYdE5sT2aB", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpq6r0otx9/code.txt", + "line_number": 22, + "secret": "dckr_pat_u7hN2pL9xV4kG1mF3jZ8oR6cW0qYdE5sT2aB", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 38, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpq6r0otx9/code.txt", + "line_number": 38, + "secret": "https://hooks.slack.com/services/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", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpq6r0otx9/code.txt", + "line_number": 22, + "secret": "dckr_pat_u7hN2pL9xV4kG1mF3jZ8oR6cW0qYdE5sT2aB", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpq6r0otx9/code.txt", + "line_number": 22, + "secret": "dckr_pat_u7hN2pL9xV4kG1mF3jZ8oR6cW0qYdE5sT2aB", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpq6r0otx9/code.txt", + "line_number": 38, + "secret": "https://hooks.slack.com/services/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", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 99, + "secret": "postgres://chat_svc_prod:p#9sW!z$kLqY8*3f@pg-prod-us-east-1.c4fgr7h8i9j0.rds.amazonaws.com:5432/chatapp_prod", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbdet_gfk/code.txt", + "line_number": 8, + "secret": "postgres://chat_svc_prod:p#9sW!z$kLqY8*3f@pg-prod-us-east-1.c4fgr7h8i9j0.rds.amazonaws.com:5432/chatapp_prod", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 105, + "secret": "sk-proj-jV7hG1mF9wX4kL6uT3nZ8oR2cY0pQdE5sA1bY9fC", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbdet_gfk/code.txt", + "line_number": 14, + "secret": "sk-proj-jV7hG1mF9wX4kL6uT3nZ8oR2cY0pQdE5sA1bY9fC", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbdet_gfk/code.txt", + "line_number": 14, + "secret": "sk-proj-jV7hG1mF9wX4kL6uT3nZ8oR2cY0pQdE5sA1bY9fC", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbdet_gfk/code.txt", + "line_number": 14, + "secret": "sk-proj-jV7hG1mF9wX4kL6uT3nZ8oR2cY0pQdE5sA1bY9fC", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbdet_gfk/code.txt", + "line_number": 20, + "secret": "/api/v1/chat/completions', methods=['POST", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbdet_gfk/code.txt", + "line_number": 35, + "secret": "role\": \"system\", \"content\": \"You are a helpful assistant.", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 4 + }, + { + "found_entries": [ + { + "line_number": 25, + "secret": "pk.eyJ1IjoiZGF0YWdlbmVuZ2luZSIsImEiOiJjbHB0dGZ3ajYwZ2hrMmtvNGVsbXNqbzY4In0.v8NlU2aP4_kS7gXzFhQ9rA", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp_su_5wup/code.txt", + "line_number": 19, + "secret": "pk.eyJ1IjoiZGF0YWdlbmVuZ2luZSIsImEiOiJjbHB0dGZ3ajYwZ2hrMmtvNGVsbXNqbzY4In0.v8NlU2aP4_kS7gXzFhQ9rA", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 29, + "secret": "https://9e2b1c4f8d6a3b0e7c5d9f1a8g3h5i7k@o451234.ingest.sentry.io/5432109", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp_su_5wup/code.txt", + "line_number": 23, + "secret": "https://9e2b1c4f8d6a3b0e7c5d9f1a8g3h5i7k@o451234.ingest.sentry.io/5432109", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp_su_5wup/code.txt", + "line_number": 26, + "secret": "https://api.geotracker.com/v2", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 68, + "secret": "AAAApcJ-Hk4:APA91bE3rZtUq_yG9sVxW5pKjL7hB8dC1fN0mO4iG2pJ6oS4tA0cQ7nV1wR9zY_lF5aK8uI3eB7fJ9dC2gH6vM5", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpapalvhyn/code.txt", + "line_number": 36, + "secret": "String\", \"FCM_SERVER_KEY\", '\"AAAApcJ-Hk4:APA91bE3rZtUq_yG9sVxW5pKjL7hB8dC1fN0mO4iG2pJ6oS4tA0cQ7nV1wR9zY_lF5aK8uI3eB7fJ9dC2gH6vM5", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "AAAApcJ-Hk4:APA91bE3rZtUq_yG9sVxW5pKjL7hB8dC1fN0mO4iG2pJ6oS4tA0cQ7nV1wR9zY_lF5aK8uI3eB7fJ9dC2gH6vM5", + "found_secret": "String\", \"FCM_SERVER_KEY\", '\"AAAApcJ-Hk4:APA91bE3rZtUq_yG9sVxW5pKjL7hB8dC1fN0mO4iG2pJ6oS4tA0cQ7nV1wR9zY_lF5aK8uI3eB7fJ9dC2gH6vM5" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpapalvhyn/code.txt", + "line_number": 23, + "secret": "proguard-android-optimize.txt'), 'proguard-rules.pro", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpapalvhyn/code.txt", + "line_number": 41, + "secret": "String\", \"FCM_SERVER_KEY\", '\"AAAAizX-Tq0:APA91bF...staging-key...", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 2 + } + ], + "11": [ + { + "found_entries": [ + { + "line_number": 97, + "secret": "postgres://order_svc_user:Ac3v!tY_p@sS_8hG#kL9@prod-db-cluster-1.us-east-1.rds.amazonaws.com:5432/orders_prod", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpmc4zckbr/code.txt", + "line_number": 10, + "secret": "postgres://order_svc_user:Ac3v!tY_p@sS_8hG#kL9@prod-db-cluster-1.us-east-1.rds.amazonaws.com:5432/orders_prod", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 106, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cr4jFzT8aGb0mXnL1fVd9rT2sYcW3uE4xS5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpmc4zckbr/code.txt", + "line_number": 19, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cr4jFzT8aGb0mXnL1fVd9rT2sYcW3uE4xS5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [ + { + "line_number": 103, + "secret": "rEd!sP@ssw0rd$tr0ngF0rProd753", + "label": "True Positive", + "expected_line": 16, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpmc4zckbr/code.txt", + "line_number": 15, + "secret": "prod-redis-main.f8c2d1.0001.use1.cache.amazonaws.com", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpmc4zckbr/code.txt", + "line_number": 19, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cr4jFzT8aGb0mXnL1fVd9rT2sYcW3uE4xS5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpmc4zckbr/code.txt", + "line_number": 19, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cr4jFzT8aGb0mXnL1fVd9rT2sYcW3uE4xS5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpmc4zckbr/code.txt", + "line_number": 19, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cr4jFzT", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpmc4zckbr/code.txt", + "line_number": 21, + "secret": "/health', methods=['GET", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 2, + "total_missed": 1, + "total_false_positives": 5 + }, + { + "found_entries": [ + { + "line_number": 62, + "secret": "AKIAU3Z4X5R6Y7I2QJ8M", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpn0_n1kc_/code.txt", + "line_number": 18, + "secret": "AKIAU3Z4X5R6Y7I2QJ8M", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 86, + "secret": "https://hooks.slack.com/services/T00AB1CD2EF/B01GH2JK3LM/xyZAbcDEfgHIjklMNOpQRSTuvwXy", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpn0_n1kc_/code.txt", + "line_number": 42, + "secret": "https://hooks.slack.com/services/T00AB1CD2EF/B01GH2JK3LM/xyZAbcDEfgHIjklMNOpQRSTuvwXy", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [ + { + "line_number": 63, + "secret": "9vR/mK1jLpFzXgY8cBu7DwEa4SdF2gH3iKlJnOp+", + "label": "True Positive", + "expected_line": 19, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpn0_n1kc_/code.txt", + "line_number": 42, + "secret": "https://hooks.slack.com/services/T00AB1CD2EF/B01GH2JK3LM/xyZAbcDEfgHIjklMNOpQRSTuvwXy", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 2, + "total_missed": 1, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 124, + "secret": "sk-ant-api03-S5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ9vR-mK1jLpFzXgY8cBu7DwEa4SdF2gH3iKlJnOpQ_AAA", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp3gh9_j0h/code.txt", + "line_number": 13, + "secret": "sk-ant-api03-S5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ9vR-mK1jLpFzXgY8cBu7DwEa4SdF2gH3iKlJnOpQ_AAA", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp3gh9_j0h/code.txt", + "line_number": 12, + "secret": "https://api.anthropic.com/v1/messages", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp3gh9_j0h/code.txt", + "line_number": 13, + "secret": "sk-ant-api03-S5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ9vR-mK1jLpFzXgY8cBu7DwEa4SdF2gH3iKlJnOpQ_AAA", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp3gh9_j0h/code.txt", + "line_number": 13, + "secret": "sk-ant-api03-S5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ9vR-mK1jLpFzXgY8cBu7DwEa4SdF2gH3iKlJnOpQ_AAA", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp3gh9_j0h/code.txt", + "line_number": 44, + "secret": "anthropic-version\", \"2023-06-01", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 4 + }, + { + "found_entries": [ + { + "line_number": 28, + "secret": "AIzaSyB9X8Y7Z6W5V4U3T2S1R0P9Q8O7N6M5L4", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpanii0q8z/code.txt", + "line_number": 8, + "secret": "AIzaSyB9X8Y7Z6W5V4U3T2S1R0P9Q8O7N6M5L4", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 45, + "secret": "https://b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8@o123456.ingest.sentry.io/7890123", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpanii0q8z/code.txt", + "line_number": 25, + "secret": "https://b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8@o123456.ingest.sentry.io/7890123", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 48, + "secret": "pk.eyJ1IjoiZGV2LWFjY291bnQiLCJhIjoiY2xwOXRzNWFjMDBsdDJrcWY2eGlrbmxmYSJ9.UThkRzFqazVwN3M0YjAyblRhbGF6UQ", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpanii0q8z/code.txt", + "line_number": 28, + "secret": "pk.eyJ1IjoiZGV2LWFjY291bnQiLCJhIjoiY2xwOXRzNWFjMDBsdDJrcWY2eGlrbmxmYSJ9.UThkRzFqazVwN3M0YjAyblRhbGF6UQ", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpanii0q8z/code.txt", + "line_number": 8, + "secret": "AIzaSyB9X8Y7Z6W5V4U3T2S1R0P9Q8O7N6M5L4", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpanii0q8z/code.txt", + "line_number": 8, + "secret": "AIzaSyB9X8Y7Z6W5V4U3T2S1R0P9Q8O7N6M5L4", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpanii0q8z/code.txt", + "line_number": 9, + "secret": "project-staging-a4b1c.firebaseapp.com", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpanii0q8z/code.txt", + "line_number": 13, + "secret": "1:123456789012:web:a1b2c3d4e5f6a7b8c9d0e1", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 4 + }, + { + "found_entries": [ + { + "line_number": 159, + "secret": "dd-api-a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbykjj_4e/code.txt", + "line_number": 10, + "secret": "export DATADOG_API_KEY=dd-api-a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "dd-api-a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", + "found_secret": "export DATADOG_API_KEY=dd-api-a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6" + }, + { + "line_number": 170, + "secret": "dop_v1_8d3e6f2a7b1c4d9f8a6e3b0c5d7f0a9b8c7d6e5f4a3b2c1d0e9f8a7b6c5d4e3f", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbykjj_4e/code.txt", + "line_number": 21, + "secret": "dop_v1_8d3e6f2a7b1c4d9f8a6e3b0c5d7f0a9b8c7d6e5f4a3b2c1d0e9f8a7b6c5d4e3f", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 186, + "secret": "DbP@ssw0rdF0rProd!2024*", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbykjj_4e/code.txt", + "line_number": 37, + "secret": "DbP@ssw0rdF0rProd!2024*", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbykjj_4e/code.txt", + "line_number": 1, + "secret": "digitalocean_droplet\" \"web_server", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbykjj_4e/code.txt", + "line_number": 11, + "secret": "bash -c \\\"$(curl -L https://raw.githubusercontent.com/DataDog/datadog-agent/master/cmd/agent/install_script.sh)\\\"", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbykjj_4e/code.txt", + "line_number": 24, + "secret": "digitalocean_database_cluster\" \"postgres_prod", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 3 + } + ], + "12": [ + { + "found_entries": [ + { + "line_number": 50, + "secret": "postgres://webapp_user:p$3#R7s@Q!9F@prod-db-cluster-1.c4f3g2h1i0j.us-west-2.rds.amazonaws.com:5432/main_app_db", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp7j3bv30h/code.txt", + "line_number": 9, + "secret": "postgres://webapp_user:p$3#R7s@Q!9F@prod-db-cluster-1.c4f3g2h1i0j.us-west-2.rds.amazonaws.com:5432/main_app_db", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 55, + "secret": "AC5f8e0a1b9c3d4e5f6a7b8c9d0e1f2a3b", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp7j3bv30h/code.txt", + "line_number": 14, + "secret": "AC5f8e0a1b9c3d4e5f6a7b8c9d0e1f2a3b", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 56, + "secret": "5a94025a4392a8b9f7a7751c1e95c4a1", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp7j3bv30h/code.txt", + "line_number": 15, + "secret": "5a94025a4392a8b9f7a7751c1e95c4a1", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp7j3bv30h/code.txt", + "line_number": 14, + "secret": "AC5f8e0a1b9c3d4e5f6a7b8c9d0e1f2a3b", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp7j3bv30h/code.txt", + "line_number": 14, + "secret": "AC5f8e0a1b9c3d4e5f6a7b8c9d0e1f2a3b", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp7j3bv30h/code.txt", + "line_number": 18, + "secret": "/api/v1/send-invite', methods=['POST", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp7j3bv30h/code.txt", + "line_number": 22, + "secret": "Welcome! Your verification code is 123456.", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 4 + }, + { + "found_entries": [ + { + "line_number": 31, + "secret": "AKIA4F5K6L7M8N9P0Q1R", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpjl8v8zm6/code.txt", + "line_number": 21, + "secret": "AKIA4F5K6L7M8N9P0Q1R", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 55, + "secret": "https://hooks.slack.com/services/T01B2C3D4E5/F6G7H8I9J0K/l1m2n3o4p5q6r7s8t9u0v1w2", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpjl8v8zm6/code.txt", + "line_number": 45, + "secret": "https://hooks.slack.com/services/T01B2C3D4E5/F6G7H8I9J0K/l1m2n3o4p5q6r7s8t9u0v1w2", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [ + { + "line_number": 32, + "secret": "7hGjKlMnOpQrStUvWxYzAbCdEfGhIjKlMnOpQrSt", + "label": "True Positive", + "expected_line": 22, + "reason": "not_detected" + } + ], + "false_positives": [], + "total_actual": 3, + "total_found": 2, + "total_missed": 1, + "total_false_positives": 0 + }, + { + "found_entries": [ + { + "line_number": 26, + "secret": "S3cuRe_dBP@ssw0rd-f0R-Pr0d!2023", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpl1e_z6me/code.txt", + "line_number": 12, + "secret": "S3cuRe_dBP@ssw0rd-f0R-Pr0d!2023", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [ + { + "line_number": 25, + "secret": "db_admin_master", + "label": "True Positive", + "expected_line": 11, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpl1e_z6me/code.txt", + "line_number": 12, + "secret": "S3cuRe_dBP@ssw0rd-f0R-Pr0d!2023", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpl1e_z6me/code.txt", + "line_number": 21, + "secret": "aws_security_group\" \"db_sg", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpl1e_z6me/code.txt", + "line_number": 34, + "secret": "aws_db_subnet_group\" \"default", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 1, + "total_missed": 1, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 14, + "secret": "AIzaSyB_V9zC5gE8fH7iJ6kL4mN3oP2qR1sT0uW", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmplo6k9aw7/code.txt", + "line_number": 7, + "secret": "AIzaSyB_V9zC5gE8fH7iJ6kL4mN3oP2qR1sT0uW", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 19, + "secret": "8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmplo6k9aw7/code.txt", + "line_number": 12, + "secret": "8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 24, + "secret": "https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o123456.ingest.sentry.io/7890123", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmplo6k9aw7/code.txt", + "line_number": 17, + "secret": "https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o123456.ingest.sentry.io/7890123", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmplo6k9aw7/code.txt", + "line_number": 7, + "secret": "AIzaSyB_V9zC5gE8fH7iJ6kL4mN3oP2qR1sT0uW", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmplo6k9aw7/code.txt", + "line_number": 7, + "secret": "AIzaSyB_V9zC5gE8fH7iJ6kL4mN3oP2qR1sT0uW", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmplo6k9aw7/code.txt", + "line_number": 26, + "secret": "Services Initialized with production keys.", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 71, + "secret": "7hV$kZ&mN@3qP!s9", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpu8nvd45t/code.txt", + "line_number": 17, + "secret": "7hV$kZ&mN@3qP!s9", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 79, + "secret": "97937562479e3b12328059332f78816c", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpu8nvd45t/code.txt", + "line_number": 25, + "secret": "97937562479e3b12328059332f78816c", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 80, + "secret": "2d0a5127f827913a48eacb9231f24f4648eacb92", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpu8nvd45t/code.txt", + "line_number": 26, + "secret": "2d0a5127f827913a48eacb9231f24f4648eacb92", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpu8nvd45t/code.txt", + "line_number": 5, + "secret": "github.com/go-redis/redis/v8", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpu8nvd45t/code.txt", + "line_number": 16, + "secret": "redis-11234.c264.ap-south-1-1.ec2.cloud.redislabs.com:11234", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 2 + } + ], + "13": [ + { + "found_entries": [ + { + "line_number": 91, + "secret": "AKIAU4V3K7J5P2QWSDYR", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp61qi_ra8/code.txt", + "line_number": 14, + "secret": "AKIAU4V3K7J5P2QWSDYR", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 92, + "secret": "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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp61qi_ra8/code.txt", + "line_number": 15, + "secret": "fT9zY3uBvRx+pLgWjN5oH8mKcVdEaGhIqJbXzL7s", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp61qi_ra8/code.txt", + "line_number": 10, + "secret": "\"\"Connects to S3 and processes files in a specific bucket.\"\"", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp61qi_ra8/code.txt", + "line_number": 11, + "secret": "Initializing S3 client for data processing...", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp61qi_ra8/code.txt", + "line_number": 15, + "secret": "fT9zY3uBvRx+pLgWjN5oH8mKcVdEaGhIqJbXzL7s", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp61qi_ra8/code.txt", + "line_number": 15, + "secret": "fT9zY3uBvRx+pLgWjN5oH8mKcVdEaGhIqJbXzL7s", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp61qi_ra8/code.txt", + "line_number": 15, + "secret": "fT9zY3uBvRx+pLgWjN5oH8mKcVdEaGhIqJbXzL7s", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp61qi_ra8/code.txt", + "line_number": 23, + "secret": "Listing objects in bucket: {bucket_name}", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp61qi_ra8/code.txt", + "line_number": 28, + "secret": "Found file: {obj['Key']}", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 7 + }, + { + "found_entries": [ + { + "line_number": 64, + "secret": "v#8kP!s7TqR2zL$mG@fD", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpuz3uh0nq/code.txt", + "line_number": 23, + "secret": "v#8kP!s7TqR2zL$mG@fD", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpuz3uh0nq/code.txt", + "line_number": 23, + "secret": "v#8kP!s7TqR2zL$mG@fD", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpuz3uh0nq/code.txt", + "line_number": 29, + "secret": "aws_security_group\" \"db", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 2 + }, + { + "found_entries": [ + { + "line_number": 128, + "secret": "postgres://webapp_svc:dG93nK#md!9S@pg-primary.prod.svc.cluster.local:5432/payments_db", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpikbjx8i3/code.txt", + "line_number": 14, + "secret": "postgres://webapp_svc:dG93nK#md!9S@pg-primary.prod.svc.cluster.local:5432/payments_db", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 144, + "secret": "sk_live_51Mv9BfGk7Lw3zYqSjU2dRaXt1cVhN8eIoP6bA5cZfTxW", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpikbjx8i3/code.txt", + "line_number": 30, + "secret": "sk_live_51Mv9BfGk7Lw3zYqSjU2dRaX", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "sk_live_51Mv9BfGk7Lw3zYqSjU2dRaXt1cVhN8eIoP6bA5cZfTxW", + "found_secret": "sk_live_51Mv9BfGk7Lw3zYqSjU2dRaX" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpikbjx8i3/code.txt", + "line_number": 11, + "secret": "github.com/stripe/stripe-go/v72", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpikbjx8i3/code.txt", + "line_number": 30, + "secret": "sk_live_51Mv9BfGk7Lw3zYqSjU2dRaXt1cVhN8eIoP6bA5cZfTxW", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpikbjx8i3/code.txt", + "line_number": 30, + "secret": "sk_live_51Mv9BfGk7Lw3zYqSjU2dRaXt1cVhN8eIoP6bA5cZfTxW", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 40, + "secret": "dckr_pat_1sA3fG5hJ8kL2mN4pQ6rT8uV0wX2z", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvbbk148f/code.txt", + "line_number": 20, + "secret": "dckr_pat_1sA3fG5hJ8kL2mN4pQ6rT8uV0wX2z", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [ + { + "line_number": 59, + "secret": "HRKU-a1b2c3d4-e5f6-7890-1234-567890abcdef", + "label": "True Positive", + "expected_line": 39, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvbbk148f/code.txt", + "line_number": 20, + "secret": "dckr_pat_1sA3fG5hJ8kL2mN4pQ6rT8uV0wX2z", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvbbk148f/code.txt", + "line_number": 20, + "secret": "dckr_pat_1sA3fG5hJ8kL2mN4pQ6rT8uV0wX2z", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 1, + "total_missed": 1, + "total_false_positives": 2 + }, + { + "found_entries": [ + { + "line_number": 193, + "secret": "SG.lI8pZ3jT9qW7eR1aV5bC0x.mK4oH6sN2yU9iO-pLgJ7fDcXvBwZqR", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpw2f_x_r2/code.txt", + "line_number": 14, + "secret": "SG.lI8pZ3jT9qW7eR1aV5bC0x.mK4oH6sN2yU9iO-pLgJ7fDcXvBwZqR", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 207, + "secret": "9u8x/A?D(G+KbPeShVmYp3s6v9y$B&E)", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpw2f_x_r2/code.txt", + "line_number": 28, + "secret": "9u8x/A?D(G+KbPeShVmYp3s6v9y$B&E)", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpw2f_x_r2/code.txt", + "line_number": 14, + "secret": "SG.lI8pZ3jT9qW7eR1aV5bC0x.mK4oH6sN2yU9iO-pLgJ7fDcXvBwZqR", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 1 + } + ], + "14": [ + { + "found_entries": [ + { + "line_number": 99, + "secret": "postgresql://order_svc:pL3#cV8@dK!zN@prod-db-eu-west-1.c4jwk9zabcdef.rds.amazonaws.com:5432/orders_prod", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpnolauby9/code.txt", + "line_number": 12, + "secret": "SQLALCHEMY_DATABASE_URI'] = 'postgresql://order_svc:pL3#cV8@dK!zN@prod-db-eu-west-1.c4jwk9zabcdef.rds.amazonaws.com:5432/orders_prod", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "postgresql://order_svc:pL3#cV8@dK!zN@prod-db-eu-west-1.c4jwk9zabcdef.rds.amazonaws.com:5432/orders_prod", + "found_secret": "SQLALCHEMY_DATABASE_URI'] = 'postgresql://order_svc:pL3#cV8@dK!zN@prod-db-eu-west-1.c4jwk9zabcdef.rds.amazonaws.com:5432/orders_prod" + }, + { + "line_number": 101, + "secret": "sk_live_51Mv4xEAklC1kABi8gqYtY9eBpJc7dFwZ7yX2vH3uL5bNqD6kRzT0fA9gS1hJk0bVcGfI4oE3mNlP2rWqAbcDef123", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpnolauby9/code.txt", + "line_number": 14, + "secret": "sk_live_51Mv4xEAklC1kABi8gqYtY9e", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "sk_live_51Mv4xEAklC1kABi8gqYtY9eBpJc7dFwZ7yX2vH3uL5bNqD6kRzT0fA9gS1hJk0bVcGfI4oE3mNlP2rWqAbcDef123", + "found_secret": "sk_live_51Mv4xEAklC1kABi8gqYtY9e" + }, + { + "line_number": 117, + "secret": "SG.s5h4z9k8TqO6y2n7v1m3pA.c4fGkRpLwE9xVbU3zJ8aQoI7tYdD5sW2iH6uX0O", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpnolauby9/code.txt", + "line_number": 30, + "secret": "SG.s5h4z9k8TqO6y2n7v1m3pA.c4fGkRpLwE9xVbU3zJ8aQoI7tYdD5sW2iH6uX0O", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpnolauby9/code.txt", + "line_number": 13, + "secret": "SQLALCHEMY_TRACK_MODIFICATIONS", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpnolauby9/code.txt", + "line_number": 14, + "secret": "sk_live_51Mv4xEAklC1kABi8gqYtY9eBpJc7dFwZ7yX2vH3uL5bNqD6kRzT0fA9gS1hJk0bVcGfI4oE3mNlP2rWqAbcDef123", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpnolauby9/code.txt", + "line_number": 14, + "secret": "sk_live_51Mv4xEAklC1kABi8gqYtY9eBpJc7dFwZ7yX2vH3uL5bNqD6kRzT0fA9gS1hJk0bVcGfI4oE3mNlP2rWqAbcDef123", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpnolauby9/code.txt", + "line_number": 14, + "secret": "sk_live_51Mv4xEAklC1kABi8gqYtY9eBpJc7dFwZ7yX2vH3uL5bNqD6kRzT0fA9gS1hJk0bVcGfI4oE3mNlP2rWqAbcDef123", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpnolauby9/code.txt", + "line_number": 24, + "secret": "/charge', methods=['POST", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpnolauby9/code.txt", + "line_number": 30, + "secret": "SG.s5h4z9k8TqO6y2n7v1m3pA.c4fGkRpLwE9xVbU3zJ8aQoI7tYdD5sW2iH6uX0O", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 6 + }, + { + "found_entries": [ + { + "line_number": 32, + "secret": "AKIA4F3PH5XH637P5Q2S", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpkucr5eaz/code.txt", + "line_number": 18, + "secret": "AKIA4F3PH5XH637P5Q2S", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 40, + "secret": "dckr_pat_aJkLmnOpQrStUvWxYzAbCdEfGhIjK12345", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpkucr5eaz/code.txt", + "line_number": 26, + "secret": "dckr_pat_aJkLmnOpQrStUvWxYzAbCdEfGhIjK12345", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [ + { + "line_number": 33, + "secret": "9jK/lM8nO3pQr7sT6uV1wXyZ0aB4cD8fE9gHh2iJ", + "label": "True Positive", + "expected_line": 19, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpkucr5eaz/code.txt", + "line_number": 26, + "secret": "dckr_pat_aJkLmnOpQrStUvWxYzAbCdEfGhIjK12345", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpkucr5eaz/code.txt", + "line_number": 26, + "secret": "dckr_pat_aJkLmnOpQrStUvWxYzAbCdEfGhIjK12345", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 2, + "total_missed": 1, + "total_false_positives": 2 + }, + { + "found_entries": [ + { + "line_number": 64, + "secret": "amqp://ingest_worker:HkP8#sF!t$jR@rabbitmq.prod.svc.cluster.local:5672/", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpsulwbg47/code.txt", + "line_number": 23, + "secret": "amqp://ingest_worker:HkP8#sF!t$jR@rabbitmq.prod.svc.cluster.local:5672/", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 74, + "secret": "R9bXmPZc$vT2sK!eN5wF8qGg4jA#7D", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpsulwbg47/code.txt", + "line_number": 33, + "secret": "R9bXmPZc$vT2sK!eN5wF8qGg4jA#7D", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpsulwbg47/code.txt", + "line_number": 8, + "secret": "github.com/go-redis/redis/v8", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpsulwbg47/code.txt", + "line_number": 9, + "secret": "github.com/streadway/amqp", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpsulwbg47/code.txt", + "line_number": 28, + "secret": "Successfully connected to RabbitMQ broker", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpsulwbg47/code.txt", + "line_number": 32, + "secret": "redis-master.prod.svc.cluster.local:6379", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpsulwbg47/code.txt", + "line_number": 33, + "secret": "R9bXmPZc$vT2sK!eN5wF8qGg4jA#7D", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 5 + }, + { + "found_entries": [ + { + "line_number": 123, + "secret": "Adm1nPassw0rd&SuperS3cure!v9h2k4m5", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp0mjdw57f/code.txt", + "line_number": 12, + "secret": "Adm1nPassw0rd&SuperS3cure!v9h2k4m5", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 138, + "secret": "kpat_9uGvP3wFxBzQr7YtL1sJmN5cH2oVb4fD8S", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp0mjdw57f/code.txt", + "line_number": 27, + "secret": "kpat_9uGvP3wFxBzQr7YtL1sJmN5cH2oVb4fD8S", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp0mjdw57f/code.txt", + "line_number": 12, + "secret": "Adm1nPassw0rd&SuperS3cure!v9h2k4m5", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp0mjdw57f/code.txt", + "line_number": 17, + "secret": "aws_lambda_function\" \"data_processor", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp0mjdw57f/code.txt", + "line_number": 27, + "secret": "kpat_9uGvP3wFxBzQr7YtL1sJmN5cH2oVb4fD8S", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 20, + "secret": "pk.eyJ1Ijoiam9obmRvZWNvcnAiLCJhIjoiY2xwYzh0ZzAyMGN3ZTJqcWpybHZ0MHEzayJ9.iG8jdU1cR3vBwF2pZ5oKqQ", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpyudjjgxb/code.txt", + "line_number": 20, + "secret": "pk.eyJ1Ijoiam9obmRvZWNvcnAiLCJhIjoiY2xwYzh0ZzAyMGN3ZTJqcWpybHZ0MHEzayJ9.iG8jdU1cR3vBwF2pZ5oKqQ", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 23, + "secret": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io/789012", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpyudjjgxb/code.txt", + "line_number": 23, + "secret": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io/789012", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpyudjjgxb/code.txt", + "line_number": 5, + "secret": "development' | 'production' | 'staging", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 1 + } + ], + "15": [ + { + "found_entries": [ + { + "line_number": 53, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpxbhaaccy/code.txt", + "line_number": 12, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 54, + "secret": "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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpxbhaaccy/code.txt", + "line_number": 13, + "secret": "jTpHv9rX8wB1nA6sF2gK7cZ5bV4mE0yL3dI9oU8a", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpxbhaaccy/code.txt", + "line_number": 9, + "secret": "corp-data-lake-prod-4815162342", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpxbhaaccy/code.txt", + "line_number": 13, + "secret": "jTpHv9rX8wB1nA6sF2gK7cZ5bV4mE0yL3dI9oU8a", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpxbhaaccy/code.txt", + "line_number": 13, + "secret": "jTpHv9rX8wB1nA6sF2gK7cZ5bV4mE0yL3dI9oU8a", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpxbhaaccy/code.txt", + "line_number": 13, + "secret": "jTpHv9rX8wB1nA6sF2gK7cZ5bV4mE0yL3dI9oU8a", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpxbhaaccy/code.txt", + "line_number": 18, + "secret": "\"\"Establishes a session with AWS S3 using hardcoded credentials.\"\"", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpxbhaaccy/code.txt", + "line_number": 33, + "secret": "\"\"Lists the contents of the configured S3 bucket.\"\"", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpxbhaaccy/code.txt", + "line_number": 34, + "secret": "Listing contents for bucket: {S3_BUCKET_NAME}", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 7 + }, + { + "found_entries": [ + { + "line_number": 134, + "secret": "8kL~7QjN_p9sFt.gY2vWzXbC-aH1mO6rE5", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5t5lc_ea/code.txt", + "line_number": 20, + "secret": "8kL~7QjN_p9sFt.gY2vWzXbC-aH1mO6rE5", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5t5lc_ea/code.txt", + "line_number": 20, + "secret": "8kL~7QjN_p9sFt.gY2vWzXbC-aH1mO6rE5", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5t5lc_ea/code.txt", + "line_number": 34, + "secret": "vnet-${var.environment_short}-01", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 2 + }, + { + "found_entries": [], + "not_found_entries": [ + { + "line_number": 13, + "secret": "E#9z$RFt@k*b2v!gHqP5sYuL", + "label": "True Positive", + "expected_line": 13, + "reason": "not_detected" + }, + { + "line_number": 23, + "secret": "YjJkNDY3YTZlY2U1MjRiYzhmNmU5ODE5ZjQ5NjA3YjI5ZWIzMDUyN2U0NjM5NWY1OTM2NGYxYzJkNWY4N2Y1NA==", + "label": "True Positive", + "expected_line": 23, + "reason": "not_detected" + } + ], + "false_positives": [], + "total_actual": 2, + "total_found": 0, + "total_missed": 2, + "total_false_positives": 0 + }, + { + "found_entries": [ + { + "line_number": 96, + "secret": "https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o123456.ingest.sentry.io/7890123", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp3onpytsz/code.txt", + "line_number": 9, + "secret": "https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o123456.ingest.sentry.io/7890123", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 105, + "secret": "pk.eyJ1IjoiZGFzaGJvYXJkdXNlciIsImEiOiJjazlzcDU0OWowMGR2M2Vud2IzaDV2ZHJtIn0.7gU6DqR7wE5qM1vN8sY2fQ", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp3onpytsz/code.txt", + "line_number": 18, + "secret": "pk.eyJ1IjoiZGFzaGJvYXJkdXNlciIsImEiOiJjazlzcDU0OWowMGR2M2Vud2IzaDV2ZHJtIn0.7gU6DqR7wE5qM1vN8sY2fQ", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp3onpytsz/code.txt", + "line_number": 19, + "secret": "mapbox://styles/mapbox/dark-v10", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 22, + "secret": "dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp583mqz0m/code.txt", + "line_number": 22, + "secret": "dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 39, + "secret": "https://hooks.slack.com/services/T00ABCDEF12/B00GHIJKL34/xYpQrStUvWxZaBcDeFgHiJkL", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp583mqz0m/code.txt", + "line_number": 39, + "secret": "https://hooks.slack.com/services/T00ABCDEF12/B00GHIJKL34/xYpQrStUvWxZaBcDeFgHiJkL", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 53, + "secret": "https://hooks.slack.com/services/T00ABCDEF12/B00GHIJKL34/xYpQrStUvWxZaBcDeFgHiJkL", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp583mqz0m/code.txt", + "line_number": 53, + "secret": "https://hooks.slack.com/services/T00ABCDEF12/B00GHIJKL34/xYpQrStUvWxZaBcDeFgHiJkL", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp583mqz0m/code.txt", + "line_number": 22, + "secret": "dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp583mqz0m/code.txt", + "line_number": 22, + "secret": "dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 2 + } + ], + "16": [ + { + "found_entries": [ + { + "line_number": 97, + "secret": "postgres://user_prod_rw:dG9m9#4k!sPq@db-prod-cluster.c8x4z1b2q3r.us-east-1.rds.amazonaws.com:5432/main_app", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpf4tgsfi5/code.txt", + "line_number": 10, + "secret": "postgres://user_prod_rw:dG9m9#4k!sPq@db-prod-cluster.c8x4z1b2q3r.us-east-1.rds.amazonaws.com:5432/main_app", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 98, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpf4tgsfi5/code.txt", + "line_number": 11, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 99, + "secret": "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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpf4tgsfi5/code.txt", + "line_number": 12, + "secret": "jT4vK9sL+pQ8wX6zC2nH7bF1gR5eD3aU0iO/mNkW", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpf4tgsfi5/code.txt", + "line_number": 11, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpf4tgsfi5/code.txt", + "line_number": 12, + "secret": "jT4vK9sL+pQ8wX6zC2nH7bF1gR5eD3aU0iO/mNkW", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpf4tgsfi5/code.txt", + "line_number": 12, + "secret": "jT4vK9sL+pQ8wX6zC2nH7bF1gR5eD3aU0iO/mNkW", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpf4tgsfi5/code.txt", + "line_number": 22, + "secret": "/api/v1/users/', methods=['GET", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 4 + }, + { + "found_entries": [ + { + "line_number": 59, + "secret": "sqp_a8b3f0c1d2e4a5b6c7d8e9f0a1b2c3d4e5f6a7b8", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp0mk8t1b7/code.txt", + "line_number": 18, + "secret": "sqp_a8b3f0c1d2e4a5b6c7d8e9f0a1b2c3d4e5f6a7b8", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 74, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp0mk8t1b7/code.txt", + "line_number": 33, + "secret": "https://hooks.slack.com/services/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", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp0mk8t1b7/code.txt", + "line_number": 33, + "secret": "https://hooks.slack.com/services/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", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp0mk8t1b7/code.txt", + "line_number": 36, + "secret": "The latest build from `main` has been deployed to the staging environment.", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 2 + }, + { + "found_entries": [ + { + "line_number": 36, + "secret": "{\\\"type\\\": \\\"service_account\\\",\\\"project_id\\\": \\\"corp-infra-314159\\\",\\\"private_key_id\\\": \\\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\\\",\\\"private_key\\\": \\\"-----BEGIN PRIVATE KEY-----\\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAO3B...\\n-----END PRIVATE KEY-----\\n\\\",\\\"client_email\\\": \\\"terraform@corp-infra-314159.iam.gserviceaccount.com\\\",\\\"client_id\\\": \\\"123456789012345678901\\\",\\\"auth_uri\\\": \\\"https://accounts.google.com/o/oauth2/auth\\\",\\\"token_uri\\\": \\\"https://oauth2.googleapis.com/token\\\",\\\"auth_provider_x509_cert_url\\\": \\\"https://www.googleapis.com/oauth2/v1/certs\\\",\\\"client_x509_cert_url\\\": \\\"https://www.googleapis.com/robot/v1/metadata/x509/terraform%40corp-infra-314159.iam.gserviceaccount.com\\\"}", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp8e7sgobq/code.txt", + "line_number": 4, + "secret": "BEGIN PRIVATE KEY", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "{\\\"type\\\": \\\"service_account\\\",\\\"project_id\\\": \\\"corp-infra-314159\\\",\\\"private_key_id\\\": \\\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\\\",\\\"private_key\\\": \\\"-----BEGIN PRIVATE KEY-----\\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAO3B...\\n-----END PRIVATE KEY-----\\n\\\",\\\"client_email\\\": \\\"terraform@corp-infra-314159.iam.gserviceaccount.com\\\",\\\"client_id\\\": \\\"123456789012345678901\\\",\\\"auth_uri\\\": \\\"https://accounts.google.com/o/oauth2/auth\\\",\\\"token_uri\\\": \\\"https://oauth2.googleapis.com/token\\\",\\\"auth_provider_x509_cert_url\\\": \\\"https://www.googleapis.com/oauth2/v1/certs\\\",\\\"client_x509_cert_url\\\": \\\"https://www.googleapis.com/robot/v1/metadata/x509/terraform%40corp-infra-314159.iam.gserviceaccount.com\\\"}", + "found_secret": "BEGIN PRIVATE KEY" + }, + { + "line_number": 40, + "secret": "dd_api_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp8e7sgobq/code.txt", + "line_number": 8, + "secret": "dd_api_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp8e7sgobq/code.txt", + "line_number": 8, + "secret": "dd_api_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp8e7sgobq/code.txt", + "line_number": 12, + "secret": "google_compute_instance\" \"web_server", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 2 + }, + { + "found_entries": [ + { + "line_number": 120, + "secret": "https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o123456.ingest.sentry.io/7890123", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9r5pchan/code.txt", + "line_number": 9, + "secret": "https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o123456.ingest.sentry.io/7890123", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 128, + "secret": "pk.eyJ1IjoibXljb29sZGV2IiwiYSI6ImNrdjRzM2l2ZDBsYjQyd3M0cGszbTNnNHAifQ.H9f_zAbCdEfGhIjKlMnOpQ", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9r5pchan/code.txt", + "line_number": 17, + "secret": "pk.eyJ1IjoibXljb29sZGV2IiwiYSI6ImNrdjRzM2l2ZDBsYjQyd3M0cGszbTNnNHAifQ.H9f_zAbCdEfGhIjKlMnOpQ", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 0 + }, + { + "found_entries": [ + { + "line_number": 13, + "secret": "T#8sLpVm9@zQ!wY7", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5e1h3jnq/code.txt", + "line_number": 13, + "secret": "T#8sLpVm9@zQ!wY7", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 19, + "secret": "3xP1rE_N3v3r_5tRoNg_PA55!", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5e1h3jnq/code.txt", + "line_number": 19, + "secret": "3xP1rE_N3v3r_5tRoNg_PA55!", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 22, + "secret": "key-0987654321fedcba0987654321fedcba", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5e1h3jnq/code.txt", + "line_number": 22, + "secret": "key-0987654321fedcba0987654321fedcba", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5e1h3jnq/code.txt", + "line_number": 6, + "secret": "Customer Relationship Management API", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5e1h3jnq/code.txt", + "line_number": 11, + "secret": "jdbc:postgresql://prod-db-1.internal:5432/crm_prod", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 2 + } + ], + "17": [ + { + "found_entries": [ + { + "line_number": 80, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp_lhu5qz2/code.txt", + "line_number": 9, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 81, + "secret": "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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp_lhu5qz2/code.txt", + "line_number": 10, + "secret": "pL8vGkZ9sN1mBfI6jH4cUaT3yXwE7rF0oVqD2sW5", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp_lhu5qz2/code.txt", + "line_number": 9, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp_lhu5qz2/code.txt", + "line_number": 10, + "secret": "pL8vGkZ9sN1mBfI6jH4cUaT3yXwE7rF0oVqD2sW5", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp_lhu5qz2/code.txt", + "line_number": 10, + "secret": "pL8vGkZ9sN1mBfI6jH4cUaT3yXwE7rF0oVqD2sW5", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp_lhu5qz2/code.txt", + "line_number": 19, + "secret": "/api/v1/upload', methods=['POST", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp_lhu5qz2/code.txt", + "line_number": 33, + "secret": "message': f'File {file.filename} uploaded successfully.", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 5 + }, + { + "found_entries": [ + { + "line_number": 57, + "secret": "E#u8!pS$t9rWbK@zL7m3vN&yQ2xH", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp950gip35/code.txt", + "line_number": 17, + "secret": "E#u8!pS$t9rWbK@zL7m3vN&yQ2xH", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp950gip35/code.txt", + "line_number": 17, + "secret": "E#u8!pS$t9rWbK@zL7m3vN&yQ2xH", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp950gip35/code.txt", + "line_number": 30, + "secret": "aws_security_group\" \"db_sg", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 2 + }, + { + "found_entries": [ + { + "line_number": 40, + "secret": "dckr_pat_a4sRgT9iOpQ2mZl8vWb7nXc1jYkFhG5uE-r3v", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmppz28cn17/code.txt", + "line_number": 23, + "secret": "dckr_pat_a4sRgT9iOpQ2mZl8vWb7nXc1jYkFhG5uE-r3v", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 52, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmppz28cn17/code.txt", + "line_number": 35, + "secret": "https://hooks.slack.com/services/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", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 57, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmppz28cn17/code.txt", + "line_number": 40, + "secret": "Content-type: application/json' --data '{\"text\":\"Deployment of `auth-service` failed!\"}", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "https://hooks.slack.com/services/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", + "found_secret": "Content-type: application/json' --data '{\"text\":\"Deployment of `auth-service` failed!\"}" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmppz28cn17/code.txt", + "line_number": 23, + "secret": "dckr_pat_a4sRgT9iOpQ2mZl8vWb7nXc1jYkFhG5uE-r3v", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmppz28cn17/code.txt", + "line_number": 23, + "secret": "dckr_pat_a4sRgT9iOpQ2mZl8vWb7nXc1jYkFhG5uE-r3v", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmppz28cn17/code.txt", + "line_number": 35, + "secret": "Content-type: application/json' --data '{\"text\":\"Deployment of `auth-service` succeeded.\"}", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 118, + "secret": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o1234567.ingest.sentry.io/1234567", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwa7tisiq/code.txt", + "line_number": 7, + "secret": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o1234567.ingest.sentry.io/1234567", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 124, + "secret": "pk.eyJ1Ijoiam9obmRvZXVzZXIxMiIsImEiOiJjbGo4YXRzdzIwMHg4M2VudW1hYjM2ajBiIn0.5aPq3iL9bR8vJkCw1sF4nQ", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwa7tisiq/code.txt", + "line_number": 13, + "secret": "pk.eyJ1Ijoiam9obmRvZXVzZXIxMiIsImEiOiJjbGo4YXRzdzIwMHg4M2VudW1hYjM2ajBiIn0.5aPq3iL9bR8vJkCw1sF4nQ", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 0 + }, + { + "found_entries": [ + { + "line_number": 218, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzcnYtZGF0YS1yZXRyaWV2ZXIiLCJpc3MiOiJhdXRoLXNlcnZpY2UiLCJhdWQiOiJkYXRhLWFwaSIsImV4cCI6MTcxOTk1ODAwMCwiaWF0IjoxNzE5OTU0NDAwLCJzY29wZSI6InVzZXI6cmVhZCJ9.K4gTfH9sLw2RjZpYn7oVxC8uEaD6mXwB1qI0sPzKjJc", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpzu5svt80/code.txt", + "line_number": 18, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzcnYtZGF0YS1yZXRyaWV2ZXIiLCJpc3MiOiJhdXRoLXNlcnZpY2UiLCJhdWQiOiJkYXRhLWFwaSIsImV4cCI6MTcxOTk1ODAwMCwiaWF0IjoxNzE5OTU0NDAwLCJzY29wZSI6InVzZXI6cmVhZCJ9.", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzcnYtZGF0YS1yZXRyaWV2ZXIiLCJpc3MiOiJhdXRoLXNlcnZpY2UiLCJhdWQiOiJkYXRhLWFwaSIsImV4cCI6MTcxOTk1ODAwMCwiaWF0IjoxNzE5OTU0NDAwLCJzY29wZSI6InVzZXI6cmVhZCJ9.K4gTfH9sLw2RjZpYn7oVxC8uEaD6mXwB1qI0sPzKjJc", + "found_secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzcnYtZGF0YS1yZXRyaWV2ZXIiLCJpc3MiOiJhdXRoLXNlcnZpY2UiLCJhdWQiOiJkYXRhLWFwaSIsImV4cCI6MTcxOTk1ODAwMCwiaWF0IjoxNzE5OTU0NDAwLCJzY29wZSI6InVzZXI6cmVhZCJ9." + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpzu5svt80/code.txt", + "line_number": 18, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzcnYtZGF0YS1yZXRyaWV2ZXIiLCJpc3MiOiJhdXRoLXNlcnZpY2UiLCJhdWQiOiJkYXRhLWFwaSIsImV4cCI6MTcxOTk1ODAwMCwiaWF0IjoxNzE5OTU0NDAwLCJzY29wZSI6InVzZXI6cmVhZCJ9.K4gTfH9sLw2RjZpYn7oVxC8uEaD6mXwB1qI0sPzKjJc", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpzu5svt80/code.txt", + "line_number": 26, + "secret": "Content-Type\", \"application/json", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpzu5svt80/code.txt", + "line_number": 44, + "secret": "Usage: go run main.go ", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpzu5svt80/code.txt", + "line_number": 49, + "secret": "Error fetching user data: %v", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 4 + } + ], + "18": [ + { + "found_entries": [ + { + "line_number": 123, + "secret": "ACd2ae2e27b6c845b29c0f8e9a3d1c4b6f", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwf1_2qsg/code.txt", + "line_number": 12, + "secret": "ACd2ae2e27b6c845b29c0f8e9a3d1c4b6f", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 124, + "secret": "8a3f5b7c9d1e6f4a2b9c8d7e5f3a1b0c", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwf1_2qsg/code.txt", + "line_number": 13, + "secret": "8a3f5b7c9d1e6f4a2b9c8d7e5f3a1b0c", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 136, + "secret": "SG.f4Jk9sL2QpWzX8vY7uA1tG.hR3iP6oV5bN4mK1jL9cD8gE7F2sA3qB0iO6uY4eWzZ", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwf1_2qsg/code.txt", + "line_number": 25, + "secret": "SG.f4Jk9sL2QpWzX8vY7uA1tG.hR3iP6oV5bN4mK1jL9cD8gE7F2sA3qB0iO6uY4eWzZ", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwf1_2qsg/code.txt", + "line_number": 8, + "secret": "github.com/sendgrid/sendgrid-go/helpers/mail", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwf1_2qsg/code.txt", + "line_number": 12, + "secret": "ACd2ae2e27b6c845b29c0f8e9a3d1c4b6f", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwf1_2qsg/code.txt", + "line_number": 12, + "secret": "ACd2ae2e27b6c845b29c0f8e9a3d1c4b6f", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 57, + "secret": "dckr_pat_1kIuR9vO7mS3xZ5yQ2jF8bN6pL4cH0gA9dE", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9669k67l/code.txt", + "line_number": 13, + "secret": "dckr_pat_1kIuR9vO7mS3xZ5yQ2jF8bN6pL4cH0gA9dE", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 58, + "secret": "apiVersion: v1\\nclusters:\\n- cluster:\\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lKQU9ocFlVbEpxdEVsTUEwR0NTcUdTSWIzRFFFQkN3VUFNQWd4Q3pBSkJnTlYKQkFZVEFrTk9NUkV3RHdZRFZRUUhFd2xQYms1dllteHZZMkZzYUc5emREb0tNQk1HQTFVRUNnd01SR1ZzYkc5egpjeUJCYkdGaVlXMGlhSFl4RURBT0JnTlZCQWNUQjBKc2IyRmtiaUJrYjI1amIyNHdIaGNOTWpFd05qRTFNRGc1CldqQm5aGFk5TWpZeU9ERXhNVFV3V2pBTUJnOHdDUVlEVlFRR0V3SlZVekVSTUE4R0ExVUVDQXdJVGs5eWVTQkIKZFhSb2IzSnBlbVJOZVhOMFpXUkJjblZsY21sbklqcDdNQ01HQTFVRUN3d01SR1ZzYkc5emN5QkJiR0ZpWVcwMQpMWFJ2SUZCQmdrcWhraUc5dzBCQVFzRkFBT0NBUThBTUlJQkNnS0NBUUVBNzJSM2x4VmhYUXFvbU55U3U3V3UKU0J3aEVyY2tlcVp3YXdJbmd0VzFwK2J2RjJ0em80VnFmcE5kSG53N2sxcFp0a1FtbUtHcHdLVGxtV295b2lCCnhaYlhmTlpzQzF6OGprVUtzZncrL2x3emJ4K0d4TmVqYzdqQnhwVnJ0VnQ1aWJCVllWc3J0K25wV1B5ZEZnOAphRjU2SlNuS081R3BqV0YwZkhGdzN3bFlmZ3JGYXBCMzQ4K3Bqam1FSE1wUkZkQmltUXh2MjQxb05kQ3l0VgppaE9sT090R3Y2ajN4dkw1Rkt3a3d5ZzR0VmFydG14N3VlMWxVSHRFV0FwWWVvUHVVbFFuN1N5K2Z4M0RVSDEKU2dGWWJ2V0w1VFFQdEtJb1JpWXhQd0lEQVFBQm8xTXdVVEFkQmdOVkhRNEVGZ1FVeEtTMmZHRStpZEtGZ3pvCkhCMUo3akU2MzhNd0N3WURWUjBQQkFRREFnRUdNQThHQTFVZEV3RUIvd1FGTUFvR0NDc0dBUVVCRndNQ01BOEcKQTFVZEpRUU1NQW9HQ0NzR0FRVUZCd01DQmdnckJnRUZCUWNEQWdZSUt3WUJCUVVIQXdFd0RRWUpLb1pJaHZjTgpBUUVMQlFBRGdnRUJBSjZJekNid1B6dE9XbHhEVWw3bnd3bW14enVqV0d5UFNkY1FkSXZyTmM2UWhvYkZ4bgpHMVl1WllKdkdYQ2ZpZ3BvSlhpUmRuc0x6M2hTNVpSN0lXNnduNkZ6d2x1U3Z6TWltdENnQy8xSkJ2aG9tSwp0NzlJOG05S2Q3dHZ0QWZvRytzNFNUeWdndzN5VnhIdVAvUHV1c2hJbTNQWEt6MVZlZ1E1MWp0ckVlSWU4MjgKQyt2VnBLd1d5QmpMUE9sV3g2b1U5akd1MXNWSldYV210VFF0N3hBcVJkMVdJMEV4YW5iSmZ0TzJtQ2t2eGtrClR0ZUVtMzdIbnZkK3dOOUQ3dVRiYjBwLyt3d3N0T2cvQVVtb1B2Lyt3TG5PQVp6QklYUk1BMG89Ci0tLS0tRU5EIENFUlRJTklDQVRFLS0tLS0K", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9669k67l/code.txt", + "line_number": 14, + "secret": "apiVersion: v1\\nclusters:\\n- cluster:\\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lKQU9ocFlVbEpxdEVsTUEwR0NTcUdTSWIzRFFFQkN3VUFNQWd4Q3pBSkJnTlYKQkFZVEFrTk9NUkV3RHdZRFZRUUhFd2xQYms1dllteHZZMkZzYUc5emREb0tNQk1HQTFVRUNnd01SR1ZzYkc5egpjeUJCYkdGaVlXMGlhSFl4RURBT0JnTlZCQWNUQjBKc2IyRmtiaUJrYjI1amIyNHdIaGNOTWpFd05qRTFNRGc1CldqQm5aGFk5TWpZeU9ERXhNVFV3V2pBTUJnOHdDUVlEVlFRR0V3SlZVekVSTUE4R0ExVUVDQXdJVGs5eWVTQkIKZFhSb2IzSnBlbVJOZVhOMFpXUkJjblZsY21sbklqcDdNQ01HQTFVRUN3d01SR1ZzYkc5emN5QkJiR0ZpWVcwMQpMWFJ2SUZCQmdrcWhraUc5dzBCQVFzRkFBT0NBUThBTUlJQkNnS0NBUUVBNzJSM2x4VmhYUXFvbU55U3U3V3UKU0J3aEVyY2tlcVp3YXdJbmd0VzFwK2J2RjJ0em80VnFmcE5kSG53N2sxcFp0a1FtbUtHcHdLVGxtV295b2lCCnhaYlhmTlpzQzF6OGprVUtzZncrL2x3emJ4K0d4TmVqYzdqQnhwVnJ0VnQ1aWJCVllWc3J0K25wV1B5ZEZnOAphRjU2SlNuS081R3BqV0YwZkhGdzN3bFlmZ3JGYXBCMzQ4K3Bqam1FSE1wUkZkQmltUXh2MjQxb05kQ3l0VgppaE9sT090R3Y2ajN4dkw1Rkt3a3d5ZzR0VmFydG14N3VlMWxVSHRFV0FwWWVvUHVVbFFuN1N5K2Z4M0RVSDEKU2dGWWJ2V0w1VFFQdEtJb1JpWXhQd0lEQVFBQm8xTXdVVEFkQmdOVkhRNEVGZ1FVeEtTMmZHRStpZEtGZ3pvCkhCMUo3akU2MzhNd0N3WURWUjBQQkFRREFnRUdNQThHQTFVZEV3RUIvd1FGTUFvR0NDc0dBUVVCRndNQ01BOEcKQTFVZEpRUU1NQW9HQ0NzR0FRVUZCd01DQmdnckJnRUZCUWNEQWdZSUt3WUJCUVVIQXdFd0RRWUpLb1pJaHZjTgpBUUVMQlFBRGdnRUJBSjZJekNid1B6dE9XbHhEVWw3bnd3bW14enVqV0d5UFNkY1FkSXZyTmM2UWhvYkZ4bgpHMVl1WllKdkdYQ2ZpZ3BvSlhpUmRuc0x6M2hTNVpSN0lXNnduNkZ6d2x1U3Z6TWltdENnQy8xSkJ2aG9tSwp0NzlJOG05S2Q3dHZ0QWZvRytzNFNUeWdndzN5VnhIdVAvUHV1c2hJbTNQWEt6MVZlZ1E1MWp0ckVlSWU4MjgKQyt2VnBLd1d5QmpMUE9sV3g2b1U5akd1MXNWSldYV210VFF0N3hBcVJkMVdJMEV4YW5iSmZ0TzJtQ2t2eGtrClR0ZUVtMzdIbnZkK3dOOUQ3dVRiYjBwLyt3d3N0T2cvQVVtb1B2Lyt3TG5PQVp6QklYUk1BMG89Ci0tLS0tRU5EIENFUlRJTklDQVRFLS0tLS0K server: https://1a2b3c4d-e5f6-7890.k8s.ondigitalocean.com\\n name: do-sfo2-prod-cluster\\ncontexts:\\n- context:\\n cluster: do-sfo2-prod-cluster\\n user: do-sfo2-prod-cluster-admin\\n name: do-sfo2-prod-cluster\\ncurrent-context: do-sfo2-prod-cluster\\nkind: Config\\npreferences: {}\\nusers:\\n- name: do-sfo2-prod-cluster-admin\\n user:\\n token: dop_v1_a738c2f10d9e8b6d4c5b9f7a8e2d1c0b3a4f5d6e7g8h9i0j1k_prod_token\\n", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "apiVersion: v1\\nclusters:\\n- cluster:\\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lKQU9ocFlVbEpxdEVsTUEwR0NTcUdTSWIzRFFFQkN3VUFNQWd4Q3pBSkJnTlYKQkFZVEFrTk9NUkV3RHdZRFZRUUhFd2xQYms1dllteHZZMkZzYUc5emREb0tNQk1HQTFVRUNnd01SR1ZzYkc5egpjeUJCYkdGaVlXMGlhSFl4RURBT0JnTlZCQWNUQjBKc2IyRmtiaUJrYjI1amIyNHdIaGNOTWpFd05qRTFNRGc1CldqQm5aGFk5TWpZeU9ERXhNVFV3V2pBTUJnOHdDUVlEVlFRR0V3SlZVekVSTUE4R0ExVUVDQXdJVGs5eWVTQkIKZFhSb2IzSnBlbVJOZVhOMFpXUkJjblZsY21sbklqcDdNQ01HQTFVRUN3d01SR1ZzYkc5emN5QkJiR0ZpWVcwMQpMWFJ2SUZCQmdrcWhraUc5dzBCQVFzRkFBT0NBUThBTUlJQkNnS0NBUUVBNzJSM2x4VmhYUXFvbU55U3U3V3UKU0J3aEVyY2tlcVp3YXdJbmd0VzFwK2J2RjJ0em80VnFmcE5kSG53N2sxcFp0a1FtbUtHcHdLVGxtV295b2lCCnhaYlhmTlpzQzF6OGprVUtzZncrL2x3emJ4K0d4TmVqYzdqQnhwVnJ0VnQ1aWJCVllWc3J0K25wV1B5ZEZnOAphRjU2SlNuS081R3BqV0YwZkhGdzN3bFlmZ3JGYXBCMzQ4K3Bqam1FSE1wUkZkQmltUXh2MjQxb05kQ3l0VgppaE9sT090R3Y2ajN4dkw1Rkt3a3d5ZzR0VmFydG14N3VlMWxVSHRFV0FwWWVvUHVVbFFuN1N5K2Z4M0RVSDEKU2dGWWJ2V0w1VFFQdEtJb1JpWXhQd0lEQVFBQm8xTXdVVEFkQmdOVkhRNEVGZ1FVeEtTMmZHRStpZEtGZ3pvCkhCMUo3akU2MzhNd0N3WURWUjBQQkFRREFnRUdNQThHQTFVZEV3RUIvd1FGTUFvR0NDc0dBUVVCRndNQ01BOEcKQTFVZEpRUU1NQW9HQ0NzR0FRVUZCd01DQmdnckJnRUZCUWNEQWdZSUt3WUJCUVVIQXdFd0RRWUpLb1pJaHZjTgpBUUVMQlFBRGdnRUJBSjZJekNid1B6dE9XbHhEVWw3bnd3bW14enVqV0d5UFNkY1FkSXZyTmM2UWhvYkZ4bgpHMVl1WllKdkdYQ2ZpZ3BvSlhpUmRuc0x6M2hTNVpSN0lXNnduNkZ6d2x1U3Z6TWltdENnQy8xSkJ2aG9tSwp0NzlJOG05S2Q3dHZ0QWZvRytzNFNUeWdndzN5VnhIdVAvUHV1c2hJbTNQWEt6MVZlZ1E1MWp0ckVlSWU4MjgKQyt2VnBLd1d5QmpMUE9sV3g2b1U5akd1MXNWSldYV210VFF0N3hBcVJkMVdJMEV4YW5iSmZ0TzJtQ2t2eGtrClR0ZUVtMzdIbnZkK3dOOUQ3dVRiYjBwLyt3d3N0T2cvQVVtb1B2Lyt3TG5PQVp6QklYUk1BMG89Ci0tLS0tRU5EIENFUlRJTklDQVRFLS0tLS0K", + "found_secret": "apiVersion: v1\\nclusters:\\n- cluster:\\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lKQU9ocFlVbEpxdEVsTUEwR0NTcUdTSWIzRFFFQkN3VUFNQWd4Q3pBSkJnTlYKQkFZVEFrTk9NUkV3RHdZRFZRUUhFd2xQYms1dllteHZZMkZzYUc5emREb0tNQk1HQTFVRUNnd01SR1ZzYkc5egpjeUJCYkdGaVlXMGlhSFl4RURBT0JnTlZCQWNUQjBKc2IyRmtiaUJrYjI1amIyNHdIaGNOTWpFd05qRTFNRGc1CldqQm5aGFk5TWpZeU9ERXhNVFV3V2pBTUJnOHdDUVlEVlFRR0V3SlZVekVSTUE4R0ExVUVDQXdJVGs5eWVTQkIKZFhSb2IzSnBlbVJOZVhOMFpXUkJjblZsY21sbklqcDdNQ01HQTFVRUN3d01SR1ZzYkc5emN5QkJiR0ZpWVcwMQpMWFJ2SUZCQmdrcWhraUc5dzBCQVFzRkFBT0NBUThBTUlJQkNnS0NBUUVBNzJSM2x4VmhYUXFvbU55U3U3V3UKU0J3aEVyY2tlcVp3YXdJbmd0VzFwK2J2RjJ0em80VnFmcE5kSG53N2sxcFp0a1FtbUtHcHdLVGxtV295b2lCCnhaYlhmTlpzQzF6OGprVUtzZncrL2x3emJ4K0d4TmVqYzdqQnhwVnJ0VnQ1aWJCVllWc3J0K25wV1B5ZEZnOAphRjU2SlNuS081R3BqV0YwZkhGdzN3bFlmZ3JGYXBCMzQ4K3Bqam1FSE1wUkZkQmltUXh2MjQxb05kQ3l0VgppaE9sT090R3Y2ajN4dkw1Rkt3a3d5ZzR0VmFydG14N3VlMWxVSHRFV0FwWWVvUHVVbFFuN1N5K2Z4M0RVSDEKU2dGWWJ2V0w1VFFQdEtJb1JpWXhQd0lEQVFBQm8xTXdVVEFkQmdOVkhRNEVGZ1FVeEtTMmZHRStpZEtGZ3pvCkhCMUo3akU2MzhNd0N3WURWUjBQQkFRREFnRUdNQThHQTFVZEV3RUIvd1FGTUFvR0NDc0dBUVVCRndNQ01BOEcKQTFVZEpRUU1NQW9HQ0NzR0FRVUZCd01DQmdnckJnRUZCUWNEQWdZSUt3WUJCUVVIQXdFd0RRWUpLb1pJaHZjTgpBUUVMQlFBRGdnRUJBSjZJekNid1B6dE9XbHhEVWw3bnd3bW14enVqV0d5UFNkY1FkSXZyTmM2UWhvYkZ4bgpHMVl1WllKdkdYQ2ZpZ3BvSlhpUmRuc0x6M2hTNVpSN0lXNnduNkZ6d2x1U3Z6TWltdENnQy8xSkJ2aG9tSwp0NzlJOG05S2Q3dHZ0QWZvRytzNFNUeWdndzN5VnhIdVAvUHV1c2hJbTNQWEt6MVZlZ1E1MWp0ckVlSWU4MjgKQyt2VnBLd1d5QmpMUE9sV3g2b1U5akd1MXNWSldYV210VFF0N3hBcVJkMVdJMEV4YW5iSmZ0TzJtQ2t2eGtrClR0ZUVtMzdIbnZkK3dOOUQ3dVRiYjBwLyt3d3N0T2cvQVVtb1B2Lyt3TG5PQVp6QklYUk1BMG89Ci0tLS0tRU5EIENFUlRJTklDQVRFLS0tLS0K server: https://1a2b3c4d-e5f6-7890.k8s.ondigitalocean.com\\n name: do-sfo2-prod-cluster\\ncontexts:\\n- context:\\n cluster: do-sfo2-prod-cluster\\n user: do-sfo2-prod-cluster-admin\\n name: do-sfo2-prod-cluster\\ncurrent-context: do-sfo2-prod-cluster\\nkind: Config\\npreferences: {}\\nusers:\\n- name: do-sfo2-prod-cluster-admin\\n user:\\n token: dop_v1_a738c2f10d9e8b6d4c5b9f7a8e2d1c0b3a4f5d6e7g8h9i0j1k_prod_token\\n" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9669k67l/code.txt", + "line_number": 13, + "secret": "dckr_pat_1kIuR9vO7mS3xZ5yQ2jF8bN6pL4cH0gA9dE", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 207, + "secret": "pk.eyJ1IjoibWFwcHJvZHVjdGlvbiIsImEiOiJjazg1dGY3c2gwM3FmM21wZzRjY3Y5cGpzIn0.4k_O3Zf5xG5aE9Jd6pQxYw", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp_ai2ksfy/code.txt", + "line_number": 7, + "secret": "pk.eyJ1IjoibWFwcHJvZHVjdGlvbiIsImEiOiJjazg1dGY3c2gwM3FmM21wZzRjY3Y5cGpzIn0.4k_O3Zf5xG5aE9Jd6pQxYw", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 213, + "secret": "https://e8e7f8e6e5e44a4b8b8b9c9d0e1f2g3h@o450555.ingest.sentry.io/4505551234567890", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp_ai2ksfy/code.txt", + "line_number": 13, + "secret": "https://e8e7f8e6e5e44a4b8b8b9c9d0e1f2g3h@o450555.ingest.sentry.io/4505551234567890", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp_ai2ksfy/code.txt", + "line_number": 30, + "secret": "© Mapbox © OpenStreetMap", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 42, + "secret": "postgres://prod_user_rw:8!hG#kL$pQ2s@db.prod.internal:5432/main", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwsw2nnts/code.txt", + "line_number": 10, + "secret": "postgres://prod_user_rw:8!hG#kL$pQ2s@db.prod.internal:5432/main", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 45, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwsw2nnts/code.txt", + "line_number": 13, + "secret": "aws_access_key_id': 'AKIAY3R4WZ76X2P5QJ6M", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "AKIAY3R4WZ76X2P5QJ6M", + "found_secret": "aws_access_key_id': 'AKIAY3R4WZ76X2P5QJ6M" + }, + { + "line_number": 46, + "secret": "wJalrXUtnFEMI/K7MDENG+bPxRfiCYzEXAMPLE", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwsw2nnts/code.txt", + "line_number": 14, + "secret": "aws_secret_access_key': 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYzEXAMPLE", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "wJalrXUtnFEMI/K7MDENG+bPxRfiCYzEXAMPLE", + "found_secret": "aws_secret_access_key': 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYzEXAMPLE" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwsw2nnts/code.txt", + "line_number": 13, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwsw2nnts/code.txt", + "line_number": 14, + "secret": "wJalrXUtnFEMI/K7MDENG+bPxRfiCYzEXAMPLE", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwsw2nnts/code.txt", + "line_number": 14, + "secret": "wJalrXUtnFEMI/K7MDENG+bPxRfiCYzEXAMPLE", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwsw2nnts/code.txt", + "line_number": 21, + "secret": "/api/v1/documents/', methods=['GET", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwsw2nnts/code.txt", + "line_number": 42, + "secret": "Error fetching document {doc_id}: {e}", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 5 + }, + { + "found_entries": [ + { + "line_number": 93, + "secret": "AKIAIOSFODNN7EXAMPLE", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpgt3ukwsh/code.txt", + "line_number": 6, + "secret": "AKIAIOSFODNN7EXAMPLE", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 94, + "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpgt3ukwsh/code.txt", + "line_number": 7, + "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 104, + "secret": "P@ssw0rdDbProd123!ChangeMe", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpgt3ukwsh/code.txt", + "line_number": 17, + "secret": "P@ssw0rdDbProd123!ChangeMe", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpgt3ukwsh/code.txt", + "line_number": 7, + "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpgt3ukwsh/code.txt", + "line_number": 7, + "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpgt3ukwsh/code.txt", + "line_number": 17, + "secret": "P@ssw0rdDbProd123!ChangeMe", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpgt3ukwsh/code.txt", + "line_number": 34, + "secret": "aws_security_group\" \"db_sg", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 4 + } + ], + "19": [ + { + "found_entries": [ + { + "line_number": 51, + "secret": "postgres://prod_svc_user:aG#9z@K3qB$v7s@db-users-primary.c1xyz2abc3de.us-east-1.rds.amazonaws.com:5432/profiles", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp57zpaw1t/code.txt", + "line_number": 10, + "secret": "SQLALCHEMY_DATABASE_URI'] = 'postgres://prod_svc_user:aG#9z@K3qB$v7s@db-users-primary.c1xyz2abc3de.us-east-1.rds.amazonaws.com:5432/profiles", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "postgres://prod_svc_user:aG#9z@K3qB$v7s@db-users-primary.c1xyz2abc3de.us-east-1.rds.amazonaws.com:5432/profiles", + "found_secret": "SQLALCHEMY_DATABASE_URI'] = 'postgres://prod_svc_user:aG#9z@K3qB$v7s@db-users-primary.c1xyz2abc3de.us-east-1.rds.amazonaws.com:5432/profiles" + }, + { + "line_number": 55, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp57zpaw1t/code.txt", + "line_number": 14, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWq", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3", + "found_secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWq" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp57zpaw1t/code.txt", + "line_number": 11, + "secret": "SQLALCHEMY_TRACK_MODIFICATIONS", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp57zpaw1t/code.txt", + "line_number": 14, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp57zpaw1t/code.txt", + "line_number": 14, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp57zpaw1t/code.txt", + "line_number": 14, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp57zpaw1t/code.txt", + "line_number": 24, + "secret": "/api/v1/user', methods=['POST", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 5 + }, + { + "found_entries": [ + { + "line_number": 35, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpnuvb8wap/code.txt", + "line_number": 18, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 58, + "secret": "https://hooks.slack.com/services/T00ABCDEFGH/B01IJKLMNOP/aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpnuvb8wap/code.txt", + "line_number": 41, + "secret": "https://hooks.slack.com/services/T00ABCDEFGH/B01IJKLMNOP/aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [ + { + "line_number": 36, + "secret": "wJalrXUtnFEMI/K7MDENG/bpx5u22b8d1vRzBJB4", + "label": "True Positive", + "expected_line": 19, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpnuvb8wap/code.txt", + "line_number": 41, + "secret": "https://hooks.slack.com/services/T00ABCDEFGH/B01IJKLMNOP/aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 2, + "total_missed": 1, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 129, + "secret": "dop_v1_a9b4c2f81d3e6g7h5i0j1k2l3m4n5o6p7q8r9s0t1u2v3w4x5y6z7a8b", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpza7vgum0/code.txt", + "line_number": 18, + "secret": "dop_v1_a9b4c2f81d3e6g7h5i0j1k2l3m4n5o6p7q8r9s0t1u2v3w4x5y6z7a8b", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpza7vgum0/code.txt", + "line_number": 18, + "secret": "dop_v1_a9b4c2f81d3e6g7h5i0j1k2l3m4n5o6p7q8r9s0t1u2v3w4x5y6z7a8b", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpza7vgum0/code.txt", + "line_number": 21, + "secret": "digitalocean_ssh_key\" \"main_key", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpza7vgum0/code.txt", + "line_number": 28, + "secret": "gitlab-runner-node-${count.index}", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 95, + "secret": "https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o450123.ingest.sentry.io/7890123", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpx5b8bcu7/code.txt", + "line_number": 8, + "secret": "https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o450123.ingest.sentry.io/7890123", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 99, + "secret": "pk.eyJ1IjoicHJvZC1tYXBib3gtZGV2IiwiYSI6ImNsOXFoOGxic2M0ZGczMnA5N3Mxa2FoNjh4In0.rAnDoMkEyNaMeCoMpLeXiBlE", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpx5b8bcu7/code.txt", + "line_number": 12, + "secret": "pk.eyJ1IjoicHJvZC1tYXBib3gtZGV2IiwiYSI6ImNsOXFoOGxic2M0ZGczMnA5N3Mxa2FoNjh4In0.rAnDoMkEyNaMeCoMpLeXiBlE", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 103, + "secret": "8qM4pL7xJ5sK1mF3bZ8oN6cW0qYdEaV4", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpx5b8bcu7/code.txt", + "line_number": 16, + "secret": "8qM4pL7xJ5sK1mF3bZ8oN6cW0qYdEaV4", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 110, + "secret": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlX2FjY291bnQiLCJzY29wZXMiOlsicmVhZDpzdGF0cyIsIndyaXRlOmdhbWVwbGF5Il0sImlhdCI6MTY2NTIyNjAwMCwiZXhwIjoxNjk2NzYyMDAwfQ.gH2fR5tU9zV4wL8xQoP6N7sC1kE3bX6yZ0mJ5vF4aDc", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpx5b8bcu7/code.txt", + "line_number": 23, + "secret": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlX2FjY291bnQiLCJzY29wZXMiOlsicmVhZDpzdGF0cyIsIndyaXRlOmdhbWVwbGF5Il0sImlhdCI6MTY2NTIyNjAwMCwiZXhwIjoxNjk2NzYyMDAwfQ.gH2fR5tU9zV4wL8xQoP6N7sC1kE3bX6yZ0mJ5vF4aDc", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpx5b8bcu7/code.txt", + "line_number": 16, + "secret": "8qM4pL7xJ5sK1mF3bZ8oN6cW0qYdEaV4", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpx5b8bcu7/code.txt", + "line_number": 23, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlX2FjY291bnQiLCJzY29wZXMiOlsicmVhZDpzdGF0cyIsIndyaXRlOmdhbWVwbGF5Il0sImlhdCI6MTY2NTIyNjAwMCwiZXhwIjoxNjk2NzYyMDAwfQ.", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 4, + "total_found": 4, + "total_missed": 0, + "total_false_positives": 2 + }, + { + "found_entries": [], + "not_found_entries": [ + { + "line_number": 31, + "secret": "4!z$C&F)J@NcRfUjXn2r5u7x!A%D*G", + "label": "True Positive", + "expected_line": 11, + "reason": "not_detected" + }, + { + "line_number": 39, + "secret": "z$C&F)J@NcRfUjXn2r5u7x!A%D*G-KaPdSgVkYp3s6v9y/B?E(H+MbQeThWmZq4t", + "label": "True Positive", + "expected_line": 19, + "reason": "not_detected" + }, + { + "line_number": 51, + "secret": "key-8j2k5m7p9q1r3s4t6v8w0y1z3x5c7b9a", + "label": "True Positive", + "expected_line": 31, + "reason": "not_detected" + } + ], + "false_positives": [], + "total_actual": 3, + "total_found": 0, + "total_missed": 3, + "total_false_positives": 0 + } + ], + "20": [ + { + "found_entries": [ + { + "line_number": 97, + "secret": "AKIAU5N4F6V2X7L9W8K3", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp6_xadta3/code.txt", + "line_number": 10, + "secret": "AKIAU5N4F6V2X7L9W8K3", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 98, + "secret": "yJkLpQz8tHj9rWvXnF7sD2bA4gC6eM1hT5oI3uR", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp6_xadta3/code.txt", + "line_number": 11, + "secret": "yJkLpQz8tHj9rWvXnF7sD2bA4gC6eM1hT5oI3uR", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 111, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp6_xadta3/code.txt", + "line_number": 24, + "secret": "https://hooks.slack.com/services/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", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp6_xadta3/code.txt", + "line_number": 11, + "secret": "yJkLpQz8tHj9rWvXnF7sD2bA4gC6eM1hT5oI3uR", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp6_xadta3/code.txt", + "line_number": 11, + "secret": "yJkLpQz8tHj9rWvXnF7sD2bA4gC6eM1hT5oI3uR", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp6_xadta3/code.txt", + "line_number": 24, + "secret": "https://hooks.slack.com/services/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", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp6_xadta3/code.txt", + "line_number": 33, + "secret": "prod-data-lake-raw', 'events/2023/10/26.json", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 4 + }, + { + "found_entries": [ + { + "line_number": 42, + "secret": "8f3e5b6d9c0a7f1e4d8b2c6a9f0e3d7b", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpd32179qy/code.txt", + "line_number": 2, + "secret": "8f3e5b6d9c0a7f1e4d8b2c6a9f0e3d7b", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 47, + "secret": "u+K3v7Pq9bRz5sL1xT0w", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpd32179qy/code.txt", + "line_number": 7, + "secret": "u+K3v7Pq9bRz5sL1xT0w", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpd32179qy/code.txt", + "line_number": 2, + "secret": "8f3e5b6d9c0a7f1e4d8b2c6a9f0e3d7b", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpd32179qy/code.txt", + "line_number": 22, + "secret": "@pagerduty-prod-infra CPU is over 90% on {{host.name}}. @devops-team", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpd32179qy/code.txt", + "line_number": 23, + "secret": "avg(last_5m):avg:system.cpu.user{host:${aws_instance.web_server.id}} > 90", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 118, + "secret": "https://9abf873c5d64e1f0a2b3c4d5e6f78901@o450512.ingest.sentry.io/45054321012", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp76ugnmnw/code.txt", + "line_number": 7, + "secret": "https://9abf873c5d64e1f0a2b3c4d5e6f78901@o450512.ingest.sentry.io/45054321012", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 124, + "secret": "pk.eyJ1IjoicmVhbGRldjk5IiwiYSI6ImNsdzR5Z3JqZzBmajIyaXFsMXB3dzQ2NzgifQ.w3bKgfS_h9n8FpG7S8z1Jg", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp76ugnmnw/code.txt", + "line_number": 13, + "secret": "pk.eyJ1IjoicmVhbGRldjk5IiwiYSI6ImNsdzR5Z3JqZzBmajIyaXFsMXB3dzQ2NzgifQ.w3bKgfS_h9n8FpG7S8z1Jg", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 0 + }, + { + "found_entries": [ + { + "line_number": 43, + "secret": "dckr_pat_1sT2uV3wX4yZ5aB6c-D7eF8gH9i", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpfyydxqi5/code.txt", + "line_number": 19, + "secret": "dckr_pat_1sT2uV3wX4yZ5aB6c-D7eF8gH9i", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [ + { + "line_number": 61, + "secret": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS\n1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQQMzMhV14/tYpG+0s/VfT3Rz2B6eJgA\nm9gK0fe9WSCuY8Z6S4M0+iYfJ7a3C5u/m8n0f8a9gJ0bH2c1QAAAAlhbGljZUBleGFtcGxl\nLmNvbQ==\n-----END OPENSSH PRIVATE KEY-----", + "label": "True Positive", + "expected_line": 37, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpfyydxqi5/code.txt", + "line_number": 19, + "secret": "dckr_pat_1sT2uV3wX4yZ5aB6c-D7eF8gH9i", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpfyydxqi5/code.txt", + "line_number": 19, + "secret": "dckr_pat_1sT2uV3wX4yZ5aB6c-D7eF8gH9i", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpfyydxqi5/code.txt", + "line_number": 38, + "secret": "BEGIN OPENSSH PRIVATE KEY", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 1, + "total_missed": 1, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 13, + "secret": "jdbc:postgresql://db-repl-cluster-1.us-east-2.rds.amazonaws.com:5432/analytics_db", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp7bxpd6zf/code.txt", + "line_number": 13, + "secret": "jdbc:postgresql://db-repl-cluster-1.us-east-2.rds.amazonaws.com:5432/analytics_db", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 15, + "secret": "p#a5sWd_9F!gH", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp7bxpd6zf/code.txt", + "line_number": 15, + "secret": "p#a5sWd_9F!gH", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 24, + "secret": "gK9pD3rX8vLhT6bFzA4mSjR7uW1qV0iNzY5eC2oP/cE=", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp7bxpd6zf/code.txt", + "line_number": 24, + "secret": "gK9pD3rX8vLhT6bFzA4mSjR7uW1qV0iNzY5eC2oP/cE=", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [ + { + "line_number": 14, + "secret": "etl_worker_usr", + "label": "True Positive", + "expected_line": 14, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp7bxpd6zf/code.txt", + "line_number": 24, + "secret": "gK9pD3rX8vLhT6bFzA4mSjR7uW1qV0iNzY5eC2oP/cE=", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 4, + "total_found": 3, + "total_missed": 1, + "total_false_positives": 1 + } + ], + "21": [ + { + "found_entries": [ + { + "line_number": 95, + "secret": "AKIA4J7V5Y7U3N2P5Q6R", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmppoz6c8if/code.txt", + "line_number": 8, + "secret": "AKIA4J7V5Y7U3N2P5Q6R", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 96, + "secret": "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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmppoz6c8if/code.txt", + "line_number": 9, + "secret": "jZ8v/L9K+mN4PqR7sT1uVwXyZ/aB3cD4eF6gH7hI", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmppoz6c8if/code.txt", + "line_number": 9, + "secret": "jZ8v/L9K+mN4PqR7sT1uVwXyZ/aB3cD4eF6gH7hI", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmppoz6c8if/code.txt", + "line_number": 9, + "secret": "jZ8v/L9K+mN4PqR7sT1uVwXyZ/aB3cD4eF6gH7hI", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmppoz6c8if/code.txt", + "line_number": 9, + "secret": "jZ8v/L9K+mN4PqR7sT1uVwXyZ/aB3cD4eF6gH7hI", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmppoz6c8if/code.txt", + "line_number": 19, + "secret": "/upload/invoice', methods=['POST", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmppoz6c8if/code.txt", + "line_number": 29, + "secret": "invoices/{file.filename.replace('..', '')}", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmppoz6c8if/code.txt", + "line_number": 31, + "secret": "message': f'File {file.filename} uploaded successfully.", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 6 + }, + { + "found_entries": [ + { + "line_number": 37, + "secret": "dckr_pat_aRqS4fGz3tYpLm9vBx2wK7jNc8zD1oE", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvjy_8ls_/code.txt", + "line_number": 23, + "secret": "password: dckr_pat_aRqS4fGz3tYpLm9vBx2wK7jNc8zD1oE", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "dckr_pat_aRqS4fGz3tYpLm9vBx2wK7jNc8zD1oE", + "found_secret": "password: dckr_pat_aRqS4fGz3tYpLm9vBx2wK7jNc8zD1oE" + } + ], + "not_found_entries": [ + { + "line_number": 53, + "secret": "HRKU-a0b1c2d3-e4f5-6789-a0b1-c2d3e4f56789", + "label": "True Positive", + "expected_line": 39, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvjy_8ls_/code.txt", + "line_number": 1, + "secret": "CI-CD Pipeline for Staging", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvjy_8ls_/code.txt", + "line_number": 9, + "secret": "DOCKER_IMAGE_NAME: my-awesome-app", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvjy_8ls_/code.txt", + "line_number": 10, + "secret": "HEROKU_APP_NAME: my-awesome-app-staging", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvjy_8ls_/code.txt", + "line_number": 16, + "secret": "- name: Checkout repository", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvjy_8ls_/code.txt", + "line_number": 19, + "secret": "- name: Login to DockerHub", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvjy_8ls_/code.txt", + "line_number": 20, + "secret": "uses: docker/login-action@v2", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvjy_8ls_/code.txt", + "line_number": 25, + "secret": "- name: Build and push Docker image", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvjy_8ls_/code.txt", + "line_number": 26, + "secret": "uses: docker/build-push-action@v4", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvjy_8ls_/code.txt", + "line_number": 30, + "secret": "tags: mydockerhubuser/${{ env.DOCKER_IMAGE_NAME }}:latest", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvjy_8ls_/code.txt", + "line_number": 37, + "secret": "uses: akhileshns/heroku-deploy@v3.12.12", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvjy_8ls_/code.txt", + "line_number": 40, + "secret": "heroku_app_name: ${{ env.HEROKU_APP_NAME }}", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvjy_8ls_/code.txt", + "line_number": 41, + "secret": "heroku_email: \\\"deploy-bot@mycompany.com\\\"", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 1, + "total_missed": 1, + "total_false_positives": 12 + }, + { + "found_entries": [ + { + "line_number": 52, + "secret": "7b2f4a5c8e1d9g3h5i7j6k1l3m4n5o6p", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbepoocc_/code.txt", + "line_number": 20, + "secret": "7b2f4a5c8e1d9g3h5i7j6k1l3m4n5o6p", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbepoocc_/code.txt", + "line_number": 20, + "secret": "7b2f4a5c8e1d9g3h5i7j6k1l3m4n5o6p", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbepoocc_/code.txt", + "line_number": 20, + "secret": "7b2f4a5c8e1d9g3h5i7j6k1l3m4n5o6p", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbepoocc_/code.txt", + "line_number": 33, + "secret": "High CPU Utilization on web_server", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbepoocc_/code.txt", + "line_number": 35, + "secret": "avg(last_5m):avg:aws.ec2.cpuutilization{host:${aws_instance.web_server.id}} > 90", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbepoocc_/code.txt", + "line_number": 36, + "secret": "@slack-infra-alerts CPU is over 90% on host ${aws_instance.web_server.id}", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 5 + }, + { + "found_entries": [ + { + "line_number": 120, + "secret": "https://b3c1d4e5f6a7b8c9d0e1f2a3b4c5d6e7@o123456.ingest.sentry.io/7890123", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmppie97qll/code.txt", + "line_number": 9, + "secret": "https://b3c1d4e5f6a7b8c9d0e1f2a3b4c5d6e7@o123456.ingest.sentry.io/7890123", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 127, + "secret": "pk.eyJ1IjoibXlicmFuZGFwcCIsImEiOiJjbGo3cDF3cDAxM2QzM2VwMnR4bzBqemVyIn0.hZl8pAqK5n9bC2eR1fG0oQ", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmppie97qll/code.txt", + "line_number": 16, + "secret": "pk.eyJ1IjoibXlicmFuZGFwcCIsImEiOiJjbGo3cDF3cDAxM2QzM2VwMnR4bzBqemVyIn0.hZl8pAqK5n9bC2eR1fG0oQ", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 0 + }, + { + "found_entries": [ + { + "line_number": 217, + "secret": "postgres://billing_svc_user:p5^z@kL$9!sR@prod-db-replica-1.us-east-1.rds.amazonaws.com:5432/billing_prod", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4k097mds/code.txt", + "line_number": 7, + "secret": "p5^z", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "postgres://billing_svc_user:p5^z@kL$9!sR@prod-db-replica-1.us-east-1.rds.amazonaws.com:5432/billing_prod", + "found_secret": "p5^z" + }, + { + "line_number": 227, + "secret": "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhdXRoLXRva2VuIiwiZXhwIjoxNjk5ODgwOTU1fQ.X2mZ4pBv8qC6wN3rF1eD0sJ7gT9hK8uL5oA", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4k097mds/code.txt", + "line_number": 17, + "secret": "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhdXRoLXRva2VuIiwiZXhwIjoxNjk5ODgwOTU1fQ.", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhdXRoLXRva2VuIiwiZXhwIjoxNjk5ODgwOTU1fQ.X2mZ4pBv8qC6wN3rF1eD0sJ7gT9hK8uL5oA", + "found_secret": "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhdXRoLXRva2VuIiwiZXhwIjoxNjk5ODgwOTU1fQ." + } + ], + "not_found_entries": [ + { + "line_number": 230, + "secret": "sdk-e6a8c4f9-b0d3-4f1e-8a7b-9c2d0f3e5b6a", + "label": "True Positive", + "expected_line": 20, + "reason": "not_detected" + }, + { + "line_number": 234, + "secret": "Kq5dG3iSgPi1Lw0bM4rV7cHuZx/N+pU8wJ2lO3fF6xg=", + "label": "True Positive", + "expected_line": 24, + "reason": "not_detected" + } + ], + "false_positives": [], + "total_actual": 4, + "total_found": 2, + "total_missed": 2, + "total_false_positives": 0 + } + ], + "22": [ + { + "found_entries": [ + { + "line_number": 118, + "secret": "AKIAV7S4M3PZ5LQXJH9R", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpu55jn5bx/code.txt", + "line_number": 7, + "secret": "AKIAV7S4M3PZ5LQXJH9R", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 119, + "secret": "uJt+nE7i/K8zXw9VhG2qfB1sYd0cR5zP3oI4sL7g", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpu55jn5bx/code.txt", + "line_number": 8, + "secret": "uJt+nE7i/K8zXw9VhG2qfB1sYd0cR5zP3oI4sL7g", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpu55jn5bx/code.txt", + "line_number": 8, + "secret": "uJt+nE7i/K8zXw9VhG2qfB1sYd0cR5zP3oI4sL7g", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpu55jn5bx/code.txt", + "line_number": 8, + "secret": "uJt+nE7i/K8zXw9VhG2qfB1sYd0cR5zP3oI4sL7g", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpu55jn5bx/code.txt", + "line_number": 8, + "secret": "uJt+nE7i/K8zXw9VhG2qfB1sYd0cR5zP3oI4sL7g", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpu55jn5bx/code.txt", + "line_number": 19, + "secret": "/upload', methods=['POST", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpu55jn5bx/code.txt", + "line_number": 29, + "secret": "message': f'File {file.filename} uploaded successfully.", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 5 + }, + { + "found_entries": [ + { + "line_number": 67, + "secret": "ghp_bK9yR3tX1vP5zN7mW0sD8jF2hG6cV4eLqA", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpr2ykf19p/code.txt", + "line_number": 27, + "secret": "ghp_bK9yR3tX1vP5zN7mW0sD8jF2hG6cV4eLqA", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 73, + "secret": "https://hooks.slack.com/services/T00ABCDEF/B01234567/j9kL8hG7fE6dC5b4A3s2S1qP", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpr2ykf19p/code.txt", + "line_number": 33, + "secret": "Content-type: application/json' --data '{\"text\":\"Staging deploy failed for commit ${{ github.sha }}\"}", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "https://hooks.slack.com/services/T00ABCDEF/B01234567/j9kL8hG7fE6dC5b4A3s2S1qP", + "found_secret": "Content-type: application/json' --data '{\"text\":\"Staging deploy failed for commit ${{ github.sha }}\"}" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpr2ykf19p/code.txt", + "line_number": 27, + "secret": "ghp_bK9yR3tX1vP5zN7mW0sD8jF2hG6cV4eLqA", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpr2ykf19p/code.txt", + "line_number": 33, + "secret": "https://hooks.slack.com/services/T00ABCDEF/B01234567/j9kL8hG7fE6dC5b4A3s2S1qP", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 2 + }, + { + "found_entries": [ + { + "line_number": 46, + "secret": "Adm1nPassw0rd$tr0ng!2023", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwyy5c48w/code.txt", + "line_number": 19, + "secret": "Adm1nPassw0rd$tr0ng!2023", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 63, + "secret": "postgres://platform_admin:Adm1nPassw0rd$tr0ng!2023@${aws_db_instance.main_db.address}:5432/platformdb", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwyy5c48w/code.txt", + "line_number": 36, + "secret": "postgres://platform_admin:Adm1nPassw0rd$tr0ng!2023@${aws_db_instance.main_db.address}:5432/platformdb", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwyy5c48w/code.txt", + "line_number": 36, + "secret": "postgres://platform_admin:Adm1nPassw0rd$tr0ng!2023@${aws_db_instance.main_db.address}:5432/platformdb", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 201, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtwcmd6cm1rc3Z5cWpmcndocHRkIiwicm9sZSI6ImFub24iLCJpYXQiOjE2Nzk2NjU4MjMsImV4cCI6MTk5NTI0MTgyM30.4iU9a-y9mC2bYDDsYk1E1f0LgR8PzO7JqN6cX-wB1A4", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpq6wmdrx4/code.txt", + "line_number": 14, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtwcmd6cm1rc3Z5cWpmcndocHRkIiwicm9sZSI6ImFub24iLCJpYXQiOjE2Nzk2NjU4MjMsImV4cCI6MTk5NTI0MTgyM30.4iU9a-y9mC2bYDDsYk1E1f0LgR8PzO7JqN6cX-wB1A4", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 207, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtwcmd6cm1rc3Z5cWpmcndocHRkIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImlhdCI6MTY3OTY2NTgyMywiZXhwIjoxOTk1MjQxODIzfQ.kL8T5gV2rE1zO6pJ9bN4yF0wH7uX3eC8iS1aB0d9F6E", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpq6wmdrx4/code.txt", + "line_number": 20, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtwcmd6cm1rc3Z5cWpmcndocHRkIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImlhdCI6MTY3OTY2NTgyMywiZXhwIjoxOTk1MjQxODIzfQ.kL8T5gV2rE1zO6pJ9bN4yF0wH7uX3eC8iS1aB0d9F6E", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpq6wmdrx4/code.txt", + "line_number": 13, + "secret": "https://kprgzrmksvyqjfrwhptd.supabase.co", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpq6wmdrx4/code.txt", + "line_number": 14, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtwcmd6cm1rc3Z5cWpmcndocHRkIiwicm9sZSI6ImFub24iLCJpYXQiOjE2Nzk2NjU4MjMsImV4cCI6MTk5NTI0MTgyM30.", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpq6wmdrx4/code.txt", + "line_number": 20, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtwcmd6cm1rc3Z5cWpmcndocHRkIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImlhdCI6MTY3OTY2NTgyMywiZXhwIjoxOTk1MjQxODIzfQ.", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 92, + "secret": "AIzaSyBw-D9Gv_FzTjuKmL8sH2pR1oY7qE6bXz4", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpr6q25lu4/code.txt", + "line_number": 21, + "secret": "String\", \"GOOGLE_MAPS_API_KEY\", '\"AIzaSyBw-D9Gv_FzTjuKmL8sH2pR1oY7qE6bXz4", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "AIzaSyBw-D9Gv_FzTjuKmL8sH2pR1oY7qE6bXz4", + "found_secret": "String\", \"GOOGLE_MAPS_API_KEY\", '\"AIzaSyBw-D9Gv_FzTjuKmL8sH2pR1oY7qE6bXz4" + }, + { + "line_number": 93, + "secret": "8a7b6c5d4e3f2g1h0j9k8l7m6n5o4p3q", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpr6q25lu4/code.txt", + "line_number": 22, + "secret": "String\", \"OPENWEATHER_API_KEY\", '\"8a7b6c5d4e3f2g1h0j9k8l7m6n5o4p3q", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "8a7b6c5d4e3f2g1h0j9k8l7m6n5o4p3q", + "found_secret": "String\", \"OPENWEATHER_API_KEY\", '\"8a7b6c5d4e3f2g1h0j9k8l7m6n5o4p3q" + }, + { + "line_number": 99, + "secret": "UnsafeKeyStorePassword123", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpr6q25lu4/code.txt", + "line_number": 28, + "secret": "UnsafeKeyStorePassword123", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [ + { + "line_number": 101, + "secret": "UnsafeKeyPassword!@#", + "label": "True Positive", + "expected_line": 30, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpr6q25lu4/code.txt", + "line_number": 21, + "secret": "AIzaSyBw-D9Gv_FzTjuKmL8sH2pR1oY7qE6bXz4", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpr6q25lu4/code.txt", + "line_number": 22, + "secret": "8a7b6c5d4e3f2g1h0j9k8l7m6n5o4p3q", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpr6q25lu4/code.txt", + "line_number": 37, + "secret": "proguard-android-optimize.txt'), 'proguard-rules.pro", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 4, + "total_found": 3, + "total_missed": 1, + "total_false_positives": 3 + } + ], + "23": [ + { + "found_entries": [ + { + "line_number": 96, + "secret": "postgres://report_writer:j$F9*kL2!pQ@dbr-prod-az1.c8xyzefg1234.us-east-1.rds.amazonaws.com:5432/reporting_db", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpc4o5l6i_/code.txt", + "line_number": 9, + "secret": "SQLALCHEMY_DATABASE_URI'] = 'postgres://report_writer:j$F9*kL2!pQ@dbr-prod-az1.c8xyzefg1234.us-east-1.rds.amazonaws.com:5432/reporting_db", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "postgres://report_writer:j$F9*kL2!pQ@dbr-prod-az1.c8xyzefg1234.us-east-1.rds.amazonaws.com:5432/reporting_db", + "found_secret": "SQLALCHEMY_DATABASE_URI'] = 'postgres://report_writer:j$F9*kL2!pQ@dbr-prod-az1.c8xyzefg1234.us-east-1.rds.amazonaws.com:5432/reporting_db" + }, + { + "line_number": 98, + "secret": "45d6f3c1b0a8f7e6d5c4b3a291807f6e5d4c3b2a19807f6e", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpc4o5l6i_/code.txt", + "line_number": 11, + "secret": "45d6f3c1b0a8f7e6d5c4b3a291807f6e5d4c3b2a19807f6e", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpc4o5l6i_/code.txt", + "line_number": 10, + "secret": "SQLALCHEMY_TRACK_MODIFICATIONS", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpc4o5l6i_/code.txt", + "line_number": 11, + "secret": "45d6f3c1b0a8f7e6d5c4b3a291807f6e5d4c3b2a19807f6e", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpc4o5l6i_/code.txt", + "line_number": 11, + "secret": "JWT_SECRET_KEY'] = '45d6f3c1b0a8f7e6d5c4b3a291807f6e5d4c3b2a19807f6e", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpc4o5l6i_/code.txt", + "line_number": 21, + "secret": "/login', methods=['POST", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpc4o5l6i_/code.txt", + "line_number": 31, + "secret": "/api/v1/reports', methods=['GET", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 5 + }, + { + "found_entries": [ + { + "line_number": 56, + "secret": "AKIAU4O6GJ5Y3B7VZIW9", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbw0hfh53/code.txt", + "line_number": 16, + "secret": "AKIAU4O6GJ5Y3B7VZIW9", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 57, + "secret": "eK/qLpW8xV9sY2zC3jB5aN4mD6fG7hJ8kL/mN1oP", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbw0hfh53/code.txt", + "line_number": 17, + "secret": "eK/qLpW8xV9sY2zC3jB5aN4mD6fG7hJ8kL/mN1oP", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbw0hfh53/code.txt", + "line_number": 16, + "secret": "AKIAU4O6GJ5Y3B7VZIW9", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbw0hfh53/code.txt", + "line_number": 17, + "secret": "eK/qLpW8xV9sY2zC3jB5aN4mD6fG7hJ8kL/mN1oP", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbw0hfh53/code.txt", + "line_number": 17, + "secret": "eK/qLpW8xV9sY2zC3jB5aN4mD6fG7hJ8kL/mN1oP", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbw0hfh53/code.txt", + "line_number": 35, + "secret": "aws_s3_bucket_versioning\" \"versioning_example", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 4 + }, + { + "found_entries": [ + { + "line_number": 19, + "secret": "dckr_pat_JqT5kL9nW3xS8pZ2yV6cR7uF4mB1gH", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpkwr6cwwx/code.txt", + "line_number": 19, + "secret": "dckr_pat_JqT5kL9nW3xS8pZ2yV6cR7uF4mB1gH", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 38, + "secret": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtZW\nQyNTUxOQAAACBPKwuHqROMV0/OTYzcO1y4FmsiUFrgHnpymGU9VvL2pgAAAJgAm9bWJpvW\n1gAAAAdzc2gtZWQyNTUxOQAAACBPKwuHqROMV0/OTYzcO1y4FmsiUFrgHnpymGU9VvL2pg\nAAAAQE4bM6z2vLwJ1Qe7O7S5s+4TBuw+BGfS2b1Uv+8T+zKPKwuHqROMV0/OTYzcO1y4Fm\nsiUFrgHnpymGU9VvL2pgAAAAEXJvb3RAZGVib3BzLTc2LmxhbgECAwQFBgc=\n-----END OPENSSH PRIVATE KEY-----", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpkwr6cwwx/code.txt", + "line_number": 38, + "secret": "BEGIN OPENSSH PRIVATE KEY", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtZW\nQyNTUxOQAAACBPKwuHqROMV0/OTYzcO1y4FmsiUFrgHnpymGU9VvL2pgAAAJgAm9bWJpvW\n1gAAAAdzc2gtZWQyNTUxOQAAACBPKwuHqROMV0/OTYzcO1y4FmsiUFrgHnpymGU9VvL2pg\nAAAAQE4bM6z2vLwJ1Qe7O7S5s+4TBuw+BGfS2b1Uv+8T+zKPKwuHqROMV0/OTYzcO1y4Fm\nsiUFrgHnpymGU9VvL2pgAAAAEXJvb3RAZGVib3BzLTc2LmxhbgECAwQFBgc=\n-----END OPENSSH PRIVATE KEY-----", + "found_secret": "BEGIN OPENSSH PRIVATE KEY" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpkwr6cwwx/code.txt", + "line_number": 19, + "secret": "dckr_pat_JqT5kL9nW3xS8pZ2yV6cR7uF4mB1gH", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpkwr6cwwx/code.txt", + "line_number": 19, + "secret": "dckr_pat_JqT5kL9nW3xS8pZ2yV6cR7uF4mB1gH", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 2 + }, + { + "found_entries": [ + { + "line_number": 117, + "secret": "pk.eyJ1IjoiZGF0YXZpenVzZXIiLCJhIjoiY2xwdXI2eHVhMGc3cTJrbzZ2d2k4cDFoOSJ9.gK4wV3oX9lPjQ7sR1eZfBq", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp8r0ipzuo/code.txt", + "line_number": 6, + "secret": "pk.eyJ1IjoiZGF0YXZpenVzZXIiLCJhIjoiY2xwdXI2eHVhMGc3cTJrbzZ2d2k4cDFoOSJ9.gK4wV3oX9lPjQ7sR1eZfBq", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 0 + }, + { + "found_entries": [ + { + "line_number": 14, + "secret": "SG.rTk8wX3qS7iE9fG2hJ5kL.pZ6xV7yW1zB4cE6fG8hJ0kM2nO4qR6sT8uV9wY1zA3b", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpu8g4iy52/code.txt", + "line_number": 14, + "secret": "SendGridApiKey\": \"SG.rTk8wX3qS7iE9fG2hJ5kL.pZ6xV7yW1zB4cE6fG8hJ0kM2nO4qR6sT8uV9wY1zA3b", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "SG.rTk8wX3qS7iE9fG2hJ5kL.pZ6xV7yW1zB4cE6fG8hJ0kM2nO4qR6sT8uV9wY1zA3b", + "found_secret": "SendGridApiKey\": \"SG.rTk8wX3qS7iE9fG2hJ5kL.pZ6xV7yW1zB4cE6fG8hJ0kM2nO4qR6sT8uV9wY1zA3b" + }, + { + "line_number": 23, + "secret": "DefaultEndpointsProtocol=https;AccountName=prodblobstore987;AccountKey=zXcVbN6mPqR9sT2uW4xY7zC3jB5aN4mD6fG8hJ0kM2nO4qR6sT8uV9wY1zA3bE5fG7hJ8kL+A==;EndpointSuffix=core.windows.net", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpu8g4iy52/code.txt", + "line_number": 23, + "secret": "StorageConnection\": \"DefaultEndpointsProtocol=https;AccountName=prodblobstore987;AccountKey=zXcVbN6mPqR9sT2uW4xY7zC3jB5aN4mD6fG8hJ0kM2nO4qR6sT8uV9wY1zA3bE5fG7hJ8kL+A==;EndpointSuffix=core.windows.net", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "DefaultEndpointsProtocol=https;AccountName=prodblobstore987;AccountKey=zXcVbN6mPqR9sT2uW4xY7zC3jB5aN4mD6fG8hJ0kM2nO4qR6sT8uV9wY1zA3bE5fG7hJ8kL+A==;EndpointSuffix=core.windows.net", + "found_secret": "StorageConnection\": \"DefaultEndpointsProtocol=https;AccountName=prodblobstore987;AccountKey=zXcVbN6mPqR9sT2uW4xY7zC3jB5aN4mD6fG8hJ0kM2nO4qR6sT8uV9wY1zA3bE5fG7hJ8kL+A==;EndpointSuffix=core.windows.net" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpu8g4iy52/code.txt", + "line_number": 5, + "secret": "Microsoft.AspNetCore\": \"Warning", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpu8g4iy52/code.txt", + "line_number": 10, + "secret": "DefaultConnection\": \"Server=(localdb)\\\\mssqllocaldb;Database=aspnet-WebApp1-guid;Trusted_Connection=True;MultipleActiveResultSets=true", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpu8g4iy52/code.txt", + "line_number": 11, + "secret": "CacheConnection\": \"redis-prod.ab1cde.0001.use1.cache.amazonaws.com:6379", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpu8g4iy52/code.txt", + "line_number": 14, + "secret": "SG.rTk8wX3qS7iE9fG2hJ5kL.pZ6xV7yW1zB4cE6fG8hJ0kM2nO4qR6sT8uV9wY1zA3b", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpu8g4iy52/code.txt", + "line_number": 18, + "secret": "Domain\": \"my-tenant.us.auth0.com", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpu8g4iy52/code.txt", + "line_number": 19, + "secret": "ClientId\": \"aBcDeFgHiJkLmNoPqRsTuVwXyZ123456", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpu8g4iy52/code.txt", + "line_number": 19, + "secret": "aBcDeFgHiJkLmNoPqRsTuVwXyZ123456", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpu8g4iy52/code.txt", + "line_number": 22, + "secret": "AccountName\": \"prodblobstore987", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 8 + } + ], + "24": [ + { + "found_entries": [ + { + "line_number": 101, + "secret": "postgres://auth_svc_user:gH#kL$pQ2s!8fT@prod-db-master.c8d9e0f.us-east-1.rds.amazonaws.com:5432/user_auth_prod", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4sc57go6/code.txt", + "line_number": 14, + "secret": "postgres://auth_svc_user:gH#kL$pQ2s!8fT@prod-db-master.c8d9e0f.us-east-1.rds.amazonaws.com:5432/user_auth_prod", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 111, + "secret": "sk-proj-aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdEjKlMnOpQrStUvWx", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4sc57go6/code.txt", + "line_number": 24, + "secret": "sk-proj-aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdEjKlMnOpQrStUvWx", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4sc57go6/code.txt", + "line_number": 24, + "secret": "sk-proj-aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdEjKlMnOpQrStUvWx", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 60, + "secret": "AKIAUVXWR6Y7ZJ2P5QSD", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpkpdxzs0p/code.txt", + "line_number": 16, + "secret": "AKIAUVXWR6Y7ZJ2P5QSD", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 76, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpkpdxzs0p/code.txt", + "line_number": 32, + "secret": "https://hooks.slack.com/services/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", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [ + { + "line_number": 61, + "secret": "mX9vB4nD3fG6hK2jL5pQ8rT1uW4yZ7+a0bCDEFg", + "label": "True Positive", + "expected_line": 17, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpkpdxzs0p/code.txt", + "line_number": 32, + "secret": "Content-type: application/json' --data '{\"text\":\"Staging deployment succeeded!\"}", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 2, + "total_missed": 1, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 133, + "secret": "dXNlcl9kZXBsb3k6Zkc5amwzTTl2WjRuNCEyQw==", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpcbyp261v/code.txt", + "line_number": 22, + "secret": "dXNlcl9kZXBsb3k6Zkc5amwzTTl2WjRuNCEyQw==", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpcbyp261v/code.txt", + "line_number": 22, + "secret": "auth\": \"dXNlcl9kZXBsb3k6Zkc5amwzTTl2WjRuNCEyQw==", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 79, + "secret": "p@sswd_7h6f$G!kLz9qR", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpk7p9prxp/code.txt", + "line_number": 8, + "secret": "p@sswd_7h6f$G!kLz9qR", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 86, + "secret": "key-9f8e7d6c5b4a3a2a1b0c9d8e7f6a5b4c", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpk7p9prxp/code.txt", + "line_number": 15, + "secret": "key-9f8e7d6c5b4a3a2a1b0c9d8e7f6a5b4c", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpk7p9prxp/code.txt", + "line_number": 15, + "secret": "key-9f8e7d6c5b4a3a2a1b0c9d8e7f6a5b4c", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpk7p9prxp/code.txt", + "line_number": 23, + "secret": "FTP login failed for user {$this->ftp_user}", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpk7p9prxp/code.txt", + "line_number": 37, + "secret": "ALERT: \" . $message . \" | Mailer Key: ", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 220, + "secret": "-----BEGIN PRIVATE KEY-----\\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDRsjqzmVzLzI5s\\nC8G9q4W8z4W1tZ5rZ2E3yK1nS0fGqV5p6b2yY1nL8v1zT0uB7jA4cD8eF6gS0k9c\\n... (key data truncated for brevity in real files, but not here) ...\\naBcDeFgHiJkLmNoPqRsTuVwXyZaBcDeFtU6vW8yZ/aBcDeFgHiJkLmNoPqR=\\n-----END PRIVATE KEY-----", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9bb2ry1e/code.txt", + "line_number": 11, + "secret": "BEGIN PRIVATE KEY", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "-----BEGIN PRIVATE KEY-----\\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDRsjqzmVzLzI5s\\nC8G9q4W8z4W1tZ5rZ2E3yK1nS0fGqV5p6b2yY1nL8v1zT0uB7jA4cD8eF6gS0k9c\\n... (key data truncated for brevity in real files, but not here) ...\\naBcDeFgHiJkLmNoPqRsTuVwXyZaBcDeFtU6vW8yZ/aBcDeFgHiJkLmNoPqR=\\n-----END PRIVATE KEY-----", + "found_secret": "BEGIN PRIVATE KEY" + }, + { + "line_number": 227, + "secret": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9bb2ry1e/code.txt", + "line_number": 18, + "secret": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9bb2ry1e/code.txt", + "line_number": 1, + "secret": "google_project_service_identity\" \"gcp_sa_bigquery", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9bb2ry1e/code.txt", + "line_number": 11, + "secret": "-----BEGIN PRIVATE KEY-----\\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDRsjqzmVzLzI5s\\nC8G9q4W8z4W1tZ5rZ2E3yK1nS0fGqV5p6b2yY1nL8v1zT0uB7jA4cD8eF6gS0k9c\\n... (key data truncated for brevity in real files, but not here) ...\\naBcDeFgHiJkLmNoPqRsTuVwXyZaBcDeFtU6vW8yZ/aBcDeFgHiJkLmNoPqR=\\n-----END PRIVATE KEY-----", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9bb2ry1e/code.txt", + "line_number": 21, + "secret": "google_compute_instance\" \"api_server", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 3 + } + ], + "25": [ + { + "found_entries": [ + { + "line_number": 131, + "secret": "4%jK#pL9sV!qR8bF&gH3", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpyfc9s1v6/code.txt", + "line_number": 20, + "secret": "4%jK#pL9sV!qR8bF&gH3", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 138, + "secret": "amqp://event_handler:dG9oN6cpL8tXy@rabbitmq-cluster.prod:5672/analytics_vhost", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpyfc9s1v6/code.txt", + "line_number": 27, + "secret": "dG9oN6cpL8tXy", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "amqp://event_handler:dG9oN6cpL8tXy@rabbitmq-cluster.prod:5672/analytics_vhost", + "found_secret": "dG9oN6cpL8tXy" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpyfc9s1v6/code.txt", + "line_number": 18, + "secret": "jdbc:postgresql://db.prod-eu.internal:5432/customer_events", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpyfc9s1v6/code.txt", + "line_number": 27, + "secret": "amqp://event_handler:dG9oN6cpL8tXy@rabbitmq-cluster.prod:5672/analytics_vhost", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 2 + }, + { + "found_entries": [ + { + "line_number": 47, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9ajasi8i/code.txt", + "line_number": 3, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 48, + "secret": "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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9ajasi8i/code.txt", + "line_number": 4, + "secret": "vK9rP4mF2tXzG1sJ7bL5cW8qN0hY3dE/aI6uO4xS", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9ajasi8i/code.txt", + "line_number": 3, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9ajasi8i/code.txt", + "line_number": 4, + "secret": "vK9rP4mF2tXzG1sJ7bL5cW8qN0hY3dE/aI6uO4xS", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9ajasi8i/code.txt", + "line_number": 4, + "secret": "vK9rP4mF2tXzG1sJ7bL5cW8qN0hY3dE/aI6uO4xS", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9ajasi8i/code.txt", + "line_number": 7, + "secret": "aws_s3_bucket\" \"financial_reports", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9ajasi8i/code.txt", + "line_number": 11, + "secret": "Financial Reports Bucket", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9ajasi8i/code.txt", + "line_number": 22, + "secret": "aws_s3_bucket_versioning\" \"versioning_example", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 6 + }, + { + "found_entries": [ + { + "line_number": 87, + "secret": "AKIAV5TZEU4QPC6GLFIB", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpi75kfn5q/code.txt", + "line_number": 10, + "secret": "AKIAV5TZEU4QPC6GLFIB", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 88, + "secret": "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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpi75kfn5q/code.txt", + "line_number": 11, + "secret": "aH2jL9sV/pQ7rB3fG1kM8oN5cW0qYdE+zR4vJ2xC", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpi75kfn5q/code.txt", + "line_number": 7, + "secret": "\"\"Reads a log file, uploads to S3, and sends an SNS notification.\"\"", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpi75kfn5q/code.txt", + "line_number": 10, + "secret": "AKIAV5TZEU4QPC6GLFIB", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpi75kfn5q/code.txt", + "line_number": 11, + "secret": "aH2jL9sV/pQ7rB3fG1kM8oN5cW0qYdE+zR4vJ2xC", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpi75kfn5q/code.txt", + "line_number": 11, + "secret": "aH2jL9sV/pQ7rB3fG1kM8oN5cW0qYdE+zR4vJ2xC", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpi75kfn5q/code.txt", + "line_number": 13, + "secret": "arn:aws:sns:ap-southeast-2:987654321012:SecurityAlertsHighPriority", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpi75kfn5q/code.txt", + "line_number": 25, + "secret": "Successfully uploaded {file_name} to {s3_bucket_name}", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 6 + }, + { + "found_entries": [ + { + "line_number": 29, + "secret": "pk.eyJ1IjoibW9iaWxlLXVzZXIxMiIsImEiOiJjbHB4dWRjc3QwYWR5MmtvNmg2cHl6ZzVyIn0.aF9rP2gS1tY8cE4jK6oMvQ", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp46q52hly/code.txt", + "line_number": 9, + "secret": "pk.eyJ1IjoibW9iaWxlLXVzZXIxMiIsImEiOiJjbHB4dWRjc3QwYWR5MmtvNmg2cHl6ZzVyIn0.aF9rP2gS1tY8cE4jK6oMvQ", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 34, + "secret": "seg_7mF3bZ8oN6cW0qYdE2pH7rL9sV1pQ4gH", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp46q52hly/code.txt", + "line_number": 14, + "secret": "seg_7mF3bZ8oN6cW0qYdE2pH7rL9sV1pQ4gH", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 38, + "secret": "https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o998877.ingest.sentry.io/1234567", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp46q52hly/code.txt", + "line_number": 18, + "secret": "https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o998877.ingest.sentry.io/1234567", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp46q52hly/code.txt", + "line_number": 14, + "secret": "seg_7mF3bZ8oN6cW0qYdE2pH7rL9sV1pQ4gH", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp46q52hly/code.txt", + "line_number": 25, + "secret": "https://api.staging.our-app.com/v2", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 2 + }, + { + "found_entries": [ + { + "line_number": 17, + "secret": "dckr_pat_b3FpZ9sK1mFj8oN6cW0qYdE2pH7rL", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpivly_oxw/code.txt", + "line_number": 17, + "secret": "dckr_pat_b3FpZ9sK1mFj8oN6cW0qYdE2pH7rL", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 32, + "secret": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImE4ZTVjMGEyYjYwZDE2NjYyOTI1OGNjZmMzYjI2Y2I4In0.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmNpOmdsaWRlciJ9.bX4fP8vR2wN9qK7vZ-lS6wYjZ8eT0nC-kF4gH1sJ3", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpivly_oxw/code.txt", + "line_number": 32, + "secret": "https://gke.prod-cluster.acme.io", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImE4ZTVjMGEyYjYwZDE2NjYyOTI1OGNjZmMzYjI2Y2I4In0.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmNpOmdsaWRlciJ9.bX4fP8vR2wN9qK7vZ-lS6wYjZ8eT0nC-kF4gH1sJ3", + "found_secret": "https://gke.prod-cluster.acme.io" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpivly_oxw/code.txt", + "line_number": 17, + "secret": "dckr_pat_b3FpZ9sK1mFj8oN6cW0qYdE2pH7rL", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpivly_oxw/code.txt", + "line_number": 17, + "secret": "dckr_pat_b3FpZ9sK1mFj8oN6cW0qYdE2pH7rL", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpivly_oxw/code.txt", + "line_number": 33, + "secret": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImE4ZTVjMGEyYjYwZDE2NjYyOTI1OGNjZmMzYjI2Y2I4In0.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmNpOmdsaWRlciJ9.bX4fP8vR2wN9qK7vZ-lS6wYjZ8eT0nC-kF4gH1sJ3", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpivly_oxw/code.txt", + "line_number": 33, + "secret": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImE4ZTVjMGEyYjYwZDE2NjYyOTI1OGNjZmMzYjI2Y2I4In0.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmNpOmdsaWRlciJ9.", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 4 + } + ], + "26": [ + { + "found_entries": [ + { + "line_number": 82, + "secret": "postgres://orders_api_user:fJ8#zL@9pQ$wK1!n@db.prod-us-east-1a.internal:5432/orders_production", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpfx3mv__2/code.txt", + "line_number": 11, + "secret": "postgres://orders_api_user:fJ8#zL@9pQ$wK1!n@db.prod-us-east-1a.internal:5432/orders_production", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 90, + "secret": "sk_live_51KoLx2BkF9zH8jR4aG1uWqSpL3bV7nTcX6yZ0mO8eF4vI9tP2uK5rJgS3hN7cW", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpfx3mv__2/code.txt", + "line_number": 19, + "secret": "sk_live_51KoLx2BkF9zH8jR4aG1uWqSpL3bV7nTcX6yZ0mO8eF4vI9tP2uK5rJgS3hN7cW", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpfx3mv__2/code.txt", + "line_number": 19, + "secret": "sk_live_51KoLx2BkF9zH8jR4aG1uWqSpL3bV7nTcX6yZ0mO8eF4vI9tP2uK5rJgS3hN7cW", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpfx3mv__2/code.txt", + "line_number": 19, + "secret": "sk_live_51KoLx2BkF9zH8jR4aG1uWqSpL3bV7nTcX6yZ0mO8eF4vI9tP2uK5rJgS3hN7cW", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpfx3mv__2/code.txt", + "line_number": 19, + "secret": "sk_live_51KoLx2BkF9zH8jR4aG1uWqS", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpfx3mv__2/code.txt", + "line_number": 31, + "secret": "/api/v1/charge', methods=['POST", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 4 + }, + { + "found_entries": [ + { + "line_number": 27, + "secret": "dckr_pat_uHj7gQ9rT4vL9yK2wF5zX8oN3aB6d", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpmnuiow91/code.txt", + "line_number": 10, + "secret": "dckr_pat_uHj7gQ9rT4vL9yK2wF5zX8oN3aB6d", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 28, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpmnuiow91/code.txt", + "line_number": 11, + "secret": "https://hooks.slack.com/services/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", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 29, + "secret": "apiVersion: v1\\nclusters:\\n- cluster:\\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFVENDQWxrZ0F3SUJBZ0lSQU5QVCtpb0c5djVqdjBBRW1nU1ZGTXN3Q2dZSUtvWkl6ajBFQXdJd0ZqRVUKTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1CNFhEVEl5TURjeU5ERXhNekV5Tkg4WERUSTBNRGd5T0RFeApNekV5TkgwZ096QXhNQzR4SURFYU1CZ0dBMVVFQ2hNU1FXVnpkR2x2Ym5NdlpHbHRZV2RsY2kxbmJHRnBiWE1NCkdBMVVFQXhNRmMyVmpkWEpwZEhrdWFHSnliM1JsZVRBZkJnTlZCQW9NRG5ONWMzUmxiVHBzYjNkbGJEMW5iR0ZwCmJYTTZJRG9nTUdFeEdUQVhCZ05WQkFNTUdFbGtZbDl3WVdkeVpYSnZibWN4TG1Gb2IzVjBkRlJFWlhKemIyNW0KYkdWMFlXNWpaU0JEYjI1MFpYTjBMbU52YlNCb2IzVjBkSFZ5YVdObExtWnBaWEl3SGhjTk1USTFNRGN4TURFNApNak00V2hjTk1UWXhNekF5TURFNU1qTTFXakE5TVI4d0hRWURWUVFLRXhaTmJHOWhaRzFwY3oxbFpHVnBiWE14Ckh6QWRCZ05WQkFNVEszaGhjbVV1WkhKallYUnBiMjV6TG5OdmJXRnpkR1Z5TFc5b2IyNDViMlJsYkhNdWMybHoKY21sMGEyVjBaSFZ5YVdObElFTmhjbVV1WkhKallYUnBiMjV6TFNCcFpHZGhiWEJzWlM1amIyMHdnZ0VpTUEwRwpDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRGZZKzgvS0hWQjh4WnZ0c0V0T0R0aFFpZFFDTnIKZ1R3NU1uWWdZbkYwYnJvM2ZLRllDTkZrb0Q4S0lPZmR0Z2ZHTjhtLyt1NG1rWUVKTE1RblZtVTRnUWl4M3JqZQp2TEx4OGl1VWZuVmxDT0ZkL2VHRXpjaDlMR1l2Z2Q3R0w1bVdCUnF5ZStjM1B5bU84a0d4bWpWbGl5eS9CcwpkK3Z4a3V2b1Mxc2d5TUVlY0ZPM3V6UmsvblZSb2lLR1lJcVNzc1p4eHlBbzVLRHFnL3p4NEl4eCtvTWd3QXoKNnJ4a1ZJdG9vNGhYc2R4c0E0aGFYajJmYVdGckk3b09kVkRucnczZDFLcnZ3dk9wU2xHNGswMVhxY3JGUlMKbjlTOWc4a25xL01BaWdKOWg2b25tNFFEQWdNQkFBR2pnWU13Z1lBd0hRWURWUjBPQkJZRUZEZDBsZTF1c25ICkczT2x2clBqdzF5N0hXSmJNQjhHQTFVZEl3UVlNQmFBRkRkMGxlMXVzbmhHM09sdnJQancxeTdIV0pqTUJnRwpBMVVkSlFRV01CUUdDcUdHU0liM0RRRUJDd1VBT0dDQVFFQXp2dDBoMWNpc2Z0eXQ5dHRtV2hYdEd4NmdFbjcKYjlxY0ZpS042aG5uZmF0a2x4K2t2Wkd4WlVqYnp2VzJtNmp3L3Y0T2k5ZkZ1QWlXdm9LMG1zMEJVRkF0OW9JCllwZ0FpU3UvTzRjMXN0MXJpYnQ5c0J0L2x1VzhCVDFVd0x1UHNlRGNVd1V0eFNMVyt0ek5qZkZQeDFyZEg3bAp1M1V5eE9ScVd5SWY1Nm9zQkErb3VmMERvMXJjU0Z0SWFvRDBHSHhld3A1amN5b25kZ2h5WnJLVllDdlk1TksKU3Uxb0V4VXRlMGRjWnl3a0NqYytlSWgrSndVQU1kRjdLclVRM0pYcWd2WExvY2R1S3F4cFVmZTRlMWF0a3E5CnVvQnNBQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K server: https://1E2D3F4A.sk1.us-west-2.eks.amazonaws.com\\n name: eks-prod-cluster\\ncontexts:\\n- context:\\n cluster: eks-prod-cluster\\n user: eks-prod-user\\n name: eks-prod-context\\ncurrent-context: eks-prod-context\\nkind: Config\\npreferences: {}\\nusers:\\n- name: eks-prod-user\\n user:\\n token: k8s-aws-v1.aHR0cHM6Ly9zdHMuYW1hem9uYXdzLmNvbS8_QWN0aW9uPUdldENhbGxlcklkZW50aXR5JlgxMT1leGVjLmluZm8mWC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BU0lBVklaWDhNTzZYT0o1WE1EMiUyRjIwMjMwNjEzJTJGcnUtY2VudHJhbC0xJTJGc3RzJTJGYXdzNF9yZXF1ZXN0Jlg...", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpmnuiow91/code.txt", + "line_number": 12, + "secret": "apiVersion: v1\\nclusters:\\n- cluster:\\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFVENDQWxrZ0F3SUJBZ0lSQU5QVCtpb0c5djVqdjBBRW1nU1ZGTXN3Q2dZSUtvWkl6ajBFQXdJd0ZqRVUKTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1CNFhEVEl5TURjeU5ERXhNekV5Tkg4WERUSTBNRGd5T0RFeApNekV5TkgwZ096QXhNQzR4SURFYU1CZ0dBMVVFQ2hNU1FXVnpkR2x2Ym5NdlpHbHRZV2RsY2kxbmJHRnBiWE1NCkdBMVVFQXhNRmMyVmpkWEpwZEhrdWFHSnliM1JsZVRBZkJnTlZCQW9NRG5ONWMzUmxiVHBzYjNkbGJEMW5iR0ZwCmJYTTZJRG9nTUdFeEdUQVhCZ05WQkFNTUdFbGtZbDl3WVdkeVpYSnZibWN4TG1Gb2IzVjBkRlJFWlhKemIyNW0KYkdWMFlXNWpaU0JEYjI1MFpYTjBMbU52YlNCb2IzVjBkSFZ5YVdObExtWnBaWEl3SGhjTk1USTFNRGN4TURFNApNak00V2hjTk1UWXhNekF5TURFNU1qTTFXakE5TVI4d0hRWURWUVFLRXhaTmJHOWhaRzFwY3oxbFpHVnBiWE14Ckh6QWRCZ05WQkFNVEszaGhjbVV1WkhKallYUnBiMjV6TG5OdmJXRnpkR1Z5TFc5b2IyNDViMlJsYkhNdWMybHoKY21sMGEyVjBaSFZ5YVdObElFTmhjbVV1WkhKallYUnBiMjV6TFNCcFpHZGhiWEJzWlM1amIyMHdnZ0VpTUEwRwpDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRGZZKzgvS0hWQjh4WnZ0c0V0T0R0aFFpZFFDTnIKZ1R3NU1uWWdZbkYwYnJvM2ZLRllDTkZrb0Q4S0lPZmR0Z2ZHTjhtLyt1NG1rWUVKTE1RblZtVTRnUWl4M3JqZQp2TEx4OGl1VWZuVmxDT0ZkL2VHRXpjaDlMR1l2Z2Q3R0w1bVdCUnF5ZStjM1B5bU84a0d4bWpWbGl5eS9CcwpkK3Z4a3V2b1Mxc2d5TUVlY0ZPM3V6UmsvblZSb2lLR1lJcVNzc1p4eHlBbzVLRHFnL3p4NEl4eCtvTWd3QXoKNnJ4a1ZJdG9vNGhYc2R4c0E0aGFYajJmYVdGckk3b09kVkRucnczZDFLcnZ3dk9wU2xHNGswMVhxY3JGUlMKbjlTOWc4a25xL01BaWdKOWg2b25tNFFEQWdNQkFBR2pnWU13Z1lBd0hRWURWUjBPQkJZRUZEZDBsZTF1c25ICkczT2x2clBqdzF5N0hXSmJNQjhHQTFVZEl3UVlNQmFBRkRkMGxlMXVzbmhHM09sdnJQancxeTdIV0pqTUJnRwpBMVVkSlFRV01CUUdDcUdHU0liM0RRRUJDd1VBT0dDQVFFQXp2dDBoMWNpc2Z0eXQ5dHRtV2hYdEd4NmdFbjcKYjlxY0ZpS042aG5uZmF0a2x4K2t2Wkd4WlVqYnp2VzJtNmp3L3Y0T2k5ZkZ1QWlXdm9LMG1zMEJVRkF0OW9JCllwZ0FpU3UvTzRjMXN0MXJpYnQ5c0J0L2x1VzhCVDFVd0x1UHNlRGNVd1V0eFNMVyt0ek5qZkZQeDFyZEg3bAp1M1V5eE9ScVd5SWY1Nm9zQkErb3VmMERvMXJjU0Z0SWFvRDBHSHhld3A1amN5b25kZ2h5WnJLVllDdlk1TksKU3Uxb0V4VXRlMGRjWnl3a0NqYytlSWgrSndVQU1kRjdLclVRM0pYcWd2WExvY2R1S3F4cFVmZTRlMWF0a3E5CnVvQnNBQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K server: https://1E2D3F4A.sk1.us-west-2.eks.amazonaws.com\\n name: eks-prod-cluster\\ncontexts:\\n- context:\\n cluster: eks-prod-cluster\\n user: eks-prod-user\\n name: eks-prod-context\\ncurrent-context: eks-prod-context\\nkind: Config\\npreferences: {}\\nusers:\\n- name: eks-prod-user\\n user:\\n token: k8s-aws-v1.aHR0cHM6Ly9zdHMuYW1hem9uYXdzLmNvbS8_QWN0aW9uPUdldENhbGxlcklkZW50aXR5JlgxMT1leGVjLmluZm8mWC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BU0lBVklaWDhNTzZYT0o1WE1EMiUyRjIwMjMwNjEzJTJGcnUtY2VudHJhbC0xJTJGc3RzJTJGYXdzNF9yZXF1ZXN0Jlg...", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpmnuiow91/code.txt", + "line_number": 10, + "secret": "dckr_pat_uHj7gQ9rT4vL9yK2wF5zX8oN3aB6d", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpmnuiow91/code.txt", + "line_number": 10, + "secret": "dckr_pat_uHj7gQ9rT4vL9yK2wF5zX8oN3aB6d", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpmnuiow91/code.txt", + "line_number": 11, + "secret": "https://hooks.slack.com/services/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", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 46, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp55gaso80/code.txt", + "line_number": 5, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 47, + "secret": "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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp55gaso80/code.txt", + "line_number": 6, + "secret": "pL8hJk/aGvN7YcT2XrU4FzE9mBwD5+qI3oV1sSgK", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp55gaso80/code.txt", + "line_number": 5, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp55gaso80/code.txt", + "line_number": 6, + "secret": "pL8hJk/aGvN7YcT2XrU4FzE9mBwD5+qI3oV1sSgK", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp55gaso80/code.txt", + "line_number": 6, + "secret": "pL8hJk/aGvN7YcT2XrU4FzE9mBwD5+qI3oV1sSgK", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp55gaso80/code.txt", + "line_number": 27, + "secret": "aws_db_instance\" \"postgresql_db", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp55gaso80/code.txt", + "line_number": 34, + "secret": "Adm1nPassw0rd!ChangeThisLater", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp55gaso80/code.txt", + "line_number": 34, + "secret": "Adm1nPassw0rd!ChangeThisLater", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 6 + }, + { + "found_entries": [ + { + "line_number": 208, + "secret": "Endpoint=sb://myeventhub-prod.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=jV3zK9bR4sP7xG1fH5vD2uM8qY6wL0aT+AbC=dEfGhI=", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4ugfika5/code.txt", + "line_number": 8, + "secret": "Endpoint=sb://myeventhub-prod.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=jV3zK9bR4sP7xG1fH5vD2uM8qY6wL0aT+AbC=dEfGhI=", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 228, + "secret": "SG.aV4gH9rT2pL7.xJ5sK1mF3bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mF3bZ8oN", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4ugfika5/code.txt", + "line_number": 28, + "secret": "SG.aV4gH9rT2pL7.xJ5sK1mF3bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mF3bZ8oN", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4ugfika5/code.txt", + "line_number": 28, + "secret": "SG.aV4gH9rT2pL7.xJ5sK1mF3bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mF3bZ8oN", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 1 + }, + { + "found_entries": [], + "not_found_entries": [ + { + "line_number": 127, + "secret": "{\n\"type\": \"service_account\",\n\"project_id\": \"internal-data-pipeline-314159\",\n\"private_key_id\": \"a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0\",\n\"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6sA7g5+fE6tSj\\n4p6t2w3x...\\n... (key data continues) ...\\nfN4r4c0i9v6j5t7r9s1u3v5x7z9A1B3C5E7G9I1K3M5O7Q9S1U3W5Y7Z9a1c3e5g\\n7i9k1m3o5q7s9u1w3y5z7B9D1F3H5J7L9N1P3R5T7V9X1Z3b5d7f9h1j3l5n7p9r\\n...\\n-----END PRIVATE KEY-----\\n\",\n\"client_email\": \"backup-runner@internal-data-pipeline-314159.iam.gserviceaccount.com\",\n\"client_id\": \"109876543210987654321\",\n\"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\n\"token_uri\": \"https://oauth2.googleapis.com/token\",\n\"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\n\"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/backup-runner%40internal-data-pipeline-314159.iam.gserviceaccount.com\"\n}", + "label": "True Positive", + "expected_line": 13, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpmc6k7wqq/code.txt", + "line_number": 15, + "secret": "project_id\": \"internal-data-pipeline-314159", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpmc6k7wqq/code.txt", + "line_number": 16, + "secret": "private_key_id\": \"a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpmc6k7wqq/code.txt", + "line_number": 17, + "secret": "BEGIN PRIVATE KEY", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpmc6k7wqq/code.txt", + "line_number": 17, + "secret": "private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6sA7g5+fE6tSj\\n4p6t2w3x...\\n... (key data continues) ...\\nfN4r4c0i9v6j5t7r9s1u3v5x7z9A1B3C5E7G9I1K3M5O7Q9S1U3W5Y7Z9a1c3e5g\\n7i9k1m3o5q7s9u1w3y5z7B9D1F3H5J7L9N1P3R5T7V9X1Z3b5d7f9h1j3l5n7p9r\\n...\\n-----END PRIVATE KEY-----\\n", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpmc6k7wqq/code.txt", + "line_number": 18, + "secret": "client_email\": \"backup-runner@internal-data-pipeline-314159.iam.gserviceaccount.com", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpmc6k7wqq/code.txt", + "line_number": 19, + "secret": "client_id\": \"109876543210987654321", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpmc6k7wqq/code.txt", + "line_number": 20, + "secret": "auth_uri\": \"https://accounts.google.com/o/oauth2/auth", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpmc6k7wqq/code.txt", + "line_number": 21, + "secret": "token_uri\": \"https://oauth2.googleapis.com/token", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpmc6k7wqq/code.txt", + "line_number": 22, + "secret": "auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpmc6k7wqq/code.txt", + "line_number": 23, + "secret": "client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/backup-runner%40internal-data-pipeline-314159.iam.gserviceaccount.com", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 0, + "total_missed": 1, + "total_false_positives": 10 + } + ], + "28": [ + { + "found_entries": [ + { + "line_number": 131, + "secret": "sk_live_51Mv9L2ApC9eG1tZ8cRwXvWqSjU3mBhT5yE6eF2dD4cCnRbAqZgXwVvUuYtRsPaOcB9a8g", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp40kyd3mt/code.txt", + "line_number": 20, + "secret": "sk_live_51Mv9L2ApC9eG1tZ8cRwXvWq", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "sk_live_51Mv9L2ApC9eG1tZ8cRwXvWqSjU3mBhT5yE6eF2dD4cCnRbAqZgXwVvUuYtRsPaOcB9a8g", + "found_secret": "sk_live_51Mv9L2ApC9eG1tZ8cRwXvWq" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp40kyd3mt/code.txt", + "line_number": 7, + "secret": "github.com/stripe/stripe-go/v72", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp40kyd3mt/code.txt", + "line_number": 8, + "secret": "github.com/stripe/stripe-go/v72/paymentintent", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp40kyd3mt/code.txt", + "line_number": 20, + "secret": "sk_live_51Mv9L2ApC9eG1tZ8cRwXvWqSjU3mBhT5yE6eF2dD4cCnRbAqZgXwVvUuYtRsPaOcB9a8g", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp40kyd3mt/code.txt", + "line_number": 20, + "secret": "sk_live_51Mv9L2ApC9eG1tZ8cRwXvWqSjU3mBhT5yE6eF2dD4cCnRbAqZgXwVvUuYtRsPaOcB9a8g", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 4 + }, + { + "found_entries": [ + { + "line_number": 61, + "secret": "dckr_pat_f9JkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1o_nq7pn/code.txt", + "line_number": 17, + "secret": "docker login -u mycorp_ci_bot -p dckr_pat_f9JkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "dckr_pat_f9JkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy", + "found_secret": "docker login -u mycorp_ci_bot -p dckr_pat_f9JkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy" + }, + { + "line_number": 70, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1o_nq7pn/code.txt", + "line_number": 26, + "secret": "https://hooks.slack.com/services/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", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1o_nq7pn/code.txt", + "line_number": 18, + "secret": "docker build -t ${dockerImage} .", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1o_nq7pn/code.txt", + "line_number": 19, + "secret": "docker push ${dockerImage}", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1o_nq7pn/code.txt", + "line_number": 26, + "secret": "https://hooks.slack.com/services/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", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1o_nq7pn/code.txt", + "line_number": 28, + "secret": "Content-type: application/json' --data '{\"text\":\"Deployment of ${DOCKER_IMAGE_NAME}:${env.BUILD_NUMBER} completed successfully!\"}", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 4 + }, + { + "found_entries": [ + { + "line_number": 90, + "secret": "AKIAV7S4M3N2O1P6Q5R8", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpjwtarvqq/code.txt", + "line_number": 3, + "secret": "AKIAV7S4M3N2O1P6Q5R8", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 91, + "secret": "uG+hJkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpjwtarvqq/code.txt", + "line_number": 4, + "secret": "uG+hJkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpjwtarvqq/code.txt", + "line_number": 3, + "secret": "AKIAV7S4M3N2O1P6Q5R8", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpjwtarvqq/code.txt", + "line_number": 4, + "secret": "uG+hJkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpjwtarvqq/code.txt", + "line_number": 4, + "secret": "uG+hJkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpjwtarvqq/code.txt", + "line_number": 8, + "secret": "my-app-production-logs-20240315", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpjwtarvqq/code.txt", + "line_number": 11, + "secret": "Application Logs Bucket", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 5 + }, + { + "found_entries": [ + { + "line_number": 214, + "secret": "D#fG8*jK!lM2$n P5", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpl7eurhxi/code.txt", + "line_number": 14, + "secret": "D#fG8*jK!lM2$n P5", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [ + { + "line_number": 218, + "secret": "key-c9a8b7d6e5f4a3b2c1d0e9f8a7b6c5d4", + "label": "True Positive", + "expected_line": 18, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpl7eurhxi/code.txt", + "line_number": 14, + "secret": "D#fG8*jK!lM2$n P5", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpl7eurhxi/code.txt", + "line_number": 15, + "secret": "mysql:host=$db_host;dbname=$db_name", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpl7eurhxi/code.txt", + "line_number": 22, + "secret": "SELECT email, name FROM users WHERE needs_welcome_email = TRUE", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpl7eurhxi/code.txt", + "line_number": 27, + "secret": "subject' => 'Welcome to Our Service!", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpl7eurhxi/code.txt", + "line_number": 28, + "secret": "text' => 'Thank you for signing up.", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 1, + "total_missed": 1, + "total_false_positives": 5 + }, + { + "found_entries": [ + { + "line_number": 44, + "secret": "https://b4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9@o1234567.ingest.sentry.io/8901234", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp736zz7e9/code.txt", + "line_number": 12, + "secret": "https://b4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9@o1234567.ingest.sentry.io/8901234", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 57, + "secret": "pk.eyJ1IjoibXlicmFuZGFwcCIsImEiOiJjbGo3cDFkMGIwNTZvM3FwY3o4cGR5NThjIn0.v9a8d7C6b5a4f3e2d1c0b9a8f7e6d5c4", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp736zz7e9/code.txt", + "line_number": 25, + "secret": "pk.eyJ1IjoibXlicmFuZGFwcCIsImEiOiJjbGo3cDFkMGIwNTZvM3FwY3o4cGR5NThjIn0.v9a8d7C6b5a4f3e2d1c0b9a8f7e6d5c4", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 0 + } + ], + "29": [ + { + "found_entries": [ + { + "line_number": 45, + "secret": "AKIAU4V5M7W3XYZ6B2C4", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpgokeq6wq/code.txt", + "line_number": 13, + "secret": "AKIAU4V5M7W3XYZ6B2C4", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 46, + "secret": "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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpgokeq6wq/code.txt", + "line_number": 14, + "secret": "p8m/zGqK+JtL9rU3wY2xVvNcB7hF4jD1sK0oA6bC", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpgokeq6wq/code.txt", + "line_number": 11, + "secret": "\"\"Uploads a daily report to a specified S3 bucket.\"\"", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpgokeq6wq/code.txt", + "line_number": 14, + "secret": "p8m/zGqK+JtL9rU3wY2xVvNcB7hF4jD1sK0oA6bC", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpgokeq6wq/code.txt", + "line_number": 14, + "secret": "p8m/zGqK+JtL9rU3wY2xVvNcB7hF4jD1sK0oA6bC", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpgokeq6wq/code.txt", + "line_number": 14, + "secret": "p8m/zGqK+JtL9rU3wY2xVvNcB7hF4jD1sK0oA6bC", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpgokeq6wq/code.txt", + "line_number": 24, + "secret": "reports/daily/{report_date}-sales-summary.csv", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpgokeq6wq/code.txt", + "line_number": 27, + "secret": "Uploading {file_path} to {bucket_name}/{object_key}", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpgokeq6wq/code.txt", + "line_number": 34, + "secret": "./local_sales_report.csv\", \"company-internal-data-4921", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 7 + }, + { + "found_entries": [ + { + "line_number": 118, + "secret": "dd-api-9871e4a2dff3b3e511d7392110427c3d", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpgo3omq0r/code.txt", + "line_number": 7, + "secret": "dd-api-9871e4a2dff3b3e511d7392110427c3d", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpgo3omq0r/code.txt", + "line_number": 12, + "secret": "[Critical] High CPU Utilization on RDS Instance", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpgo3omq0r/code.txt", + "line_number": 14, + "secret": "@slack-data-alerts CPU utilization is over 90% on {{dbinstanceidentifier.name}}. Please investigate immediately.", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpgo3omq0r/code.txt", + "line_number": 15, + "secret": "The RDS instance is still under high CPU load. Escalating to on-call SRE @pagerduty-sre-team.", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpgo3omq0r/code.txt", + "line_number": 17, + "secret": "avg(last_5m):avg:aws.rds.cpuutilization{dbinstanceidentifier:prod-main-db-1} > 90", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 4 + }, + { + "found_entries": [ + { + "line_number": 102, + "secret": "sk_live_51Mv9L2FqA8fG1tYpKrZxvWqSjU3mH8sD7gY5bN4c3pL1kM0oJ9iR", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpznjpn4d8/code.txt", + "line_number": 15, + "secret": "sk_live_51Mv9L2FqA8fG1tYpKrZxvWqSjU3mH8sD7gY5bN4c3pL1kM0oJ9iR", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 105, + "secret": "postgres://billing_svc:aH7#kL$pQ2s!zX9@db-payments.us-east-1.rds.amazonaws.com:5432/payments_prod", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpznjpn4d8/code.txt", + "line_number": 18, + "secret": "postgres://billing_svc:aH7#kL$pQ2s!zX9@db-payments.us-east-1.rds.amazonaws.com:5432/payments_prod", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpznjpn4d8/code.txt", + "line_number": 10, + "secret": "github.com/stripe/stripe-go/v72", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpznjpn4d8/code.txt", + "line_number": 11, + "secret": "github.com/stripe/stripe-go/v72/paymentintent", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpznjpn4d8/code.txt", + "line_number": 15, + "secret": "sk_live_51Mv9L2FqA8fG1tYpKrZxvWqSjU3mH8sD7gY5bN4c3pL1kM0oJ9iR", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpznjpn4d8/code.txt", + "line_number": 15, + "secret": "sk_live_51Mv9L2FqA8fG1tYpKrZxvWq", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpznjpn4d8/code.txt", + "line_number": 25, + "secret": "Database and Stripe clients initialized successfully.", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 5 + }, + { + "found_entries": [ + { + "line_number": 19, + "secret": "dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpy1_pzw27/code.txt", + "line_number": 19, + "secret": "dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [ + { + "line_number": 33, + "secret": "|\n -----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAYEAulh6rT5hQh2w8e4q9l5z4i6f2r8b7e0d5n3x5q6z7w8b9c0d1e2f\n3g4h5j6k7l8m9n0b1c2d3e4f5g6h7i8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m\n8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v\n3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7\nz8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\nd5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h\n0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5\nm6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6_j7k8l9m0n1b2v3c4x5\n-----END OPENSSH PRIVATE KEY-----", + "label": "True Positive", + "expected_line": 33, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpy1_pzw27/code.txt", + "line_number": 19, + "secret": "dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpy1_pzw27/code.txt", + "line_number": 19, + "secret": "dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpy1_pzw27/code.txt", + "line_number": 34, + "secret": "BEGIN OPENSSH PRIVATE KEY", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 1, + "total_missed": 1, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 11, + "secret": "jdbc:postgresql://prod-db-replica.c9u3x4y5z6a7.us-west-2.rds.amazonaws.com:5432/analytics?user=report_user&password=7G$z#9*kL@qP!", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbzw7i27f/code.txt", + "line_number": 11, + "secret": "jdbc:postgresql://prod-db-replica.c9u3x4y5z6a7.us-west-2.rds.amazonaws.com:5432/analytics?user=report_user&password=7G$z#9*kL@qP!", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 20, + "secret": "SG.aV4gH9rT2pL7xJ5sK1mFw.bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mFw_bZ8oN6cW0qYdE", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbzw7i27f/code.txt", + "line_number": 20, + "secret": "SG.aV4gH9rT2pL7xJ5sK1mFw.bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mFw_bZ8oN6cW0qYdE", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbzw7i27f/code.txt", + "line_number": 12, + "secret": "org.hibernate.dialect.PostgreSQLDialect", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbzw7i27f/code.txt", + "line_number": 20, + "secret": "SG.aV4gH9rT2pL7xJ5sK1mFw.bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mFw_bZ8oN6cW0qYdE", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 2 + } + ], + "30": [ + { + "found_entries": [ + { + "line_number": 86, + "secret": "postgres://reports_svc:3^z&tK9@pL!v$rR@db-reporting.c4zqm9fp1v2a.eu-west-1.rds.amazonaws.com:5432/analytics_prod", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpyb51_ms_/code.txt", + "line_number": 9, + "secret": "SQLALCHEMY_DATABASE_URI'] = 'postgres://reports_svc:3^z&tK9@pL!v$rR@db-reporting.c4zqm9fp1v2a.eu-west-1.rds.amazonaws.com:5432/analytics_prod", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "postgres://reports_svc:3^z&tK9@pL!v$rR@db-reporting.c4zqm9fp1v2a.eu-west-1.rds.amazonaws.com:5432/analytics_prod", + "found_secret": "SQLALCHEMY_DATABASE_URI'] = 'postgres://reports_svc:3^z&tK9@pL!v$rR@db-reporting.c4zqm9fp1v2a.eu-west-1.rds.amazonaws.com:5432/analytics_prod" + } + ], + "not_found_entries": [ + { + "line_number": 90, + "secret": "8f3d1e2a-6c5b-4a99-8d7c-3f9b1e4a2d7f", + "label": "True Positive", + "expected_line": 13, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpyb51_ms_/code.txt", + "line_number": 10, + "secret": "SQLALCHEMY_TRACK_MODIFICATIONS", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpyb51_ms_/code.txt", + "line_number": 21, + "secret": "/login', methods=['POST", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpyb51_ms_/code.txt", + "line_number": 26, + "secret": "test", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 1, + "total_missed": 1, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 58, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1a8ej7vv/code.txt", + "line_number": 17, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 59, + "secret": "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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1a8ej7vv/code.txt", + "line_number": 18, + "secret": "pL8fG1tY9cRzXvWqSjU3mB2sL4hK7dF0aN5oP1zE", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1a8ej7vv/code.txt", + "line_number": 17, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1a8ej7vv/code.txt", + "line_number": 18, + "secret": "pL8fG1tY9cRzXvWqSjU3mB2sL4hK7dF0aN5oP1zE", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1a8ej7vv/code.txt", + "line_number": 18, + "secret": "pL8fG1tY9cRzXvWqSjU3mB2sL4hK7dF0aN5oP1zE", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 134, + "secret": "dckr_pat_7aF9c2eD-5bG8h-4J1k-m3N4o-p6Q7rS8tU9wX", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpo8fwk840/code.txt", + "line_number": 20, + "secret": "dckr_pat_7aF9c2eD-5bG8h-4J1k-m3N4o-p6Q7rS8tU9wX", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 146, + "secret": "https://hooks.slack.com/services/T01A2B3C4D5/B02E1F2G3H4/aBcDeFgHiJkLmNoPqRsTuVwX", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpo8fwk840/code.txt", + "line_number": 32, + "secret": "https://hooks.slack.com/services/T01A2B3C4D5/B02E1F2G3H4/aBcDeFgHiJkLmNoPqRsTuVwX", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 151, + "secret": "https://hooks.slack.com/services/T01A2B3C4D5/B02E1F2G3H4/aBcDeFgHiJkLmNoPqRsTuVwX", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpo8fwk840/code.txt", + "line_number": 37, + "secret": "Content-type: application/json' --data '{\"text\":\"URGENT: Frontend deployment failed!\"}", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "https://hooks.slack.com/services/T01A2B3C4D5/B02E1F2G3H4/aBcDeFgHiJkLmNoPqRsTuVwX", + "found_secret": "Content-type: application/json' --data '{\"text\":\"URGENT: Frontend deployment failed!\"}" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpo8fwk840/code.txt", + "line_number": 20, + "secret": "dckr_pat_7aF9c2eD-5bG8h-4J1k-m3N4o-p6Q7rS8tU9wX", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpo8fwk840/code.txt", + "line_number": 20, + "secret": "dckr_pat_7aF9c2eD-5bG8h-4J1k-m3N4o-p6Q7rS8tU9wX", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpo8fwk840/code.txt", + "line_number": 32, + "secret": "Content-type: application/json' --data '{\"text\":\"Frontend deployment to production succeeded!\"}", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 236, + "secret": "pk.eyJ1IjoiYm9iYnljb2RlcjkzIiwiYSI6ImNrdjR4cDFnMWhwMzAydnFwZXE1cHp2N3EifQ.mG5Jc4u_A5QfDtCg9C0C3A", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwt7ewsll/code.txt", + "line_number": 6, + "secret": "pk.eyJ1IjoiYm9iYnljb2RlcjkzIiwiYSI6ImNrdjR4cDFnMWhwMzAydnFwZXE1cHp2N3EifQ.mG5Jc4u_A5QfDtCg9C0C3A", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 241, + "secret": "https://3a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d@o1234567.ingest.sentry.io/9876543", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwt7ewsll/code.txt", + "line_number": 11, + "secret": "https://3a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d@o1234567.ingest.sentry.io/9876543", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 0 + }, + { + "found_entries": [ + { + "line_number": 16, + "secret": "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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9m07umj5/code.txt", + "line_number": 16, + "secret": "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", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 23, + "secret": "f1tY9cRzXvWqSjU3mB2sL4hK7dE0a#Z@p^K", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9m07umj5/code.txt", + "line_number": 23, + "secret": "f1tY9cRzXvWqSjU3mB2sL4hK7dE0a#Z@p^K", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9m07umj5/code.txt", + "line_number": 11, + "secret": "jdbc:postgresql://prod-db.postgres.database.azure.com:5432/authdb", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9m07umj5/code.txt", + "line_number": 15, + "secret": "987654321098-a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6.apps.googleusercontent.com", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9m07umj5/code.txt", + "line_number": 16, + "secret": "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", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9m07umj5/code.txt", + "line_number": 16, + "secret": "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", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9m07umj5/code.txt", + "line_number": 23, + "secret": "f1tY9cRzXvWqSjU3mB2sL4hK7dE0a#Z@p^K", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 5 + } + ], + "31": [ + { + "found_entries": [ + { + "line_number": 92, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9tlbi_vy/code.txt", + "line_number": 5, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 93, + "secret": "kG7hF9jD2sL4mP6qR8tV0wX3zY5bA7cE9fI1kN", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9tlbi_vy/code.txt", + "line_number": 6, + "secret": "kG7hF9jD2sL4mP6qR8tV0wX3zY5bA7cE9fI1kN", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9tlbi_vy/code.txt", + "line_number": 5, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9tlbi_vy/code.txt", + "line_number": 6, + "secret": "kG7hF9jD2sL4mP6qR8tV0wX3zY5bA7cE9fI1kN", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9tlbi_vy/code.txt", + "line_number": 6, + "secret": "kG7hF9jD2sL4mP6qR8tV0wX3zY5bA7cE9fI1kN", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9tlbi_vy/code.txt", + "line_number": 21, + "secret": "ACL': 'private', 'ServerSideEncryption': 'AES256", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9tlbi_vy/code.txt", + "line_number": 23, + "secret": "Upload successful for {object_name} to bucket {bucket}.", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9tlbi_vy/code.txt", + "line_number": 33, + "secret": "report-2023-q4.pdf', 'corp-financial-reports-11032023", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 6 + }, + { + "found_entries": [ + { + "line_number": 53, + "secret": "AKIAW6QXOJ2ZL5TG7FAP", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbz8dcg_8/code.txt", + "line_number": 13, + "secret": "AKIAW6QXOJ2ZL5TG7FAP", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 54, + "secret": "fG9zL2tJ4mH6cR8vB1xS5oE3dY7uW0qA9pI8nZ", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbz8dcg_8/code.txt", + "line_number": 14, + "secret": "fG9zL2tJ4mH6cR8vB1xS5oE3dY7uW0qA9pI8nZ", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 74, + "secret": "ae3267d64b63e8a9c2a689b0d64f0b09", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbz8dcg_8/code.txt", + "line_number": 34, + "secret": "ae3267d64b63e8a9c2a689b0d64f0b09", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbz8dcg_8/code.txt", + "line_number": 13, + "secret": "AKIAW6QXOJ2ZL5TG7FAP", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbz8dcg_8/code.txt", + "line_number": 14, + "secret": "fG9zL2tJ4mH6cR8vB1xS5oE3dY7uW0qA9pI8nZ", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbz8dcg_8/code.txt", + "line_number": 14, + "secret": "fG9zL2tJ4mH6cR8vB1xS5oE3dY7uW0qA9pI8nZ", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbz8dcg_8/code.txt", + "line_number": 33, + "secret": "Datadog API key for agent configuration.", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 4 + }, + { + "found_entries": [ + { + "line_number": 123, + "secret": "pk.eyJ1IjoibWFwYWRtaW4iLCJhIjoiY2t1b2Q4c3M2MWY4aTJ2bnZkaXA2b2YzeSJ9.wG8fQzR6v4kXpL7yC9jTqA", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmptw_4n90z/code.txt", + "line_number": 9, + "secret": "pk.eyJ1IjoibWFwYWRtaW4iLCJhIjoiY2t1b2Q4c3M2MWY4aTJ2bnZkaXA2b2YzeSJ9.wG8fQzR6v4kXpL7yC9jTqA", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 127, + "secret": "https://a9f3b8e7d6c54a108f9b9c0e2d1a3c7f@o112233.ingest.sentry.io/45056789012345", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmptw_4n90z/code.txt", + "line_number": 13, + "secret": "https://a9f3b8e7d6c54a108f9b9c0e2d1a3c7f@o112233.ingest.sentry.io/45056789012345", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmptw_4n90z/code.txt", + "line_number": 32, + "secret": "© Mapbox", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 43, + "secret": "dckr_pat_yNv7sW3zT6jK8hL2mP5gF0xU4qR9cE1aB", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4_4futlo/code.txt", + "line_number": 19, + "secret": "dckr_pat_yNv7sW3zT6jK8hL2mP5gF0xU4qR9cE1aB", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 59, + "secret": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAYEAy1A8G8yY2Q0bY8R2fN3eD6rN5bV5oY6zV9nB9zC8rV2aW9nS6qWj\nY9mF7bM3cM9yV1wR6tY3fO2uP8tJ5gY4oZ1jI9pU7fH4xK9pD8oW7yL6kC4hB3sF2xW1zS9\npG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9pG+eR5sD0vM6sN1cK8v\nI4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9pG+eR5sD0vM6sN1cK8vY5htrZ6wF4xK9pD8oW7\nyL6kC4hB3sF2xW1zS9pG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9\npG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wQ2xV1sS9pG+eRb3rAwAAAAtkZXB\nsb3lAYXBwLXNlcnZlcgE=\n-----END OPENSSH PRIVATE KEY-----", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4_4futlo/code.txt", + "line_number": 35, + "secret": "BEGIN OPENSSH PRIVATE KEY", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAYEAy1A8G8yY2Q0bY8R2fN3eD6rN5bV5oY6zV9nB9zC8rV2aW9nS6qWj\nY9mF7bM3cM9yV1wR6tY3fO2uP8tJ5gY4oZ1jI9pU7fH4xK9pD8oW7yL6kC4hB3sF2xW1zS9\npG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9pG+eR5sD0vM6sN1cK8v\nI4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9pG+eR5sD0vM6sN1cK8vY5htrZ6wF4xK9pD8oW7\nyL6kC4hB3sF2xW1zS9pG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9\npG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wQ2xV1sS9pG+eRb3rAwAAAAtkZXB\nsb3lAYXBwLXNlcnZlcgE=\n-----END OPENSSH PRIVATE KEY-----", + "found_secret": "BEGIN OPENSSH PRIVATE KEY" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4_4futlo/code.txt", + "line_number": 19, + "secret": "dckr_pat_yNv7sW3zT6jK8hL2mP5gF0xU4qR9cE1aB", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4_4futlo/code.txt", + "line_number": 19, + "secret": "dckr_pat_yNv7sW3zT6jK8hL2mP5gF0xU4qR9cE1aB", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 2 + }, + { + "found_entries": [ + { + "line_number": 20, + "secret": "sk_live_51Kx0L2BzT8gG1uY9cFzXvWqSjU3mB2hA4fD6eG8iJ1kM3nO5pR7sT9uV", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbrtrokil/code.txt", + "line_number": 20, + "secret": "sk_live_51Kx0L2BzT8gG1uY9cFzXvWq", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "sk_live_51Kx0L2BzT8gG1uY9cFzXvWqSjU3mB2hA4fD6eG8iJ1kM3nO5pR7sT9uV", + "found_secret": "sk_live_51Kx0L2BzT8gG1uY9cFzXvWq" + }, + { + "line_number": 23, + "secret": "ACf4b2e1c9d8a7f6e5d4c3b2a1a0987654", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbrtrokil/code.txt", + "line_number": 23, + "secret": "ACf4b2e1c9d8a7f6e5d4c3b2a1a0987654", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [ + { + "line_number": 6, + "secret": "Pg#sEcRet!P@sS_9fXz8$t", + "label": "True Positive", + "expected_line": 6, + "reason": "not_detected" + }, + { + "line_number": 24, + "secret": "a4b3c2d1e0f9a8b7c6d5e4f3a2b1c0d9", + "label": "True Positive", + "expected_line": 24, + "reason": "not_detected" + } + ], + "false_positives": [], + "total_actual": 4, + "total_found": 2, + "total_missed": 2, + "total_false_positives": 0 + } + ], + "32": [ + { + "found_entries": [ + { + "line_number": 97, + "secret": "sk_live_51Mv9L2KpF7hG3tZ9cRzXvWqSjU3mB2nFk5vL6xJ7iO1pE9yC", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1_5_ira_/code.txt", + "line_number": 10, + "secret": "sk_live_51Mv9L2KpF7hG3tZ9cRzXvWq", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "sk_live_51Mv9L2KpF7hG3tZ9cRzXvWqSjU3mB2nFk5vL6xJ7iO1pE9yC", + "found_secret": "sk_live_51Mv9L2KpF7hG3tZ9cRzXvWq" + }, + { + "line_number": 98, + "secret": "postgres://billing_svc_user:AgH3#kL$pQ2s!bV9@db-payments-prod.c8x4z1b2q3r.us-east-1.rds.amazonaws.com:5432/payments_db", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1_5_ira_/code.txt", + "line_number": 11, + "secret": "postgres://billing_svc_user:AgH3#kL$pQ2s!bV9@db-payments-prod.c8x4z1b2q3r.us-east-1.rds.amazonaws.com:5432/payments_db", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1_5_ira_/code.txt", + "line_number": 10, + "secret": "sk_live_51Mv9L2KpF7hG3tZ9cRzXvWqSjU3mB2nFk5vL6xJ7iO1pE9yC", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1_5_ira_/code.txt", + "line_number": 10, + "secret": "sk_live_51Mv9L2KpF7hG3tZ9cRzXvWqSjU3mB2nFk5vL6xJ7iO1pE9yC", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1_5_ira_/code.txt", + "line_number": 10, + "secret": "sk_live_51Mv9L2KpF7hG3tZ9cRzXvWqSjU3mB2nFk5vL6xJ7iO1pE9yC", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1_5_ira_/code.txt", + "line_number": 17, + "secret": "/api/v1/charge', methods=['POST", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp1_5_ira_/code.txt", + "line_number": 25, + "secret": "Charge for user ' + data.get('email", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 5 + }, + { + "found_entries": [ + { + "line_number": 34, + "secret": "AKIA4Z7P6TQ5RVN3MUEW", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpsvvjf06i/code.txt", + "line_number": 20, + "secret": "AKIA4Z7P6TQ5RVN3MUEW", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [ + { + "line_number": 35, + "secret": "j9mK0cH7pL6xJ2sV4gH9rT2pL7xJ5sK1mF3bZ8oN", + "label": "True Positive", + "expected_line": 21, + "reason": "not_detected" + } + ], + "false_positives": [], + "total_actual": 2, + "total_found": 1, + "total_missed": 1, + "total_false_positives": 0 + }, + { + "found_entries": [ + { + "line_number": 39, + "secret": "https://b4d29ca2b98e4a9e8b7c0f1e8e2b8f75@o450550.ingest.sentry.io/4505501234567890", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpnqdr9k89/code.txt", + "line_number": 11, + "secret": "https://b4d29ca2b98e4a9e8b7c0f1e8e2b8f75@o450550.ingest.sentry.io/4505501234567890", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 0 + }, + { + "found_entries": [ + { + "line_number": 127, + "secret": "d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbpx3f4s_/code.txt", + "line_number": 16, + "secret": "d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 130, + "secret": "p$qR5tU6vW7x!z#A", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbpx3f4s_/code.txt", + "line_number": 19, + "secret": "p$qR5tU6vW7x!z#A", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbpx3f4s_/code.txt", + "line_number": 7, + "secret": "github.com/go-redis/redis/v8", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbpx3f4s_/code.txt", + "line_number": 9, + "secret": "github.com/twilio/twilio-go/rest/api/v2010", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbpx3f4s_/code.txt", + "line_number": 15, + "secret": "ACf9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c4", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbpx3f4s_/code.txt", + "line_number": 15, + "secret": "ACf9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c4", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbpx3f4s_/code.txt", + "line_number": 15, + "secret": "ACf9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c4", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbpx3f4s_/code.txt", + "line_number": 18, + "secret": "redis-11234.c264.ap-south-1-1.ec2.cloud.redislabs.com:11234", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbpx3f4s_/code.txt", + "line_number": 43, + "secret": "+15558675310\", \"Your order #12345 is confirmed!", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 7 + }, + { + "found_entries": [ + { + "line_number": 16, + "secret": "Gv6mU_c7p-q9sR2wX4yZ0aB1dE3fG5hI7jK9lM8n", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp3lrqnl8u/code.txt", + "line_number": 16, + "secret": "Gv6mU_c7p-q9sR2wX4yZ0aB1dE3fG5hI7jK9lM8n", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp3lrqnl8u/code.txt", + "line_number": 16, + "secret": "Gv6mU_c7p-q9sR2wX4yZ0aB1dE3fG5hI7jK9lM8n", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp3lrqnl8u/code.txt", + "line_number": 19, + "secret": "cloudflare_zone\" \"primary_domain", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 2 + } + ], + "33": [ + { + "found_entries": [ + { + "line_number": 97, + "secret": "ACd4f8b0e7c6a5e4d3f2c1b0a9e8d7c6b5", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9ocnyly9/code.txt", + "line_number": 10, + "secret": "ACd4f8b0e7c6a5e4d3f2c1b0a9e8d7c6b5", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 98, + "secret": "5a9f3e1b7d5c8e2a1b9f4d6c7e8b9a0c", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9ocnyly9/code.txt", + "line_number": 11, + "secret": "5a9f3e1b7d5c8e2a1b9f4d6c7e8b9a0c", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 99, + "secret": "postgres://notifications_svc:3rD#kS8@pGqW7!z@pg-prod-cluster-1.rds.amazonaws.com:5432/notificationsdb", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9ocnyly9/code.txt", + "line_number": 12, + "secret": "postgres://notifications_svc:3rD#kS8@pGqW7!z@pg-prod-cluster-1.rds.amazonaws.com:5432/notificationsdb", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9ocnyly9/code.txt", + "line_number": 10, + "secret": "ACd4f8b0e7c6a5e4d3f2c1b0a9e8d7c6b5", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9ocnyly9/code.txt", + "line_number": 10, + "secret": "ACd4f8b0e7c6a5e4d3f2c1b0a9e8d7c6b5", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9ocnyly9/code.txt", + "line_number": 20, + "secret": "/api/v1/send-alert', methods=['POST", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 28, + "secret": "AKIAUZY47P56V3IWQEXN", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpdnjnevtb/code.txt", + "line_number": 14, + "secret": "AKIAUZY47P56V3IWQEXN", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 29, + "secret": "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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpdnjnevtb/code.txt", + "line_number": 15, + "secret": "pL8vGkZuJ4mR9sB7dF1aH6cE5kL0xV+yW9iO3nQz", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpdnjnevtb/code.txt", + "line_number": 14, + "secret": "AKIAUZY47P56V3IWQEXN", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpdnjnevtb/code.txt", + "line_number": 15, + "secret": "pL8vGkZuJ4mR9sB7dF1aH6cE5kL0xV+yW9iO3nQz", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpdnjnevtb/code.txt", + "line_number": 15, + "secret": "pL8vGkZuJ4mR9sB7dF1aH6cE5kL0xV+yW9iO3nQz", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 117, + "secret": "pk.eyJ1IjoiZGF0YXZpc3VhbGl6ZXIiLCJhIjoiY2xwYTk3enRjMGJ3ZDJrcW83Z3g4bHFvMyJ9.XFp9o_k9Y0jZ7lEtUa8wWg", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpv94fq8f5/code.txt", + "line_number": 6, + "secret": "pk.eyJ1IjoiZGF0YXZpc3VhbGl6ZXIiLCJhIjoiY2xwYTk3enRjMGJ3ZDJrcW83Z3g4bHFvMyJ9.XFp9o_k9Y0jZ7lEtUa8wWg", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 128, + "secret": "https://3a1b5c4d6e8f7g9a0b1c2d3e4f5a6b7c@o123456.ingest.sentry.io/7890123", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpv94fq8f5/code.txt", + "line_number": 17, + "secret": "https://3a1b5c4d6e8f7g9a0b1c2d3e4f5a6b7c@o123456.ingest.sentry.io/7890123", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpv94fq8f5/code.txt", + "line_number": 27, + "secret": "Sentry DSN not found. Error reporting is disabled.", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpv94fq8f5/code.txt", + "line_number": 30, + "secret": "Mapbox access token is missing or a placeholder.", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 2 + }, + { + "found_entries": [], + "not_found_entries": [ + { + "line_number": 39, + "secret": "dckr_pat_aJkLpM5oN8qH7wG4sF2dR1tY9cZ", + "label": "True Positive", + "expected_line": 19, + "reason": "not_detected" + }, + { + "line_number": 53, + "secret": "|\n -----BEGIN OPENSSH PRIVATE KEY-----\n b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\n NhAAAAAwEAAQAAAYEAuc/d5v6hT+dOK4aCZyGevp5A+vM2M1m7/s3qH8nC8L5a7G9b0P2t\n Y6rW1dG7w8Z5Z0u3e6V7h9F8j4k2aG6b8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u7\n v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c9d0\n e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u7v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0k1l2m\n 3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u\n 7v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c\n 9d0e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u7v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0\n k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3\n -----END OPENSSH PRIVATE KEY-----", + "label": "True Positive", + "expected_line": 33, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpsewa22r1/code.txt", + "line_number": 34, + "secret": "BEGIN OPENSSH PRIVATE KEY", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 0, + "total_missed": 2, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 7, + "secret": "jdbc:mysql://prod-db-master.cw7fkl2g3h9e.us-west-2.rds.amazonaws.com:3306/webappdb?autoReconnect=true&useSSL=false", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbk84jpio/code.txt", + "line_number": 7, + "secret": "jdbc:mysql://prod-db-master.cw7fkl2g3h9e.us-west-2.rds.amazonaws.com:3306/webappdb?autoReconnect=true&useSSL=false", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 9, + "secret": "dJ^8g$Pq5#sT@9!rW&zK", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbk84jpio/code.txt", + "line_number": 9, + "secret": "dJ^8g$Pq5#sT@9!rW&zK", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 19, + "secret": "fG4hJ7kL9mN2pQ5rS8uVzX3zA6bC9dE1", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbk84jpio/code.txt", + "line_number": 19, + "secret": "fG4hJ7kL9mN2pQ5rS8uVzX3zA6bC9dE1", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 26, + "secret": "SG.kE9yT8RzQ5aW7oP3iL1uVw.bF6gH2sC4jK8mN5pS9uX1yZ3_vE7wA8qD0rO", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbk84jpio/code.txt", + "line_number": 26, + "secret": "SG.kE9yT8RzQ5aW7oP3iL1uVw.bF6gH2sC4jK8mN5pS9uX1yZ3_vE7wA8qD0rO", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbk84jpio/code.txt", + "line_number": 9, + "secret": "dJ^8g$Pq5#sT@9!rW&zK", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbk84jpio/code.txt", + "line_number": 17, + "secret": "prod-redis-cache.a1b2c3.0001.usw2.cache.amazonaws.com", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbk84jpio/code.txt", + "line_number": 19, + "secret": "fG4hJ7kL9mN2pQ5rS8uVzX3zA6bC9dE1", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbk84jpio/code.txt", + "line_number": 19, + "secret": "fG4hJ7kL9mN2pQ5rS8uVzX3zA6bC9dE1", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 4, + "total_found": 4, + "total_missed": 0, + "total_false_positives": 4 + } + ], + "34": [ + { + "found_entries": [ + { + "line_number": 86, + "secret": "https://8f3a3a9a2c1b4e3e8f9a9a3b1a2c3d4e@o123456.ingest.sentry.io/789012", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp2mp9_vb0/code.txt", + "line_number": 9, + "secret": "https://8f3a3a9a2c1b4e3e8f9a9a3b1a2c3d4e@o123456.ingest.sentry.io/789012", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 94, + "secret": "postgres://reports_user:F#9kL$pQ2s!jW@db-reports.prod.internal:5432/reporting_main", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp2mp9_vb0/code.txt", + "line_number": 17, + "secret": "postgres://reports_user:F#9kL$pQ2s!jW@db-reports.prod.internal:5432/reporting_main", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 0 + }, + { + "found_entries": [ + { + "line_number": 58, + "secret": "AKIA4WM7G3QZL5PJU7YF", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpehljpeo9/code.txt", + "line_number": 17, + "secret": "AKIA4WM7G3QZL5PJU7YF", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 77, + "secret": "https://hooks.slack.com/services/T00ABCD1EFG/B00HIJK5LMN/aBcDeFgHiJkLmNoPqRsTuVwXyZ", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpehljpeo9/code.txt", + "line_number": 36, + "secret": "Content-type: application/json' --data '{\"text\":\"Staging deployment successful!\"}", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "https://hooks.slack.com/services/T00ABCD1EFG/B00HIJK5LMN/aBcDeFgHiJkLmNoPqRsTuVwXyZ", + "found_secret": "Content-type: application/json' --data '{\"text\":\"Staging deployment successful!\"}" + } + ], + "not_found_entries": [ + { + "line_number": 59, + "secret": "s3K9jLp7XqR4sVwYyB1zD3fG5hJ8kM0nO2pQ4rS7", + "label": "True Positive", + "expected_line": 18, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpehljpeo9/code.txt", + "line_number": 36, + "secret": "https://hooks.slack.com/services/T00ABCD1EFG/B00HIJK5LMN/aBcDeFgHiJkLmNoPqRsTuVwXyZ", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 2, + "total_missed": 1, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 29, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7nD5oP6tF4gH3iJ2kL1mN0oPqRsTuVwWzXyZ", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp3w1_9ypo/code.txt", + "line_number": 19, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWq", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7nD5oP6tF4gH3iJ2kL1mN0oPqRsTuVwWzXyZ", + "found_secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWq" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp3w1_9ypo/code.txt", + "line_number": 19, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7nD5oP6tF4gH3iJ2kL1mN0oPqRsTuVwWzXyZ", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp3w1_9ypo/code.txt", + "line_number": 19, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7nD5oP6tF4gH3iJ2kL1mN0oPqRsTuVwWzXyZ", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp3w1_9ypo/code.txt", + "line_number": 19, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7nD5oP6tF4gH3iJ2kL1mN0oPqRsTuVwWzXyZ", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 125, + "secret": "-----BEGIN PRIVATE KEY-----\\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6lRjV7pX+Z8bAdhQ6Y8y1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkKlMnOpQrStUvWxYzAbCdEfgH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEf1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK2qj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK/wEAAQKCAQEAy1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEf1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK2qj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkKf7g8h9iAjJkK2qj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK/wEAAoIBAQC6lRjV7pX+Z8bAdhQ6Y8y1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEf1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK2qj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK/w==\\n-----END PRIVATE KEY-----", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvyi9049j/code.txt", + "line_number": 11, + "secret": "BEGIN PRIVATE KEY", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "-----BEGIN PRIVATE KEY-----\\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6lRjV7pX+Z8bAdhQ6Y8y1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkKlMnOpQrStUvWxYzAbCdEfgH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEf1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK2qj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK/wEAAQKCAQEAy1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEf1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK2qj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkKf7g8h9iAjJkK2qj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK/wEAAoIBAQC6lRjV7pX+Z8bAdhQ6Y8y1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEf1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK2qj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK/w==\\n-----END PRIVATE KEY-----", + "found_secret": "BEGIN PRIVATE KEY" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvyi9049j/code.txt", + "line_number": 9, + "secret": "project_id\": \"gcp-project-analytics-prod", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvyi9049j/code.txt", + "line_number": 10, + "secret": "private_key_id\": \"6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvyi9049j/code.txt", + "line_number": 11, + "secret": "private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6lRjV7pX+Z8bA\\ndhQ6Y8y1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkKlMnOpQrStUvWxYzAbCdEf\\ngH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEf1yqj9e2N6w8k3\\nJ4a3B2c1d5e6f7g8h9iAjJkK2qj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK/wEA\\nAQKCAQEAy1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkKlMnOpQrStUvWxYzAbC\\ndEfH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQr\\nStUvWxYzAbCdEf1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK2qj9e2N6w8k3\\nJ4a3B2c1d5e6f7g8h9iAjJkKf7g8h9iAjJkK2qj9e2N6w8k3J4a3B2c1d5e6f7g8\\nh9iAjJkK/wEAAoIBAQC6lRjV7pX+Z8bAdhQ6Y8y1yqj9e2N6w8k3J4a3B2c1d5e6\\nf7g8h9iAjJkKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEfH2jKlM\\nnOpQrStUvWxYzAbCdEf1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK2qj9e2N6\\nw8k3J4a3B2c1d5e6f7g8h9iAjJkK/w==\\n-----END PRIVATE KEY-----\\n", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvyi9049j/code.txt", + "line_number": 12, + "secret": "client_email\": \"terraform-runner@gcp-project-analytics-prod.iam.gserviceaccount.com", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvyi9049j/code.txt", + "line_number": 13, + "secret": "client_id\": \"109876543210987654321", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvyi9049j/code.txt", + "line_number": 14, + "secret": "auth_uri\": \"https://accounts.google.com/o/oauth2/auth", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvyi9049j/code.txt", + "line_number": 15, + "secret": "token_uri\": \"https://oauth2.googleapis.com/token", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvyi9049j/code.txt", + "line_number": 16, + "secret": "auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvyi9049j/code.txt", + "line_number": 17, + "secret": "client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/terraform-runner%40gcp-project-analytics-prod.iam.gserviceaccount.com", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvyi9049j/code.txt", + "line_number": 23, + "secret": "prod-static-assets-bucket-987654321", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 10 + }, + { + "found_entries": [ + { + "line_number": 209, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlQGFwaS5jb20iLCJhdWQiOiJtb2JpbGUiLCJleHAiOjE3MzU2ODk2MDB9.i8XyC2FpHj9nK5VzJ7wR8bO4L6eG0pN9sT1vA3D2ZqY", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpzhey5ogy/code.txt", + "line_number": 9, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlQGFwaS5jb20iLCJhdWQiOiJtb2JpbGUiLCJleHAiOjE3MzU2ODk2MDB9.i8XyC2FpHj9nK5VzJ7wR8bO4L6eG0pN9sT1vA3D2ZqY", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 217, + "secret": "prod_a1b2c3d4e5f678901234567890abcdef12", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpzhey5ogy/code.txt", + "line_number": 17, + "secret": "X-API-KEY': 'prod_a1b2c3d4e5f678901234567890abcdef12", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "prod_a1b2c3d4e5f678901234567890abcdef12", + "found_secret": "X-API-KEY': 'prod_a1b2c3d4e5f678901234567890abcdef12" + } + ], + "not_found_entries": [ + { + "line_number": 234, + "secret": "prod_a1b2c3d4e5f678901234567890abcdef12", + "label": "True Positive", + "expected_line": 34, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpzhey5ogy/code.txt", + "line_number": 9, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlQGFwaS5jb20iLCJhdWQiOiJtb2JpbGUiLCJleHAiOjE3MzU2ODk2MDB9.", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpzhey5ogy/code.txt", + "line_number": 15, + "secret": "Content-Type': 'application/json", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpzhey5ogy/code.txt", + "line_number": 16, + "secret": "Authorization': 'Bearer $authToken", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 2, + "total_missed": 1, + "total_false_positives": 3 + } + ], + "35": [ + { + "found_entries": [ + { + "line_number": 105, + "secret": "postgresql://warehouse_svc:vF9@p#Z&rT7s!q@db-prod-@eu-west-1.rds.amazonaws.com:5432/analytics_data_prod", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpep9c9517/code.txt", + "line_number": 18, + "secret": "vF9", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "postgresql://warehouse_svc:vF9@p#Z&rT7s!q@db-prod-@eu-west-1.rds.amazonaws.com:5432/analytics_data_prod", + "found_secret": "vF9" + }, + { + "line_number": 113, + "secret": "sk_live_51Kk0L2ApB8fG1tY9lEwJbNc5ZgHqR6vY7kO4sT3uF1gA2iXvMn9cRzXvWqSjU3mB", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpep9c9517/code.txt", + "line_number": 26, + "secret": "sk_live_51Kk0L2ApB8fG1tY9lEwJbNc", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "sk_live_51Kk0L2ApB8fG1tY9lEwJbNc5ZgHqR6vY7kO4sT3uF1gA2iXvMn9cRzXvWqSjU3mB", + "found_secret": "sk_live_51Kk0L2ApB8fG1tY9lEwJbNc" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpep9c9517/code.txt", + "line_number": 18, + "secret": "postgresql://warehouse_svc:vF9@p#Z&rT7s!q@db-prod-_eu-west-1.rds.amazonaws.com:5432/analytics_data_prod", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpep9c9517/code.txt", + "line_number": 22, + "secret": "prod-redis-cache.mxf8e3.ng.0001.euw1.cache.amazonaws.com", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpep9c9517/code.txt", + "line_number": 26, + "secret": "sk_live_51Kk0L2ApB8fG1tY9lEwJbNc5ZgHqR6vY7kO4sT3uF1gA2iXvMn9cRzXvWqSjU3mB", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpep9c9517/code.txt", + "line_number": 26, + "secret": "sk_live_51Kk0L2ApB8fG1tY9lEwJbNc5ZgHqR6vY7kO4sT3uF1gA2iXvMn9cRzXvWqSjU3mB", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpep9c9517/code.txt", + "line_number": 26, + "secret": "sk_live_51Kk0L2ApB8fG1tY9lEwJbNc5ZgHqR6vY7kO4sT3uF1gA2iXvMn9cRzXvWqSjU3mB", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpep9c9517/code.txt", + "line_number": 29, + "secret": "\"\"Development specific configurations.\"\"", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 6 + }, + { + "found_entries": [ + { + "line_number": 50, + "secret": "{\"type\": \"service_account\",\"project_id\": \"zeta-project-345\",\"private_key_id\": \"a9c12b4f67890123d4e5f6a7b8c9d0e1f2a3b4c5\",\"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANb9g2cO5oXQfIuI\\nE5s6f8tG7b7c2bF1e5D6bY8g9f7c1m4d...\\n-----END PRIVATE KEY-----\\n\",\"client_email\": \"terraform-runner@zeta-project-345.iam.gserviceaccount.com\",\"client_id\": \"112233445566778899001\",\"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\"token_uri\": \"https://oauth2.googleapis.com/token\",\"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/terraform-runner%40zeta-project-345.iam.gserviceaccount.com\"}", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmphiarwxmj/code.txt", + "line_number": 18, + "secret": "BEGIN PRIVATE KEY", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "{\"type\": \"service_account\",\"project_id\": \"zeta-project-345\",\"private_key_id\": \"a9c12b4f67890123d4e5f6a7b8c9d0e1f2a3b4c5\",\"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANb9g2cO5oXQfIuI\\nE5s6f8tG7b7c2bF1e5D6bY8g9f7c1m4d...\\n-----END PRIVATE KEY-----\\n\",\"client_email\": \"terraform-runner@zeta-project-345.iam.gserviceaccount.com\",\"client_id\": \"112233445566778899001\",\"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\"token_uri\": \"https://oauth2.googleapis.com/token\",\"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/terraform-runner%40zeta-project-345.iam.gserviceaccount.com\"}", + "found_secret": "BEGIN PRIVATE KEY" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmphiarwxmj/code.txt", + "line_number": 28, + "secret": "google_compute_firewall\" \"allow_ssh", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 129, + "secret": "mongodb+srv://admin_orders:zR8gP2$LqW#k@prod-cluster-0.a1b2c.mongodb.net/ecom_orders?retryWrites=true&w=majority", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpldk_6099/code.txt", + "line_number": 16, + "secret": "mongodb+srv://admin_orders:zR8gP2$LqW#k@prod-cluster-0.a1b2c.mongodb.net/ecom_orders?retryWrites=true&w=majority", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 141, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLXNlcnZpY2UiLCJzdWIiOiJzZXJ2aWNlLWFjY291bnQtb3JkZXJzIiwiaWF0IjoxNjE2MjM5MDIyLCJleHAiOjE3NzE5MjcwMDAsImF1ZCI6ImludGVybmFsLWFwaSJ9.fU4fL8yH3aQOoCxJ6V_kFpWkSgRzVjZ_qB9pWjDxYlA", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpldk_6099/code.txt", + "line_number": 28, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLXNlcnZpY2UiLCJzdWIiOiJzZXJ2aWNlLWFjY291bnQtb3JkZXJzIiwiaWF0IjoxNjE2MjM5MDIyLCJleHAiOjE3NzE5MjcwMDAsImF1ZCI6ImludGVybmFsLWFwaSJ9.fU4fL8yH3aQOoCxJ6V_kFpWkSgRzVjZ_qB9pWjDxYlA", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpldk_6099/code.txt", + "line_number": 28, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLXNlcnZpY2UiLCJzdWIiOiJzZXJ2aWNlLWFjY291bnQtb3JkZXJzIiwiaWF0IjoxNjE2MjM5MDIyLCJleHAiOjE3NzE5MjcwMDAsImF1ZCI6ImludGVybmFsLWFwaSJ9.", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 75, + "secret": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAYEA1H5s2b9r8fH8P2Z7g3d4s5v7t8w9A6B2C4E6fGgHhJkL1M3N5... \n...base64 encoded private key data... \nG3hJkL1M3N5n9p0q2r4s6t8v9w0x2y3z5A7B9C1D3F5H7J9L1N3P5R7T9V1X3Z5B7D9F1H\n-----END OPENSSH PRIVATE KEY-----", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpj0y0vi24/code.txt", + "line_number": 31, + "secret": "BEGIN OPENSSH PRIVATE KEY", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAYEA1H5s2b9r8fH8P2Z7g3d4s5v7t8w9A6B2C4E6fGgHhJkL1M3N5... \n...base64 encoded private key data... \nG3hJkL1M3N5n9p0q2r4s6t8v9w0x2y3z5A7B9C1D3F5H7J9L1N3P5R7T9V1X3Z5B7D9F1H\n-----END OPENSSH PRIVATE KEY-----", + "found_secret": "BEGIN OPENSSH PRIVATE KEY" + }, + { + "line_number": 90, + "secret": "https://hooks.slack.com/services/T00ABCDEF/B00GHIJKL/mN7pQ8rS6tU5vW4xY3z2A1B0", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpj0y0vi24/code.txt", + "line_number": 46, + "secret": "Content-type: application/json' --data '{\"text\":\"Staging deployment succeeded!\"}", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "https://hooks.slack.com/services/T00ABCDEF/B00GHIJKL/mN7pQ8rS6tU5vW4xY3z2A1B0", + "found_secret": "Content-type: application/json' --data '{\"text\":\"Staging deployment succeeded!\"}" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpj0y0vi24/code.txt", + "line_number": 46, + "secret": "https://hooks.slack.com/services/T00ABCDEF/B00GHIJKL/mN7pQ8rS6tU5vW4xY3z2A1B0", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 214, + "secret": "Server=tcp:user-db-server.database.windows.net,1433;Initial Catalog=UserProfiles;Persist Security Info=False;User ID=db_admin_svc;Password={9aB!cDeFgH2iJkLmN};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5fi58mf7/code.txt", + "line_number": 14, + "secret": "Server=tcp:user-db-server.database.windows.net,1433;Initial Catalog=UserProfiles;Persist Security Info=False;User ID=db_admin_svc;Password={9aB!cDeFgH2iJkLmN};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 238, + "secret": "a4b1c8d7e2f5g3h9i0j6k4l2m1n0o7p3", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5fi58mf7/code.txt", + "line_number": 38, + "secret": "a4b1c8d7e2f5g3h9i0j6k4l2m1n0o7p3", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5fi58mf7/code.txt", + "line_number": 22, + "secret": "SELECT * FROM UserProfiles WHERE UserId = @UserId", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5fi58mf7/code.txt", + "line_number": 38, + "secret": "a4b1c8d7e2f5g3h9i0j6k4l2m1n0o7p3", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 2 + } + ], + "36": [ + { + "found_entries": [ + { + "line_number": 97, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpuzumceq3/code.txt", + "line_number": 10, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 98, + "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpuzumceq3/code.txt", + "line_number": 11, + "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpuzumceq3/code.txt", + "line_number": 7, + "secret": "\"\"Processes inventory update files from S3 and updates DynamoDB.\"\"", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpuzumceq3/code.txt", + "line_number": 11, + "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpuzumceq3/code.txt", + "line_number": 11, + "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpuzumceq3/code.txt", + "line_number": 11, + "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 4 + }, + { + "found_entries": [ + { + "line_number": 53, + "secret": "atJztmoFXGQz5k.atlasv1.gJvF8sRgDWf24zW2bF6Y8cK9tV1pL5qN7hB3xZ0mA4uC7iO6eP1sR2tG0sY3bI1aE2w", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpg91xva6r/code.txt", + "line_number": 12, + "secret": "atJztmoFXGQz5k.atlasv1.gJvF8sRgDWf24zW2bF6Y8cK9tV1pL5qN7hB3xZ0mA4uC7iO6eP1sR2tG0sY3bI1aE2w", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 0 + }, + { + "found_entries": [ + { + "line_number": 33, + "secret": "dckr_pat_1VzJ8h_L9KqR7sW3tX5yGZbN0c", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpqisyot1y/code.txt", + "line_number": 19, + "secret": "dckr_pat_1VzJ8h_L9KqR7sW3tX5yGZbN0c", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 44, + "secret": "sqp_8d4e9c3e2f5b1a0a3b8c6d7e5f0a2b3c4d5e6f7a", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpqisyot1y/code.txt", + "line_number": 30, + "secret": "sqp_8d4e9c3e2f5b1a0a3b8c6d7e5f0a2b3c4d5e6f7a", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [ + { + "line_number": 32, + "secret": "autobuilder-acme", + "label": "True Positive", + "expected_line": 18, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpqisyot1y/code.txt", + "line_number": 19, + "secret": "dckr_pat_1VzJ8h_L9KqR7sW3tX5yGZbN0c", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpqisyot1y/code.txt", + "line_number": 19, + "secret": "dckr_pat_1VzJ8h_L9KqR7sW3tX5yGZbN0c", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 2, + "total_missed": 1, + "total_false_positives": 2 + }, + { + "found_entries": [ + { + "line_number": 27, + "secret": "https://a4d9aa8c6e3b4a2ab9b8b3b8c3d9aa3c@o123456.ingest.sentry.io/789012", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpsu8gflfs/code.txt", + "line_number": 7, + "secret": "https://a4d9aa8c6e3b4a2ab9b8b3b8c3d9aa3c@o123456.ingest.sentry.io/789012", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 31, + "secret": "pk.eyJ1IjoibXl1c2VybmFtZTEyMyIsImEiOiJjazg3ZzA2ZWgwYXQyM21wZHRpZTI1a2QzIn0.nB9m_gZ2vXl0qY5uP3r7Ww", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpsu8gflfs/code.txt", + "line_number": 11, + "secret": "pk.eyJ1IjoibXl1c2VybmFtZTEyMyIsImEiOiJjazg3ZzA2ZWgwYXQyM21wZHRpZTI1a2QzIn0.nB9m_gZ2vXl0qY5uP3r7Ww", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 0 + }, + { + "found_entries": [ + { + "line_number": 124, + "secret": "postgres://prod_svc_user:Ag^9!z$K4mPQ@db-prod-cluster-1.c8xyzqrstuvw.us-west-2.rds.amazonaws.com:5432/orders_db", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpqanavmuy/code.txt", + "line_number": 13, + "secret": "postgres://prod_svc_user:Ag^9!z$K4mPQ@db-prod-cluster-1.c8xyzqrstuvw.us-west-2.rds.amazonaws.com:5432/orders_db", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpqanavmuy/code.txt", + "line_number": 20, + "secret": "prepStmtCacheSize\", \"250", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpqanavmuy/code.txt", + "line_number": 21, + "secret": "prepStmtCacheSqlLimit\", \"2048", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 2 + } + ], + "37": [ + { + "found_entries": [ + { + "line_number": 121, + "secret": "AKIAU4T5KR53QUZ6R3P7", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmphpwlwkgw/code.txt", + "line_number": 7, + "secret": "AKIAU4T5KR53QUZ6R3P7", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 122, + "secret": "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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmphpwlwkgw/code.txt", + "line_number": 8, + "secret": "aws_secret_access_key': '0jM/pG+fT2rV8sL4kH9aC1wX7yZ0bN5eQ3iU6dK+", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "0jM/pG+fT2rV8sL4kH9aC1wX7yZ0bN5eQ3iU6dK+", + "found_secret": "aws_secret_access_key': '0jM/pG+fT2rV8sL4kH9aC1wX7yZ0bN5eQ3iU6dK+" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmphpwlwkgw/code.txt", + "line_number": 7, + "secret": "aws_access_key_id': 'AKIAU4T5KR53QUZ6R3P7", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmphpwlwkgw/code.txt", + "line_number": 8, + "secret": "0jM/pG+fT2rV8sL4kH9aC1wX7yZ0bN5eQ3iU6dK+", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmphpwlwkgw/code.txt", + "line_number": 8, + "secret": "0jM/pG+fT2rV8sL4kH9aC1wX7yZ0bN5eQ3iU6dK+", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmphpwlwkgw/code.txt", + "line_number": 8, + "secret": "0jM/pG+fT2rV8sL4kH9aC1wX7yZ0bN5eQ3iU6dK+", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmphpwlwkgw/code.txt", + "line_number": 13, + "secret": "\"\"Downloads a file from an S3 bucket.\"\"", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmphpwlwkgw/code.txt", + "line_number": 22, + "secret": "'{object_name}' downloaded to '{file_name}' successfully.", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmphpwlwkgw/code.txt", + "line_number": 33, + "secret": "corp-billing-docs-prod', 'invoices/2023-11.pdf", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 7 + }, + { + "found_entries": [ + { + "line_number": 59, + "secret": "glpat-sBv3yZ8xWq9kLpGfJ1cR", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpi6_o7s97/code.txt", + "line_number": 18, + "secret": "glpat", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "glpat-sBv3yZ8xWq9kLpGfJ1cR", + "found_secret": "glpat" + }, + { + "line_number": 72, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRsYWIuY29tIiwic3ViIjoiZGVwbG95LXVzZXIiLCJhdWQiOiJkZXBsb3ltZW50LXNlcnZpY2UiLCJpYXQiOjE2NzI1MzEyMDAsImV4cCI6MTcwNDA2NzIwMH0.uLp-J7aBf8tYgPz3tQ9kRwN6eV0bV1zHhJ5aF4gC2sE", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpi6_o7s97/code.txt", + "line_number": 31, + "secret": "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRsYWIuY29tIiwic3ViIjoiZGVwbG95LXVzZXIiLCJhdWQiOiJkZXBsb3ltZW50LXNlcnZpY2UiLCJpYXQiOjE2NzI1MzEyMDAsImV4cCI6MTcwNDA2NzIwMH0.uLp-J7aBf8tYgPz3tQ9kRwN6eV0bV1zHhJ5aF4gC2sE", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRsYWIuY29tIiwic3ViIjoiZGVwbG95LXVzZXIiLCJhdWQiOiJkZXBsb3ltZW50LXNlcnZpY2UiLCJpYXQiOjE2NzI1MzEyMDAsImV4cCI6MTcwNDA2NzIwMH0.uLp-J7aBf8tYgPz3tQ9kRwN6eV0bV1zHhJ5aF4gC2sE", + "found_secret": "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRsYWIuY29tIiwic3ViIjoiZGVwbG95LXVzZXIiLCJhdWQiOiJkZXBsb3ltZW50LXNlcnZpY2UiLCJpYXQiOjE2NzI1MzEyMDAsImV4cCI6MTcwNDA2NzIwMH0.uLp-J7aBf8tYgPz3tQ9kRwN6eV0bV1zHhJ5aF4gC2sE" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpi6_o7s97/code.txt", + "line_number": 18, + "secret": "glpat-sBv3yZ8xWq9kLpGfJ1cR", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpi6_o7s97/code.txt", + "line_number": 18, + "secret": "glpat-sBv3yZ8xWq9kLpGfJ1cR", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpi6_o7s97/code.txt", + "line_number": 29, + "secret": "Triggering deployment webhook...", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpi6_o7s97/code.txt", + "line_number": 31, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRsYWIuY29tIiwic3ViIjoiZGVwbG95LXVzZXIiLCJhdWQiOiJkZXBsb3ltZW50LXNlcnZpY2UiLCJpYXQiOjE2NzI1MzEyMDAsImV4cCI6MTcwNDA2NzIwMH0.", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 4 + }, + { + "found_entries": [ + { + "line_number": 44, + "secret": "postgres://analytics_svc:3#fG&pW9qJ@pg-reporting-cluster.eu-west-1.internal:5432/telemetry_data", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9rotip84/code.txt", + "line_number": 17, + "secret": "postgres://analytics_svc:3#fG&pW9qJ@pg-reporting-cluster.eu-west-1.internal:5432/telemetry_data", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 0 + }, + { + "found_entries": [ + { + "line_number": 104, + "secret": "7f1e03c46a67285a8f8b9d0e1f2a3b4c", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpsr6af4r1/code.txt", + "line_number": 4, + "secret": "7f1e03c46a67285a8f8b9d0e1f2a3b4c", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 105, + "secret": "98ac7f0e1d2c3b4a567f890e1d23b45a67c8d9e0", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpsr6af4r1/code.txt", + "line_number": 5, + "secret": "98ac7f0e1d2c3b4a567f890e1d23b45a67c8d9e0", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpsr6af4r1/code.txt", + "line_number": 4, + "secret": "7f1e03c46a67285a8f8b9d0e1f2a3b4c", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpsr6af4r1/code.txt", + "line_number": 9, + "secret": "[Critical] High CPU Load on Production Cluster", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpsr6af4r1/code.txt", + "line_number": 11, + "secret": "CPU load is over 90% on average. @ops-team please investigate. {{host.name}}", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpsr6af4r1/code.txt", + "line_number": 12, + "secret": "The high CPU issue has not been resolved. Escalating to @oncall-SRE.", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpsr6af4r1/code.txt", + "line_number": 14, + "secret": "avg(last_5m):avg:system.cpu.user{environment:prod} > 90", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpsr6af4r1/code.txt", + "line_number": 24, + "secret": "service:core-api\", \"env:prod\", \"severity:critical", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpsr6af4r1/code.txt", + "line_number": 27, + "secret": "datadog_monitor\" \"low_disk_space", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpsr6af4r1/code.txt", + "line_number": 30, + "secret": "avg(last_15m):avg:system.disk.in_use{role:database} > 0.85", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpsr6af4r1/code.txt", + "line_number": 31, + "secret": "Disk space is running low on a database node. @db-admins", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 9 + }, + { + "found_entries": [ + { + "line_number": 75, + "secret": "https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o123456.ingest.sentry.io/9876543", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmps2b2q6x8/code.txt", + "line_number": 21, + "secret": "https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o123456.ingest.sentry.io/9876543", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 79, + "secret": "AIzaSyD9ZvG8hJqKp2sL6wF4xR3tU_0mIoC5bE7", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmps2b2q6x8/code.txt", + "line_number": 25, + "secret": "AIzaSyD9ZvG8hJqKp2sL6wF4xR3tU_0mIoC5bE7", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmps2b2q6x8/code.txt", + "line_number": 5, + "secret": "development' | 'staging' | 'production", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmps2b2q6x8/code.txt", + "line_number": 25, + "secret": "AIzaSyD9ZvG8hJqKp2sL6wF4xR3tU_0mIoC5bE7", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmps2b2q6x8/code.txt", + "line_number": 25, + "secret": "AIzaSyD9ZvG8hJqKp2sL6wF4xR3tU_0mIoC5bE7", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmps2b2q6x8/code.txt", + "line_number": 36, + "secret": "Third-party services configured for environment:", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 4 + } + ], + "38": [ + { + "found_entries": [ + { + "line_number": 100, + "secret": "AKIA4Z7HFV563JLXPMQO", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpp1z4x3c2/code.txt", + "line_number": 13, + "secret": "AKIA4Z7HFV563JLXPMQO", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 101, + "secret": "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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpp1z4x3c2/code.txt", + "line_number": 14, + "secret": "JcKl8f/N+sWq0Yt3mZpXgBv7hR2dF9gU1aE5xH4i", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 102, + "secret": "FQoGZXIvYXdzEI///////////wEaDBpqrST2zPXCR+x5IirEA7cW9fB8E8jQkZ6I+9aC4sWxR7eK4uD6Z2mR/7vY5rWw8SzAoN0c9FgT", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpp1z4x3c2/code.txt", + "line_number": 15, + "secret": "FQoGZXIvYXdzEI///////////wEaDBpqrST2zPXCR+x5IirEA7cW9fB8E8jQkZ6I+9aC4sWxR7eK4uD6Z2mR/7vY5rWw8SzAoN0c9FgT", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpp1z4x3c2/code.txt", + "line_number": 8, + "secret": "\"\"Initializes and returns an S3 client using hardcoded temporary credentials.\"\"", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpp1z4x3c2/code.txt", + "line_number": 14, + "secret": "JcKl8f/N+sWq0Yt3mZpXgBv7hR2dF9gU1aE5xH4i", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpp1z4x3c2/code.txt", + "line_number": 14, + "secret": "JcKl8f/N+sWq0Yt3mZpXgBv7hR2dF9gU1aE5xH4i", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpp1z4x3c2/code.txt", + "line_number": 14, + "secret": "JcKl8f/N+sWq0Yt3mZpXgBv7hR2dF9gU1aE5xH4i", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpp1z4x3c2/code.txt", + "line_number": 15, + "secret": "FQoGZXIvYXdzEI///////////wEaDBpqrST2zPXCR+x5IirEA7cW9fB8E8jQkZ6I+9aC4sWxR7eK4uD6Z2mR/7vY5rWw8SzAoN0c9FgT", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpp1z4x3c2/code.txt", + "line_number": 23, + "secret": "\"\"Lists all buckets using the provided S3 client.\"\"", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 6 + }, + { + "found_entries": [ + { + "line_number": 47, + "secret": "e9a8f7c6d5b4a392817f0e9d8c7b6a54", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp95yobw40/code.txt", + "line_number": 15, + "secret": "e9a8f7c6d5b4a392817f0e9d8c7b6a54", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 48, + "secret": "8b1fec305a4d9b6e8a7f9d0c2e3b4a591e6f7d8c", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp95yobw40/code.txt", + "line_number": 16, + "secret": "8b1fec305a4d9b6e8a7f9d0c2e3b4a591e6f7d8c", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp95yobw40/code.txt", + "line_number": 15, + "secret": "e9a8f7c6d5b4a392817f0e9d8c7b6a54", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp95yobw40/code.txt", + "line_number": 21, + "secret": "High CPU Load on web-backend hosts", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp95yobw40/code.txt", + "line_number": 23, + "secret": "CPU load is high on {{host.name}}. @slack-channel-alerts", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp95yobw40/code.txt", + "line_number": 24, + "secret": "CPU load has been high for 15 minutes. Paging @on-call.", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp95yobw40/code.txt", + "line_number": 26, + "secret": "avg(last_5m):avg:system.cpu.user{environment:production,service:web-backend} > 80", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp95yobw40/code.txt", + "line_number": 33, + "secret": "service:web-backend\", \"prod\", \"terraform", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 6 + }, + { + "found_entries": [ + { + "line_number": 30, + "secret": "dckr_pat_gHj8LpQ2sWzK4vB7nC1xR9yT6fU3aE5d", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp0w42wi8x/code.txt", + "line_number": 23, + "secret": "dckr_pat_gHj8LpQ2sWzK4vB7nC1xR9yT6fU3aE5d", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 49, + "secret": "sqp_9e8d7c6b5a4f3e2d1c0b9a8f7e6d5c4b3a2d1e0f", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp0w42wi8x/code.txt", + "line_number": 42, + "secret": "sqp_9e8d7c6b5a4f3e2d1c0b9a8f7e6d5c4b3a2d1e0f", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [ + { + "line_number": 29, + "secret": "devops_deploy_bot", + "label": "True Positive", + "expected_line": 22, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp0w42wi8x/code.txt", + "line_number": 23, + "secret": "dckr_pat_gHj8LpQ2sWzK4vB7nC1xR9yT6fU3aE5d", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp0w42wi8x/code.txt", + "line_number": 23, + "secret": "dckr_pat_gHj8LpQ2sWzK4vB7nC1xR9yT6fU3aE5d", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp0w42wi8x/code.txt", + "line_number": 43, + "secret": "https://sonarqube.internal.acme.com", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 2, + "total_missed": 1, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 64, + "secret": "pk.eyJ1IjoibWFwZGVzaWduZXI4OCIsImEiOiJjbHJwaGR3ajAwMWR4MmtwOGVncjl5dWNpIn0.eFTpL6vj-57Bq2nTOs2KjQ", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp7famgwsr/code.txt", + "line_number": 7, + "secret": "pk.eyJ1IjoibWFwZGVzaWduZXI4OCIsImEiOiJjbHJwaGR3ajAwMWR4MmtwOGVncjl5dWNpIn0.eFTpL6vj-57Bq2nTOs2KjQ", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 0 + }, + { + "found_entries": [ + { + "line_number": 32, + "secret": "postgres://billing_svc_user:D4fG#kS$q9!zL@pg-prod-us-east-1.c8zqg7rf1vkm.rds.amazonaws.com:5432/billing_prod?sslmode=require", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpn7cywgue/code.txt", + "line_number": 18, + "secret": "postgres://billing_svc_user:D4fG#kS$q9!zL@pg-prod-us-east-1.c8zqg7rf1vkm.rds.amazonaws.com:5432/billing_prod?sslmode=require", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpn7cywgue/code.txt", + "line_number": 40, + "secret": "Database connection is not initialized. Call InitDB() first.", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 1 + } + ], + "39": [ + { + "found_entries": [ + { + "line_number": 108, + "secret": "postgres://api_usr:aB$9fG!wP4@db-prod.us-east-1.rds.amazonaws.com:5432/users_v2", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpdffezmga/code.txt", + "line_number": 21, + "secret": "postgres://api_usr:aB$9fG!wP4@db-prod.us-east-1.rds.amazonaws.com:5432/users_v2", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 110, + "secret": "8k@zP!qR7sT&uV*xY$zE#A%D*G-J", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpdffezmga/code.txt", + "line_number": 23, + "secret": "8k@zP!qR7sT&uV*xY$zE#A%D*G-J", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpdffezmga/code.txt", + "line_number": 23, + "secret": "8k@zP!qR7sT&uV*xY$zE#A%D*G-J", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 17, + "secret": "AKIA4ZUXFGY736J2L5PQ", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpxnsqnd3n/code.txt", + "line_number": 17, + "secret": "AKIA4ZUXFGY736J2L5PQ", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 33, + "secret": "https://hooks.slack.com/services/T01B2C3D4E5/B6F7G8H9I0J/aBcDeFgHiJkLmNoPqRsTuVwX", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpxnsqnd3n/code.txt", + "line_number": 33, + "secret": "https://hooks.slack.com/services/T01B2C3D4E5/B6F7G8H9I0J/aBcDeFgHiJkLmNoPqRsTuVwX", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 38, + "secret": "https://hooks.slack.com/services/T01B2C3D4E5/B6F7G8H9I0J/aBcDeFgHiJkLmNoPqRsTuVwX", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpxnsqnd3n/code.txt", + "line_number": 38, + "secret": "Content-type: application/json' --data '{\"text\":\"Deployment failed! Check the logs.\"}", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "https://hooks.slack.com/services/T01B2C3D4E5/B6F7G8H9I0J/aBcDeFgHiJkLmNoPqRsTuVwX", + "found_secret": "Content-type: application/json' --data '{\"text\":\"Deployment failed! Check the logs.\"}" + } + ], + "not_found_entries": [ + { + "line_number": 18, + "secret": "v9m8xLpQrSjW4uB7zK2fG1hJ6cE0gN3oY5aD9F3b", + "label": "True Positive", + "expected_line": 18, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpxnsqnd3n/code.txt", + "line_number": 33, + "secret": "Content-type: application/json' --data '{\"text\":\"Deployment to production successful!\"}", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 4, + "total_found": 3, + "total_missed": 1, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 82, + "secret": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io/789012", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmprt64uoe5/code.txt", + "line_number": 8, + "secret": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io/789012", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 94, + "secret": "pk.eyJ1IjoibWFwZGV2ZWxvcGVyIiwiYSI6ImNrcTdrYjNkcjBmbnAyd3FtdTZyOHVlYjMifQ.X9iSgK3fRb7wzLpBnA8bCg", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmprt64uoe5/code.txt", + "line_number": 20, + "secret": "pk.eyJ1IjoibWFwZGV2ZWxvcGVyIiwiYSI6ImNrcTdrYjNkcjBmbnAyd3FtdTZyOHVlYjMifQ.X9iSgK3fRb7wzLpBnA8bCg", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 0 + }, + { + "found_entries": [ + { + "line_number": 32, + "secret": "aZ8~9_xYpQ-rS7tV.wJ6fGhK1jL3mN5oB4c2", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp_rg9jgfo/code.txt", + "line_number": 23, + "secret": "aZ8~9_xYpQ-rS7tV.wJ6fGhK1jL3mN5oB4c2", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp_rg9jgfo/code.txt", + "line_number": 23, + "secret": "aZ8~9_xYpQ-rS7tV.wJ6fGhK1jL3mN5oB4c2", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 21, + "secret": "p@qR$tUvW*yZ!aB#cDe^fG7hJ2kL4mN6p", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmptxy7460v/code.txt", + "line_number": 21, + "secret": "p@qR$tUvW*yZ!aB#cDe^fG7hJ2kL4mN6p", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 27, + "secret": "SG.A1B2C3d4e5_f6g7h8i9j0.kL1mN2oP3qR4sT5uV6w-X7yZ8aB9cDe0fG1hI2jK3lM_4s", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmptxy7460v/code.txt", + "line_number": 27, + "secret": "SG.A1B2C3d4e5_f6g7h8i9j0.kL1mN2oP3qR4sT5uV6w-X7yZ8aB9cDe0fG1hI2jK3lM_4s", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmptxy7460v/code.txt", + "line_number": 10, + "secret": "jdbc:postgresql://db.internal.example.com:5432/notifications", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmptxy7460v/code.txt", + "line_number": 21, + "secret": "p@qR$tUvW*yZ!aB#cDe^fG7hJ2kL4mN6p", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 2 + } + ], + "40": [ + { + "found_entries": [ + { + "line_number": 87, + "secret": "postgresql://payments_svc:a4J!zP0$fT7*bE9@db-prod.us-east-1.rds.amazonaws.com/payments_db", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp8sjg97b7/code.txt", + "line_number": 10, + "secret": "SQLALCHEMY_DATABASE_URI'] = 'postgresql://payments_svc:a4J!zP0$fT7*bE9@db-prod.us-east-1.rds.amazonaws.com/payments_db", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "postgresql://payments_svc:a4J!zP0$fT7*bE9@db-prod.us-east-1.rds.amazonaws.com/payments_db", + "found_secret": "SQLALCHEMY_DATABASE_URI'] = 'postgresql://payments_svc:a4J!zP0$fT7*bE9@db-prod.us-east-1.rds.amazonaws.com/payments_db" + }, + { + "line_number": 89, + "secret": "sk_live_51Mv3UqKxVp8pLoJ9tFmW2cXa1hN6bA7vF9yR0eZlP3cT8bSgK4uL5iV6jW7bA8eV9oI0pQ1rC2sD3tF4gH5jK6lM", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp8sjg97b7/code.txt", + "line_number": 12, + "secret": "sk_live_51Mv3UqKxVp8pLoJ9tFmW2cX", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "sk_live_51Mv3UqKxVp8pLoJ9tFmW2cXa1hN6bA7vF9yR0eZlP3cT8bSgK4uL5iV6jW7bA8eV9oI0pQ1rC2sD3tF4gH5jK6lM", + "found_secret": "sk_live_51Mv3UqKxVp8pLoJ9tFmW2cX" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp8sjg97b7/code.txt", + "line_number": 11, + "secret": "SQLALCHEMY_TRACK_MODIFICATIONS", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp8sjg97b7/code.txt", + "line_number": 12, + "secret": "sk_live_51Mv3UqKxVp8pLoJ9tFmW2cXa1hN6bA7vF9yR0eZlP3cT8bSgK4uL5iV6jW7bA8eV9oI0pQ1rC2sD3tF4gH5jK6lM", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp8sjg97b7/code.txt", + "line_number": 12, + "secret": "sk_live_51Mv3UqKxVp8pLoJ9tFmW2cXa1hN6bA7vF9yR0eZlP3cT8bSgK4uL5iV6jW7bA8eV9oI0pQ1rC2sD3tF4gH5jK6lM", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp8sjg97b7/code.txt", + "line_number": 12, + "secret": "sk_live_51Mv3UqKxVp8pLoJ9tFmW2cXa1hN6bA7vF9yR0eZlP3cT8bSgK4uL5iV6jW7bA8eV9oI0pQ1rC2sD3tF4gH5jK6lM", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp8sjg97b7/code.txt", + "line_number": 22, + "secret": "/create-payment-intent', methods=['POST", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 5 + }, + { + "found_entries": [ + { + "line_number": 37, + "secret": "AKIA4P5X3W7RYS6BZM9N", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpaowxdyyv/code.txt", + "line_number": 17, + "secret": "AKIA4P5X3W7RYS6BZM9N", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 38, + "secret": "v9mB/LpKsR8wT7oF4gH2jA1sC3dE5fG6hI7kL8mP", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpaowxdyyv/code.txt", + "line_number": 18, + "secret": "v9mB/LpKsR8wT7oF4gH2jA1sC3dE5fG6hI7kL8mP", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpaowxdyyv/code.txt", + "line_number": 17, + "secret": "AKIA4P5X3W7RYS6BZM9N", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpaowxdyyv/code.txt", + "line_number": 18, + "secret": "v9mB/LpKsR8wT7oF4gH2jA1sC3dE5fG6hI7kL8mP", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpaowxdyyv/code.txt", + "line_number": 18, + "secret": "v9mB/LpKsR8wT7oF4gH2jA1sC3dE5fG6hI7kL8mP", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 29, + "secret": "AKCp8tRLUvD1s5bYvL9T3qR7vC4kM6wN2pX8zF0aE9gH1iJ3kL5mN7oB9sD1fG2hJ4kL6eV", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpdb0jbjie/code.txt", + "line_number": 12, + "secret": "\"AKCp8tRLUvD1s5bYvL9T3qR7vC4kM6wN2pX8zF0aE9gH1iJ3kL5mN7oB9sD1fG2hJ4kL6eV\"", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "AKCp8tRLUvD1s5bYvL9T3qR7vC4kM6wN2pX8zF0aE9gH1iJ3kL5mN7oB9sD1fG2hJ4kL6eV", + "found_secret": "\"AKCp8tRLUvD1s5bYvL9T3qR7vC4kM6wN2pX8zF0aE9gH1iJ3kL5mN7oB9sD1fG2hJ4kL6eV\"" + }, + { + "line_number": 30, + "secret": "5a0f8eb8c9d44c9b8e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpdb0jbjie/code.txt", + "line_number": 13, + "secret": "5a0f8eb8c9d44c9b8e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 39, + "secret": "{\"type\":\"service_account\",\"project_id\":\"gcp-proj-staging-3456\",\"private_key_id\":\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6Kq2tU8N4vA3p\\n...fake content...\\nk9XpA2B4C5D6E7F8G9H0J2K3L4M5N6P7Q8R9T0U1V2W3X4Y5Z6A7B8C9D0E1F2G\\nH3I4J5K6L7M8N9P0Q1R2T3U4V5W6X7Y8Z9A0B1C2D3E4F5G6H7I8J9K0L1M2N3P4\\nQ5R6T7U8V9W0X1Y2Z3A4B5C6D7E8F9G0H1I2J3K4L5M6N7P8Q9R0T1U2V3W4X5Y6\\nZ7A8B9C0D1E2F3G4H5I6J7K8L9M0N1P2Q3R4T5U6V7W8X9Y0Z1A2B3C4D5E6F7G8\\nH9I0J1K2L3M4N5P6Q7R8T9U0V1W2X3Y4Z5A6B7C8D9E0F1G2H3I4J5K6L7M8N9P0\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"deploy-bot@gcp-proj-staging-3456.iam.gserviceaccount.com\",\"client_id\":\"123456789012345678901\",\"auth_uri\":\"...\",\"token_uri\":\"...\",\"auth_provider_x509_cert_url\":\"...\",\"client_x509_cert_url\":\"...\"}", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpdb0jbjie/code.txt", + "line_number": 22, + "secret": "BEGIN PRIVATE KEY", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "{\"type\":\"service_account\",\"project_id\":\"gcp-proj-staging-3456\",\"private_key_id\":\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6Kq2tU8N4vA3p\\n...fake content...\\nk9XpA2B4C5D6E7F8G9H0J2K3L4M5N6P7Q8R9T0U1V2W3X4Y5Z6A7B8C9D0E1F2G\\nH3I4J5K6L7M8N9P0Q1R2T3U4V5W6X7Y8Z9A0B1C2D3E4F5G6H7I8J9K0L1M2N3P4\\nQ5R6T7U8V9W0X1Y2Z3A4B5C6D7E8F9G0H1I2J3K4L5M6N7P8Q9R0T1U2V3W4X5Y6\\nZ7A8B9C0D1E2F3G4H5I6J7K8L9M0N1P2Q3R4T5U6V7W8X9Y0Z1A2B3C4D5E6F7G8\\nH9I0J1K2L3M4N5P6Q7R8T9U0V1W2X3Y4Z5A6B7C8D9E0F1G2H3I4J5K6L7M8N9P0\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"deploy-bot@gcp-proj-staging-3456.iam.gserviceaccount.com\",\"client_id\":\"123456789012345678901\",\"auth_uri\":\"...\",\"token_uri\":\"...\",\"auth_provider_x509_cert_url\":\"...\",\"client_x509_cert_url\":\"...\"}", + "found_secret": "BEGIN PRIVATE KEY" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpdb0jbjie/code.txt", + "line_number": 12, + "secret": "AKCp8tRLUvD1s5bYvL9T3qR7vC4kM6wN2pX8zF0aE9gH1iJ3kL5mN7oB9sD1fG2hJ4kL6eV", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpdb0jbjie/code.txt", + "line_number": 12, + "secret": "AKCp8tRLUvD1s5bYvL9T3qR7vC4kM6wN2pX8zF0aE9gH1iJ3kL5mN7oB9sD1fG2hJ4kL6eV", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpdb0jbjie/code.txt", + "line_number": 20, + "secret": "google-github-actions/auth@v1", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 122, + "secret": "https://b4a3c2d1e0f9a8b7c6d5e4f3a2b1c0d9@o450604.ingest.sentry.io/45060453321", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp398o4ui3/code.txt", + "line_number": 8, + "secret": "https://b4a3c2d1e0f9a8b7c6d5e4f3a2b1c0d9@o450604.ingest.sentry.io/45060453321", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 123, + "secret": "pk.eyJ1IjoiYmVuamFtaW5kZXYiLCJhIjoiY2xwOXA0bHUxMGZoeTJqcDkyMmh3ZDA0bCJ9.aK5fG4hT3jE2sC1dF8gH7i", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp398o4ui3/code.txt", + "line_number": 9, + "secret": "pk.eyJ1IjoiYmVuamFtaW5kZXYiLCJhIjoiY2xwOXA0bHUxMGZoeTJqcDkyMmh3ZDA0bCJ9.aK5fG4hT3jE2sC1dF8gH7i", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 146, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlX2FjY291bnQiLCJzY29wZSI6WyJyZWFkIiwid3JpdGUiXSwiaWF0IjoxNjcxNTQwMjM5fQ.oF9gR1vW3cZ4xS8eP5kL7sB6tD0fA2uJ1cK8iL5dN9g", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp398o4ui3/code.txt", + "line_number": 32, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlX2FjY291bnQiLCJzY29wZSI6WyJyZWFkIiwid3JpdGUiXSwiaWF0IjoxNjcxNTQwMjM5fQ.", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlX2FjY291bnQiLCJzY29wZSI6WyJyZWFkIiwid3JpdGUiXSwiaWF0IjoxNjcxNTQwMjM5fQ.oF9gR1vW3cZ4xS8eP5kL7sB6tD0fA2uJ1cK8iL5dN9g", + "found_secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlX2FjY291bnQiLCJzY29wZSI6WyJyZWFkIiwid3JpdGUiXSwiaWF0IjoxNjcxNTQwMjM5fQ." + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp398o4ui3/code.txt", + "line_number": 31, + "secret": "Content-Type': 'application/json", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 20, + "secret": "ACf1e2d3c4b5a6987e6d5c4b3a2f1e0d9c", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp320rqoz3/code.txt", + "line_number": 20, + "secret": "ACf1e2d3c4b5a6987e6d5c4b3a2f1e0d9c", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [ + { + "line_number": 8, + "secret": "gH7!kL#9sPqR$wXv2&yZ*bC", + "label": "True Positive", + "expected_line": 8, + "reason": "not_detected" + }, + { + "line_number": 15, + "secret": "mZ2$eR6^tY8*uI1!oP4@lK", + "label": "True Positive", + "expected_line": 15, + "reason": "not_detected" + }, + { + "line_number": 21, + "secret": "7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2d", + "label": "True Positive", + "expected_line": 21, + "reason": "not_detected" + } + ], + "false_positives": [], + "total_actual": 4, + "total_found": 1, + "total_missed": 3, + "total_false_positives": 0 + } + ], + "41": [ + { + "found_entries": [ + { + "line_number": 121, + "secret": "postgres://billing_svc_user:Ac8#k$!p9F@dBe3-db.prod.us-west-2.rds.amazonaws.com:5432/payments_db", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp6ug3wolo/code.txt", + "line_number": 10, + "secret": "SQLALCHEMY_DATABASE_URI'] = 'postgres://billing_svc_user:Ac8#k$!p9F@dBe3-db.prod.us-west-2.rds.amazonaws.com:5432/payments_db", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "postgres://billing_svc_user:Ac8#k$!p9F@dBe3-db.prod.us-west-2.rds.amazonaws.com:5432/payments_db", + "found_secret": "SQLALCHEMY_DATABASE_URI'] = 'postgres://billing_svc_user:Ac8#k$!p9F@dBe3-db.prod.us-west-2.rds.amazonaws.com:5432/payments_db" + }, + { + "line_number": 126, + "secret": "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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp6ug3wolo/code.txt", + "line_number": 15, + "secret": "sk_live_51Kk0L2ApB8fG1tY9j5mC3wZ", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "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", + "found_secret": "sk_live_51Kk0L2ApB8fG1tY9j5mC3wZ" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp6ug3wolo/code.txt", + "line_number": 11, + "secret": "SQLALCHEMY_TRACK_MODIFICATIONS", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp6ug3wolo/code.txt", + "line_number": 15, + "secret": "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", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp6ug3wolo/code.txt", + "line_number": 15, + "secret": "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", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp6ug3wolo/code.txt", + "line_number": 15, + "secret": "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", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp6ug3wolo/code.txt", + "line_number": 23, + "secret": "/create-payment-intent', methods=['POST", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 5 + }, + { + "found_entries": [ + { + "line_number": 46, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpz5edr5rp/code.txt", + "line_number": 6, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 47, + "secret": "pL8vGkZ9JmN7sR2wXqF1bT4uYcV3zH5iA0oK6eB", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpz5edr5rp/code.txt", + "line_number": 7, + "secret": "pL8vGkZ9JmN7sR2wXqF1bT4uYcV3zH5iA0oK6eB", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpz5edr5rp/code.txt", + "line_number": 6, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpz5edr5rp/code.txt", + "line_number": 7, + "secret": "pL8vGkZ9JmN7sR2wXqF1bT4uYcV3zH5iA0oK6eB", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpz5edr5rp/code.txt", + "line_number": 7, + "secret": "pL8vGkZ9JmN7sR2wXqF1bT4uYcV3zH5iA0oK6eB", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 42, + "secret": "{\"type\":\"service_account\",\"project_id\":\"acme-corp-345213\",\"private_key_id\":\"a4f3b18d8b4c7c8e9f0a1b2c3d4e5f6a7b8c9d0e\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2sX2w...\\n-----END PRIVATE KEY-----\",\"client_email\":\"deploy-bot@acme-corp-345213.iam.gserviceaccount.com\",\"client_id\":\"109876543210987654321\",\"auth_uri\":\"https://accounts.google.com/o/oauth2/auth\",\"token_uri\":\"https://oauth2.googleapis.com/token\",\"auth_provider_x509_cert_url\":\"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\":\"https://www.googleapis.com/robot/v1/metadata/x509/deploy-bot%40acme-corp-345213.iam.gserviceaccount.com\"}", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4xdb_tww/code.txt", + "line_number": 18, + "secret": "BEGIN PRIVATE KEY", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "{\"type\":\"service_account\",\"project_id\":\"acme-corp-345213\",\"private_key_id\":\"a4f3b18d8b4c7c8e9f0a1b2c3d4e5f6a7b8c9d0e\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2sX2w...\\n-----END PRIVATE KEY-----\",\"client_email\":\"deploy-bot@acme-corp-345213.iam.gserviceaccount.com\",\"client_id\":\"109876543210987654321\",\"auth_uri\":\"https://accounts.google.com/o/oauth2/auth\",\"token_uri\":\"https://oauth2.googleapis.com/token\",\"auth_provider_x509_cert_url\":\"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\":\"https://www.googleapis.com/robot/v1/metadata/x509/deploy-bot%40acme-corp-345213.iam.gserviceaccount.com\"}", + "found_secret": "BEGIN PRIVATE KEY" + }, + { + "line_number": 59, + "secret": "https://hooks.slack.com/services/T00ABCDEF/B00GHIJKL/kM3P5sR9tV1wX7Y2zN8oB4cD", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4xdb_tww/code.txt", + "line_number": 35, + "secret": "https://hooks.slack.com/services/T00ABCDEF/B00GHIJKL/kM3P5sR9tV1wX7Y2zN8oB4cD", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4xdb_tww/code.txt", + "line_number": 16, + "secret": "google-github-actions/auth@v1", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4xdb_tww/code.txt", + "line_number": 33, + "secret": "Deployment to production finished.", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4xdb_tww/code.txt", + "line_number": 35, + "secret": "https://hooks.slack.com/services/T00ABCDEF/B00GHIJKL/kM3P5sR9tV1wX7Y2zN8oB4cD", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 29, + "secret": "AIzaSyBv4nE8tGfH3jK2L5mN7oP9qR1sT3uV5wX", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9gt7sd0j/code.txt", + "line_number": 15, + "secret": "AIzaSyBv4nE8tGfH3jK2L5mN7oP9qR1sT3uV5wX", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 42, + "secret": "pk.eyJ1IjoibXljb29sYXBwIiwiYSI6ImNrcWV3Z3NqMDBjajAyd281cDNtZGNpb3oifQ.Vv1B2C3D4E5F6G7H8I9J0K", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9gt7sd0j/code.txt", + "line_number": 28, + "secret": "pk.eyJ1IjoibXljb29sYXBwIiwiYSI6ImNrcWV3Z3NqMDBjajAyd281cDNtZGNpb3oifQ.Vv1B2C3D4E5F6G7H8I9J0K", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9gt7sd0j/code.txt", + "line_number": 15, + "secret": "AIzaSyBv4nE8tGfH3jK2L5mN7oP9qR1sT3uV5wX", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9gt7sd0j/code.txt", + "line_number": 15, + "secret": "AIzaSyBv4nE8tGfH3jK2L5mN7oP9qR1sT3uV5wX", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9gt7sd0j/code.txt", + "line_number": 20, + "secret": "1:123456789012:web:a1b2c3d4e5f6a7b8c9d0e1", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9gt7sd0j/code.txt", + "line_number": 32, + "secret": "https://o1234567.ingest.sentry.io/12345678901234", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 4 + }, + { + "found_entries": [ + { + "line_number": 88, + "secret": "ZThkNDFkYzAtNzA1Mi00YjU5LTg5Y2UtMjdhMTEyMzg1ZjM5NDY0Y2ZkYjMtYTEzNC00MWI4LWJmOTItZWY5YTJjNmE1N2Jl", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5s_y5vko/code.txt", + "line_number": 11, + "secret": "ZThkNDFkYzAtNzA1Mi00YjU5LTg5Y2UtMjdhMTEyMzg1ZjM5NDY0Y2ZkYjMtYTEzNC00MWI4LWJmOTItZWY5YTJjNmE1N2Jl", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 98, + "secret": "amqp://notif_worker:RpR8#bV^9sL@mq-cluster.internal:5672/vhost_prod", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5s_y5vko/code.txt", + "line_number": 21, + "secret": "amqp://notif_worker:RpR8#bV^9sL@mq-cluster.internal:5672/vhost_prod", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5s_y5vko/code.txt", + "line_number": 11, + "secret": "ZThkNDFkYzAtNzA1Mi00YjU5LTg5Y2UtMjdhMTEyMzg1ZjM5NDY0Y2ZkYjMtYTEzNC00MWI4LWJmOTItZWY5YTJjNmE1N2Jl", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5s_y5vko/code.txt", + "line_number": 30, + "secret": "http://discovery-service:8761/eureka/", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 2 + } + ], + "42": [ + { + "found_entries": [ + { + "line_number": 103, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpdwhkp4a9/code.txt", + "line_number": 16, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 104, + "secret": "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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpdwhkp4a9/code.txt", + "line_number": 17, + "secret": "zL8wNcU9oF7jK5dG1eH3bV2aR6tY0sP4iQ9xCmA1", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpdwhkp4a9/code.txt", + "line_number": 17, + "secret": "zL8wNcU9oF7jK5dG1eH3bV2aR6tY0sP4iQ9xCmA1", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpdwhkp4a9/code.txt", + "line_number": 17, + "secret": "zL8wNcU9oF7jK5dG1eH3bV2aR6tY0sP4iQ9xCmA1", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpdwhkp4a9/code.txt", + "line_number": 17, + "secret": "zL8wNcU9oF7jK5dG1eH3bV2aR6tY0sP4iQ9xCmA1", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpdwhkp4a9/code.txt", + "line_number": 22, + "secret": "/api/v1/invoices/', methods=['GET", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpdwhkp4a9/code.txt", + "line_number": 28, + "secret": "Bucket': S3_BUCKET_NAME, 'Key", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 5 + }, + { + "found_entries": [ + { + "line_number": 53, + "secret": "ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7U", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpryqb1s_k/code.txt", + "line_number": 39, + "secret": "Authorization: token ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7U", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7U", + "found_secret": "Authorization: token ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7U" + } + ], + "not_found_entries": [ + { + "line_number": 36, + "secret": "dckr_pat_bC9xTfG3pZjL2nK5hW1vR8sY0uI7", + "label": "True Positive", + "expected_line": 22, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpryqb1s_k/code.txt", + "line_number": 38, + "secret": "Accept: application/vnd.github.v3+json", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpryqb1s_k/code.txt", + "line_number": 39, + "secret": "ghp", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 1, + "total_missed": 1, + "total_false_positives": 2 + }, + { + "found_entries": [ + { + "line_number": 44, + "secret": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4epjpt1r/code.txt", + "line_number": 12, + "secret": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 45, + "secret": "x9y8z7w6v5u4t3s2r1q0p9o8n7m6l5k4j3i2h1g0", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4epjpt1r/code.txt", + "line_number": 13, + "secret": "x9y8z7w6v5u4t3s2r1q0p9o8n7m6l5k4j3i2h1g0", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4epjpt1r/code.txt", + "line_number": 12, + "secret": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4epjpt1r/code.txt", + "line_number": 13, + "secret": "x9y8z7w6v5u4t3s2r1q0p9o8n7m6l5k4j3i2h1g0", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4epjpt1r/code.txt", + "line_number": 17, + "secret": "[Critical] High CPU Utilization on Core Services", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4epjpt1r/code.txt", + "line_number": 19, + "secret": "@all CPU utilization is over 90% on {{host.name}}. Check running processes immediately.", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4epjpt1r/code.txt", + "line_number": 21, + "secret": "avg(last_5m):avg:system.cpu.user{environment:prod,service:core-api} > 90", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4epjpt1r/code.txt", + "line_number": 28, + "secret": "env:prod\", \"service:core-api\", \"severity:critical", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4epjpt1r/code.txt", + "line_number": 34, + "secret": "[Prod] API Health Check - /status endpoint", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 7 + }, + { + "found_entries": [ + { + "line_number": 223, + "secret": "pk.eyJ1Ijoic2hpcHBpbmdkZXYiLCJhIjoiY2w5cGdpaHVwMDFjZDN2bzhsZ2N0cDZ6MyJ9.A5w3UQqT3rVdFzPqW2bVew", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpds3nsw32/code.txt", + "line_number": 13, + "secret": "pk.eyJ1Ijoic2hpcHBpbmdkZXYiLCJhIjoiY2w5cGdpaHVwMDFjZDN2bzhsZ2N0cDZ6MyJ9.A5w3UQqT3rVdFzPqW2bVew", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 226, + "secret": "https://a8d4d03c27e44a6f95e6f64b8c9d01b2@o450616.ingest.sentry.io/4506168886", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpds3nsw32/code.txt", + "line_number": 16, + "secret": "https://a8d4d03c27e44a6f95e6f64b8c9d01b2@o450616.ingest.sentry.io/4506168886", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 0 + }, + { + "found_entries": [ + { + "line_number": 22, + "secret": "prod_api_L3hV7bN9kPjR2wZ4mQ8yS6xT5", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9ntrqmrt/code.txt", + "line_number": 22, + "secret": "String', 'BACKEND_API_KEY', '\"prod_api_L3hV7bN9kPjR2wZ4mQ8yS6xT5\"", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "prod_api_L3hV7bN9kPjR2wZ4mQ8yS6xT5", + "found_secret": "String', 'BACKEND_API_KEY', '\"prod_api_L3hV7bN9kPjR2wZ4mQ8yS6xT5\"" + } + ], + "not_found_entries": [ + { + "line_number": 29, + "secret": "St@bleB@tteryH0rseC0rrect", + "label": "True Positive", + "expected_line": 29, + "reason": "not_detected" + }, + { + "line_number": 31, + "secret": "C0rrectH0rseSt@bleB@ttery", + "label": "True Positive", + "expected_line": 31, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9ntrqmrt/code.txt", + "line_number": 21, + "secret": "String', 'API_BASE_URL', '\"https://prod.api.examplecompany.com/\"", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9ntrqmrt/code.txt", + "line_number": 22, + "secret": "prod_api_L3hV7bN9kPjR2wZ4mQ8yS6xT5", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9ntrqmrt/code.txt", + "line_number": 38, + "secret": "proguard-android-optimize.txt'), 'proguard-rules.pro", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 1, + "total_missed": 2, + "total_false_positives": 3 + } + ], + "43": [ + { + "found_entries": [ + { + "line_number": 121, + "secret": "postgres://prod_user_rw:8!hG#kL$pQ2s@db-pg-prod-01.c3k4l5m6.us-east-1.rds.amazonaws.com:5432/main_app_db", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwroz1fy9/code.txt", + "line_number": 10, + "secret": "SQLALCHEMY_DATABASE_URI'] = 'postgres://prod_user_rw:8!hG#kL$pQ2s@db-pg-prod-01.c3k4l5m6.us-east-1.rds.amazonaws.com:5432/main_app_db", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "postgres://prod_user_rw:8!hG#kL$pQ2s@db-pg-prod-01.c3k4l5m6.us-east-1.rds.amazonaws.com:5432/main_app_db", + "found_secret": "SQLALCHEMY_DATABASE_URI'] = 'postgres://prod_user_rw:8!hG#kL$pQ2s@db-pg-prod-01.c3k4l5m6.us-east-1.rds.amazonaws.com:5432/main_app_db" + }, + { + "line_number": 132, + "secret": "eYp3s6v9y$B&E)H@McQfTjWnZr4u7x!A", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwroz1fy9/code.txt", + "line_number": 21, + "secret": "eYp3s6v9y$B&E)H@McQfTjWnZr4u7x!A", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwroz1fy9/code.txt", + "line_number": 11, + "secret": "SQLALCHEMY_TRACK_MODIFICATIONS", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwroz1fy9/code.txt", + "line_number": 19, + "secret": "prod-redis-cluster.ab123c.0001.use1.cache.amazonaws.com", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpwroz1fy9/code.txt", + "line_number": 21, + "secret": "eYp3s6v9y$B&E)H@McQfTjWnZr4u7x!A", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 60, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpzp2s0dpd/code.txt", + "line_number": 16, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 79, + "secret": "https://hooks.slack.com/services/T024F4SJ2/B0C3E4D5F6/aBcDeFgHiJkLmNoPqRsTuVwX", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpzp2s0dpd/code.txt", + "line_number": 35, + "secret": "Content-type: application/json' --data '{\"text\":\"Deployment on staging completed.\"}", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "https://hooks.slack.com/services/T024F4SJ2/B0C3E4D5F6/aBcDeFgHiJkLmNoPqRsTuVwX", + "found_secret": "Content-type: application/json' --data '{\"text\":\"Deployment on staging completed.\"}" + } + ], + "not_found_entries": [ + { + "line_number": 61, + "secret": "wJalrXUtnFEMI5K7MDENGbPxRfi2qZf6sZ2c4g5b", + "label": "True Positive", + "expected_line": 17, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpzp2s0dpd/code.txt", + "line_number": 35, + "secret": "https://hooks.slack.com/services/T024F4SJ2/B0C3E4D5F6/aBcDeFgHiJkLmNoPqRsTuVwX", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 2, + "total_missed": 1, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 23, + "secret": "B4kL9mN8oP1qR2sT3uV4wX5yZ6aB7c8D", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4x_xw2l4/code.txt", + "line_number": 3, + "secret": "B4kL9mN8oP1qR2sT3uV4wX5yZ6aB7c8D", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 47, + "secret": "u+Hs9xL3vA7fY2zR5pQ8", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4x_xw2l4/code.txt", + "line_number": 27, + "secret": "u+Hs9xL3vA7fY2zR5pQ8", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4x_xw2l4/code.txt", + "line_number": 3, + "secret": "B4kL9mN8oP1qR2sT3uV4wX5yZ6aB7c8D", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4x_xw2l4/code.txt", + "line_number": 3, + "secret": "B4kL9mN8oP1qR2sT3uV4wX5yZ6aB7c8D", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4x_xw2l4/code.txt", + "line_number": 6, + "secret": "fastly_service_v1\" \"webapp", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp4x_xw2l4/code.txt", + "line_number": 15, + "secret": "app-load-balancer.us-west-2.elb.amazonaws.com", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 4 + }, + { + "found_entries": [ + { + "line_number": 99, + "secret": "AIzaSyB9X8c7V6D5E4F3G2H1I0jL9K8mN7pQoR", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9ltaynj_/code.txt", + "line_number": 12, + "secret": "AIzaSyB9X8c7V6D5E4F3G2H1I0jL9K8mN7pQoR", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 108, + "secret": "pk.eyJ1IjoiYXBwZGV2ZWxvcGVyIiwiYSI6ImNrdzVjNmRmMDBkbmoydm51cTY5ZzVlMncifQ.A1b2c3d4E5F6g7h8I9J0kL", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9ltaynj_/code.txt", + "line_number": 21, + "secret": "pk.eyJ1IjoiYXBwZGV2ZWxvcGVyIiwiYSI6ImNrdzVjNmRmMDBkbmoydm51cTY5ZzVlMncifQ.A1b2c3d4E5F6g7h8I9J0kL", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 113, + "secret": "sk-proj-rT8uV9wXyZ1aB2c3d4E5f6G7h8i9j0kL1m2N3o4P5q6R", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9ltaynj_/code.txt", + "line_number": 26, + "secret": "sk-proj-rT8uV9wXyZ1aB2c3d4E5f6G7h8i9j0kL1m2N3o4P5q6R", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9ltaynj_/code.txt", + "line_number": 12, + "secret": "AIzaSyB9X8c7V6D5E4F3G2H1I0jL9K8mN7pQoR", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9ltaynj_/code.txt", + "line_number": 12, + "secret": "AIzaSyB9X8c7V6D5E4F3G2H1I0jL9K8mN7pQoR", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9ltaynj_/code.txt", + "line_number": 17, + "secret": "1:123456789012:web:a1b2c3d4e5f6a7b8c9d0e1", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9ltaynj_/code.txt", + "line_number": 26, + "secret": "sk-proj-rT8uV9wXyZ1aB2c3d4E5f6G7h8i9j0kL1m2N3o4P5q6R", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9ltaynj_/code.txt", + "line_number": 26, + "secret": "sk-proj-rT8uV9wXyZ1aB2c3d4E5f6G7h8i9j0kL1m2N3o4P5q6R", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 5 + }, + { + "found_entries": [ + { + "line_number": 22, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB4nF6gH7jK8lM9oP0qR1sT2uV3wX4yZ5aB6c", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp48xrzpk1/code.txt", + "line_number": 22, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWq", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB4nF6gH7jK8lM9oP0qR1sT2uV3wX4yZ5aB6c", + "found_secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWq" + } + ], + "not_found_entries": [ + { + "line_number": 9, + "secret": "4hT7^kL#pQ$zW1*s", + "label": "True Positive", + "expected_line": 9, + "reason": "not_detected" + }, + { + "line_number": 18, + "secret": "bXlzdXBlcnNlY3JldGtleWZvcmF1dGgtc2VydmljZS1pcy1hdzsza29tZWx5LWxvbmc=", + "label": "True Positive", + "expected_line": 18, + "reason": "not_detected" + } + ], + "false_positives": [], + "total_actual": 3, + "total_found": 1, + "total_missed": 2, + "total_false_positives": 0 + } + ], + "44": [ + { + "found_entries": [ + { + "line_number": 96, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpnhasz_k0/code.txt", + "line_number": 9, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 97, + "secret": "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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpnhasz_k0/code.txt", + "line_number": 10, + "secret": "pL8/Jk3b+mN5gH7vF2sK9dR1wZ0eC4yI/xQvA6sT", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpnhasz_k0/code.txt", + "line_number": 10, + "secret": "pL8/Jk3b+mN5gH7vF2sK9dR1wZ0eC4yI/xQvA6sT", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpnhasz_k0/code.txt", + "line_number": 10, + "secret": "pL8/Jk3b+mN5gH7vF2sK9dR1wZ0eC4yI/xQvA6sT", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpnhasz_k0/code.txt", + "line_number": 10, + "secret": "pL8/Jk3b+mN5gH7vF2sK9dR1wZ0eC4yI/xQvA6sT", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpnhasz_k0/code.txt", + "line_number": 13, + "secret": "\"\"Downloads a specific file from our production S3 bucket.\"\"", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpnhasz_k0/code.txt", + "line_number": 21, + "secret": "Starting download for {s3_key}...", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpnhasz_k0/code.txt", + "line_number": 23, + "secret": "Successfully downloaded to {local_path}", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpnhasz_k0/code.txt", + "line_number": 33, + "secret": "monthly_reports/2023-10.csv", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 7 + }, + { + "found_entries": [ + { + "line_number": 60, + "secret": "aL9~_fH8qY7.s-D3.wX2vR-zM4pE1bN9jK", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmphwnd93kn/code.txt", + "line_number": 20, + "secret": "aL9~_fH8qY7.s-D3.wX2vR-zM4pE1bN9jK", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmphwnd93kn/code.txt", + "line_number": 20, + "secret": "aL9~_fH8qY7.s-D3.wX2vR-zM4pE1bN9jK", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 31, + "secret": "4hG#kL$pQ2s!tV*wXyZ(aB-dE", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmps45xn92s/code.txt", + "line_number": 11, + "secret": "4hG#kL$pQ2s!tV*wXyZ(aB-dE", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 38, + "secret": "NjIzZGU5NTgtYWYzZC00YjM1LWE3MzktZWYzMDU3NTM1YmYxYzUyMWU1NzItODk0Yi00ODY0LWIzZjItYmYyYjVjYTAwZjY1", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmps45xn92s/code.txt", + "line_number": 18, + "secret": "NjIzZGU5NTgtYWYzZC00YjM1LWE3MzktZWYzMDU3NTM1YmYxYzUyMWU1NzItODk0Yi00ODY0LWIzZjItYmYyYjVjYTAwZjY1", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmps45xn92s/code.txt", + "line_number": 9, + "secret": "jdbc:postgresql://db-prod-replica-1.c8zqtm2n4a1v.us-west-2.rds.amazonaws.com:5432/analytics_db", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmps45xn92s/code.txt", + "line_number": 11, + "secret": "4hG#kL$pQ2s!tV*wXyZ(aB-dE", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmps45xn92s/code.txt", + "line_number": 18, + "secret": "NjIzZGU5NTgtYWYzZC00YjM1LWE3MzktZWYzMDU3NTM1YmYxYzUyMWU1NzItODk0Yi00ODY0LWIzZjItYmYyYjVjYTAwZjY1", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 133, + "secret": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAz/q/v2Oq5xGq2U3h5p9kY8t6v7v6p5L4f3n2s1E3n7o8w7u8\nr6p5w4w2a5r9t8y4u1i3o5p7a9s1d3f5g7h9k2l4m6n8q0w2e4r6t8y0u2i4o6\np8a0s2d4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q\n0w2e4r6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2\nd4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q0w2e4\nr6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2d4f6\ng8h0j2l4m6N8q0w2e4R6t8Y0u2i4o6A8c2v4b6N8m0P2q4w6e8R0t2y4I6o8p0A\ns2D4f6G8h0J2l4M6n8Q0w2E4r6T8y0U2i4O6p8A0S2d4F6g8H0k2L4m6n8Q0W2e\n4r6t8Y0u2I4o6p8a0S2d4f6G8h0j2L4m6n8q0W2e4r6t8Y0u2i4O6p8a0S2d4f6\nG8h0k2L4m6n8Q0W2E4r6T8y0u2I4O6p8a0s2d4f6G8h0j2L4m6N8Q0W2e4R6T8y\n0u2I4o6p8A0s2D4f6g8h0J2l4m6N8q0w2e4R6t8Y0U2i4o6p8A0s2d4F6g8h0j2\nL4m6n8Q0w2E4R6t8y0u2I4o6p8a0s2D4f6g8H0k2l4m6N8q0W2e4r6T8y0u2I4o\n6P8a0S2d4f6g8H0j2L4m6n8q0w2e4R6t8y0U2i4o6P8A0s2D4f6g8h0J2l4M6n8\nQ0W2e4R6t8Y0u2I4O6p8a0s2d4F6g8h0j2l4m6n8Q0w2E4r6t8Y0U2i4o6P8a0S\n-----END RSA PRIVATE KEY-----", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp_w945bj5/code.txt", + "line_number": 22, + "secret": "BEGIN RSA PRIVATE KEY", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAz/q/v2Oq5xGq2U3h5p9kY8t6v7v6p5L4f3n2s1E3n7o8w7u8\nr6p5w4w2a5r9t8y4u1i3o5p7a9s1d3f5g7h9k2l4m6n8q0w2e4r6t8y0u2i4o6\np8a0s2d4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q\n0w2e4r6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2\nd4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q0w2e4\nr6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2d4f6\ng8h0j2l4m6N8q0w2e4R6t8Y0u2i4o6A8c2v4b6N8m0P2q4w6e8R0t2y4I6o8p0A\ns2D4f6G8h0J2l4M6n8Q0w2E4r6T8y0U2i4O6p8A0S2d4F6g8H0k2L4m6n8Q0W2e\n4r6t8Y0u2I4o6p8a0S2d4f6G8h0j2L4m6n8q0W2e4r6t8Y0u2i4O6p8a0S2d4f6\nG8h0k2L4m6n8Q0W2E4r6T8y0u2I4O6p8a0s2d4f6G8h0j2L4m6N8Q0W2e4R6T8y\n0u2I4o6p8A0s2D4f6g8h0J2l4m6N8q0w2e4R6t8Y0U2i4o6p8A0s2d4F6g8h0j2\nL4m6n8Q0w2E4R6t8y0u2I4o6p8a0s2D4f6g8H0k2l4m6N8q0W2e4r6T8y0u2I4o\n6P8a0S2d4f6g8H0j2L4m6n8q0w2e4R6t8y0U2i4o6P8A0s2D4f6g8h0J2l4M6n8\nQ0W2e4R6t8Y0u2I4O6p8a0s2d4F6g8h0j2l4m6n8Q0w2E4r6t8Y0U2i4o6P8a0S\n-----END RSA PRIVATE KEY-----", + "found_secret": "BEGIN RSA PRIVATE KEY" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp_w945bj5/code.txt", + "line_number": 39, + "secret": "scp ./target/app.jar ${env.DEPLOY_USER}@${env.DEPLOY_HOST}:/opt/app/", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp_w945bj5/code.txt", + "line_number": 40, + "secret": "ssh ${env.DEPLOY_USER}@${env.DEPLOY_HOST} 'systemctl restart myapp'", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 2 + }, + { + "found_entries": [ + { + "line_number": 47, + "secret": "pk.eyJ1IjoibWFwZGV2ZWxvcGVyIiwiYSI6ImNrcGo1bXp6ODBzaHIydnBqcWhyZDRrajcifQ.vG8cW7fJ2w9eK5rN3pD8oA", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9p_njyd4/code.txt", + "line_number": 15, + "secret": "pk.eyJ1IjoibWFwZGV2ZWxvcGVyIiwiYSI6ImNrcGo1bXp6ODBzaHIydnBqcWhyZDRrajcifQ.vG8cW7fJ2w9eK5rN3pD8oA", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 48, + "secret": "https://a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4@o123456.ingest.sentry.io/7890123", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9p_njyd4/code.txt", + "line_number": 16, + "secret": "https://a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4@o123456.ingest.sentry.io/7890123", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9p_njyd4/code.txt", + "line_number": 11, + "secret": "development' | 'staging' | 'production", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 1 + } + ], + "45": [ + { + "found_entries": [ + { + "line_number": 20, + "secret": "postgres://user_svc_acct:p9#zF!8k@L$sR_Wv@db-users.internal.corp:5432/users", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp0mds6d6z/code.txt", + "line_number": 11, + "secret": "SQLALCHEMY_DATABASE_URI'] = 'postgres://user_svc_acct:p9#zF!8k@L$sR_Wv@db-users.internal.corp:5432/users", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "postgres://user_svc_acct:p9#zF!8k@L$sR_Wv@db-users.internal.corp:5432/users", + "found_secret": "SQLALCHEMY_DATABASE_URI'] = 'postgres://user_svc_acct:p9#zF!8k@L$sR_Wv@db-users.internal.corp:5432/users" + }, + { + "line_number": 22, + "secret": "u$h3Jk!^nL*8g$Pz@qV5sR9b#Gf2M(wE", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp0mds6d6z/code.txt", + "line_number": 13, + "secret": "u$h3Jk!^nL*8g$Pz@qV5sR9b#Gf2M(wE", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 23, + "secret": "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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp0mds6d6z/code.txt", + "line_number": 14, + "secret": "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", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp0mds6d6z/code.txt", + "line_number": 12, + "secret": "SQLALCHEMY_TRACK_MODIFICATIONS", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp0mds6d6z/code.txt", + "line_number": 13, + "secret": "JWT_SECRET_KEY'] = 'u$h3Jk!^nL*8g$Pz@qV5sR9b#Gf2M(wE", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp0mds6d6z/code.txt", + "line_number": 14, + "secret": "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", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp0mds6d6z/code.txt", + "line_number": 14, + "secret": "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", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp0mds6d6z/code.txt", + "line_number": 24, + "secret": "/login', methods=['POST", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp0mds6d6z/code.txt", + "line_number": 29, + "secret": "test", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 6 + }, + { + "found_entries": [ + { + "line_number": 15, + "secret": "AKIA4ZLWQY62N7S5V3OF", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpcchhyxrh/code.txt", + "line_number": 15, + "secret": "AKIA4ZLWQY62N7S5V3OF", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [ + { + "line_number": 16, + "secret": "Wj3F8zK/x6dE+qT9pYhR/gL7mN4sV2cBb1aZ0xP", + "label": "True Positive", + "expected_line": 16, + "reason": "not_detected" + }, + { + "line_number": 19, + "secret": "dckr_pat_a4fH7Gj9kLpZ3xV6cWqY8tN2sR5bM0", + "label": "True Positive", + "expected_line": 19, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpcchhyxrh/code.txt", + "line_number": 42, + "secret": "Image built and pushed successfully", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 1, + "total_missed": 2, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 5, + "secret": "AKIAJM7GFQ36XW5YUIZA", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpuqpoya8z/code.txt", + "line_number": 5, + "secret": "AKIAJM7GFQ36XW5YUIZA", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 6, + "secret": "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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpuqpoya8z/code.txt", + "line_number": 6, + "secret": "zJ7aRpXtNfEmI/K9mDeNg/BqXrfIcY9gLwS3vUoH", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 24, + "secret": "D#$tG6hL9p!z@qR2bN8f*m", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpuqpoya8z/code.txt", + "line_number": 24, + "secret": "D#$tG6hL9p!z@qR2bN8f*m", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpuqpoya8z/code.txt", + "line_number": 6, + "secret": "zJ7aRpXtNfEmI/K9mDeNg/BqXrfIcY9gLwS3vUoH", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpuqpoya8z/code.txt", + "line_number": 6, + "secret": "zJ7aRpXtNfEmI/K9mDeNg/BqXrfIcY9gLwS3vUoH", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpuqpoya8z/code.txt", + "line_number": 24, + "secret": "D#$tG6hL9p!z@qR2bN8f*m", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 63, + "secret": "pk.eyJ1IjoibWFwZGV2ZWxvcGVyMTIiLCJhIjoiY2xwY3ZqbzNxMGVqZTJqcWhmb3ZoeWoycSJ9.sF5gHjL9kPzQvB7nJ6tXyA", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp16un3wfw/code.txt", + "line_number": 14, + "secret": "pk.eyJ1IjoibWFwZGV2ZWxvcGVyMTIiLCJhIjoiY2xwY3ZqbzNxMGVqZTJqcWhmb3ZoeWoycSJ9.sF5gHjL9kPzQvB7nJ6tXyA", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 66, + "secret": "gz_api_k_e5e4bb50c2684994843b0032b49ab78c", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp16un3wfw/code.txt", + "line_number": 17, + "secret": "gz_api_k_e5e4bb50c2684994843b0032b49ab78c", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp16un3wfw/code.txt", + "line_number": 17, + "secret": "gz_api_k_e5e4bb50c2684994843b0032b49ab78c", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 44, + "secret": "amqp://msg_proc:F3d^kLp@9s!zR-q@rabbitmq-prod.svc.cluster.local:5672/", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp55wv5zgg/code.txt", + "line_number": 20, + "secret": "F3d^kLp", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "amqp://msg_proc:F3d^kLp@9s!zR-q@rabbitmq-prod.svc.cluster.local:5672/", + "found_secret": "F3d^kLp" + }, + { + "line_number": 47, + "secret": "sv-tok-prod_8A2zL9pHqY7tJv5kR4wGcXnF1bS3mD6h", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp55wv5zgg/code.txt", + "line_number": 23, + "secret": "sv-tok-prod_8A2zL9pHqY7tJv5kR4wGcXnF1bS3mD6h", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp55wv5zgg/code.txt", + "line_number": 9, + "secret": "github.com/streadway/amqp", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp55wv5zgg/code.txt", + "line_number": 20, + "secret": "amqp://msg_proc:F3d^kLp@9s!zR-q@rabbitmq-prod.svc.cluster.local:5672/", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp55wv5zgg/code.txt", + "line_number": 23, + "secret": "sv-tok-prod_8A2zL9pHqY7tJv5kR4wGcXnF1bS3mD6h", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp55wv5zgg/code.txt", + "line_number": 43, + "secret": "Content-Type\", \"application/json", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp55wv5zgg/code.txt", + "line_number": 50, + "secret": " [*] Waiting for messages. To exit press CTRL+C", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 5 + } + ], + "46": [ + { + "found_entries": [ + { + "line_number": 87, + "secret": "postgres://analytics_svc:5h#jK9$fG!pQ@prod-db-replica-1.us-east-1.rds.amazonaws.com:5432/reporting_db", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpebele87s/code.txt", + "line_number": 10, + "secret": "SQLALCHEMY_DATABASE_URI'] = 'postgres://analytics_svc:5h#jK9$fG!pQ@prod-db-replica-1.us-east-1.rds.amazonaws.com:5432/reporting_db", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "postgres://analytics_svc:5h#jK9$fG!pQ@prod-db-replica-1.us-east-1.rds.amazonaws.com:5432/reporting_db", + "found_secret": "SQLALCHEMY_DATABASE_URI'] = 'postgres://analytics_svc:5h#jK9$fG!pQ@prod-db-replica-1.us-east-1.rds.amazonaws.com:5432/reporting_db" + }, + { + "line_number": 92, + "secret": "sk_live_51Kx2BzJ6w3hC7nVf8gB5sLp0nN6rT1qY2aD4zXvWqSjU3mHk9oP7fG1tY9cR", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpebele87s/code.txt", + "line_number": 15, + "secret": "sk_live_51Kx2BzJ6w3hC7nVf8gB5sLp", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "sk_live_51Kx2BzJ6w3hC7nVf8gB5sLp0nN6rT1qY2aD4zXvWqSjU3mHk9oP7fG1tY9cR", + "found_secret": "sk_live_51Kx2BzJ6w3hC7nVf8gB5sLp" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpebele87s/code.txt", + "line_number": 11, + "secret": "SQLALCHEMY_TRACK_MODIFICATIONS", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpebele87s/code.txt", + "line_number": 15, + "secret": "sk_live_51Kx2BzJ6w3hC7nVf8gB5sLp0nN6rT1qY2aD4zXvWqSjU3mHk9oP7fG1tY9cR", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpebele87s/code.txt", + "line_number": 15, + "secret": "sk_live_51Kx2BzJ6w3hC7nVf8gB5sLp0nN6rT1qY2aD4zXvWqSjU3mHk9oP7fG1tY9cR", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpebele87s/code.txt", + "line_number": 15, + "secret": "sk_live_51Kx2BzJ6w3hC7nVf8gB5sLp0nN6rT1qY2aD4zXvWqSjU3mHk9oP7fG1tY9cR", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpebele87s/code.txt", + "line_number": 29, + "secret": "/api/v1/health', methods=['GET", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 5 + }, + { + "found_entries": [ + { + "line_number": 39, + "secret": "AKIAV5Y3RXU2FN7QZ6PL", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9x1ywuvg/code.txt", + "line_number": 19, + "secret": "AKIAV5Y3RXU2FN7QZ6PL", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 51, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp9x1ywuvg/code.txt", + "line_number": 31, + "secret": "https://hooks.slack.com/services/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", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [ + { + "line_number": 40, + "secret": "p2gR8hL9kM3tN4vW5zC1xS7qY6bA+dE0fG/jK", + "label": "True Positive", + "expected_line": 20, + "reason": "not_detected" + } + ], + "false_positives": [], + "total_actual": 3, + "total_found": 2, + "total_missed": 1, + "total_false_positives": 0 + }, + { + "found_entries": [ + { + "line_number": 55, + "secret": "dop_v1_a6b4c8d1e2f3g5h7i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpyw32sckf/code.txt", + "line_number": 11, + "secret": "dop_v1_a6b4c8d1e2f3g5h7i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpyw32sckf/code.txt", + "line_number": 11, + "secret": "dop_v1_a6b4c8d1e2f3g5h7i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpyw32sckf/code.txt", + "line_number": 14, + "secret": "digitalocean_droplet\" \"web_server", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpyw32sckf/code.txt", + "line_number": 22, + "secret": "digitalocean_kubernetes_cluster\" \"primary_cluster", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpyw32sckf/code.txt", + "line_number": 34, + "secret": "digitalocean_ssh_key\" \"main_key", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 4 + }, + { + "found_entries": [ + { + "line_number": 133, + "secret": "pk.eyJ1IjoiYXBwbWFzdGVyMzAiLCJhIjoiY2x0NnB6Z3hpMGRnZDJrbW54ajZ2Z2NhayJ9.Z-u9f7s_L7gK4jH5qP2nXw", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp7f52dwqq/code.txt", + "line_number": 19, + "secret": "pk.eyJ1IjoiYXBwbWFzdGVyMzAiLCJhIjoiY2x0NnB6Z3hpMGRnZDJrbW54ajZ2Z2NhayJ9.Z-u9f7s_L7gK4jH5qP2nXw", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 134, + "secret": "https://a1b2c3d4e5f64a7b8c9d0e1f2a3b4c5d@o123456.ingest.sentry.io/7890123", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp7f52dwqq/code.txt", + "line_number": 20, + "secret": "https://a1b2c3d4e5f64a7b8c9d0e1f2a3b4c5d@o123456.ingest.sentry.io/7890123", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp7f52dwqq/code.txt", + "line_number": 32, + "secret": "https://fedcba9876543210fedcba9876543210@o654321.ingest.sentry.io/3210987", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 1 + }, + { + "found_entries": [], + "not_found_entries": [ + { + "line_number": 111, + "secret": "Z8qWn!y$B&E)H@McQfTjWnZr4u7x!A%D*G-JaNdRgUkXp2s5v8y/B?E(H+KbPeSh", + "label": "True Positive", + "expected_line": 14, + "reason": "not_detected" + }, + { + "line_number": 126, + "secret": "notifications-prod@we-send-alerts.com", + "label": "True Positive", + "expected_line": 29, + "reason": "not_detected" + }, + { + "line_number": 127, + "secret": "4R#sV9$!pLq2b", + "label": "True Positive", + "expected_line": 30, + "reason": "not_detected" + } + ], + "false_positives": [], + "total_actual": 3, + "total_found": 0, + "total_missed": 3, + "total_false_positives": 0 + } + ], + "47": [ + { + "found_entries": [ + { + "line_number": 98, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5jg9069c/code.txt", + "line_number": 11, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 99, + "secret": "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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5jg9069c/code.txt", + "line_number": 12, + "secret": "bGe8vKqy9zF3sC7hLpA5dGjJkM0fNn2xWvT1oR4i", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5jg9069c/code.txt", + "line_number": 9, + "secret": "\"\"Initializes and returns a boto3 S3 client for a specific region.\"\"", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5jg9069c/code.txt", + "line_number": 12, + "secret": "bGe8vKqy9zF3sC7hLpA5dGjJkM0fNn2xWvT1oR4i", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5jg9069c/code.txt", + "line_number": 12, + "secret": "bGe8vKqy9zF3sC7hLpA5dGjJkM0fNn2xWvT1oR4i", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5jg9069c/code.txt", + "line_number": 12, + "secret": "bGe8vKqy9zF3sC7hLpA5dGjJkM0fNn2xWvT1oR4i", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5jg9069c/code.txt", + "line_number": 22, + "secret": "Successfully created S3 client for region {aws_region}", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5jg9069c/code.txt", + "line_number": 29, + "secret": "\"\"Lists buckets with 'report' in their name.\"\"", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5jg9069c/code.txt", + "line_number": 31, + "secret": "Name'] for bucket in response['Buckets'] if 'report' in bucket['Name", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 7 + }, + { + "found_entries": [ + { + "line_number": 60, + "secret": "~m88Q~bH2tY.xK5cZ_-.LpG7j9nF3rVqEwD1aB", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpj_wv5ruc/code.txt", + "line_number": 19, + "secret": "~m88Q~bH2tY.xK5cZ_-.LpG7j9nF3rVqEwD1aB", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [ + { + "line_number": 58, + "secret": "f0g1h2i3-j4k5-6789-l0m1-n2o3p4q5678b", + "label": "True Positive", + "expected_line": 17, + "reason": "not_detected" + }, + { + "line_number": 59, + "secret": "a8b1c2d3-e4f5-6789-a0b1-c2d3e4f5678a", + "label": "True Positive", + "expected_line": 18, + "reason": "not_detected" + }, + { + "line_number": 61, + "secret": "c9d0e1f2-g3h4-5678-i9j0-k1l2m3n4567c", + "label": "True Positive", + "expected_line": 20, + "reason": "not_detected" + } + ], + "false_positives": [], + "total_actual": 4, + "total_found": 1, + "total_missed": 3, + "total_false_positives": 0 + }, + { + "found_entries": [ + { + "line_number": 118, + "secret": "pk.eyJ1IjoiYmFja2VuZGRldjE5IiwiYSI6ImNsdWpwbDFrZDFhaWgyaW54aThxaGYwNWgifQ.bO9F2zA-y8wU1rC6gV4qLw", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpnrebqc9o/code.txt", + "line_number": 7, + "secret": "pk.eyJ1IjoiYmFja2VuZGRldjE5IiwiYSI6ImNsdWpwbDFrZDFhaWgyaW54aThxaGYwNWgifQ.bO9F2zA-y8wU1rC6gV4qLw", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 0 + }, + { + "found_entries": [], + "not_found_entries": [ + { + "line_number": 36, + "secret": "dckr_pat_u7VpMzX9hL8rKjG6wQfB2cT4oN", + "label": "True Positive", + "expected_line": 22, + "reason": "not_detected" + }, + { + "line_number": 51, + "secret": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACCrY4qzb6p5bSj/LhkCHwPksPA2/mOapvO02N7UUDlO6gAAAJgRjN4EEYze\nBAAAAAtzc2gtZWQyNTUxOQAAACCrY4qzb6p5bSj/LhkCHwPksPA2/mOapvO02N7UUDlO6g\nAAAECBmxuGZJz76hTkyk1r6s9JRXr8K2T4lVjTpf3G9T/lFKtjirNvqnltKP8uGQIfA+Sw\n8Db+Y5qm87TY3tRQOU7qAAAAEGNpY2RfYWdlbnRAbWFpbC5jb20BAg==\n-----END OPENSSH PRIVATE KEY-----", + "label": "True Positive", + "expected_line": 37, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpcu3pnjqv/code.txt", + "line_number": 38, + "secret": "BEGIN OPENSSH PRIVATE KEY", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 0, + "total_missed": 2, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 204, + "secret": "postgres://prod_analytics:v#9&kF$LpQz8r@db-replica-1.us-east-2.rds.amazonaws.com:5432/reporting", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpnlc8liv2/code.txt", + "line_number": 4, + "secret": "postgres://prod_analytics:v#9&kF$LpQz8r@db-replica-1.us-east-2.rds.amazonaws.com:5432/reporting", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 219, + "secret": "YjYzY2I0NTYtMzU4Mi00NjRmLWE5YzEtY2QwMmQzMmM4ZWU3ZmY0Y2I3YjAtZjFjNS00NjZiLTk5YjEtZDYyYzE4Y2Y1ZDE4", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpnlc8liv2/code.txt", + "line_number": 19, + "secret": "YjYzY2I0NTYtMzU4Mi00NjRmLWE5YzEtY2QwMmQzMmM4ZWU3ZmY0Y2I3YjAtZjFjNS00NjZiLTk5YjEtZDYyYzE4Y2Y1ZDE4", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpnlc8liv2/code.txt", + "line_number": 19, + "secret": "YjYzY2I0NTYtMzU4Mi00NjRmLWE5YzEtY2QwMmQzMmM4ZWU3ZmY0Y2I3YjAtZjFjNS00NjZiLTk5YjEtZDYyYzE4Y2Y1ZDE4", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpnlc8liv2/code.txt", + "line_number": 19, + "secret": "YjYzY2I0NTYtMzU4Mi00NjRmLWE5YzEtY2QwMmQzMmM4ZWU3ZmY0Y2I3YjAtZjFjNS00NjZiLTk5YjEtZDYyYzE4Y2Y1ZDE4", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 2 + } + ], + "48": [ + { + "found_entries": [ + { + "line_number": 129, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mH8sZk7vXn1cT2dD5eF6jA9gB7hI3lK4mN5oP6rQ8tS0uVvWwXyZ00abcDeFgh", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpngipejo4/code.txt", + "line_number": 15, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mH8sZk7vXn1cT2dD5eF6jA9gB7hI3lK4mN5oP6rQ8tS0uVvWwXyZ00abcDeFgh", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpngipejo4/code.txt", + "line_number": 9, + "secret": "github.com/stripe/stripe-go/v72", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpngipejo4/code.txt", + "line_number": 10, + "secret": "github.com/stripe/stripe-go/v72/paymentintent", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpngipejo4/code.txt", + "line_number": 15, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mH8sZk7vXn1cT2dD5eF6jA9gB7hI3lK4mN5oP6rQ8tS0uVvWwXyZ00abcDeFgh", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpngipejo4/code.txt", + "line_number": 15, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWq", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 4 + }, + { + "found_entries": [ + { + "line_number": 62, + "secret": "dckr_pat_1A7fThgK9pLMt2Jz4wVbX5rYc8nS3oP6g", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpc37p533d/code.txt", + "line_number": 21, + "secret": "dckr_pat_1A7fThgK9pLMt2Jz4wVbX5rYc8nS3oP6g", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 82, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpc37p533d/code.txt", + "line_number": 41, + "secret": "https://hooks.slack.com/services/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", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpc37p533d/code.txt", + "line_number": 21, + "secret": "dckr_pat_1A7fThgK9pLMt2Jz4wVbX5rYc8nS3oP6g", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpc37p533d/code.txt", + "line_number": 21, + "secret": "dckr_pat_1A7fThgK9pLMt2Jz4wVbX5rYc8nS3oP6g", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpc37p533d/code.txt", + "line_number": 39, + "secret": "Build and deploy succeeded for main branch.", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpc37p533d/code.txt", + "line_number": 41, + "secret": "https://hooks.slack.com/services/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", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 4 + }, + { + "found_entries": [ + { + "line_number": 33, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5dscwczz/code.txt", + "line_number": 13, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 34, + "secret": "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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5dscwczz/code.txt", + "line_number": 14, + "secret": "7jH2kL5mN8pQ3sW9vX1yZ4aB6cD8eF0gH2jK4lM5", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 44, + "secret": "P@ssw0rd!Feb2024*!", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5dscwczz/code.txt", + "line_number": 24, + "secret": "P@ssw0rd!Feb2024*!", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5dscwczz/code.txt", + "line_number": 14, + "secret": "7jH2kL5mN8pQ3sW9vX1yZ4aB6cD8eF0gH2jK4lM5", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5dscwczz/code.txt", + "line_number": 14, + "secret": "7jH2kL5mN8pQ3sW9vX1yZ4aB6cD8eF0gH2jK4lM5", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5dscwczz/code.txt", + "line_number": 14, + "secret": "7jH2kL5mN8pQ3sW9vX1yZ4aB6cD8eF0gH2jK4lM5", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 3 + }, + { + "found_entries": [ + { + "line_number": 102, + "secret": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io/7890123", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpkq6y_6ej/code.txt", + "line_number": 15, + "secret": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io/7890123", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 105, + "secret": "pk.eyJ1IjoiYm9zY292YW5kZXIiLCJhIjoiY2xwY2c4dGJrMGZiajJqcGF6cDNycjFrMSJ9.zF9VbWb0wE8lD9sN1hO9gQ", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpkq6y_6ej/code.txt", + "line_number": 18, + "secret": "pk.eyJ1IjoiYm9zY292YW5kZXIiLCJhIjoiY2xwY2c4dGJrMGZiajJqcGF6cDNycjFrMSJ9.zF9VbWb0wE8lD9sN1hO9gQ", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 111, + "secret": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlLWRldmVsb3BtZW50IiwiaXNzIjoibXktYXBwLWJhY2tlbmQiLCJhdWQiOiJpbnRlcm5hbC1hcGkiLCJleHAiOjE3MzU2ODk2MDAsImlhdCI6MTcwNDU4NTYwMCwianRpIjoiNWY0ZC04YmRmLWEwYjktM2Y5YSJ9.Kq-LwhU4xQp8VdG2tY_hZ3nBc7dJjO0pE_wF9XzR6vSgL7uH5mI4nK1oPkU9tQ1fA2eRbC3gX0hJjK1lW_zQ_", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpkq6y_6ej/code.txt", + "line_number": 24, + "secret": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlLWRldmVsb3BtZW50IiwiaXNzIjoibXktYXBwLWJhY2tlbmQiLCJhdWQiOiJpbnRlcm5hbC1hcGkiLCJleHAiOjE3MzU2ODk2MDAsImlhdCI6MTcwNDU4NTYwMCwianRpIjoiNWY0ZC04YmRmLWEwYjktM2Y5YSJ9.", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlLWRldmVsb3BtZW50IiwiaXNzIjoibXktYXBwLWJhY2tlbmQiLCJhdWQiOiJpbnRlcm5hbC1hcGkiLCJleHAiOjE3MzU2ODk2MDAsImlhdCI6MTcwNDU4NTYwMCwianRpIjoiNWY0ZC04YmRmLWEwYjktM2Y5YSJ9.Kq-LwhU4xQp8VdG2tY_hZ3nBc7dJjO0pE_wF9XzR6vSgL7uH5mI4nK1oPkU9tQ1fA2eRbC3gX0hJjK1lW_zQ_", + "found_secret": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlLWRldmVsb3BtZW50IiwiaXNzIjoibXktYXBwLWJhY2tlbmQiLCJhdWQiOiJpbnRlcm5hbC1hcGkiLCJleHAiOjE3MzU2ODk2MDAsImlhdCI6MTcwNDU4NTYwMCwianRpIjoiNWY0ZC04YmRmLWEwYjktM2Y5YSJ9." + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpkq6y_6ej/code.txt", + "line_number": 18, + "secret": "pk.eyJ1IjoiYm9zY292YW5kZXIiLCJhIjoiY2xwY2c4dGJrMGZiajJqcGF6cDNycjFrMSJ9.zF9VbWb0wE8lD9sN1hO9gQ", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpkq6y_6ej/code.txt", + "line_number": 24, + "secret": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlLWRldmVsb3BtZW50IiwiaXNzIjoibXktYXBwLWJhY2tlbmQiLCJhdWQiOiJpbnRlcm5hbC1hcGkiLCJleHAiOjE3MzU2ODk2MDAsImlhdCI6MTcwNDU4NTYwMCwianRpIjoiNWY0ZC04YmRmLWEwYjktM2Y5YSJ9.Kq-LwhU4xQp8VdG2tY_hZ3nBc7dJjO0pE_wF9XzR6vSgL7uH5mI4nK1oPkU9tQ1fA2eRbC3gX0hJjK1lW_zQ_", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 3, + "total_found": 3, + "total_missed": 0, + "total_false_positives": 2 + }, + { + "found_entries": [ + { + "line_number": 25, + "secret": "8!hG#kL$pQ2s@db.prod-STRONG-Pa$$wrd", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpuxrskofw/code.txt", + "line_number": 8, + "secret": "8!hG#kL$pQ2s@db.prod-STRONG-Pa$$wrd", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 40, + "secret": "ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7z", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpuxrskofw/code.txt", + "line_number": 23, + "secret": "ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7z", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpuxrskofw/code.txt", + "line_number": 8, + "secret": "8!hG#kL$pQ2s@db.prod-STRONG-Pa$$wrd", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpuxrskofw/code.txt", + "line_number": 23, + "secret": "ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7z", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpuxrskofw/code.txt", + "line_number": 23, + "secret": "ghp", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpuxrskofw/code.txt", + "line_number": 28, + "secret": "Contains all Terraform configurations for the company", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 4 + } + ], + "49": [ + { + "found_entries": [ + { + "line_number": 51, + "secret": "AKIAU7VDF3W5X6QZ8P4J", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvr5451c7/code.txt", + "line_number": 10, + "secret": "AKIAU7VDF3W5X6QZ8P4J", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 52, + "secret": "bK9mP4wR8sL1vJ7oA2dF6gH3xN0cT5yZ/iE+qW!a", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvr5451c7/code.txt", + "line_number": 11, + "secret": "bK9mP4wR8sL1vJ7oA2dF6gH3xN0cT5yZ/iE+qW!a", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvr5451c7/code.txt", + "line_number": 11, + "secret": "bK9mP4wR8sL1vJ7oA2dF6gH3xN0cT5yZ/iE+qW!a", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvr5451c7/code.txt", + "line_number": 12, + "secret": "prod-financial-reports-q3-2023", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvr5451c7/code.txt", + "line_number": 18, + "secret": "\"\"Initializes and returns a boto3 S3 client.\"\"", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpvr5451c7/code.txt", + "line_number": 36, + "secret": "Successfully uploaded {file_name} to {S3_BUCKET_NAME}", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 4 + }, + { + "found_entries": [ + { + "line_number": 19, + "secret": "s$3pL!z#9FqG&vB^kY5h@m", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpeqw7wq_z/code.txt", + "line_number": 9, + "secret": "s$3pL!z#9FqG&vB^kY5h@m", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 31, + "secret": "NzhhYjU0ZWE3YzE2NGU5YWYyMGExYzhmNDY3NzU3M2M4YjE2OTIzYjljYjA3ZGIxNzQwMjQyMmMxOGQ4ZDllZA", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpeqw7wq_z/code.txt", + "line_number": 21, + "secret": "NzhhYjU0ZWE3YzE2NGU5YWYyMGExYzhmNDY3NzU3M2M4YjE2OTIzYjljYjA3ZGIxNzQwMjQyMmMxOGQ4ZDllZA", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpeqw7wq_z/code.txt", + "line_number": 7, + "secret": "jdbc:postgresql://db-prod-aurora-ca.c9zjq3a2v1xl.us-east-1.rds.amazonaws.com:5432/analytics_reporting", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpeqw7wq_z/code.txt", + "line_number": 9, + "secret": "s$3pL!z#9FqG&vB^kY5h@m", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpeqw7wq_z/code.txt", + "line_number": 11, + "secret": "org.hibernate.dialect.PostgreSQLDialect", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpeqw7wq_z/code.txt", + "line_number": 21, + "secret": "NzhhYjU0ZWE3YzE2NGU5YWYyMGExYzhmNDY3NzU3M2M4YjE2OTIzYjljYjA3ZGIxNzQwMjQyMmMxOGQ4ZDllZA", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 4 + }, + { + "found_entries": [ + { + "line_number": 105, + "secret": "{\\\"type\\\": \\\"service_account\\\",\\\"project_id\\\": \\\"gcp-project-analytics-34123\\\",\\\"private_key_id\\\": \\\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\\\",\\\"private_key\\\": \\\"-----BEGIN PRIVATE KEY-----\\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAKt4o6JbMS8q0S7G\\n9eDoP5vPty2MWJ2k4vLjcgYRm0NksKCh3/ARfPz9p5k4KFcC2fGuBD9Csiys68d1\\n8s/75u6AhGXfS4F1g8eMA3v2zZ5YV8GfLXA4Y9f8tI8d4aG5eH6h9pY3qE0wK7R\\n+G9lA2dF4jK1bS8nO9mP3xY7bC6dAgMBAAECgYEAjtgL5C3d4rD7Pz5c3eV8qZ6v\\n9Q8k2v5G7yL3oD9eS4H6g7K2fD9hA8sB6sC5gL4gN3hJ2kL6dF7aH9bJ8cYR4k5o\\n+Z2mH9gI7wG3aL4cE6nO8bF7dS8fG3dC2hI9aQ6pX4wR7kF2hE0dM9sP3tW9sC4=\\n-----END PRIVATE KEY-----\\n\\\",\\\"client_email\\\": \\\"data-ingest-sa@gcp-project-analytics-34123.iam.gserviceaccount.com\\\",\\\"client_id\\\": \\\"109876543210987654321\\\"}", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpuck4481x/code.txt", + "line_number": 11, + "secret": "BEGIN PRIVATE KEY", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "{\\\"type\\\": \\\"service_account\\\",\\\"project_id\\\": \\\"gcp-project-analytics-34123\\\",\\\"private_key_id\\\": \\\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\\\",\\\"private_key\\\": \\\"-----BEGIN PRIVATE KEY-----\\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAKt4o6JbMS8q0S7G\\n9eDoP5vPty2MWJ2k4vLjcgYRm0NksKCh3/ARfPz9p5k4KFcC2fGuBD9Csiys68d1\\n8s/75u6AhGXfS4F1g8eMA3v2zZ5YV8GfLXA4Y9f8tI8d4aG5eH6h9pY3qE0wK7R\\n+G9lA2dF4jK1bS8nO9mP3xY7bC6dAgMBAAECgYEAjtgL5C3d4rD7Pz5c3eV8qZ6v\\n9Q8k2v5G7yL3oD9eS4H6g7K2fD9hA8sB6sC5gL4gN3hJ2kL6dF7aH9bJ8cYR4k5o\\n+Z2mH9gI7wG3aL4cE6nO8bF7dS8fG3dC2hI9aQ6pX4wR7kF2hE0dM9sP3tW9sC4=\\n-----END PRIVATE KEY-----\\n\\\",\\\"client_email\\\": \\\"data-ingest-sa@gcp-project-analytics-34123.iam.gserviceaccount.com\\\",\\\"client_id\\\": \\\"109876543210987654321\\\"}", + "found_secret": "BEGIN PRIVATE KEY" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpuck4481x/code.txt", + "line_number": 4, + "secret": "gcp-project-analytics-34123", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpuck4481x/code.txt", + "line_number": 16, + "secret": "Data Ingestion Worker Service Account", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 2 + }, + { + "found_entries": [ + { + "line_number": 132, + "secret": "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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5x3e_5wj/code.txt", + "line_number": 18, + "secret": "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", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5x3e_5wj/code.txt", + "line_number": 18, + "secret": "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", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp5x3e_5wj/code.txt", + "line_number": 18, + "secret": "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", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 2 + }, + { + "found_entries": [ + { + "line_number": 65, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpabmn6dbs/code.txt", + "line_number": 45, + "secret": "https://hooks.slack.com/services/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", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [ + { + "line_number": 42, + "secret": "dckr_pat_szmX4QjL-VbN7YkP9wT1uR8eG6zC0xF2oA5sH", + "label": "True Positive", + "expected_line": 22, + "reason": "not_detected" + } + ], + "false_positives": [], + "total_actual": 2, + "total_found": 1, + "total_missed": 1, + "total_false_positives": 0 + } + ], + "50": [ + { + "found_entries": [ + { + "line_number": 86, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpmku3yx1s/code.txt", + "line_number": 9, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 87, + "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpmku3yx1s/code.txt", + "line_number": 10, + "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpmku3yx1s/code.txt", + "line_number": 10, + "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpmku3yx1s/code.txt", + "line_number": 10, + "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpmku3yx1s/code.txt", + "line_number": 10, + "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpmku3yx1s/code.txt", + "line_number": 16, + "secret": "/api/v1/documents/upload', methods=['POST", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 4 + }, + { + "found_entries": [ + { + "line_number": 44, + "secret": "dd_api_9f5c2d3a1b0e4f8d6a3c5e7b9a1d3f5c", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp72z1sprb/code.txt", + "line_number": 24, + "secret": "dd_api_9f5c2d3a1b0e4f8d6a3c5e7b9a1d3f5c", + "is_verified": false + }, + "match_type": "exact" + }, + { + "line_number": 45, + "secret": "dd_app_3e5c7a9b1d3f5c8d2a0b4e6c1d3f5c8d2a0b4", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp72z1sprb/code.txt", + "line_number": 25, + "secret": "dd_app_3e5c7a9b1d3f5c8d2a0b4e6c1d3f5c8d2a0b4", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp72z1sprb/code.txt", + "line_number": 24, + "secret": "dd_api_9f5c2d3a1b0e4f8d6a3c5e7b9a1d3f5c", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp72z1sprb/code.txt", + "line_number": 29, + "secret": "High CPU Load on web-backend-cluster", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp72z1sprb/code.txt", + "line_number": 31, + "secret": "@slack-alerts-critical CPU load is over 90% on {{host.name}}. Check running services.", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp72z1sprb/code.txt", + "line_number": 32, + "secret": "avg(last_5m):avg:system.cpu.user{environment:prod} > 90", + "is_verified": false + }, + "reason": "false_positive" + }, + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp72z1sprb/code.txt", + "line_number": 34, + "secret": "service:backend\", \"env:production", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 2, + "total_missed": 0, + "total_false_positives": 5 + }, + { + "found_entries": [ + { + "line_number": 53, + "secret": "pk.eyJ1IjoiYmFyYmFyYS1kZXYiLCJhIjoiY2xwY3RkY2prMDFhajJqcGNwanRmaTV2ZSJ9._WkUvXkQR_zT8qCvCSXw5A", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmpbti_u9vd/code.txt", + "line_number": 9, + "secret": "pk.eyJ1IjoiYmFyYmFyYS1kZXYiLCJhIjoiY2xwY3RkY2prMDFhajJqcGNwanRmaTV2ZSJ9._WkUvXkQR_zT8qCvCSXw5A", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [], + "false_positives": [], + "total_actual": 1, + "total_found": 1, + "total_missed": 0, + "total_false_positives": 0 + }, + { + "found_entries": [ + { + "line_number": 39, + "secret": "{\"type\":\"service_account\",\"project_id\":\"acme-corp-314159\",\"private_key_id\":\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6\\n-----END PRIVATE KEY-----\\n\"}", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp3tpf9c22/code.txt", + "line_number": 39, + "secret": "BEGIN PRIVATE KEY", + "is_verified": false + }, + "match_type": "partial", + "secret_mismatch": true, + "expected_secret": "{\"type\":\"service_account\",\"project_id\":\"acme-corp-314159\",\"private_key_id\":\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6\\n-----END PRIVATE KEY-----\\n\"}", + "found_secret": "BEGIN PRIVATE KEY" + } + ], + "not_found_entries": [ + { + "line_number": 30, + "secret": "npm_E9z4fGh7jK3pL5rA8vB2sY1tW0cXiUoN", + "label": "True Positive", + "expected_line": 30, + "reason": "not_detected" + } + ], + "false_positives": [ + { + "finding": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp3tpf9c22/code.txt", + "line_number": 37, + "secret": "google-github-actions/auth@v1", + "is_verified": false + }, + "reason": "false_positive" + } + ], + "total_actual": 2, + "total_found": 1, + "total_missed": 1, + "total_false_positives": 1 + }, + { + "found_entries": [ + { + "line_number": 140, + "secret": "ACf9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c4", + "label": "True Positive", + "match": { + "filename": "/var/folders/cq/df_z38n53wngyn2vtj16fhwm0000gn/T/tmp2p7d9m0m/code.txt", + "line_number": 29, + "secret": "ACf9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c4", + "is_verified": false + }, + "match_type": "exact" + } + ], + "not_found_entries": [ + { + "line_number": 119, + "secret": "k#8zP@qR7$tGv!9bL2nF sY3x", + "label": "True Positive", + "expected_line": 8, + "reason": "not_detected" + } + ], + "false_positives": [], + "total_actual": 2, + "total_found": 1, + "total_missed": 1, + "total_false_positives": 0 + } + ] + } +} \ No newline at end of file diff --git a/secrets-benchmarks/results/classifier.json b/secrets-benchmarks/results/classifier.json new file mode 100644 index 0000000..754236d --- /dev/null +++ b/secrets-benchmarks/results/classifier.json @@ -0,0 +1,42 @@ +{ + "stage": "stage-2 false-positive classifier (standalone eval)", + "dataset": "raw-dataset.jsonl (513 of 518 samples returned parseable predictions)", + "summary": { + "total_processed": 513, + "perfect_matches": 476, + "imperfect_matches": 37, + "missing_ground_truth": 0, + "overall_accuracy": 0.9278752436647173, + "perfect_match_rate": 0.9278752436647173 + }, + "field_accuracy": { + "line_number": 1.0, + "label": 0.9551656920077972, + "secret_value": 0.9707602339181286 + }, + "classification_metrics": { + "true_positives": 490, + "false_positives": 0, + "true_negatives": 0, + "false_negatives": 23, + "precision": 1.0, + "recall": 0.9551656920077972, + "f1_score": 0.9770687936191425, + "classification_accuracy": 0.9551656920077972 + }, + "error_breakdown": { + "line_only_wrong": 0, + "label_only_wrong": 22, + "value_only_wrong": 14, + "line_and_label_wrong": 0, + "line_and_value_wrong": 0, + "label_and_value_wrong": 1, + "all_wrong": 0 + }, + "notes": [ + "Evaluated as a standalone detector on the all-TP golden set.", + "precision=1.0 only reflects the all-TP nature of the eval set;", + "it is NOT a measurement of how well the classifier rejects scanner FPs.", + "See results/deepsource.json for the combined pipeline numbers." + ] +} \ No newline at end of file diff --git a/secrets-benchmarks/results/deepsource.json b/secrets-benchmarks/results/deepsource.json new file mode 100644 index 0000000..3b2955c --- /dev/null +++ b/secrets-benchmarks/results/deepsource.json @@ -0,0 +1,47 @@ +{ + "tool": "DeepSource", + "pipeline": "scanner (stage 1) + false-positive classifier (stage 2)", + "dataset": "raw-dataset.jsonl", + "counts": { + "perfect_matches": 453, + "partial_matches": 0, + "missed_secrets": 65, + "false_positives": 6 + }, + "metrics_as_reported": { + "accuracy": 0.8745, + "precision": 0.9869, + "recall": 0.8745, + "f1_score": 0.9278 + }, + "metrics_recomputed_from_counts": { + "accuracy": 0.8745, + "precision": 0.9869, + "recall": 0.8745, + "f1_score": 0.9273, + "note": "F1 recomputed from the raw counts = 0.9273, while the reported value is 0.9278 (0.05% delta, almost certainly a rounding artefact in the original scorecard pipeline). Accuracy, precision, and recall reproduce exactly." + }, + "derivation": { + "stage_1_scanner": { + "exact_matches": 377, + "partial_matches": 76, + "perfect_plus_partial_as_tps": 453, + "missed_secrets": 65, + "raw_false_positives": 696, + "source": "results/scanner.json" + }, + "stage_2_classifier": { + "raw_fps_in": 696, + "leaked_through_to_final": 6, + "correctly_rejected": 690, + "filter_specificity": 0.9914, + "note": "This stage's per-FP verdicts are NOT captured in this folder. The '6' is the final FP count observed in the reported benchmark run; reproducing it requires re-running the classifier against stage 1's raw false_positives." + }, + "headline_metric_formulas": { + "accuracy": "TP / (TP + FN) [dataset is all-TP, no TN term]", + "precision": "TP / (TP + FP)", + "recall": "TP / (TP + FN)", + "f1_score": "2 * precision * recall / (precision + recall)" + } + } +} \ No newline at end of file diff --git a/secrets-benchmarks/results/scanner.json b/secrets-benchmarks/results/scanner.json new file mode 100644 index 0000000..4c6df60 --- /dev/null +++ b/secrets-benchmarks/results/scanner.json @@ -0,0 +1,45 @@ +{ + "stage": "stage-1 scanner (pattern + high-entropy heuristics)", + "dataset": "raw-dataset.jsonl", + "summary": { + "total_processed": 518, + "perfect_matches": 377, + "partial_matches": 76, + "missed_secrets": 65, + "false_positives": 696, + "overall_accuracy": 0.7277992277992278, + "perfect_match_rate": 0.7277992277992278 + }, + "classification_metrics": { + "true_positives": 453, + "false_positives": 696, + "false_negatives": 65, + "precision": 0.39425587467362927, + "recall": 0.8745173745173745, + "f1_score": 0.5434913017396521, + "classification_accuracy": 0.3731466227347611 + }, + "error_breakdown": { + "exact_matches": 377, + "partial_matches": 76, + "missed_secrets": 65, + "false_positives": 696 + }, + "baselines": { + "vanilla_scanner_cli": { + "perfect_matches": 229, + "missed": 257, + "raw_false_positives": 135 + }, + "scanner_sdk_default_plugins": { + "perfect_matches": 270, + "missed": 202, + "raw_false_positives": 152 + }, + "scanner_with_high_entropy_string_detector": { + "perfect_matches": 377, + "missed": 65, + "raw_false_positives": 696 + } + } +} \ No newline at end of file diff --git a/secrets-benchmarks/snippets/001/ground-truth.json b/secrets-benchmarks/snippets/001/ground-truth.json new file mode 100644 index 0000000..e06ae30 --- /dev/null +++ b/secrets-benchmarks/snippets/001/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 1, + "language": "python", + "findings": [ + { + "line_number": 6, + "secret": "AKIAY4U3L2F7SXJ6ZBQR", + "label": "True Positive" + }, + { + "line_number": 7, + "secret": "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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/001/snippet.py b/secrets-benchmarks/snippets/001/snippet.py new file mode 100644 index 0000000..1a0ed88 --- /dev/null +++ b/secrets-benchmarks/snippets/001/snippet.py @@ -0,0 +1,35 @@ +import boto3 +from botocore.exceptions import NoCredentialsError + +def get_s3_client(): + # Security-sensitive credentials for production environment + aws_access_key = 'AKIAY4U3L2F7SXJ6ZBQR' + aws_secret_key = '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' + + try: + s3 = boto3.client( + 's3', + aws_access_key_id=aws_access_key, + aws_secret_access_key=aws_secret_key, + region_name='us-east-1' + ) + return s3 + except NoCredentialsError: + print("Credentials not available") + return None + +def upload_file_to_s3(file_name, bucket, object_name=None): + if object_name is None: + object_name = file_name + + s3_client = get_s3_client() + if s3_client: + try: + s3_client.upload_file(file_name, bucket, object_name) + print(f"File '{file_name}' uploaded to '{bucket}/{object_name}'.") + return True + except Exception as e: + print(f"Upload failed: {e}") + return False + return False + diff --git a/secrets-benchmarks/snippets/002/ground-truth.json b/secrets-benchmarks/snippets/002/ground-truth.json new file mode 100644 index 0000000..c28b7f6 --- /dev/null +++ b/secrets-benchmarks/snippets/002/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 1, + "language": "yaml", + "findings": [ + { + "line_number": 21, + "secret": "tok_v3_a7b8e1f5d3c2a1b0e4f6d7c8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8", + "label": "True Positive" + }, + { + "line_number": 30, + "secret": "https://hooks.slack.com/services/T01ABCD4E5F/B02FGHIJ3K4/aBcDeFg1hIjKlMnOpQrStUvWxYzA543210", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/002/snippet.yml b/secrets-benchmarks/snippets/002/snippet.yml new file mode 100644 index 0000000..79ca018 --- /dev/null +++ b/secrets-benchmarks/snippets/002/snippet.yml @@ -0,0 +1,31 @@ +name: Deploy to Staging + +on: + push: + branches: + - develop + +jobs: + build-and-deploy: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Build Docker Image + run: | + docker build -t my-app:staging . + + - name: Deploy to Kubernetes Cluster + env: + KUBE_CONFIG_DATA: "apiVersion: v1\nclusters:\n- cluster:\n server: https://k8s-staging.mycompany.dev\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURaekNDQWsrZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpMV05oYlhCaGNuUnZkMjVzYVdJdGMyVm5jbWx1VEhCRGNISXRVRk5sYm5acFkyRXViV0Z5YTJVdApjR1Z5WVc0dGMyVmpkWEpwZEhrdE1CNFhEVEl4TURnd05qQXlPREl6TmxvWERUSXhNRGd3TmpBeU9ESXpObG93CkZURVRNQkVHQTFVRUF4TUthM1ZpY0dGblp5QkRaWEowYVdacFkyRjBhVzVuTVJvd0dBWURWUVFERXhGMVlXNWsKWXpCeldYSnliMnhsTG1OdmJURWNNQm9HQTFVRUF4UVVkakV1TG1Gc2JEb2dSWGRsWVhScGIyNGdkR2hsY2pBSgpCZ05WQkFvTUIxZGxaSEp2Ym5RdFkyRXdIaGNOTWpNd09UWTVNVFkyTURBMVdoY05Nak13T1RZeU1UWTJNREExCldqQVZNUk13RVFZRFZRUURFd3ByZFdKbGNtNWxkR1Z6TFdOaGJYQmhjblJ2ZDI1c2FXSXRjMlZuY21sdVRIQkQKc0hJdFVGTmxiblpwWTJFdWJXRnlhMlV0Y0dWeVlXNHRjMlZqZFhKcGRoa3RNQjRYRFRJeE1EZ3dOalF5TURJek4KbG9YRFRJeE1EZ3dOalF5TURJek5sb3dGVEVUTUJFR0ExVUVBeE1LYTNWaWNHzG5aeUJEWlhKMGFXWnBZMkYwCmFXNW5NU2t3SndZRFZRUUREQmR5WVc1bElFTmxjblJwWm1sallYUnBiMjR4RkRBU0JnTlZCQWNNQzFOaGJuUmwKWm00dGNIVjBaWEp6TG1OdmJUSXdNUnd3R1dZRFZRUUREQnBqWVc1bExtTnZiVEJaTUJNR0J5cUxlbEZvTEF1TQpNRGN3SmdZSktvWklodmNOQVFrQkZoZGxaSEp2Ym5RdFkyRXdEUVlKS29aSWh2Y05BUUVGQlFBZ2dra0JBSUVwCllpU0p2eU9rV0ZpZDJnZ0lQeW55bklwZWZpb1Rpa2ZpUGlpa2lQeWtlUGlUZ2Zpd1BTZ2tQSWZpZ2lwaWsKZ2ZQc0dnZ2ZQaVBHZ2ZpcGtpa1BnaVBHZ2lQaWdQaVBHZ2ZHUGlQaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZQaWcKUGlQaWtQaWtQaVBHUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaVBHZ2ZHUGlQaWtQaVBHZ2ZHUGkKUGlQaWtQaVBHZ2ZHUGlQaWtQaWtQaVBHUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaVBHZ2ZQaWcKUGlQaWtQaWtQaVBHUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZQaWdQaVBHZ2ZQaWlQaWtQaVBHZ2ZGUGkKUGlQaWtQaWtQaVBHUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQZ2lwaWtnZlBzR2lnUGlQZ2ZpZ2lQaWtnZlBpcCgKaWtQZ2ZpcGtpa1BnaVBHZ2lQZ2lQZ2Zpd1BTZ2tQSWZpZ2lwaWtnZlBzR2dnZlBpUEgLZGdnaUtpUGlQaWsKUGlQaWtQaVBHZ2ZQaWdQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaVBHZ2ZQaWdQaVBHZ2ZpUGlQaWtQaVBHZ2ZQaWcKUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaWtQaVBHZ2ZQaWdQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaWsKUGlwaWtQaVBHZ2ZQaWdQaVBHZ2ZpUGlQaWtQaVBHZ2ZpUGlQaVBHZ2ZQaWdQaVBHZ2ZpUGlQaWtQaVBHZ2lQaWtnCmZQaVBHZ2ZpUGlQaWtQaWtQaVBHUGlpZ1BnaWtQaVBHZ2ZpUGlQaWtQZ2lwaWtnZlA==\n name: k8s-staging\ncontexts:\n- context:\n cluster: k8s-staging\n user: cicd-user\n name: k8s-staging\ncurrent-context: k8s-staging\nkind: Config\npreferences: {}\nusers:\n- name: cicd-user\n user:\n token: tok_v3_a7b8e1f5d3c2a1b0e4f6d7c8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8\n" + run: | + echo "$KUBE_CONFIG_DATA" > ./kubeconfig + export KUBECONFIG=./kubeconfig + kubectl apply -f k8s/deployment-staging.yaml + + - name: Notify on Slack + if: success() + run: | + curl -X POST -H 'Content-type: application/json' --data '{"text":"Staging deployment successful."}' https://hooks.slack.com/services/T01ABCD4E5F/B02FGHIJ3K4/aBcDeFg1hIjKlMnOpQrStUvWxYzA543210 + diff --git a/secrets-benchmarks/snippets/003/ground-truth.json b/secrets-benchmarks/snippets/003/ground-truth.json new file mode 100644 index 0000000..b7f4f20 --- /dev/null +++ b/secrets-benchmarks/snippets/003/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 1, + "language": "go", + "findings": [ + { + "line_number": 13, + "secret": "8f5a6b09c2d3e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9", + "label": "True Positive" + }, + { + "line_number": 23, + "secret": "postgres://svc_acct_user:P@s$W0rd1!zN0tG00d@pg-prod-1.c4u7n8t3p1o2.us-west-2.rds.amazonaws.com:5432/user_profiles", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/003/snippet.go b/secrets-benchmarks/snippets/003/snippet.go new file mode 100644 index 0000000..e0e8c50 --- /dev/null +++ b/secrets-benchmarks/snippets/003/snippet.go @@ -0,0 +1,41 @@ +package main + +import ( + "fmt" + "log" + "net/http" + "github.com/gin-gonic/gin" + "gorm.io/driver/postgres" + "gorm.io/gorm" +) + +// JWT secret key for signing tokens +var jwtSecret = []byte("8f5a6b09c2d3e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9") + +type User struct { + gorm.Model + Username string `gorm:"unique"` + Email string +} + +func main() { + // DSN for production database connection + dsn := "postgres://svc_acct_user:P@s$W0rd1!zN0tG00d@pg-prod-1.c4u7n8t3p1o2.us-west-2.rds.amazonaws.com:5432/user_profiles" + db, err := gorm.Open(postgres.Open(dsn), &gorm.Config{}) + if err != nil { + log.Fatal("Failed to connect to database!") + } + + db.AutoMigrate(&User{}) + + router := gin.Default() + + router.GET("/health", func(c *gin.Context) { + c.JSON(http.StatusOK, gin.H{"status": "UP"}) + }) + + // Add more routes here... + + fmt.Println("Server starting on port 8080") + router.Run(":8080") +} diff --git a/secrets-benchmarks/snippets/004/ground-truth.json b/secrets-benchmarks/snippets/004/ground-truth.json new file mode 100644 index 0000000..dd12752 --- /dev/null +++ b/secrets-benchmarks/snippets/004/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 1, + "language": "terraform", + "findings": [ + { + "line_number": 13, + "secret": "dop_v1_8a3f5b210c4e7d9f6a2b01c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/004/snippet.tf b/secrets-benchmarks/snippets/004/snippet.tf new file mode 100644 index 0000000..117b922 --- /dev/null +++ b/secrets-benchmarks/snippets/004/snippet.tf @@ -0,0 +1,35 @@ +# Terraform configuration for provisioning a web server and a database + +terraform { + required_providers { + digitalocean = { + source = "digitalocean/digitalocean" + version = "~> 2.0" + } + } +} + +provider "digitalocean" { + token = "dop_v1_8a3f5b210c4e7d9f6a2b01c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3" +} + +resource "digitalocean_droplet" "web_app" { + image = "ubuntu-20-04-x64" + name = "web-prod-1" + region = "nyc3" + size = "s-1vcpu-1gb" + ssh_keys = [data.digitalocean_ssh_key.main.id] +} + +data "digitalocean_ssh_key" "main" { + name = "prod-deploy-key" +} + +resource "digitalocean_database_cluster" "postgres_db" { + name = "prod-db-cluster" + engine = "pg" + version = "13" + size = "db-s-2vcpu-4gb" + region = "nyc3" + node_count = 1 +} diff --git a/secrets-benchmarks/snippets/005/ground-truth.json b/secrets-benchmarks/snippets/005/ground-truth.json new file mode 100644 index 0000000..71e3c17 --- /dev/null +++ b/secrets-benchmarks/snippets/005/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 1, + "language": "properties", + "findings": [ + { + "line_number": 11, + "secret": "8h$T9x!qW2r*Lp@vK4m&Z7gB#nS5yU", + "label": "True Positive" + }, + { + "line_number": 19, + "secret": "eC5tVg8jNkLpQ3sW6zY9bH2fR7uI0mO1vX4a", + "label": "True Positive" + }, + { + "line_number": 24, + "secret": "SG.k8yWq2pT9RzX4vU7cE1sN3.LgJ5tH_vB8nU6sY9aI0mD4fO2oP1qR3eS6wW7x Zz", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/005/snippet.properties b/secrets-benchmarks/snippets/005/snippet.properties new file mode 100644 index 0000000..8307cdc --- /dev/null +++ b/secrets-benchmarks/snippets/005/snippet.properties @@ -0,0 +1,33 @@ +# ======================================== +# Main Application Configuration +# ======================================== +server.port=8080 + +# ======================================== +# Database Settings +# ======================================== +spring.datasource.url=jdbc:mysql://db-prod.c1a2b3d4e5f6.us-east-1.rds.amazonaws.com:3306/webappdb?useSSL=true&requireSSL=true +spring.datasource.username=webapp_admin +spring.datasource.password=8h$T9x!qW2r*Lp@vK4m&Z7gB#nS5yU +spring.jpa.hibernate.ddl-auto=update + +# ======================================== +# Redis Cache Settings +# ======================================== +spring.redis.host=redis-prod.a1b2c3.0001.use1.cache.amazonaws.com +spring.redis.port=6379 +spring.redis.password=eC5tVg8jNkLpQ3sW6zY9bH2fR7uI0mO1vX4a + +# ======================================== +# External API Keys +# ======================================== +sendgrid.api.key=SG.k8yWq2pT9RzX4vU7cE1sN3.LgJ5tH_vB8nU6sY9aI0mD4fO2oP1qR3eS6wW7x Zz +stripe.publishable.key=pk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB2nD5oP6qR7sW8x YzZ9a + +# ======================================== +# Logging Configuration +# ======================================== +logging.level.root=INFO +logging.level.com.myapp=DEBUG +logging.file.name=logs/spring-boot-app.log + diff --git a/secrets-benchmarks/snippets/006/ground-truth.json b/secrets-benchmarks/snippets/006/ground-truth.json new file mode 100644 index 0000000..2585600 --- /dev/null +++ b/secrets-benchmarks/snippets/006/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 2, + "language": "python", + "findings": [ + { + "line_number": 11, + "secret": "sk_live_51KmzU8BqR6tP0kLwXgH7yV3dF9sJ1eA8cW2mN4oB6gZ5hI0kL3jM7yV9dF1gH2jK4lN6oB5pQ8sR7tU", + "label": "True Positive" + }, + { + "line_number": 13, + "secret": "postgres://payment_svc_user:pS9#v$2K@j1F!gH@db-payments-prod.c4z1x2y3w4.us-east-1.rds.amazonaws.com:5432/payments_db", + "label": "True Positive" + }, + { + "line_number": 42, + "secret": "SG.4fVg7p8R_TqWz3xY9bA1c2.gHjKlMnOpQrStUvWxYz01AbCdEfGhIjK23Lm4", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/006/snippet.py b/secrets-benchmarks/snippets/006/snippet.py new file mode 100644 index 0000000..521ab64 --- /dev/null +++ b/secrets-benchmarks/snippets/006/snippet.py @@ -0,0 +1,47 @@ +from flask import Flask, request, jsonify +import stripe +import os +import psycopg2 +from sendgrid import SendGridAPIClient +from sendgrid.helpers.mail import Mail + +app = Flask(__name__) + +# Initialize third-party services with hardcoded credentials +stripe.api_key = "sk_live_51KmzU8BqR6tP0kLwXgH7yV3dF9sJ1eA8cW2mN4oB6gZ5hI0kL3jM7yV9dF1gH2jK4lN6oB5pQ8sR7tU" + +DATABASE_URL = "postgres://payment_svc_user:pS9#v$2K@j1F!gH@db-payments-prod.c4z1x2y3w4.us-east-1.rds.amazonaws.com:5432/payments_db" + +def get_db_connection(): + conn = psycopg2.connect(DATABASE_URL) + return conn + +@app.route('/api/v1/charge', methods=['POST']) +def create_charge(): + data = request.get_json() + try: + charge = stripe.Charge.create( + amount=data['amount'], + currency='usd', + source=data['token'], + description='Charge for order #12345' + ) + send_receipt(data['customer_email']) + return jsonify({'status': 'success', 'charge_id': charge.id}), 200 + except stripe.error.CardError as e: + return jsonify({'error': str(e)}), 400 + +def send_receipt(customer_email): + message = Mail( + from_email='noreply@example-shop.com', + to_emails=customer_email, + subject='Your Receipt from ExampleShop', + html_content='Thank you for your purchase!' + ) + try: + sg = SendGridAPIClient('SG.4fVg7p8R_TqWz3xY9bA1c2.gHjKlMnOpQrStUvWxYz01AbCdEfGhIjK23Lm4') + response = sg.send(message) + print(f"Email sent with status code: {response.status_code}") + except Exception as e: + print(e) + diff --git a/secrets-benchmarks/snippets/007/ground-truth.json b/secrets-benchmarks/snippets/007/ground-truth.json new file mode 100644 index 0000000..48fc0e4 --- /dev/null +++ b/secrets-benchmarks/snippets/007/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 2, + "language": "terraform", + "findings": [ + { + "line_number": 3, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive" + }, + { + "line_number": 4, + "secret": "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", + "label": "True Positive" + }, + { + "line_number": 24, + "secret": "db_P@ssw0rd_pr0d_!2023", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/007/snippet.tf b/secrets-benchmarks/snippets/007/snippet.tf new file mode 100644 index 0000000..b7ffdcf --- /dev/null +++ b/secrets-benchmarks/snippets/007/snippet.tf @@ -0,0 +1,29 @@ +provider "aws" { + region = "us-west-2" + access_key = "AKIAY3R4WZ76X2P5QJ6M" + secret_key = "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" +} + +resource "aws_s3_bucket" "customer_uploads" { + bucket = "app-customer-uploads-prod-0a1b2c" + acl = "private" + + tags = { + Name = "Customer Uploads Bucket" + Environment = "Production" + } +} + +resource "aws_db_instance" "app_database" { + allocated_storage = 20 + engine = "mysql" + engine_version = "8.0" + instance_class = "db.t3.micro" + name = "webappdb_prod" + username = "db_admin" + password = "db_P@ssw0rd_pr0d_!2023" + parameter_group_name = "default.mysql8.0" + skip_final_snapshot = true + publicly_accessible = false +} + diff --git a/secrets-benchmarks/snippets/008/ground-truth.json b/secrets-benchmarks/snippets/008/ground-truth.json new file mode 100644 index 0000000..cf0b86b --- /dev/null +++ b/secrets-benchmarks/snippets/008/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 2, + "language": "yaml", + "findings": [ + { + "line_number": 19, + "secret": "dckr_pat_aBcDeFgHiJkLmNoPqRsTuVwXyZ012345", + "label": "True Positive" + }, + { + "line_number": 35, + "secret": "ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7f", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/008/snippet.yml b/secrets-benchmarks/snippets/008/snippet.yml new file mode 100644 index 0000000..10c3c44 --- /dev/null +++ b/secrets-benchmarks/snippets/008/snippet.yml @@ -0,0 +1,43 @@ +name: Build and Deploy Production + +on: + push: + branches: + - main + +jobs: + build-and-push: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: myproduser + password: dckr_pat_aBcDeFgHiJkLmNoPqRsTuVwXyZ012345 + + - name: Build and push Docker image + uses: docker/build-push-action@v4 + with: + context: . + push: true + tags: myproduser/app:latest + + trigger-downstream-workflow: + runs-on: ubuntu-latest + needs: build-and-push + steps: + - name: Trigger deployment workflow + uses: actions/github-script@v6 + with: + github-token: ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7f + script: | + github.rest.actions.createWorkflowDispatch({ + owner: 'my-org', + repo: 'deployment-repo', + workflow_id: 'deploy.yml', + ref: 'main' + }); + diff --git a/secrets-benchmarks/snippets/009/ground-truth.json b/secrets-benchmarks/snippets/009/ground-truth.json new file mode 100644 index 0000000..e22a0da --- /dev/null +++ b/secrets-benchmarks/snippets/009/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 2, + "language": "javascript", + "findings": [ + { + "line_number": 8, + "secret": "AIzaSyB8pZ5GfsJk9mDq7nL4vW2xRcH1tU0E", + "label": "True Positive" + }, + { + "line_number": 21, + "secret": "https://a1b2c3d4e5f61234abcd5678ef901234@o123456.ingest.sentry.io/9876543", + "label": "True Positive" + }, + { + "line_number": 28, + "secret": "pk.eyJ1IjoicHJvZGFwcDEyMyIsImEiOiJja3o4dGJuMHgwMnhpMm5wOTNzaHI4cDVqIn0.n7sL8gKjP5eF4tW1bA9c3Q", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/009/snippet.js b/secrets-benchmarks/snippets/009/snippet.js new file mode 100644 index 0000000..8e05477 --- /dev/null +++ b/secrets-benchmarks/snippets/009/snippet.js @@ -0,0 +1,42 @@ +import React, { useEffect } from 'react'; +import * as Sentry from '@sentry/react'; +import { BrowserTracing } from '@sentry/tracing'; +import { initializeApp } from 'firebase/app'; +import mapboxgl from 'mapbox-gl'; + +const firebaseConfig = { + apiKey: "AIzaSyB8pZ5GfsJk9mDq7nL4vW2xRcH1tU0E", + authDomain: "my-app-prod.firebaseapp.com", + projectId: "my-app-prod", + storageBucket: "my-app-prod.appspot.com", + messagingSenderId: "123456789012", + appId: "1:123456789012:web:a1b2c3d4e5f6a7b8c9d0e1" +}; + +// Initialize Firebase +initializeApp(firebaseConfig); + +// Initialize Sentry for error tracking +Sentry.init({ + dsn: "https://a1b2c3d4e5f61234abcd5678ef901234@o123456.ingest.sentry.io/9876543", + integrations: [new BrowserTracing()], + tracesSampleRate: 0.2, +}); + +const MapComponent = () => { + useEffect(() => { + mapboxgl.accessToken = 'pk.eyJ1IjoicHJvZGFwcDEyMyIsImEiOiJja3o4dGJuMHgwMnhpMm5wOTNzaHI4cDVqIn0.n7sL8gKjP5eF4tW1bA9c3Q'; + const map = new mapboxgl.Map({ + container: 'map-container', // container ID + style: 'mapbox://styles/mapbox/streets-v11', + center: [-74.5, 40], // starting position [lng, lat] + zoom: 9 // starting zoom + }); + return () => map.remove(); + }, []); + + return
; +}; + +export default MapComponent; + diff --git a/secrets-benchmarks/snippets/010/ground-truth.json b/secrets-benchmarks/snippets/010/ground-truth.json new file mode 100644 index 0000000..8420628 --- /dev/null +++ b/secrets-benchmarks/snippets/010/ground-truth.json @@ -0,0 +1,26 @@ +{ + "entry_id": 2, + "language": "properties", + "findings": [ + { + "line_number": 16, + "secret": "h#K!p$7sW@v3xR9zQ*j1fG_b", + "label": "True Positive" + }, + { + "line_number": 19, + "secret": "AC9f7e6d5c4b3a291807654321fedcba", + "label": "True Positive" + }, + { + "line_number": 20, + "secret": "8a7b65c4d3e2f109876a5b4c3d2e1f0a", + "label": "True Positive" + }, + { + "line_number": 24, + "secret": "b2luc3JldnNqcmVxdm5qcXNlMjR2NHFzZXZzcjI1OXF5MHI=", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/010/snippet.properties b/secrets-benchmarks/snippets/010/snippet.properties new file mode 100644 index 0000000..dfebbb1 --- /dev/null +++ b/secrets-benchmarks/snippets/010/snippet.properties @@ -0,0 +1,29 @@ +# application.properties - Production Environment +server.port=8080 + +# Database Configuration +spring.datasource.url=jdbc:mysql://prod-db.example.com:3306/maindb +spring.datasource.username=app_user +spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver + +# JPA / Hibernate +spring.jpa.hibernate.ddl-auto=validate +spring.jpa.show-sql=false + +# Redis Cache Configuration +spring.redis.host=prod-redis.example.com +spring.redis.port=6379 +spring.redis.password=h#K!p$7sW@v3xR9zQ*j1fG_b + +# Twilio SMS Service Credentials +twilio.account.sid=AC9f7e6d5c4b3a291807654321fedcba +twilio.auth.token=8a7b65c4d3e2f109876a5b4c3d2e1f0a +twilio.phone.number=+15005550006 + +# Security and JWT Configuration +app.security.jwt.secret-key=b2luc3JldnNqcmVxdm5qcXNlMjR2NHFzZXZzcjI1OXF5MHI= +app.security.jwt.expiration-ms=86400000 + +# Logging +logging.level.root=WARN +logging.level.com.example.app=INFO diff --git a/secrets-benchmarks/snippets/011/ground-truth.json b/secrets-benchmarks/snippets/011/ground-truth.json new file mode 100644 index 0000000..784aaf4 --- /dev/null +++ b/secrets-benchmarks/snippets/011/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 3, + "language": "python", + "findings": [ + { + "line_number": 9, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive" + }, + { + "line_number": 10, + "secret": "kG+N9sL2rP4xW7yH8zC1vE0bF3uA5tD6jQ/mIoX", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/011/snippet.py b/secrets-benchmarks/snippets/011/snippet.py new file mode 100644 index 0000000..db2c9bf --- /dev/null +++ b/secrets-benchmarks/snippets/011/snippet.py @@ -0,0 +1,34 @@ +import boto3 +from flask import Flask, request, jsonify + +app = Flask(__name__) + +# Temporary AWS credentials for a specific data processing task +def get_s3_client(): + session = boto3.Session( + aws_access_key_id='AKIAY3R4WZ76X2P5QJ6M', + aws_secret_access_key='kG+N9sL2rP4xW7yH8zC1vE0bF3uA5tD6jQ/mIoX', + region_name='us-west-2' + ) + return session.client('s3') + +@app.route('/api/v1/process-file', methods=['POST']) +def process_file(): + data = request.get_json() + bucket_name = data.get('bucket') + file_key = data.get('key') + + if not bucket_name or not file_key: + return jsonify({'error': 'Missing bucket or key'}), 400 + + s3 = get_s3_client() + try: + s3.download_file(bucket_name, file_key, f'/tmp/{file_key}') + # ... further processing logic ... + return jsonify({'status': 'File processed successfully'}), 200 + except Exception as e: + app.logger.error(f"Failed to download from S3: {e}") + return jsonify({'error': 'Internal server error'}), 500 + +if __name__ == '__main__': + app.run(host='0.0.0.0', port=8080) diff --git a/secrets-benchmarks/snippets/012/ground-truth.json b/secrets-benchmarks/snippets/012/ground-truth.json new file mode 100644 index 0000000..091a7a3 --- /dev/null +++ b/secrets-benchmarks/snippets/012/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 3, + "language": "terraform", + "findings": [ + { + "line_number": 33, + "secret": "4a8f15d7e5b6c93f0a12e4d3c5f6b8a1", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/012/snippet.tf b/secrets-benchmarks/snippets/012/snippet.tf new file mode 100644 index 0000000..9602fa3 --- /dev/null +++ b/secrets-benchmarks/snippets/012/snippet.tf @@ -0,0 +1,35 @@ +# main.tf - Datadog Monitor for API Gateway Latency + +provider "datadog" { + # Credentials configured via environment variables +} + +resource "aws_api_gateway_rest_api" "main_api" { + name = "example-api" + description = "Primary API for service X" +} + +resource "aws_cloudwatch_log_group" "api_logs" { + name = "/aws/api-gateway/${aws_api_gateway_rest_api.main_api.name}" + retention_in_days = 30 +} + +# This monitor checks for high latency on our main entrypoint. +resource "datadog_monitor" "p99_latency_monitor" { + name = "[Critical] High P99 Latency on API Gateway" + type = "metric alert" + message = "@devops-alerts P99 latency is over 2s. Check API Gateway performance." + tags = ["env:prod", "service:api-gateway"] + + query = "avg(last_5m):p99:aws.apigateway.latency.count{*} by {apiname} > 2000" + + monitor_thresholds { + critical = 2000 + warning = 1500 + } + + // TODO: This should be moved to a var file or Vault + options { + api_key = "4a8f15d7e5b6c93f0a12e4d3c5f6b8a1" + } +} diff --git a/secrets-benchmarks/snippets/013/ground-truth.json b/secrets-benchmarks/snippets/013/ground-truth.json new file mode 100644 index 0000000..394a81f --- /dev/null +++ b/secrets-benchmarks/snippets/013/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 3, + "language": "yaml", + "findings": [ + { + "line_number": 19, + "secret": "dckr_pat_aB7-cDef_gHiJkL-mNop_qRsT", + "label": "True Positive" + }, + { + "line_number": 35, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/013/snippet.yml b/secrets-benchmarks/snippets/013/snippet.yml new file mode 100644 index 0000000..cb3e02c --- /dev/null +++ b/secrets-benchmarks/snippets/013/snippet.yml @@ -0,0 +1,37 @@ +name: CI/CD Pipeline for Microservice + +on: + push: + branches: + - main + +jobs: + build-and-push: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: myapp_service_account + password: "dckr_pat_aB7-cDef_gHiJkL-mNop_qRsT" + + - name: Build and push Docker image + uses: docker/build-push-action@v4 + with: + context: . + push: true + tags: myapp/production:latest + + notify-on-failure: + runs-on: ubuntu-latest + if: failure() + steps: + - name: Send Slack notification + uses: rtCamp/action-slack-notify@v2 + env: + SLACK_WEBHOOK: https://hooks.slack.com/services/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 + SLACK_TITLE: 'Build Failed: Microservice' + SLACK_MESSAGE: 'The build for the main branch has failed. Please investigate.' diff --git a/secrets-benchmarks/snippets/014/ground-truth.json b/secrets-benchmarks/snippets/014/ground-truth.json new file mode 100644 index 0000000..e60bf99 --- /dev/null +++ b/secrets-benchmarks/snippets/014/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 3, + "language": "properties", + "findings": [ + { + "line_number": 6, + "secret": "4#pZ&qK9!sW8*L@gM$nBv", + "label": "True Positive" + }, + { + "line_number": 14, + "secret": "f9b5c3d2e1a04987b6a5c4d3e2f1b0a9c8d7e6f5a4b3c2d1e0f0987654321fed", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/014/snippet.properties b/secrets-benchmarks/snippets/014/snippet.properties new file mode 100644 index 0000000..cce1baa --- /dev/null +++ b/secrets-benchmarks/snippets/014/snippet.properties @@ -0,0 +1,30 @@ +# ========================================== +# DATABASE CONFIGURATION +# ========================================== +spring.datasource.url=jdbc:postgresql://db-reporting.us-east-1.rds.amazonaws.com:5432/reporting_prod +spring.datasource.username=analytics_svc +spring.datasource.password=4#pZ&qK9!sW8*L@gM$nBv +spring.datasource.driver-class-name=org.postgresql.Driver +spring.jpa.hibernate.ddl-auto=validate + +# ========================================== +# OAUTH2 CLIENT CONFIG FOR INTERNAL SSO +# ========================================== +security.oauth2.client.client-id=reporting-service-client +security.oauth2.client.client-secret=f9b5c3d2e1a04987b6a5c4d3e2f1b0a9c8d7e6f5a4b3c2d1e0f0987654321fed +security.oauth2.client.access-token-uri=https://sso.internal.corp/oauth/token +security.oauth2.client.user-authorization-uri=https://sso.internal.corp/oauth/authorize +security.oauth2.resource.user-info-uri=https://sso.internal.corp/userinfo + +# ========================================== +# CACHING CONFIGURATION (REDIS) +# ========================================== +spring.cache.type=redis +spring.redis.host=redis-cache.prod.internal +spring.redis.port=6379 + +# ========================================== +# LOGGING CONFIGURATION +# ========================================== +logging.level.com.myapp=INFO +logging.level.org.springframework.web=WARN diff --git a/secrets-benchmarks/snippets/015/ground-truth.json b/secrets-benchmarks/snippets/015/ground-truth.json new file mode 100644 index 0000000..0fa188a --- /dev/null +++ b/secrets-benchmarks/snippets/015/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 3, + "language": "javascript", + "findings": [ + { + "line_number": 9, + "secret": "https://b4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9@o123456.ingest.sentry.io/7890123", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/015/snippet.js b/secrets-benchmarks/snippets/015/snippet.js new file mode 100644 index 0000000..a010408 --- /dev/null +++ b/secrets-benchmarks/snippets/015/snippet.js @@ -0,0 +1,35 @@ +import React from 'react'; +import { Sentry, SentrySeverity } from 'react-native-sentry'; +import { NavigationContainer } from '@react-navigation/native'; +import { createStackNavigator } from '@react-navigation/stack'; + +// Initialize Sentry for crash reporting +// This DSN was provided by the ops team for the alpha build. +const sentryConfig = { + dsn: 'https://b4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9@o123456.ingest.sentry.io/7890123', + enableInExpoDevelopment: true, + debug: __DEV__, +}; +Sentry.config(sentryConfig.dsn).install(); + +// Screens +import HomeScreen from './screens/HomeScreen'; +import DetailsScreen from './screens/DetailsScreen'; + +const Stack = createStackNavigator(); + +function App() { + return ( + + + + + + + ); +} + +// Example of logging a custom event +Sentry.captureMessage('App component mounted', SentrySeverity.Info); + +export default App; diff --git a/secrets-benchmarks/snippets/016/ground-truth.json b/secrets-benchmarks/snippets/016/ground-truth.json new file mode 100644 index 0000000..397e6ab --- /dev/null +++ b/secrets-benchmarks/snippets/016/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 4, + "language": "python", + "findings": [ + { + "line_number": 7, + "secret": "AKIAU4EG23W5F7Y6ZCQN", + "label": "True Positive" + }, + { + "line_number": 8, + "secret": "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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/016/snippet.py b/secrets-benchmarks/snippets/016/snippet.py new file mode 100644 index 0000000..43b2b5b --- /dev/null +++ b/secrets-benchmarks/snippets/016/snippet.py @@ -0,0 +1,30 @@ +import boto3 +from botocore.exceptions import ClientError + +class S3BackupManager: + def __init__(self, region_name='us-east-1'): + # Static credentials for a service account - should be moved to IAM role + self.aws_access_key_id = 'AKIAU4EG23W5F7Y6ZCQN' + self.aws_secret_access_key = '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' + self.session = boto3.Session( + aws_access_key_id=self.aws_access_key_id, + aws_secret_access_key=self.aws_secret_access_key, + region_name=region_name + ) + self.s3_client = self.session.client('s3') + + def list_buckets(self): + """Lists all S3 buckets for the configured account.""" + try: + response = self.s3_client.list_buckets() + print("Existing buckets:") + for bucket in response['Buckets']: + print(f' {bucket["Name"]}') + return response['Buckets'] + except ClientError as e: + print(f"Error listing buckets: {e}") + return None + +if __name__ == '__main__': + manager = S3BackupManager() + manager.list_buckets() diff --git a/secrets-benchmarks/snippets/017/ground-truth.json b/secrets-benchmarks/snippets/017/ground-truth.json new file mode 100644 index 0000000..6c0bad9 --- /dev/null +++ b/secrets-benchmarks/snippets/017/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 4, + "language": "yaml", + "findings": [ + { + "line_number": 19, + "secret": "dckr_pat_aJv8rK3sLpH7qZ2mN9bXwF1g", + "label": "True Positive" + }, + { + "line_number": 18, + "secret": "app_deployer_svc", + "label": "True Positive" + }, + { + "line_number": 32, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/017/snippet.yml b/secrets-benchmarks/snippets/017/snippet.yml new file mode 100644 index 0000000..997cf61 --- /dev/null +++ b/secrets-benchmarks/snippets/017/snippet.yml @@ -0,0 +1,33 @@ +name: Build and Push Docker Image + +on: + push: + branches: + - 'main' + +jobs: + build-and-push: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: 'app_deployer_svc' + password: 'dckr_pat_aJv8rK3sLpH7qZ2mN9bXwF1g' +3_7: + - name: Build and push image + uses: docker/build-push-action@v4 + with: + context: . + push: true + tags: myapp/production:latest + + - name: Notify on Slack + if: success() + uses: rtCamp/action-slack-notify@v2 + env: + SLACK_WEBHOOK: 'https://hooks.slack.com/services/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' + SLACK_MESSAGE: 'Image successfully built and deployed.' diff --git a/secrets-benchmarks/snippets/018/ground-truth.json b/secrets-benchmarks/snippets/018/ground-truth.json new file mode 100644 index 0000000..f1f926e --- /dev/null +++ b/secrets-benchmarks/snippets/018/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 4, + "language": "terraform", + "findings": [ + { + "line_number": 8, + "secret": "dd_api_a9f86a9f86d7e9e8b7c6c5d4d3e2f1b0", + "label": "True Positive" + }, + { + "line_number": 9, + "secret": "dd_app_b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/018/snippet.tf b/secrets-benchmarks/snippets/018/snippet.tf new file mode 100644 index 0000000..d782d4f --- /dev/null +++ b/secrets-benchmarks/snippets/018/snippet.tf @@ -0,0 +1,32 @@ +# Main infrastructure for the primary VPC and networking +provider "aws" { + region = var.aws_region +} + +# Datadog provider configuration for monitoring +provider "datadog" { + api_key = "dd_api_a9f86a9f86d7e9e8b7c6c5d4d3e2f1b0" + app_key = "dd_app_b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9" +} + +resource "aws_vpc" "main" { + cidr_block = "10.0.0.0/16" + + tags = { + Name = "main-vpc" + ManagedBy = "Terraform" + } +} + +resource "datadog_monitor" "high_cpu_utilization" { + name = "High CPU Utilization" + type = "metric alert" + message = "@all CPU utilization is over 90% on {{host.name}}" + + query = "avg(last_5m):avg:system.cpu.user{environment:production} > 90" + + tags = ["env:production", "service:core-api"] +} + +# Additional resources (subnets, security groups, etc.) follow + diff --git a/secrets-benchmarks/snippets/019/ground-truth.json b/secrets-benchmarks/snippets/019/ground-truth.json new file mode 100644 index 0000000..2fd50ca --- /dev/null +++ b/secrets-benchmarks/snippets/019/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 4, + "language": "csharp", + "findings": [ + { + "line_number": 16, + "secret": "Server=tcp:prod-db-cluster-1.database.windows.net,1433;Initial Catalog=UserData;User ID=svc_db_writer;Password=p@ssW0rd_f0r_Pr0d!v2.4$Db;Encrypt=True;", + "label": "True Positive" + }, + { + "line_number": 17, + "secret": "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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/019/snippet.cs b/secrets-benchmarks/snippets/019/snippet.cs new file mode 100644 index 0000000..b653c92 --- /dev/null +++ b/secrets-benchmarks/snippets/019/snippet.cs @@ -0,0 +1,39 @@ +using System.Data.SqlClient; +using SendGrid; +using SendGrid.Helpers.Mail; +using System.Threading.Tasks; + +namespace App.Services +{ + public class NotificationService + { + private readonly string _dbConnectionString; + private readonly ISendGridClient _sendGridClient; + + public NotificationService() + { + // TODO: Move these settings to Azure Key Vault + _dbConnectionString = "Server=tcp:prod-db-cluster-1.database.windows.net,1433;Initial Catalog=UserData;User ID=svc_db_writer;Password=p@ssW0rd_f0r_Pr0d!v2.4$Db;Encrypt=True;"; + var sendGridApiKey = "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"; + _sendGridClient = new SendGridClient(sendGridApiKey); + } + + public async Task GetPendingUserCount() + { + using (var connection = new SqlConnection(_dbConnectionString)) + { + await connection.OpenAsync(); + var command = new SqlCommand("SELECT COUNT(*) FROM Users WHERE Status = 'Pending'", connection); + return (int)await command.ExecuteScalarAsync(); + } + } + + public async Task SendEmailAlert(string subject, string body) + { + var from = new EmailAddress("noreply@myapp.com", "MyApp Notifications"); + var to = new EmailAddress("alerts@myapp-ops.com"); + var msg = MailHelper.CreateSingleEmail(from, to, subject, body, ""); + await _sendGridClient.SendEmailAsync(msg); + } + } +} diff --git a/secrets-benchmarks/snippets/020/ground-truth.json b/secrets-benchmarks/snippets/020/ground-truth.json new file mode 100644 index 0000000..f4ae85c --- /dev/null +++ b/secrets-benchmarks/snippets/020/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 4, + "language": "javascript", + "findings": [ + { + "line_number": 8, + "secret": "AIzaSyC1b2D3e4F5g6H7i8J9k0L1m2N3o4P5q6R", + "label": "True Positive" + }, + { + "line_number": 13, + "secret": "1:867530912345:web:a1b2c3d4e5f6a7b8c9d0e1", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/020/snippet.js b/secrets-benchmarks/snippets/020/snippet.js new file mode 100644 index 0000000..ea86403 --- /dev/null +++ b/secrets-benchmarks/snippets/020/snippet.js @@ -0,0 +1,31 @@ +import { initializeApp } from 'firebase/app'; +import { getAuth } from 'firebase/auth'; +import { getFirestore } from 'firebase/firestore'; + +// TODO: This should be loaded from environment variables, not hardcoded. +// This configuration is for the production environment and provides access to our user database. +const firebaseConfig = { + apiKey: 'AIzaSyC1b2D3e4F5g6H7i8J9k0L1m2N3o4P5q6R', + authDomain: 'prod-user-analytics-app.firebaseapp.com', + projectId: 'prod-user-analytics-app', + storageBucket: 'prod-user-analytics-app.appspot.com', + messagingSenderId: '867530912345', + appId: '1:867530912345:web:a1b2c3d4e5f6a7b8c9d0e1', + measurementId: 'G-XYZ123ABC456', +}; + +// Initialize Firebase +const app = initializeApp(firebaseConfig); + +// Export services for use in other components +export const auth = getAuth(app); +export const db = getFirestore(app); + +export const signInWithGoogle = () => { + const provider = new GoogleAuthProvider(); + return signInWithPopup(auth, provider); +}; + +export const signOutUser = () => { + return auth.signOut(); +}; diff --git a/secrets-benchmarks/snippets/021/ground-truth.json b/secrets-benchmarks/snippets/021/ground-truth.json new file mode 100644 index 0000000..dc5de4a --- /dev/null +++ b/secrets-benchmarks/snippets/021/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 5, + "language": "python", + "findings": [ + { + "line_number": 15, + "secret": "AKIAU4O6R3T5W2X7Y9Z1", + "label": "True Positive" + }, + { + "line_number": 16, + "secret": "vN9bF8dG2kP1cQ5eR7sT3uV0wX4yZ6aB7cH9iJ/l", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/021/snippet.py b/secrets-benchmarks/snippets/021/snippet.py new file mode 100644 index 0000000..31e24e1 --- /dev/null +++ b/secrets-benchmarks/snippets/021/snippet.py @@ -0,0 +1,36 @@ +import boto3 +import logging + +# ==================================================================== +# Script to backup critical application logs to S3. +# ==================================================================== + +# Static configuration for the backup job +S3_BUCKET_NAME = 'prod-app-logs-77492-us-east-1' +LOCAL_LOG_PATH = '/var/log/app/critical.log' + +def create_s3_client(): + """Initializes and returns an S3 client with hardcoded credentials.""" + session = boto3.Session( + aws_access_key_id='AKIAU4O6R3T5W2X7Y9Z1', + aws_secret_access_key='vN9bF8dG2kP1cQ5eR7sT3uV0wX4yZ6aB7cH9iJ/l', + region_name='us-east-1' + ) + return session.client('s3') + +def upload_log_file(s3_client, bucket, file_path): + """Uploads a single file to the specified S3 bucket.""" + try: + s3_client.upload_file(file_path, bucket, f"backup-{get_timestamp()}.log") + logging.info(f"Successfully uploaded {file_path} to {bucket}.") + except Exception as e: + logging.error(f"Failed to upload file. Error: {e}") + +def get_timestamp(): + from datetime import datetime + return datetime.utcnow().strftime('%Y-%m-%dT%H-%M-%S') + +if __name__ == "__main__": + logging.basicConfig(level=logging.INFO) + s3 = create_s3_client() + upload_log_file(s3, S3_BUCKET_NAME, LOCAL_LOG_PATH) diff --git a/secrets-benchmarks/snippets/022/ground-truth.json b/secrets-benchmarks/snippets/022/ground-truth.json new file mode 100644 index 0000000..827e3b5 --- /dev/null +++ b/secrets-benchmarks/snippets/022/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 5, + "language": "yaml", + "findings": [ + { + "line_number": 21, + "secret": "dckr_pat_bH8gY2cX1dE4fG5hI6jK7lM8nO9pQ0rS", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/022/snippet.yml b/secrets-benchmarks/snippets/022/snippet.yml new file mode 100644 index 0000000..b085849 --- /dev/null +++ b/secrets-benchmarks/snippets/022/snippet.yml @@ -0,0 +1,41 @@ +# Jenkinsfile for the main application build and deploy pipeline +pipeline { + agent any + environment { + DOCKER_REGISTRY = 'registry.hub.docker.com' + DOCKER_IMAGE_NAME = 'my-corp/webapp-main' + } + + stages { + stage('Build and Test') { + steps { + sh 'mvn clean install' + sh 'mvn test' + } + } + + stage('Docker Push') { + steps { + script { + def dockerUsername = 'corp_deploy_bot' + def dockerApiToken = 'dckr_pat_bH8gY2cX1dE4fG5hI6jK7lM8nO9pQ0rS' + sh "docker build -t ${DOCKER_IMAGE_NAME}:${BUILD_NUMBER} ." + sh "echo ${dockerApiToken} | docker login -u ${dockerUsername} --password-stdin ${DOCKER_REGISTRY}" + sh "docker push ${DOCKER_IMAGE_NAME}:${BUILD_NUMBER}" + } + } + } + + stage('Deploy to Staging') { + steps { + sh './deploy.sh staging' + } + } + } + + post { + always { + echo 'Pipeline finished.' + } + } +} diff --git a/secrets-benchmarks/snippets/023/ground-truth.json b/secrets-benchmarks/snippets/023/ground-truth.json new file mode 100644 index 0000000..f0bdaae --- /dev/null +++ b/secrets-benchmarks/snippets/023/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 5, + "language": "java", + "findings": [ + { + "line_number": 14, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7hN5fD6gE4iT2oP1aL0kM8zGxYc9v", + "label": "True Positive" + }, + { + "line_number": 29, + "secret": "whsec_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/023/snippet.java b/secrets-benchmarks/snippets/023/snippet.java new file mode 100644 index 0000000..535c444 --- /dev/null +++ b/secrets-benchmarks/snippets/023/snippet.java @@ -0,0 +1,34 @@ +package com.example.paymentservice.config; + +import org.springframework.context.annotation.Configuration; +import org.springframework.beans.factory.annotation.Value; +import com.stripe.Stripe; +import javax.annotation.PostConstruct; + +@Configuration +public class StripeConfig { + + @Value("${stripe.api.version}") + private String apiVersion; + + private final String secretKey = "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7hN5fD6gE4iT2oP1aL0kM8zGxYc9v"; + + @PostConstruct + public void init() { + Stripe.apiKey = secretKey; + Stripe.setApiVersion(apiVersion); + } + + // Additional configuration methods for webhooks, etc. + public String getStripeSecret() { + return this.secretKey; + } + + public void setupWebhookEndpoint() { + // Production webhook signing secret + String whSecret = "whsec_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6"; + // Logic to register webhook with Stripe + System.out.println("Webhook secret configured: " + whSecret.substring(0, 10) + "..."); + } + +} diff --git a/secrets-benchmarks/snippets/024/ground-truth.json b/secrets-benchmarks/snippets/024/ground-truth.json new file mode 100644 index 0000000..4346e83 --- /dev/null +++ b/secrets-benchmarks/snippets/024/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 5, + "language": "terraform", + "findings": [ + { + "line_number": 8, + "secret": "S#cr3t_DB_P@ssw0rd_8k!2mN", + "label": "True Positive" + }, + { + "line_number": 23, + "secret": "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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/024/snippet.tf b/secrets-benchmarks/snippets/024/snippet.tf new file mode 100644 index 0000000..74ce4f1 --- /dev/null +++ b/secrets-benchmarks/snippets/024/snippet.tf @@ -0,0 +1,29 @@ +resource "aws_db_instance" "main" { + allocated_storage = 20 + engine = "mysql" + engine_version = "8.0.27" + instance_class = "db.t3.micro" + name = "webappdb_prod" + username = "db_admin_user" + password = "S#cr3t_DB_P@ssw0rd_8k!2mN" + parameter_group_name = "default.mysql8.0" + skip_final_snapshot = true + publicly_accessible = false +} + +resource "aws_s3_bucket" "app_data" { + bucket = "my-corp-app-data-prod-19874" +} + +# Configuration for third-party services +variable "sendgrid_api_key" { + description = "API key for sending transactional emails." + type = string + sensitive = true + default = "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" +} + +output "db_instance_address" { + value = aws_db_instance.main.address +} + diff --git a/secrets-benchmarks/snippets/025/ground-truth.json b/secrets-benchmarks/snippets/025/ground-truth.json new file mode 100644 index 0000000..a447b91 --- /dev/null +++ b/secrets-benchmarks/snippets/025/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 5, + "language": "yaml", + "findings": [ + { + "line_number": 26, + "secret": "9f8e7d6c5b4a3a2a1a0b9c8d7e6f5a4b", + "label": "True Positive" + }, + { + "line_number": 32, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/025/snippet.yml b/secrets-benchmarks/snippets/025/snippet.yml new file mode 100644 index 0000000..eec3488 --- /dev/null +++ b/secrets-benchmarks/snippets/025/snippet.yml @@ -0,0 +1,32 @@ +name: Build and Deploy Next.js App + +on: + push: + branches: + - main + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v3 + + - name: Set up Node.js + uses: actions/setup-node@v3 + with: + node-version: '18' + + - name: Install Dependencies + run: npm install + + - name: Build Application + run: npm run build + env: + ALGOLIA_API_KEY: 9f8e7d6c5b4a3a2a1a0b9c8d7e6f5a4b + NEXT_PUBLIC_API_URL: https://api.prod.my-app.com + + - name: Notify Slack on Success + if: success() + run: | + curl -X POST -H 'Content-type: application/json' --data '{"text":"Deployment to production succeeded!"}' https://hooks.slack.com/services/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 diff --git a/secrets-benchmarks/snippets/026/ground-truth.json b/secrets-benchmarks/snippets/026/ground-truth.json new file mode 100644 index 0000000..23734ed --- /dev/null +++ b/secrets-benchmarks/snippets/026/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 7, + "language": "terraform", + "findings": [ + { + "line_number": 5, + "secret": "AKIA44JGL55QT6L72Q57", + "label": "True Positive" + }, + { + "line_number": 6, + "secret": "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", + "label": "True Positive" + }, + { + "line_number": 24, + "secret": "hJ$9!zK@bD3pG*sV", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/026/snippet.tf b/secrets-benchmarks/snippets/026/snippet.tf new file mode 100644 index 0000000..c819227 --- /dev/null +++ b/secrets-benchmarks/snippets/026/snippet.tf @@ -0,0 +1,31 @@ +# main.tf - AWS Infrastructure for the reporting service + +provider "aws" { + region = "us-east-1" + access_key = "AKIA44JGL55QT6L72Q57" + secret_key = "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" +} + +resource "aws_instance" "reporting_worker" { + ami = "ami-0c55b159cbfafe1f0" + instance_type = "t2.micro" + tags = { + Name = "ReportingWorker-Prod" + } +} + +resource "aws_db_instance" "reporting_db" { + allocated_storage = 20 + engine = "mysql" + engine_version = "8.0" + instance_class = "db.t2.micro" + db_name = "reportingdb" + username = "reportadmin" + password = "hJ$9!zK@bD3pG*sV" + parameter_group_name = "default.mysql8.0" + skip_final_snapshot = true +} + +output "db_endpoint" { + value = aws_db_instance.reporting_db.endpoint +} diff --git a/secrets-benchmarks/snippets/027/ground-truth.json b/secrets-benchmarks/snippets/027/ground-truth.json new file mode 100644 index 0000000..dadf50e --- /dev/null +++ b/secrets-benchmarks/snippets/027/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 7, + "language": "python", + "findings": [ + { + "line_number": 11, + "secret": "postgres://payment_svc_user:Ag8#kL$pQ2sZ!vF@pg-prod-us-east-1a.c3kfexample.rds.amazonaws.com:5432/payments_prod", + "label": "True Positive" + }, + { + "line_number": 12, + "secret": "sk_live_51Mv0L2BpF8fG1tY9cRzXvWqSjU3mB4aD5eFgH6iJ7kL8mN9oP0qR1sT", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/027/snippet.py b/secrets-benchmarks/snippets/027/snippet.py new file mode 100644 index 0000000..af4ed46 --- /dev/null +++ b/secrets-benchmarks/snippets/027/snippet.py @@ -0,0 +1,36 @@ +# app.py - Main entrypoint for the payments-api Flask service + +from flask import Flask, jsonify, request +from sqlalchemy import create_engine +import stripe + +app = Flask(__name__) + +# -- Configuration -- +# In a real app, this would come from a secure vault or environment variables. +app.config['SQLALCHEMY_DATABASE_URI'] = 'postgres://payment_svc_user:Ag8#kL$pQ2sZ!vF@pg-prod-us-east-1a.c3kfexample.rds.amazonaws.com:5432/payments_prod' +app.config['STRIPE_SECRET_KEY'] = 'sk_live_51Mv0L2BpF8fG1tY9cRzXvWqSjU3mB4aD5eFgH6iJ7kL8mN9oP0qR1sT' + +# Initialize extensions +db_engine = create_engine(app.config['SQLALCHEMY_DATABASE_URI']) +stripe.api_key = app.config['STRIPE_SECRET_KEY'] + +@app.route('/health', methods=['GET']) +def health_check(): + try: + # Check DB connection + connection = db_engine.connect() + connection.close() + return jsonify({'status': 'ok', 'database': 'connected'}), 200 + except Exception as e: + return jsonify({'status': 'error', 'database': str(e)}), 500 + +@app.route('/create-payment-intent', methods=['POST']) +def create_payment(): + data = request.get_json() + intent = stripe.PaymentIntent.create( + amount=data['amount'], + currency='usd' + ) + return jsonify(client_secret=intent.client_secret) + diff --git a/secrets-benchmarks/snippets/028/ground-truth.json b/secrets-benchmarks/snippets/028/ground-truth.json new file mode 100644 index 0000000..354f386 --- /dev/null +++ b/secrets-benchmarks/snippets/028/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 7, + "language": "yaml", + "findings": [ + { + "line_number": 22, + "secret": "dckr_pat_bC9hFvG5jL1kM4nO7pQ9rS2uV5wX8yZ1aC", + "label": "True Positive" + }, + { + "line_number": 38, + "secret": "https://hooks.slack.com/services/T012ABCDEF3/B01GHIJKLM4/vP5qR6sT7uV8wX9yZ0aB1c", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/028/snippet.yml b/secrets-benchmarks/snippets/028/snippet.yml new file mode 100644 index 0000000..613cb9f --- /dev/null +++ b/secrets-benchmarks/snippets/028/snippet.yml @@ -0,0 +1,39 @@ +name: Build and Deploy to Production + +on: + push: + branches: + - main + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: myapp-prod-bot + password: "dckr_pat_bC9hFvG5jL1kM4nO7pQ9rS2uV5wX8yZ1aC" + + - name: Build and push container + id: build_and_push + uses: docker/build-push-action@v4 + with: + context: . + push: true + tags: myapp/prod-server:latest + + - name: Send notification to Slack + uses: 8398a7/action-slack@v3 + with: + status: ${{ job.status }} + text: 'Deployment to production finished.' + env: + SLACK_WEBHOOK_URL: "https://hooks.slack.com/services/T012ABCDEF3/B01GHIJKLM4/vP5qR6sT7uV8wX9yZ0aB1c" + diff --git a/secrets-benchmarks/snippets/029/ground-truth.json b/secrets-benchmarks/snippets/029/ground-truth.json new file mode 100644 index 0000000..4f984f7 --- /dev/null +++ b/secrets-benchmarks/snippets/029/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 7, + "language": "csharp", + "findings": [ + { + "line_number": 10, + "secret": "DefaultEndpointsProtocol=https;AccountName=prodfilestorage1;AccountKey=wJ/x5mP8Q+kZ3rT9vB2uC4dE6fG8hJ0lM2nO4pQ6rS8tV0wX2yZ4aC6bE8dF+gHjK/lM4nO6pQ==;EndpointSuffix=core.windows.net", + "label": "True Positive" + }, + { + "line_number": 11, + "secret": "SG.bF3gH5iJ7kL9mN1oP3qR5sT7uV9wX1yZ.aC3bE5dF7gH9jK1lM3nO5pQ7rS9tU", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/029/snippet.cs b/secrets-benchmarks/snippets/029/snippet.cs new file mode 100644 index 0000000..c5df2f8 --- /dev/null +++ b/secrets-benchmarks/snippets/029/snippet.cs @@ -0,0 +1,36 @@ +using Microsoft.Extensions.DependencyInjection; +using Microsoft.Extensions.Hosting; + +namespace Api.Core.Services; + +// Static class holding critical application secrets. +// TODO: Refactor this to use Azure Key Vault before GA. +public static class AppSecrets +{ + public const string AzureStorageConnectionString = "DefaultEndpointsProtocol=https;AccountName=prodfilestorage1;AccountKey=wJ/x5mP8Q+kZ3rT9vB2uC4dE6fG8hJ0lM2nO4pQ6rS8tV0wX2yZ4aC6bE8dF+gHjK/lM4nO6pQ==;EndpointSuffix=core.windows.net"; + public const string SendGridApiKey = "SG.bF3gH5iJ7kL9mN1oP3qR5sT7uV9wX1yZ.aC3bE5dF7gH9jK1lM3nO5pQ7rS9tU"; +} + +public static class ServiceRegistration +{ + public static IServiceCollection AddCoreServices(this IServiceCollection services) + { + // Register Blob Storage client + services.AddSingleton(x => new BlobServiceClient(AppSecrets.AzureStorageConnectionString)); + + // Register Email sender client + services.AddTransient(provider => + { + var logger = provider.GetRequiredService>(); + // The API key is passed directly here. + return new EmailSender(logger, AppSecrets.SendGridApiKey); + }); + + return services; + } +} + +public class EmailSender : IEmailSender +{ + // Implementation details omitted for brevity... +} diff --git a/secrets-benchmarks/snippets/030/ground-truth.json b/secrets-benchmarks/snippets/030/ground-truth.json new file mode 100644 index 0000000..f326e4d --- /dev/null +++ b/secrets-benchmarks/snippets/030/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 7, + "language": "go", + "findings": [ + { + "line_number": 12, + "secret": "4a1b0c9d2e8f7g6h5i4j3k2l1m0n9o8p7q6r5s4t3u2v1w0x", + "label": "True Positive" + }, + { + "line_number": 19, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLnMxLmV4YW1wbGUuY29tIiwic3ViIjoiY2NjY2QxZjctMGIzNC00MWFmLThmZjktYWZmMDc0MjVmYTc3IiwiYXVkIjoiYXBpLnMxLmV4YW1wbGUuY29tIiwiaWF0IjoxNjQ4MDQ0NDc5LCJleHAiOjE2NDgwNDgwNzl9.m4zV8G48EaFqfJkXw9Y2ZzQ3bH6iJ8kL0mN2oP4qR6s", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/030/snippet.go b/secrets-benchmarks/snippets/030/snippet.go new file mode 100644 index 0000000..53d357f --- /dev/null +++ b/secrets-benchmarks/snippets/030/snippet.go @@ -0,0 +1,47 @@ +package main + +import ( + "bytes" + "fmt" + "net/http" + "time" +) + +const ( + apiEndpoint = "https://metrics.corp.internal/api/v1/log" + metricsApiKey = "4a1b0c9d2e8f7g6h5i4j3k2l1m0n9o8p7q6r5s4t3u2v1w0x" +) + +func sendLog(payload []byte) (*http.Response, error) { + client := &http.Client{Timeout: 10 * time.Second} + + // This token grants access to internal services. It has a short expiry. + internalSvcToken := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLnMxLmV4YW1wbGUuY29tIiwic3ViIjoiY2NjY2QxZjctMGIzNC00MWFmLThmZjktYWZmMDc0MjVmYTc3IiwiYXVkIjoiYXBpLnMxLmV4YW1wbGUuY29tIiwiaWF0IjoxNjQ4MDQ0NDc5LCJleHAiOjE2NDgwNDgwNzl9.m4zV8G48EaFqfJkXw9Y2ZzQ3bH6iJ8kL0mN2oP4qR6s" + + req, err := http.NewRequest("POST", apiEndpoint, bytes.NewBuffer(payload)) + if err != nil { + return nil, fmt.Errorf("failed to create request: %w", err) + } + + req.Header.Set("Content-Type", "application/json") + req.Header.Set("X-API-KEY", metricsApiKey) + req.Header.Set("Authorization", "Bearer "+internalSvcToken) + + resp, err := client.Do(req) + if err != nil { + return nil, fmt.Errorf("request failed: %w", err) + } + + return resp, nil +} + +func main() { + logData := []byte(`{"level":"info","message":"service started"}`) + resp, err := sendLog(logData) + if err != nil { + fmt.Printf("Error sending log: %v\n", err) + return + } + defer resp.Body.Close() + fmt.Printf("Log sent successfully, status code: %d\n", resp.StatusCode) +} diff --git a/secrets-benchmarks/snippets/031/ground-truth.json b/secrets-benchmarks/snippets/031/ground-truth.json new file mode 100644 index 0000000..5547082 --- /dev/null +++ b/secrets-benchmarks/snippets/031/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 8, + "language": "python", + "findings": [ + { + "line_number": 9, + "secret": "postgres://order_svc_user:pIu#9Tf$zQ5w@db-prod-main.cyabxzywzzza.us-east-1.rds.amazonaws.com:5432/orders_production", + "label": "True Positive" + }, + { + "line_number": 15, + "secret": "AKIAU4VFT7J6X2P5QJ6M", + "label": "True Positive" + }, + { + "line_number": 16, + "secret": "gT8vNl2yX+ZpB/tY9cRzXvWqSjU3mB/kL5dF8aC", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/031/snippet.py b/secrets-benchmarks/snippets/031/snippet.py new file mode 100644 index 0000000..ccb6521 --- /dev/null +++ b/secrets-benchmarks/snippets/031/snippet.py @@ -0,0 +1,34 @@ +from flask import Flask, jsonify, request +from boto3 import client +import psycopg2 + +app = Flask(__name__) + +# Configuration for external services +S3_BUCKET = 'prod-customer-uploads-us-east-1' +DATABASE_URL = 'postgres://order_svc_user:pIu#9Tf$zQ5w@db-prod-main.cyabxzywzzza.us-east-1.rds.amazonaws.com:5432/orders_production' + +def get_s3_client(): + # Direct credential usage is discouraged. Use IAM roles instead. + s3_client = client( + 's3', + aws_access_key_id='AKIAU4VFT7J6X2P5QJ6M', + aws_secret_access_key='gT8vNl2yX+ZpB/tY9cRzXvWqSjU3mB/kL5dF8aC' + ) + return s3_client + +def get_db_connection(): + conn = psycopg2.connect(DATABASE_URL) + return conn + +@app.route('/api/v1/health') +def health_check(): + try: + conn = get_db_connection() + conn.close() + return jsonify({'status': 'ok', 'database': 'connected'}) + except Exception as e: + return jsonify({'status': 'error', 'database': str(e)}), 500 + +if __name__ == '__main__': + app.run(host='0.0.0.0', port=8080) diff --git a/secrets-benchmarks/snippets/032/ground-truth.json b/secrets-benchmarks/snippets/032/ground-truth.json new file mode 100644 index 0000000..56a3d52 --- /dev/null +++ b/secrets-benchmarks/snippets/032/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 8, + "language": "yaml", + "findings": [ + { + "line_number": 22, + "secret": "dckr_pat_a4d3f2c1b0e9a8b7c6d5e4f3a2b1c0d9e8f7g6h5", + "label": "True Positive" + }, + { + "line_number": 35, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/032/snippet.yml b/secrets-benchmarks/snippets/032/snippet.yml new file mode 100644 index 0000000..898d56b --- /dev/null +++ b/secrets-benchmarks/snippets/032/snippet.yml @@ -0,0 +1,36 @@ +name: Deploy Production API + +on: + push: + branches: + - main + +jobs: + build-and-deploy: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Log in to Docker Hub + uses: docker/login-action@v2 + with: + username: myapp_prod_builder + password: "dckr_pat_a4d3f2c1b0e9a8b7c6d5e4f3a2b1c0d9e8f7g6h5" + + - name: Build and push Docker image + uses: docker/build-push-action@v4 + with: + context: . + file: ./Dockerfile.prod + push: true + tags: myapp/prod-api:latest + + - name: Send Slack Notification + uses: rtCamp/action-slack-notify@v2 + env: + SLACK_WEBHOOK: https://hooks.slack.com/services/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 + SLACK_MESSAGE: 'Production deployment successful!' diff --git a/secrets-benchmarks/snippets/033/ground-truth.json b/secrets-benchmarks/snippets/033/ground-truth.json new file mode 100644 index 0000000..125e694 --- /dev/null +++ b/secrets-benchmarks/snippets/033/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 8, + "language": "typescript", + "findings": [ + { + "line_number": 9, + "secret": "AIzaSyCDE1234FGH5678IJKL9012MNOPQRs-tU", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/033/snippet.ts b/secrets-benchmarks/snippets/033/snippet.ts new file mode 100644 index 0000000..706ce84 --- /dev/null +++ b/secrets-benchmarks/snippets/033/snippet.ts @@ -0,0 +1,27 @@ +// src/services/firebaseConfig.ts +import { initializeApp } from "firebase/app"; +import { getAnalytics } from "firebase/analytics"; +import { getFirestore } from "firebase/firestore"; + +// TODO: Move this configuration to environment variables before launch. +// This is temporary for quick staging environment setup. +const firebaseConfig = { + apiKey: "AIzaSyCDE1234FGH5678IJKL9012MNOPQRs-tU", + authDomain: "myapp-prod-1a2b3.firebaseapp.com", + projectId: "myapp-prod-1a2b3", + storageBucket: "myapp-prod-1a2b3.appspot.com", + messagingSenderId: "987654321012", + appId: "1:987654321012:web:a1b2c3d4e5f6a7b8c9d0e1", + measurementId: "G-ABCDEF1234" +}; + +// Initialize Firebase +export const app = initializeApp(firebaseConfig); +export const db = getFirestore(app); + +let analytics; +if (typeof window !== 'undefined') { + analytics = getAnalytics(app); +} + +export { analytics }; diff --git a/secrets-benchmarks/snippets/034/ground-truth.json b/secrets-benchmarks/snippets/034/ground-truth.json new file mode 100644 index 0000000..80c7af8 --- /dev/null +++ b/secrets-benchmarks/snippets/034/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 8, + "language": "terraform", + "findings": [ + { + "line_number": 5, + "secret": "AKIAT7G3W4LIX5M2P6Q4", + "label": "True Positive" + }, + { + "line_number": 6, + "secret": "xZ9cU7sV3mB+pQkL5jH8fG1tY9cRzXvWqSjU3mB/kL", + "label": "True Positive" + }, + { + "line_number": 12, + "secret": "7e3c98a50616b0b8ad4a835a68729c1d", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/034/snippet.tf b/secrets-benchmarks/snippets/034/snippet.tf new file mode 100644 index 0000000..92782d3 --- /dev/null +++ b/secrets-benchmarks/snippets/034/snippet.tf @@ -0,0 +1,29 @@ +# main.tf - Production Infrastructure for Analytics Service + +provider "aws" { + region = "us-west-2" + access_key = "AKIAT7G3W4LIX5M2P6Q4" + secret_key = "xZ9cU7sV3mB+pQkL5jH8fG1tY9cRzXvWqSjU3mB/kL" +} + +variable "datadog_api_key" { + type = string + description = "Datadog API key for monitoring agent" + default = "7e3c98a50616b0b8ad4a835a68729c1d" +} + +resource "aws_instance" "analytics_worker" { + ami = "ami-0c55b159cbfafe1f0" # Ubuntu 20.04 LTS + instance_type = "t3.large" + count = 2 + + tags = { + Name = "analytics-worker-prod" + Service = "Analytics" + } + + user_data = <<-EOF + #!/bin/bash + DD_API_KEY=${var.datadog_api_key} bash -c "$(curl -L https://s3.amazonaws.com/dd-agent/install_script.sh)" + EOF +} diff --git a/secrets-benchmarks/snippets/035/ground-truth.json b/secrets-benchmarks/snippets/035/ground-truth.json new file mode 100644 index 0000000..b1f4f24 --- /dev/null +++ b/secrets-benchmarks/snippets/035/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 8, + "language": "csharp", + "findings": [ + { + "line_number": 13, + "secret": "Server=tcp:prod-db-server.database.windows.net,1433;Database=UserProfiles;User ID=sqladmin;Password=4#tG&kL$pQ2s!hG;Trusted_Connection=False;Encrypt=True;", + "label": "True Positive" + }, + { + "line_number": 29, + "secret": "N5u8x/A?D(G+KbPeShVmYp3s6v9y$B&E", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/035/snippet.cs b/secrets-benchmarks/snippets/035/snippet.cs new file mode 100644 index 0000000..5043ea5 --- /dev/null +++ b/secrets-benchmarks/snippets/035/snippet.cs @@ -0,0 +1,38 @@ +// Program.cs - .NET 6 Minimal API setup +using Microsoft.AspNetCore.Authentication.JwtBearer; +using Microsoft.EntityFrameworkCore; +using Microsoft.IdentityModel.Tokens; +using System.Text; + +var builder = WebApplication.CreateBuilder(args); + +// Add services to the container. +builder.Services.AddControllers(); + +// Setup database context from hardcoded connection string +var connectionString = "Server=tcp:prod-db-server.database.windows.net,1433;Database=UserProfiles;User ID=sqladmin;Password=4#tG&kL$pQ2s!hG;Trusted_Connection=False;Encrypt=True;"; +builder.Services.AddDbContext(options => + options.UseSqlServer(connectionString)); + +// Configure JWT Authentication +builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) + .AddJwtBearer(options => + { + options.TokenValidationParameters = new TokenValidationParameters + { + ValidateIssuer = true, + ValidateAudience = true, + ValidateLifetime = true, + ValidateIssuerSigningKey = true, + ValidIssuer = "https://api.myapp.com", + ValidAudience = "https://api.myapp.com", + IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("N5u8x/A?D(G+KbPeShVmYp3s6v9y$B&E")) + }; + }); + +var app = builder.Build(); +app.UseHttpsRedirection(); +app.UseAuthentication(); +app.UseAuthorization(); +app.MapControllers(); +app.Run(); diff --git a/secrets-benchmarks/snippets/036/ground-truth.json b/secrets-benchmarks/snippets/036/ground-truth.json new file mode 100644 index 0000000..ff211ee --- /dev/null +++ b/secrets-benchmarks/snippets/036/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 9, + "language": "python", + "findings": [ + { + "line_number": 9, + "secret": "postgres://prod_user_rw:2$fP#qZ9!sW7@db.customer-api.prod.aws-us-east-1.rds.amazonaws.com:5432/payments_db", + "label": "True Positive" + }, + { + "line_number": 13, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7oL5dE6aF4gH2iJ1kC0pP9sT8yU2oO3zN7lI5xR4vG3bA2eC1d00jK6bM4lP", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/036/snippet.py b/secrets-benchmarks/snippets/036/snippet.py new file mode 100644 index 0000000..521e463 --- /dev/null +++ b/secrets-benchmarks/snippets/036/snippet.py @@ -0,0 +1,31 @@ +import os +from flask import Flask, jsonify, request +from sqlalchemy import create_engine +import stripe + +app = Flask(__name__) + +# Initialize database connection +DATABASE_URL = "postgres://prod_user_rw:2$fP#qZ9!sW7@db.customer-api.prod.aws-us-east-1.rds.amazonaws.com:5432/payments_db" +engine = create_engine(DATABASE_URL) + +# Configure Stripe client +stripe.api_key = "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7oL5dE6aF4gH2iJ1kC0pP9sT8yU2oO3zN7lI5xR4vG3bA2eC1d00jK6bM4lP" + +@app.route('/create-payment-intent', methods=['POST']) +def create_payment(): + data = request.get_json() + try: + intent = stripe.PaymentIntent.create( + amount=data['amount'], + currency='usd', + payment_method_types=['card'], + ) + return jsonify({ + 'clientSecret': intent['client_secret'] + }) + except Exception as e: + return jsonify(error=str(e)), 403 + +if __name__ == '__main__': + app.run(debug=False, host='0.0.0.0') diff --git a/secrets-benchmarks/snippets/037/ground-truth.json b/secrets-benchmarks/snippets/037/ground-truth.json new file mode 100644 index 0000000..ea89d92 --- /dev/null +++ b/secrets-benchmarks/snippets/037/ground-truth.json @@ -0,0 +1,26 @@ +{ + "entry_id": 9, + "language": "groovy", + "findings": [ + { + "line_number": 19, + "secret": "9a8b7c6d-5e4f-3a2b-1c0d-9f8e7d6c5b4a", + "label": "True Positive" + }, + { + "line_number": 20, + "secret": "8S5R3ZQXDI1VMEG9N4Y2QWB7A7JH8W5C6I", + "label": "True Positive" + }, + { + "line_number": 26, + "secret": "sUp3rS3cur3P@ssw0rd", + "label": "True Positive" + }, + { + "line_number": 28, + "secret": "k3yP@ssw0rdF0rR3l3ase", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/037/snippet.groovy b/secrets-benchmarks/snippets/037/snippet.groovy new file mode 100644 index 0000000..de9f2e8 --- /dev/null +++ b/secrets-benchmarks/snippets/037/snippet.groovy @@ -0,0 +1,38 @@ +# build.gradle (Module: app) +plugins { + id 'com.android.application' + id 'org.jetbrains.kotlin.android' + id 'io.fabric' +} + +android { + compileSdkVersion 33 + + defaultConfig { + applicationId "com.example.securewallet" + minSdkVersion 24 + targetSdkVersion 33 + versionCode 1 + versionName "1.0" + + // API keys should not be stored here + buildConfigField "String", "COINMARKETCAP_API_KEY", '"9a8b7c6d-5e4f-3a2b-1c0d-9f8e7d6c5b4a"' + buildConfigField "String", "ETHERSCAN_API_KEY", '"8S5R3ZQXDI1VMEG9N4Y2QWB7A7JH8W5C6I"' + } + + signingConfigs { + release { + storeFile file('keystore/release.jks') + storePassword 'sUp3rS3cur3P@ssw0rd' + keyAlias 'releaseKey' + keyPassword 'k3yP@ssw0rdF0rR3l3ase' + } + } + + buildTypes { + release { + minifyEnabled true + signingConfig signingConfigs.release + } + } +} diff --git a/secrets-benchmarks/snippets/038/ground-truth.json b/secrets-benchmarks/snippets/038/ground-truth.json new file mode 100644 index 0000000..6462a52 --- /dev/null +++ b/secrets-benchmarks/snippets/038/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 9, + "language": "javascript", + "findings": [ + { + "line_number": 6, + "secret": "ACf8e21a9c3b7d5f1e0a9b8c7d6e5f4a3b", + "label": "True Positive" + }, + { + "line_number": 7, + "secret": "b4d2e1f0c3a4b5d6e7f8a9b0c1d2e3f4", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/038/snippet.js b/secrets-benchmarks/snippets/038/snippet.js new file mode 100644 index 0000000..fa24f27 --- /dev/null +++ b/secrets-benchmarks/snippets/038/snippet.js @@ -0,0 +1,35 @@ +// src/api/twilio-service.js +// This service handles all SMS and voice notifications. + +const twilio = require('twilio'); + +const accountSid = 'ACf8e21a9c3b7d5f1e0a9b8c7d6e5f4a3b'; +const authToken = 'b4d2e1f0c3a4b5d6e7f8a9b0c1d2e3f4'; +const client = twilio(accountSid, authToken); + +const sendVerificationCode = async (phoneNumber, code) => { + try { + const message = await client.messages.create({ + body: `Your verification code is: ${code}`, + from: '+15017122661', + to: phoneNumber + }); + + console.log('Verification message sent:', message.sid); + return { success: true, sid: message.sid }; + } catch (error) { + console.error('Failed to send SMS:', error); + return { success: false, error: error.message }; + } +}; + +const makeOutboundCall = async (targetNumber, messageUrl) => { + console.log(`Initiating call to ${targetNumber}`); + await client.calls.create({ + url: messageUrl, + to: targetNumber, + from: '+15017122661' // Twilio purchased number + }); +}; + +module.exports = { sendVerificationCode, makeOutboundCall }; diff --git a/secrets-benchmarks/snippets/039/ground-truth.json b/secrets-benchmarks/snippets/039/ground-truth.json new file mode 100644 index 0000000..4ff5ede --- /dev/null +++ b/secrets-benchmarks/snippets/039/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 9, + "language": "typescript", + "findings": [ + { + "line_number": 32, + "secret": "RptUsr!pWd$2o21@9bF&", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/039/snippet.ts b/secrets-benchmarks/snippets/039/snippet.ts new file mode 100644 index 0000000..ec4f7e3 --- /dev/null +++ b/secrets-benchmarks/snippets/039/snippet.ts @@ -0,0 +1,39 @@ +import { Construct } from 'constructs'; +import * as cdk from 'aws-cdk-lib'; +import { CfnOutput } from 'aws-cdk-lib'; +import * as rds from 'aws-cdk-lib/aws-rds'; +import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import * as secretsmanager from 'aws-cdk-lib/aws-secretsmanager'; + +export class DatabaseStack extends cdk.Stack { + constructor(scope: Construct, id: string, props?: cdk.StackProps) { + super(scope, id, props); + + const vpc = ec2.Vpc.fromLookup(this, 'ExistingVPC', { vpcId: 'vpc-0a1b2c3d4e5f6g7h' }); + + const dbCredentialsSecret = new secretsmanager.Secret(this, 'DBCredsSecret', { + secretName: 'aurora-master-credentials', + generateSecretString: { + secretStringTemplate: JSON.stringify({ username: 'aurora_admin' }), + generateStringKey: 'password', + passwordLength: 20, + excludePunctuation: false, + }, + }); + + // Hardcoding credentials for a legacy, non-critical reporting database + const legacyDb = new rds.DatabaseInstance(this, 'LegacyReportingDB', { + engine: rds.DatabaseInstanceEngine.mysql({ + version: rds.MysqlEngineVersion.VER_8_0_28, + }), + instanceType: ec2.InstanceType.of(ec2.InstanceClass.T3, ec2.InstanceSize.MICRO), + vpc, + databaseName: 'reports_legacy', + credentials: rds.Credentials.fromPassword('report_user', cdk.SecretValue.unsafePlainText('RptUsr!pWd$2o21@9bF&')), + }); + + new CfnOutput(this, 'LegacyDBEndpoint', { + value: legacyDb.dbInstanceEndpointAddress, + }); + } +} diff --git a/secrets-benchmarks/snippets/040/ground-truth.json b/secrets-benchmarks/snippets/040/ground-truth.json new file mode 100644 index 0000000..a3d6422 --- /dev/null +++ b/secrets-benchmarks/snippets/040/ground-truth.json @@ -0,0 +1,26 @@ +{ + "entry_id": 9, + "language": "yaml", + "findings": [ + { + "line_number": 9, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive" + }, + { + "line_number": 10, + "secret": "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", + "label": "True Positive" + }, + { + "line_number": 11, + "secret": "{\"type\":\"service_account\",\"project_id\":\"core-infra-345213\",\"private_key_id\":\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRsK7pB6bFv9f6\\nc...\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"deploy-bot@core-infra-345213.iam.gserviceaccount.com\",\"client_id\":\"109876543210987654321\"}", + "label": "True Positive" + }, + { + "line_number": 33, + "secret": "https://hooks.slack.com/services/T00ABCD12EF/B01ZYXW3456/kLpQrStUvWxYzAbCdEfGhIjK", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/040/snippet.yml b/secrets-benchmarks/snippets/040/snippet.yml new file mode 100644 index 0000000..ad1938c --- /dev/null +++ b/secrets-benchmarks/snippets/040/snippet.yml @@ -0,0 +1,33 @@ +name: Deploy Staging Environment + +on: + push: + branches: + - main + +env: + AWS_ACCESS_KEY_ID: AKIAY3R4WZ76X2P5QJ6M + AWS_SECRET_ACCESS_KEY: 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 + GCP_SA_KEY: '{"type":"service_account","project_id":"core-infra-345213","private_key_id":"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2","private_key":"-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRsK7pB6bFv9f6\nc...\n-----END PRIVATE KEY-----\n","client_email":"deploy-bot@core-infra-345213.iam.gserviceaccount.com","client_id":"109876543210987654321"}' + +jobs: + terraform-apply: + name: 'Terraform Apply' + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v2 + + - name: Terraform Init + run: terraform init + + - name: Terraform Apply + run: terraform apply -auto-approve + + - name: Send Slack Notification + uses: rtCamp/action-slack-notify@v2 + env: + SLACK_WEBHOOK: https://hooks.slack.com/services/T00ABCD12EF/B01ZYXW3456/kLpQrStUvWxYzAbCdEfGhIjK diff --git a/secrets-benchmarks/snippets/041/ground-truth.json b/secrets-benchmarks/snippets/041/ground-truth.json new file mode 100644 index 0000000..8b59d2c --- /dev/null +++ b/secrets-benchmarks/snippets/041/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 10, + "language": "terraform", + "findings": [ + { + "line_number": 5, + "secret": "AKIAYJ5U4F6X3W2Z7Q8B", + "label": "True Positive" + }, + { + "line_number": 6, + "secret": "vG9dK8jFpQ4sH7wB2uA1tY6zC0xL5nE3bV2mO4iP", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/041/snippet.tf b/secrets-benchmarks/snippets/041/snippet.tf new file mode 100644 index 0000000..c97e393 --- /dev/null +++ b/secrets-benchmarks/snippets/041/snippet.tf @@ -0,0 +1,38 @@ +# main.tf - AWS Infrastructure for the reporting service + +provider "aws" { + region = "us-east-1" + access_key = "AKIAYJ5U4F6X3W2Z7Q8B" + secret_key = "vG9dK8jFpQ4sH7wB2uA1tY6zC0xL5nE3bV2mO4iP" +} + +resource "aws_instance" "reporting_server" { + ami = "ami-0c55b159cbfafe1f0" # Amazon Linux 2 + instance_type = "t3.medium" + subnet_id = aws_subnet.private_subnet.id + vpc_security_group_ids = [aws_security_group.allow_internal.id] + + tags = { + Name = "Reporting-Instance-Prod" + Environment = "Production" + } +} + +resource "aws_db_instance" "analytics_db" { + allocated_storage = 20 + engine = "postgres" + engine_version = "13.3" + instance_class = "db.t3.micro" + name = "analyticsdb_prod" + username = "dbadmin" + password = var.db_password # Injected from CI + skip_final_snapshot = true +} + +resource "aws_s3_bucket" "data_lake" { + bucket = "prod-analytics-data-lake-987345" + + tags = { + Name = "Data Lake Bucket" + } +} diff --git a/secrets-benchmarks/snippets/042/ground-truth.json b/secrets-benchmarks/snippets/042/ground-truth.json new file mode 100644 index 0000000..7686dd8 --- /dev/null +++ b/secrets-benchmarks/snippets/042/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 10, + "language": "yaml", + "findings": [ + { + "line_number": 22, + "secret": "dckr_pat_u7hN2pL9xV4kG1mF3jZ8oR6cW0qYdE5sT2aB", + "label": "True Positive" + }, + { + "line_number": 38, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/042/snippet.yml b/secrets-benchmarks/snippets/042/snippet.yml new file mode 100644 index 0000000..65ce451 --- /dev/null +++ b/secrets-benchmarks/snippets/042/snippet.yml @@ -0,0 +1,38 @@ +name: Build and Deploy Production API + +on: + push: + branches: + - main + +jobs: + build-and-push: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to DockerHub + uses: docker/login-action@v2 + with: + username: coreapp + password: "dckr_pat_u7hN2pL9xV4kG1mF3jZ8oR6cW0qYdE5sT2aB" + + - name: Build and push Docker image + uses: docker/build-push-action@v4 + with: + context: . + file: ./Dockerfile + push: true + tags: coreapp/api-gateway:latest + + - name: Notify on deployment success + uses: 8398a7/action-slack@v3 + with: + status: success + author_name: 'API Gateway CI' + env: + SLACK_WEBHOOK_URL: "https://hooks.slack.com/services/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" diff --git a/secrets-benchmarks/snippets/043/ground-truth.json b/secrets-benchmarks/snippets/043/ground-truth.json new file mode 100644 index 0000000..61c0d4e --- /dev/null +++ b/secrets-benchmarks/snippets/043/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 10, + "language": "python", + "findings": [ + { + "line_number": 8, + "secret": "postgres://chat_svc_prod:p#9sW!z$kLqY8*3f@pg-prod-us-east-1.c4fgr7h8i9j0.rds.amazonaws.com:5432/chatapp_prod", + "label": "True Positive" + }, + { + "line_number": 14, + "secret": "sk-proj-jV7hG1mF9wX4kL6uT3nZ8oR2cY0pQdE5sA1bY9fC", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/043/snippet.py b/secrets-benchmarks/snippets/043/snippet.py new file mode 100644 index 0000000..23e0d2f --- /dev/null +++ b/secrets-benchmarks/snippets/043/snippet.py @@ -0,0 +1,40 @@ +from flask import Flask, request, jsonify +from sqlalchemy import create_engine +from openai import OpenAI + +app = Flask(__name__) + +# Database and external service connections +DB_URI = "postgres://chat_svc_prod:p#9sW!z$kLqY8*3f@pg-prod-us-east-1.c4fgr7h8i9j0.rds.amazonaws.com:5432/chatapp_prod" +engine = create_engine(DB_URI) + +# Initialize OpenAI client for generating responses +try: + openai_client = OpenAI( + api_key="sk-proj-jV7hG1mF9wX4kL6uT3nZ8oR2cY0pQdE5sA1bY9fC", + ) +except Exception as e: + app.logger.error(f"Failed to initialize OpenAI client: {e}") + openai_client = None + +@app.route('/api/v1/chat/completions', methods=['POST']) +def handle_chat_completion(): + data = request.get_json() + user_id = data.get('user_id') + prompt = data.get('prompt') + + if not openai_client or not user_id: + return jsonify({'error': 'Service unavailable or invalid user'}), 503 + + # Fetch user history from DB (simplified) + history = engine.execute(f"SELECT * FROM chat_history WHERE user_id = {user_id}") + + completion = openai_client.chat.completions.create( + model="gpt-4o", + messages=[ + {"role": "system", "content": "You are a helpful assistant."}, + {"role": "user", "content": prompt} + ] + ) + + return jsonify(completion.choices[0]) diff --git a/secrets-benchmarks/snippets/044/ground-truth.json b/secrets-benchmarks/snippets/044/ground-truth.json new file mode 100644 index 0000000..211ee69 --- /dev/null +++ b/secrets-benchmarks/snippets/044/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 10, + "language": "typescript", + "findings": [ + { + "line_number": 19, + "secret": "pk.eyJ1IjoiZGF0YWdlbmVuZ2luZSIsImEiOiJjbHB0dGZ3ajYwZ2hrMmtvNGVsbXNqbzY4In0.v8NlU2aP4_kS7gXzFhQ9rA", + "label": "True Positive" + }, + { + "line_number": 23, + "secret": "https://9e2b1c4f8d6a3b0e7c5d9f1a8g3h5i7k@o451234.ingest.sentry.io/5432109", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/044/snippet.ts b/secrets-benchmarks/snippets/044/snippet.ts new file mode 100644 index 0000000..7346d38 --- /dev/null +++ b/secrets-benchmarks/snippets/044/snippet.ts @@ -0,0 +1,30 @@ +// src/config/services.ts +// Centralized configuration for third-party services used in the application. + +export interface AppConfig { + mapbox: { + publicKey: string; + defaultStyle: string; + }; + sentry: { + dsn: string; + }; + api: { + baseUrl: string; + }; +} + +export const config: AppConfig = { + mapbox: { + publicKey: 'pk.eyJ1IjoiZGF0YWdlbmVuZ2luZSIsImEiOiJjbHB0dGZ3ajYwZ2hrMmtvNGVsbXNqbzY4In0.v8NlU2aP4_kS7gXzFhQ9rA', + defaultStyle: 'mapbox://styles/mapbox/streets-v12', + }, + sentry: { + dsn: 'https://9e2b1c4f8d6a3b0e7c5d9f1a8g3h5i7k@o451234.ingest.sentry.io/5432109', + }, + api: { + baseUrl: 'https://api.geotracker.com/v2', + }, +}; + +export default config; diff --git a/secrets-benchmarks/snippets/045/ground-truth.json b/secrets-benchmarks/snippets/045/ground-truth.json new file mode 100644 index 0000000..1486717 --- /dev/null +++ b/secrets-benchmarks/snippets/045/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 10, + "language": "groovy", + "findings": [ + { + "line_number": 36, + "secret": "AAAApcJ-Hk4:APA91bE3rZtUq_yG9sVxW5pKjL7hB8dC1fN0mO4iG2pJ6oS4tA0cQ7nV1wR9zY_lF5aK8uI3eB7fJ9dC2gH6vM5", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/045/snippet.groovy b/secrets-benchmarks/snippets/045/snippet.groovy new file mode 100644 index 0000000..54753ca --- /dev/null +++ b/secrets-benchmarks/snippets/045/snippet.groovy @@ -0,0 +1,44 @@ +android { + compileSdkVersion 33 + defaultConfig { + applicationId "com.example.securemessenger" + minSdkVersion 24 + targetSdkVersion 33 + versionCode 102 + versionName "1.2.0" + } + + signingConfigs { + release { + storeFile file(System.getenv("KEYSTORE_FILE")) + storePassword System.getenv("KEYSTORE_PASSWORD") + keyAlias System.getenv("KEY_ALIAS") + keyPassword System.getenv("KEY_PASSWORD") + } + } + + buildTypes { + release { + minifyEnabled true + proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro' + signingConfig signingConfigs.release + } + debug { + applicationIdSuffix ".debug" + } + } + + flavorDimensions "version" + productFlavors { + production { + dimension "version" + // This key is used for server-to-device push notifications via FCM + buildConfigField "String", "FCM_SERVER_KEY", '"AAAApcJ-Hk4:APA91bE3rZtUq_yG9sVxW5pKjL7hB8dC1fN0mO4iG2pJ6oS4tA0cQ7nV1wR9zY_lF5aK8uI3eB7fJ9dC2gH6vM5"' + } + staging { + dimension "version" + applicationIdSuffix ".staging" + buildConfigField "String", "FCM_SERVER_KEY", '"AAAAizX-Tq0:APA91bF...staging-key..."' // Placeholder + } + } +} diff --git a/secrets-benchmarks/snippets/046/ground-truth.json b/secrets-benchmarks/snippets/046/ground-truth.json new file mode 100644 index 0000000..6402efc --- /dev/null +++ b/secrets-benchmarks/snippets/046/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 11, + "language": "python", + "findings": [ + { + "line_number": 10, + "secret": "postgres://order_svc_user:Ac3v!tY_p@sS_8hG#kL9@prod-db-cluster-1.us-east-1.rds.amazonaws.com:5432/orders_prod", + "label": "True Positive" + }, + { + "line_number": 16, + "secret": "rEd!sP@ssw0rd$tr0ngF0rProd753", + "label": "True Positive" + }, + { + "line_number": 19, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cr4jFzT8aGb0mXnL1fVd9rT2sYcW3uE4xS5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/046/snippet.py b/secrets-benchmarks/snippets/046/snippet.py new file mode 100644 index 0000000..afe18f9 --- /dev/null +++ b/secrets-benchmarks/snippets/046/snippet.py @@ -0,0 +1,32 @@ +import os +import redis +from flask import Flask, jsonify +from sqlalchemy import create_engine +from sqlalchemy.orm import sessionmaker + +app = Flask(__name__) + +# Database configuration for production orders +DATABASE_URL = "postgres://order_svc_user:Ac3v!tY_p@sS_8hG#kL9@prod-db-cluster-1.us-east-1.rds.amazonaws.com:5432/orders_prod" +engine = create_engine(DATABASE_URL) +SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine) + +# Redis cache for session management +redis_host = "prod-redis-main.f8c2d1.0001.use1.cache.amazonaws.com" +redis_client = redis.Redis(host=redis_host, port=6379, db=0, password="rEd!sP@ssw0rd$tr0ngF0rProd753") + +# Payment Gateway Integration +STRIPE_API_KEY = "sk_live_51Kk0L2ApB8fG1tY9cr4jFzT8aGb0mXnL1fVd9rT2sYcW3uE4xS5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ" + +@app.route('/health', methods=['GET']) +def health_check(): + try: + db_session = SessionLocal() + db_session.execute('SELECT 1') + redis_client.ping() + return jsonify({'status': 'ok', 'database': 'connected', 'cache': 'connected'}), 200 + except Exception as e: + return jsonify({'status': 'error', 'details': str(e)}), 500 + +if __name__ == '__main__': + app.run(host='0.0.0.0', port=80) diff --git a/secrets-benchmarks/snippets/047/ground-truth.json b/secrets-benchmarks/snippets/047/ground-truth.json new file mode 100644 index 0000000..cff9743 --- /dev/null +++ b/secrets-benchmarks/snippets/047/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 11, + "language": "yaml", + "findings": [ + { + "line_number": 18, + "secret": "AKIAU3Z4X5R6Y7I2QJ8M", + "label": "True Positive" + }, + { + "line_number": 19, + "secret": "9vR/mK1jLpFzXgY8cBu7DwEa4SdF2gH3iKlJnOp+", + "label": "True Positive" + }, + { + "line_number": 42, + "secret": "https://hooks.slack.com/services/T00AB1CD2EF/B01GH2JK3LM/xyZAbcDEfgHIjklMNOpQRSTuvwXy", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/047/snippet.yml b/secrets-benchmarks/snippets/047/snippet.yml new file mode 100644 index 0000000..aa79b65 --- /dev/null +++ b/secrets-benchmarks/snippets/047/snippet.yml @@ -0,0 +1,43 @@ +name: Deploy Staging Environment + +on: + push: + branches: + - main + +jobs: + build-and-deploy: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-access-key-id: AKIAU3Z4X5R6Y7I2QJ8M + aws-secret-access-key: 9vR/mK1jLpFzXgY8cBu7DwEa4SdF2gH3iKlJnOp+ + aws-region: us-west-2 + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + - name: Build and push Docker image + run: | + docker build -t my-app . + docker tag my-app:latest 123456789012.dkr.ecr.us-west-2.amazonaws.com/my-app:latest + docker push 123456789012.dkr.ecr.us-west-2.amazonaws.com/my-app:latest + + - name: Deploy to ECS + run: aws ecs update-service --cluster my-cluster --service my-service --force-new-deployment + + - name: Post deployment notification to Slack + uses: 8398a7/action-slack@v3 + with: + status: ${{ job.status }} + author_name: 'Staging Deploy Bot' + text: 'Deployment to staging finished.' + env: + SLACK_WEBHOOK_URL: 'https://hooks.slack.com/services/T00AB1CD2EF/B01GH2JK3LM/xyZAbcDEfgHIjklMNOpQRSTuvwXy' + diff --git a/secrets-benchmarks/snippets/048/ground-truth.json b/secrets-benchmarks/snippets/048/ground-truth.json new file mode 100644 index 0000000..06df9be --- /dev/null +++ b/secrets-benchmarks/snippets/048/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 11, + "language": "go", + "findings": [ + { + "line_number": 13, + "secret": "sk-ant-api03-S5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ9vR-mK1jLpFzXgY8cBu7DwEa4SdF2gH3iKlJnOpQ_AAA", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/048/snippet.go b/secrets-benchmarks/snippets/048/snippet.go new file mode 100644 index 0000000..c993cf1 --- /dev/null +++ b/secrets-benchmarks/snippets/048/snippet.go @@ -0,0 +1,50 @@ +package main + +import ( + "bytes" + "encoding/json" + "log" + "net/http" + "time" +) + +const ( + anthropicAPIEndpoint = "https://api.anthropic.com/v1/messages" + anthropicAPIKey = "sk-ant-api03-S5bA6gH7jK8lI9oP0qR1tV2uY3vW4xZ9vR-mK1jLpFzXgY8cBu7DwEa4SdF2gH3iKlJnOpQ_AAA" +) + +type MessageRequest struct { + Model string `json:"model"` + MaxTokens int `json:"max_tokens"` + Messages []struct { + Role string `json:"role"` + Content string `json:"content"` + } `json:"messages"` +} + +func callClaude(prompt string) string { + client := &http.Client{Timeout: time.Second * 30} + + reqBody := MessageRequest{ + Model: "claude-3-opus-20240229", + MaxTokens: 1024, + Messages: []struct { + Role string `json:"role"` + Content string `json:"content"` + }{{Role: "user", Content: prompt}}, + } + + jsonBody, _ := json.Marshal(reqBody) + req, err := http.NewRequest("POST", anthropicAPIEndpoint, bytes.NewBuffer(jsonBody)) + if err != nil { + log.Fatalf("Failed to create request: %v", err) + } + + req.Header.Set("x-api-key", anthropicAPIKey) + req.Header.Set("anthropic-version", "2023-06-01") + req.Header.Set("content-type", "application/json") + + // ... (response handling code omitted) + + return "response_from_claude" +} diff --git a/secrets-benchmarks/snippets/049/ground-truth.json b/secrets-benchmarks/snippets/049/ground-truth.json new file mode 100644 index 0000000..cdd8b85 --- /dev/null +++ b/secrets-benchmarks/snippets/049/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 11, + "language": "javascript", + "findings": [ + { + "line_number": 8, + "secret": "AIzaSyB9X8Y7Z6W5V4U3T2S1R0P9Q8O7N6M5L4", + "label": "True Positive" + }, + { + "line_number": 25, + "secret": "https://b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8@o123456.ingest.sentry.io/7890123", + "label": "True Positive" + }, + { + "line_number": 28, + "secret": "pk.eyJ1IjoiZGV2LWFjY291bnQiLCJhIjoiY2xwOXRzNWFjMDBsdDJrcWY2eGlrbmxmYSJ9.UThkRzFqazVwN3M0YjAyblRhbGF6UQ", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/049/snippet.js b/secrets-benchmarks/snippets/049/snippet.js new file mode 100644 index 0000000..9e30a70 --- /dev/null +++ b/secrets-benchmarks/snippets/049/snippet.js @@ -0,0 +1,32 @@ +import { initializeApp } from 'firebase/app'; +import { getAnalytics } from 'firebase/analytics'; +import { getAuth } from 'firebase/auth'; + +// This configuration is for the staging environment. +// Do not use these values in production. +const firebaseConfig = { + apiKey: "AIzaSyB9X8Y7Z6W5V4U3T2S1R0P9Q8O7N6M5L4", + authDomain: "project-staging-a4b1c.firebaseapp.com", + projectId: "project-staging-a4b1c", + storageBucket: "project-staging-a4b1c.appspot.com", + messagingSenderId: "123456789012", + appId: "1:123456789012:web:a1b2c3d4e5f6a7b8c9d0e1", + measurementId: "G-ABCDEF1234" +}; + +// Initialize Firebase services +export const app = initializeApp(firebaseConfig); +export const analytics = getAnalytics(app); +export const auth = getAuth(app); + +// Configuration for third-party services. +export const servicesConfig = { + sentry: { + dsn: 'https://b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8@o123456.ingest.sentry.io/7890123' + }, + mapbox: { + accessToken: 'pk.eyJ1IjoiZGV2LWFjY291bnQiLCJhIjoiY2xwOXRzNWFjMDBsdDJrcWY2eGlrbmxmYSJ9.UThkRzFqazVwN3M0YjAyblRhbGF6UQ' + } +}; + +export default firebaseConfig; diff --git a/secrets-benchmarks/snippets/050/ground-truth.json b/secrets-benchmarks/snippets/050/ground-truth.json new file mode 100644 index 0000000..907ccec --- /dev/null +++ b/secrets-benchmarks/snippets/050/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 11, + "language": "terraform", + "findings": [ + { + "line_number": 10, + "secret": "dd-api-a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", + "label": "True Positive" + }, + { + "line_number": 21, + "secret": "dop_v1_8d3e6f2a7b1c4d9f8a6e3b0c5d7f0a9b8c7d6e5f4a3b2c1d0e9f8a7b6c5d4e3f", + "label": "True Positive" + }, + { + "line_number": 37, + "secret": "DbP@ssw0rdF0rProd!2024*", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/050/snippet.tf b/secrets-benchmarks/snippets/050/snippet.tf new file mode 100644 index 0000000..a2ab7f6 --- /dev/null +++ b/secrets-benchmarks/snippets/050/snippet.tf @@ -0,0 +1,38 @@ +resource "digitalocean_droplet" "web_server" { + image = "ubuntu-22-04-x64" + name = "prod-web-01" + region = "sfo3" + size = "s-2vcpu-4gb" + ssh_keys = [data.digitalocean_ssh_key.main.id] + + provisioner "remote-exec" { + inline = [ + "export DATADOG_API_KEY=dd-api-a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", + "bash -c \"$(curl -L https://raw.githubusercontent.com/DataDog/datadog-agent/master/cmd/agent/install_script.sh)\"" + ] + } +} + +// Sensitive variables for provider configuration. These should be in a separate tfvars file. + +variable "do_token" { + type = string + description = "DigitalOcean API token" + default = "dop_v1_8d3e6f2a7b1c4d9f8a6e3b0c5d7f0a9b8c7d6e5f4a3b2c1d0e9f8a7b6c5d4e3f" +} + +resource "digitalocean_database_cluster" "postgres_prod" { + name = "prod-db-cluster" + engine = "pg" + version = "14" + size = "db-s-2vcpu-4gb" + region = "sfo3" + node_count = 1 +} + +resource "digitalocean_database_user" "app_user" { + cluster_id = digitalocean_database_cluster.postgres_prod.id + name = "app_user" + mysql_auth_plugin = "caching_sha2_password" + password = "DbP@ssw0rdF0rProd!2024*" +} diff --git a/secrets-benchmarks/snippets/051/ground-truth.json b/secrets-benchmarks/snippets/051/ground-truth.json new file mode 100644 index 0000000..0c8df7e --- /dev/null +++ b/secrets-benchmarks/snippets/051/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 12, + "language": "python", + "findings": [ + { + "line_number": 9, + "secret": "postgres://webapp_user:p$3#R7s@Q!9F@prod-db-cluster-1.c4f3g2h1i0j.us-west-2.rds.amazonaws.com:5432/main_app_db", + "label": "True Positive" + }, + { + "line_number": 14, + "secret": "AC5f8e0a1b9c3d4e5f6a7b8c9d0e1f2a3b", + "label": "True Positive" + }, + { + "line_number": 15, + "secret": "5a94025a4392a8b9f7a7751c1e95c4a1", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/051/snippet.py b/secrets-benchmarks/snippets/051/snippet.py new file mode 100644 index 0000000..4abc56a --- /dev/null +++ b/secrets-benchmarks/snippets/051/snippet.py @@ -0,0 +1,35 @@ +from flask import Flask, request, jsonify +from sqlalchemy import create_engine +from twilio.rest import Client +import os + +app = Flask(__name__) + +# --- Database Configuration --- +DATABASE_URL = "postgres://webapp_user:p$3#R7s@Q!9F@prod-db-cluster-1.c4f3g2h1i0j.us-west-2.rds.amazonaws.com:5432/main_app_db" +engine = create_engine(DATABASE_URL) + +# --- Twilio SMS Service Configuration --- +# This credentials should be moved to a secure vault. +TWILIO_ACCOUNT_SID = "AC5f8e0a1b9c3d4e5f6a7b8c9d0e1f2a3b" +TWILIO_AUTH_TOKEN = "5a94025a4392a8b9f7a7751c1e95c4a1" +twilio_client = Client(TWILIO_ACCOUNT_SID, TWILIO_AUTH_TOKEN) + +@app.route('/api/v1/send-invite', methods=['POST']) +def send_invite_sms(): + data = request.get_json() + phone_number = data.get('phone') + message = "Welcome! Your verification code is 123456." + + try: + twilio_client.messages.create( + to=phone_number, + from_='+15017122661', + body=message + ) + return jsonify({'status': 'success'}), 200 + except Exception as e: + return jsonify({'error': str(e)}), 500 + +if __name__ == '__main__': + app.run(debug=False, host='0.0.0.0') diff --git a/secrets-benchmarks/snippets/052/ground-truth.json b/secrets-benchmarks/snippets/052/ground-truth.json new file mode 100644 index 0000000..3f1a25d --- /dev/null +++ b/secrets-benchmarks/snippets/052/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 12, + "language": "yaml", + "findings": [ + { + "line_number": 21, + "secret": "AKIA4F5K6L7M8N9P0Q1R", + "label": "True Positive" + }, + { + "line_number": 22, + "secret": "7hGjKlMnOpQrStUvWxYzAbCdEfGhIjKlMnOpQrSt", + "label": "True Positive" + }, + { + "line_number": 45, + "secret": "https://hooks.slack.com/services/T01B2C3D4E5/F6G7H8I9J0K/l1m2n3o4p5q6r7s8t9u0v1w2", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/052/snippet.yml b/secrets-benchmarks/snippets/052/snippet.yml new file mode 100644 index 0000000..0bb9b5b --- /dev/null +++ b/secrets-benchmarks/snippets/052/snippet.yml @@ -0,0 +1,46 @@ +name: Deploy to Production Kubernetes Cluster + +on: + push: + branches: + - main + +env: + AWS_REGION: 'us-east-1' + ECR_REPOSITORY: 'my-app-repo' + +jobs: + build-and-push: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Configure AWS Credentials + run: | + aws configure set aws_access_key_id AKIA4F5K6L7M8N9P0Q1R + aws configure set aws_secret_access_key 7hGjKlMnOpQrStUvWxYzAbCdEfGhIjKlMnOpQrSt + aws configure set default.region $AWS_REGION + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + - name: Build and push the Docker image + run: | + docker build -t $ECR_REPOSITORY . + docker tag $ECR_REPOSITORY:latest $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$ECR_REPOSITORY:latest + docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$ECR_REPOSITORY:latest + + notify-slack: + needs: build-and-push + runs-on: ubuntu-latest + steps: + - name: Send notification to Slack channel + uses: 8398a7/action-slack@v3 + with: + status: ${{ job.status }} + text: 'Deployment to production succeeded.' + env: + SLACK_WEBHOOK_URL: "https://hooks.slack.com/services/T01B2C3D4E5/F6G7H8I9J0K/l1m2n3o4p5q6r7s8t9u0v1w2" + diff --git a/secrets-benchmarks/snippets/053/ground-truth.json b/secrets-benchmarks/snippets/053/ground-truth.json new file mode 100644 index 0000000..315689a --- /dev/null +++ b/secrets-benchmarks/snippets/053/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 12, + "language": "terraform", + "findings": [ + { + "line_number": 11, + "secret": "db_admin_master", + "label": "True Positive" + }, + { + "line_number": 12, + "secret": "S3cuRe_dBP@ssw0rd-f0R-Pr0d!2023", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/053/snippet.tf b/secrets-benchmarks/snippets/053/snippet.tf new file mode 100644 index 0000000..94a9ff4 --- /dev/null +++ b/secrets-benchmarks/snippets/053/snippet.tf @@ -0,0 +1,42 @@ +provider "aws" { + region = "eu-central-1" +} + +resource "aws_db_instance" "application_db" { + allocated_storage = 20 + engine = "mysql" + engine_version = "8.0.28" + instance_class = "db.t3.micro" + name = "appdbprod" + username = "db_admin_master" + password = "S3cuRe_dBP@ssw0rd-f0R-Pr0d!2023" + parameter_group_name = "default.mysql8.0" + skip_final_snapshot = true + publicly_accessible = false + + vpc_security_group_ids = [aws_security_group.db_sg.id] + db_subnet_group_name = aws_db_subnet_group.default.name +} + +resource "aws_security_group" "db_sg" { + name = "db-security-group" + description = "Allow traffic from application servers" + vpc_id = var.vpc_id + + ingress { + from_port = 3306 + to_port = 3306 + protocol = "tcp" + cidr_blocks = ["10.0.1.0/24"] + } +} + +resource "aws_db_subnet_group" "default" { + name = "main" + subnet_ids = var.private_subnet_ids +} + +variable "vpc_id" {} +variable "private_subnet_ids" { + type = list(string) +} diff --git a/secrets-benchmarks/snippets/054/ground-truth.json b/secrets-benchmarks/snippets/054/ground-truth.json new file mode 100644 index 0000000..a29fa01 --- /dev/null +++ b/secrets-benchmarks/snippets/054/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 12, + "language": "swift", + "findings": [ + { + "line_number": 7, + "secret": "AIzaSyB_V9zC5gE8fH7iJ6kL4mN3oP2qR1sT0uW", + "label": "True Positive" + }, + { + "line_number": 12, + "secret": "8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d", + "label": "True Positive" + }, + { + "line_number": 17, + "secret": "https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o123456.ingest.sentry.io/7890123", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/054/snippet.swift b/secrets-benchmarks/snippets/054/snippet.swift new file mode 100644 index 0000000..0179d20 --- /dev/null +++ b/secrets-benchmarks/snippets/054/snippet.swift @@ -0,0 +1,33 @@ +import Foundation + +struct AppConfig { + + struct GoogleServices { + // Key for integrating Google Maps SDK for location features. + static let mapsAPIKey = "AIzaSyB_V9zC5gE8fH7iJ6kL4mN3oP2qR1sT0uW" + } + + struct Analytics { + // We use Mixpanel for user behavior analytics. + static let mixpanelToken = "8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d" + } + + struct ErrorReporting { + // Sentry DSN for crash and error reporting. + static let sentryDSN = "https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o123456.ingest.sentry.io/7890123" + } + + struct APIEndpoints { + static let baseURL = "https://api.myapp.com/v2" + } + + static func initializeServices() { + // Placeholder for service initialization logic + print("Services Initialized with production keys.") + } +} + +// Usage example: +// SentrySDK.start { options in +// options.dsn = AppConfig.ErrorReporting.sentryDSN +// } diff --git a/secrets-benchmarks/snippets/055/ground-truth.json b/secrets-benchmarks/snippets/055/ground-truth.json new file mode 100644 index 0000000..2516457 --- /dev/null +++ b/secrets-benchmarks/snippets/055/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 12, + "language": "go", + "findings": [ + { + "line_number": 17, + "secret": "7hV$kZ&mN@3qP!s9", + "label": "True Positive" + }, + { + "line_number": 25, + "secret": "97937562479e3b12328059332f78816c", + "label": "True Positive" + }, + { + "line_number": 26, + "secret": "2d0a5127f827913a48eacb9231f24f4648eacb92", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/055/snippet.go b/secrets-benchmarks/snippets/055/snippet.go new file mode 100644 index 0000000..c2131c0 --- /dev/null +++ b/secrets-benchmarks/snippets/055/snippet.go @@ -0,0 +1,46 @@ +package main + +import ( + "github.com/gin-gonic/gin" + "github.com/go-redis/redis/v8" + "gopkg.in/zorkian/go-datadog-api.v2" + "context" + "net/http" +) + +var ctx = context.Background() + +func setupRedisClient() *redis.Client { + // Connect to the Redis instance used for session caching. + client := redis.NewClient(&redis.Options{ + Addr: "redis-11234.c264.ap-south-1-1.ec2.cloud.redislabs.com:11234", + Password: "7hV$kZ&mN@3qP!s9", // no username set + DB: 0, + }) + return client +} + +func setupDatadogClient() *datadog.Client { + // API credentials for sending metrics. + apiKey := "97937562479e3b12328059332f78816c" + appKey := "2d0a5127f827913a48eacb9231f24f4648eacb92" + client := datadog.NewClient(apiKey, appKey) + return client +} + +func main() { + redisClient := setupRedisClient() + _ = setupDatadogClient() + + router := gin.Default() + router.GET("/health", func(c *gin.Context) { + _, err := redisClient.Ping(ctx).Result() + if err != nil { + c.JSON(http.StatusInternalServerError, gin.H{"status": "redis_error"}) + return + } + c.JSON(http.StatusOK, gin.H{"status": "ok"}) + }) + + router.Run(":8080") +} diff --git a/secrets-benchmarks/snippets/056/ground-truth.json b/secrets-benchmarks/snippets/056/ground-truth.json new file mode 100644 index 0000000..f63a5d5 --- /dev/null +++ b/secrets-benchmarks/snippets/056/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 13, + "language": "python", + "findings": [ + { + "line_number": 14, + "secret": "AKIAU4V3K7J5P2QWSDYR", + "label": "True Positive" + }, + { + "line_number": 15, + "secret": "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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/056/snippet.py b/secrets-benchmarks/snippets/056/snippet.py new file mode 100644 index 0000000..35e6d5b --- /dev/null +++ b/secrets-benchmarks/snippets/056/snippet.py @@ -0,0 +1,34 @@ +import boto3 +import logging +import os + +# Configure logging +logging.basicConfig(level=logging.INFO) +logger = logging.getLogger(__name__) + +def process_s3_files(): + """Connects to S3 and processes files in a specific bucket.""" + logger.info("Initializing S3 client for data processing...") + + session = boto3.Session( + aws_access_key_id='AKIAU4V3K7J5P2QWSDYR', + aws_secret_access_key='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', + region_name='us-east-1' + ) + + s3_client = session.client('s3') + + try: + bucket_name = 'corp-analytics-logs-prod' + logger.info(f"Listing objects in bucket: {bucket_name}") + response = s3_client.list_objects_v2(Bucket=bucket_name) + + if 'Contents' in response: + for obj in response['Contents']: + logger.info(f"Found file: {obj['Key']}") + # In a real scenario, we would download and process the file here. + except Exception as e: + logger.error(f"Failed to access S3 bucket: {e}") + +if __name__ == "__main__": + process_s3_files() diff --git a/secrets-benchmarks/snippets/057/ground-truth.json b/secrets-benchmarks/snippets/057/ground-truth.json new file mode 100644 index 0000000..736dd32 --- /dev/null +++ b/secrets-benchmarks/snippets/057/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 13, + "language": "terraform", + "findings": [ + { + "line_number": 23, + "secret": "v#8kP!s7TqR2zL$mG@fD", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/057/snippet.tf b/secrets-benchmarks/snippets/057/snippet.tf new file mode 100644 index 0000000..de55e27 --- /dev/null +++ b/secrets-benchmarks/snippets/057/snippet.tf @@ -0,0 +1,40 @@ +# Terraform configuration for the production database. +# This sets up the RDS instance and its associated security group. + +provider "aws" { + region = "eu-west-2" +} + +resource "aws_vpc" "main" { + cidr_block = "10.0.0.0/16" + + tags = { + Name = "production-vpc" + } +} + +resource "aws_db_instance" "aurora_cluster" { + allocated_storage = 100 + engine = "mysql" + engine_version = "8.0.28" + instance_class = "db.t3.medium" + name = "webappdb_prod" + username = "db_admin_master" + password = "v#8kP!s7TqR2zL$mG@fD" + parameter_group_name = "default.mysql8.0" + skip_final_snapshot = true + vpc_security_group_ids = [aws_security_group.db.id] +} + +resource "aws_security_group" "db" { + name = "rds-prod-sg" + description = "Allow traffic to production RDS" + vpc_id = aws_vpc.main.id + + ingress { + from_port = 3306 + to_port = 3306 + protocol = "tcp" + cidr_blocks = ["10.0.0.0/16"] + } +} diff --git a/secrets-benchmarks/snippets/058/ground-truth.json b/secrets-benchmarks/snippets/058/ground-truth.json new file mode 100644 index 0000000..79fc386 --- /dev/null +++ b/secrets-benchmarks/snippets/058/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 13, + "language": "go", + "findings": [ + { + "line_number": 14, + "secret": "postgres://webapp_svc:dG93nK#md!9S@pg-primary.prod.svc.cluster.local:5432/payments_db", + "label": "True Positive" + }, + { + "line_number": 30, + "secret": "sk_live_51Mv9BfGk7Lw3zYqSjU2dRaXt1cVhN8eIoP6bA5cZfTxW", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/058/snippet.go b/secrets-benchmarks/snippets/058/snippet.go new file mode 100644 index 0000000..e29d1c3 --- /dev/null +++ b/secrets-benchmarks/snippets/058/snippet.go @@ -0,0 +1,40 @@ +package main + +import ( + "database/sql" + "fmt" + "log" + "net/http" + + "github.com/gin-gonic/gin" + _ "github.com/lib/pq" + "github.com/stripe/stripe-go/v72" +) + +const pgConnStr = "postgres://webapp_svc:dG93nK#md!9S@pg-primary.prod.svc.cluster.local:5432/payments_db" + +func setupDatabase() *sql.DB { + db, err := sql.Open("postgres", pgConnStr) + if err != nil { + log.Fatalf("Failed to connect to database: %v", err) + } + return db +} + +func chargeHandler(c *gin.Context) { + // Payment processing logic would be here + c.JSON(http.StatusOK, gin.H{"status": "charge processed"}) +} + +func main() { + stripe.Key = "sk_live_51Mv9BfGk7Lw3zYqSjU2dRaXt1cVhN8eIoP6bA5cZfTxW" + + db := setupDatabase() + defer db.Close() + + router := gin.Default() + router.POST("/api/v1/charge", chargeHandler) + + fmt.Println("Starting server on port 8080") + router.Run(":8080") +} diff --git a/secrets-benchmarks/snippets/059/ground-truth.json b/secrets-benchmarks/snippets/059/ground-truth.json new file mode 100644 index 0000000..70f30ce --- /dev/null +++ b/secrets-benchmarks/snippets/059/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 13, + "language": "yaml", + "findings": [ + { + "line_number": 20, + "secret": "dckr_pat_1sA3fG5hJ8kL2mN4pQ6rT8uV0wX2z", + "label": "True Positive" + }, + { + "line_number": 39, + "secret": "HRKU-a1b2c3d4-e5f6-7890-1234-567890abcdef", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/059/snippet.yml b/secrets-benchmarks/snippets/059/snippet.yml new file mode 100644 index 0000000..5cd0a79 --- /dev/null +++ b/secrets-benchmarks/snippets/059/snippet.yml @@ -0,0 +1,42 @@ +name: Build and Deploy to Production + +on: + push: + branches: + - main + +jobs: + build: + name: Build Docker Image + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: myapp_prod_builder + password: "dckr_pat_1sA3fG5hJ8kL2mN4pQ6rT8uV0wX2z" + + - name: Build and push Docker image + uses: docker/build-push-action@v4 + with: + context: . + push: true + tags: myapp/production:latest + + deploy: + name: Deploy to Heroku + runs-on: ubuntu-latest + needs: build + environment: + name: production + steps: + - name: Deploy to Heroku + uses: akhileshns/heroku-deploy@v3.12.12 + with: + heroku_api_key: "HRKU-a1b2c3d4-e5f6-7890-1234-567890abcdef" + heroku_app_name: "my-prod-webapp" + heroku_email: "deploy@example.com" + usedocker: true diff --git a/secrets-benchmarks/snippets/060/ground-truth.json b/secrets-benchmarks/snippets/060/ground-truth.json new file mode 100644 index 0000000..0d3b8e5 --- /dev/null +++ b/secrets-benchmarks/snippets/060/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 13, + "language": "csharp", + "findings": [ + { + "line_number": 14, + "secret": "SG.lI8pZ3jT9qW7eR1aV5bC0x.mK4oH6sN2yU9iO-pLgJ7fDcXvBwZqR", + "label": "True Positive" + }, + { + "line_number": 28, + "secret": "9u8x/A?D(G+KbPeShVmYp3s6v9y$B&E)", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/060/snippet.cs b/secrets-benchmarks/snippets/060/snippet.cs new file mode 100644 index 0000000..7ac70a7 --- /dev/null +++ b/secrets-benchmarks/snippets/060/snippet.cs @@ -0,0 +1,37 @@ +using System; + +namespace WebApi.Core.Config +{ + /// + /// Provides centralized access to application configuration and secrets. + /// This is a temporary solution before moving to Azure Key Vault. + /// + public static class AppSecrets + { + // --- Email Service Configuration --- + public static class SendGrid + { + public const string ApiKey = "SG.lI8pZ3jT9qW7eR1aV5bC0x.mK4oH6sN2yU9iO-pLgJ7fDcXvBwZqR"; + public const string FromEmail = "noreply@myapp.com"; + public const string FromName = "MyApp Notifications"; + } + + // --- Authentication & Authorization --- + public static class Authentication + { + public const string JwtIssuer = "https://auth.myapp.com"; + public const string JwtAudience = "https://api.myapp.com"; + + /// + /// High-entropy key for signing JWT tokens. MUST be at least 256 bits. + /// + public const string JwtSigningKey = "9u8x/A?D(G+KbPeShVmYp3s6v9y$B&E)"; + } + + // --- External Service Integrations --- + public static class Analytics + { + public static Guid MeasurementId = new Guid("a1b2c3d4-e5f6-4789-9a0b-c1d2e3f4a5b6"); + } + } +} diff --git a/secrets-benchmarks/snippets/061/ground-truth.json b/secrets-benchmarks/snippets/061/ground-truth.json new file mode 100644 index 0000000..57b9ec0 --- /dev/null +++ b/secrets-benchmarks/snippets/061/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 14, + "language": "python", + "findings": [ + { + "line_number": 12, + "secret": "postgresql://order_svc:pL3#cV8@dK!zN@prod-db-eu-west-1.c4jwk9zabcdef.rds.amazonaws.com:5432/orders_prod", + "label": "True Positive" + }, + { + "line_number": 14, + "secret": "sk_live_51Mv4xEAklC1kABi8gqYtY9eBpJc7dFwZ7yX2vH3uL5bNqD6kRzT0fA9gS1hJk0bVcGfI4oE3mNlP2rWqAbcDef123", + "label": "True Positive" + }, + { + "line_number": 30, + "secret": "SG.s5h4z9k8TqO6y2n7v1m3pA.c4fGkRpLwE9xVbU3zJ8aQoI7tYdD5sW2iH6uX0O", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/061/snippet.py b/secrets-benchmarks/snippets/061/snippet.py new file mode 100644 index 0000000..e78470f --- /dev/null +++ b/secrets-benchmarks/snippets/061/snippet.py @@ -0,0 +1,36 @@ +import os +from flask import Flask, jsonify, request +from flask_sqlalchemy import SQLAlchemy +import stripe +import sendgrid +from sendgrid.helpers.mail import Mail + +app = Flask(__name__) + +# --- Configuration --- +# In a real app, these should be environment variables. +app.config['SQLALCHEMY_DATABASE_URI'] = 'postgresql://order_svc:pL3#cV8@dK!zN@prod-db-eu-west-1.c4jwk9zabcdef.rds.amazonaws.com:5432/orders_prod' +app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False +stripe.api_key = "sk_live_51Mv4xEAklC1kABi8gqYtY9eBpJc7dFwZ7yX2vH3uL5bNqD6kRzT0fA9gS1hJk0bVcGfI4oE3mNlP2rWqAbcDef123" + +db = SQLAlchemy(app) + +class Order(db.Model): + id = db.Column(db.Integer, primary_key=True) + amount = db.Column(db.Float, nullable=False) + customer_email = db.Column(db.String(120), nullable=False) + processed = db.Column(db.Boolean, default=False) + +@app.route('/charge', methods=['POST']) +def create_charge(): + data = request.get_json() + # ... payment processing logic ... + + # Send confirmation email + sg_api_key = "SG.s5h4z9k8TqO6y2n7v1m3pA.c4fGkRpLwE9xVbU3zJ8aQoI7tYdD5sW2iH6uX0O" + sg = sendgrid.SendGridAPIClient(api_key=sg_api_key) + from_email = 'noreply@examplecorp.com' + to_email = data.get('email') + subject = "Your order is confirmed!" + # ... email content ... + return jsonify({'status': 'success'}), 200 diff --git a/secrets-benchmarks/snippets/062/ground-truth.json b/secrets-benchmarks/snippets/062/ground-truth.json new file mode 100644 index 0000000..8c2196c --- /dev/null +++ b/secrets-benchmarks/snippets/062/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 14, + "language": "yaml", + "findings": [ + { + "line_number": 18, + "secret": "AKIA4F3PH5XH637P5Q2S", + "label": "True Positive" + }, + { + "line_number": 19, + "secret": "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", + "label": "True Positive" + }, + { + "line_number": 26, + "secret": "dckr_pat_aJkLmnOpQrStUvWxYzAbCdEfGhIjK12345", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/062/snippet.yml b/secrets-benchmarks/snippets/062/snippet.yml new file mode 100644 index 0000000..cd3e787 --- /dev/null +++ b/secrets-benchmarks/snippets/062/snippet.yml @@ -0,0 +1,35 @@ +name: Deploy Production to AWS + +on: + push: + branches: + - main + +jobs: + build-and-push: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: AKIA4F3PH5XH637P5Q2S + aws-secret-access-key: 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 + aws-region: us-east-1 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: corp_ci_bot + password: "dckr_pat_aJkLmnOpQrStUvWxYzAbCdEfGhIjK12345" + + - name: Build, tag, and push image to Amazon ECR + id: build-image + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + IMAGE_TAG: ${{ github.sha }} + run: | + docker build -t $ECR_REGISTRY/my-app:$IMAGE_TAG . + docker push $ECR_REGISTRY/my-app:$IMAGE_TAG diff --git a/secrets-benchmarks/snippets/063/ground-truth.json b/secrets-benchmarks/snippets/063/ground-truth.json new file mode 100644 index 0000000..558f3d6 --- /dev/null +++ b/secrets-benchmarks/snippets/063/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 14, + "language": "go", + "findings": [ + { + "line_number": 23, + "secret": "amqp://ingest_worker:HkP8#sF!t$jR@rabbitmq.prod.svc.cluster.local:5672/", + "label": "True Positive" + }, + { + "line_number": 33, + "secret": "R9bXmPZc$vT2sK!eN5wF8qGg4jA#7D", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/063/snippet.go b/secrets-benchmarks/snippets/063/snippet.go new file mode 100644 index 0000000..29fa28c --- /dev/null +++ b/secrets-benchmarks/snippets/063/snippet.go @@ -0,0 +1,40 @@ +package main + +import ( + "context" + "log" + "time" + + "github.com/go-redis/redis/v8" + "github.com/streadway/amqp" +) + +var ctx = context.Background() + +func failOnError(err error, msg string) { + if err != nil { + log.Fatalf("%s: %s", msg, err) + } +} + +func main() { + // DO NOT commit this hardcoded PoC connection string + // TODO: move to Vault + rmqConnectionString := "amqp://ingest_worker:HkP8#sF!t$jR@rabbitmq.prod.svc.cluster.local:5672/" + conn, err := amqp.Dial(rmqConnectionString) + failOnError(err, "Failed to connect to RabbitMQ") + defer conn.Close() + + log.Println("Successfully connected to RabbitMQ broker") + + // Setup Redis client + redisClient := redis.NewClient(&redis.Options{ + Addr: "redis-master.prod.svc.cluster.local:6379", + Password: "R9bXmPZc$vT2sK!eN5wF8qGg4jA#7D", // No DB, we use the default + DB: 0, + }) + + _, err = redisClient.Ping(ctx).Result() + failOnError(err, "Failed to connect to Redis") + log.Println("Cache service connected.") +} diff --git a/secrets-benchmarks/snippets/064/ground-truth.json b/secrets-benchmarks/snippets/064/ground-truth.json new file mode 100644 index 0000000..5e03e82 --- /dev/null +++ b/secrets-benchmarks/snippets/064/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 14, + "language": "terraform", + "findings": [ + { + "line_number": 12, + "secret": "Adm1nPassw0rd&SuperS3cure!v9h2k4m5", + "label": "True Positive" + }, + { + "line_number": 27, + "secret": "kpat_9uGvP3wFxBzQr7YtL1sJmN5cH2oVb4fD8S", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/064/snippet.tf b/secrets-benchmarks/snippets/064/snippet.tf new file mode 100644 index 0000000..e342ee3 --- /dev/null +++ b/secrets-benchmarks/snippets/064/snippet.tf @@ -0,0 +1,35 @@ +provider "aws" { + region = "eu-central-1" +} + +resource "aws_db_instance" "app_database" { + allocated_storage = 20 + engine = "mysql" + engine_version = "8.0" + instance_class = "db.t3.micro" + name = "webapp_prod_db" + username = "db_admin" + password = "Adm1nPassw0rd&SuperS3cure!v9h2k4m5" + parameter_group_name = "default.mysql8.0" + skip_final_snapshot = true +} + +resource "aws_lambda_function" "data_processor" { + function_name = "Prod-Data-Processor" + handler = "main.handler" + runtime = "python3.9" + role = aws_iam_role.lambda_exec.arn + + filename = "processor.zip" + + environment { + variables = { + THIRD_PARTY_API_TOKEN = "kpat_9uGvP3wFxBzQr7YtL1sJmN5cH2oVb4fD8S" + DB_ENDPOINT = aws_db_instance.app_database.address + } + } + + tags = { + Environment = "Production" + } +} diff --git a/secrets-benchmarks/snippets/065/ground-truth.json b/secrets-benchmarks/snippets/065/ground-truth.json new file mode 100644 index 0000000..97ff0ca --- /dev/null +++ b/secrets-benchmarks/snippets/065/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 14, + "language": "typescript", + "findings": [ + { + "line_number": 20, + "secret": "pk.eyJ1Ijoiam9obmRvZWNvcnAiLCJhIjoiY2xwYzh0ZzAyMGN3ZTJqcWpybHZ0MHEzayJ9.iG8jdU1cR3vBwF2pZ5oKqQ", + "label": "True Positive" + }, + { + "line_number": 23, + "secret": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io/789012", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/065/snippet.ts b/secrets-benchmarks/snippets/065/snippet.ts new file mode 100644 index 0000000..6604b8f --- /dev/null +++ b/secrets-benchmarks/snippets/065/snippet.ts @@ -0,0 +1,31 @@ +// src/config/appConfig.ts +// Centralized configuration for external services. + +interface AppConfig { + env: 'development' | 'production' | 'staging'; + apiBaseUrl: string; + mapboxToken: string; + sentryDsn: string; + featureFlags: { + enableNewDashboard: boolean; + enableBetaFeatures: boolean; + }; +} + +export const config: AppConfig = { + env: 'production', + apiBaseUrl: 'https://api.myapp.com/v2', + + // Public token for map rendering on the client side + mapboxToken: 'pk.eyJ1Ijoiam9obmRvZWNvcnAiLCJhIjoiY2xwYzh0ZzAyMGN3ZTJqcWpybHZ0MHEzayJ9.iG8jdU1cR3vBwF2pZ5oKqQ', + + // Sentry for error tracking + sentryDsn: 'https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io/789012', + + featureFlags: { + enableNewDashboard: true, + enableBetaFeatures: false, + }, +}; + +export default config; diff --git a/secrets-benchmarks/snippets/066/ground-truth.json b/secrets-benchmarks/snippets/066/ground-truth.json new file mode 100644 index 0000000..3660627 --- /dev/null +++ b/secrets-benchmarks/snippets/066/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 15, + "language": "python", + "findings": [ + { + "line_number": 12, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive" + }, + { + "line_number": 13, + "secret": "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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/066/snippet.py b/secrets-benchmarks/snippets/066/snippet.py new file mode 100644 index 0000000..2f60262 --- /dev/null +++ b/secrets-benchmarks/snippets/066/snippet.py @@ -0,0 +1,43 @@ +# sync_s3_data.py: A utility script to synchronize local data with an S3 bucket. + +import boto3 +import logging +from botocore.exceptions import NoCredentialsError + +# --- Configuration --- +AWS_REGION = 'eu-west-1' +S3_BUCKET_NAME = 'corp-data-lake-prod-4815162342' + +# WARNING: Hardcoded credentials for legacy service account +AWS_ACCESS_KEY_ID = 'AKIAY3R4WZ76X2P5QJ6M' +AWS_SECRET_ACCESS_KEY = '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' + +logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s') + +def connect_to_s3(): + """Establishes a session with AWS S3 using hardcoded credentials.""" + try: + s3_client = boto3.client( + 's3', + aws_access_key_id=AWS_ACCESS_KEY_ID, + aws_secret_access_key=AWS_SECRET_ACCESS_KEY, + region_name=AWS_REGION + ) + logging.info("S3 client created successfully.") + return s3_client + except NoCredentialsError: + logging.error("Credentials not available.") + return None + +def list_bucket_contents(s3_client): + """Lists the contents of the configured S3 bucket.""" + logging.info(f"Listing contents for bucket: {S3_BUCKET_NAME}") + response = s3_client.list_objects_v2(Bucket=S3_BUCKET_NAME) + if 'Contents' in response: + for item in response['Contents']: + print(f" - {item['Key']} (Size: {item['Size']})") + +if __name__ == "__main__": + client = connect_to_s3() + if client: + list_bucket_contents(client) diff --git a/secrets-benchmarks/snippets/067/ground-truth.json b/secrets-benchmarks/snippets/067/ground-truth.json new file mode 100644 index 0000000..f192259 --- /dev/null +++ b/secrets-benchmarks/snippets/067/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 15, + "language": "terraform", + "findings": [ + { + "line_number": 20, + "secret": "8kL~7QjN_p9sFt.gY2vWzXbC-aH1mO6rE5", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/067/snippet.tf b/secrets-benchmarks/snippets/067/snippet.tf new file mode 100644 index 0000000..43dbe3f --- /dev/null +++ b/secrets-benchmarks/snippets/067/snippet.tf @@ -0,0 +1,40 @@ +# /modules/network/main.tf - Main Terraform configuration for the networking module. + +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">= 2.90.0" + } + } +} + +# Provider block configured with service principal credentials. +# Ideally, these should be supplied via environment variables or managed identity. +provider "azurerm" { + features {} + + subscription_id = "a1b2c3d4-e5f6-7890-1234-567890abcdef" + client_id = "f1e2d3c4-b5a6-7890-fedc-ba9876543210" + tenant_id = "c1b2a3d4-e5f6-7890-1234-abcdef567890" + client_secret = "8kL~7QjN_p9sFt.gY2vWzXbC-aH1mO6rE5" +} + +resource "azurerm_resource_group" "rg" { + name = "rg-networking-${var.environment}" + location = var.location + + tags = { + provisioner = "terraform" + project = "core-infra" + } +} + +resource "azurerm_virtual_network" "vnet" { + name = "vnet-${var.environment_short}-01" + address_space = ["10.0.0.0/16"] + location = azurerm_resource_group.rg.location + resource_group_name = azurerm_resource_group.rg.name +} + +# Additional network resources (subnets, security groups, etc.) would follow. diff --git a/secrets-benchmarks/snippets/068/ground-truth.json b/secrets-benchmarks/snippets/068/ground-truth.json new file mode 100644 index 0000000..09c2c83 --- /dev/null +++ b/secrets-benchmarks/snippets/068/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 15, + "language": "properties", + "findings": [ + { + "line_number": 13, + "secret": "E#9z$RFt@k*b2v!gHqP5sYuL", + "label": "True Positive" + }, + { + "line_number": 23, + "secret": "YjJkNDY3YTZlY2U1MjRiYzhmNmU5ODE5ZjQ5NjA3YjI5ZWIzMDUyN2U0NjM5NWY1OTM2NGYxYzJkNWY4N2Y1NA==", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/068/snippet.properties b/secrets-benchmarks/snippets/068/snippet.properties new file mode 100644 index 0000000..1082998 --- /dev/null +++ b/secrets-benchmarks/snippets/068/snippet.properties @@ -0,0 +1,32 @@ +# =================================================================== +# Spring Boot application configuration for the payments service +# =================================================================== + +# Server Configuration +server.port=8080 +server.servlet.context-path=/api/payments + +# Database Connection (PostgreSQL) +# Using a dedicated read-write user for the application. +spring.datasource.url=jdbc:postgresql://db-payments-prod.c8xqj9yzkq2p.us-east-1.rds.amazonaws.com:5432/paymentsdb +spring.datasource.username=payments_svc +spring.datasource.password=E#9z$RFt@k*b2v!gHqP5sYuL +spring.datasource.driver-class-name=org.postgresql.Driver +spring.jpa.hibernate.ddl-auto=validate + +# Security and JWT Configuration +# Using a strong, pre-generated HS512 key for signing JWTs. +auth.jwt.token-type=Bearer +auth.jwt.issuer=com.securepayments.api +auth.jwt.audience=com.securepayments.app +auth.jwt.expiration-ms=86400000 +auth.jwt.secret=YjJkNDY3YTZlY2U1MjRiYzhmNmU5ODE5ZjQ5NjA3YjI5ZWIzMDUyN2U0NjM5NWY1OTM2NGYxYzJkNWY4N2Y1NA== + +# Stripe Integration Keys +stripe.api.version=2020-08-27 +stripe.webhook.endpoint-secret=${STRIPE_WH_SECRET} + +# Logging Configuration +logging.level.root=INFO +logging.level.com.securepayments=DEBUG +logging.pattern.console=%d{yyyy-MM-dd HH:mm:ss} - %msg%n diff --git a/secrets-benchmarks/snippets/069/ground-truth.json b/secrets-benchmarks/snippets/069/ground-truth.json new file mode 100644 index 0000000..1f7bebb --- /dev/null +++ b/secrets-benchmarks/snippets/069/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 15, + "language": "javascript", + "findings": [ + { + "line_number": 9, + "secret": "https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o123456.ingest.sentry.io/7890123", + "label": "True Positive" + }, + { + "line_number": 18, + "secret": "pk.eyJ1IjoiZGFzaGJvYXJkdXNlciIsImEiOiJjazlzcDU0OWowMGR2M2Vud2IzaDV2ZHJtIn0.7gU6DqR7wE5qM1vN8sY2fQ", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/069/snippet.js b/secrets-benchmarks/snippets/069/snippet.js new file mode 100644 index 0000000..bad6820 --- /dev/null +++ b/secrets-benchmarks/snippets/069/snippet.js @@ -0,0 +1,44 @@ +import React, { useEffect, useRef } from 'react'; +import mapboxgl from 'mapbox-gl'; +import * as Sentry from '@sentry/react'; +import { BrowserTracing } from '@sentry/tracing'; + +export const initializeMonitoring = () => { + // Sentry initialization for error tracking in production. + Sentry.init({ + dsn: "https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o123456.ingest.sentry.io/7890123", + integrations: [new BrowserTracing()], + tracesSampleRate: 0.2, + environment: 'production', + }); +}; + +// Mapbox configuration for the main dashboard map. +const mapboxConfig = { + accessToken: 'pk.eyJ1IjoiZGFzaGJvYXJkdXNlciIsImEiOiJjazlzcDU0OWowMGR2M2Vud2IzaDV2ZHJtIn0.7gU6DqR7wE5qM1vN8sY2fQ', + style: 'mapbox://styles/mapbox/dark-v10', + center: [-74.0060, 40.7128], + zoom: 11 +}; + +const MapComponent = () => { + const mapContainerRef = useRef(null); + + useEffect(() => { + mapboxgl.accessToken = mapboxConfig.accessToken; + const map = new mapboxgl.Map({ + container: mapContainerRef.current, + style: mapboxConfig.style, + center: mapboxConfig.center, + zoom: mapboxConfig.zoom + }); + + map.addControl(new mapboxgl.NavigationControl(), 'top-right'); + + return () => map.remove(); + }, []); + + return
; +}; + +export default MapComponent; diff --git a/secrets-benchmarks/snippets/070/ground-truth.json b/secrets-benchmarks/snippets/070/ground-truth.json new file mode 100644 index 0000000..756d466 --- /dev/null +++ b/secrets-benchmarks/snippets/070/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 15, + "language": "yaml", + "findings": [ + { + "line_number": 22, + "secret": "dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE", + "label": "True Positive" + }, + { + "line_number": 39, + "secret": "https://hooks.slack.com/services/T00ABCDEF12/B00GHIJKL34/xYpQrStUvWxZaBcDeFgHiJkL", + "label": "True Positive" + }, + { + "line_number": 53, + "secret": "https://hooks.slack.com/services/T00ABCDEF12/B00GHIJKL34/xYpQrStUvWxZaBcDeFgHiJkL", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/070/snippet.yml b/secrets-benchmarks/snippets/070/snippet.yml new file mode 100644 index 0000000..95e9902 --- /dev/null +++ b/secrets-benchmarks/snippets/070/snippet.yml @@ -0,0 +1,53 @@ +name: Build and Deploy to Production + +on: + push: + branches: + - main + +jobs: + build-and-push: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Log in to Docker Hub + uses: docker/login-action@v2 + with: + username: myapp-prod-builder + password: "dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE" + + - name: Build and push Docker image + uses: docker/build-push-action@v3 + with: + context: . + push: true + tags: myapp/production:latest + + notify-on-success: + needs: build-and-push + runs-on: ubuntu-latest + steps: + - name: Send Slack notification + run: | + curl -X POST -H 'Content-type: application/json' \ + --data '{"text":"Deployment to production successful!"}' \ + https://hooks.slack.com/services/T00ABCDEF12/B00GHIJKL34/xYpQrStUvWxZaBcDeFgHiJkL + + notify-on-failure: + if: failure() + needs: build-and-push + runs-on: ubuntu-latest + steps: + - name: Send Slack failure notification + uses: 8398a7/action-slack@v3 + with: + status: ${{ job.status }} + author_name: "Production Deploy Bot" + fields: repo,message,commit,author,action,eventName,ref,workflow + env: + SLACK_WEBHOOK_URL: "https://hooks.slack.com/services/T00ABCDEF12/B00GHIJKL34/xYpQrStUvWxZaBcDeFgHiJkL" diff --git a/secrets-benchmarks/snippets/071/ground-truth.json b/secrets-benchmarks/snippets/071/ground-truth.json new file mode 100644 index 0000000..f989f8b --- /dev/null +++ b/secrets-benchmarks/snippets/071/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 16, + "language": "python", + "findings": [ + { + "line_number": 10, + "secret": "postgres://user_prod_rw:dG9m9#4k!sPq@db-prod-cluster.c8x4z1b2q3r.us-east-1.rds.amazonaws.com:5432/main_app", + "label": "True Positive" + }, + { + "line_number": 11, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive" + }, + { + "line_number": 12, + "secret": "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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/071/snippet.py b/secrets-benchmarks/snippets/071/snippet.py new file mode 100644 index 0000000..905eae3 --- /dev/null +++ b/secrets-benchmarks/snippets/071/snippet.py @@ -0,0 +1,30 @@ +import os +from flask import Flask, jsonify, request +from services.db_connector import Database +from services.s3_handler import S3Uploader + +app = Flask(__name__) + +# --- Configuration --- +# TODO: Move these to a secure vault like HashiCorp Vault or AWS Secrets Manager +app.config['DATABASE_URI'] = "postgres://user_prod_rw:dG9m9#4k!sPq@db-prod-cluster.c8x4z1b2q3r.us-east-1.rds.amazonaws.com:5432/main_app" +S3_ACCESS_KEY = "AKIAY3R4WZ76X2P5QJ6M" +S3_SECRET_KEY = "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" +S3_BUCKET_NAME = "customer-uploads-prod-77281" + +db_connection = Database(app.config['DATABASE_URI']) +s3_uploader = S3Uploader(S3_ACCESS_KEY, S3_SECRET_KEY, S3_BUCKET_NAME) + +@app.route('/api/v1/health') +def health_check(): + return jsonify({'status': 'ok'}), 200 + +@app.route('/api/v1/users/', methods=['GET']) +def get_user(user_id): + user_data = db_connection.get_user_by_id(user_id) + if user_data: + return jsonify(user_data) + return jsonify({'error': 'User not found'}), 404 + +if __name__ == '__main__': + app.run(host='0.0.0.0', port=5000) diff --git a/secrets-benchmarks/snippets/072/ground-truth.json b/secrets-benchmarks/snippets/072/ground-truth.json new file mode 100644 index 0000000..66fca05 --- /dev/null +++ b/secrets-benchmarks/snippets/072/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 16, + "language": "yaml", + "findings": [ + { + "line_number": 18, + "secret": "sqp_a8b3f0c1d2e4a5b6c7d8e9f0a1b2c3d4e5f6a7b8", + "label": "True Positive" + }, + { + "line_number": 33, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/072/snippet.yml b/secrets-benchmarks/snippets/072/snippet.yml new file mode 100644 index 0000000..f437212 --- /dev/null +++ b/secrets-benchmarks/snippets/072/snippet.yml @@ -0,0 +1,36 @@ +name: CI-CD Pipeline + +on: + push: + branches: + - main + - 'release/*' + +jobs: + build-and-test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + - name: SonarQube Scan + uses: sonarsource/sonarqube-scan-action@master + env: + SONAR_TOKEN: 'sqp_a8b3f0c1d2e4a5b6c7d8e9f0a1b2c3d4e5f6a7b8' + SONAR_HOST_URL: 'https://sonar.mycompany.io' + + deploy-to-staging: + needs: build-and-test + runs-on: ubuntu-latest + steps: + - name: Deploy to Staging Environment + run: | + echo "Deploying to staging..." + # Ansible deployment script here + + - name: Notify on Slack + uses: rtCamp/action-slack-notify@v2 + env: + SLACK_WEBHOOK: 'https://hooks.slack.com/services/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' + SLACK_TITLE: 'Deployment Succeeded: Staging' + SLACK_COLOR: 'good' + SLACK_MESSAGE: 'The latest build from `main` has been deployed to the staging environment.' diff --git a/secrets-benchmarks/snippets/073/ground-truth.json b/secrets-benchmarks/snippets/073/ground-truth.json new file mode 100644 index 0000000..0757b9d --- /dev/null +++ b/secrets-benchmarks/snippets/073/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 16, + "language": "terraform", + "findings": [ + { + "line_number": 4, + "secret": "{\\\"type\\\": \\\"service_account\\\",\\\"project_id\\\": \\\"corp-infra-314159\\\",\\\"private_key_id\\\": \\\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\\\",\\\"private_key\\\": \\\"-----BEGIN PRIVATE KEY-----\\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAO3B...\\n-----END PRIVATE KEY-----\\n\\\",\\\"client_email\\\": \\\"terraform@corp-infra-314159.iam.gserviceaccount.com\\\",\\\"client_id\\\": \\\"123456789012345678901\\\",\\\"auth_uri\\\": \\\"https://accounts.google.com/o/oauth2/auth\\\",\\\"token_uri\\\": \\\"https://oauth2.googleapis.com/token\\\",\\\"auth_provider_x509_cert_url\\\": \\\"https://www.googleapis.com/oauth2/v1/certs\\\",\\\"client_x509_cert_url\\\": \\\"https://www.googleapis.com/robot/v1/metadata/x509/terraform%40corp-infra-314159.iam.gserviceaccount.com\\\"}", + "label": "True Positive" + }, + { + "line_number": 8, + "secret": "dd_api_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/073/snippet.tf b/secrets-benchmarks/snippets/073/snippet.tf new file mode 100644 index 0000000..19fe047 --- /dev/null +++ b/secrets-benchmarks/snippets/073/snippet.tf @@ -0,0 +1,28 @@ +provider "google" { + project = var.gcp_project_id + region = "us-central1" + credentials = "{\"type\": \"service_account\",\"project_id\": \"corp-infra-314159\",\"private_key_id\": \"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\",\"private_key\": \"-----BEGIN PRIVATE KEY-----\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAO3B...\n-----END PRIVATE KEY-----\n\",\"client_email\": \"terraform@corp-infra-314159.iam.gserviceaccount.com\",\"client_id\": \"123456789012345678901\",\"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\"token_uri\": \"https://oauth2.googleapis.com/token\",\"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/terraform%40corp-infra-314159.iam.gserviceaccount.com\"}" +} + +provider "datadog" { + api_key = "dd_api_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6" + app_key = var.datadog_app_key +} + +resource "google_compute_instance" "web_server" { + name = "web-server-prod-01" + machine_type = "e2-medium" + zone = "us-central1-a" + + boot_disk { + initialize_params { + image = "debian-cloud/debian-11" + } + } + + network_interface { + network = "default" + } + + tags = ["web", "production"] +} diff --git a/secrets-benchmarks/snippets/074/ground-truth.json b/secrets-benchmarks/snippets/074/ground-truth.json new file mode 100644 index 0000000..d7e5f2e --- /dev/null +++ b/secrets-benchmarks/snippets/074/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 16, + "language": "javascript", + "findings": [ + { + "line_number": 9, + "secret": "https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o123456.ingest.sentry.io/7890123", + "label": "True Positive" + }, + { + "line_number": 17, + "secret": "pk.eyJ1IjoibXljb29sZGV2IiwiYSI6ImNrdjRzM2l2ZDBsYjQyd3M0cGszbTNnNHAifQ.H9f_zAbCdEfGhIjKlMnOpQ", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/074/snippet.js b/secrets-benchmarks/snippets/074/snippet.js new file mode 100644 index 0000000..d3c59ed --- /dev/null +++ b/secrets-benchmarks/snippets/074/snippet.js @@ -0,0 +1,34 @@ +import React, { useEffect } from 'react'; +import * as Sentry from '@sentry/react'; +import { BrowserTracing } from '@sentry/tracing'; +import mapboxgl from 'mapbox-gl'; + +export const initializeThirdPartyServices = () => { + // Sentry Initialization for error tracking + Sentry.init({ + dsn: "https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o123456.ingest.sentry.io/7890123", + integrations: [new BrowserTracing()], + tracesSampleRate: 0.2, + environment: process.env.NODE_ENV, + }); + + // Mapbox GL JS configuration + // This token is used to authenticate with Mapbox's APIs. + mapboxgl.accessToken = 'pk.eyJ1IjoibXljb29sZGV2IiwiYSI6ImNrdjRzM2l2ZDBsYjQyd3M0cGszbTNnNHAifQ.H9f_zAbCdEfGhIjKlMnOpQ'; +}; + +const MapComponent = () => { + useEffect(() => { + const map = new mapboxgl.Map({ + container: 'map-container', // container ID + style: 'mapbox://styles/mapbox/streets-v11', + center: [-74.5, 40], // starting position + zoom: 9 // starting zoom + }); + return () => map.remove(); + }, []); + + return
; +}; + +export default MapComponent; diff --git a/secrets-benchmarks/snippets/075/ground-truth.json b/secrets-benchmarks/snippets/075/ground-truth.json new file mode 100644 index 0000000..0b44671 --- /dev/null +++ b/secrets-benchmarks/snippets/075/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 16, + "language": "properties", + "findings": [ + { + "line_number": 13, + "secret": "T#8sLpVm9@zQ!wY7", + "label": "True Positive" + }, + { + "line_number": 19, + "secret": "3xP1rE_N3v3r_5tRoNg_PA55!", + "label": "True Positive" + }, + { + "line_number": 22, + "secret": "key-0987654321fedcba0987654321fedcba", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/075/snippet.properties b/secrets-benchmarks/snippets/075/snippet.properties new file mode 100644 index 0000000..b6ffbe9 --- /dev/null +++ b/secrets-benchmarks/snippets/075/snippet.properties @@ -0,0 +1,27 @@ +# ================================================ +# Main Application Configuration - PRODUCTION +# ================================================ + +# Application Settings +app.name=Customer Relationship Management API +app.version=2.5.1 +app.environment=production + +# Database Connection (PostgreSQL) +spring.datasource.url=jdbc:postgresql://prod-db-1.internal:5432/crm_prod +spring.datasource.username=crm_prod_user +spring.datasource.password=T#8sLpVm9@zQ!wY7 +spring.jpa.hibernate.ddl-auto=validate + +# Redis Cache Configuration +spring.redis.host=redis-prod.internal +spring.redis.port=6379 +spring.redis.password=3xP1rE_N3v3r_5tRoNg_PA55! + +# Email Service (Mailgun) +mailgun.api.key=key-0987654321fedcba0987654321fedcba +mailgun.api.domain=mg.mycompany.com + +# Logging Configuration +logging.level.root=WARN +logging.level.com.mycompany=INFO diff --git a/secrets-benchmarks/snippets/076/ground-truth.json b/secrets-benchmarks/snippets/076/ground-truth.json new file mode 100644 index 0000000..667598b --- /dev/null +++ b/secrets-benchmarks/snippets/076/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 17, + "language": "python", + "findings": [ + { + "line_number": 9, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive" + }, + { + "line_number": 10, + "secret": "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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/076/snippet.py b/secrets-benchmarks/snippets/076/snippet.py new file mode 100644 index 0000000..6f70485 --- /dev/null +++ b/secrets-benchmarks/snippets/076/snippet.py @@ -0,0 +1,38 @@ +import boto3 +from flask import Flask, request, jsonify +from botocore.exceptions import ClientError + +app = Flask(__name__) + +def create_s3_client(): + # Static credentials for service account - temporary solution for dev + aws_access_key = "AKIAY3R4WZ76X2P5QJ6M" + aws_secret = "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" + + return boto3.client( + 's3', + aws_access_key_id=aws_access_key, + aws_secret_access_key=aws_secret, + region_name='us-east-1' + ) + +@app.route('/api/v1/upload', methods=['POST']) +def upload_file(): + if 'file' not in request.files: + return jsonify({'error': 'No file part'}), 400 + + file = request.files['file'] + if file.filename == '': + return jsonify({'error': 'No selected file'}), 400 + + s3_client = create_s3_client() + bucket_name = 'corp-internal-document-uploads' + + try: + s3_client.upload_fileobj(file, bucket_name, file.filename) + return jsonify({'message': f'File {file.filename} uploaded successfully.'}), 200 + except ClientError as e: + return jsonify({'error': str(e)}), 500 + +if __name__ == '__main__': + app.run(debug=False, port=5000) diff --git a/secrets-benchmarks/snippets/077/ground-truth.json b/secrets-benchmarks/snippets/077/ground-truth.json new file mode 100644 index 0000000..178c3a9 --- /dev/null +++ b/secrets-benchmarks/snippets/077/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 17, + "language": "terraform", + "findings": [ + { + "line_number": 17, + "secret": "E#u8!pS$t9rWbK@zL7m3vN&yQ2xH", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/077/snippet.tf b/secrets-benchmarks/snippets/077/snippet.tf new file mode 100644 index 0000000..ffaece0 --- /dev/null +++ b/secrets-benchmarks/snippets/077/snippet.tf @@ -0,0 +1,41 @@ +# =================================================================== +# Terraform configuration for the staging database +# =================================================================== + +provider "aws" { + region = "eu-west-2" +} + +resource "aws_db_instance" "user_data_db_staging" { + identifier = "user-data-db-staging-instance" + instance_class = "db.t3.micro" + allocated_storage = 20 + engine = "postgres" + engine_version = "14.2" + name = "userdb_staging" + username = "stg_db_admin" + password = "E#u8!pS$t9rWbK@zL7m3vN&yQ2xH" + publicly_accessible = false + skip_final_snapshot = true + vpc_security_group_ids = [aws_security_group.db_sg.id] + db_subnet_group_name = aws_db_subnet_group.default.name + + tags = { + Environment = "Staging" + Project = "UserDataService" + ManagedBy = "Terraform" + } +} + +resource "aws_security_group" "db_sg" { + name = "db-sg-staging" + description = "Allow traffic to staging DB from app tier" + vpc_id = var.vpc_id + + ingress { + from_port = 5432 + to_port = 5432 + protocol = "tcp" + cidr_blocks = [var.app_tier_cidr] + } +} diff --git a/secrets-benchmarks/snippets/078/ground-truth.json b/secrets-benchmarks/snippets/078/ground-truth.json new file mode 100644 index 0000000..abe100d --- /dev/null +++ b/secrets-benchmarks/snippets/078/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 17, + "language": "yaml", + "findings": [ + { + "line_number": 23, + "secret": "dckr_pat_a4sRgT9iOpQ2mZl8vWb7nXc1jYkFhG5uE-r3v", + "label": "True Positive" + }, + { + "line_number": 35, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive" + }, + { + "line_number": 40, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/078/snippet.yml b/secrets-benchmarks/snippets/078/snippet.yml new file mode 100644 index 0000000..16d43de --- /dev/null +++ b/secrets-benchmarks/snippets/078/snippet.yml @@ -0,0 +1,40 @@ +name: Build and Push Docker Image + +on: + push: + branches: + - main + +jobs: + build-and-deploy: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: 'corpbuildbot' + password: 'dckr_pat_a4sRgT9iOpQ2mZl8vWb7nXc1jYkFhG5uE-r3v' + + - name: Build and push image + uses: docker/build-push-action@v4 + with: + context: . + push: true + tags: corp/auth-service:latest + + - name: Send Slack notification on success + if: success() + run: | + curl -X POST -H 'Content-type: application/json' --data '{"text":"Deployment of `auth-service` succeeded."}' https://hooks.slack.com/services/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 + + - name: Send Slack notification on failure + if: failure() + run: | + curl -X POST -H 'Content-type: application/json' --data '{"text":"Deployment of `auth-service` failed!"}' https://hooks.slack.com/services/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 diff --git a/secrets-benchmarks/snippets/079/ground-truth.json b/secrets-benchmarks/snippets/079/ground-truth.json new file mode 100644 index 0000000..dd1aafe --- /dev/null +++ b/secrets-benchmarks/snippets/079/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 17, + "language": "javascript", + "findings": [ + { + "line_number": 7, + "secret": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o1234567.ingest.sentry.io/1234567", + "label": "True Positive" + }, + { + "line_number": 13, + "secret": "pk.eyJ1Ijoiam9obmRvZXVzZXIxMiIsImEiOiJjbGo4YXRzdzIwMHg4M2VudW1hYjM2ajBiIn0.5aPq3iL9bR8vJkCw1sF4nQ", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/079/snippet.js b/secrets-benchmarks/snippets/079/snippet.js new file mode 100644 index 0000000..c9d7177 --- /dev/null +++ b/secrets-benchmarks/snippets/079/snippet.js @@ -0,0 +1,38 @@ +import React, { useRef, useEffect, useState } from 'react'; +import mapboxgl from 'mapbox-gl'; +import * as Sentry from "@sentry/react"; + +// Initialize error tracking +Sentry.init({ + dsn: "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o1234567.ingest.sentry.io/1234567", + integrations: [new Sentry.BrowserTracing()], + tracesSampleRate: 1.0, +}); + +// Hardcoded key for now, will move to env vars before prod +mapboxgl.accessToken = 'pk.eyJ1Ijoiam9obmRvZXVzZXIxMiIsImEiOiJjbGo4YXRzdzIwMHg4M2VudW1hYjM2ajBiIn0.5aPq3iL9bR8vJkCw1sF4nQ'; + +export const MapComponent = () => { + const mapContainer = useRef(null); + const map = useRef(null); + const [lng, setLng] = useState(-70.9); + const [lat, setLat] = useState(42.35); + const [zoom, setZoom] = useState(9); + + useEffect(() => { + if (map.current) return; // initialize map only once + if (!mapContainer.current) return; + map.current = new mapboxgl.Map({ + container: mapContainer.current, + style: 'mapbox://styles/mapbox/streets-v11', + center: [lng, lat], + zoom: zoom + }); + }); + + return ( +
+
+
+ ); +}; diff --git a/secrets-benchmarks/snippets/080/ground-truth.json b/secrets-benchmarks/snippets/080/ground-truth.json new file mode 100644 index 0000000..110a332 --- /dev/null +++ b/secrets-benchmarks/snippets/080/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 17, + "language": "go", + "findings": [ + { + "line_number": 18, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzcnYtZGF0YS1yZXRyaWV2ZXIiLCJpc3MiOiJhdXRoLXNlcnZpY2UiLCJhdWQiOiJkYXRhLWFwaSIsImV4cCI6MTcxOTk1ODAwMCwiaWF0IjoxNzE5OTU0NDAwLCJzY29wZSI6InVzZXI6cmVhZCJ9.K4gTfH9sLw2RjZpYn7oVxC8uEaD6mXwB1qI0sPzKjJc", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/080/snippet.go b/secrets-benchmarks/snippets/080/snippet.go new file mode 100644 index 0000000..2e3dbd7 --- /dev/null +++ b/secrets-benchmarks/snippets/080/snippet.go @@ -0,0 +1,53 @@ +package main + +import ( + "fmt" + "io/ioutil" + "log" + "net/http" + "os" +) + +const apiBaseURL = "https://api.internal.corp.net/v2/data" + +// fetchUserData retrieves user data from the internal API. +func fetchUserData(userID string) ([]byte, error) { + client := &http.Client{} + + // This service token has read-only access to the user data endpoint. + serviceToken := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzcnYtZGF0YS1yZXRyaWV2ZXIiLCJpc3MiOiJhdXRoLXNlcnZpY2UiLCJhdWQiOiJkYXRhLWFwaSIsImV4cCI6MTcxOTk1ODAwMCwiaWF0IjoxNzE5OTU0NDAwLCJzY29wZSI6InVzZXI6cmVhZCJ9.K4gTfH9sLw2RjZpYn7oVxC8uEaD6mXwB1qI0sPzKjJc" + + req, err := http.NewRequest("GET", fmt.Sprintf("%s/%s", apiBaseURL, userID), nil) + if err != nil { + return nil, fmt.Errorf("failed to create request: %w", err) + } + + req.Header.Add("Authorization", "Bearer "+serviceToken) + req.Header.Add("Content-Type", "application/json") + + resp, err := client.Do(req) + if err != nil { + return nil, fmt.Errorf("request failed: %w", err) + } + defer resp.Body.Close() + + body, err := ioutil.ReadAll(resp.Body) + if err != nil { + return nil, fmt.Errorf("failed to read response body: %w", err) + } + + return body, nil +} + +func main() { + if len(os.Args) < 2 { + log.Fatal("Usage: go run main.go ") + } + + data, err := fetchUserData(os.Args[1]) + if err != nil { + log.Fatalf("Error fetching user data: %v", err) + } + + fmt.Println(string(data)) +} diff --git a/secrets-benchmarks/snippets/081/ground-truth.json b/secrets-benchmarks/snippets/081/ground-truth.json new file mode 100644 index 0000000..e028669 --- /dev/null +++ b/secrets-benchmarks/snippets/081/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 18, + "language": "go", + "findings": [ + { + "line_number": 12, + "secret": "ACd2ae2e27b6c845b29c0f8e9a3d1c4b6f", + "label": "True Positive" + }, + { + "line_number": 13, + "secret": "8a3f5b7c9d1e6f4a2b9c8d7e5f3a1b0c", + "label": "True Positive" + }, + { + "line_number": 25, + "secret": "SG.f4Jk9sL2QpWzX8vY7uA1tG.hR3iP6oV5bN4mK1jL9cD8gE7F2sA3qB0iO6uY4eWzZ", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/081/snippet.go b/secrets-benchmarks/snippets/081/snippet.go new file mode 100644 index 0000000..7a2e10d --- /dev/null +++ b/secrets-benchmarks/snippets/081/snippet.go @@ -0,0 +1,40 @@ +package main + +import ( + "fmt" + "log" + "github.com/gin-gonic/gin" + "github.com/sendgrid/sendgrid-go" + "github.com/sendgrid/sendgrid-go/helpers/mail" +) + +const ( + twilioAccountSID = "ACd2ae2e27b6c845b29c0f8e9a3d1c4b6f" + twilioAuthToken = "8a3f5b7c9d1e6f4a2b9c8d7e5f3a1b0c" +) + +func sendWelcomeEmail(recipient string) error { + from := mail.NewEmail("MyApp Team", "noreply@myapp.com") + subject := "Welcome to MyApp!" + to := mail.NewEmail("New User", recipient) + plainTextContent := "Thanks for signing up!" + htmlContent := "We're excited to have you." + message := mail.NewSingleEmail(from, subject, to, plainTextContent, htmlContent) + + // In a real app, this key would be in a secrets manager. + sendgridAPIKey := "SG.f4Jk9sL2QpWzX8vY7uA1tG.hR3iP6oV5bN4mK1jL9cD8gE7F2sA3qB0iO6uY4eWzZ" + client := sendgrid.NewSendClient(sendgridAPIKey) + response, err := client.Send(message) + if err != nil { + log.Println("Failed to send email:", err) + return err + } + + if response.StatusCode >= 300 { + log.Println("SendGrid returned an error:", response.Body) + return fmt.Errorf("SendGrid error %d", response.StatusCode) + } + + log.Println("Welcome email sent successfully to", recipient) + return nil +} diff --git a/secrets-benchmarks/snippets/082/ground-truth.json b/secrets-benchmarks/snippets/082/ground-truth.json new file mode 100644 index 0000000..5e3581b --- /dev/null +++ b/secrets-benchmarks/snippets/082/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 18, + "language": "yaml", + "findings": [ + { + "line_number": 13, + "secret": "dckr_pat_1kIuR9vO7mS3xZ5yQ2jF8bN6pL4cH0gA9dE", + "label": "True Positive" + }, + { + "line_number": 14, + "secret": "apiVersion: v1\\nclusters:\\n- cluster:\\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lKQU9ocFlVbEpxdEVsTUEwR0NTcUdTSWIzRFFFQkN3VUFNQWd4Q3pBSkJnTlYKQkFZVEFrTk9NUkV3RHdZRFZRUUhFd2xQYms1dllteHZZMkZzYUc5emREb0tNQk1HQTFVRUNnd01SR1ZzYkc5egpjeUJCYkdGaVlXMGlhSFl4RURBT0JnTlZCQWNUQjBKc2IyRmtiaUJrYjI1amIyNHdIaGNOTWpFd05qRTFNRGc1CldqQm5aGFk5TWpZeU9ERXhNVFV3V2pBTUJnOHdDUVlEVlFRR0V3SlZVekVSTUE4R0ExVUVDQXdJVGs5eWVTQkIKZFhSb2IzSnBlbVJOZVhOMFpXUkJjblZsY21sbklqcDdNQ01HQTFVRUN3d01SR1ZzYkc5emN5QkJiR0ZpWVcwMQpMWFJ2SUZCQmdrcWhraUc5dzBCQVFzRkFBT0NBUThBTUlJQkNnS0NBUUVBNzJSM2x4VmhYUXFvbU55U3U3V3UKU0J3aEVyY2tlcVp3YXdJbmd0VzFwK2J2RjJ0em80VnFmcE5kSG53N2sxcFp0a1FtbUtHcHdLVGxtV295b2lCCnhaYlhmTlpzQzF6OGprVUtzZncrL2x3emJ4K0d4TmVqYzdqQnhwVnJ0VnQ1aWJCVllWc3J0K25wV1B5ZEZnOAphRjU2SlNuS081R3BqV0YwZkhGdzN3bFlmZ3JGYXBCMzQ4K3Bqam1FSE1wUkZkQmltUXh2MjQxb05kQ3l0VgppaE9sT090R3Y2ajN4dkw1Rkt3a3d5ZzR0VmFydG14N3VlMWxVSHRFV0FwWWVvUHVVbFFuN1N5K2Z4M0RVSDEKU2dGWWJ2V0w1VFFQdEtJb1JpWXhQd0lEQVFBQm8xTXdVVEFkQmdOVkhRNEVGZ1FVeEtTMmZHRStpZEtGZ3pvCkhCMUo3akU2MzhNd0N3WURWUjBQQkFRREFnRUdNQThHQTFVZEV3RUIvd1FGTUFvR0NDc0dBUVVCRndNQ01BOEcKQTFVZEpRUU1NQW9HQ0NzR0FRVUZCd01DQmdnckJnRUZCUWNEQWdZSUt3WUJCUVVIQXdFd0RRWUpLb1pJaHZjTgpBUUVMQlFBRGdnRUJBSjZJekNid1B6dE9XbHhEVWw3bnd3bW14enVqV0d5UFNkY1FkSXZyTmM2UWhvYkZ4bgpHMVl1WllKdkdYQ2ZpZ3BvSlhpUmRuc0x6M2hTNVpSN0lXNnduNkZ6d2x1U3Z6TWltdENnQy8xSkJ2aG9tSwp0NzlJOG05S2Q3dHZ0QWZvRytzNFNUeWdndzN5VnhIdVAvUHV1c2hJbTNQWEt6MVZlZ1E1MWp0ckVlSWU4MjgKQyt2VnBLd1d5QmpMUE9sV3g2b1U5akd1MXNWSldYV210VFF0N3hBcVJkMVdJMEV4YW5iSmZ0TzJtQ2t2eGtrClR0ZUVtMzdIbnZkK3dOOUQ3dVRiYjBwLyt3d3N0T2cvQVVtb1B2Lyt3TG5PQVp6QklYUk1BMG89Ci0tLS0tRU5EIENFUlRJTklDQVRFLS0tLS0K", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/082/snippet.yml b/secrets-benchmarks/snippets/082/snippet.yml new file mode 100644 index 0000000..3d55f5f --- /dev/null +++ b/secrets-benchmarks/snippets/082/snippet.yml @@ -0,0 +1,40 @@ +name: Deploy Staging Environment + +on: + push: + branches: + - staging + +jobs: + build-and-deploy: + runs-on: ubuntu-latest + env: + DOCKER_REGISTRY: docker.pkg.github.com + DOCKERHUB_TOKEN: "dckr_pat_1kIuR9vO7mS3xZ5yQ2jF8bN6pL4cH0gA9dE" + KUBE_CONFIG_DATA: "apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lKQU9ocFlVbEpxdEVsTUEwR0NTcUdTSWIzRFFFQkN3VUFNQWd4Q3pBSkJnTlYKQkFZVEFrTk9NUkV3RHdZRFZRUUhFd2xQYms1dllteHZZMkZzYUc5emREb0tNQk1HQTFVRUNnd01SR1ZzYkc5egpjeUJCYkdGaVlXMGlhSFl4RURBT0JnTlZCQWNUQjBKc2IyRmtiaUJrYjI1amIyNHdIaGNOTWpFd05qRTFNRGc1CldqQm5aGFk5TWpZeU9ERXhNVFV3V2pBTUJnOHdDUVlEVlFRR0V3SlZVekVSTUE4R0ExVUVDQXdJVGs5eWVTQkIKZFhSb2IzSnBlbVJOZVhOMFpXUkJjblZsY21sbklqcDdNQ01HQTFVRUN3d01SR1ZzYkc5emN5QkJiR0ZpWVcwMQpMWFJ2SUZCQmdrcWhraUc5dzBCQVFzRkFBT0NBUThBTUlJQkNnS0NBUUVBNzJSM2x4VmhYUXFvbU55U3U3V3UKU0J3aEVyY2tlcVp3YXdJbmd0VzFwK2J2RjJ0em80VnFmcE5kSG53N2sxcFp0a1FtbUtHcHdLVGxtV295b2lCCnhaYlhmTlpzQzF6OGprVUtzZncrL2x3emJ4K0d4TmVqYzdqQnhwVnJ0VnQ1aWJCVllWc3J0K25wV1B5ZEZnOAphRjU2SlNuS081R3BqV0YwZkhGdzN3bFlmZ3JGYXBCMzQ4K3Bqam1FSE1wUkZkQmltUXh2MjQxb05kQ3l0VgppaE9sT090R3Y2ajN4dkw1Rkt3a3d5ZzR0VmFydG14N3VlMWxVSHRFV0FwWWVvUHVVbFFuN1N5K2Z4M0RVSDEKU2dGWWJ2V0w1VFFQdEtJb1JpWXhQd0lEQVFBQm8xTXdVVEFkQmdOVkhRNEVGZ1FVeEtTMmZHRStpZEtGZ3pvCkhCMUo3akU2MzhNd0N3WURWUjBQQkFRREFnRUdNQThHQTFVZEV3RUIvd1FGTUFvR0NDc0dBUVVCRndNQ01BOEcKQTFVZEpRUU1NQW9HQ0NzR0FRVUZCd01DQmdnckJnRUZCUWNEQWdZSUt3WUJCUVVIQXdFd0RRWUpLb1pJaHZjTgpBUUVMQlFBRGdnRUJBSjZJekNid1B6dE9XbHhEVWw3bnd3bW14enVqV0d5UFNkY1FkSXZyTmM2UWhvYkZ4bgpHMVl1WllKdkdYQ2ZpZ3BvSlhpUmRuc0x6M2hTNVpSN0lXNnduNkZ6d2x1U3Z6TWltdENnQy8xSkJ2aG9tSwp0NzlJOG05S2Q3dHZ0QWZvRytzNFNUeWdndzN5VnhIdVAvUHV1c2hJbTNQWEt6MVZlZ1E1MWp0ckVlSWU4MjgKQyt2VnBLd1d5QmpMUE9sV3g2b1U5akd1MXNWSldYV210VFF0N3hBcVJkMVdJMEV4YW5iSmZ0TzJtQ2t2eGtrClR0ZUVtMzdIbnZkK3dOOUQ3dVRiYjBwLyt3d3N0T2cvQVVtb1B2Lyt3TG5PQVp6QklYUk1BMG89Ci0tLS0tRU5EIENFUlRJTklDQVRFLS0tLS0K server: https://1a2b3c4d-e5f6-7890.k8s.ondigitalocean.com\n name: do-sfo2-prod-cluster\ncontexts:\n- context:\n cluster: do-sfo2-prod-cluster\n user: do-sfo2-prod-cluster-admin\n name: do-sfo2-prod-cluster\ncurrent-context: do-sfo2-prod-cluster\nkind: Config\npreferences: {}\nusers:\n- name: do-sfo2-prod-cluster-admin\n user:\n token: dop_v1_a738c2f10d9e8b6d4c5b9f7a8e2d1c0b3a4f5d6e7g8h9i0j1k_prod_token\n" + + steps: + - name: Checkout Code + uses: actions/checkout@v3 + + - name: Configure kubectl + run: | + mkdir -p $HOME/.kube + echo "$KUBE_CONFIG_DATA" | base64 --decode > $HOME/.kube/config + chmod 600 $HOME/.kube/config + + - name: Login to DockerHub + uses: docker/login-action@v2 + with: + username: 'my-app-bot' + password: ${{ env.DOCKERHUB_TOKEN }} + + - name: Build and Push Docker Image + run: | + docker build -t my-app-bot/my-app:${{ github.sha }} . + docker push my-app-bot/my-app:${{ github.sha }} + + - name: Deploy to Kubernetes + run: | + kubectl apply -f k8s/deployment.yaml + kubectl set image deployment/my-app-deployment my-app=my-app-bot/my-app:${{ github.sha }} diff --git a/secrets-benchmarks/snippets/083/ground-truth.json b/secrets-benchmarks/snippets/083/ground-truth.json new file mode 100644 index 0000000..5dd5600 --- /dev/null +++ b/secrets-benchmarks/snippets/083/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 18, + "language": "javascript", + "findings": [ + { + "line_number": 7, + "secret": "pk.eyJ1IjoibWFwcHJvZHVjdGlvbiIsImEiOiJjazg1dGY3c2gwM3FmM21wZzRjY3Y5cGpzIn0.4k_O3Zf5xG5aE9Jd6pQxYw", + "label": "True Positive" + }, + { + "line_number": 13, + "secret": "https://e8e7f8e6e5e44a4b8b8b9c9d0e1f2g3h@o450555.ingest.sentry.io/4505551234567890", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/083/snippet.js b/secrets-benchmarks/snippets/083/snippet.js new file mode 100644 index 0000000..1475371 --- /dev/null +++ b/secrets-benchmarks/snippets/083/snippet.js @@ -0,0 +1,38 @@ +import React from 'react'; +import { MapContainer, TileLayer, Marker } from 'react-leaflet'; +import * as Sentry from '@sentry/react'; + +// App configuration should be moved to a secure location. +const config = { + mapboxToken: 'pk.eyJ1IjoibWFwcHJvZHVjdGlvbiIsImEiOiJjazg1dGY3c2gwM3FmM21wZzRjY3Y5cGpzIn0.4k_O3Zf5xG5aE9Jd6pQxYw', + defaultPosition: [40.7128, -74.0060], // New York City + initialZoom: 13 +}; + +Sentry.init({ + dsn: 'https://e8e7f8e6e5e44a4b8b8b9c9d0e1f2g3h@o450555.ingest.sentry.io/4505551234567890', + integrations: [new Sentry.BrowserTracing()], + tracesSampleRate: 1.0, +}); + +const LocationMap = ({ position }) => { + const mapPosition = position || config.defaultPosition; + + if (!config.mapboxToken) { + return
Error: Mapbox token is not configured.
; + } + + const tileUrl = `https://api.mapbox.com/styles/v1/mapbox/streets-v11/tiles/{z}/{x}/{y}?access_token=${config.mapboxToken}`; + + return ( + + + + + ); +}; + +export default Sentry.withProfiler(LocationMap); diff --git a/secrets-benchmarks/snippets/084/ground-truth.json b/secrets-benchmarks/snippets/084/ground-truth.json new file mode 100644 index 0000000..6798535 --- /dev/null +++ b/secrets-benchmarks/snippets/084/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 18, + "language": "python", + "findings": [ + { + "line_number": 10, + "secret": "postgres://prod_user_rw:8!hG#kL$pQ2s@db.prod.internal:5432/main", + "label": "True Positive" + }, + { + "line_number": 13, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive" + }, + { + "line_number": 14, + "secret": "wJalrXUtnFEMI/K7MDENG+bPxRfiCYzEXAMPLE", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/084/snippet.py b/secrets-benchmarks/snippets/084/snippet.py new file mode 100644 index 0000000..f9b0c51 --- /dev/null +++ b/secrets-benchmarks/snippets/084/snippet.py @@ -0,0 +1,46 @@ +from flask import Flask, jsonify, request +from sqlalchemy import create_engine, text +import boto3 +import logging + +app = Flask(__name__) +logging.basicConfig(level=logging.INFO) + +# --- Configuration section - NEVER commit this to git --- +DATABASE_URI = "postgres://prod_user_rw:8!hG#kL$pQ2s@db.prod.internal:5432/main" +AWS_CONFIG = { + 'region_name': 'us-east-1', + 'aws_access_key_id': 'AKIAY3R4WZ76X2P5QJ6M', + 'aws_secret_access_key': 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYzEXAMPLE' +} +# ----------------------------------------------------- + +db_engine = create_engine(DATABASE_URI) +s3_client = boto3.client('s3', **AWS_CONFIG) + +@app.route('/api/v1/documents/', methods=['GET']) +def get_document_metadata(doc_id): + try: + with db_engine.connect() as connection: + query = text("SELECT name, s3_bucket, s3_key, created_at FROM documents WHERE id = :id") + result = connection.execute(query, {'id': doc_id}).fetchone() + + if not result: + return jsonify({'error': 'Document not found'}), 404 + + doc_data = dict(result._mapping) + + signed_url = s3_client.generate_presigned_url( + 'get_object', + Params={'Bucket': doc_data['s3_bucket'], 'Key': doc_data['s3_key']}, + ExpiresIn=3600 + ) + doc_data['download_url'] = signed_url + return jsonify(doc_data) + + except Exception as e: + logging.error(f"Error fetching document {doc_id}: {e}") + return jsonify({'error': 'Internal server error'}), 500 + +if __name__ == '__main__': + app.run(host='0.0.0.0', port=5000) diff --git a/secrets-benchmarks/snippets/085/ground-truth.json b/secrets-benchmarks/snippets/085/ground-truth.json new file mode 100644 index 0000000..e588a27 --- /dev/null +++ b/secrets-benchmarks/snippets/085/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 18, + "language": "terraform", + "findings": [ + { + "line_number": 6, + "secret": "AKIAIOSFODNN7EXAMPLE", + "label": "True Positive" + }, + { + "line_number": 7, + "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", + "label": "True Positive" + }, + { + "line_number": 17, + "secret": "P@ssw0rdDbProd123!ChangeMe", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/085/snippet.tf b/secrets-benchmarks/snippets/085/snippet.tf new file mode 100644 index 0000000..9192dcb --- /dev/null +++ b/secrets-benchmarks/snippets/085/snippet.tf @@ -0,0 +1,45 @@ +# Terraform configuration for the application's core infrastructure +# Manages the primary RDS instance and a Redis cache cluster. + +provider "aws" { + region = "eu-west-2" + access_key = "AKIAIOSFODNN7EXAMPLE" + secret_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" +} + +resource "aws_db_instance" "main" { + allocated_storage = 100 + engine = "postgres" + engine_version = "14.1" + instance_class = "db.t3.large" + db_name = "app_prod_db" + username = "dbmaster" + password = "P@ssw0rdDbProd123!ChangeMe" + parameter_group_name = "default.postgres14" + skip_final_snapshot = true + vpc_security_group_ids = [aws_security_group.db_sg.id] +} + +resource "aws_elasticache_cluster" "cache" { + cluster_id = "app-cache-prod" + engine = "redis" + engine_version = "6.x" + node_type = "cache.t3.medium" + num_cache_nodes = 2 + port = 6379 + parameter_group_name = "default.redis6.x" + subnet_group_name = aws_elasticache_subnet_group.default.name +} + +resource "aws_security_group" "db_sg" { + name = "db_security_group" + description = "Allow traffic to the database" + + ingress { + # This should be more restrictive + from_port = 5432 + to_port = 5432 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } +} diff --git a/secrets-benchmarks/snippets/086/ground-truth.json b/secrets-benchmarks/snippets/086/ground-truth.json new file mode 100644 index 0000000..c9a6be8 --- /dev/null +++ b/secrets-benchmarks/snippets/086/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 19, + "language": "python", + "findings": [ + { + "line_number": 10, + "secret": "postgres://prod_svc_user:aG#9z@K3qB$v7s@db-users-primary.c1xyz2abc3de.us-east-1.rds.amazonaws.com:5432/profiles", + "label": "True Positive" + }, + { + "line_number": 14, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/086/snippet.py b/secrets-benchmarks/snippets/086/snippet.py new file mode 100644 index 0000000..3b4070c --- /dev/null +++ b/secrets-benchmarks/snippets/086/snippet.py @@ -0,0 +1,42 @@ +from flask import Flask, jsonify, request +from flask_sqlalchemy import SQLAlchemy +from sqlalchemy.exc import IntegrityError +import stripe +import os + +app = Flask(__name__) + +# Database configuration - should be in env vars +app.config['SQLALCHEMY_DATABASE_URI'] = 'postgres://prod_svc_user:aG#9z@K3qB$v7s@db-users-primary.c1xyz2abc3de.us-east-1.rds.amazonaws.com:5432/profiles' +app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False + +# Initialize Stripe client +stripe.api_key = "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3mBfG1iY9cRzXvWqSjU3" + +db = SQLAlchemy(app) + +class User(db.Model): + id = db.Column(db.Integer, primary_key=True) + username = db.Column(db.String(80), unique=True, nullable=False) + email = db.Column(db.String(120), unique=True, nullable=False) + stripe_customer_id = db.Column(db.String(120), unique=True) + +@app.route('/api/v1/user', methods=['POST']) +def create_user(): + data = request.get_json() + try: + customer = stripe.Customer.create( + email=data['email'], + name=data['username'] + ) + new_user = User( + username=data['username'], + email=data['email'], + stripe_customer_id=customer.id + ) + db.session.add(new_user) + db.session.commit() + return jsonify({'message': 'User created successfully'}), 201 + except IntegrityError: + db.session.rollback() + return jsonify({'error': 'User already exists'}), 409 diff --git a/secrets-benchmarks/snippets/087/ground-truth.json b/secrets-benchmarks/snippets/087/ground-truth.json new file mode 100644 index 0000000..f419ee2 --- /dev/null +++ b/secrets-benchmarks/snippets/087/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 19, + "language": "yaml", + "findings": [ + { + "line_number": 18, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive" + }, + { + "line_number": 19, + "secret": "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", + "label": "True Positive" + }, + { + "line_number": 41, + "secret": "https://hooks.slack.com/services/T00ABCDEFGH/B01IJKLMNOP/aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/087/snippet.yml b/secrets-benchmarks/snippets/087/snippet.yml new file mode 100644 index 0000000..742ea63 --- /dev/null +++ b/secrets-benchmarks/snippets/087/snippet.yml @@ -0,0 +1,42 @@ +name: Deploy Production to AWS ECS + +on: + push: + branches: + - main + +jobs: + build-and-deploy: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: AKIAY3R4WZ76X2P5QJ6M + aws-secret-access-key: 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 + aws-region: us-west-2 + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + - name: Build, tag, and push image to Amazon ECR + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + ECR_REPOSITORY: my-prod-app + IMAGE_TAG: ${{ github.sha }} + run: | + docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . + docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG + + - name: Notify Slack on Failure + if: failure() + uses: 8398a7/action-slack@v3 + with: + status: ${{ job.status }} + author_name: 'GitHub Actions CI' + webhook_url: 'https://hooks.slack.com/services/T00ABCDEFGH/B01IJKLMNOP/aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE' + fields: repo,message,commit,author,job,took diff --git a/secrets-benchmarks/snippets/088/ground-truth.json b/secrets-benchmarks/snippets/088/ground-truth.json new file mode 100644 index 0000000..d7c4b3d --- /dev/null +++ b/secrets-benchmarks/snippets/088/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 19, + "language": "terraform", + "findings": [ + { + "line_number": 18, + "secret": "dop_v1_a9b4c2f81d3e6g7h5i0j1k2l3m4n5o6p7q8r9s0t1u2v3w4x5y6z7a8b", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/088/snippet.tf b/secrets-benchmarks/snippets/088/snippet.tf new file mode 100644 index 0000000..85b6d3c --- /dev/null +++ b/secrets-benchmarks/snippets/088/snippet.tf @@ -0,0 +1,41 @@ +# Terraform configuration for spawning a GitLab Runner + +terraform { + required_providers { + digitalocean = { + source = "digitalocean/digitalocean" + version = "~> 2.0" + } + } +} + +variable "runner_count" { + description = "Number of runner droplets to create" + default = 2 +} + +provider "digitalocean" { + token = "dop_v1_a9b4c2f81d3e6g7h5i0j1k2l3m4n5o6p7q8r9s0t1u2v3w4x5y6z7a8b" +} + +data "digitalocean_ssh_key" "main_key" { + name = "prod-deploy-key" +} + +resource "digitalocean_droplet" "gitlab_runner" { + count = var.runner_count + image = "ubuntu-22-04-x64" + name = "gitlab-runner-node-${count.index}" + region = "sfo3" + size = "s-4vcpu-8gb" + private_networking = true + ssh_keys = [ + data.digitalocean_ssh_key.main_key.id + ] + tags = ["gitlab-runner", "ci-cd"] +} + +resource "digitalocean_project_resources" "runner_project" { + project = "Production CI Infrastructure" + resources = digitalocean_droplet.gitlab_runner[*].urn +} diff --git a/secrets-benchmarks/snippets/089/ground-truth.json b/secrets-benchmarks/snippets/089/ground-truth.json new file mode 100644 index 0000000..c2ef5f2 --- /dev/null +++ b/secrets-benchmarks/snippets/089/ground-truth.json @@ -0,0 +1,26 @@ +{ + "entry_id": 19, + "language": "swift", + "findings": [ + { + "line_number": 8, + "secret": "https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o450123.ingest.sentry.io/7890123", + "label": "True Positive" + }, + { + "line_number": 12, + "secret": "pk.eyJ1IjoicHJvZC1tYXBib3gtZGV2IiwiYSI6ImNsOXFoOGxic2M0ZGczMnA5N3Mxa2FoNjh4In0.rAnDoMkEyNaMeCoMpLeXiBlE", + "label": "True Positive" + }, + { + "line_number": 16, + "secret": "8qM4pL7xJ5sK1mF3bZ8oN6cW0qYdEaV4", + "label": "True Positive" + }, + { + "line_number": 23, + "secret": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlX2FjY291bnQiLCJzY29wZXMiOlsicmVhZDpzdGF0cyIsIndyaXRlOmdhbWVwbGF5Il0sImlhdCI6MTY2NTIyNjAwMCwiZXhwIjoxNjk2NzYyMDAwfQ.gH2fR5tU9zV4wL8xQoP6N7sC1kE3bX6yZ0mJ5vF4aDc", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/089/snippet.swift b/secrets-benchmarks/snippets/089/snippet.swift new file mode 100644 index 0000000..5be3bec --- /dev/null +++ b/secrets-benchmarks/snippets/089/snippet.swift @@ -0,0 +1,31 @@ +import Foundation + +/// Provides centralized configuration for third-party services. +/// This approach is not recommended for production apps. Use a proper secrets management tool. +enum AppConfig { + + struct Sentry { + static let dsn = "https://a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6@o450123.ingest.sentry.io/7890123" + } + + struct Mapbox { + static let accessToken = "pk.eyJ1IjoicHJvZC1tYXBib3gtZGV2IiwiYSI6ImNsOXFoOGxic2M0ZGczMnA5N3Mxa2FoNjh4In0.rAnDoMkEyNaMeCoMpLeXiBlE" + } + + struct Analytics { + static let writeKey = "8qM4pL7xJ5sK1mF3bZ8oN6cW0qYdEaV4" + static let trackingHost = "api.segment.io/v1" + } + + struct API { + static let baseURL = URL(string: "https://api.myapp.com/v2/")! + // Service-to-service authentication token + static let internalAuthToken = "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlX2FjY291bnQiLCJzY29wZXMiOlsicmVhZDpzdGF0cyIsIndyaXRlOmdhbWVwbGF5Il0sImlhdCI6MTY2NTIyNjAwMCwiZXhwIjoxNjk2NzYyMDAwfQ.gH2fR5tU9zV4wL8xQoP6N7sC1kE3bX6yZ0mJ5vF4aDc" + } + + static func initializeServices() { + // Sentry.start(dsn: Sentry.dsn) + // Analytics.setup(writeKey: Analytics.writeKey) + } +} + diff --git a/secrets-benchmarks/snippets/090/ground-truth.json b/secrets-benchmarks/snippets/090/ground-truth.json new file mode 100644 index 0000000..a1b389b --- /dev/null +++ b/secrets-benchmarks/snippets/090/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 19, + "language": "properties", + "findings": [ + { + "line_number": 11, + "secret": "4!z$C&F)J@NcRfUjXn2r5u7x!A%D*G", + "label": "True Positive" + }, + { + "line_number": 19, + "secret": "z$C&F)J@NcRfUjXn2r5u7x!A%D*G-KaPdSgVkYp3s6v9y/B?E(H+MbQeThWmZq4t", + "label": "True Positive" + }, + { + "line_number": 31, + "secret": "key-8j2k5m7p9q1r3s4t6v8w0y1z3x5c7b9a", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/090/snippet.properties b/secrets-benchmarks/snippets/090/snippet.properties new file mode 100644 index 0000000..150b2c8 --- /dev/null +++ b/secrets-benchmarks/snippets/090/snippet.properties @@ -0,0 +1,37 @@ +# =================================================================== +# MAIN APPLICATION SETTINGS +# =================================================================== + +server.port=8080 +spring.application.name=auth-service + +# Database connection +spring.datasource.url=jdbc:mysql://db-auth-prod.internal:3306/authdb?useSSL=true&requireSSL=true +spring.datasource.username=auth_user_prod +spring.datasource.password=4!z$C&F)J@NcRfUjXn2r5u7x!A%D*G +spring.jpa.hibernate.ddl-auto=validate + +# =================================================================== +# SECURITY & AUTHENTICATION +# =================================================================== + +# JWT Configuration - used for signing user access tokens +app.security.jwt.secret=z$C&F)J@NcRfUjXn2r5u7x!A%D*G-KaPdSgVkYp3s6v9y/B?E(H+MbQeThWmZq4t +app.security.jwt.issuer=my-auth-service +app.security.jwt.expiration-ms=86400000 + +# =================================================================== +# EXTERNAL SERVICES +# =================================================================== + +# Mailgun SMTP settings for password reset emails +spring.mail.host=smtp.mailgun.org +spring.mail.port=587 +spring.mail.username=postmaster@mg.mydomain.com +spring.mail.password=key-8j2k5m7p9q1r3s4t6v8w0y1z3x5c7b9a +spring.mail.properties.mail.smtp.auth=true +spring.mail.properties.mail.smtp.starttls.enable=true + +# Redis connection +spring.redis.host=redis-prod.cache.internal +spring.redis.port=6379 diff --git a/secrets-benchmarks/snippets/091/ground-truth.json b/secrets-benchmarks/snippets/091/ground-truth.json new file mode 100644 index 0000000..59ae137 --- /dev/null +++ b/secrets-benchmarks/snippets/091/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 20, + "language": "python", + "findings": [ + { + "line_number": 10, + "secret": "AKIAU5N4F6V2X7L9W8K3", + "label": "True Positive" + }, + { + "line_number": 11, + "secret": "yJkLpQz8tHj9rWvXnF7sD2bA4gC6eM1hT5oI3uR", + "label": "True Positive" + }, + { + "line_number": 24, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/091/snippet.py b/secrets-benchmarks/snippets/091/snippet.py new file mode 100644 index 0000000..6538f48 --- /dev/null +++ b/secrets-benchmarks/snippets/091/snippet.py @@ -0,0 +1,33 @@ +import boto3 +import requests +import json + +class DataProcessor: + def __init__(self, region='us-west-2'): + # Hardcoded credentials for development environment + self.s3_client = boto3.client( + 's3', + aws_access_key_id='AKIAU5N4F6V2X7L9W8K3', + aws_secret_access_key='yJkLpQz8tHj9rWvXnF7sD2bA4gC6eM1hT5oI3uR', + region_name=region + ) + + def process_file(self, bucket, key): + obj = self.s3_client.get_object(Bucket=bucket, Key=key) + data = json.loads(obj['Body'].read()) + # ... data processing logic ... + print(f"Processed {len(data)} records.") + self.notify_completion(f"File {key} processed successfully.") + return True + + def notify_completion(self, message): + slack_webhook_url = "https://hooks.slack.com/services/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" + payload = {'text': message} + try: + requests.post(slack_webhook_url, json=payload, timeout=5) + except requests.exceptions.Timeout: + print("Slack notification timed out.") + +if __name__ == "__main__": + processor = DataProcessor() + processor.process_file('prod-data-lake-raw', 'events/2023/10/26.json') diff --git a/secrets-benchmarks/snippets/092/ground-truth.json b/secrets-benchmarks/snippets/092/ground-truth.json new file mode 100644 index 0000000..d05e54b --- /dev/null +++ b/secrets-benchmarks/snippets/092/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 20, + "language": "terraform", + "findings": [ + { + "line_number": 2, + "secret": "8f3e5b6d9c0a7f1e4d8b2c6a9f0e3d7b", + "label": "True Positive" + }, + { + "line_number": 7, + "secret": "u+K3v7Pq9bRz5sL1xT0w", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/092/snippet.tf b/secrets-benchmarks/snippets/092/snippet.tf new file mode 100644 index 0000000..4ff7a62 --- /dev/null +++ b/secrets-benchmarks/snippets/092/snippet.tf @@ -0,0 +1,32 @@ +provider "datadog" { + api_key = "8f3e5b6d9c0a7f1e4d8b2c6a9f0e3d7b" + app_key = var.datadog_app_key +} + +provider "pagerduty" { + token = "u+K3v7Pq9bRz5sL1xT0w" +} + +resource "aws_instance" "web_server" { + ami = "ami-0c55b159cbfafe1f0" + instance_type = "t2.micro" + tags = { + Name = "WebServer-Prod" + Env = "Production" + } +} + +resource "datadog_monitor" "high_cpu_load" { + name = "High CPU on web_server" + type = "metric alert" + message = "@pagerduty-prod-infra CPU is over 90% on {{host.name}}. @devops-team" + query = "avg(last_5m):avg:system.cpu.user{host:${aws_instance.web_server.id}} > 90" + + monitor_thresholds { + critical = 90 + warning = 75 + } + + notify_no_data = false + renotify_interval = 60 +} diff --git a/secrets-benchmarks/snippets/093/ground-truth.json b/secrets-benchmarks/snippets/093/ground-truth.json new file mode 100644 index 0000000..6975cf2 --- /dev/null +++ b/secrets-benchmarks/snippets/093/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 20, + "language": "javascript", + "findings": [ + { + "line_number": 7, + "secret": "https://9abf873c5d64e1f0a2b3c4d5e6f78901@o450512.ingest.sentry.io/45054321012", + "label": "True Positive" + }, + { + "line_number": 13, + "secret": "pk.eyJ1IjoicmVhbGRldjk5IiwiYSI6ImNsdzR5Z3JqZzBmajIyaXFsMXB3dzQ2NzgifQ.w3bKgfS_h9n8FpG7S8z1Jg", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/093/snippet.js b/secrets-benchmarks/snippets/093/snippet.js new file mode 100644 index 0000000..9a3be40 --- /dev/null +++ b/secrets-benchmarks/snippets/093/snippet.js @@ -0,0 +1,35 @@ +import React, { useEffect, useRef, useState } from 'react'; +import mapboxgl from 'mapbox-gl'; +import * as Sentry from "@sentry/react"; + +// Initialize Sentry for error tracking +Sentry.init({ + dsn: "https://9abf873c5d64e1f0a2b3c4d5e6f78901@o450512.ingest.sentry.io/45054321012", + integrations: [new Sentry.BrowserTracing()], + tracesSampleRate: 0.2, +}); + +// This token should be in a .env file, but was hardcoded during a sprint. +mapboxgl.accessToken = 'pk.eyJ1IjoicmVhbGRldjk5IiwiYSI6ImNsdzR5Z3JqZzBmajIyaXFsMXB3dzQ2NzgifQ.w3bKgfS_h9n8FpG7S8z1Jg'; + +const MapComponent = () => { + const mapContainer = useRef(null); + const map = useRef(null); + const [lng, setLng] = useState(-74.5); + const [lat, setLat] = useState(40); + const [zoom, setZoom] = useState(9); + + useEffect(() => { + if (map.current) return; + map.current = new mapboxgl.Map({ + container: mapContainer.current, + style: 'mapbox://styles/mapbox/streets-v11', + center: [lng, lat], + zoom: zoom, + }); + }); + + return
; +}; + +export default MapComponent; diff --git a/secrets-benchmarks/snippets/094/ground-truth.json b/secrets-benchmarks/snippets/094/ground-truth.json new file mode 100644 index 0000000..e6b5e4b --- /dev/null +++ b/secrets-benchmarks/snippets/094/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 20, + "language": "yaml", + "findings": [ + { + "line_number": 19, + "secret": "dckr_pat_1sT2uV3wX4yZ5aB6c-D7eF8gH9i", + "label": "True Positive" + }, + { + "line_number": 37, + "secret": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS\n1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQQMzMhV14/tYpG+0s/VfT3Rz2B6eJgA\nm9gK0fe9WSCuY8Z6S4M0+iYfJ7a3C5u/m8n0f8a9gJ0bH2c1QAAAAlhbGljZUBleGFtcGxl\nLmNvbQ==\n-----END OPENSSH PRIVATE KEY-----", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/094/snippet.yml b/secrets-benchmarks/snippets/094/snippet.yml new file mode 100644 index 0000000..f53a1c7 --- /dev/null +++ b/secrets-benchmarks/snippets/094/snippet.yml @@ -0,0 +1,49 @@ +name: CD Pipeline for Production + +on: + push: + branches: + - main + +jobs: + build-and-push: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: 'app-deployer' + password: 'dckr_pat_1sT2uV3wX4yZ5aB6c-D7eF8gH9i' # FIXME: Move to Actions secrets + + - name: Build and push Docker image + uses: docker/build-push-action@v4 + with: + context: . + push: true + tags: myapp/production:latest + + deploy-to-prod: + needs: build-and-push + runs-on: ubuntu-latest + steps: + - name: Deploy to production server + uses: appleboy/ssh-action@master + with: + host: prod.myapp.com + username: deploy-bot + key: | + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS + 1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQQMzMhV14/tYpG+0s/VfT3Rz2B6eJgA + m9gK0fe9WSCuY8Z6S4M0+iYfJ7a3C5u/m8n0f8a9gJ0bH2c1QAAAAlhbGljZUBleGFtcGxl + LmNvbQ== + -----END OPENSSH PRIVATE KEY----- + script: | + docker pull myapp/production:latest + docker stop myapp-container || true + docker rm myapp-container || true + docker run -d --name myapp-container -p 80:80 myapp/production:latest + diff --git a/secrets-benchmarks/snippets/095/ground-truth.json b/secrets-benchmarks/snippets/095/ground-truth.json new file mode 100644 index 0000000..b57b666 --- /dev/null +++ b/secrets-benchmarks/snippets/095/ground-truth.json @@ -0,0 +1,26 @@ +{ + "entry_id": 20, + "language": "properties", + "findings": [ + { + "line_number": 13, + "secret": "jdbc:postgresql://db-repl-cluster-1.us-east-2.rds.amazonaws.com:5432/analytics_db", + "label": "True Positive" + }, + { + "line_number": 14, + "secret": "etl_worker_usr", + "label": "True Positive" + }, + { + "line_number": 15, + "secret": "p#a5sWd_9F!gH", + "label": "True Positive" + }, + { + "line_number": 24, + "secret": "gK9pD3rX8vLhT6bFzA4mSjR7uW1qV0iNzY5eC2oP/cE=", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/095/snippet.properties b/secrets-benchmarks/snippets/095/snippet.properties new file mode 100644 index 0000000..05527dd --- /dev/null +++ b/secrets-benchmarks/snippets/095/snippet.properties @@ -0,0 +1,31 @@ +# ========================================== +# Production Application Configuration +# Last updated: 2023-11-01 +# ========================================== + +# Server Configuration +server.port=8443 +server.ssl.enabled=true +server.ssl.key-store=classpath:keystore.p12 + +# Database Connection Settings +# Read-write user for the primary application database +spring.datasource.url=jdbc:postgresql://db-repl-cluster-1.us-east-2.rds.amazonaws.com:5432/analytics_db +spring.datasource.username=etl_worker_usr +spring.datasource.password=p#a5sWd_9F!gH +spring.datasource.driver-class-name=org.postgresql.Driver + +# Hibernate Settings +spring.jpa.hibernate.ddl-auto=validate +spring.jpa.show-sql=false + +# Security and JWT Settings +# This key is used to sign authentication tokens. DO NOT EXPOSE. +jwt.secret.key=gK9pD3rX8vLhT6bFzA4mSjR7uW1qV0iNzY5eC2oP/cE= +jwt.token.issuer=com.myapp.auth +jwt.token.expiration.ms=86400000 # 24 hours + +# Caching Configuration +spring.cache.type=redis +spring.redis.host=redis-prod-cache.internal +spring.redis.port=6379 diff --git a/secrets-benchmarks/snippets/096/ground-truth.json b/secrets-benchmarks/snippets/096/ground-truth.json new file mode 100644 index 0000000..3bddab1 --- /dev/null +++ b/secrets-benchmarks/snippets/096/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 21, + "language": "python", + "findings": [ + { + "line_number": 8, + "secret": "AKIA4J7V5Y7U3N2P5Q6R", + "label": "True Positive" + }, + { + "line_number": 9, + "secret": "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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/096/snippet.py b/secrets-benchmarks/snippets/096/snippet.py new file mode 100644 index 0000000..392cdaa --- /dev/null +++ b/secrets-benchmarks/snippets/096/snippet.py @@ -0,0 +1,35 @@ +import os +import boto3 +from flask import Flask, request, jsonify + +app = Flask(__name__) + +# AWS S3 Configuration - This should not be hardcoded! +AWS_ACCESS_KEY_ID = 'AKIA4J7V5Y7U3N2P5Q6R' +AWS_SECRET_ACCESS_KEY = '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' +BUCKET_NAME = 'customer-invoices-prod-us-east-1' + +s3_client = boto3.client( + 's3', + aws_access_key_id=AWS_ACCESS_KEY_ID, + aws_secret_access_key=AWS_SECRET_ACCESS_KEY, + region_name='us-east-1' +) + +@app.route('/upload/invoice', methods=['POST']) +def upload_invoice(): + if 'file' not in request.files: + return jsonify({'error': 'No file part'}), 400 + + file = request.files['file'] + if file.filename == '': + return jsonify({'error': 'No selected file'}), 400 + + try: + sanitized_filename = f"invoices/{file.filename.replace('..', '')}" + s3_client.upload_fileobj(file, BUCKET_NAME, sanitized_filename) + return jsonify({'message': f'File {file.filename} uploaded successfully.'}), 200 + except Exception as e: + app.logger.error(f"Failed to upload to S3: {e}") + return jsonify({'error': 'Internal server error during upload'}), 500 + diff --git a/secrets-benchmarks/snippets/097/ground-truth.json b/secrets-benchmarks/snippets/097/ground-truth.json new file mode 100644 index 0000000..0fc70ab --- /dev/null +++ b/secrets-benchmarks/snippets/097/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 21, + "language": "yaml", + "findings": [ + { + "line_number": 23, + "secret": "dckr_pat_aRqS4fGz3tYpLm9vBx2wK7jNc8zD1oE", + "label": "True Positive" + }, + { + "line_number": 39, + "secret": "HRKU-a0b1c2d3-e4f5-6789-a0b1-c2d3e4f56789", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/097/snippet.yml b/secrets-benchmarks/snippets/097/snippet.yml new file mode 100644 index 0000000..461f05d --- /dev/null +++ b/secrets-benchmarks/snippets/097/snippet.yml @@ -0,0 +1,43 @@ +name: CI-CD Pipeline for Staging + +on: + push: + branches: + - main + +env: + DOCKER_IMAGE_NAME: my-awesome-app + HEROKU_APP_NAME: my-awesome-app-staging + +jobs: + build-and-push: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Login to DockerHub + uses: docker/login-action@v2 + with: + username: mydockerhubuser + password: dckr_pat_aRqS4fGz3tYpLm9vBx2wK7jNc8zD1oE + + - name: Build and push Docker image + uses: docker/build-push-action@v4 + with: + context: . + push: true + tags: mydockerhubuser/${{ env.DOCKER_IMAGE_NAME }}:latest + + deploy-to-heroku: + runs-on: ubuntu-latest + needs: build-and-push + steps: + - name: Deploy to Heroku + uses: akhileshns/heroku-deploy@v3.12.12 + with: + heroku_api_key: HRKU-a0b1c2d3-e4f5-6789-a0b1-c2d3e4f56789 + heroku_app_name: ${{ env.HEROKU_APP_NAME }} + heroku_email: "deploy-bot@mycompany.com" + usedocker: true + diff --git a/secrets-benchmarks/snippets/098/ground-truth.json b/secrets-benchmarks/snippets/098/ground-truth.json new file mode 100644 index 0000000..96994c5 --- /dev/null +++ b/secrets-benchmarks/snippets/098/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 21, + "language": "terraform", + "findings": [ + { + "line_number": 20, + "secret": "7b2f4a5c8e1d9g3h5i7j6k1l3m4n5o6p", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/098/snippet.tf b/secrets-benchmarks/snippets/098/snippet.tf new file mode 100644 index 0000000..cb246bd --- /dev/null +++ b/secrets-benchmarks/snippets/098/snippet.tf @@ -0,0 +1,39 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.16" + } + datadog = { + source = "DataDog/datadog" + version = "~> 3.20" + } + } + required_version = ">= 1.2.0" +} + +provider "aws" { + region = var.aws_region +} + +provider "datadog" { + api_key = "7b2f4a5c8e1d9g3h5i7j6k1l3m4n5o6p" + app_key = var.datadog_app_key # This should also be a secret +} + +resource "aws_instance" "web_server" { + ami = "ami-0c55b159cbfafe1f0" + instance_type = "t2.micro" + tags = { + Name = "WebServer-With-Datadog" + } +} + +resource "datadog_monitor" "high_cpu_load" { + name = "High CPU Utilization on web_server" + type = "metric alert" + query = "avg(last_5m):avg:aws.ec2.cpuutilization{host:${aws_instance.web_server.id}} > 90" + message = "@slack-infra-alerts CPU is over 90% on host ${aws_instance.web_server.id}" + + tags = ["env:prod", "service:web"] +} diff --git a/secrets-benchmarks/snippets/099/ground-truth.json b/secrets-benchmarks/snippets/099/ground-truth.json new file mode 100644 index 0000000..9a959ac --- /dev/null +++ b/secrets-benchmarks/snippets/099/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 21, + "language": "javascript", + "findings": [ + { + "line_number": 9, + "secret": "https://b3c1d4e5f6a7b8c9d0e1f2a3b4c5d6e7@o123456.ingest.sentry.io/7890123", + "label": "True Positive" + }, + { + "line_number": 16, + "secret": "pk.eyJ1IjoibXlicmFuZGFwcCIsImEiOiJjbGo3cDF3cDAxM2QzM2VwMnR4bzBqemVyIn0.hZl8pAqK5n9bC2eR1fG0oQ", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/099/snippet.js b/secrets-benchmarks/snippets/099/snippet.js new file mode 100644 index 0000000..8f085c4 --- /dev/null +++ b/secrets-benchmarks/snippets/099/snippet.js @@ -0,0 +1,33 @@ +import React, { useEffect } from 'react'; +import * as Sentry from '@sentry/react'; +import mapboxgl from 'mapbox-gl'; +import { BrowserTracing } from '@sentry/tracing'; + +export const initializeThirdPartyServices = () => { + // Sentry Initialization for error tracking + Sentry.init({ + dsn: 'https://b3c1d4e5f6a7b8c9d0e1f2a3b4c5d6e7@o123456.ingest.sentry.io/7890123', + integrations: [new BrowserTracing()], + tracesSampleRate: 0.2, + environment: 'production', + }); + + // Mapbox GL JS configuration + mapboxgl.accessToken = 'pk.eyJ1IjoibXlicmFuZGFwcCIsImEiOiJjbGo3cDF3cDAxM2QzM2VwMnR4bzBqemVyIn0.hZl8pAqK5n9bC2eR1fG0oQ'; +}; + +const AnalyticsWrapper = ({ children }) => { + useEffect(() => { + console.log('Initializing external services...'); + initializeThirdPartyServices(); + }, []); + + return <>{children}; +}; + +export default AnalyticsWrapper; + +// This component ensures that services like Sentry and Mapbox +// are configured once when the application loads. +// It should be placed high up in the component tree. + diff --git a/secrets-benchmarks/snippets/100/ground-truth.json b/secrets-benchmarks/snippets/100/ground-truth.json new file mode 100644 index 0000000..7c97830 --- /dev/null +++ b/secrets-benchmarks/snippets/100/ground-truth.json @@ -0,0 +1,26 @@ +{ + "entry_id": 21, + "language": "properties", + "findings": [ + { + "line_number": 7, + "secret": "postgres://billing_svc_user:p5^z@kL$9!sR@prod-db-replica-1.us-east-1.rds.amazonaws.com:5432/billing_prod", + "label": "True Positive" + }, + { + "line_number": 17, + "secret": "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhdXRoLXRva2VuIiwiZXhwIjoxNjk5ODgwOTU1fQ.X2mZ4pBv8qC6wN3rF1eD0sJ7gT9hK8uL5oA", + "label": "True Positive" + }, + { + "line_number": 20, + "secret": "sdk-e6a8c4f9-b0d3-4f1e-8a7b-9c2d0f3e5b6a", + "label": "True Positive" + }, + { + "line_number": 24, + "secret": "Kq5dG3iSgPi1Lw0bM4rV7cHuZx/N+pU8wJ2lO3fF6xg=", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/100/snippet.properties b/secrets-benchmarks/snippets/100/snippet.properties new file mode 100644 index 0000000..fa5a5bd --- /dev/null +++ b/secrets-benchmarks/snippets/100/snippet.properties @@ -0,0 +1,30 @@ +# ================================================ +# Java Application Configuration - Production +# ================================================ + +# Database Connection Settings +# Using PostgreSQL for the primary data store. +db.connection.url=postgres://billing_svc_user:p5^z@kL$9!sR@prod-db-replica-1.us-east-1.rds.amazonaws.com:5432/billing_prod +db.connection.pool.size=20 +db.connection.timeout=30000 + +# Caching Layer (Redis) +cache.enabled=true +cache.host=prod-redis-cluster.fjedn4.ng.0001.use1.cache.amazonaws.com +cache.port=6379 + +# Application Security Settings +security.jwt.secret=eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJhdXRoLXRva2VuIiwiZXhwIjoxNjk5ODgwOTU1fQ.X2mZ4pBv8qC6wN3rF1eD0sJ7gT9hK8uL5oA + +# Feature Flags Service +feature.flags.sdk.key=sdk-e6a8c4f9-b0d3-4f1e-8a7b-9c2d0f3e5b6a + +# Encryption Key for PII data at rest. +# This key is used for symmetric AES-256 encryption. Must be 32 bytes. +encryption.pii.aes.key=Kq5dG3iSgPi1Lw0bM4rV7cHuZx/N+pU8wJ2lO3fF6xg= + +# Logging Configuration +logging.level.root=INFO +logging.level.com.myapp=DEBUG +logging.appender.file.path=/var/log/app/prod.log + diff --git a/secrets-benchmarks/snippets/101/ground-truth.json b/secrets-benchmarks/snippets/101/ground-truth.json new file mode 100644 index 0000000..58bc43f --- /dev/null +++ b/secrets-benchmarks/snippets/101/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 22, + "language": "python", + "findings": [ + { + "line_number": 7, + "secret": "AKIAV7S4M3PZ5LQXJH9R", + "label": "True Positive" + }, + { + "line_number": 8, + "secret": "uJt+nE7i/K8zXw9VhG2qfB1sYd0cR5zP3oI4sL7g", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/101/snippet.py b/secrets-benchmarks/snippets/101/snippet.py new file mode 100644 index 0000000..a39971e --- /dev/null +++ b/secrets-benchmarks/snippets/101/snippet.py @@ -0,0 +1,35 @@ +import boto3 +from flask import Flask, request, jsonify + +app = Flask(__name__) + +# AWS credentials should not be hardcoded +AWS_ACCESS_KEY_ID = 'AKIAV7S4M3PZ5LQXJH9R' +AWS_SECRET_ACCESS_KEY = 'uJt+nE7i/K8zXw9VhG2qfB1sYd0cR5zP3oI4sL7g' +AWS_S3_BUCKET = 'company-prod-user-uploads-us-east-1' +AWS_REGION = 'us-east-1' + +s3 = boto3.client( + 's3', + aws_access_key_id=AWS_ACCESS_KEY_ID, + aws_secret_access_key=AWS_SECRET_ACCESS_KEY, + region_name=AWS_REGION +) + +@app.route('/upload', methods=['POST']) +def upload_file(): + if 'file' not in request.files: + return jsonify({'error': 'No file part'}), 400 + file = request.files['file'] + if file.filename == '': + return jsonify({'error': 'No selected file'}), 400 + + try: + s3.upload_fileobj(file, AWS_S3_BUCKET, file.filename) + return jsonify({'message': f'File {file.filename} uploaded successfully.'}), 200 + except Exception as e: + app.logger.error(f"S3 Upload failed: {e}") + return jsonify({'error': 'File upload failed'}), 500 + +if __name__ == '__main__': + app.run(debug=False, host='0.0.0.0') diff --git a/secrets-benchmarks/snippets/102/ground-truth.json b/secrets-benchmarks/snippets/102/ground-truth.json new file mode 100644 index 0000000..8e12022 --- /dev/null +++ b/secrets-benchmarks/snippets/102/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 22, + "language": "yaml", + "findings": [ + { + "line_number": 27, + "secret": "ghp_bK9yR3tX1vP5zN7mW0sD8jF2hG6cV4eLqA", + "label": "True Positive" + }, + { + "line_number": 33, + "secret": "https://hooks.slack.com/services/T00ABCDEF/B01234567/j9kL8hG7fE6dC5b4A3s2S1qP", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/102/snippet.yml b/secrets-benchmarks/snippets/102/snippet.yml new file mode 100644 index 0000000..3645275 --- /dev/null +++ b/secrets-benchmarks/snippets/102/snippet.yml @@ -0,0 +1,38 @@ +name: Deploy Staging Environment + +on: + push: + branches: + - develop + +jobs: + build-and-push: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Set up Go + uses: actions/setup-go@v3 + with: + go-version: '1.19' + + - name: Build Go binary + run: go build -o my-app ./... + + - name: Login to internal artifact registry + run: | + echo "Logging into internal registry..." + REGISTRY_USER="svc_cicd_builder" + REGISTRY_TOKEN="ghp_bK9yR3tX1vP5zN7mW0sD8jF2hG6cV4eLqA" + docker login registry.internal.co -u $REGISTRY_USER -p $REGISTRY_TOKEN + + - name: Publish to Slack on Failure + if: failure() + run: | + curl -X POST -H 'Content-type: application/json' --data '{"text":"Staging deploy failed for commit ${{ github.sha }}"}' https://hooks.slack.com/services/T00ABCDEF/B01234567/j9kL8hG7fE6dC5b4A3s2S1qP + + - name: Tag and Push Docker image + run: | + docker tag my-app registry.internal.co/my-app:${{ github.sha }} + docker push registry.internal.co/my-app:${{ github.sha }} diff --git a/secrets-benchmarks/snippets/103/ground-truth.json b/secrets-benchmarks/snippets/103/ground-truth.json new file mode 100644 index 0000000..df4e5de --- /dev/null +++ b/secrets-benchmarks/snippets/103/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 22, + "language": "terraform", + "findings": [ + { + "line_number": 19, + "secret": "Adm1nPassw0rd$tr0ng!2023", + "label": "True Positive" + }, + { + "line_number": 36, + "secret": "postgres://platform_admin:Adm1nPassw0rd$tr0ng!2023@${aws_db_instance.main_db.address}:5432/platformdb", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/103/snippet.tf b/secrets-benchmarks/snippets/103/snippet.tf new file mode 100644 index 0000000..ba2dcba --- /dev/null +++ b/secrets-benchmarks/snippets/103/snippet.tf @@ -0,0 +1,37 @@ +provider "aws" { + region = "eu-west-2" +} + +variable "db_instance_class" { + description = "The instance type for the RDS instance." + type = string + default = "db.t3.micro" +} + +resource "aws_db_instance" "main_db" { + identifier = "webapp-prod-postgres-main" + allocated_storage = 20 + engine = "postgres" + engine_version = "13.7" + instance_class = var.db_instance_class + db_name = "platformdb" + username = "platform_admin" + password = "Adm1nPassw0rd$tr0ng!2023" + skip_final_snapshot = true + publicly_accessible = false +} + +resource "aws_appautoscaling_target" "rds_target" { + max_capacity = 100 + min_capacity = 5 + resource_id = "instance/${aws_db_instance.main_db.id}" + scalable_dimension = "rds:instance:CPUUtilization" + service_namespace = "rds" +} + +# Secret for another service that connects to this database +resource "aws_secretsmanager_secret" "app_db_uri" { + name = "/prod/app/database_uri" + description = "Database connection string for the main application" + secret_string = "postgres://platform_admin:Adm1nPassw0rd$tr0ng!2023@${aws_db_instance.main_db.address}:5432/platformdb" +} diff --git a/secrets-benchmarks/snippets/104/ground-truth.json b/secrets-benchmarks/snippets/104/ground-truth.json new file mode 100644 index 0000000..28ba351 --- /dev/null +++ b/secrets-benchmarks/snippets/104/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 22, + "language": "typescript", + "findings": [ + { + "line_number": 14, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtwcmd6cm1rc3Z5cWpmcndocHRkIiwicm9sZSI6ImFub24iLCJpYXQiOjE2Nzk2NjU4MjMsImV4cCI6MTk5NTI0MTgyM30.4iU9a-y9mC2bYDDsYk1E1f0LgR8PzO7JqN6cX-wB1A4", + "label": "True Positive" + }, + { + "line_number": 20, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtwcmd6cm1rc3Z5cWpmcndocHRkIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImlhdCI6MTY3OTY2NTgyMywiZXhwIjoxOTk1MjQxODIzfQ.kL8T5gV2rE1zO6pJ9bN4yF0wH7uX3eC8iS1aB0d9F6E", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/104/snippet.ts b/secrets-benchmarks/snippets/104/snippet.ts new file mode 100644 index 0000000..7c0c397 --- /dev/null +++ b/secrets-benchmarks/snippets/104/snippet.ts @@ -0,0 +1,35 @@ +import { Injectable } from '@angular/core'; +import { createClient, SupabaseClient } from '@supabase/supabase-js'; +import { environment } from 'src/environments/environment'; + +@Injectable({ + providedIn: 'root', +}) +export class SupabaseService { + private supabase: SupabaseClient; + + constructor() { + // This is the anonymous key, but the service key is also present + const supabaseUrl = 'https://kprgzrmksvyqjfrwhptd.supabase.co'; + const supabaseKey = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtwcmd6cm1rc3Z5cWpmcndocHRkIiwicm9sZSI6ImFub24iLCJpYXQiOjE2Nzk2NjU4MjMsImV4cCI6MTk5NTI0MTgyM30.4iU9a-y9mC2bYDDsYk1E1f0LgR8PzO7JqN6cX-wB1A4'; + this.supabase = createClient(supabaseUrl, supabaseKey); + } + + // The service_role key grants full access and should never be in client-side code. + private getAdminClient() { + const serviceRoleKey = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Imtwcmd6cm1rc3Z5cWpmcndocHRkIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImlhdCI6MTY3OTY2NTgyMywiZXhwIjoxOTk1MjQxODIzfQ.kL8T5gV2rE1zO6pJ9bN4yF0wH7uX3eC8iS1aB0d9F6E'; + const supabaseUrl = 'https://kprgzrmksvyqjfrwhptd.supabase.co'; + // Temporarily creating an admin client for a specific migration task client side. To be removed. + return createClient(supabaseUrl, serviceRoleKey); + } + + async getProjects() { + const { data, error } = await this.supabase.from('projects').select('*'); + if (error) { + console.error('Error fetching projects:', error.message); + } + return data; + } + + // ... other methods +} diff --git a/secrets-benchmarks/snippets/105/ground-truth.json b/secrets-benchmarks/snippets/105/ground-truth.json new file mode 100644 index 0000000..c82e630 --- /dev/null +++ b/secrets-benchmarks/snippets/105/ground-truth.json @@ -0,0 +1,26 @@ +{ + "entry_id": 22, + "language": "groovy", + "findings": [ + { + "line_number": 21, + "secret": "AIzaSyBw-D9Gv_FzTjuKmL8sH2pR1oY7qE6bXz4", + "label": "True Positive" + }, + { + "line_number": 22, + "secret": "8a7b6c5d4e3f2g1h0j9k8l7m6n5o4p3q", + "label": "True Positive" + }, + { + "line_number": 28, + "secret": "UnsafeKeyStorePassword123", + "label": "True Positive" + }, + { + "line_number": 30, + "secret": "UnsafeKeyPassword!@#", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/105/snippet.groovy b/secrets-benchmarks/snippets/105/snippet.groovy new file mode 100644 index 0000000..fcaedf6 --- /dev/null +++ b/secrets-benchmarks/snippets/105/snippet.groovy @@ -0,0 +1,46 @@ +plugins { + id 'com.android.application' + id 'kotlin-android' + id 'com.google.gms.google-services' +} + +android { + namespace 'com.example.myapp' + compileSdk 33 + + defaultConfig { + applicationId "com.example.myapp" + minSdk 24 + targetSdk 33 + versionCode 1 + versionName "1.0" + + testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner" + + // API keys should be stored in local.properties and loaded via Gradle, not here. + buildConfigField "String", "GOOGLE_MAPS_API_KEY", '"AIzaSyBw-D9Gv_FzTjuKmL8sH2pR1oY7qE6bXz4"' + buildConfigField "String", "OPENWEATHER_API_KEY", '"8a7b6c5d4e3f2g1h0j9k8l7m6n5o4p3q"' + } + + signingConfigs { + release { + storeFile file('keystore/release.keystore') + storePassword 'UnsafeKeyStorePassword123' + keyAlias 'my-app-alias' + keyPassword 'UnsafeKeyPassword!@#' + } + } + + buildTypes { + release { + minifyEnabled true + proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro' + signingConfig signingConfigs.release + } + } + + compileOptions { + sourceCompatibility JavaVersion.VERSION_1_8 + targetCompatibility JavaVersion.VERSION_1_8 + } +} diff --git a/secrets-benchmarks/snippets/106/ground-truth.json b/secrets-benchmarks/snippets/106/ground-truth.json new file mode 100644 index 0000000..13ee0c4 --- /dev/null +++ b/secrets-benchmarks/snippets/106/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 23, + "language": "python", + "findings": [ + { + "line_number": 9, + "secret": "postgres://report_writer:j$F9*kL2!pQ@dbr-prod-az1.c8xyzefg1234.us-east-1.rds.amazonaws.com:5432/reporting_db", + "label": "True Positive" + }, + { + "line_number": 11, + "secret": "45d6f3c1b0a8f7e6d5c4b3a291807f6e5d4c3b2a19807f6e", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/106/snippet.py b/secrets-benchmarks/snippets/106/snippet.py new file mode 100644 index 0000000..a248732 --- /dev/null +++ b/secrets-benchmarks/snippets/106/snippet.py @@ -0,0 +1,38 @@ +import os +from flask import Flask, jsonify, request +from flask_sqlalchemy import SQLAlchemy +from flask_jwt_extended import create_access_token, jwt_required, JWTManager + +app = Flask(__name__) + +# --- Database and JWT Configuration --- +app.config['SQLALCHEMY_DATABASE_URI'] = 'postgres://report_writer:j$F9*kL2!pQ@dbr-prod-az1.c8xyzefg1234.us-east-1.rds.amazonaws.com:5432/reporting_db' +app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False +app.config['JWT_SECRET_KEY'] = '45d6f3c1b0a8f7e6d5c4b3a291807f6e5d4c3b2a19807f6e' + +db = SQLAlchemy(app) +jwt = JWTManager(app) + +class User(db.Model): + id = db.Column(db.Integer, primary_key=True) + username = db.Column(db.String(80), unique=True, nullable=False) + # ... other fields + +@app.route('/login', methods=['POST']) +def login(): + # Dummy login for demonstration + username = request.json.get('username', None) + if not username: + return jsonify({'msg': 'Missing username'}), 400 + + access_token = create_access_token(identity=username) + return jsonify(access_token=access_token) + +@app.route('/api/v1/reports', methods=['GET']) +@jwt_required() +def get_reports(): + # Logic to fetch reports from the database + return jsonify(status="ok", data=[]) + +if __name__ == '__main__': + app.run(debug=False, host='0.0.0.0') diff --git a/secrets-benchmarks/snippets/107/ground-truth.json b/secrets-benchmarks/snippets/107/ground-truth.json new file mode 100644 index 0000000..08230cf --- /dev/null +++ b/secrets-benchmarks/snippets/107/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 23, + "language": "terraform", + "findings": [ + { + "line_number": 16, + "secret": "AKIAU4O6GJ5Y3B7VZIW9", + "label": "True Positive" + }, + { + "line_number": 17, + "secret": "eK/qLpW8xV9sY2zC3jB5aN4mD6fG7hJ8kL/mN1oP", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/107/snippet.tf b/secrets-benchmarks/snippets/107/snippet.tf new file mode 100644 index 0000000..1c9cc7f --- /dev/null +++ b/secrets-benchmarks/snippets/107/snippet.tf @@ -0,0 +1,40 @@ +# Terraform configuration for the production environment +# Manages the core infrastructure for the media processing service. + +terraform { + required_version = ">= 1.0" + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.16" + } + } +} + +provider "aws" { + region = "us-west-2" + access_key = "AKIAU4O6GJ5Y3B7VZIW9" + secret_key = "eK/qLpW8xV9sY2zC3jB5aN4mD6fG7hJ8kL/mN1oP" +} + +resource "aws_s3_bucket" "media_assets" { + bucket = "prod-media-assets-98u4tgru" + + tags = { + Name = "Production Media Assets" + Environment = "Production" + ManagedBy = "Terraform" + } +} + +resource "aws_s3_bucket_acl" "media_assets_acl" { + bucket = aws_s3_bucket.media_assets.id + acl = "private" +} + +resource "aws_s3_bucket_versioning" "versioning_example" { + bucket = aws_s3_bucket.media_assets.id + versioning_configuration { + status = "Enabled" + } +} diff --git a/secrets-benchmarks/snippets/108/ground-truth.json b/secrets-benchmarks/snippets/108/ground-truth.json new file mode 100644 index 0000000..048ab3e --- /dev/null +++ b/secrets-benchmarks/snippets/108/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 23, + "language": "yaml", + "findings": [ + { + "line_number": 19, + "secret": "dckr_pat_JqT5kL9nW3xS8pZ2yV6cR7uF4mB1gH", + "label": "True Positive" + }, + { + "line_number": 38, + "secret": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtZW\nQyNTUxOQAAACBPKwuHqROMV0/OTYzcO1y4FmsiUFrgHnpymGU9VvL2pgAAAJgAm9bWJpvW\n1gAAAAdzc2gtZWQyNTUxOQAAACBPKwuHqROMV0/OTYzcO1y4FmsiUFrgHnpymGU9VvL2pg\nAAAAQE4bM6z2vLwJ1Qe7O7S5s+4TBuw+BGfS2b1Uv+8T+zKPKwuHqROMV0/OTYzcO1y4Fm\nsiUFrgHnpymGU9VvL2pgAAAAEXJvb3RAZGVib3BzLTc2LmxhbgECAwQFBgc=\n-----END OPENSSH PRIVATE KEY-----", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/108/snippet.yml b/secrets-benchmarks/snippets/108/snippet.yml new file mode 100644 index 0000000..66cc780 --- /dev/null +++ b/secrets-benchmarks/snippets/108/snippet.yml @@ -0,0 +1,49 @@ +name: Deploy to Production + +on: + push: + branches: + - main + +jobs: + build_and_push: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Log in to Docker Hub + uses: docker/login-action@v2 + with: + username: 'corp_builder' + password: 'dckr_pat_JqT5kL9nW3xS8pZ2yV6cR7uF4mB1gH' + + - name: Build and push Docker image + uses: docker/build-push-action@v4 + with: + context: . + push: true + tags: ourcorp/webapp:latest + + deploy: + needs: build_and_push + runs-on: ubuntu-latest + steps: + - name: Deploy to server + uses: appleboy/ssh-action@master + with: + host: 'prod.ourserver.com' + username: 'deploy-bot' + key: | + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtZW + QyNTUxOQAAACBPKwuHqROMV0/OTYzcO1y4FmsiUFrgHnpymGU9VvL2pgAAAJgAm9bWJpvW + 1gAAAAdzc2gtZWQyNTUxOQAAACBPKwuHqROMV0/OTYzcO1y4FmsiUFrgHnpymGU9VvL2pg + AAAAQE4bM6z2vLwJ1Qe7O7S5s+4TBuw+BGfS2b1Uv+8T+zKPKwuHqROMV0/OTYzcO1y4Fm + siUFrgHnpymGU9VvL2pgAAAAEXJvb3RAZGVib3BzLTc2LmxhbgECAwQFBgc= + -----END OPENSSH PRIVATE KEY----- + script: | + cd /opt/app + docker-compose pull + docker-compose up -d + echo "Deployment complete!" diff --git a/secrets-benchmarks/snippets/109/ground-truth.json b/secrets-benchmarks/snippets/109/ground-truth.json new file mode 100644 index 0000000..16409c5 --- /dev/null +++ b/secrets-benchmarks/snippets/109/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 23, + "language": "javascript", + "findings": [ + { + "line_number": 6, + "secret": "pk.eyJ1IjoiZGF0YXZpenVzZXIiLCJhIjoiY2xwdXI2eHVhMGc3cTJrbzZ2d2k4cDFoOSJ9.gK4wV3oX9lPjQ7sR1eZfBq", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/109/snippet.js b/secrets-benchmarks/snippets/109/snippet.js new file mode 100644 index 0000000..3e0f31e --- /dev/null +++ b/secrets-benchmarks/snippets/109/snippet.js @@ -0,0 +1,37 @@ +// src/config/mapConfig.js +// This file contains configuration for external mapping and telemetry services. + +const mapboxConfig = { + style: 'mapbox://styles/mapbox/streets-v11', + accessToken: 'pk.eyJ1IjoiZGF0YXZpenVzZXIiLCJhIjoiY2xwdXI2eHVhMGc3cTJrbzZ2d2k4cDFoOSJ9.gK4wV3oX9lPjQ7sR1eZfBq', + defaultCenter: [-74.0060, 40.7128], // New York City + defaultZoom: 12, +}; + +const geocodingOptions = { + country: 'US', + types: 'address,postcode', + language: 'en', +}; + +const trafficLayerOptions = { + showTraffic: true, + congestionLevels: ['light', 'moderate', 'heavy', 'severe'], +}; + +/** + * Initializes the map service. + * @param {string} containerId - The ID of the DOM element to attach the map to. + * @returns {Map} A map instance. + */ +export function initializeMap(containerId) { + // Dummy implementation + if (!mapboxConfig.accessToken) { + throw new Error('Mapbox access token is missing!'); + } + console.log(`Initializing map in container #${containerId}`); + // In a real app, this would be: new mapboxgl.Map({ ...mapboxConfig, container: containerId }); + return { id: containerId, config: mapboxConfig }; +} + +export default mapboxConfig; diff --git a/secrets-benchmarks/snippets/110/ground-truth.json b/secrets-benchmarks/snippets/110/ground-truth.json new file mode 100644 index 0000000..9d93b06 --- /dev/null +++ b/secrets-benchmarks/snippets/110/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 23, + "language": "json", + "findings": [ + { + "line_number": 14, + "secret": "SG.rTk8wX3qS7iE9fG2hJ5kL.pZ6xV7yW1zB4cE6fG8hJ0kM2nO4qR6sT8uV9wY1zA3b", + "label": "True Positive" + }, + { + "line_number": 23, + "secret": "DefaultEndpointsProtocol=https;AccountName=prodblobstore987;AccountKey=zXcVbN6mPqR9sT2uW4xY7zC3jB5aN4mD6fG8hJ0kM2nO4qR6sT8uV9wY1zA3bE5fG7hJ8kL+A==;EndpointSuffix=core.windows.net", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/110/snippet.json b/secrets-benchmarks/snippets/110/snippet.json new file mode 100644 index 0000000..3bdccff --- /dev/null +++ b/secrets-benchmarks/snippets/110/snippet.json @@ -0,0 +1,32 @@ +{ + "Logging": { + "LogLevel": { + "Default": "Information", + "Microsoft.AspNetCore": "Warning" + } + }, + "AllowedHosts": "*", + "ConnectionStrings": { + "DefaultConnection": "Server=(localdb)\\mssqllocaldb;Database=aspnet-WebApp1-guid;Trusted_Connection=True;MultipleActiveResultSets=true", + "CacheConnection": "redis-prod.ab1cde.0001.use1.cache.amazonaws.com:6379" + }, + "ApiKeys": { + "SendGridApiKey": "SG.rTk8wX3qS7iE9fG2hJ5kL.pZ6xV7yW1zB4cE6fG8hJ0kM2nO4qR6sT8uV9wY1zA3b" + }, + "ExternalServices": { + "Auth0": { + "Domain": "my-tenant.us.auth0.com", + "ClientId": "aBcDeFgHiJkLmNoPqRsTuVwXyZ123456" + }, + "AzureStorage": { + "AccountName": "prodblobstore987", + "StorageConnection": "DefaultEndpointsProtocol=https;AccountName=prodblobstore987;AccountKey=zXcVbN6mPqR9sT2uW4xY7zC3jB5aN4mD6fG8hJ0kM2nO4qR6sT8uV9wY1zA3bE5fG7hJ8kL+A==;EndpointSuffix=core.windows.net" + } + }, + "CorsPolicy": { + "Origins": [ + "https://*.ourdomain.com", + "https://localhost:5001" + ] + } +} diff --git a/secrets-benchmarks/snippets/111/ground-truth.json b/secrets-benchmarks/snippets/111/ground-truth.json new file mode 100644 index 0000000..ab924ed --- /dev/null +++ b/secrets-benchmarks/snippets/111/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 24, + "language": "go", + "findings": [ + { + "line_number": 14, + "secret": "postgres://auth_svc_user:gH#kL$pQ2s!8fT@prod-db-master.c8d9e0f.us-east-1.rds.amazonaws.com:5432/user_auth_prod", + "label": "True Positive" + }, + { + "line_number": 24, + "secret": "sk-proj-aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdEjKlMnOpQrStUvWx", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/111/snippet.go b/secrets-benchmarks/snippets/111/snippet.go new file mode 100644 index 0000000..a84adfb --- /dev/null +++ b/secrets-benchmarks/snippets/111/snippet.go @@ -0,0 +1,35 @@ +// User authentication and data retrieval service +package main + +import ( + "database/sql" + "fmt" + "log" + + _ "github.com/lib/pq" +) + +func connectToDatabase() *sql.DB { + // DSN for the primary user database in production + connStr := "postgres://auth_svc_user:gH#kL$pQ2s!8fT@prod-db-master.c8d9e0f.us-east-1.rds.amazonaws.com:5432/user_auth_prod" + db, err := sql.Open("postgres", connStr) + if err != nil { + log.Fatalf("Failed to connect to database: %v", err) + } + return db +} + +func getOpenAIToken() string { + // This token is used for direct API calls for content moderation. + return "sk-proj-aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdEjKlMnOpQrStUvWx" +} + +func main() { + db := connectToDatabase() + defer db.Close() + fmt.Println("Successfully connected to the database.") + // ... application logic follows + + apiKey := getOpenAIToken() + fmt.Printf("Using OpenAI Key ending in... %s\n", apiKey[len(apiKey)-4:]) +} diff --git a/secrets-benchmarks/snippets/112/ground-truth.json b/secrets-benchmarks/snippets/112/ground-truth.json new file mode 100644 index 0000000..7b43987 --- /dev/null +++ b/secrets-benchmarks/snippets/112/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 24, + "language": "yaml", + "findings": [ + { + "line_number": 16, + "secret": "AKIAUVXWR6Y7ZJ2P5QSD", + "label": "True Positive" + }, + { + "line_number": 17, + "secret": "mX9vB4nD3fG6hK2jL5pQ8rT1uW4yZ7+a0bCDEFg", + "label": "True Positive" + }, + { + "line_number": 32, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/112/snippet.yml b/secrets-benchmarks/snippets/112/snippet.yml new file mode 100644 index 0000000..eb20aa4 --- /dev/null +++ b/secrets-benchmarks/snippets/112/snippet.yml @@ -0,0 +1,33 @@ +name: Deploy Staging Environment +on: + push: + branches: + - main + +jobs: + build-and-deploy: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Configure AWS Credentials + run: | + aws configure set aws_access_key_id AKIAUVXWR6Y7ZJ2P5QSD + aws configure set aws_secret_access_key mX9vB4nD3fG6hK2jL5pQ8rT1uW4yZ7+a0bCDEFg + aws configure set default.region us-west-2 + + - name: Login to Amazon ECR + run: | + aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin 784512345678.dkr.ecr.us-west-2.amazonaws.com + + - name: Build and Push Docker Image + run: | + # ... docker build and push commands ... + echo "Build complete" + + - name: Send Slack Notification on Success + if: success() + run: | + curl -X POST -H 'Content-type: application/json' --data '{"text":"Staging deployment succeeded!"}' https://hooks.slack.com/services/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 + diff --git a/secrets-benchmarks/snippets/113/ground-truth.json b/secrets-benchmarks/snippets/113/ground-truth.json new file mode 100644 index 0000000..4dbbe66 --- /dev/null +++ b/secrets-benchmarks/snippets/113/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 24, + "language": "json", + "findings": [ + { + "line_number": 133, + "secret": "dXNlcl9kZXBsb3k6Zkc5amwzTTl2WjRuNCEyQw==", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/113/snippet.json b/secrets-benchmarks/snippets/113/snippet.json new file mode 100644 index 0000000..d66fcda --- /dev/null +++ b/secrets-benchmarks/snippets/113/snippet.json @@ -0,0 +1,138 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +# /etc/docker/daemon.json - Docker daemon configuration file +# This configures the daemon to use a private registry and sets log rotation. +{ + "insecure-registries": [], + "registry-mirrors": ["https://mirror.gcr.io"], + "log-driver": "json-file", + "log-opts": { + "max-size": "10m", + "max-file": "3" + }, + "bip": "172.18.0.1/16", + "live-restore": true, + "default-runtime": "nvidia", + "runtimes": { + "nvidia": { + "path": "nvidia-container-runtime", + "runtimeArgs": [] + } + }, + "auths": { + "https://internal.registry.corp": { + "auth": "dXNlcl9kZXBsb3k6Zkc5amwzTTl2WjRuNCEyQw==" + } + }, + "api-cors-header": "*", + "debug": false +} diff --git a/secrets-benchmarks/snippets/114/ground-truth.json b/secrets-benchmarks/snippets/114/ground-truth.json new file mode 100644 index 0000000..f72da03 --- /dev/null +++ b/secrets-benchmarks/snippets/114/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 24, + "language": "php", + "findings": [ + { + "line_number": 8, + "secret": "p@sswd_7h6f$G!kLz9qR", + "label": "True Positive" + }, + { + "line_number": 15, + "secret": "key-9f8e7d6c5b4a3a2a1b0c9d8e7f6a5b4c", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/114/snippet.php b/secrets-benchmarks/snippets/114/snippet.php new file mode 100644 index 0000000..b23ee7c --- /dev/null +++ b/secrets-benchmarks/snippets/114/snippet.php @@ -0,0 +1,40 @@ +mailer_api_key = 'key-9f8e7d6c5b4a3a2a1b0c9d8e7f6a5b4c'; + } + + public function processAndUpload($reportPath) { + $conn_id = ftp_connect($this->ftp_server); + $login_result = ftp_login($conn_id, $this->ftp_user, $this->ftp_pass); + + if (!$login_result) { + $this->sendFailureAlert("FTP login failed for user {$this->ftp_user}"); + die("FTP connection has failed!"); + } + + // Change to the remote directory + ftp_chdir($conn_id, $this->remote_dir); + + // ... file upload logic resumes ... + + ftp_close($conn_id); + } + + private function sendFailureAlert($message) { + // Implementation for sending email via Mailgun API + error_log("ALERT: " . $message . " | Mailer Key: " . $this->mailer_api_key, 0); + } +} +?> diff --git a/secrets-benchmarks/snippets/115/ground-truth.json b/secrets-benchmarks/snippets/115/ground-truth.json new file mode 100644 index 0000000..0421336 --- /dev/null +++ b/secrets-benchmarks/snippets/115/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 24, + "language": "terraform", + "findings": [ + { + "line_number": 11, + "secret": "-----BEGIN PRIVATE KEY-----\\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDRsjqzmVzLzI5s\\nC8G9q4W8z4W1tZ5rZ2E3yK1nS0fGqV5p6b2yY1nL8v1zT0uB7jA4cD8eF6gS0k9c\\n... (key data truncated for brevity in real files, but not here) ...\\naBcDeFgHiJkLmNoPqRsTuVwXyZaBcDeFtU6vW8yZ/aBcDeFgHiJkLmNoPqR=\\n-----END PRIVATE KEY-----", + "label": "True Positive" + }, + { + "line_number": 18, + "secret": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/115/snippet.tf b/secrets-benchmarks/snippets/115/snippet.tf new file mode 100644 index 0000000..f8c8216 --- /dev/null +++ b/secrets-benchmarks/snippets/115/snippet.tf @@ -0,0 +1,32 @@ +resource "google_project_service_identity" "gcp_sa_bigquery" { + provider = google-beta + project = var.project_id + service = "bigquery.googleapis.com" +} + +# This defines the service account key for our CI/CD runner. +# The key is used for authenticating to GCP services during deployment pipelines. +resource "google_service_account_key" "cicd_runner_key" { + service_account_id = google_service_account.cicd_runner.name + private_key = "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDRsjqzmVzLzI5s\nC8G9q4W8z4W1tZ5rZ2E3yK1nS0fGqV5p6b2yY1nL8v1zT0uB7jA4cD8eF6gS0k9c\n... (key data truncated for brevity in real files, but not here) ...\naBcDeFgHiJkLmNoPqRsTuVwXyZaBcDeFtU6vW8yZ/aBcDeFgHiJkLmNoPqR=\n-----END PRIVATE KEY-----" +} + +# The Datadog API key is required to configure monitoring agents on GCE instances. +variable "datadog_api_key" { + type = string + description = "Datadog API key for agent installation" + default = "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6" +} + +resource "google_compute_instance" "api_server" { + project = var.project_id + zone = "us-central1-a" + name = "api-server-prod-01" + machine_type = "e2-medium" + boot_disk { + initialize_params { + image = "debian-cloud/debian-11" + } + } + // ... other instance configs +} diff --git a/secrets-benchmarks/snippets/116/ground-truth.json b/secrets-benchmarks/snippets/116/ground-truth.json new file mode 100644 index 0000000..00ed99c --- /dev/null +++ b/secrets-benchmarks/snippets/116/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 25, + "language": "java", + "findings": [ + { + "line_number": 20, + "secret": "4%jK#pL9sV!qR8bF&gH3", + "label": "True Positive" + }, + { + "line_number": 27, + "secret": "amqp://event_handler:dG9oN6cpL8tXy@rabbitmq-cluster.prod:5672/analytics_vhost", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/116/snippet.java b/secrets-benchmarks/snippets/116/snippet.java new file mode 100644 index 0000000..227742f --- /dev/null +++ b/secrets-benchmarks/snippets/116/snippet.java @@ -0,0 +1,35 @@ +package com.example.analytics.config; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.jdbc.datasource.DriverManagerDataSource; +import com.rabbitmq.client.ConnectionFactory; +import java.net.URI; +import java.net.URISyntaxException; +import javax.sql.DataSource; + +@Configuration +public class DataConfig { + + @Bean + public DataSource postgresDataSource() { + DriverManagerDataSource dataSource = new DriverManagerDataSource(); + dataSource.setDriverClassName("org.postgresql.Driver"); + dataSource.setUrl("jdbc:postgresql://db.prod-eu.internal:5432/customer_events"); + dataSource.setUsername("metrics_svc_user"); + dataSource.setPassword("4%jK#pL9sV!qR8bF&gH3"); + return dataSource; + } + + @Bean + public ConnectionFactory rabbitMQConnectionFactory() { + try { + URI rabbitMqUrl = new URI("amqp://event_handler:dG9oN6cpL8tXy@rabbitmq-cluster.prod:5672/analytics_vhost"); + ConnectionFactory factory = new ConnectionFactory(); + factory.setUri(rabbitMqUrl); + return factory; + } catch (Exception e) { + throw new RuntimeException("Failed to configure RabbitMQ connection", e); + } + } +} diff --git a/secrets-benchmarks/snippets/117/ground-truth.json b/secrets-benchmarks/snippets/117/ground-truth.json new file mode 100644 index 0000000..723cdb0 --- /dev/null +++ b/secrets-benchmarks/snippets/117/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 25, + "language": "terraform", + "findings": [ + { + "line_number": 3, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive" + }, + { + "line_number": 4, + "secret": "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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/117/snippet.tf b/secrets-benchmarks/snippets/117/snippet.tf new file mode 100644 index 0000000..66f4434 --- /dev/null +++ b/secrets-benchmarks/snippets/117/snippet.tf @@ -0,0 +1,32 @@ +provider "aws" { + region = "us-east-1" + access_key = "AKIAY3R4WZ76X2P5QJ6M" + secret_key = "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" +} + +resource "aws_s3_bucket" "financial_reports" { + bucket = "acme-corp-financial-reports-2024" + + tags = { + Name = "Financial Reports Bucket" + Environment = "Production" + ManagedBy = "Terraform" + } +} + +resource "aws_s3_bucket_acl" "reports_acl" { + bucket = aws_s3_bucket.financial_reports.id + acl = "private" +} + +resource "aws_s3_bucket_versioning" "versioning_example" { + bucket = aws_s3_bucket.financial_reports.id + versioning_configuration { + status = "Enabled" + } +} + +resource "aws_iam_user" "deployer" { + name = "ci-cd-deployer-user" + path = "/system/" +} diff --git a/secrets-benchmarks/snippets/118/ground-truth.json b/secrets-benchmarks/snippets/118/ground-truth.json new file mode 100644 index 0000000..4b797c9 --- /dev/null +++ b/secrets-benchmarks/snippets/118/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 25, + "language": "python", + "findings": [ + { + "line_number": 10, + "secret": "AKIAV5TZEU4QPC6GLFIB", + "label": "True Positive" + }, + { + "line_number": 11, + "secret": "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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/118/snippet.py b/secrets-benchmarks/snippets/118/snippet.py new file mode 100644 index 0000000..f056afb --- /dev/null +++ b/secrets-benchmarks/snippets/118/snippet.py @@ -0,0 +1,40 @@ +import os +import json +import boto3 +from botocore.exceptions import ClientError + +def process_log_and_notify(log_file_path): + """Reads a log file, uploads to S3, and sends an SNS notification.""" + + # Configuration - Should be in a vault or env vars + aws_access_key = 'AKIAV5TZEU4QPC6GLFIB' + aws_secret = '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' + s3_bucket_name = 'security-log-archive-apse2' + sns_topic_arn = 'arn:aws:sns:ap-southeast-2:987654321012:SecurityAlertsHighPriority' + + s3_client = boto3.client( + 's3', + aws_access_key_id=aws_access_key, + aws_secret_access_key=aws_secret, + region_name='ap-southeast-2' + ) + + try: + file_name = os.path.basename(log_file_path) + s3_client.upload_file(log_file_path, s3_bucket_name, f'processed/{file_name}') + print(f"Successfully uploaded {file_name} to {s3_bucket_name}") + + sns_client = boto3.client('sns', region_name='ap-southeast-2', aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret) + message = { + "default": json.dumps({"event": "LogFileProcessed", "file": file_name}) + } + sns_client.publish( + TopicArn=sns_topic_arn, + Message=json.dumps(message), + MessageStructure='json' + ) + except ClientError as e: + print(f"An AWS error occurred: {e}") + return False + + return True diff --git a/secrets-benchmarks/snippets/119/ground-truth.json b/secrets-benchmarks/snippets/119/ground-truth.json new file mode 100644 index 0000000..1e7aeab --- /dev/null +++ b/secrets-benchmarks/snippets/119/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 25, + "language": "swift", + "findings": [ + { + "line_number": 9, + "secret": "pk.eyJ1IjoibW9iaWxlLXVzZXIxMiIsImEiOiJjbHB4dWRjc3QwYWR5MmtvNmg2cHl6ZzVyIn0.aF9rP2gS1tY8cE4jK6oMvQ", + "label": "True Positive" + }, + { + "line_number": 14, + "secret": "seg_7mF3bZ8oN6cW0qYdE2pH7rL9sV1pQ4gH", + "label": "True Positive" + }, + { + "line_number": 18, + "secret": "https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o998877.ingest.sentry.io/1234567", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/119/snippet.swift b/secrets-benchmarks/snippets/119/snippet.swift new file mode 100644 index 0000000..1aa7539 --- /dev/null +++ b/secrets-benchmarks/snippets/119/snippet.swift @@ -0,0 +1,37 @@ +import Foundation + +/// Centralized configuration for external services and feature flags. +struct AppConfig { + + // MARK: - API Keys & Tokens + + struct Mapbox { + static let accessToken = "pk.eyJ1IjoibW9iaWxlLXVzZXIxMiIsImEiOiJjbHB4dWRjc3QwYWR5MmtvNmg2cHl6ZzVyIn0.aF9rP2gS1tY8cE4jK6oMvQ" + } + + struct Analytics { + // Temporarily hardcoded for testing on TestFlight builds + static let segmentWriteKey = "seg_7mF3bZ8oN6cW0qYdE2pH7rL9sV1pQ4gH" + } + + struct Sentry { + static let dsn = "https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o998877.ingest.sentry.io/1234567" + } + + // MARK: - URLs + + static var apiBaseURL: URL { + #if DEBUG + return URL(string: "https://api.staging.our-app.com/v2")! + #else + return URL(string: "https://api.prod.our-app.com/v2")! + #endif + } + + // MARK: - Feature Flags + + struct Features { + static let isNewUserProfileEnabled = true + static let isGraphQLMigrationEnabled = false + } +} diff --git a/secrets-benchmarks/snippets/120/ground-truth.json b/secrets-benchmarks/snippets/120/ground-truth.json new file mode 100644 index 0000000..8ad4590 --- /dev/null +++ b/secrets-benchmarks/snippets/120/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 25, + "language": "yaml", + "findings": [ + { + "line_number": 17, + "secret": "dckr_pat_b3FpZ9sK1mFj8oN6cW0qYdE2pH7rL", + "label": "True Positive" + }, + { + "line_number": 32, + "secret": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImE4ZTVjMGEyYjYwZDE2NjYyOTI1OGNjZmMzYjI2Y2I4In0.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmNpOmdsaWRlciJ9.bX4fP8vR2wN9qK7vZ-lS6wYjZ8eT0nC-kF4gH1sJ3", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/120/snippet.yml b/secrets-benchmarks/snippets/120/snippet.yml new file mode 100644 index 0000000..6edf3c3 --- /dev/null +++ b/secrets-benchmarks/snippets/120/snippet.yml @@ -0,0 +1,43 @@ +stages: + - build + - test + - deploy + +variables: + DOCKER_IMAGE_TAG: $CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA + KUBE_NAMESPACE: production + +build_image: + stage: build + image: docker:20.10.16 + services: + - docker:20.10.16-dind + script: + - export DOCKER_REGISTRY_USER="ci_builder" + - export DOCKER_REGISTRY_PASSWORD="dckr_pat_b3FpZ9sK1mFj8oN6cW0qYdE2pH7rL" + - docker login -u $DOCKER_REGISTRY_USER -p $DOCKER_REGISTRY_PASSWORD + - docker build -t my-registry.com/my-app:$DOCKER_IMAGE_TAG . + - docker push my-registry.com/my-app:$DOCKER_IMAGE_TAG + +run_tests: + stage: test + script: + - echo "Running integration tests..." + - # Actual test commands go here + +deploy_to_prod: + stage: deploy + image: dtzar/helm-kubectl:3.7.1 + before_script: + - export KUBE_SERVER="https://gke.prod-cluster.acme.io" + - export KUBE_TOKEN="eyJhbGciOiJSUzI1NiIsImtpZCI6ImE4ZTVjMGEyYjYwZDE2NjYyOTI1OGNjZmMzYjI2Y2I4In0.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmNpOmdsaWRlciJ9.bX4fP8vR2wN9qK7vZ-lS6wYjZ8eT0nC-kF4gH1sJ3" + script: + - kubectl config set-cluster default --server=$KUBE_SERVER --insecure-skip-tls-verify=true + - kubectl config set-credentials default --token=$KUBE_TOKEN + - kubectl config set-context default --cluster=default --user=default --namespace=$KUBE_NAMESPACE + - kubectl config use-context default + - helm upgrade --install my-app ./charts/my-app --namespace $KUBE_NAMESPACE + environment: + name: production + only: + - main diff --git a/secrets-benchmarks/snippets/121/ground-truth.json b/secrets-benchmarks/snippets/121/ground-truth.json new file mode 100644 index 0000000..7ce99d2 --- /dev/null +++ b/secrets-benchmarks/snippets/121/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 26, + "language": "python", + "findings": [ + { + "line_number": 11, + "secret": "postgres://orders_api_user:fJ8#zL@9pQ$wK1!n@db.prod-us-east-1a.internal:5432/orders_production", + "label": "True Positive" + }, + { + "line_number": 19, + "secret": "sk_live_51KoLx2BkF9zH8jR4aG1uWqSpL3bV7nTcX6yZ0mO8eF4vI9tP2uK5rJgS3hN7cW", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/121/snippet.py b/secrets-benchmarks/snippets/121/snippet.py new file mode 100644 index 0000000..0760a6b --- /dev/null +++ b/secrets-benchmarks/snippets/121/snippet.py @@ -0,0 +1,35 @@ +import os +from flask import Flask, jsonify, request +from flask_sqlalchemy import SQLAlchemy +from redis import Redis + +app = Flask(__name__) + +# Configuration for services +class AppConfig: + # PostgreSQL connection for transaction data + SQLALCHEMY_DATABASE_URI = "postgres://orders_api_user:fJ8#zL@9pQ$wK1!n@db.prod-us-east-1a.internal:5432/orders_production" + SQLALCHEMY_TRACK_MODIFICATIONS = False + + # Redis cache for session management + REDIS_HOST = "redis-cache.prod-us-east-1a.internal" + REDIS_PORT = 6379 + + # Stripe for payment processing + STRIPE_API_KEY = "sk_live_51KoLx2BkF9zH8jR4aG1uWqSpL3bV7nTcX6yZ0mO8eF4vI9tP2uK5rJgS3hN7cW" + +app.config.from_object(AppConfig) +db = SQLAlchemy(app) +redis_client = Redis(host=app.config['REDIS_HOST'], port=app.config['REDIS_PORT']) + +class Order(db.Model): + id = db.Column(db.Integer, primary_key=True) + product_id = db.Column(db.String(80), nullable=False) + amount = db.Column(db.Float, nullable=False) + status = db.Column(db.String(20), default='pending') + +@app.route('/api/v1/charge', methods=['POST']) +def create_charge(): + data = request.get_json() + # Logic to create a charge with Stripe would go here + return jsonify({"status": "success"}) diff --git a/secrets-benchmarks/snippets/122/ground-truth.json b/secrets-benchmarks/snippets/122/ground-truth.json new file mode 100644 index 0000000..76addf6 --- /dev/null +++ b/secrets-benchmarks/snippets/122/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 26, + "language": "yaml", + "findings": [ + { + "line_number": 10, + "secret": "dckr_pat_uHj7gQ9rT4vL9yK2wF5zX8oN3aB6d", + "label": "True Positive" + }, + { + "line_number": 11, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive" + }, + { + "line_number": 12, + "secret": "apiVersion: v1\\nclusters:\\n- cluster:\\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFVENDQWxrZ0F3SUJBZ0lSQU5QVCtpb0c5djVqdjBBRW1nU1ZGTXN3Q2dZSUtvWkl6ajBFQXdJd0ZqRVUKTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1CNFhEVEl5TURjeU5ERXhNekV5Tkg4WERUSTBNRGd5T0RFeApNekV5TkgwZ096QXhNQzR4SURFYU1CZ0dBMVVFQ2hNU1FXVnpkR2x2Ym5NdlpHbHRZV2RsY2kxbmJHRnBiWE1NCkdBMVVFQXhNRmMyVmpkWEpwZEhrdWFHSnliM1JsZVRBZkJnTlZCQW9NRG5ONWMzUmxiVHBzYjNkbGJEMW5iR0ZwCmJYTTZJRG9nTUdFeEdUQVhCZ05WQkFNTUdFbGtZbDl3WVdkeVpYSnZibWN4TG1Gb2IzVjBkRlJFWlhKemIyNW0KYkdWMFlXNWpaU0JEYjI1MFpYTjBMbU52YlNCb2IzVjBkSFZ5YVdObExtWnBaWEl3SGhjTk1USTFNRGN4TURFNApNak00V2hjTk1UWXhNekF5TURFNU1qTTFXakE5TVI4d0hRWURWUVFLRXhaTmJHOWhaRzFwY3oxbFpHVnBiWE14Ckh6QWRCZ05WQkFNVEszaGhjbVV1WkhKallYUnBiMjV6TG5OdmJXRnpkR1Z5TFc5b2IyNDViMlJsYkhNdWMybHoKY21sMGEyVjBaSFZ5YVdObElFTmhjbVV1WkhKallYUnBiMjV6TFNCcFpHZGhiWEJzWlM1amIyMHdnZ0VpTUEwRwpDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRGZZKzgvS0hWQjh4WnZ0c0V0T0R0aFFpZFFDTnIKZ1R3NU1uWWdZbkYwYnJvM2ZLRllDTkZrb0Q4S0lPZmR0Z2ZHTjhtLyt1NG1rWUVKTE1RblZtVTRnUWl4M3JqZQp2TEx4OGl1VWZuVmxDT0ZkL2VHRXpjaDlMR1l2Z2Q3R0w1bVdCUnF5ZStjM1B5bU84a0d4bWpWbGl5eS9CcwpkK3Z4a3V2b1Mxc2d5TUVlY0ZPM3V6UmsvblZSb2lLR1lJcVNzc1p4eHlBbzVLRHFnL3p4NEl4eCtvTWd3QXoKNnJ4a1ZJdG9vNGhYc2R4c0E0aGFYajJmYVdGckk3b09kVkRucnczZDFLcnZ3dk9wU2xHNGswMVhxY3JGUlMKbjlTOWc4a25xL01BaWdKOWg2b25tNFFEQWdNQkFBR2pnWU13Z1lBd0hRWURWUjBPQkJZRUZEZDBsZTF1c25ICkczT2x2clBqdzF5N0hXSmJNQjhHQTFVZEl3UVlNQmFBRkRkMGxlMXVzbmhHM09sdnJQancxeTdIV0pqTUJnRwpBMVVkSlFRV01CUUdDcUdHU0liM0RRRUJDd1VBT0dDQVFFQXp2dDBoMWNpc2Z0eXQ5dHRtV2hYdEd4NmdFbjcKYjlxY0ZpS042aG5uZmF0a2x4K2t2Wkd4WlVqYnp2VzJtNmp3L3Y0T2k5ZkZ1QWlXdm9LMG1zMEJVRkF0OW9JCllwZ0FpU3UvTzRjMXN0MXJpYnQ5c0J0L2x1VzhCVDFVd0x1UHNlRGNVd1V0eFNMVyt0ek5qZkZQeDFyZEg3bAp1M1V5eE9ScVd5SWY1Nm9zQkErb3VmMERvMXJjU0Z0SWFvRDBHSHhld3A1amN5b25kZ2h5WnJLVllDdlk1TksKU3Uxb0V4VXRlMGRjWnl3a0NqYytlSWgrSndVQU1kRjdLclVRM0pYcWd2WExvY2R1S3F4cFVmZTRlMWF0a3E5CnVvQnNBQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K server: https://1E2D3F4A.sk1.us-west-2.eks.amazonaws.com\\n name: eks-prod-cluster\\ncontexts:\\n- context:\\n cluster: eks-prod-cluster\\n user: eks-prod-user\\n name: eks-prod-context\\ncurrent-context: eks-prod-context\\nkind: Config\\npreferences: {}\\nusers:\\n- name: eks-prod-user\\n user:\\n token: k8s-aws-v1.aHR0cHM6Ly9zdHMuYW1hem9uYXdzLmNvbS8_QWN0aW9uPUdldENhbGxlcklkZW50aXR5JlgxMT1leGVjLmluZm8mWC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BU0lBVklaWDhNTzZYT0o1WE1EMiUyRjIwMjMwNjEzJTJGcnUtY2VudHJhbC0xJTJGc3RzJTJGYXdzNF9yZXF1ZXN0Jlg...", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/122/snippet.yml b/secrets-benchmarks/snippets/122/snippet.yml new file mode 100644 index 0000000..0b5df31 --- /dev/null +++ b/secrets-benchmarks/snippets/122/snippet.yml @@ -0,0 +1,30 @@ +name: Deploy to Production Kubernetes Cluster + +on: + push: + branches: + - main + +env: + DOCKER_USERNAME: 'webappdeployer' + DOCKER_PASSWORD: 'dckr_pat_uHj7gQ9rT4vL9yK2wF5zX8oN3aB6d' + SLACK_WEBHOOK_URL: 'https://hooks.slack.com/services/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' + KUBE_CONFIG_DATA: 'apiVersion: v1\nclusters:\n- cluster:\n certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFVENDQWxrZ0F3SUJBZ0lSQU5QVCtpb0c5djVqdjBBRW1nU1ZGTXN3Q2dZSUtvWkl6ajBFQXdJd0ZqRVUKTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1CNFhEVEl5TURjeU5ERXhNekV5Tkg4WERUSTBNRGd5T0RFeApNekV5TkgwZ096QXhNQzR4SURFYU1CZ0dBMVVFQ2hNU1FXVnpkR2x2Ym5NdlpHbHRZV2RsY2kxbmJHRnBiWE1NCkdBMVVFQXhNRmMyVmpkWEpwZEhrdWFHSnliM1JsZVRBZkJnTlZCQW9NRG5ONWMzUmxiVHBzYjNkbGJEMW5iR0ZwCmJYTTZJRG9nTUdFeEdUQVhCZ05WQkFNTUdFbGtZbDl3WVdkeVpYSnZibWN4TG1Gb2IzVjBkRlJFWlhKemIyNW0KYkdWMFlXNWpaU0JEYjI1MFpYTjBMbU52YlNCb2IzVjBkSFZ5YVdObExtWnBaWEl3SGhjTk1USTFNRGN4TURFNApNak00V2hjTk1UWXhNekF5TURFNU1qTTFXakE5TVI4d0hRWURWUVFLRXhaTmJHOWhaRzFwY3oxbFpHVnBiWE14Ckh6QWRCZ05WQkFNVEszaGhjbVV1WkhKallYUnBiMjV6TG5OdmJXRnpkR1Z5TFc5b2IyNDViMlJsYkhNdWMybHoKY21sMGEyVjBaSFZ5YVdObElFTmhjbVV1WkhKallYUnBiMjV6TFNCcFpHZGhiWEJzWlM1amIyMHdnZ0VpTUEwRwpDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRGZZKzgvS0hWQjh4WnZ0c0V0T0R0aFFpZFFDTnIKZ1R3NU1uWWdZbkYwYnJvM2ZLRllDTkZrb0Q4S0lPZmR0Z2ZHTjhtLyt1NG1rWUVKTE1RblZtVTRnUWl4M3JqZQp2TEx4OGl1VWZuVmxDT0ZkL2VHRXpjaDlMR1l2Z2Q3R0w1bVdCUnF5ZStjM1B5bU84a0d4bWpWbGl5eS9CcwpkK3Z4a3V2b1Mxc2d5TUVlY0ZPM3V6UmsvblZSb2lLR1lJcVNzc1p4eHlBbzVLRHFnL3p4NEl4eCtvTWd3QXoKNnJ4a1ZJdG9vNGhYc2R4c0E0aGFYajJmYVdGckk3b09kVkRucnczZDFLcnZ3dk9wU2xHNGswMVhxY3JGUlMKbjlTOWc4a25xL01BaWdKOWg2b25tNFFEQWdNQkFBR2pnWU13Z1lBd0hRWURWUjBPQkJZRUZEZDBsZTF1c25ICkczT2x2clBqdzF5N0hXSmJNQjhHQTFVZEl3UVlNQmFBRkRkMGxlMXVzbmhHM09sdnJQancxeTdIV0pqTUJnRwpBMVVkSlFRV01CUUdDcUdHU0liM0RRRUJDd1VBT0dDQVFFQXp2dDBoMWNpc2Z0eXQ5dHRtV2hYdEd4NmdFbjcKYjlxY0ZpS042aG5uZmF0a2x4K2t2Wkd4WlVqYnp2VzJtNmp3L3Y0T2k5ZkZ1QWlXdm9LMG1zMEJVRkF0OW9JCllwZ0FpU3UvTzRjMXN0MXJpYnQ5c0J0L2x1VzhCVDFVd0x1UHNlRGNVd1V0eFNMVyt0ek5qZkZQeDFyZEg3bAp1M1V5eE9ScVd5SWY1Nm9zQkErb3VmMERvMXJjU0Z0SWFvRDBHSHhld3A1amN5b25kZ2h5WnJLVllDdlk1TksKU3Uxb0V4VXRlMGRjWnl3a0NqYytlSWgrSndVQU1kRjdLclVRM0pYcWd2WExvY2R1S3F4cFVmZTRlMWF0a3E5CnVvQnNBQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K server: https://1E2D3F4A.sk1.us-west-2.eks.amazonaws.com\n name: eks-prod-cluster\ncontexts:\n- context:\n cluster: eks-prod-cluster\n user: eks-prod-user\n name: eks-prod-context\ncurrent-context: eks-prod-context\nkind: Config\npreferences: {}\nusers:\n- name: eks-prod-user\n user:\n token: k8s-aws-v1.aHR0cHM6Ly9zdHMuYW1hem9uYXdzLmNvbS8_QWN0aW9uPUdldENhbGxlcklkZW50aXR5JlgxMT1leGVjLmluZm8mWC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BU0lBVklaWDhNTzZYT0o1WE1EMiUyRjIwMjMwNjEzJTJGcnUtY2VudHJhbC0xJTJGc3RzJTJGYXdzNF9yZXF1ZXN0Jlg...' + +jobs: + build-and-push: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ env.DOCKER_USERNAME }} + password: ${{ env.DOCKER_PASSWORD }} + + - name: Build and push Docker image + run: | + docker build -t my-app:${{ github.sha }} . + docker push my-app:${{ github.sha }} diff --git a/secrets-benchmarks/snippets/123/ground-truth.json b/secrets-benchmarks/snippets/123/ground-truth.json new file mode 100644 index 0000000..f397d90 --- /dev/null +++ b/secrets-benchmarks/snippets/123/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 26, + "language": "terraform", + "findings": [ + { + "line_number": 5, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive" + }, + { + "line_number": 6, + "secret": "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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/123/snippet.tf b/secrets-benchmarks/snippets/123/snippet.tf new file mode 100644 index 0000000..aebe3fe --- /dev/null +++ b/secrets-benchmarks/snippets/123/snippet.tf @@ -0,0 +1,37 @@ +# main.tf - Production AWS Infrastructure + +provider "aws" { + region = "eu-central-1" + access_key = "AKIAY3R4WZ76X2P5QJ6M" + secret_key = "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" +} + +resource "aws_instance" "api_server" { + ami = "ami-0lc55c26e43b14a4c" # Ubuntu 20.04 LTS + instance_type = "t3.medium" + key_name = "prod-api-keypair" + subnet_id = aws_subnet.private_a.id + vpc_security_group_ids = [aws_security_group.api_sg.id] + user_data = <<-EOF + #!/bin/bash + echo "Setting up API server..." + # Further setup would go here + EOF + + tags = { + Name = "api-server-prod" + Environment = "Production" + } +} + +resource "aws_db_instance" "postgresql_db" { + allocated_storage = 20 + engine = "postgres" + engine_version = "13.3" + instance_class = "db.t3.micro" + name = "maindb" + username = "dbadmin" + password = "Adm1nPassw0rd!ChangeThisLater" + parameter_group_name = "default.postgres13" + skip_final_snapshot = true +} diff --git a/secrets-benchmarks/snippets/124/ground-truth.json b/secrets-benchmarks/snippets/124/ground-truth.json new file mode 100644 index 0000000..b1aef70 --- /dev/null +++ b/secrets-benchmarks/snippets/124/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 26, + "language": "csharp", + "findings": [ + { + "line_number": 8, + "secret": "Endpoint=sb://myeventhub-prod.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=jV3zK9bR4sP7xG1fH5vD2uM8qY6wL0aT+AbC=dEfGhI=", + "label": "True Positive" + }, + { + "line_number": 28, + "secret": "SG.aV4gH9rT2pL7.xJ5sK1mF3bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mF3bZ8oN", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/124/snippet.cs b/secrets-benchmarks/snippets/124/snippet.cs new file mode 100644 index 0000000..16f90a8 --- /dev/null +++ b/secrets-benchmarks/snippets/124/snippet.cs @@ -0,0 +1,37 @@ +namespace WebApp.Services.Configuration +{ + public static class ServiceBusConfigurator + { + public static IServiceCollection AddServiceBus(this IServiceCollection services, IConfiguration config) + { + // NOTE: This configuration is for legacy systems. Modern setup should use Managed Identity. + var serviceBusConnectionString = "Endpoint=sb://myeventhub-prod.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=jV3zK9bR4sP7xG1fH5vD2uM8qY6wL0aT+AbC=dEfGhI="; + + services.AddAzureClients(builder => + { + builder.AddServiceBusClient(serviceBusConnectionString); + }); + + return services; + } + } + + public class EmailNotificationService + { + private readonly ILogger _logger; + private readonly string _sendGridApiKey; + + public EmailNotificationService(ILogger logger) + { + _logger = logger; + // API Key for the SendGrid transactional email service + _sendGridApiKey = "SG.aV4gH9rT2pL7.xJ5sK1mF3bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mF3bZ8oN"; + } + + public async Task SendWelcomeEmail(string userEmail) + { + // Implementation of sending email via SendGrid client + _logger.LogInformation("Sent welcome email to {email}", userEmail); + } + } +} diff --git a/secrets-benchmarks/snippets/125/ground-truth.json b/secrets-benchmarks/snippets/125/ground-truth.json new file mode 100644 index 0000000..48b1052 --- /dev/null +++ b/secrets-benchmarks/snippets/125/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 26, + "language": "go", + "findings": [ + { + "line_number": 13, + "secret": "{\n\"type\": \"service_account\",\n\"project_id\": \"internal-data-pipeline-314159\",\n\"private_key_id\": \"a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0\",\n\"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6sA7g5+fE6tSj\\n4p6t2w3x...\\n... (key data continues) ...\\nfN4r4c0i9v6j5t7r9s1u3v5x7z9A1B3C5E7G9I1K3M5O7Q9S1U3W5Y7Z9a1c3e5g\\n7i9k1m3o5q7s9u1w3y5z7B9D1F3H5J7L9N1P3R5T7V9X1Z3b5d7f9h1j3l5n7p9r\\n...\\n-----END PRIVATE KEY-----\\n\",\n\"client_email\": \"backup-runner@internal-data-pipeline-314159.iam.gserviceaccount.com\",\n\"client_id\": \"109876543210987654321\",\n\"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\n\"token_uri\": \"https://oauth2.googleapis.com/token\",\n\"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\n\"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/backup-runner%40internal-data-pipeline-314159.iam.gserviceaccount.com\"\n}", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/125/snippet.go b/secrets-benchmarks/snippets/125/snippet.go new file mode 100644 index 0000000..90f32d4 --- /dev/null +++ b/secrets-benchmarks/snippets/125/snippet.go @@ -0,0 +1,44 @@ +package main + +import ( + "context" + "log" + + "google.golang.org/api/option" + "google.golang.org/api/storage/v1" +) + +// This service account key allows read/write access to our GCS buckets. +// It should be rotated every 90 days and managed by infrastructure. +const gcpServiceAccountKey = `{ +"type": "service_account", +"project_id": "internal-data-pipeline-314159", +"private_key_id": "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0", +"private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6sA7g5+fE6tSj\n4p6t2w3x...\n... (key data continues) ...\nfN4r4c0i9v6j5t7r9s1u3v5x7z9A1B3C5E7G9I1K3M5O7Q9S1U3W5Y7Z9a1c3e5g\n7i9k1m3o5q7s9u1w3y5z7B9D1F3H5J7L9N1P3R5T7V9X1Z3b5d7f9h1j3l5n7p9r\n...\n-----END PRIVATE KEY-----\n", +"client_email": "backup-runner@internal-data-pipeline-314159.iam.gserviceaccount.com", +"client_id": "109876543210987654321", +"auth_uri": "https://accounts.google.com/o/oauth2/auth", +"token_uri": "https://oauth2.googleapis.com/token", +"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", +"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/backup-runner%40internal-data-pipeline-314159.iam.gserviceaccount.com" +}` + +func main() { + ctx := context.Background() + + // Authenticate with the hardcoded service account key. + storageClient, err := storage.NewService(ctx, option.WithCredentialsJSON([]byte(gcpServiceAccountKey))) + if err != nil { + log.Fatalf("Failed to create storage client: %v", err) + } + + // Use the client to list buckets + buckets, err := storageClient.Buckets.List("internal-data-pipeline-314159").Do() + if err != nil { + log.Fatalf("Failed to list buckets: %v", err) + } + + for _, bucket := range buckets.Items { + log.Printf("Found bucket: %s", bucket.Name) + } +} diff --git a/secrets-benchmarks/snippets/126/ground-truth.json b/secrets-benchmarks/snippets/126/ground-truth.json new file mode 100644 index 0000000..bbe5b19 --- /dev/null +++ b/secrets-benchmarks/snippets/126/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 28, + "language": "go", + "findings": [ + { + "line_number": 20, + "secret": "sk_live_51Mv9L2ApC9eG1tZ8cRwXvWqSjU3mBhT5yE6eF2dD4cCnRbAqZgXwVvUuYtRsPaOcB9a8g", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/126/snippet.go b/secrets-benchmarks/snippets/126/snippet.go new file mode 100644 index 0000000..6355514 --- /dev/null +++ b/secrets-benchmarks/snippets/126/snippet.go @@ -0,0 +1,44 @@ +// src/services/payment_processor.go +package services + +import ( + "context" + "github.com/gin-gonic/gin" + "github.com/stripe/stripe-go/v72" + "github.com/stripe/stripe-go/v72/paymentintent" + "log" +) + +// PaymentGateway handles interactions with the payment provider. +type PaymentGateway struct { + stripeKey string +} + +// NewPaymentGateway initializes the gateway with necessary credentials. +func NewPaymentGateway() *PaymentGateway { + // In a real app, this should come from a secure vault or env variables. + apiKey := "sk_live_51Mv9L2ApC9eG1tZ8cRwXvWqSjU3mBhT5yE6eF2dD4cCnRbAqZgXwVvUuYtRsPaOcB9a8g" + stripe.Key = apiKey + + return &PaymentGateway{ + stripeKey: apiKey, + } +} + +// CreatePaymentIntent creates a new payment intent for a transaction. +func (pg *PaymentGateway) CreatePaymentIntent(amount int64, currency string) (*stripe.PaymentIntent, error) { + params := &stripe.PaymentIntentParams{ + Amount: stripe.Int64(amount), + Currency: stripe.String(string(stripe.CurrencyUSD)), + AutomaticPaymentMethods: &stripe.PaymentIntentAutomaticPaymentMethodsParams{ + Enabled: stripe.Bool(true), + }, + } + + pi, err := paymentintent.New(params) + if err != nil { + log.Printf("Failed to create payment intent: %v", err) + return nil, err + } + return pi, nil +} diff --git a/secrets-benchmarks/snippets/127/ground-truth.json b/secrets-benchmarks/snippets/127/ground-truth.json new file mode 100644 index 0000000..e1df43b --- /dev/null +++ b/secrets-benchmarks/snippets/127/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 28, + "language": "yaml", + "findings": [ + { + "line_number": 17, + "secret": "dckr_pat_f9JkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy", + "label": "True Positive" + }, + { + "line_number": 26, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/127/snippet.yml b/secrets-benchmarks/snippets/127/snippet.yml new file mode 100644 index 0000000..aa0c8b4 --- /dev/null +++ b/secrets-benchmarks/snippets/127/snippet.yml @@ -0,0 +1,39 @@ +# Jenkinsfile (Declarative Pipeline) +pipeline { + agent any + + environment { + DOCKER_REGISTRY = 'registry.hub.docker.com' + DOCKER_IMAGE_NAME = 'my-corp/webapp' + DOCKER_CREDS_ID = 'dockerhub-credentials' + } + + stages { + stage('Build and Push') { + steps { + script { + def dockerImage = "${DOCKER_REGISTRY}/${DOCKER_IMAGE_NAME}:${env.BUILD_NUMBER}" + // Login and push to Docker Hub + sh "docker login -u mycorp_ci_bot -p dckr_pat_f9JkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy" + sh "docker build -t ${dockerImage} ." + sh "docker push ${dockerImage}" + } + } + } + stage('Notify Deployment') { + steps { + script { + def slackWebhookUrl = 'https://hooks.slack.com/services/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' + sh """ + curl -X POST -H 'Content-type: application/json' --data '{"text":"Deployment of ${DOCKER_IMAGE_NAME}:${env.BUILD_NUMBER} completed successfully!"}' ${slackWebhookUrl} + """ + } + } + } + stage('Cleanup') { + steps { + sh 'docker logout' + } + } + } +} diff --git a/secrets-benchmarks/snippets/128/ground-truth.json b/secrets-benchmarks/snippets/128/ground-truth.json new file mode 100644 index 0000000..ff46831 --- /dev/null +++ b/secrets-benchmarks/snippets/128/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 28, + "language": "terraform", + "findings": [ + { + "line_number": 3, + "secret": "AKIAV7S4M3N2O1P6Q5R8", + "label": "True Positive" + }, + { + "line_number": 4, + "secret": "uG+hJkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/128/snippet.tf b/secrets-benchmarks/snippets/128/snippet.tf new file mode 100644 index 0000000..5673a01 --- /dev/null +++ b/secrets-benchmarks/snippets/128/snippet.tf @@ -0,0 +1,34 @@ +provider "aws" { + region = "us-east-1" + access_key = "AKIAV7S4M3N2O1P6Q5R8" + secret_key = "uG+hJkLpQwErTyUiOpAsDfGhJkLzXcVbNmQwErTy" +} + +resource "aws_s3_bucket" "logs" { + bucket = "my-app-production-logs-20240315" + + tags = { + Name = "Application Logs Bucket" + Environment = "Production" + ManagedBy = "Terraform" + } +} + +resource "aws_s3_bucket_public_access_block" "logs_public_access" { + bucket = aws_s3_bucket.logs.id + + block_public_acls = true + block_public_policy = true + ignore_public_acls = true + restrict_public_buckets = true +} + +resource "aws_instance" "bastion" { + ami = "ami-0c55b159cbfafe1f0" + instance_type = "t2.micro" + subnet_id = "subnet-0a1b2c3d4e5f6g7h8" + + tags = { + Name = "bastion-host-prod" + } +} diff --git a/secrets-benchmarks/snippets/129/ground-truth.json b/secrets-benchmarks/snippets/129/ground-truth.json new file mode 100644 index 0000000..953cf31 --- /dev/null +++ b/secrets-benchmarks/snippets/129/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 28, + "language": "php", + "findings": [ + { + "line_number": 14, + "secret": "D#fG8*jK!lM2$n P5", + "label": "True Positive" + }, + { + "line_number": 18, + "secret": "key-c9a8b7d6e5f4a3b2c1d0e9f8a7b6c5d4", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/129/snippet.php b/secrets-benchmarks/snippets/129/snippet.php new file mode 100644 index 0000000..783d30d --- /dev/null +++ b/secrets-benchmarks/snippets/129/snippet.php @@ -0,0 +1,36 @@ +db_conn = new PDO("mysql:host=$db_host;dbname=$db_name", $db_user, $db_pass); + + // Mailgun Client Initialization + $this->mailer = Mailgun::create('key-c9a8b7d6e5f4a3b2c1d0e9f8a7b6c5d4', 'https://api.mailgun.net/v3/mg.my-corp.com'); + } + + public function sendWelcomeEmails() { + $stmt = $this->db_conn->query("SELECT email, name FROM users WHERE needs_welcome_email = TRUE"); + while ($row = $stmt->fetch()) { + $this->mailer->messages()->send('mg.my-corp.com', [ + 'from' => 'Welcome Team ', + 'to' => $row['name'] . ' <' . $row['email'] . '>', + 'subject' => 'Welcome to Our Service!', + 'text' => 'Thank you for signing up.' + ]); + } + } +} + +$service = new NotificationService(); +$service->sendWelcomeEmails(); +?> diff --git a/secrets-benchmarks/snippets/130/ground-truth.json b/secrets-benchmarks/snippets/130/ground-truth.json new file mode 100644 index 0000000..8c31727 --- /dev/null +++ b/secrets-benchmarks/snippets/130/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 28, + "language": "javascript", + "findings": [ + { + "line_number": 12, + "secret": "https://b4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9@o1234567.ingest.sentry.io/8901234", + "label": "True Positive" + }, + { + "line_number": 25, + "secret": "pk.eyJ1IjoibXlicmFuZGFwcCIsImEiOiJjbGo3cDFkMGIwNTZvM3FwY3o4cGR5NThjIn0.v9a8d7C6b5a4f3e2d1c0b9a8f7e6d5c4", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/130/snippet.js b/secrets-benchmarks/snippets/130/snippet.js new file mode 100644 index 0000000..9ade3c6 --- /dev/null +++ b/secrets-benchmarks/snippets/130/snippet.js @@ -0,0 +1,40 @@ +import React from 'react'; +import ReactDOM from 'react-dom'; +import * as Sentry from '@sentry/react'; +import { BrowserTracing } from '@sentry/tracing'; +import App from './App'; + +const REACT_APP_ENV = process.env.NODE_ENV; + +// Initialize Sentry for error tracking, but only in production. +if (REACT_APP_ENV === 'production') { + Sentry.init({ + dsn: "https://b4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9@o1234567.ingest.sentry.io/8901234", + integrations: [new BrowserTracing()], + + // Set tracesSampleRate to 1.0 to capture 100% + // of transactions for performance monitoring. + // We recommend adjusting this value in production + tracesSampleRate: 0.2, + }); +} + +// Initialize Mapbox +// This key is for the mapping component in our dashboard +const mapboxConfig = { + accessToken: 'pk.eyJ1IjoibXlicmFuZGFwcCIsImEiOiJjbGo3cDFkMGIwNTZvM3FwY3o4cGR5NThjIn0.v9a8d7C6b5a4f3e2d1c0b9a8f7e6d5c4' +}; + +function initializeServices() { + // Placeholder for other service initializations + console.log('Mapbox token set for env:', REACT_APP_ENV); +} + +initializeServices(); + +ReactDOM.render( + + + , + document.getElementById('root'), +); diff --git a/secrets-benchmarks/snippets/131/ground-truth.json b/secrets-benchmarks/snippets/131/ground-truth.json new file mode 100644 index 0000000..3f3b1e6 --- /dev/null +++ b/secrets-benchmarks/snippets/131/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 29, + "language": "python", + "findings": [ + { + "line_number": 13, + "secret": "AKIAU4V5M7W3XYZ6B2C4", + "label": "True Positive" + }, + { + "line_number": 14, + "secret": "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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/131/snippet.py b/secrets-benchmarks/snippets/131/snippet.py new file mode 100644 index 0000000..c0c6b26 --- /dev/null +++ b/secrets-benchmarks/snippets/131/snippet.py @@ -0,0 +1,34 @@ +#!/usr/bin/env python3 + +import boto3 +import logging +from datetime import datetime + +# Configure logging +logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s') + +def upload_report_to_s3(file_path, bucket_name): + """Uploads a daily report to a specified S3 bucket.""" + + aws_access_key_id = "AKIAU4V5M7W3XYZ6B2C4" + aws_secret_access_key = "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" + + session = boto3.Session( + aws_access_key_id=aws_access_key_id, + aws_secret_access_key=aws_secret_access_key, + region_name='us-east-1' + ) + s3_client = session.client('s3') + + report_date = datetime.now().strftime('%Y-%m-%d') + object_key = f"reports/daily/{report_date}-sales-summary.csv" + + try: + logging.info(f"Uploading {file_path} to {bucket_name}/{object_key}") + s3_client.upload_file(file_path, bucket_name, object_key) + logging.info("Upload successful.") + except Exception as e: + logging.error(f"Failed to upload report: {e}") + +if __name__ == "__main__": + upload_report_to_s3("./local_sales_report.csv", "company-internal-data-4921") diff --git a/secrets-benchmarks/snippets/132/ground-truth.json b/secrets-benchmarks/snippets/132/ground-truth.json new file mode 100644 index 0000000..5c75b23 --- /dev/null +++ b/secrets-benchmarks/snippets/132/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 29, + "language": "terraform", + "findings": [ + { + "line_number": 7, + "secret": "dd-api-9871e4a2dff3b3e511d7392110427c3d", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/132/snippet.tf b/secrets-benchmarks/snippets/132/snippet.tf new file mode 100644 index 0000000..3e576de --- /dev/null +++ b/secrets-benchmarks/snippets/132/snippet.tf @@ -0,0 +1,27 @@ +# Terraform configuration for monitoring an RDS instance + +provider "datadog" { + # Credentials should be configured using environment variables + # DD_API_KEY and DD_APP_KEY + # This is a hardcoded key for staging environment setup + api_key = "dd-api-9871e4a2dff3b3e511d7392110427c3d" + app_key = var.datadog_app_key +} + +resource "datadog_monitor" "rds_high_cpu" { + name = "[Critical] High CPU Utilization on RDS Instance" + type = "metric alert" + message = "@slack-data-alerts CPU utilization is over 90% on {{dbinstanceidentifier.name}}. Please investigate immediately." + escalation_message = "The RDS instance is still under high CPU load. Escalating to on-call SRE @pagerduty-sre-team." + + query = "avg(last_5m):avg:aws.rds.cpuutilization{dbinstanceidentifier:prod-main-db-1} > 90" + + monitor_thresholds { + critical = 90 + warning = 75 + } + + notify_no_data = false + renotify_interval = 20 + tags = ["terraform", "prod", "database", "rds"] +} diff --git a/secrets-benchmarks/snippets/133/ground-truth.json b/secrets-benchmarks/snippets/133/ground-truth.json new file mode 100644 index 0000000..39e0976 --- /dev/null +++ b/secrets-benchmarks/snippets/133/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 29, + "language": "go", + "findings": [ + { + "line_number": 15, + "secret": "sk_live_51Mv9L2FqA8fG1tYpKrZxvWqSjU3mH8sD7gY5bN4c3pL1kM0oJ9iR", + "label": "True Positive" + }, + { + "line_number": 18, + "secret": "postgres://billing_svc:aH7#kL$pQ2s!zX9@db-payments.us-east-1.rds.amazonaws.com:5432/payments_prod", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/133/snippet.go b/secrets-benchmarks/snippets/133/snippet.go new file mode 100644 index 0000000..1ef3318 --- /dev/null +++ b/secrets-benchmarks/snippets/133/snippet.go @@ -0,0 +1,36 @@ +package main + +import ( + "database/sql" + "fmt" + "log" + "net/http" + + "github.com/gin-gonic/gin" + "github.com/stripe/stripe-go/v72" + "github.com/stripe/stripe-go/v72/paymentintent" +) + +func setupBillingService() { + stripe.Key = "sk_live_51Mv9L2FqA8fG1tYpKrZxvWqSjU3mH8sD7gY5bN4c3pL1kM0oJ9iR" + + // Database connection setup + connStr := "postgres://billing_svc:aH7#kL$pQ2s!zX9@db-payments.us-east-1.rds.amazonaws.com:5432/payments_prod" + db, err := sql.Open("postgres", connStr) + if err != nil { + log.Fatalf("Failed to connect to database: %v", err) + } + defer db.Close() + + log.Println("Database and Stripe clients initialized successfully.") +} + +func createPaymentIntent(c *gin.Context) { + params := &stripe.PaymentIntentParams{ + Amount: stripe.Int64(2000), // $20.00 + Currency: stripe.String(string(stripe.CurrencyUSD)), + } + + pi, _ := paymentintent.New(params) + c.JSON(http.StatusOK, gin.H{"client_secret": pi.ClientSecret}) +} diff --git a/secrets-benchmarks/snippets/134/ground-truth.json b/secrets-benchmarks/snippets/134/ground-truth.json new file mode 100644 index 0000000..836c943 --- /dev/null +++ b/secrets-benchmarks/snippets/134/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 29, + "language": "yaml", + "findings": [ + { + "line_number": 19, + "secret": "dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE", + "label": "True Positive" + }, + { + "line_number": 33, + "secret": "|\n -----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAYEAulh6rT5hQh2w8e4q9l5z4i6f2r8b7e0d5n3x5q6z7w8b9c0d1e2f\n3g4h5j6k7l8m9n0b1c2d3e4f5g6h7i8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m\n8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v\n3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7\nz8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2\nd5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h\n0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5\nm6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0\nv1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6_j7k8l9m0n1b2v3c4x5\n-----END OPENSSH PRIVATE KEY-----", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/134/snippet.yml b/secrets-benchmarks/snippets/134/snippet.yml new file mode 100644 index 0000000..aed8dd2 --- /dev/null +++ b/secrets-benchmarks/snippets/134/snippet.yml @@ -0,0 +1,50 @@ +name: Deploy to Production + +on: + push: + branches: + - main + +jobs: + build-and-deploy: + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: 'app_deployer' + password: 'dckr_pat_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE' + + - name: Build and Push Docker Image + uses: docker/build-push-action@v4 + with: + context: . + push: true + tags: myapp/production-server:latest + + - name: Deploy to Server via SSH + uses: appleboy/ssh-action@master + with: + host: 192.168.1.100 + username: prod-deploy + key: | + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn + NhAAAAAwEAAQAAAYEAulh6rT5hQh2w8e4q9l5z4i6f2r8b7e0d5n3x5q6z7w8b9c0d1e2f + 3g4h5j6k7l8m9n0b1c2d3e4f5g6h7i8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m + 8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v + 3c4x5z6a7s8d9f0g1h2j3k4l5m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7 + z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2 +4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0v1c2x3z4a5s6d7f8g9h + 0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5z6a7s8d9f0g1h2j3k4l5 + m6n7b8v9c0x1z2a3s4d5f6g7h8j9k0l1m2n3b4v5c6x7z8a9s0d1f2g3h4j5k6l7m8n9b0 + v1c2x3z4a5s6d7f8g9h0j1k2l3m4n5b6v7c8x9z0a1s2d3f4g5h6j7k8l9m0n1b2v3c4x5 + -----END OPENSSH PRIVATE KEY----- + script: | + docker pull myapp/production-server:latest + docker stop myapp-container || true + docker rm myapp-container || true + docker run -d --name myapp-container -p 8080:80 myapp/production-server:latest diff --git a/secrets-benchmarks/snippets/135/ground-truth.json b/secrets-benchmarks/snippets/135/ground-truth.json new file mode 100644 index 0000000..bbaa0f8 --- /dev/null +++ b/secrets-benchmarks/snippets/135/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 29, + "language": "properties", + "findings": [ + { + "line_number": 11, + "secret": "jdbc:postgresql://prod-db-replica.c9u3x4y5z6a7.us-west-2.rds.amazonaws.com:5432/analytics?user=report_user&password=7G$z#9*kL@qP!", + "label": "True Positive" + }, + { + "line_number": 20, + "secret": "SG.aV4gH9rT2pL7xJ5sK1mFw.bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mFw_bZ8oN6cW0qYdE", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/135/snippet.properties b/secrets-benchmarks/snippets/135/snippet.properties new file mode 100644 index 0000000..6fa8c47 --- /dev/null +++ b/secrets-benchmarks/snippets/135/snippet.properties @@ -0,0 +1,25 @@ +# =================================================================== +# Spring Boot Application Properties +# =================================================================== + +# Server Configuration +server.port=8080 +server.servlet.context-path=/api + +# Database Source Configuration (Production) +spring.datasource.driver-class-name=org.postgresql.Driver +spring.datasource.url=jdbc:postgresql://prod-db-replica.c9u3x4y5z6a7.us-west-2.rds.amazonaws.com:5432/analytics?user=report_user&password=7G$z#9*kL@qP! +spring.jpa.database-platform=org.hibernate.dialect.PostgreSQLDialect +spring.jpa.hibernate.ddl-auto=validate + +# Email Service Configuration +# This is for sending critical system alerts and notifications +spring.mail.host=smtp.sendgrid.net +spring.mail.port=587 +spring.mail.username=apikey +spring.mail.password=SG.aV4gH9rT2pL7xJ5sK1mFw.bZ8oN6cW0qYdEaV4gH9rT2pL7xJ5sK1mFw_bZ8oN6cW0qYdE +spring.mail.properties.mail.smtp.auth=true +spring.mail.properties.mail.smtp.starttls.enable=true + +# Logging Configuration +logging.level.com.example.service=INFO diff --git a/secrets-benchmarks/snippets/136/ground-truth.json b/secrets-benchmarks/snippets/136/ground-truth.json new file mode 100644 index 0000000..4bcd02f --- /dev/null +++ b/secrets-benchmarks/snippets/136/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 30, + "language": "python", + "findings": [ + { + "line_number": 9, + "secret": "postgres://reports_svc:3^z&tK9@pL!v$rR@db-reporting.c4zqm9fp1v2a.eu-west-1.rds.amazonaws.com:5432/analytics_prod", + "label": "True Positive" + }, + { + "line_number": 13, + "secret": "8f3d1e2a-6c5b-4a99-8d7c-3f9b1e4a2d7f", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/136/snippet.py b/secrets-benchmarks/snippets/136/snippet.py new file mode 100644 index 0000000..ef6749b --- /dev/null +++ b/secrets-benchmarks/snippets/136/snippet.py @@ -0,0 +1,33 @@ +from flask import Flask, jsonify, request +from flask_sqlalchemy import SQLAlchemy +from flask_jwt_extended import create_access_token, JWTManager +import os + +app = Flask(__name__) + +# Database configuration from environment variables is preferred, but here for PoC +app.config['SQLALCHEMY_DATABASE_URI'] = 'postgres://reports_svc:3^z&tK9@pL!v$rR@db-reporting.c4zqm9fp1v2a.eu-west-1.rds.amazonaws.com:5432/analytics_prod' +app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False + +# Setup the Flask-JWT-Extended extension +app.config['JWT_SECRET_KEY'] = '8f3d1e2a-6c5b-4a99-8d7c-3f9b1e4a2d7f' +jwt = JWTManager(app) +db = SQLAlchemy(app) + +class User(db.Model): + id = db.Column(db.Integer, primary_key=True) + username = db.Column(db.String(80), unique=True, nullable=False) + +@app.route('/login', methods=['POST']) +def login(): + username = request.json.get('username', None) + password = request.json.get('password', None) + # In a real app, you'd check the password here + if username != 'test' or password != 'test': + return jsonify({'msg': 'Bad username or password'}), 401 + + access_token = create_access_token(identity=username) + return jsonify(access_token=access_token) + +if __name__ == '__main__': + app.run(debug=False, host='0.0.0.0') diff --git a/secrets-benchmarks/snippets/137/ground-truth.json b/secrets-benchmarks/snippets/137/ground-truth.json new file mode 100644 index 0000000..3b62424 --- /dev/null +++ b/secrets-benchmarks/snippets/137/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 30, + "language": "terraform", + "findings": [ + { + "line_number": 17, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive" + }, + { + "line_number": 18, + "secret": "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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/137/snippet.tf b/secrets-benchmarks/snippets/137/snippet.tf new file mode 100644 index 0000000..46140d8 --- /dev/null +++ b/secrets-benchmarks/snippets/137/snippet.tf @@ -0,0 +1,38 @@ +# ======================================================================== +# TERRAFORM CONFIGURATION FOR THE CORE PRODUCTION VPC +# ======================================================================== + +terraform { + required_version = ">= 1.0" + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.16" + } + } +} + +provider "aws" { + region = "us-east-1" + access_key = "AKIAY3R4WZ76X2P5QJ6M" + secret_key = "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" +} + +resource "aws_vpc" "main" { + cidr_block = "10.0.0.0/16" + instance_tenancy = "default" + + tags = { + Name = "prod-vpc" + } +} + +resource "aws_subnet" "public_a" { + vpc_id = aws_vpc.main.id + cidr_block = "10.0.1.0/24" + availability_zone = "us-east-1a" + + tags = { + Name = "prod-public-subnet-a" + } +} diff --git a/secrets-benchmarks/snippets/138/ground-truth.json b/secrets-benchmarks/snippets/138/ground-truth.json new file mode 100644 index 0000000..0dc33e4 --- /dev/null +++ b/secrets-benchmarks/snippets/138/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 30, + "language": "yaml", + "findings": [ + { + "line_number": 20, + "secret": "dckr_pat_7aF9c2eD-5bG8h-4J1k-m3N4o-p6Q7rS8tU9wX", + "label": "True Positive" + }, + { + "line_number": 32, + "secret": "https://hooks.slack.com/services/T01A2B3C4D5/B02E1F2G3H4/aBcDeFgHiJkLmNoPqRsTuVwX", + "label": "True Positive" + }, + { + "line_number": 37, + "secret": "https://hooks.slack.com/services/T01A2B3C4D5/B02E1F2G3H4/aBcDeFgHiJkLmNoPqRsTuVwX", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/138/snippet.yml b/secrets-benchmarks/snippets/138/snippet.yml new file mode 100644 index 0000000..ec96480 --- /dev/null +++ b/secrets-benchmarks/snippets/138/snippet.yml @@ -0,0 +1,37 @@ +# CI/CD Pipeline for building, testing, and deploying the frontend application +name: Frontend CI/CD + +on: + push: + branches: + - main + +jobs: + build-and-deploy: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Log in to Docker Hub + uses: docker/login-action@v2 + with: + username: 'corp_deployer' + password: 'dckr_pat_7aF9c2eD-5bG8h-4J1k-m3N4o-p6Q7rS8tU9wX' + + - name: Build and push Docker image + uses: docker/build-push-action@v4 + with: + context: . + push: true + tags: ourcorp/frontend:latest + + - name: Send notification on success + if: success() + run: | + curl -X POST -H 'Content-type: application/json' --data '{"text":"Frontend deployment to production succeeded!"}' https://hooks.slack.com/services/T01A2B3C4D5/B02E1F2G3H4/aBcDeFgHiJkLmNoPqRsTuVwX + + - name: Send notification on failure + if: failure() + run: | + curl -X POST -H 'Content-type: application/json' --data '{"text":"URGENT: Frontend deployment failed!"}' https://hooks.slack.com/services/T01A2B3C4D5/B02E1F2G3H4/aBcDeFgHiJkLmNoPqRsTuVwX diff --git a/secrets-benchmarks/snippets/139/ground-truth.json b/secrets-benchmarks/snippets/139/ground-truth.json new file mode 100644 index 0000000..971dc3d --- /dev/null +++ b/secrets-benchmarks/snippets/139/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 30, + "language": "javascript", + "findings": [ + { + "line_number": 6, + "secret": "pk.eyJ1IjoiYm9iYnljb2RlcjkzIiwiYSI6ImNrdjR4cDFnMWhwMzAydnFwZXE1cHp2N3EifQ.mG5Jc4u_A5QfDtCg9C0C3A", + "label": "True Positive" + }, + { + "line_number": 11, + "secret": "https://3a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d@o1234567.ingest.sentry.io/9876543", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/139/snippet.js b/secrets-benchmarks/snippets/139/snippet.js new file mode 100644 index 0000000..5050efe --- /dev/null +++ b/secrets-benchmarks/snippets/139/snippet.js @@ -0,0 +1,33 @@ +import React, { useEffect, useRef } from 'react'; +import mapboxgl from 'mapbox-gl'; +import * as Sentry from '@sentry/react'; + +// Initialize third-party services. This should not be done in a component. +const MAPBOX_ACCESS_TOKEN = 'pk.eyJ1IjoiYm9iYnljb2RlcjkzIiwiYSI6ImNrdjR4cDFnMWhwMzAydnFwZXE1cHp2N3EifQ.mG5Jc4u_A5QfDtCg9C0C3A'; +mapboxgl.accessToken = MAPBOX_ACCESS_TOKEN; + +Sentry.init({ + environment: 'production', + dsn: 'https://3a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d@o1234567.ingest.sentry.io/9876543', + integrations: [new Sentry.BrowserTracing()], + tracesSampleRate: 0.2, +}); + +const MapComponent = () => { + const mapContainer = useRef(null); + const map = useRef(null); + + useEffect(() => { + if (map.current) return; // initialize map only once + map.current = new mapboxgl.Map({ + container: mapContainer.current, + style: 'mapbox://styles/mapbox/streets-v11', + center: [-74.5, 40], + zoom: 9, + }); + }); + + return
; +}; + +export default MapComponent; diff --git a/secrets-benchmarks/snippets/140/ground-truth.json b/secrets-benchmarks/snippets/140/ground-truth.json new file mode 100644 index 0000000..73268e3 --- /dev/null +++ b/secrets-benchmarks/snippets/140/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 30, + "language": "properties", + "findings": [ + { + "line_number": 16, + "secret": "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", + "label": "True Positive" + }, + { + "line_number": 23, + "secret": "f1tY9cRzXvWqSjU3mB2sL4hK7dE0a#Z@p^K", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/140/snippet.properties b/secrets-benchmarks/snippets/140/snippet.properties new file mode 100644 index 0000000..9322b4b --- /dev/null +++ b/secrets-benchmarks/snippets/140/snippet.properties @@ -0,0 +1,31 @@ +# ========================================================= +# Spring Boot Application Properties for Authentication Service +# Environment: PRODUCTION +# ========================================================= + +# Server Configuration +server.port=8080 +server.servlet.context-path=/auth-service + +# Database Connection (using managed identity, so no credentials here) +spring.datasource.url=jdbc:postgresql://prod-db.postgres.database.azure.com:5432/authdb +spring.datasource.username=auth_service_user + +# Spring Security & OAuth2 Client Configuration +spring.security.oauth2.client.registration.google.client-id=987654321098-a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6.apps.googleusercontent.com +spring.security.oauth2.client.registration.google.client-secret=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 +spring.security.oauth2.client.registration.google.scope=openid,profile,email + +# Redis Caching for Sessions +spring.redis.host=prod-redis.cache.windows.net +spring.redis.port=6380 +spring.redis.ssl=true +spring.redis.password=f1tY9cRzXvWqSjU3mB2sL4hK7dE0a#Z@p^K + +# Logging Level +logging.level.com.example.auth=INFO +logging.level.org.springframework.security=WARN + +# Feature Flags +feature.mfa.enabled=true +feature.new-user-auto-approve=false diff --git a/secrets-benchmarks/snippets/141/ground-truth.json b/secrets-benchmarks/snippets/141/ground-truth.json new file mode 100644 index 0000000..9bb8890 --- /dev/null +++ b/secrets-benchmarks/snippets/141/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 31, + "language": "python", + "findings": [ + { + "line_number": 5, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive" + }, + { + "line_number": 6, + "secret": "kG7hF9jD2sL4mP6qR8tV0wX3zY5bA7cE9fI1kN", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/141/snippet.py b/secrets-benchmarks/snippets/141/snippet.py new file mode 100644 index 0000000..0519293 --- /dev/null +++ b/secrets-benchmarks/snippets/141/snippet.py @@ -0,0 +1,34 @@ +import boto3 +import os +from botocore.exceptions import NoCredentialsError + +ACCESS_KEY = 'AKIAY3R4WZ76X2P5QJ6M' +SECRET_KEY = 'kG7hF9jD2sL4mP6qR8tV0wX3zY5bA7cE9fI1kN' + +def upload_to_s3(file_name, bucket, object_name=None): + """Upload a file to an S3 bucket""" + if object_name is None: + object_name = os.path.basename(file_name) + + s3_client = boto3.client( + 's3', + aws_access_key_id=ACCESS_KEY, + aws_secret_access_key=SECRET_KEY + ) + + try: + s3_client.upload_file(file_name, bucket, object_name, + ExtraArgs={'ACL': 'private', 'ServerSideEncryption': 'AES256'} + ) + print(f"Upload successful for {object_name} to bucket {bucket}.") + return True + except FileNotFoundError: + print("The file was not found.") + return False + except NoCredentialsError: + print("Credentials not available.") + return False + +if __name__ == "__main__": + upload_to_s3('report-2023-q4.pdf', 'corp-financial-reports-11032023') + diff --git a/secrets-benchmarks/snippets/142/ground-truth.json b/secrets-benchmarks/snippets/142/ground-truth.json new file mode 100644 index 0000000..4da34f2 --- /dev/null +++ b/secrets-benchmarks/snippets/142/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 31, + "language": "terraform", + "findings": [ + { + "line_number": 13, + "secret": "AKIAW6QXOJ2ZL5TG7FAP", + "label": "True Positive" + }, + { + "line_number": 14, + "secret": "fG9zL2tJ4mH6cR8vB1xS5oE3dY7uW0qA9pI8nZ", + "label": "True Positive" + }, + { + "line_number": 34, + "secret": "ae3267d64b63e8a9c2a689b0d64f0b09", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/142/snippet.tf b/secrets-benchmarks/snippets/142/snippet.tf new file mode 100644 index 0000000..e520679 --- /dev/null +++ b/secrets-benchmarks/snippets/142/snippet.tf @@ -0,0 +1,35 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.16" + } + } + required_version = ">= 1.2.0" +} + +provider "aws" { + region = "us-west-2" + access_key = "AKIAW6QXOJ2ZL5TG7FAP" + secret_key = "fG9zL2tJ4mH6cR8vB1xS5oE3dY7uW0qA9pI8nZ" +} + +resource "aws_instance" "app_server" { + ami = "ami-08d70e59c07c61a3a" + instance_type = "t2.micro" + + tags = { + Name = "PrimaryAppServer" + } +} + +resource "aws_s3_bucket" "data_storage" { + bucket = "confidential-user-data-alpha" +} + +// Temporary variable for monitoring integration +variable "datadog_api_key" { + type = string + description = "Datadog API key for agent configuration." + default = "ae3267d64b63e8a9c2a689b0d64f0b09" +} diff --git a/secrets-benchmarks/snippets/143/ground-truth.json b/secrets-benchmarks/snippets/143/ground-truth.json new file mode 100644 index 0000000..c26865d --- /dev/null +++ b/secrets-benchmarks/snippets/143/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 31, + "language": "javascript", + "findings": [ + { + "line_number": 9, + "secret": "pk.eyJ1IjoibWFwYWRtaW4iLCJhIjoiY2t1b2Q4c3M2MWY4aTJ2bnZkaXA2b2YzeSJ9.wG8fQzR6v4kXpL7yC9jTqA", + "label": "True Positive" + }, + { + "line_number": 13, + "secret": "https://a9f3b8e7d6c54a108f9b9c0e2d1a3c7f@o112233.ingest.sentry.io/45056789012345", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/143/snippet.js b/secrets-benchmarks/snippets/143/snippet.js new file mode 100644 index 0000000..84d6b0a --- /dev/null +++ b/secrets-benchmarks/snippets/143/snippet.js @@ -0,0 +1,40 @@ +import React from 'react'; +import { MapContainer, TileLayer } from 'react-leaflet'; +import * as Sentry from '@sentry/react'; +import { BrowserTracing } from '@sentry/tracing'; + +// Centralized configuration for external services +const serviceConfig = { + mapbox: { + accessToken: 'pk.eyJ1IjoibWFwYWRtaW4iLCJhIjoiY2t1b2Q4c3M2MWY4aTJ2bnZkaXA2b2YzeSJ9.wG8fQzR6v4kXpL7yC9jTqA', + style: 'mapbox://styles/mapbox/streets-v11' + }, + sentry: { + dsn: 'https://a9f3b8e7d6c54a108f9b9c0e2d1a3c7f@o112233.ingest.sentry.io/45056789012345', + tracesSampleRate: 1.0, + }, + apiBaseUrl: '/api/v1' +}; + +// Initialize error tracking +Sentry.init({ + dsn: serviceConfig.sentry.dsn, + integrations: [new BrowserTracing()], + tracesSampleRate: serviceConfig.sentry.tracesSampleRate +}); + +const LocationMapView = () => { + const position = [51.505, -0.09]; + + return ( + + + + ); +}; + +export default LocationMapView; diff --git a/secrets-benchmarks/snippets/144/ground-truth.json b/secrets-benchmarks/snippets/144/ground-truth.json new file mode 100644 index 0000000..7965a00 --- /dev/null +++ b/secrets-benchmarks/snippets/144/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 31, + "language": "yaml", + "findings": [ + { + "line_number": 19, + "secret": "dckr_pat_yNv7sW3zT6jK8hL2mP5gF0xU4qR9cE1aB", + "label": "True Positive" + }, + { + "line_number": 35, + "secret": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAYEAy1A8G8yY2Q0bY8R2fN3eD6rN5bV5oY6zV9nB9zC8rV2aW9nS6qWj\nY9mF7bM3cM9yV1wR6tY3fO2uP8tJ5gY4oZ1jI9pU7fH4xK9pD8oW7yL6kC4hB3sF2xW1zS9\npG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9pG+eR5sD0vM6sN1cK8v\nI4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9pG+eR5sD0vM6sN1cK8vY5htrZ6wF4xK9pD8oW7\nyL6kC4hB3sF2xW1zS9pG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9\npG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wQ2xV1sS9pG+eRb3rAwAAAAtkZXB\nsb3lAYXBwLXNlcnZlcgE=\n-----END OPENSSH PRIVATE KEY-----", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/144/snippet.yml b/secrets-benchmarks/snippets/144/snippet.yml new file mode 100644 index 0000000..603f491 --- /dev/null +++ b/secrets-benchmarks/snippets/144/snippet.yml @@ -0,0 +1,45 @@ +name: Deploy Staging Environment + +on: + push: + branches: + - develop + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: 'corp_deploy_bot' + password: 'dckr_pat_yNv7sW3zT6jK8hL2mP5gF0xU4qR9cE1aB' + + - name: Build and push Docker image + run: | + docker build -t my-app:staging . + docker push my-app:staging + + - name: Deploy to Kubernetes + run: | + echo "${{ env.KUBE_CONFIG_DATA }}" > kubeconfig.yaml + export KUBECONFIG=kubeconfig.yaml + echo "${{ env.SSH_KEY }}" > deploy_key + chmod 600 deploy_key + ssh -i deploy_key -o StrictHostKeyChecking=no deploy@192.168.1.100 './deploy.sh' + env: + SSH_KEY: | + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn + NhAAAAAwEAAQAAAYEAy1A8G8yY2Q0bY8R2fN3eD6rN5bV5oY6zV9nB9zC8rV2aW9nS6qWj + Y9mF7bM3cM9yV1wR6tY3fO2uP8tJ5gY4oZ1jI9pU7fH4xK9pD8oW7yL6kC4hB3sF2xW1zS9 + pG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9pG+eR5sD0vM6sN1cK8v + I4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9pG+eR5sD0vM6sN1cK8vY5htrZ6wF4xK9pD8oW7 + yL6kC4hB3sF2xW1zS9pG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wD2xV1sS9 + pG+eR5sD0vM6sN1cK8vI4jE3oT1uP0oV8iJ7hB6fC5wQ2xV1sS9pG+eRb3rAwAAAAtkZXB + sb3lAYXBwLXNlcnZlcgE= + -----END OPENSSH PRIVATE KEY----- + KUBE_CONFIG_DATA: ${{ secrets.KUBE_STAGING_CONFIG }} diff --git a/secrets-benchmarks/snippets/145/ground-truth.json b/secrets-benchmarks/snippets/145/ground-truth.json new file mode 100644 index 0000000..237cfda --- /dev/null +++ b/secrets-benchmarks/snippets/145/ground-truth.json @@ -0,0 +1,26 @@ +{ + "entry_id": 31, + "language": "properties", + "findings": [ + { + "line_number": 6, + "secret": "Pg#sEcRet!P@sS_9fXz8$t", + "label": "True Positive" + }, + { + "line_number": 20, + "secret": "sk_live_51Kx0L2BzT8gG1uY9cFzXvWqSjU3mB2hA4fD6eG8iJ1kM3nO5pR7sT9uV", + "label": "True Positive" + }, + { + "line_number": 23, + "secret": "ACf4b2e1c9d8a7f6e5d4c3b2a1a0987654", + "label": "True Positive" + }, + { + "line_number": 24, + "secret": "a4b3c2d1e0f9a8b7c6d5e4f3a2b1c0d9", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/145/snippet.properties b/secrets-benchmarks/snippets/145/snippet.properties new file mode 100644 index 0000000..3390ffc --- /dev/null +++ b/secrets-benchmarks/snippets/145/snippet.properties @@ -0,0 +1,30 @@ +# ========================================== +# DATABASE CONFIGURATION +# ========================================== +spring.datasource.url=jdbc:postgresql://db.prod-eu.internal:5432/payments_service +spring.datasource.username=payments_svc_user +spring.datasource.password=Pg#sEcRet!P@sS_9fXz8$t +spring.datasource.driver-class-name=org.postgresql.Driver +spring.jpa.hibernate.ddl-auto=validate + +# ========================================== +# REDIS CACHE CONFIGURATION +# ========================================== +spring.redis.host=redis-cache.prod-eu.internal +spring.redis.port=6379 + +# ========================================== +# EXTERNAL API KEYS +# ========================================== +# Stripe configuration for payment processing +stripe.api.key=sk_live_51Kx0L2BzT8gG1uY9cFzXvWqSjU3mB2hA4fD6eG8iJ1kM3nO5pR7sT9uV + +# Twilio for sending SMS notifications +twilio.account.sid=ACf4b2e1c9d8a7f6e5d4c3b2a1a0987654 +twilio.auth.token=a4b3c2d1e0f9a8b7c6d5e4f3a2b1c0d9 + +# ========================================== +# APPLICATION SETTINGS +# ========================================== +server.port=8080 +server.servlet.context-path=/api/payments diff --git a/secrets-benchmarks/snippets/146/ground-truth.json b/secrets-benchmarks/snippets/146/ground-truth.json new file mode 100644 index 0000000..616ddd9 --- /dev/null +++ b/secrets-benchmarks/snippets/146/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 32, + "language": "python", + "findings": [ + { + "line_number": 10, + "secret": "sk_live_51Mv9L2KpF7hG3tZ9cRzXvWqSjU3mB2nFk5vL6xJ7iO1pE9yC", + "label": "True Positive" + }, + { + "line_number": 11, + "secret": "postgres://billing_svc_user:AgH3#kL$pQ2s!bV9@db-payments-prod.c8x4z1b2q3r.us-east-1.rds.amazonaws.com:5432/payments_db", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/146/snippet.py b/secrets-benchmarks/snippets/146/snippet.py new file mode 100644 index 0000000..8471fb4 --- /dev/null +++ b/secrets-benchmarks/snippets/146/snippet.py @@ -0,0 +1,37 @@ +import os +from flask import Flask, jsonify, request +import stripe +import psycopg2 + +app = Flask(__name__) + +# --- Configuration --- +# This should be in a secure vault, not hardcoded. +stripe.api_key = "sk_live_51Mv9L2KpF7hG3tZ9cRzXvWqSjU3mB2nFk5vL6xJ7iO1pE9yC" +DB_CONNECTION_URL = "postgres://billing_svc_user:AgH3#kL$pQ2s!bV9@db-payments-prod.c8x4z1b2q3r.us-east-1.rds.amazonaws.com:5432/payments_db" + +def get_db_connection(): + conn = psycopg2.connect(DB_CONNECTION_URL) + return conn + +@app.route('/api/v1/charge', methods=['POST']) +def create_charge(): + data = request.get_json() + try: + charge = stripe.Charge.create( + amount=data['amount'], # e.g., 2000 for $20.00 + currency='usd', + source=data['token'], + description='Charge for user ' + data.get('email') + ) + # Log transaction to our database + conn = get_db_connection() + # ... database logic ... + conn.close() + + return jsonify({'status': 'success', 'charge_id': charge.id}), 201 + except stripe.error.StripeError as e: + return jsonify({'error': str(e)}), 400 + +if __name__ == '__main__': + app.run(debug=False) diff --git a/secrets-benchmarks/snippets/147/ground-truth.json b/secrets-benchmarks/snippets/147/ground-truth.json new file mode 100644 index 0000000..3926213 --- /dev/null +++ b/secrets-benchmarks/snippets/147/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 32, + "language": "yaml", + "findings": [ + { + "line_number": 20, + "secret": "AKIA4Z7P6TQ5RVN3MUEW", + "label": "True Positive" + }, + { + "line_number": 21, + "secret": "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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/147/snippet.yml b/secrets-benchmarks/snippets/147/snippet.yml new file mode 100644 index 0000000..36551b2 --- /dev/null +++ b/secrets-benchmarks/snippets/147/snippet.yml @@ -0,0 +1,39 @@ +name: Deploy to Production EKS + +on: + push: + branches: + - main + +jobs: + deploy: + name: Build and Push Docker Image to ECR + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Configure AWS Credentials + # This approach is insecure. Use OIDC or GitHub Secrets. + run: | + aws configure set aws_access_key_id AKIA4Z7P6TQ5RVN3MUEW + aws configure set aws_secret_access_key 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 + aws configure set region us-west-2 + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + - name: Build and push image + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + IMAGE_TAG: ${{ github.sha }} + run: | + docker build -t $ECR_REGISTRY/my-service:$IMAGE_TAG . + docker push $ECR_REGISTRY/my-service:$IMAGE_TAG + + - name: Update K8s deployment + run: | + # kubectl commands to update the deployment would go here + echo "Deployment logic placeholder" diff --git a/secrets-benchmarks/snippets/148/ground-truth.json b/secrets-benchmarks/snippets/148/ground-truth.json new file mode 100644 index 0000000..8f72047 --- /dev/null +++ b/secrets-benchmarks/snippets/148/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 32, + "language": "javascript", + "findings": [ + { + "line_number": 11, + "secret": "https://b4d29ca2b98e4a9e8b7c0f1e8e2b8f75@o450550.ingest.sentry.io/4505501234567890", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/148/snippet.js b/secrets-benchmarks/snippets/148/snippet.js new file mode 100644 index 0000000..f770caf --- /dev/null +++ b/secrets-benchmarks/snippets/148/snippet.js @@ -0,0 +1,36 @@ +import * as Sentry from "@sentry/react"; +import { BrowserTracing } from "@sentry/tracing"; +import { createRoot } from 'react-dom/client'; +import App from './App'; + +// Centralized configuration for environment-specific variables +const appConfig = { + // It is strongly advised to load these from environment variables + // rather than hardcoding them in the source code. + sentry: { + dsn: "https://b4d29ca2b98e4a9e8b7c0f1e8e2b8f75@o450550.ingest.sentry.io/4505501234567890", + tracesSampleRate: 0.1, // Reduce for production if needed + }, + apiBaseUrl: 'https://api.myapp.com/v2', + featureFlags: { + enableNewDashboard: true, + } +}; + +function initializeMonitoring() { + if (process.env.NODE_ENV === 'production') { + Sentry.init({ + dsn: appConfig.sentry.dsn, + integrations: [new BrowserTracing()], + tracesSampleRate: appConfig.sentry.tracesSampleRate, + environment: 'production', + }); + console.log("Sentry monitoring initialized."); + } +} + +initializeMonitoring(); + +const container = document.getElementById('root'); +const root = createRoot(container!); +root.render(); diff --git a/secrets-benchmarks/snippets/149/ground-truth.json b/secrets-benchmarks/snippets/149/ground-truth.json new file mode 100644 index 0000000..113f8f1 --- /dev/null +++ b/secrets-benchmarks/snippets/149/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 32, + "language": "go", + "findings": [ + { + "line_number": 16, + "secret": "d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9", + "label": "True Positive" + }, + { + "line_number": 19, + "secret": "p$qR5tU6vW7x!z#A", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/149/snippet.go b/secrets-benchmarks/snippets/149/snippet.go new file mode 100644 index 0000000..96aada1 --- /dev/null +++ b/secrets-benchmarks/snippets/149/snippet.go @@ -0,0 +1,44 @@ +package main + +import ( + "context" + "fmt" + "log" + "github.com/go-redis/redis/v8" + "github.com/twilio/twilio-go" + openapi "github.com/twilio/twilio-go/rest/api/v2010" +) + +var ctx = context.Background() + +const ( + twilioAccountSid = "ACf9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c4" + twilioAuthToken = "d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9" + twilioFromNumber = "+15017122661" + redisAddr = "redis-11234.c264.ap-south-1-1.ec2.cloud.redislabs.com:11234" + redisPassword = "p$qR5tU6vW7x!z#A" +) + +func sendOrderConfirmationSMS(phoneNumber, message string) { + client := twilio.NewRestClientWithParams(twilio.ClientParams{ + Username: twilioAccountSid, + Password: twilioAuthToken, + }) + + params := &openapi.CreateMessageParams{} + params.SetTo(phoneNumber) + params.SetFrom(twilioFromNumber) + params.SetBody(message) + + _, err := client.Api.CreateMessage(params) + if err != nil { + log.Fatalf("Failed to send SMS: %s", err.Error()) + } + + fmt.Println("SMS sent successfully to", phoneNumber) +} + +func main() { + // Example Usage + sendOrderConfirmationSMS("+15558675310", "Your order #12345 is confirmed!") +} diff --git a/secrets-benchmarks/snippets/150/ground-truth.json b/secrets-benchmarks/snippets/150/ground-truth.json new file mode 100644 index 0000000..154f89c --- /dev/null +++ b/secrets-benchmarks/snippets/150/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 32, + "language": "terraform", + "findings": [ + { + "line_number": 16, + "secret": "Gv6mU_c7p-q9sR2wX4yZ0aB1dE3fG5hI7jK9lM8n", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/150/snippet.tf b/secrets-benchmarks/snippets/150/snippet.tf new file mode 100644 index 0000000..53ebfce --- /dev/null +++ b/secrets-benchmarks/snippets/150/snippet.tf @@ -0,0 +1,38 @@ +# Terraform configuration for managing Cloudflare resources + +terraform { + required_providers { + cloudflare = { + source = "cloudflare/cloudflare" + version = "~> 4.0" + } + } +} + +# Provider configuration +# Storing sensitive data like API tokens directly in the configuration is a security risk. +# It's recommended to use environment variables or other secure methods. +provider "cloudflare" { + api_token = "Gv6mU_c7p-q9sR2wX4yZ0aB1dE3fG5hI7jK9lM8n" +} + +data "cloudflare_zone" "primary_domain" { + name = "my-awesome-app.com" +} + +resource "cloudflare_record" "api_endpoint" { + zone_id = data.cloudflare_zone.primary_domain.id + name = "api" + value = "203.0.113.10" + type = "A" + ttl = 3600 + proxied = true +} + +resource "cloudflare_record" "subdomain_cname" { + zone_id = data.cloudflare_zone.primary_domain.id + name = "status" + value = "statuspage.myapp.com" + type = "CNAME" + ttl = 1 # Automatic TTL +} diff --git a/secrets-benchmarks/snippets/151/ground-truth.json b/secrets-benchmarks/snippets/151/ground-truth.json new file mode 100644 index 0000000..9631651 --- /dev/null +++ b/secrets-benchmarks/snippets/151/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 33, + "language": "python", + "findings": [ + { + "line_number": 10, + "secret": "ACd4f8b0e7c6a5e4d3f2c1b0a9e8d7c6b5", + "label": "True Positive" + }, + { + "line_number": 11, + "secret": "5a9f3e1b7d5c8e2a1b9f4d6c7e8b9a0c", + "label": "True Positive" + }, + { + "line_number": 12, + "secret": "postgres://notifications_svc:3rD#kS8@pGqW7!z@pg-prod-cluster-1.rds.amazonaws.com:5432/notificationsdb", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/151/snippet.py b/secrets-benchmarks/snippets/151/snippet.py new file mode 100644 index 0000000..710880a --- /dev/null +++ b/secrets-benchmarks/snippets/151/snippet.py @@ -0,0 +1,35 @@ +import os +from flask import Flask, request, jsonify +from twilio.rest import Client +from sqlalchemy import create_engine + +app = Flask(__name__) + +# --- Configuration --- +# WARNING: Do not commit credentials to source control. +TWILIO_ACCOUNT_SID = "ACd4f8b0e7c6a5e4d3f2c1b0a9e8d7c6b5" +TWILIO_AUTH_TOKEN = "5a9f3e1b7d5c8e2a1b9f4d6c7e8b9a0c" +DATABASE_URL = "postgres://notifications_svc:3rD#kS8@pGqW7!z@pg-prod-cluster-1.rds.amazonaws.com:5432/notificationsdb" + +try: + twilio_client = Client(TWILIO_ACCOUNT_SID, TWILIO_AUTH_TOKEN) + db_engine = create_engine(DATABASE_URL) +except Exception as e: + app.logger.error(f"Failed to initialize services: {e}") + +@app.route('/api/v1/send-alert', methods=['POST']) +def send_alert(): + data = request.get_json() + if not data or 'phone_number' not in data or 'message' not in data: + return jsonify({'error': 'Missing phone_number or message'}), 400 + + try: + message = twilio_client.messages.create( + to=data['phone_number'], + from_='+15017122661', + body=data['message'] + ) + return jsonify({'status': 'success', 'sid': message.sid}) + except Exception as e: + app.logger.error(f"Twilio send failed: {e}") + return jsonify({'error': 'Failed to send message'}), 500 diff --git a/secrets-benchmarks/snippets/152/ground-truth.json b/secrets-benchmarks/snippets/152/ground-truth.json new file mode 100644 index 0000000..40f9660 --- /dev/null +++ b/secrets-benchmarks/snippets/152/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 33, + "language": "terraform", + "findings": [ + { + "line_number": 14, + "secret": "AKIAUZY47P56V3IWQEXN", + "label": "True Positive" + }, + { + "line_number": 15, + "secret": "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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/152/snippet.tf b/secrets-benchmarks/snippets/152/snippet.tf new file mode 100644 index 0000000..6e63fb2 --- /dev/null +++ b/secrets-benchmarks/snippets/152/snippet.tf @@ -0,0 +1,34 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.16" + } + } + + required_version = ">= 1.2.0" +} + +provider "aws" { + region = "us-east-1" + access_key = "AKIAUZY47P56V3IWQEXN" + secret_key = "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" +} + +resource "aws_instance" "app_server" { + ami = "ami-08d70e59c07c61a3a" + instance_type = "t2.micro" + + tags = { + Name = "WebAppServerInstance" + } +} + +resource "aws_s3_bucket" "logs" { + bucket = "prod-app-logs-7654321" + + tags = { + Name = "Application Log Bucket" + Environment = "Production" + } +} diff --git a/secrets-benchmarks/snippets/153/ground-truth.json b/secrets-benchmarks/snippets/153/ground-truth.json new file mode 100644 index 0000000..ee3ec5d --- /dev/null +++ b/secrets-benchmarks/snippets/153/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 33, + "language": "javascript", + "findings": [ + { + "line_number": 6, + "secret": "pk.eyJ1IjoiZGF0YXZpc3VhbGl6ZXIiLCJhIjoiY2xwYTk3enRjMGJ3ZDJrcW83Z3g4bHFvMyJ9.XFp9o_k9Y0jZ7lEtUa8wWg", + "label": "True Positive" + }, + { + "line_number": 17, + "secret": "https://3a1b5c4d6e8f7g9a0b1c2d3e4f5a6b7c@o123456.ingest.sentry.io/7890123", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/153/snippet.js b/secrets-benchmarks/snippets/153/snippet.js new file mode 100644 index 0000000..41b3308 --- /dev/null +++ b/secrets-benchmarks/snippets/153/snippet.js @@ -0,0 +1,32 @@ +// src/config/services.js +// This file configures tokens and connection strings for external services. + +export const mapConfig = { + style: 'mapbox://styles/mapbox/streets-v11', + accessToken: 'pk.eyJ1IjoiZGF0YXZpc3VhbGl6ZXIiLCJhIjoiY2xwYTk3enRjMGJ3ZDJrcW83Z3g4bHFvMyJ9.XFp9o_k9Y0jZ7lEtUa8wWg', + defaultCenter: [-74.5, 40], + defaultZoom: 9, +}; + +export const analyticsConfig = { + trackingId: 'G-78XYZ123ABC', + anonymizeIp: true, +}; + +export const sentryConfig = { + dsn: 'https://3a1b5c4d6e8f7g9a0b1c2d3e4f5a6b7c@o123456.ingest.sentry.io/7890123', + tracesSampleRate: 0.1, + replaysOnErrorSampleRate: 1.0, + replaysSessionSampleRate: 0.05, +}; + +export function initializeServices() { + // In a real app, you would initialize Sentry, Mapbox, etc. here. + console.log('Services configured.'); + if (!sentryConfig.dsn) { + console.warn('Sentry DSN not found. Error reporting is disabled.'); + } + if (!mapConfig.accessToken || mapConfig.accessToken.startsWith('pk.XXX')) { + throw new Error('Mapbox access token is missing or a placeholder.'); + } +} diff --git a/secrets-benchmarks/snippets/154/ground-truth.json b/secrets-benchmarks/snippets/154/ground-truth.json new file mode 100644 index 0000000..d9389d8 --- /dev/null +++ b/secrets-benchmarks/snippets/154/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 33, + "language": "yaml", + "findings": [ + { + "line_number": 19, + "secret": "dckr_pat_aJkLpM5oN8qH7wG4sF2dR1tY9cZ", + "label": "True Positive" + }, + { + "line_number": 33, + "secret": "|\n -----BEGIN OPENSSH PRIVATE KEY-----\n b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\n NhAAAAAwEAAQAAAYEAuc/d5v6hT+dOK4aCZyGevp5A+vM2M1m7/s3qH8nC8L5a7G9b0P2t\n Y6rW1dG7w8Z5Z0u3e6V7h9F8j4k2aG6b8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u7\n v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c9d0\n e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u7v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0k1l2m\n 3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u\n 7v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c\n 9d0e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u7v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0\n k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3\n -----END OPENSSH PRIVATE KEY-----", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/154/snippet.yml b/secrets-benchmarks/snippets/154/snippet.yml new file mode 100644 index 0000000..7b20fdf --- /dev/null +++ b/secrets-benchmarks/snippets/154/snippet.yml @@ -0,0 +1,49 @@ +name: Deploy to Production + +on: + push: + branches: + - main + +jobs: + build-and-deploy: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: myapp-prod-bot + password: dckr_pat_aJkLpM5oN8qH7wG4sF2dR1tY9cZ + + - name: Build and push Docker image + uses: docker/build-push-action@v4 + with: + context: . + push: true + tags: myapp/prod-server:latest + + - name: Deploy to server via SSH + uses: appleboy/ssh-action@master + with: + host: 198.51.100.1 + username: deploy-user + key: | + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn + NhAAAAAwEAAQAAAYEAuc/d5v6hT+dOK4aCZyGevp5A+vM2M1m7/s3qH8nC8L5a7G9b0P2t + Y6rW1dG7w8Z5Z0u3e6V7h9F8j4k2aG6b8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u7 + v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c9d0 + e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u7v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0k1l2m + 3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u + 7v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c + 9d0e1f2g3h4i5j6k7l8m9n0o1p2q3r4s5t6u7v8w9x+y/z0A1b2c3d4e5f6g7h8i9j0 + k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6A7b8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3 + -----END OPENSSH PRIVATE KEY----- + script: | + docker pull myapp/prod-server:latest + docker stop myapp-container || true + docker rm myapp-container || true + docker run -d --name myapp-container -p 80:8080 myapp/prod-server:latest diff --git a/secrets-benchmarks/snippets/155/ground-truth.json b/secrets-benchmarks/snippets/155/ground-truth.json new file mode 100644 index 0000000..7a58b30 --- /dev/null +++ b/secrets-benchmarks/snippets/155/ground-truth.json @@ -0,0 +1,26 @@ +{ + "entry_id": 33, + "language": "properties", + "findings": [ + { + "line_number": 7, + "secret": "jdbc:mysql://prod-db-master.cw7fkl2g3h9e.us-west-2.rds.amazonaws.com:3306/webappdb?autoReconnect=true&useSSL=false", + "label": "True Positive" + }, + { + "line_number": 9, + "secret": "dJ^8g$Pq5#sT@9!rW&zK", + "label": "True Positive" + }, + { + "line_number": 19, + "secret": "fG4hJ7kL9mN2pQ5rS8uVzX3zA6bC9dE1", + "label": "True Positive" + }, + { + "line_number": 26, + "secret": "SG.kE9yT8RzQ5aW7oP3iL1uVw.bF6gH2sC4jK8mN5pS9uX1yZ3_vE7wA8qD0rO", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/155/snippet.properties b/secrets-benchmarks/snippets/155/snippet.properties new file mode 100644 index 0000000..483ff88 --- /dev/null +++ b/secrets-benchmarks/snippets/155/snippet.properties @@ -0,0 +1,30 @@ +# =========================================== +# Spring Boot Application Configuration +# Environment: Production +# =========================================== + +# Database connection +spring.datasource.url=jdbc:mysql://prod-db-master.cw7fkl2g3h9e.us-west-2.rds.amazonaws.com:3306/webappdb?autoReconnect=true&useSSL=false +spring.datasource.username=webapp_prod_user +spring.datasource.password=dJ^8g$Pq5#sT@9!rW&zK +spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver + +# JPA/Hibernate settings +spring.jpa.hibernate.ddl-auto=validate +spring.jpa.show-sql=false + +# Redis Cache Configuration +spring.redis.host=prod-redis-cache.a1b2c3.0001.usw2.cache.amazonaws.com +spring.redis.port=6379 +spring.redis.password=fG4hJ7kL9mN2pQ5rS8uVzX3zA6bC9dE1 + +# Server port +server.port=8080 +server.error.include-stacktrace=never + +# External API Services +sendgrid.api.key=SG.kE9yT8RzQ5aW7oP3iL1uVw.bF6gH2sC4jK8mN5pS9uX1yZ3_vE7wA8qD0rO + +# Logging level +logging.level.root=WARN +logging.level.com.myapp=INFO diff --git a/secrets-benchmarks/snippets/156/ground-truth.json b/secrets-benchmarks/snippets/156/ground-truth.json new file mode 100644 index 0000000..60da8cc --- /dev/null +++ b/secrets-benchmarks/snippets/156/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 34, + "language": "python", + "findings": [ + { + "line_number": 9, + "secret": "https://8f3a3a9a2c1b4e3e8f9a9a3b1a2c3d4e@o123456.ingest.sentry.io/789012", + "label": "True Positive" + }, + { + "line_number": 17, + "secret": "postgres://reports_user:F#9kL$pQ2s!jW@db-reports.prod.internal:5432/reporting_main", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/156/snippet.py b/secrets-benchmarks/snippets/156/snippet.py new file mode 100644 index 0000000..2f10078 --- /dev/null +++ b/secrets-benchmarks/snippets/156/snippet.py @@ -0,0 +1,34 @@ +import os +from flask import Flask, jsonify, request +from sqlalchemy import create_engine +import sentry_sdk +from sentry_sdk.integrations.flask import FlaskIntegration + +# Initialize Sentry for error tracking +sentry_sdk.init( + dsn="https://8f3a3a9a2c1b4e3e8f9a9a3b1a2c3d4e@o123456.ingest.sentry.io/789012", + integrations=[FlaskIntegration()], + traces_sample_rate=1.0 +) + +app = Flask(__name__) + +# Database configuration +DATABASE_URL = "postgres://reports_user:F#9kL$pQ2s!jW@db-reports.prod.internal:5432/reporting_main" +engine = create_engine(DATABASE_URL) + +@app.route('/api/v1/health') +def health_check(): + try: + connection = engine.connect() + connection.close() + return jsonify({'status': 'ok', 'database': 'connected'}), 200 + except Exception as e: + return jsonify({'status': 'error', 'database': 'disconnected', 'reason': str(e)}), 503 + +def fetch_user_report(user_id): + # ... implementation for fetching reports + pass + +if __name__ == '__main__': + app.run(host='0.0.0.0', port=8080) diff --git a/secrets-benchmarks/snippets/157/ground-truth.json b/secrets-benchmarks/snippets/157/ground-truth.json new file mode 100644 index 0000000..fb6c11a --- /dev/null +++ b/secrets-benchmarks/snippets/157/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 34, + "language": "yaml", + "findings": [ + { + "line_number": 17, + "secret": "AKIA4WM7G3QZL5PJU7YF", + "label": "True Positive" + }, + { + "line_number": 18, + "secret": "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", + "label": "True Positive" + }, + { + "line_number": 36, + "secret": "https://hooks.slack.com/services/T00ABCD1EFG/B00HIJK5LMN/aBcDeFgHiJkLmNoPqRsTuVwXyZ", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/157/snippet.yml b/secrets-benchmarks/snippets/157/snippet.yml new file mode 100644 index 0000000..7ede443 --- /dev/null +++ b/secrets-benchmarks/snippets/157/snippet.yml @@ -0,0 +1,36 @@ +name: Deploy Staging Environment + +on: + push: + branches: + - develop + +jobs: + build-and-deploy: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Configure AWS Credentials + run: | + aws configure set aws_access_key_id AKIA4WM7G3QZL5PJU7YF + aws configure set aws_secret_access_key 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 + aws configure set default.region us-west-2 + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + - name: Build and push Docker image + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + IMAGE_TAG: ${{ github.sha }} + run: | + docker build -t $ECR_REGISTRY/my-app:$IMAGE_TAG . + docker push $ECR_REGISTRY/my-app:$IMAGE_TAG + + - name: Notify on Slack + if: success() + run: | + curl -X POST -H 'Content-type: application/json' --data '{"text":"Staging deployment successful!"}' https://hooks.slack.com/services/T00ABCD1EFG/B00HIJK5LMN/aBcDeFgHiJkLmNoPqRsTuVwXyZ diff --git a/secrets-benchmarks/snippets/158/ground-truth.json b/secrets-benchmarks/snippets/158/ground-truth.json new file mode 100644 index 0000000..d79be75 --- /dev/null +++ b/secrets-benchmarks/snippets/158/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 34, + "language": "java", + "findings": [ + { + "line_number": 19, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7nD5oP6tF4gH3iJ2kL1mN0oPqRsTuVwWzXyZ", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/158/snippet.java b/secrets-benchmarks/snippets/158/snippet.java new file mode 100644 index 0000000..9667e0d --- /dev/null +++ b/secrets-benchmarks/snippets/158/snippet.java @@ -0,0 +1,36 @@ +package com.example.paymentservice.config; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import com.stripe.Stripe; +import javax.annotation.PostConstruct; + +@Configuration +public class StripeConfig { + + private final StripeProperties stripeProperties; + + public StripeConfig(StripeProperties stripeProperties) { + this.stripeProperties = stripeProperties; + } + + @PostConstruct + public void init() { + Stripe.apiKey = "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB7nD5oP6tF4gH3iJ2kL1mN0oPqRsTuVwWzXyZ"; // Live key for production + } + + // This class would typically be in its own file + @ConfigurationProperties(prefix = "stripe") + public static class StripeProperties { + private String secretKey; + + // Getter and setter for secretKey + public String getSecretKey() { + return secretKey; + } + + public void setSecretKey(String secretKey) { + this.secretKey = secretKey; + } + } +} diff --git a/secrets-benchmarks/snippets/159/ground-truth.json b/secrets-benchmarks/snippets/159/ground-truth.json new file mode 100644 index 0000000..66057a8 --- /dev/null +++ b/secrets-benchmarks/snippets/159/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 34, + "language": "terraform", + "findings": [ + { + "line_number": 11, + "secret": "-----BEGIN PRIVATE KEY-----\\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6lRjV7pX+Z8bAdhQ6Y8y1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkKlMnOpQrStUvWxYzAbCdEfgH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEf1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK2qj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK/wEAAQKCAQEAy1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEf1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK2qj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkKf7g8h9iAjJkK2qj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK/wEAAoIBAQC6lRjV7pX+Z8bAdhQ6Y8y1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEfH2jKlMnOpQrStUvWxYzAbCdEf1yqj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK2qj9e2N6w8k3J4a3B2c1d5e6f7g8h9iAjJkK/w==\\n-----END PRIVATE KEY-----", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/159/snippet.tf b/secrets-benchmarks/snippets/159/snippet.tf new file mode 100644 index 0000000..3317fab --- /dev/null +++ b/secrets-benchmarks/snippets/159/snippet.tf @@ -0,0 +1,31 @@ +# main.tf + +provider "google" { + project = "gcp-project-analytics-prod" + region = "us-central1" + credentials = <> fetchUserData(String userId) async { + final response = await http.get( + Uri.parse('$_baseUrl/users/$userId'), + headers: { + 'Content-Type': 'application/json', + 'Authorization': 'Bearer $authToken', + 'X-API-KEY': 'prod_a1b2c3d4e5f678901234567890abcdef12' + }, + ); + + if (response.statusCode == 200) { + return json.decode(response.body); + } else { + throw Exception('Failed to load user data'); + } + } + + Future updateUserPreferences(String userId, Map prefs) async { + final response = await http.post( + Uri.parse('$_baseUrl/users/$userId/preferences'), + headers: { + 'Content-Type': 'application/json', + 'Authorization': 'Bearer $authToken', + 'X-API-KEY': 'prod_a1b2c3d4e5f678901234567890abcdef12' + }, + body: json.encode(prefs), + ); + + if (response.statusCode != 204) { + throw Exception('Failed to update preferences'); + } + } +} diff --git a/secrets-benchmarks/snippets/161/ground-truth.json b/secrets-benchmarks/snippets/161/ground-truth.json new file mode 100644 index 0000000..15a591c --- /dev/null +++ b/secrets-benchmarks/snippets/161/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 35, + "language": "python", + "findings": [ + { + "line_number": 18, + "secret": "postgresql://warehouse_svc:vF9@p#Z&rT7s!q@db-prod-@eu-west-1.rds.amazonaws.com:5432/analytics_data_prod", + "label": "True Positive" + }, + { + "line_number": 26, + "secret": "sk_live_51Kk0L2ApB8fG1tY9lEwJbNc5ZgHqR6vY7kO4sT3uF1gA2iXvMn9cRzXvWqSjU3mB", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/161/snippet.py b/secrets-benchmarks/snippets/161/snippet.py new file mode 100644 index 0000000..72a5d63 --- /dev/null +++ b/secrets-benchmarks/snippets/161/snippet.py @@ -0,0 +1,33 @@ +import os +from redis import Redis + +class AppConfig: + """Base application configuration.""" + SECRET_KEY = os.environ.get('SECRET_KEY', 'fallback-dev-secret-key-change-me') + STATIC_FOLDER = 'static' + TEMPLATES_FOLDER = 'templates' + SESSION_COOKIE_SECURE = True + SESSION_COOKIE_HTTPONLY = True + +class ProductionConfig(AppConfig): + """Production specific configurations.""" + FLASK_ENV = 'production' + DEBUG = False + + # Database Configuration + SQLALCHEMY_DATABASE_URI = 'postgresql://warehouse_svc:vF9@p#Z&rT7s!q@db-prod-_eu-west-1.rds.amazonaws.com:5432/analytics_data_prod' + SQLALCHEMY_TRACK_MODIFICATIONS = False + + # Redis Cache + REDIS_HOST = 'prod-redis-cache.mxf8e3.ng.0001.euw1.cache.amazonaws.com' + REDIS_PORT = 6379 + + # External Services + STRIPE_API_KEY = "sk_live_51Kk0L2ApB8fG1tY9lEwJbNc5ZgHqR6vY7kO4sT3uF1gA2iXvMn9cRzXvWqSjU3mB" + +class DevelopmentConfig(AppConfig): + """Development specific configurations.""" + FLASK_ENV = 'development' + DEBUG = True + SQLALCHEMY_DATABASE_URI = 'sqlite:///dev.db' + SESSION_COOKIE_SECURE = False diff --git a/secrets-benchmarks/snippets/162/ground-truth.json b/secrets-benchmarks/snippets/162/ground-truth.json new file mode 100644 index 0000000..089673c --- /dev/null +++ b/secrets-benchmarks/snippets/162/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 35, + "language": "terraform", + "findings": [ + { + "line_number": 18, + "secret": "{\"type\": \"service_account\",\"project_id\": \"zeta-project-345\",\"private_key_id\": \"a9c12b4f67890123d4e5f6a7b8c9d0e1f2a3b4c5\",\"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANb9g2cO5oXQfIuI\\nE5s6f8tG7b7c2bF1e5D6bY8g9f7c1m4d...\\n-----END PRIVATE KEY-----\\n\",\"client_email\": \"terraform-runner@zeta-project-345.iam.gserviceaccount.com\",\"client_id\": \"112233445566778899001\",\"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\"token_uri\": \"https://oauth2.googleapis.com/token\",\"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/terraform-runner%40zeta-project-345.iam.gserviceaccount.com\"}", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/162/snippet.tf b/secrets-benchmarks/snippets/162/snippet.tf new file mode 100644 index 0000000..baccae8 --- /dev/null +++ b/secrets-benchmarks/snippets/162/snippet.tf @@ -0,0 +1,36 @@ +# Terraform Block for GCP Provider and Backend Configuration +terraform { + required_version = ">= 1.0" + + required_providers { + google = { + source = "hashicorp/google" + version = "~> 4.0" + } + } +} + +# Configure the Google Cloud Provider +provider "google" { + project = var.gcp_project_id + region = "europe-west2" + zone = "europe-west2-a" + credentials = "{\"type\": \"service_account\",\"project_id\": \"zeta-project-345\",\"private_key_id\": \"a9c12b4f67890123d4e5f6a7b8c9d0e1f2a3b4c5\",\"private_key\": \"-----BEGIN PRIVATE KEY-----\\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANb9g2cO5oXQfIuI\\nE5s6f8tG7b7c2bF1e5D6bY8g9f7c1m4d...\\n-----END PRIVATE KEY-----\\n\",\"client_email\": \"terraform-runner@zeta-project-345.iam.gserviceaccount.com\",\"client_id\": \"112233445566778899001\",\"auth_uri\": \"https://accounts.google.com/o/oauth2/auth\",\"token_uri\": \"https://oauth2.googleapis.com/token\",\"auth_provider_x509_cert_url\": \"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\": \"https://www.googleapis.com/robot/v1/metadata/x509/terraform-runner%40zeta-project-345.iam.gserviceaccount.com\"}" +} + +# Create a default VPC network +resource "google_compute_network" "vpc_network" { + name = "terraform-network" + auto_create_subnetworks = true +} + +# Firewall rule to allow SSH +resource "google_compute_firewall" "allow_ssh" { + name = "allow-ssh-firewall" + network = google_compute_network.vpc_network.name + + allow { + protocol = "tcp" + ports = ["22"] + } +} diff --git a/secrets-benchmarks/snippets/163/ground-truth.json b/secrets-benchmarks/snippets/163/ground-truth.json new file mode 100644 index 0000000..3e1c9c4 --- /dev/null +++ b/secrets-benchmarks/snippets/163/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 35, + "language": "go", + "findings": [ + { + "line_number": 16, + "secret": "mongodb+srv://admin_orders:zR8gP2$LqW#k@prod-cluster-0.a1b2c.mongodb.net/ecom_orders?retryWrites=true&w=majority", + "label": "True Positive" + }, + { + "line_number": 28, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLXNlcnZpY2UiLCJzdWIiOiJzZXJ2aWNlLWFjY291bnQtb3JkZXJzIiwiaWF0IjoxNjE2MjM5MDIyLCJleHAiOjE3NzE5MjcwMDAsImF1ZCI6ImludGVybmFsLWFwaSJ9.fU4fL8yH3aQOoCxJ6V_kFpWkSgRzVjZ_qB9pWjDxYlA", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/163/snippet.go b/secrets-benchmarks/snippets/163/snippet.go new file mode 100644 index 0000000..056172e --- /dev/null +++ b/secrets-benchmarks/snippets/163/snippet.go @@ -0,0 +1,50 @@ +package main + +import ( + "context" + "log" + "net/http" + + "github.com/gin-gonic/gin" + "go.mongodb.org/mongo-driver/mongo" + "go.mongodb.org/mongo-driver/mongo/options" +) + +func connectToMongoDB() *mongo.Client { + // In a real app, use a vault or env vars. + // This is hardcoded for a quick PoC deployment. + const mongoURI = "mongodb+srv://admin_orders:zR8gP2$LqW#k@prod-cluster-0.a1b2c.mongodb.net/ecom_orders?retryWrites=true&w=majority" + clientOptions := options.Client().ApplyURI(mongoURI) + client, err := mongo.Connect(context.TODO(), clientOptions) + if err != nil { + log.Fatalf("Failed to connect to MongoDB: %v", err) + } + return client +} + +func setupRouter() *gin.Engine { + r := gin.Default() + + const internalAuthToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhdXRoLXNlcnZpY2UiLCJzdWIiOiJzZXJ2aWNlLWFjY291bnQtb3JkZXJzIiwiaWF0IjoxNjE2MjM5MDIyLCJleHAiOjE3NzE5MjcwMDAsImF1ZCI6ImludGVybmFsLWFwaSJ9.fU4fL8yH3aQOoCxJ6V_kFpWkSgRzVjZ_qB9pWjDxYlA" + + r.Use(func(c *gin.Context) { + headerToken := c.GetHeader("X-Internal-Auth") + if headerToken != internalAuthToken { + c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Invalid internal token"}) + return + } + c.Next() + }) + + r.GET("/ping", func(c *gin.Context) { + c.JSON(200, gin.H{"message": "pong"}) + }) + + return r +} + +func main() { + // connectToMongoDB() + router := setupRouter() + router.Run(":8080") +} diff --git a/secrets-benchmarks/snippets/164/ground-truth.json b/secrets-benchmarks/snippets/164/ground-truth.json new file mode 100644 index 0000000..5b1dd97 --- /dev/null +++ b/secrets-benchmarks/snippets/164/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 35, + "language": "yaml", + "findings": [ + { + "line_number": 31, + "secret": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn\nNhAAAAAwEAAQAAAYEA1H5s2b9r8fH8P2Z7g3d4s5v7t8w9A6B2C4E6fGgHhJkL1M3N5... \n...base64 encoded private key data... \nG3hJkL1M3N5n9p0q2r4s6t8v9w0x2y3z5A7B9C1D3F5H7J9L1N3P5R7T9V1X3Z5B7D9F1H\n-----END OPENSSH PRIVATE KEY-----", + "label": "True Positive" + }, + { + "line_number": 46, + "secret": "https://hooks.slack.com/services/T00ABCDEF/B00GHIJKL/mN7pQ8rS6tU5vW4xY3z2A1B0", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/164/snippet.yml b/secrets-benchmarks/snippets/164/snippet.yml new file mode 100644 index 0000000..6ca7df8 --- /dev/null +++ b/secrets-benchmarks/snippets/164/snippet.yml @@ -0,0 +1,46 @@ +name: Deploy Staging Environment + +on: + push: + branches: + - develop + +jobs: + build-and-deploy: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Set up Node.js + uses: actions/setup-node@v3 + with: + node-version: '18' + + - name: Install dependencies and build + run: | + npm install + npm run build + + - name: Deploy to Staging Server + uses: appleboy/ssh-action@master + with: + host: staging.example-hosting.com + username: deploy_bot + key: | + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn + NhAAAAAwEAAQAAAYEA1H5s2b9r8fH8P2Z7g3d4s5v7t8w9A6B2C4E6fGgHhJkL1M3N5... + ...base64 encoded private key data... + G3hJkL1M3N5n9p0q2r4s6t8v9w0x2y3z5A7B9C1D3F5H7J9L1N3P5R7T9V1X3Z5B7D9F1H + -----END OPENSSH PRIVATE KEY----- + port: 22 + script: | + cd /var/www/staging-app + git pull origin develop + docker compose down && docker compose up -d --build + + - name: Notify Slack on success + if: success() + run: | + curl -X POST -H 'Content-type: application/json' --data '{"text":"Staging deployment succeeded!"}' https://hooks.slack.com/services/T00ABCDEF/B00GHIJKL/mN7pQ8rS6tU5vW4xY3z2A1B0 diff --git a/secrets-benchmarks/snippets/165/ground-truth.json b/secrets-benchmarks/snippets/165/ground-truth.json new file mode 100644 index 0000000..bae5342 --- /dev/null +++ b/secrets-benchmarks/snippets/165/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 35, + "language": "csharp", + "findings": [ + { + "line_number": 14, + "secret": "Server=tcp:user-db-server.database.windows.net,1433;Initial Catalog=UserProfiles;Persist Security Info=False;User ID=db_admin_svc;Password={9aB!cDeFgH2iJkLmN};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;", + "label": "True Positive" + }, + { + "line_number": 38, + "secret": "a4b1c8d7e2f5g3h9i0j6k4l2m1n0o7p3", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/165/snippet.cs b/secrets-benchmarks/snippets/165/snippet.cs new file mode 100644 index 0000000..4383c7a --- /dev/null +++ b/secrets-benchmarks/snippets/165/snippet.cs @@ -0,0 +1,41 @@ +using System.Data.SqlClient; +using System.Threading.Tasks; +using Dapper; + +namespace UserManagement.Data +{ + public class UserProfileRepository + { + private readonly string _connectionString; + + public UserProfileRepository() + { + // This should be loaded from secure configuration in a real application + _connectionString = "Server=tcp:user-db-server.database.windows.net,1433;Initial Catalog=UserProfiles;Persist Security Info=False;User ID=db_admin_svc;Password={9aB!cDeFgH2iJkLmN};MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;"; + } + + public async Task GetUserProfileByIdAsync(int userId) + { + using (var connection = new SqlConnection(_connectionString)) + { + await connection.OpenAsync(); + var query = "SELECT * FROM UserProfiles WHERE UserId = @UserId"; + return await connection.QuerySingleOrDefaultAsync(query, new { UserId = userId }); + } + } + + public class UserProfile + { + public int UserId { get; set; } + public string Username { get; set; } + public string Email { get; set; } + public string FullName { get; set; } + } + + // Helper for other services that need direct access + public static string GetTwilioAuthSecret() + { + return "a4b1c8d7e2f5g3h9i0j6k4l2m1n0o7p3"; + } + } +} diff --git a/secrets-benchmarks/snippets/166/ground-truth.json b/secrets-benchmarks/snippets/166/ground-truth.json new file mode 100644 index 0000000..89229b7 --- /dev/null +++ b/secrets-benchmarks/snippets/166/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 36, + "language": "python", + "findings": [ + { + "line_number": 10, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive" + }, + { + "line_number": 11, + "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/166/snippet.py b/secrets-benchmarks/snippets/166/snippet.py new file mode 100644 index 0000000..366f2c8 --- /dev/null +++ b/secrets-benchmarks/snippets/166/snippet.py @@ -0,0 +1,36 @@ +import boto3 +import os +import json +from botocore.exceptions import ClientError + +def process_inventory_updates(bucket_name, key): + """Processes inventory update files from S3 and updates DynamoDB.""" + + session = boto3.Session( + aws_access_key_id='AKIAY3R4WZ76X2P5QJ6M', + aws_secret_access_key='wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY', + region_name='us-east-1' + ) + + s3_client = session.client('s3') + dynamodb = session.resource('dynamodb') + table = dynamodb.Table('ProductInventory') + + try: + s3_object = s3_client.get_object(Bucket=bucket_name, Key=key) + inventory_data = json.loads(s3_object['Body'].read().decode('utf-8')) + + with table.batch_writer() as batch: + for item in inventory_data['updates']: + batch.put_item( + Item={ + 'ProductID': item['sku'], + 'StockCount': item['quantity'], + 'LastUpdated': item['timestamp'] + } + ) + print(f"Successfully processed {key}") + except ClientError as e: + print(f"Error processing file {key}: {e}") + raise e + diff --git a/secrets-benchmarks/snippets/167/ground-truth.json b/secrets-benchmarks/snippets/167/ground-truth.json new file mode 100644 index 0000000..1ab44f1 --- /dev/null +++ b/secrets-benchmarks/snippets/167/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 36, + "language": "terraform", + "findings": [ + { + "line_number": 12, + "secret": "atJztmoFXGQz5k.atlasv1.gJvF8sRgDWf24zW2bF6Y8cK9tV1pL5qN7hB3xZ0mA4uC7iO6eP1sR2tG0sY3bI1aE2w", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/167/snippet.tf b/secrets-benchmarks/snippets/167/snippet.tf new file mode 100644 index 0000000..3ac139f --- /dev/null +++ b/secrets-benchmarks/snippets/167/snippet.tf @@ -0,0 +1,36 @@ +terraform { + required_version = ">= 1.2.0" + + cloud { + organization = "acme-corp-infra" + + workspaces { + name = "production-vpc-networking" + } + + credentials "app.terraform.io" { + token = "atJztmoFXGQz5k.atlasv1.gJvF8sRgDWf24zW2bF6Y8cK9tV1pL5qN7hB3xZ0mA4uC7iO6eP1sR2tG0sY3bI1aE2w" + } + } + + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.50" + } + } +} + +provider "aws" { + region = var.aws_region +} + +resource "aws_vpc" "main" { + cidr_block = "10.0.0.0/16" + instance_tenancy = "default" + + tags = { + Name = "main-production-vpc" + } +} + diff --git a/secrets-benchmarks/snippets/168/ground-truth.json b/secrets-benchmarks/snippets/168/ground-truth.json new file mode 100644 index 0000000..c592db0 --- /dev/null +++ b/secrets-benchmarks/snippets/168/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 36, + "language": "yaml", + "findings": [ + { + "line_number": 18, + "secret": "autobuilder-acme", + "label": "True Positive" + }, + { + "line_number": 19, + "secret": "dckr_pat_1VzJ8h_L9KqR7sW3tX5yGZbN0c", + "label": "True Positive" + }, + { + "line_number": 30, + "secret": "sqp_8d4e9c3e2f5b1a0a3b8c6d7e5f0a2b3c4d5e6f7a", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/168/snippet.yml b/secrets-benchmarks/snippets/168/snippet.yml new file mode 100644 index 0000000..7cd634e --- /dev/null +++ b/secrets-benchmarks/snippets/168/snippet.yml @@ -0,0 +1,32 @@ +name: Build and Push Docker Image + +on: + push: + branches: + - 'main' + +jobs: + build-and-scan: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Login to DockerHub + uses: docker/login-action@v2 + with: + username: 'autobuilder-acme' + password: 'dckr_pat_1VzJ8h_L9KqR7sW3tX5yGZbN0c' + + - name: Build and push + uses: docker/build-push-action@v4 + with: + push: true + tags: acme/webapp:latest + + - name: SonarQube Scan + uses: sonarsource/sonarqube-scan-action@master + env: + SONAR_LOGIN: "sqp_8d4e9c3e2f5b1a0a3b8c6d7e5f0a2b3c4d5e6f7a" + SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} + diff --git a/secrets-benchmarks/snippets/169/ground-truth.json b/secrets-benchmarks/snippets/169/ground-truth.json new file mode 100644 index 0000000..4c53a3c --- /dev/null +++ b/secrets-benchmarks/snippets/169/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 36, + "language": "swift", + "findings": [ + { + "line_number": 7, + "secret": "https://a4d9aa8c6e3b4a2ab9b8b3b8c3d9aa3c@o123456.ingest.sentry.io/789012", + "label": "True Positive" + }, + { + "line_number": 11, + "secret": "pk.eyJ1IjoibXl1c2VybmFtZTEyMyIsImEiOiJjazg3ZzA2ZWgwYXQyM21wZHRpZTI1a2QzIn0.nB9m_gZ2vXl0qY5uP3r7Ww", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/169/snippet.swift b/secrets-benchmarks/snippets/169/snippet.swift new file mode 100644 index 0000000..1ded390 --- /dev/null +++ b/secrets-benchmarks/snippets/169/snippet.swift @@ -0,0 +1,36 @@ +import SwiftUI +import Sentry +import MapboxMaps + +struct AppConfig { + struct Sentry { + static let dsn = "https://a4d9aa8c6e3b4a2ab9b8b3b8c3d9aa3c@o123456.ingest.sentry.io/789012" + } + + struct Mapbox { + static let accessToken = "pk.eyJ1IjoibXl1c2VybmFtZTEyMyIsImEiOiJjazg3ZzA2ZWgwYXQyM21wZHRpZTI1a2QzIn0.nB9m_gZ2vXl0qY5uP3r7Ww" + } +} + +@main +struct MyApp: App { + init() { + self.setupIntegrations() + } + + private func setupIntegrations() { + SentrySDK.start { + options in options.dsn = AppConfig.Sentry.dsn + options.tracesSampleRate = 1.0 + } + + ResourceOptionsManager.default.resourceOptions.accessToken = AppConfig.Mapbox.accessToken + } + + var body: some Scene { + WindowGroup { + ContentView() + } + } +} + diff --git a/secrets-benchmarks/snippets/170/ground-truth.json b/secrets-benchmarks/snippets/170/ground-truth.json new file mode 100644 index 0000000..a29b74a --- /dev/null +++ b/secrets-benchmarks/snippets/170/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 36, + "language": "java", + "findings": [ + { + "line_number": 13, + "secret": "postgres://prod_svc_user:Ag^9!z$K4mPQ@db-prod-cluster-1.c8xyzqrstuvw.us-west-2.rds.amazonaws.com:5432/orders_db", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/170/snippet.java b/secrets-benchmarks/snippets/170/snippet.java new file mode 100644 index 0000000..d9248bf --- /dev/null +++ b/secrets-benchmarks/snippets/170/snippet.java @@ -0,0 +1,31 @@ +package com.example.ecommerce.config; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.jdbc.core.JdbcTemplate; +import javax.sql.DataSource; +import com.zaxxer.hikari.HikariConfig; +import com.zaxxer.hikari.HikariDataSource; + +@Configuration +public class DatabaseConfig { + + private static final String DB_URL = "postgres://prod_svc_user:Ag^9!z$K4mPQ@db-prod-cluster-1.c8xyzqrstuvw.us-west-2.rds.amazonaws.com:5432/orders_db"; + + @Bean + public DataSource dataSource() { + HikariConfig config = new HikariConfig(); + config.setJdbcUrl(DB_URL); + config.addDataSourceProperty("cachePrepStmts", "true"); + config.addDataSourceProperty("prepStmtCacheSize", "250"); + config.addDataSourceProperty("prepStmtCacheSqlLimit", "2048"); + config.setDriverClassName("org.postgresql.Driver"); + return new HikariDataSource(config); + } + + @Bean + public JdbcTemplate jdbcTemplate(DataSource dataSource) { + return new JdbcTemplate(dataSource); + } +} + diff --git a/secrets-benchmarks/snippets/171/ground-truth.json b/secrets-benchmarks/snippets/171/ground-truth.json new file mode 100644 index 0000000..55a63be --- /dev/null +++ b/secrets-benchmarks/snippets/171/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 37, + "language": "python", + "findings": [ + { + "line_number": 7, + "secret": "AKIAU4T5KR53QUZ6R3P7", + "label": "True Positive" + }, + { + "line_number": 8, + "secret": "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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/171/snippet.py b/secrets-benchmarks/snippets/171/snippet.py new file mode 100644 index 0000000..7a9dc7f --- /dev/null +++ b/secrets-benchmarks/snippets/171/snippet.py @@ -0,0 +1,34 @@ +import boto3 +import os +from botocore.exceptions import NoCredentialsError + +# Configuration for the AWS S3 client +AWS_CONFIG = { + 'aws_access_key_id': 'AKIAU4T5KR53QUZ6R3P7', + 'aws_secret_access_key': '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', + 'region_name': 'us-east-1' +} + +def download_s3_file(bucket_name, object_name, file_name): + """Downloads a file from an S3 bucket.""" + s3_client = boto3.client( + 's3', + aws_access_key_id=AWS_CONFIG['aws_access_key_id'], + aws_secret_access_key=AWS_CONFIG['aws_secret_access_key'], + region_name=AWS_CONFIG['region_name'] + ) + try: + s3_client.download_file(bucket_name, object_name, file_name) + print(f"'{object_name}' downloaded to '{file_name}' successfully.") + return True + except NoCredentialsError: + print("Credentials not available.") + return False + except Exception as e: + print(f"An error occurred: {e}") + return False + +if __name__ == '__main__': + DOWNLOAD_TARGET = '/app/data/invoice_latest.pdf' + download_s3_file('corp-billing-docs-prod', 'invoices/2023-11.pdf', DOWNLOAD_TARGET) + diff --git a/secrets-benchmarks/snippets/172/ground-truth.json b/secrets-benchmarks/snippets/172/ground-truth.json new file mode 100644 index 0000000..260a8be --- /dev/null +++ b/secrets-benchmarks/snippets/172/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 37, + "language": "yaml", + "findings": [ + { + "line_number": 18, + "secret": "glpat-sBv3yZ8xWq9kLpGfJ1cR", + "label": "True Positive" + }, + { + "line_number": 31, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRsYWIuY29tIiwic3ViIjoiZGVwbG95LXVzZXIiLCJhdWQiOiJkZXBsb3ltZW50LXNlcnZpY2UiLCJpYXQiOjE2NzI1MzEyMDAsImV4cCI6MTcwNDA2NzIwMH0.uLp-J7aBf8tYgPz3tQ9kRwN6eV0bV1zHhJ5aF4gC2sE", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/172/snippet.yml b/secrets-benchmarks/snippets/172/snippet.yml new file mode 100644 index 0000000..94264ea --- /dev/null +++ b/secrets-benchmarks/snippets/172/snippet.yml @@ -0,0 +1,36 @@ +stages: + - build + - test + - deploy + +variables: + DOCKER_IMAGE: my-app + DOCKER_REGISTRY: registry.internal.corp.com + KUBE_NAMESPACE: production + +build_job: + stage: build + image: docker:20.10.16 + services: + - docker:20.10.16-dind + before_script: + - echo "Logging into private Docker registry..." + - echo "glpat-sBv3yZ8xWq9kLpGfJ1cR" | docker login $DOCKER_REGISTRY -u gitlab-ci-token --password-stdin + script: + - docker build -t $DOCKER_REGISTRY/$DOCKER_IMAGE:$CI_COMMIT_SHA . + - docker push $DOCKER_REGISTRY/$DOCKER_IMAGE:$CI_COMMIT_SHA + only: + - master + +deploy_production: + stage: deploy + image: curlimages/curl:7.83.1 + script: + - echo "Triggering deployment webhook..." + - > + curl -X POST -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRsYWIuY29tIiwic3ViIjoiZGVwbG95LXVzZXIiLCJhdWQiOiJkZXBsb3ltZW50LXNlcnZpY2UiLCJpYXQiOjE2NzI1MzEyMDAsImV4cCI6MTcwNDA2NzIwMH0.uLp-J7aBf8tYgPz3tQ9kRwN6eV0bV1zHhJ5aF4gC2sE" \ + -H "Content-Type: application/json" \ + --data "{\"image_tag\":\"$CI_COMMIT_SHA\", \"environment\":\"production\"}" \ + https://deployer.internal.corp.com/api/v1/deploy + when: on_success + diff --git a/secrets-benchmarks/snippets/173/ground-truth.json b/secrets-benchmarks/snippets/173/ground-truth.json new file mode 100644 index 0000000..04777dd --- /dev/null +++ b/secrets-benchmarks/snippets/173/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 37, + "language": "go", + "findings": [ + { + "line_number": 17, + "secret": "postgres://analytics_svc:3#fG&pW9qJ@pg-reporting-cluster.eu-west-1.internal:5432/telemetry_data", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/173/snippet.go b/secrets-benchmarks/snippets/173/snippet.go new file mode 100644 index 0000000..ee62eed --- /dev/null +++ b/secrets-benchmarks/snippets/173/snippet.go @@ -0,0 +1,41 @@ +package main + +import ( + "database/sql" + "fmt" + "log" + "net/http" + + "github.com/gin-gonic/gin" + _ "github.com/lib/pq" +) + +var db *sql.DB + +func setupDatabase() { + var err error + connStr := "postgres://analytics_svc:3#fG&pW9qJ@pg-reporting-cluster.eu-west-1.internal:5432/telemetry_data" + db, err = sql.Open("postgres", connStr) + if err != nil { + log.Fatalf("Error connecting to the database: %v", err) + } + + err = db.Ping() + if err != nil { + log.Fatalf("Error pinging database: %v", err) + } + fmt.Println("Successfully connected to the database!") +} + +func main() { + setupDatabase() + defer db.Close() + + router := gin.Default() + router.GET("/health", func(c *gin.Context) { + c.JSON(http.StatusOK, gin.H{"status": "ok"}) + }) + + router.Run(":8080") +} + diff --git a/secrets-benchmarks/snippets/174/ground-truth.json b/secrets-benchmarks/snippets/174/ground-truth.json new file mode 100644 index 0000000..8eb2eb3 --- /dev/null +++ b/secrets-benchmarks/snippets/174/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 37, + "language": "terraform", + "findings": [ + { + "line_number": 4, + "secret": "7f1e03c46a67285a8f8b9d0e1f2a3b4c", + "label": "True Positive" + }, + { + "line_number": 5, + "secret": "98ac7f0e1d2c3b4a567f890e1d23b45a67c8d9e0", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/174/snippet.tf b/secrets-benchmarks/snippets/174/snippet.tf new file mode 100644 index 0000000..96fb7b1 --- /dev/null +++ b/secrets-benchmarks/snippets/174/snippet.tf @@ -0,0 +1,34 @@ +# Terraform configuration for Datadog provider and monitors + +provider "datadog" { + api_key = "7f1e03c46a67285a8f8b9d0e1f2a3b4c" + app_key = "98ac7f0e1d2c3b4a567f890e1d23b45a67c8d9e0" +} + +resource "datadog_monitor" "high_cpu_load" { + name = "[Critical] High CPU Load on Production Cluster" + type = "metric alert" + message = "CPU load is over 90% on average. @ops-team please investigate. {{host.name}}" + escalation_message = "The high CPU issue has not been resolved. Escalating to @oncall-SRE." + + query = "avg(last_5m):avg:system.cpu.user{environment:prod} > 90" + + monitor_thresholds { + critical = 90 + warning = 75 + } + + notify_no_data = false + renotify_interval = 60 + + tags = ["service:core-api", "env:prod", "severity:critical"] +} + +resource "datadog_monitor" "low_disk_space" { + name = "Low Disk Space on DB nodes" + type = "metric alert" + query = "avg(last_15m):avg:system.disk.in_use{role:database} > 0.85" + message = "Disk space is running low on a database node. @db-admins" + tags = ["service:database", "env:prod"] +} + diff --git a/secrets-benchmarks/snippets/175/ground-truth.json b/secrets-benchmarks/snippets/175/ground-truth.json new file mode 100644 index 0000000..4c04af5 --- /dev/null +++ b/secrets-benchmarks/snippets/175/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 37, + "language": "typescript", + "findings": [ + { + "line_number": 21, + "secret": "https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o123456.ingest.sentry.io/9876543", + "label": "True Positive" + }, + { + "line_number": 25, + "secret": "AIzaSyD9ZvG8hJqKp2sL6wF4xR3tU_0mIoC5bE7", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/175/snippet.ts b/secrets-benchmarks/snippets/175/snippet.ts new file mode 100644 index 0000000..93c6e8e --- /dev/null +++ b/secrets-benchmarks/snippets/175/snippet.ts @@ -0,0 +1,38 @@ +// src/config/third-party.ts +// Centralized configuration for external services used in the application. + +interface AppConfig { + env: 'development' | 'staging' | 'production'; + sentryDsn: string; + googleMaps: { + apiKey: string; + }; + featureFlags: { + enableNewDashboard: boolean; + }; +} + +const isProduction = process.env.NODE_ENV === 'production'; + +export const config: AppConfig = { + env: isProduction ? 'production' : 'development', + + // Sentry configuration for error tracking + sentryDsn: 'https://a4b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5@o123456.ingest.sentry.io/9876543', + + // Google Maps API configuration for geolocation features + googleMaps: { + apiKey: 'AIzaSyD9ZvG8hJqKp2sL6wF4xR3tU_0mIoC5bE7' + }, + + // Feature flags for gradual rollouts + featureFlags: { + enableNewDashboard: true, + }, +}; + +export function initializeServices() { + // Logic to initialize Sentry, Google Maps SDK, etc. would go here. + console.log('Third-party services configured for environment:', config.env); +} + diff --git a/secrets-benchmarks/snippets/176/ground-truth.json b/secrets-benchmarks/snippets/176/ground-truth.json new file mode 100644 index 0000000..7ea9e8c --- /dev/null +++ b/secrets-benchmarks/snippets/176/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 38, + "language": "python", + "findings": [ + { + "line_number": 13, + "secret": "AKIA4Z7HFV563JLXPMQO", + "label": "True Positive" + }, + { + "line_number": 14, + "secret": "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", + "label": "True Positive" + }, + { + "line_number": 15, + "secret": "FQoGZXIvYXdzEI///////////wEaDBpqrST2zPXCR+x5IirEA7cW9fB8E8jQkZ6I+9aC4sWxR7eK4uD6Z2mR/7vY5rWw8SzAoN0c9FgT", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/176/snippet.py b/secrets-benchmarks/snippets/176/snippet.py new file mode 100644 index 0000000..0903174 --- /dev/null +++ b/secrets-benchmarks/snippets/176/snippet.py @@ -0,0 +1,38 @@ +import boto3 +from botocore.exceptions import NoCredentialsError + +# Hardcoded credentials for a specific IAM role assumption +S3_REGION = 'us-west-2' + +def get_s3_client(): + """Initializes and returns an S3 client using hardcoded temporary credentials.""" + try: + s3_client = boto3.client( + 's3', + region_name=S3_REGION, + aws_access_key_id='AKIA4Z7HFV563JLXPMQO', + aws_secret_access_key='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', + aws_session_token='FQoGZXIvYXdzEI///////////wEaDBpqrST2zPXCR+x5IirEA7cW9fB8E8jQkZ6I+9aC4sWxR7eK4uD6Z2mR/7vY5rWw8SzAoN0c9FgT' + ) + return s3_client + except Exception as e: + print(f"Failed to create S3 client: {e}") + return None + +def list_buckets(client): + """Lists all buckets using the provided S3 client.""" + if not client: + print("S3 client is not available.") + return + + try: + response = client.list_buckets() + print("Existing buckets:") + for bucket in response['Buckets']: + print(f' {bucket["Name"]}') + except NoCredentialsError: + print("Credentials not available.") + +if __name__ == "__main__": + s3 = get_s3_client() + list_buckets(s3) diff --git a/secrets-benchmarks/snippets/177/ground-truth.json b/secrets-benchmarks/snippets/177/ground-truth.json new file mode 100644 index 0000000..ff4e3e4 --- /dev/null +++ b/secrets-benchmarks/snippets/177/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 38, + "language": "terraform", + "findings": [ + { + "line_number": 15, + "secret": "e9a8f7c6d5b4a392817f0e9d8c7b6a54", + "label": "True Positive" + }, + { + "line_number": 16, + "secret": "8b1fec305a4d9b6e8a7f9d0c2e3b4a591e6f7d8c", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/177/snippet.tf b/secrets-benchmarks/snippets/177/snippet.tf new file mode 100644 index 0000000..8c42d70 --- /dev/null +++ b/secrets-benchmarks/snippets/177/snippet.tf @@ -0,0 +1,34 @@ +# Terraform configuration for Datadog provider and monitoring + +terraform { + required_providers { + datadog = { + source = "DataDog/datadog" + version = "~> 3.0" + } + } +} + +# Provider configuration with hardcoded credentials +# In a real scenario, these should be sourced from a secure vault or environment variables. +provider "datadog" { + api_key = "e9a8f7c6d5b4a392817f0e9d8c7b6a54" + app_key = "8b1fec305a4d9b6e8a7f9d0c2e3b4a591e6f7d8c" + api_url = "https://api.datadoghq.com/" +} + +resource "datadog_monitor" "high_cpu_load" { + name = "High CPU Load on web-backend hosts" + type = "metric alert" + message = "CPU load is high on {{host.name}}. @slack-channel-alerts" + escalation_message = "CPU load has been high for 15 minutes. Paging @on-call." + + query = "avg(last_5m):avg:system.cpu.user{environment:production,service:web-backend} > 80" + + monitor_thresholds { + critical = 80 + warning = 65 + } + + tags = ["service:web-backend", "prod", "terraform"] +} diff --git a/secrets-benchmarks/snippets/178/ground-truth.json b/secrets-benchmarks/snippets/178/ground-truth.json new file mode 100644 index 0000000..ce7dd9d --- /dev/null +++ b/secrets-benchmarks/snippets/178/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 38, + "language": "yaml", + "findings": [ + { + "line_number": 22, + "secret": "devops_deploy_bot", + "label": "True Positive" + }, + { + "line_number": 23, + "secret": "dckr_pat_gHj8LpQ2sWzK4vB7nC1xR9yT6fU3aE5d", + "label": "True Positive" + }, + { + "line_number": 42, + "secret": "sqp_9e8d7c6b5a4f3e2d1c0b9a8f7e6d5c4b3a2d1e0f", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/178/snippet.yml b/secrets-benchmarks/snippets/178/snippet.yml new file mode 100644 index 0000000..5d279ec --- /dev/null +++ b/secrets-benchmarks/snippets/178/snippet.yml @@ -0,0 +1,43 @@ +name: CI-CD Pipeline for Web Service + +on: + push: + branches: + - main + - 'release/*' + +jobs: + build-and-push: + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: 'devops_deploy_bot' + password: 'dckr_pat_gHj8LpQ2sWzK4vB7nC1xR9yT6fU3aE5d' + + - name: Build and push Docker image + uses: docker/build-push-action@v4 + with: + context: . + push: true + tags: myapp/webservice:latest + + security-scan: + runs-on: ubuntu-latest + needs: build-and-push + steps: + - name: Checkout code for scan + uses: actions/checkout@v3 + + - name: SonarQube Scan + uses: sonarsource/sonarqube-scan-action@master + env: + SONAR_TOKEN: 'sqp_9e8d7c6b5a4f3e2d1c0b9a8f7e6d5c4b3a2d1e0f' + SONAR_HOST_URL: 'https://sonarqube.internal.acme.com' diff --git a/secrets-benchmarks/snippets/179/ground-truth.json b/secrets-benchmarks/snippets/179/ground-truth.json new file mode 100644 index 0000000..f1ca454 --- /dev/null +++ b/secrets-benchmarks/snippets/179/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 38, + "language": "javascript", + "findings": [ + { + "line_number": 7, + "secret": "pk.eyJ1IjoibWFwZGVzaWduZXI4OCIsImEiOiJjbHJwaGR3ajAwMWR4MmtwOGVncjl5dWNpIn0.eFTpL6vj-57Bq2nTOs2KjQ", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/179/snippet.js b/secrets-benchmarks/snippets/179/snippet.js new file mode 100644 index 0000000..d622242 --- /dev/null +++ b/secrets-benchmarks/snippets/179/snippet.js @@ -0,0 +1,42 @@ +import React, { useEffect, useRef, useState } from 'react'; +import mapboxgl from 'mapbox-gl'; +import 'mapbox-gl/dist/mapbox-gl.css'; + +// Configuration for the map service +const mapboxConfig = { + accessToken: 'pk.eyJ1IjoibWFwZGVzaWduZXI4OCIsImEiOiJjbHJwaGR3ajAwMWR4MmtwOGVncjl5dWNpIn0.eFTpL6vj-57Bq2nTOs2KjQ', + defaultStyle: 'mapbox://styles/mapbox/streets-v11', + initialCoords: { + lng: -74.0060, + lat: 40.7128, + zoom: 12 + } +}; + +const MapComponent: React.FC = () => { + const mapContainer = useRef(null); + const map = useRef(null); + const [lng, setLng] = useState(mapboxConfig.initialCoords.lng); + const [lat, setLat] = useState(mapboxConfig.initialCoords.lat); + const [zoom, setZoom] = useState(mapboxConfig.initialCoords.zoom); + + useEffect(() => { + if (map.current) return; // initialize map only once + + mapboxgl.accessToken = mapboxConfig.accessToken; + map.current = new mapboxgl.Map({ + container: mapContainer.current!, + style: mapboxConfig.defaultStyle, + center: [lng, lat], + zoom: zoom + }); + }); + + return ( +
+
+
+ ); +}; + +export default MapComponent; diff --git a/secrets-benchmarks/snippets/180/ground-truth.json b/secrets-benchmarks/snippets/180/ground-truth.json new file mode 100644 index 0000000..9d2ad69 --- /dev/null +++ b/secrets-benchmarks/snippets/180/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 38, + "language": "go", + "findings": [ + { + "line_number": 18, + "secret": "postgres://billing_svc_user:D4fG#kS$q9!zL@pg-prod-us-east-1.c8zqg7rf1vkm.rds.amazonaws.com:5432/billing_prod?sslmode=require", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/180/snippet.go b/secrets-benchmarks/snippets/180/snippet.go new file mode 100644 index 0000000..c770872 --- /dev/null +++ b/secrets-benchmarks/snippets/180/snippet.go @@ -0,0 +1,43 @@ +package database + +import ( + "database/sql" + "fmt" + "log" + "time" + + _ "github.com/lib/pq" // PostgreSQL driver +) + +var DB *sql.DB + +// InitDB initializes the database connection using a hardcoded connection string. +func InitDB() { + var err error + // This connection string should be externalized and secured. + dbConnectionString := "postgres://billing_svc_user:D4fG#kS$q9!zL@pg-prod-us-east-1.c8zqg7rf1vkm.rds.amazonaws.com:5432/billing_prod?sslmode=require" + + DB, err = sql.Open("postgres", dbConnectionString) + if err != nil { + log.Fatalf("Error opening database: %v", err) + } + + DB.SetMaxOpenConns(25) + DB.SetMaxIdleConns(25) + DB.SetConnMaxLifetime(5 * time.Minute) + + err = DB.Ping() + if err != nil { + log.Fatalf("Error connecting to the database: %v", err) + } + + fmt.Println("Successfully connected to the database!") +} + +// GetDB returns the singleton database connection. +func GetDB() *sql.DB { + if DB == nil { + log.Fatal("Database connection is not initialized. Call InitDB() first.") + } + return DB +} diff --git a/secrets-benchmarks/snippets/181/ground-truth.json b/secrets-benchmarks/snippets/181/ground-truth.json new file mode 100644 index 0000000..538b070 --- /dev/null +++ b/secrets-benchmarks/snippets/181/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 39, + "language": "python", + "findings": [ + { + "line_number": 21, + "secret": "postgres://api_usr:aB$9fG!wP4@db-prod.us-east-1.rds.amazonaws.com:5432/users_v2", + "label": "True Positive" + }, + { + "line_number": 23, + "secret": "8k@zP!qR7sT&uV*xY$zE#A%D*G-J", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/181/snippet.py b/secrets-benchmarks/snippets/181/snippet.py new file mode 100644 index 0000000..b6a4f16 --- /dev/null +++ b/secrets-benchmarks/snippets/181/snippet.py @@ -0,0 +1,36 @@ +import os +from flask import Flask +from flask_sqlalchemy import SQLAlchemy +from flask_bcrypt import Bcrypt +from flask_jwt_extended import JWTManager + +db = SQLAlchemy() +bcrypt = Bcrypt() + +class Config: + """Base configuration.""" + SECRET_KEY = os.getenv('SECRET_KEY', 'default-secret-for-dev') + DEBUG = False + BCRYPT_LOG_ROUNDS = 13 + SQLALCHEMY_TRACK_MODIFICATIONS = False + +class ProductionConfig(Config): + """Production configuration.""" + DEBUG = False + # Database connection URI for the production environment + SQLALCHEMY_DATABASE_URI = 'postgres://api_usr:aB$9fG!wP4@db-prod.us-east-1.rds.amazonaws.com:5432/users_v2' + # Secret for JWT signing + JWT_SECRET_KEY = '8k@zP!qR7sT&uV*xY$zE#A%D*G-J' + +def create_app(config_object=ProductionConfig): + app = Flask(__name__) + app.config.from_object(config_object) + + db.init_app(app) + bcrypt.init_app(app) + jwt = JWTManager(app) + + from .api.views import user_blueprint + app.register_blueprint(user_blueprint) + + return app diff --git a/secrets-benchmarks/snippets/182/ground-truth.json b/secrets-benchmarks/snippets/182/ground-truth.json new file mode 100644 index 0000000..6948966 --- /dev/null +++ b/secrets-benchmarks/snippets/182/ground-truth.json @@ -0,0 +1,26 @@ +{ + "entry_id": 39, + "language": "yaml", + "findings": [ + { + "line_number": 17, + "secret": "AKIA4ZUXFGY736J2L5PQ", + "label": "True Positive" + }, + { + "line_number": 18, + "secret": "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", + "label": "True Positive" + }, + { + "line_number": 33, + "secret": "https://hooks.slack.com/services/T01B2C3D4E5/B6F7G8H9I0J/aBcDeFgHiJkLmNoPqRsTuVwX", + "label": "True Positive" + }, + { + "line_number": 38, + "secret": "https://hooks.slack.com/services/T01B2C3D4E5/B6F7G8H9I0J/aBcDeFgHiJkLmNoPqRsTuVwX", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/182/snippet.yml b/secrets-benchmarks/snippets/182/snippet.yml new file mode 100644 index 0000000..5221070 --- /dev/null +++ b/secrets-benchmarks/snippets/182/snippet.yml @@ -0,0 +1,38 @@ +name: Deploy Production to AWS S3 & Notify Slack + +on: + push: + branches: + - main + +jobs: + build-and-deploy: + runs-on: ubuntu-latest + steps: + - name: Checkout Code + uses: actions/checkout@v3 + + - name: Configure AWS Credentials + run: | + aws configure set aws_access_key_id AKIA4ZUXFGY736J2L5PQ + aws configure set aws_secret_access_key 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 + aws configure set default.region us-west-2 + + - name: Install Dependencies + run: npm install + + - name: Build Static Site + run: npm run build + + - name: Deploy to S3 + run: aws s3 sync ./build s3://my-production-webapp-bucket --delete + + - name: Notify Slack on Success + if: success() + run: | + curl -X POST -H 'Content-type: application/json' --data '{"text":"Deployment to production successful!"}' https://hooks.slack.com/services/T01B2C3D4E5/B6F7G8H9I0J/aBcDeFgHiJkLmNoPqRsTuVwX + + - name: Notify Slack on Failure + if: failure() + run: > + curl -X POST -H 'Content-type: application/json' --data '{"text":"Deployment failed! Check the logs."}' https://hooks.slack.com/services/T01B2C3D4E5/B6F7G8H9I0J/aBcDeFgHiJkLmNoPqRsTuVwX diff --git a/secrets-benchmarks/snippets/183/ground-truth.json b/secrets-benchmarks/snippets/183/ground-truth.json new file mode 100644 index 0000000..027c989 --- /dev/null +++ b/secrets-benchmarks/snippets/183/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 39, + "language": "javascript", + "findings": [ + { + "line_number": 8, + "secret": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io/789012", + "label": "True Positive" + }, + { + "line_number": 20, + "secret": "pk.eyJ1IjoibWFwZGV2ZWxvcGVyIiwiYSI6ImNrcTdrYjNkcjBmbnAyd3FtdTZyOHVlYjMifQ.X9iSgK3fRb7wzLpBnA8bCg", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/183/snippet.js b/secrets-benchmarks/snippets/183/snippet.js new file mode 100644 index 0000000..f09e748 --- /dev/null +++ b/secrets-benchmarks/snippets/183/snippet.js @@ -0,0 +1,38 @@ +import React, { useEffect, useRef } from 'react'; +import mapboxgl from 'mapbox-gl'; +import * as Sentry from '@sentry/react'; +import { BrowserTracing } from '@sentry/tracing'; + +// Initialize Sentry for error tracking +Sentry.init({ + dsn: "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io/789012", + integrations: [new BrowserTracing()], + tracesSampleRate: 1.0, +}); + +const MapComponent: React.FC = () => { + const mapContainer = useRef(null); + const map = useRef(null); + + useEffect(() => { + if (map.current) return; // initialize map only once + + const mapboxToken = 'pk.eyJ1IjoibWFwZGV2ZWxvcGVyIiwiYSI6ImNrcTdrYjNkcjBmbnAyd3FtdTZyOHVlYjMifQ.X9iSgK3fRb7wzLpBnA8bCg'; + mapboxgl.accessToken = mapboxToken; + + map.current = new mapboxgl.Map({ + container: mapContainer.current!, + style: 'mapbox://styles/mapbox/streets-v11', + center: [-74.5, 40], + zoom: 9 + }); + + map.current.on('load', () => { + // Add data sources and layers here + }); + }, []); + + return
; +}; + +export default MapComponent; diff --git a/secrets-benchmarks/snippets/184/ground-truth.json b/secrets-benchmarks/snippets/184/ground-truth.json new file mode 100644 index 0000000..e5e8c20 --- /dev/null +++ b/secrets-benchmarks/snippets/184/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 39, + "language": "terraform", + "findings": [ + { + "line_number": 23, + "secret": "aZ8~9_xYpQ-rS7tV.wJ6fGhK1jL3mN5oB4c2", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/184/snippet.tf b/secrets-benchmarks/snippets/184/snippet.tf new file mode 100644 index 0000000..aea4a79 --- /dev/null +++ b/secrets-benchmarks/snippets/184/snippet.tf @@ -0,0 +1,35 @@ +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.0" + } + } + backend "azurerm" { + resource_group_name = "tfstate" + storage_account_name = "statestorageacc" + container_name = "tfstate" + key = "prod.terraform.tfstate" + } +} + +# Configure the Microsoft Azure Provider +provider "azurerm" { + features {} + + subscription_id = "f1g2h3i4-j5k6-7l8m-9n0o-p1q2r3s4t5u6" + tenant_id = "k1j2h3g4-f5e6-d7c8-b9a0-1z2y3x4w5v6u" + client_id = "a8b12c34-d56e-78f9-g012-h345i67j89k0" + client_secret = "aZ8~9_xYpQ-rS7tV.wJ6fGhK1jL3mN5oB4c2" +} + +# Create a resource group +resource "azurerm_resource_group" "main" { + name = "rg-production-api-services" + location = "East US" + + tags = { + environment = "Production" + owner = "DevOps" + } +} diff --git a/secrets-benchmarks/snippets/185/ground-truth.json b/secrets-benchmarks/snippets/185/ground-truth.json new file mode 100644 index 0000000..430f536 --- /dev/null +++ b/secrets-benchmarks/snippets/185/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 39, + "language": "properties", + "findings": [ + { + "line_number": 21, + "secret": "p@qR$tUvW*yZ!aB#cDe^fG7hJ2kL4mN6p", + "label": "True Positive" + }, + { + "line_number": 27, + "secret": "SG.A1B2C3d4e5_f6g7h8i9j0.kL1mN2oP3qR4sT5uV6w-X7yZ8aB9cDe0fG1hI2jK3lM_4s", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/185/snippet.properties b/secrets-benchmarks/snippets/185/snippet.properties new file mode 100644 index 0000000..4eb6727 --- /dev/null +++ b/secrets-benchmarks/snippets/185/snippet.properties @@ -0,0 +1,35 @@ +# =============================================== +# Main Application Configuration +# =============================================== +server.port=8080 +spring.application.name=notification-service + +# =============================================== +# Database Configuration (PostgreSQL) +# =============================================== +spring.datasource.url=jdbc:postgresql://db.internal.example.com:5432/notifications +spring.datasource.username=notification_svc +spring.datasource.password=${DB_PASSWORD} +spring.jpa.hibernate.ddl-auto=validate + +# =============================================== +# Redis Cache Configuration +# =============================================== +spring.redis.host=redis-cache.internal.example.com +spring.redis.port=6379 +# Use a strong password for Redis in production +spring.redis.password=p@qR$tUvW*yZ!aB#cDe^fG7hJ2kL4mN6p + +# =============================================== +# Email Service Configuration (SendGrid) +# =============================================== +# Set the SendGrid API Key for sending transactional emails. +sendgrid.api.key=SG.A1B2C3d4e5_f6g7h8i9j0.kL1mN2oP3qR4sT5uV6w-X7yZ8aB9cDe0fG1hI2jK3lM_4s +email.from.address=noreply@example.com +email.from.name=My Application + +# =============================================== +# Actuator & Logging +# =============================================== +management.endpoints.web.exposure.include=health,info,prometheus +logging.level.com.example=INFO diff --git a/secrets-benchmarks/snippets/186/ground-truth.json b/secrets-benchmarks/snippets/186/ground-truth.json new file mode 100644 index 0000000..0791c8d --- /dev/null +++ b/secrets-benchmarks/snippets/186/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 40, + "language": "python", + "findings": [ + { + "line_number": 10, + "secret": "postgresql://payments_svc:a4J!zP0$fT7*bE9@db-prod.us-east-1.rds.amazonaws.com/payments_db", + "label": "True Positive" + }, + { + "line_number": 12, + "secret": "sk_live_51Mv3UqKxVp8pLoJ9tFmW2cXa1hN6bA7vF9yR0eZlP3cT8bSgK4uL5iV6jW7bA8eV9oI0pQ1rC2sD3tF4gH5jK6lM", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/186/snippet.py b/secrets-benchmarks/snippets/186/snippet.py new file mode 100644 index 0000000..4b989ed --- /dev/null +++ b/secrets-benchmarks/snippets/186/snippet.py @@ -0,0 +1,36 @@ +import os +from flask import Flask, request, jsonify +from flask_sqlalchemy import SQLAlchemy +import stripe + +app = Flask(__name__) + +# --- Configuration --- +# Avoid hardcoding credentials in production. Use environment variables. +app.config['SQLALCHEMY_DATABASE_URI'] = 'postgresql://payments_svc:a4J!zP0$fT7*bE9@db-prod.us-east-1.rds.amazonaws.com/payments_db' +app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False +stripe.api_key = 'sk_live_51Mv3UqKxVp8pLoJ9tFmW2cXa1hN6bA7vF9yR0eZlP3cT8bSgK4uL5iV6jW7bA8eV9oI0pQ1rC2sD3tF4gH5jK6lM' + +db = SQLAlchemy(app) + +class Payment(db.Model): + id = db.Column(db.Integer, primary_key=True) + amount = db.Column(db.Integer, nullable=False) + currency = db.Column(db.String(3), nullable=False) + stripe_charge_id = db.Column(db.String(255), unique=True, nullable=False) + +@app.route('/create-payment-intent', methods=['POST']) +def create_payment(): + try: + data = request.get_json() + intent = stripe.PaymentIntent.create( + amount=data['amount'], + currency='usd', + automatic_payment_methods={'enabled': True}, + ) + return jsonify({'client_secret': intent.client_secret}) + except Exception as e: + return jsonify(error=str(e)), 403 + +if __name__ == '__main__': + app.run(debug=False, port=5002) diff --git a/secrets-benchmarks/snippets/187/ground-truth.json b/secrets-benchmarks/snippets/187/ground-truth.json new file mode 100644 index 0000000..1b5cdc7 --- /dev/null +++ b/secrets-benchmarks/snippets/187/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 40, + "language": "terraform", + "findings": [ + { + "line_number": 17, + "secret": "AKIA4P5X3W7RYS6BZM9N", + "label": "True Positive" + }, + { + "line_number": 18, + "secret": "v9mB/LpKsR8wT7oF4gH2jA1sC3dE5fG6hI7kL8mP", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/187/snippet.tf b/secrets-benchmarks/snippets/187/snippet.tf new file mode 100644 index 0000000..b410a99 --- /dev/null +++ b/secrets-benchmarks/snippets/187/snippet.tf @@ -0,0 +1,37 @@ +# =================================================================== +# Terraform Configuration for Production VPC and Core Services +# =================================================================== + +terraform { + required_version = ">= 1.2.0" + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.16" + } + } +} + +provider "aws" { + region = "us-west-2" + access_key = "AKIA4P5X3W7RYS6BZM9N" + secret_key = "v9mB/LpKsR8wT7oF4gH2jA1sC3dE5fG6hI7kL8mP" +} + +resource "aws_vpc" "main" { + cidr_block = "10.0.0.0/16" + instance_tenancy = "default" + + tags = { + Name = "production-vpc" + } +} + +resource "aws_s3_bucket" "logs" { + bucket = "prod-app-logs-98745321" + + tags = { + Name = "Application Logs" + Environment = "Production" + } +} diff --git a/secrets-benchmarks/snippets/188/ground-truth.json b/secrets-benchmarks/snippets/188/ground-truth.json new file mode 100644 index 0000000..e518a26 --- /dev/null +++ b/secrets-benchmarks/snippets/188/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 40, + "language": "yaml", + "findings": [ + { + "line_number": 12, + "secret": "AKCp8tRLUvD1s5bYvL9T3qR7vC4kM6wN2pX8zF0aE9gH1iJ3kL5mN7oB9sD1fG2hJ4kL6eV", + "label": "True Positive" + }, + { + "line_number": 13, + "secret": "5a0f8eb8c9d44c9b8e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d", + "label": "True Positive" + }, + { + "line_number": 22, + "secret": "{\"type\":\"service_account\",\"project_id\":\"gcp-proj-staging-3456\",\"private_key_id\":\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6Kq2tU8N4vA3p\\n...fake content...\\nk9XpA2B4C5D6E7F8G9H0J2K3L4M5N6P7Q8R9T0U1V2W3X4Y5Z6A7B8C9D0E1F2G\\nH3I4J5K6L7M8N9P0Q1R2T3U4V5W6X7Y8Z9A0B1C2D3E4F5G6H7I8J9K0L1M2N3P4\\nQ5R6T7U8V9W0X1Y2Z3A4B5C6D7E8F9G0H1I2J3K4L5M6N7P8Q9R0T1U2V3W4X5Y6\\nZ7A8B9C0D1E2F3G4H5I6J7K8L9M0N1P2Q3R4T5U6V7W8X9Y0Z1A2B3C4D5E6F7G8\\nH9I0J1K2L3M4N5P6Q7R8T9U0V1W2X3Y4Z5A6B7C8D9E0F1G2H3I4J5K6L7M8N9P0\\n-----END PRIVATE KEY-----\\n\",\"client_email\":\"deploy-bot@gcp-proj-staging-3456.iam.gserviceaccount.com\",\"client_id\":\"123456789012345678901\",\"auth_uri\":\"...\",\"token_uri\":\"...\",\"auth_provider_x509_cert_url\":\"...\",\"client_x509_cert_url\":\"...\"}", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/188/snippet.yml b/secrets-benchmarks/snippets/188/snippet.yml new file mode 100644 index 0000000..15fa429 --- /dev/null +++ b/secrets-benchmarks/snippets/188/snippet.yml @@ -0,0 +1,33 @@ +name: Deploy Staging Environment + +on: + push: + branches: + - main + +jobs: + build-and-deploy: + runs-on: ubuntu-latest + env: + NPM_AUTH_TOKEN: "AKCp8tRLUvD1s5bYvL9T3qR7vC4kM6wN2pX8zF0aE9gH1iJ3kL5mN7oB9sD1fG2hJ4kL6eV" + SENTRY_AUTH_TOKEN: "5a0f8eb8c9d44c9b8e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d" + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Authenticate to Google Cloud + uses: 'google-github-actions/auth@v1' + with: + credentials_json: '{{"type":"service_account","project_id":"gcp-proj-staging-3456","private_key_id":"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2","private_key":"-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6Kq2tU8N4vA3p\n...fake content...\nk9XpA2B4C5D6E7F8G9H0J2K3L4M5N6P7Q8R9T0U1V2W3X4Y5Z6A7B8C9D0E1F2G\nH3I4J5K6L7M8N9P0Q1R2T3U4V5W6X7Y8Z9A0B1C2D3E4F5G6H7I8J9K0L1M2N3P4\nQ5R6T7U8V9W0X1Y2Z3A4B5C6D7E8F9G0H1I2J3K4L5M6N7P8Q9R0T1U2V3W4X5Y6\nZ7A8B9C0D1E2F3G4H5I6J7K8L9M0N1P2Q3R4T5U6V7W8X9Y0Z1A2B3C4D5E6F7G8\nH9I0J1K2L3M4N5P6Q7R8T9U0V1W2X3Y4Z5A6B7C8D9E0F1G2H3I4J5K6L7M8N9P0\n-----END PRIVATE KEY-----\n","client_email":"deploy-bot@gcp-proj-staging-3456.iam.gserviceaccount.com","client_id":"123456789012345678901","auth_uri":"...","token_uri":"...","auth_provider_x509_cert_url":"...","client_x509_cert_url":"..."}}' + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Build and push container image + run: | + ./gradlew jib -Pregistry=us-central1-docker.pkg.dev + + - name: Deploy to Cloud Run + run: | + gcloud run deploy my-service --image us-central1-docker.pkg.dev/gcp-proj-staging-3456/my-service:latest --region us-central1 diff --git a/secrets-benchmarks/snippets/189/ground-truth.json b/secrets-benchmarks/snippets/189/ground-truth.json new file mode 100644 index 0000000..f3a342d --- /dev/null +++ b/secrets-benchmarks/snippets/189/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 40, + "language": "javascript", + "findings": [ + { + "line_number": 8, + "secret": "https://b4a3c2d1e0f9a8b7c6d5e4f3a2b1c0d9@o450604.ingest.sentry.io/45060453321", + "label": "True Positive" + }, + { + "line_number": 9, + "secret": "pk.eyJ1IjoiYmVuamFtaW5kZXYiLCJhIjoiY2xwOXA0bHUxMGZoeTJqcDkyMmh3ZDA0bCJ9.aK5fG4hT3jE2sC1dF8gH7i", + "label": "True Positive" + }, + { + "line_number": 32, + "secret": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlX2FjY291bnQiLCJzY29wZSI6WyJyZWFkIiwid3JpdGUiXSwiaWF0IjoxNjcxNTQwMjM5fQ.oF9gR1vW3cZ4xS8eP5kL7sB6tD0fA2uJ1cK8iL5dN9g", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/189/snippet.js b/secrets-benchmarks/snippets/189/snippet.js new file mode 100644 index 0000000..bbe5f21 --- /dev/null +++ b/secrets-benchmarks/snippets/189/snippet.js @@ -0,0 +1,40 @@ +import React from 'react'; +import { init, BrowserTracing } from '@sentry/react'; +import mapboxgl from 'mapbox-gl'; + +// Service configurations - should be moved to a secure vault or build-time injection. +const AppConfig = { + API_BASE_URL: 'https://api.myapp.com/v2', + SENTRY_DSN: 'https://b4a3c2d1e0f9a8b7c6d5e4f3a2b1c0d9@o450604.ingest.sentry.io/45060453321', + MAPBOX_ACCESS_TOKEN: 'pk.eyJ1IjoiYmVuamFtaW5kZXYiLCJhIjoiY2xwOXA0bHUxMGZoeTJqcDkyMmh3ZDA0bCJ9.aK5fG4hT3jE2sC1dF8gH7i', +}; + +export const initializeThirdPartyServices = () => { + // Initialize Sentry for error tracking + if (process.env.NODE_ENV === 'production') { + init({ + dsn: AppConfig.SENTRY_DSN, + integrations: [new BrowserTracing()], + tracesSampleRate: 0.2, + }); + } + + // Set Mapbox access token globally + mapboxgl.accessToken = AppConfig.MAPBOX_ACCESS_TOKEN; +}; + +const ApiClient = { + async post(endpoint, data) { + const response = await fetch(`${AppConfig.API_BASE_URL}/${endpoint}`, { + method: 'POST', + headers: { + 'Content-Type': 'application/json', + 'Authorization': `Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlX2FjY291bnQiLCJzY29wZSI6WyJyZWFkIiwid3JpdGUiXSwiaWF0IjoxNjcxNTQwMjM5fQ.oF9gR1vW3cZ4xS8eP5kL7sB6tD0fA2uJ1cK8iL5dN9g` + }, + body: JSON.stringify(data), + }); + return response.json(); + }, +}; + +export default ApiClient; diff --git a/secrets-benchmarks/snippets/190/ground-truth.json b/secrets-benchmarks/snippets/190/ground-truth.json new file mode 100644 index 0000000..3b296a1 --- /dev/null +++ b/secrets-benchmarks/snippets/190/ground-truth.json @@ -0,0 +1,26 @@ +{ + "entry_id": 40, + "language": "properties", + "findings": [ + { + "line_number": 8, + "secret": "gH7!kL#9sPqR$wXv2&yZ*bC", + "label": "True Positive" + }, + { + "line_number": 15, + "secret": "mZ2$eR6^tY8*uI1!oP4@lK", + "label": "True Positive" + }, + { + "line_number": 20, + "secret": "ACf1e2d3c4b5a6987e6d5c4b3a2f1e0d9c", + "label": "True Positive" + }, + { + "line_number": 21, + "secret": "7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2d", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/190/snippet.properties b/secrets-benchmarks/snippets/190/snippet.properties new file mode 100644 index 0000000..f2561c9 --- /dev/null +++ b/secrets-benchmarks/snippets/190/snippet.properties @@ -0,0 +1,28 @@ +# =============================================== +# Backend Notification Service - Production Config +# =============================================== + +# Database connection +spring.datasource.url=jdbc:mysql://prod-db-replica.c9z4w1x2y3.us-east-2.rds.amazonaws.com:3306/notifications +spring.datasource.username=notif_user +spring.datasource.password=gH7!kL#9sPqR$wXv2&yZ*bC +spring.jpa.hibernate.ddl-auto=validate + +# Message Queue (AMQP) +rabbitmq.host=b-12345678-90ab-cdef-1234-567890abcdef-1.mq.us-east-2.amazonaws.com +rabbitmq.port=5671 +rabbitmq.username=mq_producer +rabbitmq.password=mZ2$eR6^tY8*uI1!oP4@lK +rabbitmq.ssl.enabled=true + +# External Service Integrations +# Twilio for SMS notifications +twilio.account.sid=ACf1e2d3c4b5a6987e6d5c4b3a2f1e0d9c +twilio.auth.token=7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2d + +# Logging configuration +logging.level.com.example=INFO +logging.file.name=/var/log/notification-service.log + +# Server port +server.port=8090 diff --git a/secrets-benchmarks/snippets/191/ground-truth.json b/secrets-benchmarks/snippets/191/ground-truth.json new file mode 100644 index 0000000..a44051e --- /dev/null +++ b/secrets-benchmarks/snippets/191/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 41, + "language": "python", + "findings": [ + { + "line_number": 10, + "secret": "postgres://billing_svc_user:Ac8#k$!p9F@dBe3-db.prod.us-west-2.rds.amazonaws.com:5432/payments_db", + "label": "True Positive" + }, + { + "line_number": 15, + "secret": "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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/191/snippet.py b/secrets-benchmarks/snippets/191/snippet.py new file mode 100644 index 0000000..1151735 --- /dev/null +++ b/secrets-benchmarks/snippets/191/snippet.py @@ -0,0 +1,37 @@ +import os +from flask import Flask, jsonify, request +from flask_sqlalchemy import SQLAlchemy +import stripe + +app = Flask(__name__) + +# --- Configuration --- +# WARNING: Do not use this in production. This is a simplified example. +app.config['SQLALCHEMY_DATABASE_URI'] = 'postgres://billing_svc_user:Ac8#k$!p9F@dBe3-db.prod.us-west-2.rds.amazonaws.com:5432/payments_db' +app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False +db = SQLAlchemy(app) + +# Stripe API client initialization +stripe.api_key = "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" + +class Payment(db.Model): + id = db.Column(db.Integer, primary_key=True) + amount = db.Column(db.Integer, nullable=False) + currency = db.Column(db.String(3), nullable=False) + stripe_charge_id = db.Column(db.String(255), unique=True, nullable=False) + +@app.route('/create-payment-intent', methods=['POST']) +def create_payment(): + data = request.get_json() + try: + intent = stripe.PaymentIntent.create( + amount=data['amount'], + currency='usd', + automatic_payment_methods={'enabled': True}, + ) + return jsonify({'client_secret': intent.client_secret}) + except Exception as e: + return jsonify(error=str(e)), 403 + +if __name__ == '__main__': + app.run(debug=False, host='0.0.0.0') diff --git a/secrets-benchmarks/snippets/192/ground-truth.json b/secrets-benchmarks/snippets/192/ground-truth.json new file mode 100644 index 0000000..d0685a5 --- /dev/null +++ b/secrets-benchmarks/snippets/192/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 41, + "language": "terraform", + "findings": [ + { + "line_number": 6, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive" + }, + { + "line_number": 7, + "secret": "pL8vGkZ9JmN7sR2wXqF1bT4uYcV3zH5iA0oK6eB", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/192/snippet.tf b/secrets-benchmarks/snippets/192/snippet.tf new file mode 100644 index 0000000..bba6fcb --- /dev/null +++ b/secrets-benchmarks/snippets/192/snippet.tf @@ -0,0 +1,35 @@ +# Terraform configuration for production infrastructure +# Manages core networking and compute resources in AWS. + +provider "aws" { + region = "eu-central-1" + access_key = "AKIAY3R4WZ76X2P5QJ6M" + secret_key = "pL8vGkZ9JmN7sR2wXqF1bT4uYcV3zH5iA0oK6eB" +} + +resource "aws_vpc" "main" { + cidr_block = "10.0.0.0/16" + enable_dns_support = true + tags = { + Name = "production-vpc" + } +} + +resource "aws_s3_bucket" "logs" { + bucket = "acme-corp-prod-app-logs-2023" + acl = "private" + + versioning { + enabled = true + } +} + +resource "aws_instance" "api_server" { + ami = "ami-0c55b159cbfafe1f0" + instance_type = "t3.medium" + subnet_id = aws_subnet.main.id + + tags = { + Name = "api-server-prod" + } +} diff --git a/secrets-benchmarks/snippets/193/ground-truth.json b/secrets-benchmarks/snippets/193/ground-truth.json new file mode 100644 index 0000000..7b498bd --- /dev/null +++ b/secrets-benchmarks/snippets/193/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 41, + "language": "yaml", + "findings": [ + { + "line_number": 18, + "secret": "{\"type\":\"service_account\",\"project_id\":\"acme-corp-345213\",\"private_key_id\":\"a4f3b18d8b4c7c8e9f0a1b2c3d4e5f6a7b8c9d0e\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2sX2w...\\n-----END PRIVATE KEY-----\",\"client_email\":\"deploy-bot@acme-corp-345213.iam.gserviceaccount.com\",\"client_id\":\"109876543210987654321\",\"auth_uri\":\"https://accounts.google.com/o/oauth2/auth\",\"token_uri\":\"https://oauth2.googleapis.com/token\",\"auth_provider_x509_cert_url\":\"https://www.googleapis.com/oauth2/v1/certs\",\"client_x509_cert_url\":\"https://www.googleapis.com/robot/v1/metadata/x509/deploy-bot%40acme-corp-345213.iam.gserviceaccount.com\"}", + "label": "True Positive" + }, + { + "line_number": 35, + "secret": "https://hooks.slack.com/services/T00ABCDEF/B00GHIJKL/kM3P5sR9tV1wX7Y2zN8oB4cD", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/193/snippet.yml b/secrets-benchmarks/snippets/193/snippet.yml new file mode 100644 index 0000000..5741c6e --- /dev/null +++ b/secrets-benchmarks/snippets/193/snippet.yml @@ -0,0 +1,36 @@ +name: Deploy to Cloud Run + +on: + push: + branches: + - main + +jobs: + build-and-deploy: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Authenticate to Google Cloud + uses: 'google-github-actions/auth@v1' + with: + credentials_json: '{"type":"service_account","project_id":"acme-corp-345213","private_key_id":"a4f3b18d8b4c7c8e9f0a1b2c3d4e5f6a7b8c9d0e","private_key":"-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2sX2w...\n-----END PRIVATE KEY-----","client_email":"deploy-bot@acme-corp-345213.iam.gserviceaccount.com","client_id":"109876543210987654321","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://oauth2.googleapis.com/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_x509_cert_url":"https://www.googleapis.com/robot/v1/metadata/x509/deploy-bot%40acme-corp-345213.iam.gserviceaccount.com"}' + + - name: Build and Push Docker Image + run: | + docker build -t gcr.io/acme-corp-345213/my-app:${{ github.sha }} + docker push gcr.io/acme-corp-345213/my-app:${{ github.sha }} + + - name: Deploy to Cloud Run + run: | + gcloud run deploy my-app --image gcr.io/acme-corp-345213/my-app:${{ github.sha }} --region us-central1 + + - name: Send Slack Notification + uses: 8398a7/action-slack@v3 + with: + status: ${{ job.status }} + text: 'Deployment to production finished.' + env: + SLACK_WEBHOOK_URL: 'https://hooks.slack.com/services/T00ABCDEF/B00GHIJKL/kM3P5sR9tV1wX7Y2zN8oB4cD' + diff --git a/secrets-benchmarks/snippets/194/ground-truth.json b/secrets-benchmarks/snippets/194/ground-truth.json new file mode 100644 index 0000000..4d74f45 --- /dev/null +++ b/secrets-benchmarks/snippets/194/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 41, + "language": "typescript", + "findings": [ + { + "line_number": 15, + "secret": "AIzaSyBv4nE8tGfH3jK2L5mN7oP9qR1sT3uV5wX", + "label": "True Positive" + }, + { + "line_number": 28, + "secret": "pk.eyJ1IjoibXljb29sYXBwIiwiYSI6ImNrcWV3Z3NqMDBjajAyd281cDNtZGNpb3oifQ.Vv1B2C3D4E5F6G7H8I9J0K", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/194/snippet.ts b/secrets-benchmarks/snippets/194/snippet.ts new file mode 100644 index 0000000..af79331 --- /dev/null +++ b/secrets-benchmarks/snippets/194/snippet.ts @@ -0,0 +1,33 @@ +// src/config/serviceKeys.ts +// This file contains configuration for external services used in the application. + +interface FirebaseConfig { + apiKey: string; + authDomain: string; + projectId: string; + storageBucket: string; + messagingSenderId: string; + appId: string; +} + +// Configuration for the Firebase project. +export const firebaseConfig: FirebaseConfig = { + apiKey: "AIzaSyBv4nE8tGfH3jK2L5mN7oP9qR1sT3uV5wX", + authDomain: "webapp-prod-1a2b3.firebaseapp.com", + projectId: "webapp-prod-1a2b3", + storageBucket: "webapp-prod-1a2b3.appspot.com", + messagingSenderId: "123456789012", + appId: "1:123456789012:web:a1b2c3d4e5f6a7b8c9d0e1" +}; + +/** + * Mapbox configuration is used for rendering interactive maps. + * This token is scoped to our production URL. + */ +export const mapboxConfig = { + accessToken: "pk.eyJ1IjoibXljb29sYXBwIiwiYSI6ImNrcWV3Z3NqMDBjajAyd281cDNtZGNpb3oifQ.Vv1B2C3D4E5F6G7H8I9J0K" +}; + +// Sentry configuration for error reporting +export const sentryDsn = "https://o1234567.ingest.sentry.io/12345678901234"; + diff --git a/secrets-benchmarks/snippets/195/ground-truth.json b/secrets-benchmarks/snippets/195/ground-truth.json new file mode 100644 index 0000000..1928088 --- /dev/null +++ b/secrets-benchmarks/snippets/195/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 41, + "language": "properties", + "findings": [ + { + "line_number": 11, + "secret": "ZThkNDFkYzAtNzA1Mi00YjU5LTg5Y2UtMjdhMTEyMzg1ZjM5NDY0Y2ZkYjMtYTEzNC00MWI4LWJmOTItZWY5YTJjNmE1N2Jl", + "label": "True Positive" + }, + { + "line_number": 21, + "secret": "amqp://notif_worker:RpR8#bV^9sL@mq-cluster.internal:5672/vhost_prod", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/195/snippet.properties b/secrets-benchmarks/snippets/195/snippet.properties new file mode 100644 index 0000000..17c3a4a --- /dev/null +++ b/secrets-benchmarks/snippets/195/snippet.properties @@ -0,0 +1,31 @@ +# =============================== +# Authentication Service Config +# =============================== + +# Server port configuration +server.port=8080 + +# JWT Token settings +# This key is used for signing and verifying JWT tokens for user authentication. +# It must be Base64 encoded and be kept confidential. +auth.jwt.signing_key=ZThkNDFkYzAtNzA1Mi00YjU5LTg5Y2UtMjdhMTEyMzg1ZjM5NDY0Y2ZkYjMtYTEzNC00MWI4LWJmOTItZWY5YTJjNmE1N2Jl +auth.jwt.expiration_minutes=60 + +# Database connection properties (using environment variables is recommended) +spring.datasource.url=${JDBC_DATABASE_URL} +spring.datasource.username=${JDBC_DATABASE_USERNAME} +spring.datasource.password=${JDBC_DATABASE_PASSWORD} + +# Spring RabbitMQ configuration for messaging queue +# Manages asynchronous communication between microservices. +spring.rabbitmq.uri=amqp://notif_worker:RpR8#bV^9sL@mq-cluster.internal:5672/vhost_prod +spring.rabbitmq.listener.simple.retry.enabled=true +spring.rabbitmq.listener.simple.retry.max-attempts=3 + +# Logging configuration +logging.level.com.example.auth=INFO +logging.level.org.springframework.web=WARN + +# Eureka client configuration +eureka.client.serviceUrl.defaultZone=http://discovery-service:8761/eureka/ + diff --git a/secrets-benchmarks/snippets/196/ground-truth.json b/secrets-benchmarks/snippets/196/ground-truth.json new file mode 100644 index 0000000..2bc72d0 --- /dev/null +++ b/secrets-benchmarks/snippets/196/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 42, + "language": "python", + "findings": [ + { + "line_number": 16, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive" + }, + { + "line_number": 17, + "secret": "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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/196/snippet.py b/secrets-benchmarks/snippets/196/snippet.py new file mode 100644 index 0000000..91b513f --- /dev/null +++ b/secrets-benchmarks/snippets/196/snippet.py @@ -0,0 +1,36 @@ +import boto3 +from flask import Flask, jsonify, request +import os + +app = Flask(__name__) + +# Configuration for AWS S3 connection +# In a real production environment, these should be environment variables. +S3_BUCKET_NAME = 'customer-invoices-prod-us-east-1' +AWS_REGION = 'us-east-1' + +def create_s3_client(): + # Initializes the S3 client using hardcoded credentials. + s3_client = boto3.client( + 's3', + aws_access_key_id='AKIAY3R4WZ76X2P5QJ6M', + aws_secret_access_key='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', + region_name=AWS_REGION + ) + return s3_client + +@app.route('/api/v1/invoices/', methods=['GET']) +def get_invoice(invoice_id): + s3 = create_s3_client() + try: + file_key = f'invoices/{invoice_id}.pdf' + presigned_url = s3.generate_presigned_url('get_object', + Params={'Bucket': S3_BUCKET_NAME, 'Key': file_key}, + ExpiresIn=3600) + return jsonify({'download_url': presigned_url}) + except Exception as e: + app.logger.error(f'Failed to get invoice {invoice_id}: {e}') + return jsonify({'error': 'Could not retrieve invoice'}), 500 + +if __name__ == '__main__': + app.run(host='0.0.0.0', port=8080) diff --git a/secrets-benchmarks/snippets/197/ground-truth.json b/secrets-benchmarks/snippets/197/ground-truth.json new file mode 100644 index 0000000..e331327 --- /dev/null +++ b/secrets-benchmarks/snippets/197/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 42, + "language": "yaml", + "findings": [ + { + "line_number": 22, + "secret": "dckr_pat_bC9xTfG3pZjL2nK5hW1vR8sY0uI7", + "label": "True Positive" + }, + { + "line_number": 39, + "secret": "ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7U", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/197/snippet.yml b/secrets-benchmarks/snippets/197/snippet.yml new file mode 100644 index 0000000..74bdd47 --- /dev/null +++ b/secrets-benchmarks/snippets/197/snippet.yml @@ -0,0 +1,41 @@ +name: Build and Push Docker Image + +on: + push: + branches: + - main + +jobs: + build-and-push: + runs-on: ubuntu-latest + steps: + - name: Check out the repo + uses: actions/checkout@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Log in to Docker Hub + uses: docker/login-action@v2 + with: + username: techservices_bot + password: dckr_pat_bC9xTfG3pZjL2nK5hW1vR8sY0uI7 + + - name: Build and push + uses: docker/build-push-action@v4 + with: + context: . + push: true + tags: ourcompany/webapp:latest + + trigger-deployment: + needs: build-and-push + runs-on: ubuntu-latest + steps: + - name: Trigger deployment pipeline + run: | + curl -X POST \ + -H "Accept: application/vnd.github.v3+json" \ + -H "Authorization: token ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7U" \ + https://api.github.com/repos/our-org/infra-deploy/dispatches \ + -d '{"event_type":"deploy_webapp"}' diff --git a/secrets-benchmarks/snippets/198/ground-truth.json b/secrets-benchmarks/snippets/198/ground-truth.json new file mode 100644 index 0000000..772cd4a --- /dev/null +++ b/secrets-benchmarks/snippets/198/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 42, + "language": "terraform", + "findings": [ + { + "line_number": 12, + "secret": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6", + "label": "True Positive" + }, + { + "line_number": 13, + "secret": "x9y8z7w6v5u4t3s2r1q0p9o8n7m6l5k4j3i2h1g0", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/198/snippet.tf b/secrets-benchmarks/snippets/198/snippet.tf new file mode 100644 index 0000000..88cd811 --- /dev/null +++ b/secrets-benchmarks/snippets/198/snippet.tf @@ -0,0 +1,36 @@ +terraform { + required_providers { + datadog = { + source = "DataDog/datadog" + version = "~> 3.20" + } + } +} + +provider "datadog" { + # These should be configured using TF_VAR env variables + api_key = "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6" + app_key = "x9y8z7w6v5u4t3s2r1q0p9o8n7m6l5k4j3i2h1g0" +} + +resource "datadog_monitor" "high_cpu_utilization" { + name = "[Critical] High CPU Utilization on Core Services" + type = "metric alert" + message = "@all CPU utilization is over 90% on {{host.name}}. Check running processes immediately." + + query = "avg(last_5m):avg:system.cpu.user{environment:prod,service:core-api} > 90" + + monitor_thresholds { + critical = 90 + warning = 80 + } + + tags = ["env:prod", "service:core-api", "severity:critical"] +} + +resource "datadog_synthetics_test" "api_health_check" { + type = "api" + subtype = "http" + name = "[Prod] API Health Check - /status endpoint" + status = "live" +} diff --git a/secrets-benchmarks/snippets/199/ground-truth.json b/secrets-benchmarks/snippets/199/ground-truth.json new file mode 100644 index 0000000..6649d05 --- /dev/null +++ b/secrets-benchmarks/snippets/199/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 42, + "language": "javascript", + "findings": [ + { + "line_number": 13, + "secret": "pk.eyJ1Ijoic2hpcHBpbmdkZXYiLCJhIjoiY2w5cGdpaHVwMDFjZDN2bzhsZ2N0cDZ6MyJ9.A5w3UQqT3rVdFzPqW2bVew", + "label": "True Positive" + }, + { + "line_number": 16, + "secret": "https://a8d4d03c27e44a6f95e6f64b8c9d01b2@o450616.ingest.sentry.io/4506168886", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/199/snippet.js b/secrets-benchmarks/snippets/199/snippet.js new file mode 100644 index 0000000..bb6da2c --- /dev/null +++ b/secrets-benchmarks/snippets/199/snippet.js @@ -0,0 +1,38 @@ +import React from 'react'; +import ReactDOM from 'react-dom'; +import * as Sentry from '@sentry/react'; +import { BrowserTracing } from '@sentry/tracing'; +import App from './App'; + +// Centralized service configuration +const AppConfig = { + api: { + baseUrl: 'https://api.example.com/v2', + }, + mapbox: { + accessToken: 'pk.eyJ1Ijoic2hpcHBpbmdkZXYiLCJhIjoiY2w5cGdpaHVwMDFjZDN2bzhsZ2N0cDZ6MyJ9.A5w3UQqT3rVdFzPqW2bVew', + }, + sentry: { + dsn: 'https://a8d4d03c27e44a6f95e6f64b8c9d01b2@o450616.ingest.sentry.io/4506168886', + }, +}; + +Sentry.init({ + dsn: AppConfig.sentry.dsn, + integrations: [new BrowserTracing()], + tracesSampleRate: 1.0, + environment: 'production', +}); + +export const getMapboxToken = () => { + return AppConfig.mapbox.accessToken; +} + +ReactDOM.render( + + + + + , + document.getElementById('root') +); diff --git a/secrets-benchmarks/snippets/200/ground-truth.json b/secrets-benchmarks/snippets/200/ground-truth.json new file mode 100644 index 0000000..7f0fdda --- /dev/null +++ b/secrets-benchmarks/snippets/200/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 42, + "language": "groovy", + "findings": [ + { + "line_number": 22, + "secret": "prod_api_L3hV7bN9kPjR2wZ4mQ8yS6xT5", + "label": "True Positive" + }, + { + "line_number": 29, + "secret": "St@bleB@tteryH0rseC0rrect", + "label": "True Positive" + }, + { + "line_number": 31, + "secret": "C0rrectH0rseSt@bleB@ttery", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/200/snippet.groovy b/secrets-benchmarks/snippets/200/snippet.groovy new file mode 100644 index 0000000..4357baa --- /dev/null +++ b/secrets-benchmarks/snippets/200/snippet.groovy @@ -0,0 +1,43 @@ +plugins { + id 'com.android.application' + id 'org.jetbrains.kotlin.android' + id 'com.google.gms.google-services' +} + +android { + namespace 'com.examplecompany.mobileapp' + compileSdk 33 + + defaultConfig { + applicationId "com.examplecompany.mobileapp" + minSdk 24 + targetSdk 33 + versionCode 1 + versionName "1.0" + + testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner" + + // API Keys should be stored in a secure location, not here. + buildConfigField 'String', 'API_BASE_URL', '"https://prod.api.examplecompany.com/"' + buildConfigField 'String', 'BACKEND_API_KEY', '"prod_api_L3hV7bN9kPjR2wZ4mQ8yS6xT5"' + } + + signingConfigs { + release { + // Store details are also sensitive. + storeFile file('keystore.jks') + storePassword 'St@bleB@tteryH0rseC0rrect' + keyAlias 'releaseKey' + keyPassword 'C0rrectH0rseSt@bleB@ttery' + } + } + + buildTypes { + release { + minifyEnabled true + proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro' + signingConfig signingConfigs.release + } + } +} + diff --git a/secrets-benchmarks/snippets/201/ground-truth.json b/secrets-benchmarks/snippets/201/ground-truth.json new file mode 100644 index 0000000..2a83fb2 --- /dev/null +++ b/secrets-benchmarks/snippets/201/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 43, + "language": "python", + "findings": [ + { + "line_number": 10, + "secret": "postgres://prod_user_rw:8!hG#kL$pQ2s@db-pg-prod-01.c3k4l5m6.us-east-1.rds.amazonaws.com:5432/main_app_db", + "label": "True Positive" + }, + { + "line_number": 21, + "secret": "eYp3s6v9y$B&E)H@McQfTjWnZr4u7x!A", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/201/snippet.py b/secrets-benchmarks/snippets/201/snippet.py new file mode 100644 index 0000000..657ea8f --- /dev/null +++ b/secrets-benchmarks/snippets/201/snippet.py @@ -0,0 +1,34 @@ +from flask import Flask, jsonify, request +from flask_sqlalchemy import SQLAlchemy +import os +import redis + +app = Flask(__name__) + +# --- Database Configuration --- +# Postgres connection for primary data store +app.config['SQLALCHEMY_DATABASE_URI'] = 'postgres://prod_user_rw:8!hG#kL$pQ2s@db-pg-prod-01.c3k4l5m6.us-east-1.rds.amazonaws.com:5432/main_app_db' +app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False + +db = SQLAlchemy(app) + +# --- Cache Configuration --- +# Connect to our ElastiCache Redis cluster +try: + redis_client = redis.StrictRedis( + host='prod-redis-cluster.ab123c.0001.use1.cache.amazonaws.com', + port=6379, + password='eYp3s6v9y$B&E)H@McQfTjWnZr4u7x!A', + decode_responses=True + ) + redis_client.ping() +except redis.exceptions.ConnectionError as e: + print(f"Could not connect to Redis: {e}") + redis_client = None + +@app.route('/health') +def health_check(): + return jsonify({'status': 'ok'}), 200 + +if __name__ == '__main__': + app.run(host='0.0.0.0', port=80) diff --git a/secrets-benchmarks/snippets/202/ground-truth.json b/secrets-benchmarks/snippets/202/ground-truth.json new file mode 100644 index 0000000..ab5c17a --- /dev/null +++ b/secrets-benchmarks/snippets/202/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 43, + "language": "yaml", + "findings": [ + { + "line_number": 16, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive" + }, + { + "line_number": 17, + "secret": "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", + "label": "True Positive" + }, + { + "line_number": 35, + "secret": "https://hooks.slack.com/services/T024F4SJ2/B0C3E4D5F6/aBcDeFgHiJkLmNoPqRsTuVwX", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/202/snippet.yml b/secrets-benchmarks/snippets/202/snippet.yml new file mode 100644 index 0000000..b9e734c --- /dev/null +++ b/secrets-benchmarks/snippets/202/snippet.yml @@ -0,0 +1,35 @@ +name: Deploy Staging Environment +on: + push: + branches: + - main + +jobs: + build-and-deploy: + runs-on: ubuntu-latest + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + + - name: Configure AWS Credentials + run: | + aws configure set aws_access_key_id AKIAY3R4WZ76X2P5QJ6M + aws configure set aws_secret_access_key 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 + aws configure set default.region us-west-2 + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + - name: Build and Push Docker Image + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + IMAGE_TAG: ${{ github.sha }} + run: | + docker build -t $ECR_REGISTRY/my-app:$IMAGE_TAG . + docker push $ECR_REGISTRY/my-app:$IMAGE_TAG + + - name: Post deployment status to Slack + if: always() + run: | + curl -X POST -H 'Content-type: application/json' --data '{"text":"Deployment on staging completed."}' https://hooks.slack.com/services/T024F4SJ2/B0C3E4D5F6/aBcDeFgHiJkLmNoPqRsTuVwX diff --git a/secrets-benchmarks/snippets/203/ground-truth.json b/secrets-benchmarks/snippets/203/ground-truth.json new file mode 100644 index 0000000..84357c6 --- /dev/null +++ b/secrets-benchmarks/snippets/203/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 43, + "language": "terraform", + "findings": [ + { + "line_number": 3, + "secret": "B4kL9mN8oP1qR2sT3uV4wX5yZ6aB7c8D", + "label": "True Positive" + }, + { + "line_number": 27, + "secret": "u+Hs9xL3vA7fY2zR5pQ8", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/203/snippet.tf b/secrets-benchmarks/snippets/203/snippet.tf new file mode 100644 index 0000000..f7a320f --- /dev/null +++ b/secrets-benchmarks/snippets/203/snippet.tf @@ -0,0 +1,38 @@ +provider "fastly" { + # Fastly provider configuration + api_key = "B4kL9mN8oP1qR2sT3uV4wX5yZ6aB7c8D" +} + +resource "fastly_service_v1" "webapp" { + name = "my-webapp-service" + + domain { + name = "staging.example-app.com" + comment = "Staging domain" + } + + backend { + address = "app-load-balancer.us-west-2.elb.amazonaws.com" + name = "AWS ELB Backend" + port = 80 + } + + force_destroy = true +} + +# A variable that should have been sourced from a secure vault +variable "alerting_pagerduty_token" { + description = "PagerDuty integration key for critical alerts" + type = string + default = "u+Hs9xL3vA7fY2zR5pQ8" +} + +resource "fastly_integration" "pagerduty_integration" { + service_id = fastly_service_v1.webapp.id + name = "PagerDuty Alerts" + description = "Sends service alerts to PD" + type = "pagerduty" + config = { + token = var.alerting_pagerduty_token + } +} diff --git a/secrets-benchmarks/snippets/204/ground-truth.json b/secrets-benchmarks/snippets/204/ground-truth.json new file mode 100644 index 0000000..de412f5 --- /dev/null +++ b/secrets-benchmarks/snippets/204/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 43, + "language": "javascript", + "findings": [ + { + "line_number": 12, + "secret": "AIzaSyB9X8c7V6D5E4F3G2H1I0jL9K8mN7pQoR", + "label": "True Positive" + }, + { + "line_number": 21, + "secret": "pk.eyJ1IjoiYXBwZGV2ZWxvcGVyIiwiYSI6ImNrdzVjNmRmMDBkbmoydm51cTY5ZzVlMncifQ.A1b2c3d4E5F6g7h8I9J0kL", + "label": "True Positive" + }, + { + "line_number": 26, + "secret": "sk-proj-rT8uV9wXyZ1aB2c3d4E5f6G7h8i9j0kL1m2N3o4P5q6R", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/204/snippet.js b/secrets-benchmarks/snippets/204/snippet.js new file mode 100644 index 0000000..cd189ce --- /dev/null +++ b/secrets-benchmarks/snippets/204/snippet.js @@ -0,0 +1,34 @@ +import { initializeApp } from 'firebase/app'; +import { getAnalytics } from 'firebase/analytics'; +import { getAuth } from 'firebase/auth'; + +const isProduction = process.env.NODE_ENV === 'production'; + +// This config object is used across the entire application +// to bootstrap third-party services. +const AppConfig = { + // Configuration for Firebase services + firebase: { + apiKey: "AIzaSyB9X8c7V6D5E4F3G2H1I0jL9K8mN7pQoR", + authDomain: "my-app-prod.firebaseapp.com", + projectId: "my-app-prod", + storageBucket: "my-app-prod.appspot.com", + messagingSenderId: "123456789012", + appId: "1:123456789012:web:a1b2c3d4e5f6a7b8c9d0e1" + }, + // Mapbox config for the geo-location features + mapbox: { + accessToken: 'pk.eyJ1IjoiYXBwZGV2ZWxvcGVyIiwiYSI6ImNrdzVjNmRmMDBkbmoydm51cTY5ZzVlMncifQ.A1b2c3d4E5F6g7h8I9J0kL', + }, + + // OpenAI API Key for our AI-powered features + // Should be moved to a backend-for-frontend service + openaiApiKey: 'sk-proj-rT8uV9wXyZ1aB2c3d4E5f6G7h8i9j0kL1m2N3o4P5q6R', +}; + +// Initialize Firebase +const app = initializeApp(AppConfig.firebase); +export const analytics = getAnalytics(app); +export const auth = getAuth(app); + +export default AppConfig; diff --git a/secrets-benchmarks/snippets/205/ground-truth.json b/secrets-benchmarks/snippets/205/ground-truth.json new file mode 100644 index 0000000..e18bcd9 --- /dev/null +++ b/secrets-benchmarks/snippets/205/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 43, + "language": "properties", + "findings": [ + { + "line_number": 9, + "secret": "4hT7^kL#pQ$zW1*s", + "label": "True Positive" + }, + { + "line_number": 18, + "secret": "bXlzdXBlcnNlY3JldGtleWZvcmF1dGgtc2VydmljZS1pcy1hdzsza29tZWx5LWxvbmc=", + "label": "True Positive" + }, + { + "line_number": 22, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB4nF6gH7jK8lM9oP0qR1sT2uV3wX4yZ5aB6c", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/205/snippet.properties b/secrets-benchmarks/snippets/205/snippet.properties new file mode 100644 index 0000000..c98c9dd --- /dev/null +++ b/secrets-benchmarks/snippets/205/snippet.properties @@ -0,0 +1,25 @@ +# ================================================ +# Main Application Configuration for Auth Service +# Environment: Production +# ================================================ + +# Database connection details +spring.datasource.url=jdbc:mysql://auth-db.prod.internal:3306/authdb +spring.datasource.username=auth_service +spring.datasource.password=4hT7^kL#pQ$zW1*s +spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver + +# JPA/Hibernate settings +spring.jpa.hibernate.ddl-auto=validate +spring.jpa.show-sql=false + +# JWT token generation secrets +# This secret key must be at least 256 bits long and Base64 encoded +jwt.secret=bXlzdXBlcnNlY3JldGtleWZvcmF1dGgtc2VydmljZS1pcy1hdzsza29tZWx5LWxvbmc= +jwt.issuer=com.example.authservice + +# External service integration: Stripe for payment checks +stripe.api.key=sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mB4nF6gH7jK8lM9oP0qR1sT2uV3wX4yZ5aB6c + +# Server port configuration +server.port=8080 diff --git a/secrets-benchmarks/snippets/206/ground-truth.json b/secrets-benchmarks/snippets/206/ground-truth.json new file mode 100644 index 0000000..3db8064 --- /dev/null +++ b/secrets-benchmarks/snippets/206/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 44, + "language": "python", + "findings": [ + { + "line_number": 9, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive" + }, + { + "line_number": 10, + "secret": "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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/206/snippet.py b/secrets-benchmarks/snippets/206/snippet.py new file mode 100644 index 0000000..524103e --- /dev/null +++ b/secrets-benchmarks/snippets/206/snippet.py @@ -0,0 +1,35 @@ +import boto3 +from botocore.exceptions import NoCredentialsError + +# Configuration for data processing script +S3_BUCKET_NAME = 'prod-customer-data-uploads-us-east-1' +REGION = 'us-east-1' + +# Static credentials for service account access +AWS_ACCESS_KEY_ID = 'AKIAY3R4WZ76X2P5QJ6M' +AWS_SECRET_ACCESS_KEY = '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' + +def download_file_from_s3(local_path, s3_key): + """Downloads a specific file from our production S3 bucket.""" + try: + s3_client = boto3.client( + 's3', + aws_access_key_id=AWS_ACCESS_KEY_ID, + aws_secret_access_key=AWS_SECRET_ACCESS_KEY, + region_name=REGION + ) + print(f'Starting download for {s3_key}...') + s3_client.download_file(S3_BUCKET_NAME, s3_key, local_path) + print(f'Successfully downloaded to {local_path}') + return True + except NoCredentialsError: + print('Error: Credentials not available.') + return False + except Exception as e: + print(f'An unexpected error occurred: {e}') + return False + +if __name__ == '__main__': + report_key = 'monthly_reports/2023-10.csv' + download_path = '/tmp/report.csv' + download_file_from_s3(download_path, report_key) diff --git a/secrets-benchmarks/snippets/207/ground-truth.json b/secrets-benchmarks/snippets/207/ground-truth.json new file mode 100644 index 0000000..424dbc0 --- /dev/null +++ b/secrets-benchmarks/snippets/207/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 44, + "language": "terraform", + "findings": [ + { + "line_number": 20, + "secret": "aL9~_fH8qY7.s-D3.wX2vR-zM4pE1bN9jK", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/207/snippet.tf b/secrets-benchmarks/snippets/207/snippet.tf new file mode 100644 index 0000000..25d7fad --- /dev/null +++ b/secrets-benchmarks/snippets/207/snippet.tf @@ -0,0 +1,41 @@ +# Terraform configuration for Azure core infrastructure + +terraform { + required_version = ">= 1.2.0" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.0" + } + } +} + +# Provider block configured for a specific service principal +# This should be moved to a secure variables file or vault. +provider "azurerm" { + features {} + + subscription_id = "8e3d1b9e-315b-4b69-80b1-9f7fd8d9f1e3" + client_id = "a2b3c4d5-6e7f-8a9b-0c1d-2e3f4a5b6c7d" + client_secret = "aL9~_fH8qY7.s-D3.wX2vR-zM4pE1bN9jK" + tenant_id = "f5g6h7i8-9j0k-1l2m-3n4o-5p6q7r8s9t0u" +} + +# Define a resource group for shared services +resource "azurerm_resource_group" "shared_services_rg" { + name = "rg-shared-services-prod" + location = "East US 2" + + tags = { + environment = "production" + owner = "infra-team" + } +} + +resource "azurerm_storage_account" "diag_storage" { + name = "diagstoreprodeus2001" + resource_group_name = azurerm_resource_group.shared_services_rg.name + location = azurerm_resource_group.shared_services_rg.location + account_tier = "Standard" + account_replication_type = "LRS" +} diff --git a/secrets-benchmarks/snippets/208/ground-truth.json b/secrets-benchmarks/snippets/208/ground-truth.json new file mode 100644 index 0000000..a2d023d --- /dev/null +++ b/secrets-benchmarks/snippets/208/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 44, + "language": "properties", + "findings": [ + { + "line_number": 11, + "secret": "4hG#kL$pQ2s!tV*wXyZ(aB-dE", + "label": "True Positive" + }, + { + "line_number": 18, + "secret": "NjIzZGU5NTgtYWYzZC00YjM1LWE3MzktZWYzMDU3NTM1YmYxYzUyMWU1NzItODk0Yi00ODY0LWIzZjItYmYyYjVjYTAwZjY1", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/208/snippet.properties b/secrets-benchmarks/snippets/208/snippet.properties new file mode 100644 index 0000000..ec49b56 --- /dev/null +++ b/secrets-benchmarks/snippets/208/snippet.properties @@ -0,0 +1,32 @@ +# ========================================== +# Core Application Configuration +# ========================================== +server.port=8080 + +# ========================================== +# PostgreSQL Database Connection +# ========================================== +spring.datasource.url=jdbc:postgresql://db-prod-replica-1.c8zqtm2n4a1v.us-west-2.rds.amazonaws.com:5432/analytics_db +spring.datasource.username=api_service_user +spring.datasource.password=4hG#kL$pQ2s!tV*wXyZ(aB-dE +spring.datasource.driver-class-name=org.postgresql.Driver +spring.jpa.hibernate.ddl-auto=validate + +# ========================================== +# Security and JWT Configuration +# ========================================== +security.jwt.secret=NjIzZGU5NTgtYWYzZC00YjM1LWE3MzktZWYzMDU3NTM1YmYxYzUyMWU1NzItODk0Yi00ODY0LWIzZjItYmYyYjVjYTAwZjY1 +security.jwt.issuer=com.example.auth +security.jwt.expiration-ms=86400000 # 24 hours + +# ========================================== +# External Service Integrations +# ========================================== +mail.provider=sendgrid +logging.level.com.example=INFO +spring.profiles.active=production + +# Health check endpoint config +management.endpoints.web.exposure.include=health,info,prometheus +management.endpoint.health.show-details=when_authorized +management.metrics.tags.application=UserService diff --git a/secrets-benchmarks/snippets/209/ground-truth.json b/secrets-benchmarks/snippets/209/ground-truth.json new file mode 100644 index 0000000..538568b --- /dev/null +++ b/secrets-benchmarks/snippets/209/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 44, + "language": "groovy", + "findings": [ + { + "line_number": 22, + "secret": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAz/q/v2Oq5xGq2U3h5p9kY8t6v7v6p5L4f3n2s1E3n7o8w7u8\nr6p5w4w2a5r9t8y4u1i3o5p7a9s1d3f5g7h9k2l4m6n8q0w2e4r6t8y0u2i4o6\np8a0s2d4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q\n0w2e4r6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2\nd4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q0w2e4\nr6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2d4f6\ng8h0j2l4m6N8q0w2e4R6t8Y0u2i4o6A8c2v4b6N8m0P2q4w6e8R0t2y4I6o8p0A\ns2D4f6G8h0J2l4M6n8Q0w2E4r6T8y0U2i4O6p8A0S2d4F6g8H0k2L4m6n8Q0W2e\n4r6t8Y0u2I4o6p8a0S2d4f6G8h0j2L4m6n8q0W2e4r6t8Y0u2i4O6p8a0S2d4f6\nG8h0k2L4m6n8Q0W2E4r6T8y0u2I4O6p8a0s2d4f6G8h0j2L4m6N8Q0W2e4R6T8y\n0u2I4o6p8A0s2D4f6g8h0J2l4m6N8q0w2e4R6t8Y0U2i4o6p8A0s2d4F6g8h0j2\nL4m6n8Q0w2E4R6t8y0u2I4o6p8a0s2D4f6g8H0k2l4m6N8q0W2e4r6T8y0u2I4o\n6P8a0S2d4f6g8H0j2L4m6n8q0w2e4R6t8y0U2i4o6P8A0s2D4f6g8h0J2l4M6n8\nQ0W2e4R6t8Y0u2I4O6p8a0s2d4F6g8h0j2l4m6n8Q0w2E4r6t8Y0U2i4o6P8a0S\n-----END RSA PRIVATE KEY-----", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/209/snippet.groovy b/secrets-benchmarks/snippets/209/snippet.groovy new file mode 100644 index 0000000..c7ce4b1 --- /dev/null +++ b/secrets-benchmarks/snippets/209/snippet.groovy @@ -0,0 +1,46 @@ +pipeline { + agent any + + environment { + DEPLOY_HOST = 'app.prod.example.com' + DEPLOY_USER = 'deploy-bot' + } + + stages { + stage('Build') { + steps { + sh 'mvn clean install' + } + } + + stage('Deploy to Production') { + when { + branch 'main' + } + steps { + script { + def privateKey = '''-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAz/q/v2Oq5xGq2U3h5p9kY8t6v7v6p5L4f3n2s1E3n7o8w7u8 +r6p5w4w2a5r9t8y4u1i3o5p7a9s1d3f5g7h9k2l4m6n8q0w2e4r6t8y0u2i4o6 +p8a0s2d4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q +0w2e4r6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2 +d4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q0w2e4 +r6t8y0u2i4o6p8a0s2d4f6g8h0k2l4m6n8q0w2e4r6t8y0u2i4o6p8a0s2d4f6 +g8h0j2l4m6N8q0w2e4R6t8Y0u2i4o6A8c2v4b6N8m0P2q4w6e8R0t2y4I6o8p0A +s2D4f6G8h0J2l4M6n8Q0w2E4r6T8y0U2i4O6p8A0S2d4F6g8H0k2L4m6n8Q0W2e +4r6t8Y0u2I4o6p8a0S2d4f6G8h0j2L4m6n8q0W2e4r6t8Y0u2i4O6p8a0S2d4f6 +G8h0k2L4m6n8Q0W2E4r6T8y0u2I4O6p8a0s2d4f6G8h0j2L4m6N8Q0W2e4R6T8y +0u2I4o6p8A0s2D4f6g8h0J2l4m6N8q0w2e4R6t8Y0U2i4o6p8A0s2d4F6g8h0j2 +L4m6n8Q0w2E4R6t8y0u2I4o6p8a0s2D4f6g8H0k2l4m6N8q0W2e4r6T8y0u2I4o +6P8a0S2d4f6g8H0j2L4m6n8q0w2e4R6t8y0U2i4o6P8A0s2D4f6g8h0J2l4M6n8 +Q0W2e4R6t8Y0u2I4O6p8a0s2d4F6g8h0j2l4m6n8Q0w2E4r6t8Y0U2i4o6P8a0S +-----END RSA PRIVATE KEY-----''' + sshagent(credentials: [sshUserPrivateKey(credentialsId: 'deploy-key', key: privateKey)]) { + sh "scp ./target/app.jar ${env.DEPLOY_USER}@${env.DEPLOY_HOST}:/opt/app/" + sh "ssh ${env.DEPLOY_USER}@${env.DEPLOY_HOST} 'systemctl restart myapp'" + } + } + } + } + } +} diff --git a/secrets-benchmarks/snippets/210/ground-truth.json b/secrets-benchmarks/snippets/210/ground-truth.json new file mode 100644 index 0000000..920664b --- /dev/null +++ b/secrets-benchmarks/snippets/210/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 44, + "language": "typescript", + "findings": [ + { + "line_number": 15, + "secret": "pk.eyJ1IjoibWFwZGV2ZWxvcGVyIiwiYSI6ImNrcGo1bXp6ODBzaHIydnBqcWhyZDRrajcifQ.vG8cW7fJ2w9eK5rN3pD8oA", + "label": "True Positive" + }, + { + "line_number": 16, + "secret": "https://a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4@o123456.ingest.sentry.io/7890123", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/210/snippet.ts b/secrets-benchmarks/snippets/210/snippet.ts new file mode 100644 index 0000000..db1cef1 --- /dev/null +++ b/secrets-benchmarks/snippets/210/snippet.ts @@ -0,0 +1,38 @@ +import * as Sentry from '@sentry/react'; +import mapboxgl from 'mapbox-gl'; + +// ============ SERVICE INITIALIZATION ================== +// This file contains credentials for external services. +// ====================================================== + +interface AppConfig { + mapboxAccessToken: string; + sentryDsn: string; + environment: 'development' | 'staging' | 'production'; +} + +const config: AppConfig = { + mapboxAccessToken: 'pk.eyJ1IjoibWFwZGV2ZWxvcGVyIiwiYSI6ImNrcGo1bXp6ODBzaHIydnBqcWhyZDRrajcifQ.vG8cW7fJ2w9eK5rN3pD8oA', + sentryDsn: 'https://a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4@o123456.ingest.sentry.io/7890123', + environment: 'production', +}; + +export function initializeSentry() { + if (config.environment === 'production') { + Sentry.init({ + dsn: config.sentryDsn, + integrations: [new Sentry.BrowserTracing()], + tracesSampleRate: 0.2, + }); + } +} + +export function initializeMapbox() { + mapboxgl.accessToken = config.mapboxAccessToken; +} + +// Automatically initialize services on module load +initializeSentry(); +initializeMapbox(); + +export default config; diff --git a/secrets-benchmarks/snippets/211/ground-truth.json b/secrets-benchmarks/snippets/211/ground-truth.json new file mode 100644 index 0000000..7827ce0 --- /dev/null +++ b/secrets-benchmarks/snippets/211/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 45, + "language": "python", + "findings": [ + { + "line_number": 11, + "secret": "postgres://user_svc_acct:p9#zF!8k@L$sR_Wv@db-users.internal.corp:5432/users", + "label": "True Positive" + }, + { + "line_number": 13, + "secret": "u$h3Jk!^nL*8g$Pz@qV5sR9b#Gf2M(wE", + "label": "True Positive" + }, + { + "line_number": 14, + "secret": "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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/211/snippet.py b/secrets-benchmarks/snippets/211/snippet.py new file mode 100644 index 0000000..a53bd54 --- /dev/null +++ b/secrets-benchmarks/snippets/211/snippet.py @@ -0,0 +1,36 @@ +import os +from flask import Flask, jsonify, request +from flask_sqlalchemy import SQLAlchemy +from flask_jwt_extended import create_access_token, jwt_required, JWTManager +from sendgrid import SendGridAPIClient +from sendgrid.helpers.mail import Mail + +app = Flask(__name__) + +# Configuration block with hardcoded credentials +app.config['SQLALCHEMY_DATABASE_URI'] = 'postgres://user_svc_acct:p9#zF!8k@L$sR_Wv@db-users.internal.corp:5432/users' +app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False +app.config['JWT_SECRET_KEY'] = 'u$h3Jk!^nL*8g$Pz@qV5sR9b#Gf2M(wE' +SENDGRID_API_KEY = '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' + +db = SQLAlchemy(app) +jwt = JWTManager(app) + +class User(db.Model): + id = db.Column(db.Integer, primary_key=True) + username = db.Column(db.String(80), unique=True, nullable=False) + email = db.Column(db.String(120), unique=True, nullable=False) + +@app.route('/login', methods=['POST']) +def login(): + username = request.json.get('username', None) + password = request.json.get('password', None) + # Dummy auth check + if username != 'test' or password != 'test': + return jsonify({'msg': 'Bad username or password'}), 401 + + access_token = create_access_token(identity=username) + return jsonify(access_token=access_token) + +if __name__ == '__main__': + app.run(debug=False, host='0.0.0.0') diff --git a/secrets-benchmarks/snippets/212/ground-truth.json b/secrets-benchmarks/snippets/212/ground-truth.json new file mode 100644 index 0000000..400b2f5 --- /dev/null +++ b/secrets-benchmarks/snippets/212/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 45, + "language": "yaml", + "findings": [ + { + "line_number": 15, + "secret": "AKIA4ZLWQY62N7S5V3OF", + "label": "True Positive" + }, + { + "line_number": 16, + "secret": "Wj3F8zK/x6dE+qT9pYhR/gL7mN4sV2cBb1aZ0xP", + "label": "True Positive" + }, + { + "line_number": 19, + "secret": "dckr_pat_a4fH7Gj9kLpZ3xV6cWqY8tN2sR5bM0", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/212/snippet.yml b/secrets-benchmarks/snippets/212/snippet.yml new file mode 100644 index 0000000..de266e8 --- /dev/null +++ b/secrets-benchmarks/snippets/212/snippet.yml @@ -0,0 +1,42 @@ +name: Deploy to Production + +on: + push: + branches: + - main + +jobs: + build-and-deploy: + runs-on: ubuntu-latest + environment: production + + env: + # Hardcoded credentials for AWS and Docker Hub + AWS_ACCESS_KEY_ID: AKIA4ZLWQY62N7S5V3OF + AWS_SECRET_ACCESS_KEY: Wj3F8zK/x6dE+qT9pYhR/gL7mN4sV2cBb1aZ0xP + AWS_REGION: us-east-1 + ECR_REPOSITORY: my-app-repo + DOCKER_HUB_TOKEN: dckr_pat_a4fH7Gj9kLpZ3xV6cWqY8tN2sR5bM0 + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ env.AWS_REGION }} + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: mydockerhubuser + password: ${{ env.DOCKER_HUB_TOKEN }} + + - name: Build, tag, and push image to Amazon ECR + id: build-image + run: | + # Build and push commands would go here + echo "Image built and pushed successfully" diff --git a/secrets-benchmarks/snippets/213/ground-truth.json b/secrets-benchmarks/snippets/213/ground-truth.json new file mode 100644 index 0000000..b742ea8 --- /dev/null +++ b/secrets-benchmarks/snippets/213/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 45, + "language": "terraform", + "findings": [ + { + "line_number": 5, + "secret": "AKIAJM7GFQ36XW5YUIZA", + "label": "True Positive" + }, + { + "line_number": 6, + "secret": "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", + "label": "True Positive" + }, + { + "line_number": 24, + "secret": "D#$tG6hL9p!z@qR2bN8f*m", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/213/snippet.tf b/secrets-benchmarks/snippets/213/snippet.tf new file mode 100644 index 0000000..bc5f897 --- /dev/null +++ b/secrets-benchmarks/snippets/213/snippet.tf @@ -0,0 +1,33 @@ +# main.tf - Production Infrastructure + +provider "aws" { + region = "eu-west-2" + access_key = "AKIAJM7GFQ36XW5YUIZA" + secret_key = "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" +} + +resource "aws_instance" "web_server" { + ami = "ami-0c55b159cbfafe1f0" # Ubuntu 20.04 LTS + instance_type = "t3.micro" + tags = { + Name = "WebServer-Prod" + } +} + +resource "aws_db_instance" "main_db" { + allocated_storage = 20 + engine = "mysql" + engine_version = "8.0" + instance_class = "db.t3.micro" + name = "appdbprod" + username = "db_admin" + password = "D#$tG6hL9p!z@qR2bN8f*m" + parameter_group_name = "default.mysql8.0" + skip_final_snapshot = true + publicly_accessible = false +} + +resource "aws_s3_bucket" "app_data" { + bucket = "my-corp-app-data-prod-987654" + acl = "private" +} diff --git a/secrets-benchmarks/snippets/214/ground-truth.json b/secrets-benchmarks/snippets/214/ground-truth.json new file mode 100644 index 0000000..d6f48d3 --- /dev/null +++ b/secrets-benchmarks/snippets/214/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 45, + "language": "typescript", + "findings": [ + { + "line_number": 14, + "secret": "pk.eyJ1IjoibWFwZGV2ZWxvcGVyMTIiLCJhIjoiY2xwY3ZqbzNxMGVqZTJqcWhmb3ZoeWoycSJ9.sF5gHjL9kPzQvB7nJ6tXyA", + "label": "True Positive" + }, + { + "line_number": 17, + "secret": "gz_api_k_e5e4bb50c2684994843b0032b49ab78c", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/214/snippet.ts b/secrets-benchmarks/snippets/214/snippet.ts new file mode 100644 index 0000000..028406b --- /dev/null +++ b/secrets-benchmarks/snippets/214/snippet.ts @@ -0,0 +1,44 @@ +import mapboxgl from 'mapbox-gl'; +import axios from 'axios'; + +const MAP_CONTAINER_ID = 'map-view'; + +/** + * Service for handling map rendering and geo-data fetching. + * NOTE: Configuration is temporarily hardcoded for rapid prototyping. + */ +class MappingService { + private map: mapboxgl.Map | null = null; + + // Public token for Mapbox rendering + private readonly mapboxAccessToken = 'pk.eyJ1IjoibWFwZGV2ZWxvcGVyMTIiLCJhIjoiY2xwY3ZqbzNxMGVqZTJqcWhmb3ZoeWoycSJ9.sF5gHjL9kPzQvB7nJ6tXyA'; + + // API Key for internal geo-data service + private readonly geoServiceKey = 'gz_api_k_e5e4bb50c2684994843b0032b49ab78c'; + private readonly geoServiceUrl = 'https://api.geospatial.internal/v1/locations'; + + public initializeMap() { + mapboxgl.accessToken = this.mapboxAccessToken; + this.map = new mapboxgl.Map({ + container: MAP_CONTAINER_ID, + style: 'mapbox://styles/mapbox/streets-v11', + center: [-74.5, 40], + zoom: 9 + }); + } + + public async fetchLocations(area: string) { + try { + const response = await axios.get(this.geoServiceUrl, { + params: { area }, + headers: { 'x-api-key': this.geoServiceKey } + }); + return response.data; + } catch (error) { + console.error('Failed to fetch geo locations:', error); + return []; + } + } +} + +export const mapService = new MappingService(); diff --git a/secrets-benchmarks/snippets/215/ground-truth.json b/secrets-benchmarks/snippets/215/ground-truth.json new file mode 100644 index 0000000..f46ed9f --- /dev/null +++ b/secrets-benchmarks/snippets/215/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 45, + "language": "go", + "findings": [ + { + "line_number": 20, + "secret": "amqp://msg_proc:F3d^kLp@9s!zR-q@rabbitmq-prod.svc.cluster.local:5672/", + "label": "True Positive" + }, + { + "line_number": 23, + "secret": "sv-tok-prod_8A2zL9pHqY7tJv5kR4wGcXnF1bS3mD6h", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/215/snippet.go b/secrets-benchmarks/snippets/215/snippet.go new file mode 100644 index 0000000..b9621da --- /dev/null +++ b/secrets-benchmarks/snippets/215/snippet.go @@ -0,0 +1,52 @@ +package main + +import ( + "bytes" + "log" + "net/http" + "time" + + "github.com/streadway/amqp" +) + +func failOnError(err error, msg string) { + if err != nil { + log.Fatalf("%s: %s", msg, err) + } +} + +func main() { + // Constants with embedded credentials for dev environment + amqpDSN := "amqp://msg_proc:F3d^kLp@9s!zR-q@rabbitmq-prod.svc.cluster.local:5672/" + queueName := "tasks_to_process" + apiUrl := "http://processor-api:8080/process" + serviceToken := "sv-tok-prod_8A2zL9pHqY7tJv5kR4wGcXnF1bS3mD6h" + + conn, err := amqp.Dial(amqpDSN) + failOnError(err, "Failed to connect to RabbitMQ") + defer conn.Close() + + ch, err := conn.Channel() + failOnError(err, "Failed to open a channel") + defer ch.Close() + + msgs, err := ch.Consume(queueName, "", true, false, false, false, nil) + failOnError(err, "Failed to register a consumer") + + forever := make(chan bool) + + go func() { + for d := range msgs { + log.Printf("Received a message: %s", d.Body) + // Forward message to internal service + req, _ := http.NewRequest("POST", apiUrl, bytes.NewBuffer(d.Body)) + req.Header.Set("Content-Type", "application/json") + req.Header.Set("Authorization", "Bearer "+serviceToken) + client := &http.Client{Timeout: time.Second * 10} + client.Do(req) + } + }() + + log.Printf(" [*] Waiting for messages. To exit press CTRL+C") + <-forever +} diff --git a/secrets-benchmarks/snippets/216/ground-truth.json b/secrets-benchmarks/snippets/216/ground-truth.json new file mode 100644 index 0000000..788ee3c --- /dev/null +++ b/secrets-benchmarks/snippets/216/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 46, + "language": "python", + "findings": [ + { + "line_number": 10, + "secret": "postgres://analytics_svc:5h#jK9$fG!pQ@prod-db-replica-1.us-east-1.rds.amazonaws.com:5432/reporting_db", + "label": "True Positive" + }, + { + "line_number": 15, + "secret": "sk_live_51Kx2BzJ6w3hC7nVf8gB5sLp0nN6rT1qY2aD4zXvWqSjU3mHk9oP7fG1tY9cR", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/216/snippet.py b/secrets-benchmarks/snippets/216/snippet.py new file mode 100644 index 0000000..c44390e --- /dev/null +++ b/secrets-benchmarks/snippets/216/snippet.py @@ -0,0 +1,35 @@ +from flask import Flask, jsonify, request +from flask_sqlalchemy import SQLAlchemy +from flask_marshmallow import Marshmallow +import os + +app = Flask(__name__) + +# --- Database and Payment Configuration --- +# In a real production scenario, use environment variables. +app.config['SQLALCHEMY_DATABASE_URI'] = 'postgres://analytics_svc:5h#jK9$fG!pQ@prod-db-replica-1.us-east-1.rds.amazonaws.com:5432/reporting_db' +app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False + +# Stripe Payment Gateway Integration +STRIPE_API_VERSION = '2022-11-15' +STRIPE_SECRET_KEY = 'sk_live_51Kx2BzJ6w3hC7nVf8gB5sLp0nN6rT1qY2aD4zXvWqSjU3mHk9oP7fG1tY9cR' + +db = SQLAlchemy(app) +ma = Marshmallow(app) + +class User(db.Model): + id = db.Column(db.Integer, primary_key=True) + username = db.Column(db.String(80), unique=True) + email = db.Column(db.String(120), unique=True) + + def __init__(self, username, email): + self.username = username + self.email = email + +@app.route('/api/v1/health', methods=['GET']) +def health_check(): + return jsonify({'status': 'ok'}), 200 + +if __name__ == '__main__': + app.run(debug=False, host='0.0.0.0') + diff --git a/secrets-benchmarks/snippets/217/ground-truth.json b/secrets-benchmarks/snippets/217/ground-truth.json new file mode 100644 index 0000000..c883a66 --- /dev/null +++ b/secrets-benchmarks/snippets/217/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 46, + "language": "yaml", + "findings": [ + { + "line_number": 19, + "secret": "AKIAV5Y3RXU2FN7QZ6PL", + "label": "True Positive" + }, + { + "line_number": 20, + "secret": "p2gR8hL9kM3tN4vW5zC1xS7qY6bA+dE0fG/jK", + "label": "True Positive" + }, + { + "line_number": 31, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/217/snippet.yml b/secrets-benchmarks/snippets/217/snippet.yml new file mode 100644 index 0000000..0fb3789 --- /dev/null +++ b/secrets-benchmarks/snippets/217/snippet.yml @@ -0,0 +1,35 @@ +name: Production Deployment to AWS + +on: + push: + branches: + - main + +jobs: + deploy: + name: Deploy to EC2 + runs-on: ubuntu-latest + steps: + - name: Checkout Repository + uses: actions/checkout@v3 + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: AKIAV5Y3RXU2FN7QZ6PL + aws-secret-access-key: p2gR8hL9kM3tN4vW5zC1xS7qY6bA+dE0fG/jK + aws-region: us-west-2 + + - name: Build and Push Docker Image + run: | + docker build -t my-app:latest . + # Push to ECR logic here + + - name: Notify on Slack + uses: rtCamp/action-slack-notify@v2 + env: + SLACK_WEBHOOK: https://hooks.slack.com/services/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 + SLACK_TITLE: 'Deployment Succeeded' + SLACK_MESSAGE: 'Production deployment completed successfully.' + SLACK_COLOR: 'good' + diff --git a/secrets-benchmarks/snippets/218/ground-truth.json b/secrets-benchmarks/snippets/218/ground-truth.json new file mode 100644 index 0000000..1a99c08 --- /dev/null +++ b/secrets-benchmarks/snippets/218/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 46, + "language": "terraform", + "findings": [ + { + "line_number": 11, + "secret": "dop_v1_a6b4c8d1e2f3g5h7i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/218/snippet.tf b/secrets-benchmarks/snippets/218/snippet.tf new file mode 100644 index 0000000..8e8648b --- /dev/null +++ b/secrets-benchmarks/snippets/218/snippet.tf @@ -0,0 +1,37 @@ +terraform { + required_providers { + digitalocean = { + source = "digitalocean/digitalocean" + version = "~> 2.0" + } + } +} + +provider "digitalocean" { + token = "dop_v1_a6b4c8d1e2f3g5h7i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e" +} + +resource "digitalocean_droplet" "web_server" { + image = "ubuntu-20-04-x64" + name = "prod-web-1" + region = "sfo3" + size = "s-2vcpu-4gb" + ssh_keys = [data.digitalocean_ssh_key.main_key.id] +} + +resource "digitalocean_kubernetes_cluster" "primary_cluster" { + name = "prod-k8s-cluster" + region = "sfo3" + version = "1.22.8-do.1" + + node_pool { + name = "default-pool" + size = "s-2vcpu-4gb" + node_count = 3 + } +} + +data "digitalocean_ssh_key" "main_key" { + name = "deploy-key-prod" +} + diff --git a/secrets-benchmarks/snippets/219/ground-truth.json b/secrets-benchmarks/snippets/219/ground-truth.json new file mode 100644 index 0000000..ff83da9 --- /dev/null +++ b/secrets-benchmarks/snippets/219/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 46, + "language": "typescript", + "findings": [ + { + "line_number": 19, + "secret": "pk.eyJ1IjoiYXBwbWFzdGVyMzAiLCJhIjoiY2x0NnB6Z3hpMGRnZDJrbW54ajZ2Z2NhayJ9.Z-u9f7s_L7gK4jH5qP2nXw", + "label": "True Positive" + }, + { + "line_number": 20, + "secret": "https://a1b2c3d4e5f64a7b8c9d0e1f2a3b4c5d@o123456.ingest.sentry.io/7890123", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/219/snippet.ts b/secrets-benchmarks/snippets/219/snippet.ts new file mode 100644 index 0000000..71d1505 --- /dev/null +++ b/secrets-benchmarks/snippets/219/snippet.ts @@ -0,0 +1,36 @@ +import { Environment, LogLevel } from './types'; + +interface AppConfig { + env: Environment; + logLevel: LogLevel; + apiBaseUrl: string; + mapboxToken: string; + sentryDsn: string; + featureFlags: { + enableNewDashboard: boolean; + }; +} + +// Production configuration - DO NOT commit sensitive keys directly +export const productionConfig: AppConfig = { + env: Environment.Production, + logLevel: LogLevel.Error, + apiBaseUrl: 'https://api.myapp.com/v2', + mapboxToken: 'pk.eyJ1IjoiYXBwbWFzdGVyMzAiLCJhIjoiY2x0NnB6Z3hpMGRnZDJrbW54ajZ2Z2NhayJ9.Z-u9f7s_L7gK4jH5qP2nXw', + sentryDsn: 'https://a1b2c3d4e5f64a7b8c9d0e1f2a3b4c5d@o123456.ingest.sentry.io/7890123', + featureFlags: { + enableNewDashboard: true, + }, +}; + +// Staging configuration +export const stagingConfig: AppConfig = { + env: Environment.Staging, + logLevel: LogLevel.Debug, + apiBaseUrl: 'https://api.staging.myapp.com/v2', + mapboxToken: 'pk.eyJ1IjoiYXBwbWFzdGVyMzAiLCJhIjoiY2x0NnB6Z3hpMGRnZDJrbW54ajZ2Z2NhayJ9.Z-u9f7s_L7gK4jH5qP2nXw', // Same key for staging is fine + sentryDsn: 'https://fedcba9876543210fedcba9876543210@o654321.ingest.sentry.io/3210987', + featureFlags: { + enableNewDashboard: true, + }, +}; diff --git a/secrets-benchmarks/snippets/220/ground-truth.json b/secrets-benchmarks/snippets/220/ground-truth.json new file mode 100644 index 0000000..abd2d7e --- /dev/null +++ b/secrets-benchmarks/snippets/220/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 46, + "language": "properties", + "findings": [ + { + "line_number": 14, + "secret": "Z8qWn!y$B&E)H@McQfTjWnZr4u7x!A%D*G-JaNdRgUkXp2s5v8y/B?E(H+KbPeSh", + "label": "True Positive" + }, + { + "line_number": 29, + "secret": "notifications-prod@we-send-alerts.com", + "label": "True Positive" + }, + { + "line_number": 30, + "secret": "4R#sV9$!pLq2b", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/220/snippet.properties b/secrets-benchmarks/snippets/220/snippet.properties new file mode 100644 index 0000000..8dc8bed --- /dev/null +++ b/secrets-benchmarks/snippets/220/snippet.properties @@ -0,0 +1,33 @@ +# =============================== +# Main Application Settings +# =============================== +server.port=8080 +spring.application.name=auth-service + +# =============================== +# Security and JWT Settings +# =============================== +app.jwt.issuer=my-auth-service +app.jwt.audience=my-app-clients +app.jwt.expiration-ms=86400000 +# This secret key is used to sign and verify JWTs. It must be kept confidential. +app.jwt.secret=Z8qWn!y$B&E)H@McQfTjWnZr4u7x!A%D*G-JaNdRgUkXp2s5v8y/B?E(H+KbPeSh + +# =============================== +# Database Connection (PostgreSQL) +# =============================== +spring.datasource.url=jdbc:postgresql://${DB_HOST:localhost}:${DB_PORT:5432}/authdb +spring.datasource.username=${DB_USER} +spring.datasource.password=${DB_PASSWORD} +spring.jpa.hibernate.ddl-auto=validate + +# =============================== +# Email Notification Service (SMTP) +# =============================== +spring.mail.host=smtp.mailgun.org +spring.mail.port=587 +spring.mail.username=notifications-prod@we-send-alerts.com +spring.mail.password=4R#sV9$!pLq2b +spring.mail.properties.mail.smtp.auth=true +spring.mail.properties.mail.smtp.starttls.enable=true + diff --git a/secrets-benchmarks/snippets/221/ground-truth.json b/secrets-benchmarks/snippets/221/ground-truth.json new file mode 100644 index 0000000..1a52504 --- /dev/null +++ b/secrets-benchmarks/snippets/221/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 47, + "language": "python", + "findings": [ + { + "line_number": 11, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive" + }, + { + "line_number": 12, + "secret": "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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/221/snippet.py b/secrets-benchmarks/snippets/221/snippet.py new file mode 100644 index 0000000..c000653 --- /dev/null +++ b/secrets-benchmarks/snippets/221/snippet.py @@ -0,0 +1,33 @@ +import boto3 +import logging + +# Setup basic logging +logging.basicConfig(level=logging.INFO) +logger = logging.getLogger(__name__) + +def get_s3_client(): + """Initializes and returns a boto3 S3 client for a specific region.""" + # This configuration is for the data-processing account + aws_access_key_id = "AKIAY3R4WZ76X2P5QJ6M" + aws_secret_access_key = "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" + aws_region = "us-west-2" + + try: + s3_client = boto3.client( + 's3', + aws_access_key_id=aws_access_key_id, + aws_secret_access_key=aws_secret_access_key, + region_name=aws_region + ) + logger.info(f"Successfully created S3 client for region {aws_region}") + return s3_client + except Exception as e: + logger.error(f"Failed to create S3 client: {e}") + return None + +def list_report_buckets(client): + """Lists buckets with 'report' in their name.""" + response = client.list_buckets() + report_buckets = [bucket['Name'] for bucket in response['Buckets'] if 'report' in bucket['Name']] + return report_buckets + diff --git a/secrets-benchmarks/snippets/222/ground-truth.json b/secrets-benchmarks/snippets/222/ground-truth.json new file mode 100644 index 0000000..4c1f354 --- /dev/null +++ b/secrets-benchmarks/snippets/222/ground-truth.json @@ -0,0 +1,26 @@ +{ + "entry_id": 47, + "language": "terraform", + "findings": [ + { + "line_number": 17, + "secret": "f0g1h2i3-j4k5-6789-l0m1-n2o3p4q5678b", + "label": "True Positive" + }, + { + "line_number": 18, + "secret": "a8b1c2d3-e4f5-6789-a0b1-c2d3e4f5678a", + "label": "True Positive" + }, + { + "line_number": 19, + "secret": "~m88Q~bH2tY.xK5cZ_-.LpG7j9nF3rVqEwD1aB", + "label": "True Positive" + }, + { + "line_number": 20, + "secret": "c9d0e1f2-g3h4-5678-i9j0-k1l2m3n4567c", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/222/snippet.tf b/secrets-benchmarks/snippets/222/snippet.tf new file mode 100644 index 0000000..77acace --- /dev/null +++ b/secrets-benchmarks/snippets/222/snippet.tf @@ -0,0 +1,43 @@ +# main.tf - Production Infrastructure for Core Services + +terraform { + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "~> 3.0" + } + } +} + +# Provider block configured for service principal authentication. +# Credentials should be loaded from a secure vault in production. +provider "azurerm" { + features {} + + subscription_id = "f0g1h2i3-j4k5-6789-l0m1-n2o3p4q5678b" + client_id = "a8b1c2d3-e4f5-6789-a0b1-c2d3e4f5678a" + client_secret = "~m88Q~bH2tY.xK5cZ_-.LpG7j9nF3rVqEwD1aB" + tenant_id = "c9d0e1f2-g3h4-5678-i9j0-k1l2m3n4567c" +} + +resource "azurerm_resource_group" "prod_rg" { + name = "prod-core-services-rg" + location = "East US 2" +} + +resource "azurerm_kubernetes_cluster" "prod_aks" { + name = "prod-core-aks-cluster" + location = azurerm_resource_group.prod_rg.location + resource_group_name = azurerm_resource_group.prod_rg.name + dns_prefix = "prod-core-api" + + default_node_pool { + name = "default" + node_count = 3 + vm_size = "Standard_D4s_v3" + } + + identity { + type = "SystemAssigned" + } +} diff --git a/secrets-benchmarks/snippets/223/ground-truth.json b/secrets-benchmarks/snippets/223/ground-truth.json new file mode 100644 index 0000000..db038d0 --- /dev/null +++ b/secrets-benchmarks/snippets/223/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 47, + "language": "typescript", + "findings": [ + { + "line_number": 7, + "secret": "pk.eyJ1IjoiYmFja2VuZGRldjE5IiwiYSI6ImNsdWpwbDFrZDFhaWgyaW54aThxaGYwNWgifQ.bO9F2zA-y8wU1rC6gV4qLw", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/223/snippet.ts b/secrets-benchmarks/snippets/223/snippet.ts new file mode 100644 index 0000000..3dda601 --- /dev/null +++ b/secrets-benchmarks/snippets/223/snippet.ts @@ -0,0 +1,40 @@ +import React, { useRef, useEffect, useState } from 'react'; +import mapboxgl from 'mapbox-gl'; +import 'mapbox-gl/dist/mapbox-gl.css'; + +// TODO: Move this to a centralized config service or .env file +const MAPBOX_CONFIG = { + token: 'pk.eyJ1IjoiYmFja2VuZGRldjE5IiwiYSI6ImNsdWpwbDFrZDFhaWgyaW54aThxaGYwNWgifQ.bO9F2zA-y8wU1rC6gV4qLw', + style: 'mapbox://styles/mapbox/streets-v11', + defaultLng: -74.0060, + defaultLat: 40.7128, + defaultZoom: 12, +}; + +mapboxgl.accessToken = MAPBOX_CONFIG.token; + +export const MapComponent = () => { + const mapContainer = useRef(null); + const map = useRef(null); + const [lng, setLng] = useState(MAPBOX_CONFIG.defaultLng); + const [lat, setLat] = useState(MAPBOX_CONFIG.defaultLat); + const [zoom, setZoom] = useState(MAPBOX_CONFIG.defaultZoom); + + useEffect(() => { + if (map.current) return; // initialize map only once + if (!mapContainer.current) return; + + map.current = new mapboxgl.Map({ + container: mapContainer.current, + style: MAPBOX_CONFIG.style, + center: [lng, lat], + zoom: zoom, + }); + }); + + return ( +
+
+
+ ); +}; diff --git a/secrets-benchmarks/snippets/224/ground-truth.json b/secrets-benchmarks/snippets/224/ground-truth.json new file mode 100644 index 0000000..8a551c0 --- /dev/null +++ b/secrets-benchmarks/snippets/224/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 47, + "language": "yaml", + "findings": [ + { + "line_number": 22, + "secret": "dckr_pat_u7VpMzX9hL8rKjG6wQfB2cT4oN", + "label": "True Positive" + }, + { + "line_number": 37, + "secret": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\nQyNTUxOQAAACCrY4qzb6p5bSj/LhkCHwPksPA2/mOapvO02N7UUDlO6gAAAJgRjN4EEYze\nBAAAAAtzc2gtZWQyNTUxOQAAACCrY4qzb6p5bSj/LhkCHwPksPA2/mOapvO02N7UUDlO6g\nAAAECBmxuGZJz76hTkyk1r6s9JRXr8K2T4lVjTpf3G9T/lFKtjirNvqnltKP8uGQIfA+Sw\n8Db+Y5qm87TY3tRQOU7qAAAAEGNpY2RfYWdlbnRAbWFpbC5jb20BAg==\n-----END OPENSSH PRIVATE KEY-----", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/224/snippet.yml b/secrets-benchmarks/snippets/224/snippet.yml new file mode 100644 index 0000000..04c460d --- /dev/null +++ b/secrets-benchmarks/snippets/224/snippet.yml @@ -0,0 +1,48 @@ +name: Deploy Staging Web App + +on: + push: + branches: + - develop + +jobs: + build-and-deploy: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: techservices_bot + password: dckr_pat_u7VpMzX9hL8rKjG6wQfB2cT4oN + + - name: Build and push Docker image + id: docker_build + uses: docker/build-push-action@v4 + with: + context: . + push: true + tags: myregistry/webapp:staging + + - name: Deploy to Staging Server + uses: appleboy/ssh-action@master + with: + host: staging.my-app.io + username: cicd-agent + key: | + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW + QyNTUxOQAAACCrY4qzb6p5bSj/LhkCHwPksPA2/mOapvO02N7UUDlO6gAAAJgRjN4EEYze + BAAAAAtzc2gtZWQyNTUxOQAAACCrY4qzb6p5bSj/LhkCHwPksPA2/mOapvO02N7UUDlO6g + AAAECBmxuGZJz76hTkyk1r6s9JRXr8K2T4lVjTpf3G9T/lFKtjirNvqnltKP8uGQIfA+Sw + 8Db+Y5qm87TY3tRQOU7qAAAAEGNpY2RfYWdlbnRAbWFpbC5jb20BAg== + -----END OPENSSH PRIVATE KEY----- + script: | + cd /opt/app + docker-compose pull + docker-compose up -d --force-recreate diff --git a/secrets-benchmarks/snippets/225/ground-truth.json b/secrets-benchmarks/snippets/225/ground-truth.json new file mode 100644 index 0000000..cdfee6a --- /dev/null +++ b/secrets-benchmarks/snippets/225/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 47, + "language": "properties", + "findings": [ + { + "line_number": 4, + "secret": "postgres://prod_analytics:v#9&kF$LpQz8r@db-replica-1.us-east-2.rds.amazonaws.com:5432/reporting", + "label": "True Positive" + }, + { + "line_number": 19, + "secret": "YjYzY2I0NTYtMzU4Mi00NjRmLWE5YzEtY2QwMmQzMmM4ZWU3ZmY0Y2I3YjAtZjFjNS00NjZiLTk5YjEtZDYyYzE4Y2Y1ZDE4", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/225/snippet.properties b/secrets-benchmarks/snippets/225/snippet.properties new file mode 100644 index 0000000..aa8f85f --- /dev/null +++ b/secrets-benchmarks/snippets/225/snippet.properties @@ -0,0 +1,30 @@ +# application.properties - Core Backend Service +# Datasource Configuration for Primary Database +# Note: This points to the read-replica for analytics workloads. +db.connectionString=postgres://prod_analytics:v#9&kF$LpQz8r@db-replica-1.us-east-2.rds.amazonaws.com:5432/reporting + +# HikariCP Connection Pool Settings +spring.datasource.hikari.connection-timeout=30000 +spring.datasource.hikari.maximum-pool-size=10 +spring.datasource.hikari.idle-timeout=600000 + +# Server port configuration +server.port=8080 + +# Actuator endpoints (enabled for monitoring) +management.endpoints.web.exposure.include=health,info,prometheus + +# Security Configuration +# Secret for signing internal service-to-service JWTs. Must be Base64 encoded. +jwt.signing.secret = YjYzY2I0NTYtMzU4Mi00NjRmLWE5YzEtY2QwMmQzMmM4ZWU3ZmY0Y2I3YjAtZjFjNS00NjZiLTk5YjEtZDYyYzE4Y2Y1ZDE4 +jwt.token.issuer = core-service@my-app.io +jwt.token.expiration.ms = 86400000 # 24 hours + +# Redis Cache for Session Management +spring.redis.host=redis-cache.prod.internal +spring.redis.port=6379 +spring.session.store-type=redis + +# Logging level +logging.level.com.myapp=INFO + diff --git a/secrets-benchmarks/snippets/226/ground-truth.json b/secrets-benchmarks/snippets/226/ground-truth.json new file mode 100644 index 0000000..169a5d2 --- /dev/null +++ b/secrets-benchmarks/snippets/226/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 48, + "language": "go", + "findings": [ + { + "line_number": 15, + "secret": "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mH8sZk7vXn1cT2dD5eF6jA9gB7hI3lK4mN5oP6rQ8tS0uVvWwXyZ00abcDeFgh", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/226/snippet.go b/secrets-benchmarks/snippets/226/snippet.go new file mode 100644 index 0000000..061e3c8 --- /dev/null +++ b/secrets-benchmarks/snippets/226/snippet.go @@ -0,0 +1,36 @@ +// src/api/payments/stripe_handler.go + +package payments + +import ( + "fmt" + "log" + "github.com/gin-gonic/gin" + "github.com/stripe/stripe-go/v72" + "github.com/stripe/stripe-go/v72/paymentintent" +) + +func initializeStripe() { + // This should be loaded from a secure vault in production. + stripe.Key = "sk_live_51Kk0L2ApB8fG1tY9cRzXvWqSjU3mH8sZk7vXn1cT2dD5eF6jA9gB7hI3lK4mN5oP6rQ8tS0uVvWwXyZ00abcDeFgh" +} + +// CreatePaymentIntent handles the creation of a new payment intent. +func CreatePaymentIntent(c *gin.Context) { + initializeStripe() + + params := &stripe.PaymentIntentParams{ + Amount: stripe.Int64(2000), // e.g., $20.00 + Currency: stripe.String(string(stripe.CurrencyUSD)), + Description: stripe.String("Test Payment"), + } + + pi, err := paymentintent.New(params) + if err != nil { + log.Printf("pi.New: %v", err) + c.JSON(500, gin.H{"error": "Failed to create payment intent"}) + return + } + + c.JSON(200, gin.H{"clientSecret": pi.ClientSecret}) +} diff --git a/secrets-benchmarks/snippets/227/ground-truth.json b/secrets-benchmarks/snippets/227/ground-truth.json new file mode 100644 index 0000000..b6bd850 --- /dev/null +++ b/secrets-benchmarks/snippets/227/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 48, + "language": "yaml", + "findings": [ + { + "line_number": 21, + "secret": "dckr_pat_1A7fThgK9pLMt2Jz4wVbX5rYc8nS3oP6g", + "label": "True Positive" + }, + { + "line_number": 41, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/227/snippet.yml b/secrets-benchmarks/snippets/227/snippet.yml new file mode 100644 index 0000000..a4ddc16 --- /dev/null +++ b/secrets-benchmarks/snippets/227/snippet.yml @@ -0,0 +1,41 @@ +# build-and-deploy.yml + +name: Build, Push, and Deploy + +on: + push: + branches: + - main + +jobs: + build-and-push: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: 'app-deployer' + password: 'dckr_pat_1A7fThgK9pLMt2Jz4wVbX5rYc8nS3oP6g' + + - name: Build and push Docker image + uses: docker/build-push-action@v4 + with: + context: . + push: true + tags: myapp/production:latest + + notify-on-success: + needs: build-and-push + runs-on: ubuntu-latest + steps: + - name: Send Slack notification + uses: 8398a7/action-slack@v3 + with: + status: ${{ job.status }} + author_name: 'GitHub Actions CI' + text: 'Build and deploy succeeded for main branch.' + env: + SLACK_WEBHOOK_URL: 'https://hooks.slack.com/services/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' diff --git a/secrets-benchmarks/snippets/228/ground-truth.json b/secrets-benchmarks/snippets/228/ground-truth.json new file mode 100644 index 0000000..e15099e --- /dev/null +++ b/secrets-benchmarks/snippets/228/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 48, + "language": "python", + "findings": [ + { + "line_number": 13, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive" + }, + { + "line_number": 14, + "secret": "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", + "label": "True Positive" + }, + { + "line_number": 24, + "secret": "P@ssw0rd!Feb2024*!", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/228/snippet.py b/secrets-benchmarks/snippets/228/snippet.py new file mode 100644 index 0000000..2ff2084 --- /dev/null +++ b/secrets-benchmarks/snippets/228/snippet.py @@ -0,0 +1,39 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- +# A script to provision a new user and send a welcome email. + +import boto3 +import smtplib +from email.mime.text import MIMEText + +def provision_aws_user(username): + iam_client = boto3.client( + 'iam', + region_name='us-east-1', + aws_access_key_id='AKIAY3R4WZ76X2P5QJ6M', + aws_secret_access_key='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' + ) + iam_client.create_user(UserName=username) + print(f"User {username} created successfully.") + +def send_welcome_email(recipient): + sender = 'admin@system.internal' + smtp_server = 'smtp.office365.com' + smtp_port = 587 + smtp_user = 'automation@corp-email.com' + smtp_password = "P@ssw0rd!Feb2024*!" + + msg = MIMEText('Welcome to the platform!') + msg['Subject'] = 'Your New Account' + msg['From'] = sender + msg['To'] = recipient + + with smtplib.SMTP(smtp_server, smtp_port) as server: + server.starttls() + server.login(smtp_user, smtp_password) + server.send_message(msg) + print(f"Welcome email sent to {recipient}") + +if __name__ == "__main__": + provision_aws_user('new_developer') + send_welcome_email('dev@example.com') diff --git a/secrets-benchmarks/snippets/229/ground-truth.json b/secrets-benchmarks/snippets/229/ground-truth.json new file mode 100644 index 0000000..d073e2e --- /dev/null +++ b/secrets-benchmarks/snippets/229/ground-truth.json @@ -0,0 +1,21 @@ +{ + "entry_id": 48, + "language": "javascript", + "findings": [ + { + "line_number": 15, + "secret": "https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io/7890123", + "label": "True Positive" + }, + { + "line_number": 18, + "secret": "pk.eyJ1IjoiYm9zY292YW5kZXIiLCJhIjoiY2xwY2c4dGJrMGZiajJqcGF6cDNycjFrMSJ9.zF9VbWb0wE8lD9sN1hO9gQ", + "label": "True Positive" + }, + { + "line_number": 24, + "secret": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlLWRldmVsb3BtZW50IiwiaXNzIjoibXktYXBwLWJhY2tlbmQiLCJhdWQiOiJpbnRlcm5hbC1hcGkiLCJleHAiOjE3MzU2ODk2MDAsImlhdCI6MTcwNDU4NTYwMCwianRpIjoiNWY0ZC04YmRmLWEwYjktM2Y5YSJ9.Kq-LwhU4xQp8VdG2tY_hZ3nBc7dJjO0pE_wF9XzR6vSgL7uH5mI4nK1oPkU9tQ1fA2eRbC3gX0hJjK1lW_zQ_", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/229/snippet.js b/secrets-benchmarks/snippets/229/snippet.js new file mode 100644 index 0000000..d8109d0 --- /dev/null +++ b/secrets-benchmarks/snippets/229/snippet.js @@ -0,0 +1,36 @@ +import { Sentry, Constants, MapView } from 'expo'; + +const AppConfig = { + isProduction: Constants.manifest.releaseChannel === 'prod', + + // API configurations + api: { + baseURL: 'https://api.myapp.com/v2', + timeout: 15000, // 15 seconds + }, + + // Third-party service keys + services: { + sentry: { + dsn: 'https://a1b2c3d4e5f67890a1b2c3d4e5f67890@o123456.ingest.sentry.io/7890123', + }, + mapbox: { + apiKey: 'pk.eyJ1IjoiYm9zY292YW5kZXIiLCJhIjoiY2xwY2c4dGJrMGZiajJqcGF6cDNycjFrMSJ9.zF9VbWb0wE8lD9sN1hO9gQ', + }, + googleAnalytics: { + trackingId: 'UA-98765432-1', + }, + // Temporary JWT for internal service auth, will be replaced by OAuth flow + internalAuthToken: 'eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzZXJ2aWNlLWRldmVsb3BtZW50IiwiaXNzIjoibXktYXBwLWJhY2tlbmQiLCJhdWQiOiJpbnRlcm5hbC1hcGkiLCJleHAiOjE3MzU2ODk2MDAsImlhdCI6MTcwNDU4NTYwMCwianRpIjoiNWY0ZC04YmRmLWEwYjktM2Y5YSJ9.Kq-LwhU4xQp8VdG2tY_hZ3nBc7dJjO0pE_wF9XzR6vSgL7uH5mI4nK1oPkU9tQ1fA2eRbC3gX0hJjK1lW_zQ_', + }, + + featureFlags: { + newOnboardingFlow: true, + enableMapClustering: false, + }, +}; + +// Initialize Sentry +Sentry.init({ dsn: AppConfig.services.sentry.dsn }); + +export default AppConfig; diff --git a/secrets-benchmarks/snippets/230/ground-truth.json b/secrets-benchmarks/snippets/230/ground-truth.json new file mode 100644 index 0000000..83232ad --- /dev/null +++ b/secrets-benchmarks/snippets/230/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 48, + "language": "terraform", + "findings": [ + { + "line_number": 8, + "secret": "8!hG#kL$pQ2s@db.prod-STRONG-Pa$$wrd", + "label": "True Positive" + }, + { + "line_number": 23, + "secret": "ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7z", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/230/snippet.tf b/secrets-benchmarks/snippets/230/snippet.tf new file mode 100644 index 0000000..3348ca6 --- /dev/null +++ b/secrets-benchmarks/snippets/230/snippet.tf @@ -0,0 +1,30 @@ +resource "aws_db_instance" "main_db" { + allocated_storage = 20 + engine = "postgres" + engine_version = "14.1" + instance_class = "db.t3.micro" + db_name = "platform_prod" + username = "db_admin_master" + password = "8!hG#kL$pQ2s@db.prod-STRONG-Pa$$wrd" + parameter_group_name = "default.postgres14" + skip_final_snapshot = true +} + +resource "aws_elasticache_cluster" "session_cache" { + cluster_id = "redis-cache-cluster" + engine = "redis" + node_type = "cache.t2.micro" + num_cache_nodes = 1 + engine_version = "6.x" + port = 6379 +} + +provider "github" { + token = "ghp_aV4gH9rT2pL7xJ5sK1mF3bZ8oN6cW0qYdE7z" +} + +resource "github_repository" "infrastructure_repo" { + name = "company-infrastructure" + description = "Contains all Terraform configurations for the company" + visibility = "private" +} diff --git a/secrets-benchmarks/snippets/231/ground-truth.json b/secrets-benchmarks/snippets/231/ground-truth.json new file mode 100644 index 0000000..937b05f --- /dev/null +++ b/secrets-benchmarks/snippets/231/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 49, + "language": "python", + "findings": [ + { + "line_number": 10, + "secret": "AKIAU7VDF3W5X6QZ8P4J", + "label": "True Positive" + }, + { + "line_number": 11, + "secret": "bK9mP4wR8sL1vJ7oA2dF6gH3xN0cT5yZ/iE+qW!a", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/231/snippet.py b/secrets-benchmarks/snippets/231/snippet.py new file mode 100644 index 0000000..5d21be1 --- /dev/null +++ b/secrets-benchmarks/snippets/231/snippet.py @@ -0,0 +1,37 @@ +# processor/report_uploader.py +import boto3 +import logging +import os +from botocore.exceptions import NoCredentialsError + +# Configuration for AWS Connection +# TODO: Move these credentials to a secure vault or IAM role +AWS_REGION = 'us-west-2' +AWS_ACCESS_KEY_ID = "AKIAU7VDF3W5X6QZ8P4J" +AWS_SECRET_ACCESS_KEY = "bK9mP4wR8sL1vJ7oA2dF6gH3xN0cT5yZ/iE+qW!a" +S3_BUCKET_NAME = 'prod-financial-reports-q3-2023' + +logging.basicConfig(level=logging.INFO) +logger = logging.getLogger(__name__) + +def connect_to_s3(): + """Initializes and returns a boto3 S3 client.""" + try: + s3_client = boto3.client( + 's3', + aws_access_key_id=AWS_ACCESS_KEY_ID, + aws_secret_access_key=AWS_SECRET_ACCESS_KEY, + region_name=AWS_REGION + ) + return s3_client + except NoCredentialsError: + logger.error("Credentials not available. Failed to create S3 client.") + return None + +def upload_file(file_path): + s3 = connect_to_s3() + if s3 is not None: + file_name = os.path.basename(file_path) + s3.upload_file(file_path, S3_BUCKET_NAME, f"processed/{file_name}") + logger.info(f"Successfully uploaded {file_name} to {S3_BUCKET_NAME}") + diff --git a/secrets-benchmarks/snippets/232/ground-truth.json b/secrets-benchmarks/snippets/232/ground-truth.json new file mode 100644 index 0000000..9e46183 --- /dev/null +++ b/secrets-benchmarks/snippets/232/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 49, + "language": "properties", + "findings": [ + { + "line_number": 9, + "secret": "s$3pL!z#9FqG&vB^kY5h@m", + "label": "True Positive" + }, + { + "line_number": 21, + "secret": "NzhhYjU0ZWE3YzE2NGU5YWYyMGExYzhmNDY3NzU3M2M4YjE2OTIzYjljYjA3ZGIxNzQwMjQyMmMxOGQ4ZDllZA", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/232/snippet.properties b/secrets-benchmarks/snippets/232/snippet.properties new file mode 100644 index 0000000..df4f9e8 --- /dev/null +++ b/secrets-benchmarks/snippets/232/snippet.properties @@ -0,0 +1,29 @@ +# Spring Boot Application Configuration +# Environment: Production + +server.port=8080 + +# Database settings for primary PostgreSQL replica +spring.datasource.url=jdbc:postgresql://db-prod-aurora-ca.c9zjq3a2v1xl.us-east-1.rds.amazonaws.com:5432/analytics_reporting +spring.datasource.username=reporter_svc +spring.datasource.password=s$3pL!z#9FqG&vB^kY5h@m +spring.jpa.hibernate.ddl-auto=validate +spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect +spring.datasource.driver-class-name=org.postgresql.Driver + +# Logging configuration +logging.level.root=WARN +logging.level.com.example.myapp=INFO + +# Security settings +# This key is used to sign and verify JWTs for session management. +# It must be kept secret and should be rotated periodically. +jwt.secret.key=NzhhYjU0ZWE3YzE2NGU5YWYyMGExYzhmNDY3NzU3M2M4YjE2OTIzYjljYjA3ZGIxNzQwMjQyMmMxOGQ4ZDllZA +jwt.token.expiration.ms=86400000 + +# External Service Integrations +feature.flags.service=https://ff.internal.co/api + +# Kafka settings +spring.kafka.bootstrap-servers=kafka-1.prod.local:9092,kafka-2.prod.local:9092 + diff --git a/secrets-benchmarks/snippets/233/ground-truth.json b/secrets-benchmarks/snippets/233/ground-truth.json new file mode 100644 index 0000000..5e0e60c --- /dev/null +++ b/secrets-benchmarks/snippets/233/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 49, + "language": "terraform", + "findings": [ + { + "line_number": 11, + "secret": "{\\\"type\\\": \\\"service_account\\\",\\\"project_id\\\": \\\"gcp-project-analytics-34123\\\",\\\"private_key_id\\\": \\\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\\\",\\\"private_key\\\": \\\"-----BEGIN PRIVATE KEY-----\\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAKt4o6JbMS8q0S7G\\n9eDoP5vPty2MWJ2k4vLjcgYRm0NksKCh3/ARfPz9p5k4KFcC2fGuBD9Csiys68d1\\n8s/75u6AhGXfS4F1g8eMA3v2zZ5YV8GfLXA4Y9f8tI8d4aG5eH6h9pY3qE0wK7R\\n+G9lA2dF4jK1bS8nO9mP3xY7bC6dAgMBAAECgYEAjtgL5C3d4rD7Pz5c3eV8qZ6v\\n9Q8k2v5G7yL3oD9eS4H6g7K2fD9hA8sB6sC5gL4gN3hJ2kL6dF7aH9bJ8cYR4k5o\\n+Z2mH9gI7wG3aL4cE6nO8bF7dS8fG3dC2hI9aQ6pX4wR7kF2hE0dM9sP3tW9sC4=\\n-----END PRIVATE KEY-----\\n\\\",\\\"client_email\\\": \\\"data-ingest-sa@gcp-project-analytics-34123.iam.gserviceaccount.com\\\",\\\"client_id\\\": \\\"109876543210987654321\\\"}", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/233/snippet.tf b/secrets-benchmarks/snippets/233/snippet.tf new file mode 100644 index 0000000..2f6743b --- /dev/null +++ b/secrets-benchmarks/snippets/233/snippet.tf @@ -0,0 +1,38 @@ +# Terraform configuration for the data ingestion worker + +provider "google" { + project = "gcp-project-analytics-34123" + region = "us-central1" +} + +locals { + instance_name = "data-ingest-worker-prod-01" + instance_type = "e2-standard-4" + service_account_creds = "{\"type\": \"service_account\",\"project_id\": \"gcp-project-analytics-34123\",\"private_key_id\": \"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\",\"private_key\": \"-----BEGIN PRIVATE KEY-----\nMIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAKt4o6JbMS8q0S7G\n9eDoP5vPty2MWJ2k4vLjcgYRm0NksKCh3/ARfPz9p5k4KFcC2fGuBD9Csiys68d1\n8s/75u6AhGXfS4F1g8eMA3v2zZ5YV8GfLXA4Y9f8tI8d4aG5eH6h9pY3qE0wK7R\n+G9lA2dF4jK1bS8nO9mP3xY7bC6dAgMBAAECgYEAjtgL5C3d4rD7Pz5c3eV8qZ6v\n9Q8k2v5G7yL3oD9eS4H6g7K2fD9hA8sB6sC5gL4gN3hJ2kL6dF7aH9bJ8cYR4k5o\n+Z2mH9gI7wG3aL4cE6nO8bF7dS8fG3dC2hI9aQ6pX4wR7kF2hE0dM9sP3tW9sC4=\n-----END PRIVATE KEY-----\n\",\"client_email\": \"data-ingest-sa@gcp-project-analytics-34123.iam.gserviceaccount.com\",\"client_id\": \"109876543210987654321\"}" +} + +resource "google_service_account" "ingestion_worker_sa" { + account_id = "data-ingest-sa" + display_name = "Data Ingestion Worker Service Account" +} + +resource "google_compute_instance" "ingestion_vm" { + name = local.instance_name + machine_type = local.instance_type + zone = "us-central1-a" + + boot_disk { + initialize_params { + image = "debian-cloud/debian-11" + } + } + + network_interface { + network = "default" + } + + service_account { + email = google_service_account.ingestion_worker_sa.email + scopes = ["cloud-platform"] + } +} diff --git a/secrets-benchmarks/snippets/234/ground-truth.json b/secrets-benchmarks/snippets/234/ground-truth.json new file mode 100644 index 0000000..c09a8bf --- /dev/null +++ b/secrets-benchmarks/snippets/234/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 49, + "language": "csharp", + "findings": [ + { + "line_number": 18, + "secret": "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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/234/snippet.cs b/secrets-benchmarks/snippets/234/snippet.cs new file mode 100644 index 0000000..c28e0e7 --- /dev/null +++ b/secrets-benchmarks/snippets/234/snippet.cs @@ -0,0 +1,45 @@ +using System.Threading; +using System.Threading.Tasks; +using Microsoft.Extensions.Hosting; +using Microsoft.Extensions.Logging; +using SendGrid; +using SendGrid.Helpers.Mail; + +namespace EmailService.Services +{ + public class NotificationWorker : BackgroundService + { + private readonly ILogger _logger; + private readonly ISendGridClient _sendGridClient; + + public NotificationWorker(ILogger logger) + { + _logger = logger; + var apiKey = "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"; + _sendGridClient = new SendGridClient(apiKey); + } + + protected override async Task ExecuteAsync(CancellationToken stoppingToken) + { + while (!stoppingToken.IsCancellationRequested) + { + _logger.LogInformation("Worker running at: {time}", DateTimeOffset.Now); + // In a real app, this would dequeue a message + await SendWelcomeEmail("new.user@example.com"); + await Task.Delay(10000, stoppingToken); + } + } + + private async Task SendWelcomeEmail(string userEmail) + { + var from = new EmailAddress("noreply@myapp.com", "MyApp Team"); + var subject = "Welcome to the service!"; + var to = new EmailAddress(userEmail); + var plainTextContent = "Thanks for signing up."; + var htmlContent = "Thanks for signing up."; + var msg = MailHelper.CreateSingleEmail(from, to, subject, plainTextContent, htmlContent); + var response = await _sendGridClient.SendEmailAsync(msg); + _logger.LogInformation(response.IsSuccessStatusCode ? "Email sent" : "Email failed"); + } + } +} diff --git a/secrets-benchmarks/snippets/235/ground-truth.json b/secrets-benchmarks/snippets/235/ground-truth.json new file mode 100644 index 0000000..cd5c8e3 --- /dev/null +++ b/secrets-benchmarks/snippets/235/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 49, + "language": "yaml", + "findings": [ + { + "line_number": 22, + "secret": "dckr_pat_szmX4QjL-VbN7YkP9wT1uR8eG6zC0xF2oA5sH", + "label": "True Positive" + }, + { + "line_number": 45, + "secret": "https://hooks.slack.com/services/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", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/235/snippet.yml b/secrets-benchmarks/snippets/235/snippet.yml new file mode 100644 index 0000000..5ab97dc --- /dev/null +++ b/secrets-benchmarks/snippets/235/snippet.yml @@ -0,0 +1,46 @@ +name: Build and Deploy to Production + +on: + push: + branches: + - main + +jobs: + build-and-push: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Log in to Docker Hub + env: + # This should be stored in GitHub Secrets, not here. + DOCKER_USERNAME: ourcoolapp + DOCKER_PASSWORD: dckr_pat_szmX4QjL-VbN7YkP9wT1uR8eG6zC0xF2oA5sH + uses: docker/login-action@v2 + with: + username: ${{ env.DOCKER_USERNAME }} + password: ${{ env.DOCKER_PASSWORD }} + + - name: Build and push Docker image + uses: docker/build-push-action@v4 + with: + context: . + push: true + tags: ourcoolapp/api:latest + + notify-on-failure: + runs-on: ubuntu-latest + if: failure() + steps: + - name: Send Slack notification + uses: act10ns/slack@v1 + with: + status: ${{ job.status }} + channel: '#devops-alerts' + env: + SLACK_WEBHOOK_URL: https://hooks.slack.com/services/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 + diff --git a/secrets-benchmarks/snippets/236/ground-truth.json b/secrets-benchmarks/snippets/236/ground-truth.json new file mode 100644 index 0000000..3861a98 --- /dev/null +++ b/secrets-benchmarks/snippets/236/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 50, + "language": "python", + "findings": [ + { + "line_number": 9, + "secret": "AKIAY3R4WZ76X2P5QJ6M", + "label": "True Positive" + }, + { + "line_number": 10, + "secret": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/236/snippet.py b/secrets-benchmarks/snippets/236/snippet.py new file mode 100644 index 0000000..1181113 --- /dev/null +++ b/secrets-benchmarks/snippets/236/snippet.py @@ -0,0 +1,34 @@ +import os +import boto3 +from flask import Flask, request, jsonify + +app = Flask(__name__) + +# AWS Session Configuration (should be in env vars) +session = boto3.Session( + aws_access_key_id='AKIAY3R4WZ76X2P5QJ6M', + aws_secret_access_key='wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY', + region_name='us-east-1' +) + +s3_client = session.client('s3') + +@app.route('/api/v1/documents/upload', methods=['POST']) +def upload_document(): + if 'file' not in request.files: + return jsonify({'error': 'No file part'}), 400 + + file = request.files['file'] + if file.filename == '': + return jsonify({'error': 'No selected file'}), 400 + + try: + bucket_name = 'corp-document-archive-prod-01' + s3_client.upload_fileobj(file, bucket_name, file.filename) + return jsonify({'status': 'success', 'filename': file.filename}), 201 + except Exception as e: + app.logger.error(f'S3 upload failed: {e}') + return jsonify({'error': 'Could not process file'}), 500 + +if __name__ == '__main__': + app.run(debug=False, host='0.0.0.0') diff --git a/secrets-benchmarks/snippets/237/ground-truth.json b/secrets-benchmarks/snippets/237/ground-truth.json new file mode 100644 index 0000000..3338824 --- /dev/null +++ b/secrets-benchmarks/snippets/237/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 50, + "language": "terraform", + "findings": [ + { + "line_number": 24, + "secret": "dd_api_9f5c2d3a1b0e4f8d6a3c5e7b9a1d3f5c", + "label": "True Positive" + }, + { + "line_number": 25, + "secret": "dd_app_3e5c7a9b1d3f5c8d2a0b4e6c1d3f5c8d2a0b4", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/237/snippet.tf b/secrets-benchmarks/snippets/237/snippet.tf new file mode 100644 index 0000000..53fe68f --- /dev/null +++ b/secrets-benchmarks/snippets/237/snippet.tf @@ -0,0 +1,35 @@ +# Terraform configuration for monitoring and cloud provider setup +terraform { + required_providers { + datadog = { + source = "DataDog/datadog" + version = "~> 3.0" + } + google = { + source = "hashicorp/google" + version = "4.25.0" + } + } +} + +provider "google" { + project = var.gcp_project_id + region = "us-central1" + zone = "us-central1-c" +} + +# Datadog provider configuration +# API and App keys for Datadog integration. +provider "datadog" { + api_key = "dd_api_9f5c2d3a1b0e4f8d6a3c5e7b9a1d3f5c" + app_key = "dd_app_3e5c7a9b1d3f5c8d2a0b4e6c1d3f5c8d2a0b4" +} + +resource "datadog_monitor" "high_cpu_load" { + name = "High CPU Load on web-backend-cluster" + type = "metric alert" + message = "@slack-alerts-critical CPU load is over 90% on {{host.name}}. Check running services." + query = "avg(last_5m):avg:system.cpu.user{environment:prod} > 90" + + tags = ["service:backend", "env:production"] +} diff --git a/secrets-benchmarks/snippets/238/ground-truth.json b/secrets-benchmarks/snippets/238/ground-truth.json new file mode 100644 index 0000000..149ea8d --- /dev/null +++ b/secrets-benchmarks/snippets/238/ground-truth.json @@ -0,0 +1,11 @@ +{ + "entry_id": 50, + "language": "javascript", + "findings": [ + { + "line_number": 9, + "secret": "pk.eyJ1IjoiYmFyYmFyYS1kZXYiLCJhIjoiY2xwY3RkY2prMDFhajJqcGNwanRmaTV2ZSJ9._WkUvXkQR_zT8qCvCSXw5A", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/238/snippet.js b/secrets-benchmarks/snippets/238/snippet.js new file mode 100644 index 0000000..c09dfb2 --- /dev/null +++ b/secrets-benchmarks/snippets/238/snippet.js @@ -0,0 +1,30 @@ +import React, { useEffect, useRef } from 'react'; +import mapboxgl from 'mapbox-gl'; +import 'mapbox-gl/dist/mapbox-gl.css'; + +const MapComponent = ({ longitude, latitude }) => { + const mapContainerRef = useRef(null); + + // Public token for Mapbox - should be in a secured config + mapboxgl.accessToken = 'pk.eyJ1IjoiYmFyYmFyYS1kZXYiLCJhIjoiY2xwY3RkY2prMDFhajJqcGNwanRmaTV2ZSJ9._WkUvXkQR_zT8qCvCSXw5A'; + + useEffect(() => { + const map = new mapboxgl.Map({ + container: mapContainerRef.current, + style: 'mapbox://styles/mapbox/streets-v11', + center: [longitude, latitude], + zoom: 12, + }); + + new mapboxgl.Marker() + .setLngLat([longitude, latitude]) + .addTo(map); + + // Clean up on unmount + return () => map.remove(); + }, [longitude, latitude]); + + return
; +}; + +export default MapComponent; diff --git a/secrets-benchmarks/snippets/239/ground-truth.json b/secrets-benchmarks/snippets/239/ground-truth.json new file mode 100644 index 0000000..1e5e9d0 --- /dev/null +++ b/secrets-benchmarks/snippets/239/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 50, + "language": "yaml", + "findings": [ + { + "line_number": 30, + "secret": "npm_E9z4fGh7jK3pL5rA8vB2sY1tW0cXiUoN", + "label": "True Positive" + }, + { + "line_number": 39, + "secret": "{\"type\":\"service_account\",\"project_id\":\"acme-corp-314159\",\"private_key_id\":\"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2\",\"private_key\":\"-----BEGIN PRIVATE KEY-----\\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6\\n-----END PRIVATE KEY-----\\n\"}", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/239/snippet.yml b/secrets-benchmarks/snippets/239/snippet.yml new file mode 100644 index 0000000..8aa09e5 --- /dev/null +++ b/secrets-benchmarks/snippets/239/snippet.yml @@ -0,0 +1,44 @@ +name: Build and Deploy to Production + +on: + push: + branches: + - main + +jobs: + build_and_publish: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Set up Node.js + uses: actions/setup-node@v3 + with: + node-version: '18' + registry-url: 'https://registry.npmjs.org' + + - name: Install dependencies + run: npm ci + + - name: Build production assets + run: npm run build + + - name: Publish to NPM + run: npm publish + env: + NODE_AUTH_TOKEN: npm_E9z4fGh7jK3pL5rA8vB2sY1tW0cXiUoN + + deploy_to_kubernetes: + needs: build_and_publish + runs-on: ubuntu-latest + steps: + - name: Authenticate with GKE + uses: 'google-github-actions/auth@v1' + with: + credentials_json: '{{"type":"service_account","project_id":"acme-corp-314159","private_key_id":"a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2","private_key":"-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6\n-----END PRIVATE KEY-----\n"}}' + + - name: Deploy with Helm + run: | + helm upgrade --install web-app ./charts/webapp \ + --set image.tag=${{ github.sha }} diff --git a/secrets-benchmarks/snippets/240/ground-truth.json b/secrets-benchmarks/snippets/240/ground-truth.json new file mode 100644 index 0000000..6ddfd0e --- /dev/null +++ b/secrets-benchmarks/snippets/240/ground-truth.json @@ -0,0 +1,16 @@ +{ + "entry_id": 50, + "language": "properties", + "findings": [ + { + "line_number": 8, + "secret": "k#8zP@qR7$tGv!9bL2nF sY3x", + "label": "True Positive" + }, + { + "line_number": 29, + "secret": "ACf9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c4", + "label": "True Positive" + } + ] +} diff --git a/secrets-benchmarks/snippets/240/snippet.properties b/secrets-benchmarks/snippets/240/snippet.properties new file mode 100644 index 0000000..1431115 --- /dev/null +++ b/secrets-benchmarks/snippets/240/snippet.properties @@ -0,0 +1,32 @@ +# =============================== +# Database Configuration +# =============================== +# This sets the primary data source for the application. +# Use standard JDBC format. +spring.datasource.url=jdbc:postgresql://db-prod-eu-1.c4xw3xlp0vga.eu-west-1.rds.amazonaws.com:5432/invoicing_service +spring.datasource.username=invoices_svc_user +spring.datasource.password=k#8zP@qR7$tGv!9bL2nF sY3x +spring.datasource.driver-class-name=org.postgresql.Driver +spring.jpa.hibernate.ddl-auto=validate + +# =============================== +# Redis Cache Configuration +# =============================== +spring.redis.host=redis-cache.prod.internal +spring.redis.port=6379 + +# =============================== +# Message Queue (RabbitMQ) +# =============================== +spring.rabbitmq.host=mq.prod.svc.cluster.local +spring.rabbitmq.port=5672 +spring.rabbitmq.username=guest +spring.rabbitmq.password=guest + +# =============================== +# External Service Keys +# =============================== +twilio.account.sid=ACf9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c4 + +logging.level.root=INFO +logging.level.com.myapp=DEBUG