Skip to main content

Overview

While KafkaCode comes with comprehensive built-in patterns, you can extend it with custom detection rules for your specific needs.

Extending PatternScanner

const PatternScanner = require('kafkacode/dist/PatternScanner');

class CustomScanner extends PatternScanner {
  constructor() {
    super();

    // Add custom pattern for your organization's secrets
    this.patterns.companySecret = {
      regex: /COMPANY_SECRET_[A-Z0-9]{16}/g,
      severity: 'critical',
      type: 'Company Secret',
      description: 'Company-specific secret detected',
      recommendation: 'Move to secure vault'
    };

    // Add pattern for internal email domain
    this.patterns.internalEmail = {
      regex: /@yourcompany\.com/g,
      severity: 'medium',
      type: 'Internal Email',
      description: 'Internal email address found',
      recommendation: 'Use generic contact info'
    };
  }
}

// Usage
const scanner = new CustomScanner();
const findings = scanner.scanContent(filePath, content);

Custom Analysis Engine

const AnalysisEngine = require('kafkacode/dist/AnalysisEngine');
const CustomScanner = require('./CustomScanner');

class CustomEngine extends AnalysisEngine {
  constructor(verbose = false) {
    super(verbose);
    // Replace default scanner with custom one
    this.patternScanner = new CustomScanner();
  }
}

// Usage
const engine = new CustomEngine();
const findings = await engine.analyzeFiles(files);

Example: Custom Corporate Patterns

class CorporateScanner extends PatternScanner {
  constructor() {
    super();

    // Internal API keys
    this.patterns.corpApiKey = {
      regex: /CORP_API_[a-zA-Z0-9]{32}/g,
      severity: 'critical',
      type: 'Corporate API Key',
      description: 'Corporate API key detected',
      recommendation: 'Use environment variables or vault'
    };

    // Employee IDs
    this.patterns.employeeId = {
      regex: /EMP\d{6}/g,
      severity: 'medium',
      type: 'Employee ID',
      description: 'Employee ID found in code',
      recommendation: 'Remove employee identifiers from code'
    };

    // Internal URLs
    this.patterns.internalUrl = {
      regex: /https?:\/\/internal\.[a-z0-9.-]+/gi,
      severity: 'low',
      type: 'Internal URL',
      description: 'Internal URL detected',
      recommendation: 'Use configuration for internal URLs'
    };
  }
}

Industry-Specific Patterns

Healthcare (HIPAA)

class HealthcareScanner extends PatternScanner {
  constructor() {
    super();

    // Medical Record Numbers
    this.patterns.mrn = {
      regex: /MRN[-:]?\d{6,10}/gi,
      severity: 'critical',
      type: 'Medical Record Number',
      description: 'MRN detected (HIPAA violation)',
      recommendation: 'Remove all PHI from code'
    };

    // Patient IDs
    this.patterns.patientId = {
      regex: /PATIENT[-_]ID[-:]?\d+/gi,
      severity: 'critical',
      type: 'Patient ID',
      description: 'Patient identifier found',
      recommendation: 'Use anonymized test data'
    };
  }
}

Financial (PCI-DSS)

class FinancialScanner extends PatternScanner {
  constructor() {
    super();

    // Account Numbers
    this.patterns.accountNumber = {
      regex: /\b\d{10,12}\b/g,
      severity: 'critical',
      type: 'Account Number',
      description: 'Potential account number detected',
      recommendation: 'Never store account numbers in code'
    };

    // Routing Numbers
    this.patterns.routingNumber = {
      regex: /\b\d{9}\b/g,
      severity: 'high',
      type: 'Routing Number',
      description: 'Potential routing number detected',
      recommendation: 'Remove financial identifiers'
    };
  }
}

Next Steps

Detection Methods

Learn about built-in patterns

API Reference

PatternScanner API docs