Presets¶

Presets are built-in rule packs that detect common data leak patterns. Enable them in your config with the presets field.

presets:
  - common-auth
  - pii
  - pci-dss

Available Presets¶

Detects leaked authentication credentials.

Rule	Severity	What it catches
`common-auth/authorization-header`	high	`Authorization` header present
`common-auth/cookie-header`	high	`Cookie` header present
`common-auth/x-api-key-header`	high	`X-API-Key` header present
`common-auth/bearer-in-body`	high	Bearer tokens in request body
`common-auth/set-cookie-header`	high	`Set-Cookie` header present

Detects personally identifiable information in request bodies.

Detects payment card data (PCI DSS compliance).

Rule	Severity	What it catches
`pci-dss/credit-card-in-body`	critical	Credit card numbers in body
`pci-dss/credit-card-in-query`	critical	Credit card numbers in query strings
`pci-dss/track-data-in-body`	critical	Magnetic stripe track data
`pci-dss/cvv-in-body`	critical	CVV/CVC codes

Detects leaked AWS credentials.

Detects leaked GCP credentials.

Rule	Severity	What it catches
`gcp-keys/api-key-in-body`	critical	GCP API keys in body
`gcp-keys/api-key-in-query`	critical	GCP API keys in query
`gcp-keys/service-account-in-body`	critical	Service account JSON fragments

Detects internal network information leaking in headers.

Rule	Severity	What it catches
`private-net/rfc1918-in-x-forwarded-for`	warning	RFC 1918 IPs in `X-Forwarded-For`
`private-net/rfc1918-in-x-real-ip`	warning	RFC 1918 IPs in `X-Real-IP`
`private-net/rfc1918-in-host`	warning	RFC 1918 IPs in `Host` header

You can override any preset rule by creating a custom assertion with the same name. See Configuration for details.