├── README.md
└── logger++.png


/README.md:
--------------------------------------------------------------------------------
  1 | 
  2 | # Logger++ Custom Filters 
  3 | A comprehensive list of custom filters for Logger++ to identify various vulnerabilities in different API styles
  4 | 
  5 | ![Logo](https://raw.githubusercontent.com/bnematzadeh/LoggerPlusPlus-API-Filters/refs/heads/main/logger%2B%2B.png)
  6 | 
  7 | ### 1) API Styles
  8 | - REST
  9 |   - ```(Request.Path CONTAINS "api" OR Request.Host CONTAINS "api") AND !(Request.Method == "OPTIONS")```
 10 | - GraphQL 
 11 |   - ```(Request.Path CONTAINS "graphql" OR Request.Host CONTAINS "graphql") AND !(Request.Method == "OPTIONS")```
 12 | - gRPC-Web
 13 |   - ```(Response.Headers CONTAINS "grpc-web" OR Request.Headers CONTAINS "grpc-web" OR Request.Headers CONTAINS "X-Grpc-Web") AND !(Request.Method == "OPTIONS") ```
 14 |  
 15 | ### 2) Exposed API keys  
 16 | - Google_API_Key
 17 |   - ```Response.Body == /AIza[0-9A-Za-z\\-_]{35}/```
 18 | - GCP_OAUTH_KEY 
 19 |   - ```Response.Body == /[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com/```
 20 | - GCP_Service_KEY
 21 |   - ```Response.Body == /\"type\": \"service_account\"/```
 22 | - GOOGLE_OAUTH_KEY
 23 |   - ```Response.Body == /ya29\\.[0-9A-Za-z\\-_]+/```
 24 | - HEROKU_KEY 
 25 |   - ```Response.Body == /[h|H][e|E][r|R][o|O][k|K][u|U].*[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}/```
 26 | - MAILCHIMP_KEY
 27 |   - ```Response.Body == /[0-9a-f]{32}-us[0-9]{1,2}/```
 28 | - MAILGUN_KEY
 29 |   - ```Response.Body == /key-[0-9a-zA-Z]{32}/```
 30 | - AWS_KEY 
 31 |   - ```Response.Body == /amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}/```
 32 | - CLOUDINARY
 33 |   - ```Response.Body == /cloudinary:\/\/.*/```
 34 | - Firebase_URL
 35 |   - ```Response.Body == /.*firebaseio\.com/```
 36 | - SLACK_TOKEN 
 37 |   - ```Response.Body == /(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})/```
 38 | - RSA_KEY
 39 |   - ```Response.Body == /-----BEGIN RSA PRIVATE KEY-----/```
 40 | - SSH_DSA_KEY
 41 |   - ```Response.Body == /-----BEGIN DSA PRIVATE KEY-----/```
 42 | - SSH_EC_KEY 
 43 |   - ```Response.Body == /-----BEGIN EC PRIVATE KEY-----/```
 44 | - PGP_KEY
 45 |   - ```Response.Body == /-----BEGIN PGP PRIVATE KEY BLOCK-----/```
 46 | - Facebook_KEY
 47 |   - ```Response.Body == /EAACEdEose0cBA[0-9A-Za-z]+/```
 48 | - Facebook_OAuth_KEY 
 49 |   - ```Response.Body == /[f|F][a|A][c|C][e|E][b|B][o|O][o|O][k|K].*['|\"][0-9a-f]{32}['|\"]/```
 50 | - GitHub_KEY
 51 |   - ```Response.Body == /[g|G][i|I][t|T][h|H][u|U][b|B].*['|\"][0-9a-zA-Z]{35,40}['|\"]/```
 52 | - Generic_API_KEY
 53 |   - ```Response.Body == /[a|A][p|P][i|I][_]?[k|K][e|E][y|Y].*['|\"][0-9a-zA-Z]{32,45}['|\"]/```
 54 | - Twitter_Access_Token
 55 |   - ```Response.Body == /[t|T][w|W][i|I][t|T][t|T][e|E][r|R].*[1-9][0-9]+-[0-9a-zA-Z]{40}/```
 56 | - Twitter_OAuth_KEY
 57 |   - ```Response.Body == /[t|T][w|W][i|I][t|T][t|T][e|E][r|R].*['|\"][0-9a-zA-Z]{35,44}['|\"]/```
 58 | - Twilio_API_KEY
 59 |   - ```Response.Body == /SK[0-9a-fA-F]{32}/```
 60 | - Square_Access_Token 
 61 |   - ```Response.Body == /sq0atp-[0-9A-Za-z\\-_]{22}/```
 62 | - Square_OAuth_Secret
 63 |   - ```Response.Body == /sq0csp-[0-9A-Za-z\\-_]{43}/```
 64 | - Stripe_API_KEY
 65 |   - ```Response.Body == /sk_live_[0-9a-zA-Z]{24}/```
 66 | - Stripe_Restricted_API_KEY
 67 |   - ```Response.Body == /rk_live_[0-9a-zA-Z]{24}/```
 68 | - Slack_Webhook 
 69 |   - ```Response.Body == /https:\/\/hooks.slack.com\/services\/T[a-zA-Z0-9_]{8}\/B[a-zA-Z0-9_]{8}\/[a-zA-Z0-9_]{24}/```
 70 | - Picatic_API_KEY
 71 |   - ```Response.Body == /sk_live_[0-9a-z]{32}/```
 72 | - PayPal_Braintree_Access_Token
 73 |   - ```Response.Body == /access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}/```
 74 | - Password_Response
 75 |   - ```Response.Body == /[a-zA-Z]{3,10}:\/\/[^\/\\s:@]{3,20}:[^\/\\s:@]{3,20}@.{1,100}[\"'\\s]/```
 76 | - Generic_Secret
 77 |   - ```Response.Body == /[s|S][e|E][c|C][r|R][e|E][t|T].*['|\"][0-9a-zA-Z]{32,45}['|\"]/```
 78 |       
 79 | ### 3) API Vulnerabilities 
 80 | 
 81 | - Broken Object Property Level Authorization
 82 |   - Excessive Data Exposure
 83 |     - ```Response.Body CONTAINS "email" OR Response.Body CONTAINS "name" OR Response.Body CONTAINS "ssn" OR Response.Body CONTAINS "nationalId" OR Response.Body CONTAINS "_id" OR Response.Body CONTAINS "family" OR Response.Body CONTAINS "phone" OR Response.Body CONTAINS "phoneNumber"```
 84 | 
 85 |   - Mass Assignment 
 86 |      - ```Request.Method IN ["POST","PUT","PATCH"]```
 87 |      - ```Request.Body CONTAINS "mutation"```
 88 |    
 89 |  - Broken Object Level Authorization and Injection
 90 |       - ```Request.HasGetParam == true```
 91 |       - ```Request.Method IN ["POST","PUT","PATCH"]```
 92 |       - ```Request.Body MATCHES ".*variables\":{.*"```
 93 |       - ```Response.Reflections > 0```
 94 |           
 95 | - CSRF & SSRF
 96 |     - ```Request.Method == "POST" AND !(Request.Headers CONTAINS "Content-Type: application/json" OR Response.Headers CONTAINS "application/json")```
 97 | 	- ```Request.Method == "POST" OR (Request.Headers CONTAINS "Content-Type: application/json" AND Request.Headers CONTAINS "Content-Length: 0")```
 98 | 	- ```(Request.Query MATCHES ".*(http%3A%2F%2F|https%3A%2F%2F)?(www.)?[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,5}.*" OR Request.Body MATCHES ".*(http%3A%2F%2F|https%3A%2F%2F)?(www.)?[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,5}.*")```
 99 | -  CORS Misconfiguration
100 | 	  - ```!(Request.Headers CONTAINS "Authorization:") AND (Response.Headers CONTAINS "Access-Control-Allow-Credentials" OR Response.Headers CONTAINS "Access-Control-Allow-Origin")```
101 |   - Unrestricted Resource Consumption
102 | 	  - ```Request.Body CONTAINS "limit" OR Request.Body CONTAINS "filter" OR Request.Body CONTAINS "offset" OR Request.Body CONTAINS "first" OR Request.Body CONTAINS "after" OR Request.Body CONTAINS "last" OR Request.Body CONTAINS "max" OR Request.Body CONTAINS "total" OR Request.Query CONTAINS "limit" OR Request.Query CONTAINS "filter" OR Request.Query CONTAINS "offset" OR Request.Query CONTAINS "first" OR Request.Query CONTAINS "after" OR Request.Query CONTAINS "last" OR Request.Query CONTAINS "max" OR Request.Query CONTAINS "total"```
103 | 
104 | 


--------------------------------------------------------------------------------
/logger++.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/bnematzadeh/LoggerPlusPlus-API-Filters/6f873c3734d763caa33a90989f8d44daf289c66d/logger++.png


--------------------------------------------------------------------------------