eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions

added more rules

Browse source
This commit is contained in:
Mick Grove 2025-08-16 14:54:01 -07:00
commit 0d89e682da
9 changed files with 245 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
CHANGELOG.md
View file

@ -3,7 +3,7 @@
All notable changes to this project will be documented in this file.
## [1.42.0]
- Added rules for authress, clickhouse
- Added rules for authress, clickhouse, codecov, contentful, curl, dropbox, fly.io
- Internal refactoring of rule loader, git enumerator, and filetype guesser
- Improved language detection

4
data/rules/baremetrics.yml
View file

@ -2,8 +2,8 @@ rules:
- name: Baremetrics API Key
id: kingfisher.baremetrics.1
pattern: |
(?xi)
\b
(?xi)
\b
baremetrics
(?:.|[\n\r]){0,32}?
\b

2
data/rules/clickhouse.yml
View file

@ -41,7 +41,7 @@ rules:
\b
clickhouse
(?:.|[\n\r]){0,16}?
(?:\bID|\bUSER)
(?:ID|USER)
(?:.|[\n\r]){0,16}?
\b
(

37
data/rules/clojars.yml Normal file
View file

@ -0,0 +1,37 @@
rules:
- name: Clojars Username
id: kingfisher.clojars.1
pattern: |
(?xi)
\b
clojars
(?:.|[\n\r]){0,32}?
(?:ID|USER)
(?:.|[\n\r]){0,16}?
\b
(
[a-zA-Z0-9_-]{3,}
)
\b
confidence: medium
min_entropy: 1.5
visible: false
examples:
- "clojars_user = my-username"
- name: Clojars API Token
id: kingfisher.clojars.2
pattern: |
(?xi)
\b
(
CLOJARS_[a-z0-9]{60}
)
\b
confidence: medium
min_entropy: 4.0
examples:
- "CLOJARS_7a0b5c647fdca75616e99a5629ba28955e53faf6391b1b4461ccd972b0e2"
references:
- https://github.com/clojars/clojars-web/wiki/API
- https://github.com/clojars/clojars-web/wiki/Tutorial-for-library-authors

36
data/rules/codecov.yml Normal file
View file

@ -0,0 +1,36 @@
rules:
- name: Codecov Access Token
id: kingfisher.codecov.1
pattern: |
(?xi)
\b
codecov
(?:.|[\n\r]){0,32}?
(?:SECRET|PRIVATE|ACCESS|KEY|TOKEN)
(?:.|[\n\r]){0,32}?
(
[A-Z0-9-]{36}
)
\b
confidence: medium
min_entropy: 3.5
validation:
type: Http
content:
request:
method: GET
url: "https://api.codecov.io/api/v2/github/"
headers:
Authorization: "Bearer {{TOKEN}}"
Accept: application/json
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: WordMatch
words:
- '"count":'
references:
- https://docs.codecov.com/reference/api-overview
examples:
- "codecov_token = 52acf265-3fc6-4ecd-304a-15940bd04653"

74
data/rules/contentful.yml Normal file
View file

@ -0,0 +1,74 @@
rules:
- name: Contentful Delivery API Token
id: kingfisher.contentful.1
pattern: |
(?xi)
\b
contentful
(?:.|[\n\r]){0,32}?
(?:SECRET|PRIVATE|ACCESS|KEY|TOKEN)
(?:.|[\n\r]){0,32}?
\b
(
[a-zA-Z0-9_-]{43,45}
)
\b
confidence: medium
min_entropy: 4.0
validation:
type: Http
content:
request:
method: GET
url: "https://cdn.contentful.com/spaces"
headers:
Authorization: "Bearer {{TOKEN}}"
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: WordMatch
words:
- '"sys":'
- '"type":"Array"'
- '"items":'
match_all_words: true
references:
- https://www.contentful.com/developers/docs/references/content-delivery-api/
examples:
- "contentful_delivery_token = wJz-g_tqZ-8n_abcdefghijklmnopqrstuvwxyz12345"
- name: Contentful Personal Access Token
id: kingfisher.contentful.2
pattern: |
(?xi)
\b
(
CFPAT-[A-Z0-9_-]{43}
)
\b
confidence: medium
min_entropy: 3.5
validation:
type: Http
content:
request:
method: GET
url: "https://api.contentful.com/users/me"
headers:
Authorization: "Bearer {{TOKEN}}"
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: WordMatch
words:
- '"firstName":'
- '"lastName":'
match_all_words: true
references:
- https://www.contentful.com/developers/docs/references/content-management-api/#/reference/users/user
examples:
- "CFPAT-Cq3AarsJCDvdG9PYAJ3Y00crCG5nEPAAfVZ2LAldCsQ"
- "CFPAT-WFWEK_dWYIW0-uamOjhUBAJJ9NqQisr1x_ylb4z1vcQ"
- "CFPAT-lkITY2pqeiE0_p9TxUZrGAhfHJIiwYtbtr769y4_AYY"

24
data/rules/curl.yml Normal file
View file

@ -0,0 +1,24 @@
rules:
- name: Curl Basic Authentication Credentials
id: kingfisher.curl.1
pattern: '(?i)\bcurl\s.*(?:-u|--user)\s+[''"]?(?P<TOKEN>[^:''"\s]+:[^''"\s]+)[''"]?'
confidence: low
min_entropy: 3.0
references:
- https://curl.se/docs/manpage.html#-u
examples:
- 'curl --cacert ca.crt -u elastic:P@ssw0rd$1 https://localhost:9200'
- 'curl -u developer:yqDVtkqPECriaLRi'
- 'curl --user roger23@gmail.com:pQ9wTxu4Fg https://www.dropbox.com'
- name: Curl Header Authentication
id: kingfisher.curl.2
pattern: '(?i)\bcurl\s.*(?:-H|--header)\s+[''"]Authorization:\s*(?:Bearer|Basic|Token)\s+(?P<TOKEN>[a-zA-Z0-9+/=_-]{20,})[''"]'
confidence: low
min_entropy: 3.5
references:
- https://curl.se/docs/manpage.html#-H
examples:
- 'curl -H ''Authorization: Basic YnJvd3Nlcjo='''
- 'curl -H "Authorization: Bearer cfcabd11c7ed9a41b1a3e063c32d5114"'
- 'curl -H "Authorization: Token 22cb987851bc5659229114c62e60c79abd0d2c08"'

34
data/rules/dropbox.yml Normal file
View file

@ -0,0 +1,34 @@
rules:
- name: Dropbox API secret/key
id: kingfisher.dropbox.1
pattern: |
(?xi)
\b
sl\.
(
[A-Z0-9\-\_]{130,152}
)
\b
min_entropy: 3.3
confidence: medium
examples:
- 'curl -X POST https://api.dropboxapi.com/2/users/get_current_account --header "Authorization: Bearer sl.hAi61Jx1hs3XlhrnsCxnctrEmxK2Q-UK29hbdxxHyAykldSeHmipBAauxTzuBEIqt2jdyyUZw8kgY3t_ars-PNIPS27ySa1ab22132U3sUuqYTXHzf2XlvMxSesUhkzx2G11_9W1f-eo"'
- ' "access_token": "sl.AbX9y6Fe3AuH5o66-gmJpR032jwAwQPIVVzWXZNkdzcYT02akC2de219dZi6gxYPVnYPrpvISRSf9lxKWJzYLjtMPH-d9fo_0gXex7X37VIvpty4-G8f4-WX45AcEPfRnJJDwzv-",'
- 'curl -X POST https://api.dropboxapi.com/2/users/get_current_account --header "Authorization: Bearer sl.hAi61Jx1hs3XlhrnsCxnctrEmxK2Q-UK29hbdxxHyAykldSeHmipBAauxTzuBEIqt2jdyyUZw8kgY3t_ars-PNIPS27ySa1ab22132U3sUuqYTXHzf2XlvMxSesUhkzx2G11_9W1f-eo"'
- ' "access_token": "sl.AbX9y6Fe3AuH5o66-gmJpR032jwAwQPIVVzWXZNkdzcYT02akC2de219dZi6gxYPVnYPrpvISRSf9lxKWJzYLjtMPH-d9fo_0gXex7X37VIvpty4-G8f4-WX45AcEPfRnJJDwzv-",'
- sl.lMcWXvCOCR9yRAOXwDg1V_VTsbEXdu3Xpsgg35GQTrDahoIuUnij4H5b6bMnwobZx4XnniaQappZU9j-CCWd-LYW81juiU04-yvLhOPV47Nj7Fs8XSE-CweZp6j9nw4E2oWWJ5
validation:
type: Http
content:
request:
headers:
Authorization: Bearer {{ TOKEN }}
method: POST
response_matcher:
- report_response: true
- match_all_words: true
type: WordMatch
words:
- '"account_id":'
- '"email":'
url: https://api.dropboxapi.com/2/users/get_current_account

36
data/rules/flyio.yml Normal file
View file

@ -0,0 +1,36 @@
rules:
- name: Fly.io API Token
id: kingfisher.flyio.1
pattern: |
(?x)
\b
(
FlyV1\s[A-Za-z0-9=_\-,/+]{100,}
)
\b
confidence: medium
min_entropy: 4.0
validation:
type: Http
content:
request:
method: POST
url: "https://api.fly.io/graphql"
headers:
Authorization: "Bearer {{TOKEN}}"
Content-Type: "application/json"
body: '{"query":"query { viewer { id email name } }"}'
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: WordMatch
words:
- '"data":'
- '"viewer":'
- '"email":'
match_all_words: true
references:
- https://fly.io/docs/reference/graphql/
examples:
- "FlyV1 fm2_lJPECAAAAAAACcIGxBBr3eFBrCTMuIb8FOeUWTf0wrVodHRwczovL2FwaS5mbHkuaW8vdjGUAJLOABLVch8Lk7lodHRwczovL2FwaS5mbHkuaW8vYWFhL3YxxDymEU+hbM4EZ6KeG6k1EWHesm6buoSgwBS8yBSLRiHumjZXcxZdCJ2gJ3PN//X8DKdsEFfZyS03lbJtPpwETgpeWpRbsMxfQb2ZkR4zYNi/IOOKYxW2h6DYBHahN3DBS7wY54AIgap8IMAtBJ3imo77+vAeAeZ/0aPq3XJoGdg4+WHDWkxectcZoZROe8Qgnq4tV2yiT2Mx5wmoK+Kw1u33egtwLCEBDC5ZakEM7pI=,fm2_lJPETgpeWpRbsMxfQb2ZkR4zYNi/IOOKYxW2h6DYBHahN3DBS7wY54AIgap8IMAtBJ3imo77+vAeAeZ/0aPq3XJoGdg4+WHDWkxectcZoZROe8QQCY7oFTr+3MOM0p5/Cww1AsO5aHR0cHM6Ly9hcGkuZmx5LmlvL2FhYS92MZgEks5ooPjrzwAAAAEkmRcJF84AEhmjCpHOABIZowzEEMLj9PMThJElQN/ARptX7D3EILDtbLx/4cBgt6fX+zb6/FxsLxV2A/y4e4BeU1SunG+O"