diff --git a/crates/kingfisher-rules/data/rules/adobe.yml b/crates/kingfisher-rules/data/rules/adobe.yml index 5983e12..02ea4cb 100644 --- a/crates/kingfisher-rules/data/rules/adobe.yml +++ b/crates/kingfisher-rules/data/rules/adobe.yml @@ -71,9 +71,10 @@ rules: - | { "adobe_client_credentials": { - "client_id": "a65b0146769d433a835f36660881db50", - "client_secret": "p8e-ibndcvsmAp9ZgPBZ606FSlYIZVlsZ-g5" - }, + "client_id": "a65b0146769d433a835f36660881db50", + "client_secret": "p8e-ibndcvsmAp9ZgPBZ606FSlYIZVlsZ-g5" + } + } depends_on_rule: - rule_id: "kingfisher.adobe.4" variable: ADOBE_CLIENT_ID @@ -120,6 +121,7 @@ rules: - | { "adobe_client_credentials": { - "client_id": "a65b0146769d433a835f36660881db50", - "client_secret": "p8e-ibndcvsmAp9ZgPBZ606FSlYIZVlsZ-g5" - }, + "client_id": "a65b0146769d433a835f36660881db50", + "client_secret": "p8e-ibndcvsmAp9ZgPBZ606FSlYIZVlsZ-g5" + } + } diff --git a/crates/kingfisher-rules/data/rules/tableau.yml b/crates/kingfisher-rules/data/rules/tableau.yml index 14b0510..57127c5 100644 --- a/crates/kingfisher-rules/data/rules/tableau.yml +++ b/crates/kingfisher-rules/data/rules/tableau.yml @@ -13,7 +13,7 @@ rules: X-Tableau-Auth (?:.|[\n\r]){0,16}? ) - ( + (?: (?P[A-Za-z0-9+/]{12,24} (?:={1,2})? ) diff --git a/crates/kingfisher-scanner/src/validation/http_validation.rs b/crates/kingfisher-scanner/src/validation/http_validation.rs index 2fb1f0e..0862323 100644 --- a/crates/kingfisher-scanner/src/validation/http_validation.rs +++ b/crates/kingfisher-scanner/src/validation/http_validation.rs @@ -76,6 +76,10 @@ fn format_rfc1123(now: OffsetDateTime) -> String { rendered.strip_suffix(" +0000").map(|prefix| format!("{prefix} GMT")).unwrap_or(rendered) } +pub fn is_auto_provided_request_var(var: &str) -> bool { + matches!(var, "REQUEST_RFC1123_DATE" | "REQUEST_UNIX_MILLIS") +} + /// Clone `globals` and add stable request-scoped values for templated request rendering. /// /// These values are computed once so the same generated timestamp can be reused across the URL, diff --git a/docs/RULES.md b/docs/RULES.md index 6386da9..9fca4a8 100644 --- a/docs/RULES.md +++ b/docs/RULES.md @@ -943,4 +943,5 @@ rules: words: ['"Arn"'] depends_on_rule: - rule_id: kingfisher.alibabacloud.1 - variable: AKID``` + variable: AKID +``` diff --git a/src/direct_validate.rs b/src/direct_validate.rs index 9a03bbe..77365df 100644 --- a/src/direct_validate.rs +++ b/src/direct_validate.rs @@ -29,6 +29,7 @@ use crate::{ azure::validate_azure_storage_credentials, coinbase::validate_cdp_api_key, gcp::GcpValidator, + httpvalidation::is_auto_provided_request_var, httpvalidation::validate_response, httpvalidation::{build_request_builder, retry_request}, jdbc::validate_jdbc, @@ -133,10 +134,6 @@ fn extract_template_vars(text: &str) -> BTreeSet { re.captures_iter(text).filter_map(|cap| cap.get(1).map(|m| m.as_str().to_uppercase())).collect() } -fn is_auto_provided_request_var(var: &str) -> bool { - matches!(var, "REQUEST_RFC1123_DATE" | "REQUEST_UNIX_MILLIS") -} - /// Extract all template variables used in a validation configuration. fn extract_validation_vars(validation: &Validation) -> BTreeSet { let mut vars = BTreeSet::new(); diff --git a/src/parser/html.rs b/src/parser/html.rs index 0a2aeac..02a3482 100644 --- a/src/parser/html.rs +++ b/src/parser/html.rs @@ -1,5 +1,5 @@ use anyhow::Result; -use tl::{Node, ParserOptions}; +use tl::ParserOptions; use super::{css, lexer, Language}; @@ -53,10 +53,7 @@ where } } _ => { - if !inner_text.is_empty() - && !matches!(node, Node::Comment(_)) - && !sink(&format!("{tag_name} = {inner_text}")) - { + if !inner_text.is_empty() && !sink(&format!("{tag_name} = {inner_text}")) { return Ok(()); } } diff --git a/src/reporter.rs b/src/reporter.rs index 9233cc7..7999651 100644 --- a/src/reporter.rs +++ b/src/reporter.rs @@ -12,6 +12,8 @@ use schemars::JsonSchema; use serde::Serialize; use url::Url; +use kingfisher_scanner::validation::http_validation::is_auto_provided_request_var; + use crate::{ access_map::{AccessSummary, AccessTokenDetails, ProviderMetadata, ResourceExposure}, blob::BlobMetadata, @@ -86,10 +88,6 @@ fn extract_template_vars(text: &str) -> BTreeSet { vars } -fn is_auto_provided_request_var(var: &str) -> bool { - matches!(var, "REQUEST_RFC1123_DATE" | "REQUEST_UNIX_MILLIS") -} - fn required_vars_for_validation(validation: &crate::rules::Validation) -> BTreeSet { use crate::rules::Validation; let mut vars = BTreeSet::new(); diff --git a/src/validation_rate_limit.rs b/src/validation_rate_limit.rs index 9eb9eb8..e7413cb 100644 --- a/src/validation_rate_limit.rs +++ b/src/validation_rate_limit.rs @@ -117,11 +117,8 @@ fn selector_matches(rule_id: &str, selector: &str) -> bool { || rule_id.strip_prefix(selector).is_some_and(|suffix| suffix.starts_with('.')) } -pub fn should_rate_limit_validation(validation: &Validation) -> bool { - match validation { - Validation::Raw(raw) => raw != "custom", - _ => true, - } +pub fn should_rate_limit_validation(_validation: &Validation) -> bool { + true } #[cfg(test)] @@ -178,7 +175,7 @@ mod tests { } #[test] - fn should_skip_rate_limit_for_raw_validation() { - assert!(!should_rate_limit_validation(&Validation::Raw("custom".to_string()))); + fn should_rate_limit_raw_validation() { + assert!(should_rate_limit_validation(&Validation::Raw("azurebatch".to_string()))); } }