Ryan Cartner tehryanx
tehryanx
/ gist:0bcf3926d2f0e31570eecc79ff493fb2
Created
October 8, 2025 16:31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Authoring Brakeman Checks (Step-by-Step Guide) | |
| This guide explains, in detail, how to write new Brakeman checks for Ruby on Rails security scanning. It is intended for contributors building checks in-tree as well as users writing out-of-tree custom checks. | |
| ### What you will learn | |
| - The lifecycle of a Brakeman scan and where checks plug in | |
| - The `BaseCheck` API you inherit from | |
| - How call indexing works and how to query code efficiently with `tracker.find_call` | |
| - How to detect user input/taint and set appropriate confidence levels |
tehryanx
/ trufflehog.json
Last active
June 3, 2022 08:26
High signal patterns from trufflehog refactored to work with tomnomnom's gf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "flags": "-HnriE", | |
| "patterns": [ | |
| "(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})", | |
| "-----BEGIN RSA PRIVATE KEY-----", | |
| "-----BEGIN DSA PRIVATE KEY-----", | |
| "-----BEGIN EC PRIVATE KEY-----", | |
| "-----BEGIN PGP PRIVATE KEY BLOCK-----", | |
| "AKIA[0-9A-Z]{16}", | |
| "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}", |