kingfisher/crates/kingfisher-rules/data/rules/maxmind.yml

rules:
  - name: MaxMind License Key
    id: kingfisher.maxmind.1
    pattern: |
      (?xi)
      \b
      (
        [a-z0-9]{6}_[a-z0-9]{29}_mmk
      )
      \b
    pattern_requirements:
      min_digits: 2
    min_entropy: 3.8
    confidence: medium
    examples:
      - MAXMIND_LICENSE=AB12CD_1234567890abcdef1234567890abc_mmk
      - license_key="ZXCVBN_0987654321abcdef1234567890abc_mmk"
    references:
      - https://dev.maxmind.com/geoip/docs/web-services
    depends_on_rule:
      - rule_id: kingfisher.maxmind.2
        variable: ACCOUNT_ID
    validation:
      type: Http
      content:
        request:
          method: GET
          url: https://geoip.maxmind.com/geoip/v2.1/city/me
          headers:
            Authorization: "Basic {{ ACCOUNT_ID | append: ':' | append: TOKEN | b64enc }}"
            Accept: application/json
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status:
                - 200
  - name: MaxMind Account ID
    id: kingfisher.maxmind.2
    pattern: |
      (?xi)
      (?:maxmind|geoip|geolite)
      (?:.|[\n\r]){0,40}?
      (?:account|user)
      (?:.|[\n\r]){0,10}?
      (?:id|number)
      (?:.|[\n\r]){0,16}?
      (
        \d{4,8}
      )
    min_entropy: 2.0
    confidence: medium
    visible: false
    examples:
      - MAXMIND_ACCOUNT_ID=123456
      - '"maxmind": {"account_id": "654321", "license_key": "..."}'
      - 'geoip_account_number: 456789'
    references:
      - https://dev.maxmind.com/geoip/docs/web-services
- Fixed kingfisher scan so that providing --branch without --since-commit now diffs the branch against the empty tree and scans every commit reachable from that branch. - Added rules for meraki, duffel, finnhub, frameio, freshbooks, gitter, infracost, launchdarkly, lob, maxmind, messagebird, nytimes, prefect, salingo, sendinblue, sentry, shippo, twitch, typeform 2025-10-20 18:23:12 -07:00			`rules:`
			`- name: MaxMind License Key`
			`id: kingfisher.maxmind.1`
			`pattern: \|`
			`(?xi)`
			`\b`
			`(`
			`[a-z0-9]{6}_[a-z0-9]{29}_mmk`
			`)`
			`\b`
pattern_requirements for rules — Post-regex character-class gating to cut false positives without lookarounds. Authors can now require minimum counts of digits, uppercase, lowercase, and special characters, with an optional custom special-char set. Why: Hyperscan doesn’t support lookaheads/behinds, so many “must contain X and Y” checks had to be baked into the regex (hurting readability) or were impossible. pattern_requirements applies lightweight, in-memory checks after a match is found, keeping patterns fast and clean. 2025-11-04 13:55:31 -05:00			`pattern_requirements:`
			`min_digits: 2`
- Fixed kingfisher scan so that providing --branch without --since-commit now diffs the branch against the empty tree and scans every commit reachable from that branch. - Added rules for meraki, duffel, finnhub, frameio, freshbooks, gitter, infracost, launchdarkly, lob, maxmind, messagebird, nytimes, prefect, salingo, sendinblue, sentry, shippo, twitch, typeform 2025-10-20 18:23:12 -07:00			`min_entropy: 3.8`
			`confidence: medium`
			`examples:`
			`- MAXMIND_LICENSE=AB12CD_1234567890abcdef1234567890abc_mmk`
			`- license_key="ZXCVBN_0987654321abcdef1234567890abc_mmk"`
			`references:`
			`- https://dev.maxmind.com/geoip/docs/web-services`
- Added provider-specific kingfisher scan subcommands (for example kingfisher scan github …) that translate into the legacy flags under the hood. The new layout keeps backwards compatibility while removing the wall of provider options from kingfisher scan --help. - Updated the README so every provider example (GitHub, GitLab, Bitbucket, Azure Repos, Gitea, Hugging Face, Slack, Jira, Confluence, S3, GCS, Docker) uses the new subcommand style. - Restored the direct kingfisher scan /path/to/dir flow for local filesystem scans while adding a --list-only switch to each provider subcommand so repository enumeration no longer requires the standalone github repos, gitlab repos, etc. commands. - Removed the legacy top-level provider commands (kingfisher github, kingfisher gitlab, kingfisher gitea, kingfisher bitbucket, kingfisher azure, kingfisher huggingface) now that enumeration lives under kingfisher scan <provider> --list-only. - Fixed kingfisher scan github … (and other provider-specific subcommands) so they no longer demand placeholder path arguments before the CLI accepts the request. - Removed the --bitbucket-username, --bitbucket-token, and --bitbucket-oauth-token flags in favour of KF_BITBUCKET_* environment variables when authenticating to Bitbucket. 2025-10-22 16:24:09 -07:00			`depends_on_rule:`
			`- rule_id: kingfisher.maxmind.2`
			`variable: ACCOUNT_ID`
- Fixed kingfisher scan so that providing --branch without --since-commit now diffs the branch against the empty tree and scans every commit reachable from that branch. - Added rules for meraki, duffel, finnhub, frameio, freshbooks, gitter, infracost, launchdarkly, lob, maxmind, messagebird, nytimes, prefect, salingo, sendinblue, sentry, shippo, twitch, typeform 2025-10-20 18:23:12 -07:00			`validation:`
			`type: Http`
			`content:`
			`request:`
			`method: GET`
- Added provider-specific kingfisher scan subcommands (for example kingfisher scan github …) that translate into the legacy flags under the hood. The new layout keeps backwards compatibility while removing the wall of provider options from kingfisher scan --help. - Updated the README so every provider example (GitHub, GitLab, Bitbucket, Azure Repos, Gitea, Hugging Face, Slack, Jira, Confluence, S3, GCS, Docker) uses the new subcommand style. - Restored the direct kingfisher scan /path/to/dir flow for local filesystem scans while adding a --list-only switch to each provider subcommand so repository enumeration no longer requires the standalone github repos, gitlab repos, etc. commands. - Removed the legacy top-level provider commands (kingfisher github, kingfisher gitlab, kingfisher gitea, kingfisher bitbucket, kingfisher azure, kingfisher huggingface) now that enumeration lives under kingfisher scan <provider> --list-only. - Fixed kingfisher scan github … (and other provider-specific subcommands) so they no longer demand placeholder path arguments before the CLI accepts the request. - Removed the --bitbucket-username, --bitbucket-token, and --bitbucket-oauth-token flags in favour of KF_BITBUCKET_* environment variables when authenticating to Bitbucket. 2025-10-22 16:24:09 -07:00			`url: https://geoip.maxmind.com/geoip/v2.1/city/me`
- Fixed kingfisher scan so that providing --branch without --since-commit now diffs the branch against the empty tree and scans every commit reachable from that branch. - Added rules for meraki, duffel, finnhub, frameio, freshbooks, gitter, infracost, launchdarkly, lob, maxmind, messagebird, nytimes, prefect, salingo, sendinblue, sentry, shippo, twitch, typeform 2025-10-20 18:23:12 -07:00			`headers:`
- Added provider-specific kingfisher scan subcommands (for example kingfisher scan github …) that translate into the legacy flags under the hood. The new layout keeps backwards compatibility while removing the wall of provider options from kingfisher scan --help. - Updated the README so every provider example (GitHub, GitLab, Bitbucket, Azure Repos, Gitea, Hugging Face, Slack, Jira, Confluence, S3, GCS, Docker) uses the new subcommand style. - Restored the direct kingfisher scan /path/to/dir flow for local filesystem scans while adding a --list-only switch to each provider subcommand so repository enumeration no longer requires the standalone github repos, gitlab repos, etc. commands. - Removed the legacy top-level provider commands (kingfisher github, kingfisher gitlab, kingfisher gitea, kingfisher bitbucket, kingfisher azure, kingfisher huggingface) now that enumeration lives under kingfisher scan <provider> --list-only. - Fixed kingfisher scan github … (and other provider-specific subcommands) so they no longer demand placeholder path arguments before the CLI accepts the request. - Removed the --bitbucket-username, --bitbucket-token, and --bitbucket-oauth-token flags in favour of KF_BITBUCKET_* environment variables when authenticating to Bitbucket. 2025-10-22 16:24:09 -07:00			`Authorization: "Basic {{ ACCOUNT_ID \| append: ':' \| append: TOKEN \| b64enc }}"`
- Fixed kingfisher scan so that providing --branch without --since-commit now diffs the branch against the empty tree and scans every commit reachable from that branch. - Added rules for meraki, duffel, finnhub, frameio, freshbooks, gitter, infracost, launchdarkly, lob, maxmind, messagebird, nytimes, prefect, salingo, sendinblue, sentry, shippo, twitch, typeform 2025-10-20 18:23:12 -07:00			`Accept: application/json`
			`response_matcher:`
			`- report_response: true`
			`- type: StatusMatch`
			`status:`
			`- 200`
- Added provider-specific kingfisher scan subcommands (for example kingfisher scan github …) that translate into the legacy flags under the hood. The new layout keeps backwards compatibility while removing the wall of provider options from kingfisher scan --help. - Updated the README so every provider example (GitHub, GitLab, Bitbucket, Azure Repos, Gitea, Hugging Face, Slack, Jira, Confluence, S3, GCS, Docker) uses the new subcommand style. - Restored the direct kingfisher scan /path/to/dir flow for local filesystem scans while adding a --list-only switch to each provider subcommand so repository enumeration no longer requires the standalone github repos, gitlab repos, etc. commands. - Removed the legacy top-level provider commands (kingfisher github, kingfisher gitlab, kingfisher gitea, kingfisher bitbucket, kingfisher azure, kingfisher huggingface) now that enumeration lives under kingfisher scan <provider> --list-only. - Fixed kingfisher scan github … (and other provider-specific subcommands) so they no longer demand placeholder path arguments before the CLI accepts the request. - Removed the --bitbucket-username, --bitbucket-token, and --bitbucket-oauth-token flags in favour of KF_BITBUCKET_* environment variables when authenticating to Bitbucket. 2025-10-22 16:24:09 -07:00			`- name: MaxMind Account ID`
			`id: kingfisher.maxmind.2`
			`pattern: \|`
			`(?xi)`
			`(?:maxmind\|geoip\|geolite)`
			`(?:.\|[\n\r]){0,40}?`
			`(?:account\|user)`
			`(?:.\|[\n\r]){0,10}?`
			`(?:id\|number)`
updated maxmind rule 2025-10-22 18:49:20 -07:00			`(?:.\|[\n\r]){0,16}?`
- Added provider-specific kingfisher scan subcommands (for example kingfisher scan github …) that translate into the legacy flags under the hood. The new layout keeps backwards compatibility while removing the wall of provider options from kingfisher scan --help. - Updated the README so every provider example (GitHub, GitLab, Bitbucket, Azure Repos, Gitea, Hugging Face, Slack, Jira, Confluence, S3, GCS, Docker) uses the new subcommand style. - Restored the direct kingfisher scan /path/to/dir flow for local filesystem scans while adding a --list-only switch to each provider subcommand so repository enumeration no longer requires the standalone github repos, gitlab repos, etc. commands. - Removed the legacy top-level provider commands (kingfisher github, kingfisher gitlab, kingfisher gitea, kingfisher bitbucket, kingfisher azure, kingfisher huggingface) now that enumeration lives under kingfisher scan <provider> --list-only. - Fixed kingfisher scan github … (and other provider-specific subcommands) so they no longer demand placeholder path arguments before the CLI accepts the request. - Removed the --bitbucket-username, --bitbucket-token, and --bitbucket-oauth-token flags in favour of KF_BITBUCKET_* environment variables when authenticating to Bitbucket. 2025-10-22 16:24:09 -07:00			`(`
			`\d{4,8}`
			`)`
			`min_entropy: 2.0`
updated maxmind rule 2025-10-22 18:49:20 -07:00			`confidence: medium`
			`visible: false`
- Added provider-specific kingfisher scan subcommands (for example kingfisher scan github …) that translate into the legacy flags under the hood. The new layout keeps backwards compatibility while removing the wall of provider options from kingfisher scan --help. - Updated the README so every provider example (GitHub, GitLab, Bitbucket, Azure Repos, Gitea, Hugging Face, Slack, Jira, Confluence, S3, GCS, Docker) uses the new subcommand style. - Restored the direct kingfisher scan /path/to/dir flow for local filesystem scans while adding a --list-only switch to each provider subcommand so repository enumeration no longer requires the standalone github repos, gitlab repos, etc. commands. - Removed the legacy top-level provider commands (kingfisher github, kingfisher gitlab, kingfisher gitea, kingfisher bitbucket, kingfisher azure, kingfisher huggingface) now that enumeration lives under kingfisher scan <provider> --list-only. - Fixed kingfisher scan github … (and other provider-specific subcommands) so they no longer demand placeholder path arguments before the CLI accepts the request. - Removed the --bitbucket-username, --bitbucket-token, and --bitbucket-oauth-token flags in favour of KF_BITBUCKET_* environment variables when authenticating to Bitbucket. 2025-10-22 16:24:09 -07:00			`examples:`
			`- MAXMIND_ACCOUNT_ID=123456`
			`- '"maxmind": {"account_id": "654321", "license_key": "..."}'`
			`- 'geoip_account_number: 456789'`
			`references:`
			`- https://dev.maxmind.com/geoip/docs/web-services`