Added rules for shopify, truenas

data/rules/shopify.yml

@@ -0,0 +1,40 @@
+rules:
+  - name: Shopify access token
+    id: kingfisher.shopify.1
+    pattern: |
+      (?xi)
+      \b
+      (
+        (?:shpat|shpca|shppa|shpss)_[a-f0-9]{30,34}
+      )
+      \b
+    min_entropy: 3.5
+    examples:
+      - 'shopify_app_secret: "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"'
+    validation:
+      type: Http
+      content:
+        request:
+          headers:
+            X-Shopify-Access-Token: '{{ TOKEN }}'
+          method: GET
+          response_matcher:
+            - report_response: true
+            - type: StatusMatch
+              status:
+                - 200
+            - type: WordMatch 
+              match_all_words: true
+              words: ['"shop":']
+          url: https://{{ DOMAIN }}/admin/api/2024-10/shop.json
+    depends_on_rule:
+      - rule_id: "kingfisher.shopify.2"
+        variable: DOMAIN
+
+  - name: Shopify Domain
+    id: kingfisher.shopify.2
+    pattern: (?xi)([a-z0-9-]+\.myshopify\.com)
+    min_entropy: 3.0
+    visible: false
+    examples:
+      - example.myshopify.com

data/rules/truenas.yml

@@ -0,0 +1,49 @@
+rules:
+  - name: TrueNAS API Key (WebSocket)
+    id: kingfisher.truenas.1
+    pattern: |
+      (?x)
+      "params"\s*:\s*\[\s*"
+      (\d+-[a-zA-Z0-9]{64})
+      "\s*\]
+    min_entropy: 3.3
+    confidence: medium
+    examples:
+      - '{"id":"3286a508-a6ca-278a-c078-85b2b515d8d2", "msg":"method", "method":"auth.login_with_api_key", "params":["8-Lp22ov7halMBLUpG97Wg4y7fibQi3CW19VJiZcCu746zgCs0mdDdTCoOcpgEucgu"]}'
+      - '{"id":"677d9914-f598-f497-e77e-2a3aadbb822e", "msg":"method", "method":"auth.login_with_api_key", "params" : ["9-hTSZDBPyg0PjRZvWb8omoxJ7X2gAjRGmiPKql9ENGIUP9OPtEAzz5f6g9YIMVbZT"]}'
+      - '{"id":"2755dad4-cc12-94bb-a894-ba0f85c3fdbf", "msg":"method", "method":"auth.login_with_api_key", "params" : [ "10-6LZBVhNq8zze0rzXJptfSWDBoskWuThnQb3fUVw4sVNgJ7GKT3ITVIovhwPf34oL" ]}'
+      - |
+        {
+          "id": "2755dad4-cc12-94bb-a894-ba0f85c3fdbf",
+          "msg": "method",
+          "method": "auth.login_with_api_key",
+          "params": [
+            "10-6LZBVhNq8zze0rzXJptfSWDBoskWuThnQb3fUVw4sVNgJ7GKT3ITVIovhwPf34oL"
+          ]
+        }
+    references:
+      - https://www.truenas.com/docs/api/core_websocket_api.html
+      - https://www.truenas.com/docs/api/scale_rest_api.html
+      - https://www.truenas.com/docs/scale/scaletutorials/toptoolbar/managingapikeys/
+      - https://www.truenas.com/docs/scale/scaleclireference/auth/cliapikey/
+      - https://www.truenas.com/docs/scale/api/
+      - https://www.truenas.com/community/threads/api-examples-in-perl-python.108053/
+
+  - name: TrueNAS API Key (REST API)
+    id: kingfisher.truenas.2
+    pattern: |
+      (?x)
+      Bearer\s*
+      (\d+-[a-zA-Z0-9]{64})
+      \b
+    min_entropy: 3.3
+    confidence: medium
+    examples:
+      - 'curl -X POST "http://192.168.0.30/api/v2.0/device/get_info" -H "Content-Type: application/json" -H "Authorization: Bearer 8-Lp22ov7halMBLUpG97Wg4y7fibQi3CW19VJiZcCu746zgCs0mdDdTCoOcpgEucgu" -d "\"SERIAL\""'
+    references:
+      - https://www.truenas.com/docs/api/core_websocket_api.html
+      - https://www.truenas.com/docs/api/scale_rest_api.html
+      - https://www.truenas.com/docs/scale/scaletutorials/toptoolbar/managingapikeys/
+      - https://www.truenas.com/docs/scale/scaleclireference/auth/cliapikey/
+      - https://www.truenas.com/docs/scale/api/
+      - https://www.truenas.com/community/threads/api-examples-in-perl-python.108053/