From 093dbd58f6323e6cc75e4cd35aafcdd7060ab453 Mon Sep 17 00:00:00 2001 From: Trever McKee Date: Fri, 19 Dec 2025 11:09:13 -0800 Subject: [PATCH] Add JFrog Artifactory Reference Token rule. --- data/rules/artifactory.yml | 46 +++++++++++++++++++++++++++++++++----- 1 file changed, 40 insertions(+), 6 deletions(-) diff --git a/data/rules/artifactory.yml b/data/rules/artifactory.yml index ff172e3..5c8f4bf 100644 --- a/data/rules/artifactory.yml +++ b/data/rules/artifactory.yml @@ -40,21 +40,55 @@ rules: - name: Artifactory JFrog URL id: kingfisher.artifactory.2 pattern: | - (?xi) - \b - ( + (?xi) + \b + ( [a-z0-9] (?: [a-z0-9\-]{0,61} [a-z0-9] )? \.jfrog\.io - ) - \b + ) + \b min_entropy: 3.5 visible: false confidence: medium examples: - mycompany.jfrog.io - my-company-name.jfrog.io - - a.jfrog.io \ No newline at end of file + - a.jfrog.io + + - name: Artifactory Identity Reference Token + id: kingfisher.artifactory.3 + pattern: | + (?xi) + \b + ( + cmVmd[A-Z0-9]{59} + ) + \b + pattern_requirements: + min_digits: 2 + min_uppercase: 1 + min_lowercase: 1 + min_entropy: 3.5 + confidence: medium + examples: + - export HOMEBREW_ARTIFACTORY_API_REFERENCE_TOKEN=cmVmdawqkxT1EE4bMepW0zmTVmBYYdv264WVufgipR9CQAW2xwSnY4CTKap8H5u0 + validation: + type: Http + content: + request: + headers: + Authorization: 'Bearer {{ TOKEN }}' + method: GET + response_matcher: + - report_response: true + - status: + - 200 + type: StatusMatch + url: https://{{ JFROGURL }}/artifactory/api/repositories + depends_on_rule: + - rule_id: "kingfisher.artifactory.2" + variable: JFROGURL