Skip to main content

🔣 Sensitive Data

Escape scanners support a lot of different types of data. Here is a list of all the supported types, called scalars.

Scalar properties

Each scalar have a few key:

  • Possible names: The different names the field containing it could have in the graphql API.
  • Description: A short explaination of what it represent.
  • Patterns: A regex or a value that can be used to detect if a returned value is of this type.
  • Examples: Some examples of the scalar that can be used by Escape.
  • Parents: The graphQL types this scalar is compatible with.
  • Sensitivity: to which degree is this scalar a sensitive.

Date time

NameDescriptionSensitivity
dateISO 8601 date stringLOW
datetimeISO 8601 date and time stringLOW
monthMonthLOW
timeISO 8601 time stringLOW
timestampTimestampLOW
yearYearLOW

Finance

NameDescriptionSensitivity
bank_accountInternational Bank Account NumberMEDIUM
bank_cardCredit Card NumberHIGH
bitcoinBitcoin addressMEDIUM
currency_codeCurrency Code ISO 4217LOW
cvvCredit Card Verification ValueHIGH
dashDash addressMEDIUM
e_commerce_indicatore-Commerce IndicatorLOW
ethereumEthereum addressMEDIUM
moneroMonero addressMEDIUM
us_bank_account_numberUS Bank Account NumberMEDIUM
us_bank_routing_numberUS Bank Routing NumberMEDIUM
us_zip_codeUS ZIP CodeLOW

Hash

NameDescriptionSensitivity
base64base64 hashLOW
bcryptbCrypt hashMEDIUM
md5MD5 hashMEDIUM
sha1SHA1 hashLOW
sha256SHA256 hashLOW

Personal

NameDescriptionSensitivity
country_codeCountry CodeLOW
driving_licenseDriving License NumberMEDIUM
emailEmailMEDIUM
genderGenderLOW
legal_nameFull legal nameLOW
passportPassport NumberMEDIUM
passwordPasswordHIGH
phonePhone NumberMEDIUM
street_addressStreet AddressLOW
zip_codeZip CodeLOW

Secrets

NameDescriptionSensitivity
adafruit_api_keyAdafruit API KeyHIGH
adobe_client_idAdobe Client ID (OAuth Web)HIGH
adobe_client_secretAdobe Client SecretHIGH
age_secret_keyAge secret keyHIGH
airtable_api_keyAirtable API KeyHIGH
algolia_api_keyAlgolia API KeyHIGH
alibaba_access_key_idAlibaba AccessKey IDHIGH
alibaba_secret_keyAlibaba Secret KeyHIGH
asana_client_idAsana Client IDHIGH
asana_client_secretAsana Client SecretHIGH
atlassian_api_tokenAtlassian API tokenHIGH
aws_access_tokenAWSHIGH
beamer_api_tokenBeamer API tokenHIGH
bitbucket_client_idBitbucket Client IDHIGH
bitbucket_client_secretBitbucket Client SecretHIGH
bittrex_access_keyBittrex Access KeyHIGH
bittrex_secret_keyBittrex Secret KeyHIGH
clojars_api_tokenClojars API tokenHIGH
codecov_access_tokenCodecov Access TokenHIGH
coinbase_access_tokenCoinbase Access TokenHIGH
confluent_access_tokenConfluent Access TokenHIGH
confluent_secret_keyConfluent Secret KeyHIGH
contentful_delivery_api_tokenContentful delivery API tokenHIGH
databricks_api_tokenDatabricks API tokenHIGH
datadog_access_tokenDatadog Access TokenHIGH
digitalocean_access_tokenDigitalOcean OAuth Access TokenHIGH
digitalocean_patDigitalOcean Personal Access TokenHIGH
digitalocean_refresh_tokenDigitalOcean OAuth Refresh TokenHIGH
discord_api_tokenDiscord API keyHIGH
discord_client_idDiscord client IDHIGH
discord_client_secretDiscord client secretHIGH
doppler_api_tokenDoppler API tokenHIGH
droneci_access_tokenDroneci Access TokenHIGH
dropbox_api_tokenDropbox API secretHIGH
dropbox_long_lived_api_tokenDropbox long lived API tokenHIGH
dropbox_short_lived_api_tokenDropbox short lived API tokenHIGH
duffel_api_tokenDuffel API tokenHIGH
dynatrace_api_tokenDynatrace API tokenHIGH
easypost_api_tokenEasyPost API tokenHIGH
easypost_test_api_tokenEasyPost test API tokenHIGH
etsy_access_tokenEtsy Access TokenHIGH
facebookFacebookHIGH
fastly_api_tokenFastly API keyHIGH
finicity_api_tokenFinicity API tokenHIGH
finicity_client_secretFinicity Client SecretHIGH
finnhub_access_tokenFinnhub Access TokenHIGH
flickr_access_tokenFlickr Access TokenHIGH
flutterwave_encryption_keyFlutterwave Encryption KeyHIGH
flutterwave_public_keyFinicity Public KeyHIGH
flutterwave_secret_keyFlutterwave Secret KeyHIGH
frameio_api_tokenFrame.io API tokenHIGH
freshbooks_access_tokenFreshbooks Access TokenHIGH
gcp_api_keyGCP API keyHIGH
generic_api_keyGeneric API KeyHIGH
github_app_tokenGitHub App TokenHIGH
github_fine_grained_patGitHub Fine-Grained Personal Access TokenHIGH
github_oauthGitHub OAuth Access TokenHIGH
github_patGitHub Personal Access TokenHIGH
github_refresh_tokenGitHub Refresh TokenHIGH
gitlab_patGitLab Personal Access TokenHIGH
gitlab_pttGitLab Pipeline Trigger TokenHIGH
gitlab_rrtGitLab Runner Registration TokenHIGH
gitter_access_tokenGitter Access TokenHIGH
gocardless_api_tokenGoCardless API tokenHIGH
grafana_api_keyGrafana api key (or Grafana cloud api key)HIGH
grafana_cloud_api_tokenGrafana cloud api tokenHIGH
grafana_service_account_tokenGrafana service account tokenHIGH
hashicorp_tf_api_tokenHashiCorp Terraform user/org API tokenHIGH
heroku_api_keyHeroku API KeyHIGH
hubspot_api_keyHubSpot API TokenHIGH
intercom_api_keyIntercom API TokenHIGH
jwtJSON Web TokenHIGH
kraken_access_tokenKraken Access TokenHIGH
kucoin_access_tokenKucoin Access TokenHIGH
kucoin_secret_keyKucoin Secret KeyHIGH
launchdarkly_access_tokenLaunchdarkly Access TokenHIGH
linear_api_keyLinear API TokenHIGH
linear_client_secretLinear Client SecretHIGH
linkedin_client_idLinkedIn Client IDHIGH
linkedin_client_secretLinkedIn Client secretHIGH
lob_api_keyLob API KeyHIGH
lob_pub_api_keyLob Publishable API KeyHIGH
mailchimp_api_keyMailchimp API keyHIGH
mailgun_private_api_tokenMailgun private API tokenHIGH
mailgun_pub_keyMailgun public validation keyHIGH
mailgun_signing_keyMailgun webhook signing keyHIGH
mapbox_api_tokenMapBox API tokenHIGH
mattermost_access_tokenMattermost Access TokenHIGH
messagebird_api_tokenMessageBird API tokenHIGH
messagebird_client_idMessageBird client IDHIGH
microsoft_teams_webhookMicrosoft Teams WebhookHIGH
netlify_access_tokenNetlify Access TokenHIGH
new_relic_browser_api_tokenNew Relic ingest browser API tokenHIGH
new_relic_user_api_idNew Relic user API IDHIGH
new_relic_user_api_keyNew Relic user API KeyHIGH
npm_access_tokennpm access tokenHIGH
nytimes_access_tokenNytimes Access TokenHIGH
okta_access_tokenOkta Access TokenHIGH
plaid_api_tokenPlaid API TokenHIGH
plaid_client_idPlaid Client IDHIGH
plaid_secret_keyPlaid Secret keyHIGH
planetscale_api_tokenPlanetScale API tokenHIGH
planetscale_oauth_tokenPlanetScale OAuth tokenHIGH
planetscale_passwordPlanetScale passwordHIGH
postman_api_tokenPostman API tokenHIGH
prefect_api_tokenPrefect API tokenHIGH
private_keyPrivate KeyHIGH
pulumi_api_tokenPulumi API tokenHIGH
pypi_upload_tokenPyPI upload tokenHIGH
rapidapi_access_tokenRapidAPI Access TokenHIGH
readme_api_tokenReadme API tokenHIGH
rubygems_api_tokenRubygem API tokenHIGH
sendbird_access_idSendbird Access IDHIGH
sendbird_access_tokenSendbird Access TokenHIGH
sendgrid_api_tokenSendGrid API tokenHIGH
sendinblue_api_tokenSendinblue API tokenHIGH
sentry_access_tokenSentry Access TokenHIGH
shippo_api_tokenShippo API tokenHIGH
shopify_access_tokenShopify access tokenHIGH
shopify_custom_access_tokenShopify custom access tokenHIGH
shopify_private_app_access_tokenShopify private app access tokenHIGH
shopify_shared_secretShopify shared secretHIGH
sidekiq_secretSidekiq SecretHIGH
sidekiq_sensitive_urlSidekiq Sensitive URLHIGH
slack_access_tokenSlack tokenHIGH
slack_web_hookSlack WebhookHIGH
square_access_tokenSquare Access TokenHIGH
squarespace_access_tokenSquarespace Access TokenHIGH
stripe_access_tokenStripe private tokenHIGH
sumologic_access_idSumoLogic Access IDHIGH
sumologic_access_tokenSumoLogic Access TokenHIGH
telegram_bot_api_tokenTelegram Bot API TokenHIGH
travisci_access_tokenTravis CI Access TokenHIGH
twilio_api_keyTwilio API KeyHIGH
twitch_api_tokenTwitch API tokenHIGH
twitter_access_secretTwitter Access SecretHIGH
twitter_access_tokenTwitter Access TokenHIGH
twitter_api_keyTwitter API KeyHIGH
twitter_api_secretTwitter API SecretHIGH
twitter_bearer_tokenTwitter Bearer TokenHIGH
typeform_api_tokenTypeform API tokenHIGH
vault_batch_tokenVault Batch TokenHIGH
vault_service_tokenVault Service TokenHIGH
yandex_access_tokenYandex Access TokenHIGH
yandex_api_keyYandex API KeyHIGH
yandex_aws_access_tokenYandex AWS Access TokenHIGH
zendesk_secret_keyZendesk Secret KeyHIGH

Technology

NameDescriptionSensitivity
hostHost name (IP or DNS)MEDIUM
ipv4IPv4 addressMEDIUM
ipv6IPv6 addressMEDIUM
jsonJSON stringLOW
language_iso_639_1LanguageLOW
language_iso_639_2Language ISO 639-2LOW
pathDisk or URL PathLOW
portPort numberLOW
protocolProtocolLOW
secretSecretHIGH
status_codeStatus CodeLOW
urlA URL as defined by RFC 1738LOW
uuidUniversally Unique IdentifierLOW
versionVersion NumberLOW

Custom Sensitive Data Types

It's possible to write custom scalar or override existing one using the escaperc:

{
"scalars": {
"custom_scalar_identifier": {
"description": **value**,
"examples": ['**value**'],
"names": ['**value**'],
"parents": ['ID | Int | String | Boolean | Float'],
"patterns": ['**value**'],
"sensitivity": 0 | 1 | 2 | 3,},
}
}

description

The description for the scalar

Example

{'description': '**value**'}

examples

Example of values for the scalar (used in the explore as default values). Careful values inputed here will be ignored by the checks

Example

{'examples': ['**value**']}

names

The possible names for the scalar

Example

{'names': ['**value**']}

parents

The graphql default type it's compatible with

Example

{'parents': ['ID | Int | String | Boolean | Float']}

patterns

The possible values for the scalar (regex friendly) (used for the checks)

Example

{'patterns': ['**value**']}

sensitivity

The sensitivity of the data Must be one of [0, 1, 2, 3]

Example

{'sensitivity': '0 | 1 | 2 | 3'}