diff --git a/CHANGELOG.md b/CHANGELOG.md index c760c91..64aa8a1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,7 @@ All notable changes to this project will be documented in this file. ## [1.42.0] -- Added rules for authress, clickhouse +- Added rules for authress, clickhouse, codecov, contentful, curl, dropbox, fly.io - Internal refactoring of rule loader, git enumerator, and filetype guesser - Improved language detection diff --git a/data/rules/baremetrics.yml b/data/rules/baremetrics.yml index 2036d18..ce0f37a 100644 --- a/data/rules/baremetrics.yml +++ b/data/rules/baremetrics.yml @@ -2,8 +2,8 @@ rules: - name: Baremetrics API Key id: kingfisher.baremetrics.1 pattern: | - (?xi) - \b + (?xi) + \b baremetrics (?:.|[\n\r]){0,32}? \b diff --git a/data/rules/clickhouse.yml b/data/rules/clickhouse.yml index 8e3d7c4..57317b9 100644 --- a/data/rules/clickhouse.yml +++ b/data/rules/clickhouse.yml @@ -41,7 +41,7 @@ rules: \b clickhouse (?:.|[\n\r]){0,16}? - (?:\bID|\bUSER) + (?:ID|USER) (?:.|[\n\r]){0,16}? \b ( diff --git a/data/rules/clojars.yml b/data/rules/clojars.yml new file mode 100644 index 0000000..58fb19d --- /dev/null +++ b/data/rules/clojars.yml @@ -0,0 +1,37 @@ +rules: + - name: Clojars Username + id: kingfisher.clojars.1 + pattern: | + (?xi) + \b + clojars + (?:.|[\n\r]){0,32}? + (?:ID|USER) + (?:.|[\n\r]){0,16}? + \b + ( + [a-zA-Z0-9_-]{3,} + ) + \b + confidence: medium + min_entropy: 1.5 + visible: false + examples: + - "clojars_user = my-username" + + - name: Clojars API Token + id: kingfisher.clojars.2 + pattern: | + (?xi) + \b + ( + CLOJARS_[a-z0-9]{60} + ) + \b + confidence: medium + min_entropy: 4.0 + examples: + - "CLOJARS_7a0b5c647fdca75616e99a5629ba28955e53faf6391b1b4461ccd972b0e2" + references: + - https://github.com/clojars/clojars-web/wiki/API + - https://github.com/clojars/clojars-web/wiki/Tutorial-for-library-authors \ No newline at end of file diff --git a/data/rules/codecov.yml b/data/rules/codecov.yml new file mode 100644 index 0000000..1bc5e7a --- /dev/null +++ b/data/rules/codecov.yml @@ -0,0 +1,36 @@ +rules: + - name: Codecov Access Token + id: kingfisher.codecov.1 + pattern: | + (?xi) + \b + codecov + (?:.|[\n\r]){0,32}? + (?:SECRET|PRIVATE|ACCESS|KEY|TOKEN) + (?:.|[\n\r]){0,32}? + ( + [A-Z0-9-]{36} + ) + \b + confidence: medium + min_entropy: 3.5 + validation: + type: Http + content: + request: + method: GET + url: "https://api.codecov.io/api/v2/github/" + headers: + Authorization: "Bearer {{TOKEN}}" + Accept: application/json + response_matcher: + - report_response: true + - type: StatusMatch + status: [200] + - type: WordMatch + words: + - '"count":' + references: + - https://docs.codecov.com/reference/api-overview + examples: + - "codecov_token = 52acf265-3fc6-4ecd-304a-15940bd04653" diff --git a/data/rules/contentful.yml b/data/rules/contentful.yml new file mode 100644 index 0000000..3846abf --- /dev/null +++ b/data/rules/contentful.yml @@ -0,0 +1,74 @@ +rules: + - name: Contentful Delivery API Token + id: kingfisher.contentful.1 + pattern: | + (?xi) + \b + contentful + (?:.|[\n\r]){0,32}? + (?:SECRET|PRIVATE|ACCESS|KEY|TOKEN) + (?:.|[\n\r]){0,32}? + \b + ( + [a-zA-Z0-9_-]{43,45} + ) + \b + confidence: medium + min_entropy: 4.0 + validation: + type: Http + content: + request: + method: GET + url: "https://cdn.contentful.com/spaces" + headers: + Authorization: "Bearer {{TOKEN}}" + response_matcher: + - report_response: true + - type: StatusMatch + status: [200] + - type: WordMatch + words: + - '"sys":' + - '"type":"Array"' + - '"items":' + match_all_words: true + references: + - https://www.contentful.com/developers/docs/references/content-delivery-api/ + examples: + - "contentful_delivery_token = wJz-g_tqZ-8n_abcdefghijklmnopqrstuvwxyz12345" + + - name: Contentful Personal Access Token + id: kingfisher.contentful.2 + pattern: | + (?xi) + \b + ( + CFPAT-[A-Z0-9_-]{43} + ) + \b + confidence: medium + min_entropy: 3.5 + validation: + type: Http + content: + request: + method: GET + url: "https://api.contentful.com/users/me" + headers: + Authorization: "Bearer {{TOKEN}}" + response_matcher: + - report_response: true + - type: StatusMatch + status: [200] + - type: WordMatch + words: + - '"firstName":' + - '"lastName":' + match_all_words: true + references: + - https://www.contentful.com/developers/docs/references/content-management-api/#/reference/users/user + examples: + - "CFPAT-Cq3AarsJCDvdG9PYAJ3Y00crCG5nEPAAfVZ2LAldCsQ" + - "CFPAT-WFWEK_dWYIW0-uamOjhUBAJJ9NqQisr1x_ylb4z1vcQ" + - "CFPAT-lkITY2pqeiE0_p9TxUZrGAhfHJIiwYtbtr769y4_AYY" diff --git a/data/rules/curl.yml b/data/rules/curl.yml new file mode 100644 index 0000000..4f28cfe --- /dev/null +++ b/data/rules/curl.yml @@ -0,0 +1,24 @@ +rules: + - name: Curl Basic Authentication Credentials + id: kingfisher.curl.1 + pattern: '(?i)\bcurl\s.*(?:-u|--user)\s+[''"]?(?P[^:''"\s]+:[^''"\s]+)[''"]?' + confidence: low + min_entropy: 3.0 + references: + - https://curl.se/docs/manpage.html#-u + examples: + - 'curl --cacert ca.crt -u elastic:P@ssw0rd$1 https://localhost:9200' + - 'curl -u developer:yqDVtkqPECriaLRi' + - 'curl --user roger23@gmail.com:pQ9wTxu4Fg https://www.dropbox.com' + + - name: Curl Header Authentication + id: kingfisher.curl.2 + pattern: '(?i)\bcurl\s.*(?:-H|--header)\s+[''"]Authorization:\s*(?:Bearer|Basic|Token)\s+(?P[a-zA-Z0-9+/=_-]{20,})[''"]' + confidence: low + min_entropy: 3.5 + references: + - https://curl.se/docs/manpage.html#-H + examples: + - 'curl -H ''Authorization: Basic YnJvd3Nlcjo=''' + - 'curl -H "Authorization: Bearer cfcabd11c7ed9a41b1a3e063c32d5114"' + - 'curl -H "Authorization: Token 22cb987851bc5659229114c62e60c79abd0d2c08"' diff --git a/data/rules/dropbox.yml b/data/rules/dropbox.yml new file mode 100644 index 0000000..d7d4766 --- /dev/null +++ b/data/rules/dropbox.yml @@ -0,0 +1,34 @@ +rules: + - name: Dropbox API secret/key + id: kingfisher.dropbox.1 + pattern: | + (?xi) + \b + sl\. + ( + [A-Z0-9\-\_]{130,152} + ) + \b + min_entropy: 3.3 + confidence: medium + examples: + - 'curl -X POST https://api.dropboxapi.com/2/users/get_current_account --header "Authorization: Bearer sl.hAi61Jx1hs3XlhrnsCxnctrEmxK2Q-UK29hbdxxHyAykldSeHmipBAauxTzuBEIqt2jdyyUZw8kgY3t_ars-PNIPS27ySa1ab22132U3sUuqYTXHzf2XlvMxSesUhkzx2G11_9W1f-eo"' + - ' "access_token": "sl.AbX9y6Fe3AuH5o66-gmJpR032jwAwQPIVVzWXZNkdzcYT02akC2de219dZi6gxYPVnYPrpvISRSf9lxKWJzYLjtMPH-d9fo_0gXex7X37VIvpty4-G8f4-WX45AcEPfRnJJDwzv-",' + - 'curl -X POST https://api.dropboxapi.com/2/users/get_current_account --header "Authorization: Bearer sl.hAi61Jx1hs3XlhrnsCxnctrEmxK2Q-UK29hbdxxHyAykldSeHmipBAauxTzuBEIqt2jdyyUZw8kgY3t_ars-PNIPS27ySa1ab22132U3sUuqYTXHzf2XlvMxSesUhkzx2G11_9W1f-eo"' + - ' "access_token": "sl.AbX9y6Fe3AuH5o66-gmJpR032jwAwQPIVVzWXZNkdzcYT02akC2de219dZi6gxYPVnYPrpvISRSf9lxKWJzYLjtMPH-d9fo_0gXex7X37VIvpty4-G8f4-WX45AcEPfRnJJDwzv-",' + - sl.lMcWXvCOCR9yRAOXwDg1V_VTsbEXdu3Xpsgg35GQTrDahoIuUnij4H5b6bMnwobZx4XnniaQappZU9j-CCWd-LYW81juiU04-yvLhOPV47Nj7Fs8XSE-CweZp6j9nw4E2oWWJ5 + validation: + type: Http + content: + request: + headers: + Authorization: Bearer {{ TOKEN }} + method: POST + response_matcher: + - report_response: true + - match_all_words: true + type: WordMatch + words: + - '"account_id":' + - '"email":' + url: https://api.dropboxapi.com/2/users/get_current_account \ No newline at end of file diff --git a/data/rules/flyio.yml b/data/rules/flyio.yml new file mode 100644 index 0000000..98b3a6a --- /dev/null +++ b/data/rules/flyio.yml @@ -0,0 +1,36 @@ +rules: + - name: Fly.io API Token + id: kingfisher.flyio.1 + pattern: | + (?x) + \b + ( + FlyV1\s[A-Za-z0-9=_\-,/+]{100,} + ) + \b + confidence: medium + min_entropy: 4.0 + validation: + type: Http + content: + request: + method: POST + url: "https://api.fly.io/graphql" + headers: + Authorization: "Bearer {{TOKEN}}" + Content-Type: "application/json" + body: '{"query":"query { viewer { id email name } }"}' + response_matcher: + - report_response: true + - type: StatusMatch + status: [200] + - type: WordMatch + words: + - '"data":' + - '"viewer":' + - '"email":' + match_all_words: true + references: + - https://fly.io/docs/reference/graphql/ + examples: + - "FlyV1 fm2_lJPECAAAAAAACcIGxBBr3eFBrCTMuIb8FOeUWTf0wrVodHRwczovL2FwaS5mbHkuaW8vdjGUAJLOABLVch8Lk7lodHRwczovL2FwaS5mbHkuaW8vYWFhL3YxxDymEU+hbM4EZ6KeG6k1EWHesm6buoSgwBS8yBSLRiHumjZXcxZdCJ2gJ3PN//X8DKdsEFfZyS03lbJtPpwETgpeWpRbsMxfQb2ZkR4zYNi/IOOKYxW2h6DYBHahN3DBS7wY54AIgap8IMAtBJ3imo77+vAeAeZ/0aPq3XJoGdg4+WHDWkxectcZoZROe8Qgnq4tV2yiT2Mx5wmoK+Kw1u33egtwLCEBDC5ZakEM7pI=,fm2_lJPETgpeWpRbsMxfQb2ZkR4zYNi/IOOKYxW2h6DYBHahN3DBS7wY54AIgap8IMAtBJ3imo77+vAeAeZ/0aPq3XJoGdg4+WHDWkxectcZoZROe8QQCY7oFTr+3MOM0p5/Cww1AsO5aHR0cHM6Ly9hcGkuZmx5LmlvL2FhYS92MZgEks5ooPjrzwAAAAEkmRcJF84AEhmjCpHOABIZowzEEMLj9PMThJElQN/ARptX7D3EILDtbLx/4cBgt6fX+zb6/FxsLxV2A/y4e4BeU1SunG+O"