From 00592693ae0b8ae0a3009b513a5dc2619c7571f6 Mon Sep 17 00:00:00 2001
From: Jirawat I <nodtem66@gmail.com>
Date: Tue, 2 Nov 2021 06:08:37 +0700
Subject: [PATCH 1/2] Add new RegEx for facebook tokens

- Add new RegEx and tests for facebook app tokens and access token
  based on v12 API
  https://developers.facebook.com/docs/facebook-login/access-tokens/
---
 fixtures/file          |  6 ++++++
 pywhat/Data/regex.json | 33 +++++++++++++++++++++++++++++++--
 tests/test_click.py    | 14 ++++++++++++++
 3 files changed, 51 insertions(+), 2 deletions(-)

diff --git a/fixtures/file b/fixtures/file
index 99df774..742ad1f 100644
--- a/fixtures/file
+++ b/fixtures/file
@@ -103,3 +103,9 @@ doi:10.1392/BC1.0
 10.1000/123
 
 a80122b2565c3e26a61cbf58d1d1aad7-us5
+
+1201566843289141|401fec62f46bc340d4c0e7e75132f731
+1201566843289141|WG1OAKQ-dY0lSj5NKyA6uFkvF7w
+
+EAARE0ZATePjUBAFxfm2L2aWdtNXOSscOnMYktEPYJuOSrteSQZCh9VWVVKnhSSYNumEnju6XItaRhija3pA7LFPHquTbi4IDZC8k9EMByeQ4NJzCFsc40FMIQIgvnCTOK5qt6xBZCUMf7S95X6nnqCUVw2iS0DRDbqttxauxIDgBRYJ7zZABXe9V0CY872DUl3BfyINIYfCXmRZC8loACc
+EAARE0ZATePjUBAHVHoVVbRc9N0u2lNC5eJab59qwD9mG5ZCRgcg3qlbPZC07EkP65Ji3BnPzPKZBMqN7WyOfJ8Riky4RD66aSqX8U0d14EWwHx94rZCtM6qfULiXOrqWKiG2KLyJJnRzAus3ubodKUwTuZCBcPmcGJcvq5Krfk8xgLQVZBoFLGLJs5wT4SlBxiWAdytlggqzQZDZD
\ No newline at end of file
diff --git a/pywhat/Data/regex.json b/pywhat/Data/regex.json
index 25a67b0..6f4b11a 100644
--- a/pywhat/Data/regex.json
+++ b/pywhat/Data/regex.json
@@ -426,7 +426,7 @@
    },
    {
       "Name": "Facebook Access Token",
-      "Regex": "^(EAACEdEose0cBA[0-9A-Za-z]{512})$",
+      "Regex": "^(EA[0-9A-Za-z]{190,})$",
       "plural_name": false,
       "Description": null,
       "Exploit": null,
@@ -437,7 +437,14 @@
          "Bug Bounty",
          "Credentials",
          "Facebook"
-      ]
+      ],
+      "Examples": {
+         "Valid": [
+            "EAARE0ZATePjUBAFxfm2L2aWdtNXOSscOnMYktEPYJuOSrteSQZCh9VWVVKnhSSYNumEnju6XItaRhija3pA7LFPHquTbi4IDZC8k9EMByeQ4NJzCFsc40FMIQIgvnCTOK5qt6xBZCUMf7S95X6nnqCUVw2iS0DRDbqttxauxIDgBRYJ7zZABXe9V0CY872DUl3BfyINIYfCXmRZC8loACc",
+            "EAARE0ZATePjUBAHVHoVVbRc9N0u2lNC5eJab59qwD9mG5ZCRgcg3qlbPZC07EkP65Ji3BnPzPKZBMqN7WyOfJ8Riky4RD66aSqX8U0d14EWwHx94rZCtM6qfULiXOrqWKiG2KLyJJnRzAus3ubodKUwTuZCBcPmcGJcvq5Krfk8xgLQVZBoFLGLJs5wT4SlBxiWAdytlggqzQZDZD"
+         ],
+         "Invalid": []
+      }
    },
    {
       "Name": "Facebook Secret Key",
@@ -1309,6 +1316,28 @@
          ]
       }
    },
+   {
+      "Name": "Facebook App Token",
+      "Regex": "^([0-9]{10,}\\|[A-Za-z0-9\\-]{27,})$",
+      "plural_name": false,
+      "Description": null,
+      "Exploit": null,
+      "Rarity": 0.8,
+      "URL": "https://developers.facebook.com/tools/debug/accesstoken/?access_token=",
+      "Tags": [
+         "API Keys",
+         "Bug Bounty",
+         "Credentials",
+         "Facebook"
+      ],
+      "Examples": {
+         "Valid": [
+            "1201566843289141|401fec62f46bc340d4c0e7e75132f731",
+            "1201566843289141|WG1OAKQ-dY0lSj5NKyA6uFkvF7w"
+         ],
+         "Invalid": []
+      }
+   },
    {
       "Name": "Google Cloud Platform API Key",
       "Regex": "(?i)^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$",
diff --git a/tests/test_click.py b/tests/test_click.py
index cdaf5ec..4fcaf90 100644
--- a/tests/test_click.py
+++ b/tests/test_click.py
@@ -660,6 +660,20 @@ def test_file_fixture_slack_webhook():
     assert re.findall("Slack Webhook", str(result.output))
 
 
+def test_file_fixture_facebook_access_token():
+    runner = CliRunner()
+    result = runner.invoke(main, ["fixtures/file"])
+    assert result.exit_code == 0
+    assert re.findall("Facebook Access Token", str(result.output))
+
+
+def test_file_fixture_facebook_app_token():
+    runner = CliRunner()
+    result = runner.invoke(main, ["fixtures/file"])
+    assert result.exit_code == 0
+    assert re.findall("Facebook App Token", str(result.output))
+
+
 def test_format():
     runner = CliRunner()
     result = runner.invoke(

From 75a9464c6c562de5e87907f886f48e62d32233eb Mon Sep 17 00:00:00 2001
From: Jirawat I <nodtem66@gmail.com>
Date: Wed, 3 Nov 2021 17:13:36 +0700
Subject: [PATCH 2/2] Remove testcases and adjust the rarity

- Remove testcases from fixtures/file and test_click.py
- Adjust the rarity of Access token and App token to 0.2 and 0.3,
  respectively
---
 fixtures/file          |  6 ---
 pywhat/Data/regex.json | 88 +++++++++++++++++++++---------------------
 tests/test_click.py    | 14 -------
 3 files changed, 44 insertions(+), 64 deletions(-)

diff --git a/fixtures/file b/fixtures/file
index 742ad1f..99df774 100644
--- a/fixtures/file
+++ b/fixtures/file
@@ -103,9 +103,3 @@ doi:10.1392/BC1.0
 10.1000/123
 
 a80122b2565c3e26a61cbf58d1d1aad7-us5
-
-1201566843289141|401fec62f46bc340d4c0e7e75132f731
-1201566843289141|WG1OAKQ-dY0lSj5NKyA6uFkvF7w
-
-EAARE0ZATePjUBAFxfm2L2aWdtNXOSscOnMYktEPYJuOSrteSQZCh9VWVVKnhSSYNumEnju6XItaRhija3pA7LFPHquTbi4IDZC8k9EMByeQ4NJzCFsc40FMIQIgvnCTOK5qt6xBZCUMf7S95X6nnqCUVw2iS0DRDbqttxauxIDgBRYJ7zZABXe9V0CY872DUl3BfyINIYfCXmRZC8loACc
-EAARE0ZATePjUBAHVHoVVbRc9N0u2lNC5eJab59qwD9mG5ZCRgcg3qlbPZC07EkP65Ji3BnPzPKZBMqN7WyOfJ8Riky4RD66aSqX8U0d14EWwHx94rZCtM6qfULiXOrqWKiG2KLyJJnRzAus3ubodKUwTuZCBcPmcGJcvq5Krfk8xgLQVZBoFLGLJs5wT4SlBxiWAdytlggqzQZDZD
\ No newline at end of file
diff --git a/pywhat/Data/regex.json b/pywhat/Data/regex.json
index 6f4b11a..5a055ed 100644
--- a/pywhat/Data/regex.json
+++ b/pywhat/Data/regex.json
@@ -424,28 +424,6 @@
          "Invalid": []
       }
    },
-   {
-      "Name": "Facebook Access Token",
-      "Regex": "^(EA[0-9A-Za-z]{190,})$",
-      "plural_name": false,
-      "Description": null,
-      "Exploit": null,
-      "Rarity": 1,
-      "URL": "https://developers.facebook.com/tools/debug/accesstoken/?access_token=",
-      "Tags": [
-         "API Keys",
-         "Bug Bounty",
-         "Credentials",
-         "Facebook"
-      ],
-      "Examples": {
-         "Valid": [
-            "EAARE0ZATePjUBAFxfm2L2aWdtNXOSscOnMYktEPYJuOSrteSQZCh9VWVVKnhSSYNumEnju6XItaRhija3pA7LFPHquTbi4IDZC8k9EMByeQ4NJzCFsc40FMIQIgvnCTOK5qt6xBZCUMf7S95X6nnqCUVw2iS0DRDbqttxauxIDgBRYJ7zZABXe9V0CY872DUl3BfyINIYfCXmRZC8loACc",
-            "EAARE0ZATePjUBAHVHoVVbRc9N0u2lNC5eJab59qwD9mG5ZCRgcg3qlbPZC07EkP65Ji3BnPzPKZBMqN7WyOfJ8Riky4RD66aSqX8U0d14EWwHx94rZCtM6qfULiXOrqWKiG2KLyJJnRzAus3ubodKUwTuZCBcPmcGJcvq5Krfk8xgLQVZBoFLGLJs5wT4SlBxiWAdytlggqzQZDZD"
-         ],
-         "Invalid": []
-      }
-   },
    {
       "Name": "Facebook Secret Key",
       "Regex": "(?i)^((facebook|fb)(.{0,20})?['\\\"][0-9a-f]{32}['\\\"])$",
@@ -1316,28 +1294,6 @@
          ]
       }
    },
-   {
-      "Name": "Facebook App Token",
-      "Regex": "^([0-9]{10,}\\|[A-Za-z0-9\\-]{27,})$",
-      "plural_name": false,
-      "Description": null,
-      "Exploit": null,
-      "Rarity": 0.8,
-      "URL": "https://developers.facebook.com/tools/debug/accesstoken/?access_token=",
-      "Tags": [
-         "API Keys",
-         "Bug Bounty",
-         "Credentials",
-         "Facebook"
-      ],
-      "Examples": {
-         "Valid": [
-            "1201566843289141|401fec62f46bc340d4c0e7e75132f731",
-            "1201566843289141|WG1OAKQ-dY0lSj5NKyA6uFkvF7w"
-         ],
-         "Invalid": []
-      }
-   },
    {
       "Name": "Google Cloud Platform API Key",
       "Regex": "(?i)^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$",
@@ -2363,6 +2319,28 @@
          "Invalid": []
       }
    },
+   {
+      "Name": "Facebook App Token",
+      "Regex": "^([0-9]{6,}\\|[A-Za-z0-9\\-]{24,})$",
+      "plural_name": false,
+      "Description": null,
+      "Exploit": null,
+      "Rarity": 0.3,
+      "URL": "https://developers.facebook.com/tools/debug/accesstoken/?access_token=",
+      "Tags": [
+         "API Keys",
+         "Bug Bounty",
+         "Credentials",
+         "Facebook"
+      ],
+      "Examples": {
+         "Valid": [
+            "1201566843289141|401fec62f46bc340d4c0e7e75132f731",
+            "1201566843289141|WG1OAKQ-dY0lSj5NKyA6uFkvF7w"
+         ],
+         "Invalid": []
+      }
+   },
    {
       "Name": "JSON Web Token (JWT)",
       "Regex": "(?i)^((?=.*[a-z])(?=.*[0-9])(?:[a-z0-9_=]+\\.){2}(?:[a-z0-9_\\-\\+\\/=]*))$",
@@ -2466,6 +2444,28 @@
          "Invalid": []
       }
    },
+   {
+      "Name": "Facebook Access Token",
+      "Regex": "^(EA[0-9A-Za-z]{190,})$",
+      "plural_name": false,
+      "Description": null,
+      "Exploit": null,
+      "Rarity": 0.2,
+      "URL": "https://developers.facebook.com/tools/debug/accesstoken/?access_token=",
+      "Tags": [
+         "API Keys",
+         "Bug Bounty",
+         "Credentials",
+         "Facebook"
+      ],
+      "Examples": {
+         "Valid": [
+            "EAARE0ZATePjUBAFxfm2L2aWdtNXOSscOnMYktEPYJuOSrteSQZCh9VWVVKnhSSYNumEnju6XItaRhija3pA7LFPHquTbi4IDZC8k9EMByeQ4NJzCFsc40FMIQIgvnCTOK5qt6xBZCUMf7S95X6nnqCUVw2iS0DRDbqttxauxIDgBRYJ7zZABXe9V0CY872DUl3BfyINIYfCXmRZC8loACc",
+            "EAARE0ZATePjUBAHVHoVVbRc9N0u2lNC5eJab59qwD9mG5ZCRgcg3qlbPZC07EkP65Ji3BnPzPKZBMqN7WyOfJ8Riky4RD66aSqX8U0d14EWwHx94rZCtM6qfULiXOrqWKiG2KLyJJnRzAus3ubodKUwTuZCBcPmcGJcvq5Krfk8xgLQVZBoFLGLJs5wT4SlBxiWAdytlggqzQZDZD"
+         ],
+         "Invalid": []
+      }
+   },
    {
       "Name": "ObjectID",
       "Regex": "^([0-9a-fA-F]{24})$",
diff --git a/tests/test_click.py b/tests/test_click.py
index 4fcaf90..cdaf5ec 100644
--- a/tests/test_click.py
+++ b/tests/test_click.py
@@ -660,20 +660,6 @@ def test_file_fixture_slack_webhook():
     assert re.findall("Slack Webhook", str(result.output))
 
 
-def test_file_fixture_facebook_access_token():
-    runner = CliRunner()
-    result = runner.invoke(main, ["fixtures/file"])
-    assert result.exit_code == 0
-    assert re.findall("Facebook Access Token", str(result.output))
-
-
-def test_file_fixture_facebook_app_token():
-    runner = CliRunner()
-    result = runner.invoke(main, ["fixtures/file"])
-    assert result.exit_code == 0
-    assert re.findall("Facebook App Token", str(result.output))
-
-
 def test_format():
     runner = CliRunner()
     result = runner.invoke(