added more rules + validators

2026-04-14 13:46:08 -07:00 · 2026-04-14 13:46:08 -07:00 · 45e3933dfa
commit 45e3933dfa
parent 74e1aef0b0
3 changed files with 78 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file.
 ## [v1.96.0]
 - Added live HTTP validation for 18 rules across 15 providers: Val Town, Polar, hCaptcha, Thunderstore, Elastic Cloud (2 rules), LlamaCloud, Gemfury (2 rules), Vonage, ThingsBoard, Zapier, Facebook Access Token, GitLab Session Cookie, PostHog Feature Flags, Unkey API Key, and Hop.io (2 rules).
 - Added revocation support for 7 rules across 6 providers: Discord webhooks (single-step DELETE), DigitalOcean PATs (self-revoke via OAuth), and multi-step HttpMultiStep revocation for LaunchDarkly, Resend, Linode, and Netlify (2 rules). Built-in revocation coverage is now 34 provider families with 53 revocation-enabled rules.
- Added 59 new detection rules across 44 providers: Axiom (API token + PAT), Trigger.dev (secret key + PAT), Dub.co, Svix webhook signing secret, Liveblocks, Inngest (signing key + event key), Seam, Courier, Cal.com, Arcjet, WarpStream, Mem0, Mintlify, Pirsch, Tinybird, Tolgee (project key + PAT), Ory (API key + session + OAuth2 tokens), Xendit, Xata, Crossmint (server + client keys), DeepL (Free + Pro), Flagsmith, E2B, Infisical, WooCommerce (consumer key + secret), Nightfall AI, Ramp (client ID + secret), Hex.pm (personal + workspace tokens), Convex deploy key, MiniMax, Mappedin (key + secret), Pollinations (secret + publishable), Fal.ai, Aikido, Hack Club, GuardSquare, Browser Use, Composio, Mastra, redirect.pizza, Upstash, and WorkOS. Also added new prefixed-token rules for Netlify (`nfp_`), Cloudflare (`cfut_`), and Supabase (`sb_publishable_`). Added live HTTP validation for 28 of these rules.
+- Added 61 new detection rules across 46 providers: Axiom (API token + PAT), Trigger.dev (secret key + PAT), Dub.co, Svix webhook signing secret, Liveblocks, Inngest (signing key + event key), Seam, Courier, Cal.com, Arcjet, WarpStream, Mem0, Mintlify, Pirsch, Tinybird, Tolgee (project key + PAT), Ory (API key + session + OAuth2 tokens), Xendit, Xata, Crossmint (server + client keys), DeepL (Free + Pro), Flagsmith, E2B, Infisical, WooCommerce (consumer key + secret), Nightfall AI, Ramp (client ID + secret), Hex.pm (personal + workspace tokens), Convex deploy key, MiniMax, Mappedin (key + secret), Pollinations (secret + publishable), Fal.ai, Aikido, Hack Club, GuardSquare, Browser Use, Composio, Gamma, Hex.tech, Mastra, redirect.pizza, Upstash, and WorkOS. Also added new prefixed-token rules for Netlify (`nfp_`), Cloudflare (`cfut_`), and Supabase (`sb_publishable_`). Added live HTTP validation for 30 of these rules.
 - Removed 17 direct dependencies from the root crate by dropping unused deps (`p256`, `ed25519-dalek`, `jsonwebtoken`, `gitlab`, `lazy_static`, `base32`, `pem`, `byteorder`, `reqwest-middleware`, `sha1`, `time`, `ring`, `num_cpus`, `strum_macros`), replacing `once_cell` with `std::sync::{LazyLock, OnceLock}`, and using `std::thread::available_parallelism()` in place of `num_cpus`. Salt generation now uses `rand` instead of `ring`, and all `strum_macros::Display` imports are consolidated under `strum::Display`.

 ## [v1.95.0]
--- a/crates/kingfisher-rules/data/rules/gamma.yml
+++ b/crates/kingfisher-rules/data/rules/gamma.yml
@ -0,0 +1,37 @@
+rules:
+  - name: Gamma API Key
+    id: kingfisher.gamma.1
+    pattern: |
+      (?x)
+      \b
+      (
+        sk-gamma-
+        [A-Za-z0-9_-]{8}
+        (?:[A-Za-z0-9_-]{8}){3,7}
+      )
+      \b
+    confidence: medium
+    min_entropy: 3.5
+    validation:
+      type: Http
+      content:
+        request:
+          method: GET
+          url: https://public-api.gamma.app/v1.0/themes?limit=1
+          headers:
+            X-API-KEY: "{{ TOKEN }}"
+            Accept: application/json
+          response_matcher:
+            - report_response: true
+            - type: StatusMatch
+              status: [200]
+            - type: WordMatch
+              words:
+                - '"data"'
+                - '"hasMore"'
+              match_all_words: true
+    references:
+      - https://developers.gamma.app/readme
+      - https://developers.gamma.app/docs/workspace/list-themes
+    examples:
+      - 'GAMMA_API_KEY="sk-gamma-a1b2c3d4E5f6g7h8I9j0k1l2M3n4o5p6"'
--- a/crates/kingfisher-rules/data/rules/hex.yml
+++ b/crates/kingfisher-rules/data/rules/hex.yml
@ -0,0 +1,40 @@
+rules:
+  - name: Hex Technologies API Token
+    id: kingfisher.hex.1
+    pattern: |
+      (?xi)
+      \b
+      (
+        hxt[wp]_
+        [a-f0-9]{16}
+        (?:[a-f0-9]{16}){5}
+      )
+      \b
+    pattern_requirements:
+      min_digits: 12
+    confidence: medium
+    min_entropy: 3.5
+    validation:
+      type: Http
+      content:
+        request:
+          method: GET
+          url: https://app.hex.tech/api/v1/projects?limit=1
+          headers:
+            Authorization: "Bearer {{ TOKEN }}"
+            Accept: application/json
+          response_matcher:
+            - report_response: true
+            - type: StatusMatch
+              status: [200]
+            - type: WordMatch
+              words:
+                - '"values"'
+                - '"pagination"'
+              match_all_words: true
+    references:
+      - https://learn.hex.tech/docs/api-integrations/api/overview
+      - https://learn.hex.tech/docs/api-integrations/api/reference
+    examples:
+      - "HEX_API_TOKEN=hxtp_0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
+      - "HEX_WORKSPACE_TOKEN=hxtw_fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210"