From f437acf6f636720cb47c3c8f92f244880ed4c2c2 Mon Sep 17 00:00:00 2001
From: Dhrumil Mistry <56185972+dmdhrumilmistry@users.noreply.github.com>
Date: Sun, 29 Oct 2023 15:20:11 +0530
Subject: [PATCH] add regex for detecting ATO attack vectors

---
 src/offat/tester/regexs.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/offat/tester/regexs.py b/src/offat/tester/regexs.py
index 190ef62..a4ff638 100644
--- a/src/offat/tester/regexs.py
+++ b/src/offat/tester/regexs.py
@@ -6,6 +6,7 @@
     'ip': r'(?:\d{1,3}\.){3}\d{1,3}\b|\b(?:[A-Fa-f0-9]{1,4}:){7}[A-Fa-f0-9]{1,4}\b',
     'ccn': r'\b\d{4}-\d{4}-\d{4}-\d{4}\b',
     'jwtToken':r'(^|\s|")[A-Za-z0-9_-]{2,}(?:\.[A-Za-z0-9_-]{2,}){2}($|\s|")',
+    'ato_data':r'\b(auth_code|otp|password|password_hash|auth_token|access_token|refresh_token|secret|session_id|key|pin|accessToken|refreshToken|authenticationCode|authentication_code|jwt|api_secret|apiSecret)\b'
     
     # BRAZIL
     'BrazilCPF':r'\b(\d{3}\.){2}\d{3}\-\d{2}\b',