added rules for nasa, teamcity

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 All notable changes to this project will be documented in this file.
 
+## [1.17.0]
+- Updated README to give proper attribution to Nosey Parker!
+- Added rules for sonarcloud, sonarqube, sourcegraph, shopify, truenas, squaare, sendgrid
+
 ## [1.16.0]
 - Fix: HTML detection now requires both HTML content-type and "<html" tag, fixing webhook false negatives
 - Removed cargo-nextest installation during test running

Cargo.toml

@@ -10,7 +10,7 @@ publish = false
 
 [package]
 name = "kingfisher"
-version = "1.16.0"
+version = "1.17.0"
 edition.workspace = true
 rust-version.workspace = true
 license.workspace = true

data/rules/nasa.yml

@@ -0,0 +1,35 @@
+rules:
+  - name: NASA API Key
+    id: kingfisher.nasa.1
+    pattern: |
+      (?xi)
+      \b
+      nasa\.gov/.{0,200}
+      (?:.|[\n\r]){0,32}?
+      (?:SECRET|PRIVATE|ACCESS|KEY|TOKEN)
+      (?:.|[\n\r]){0,32}?
+      (
+        [A-Z0-9]{40}
+      )
+      \b
+    examples:
+      - |
+          get('https://api.nasa.gov/planetary/earth/imagery?api_key=fWfSMcDzyHfMuH8BW6jiIUBYaj0hKRyKBRTBqgEQ')
+            .then(...)
+    references:
+      - https://api.nasa.gov
+    validation:
+      type: Http
+      content:
+        request:
+          method: GET
+          url: https://api.nasa.gov/planetary/apod?date=1995-06-16&api_key={{ TOKEN }}
+          headers:
+            Accept: application/json
+        response_matcher:
+          - report_response: true
+          - type: StatusMatch         
+            status: [200]
+          - type: WordMatch
+            words:
+              - '"url":'

data/rules/sendgrid.yml

@@ -0,0 +1,38 @@
+rules:
+  - name: Sendgrid API token
+    id: kingfisher.sendgrid.1
+    pattern: |
+      (?xi)
+      \b
+      (
+        SG
+        \.
+        [0-9A-Z_-]{20,24}
+        \.
+        [0-9A-Z_-]{39,47}
+      )
+      \b
+    min_entropy: 3.5
+    confidence: medium
+    examples:
+      - "      'SENDGRID_API_KEYSID': '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'"
+      - "var sendgrid = require('sendgrid')('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');"
+      - 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
+    references:
+      - https://docs.sendgrid.com/ui/account-and-settings/api-keys
+    validation:
+      type: Http
+      content:
+        request:
+          method: GET
+          url: https://api.sendgrid.com/v3/user/account
+          headers:
+            Authorization: "Bearer {{ TOKEN }}"
+            Accept: application/json
+          response_matcher:
+            - report_response: true
+            - type: StatusMatch    
+              status: [200]
+            - type: WordMatch      
+              match_all_words: true
+              words: ['"reputation"', '"type"']

data/rules/square.yml

@@ -0,0 +1,80 @@
+rules:
+  - name: Square Access Token
+    id: kingfisher.square.1
+    pattern: |
+      (?xi)
+      \b
+      square
+      (?:.|[\n\r]){0,16}?
+      \b
+      (
+        EAAA[a-z0-9\-\+=]{60}
+      )
+    min_entropy: 3.3
+    confidence: medium
+    examples:
+      - square EAAA7h9fL9zQJR8P0eAioAf9239345rDA2349bQ8edUA9FgA5JojdsF3A9f6nKLmn
+      - square EAAAvlYh9H7dZwC9ash2hrHjtlL5D2srERGK5OM6F2nvle23he3NzA60PAeFXNHj
+    validation:
+      type: Http
+      content:
+        request:
+          method: GET
+          url: https://connect.squareup.com/v2/locations
+          headers:
+            Authorization: "Bearer {{ TOKEN }}"
+            Accept: application/json
+          response_matcher:
+            - report_response: true
+            - type: StatusMatch
+              status: [200]
+            - type: WordMatch     
+              words: ['"locations":']
+
+  - name: Square Access Token
+    id: kingfisher.square.2
+    pattern: '(?i)\b(sq0atp-[a-z0-9_-]{22})\b'
+    min_entropy: 3.3
+    confidence: medium
+    examples:
+      - sq0atp-wQVXa6wRBlEEsd5OQtD7zg
+      - sq0atp-ZrEYj3nWPlEPo1PzHeI7xA
+    validation:
+      type: Http
+      content:
+        request:
+          method: GET
+          url: https://connect.squareup.com/v2/locations
+          headers:
+            Authorization: "Bearer {{ TOKEN }}"
+            Accept: application/json
+          response_matcher:
+            - report_response: true
+            - type: StatusMatch
+              status: [200]
+            - type: WordMatch
+              words: ['"locations":']
+
+  - name: Square OAuth Secret
+    id: kingfisher.square.3
+    pattern: '(?i)\b(sq0csp-[a-z0-9_-]{43})\b'
+    min_entropy: 3.3
+    confidence: medium
+    examples:
+      - sq0csp-pyRoa8ZyBlEisE5NQtN7sS-PqR6sK3W9JoF_Ov3Es2M
+      - sq0csp-P9QoCwVRh4tnAS8NbPGoGy-9psN3-8BGz3uNq5D_EFM
+    validation:
+      type: Http
+      content:
+        request:
+          method: GET
+          url: https://connect.squareup.com/v2/locations
+          headers:
+            Authorization: "Bearer {{ TOKEN }}"
+            Accept: application/json
+          response_matcher:
+            - report_response: true
+            - type: StatusMatch
+              status: [200]
+            - type: WordMatch
+              words: ['"locations":']

data/rules/teamcity.yml

@@ -0,0 +1,18 @@
+rules:
+  - name: TeamCity API Token
+    id: kingfisher.teamcity.1
+    # This is a JWT-like format that always seems to have the same `{"typ": "TCV2"}` header.
+    # Note that the payload part does not decode as a JSON object, and hence makes this an invalid JWT.
+    pattern: |
+      (?x)
+      \b (
+      eyJ0eXAiOiAiVENWMiJ9             (?# decodes to `{"typ": "TCV2"}` )
+      \.
+      [A-Za-z0-9_-]{36}
+      \.
+      [A-Za-z0-9_-]{48}
+      )
+    examples:
+      - '<add key="ClearTextPassword" value="eyJ0eXAiOiAiVENWMiJ9.RkNWLXdXS3M1RVBfencxM4A0WmJzdVlCQzFj.OGY1OWRkNGMtYTUxYS04ZDYwLWFiZGYtZWE5MWFhZWJiODhh" />'
+    references:
+      - https://www.jetbrains.com/help/teamcity/rest/teamcity-rest-api-documentation.html