From 4b89cd06061134ca1b72e01909f801458ab217f8 Mon Sep 17 00:00:00 2001 From: Mick Grove Date: Mon, 13 Apr 2026 21:44:45 -0700 Subject: [PATCH] cleaned up dependency tree --- CHANGELOG.md | 4 + Cargo.lock | 271 +++++++++--------- .../data/rules/digitalocean.yml | 13 + .../kingfisher-rules/data/rules/discord.yml | 10 + .../kingfisher-rules/data/rules/elastic.yml | 32 +++ .../kingfisher-rules/data/rules/gemfury.yml | 34 ++- .../kingfisher-rules/data/rules/hcaptcha.yml | 18 ++ .../data/rules/launchdarkly.yml | 28 ++ crates/kingfisher-rules/data/rules/linode.yml | 28 ++ .../data/rules/llamacloud.yml | 15 +- .../kingfisher-rules/data/rules/mailgun.yml | 3 + .../kingfisher-rules/data/rules/netlify.yml | 58 +++- crates/kingfisher-rules/data/rules/polar.yml | 16 ++ crates/kingfisher-rules/data/rules/resend.yml | 28 ++ .../data/rules/thingsboard.yml | 13 + .../data/rules/thunderstore.yml | 16 ++ .../kingfisher-rules/data/rules/valtown.yml | 16 ++ crates/kingfisher-rules/data/rules/vonage.yml | 18 ++ crates/kingfisher-rules/data/rules/zapier.yml | 17 ++ docs-site/docs/changelog.md | 4 + docs-site/docs/features/revocation.md | 10 +- 21 files changed, 513 insertions(+), 139 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b32b786..a01d831 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ All notable changes to this project will be documented in this file. +## [v1.97.0] +- Added live HTTP validation for 12 rules across 10 providers: Val Town, Polar, hCaptcha, Thunderstore, Elastic Cloud (2 rules), LlamaCloud, Gemfury (2 rules), Vonage, ThingsBoard, and Zapier. +- Added revocation support for 7 rules across 6 providers: Discord webhooks (single-step DELETE), DigitalOcean PATs (self-revoke via OAuth), and multi-step HttpMultiStep revocation for LaunchDarkly, Resend, Linode, and Netlify (2 rules). Built-in revocation coverage is now 34 provider families with 53 revocation-enabled rules. + ## [v1.96.0] - Removed 17 direct dependencies from the root crate by dropping unused deps (`p256`, `ed25519-dalek`, `jsonwebtoken`, `gitlab`, `lazy_static`, `base32`, `pem`, `byteorder`, `reqwest-middleware`, `sha1`, `time`, `ring`, `num_cpus`, `strum_macros`), replacing `once_cell` with `std::sync::{LazyLock, OnceLock}`, and using `std::thread::available_parallelism()` in place of `num_cpus`. Salt generation now uses `rand` instead of `ring`, and all `strum_macros::Display` imports are consolidated under `strum::Display`. diff --git a/Cargo.lock b/Cargo.lock index f099c6a..cbd5d4a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -152,9 +152,9 @@ dependencies = [ [[package]] name = "arc-swap" -version = "1.9.0" +version = "1.9.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a07d1f37ff60921c83bdfc7407723bdefe89b44b98a9b772f225c8f9d67141a6" +checksum = "6a3a1fd6f75306b68087b831f025c712524bcb19aad54e557b1129cfa0a2b207" dependencies = [ "rustversion", ] @@ -458,9 +458,9 @@ dependencies = [ [[package]] name = "aws-sdk-ec2" -version = "1.220.1" +version = "1.221.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1065222c6fe7bed0ef49acf2bfdba8ab9b59cc14bc534772d575b365601cd557" +checksum = "a69e9d56d1e78b55a38db4bf5bb302fb975a21d888e2782330dce7dfb89c148f" dependencies = [ "aws-credential-types", "aws-runtime", @@ -483,9 +483,9 @@ dependencies = [ [[package]] name = "aws-sdk-ecr" -version = "1.113.0" +version = "1.114.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92d33383dee4edb69817be9cf115da186d042285a999aaa293f2ce62488446eb" +checksum = "8bd79cc872923874e31b7bba0f5f0dab4880b82ca417c0c669e43ad6891f5d9e" dependencies = [ "aws-credential-types", "aws-runtime", @@ -556,9 +556,9 @@ dependencies = [ [[package]] name = "aws-sdk-lambda" -version = "1.119.0" +version = "1.120.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9bcacc7c2d94698c49fb73086d16ccdff68442ed21a70fbaa924c46158e37a93" +checksum = "71e4fb08743829769afb7741924d2a0fd88a6020a9ef55bfc95b855bd6a145d7" dependencies = [ "aws-credential-types", "aws-runtime", @@ -608,9 +608,9 @@ dependencies = [ [[package]] name = "aws-sdk-s3" -version = "1.128.0" +version = "1.129.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "99304b64672e0d81a3c100a589b93d9ef5e9c0ce12e21c848fd39e50f493c2a1" +checksum = "6d4e8410fadbc0ee453145dd77a4958227b18b05bf67c2795d0a8b8596c9aa0f" dependencies = [ "aws-credential-types", "aws-runtime", @@ -914,7 +914,7 @@ dependencies = [ "hyper-rustls", "hyper-util", "pin-project-lite", - "rustls 0.23.37", + "rustls 0.23.38", "rustls-native-certs 0.8.3", "rustls-pki-types", "tokio", @@ -1253,8 +1253,8 @@ dependencies = [ "log", "num", "pin-project-lite", - "rand 0.9.2", - "rustls 0.23.37", + "rand 0.9.4", + "rustls 0.23.38", "rustls-native-certs 0.8.3", "rustls-pki-types", "serde", @@ -1334,10 +1334,10 @@ dependencies = [ "getrandom 0.2.17", "getrandom 0.3.4", "hex", - "indexmap 2.13.0", + "indexmap 2.14.0", "js-sys", "once_cell", - "rand 0.9.2", + "rand 0.9.4", "serde", "serde_bytes", "serde_json", @@ -1457,9 +1457,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.2.58" +version = "1.2.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e1e928d4b69e3077709075a938a05ffbedfa53a84c8f766efbf8220bb1ff60e1" +checksum = "43c5703da9466b66a946814e1adf53ea2c90f10063b86290cc9eb67ce3478a20" dependencies = [ "find-msvc-tools", "jobserver", @@ -1493,7 +1493,7 @@ checksum = "6f8d983286843e49675a4b7a2d174efe136dc93a18d69130dd18198a6c167601" dependencies = [ "cfg-if", "cpufeatures 0.3.0", - "rand_core 0.10.0", + "rand_core 0.10.1", ] [[package]] @@ -1605,9 +1605,9 @@ dependencies = [ [[package]] name = "cmov" -version = "0.5.2" +version = "0.5.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "de0758edba32d61d1fd9f4d69491b47604b91ee2f7e6b33de7e54ca4ebe55dc3" +checksum = "3f88a43d011fc4a6876cb7344703e297c71dda42494fee094d5f7c76bf13f746" [[package]] name = "color-backtrace" @@ -1798,7 +1798,7 @@ dependencies = [ "cookie", "document-features", "idna", - "indexmap 2.13.0", + "indexmap 2.14.0", "log", "serde", "serde_derive", @@ -1996,9 +1996,9 @@ dependencies = [ [[package]] name = "ctutils" -version = "0.4.0" +version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1005a6d4446f5120ef475ad3d2af2b30c49c2c9c6904258e3bb30219bebed5e4" +checksum = "7d5515a3834141de9eafb9717ad39eea8247b5674e6066c404e8c4b365d2a29e" dependencies = [ "cmov", ] @@ -2655,9 +2655,9 @@ dependencies = [ [[package]] name = "fastrand" -version = "2.3.0" +version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "37909eebbb50d72f9059c3b6d82c0463f2ff062c9e95845c43a6c9c0355411be" +checksum = "9f1f227452a390804cdb637b74a86990f2a7d7ba4b7d5693aac9b4dd6defd8d6" [[package]] name = "ferroid" @@ -2666,7 +2666,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bb330bbd4cb7a5b9f559427f06f98a4f853a137c8298f3bd3f8ca57663e21986" dependencies = [ "portable-atomic", - "rand 0.9.2", + "rand 0.9.4", "web-time", ] @@ -3015,7 +3015,7 @@ dependencies = [ "cfg-if", "libc", "r-efi 6.0.0", - "rand_core 0.10.0", + "rand_core 0.10.1", "wasip2", "wasip3", ] @@ -4097,7 +4097,7 @@ dependencies = [ "futures-core", "futures-sink", "http 1.4.0", - "indexmap 2.13.0", + "indexmap 2.14.0", "slab", "tokio", "tokio-util", @@ -4145,6 +4145,12 @@ dependencies = [ "foldhash 0.2.0", ] +[[package]] +name = "hashbrown" +version = "0.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4f467dd6dccf739c208452f8014c75c18bb8301b050ad1cfb27153803edb0f51" + [[package]] name = "hashlink" version = "0.11.0" @@ -4204,7 +4210,7 @@ dependencies = [ "idna", "ipnet", "once_cell", - "rand 0.9.2", + "rand 0.9.4", "ring 0.17.14", "thiserror 2.0.18", "tinyvec", @@ -4226,7 +4232,7 @@ dependencies = [ "moka", "once_cell", "parking_lot 0.12.5", - "rand 0.9.2", + "rand 0.9.4", "resolv-conf", "smallvec", "thiserror 2.0.18", @@ -4416,16 +4422,15 @@ dependencies = [ [[package]] name = "hyper-rustls" -version = "0.27.7" +version = "0.27.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e3c93eb611681b207e1fe55d5a71ecf91572ec8a6705cdb6857f7d8d5242cf58" +checksum = "c2b52f86d1d4bc0d6b4e6826d960b1b333217e07d36b882dca570a5e1c48895b" dependencies = [ "http 1.4.0", "hyper", "hyper-util", - "rustls 0.23.37", + "rustls 0.23.38", "rustls-native-certs 0.8.3", - "rustls-pki-types", "tokio", "tokio-rustls 0.26.4", "tower-service", @@ -4696,12 +4701,12 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.13.0" +version = "2.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7714e70437a7dc3ac8eb7e6f8df75fd8eb422675fc7678aff7364301092b1017" +checksum = "d466e9454f08e4a911e14806c24e16fba1b4c121d1ea474396f396069cf949d9" dependencies = [ "equivalent", - "hashbrown 0.16.1", + "hashbrown 0.17.0", "serde", "serde_core", ] @@ -4937,9 +4942,9 @@ dependencies = [ [[package]] name = "js-sys" -version = "0.3.94" +version = "0.3.95" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2e04e2ef80ce82e13552136fabeef8a5ed1f985a96805761cbb9a2c34e7664d9" +checksum = "2964e92d1d9dc3364cae4d718d93f227e3abb088e747d92e0395bfdedf1c12ca" dependencies = [ "cfg-if", "futures-util", @@ -4996,7 +5001,7 @@ version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4ee7893dab2e44ae5f9d0173f26ff4aa327c10b01b06a72b52dd9405b628640d" dependencies = [ - "indexmap 2.13.0", + "indexmap 2.14.0", ] [[package]] @@ -5081,7 +5086,7 @@ dependencies = [ "pretty_assertions", "proptest", "quick-xml 0.39.2", - "rand 0.10.0", + "rand 0.10.1", "rand_chacha 0.10.0", "rayon", "regex", @@ -5090,7 +5095,7 @@ dependencies = [ "roaring", "rusqlite", "rustc-hash", - "rustls 0.23.37", + "rustls 0.23.38", "rustls-native-certs 0.8.3", "schemars 0.8.22", "self_update", @@ -5129,7 +5134,7 @@ dependencies = [ "webbrowser", "wiremock", "xxhash-rust", - "zip 8.5.0", + "zip 8.5.1", ] [[package]] @@ -5174,7 +5179,7 @@ dependencies = [ "percent-encoding", "pretty_assertions", "proptest", - "rand 0.10.0", + "rand 0.10.1", "regex", "schemars 0.8.22", "serde", @@ -5229,12 +5234,12 @@ dependencies = [ "percent-encoding", "pretty_assertions", "quick-xml 0.39.2", - "rand 0.10.0", + "rand 0.10.1", "regex", "reqwest 0.12.28", "ring 0.17.14", "rustc-hash", - "rustls 0.23.37", + "rustls 0.23.38", "rustls-native-certs 0.8.3", "schemars 0.8.22", "serde", @@ -5319,9 +5324,9 @@ checksum = "09edd9e8b54e49e587e4f6295a7d29c3ea94d469cb40ab8ca70b288248a81db2" [[package]] name = "libc" -version = "0.2.184" +version = "0.2.185" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "48f5d2a454e16a5ea0f4ced81bd44e4cfc7bd3a507b61887c99fd3538b28e4af" +checksum = "52ff2c0fe9bc6cb6b14a0592c2ff4fa9ceb83eea9db979b0487cd054946a2b8f" [[package]] name = "libgit2-sys" @@ -5353,14 +5358,14 @@ dependencies = [ [[package]] name = "libredox" -version = "0.1.15" +version = "0.1.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7ddbf48fd451246b1f8c2610bd3b4ac0cc6e149d89832867093ab69a17194f08" +checksum = "e02f3bb43d335493c96bf3fd3a321600bf6bd07ed34bc64118e9293bdffea46c" dependencies = [ "bitflags 2.11.0", "libc", "plain", - "redox_syscall 0.7.3", + "redox_syscall 0.7.4", ] [[package]] @@ -5376,9 +5381,9 @@ dependencies = [ [[package]] name = "libz-sys" -version = "1.1.25" +version = "1.1.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d52f4c29e2a68ac30c9087e1b772dc9f44a2b66ed44edf2266cf2be9b03dafc1" +checksum = "fc3a226e576f50782b3305c5ccf458698f92798987f551c6a02efe8276721e22" dependencies = [ "cc", "libc", @@ -5478,9 +5483,9 @@ dependencies = [ [[package]] name = "lru" -version = "0.16.3" +version = "0.16.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1dc47f592c06f33f8e3aea9591776ec7c9f9e4124778ff8a3c3b87159f7e593" +checksum = "7f66e8d5d03f609abc3a39e6f08e4164ebf1447a732906d39eb9b99b7919ef39" dependencies = [ "hashbrown 0.16.1", ] @@ -5726,9 +5731,9 @@ dependencies = [ "mongodb-internal-macros", "pbkdf2", "percent-encoding", - "rand 0.9.2", + "rand 0.9.4", "rustc_version_runtime", - "rustls 0.23.37", + "rustls 0.23.38", "rustversion", "serde", "serde_bytes", @@ -5795,8 +5800,8 @@ dependencies = [ "mysql_common", "pem", "percent-encoding", - "rand 0.9.2", - "rustls 0.23.37", + "rand 0.9.4", + "rustls 0.23.38", "rustls-pemfile 2.2.0", "serde", "serde_json", @@ -6187,9 +6192,9 @@ checksum = "384b8ab6d37215f3c5301a95a4accb5d64aa607f1fcb26a11b5303878451b4fe" [[package]] name = "openssl" -version = "0.10.76" +version = "0.10.77" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "951c002c75e16ea2c65b8c7e4d3d51d5530d8dfa7d060b4776828c88cfb18ecf" +checksum = "bfe4646e360ec77dff7dde40ed3d6c5fee52d156ef4a62f53973d38294dad87f" dependencies = [ "bitflags 2.11.0", "cfg-if", @@ -6225,9 +6230,9 @@ checksum = "7c87def4c32ab89d880effc9e097653c8da5d6ef28e6b539d313baaacfbafcbe" [[package]] name = "openssl-sys" -version = "0.9.112" +version = "0.9.113" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57d55af3b3e226502be1526dfdba67ab0e9c96fc293004e79576b2b9edb0dbdb" +checksum = "ad2f2c0eba47118757e4c6d2bff2838f3e0523380021356e7875e858372ce644" dependencies = [ "cc", "libc", @@ -6446,7 +6451,7 @@ checksum = "8701b58ea97060d5e5b155d383a69952a60943f0e6dfe30b04c287beb0b27455" dependencies = [ "fixedbitset", "hashbrown 0.15.5", - "indexmap 2.13.0", + "indexmap 2.14.0", "serde", ] @@ -6551,9 +6556,9 @@ dependencies = [ [[package]] name = "pkg-config" -version = "0.3.32" +version = "0.3.33" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c" +checksum = "19f132c84eca552bf34cab8ec81f1c1dcc229b811638f9d283dceabe58c5569e" [[package]] name = "plain" @@ -6598,7 +6603,7 @@ dependencies = [ "hmac 0.13.0", "md-5 0.11.0", "memchr", - "rand 0.10.0", + "rand 0.10.1", "sha2 0.11.0", "stringprep", ] @@ -6703,7 +6708,7 @@ version = "3.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e67ba7e9b2b56446f1d419b1d807906278ffa1a658a8a5d8a39dcb1f5a78614f" dependencies = [ - "toml_edit 0.25.10+spec-1.1.0", + "toml_edit 0.25.11+spec-1.1.0", ] [[package]] @@ -6758,7 +6763,7 @@ dependencies = [ "bit-vec", "bitflags 2.11.0", "num-traits", - "rand 0.9.2", + "rand 0.9.4", "rand_chacha 0.9.0", "rand_xorshift", "regex-syntax", @@ -6847,7 +6852,7 @@ dependencies = [ "quinn-proto", "quinn-udp", "rustc-hash", - "rustls 0.23.37", + "rustls 0.23.38", "socket2 0.6.3", "thiserror 2.0.18", "tokio", @@ -6865,10 +6870,10 @@ dependencies = [ "bytes", "getrandom 0.3.4", "lru-slab", - "rand 0.9.2", + "rand 0.9.4", "ring 0.17.14", "rustc-hash", - "rustls 0.23.37", + "rustls 0.23.38", "rustls-pki-types", "slab", "thiserror 2.0.18", @@ -6931,9 +6936,9 @@ dependencies = [ [[package]] name = "rand" -version = "0.9.2" +version = "0.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1" +checksum = "44c5af06bb1b7d3216d91932aed5265164bf384dc89cd6ba05cf59a35f5f76ea" dependencies = [ "rand_chacha 0.9.0", "rand_core 0.9.5", @@ -6941,13 +6946,13 @@ dependencies = [ [[package]] name = "rand" -version = "0.10.0" +version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bc266eb313df6c5c09c1c7b1fbe2510961e5bcd3add930c1e31f7ed9da0feff8" +checksum = "d2e8e8bcc7961af1fdac401278c6a831614941f6164ee3bf4ce61b7edb162207" dependencies = [ "chacha20", "getrandom 0.4.2", - "rand_core 0.10.0", + "rand_core 0.10.1", ] [[package]] @@ -6977,7 +6982,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3e6af7f3e25ded52c41df4e0b1af2d047e45896c2f3281792ed68a1c243daedb" dependencies = [ "ppv-lite86", - "rand_core 0.10.0", + "rand_core 0.10.1", ] [[package]] @@ -7000,9 +7005,9 @@ dependencies = [ [[package]] name = "rand_core" -version = "0.10.0" +version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c8d0fd677905edcbeedbf2edb6494d676f0e98d54d5cf9bda0b061cb8fb8aba" +checksum = "63b8176103e19a2643978565ca18b50549f6101881c443590420e4dc998a3c69" [[package]] name = "rand_xorshift" @@ -7015,9 +7020,9 @@ dependencies = [ [[package]] name = "rayon" -version = "1.11.0" +version = "1.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "368f01d005bf8fd9b1206fb6fa653e6c4a81ceb1466406b81792d87c5677a58f" +checksum = "fb39b166781f92d482534ef4b4b1b2568f42613b53e5b6c160e24cfbfa30926d" dependencies = [ "either", "rayon-core", @@ -7053,9 +7058,9 @@ dependencies = [ [[package]] name = "redox_syscall" -version = "0.7.3" +version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ce70a74e890531977d37e532c34d45e9055d2409ed08ddba14529471ed0be16" +checksum = "f450ad9c3b1da563fb6948a8e0fb0fb9269711c9c73d9ea1de5058c79c8d643a" dependencies = [ "bitflags 2.11.0", ] @@ -7138,7 +7143,7 @@ dependencies = [ "percent-encoding", "pin-project-lite", "quinn", - "rustls 0.23.37", + "rustls 0.23.38", "rustls-native-certs 0.8.3", "rustls-pki-types", "serde", @@ -7185,7 +7190,7 @@ dependencies = [ "percent-encoding", "pin-project-lite", "quinn", - "rustls 0.23.37", + "rustls 0.23.38", "rustls-pki-types", "rustls-platform-verifier", "serde", @@ -7441,16 +7446,16 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.37" +version = "0.23.38" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "758025cb5fccfd3bc2fd74708fd4682be41d99e5dff73c377c0646c6012c73a4" +checksum = "69f9466fb2c14ea04357e91413efb882e2a6d4a406e625449bc0a5d360d53a21" dependencies = [ "aws-lc-rs", "log", "once_cell", "ring 0.17.14", "rustls-pki-types", - "rustls-webpki 0.103.10", + "rustls-webpki 0.103.11", "subtle", "zeroize", ] @@ -7518,10 +7523,10 @@ dependencies = [ "jni 0.21.1", "log", "once_cell", - "rustls 0.23.37", + "rustls 0.23.38", "rustls-native-certs 0.8.3", "rustls-platform-verifier-android", - "rustls-webpki 0.103.10", + "rustls-webpki 0.103.11", "security-framework 3.7.0", "security-framework-sys", "webpki-root-certs", @@ -7546,9 +7551,9 @@ dependencies = [ [[package]] name = "rustls-webpki" -version = "0.103.10" +version = "0.103.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "df33b2b81ac578cabaf06b89b0631153a3f416b0a886e8a7a1707fb51abbd1ef" +checksum = "20a6af516fea4b20eccceaf166e8aa666ac996208e8a644ce3ef5aa783bc7cd4" dependencies = [ "aws-lc-rs", "ring 0.17.14", @@ -7873,7 +7878,7 @@ version = "1.0.149" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86" dependencies = [ - "indexmap 2.13.0", + "indexmap 2.14.0", "itoa", "memchr", "serde", @@ -7923,7 +7928,7 @@ dependencies = [ "chrono", "hex", "indexmap 1.9.3", - "indexmap 2.13.0", + "indexmap 2.14.0", "schemars 0.9.0", "schemars 1.2.1", "serde_core", @@ -7950,7 +7955,7 @@ version = "0.9.34+deprecated" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6a8b1a1a2ebf674015cc02edccce75287f1a0130d394307b36743c2f5d504b47" dependencies = [ - "indexmap 2.13.0", + "indexmap 2.14.0", "itoa", "ryu", "serde", @@ -8023,9 +8028,9 @@ checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" [[package]] name = "signal-hook" -version = "0.4.3" +version = "0.4.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3b57709da74f9ff9f4a27dce9526eec25ca8407c45a7887243b031a58935fb8e" +checksum = "b2a0c28ca5908dbdbcd52e6fdaa00358ab88637f8ab33e1f188dd510eb44b53d" dependencies = [ "libc", "signal-hook-registry", @@ -8748,9 +8753,9 @@ dependencies = [ [[package]] name = "tokio" -version = "1.51.0" +version = "1.51.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2bd1c4c0fc4a7ab90fc15ef6daaa3ec3b893f004f915f2392557ed23237820cd" +checksum = "f66bf9585cda4b724d3e78ab34b73fb2bbaba9011b9bfdf69dc836382ea13b8c" dependencies = [ "bytes", "libc", @@ -8803,7 +8808,7 @@ dependencies = [ "pin-project-lite", "postgres-protocol", "postgres-types", - "rand 0.10.0", + "rand 0.10.1", "socket2 0.6.3", "tokio", "tokio-util", @@ -8818,7 +8823,7 @@ checksum = "27d684bad428a0f2481f42241f821db42c54e2dc81d8c00db8536c506b0a0144" dependencies = [ "const-oid 0.9.6", "ring 0.17.14", - "rustls 0.23.37", + "rustls 0.23.38", "tokio", "tokio-postgres", "tokio-rustls 0.26.4", @@ -8841,7 +8846,7 @@ version = "0.26.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1729aa945f29d91ba541258c8df89027d5792d85a8841fb65e8bf0f4ede4ef61" dependencies = [ - "rustls 0.23.37", + "rustls 0.23.38", "tokio", ] @@ -8906,7 +8911,7 @@ version = "0.22.27" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "41fe8c660ae4257887cf66394862d21dbca4a6ddd26f04a3560410406a2f819a" dependencies = [ - "indexmap 2.13.0", + "indexmap 2.14.0", "serde", "serde_spanned", "toml_datetime 0.6.11", @@ -8916,11 +8921,11 @@ dependencies = [ [[package]] name = "toml_edit" -version = "0.25.10+spec-1.1.0" +version = "0.25.11+spec-1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a82418ca169e235e6c399a84e395ab6debeb3bc90edc959bf0f48647c6a32d1b" +checksum = "0b59c4d22ed448339746c59b905d24568fcbb3ab65a500494f7b8c3e97739f2b" dependencies = [ - "indexmap 2.13.0", + "indexmap 2.14.0", "toml_datetime 1.1.1+spec-1.1.0", "toml_parser", "winnow 1.0.1", @@ -8987,7 +8992,7 @@ version = "0.4.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5933bebbba70ee979314a8ecb021f53075a63984f94f89a10b4bdcf0af6c62b6" dependencies = [ - "indexmap 2.13.0", + "indexmap 2.14.0", "serde", "serde_json", "thiserror 2.0.18", @@ -9001,7 +9006,7 @@ checksum = "ebe5ef63511595f1344e2d5cfa636d973292adc0eec1f0ad45fae9f0851ab1d4" dependencies = [ "futures-core", "futures-util", - "indexmap 2.13.0", + "indexmap 2.14.0", "pin-project-lite", "slab", "sync_wrapper", @@ -9288,7 +9293,7 @@ dependencies = [ "flate2", "log", "percent-encoding", - "rustls 0.23.37", + "rustls 0.23.38", "rustls-pki-types", "serde", "serde_json", @@ -9483,9 +9488,9 @@ dependencies = [ [[package]] name = "wasm-bindgen" -version = "0.2.117" +version = "0.2.118" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0551fc1bb415591e3372d0bc4780db7e587d84e2a7e79da121051c5c4b89d0b0" +checksum = "0bf938a0bacb0469e83c1e148908bd7d5a6010354cf4fb73279b7447422e3a89" dependencies = [ "cfg-if", "once_cell", @@ -9496,9 +9501,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-futures" -version = "0.4.67" +version = "0.4.68" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "03623de6905b7206edd0a75f69f747f134b7f0a2323392d664448bf2d3c5d87e" +checksum = "f371d383f2fb139252e0bfac3b81b265689bf45b6874af544ffa4c975ac1ebf8" dependencies = [ "js-sys", "wasm-bindgen", @@ -9506,9 +9511,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.117" +version = "0.2.118" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7fbdf9a35adf44786aecd5ff89b4563a90325f9da0923236f6104e603c7e86be" +checksum = "eeff24f84126c0ec2db7a449f0c2ec963c6a49efe0698c4242929da037ca28ed" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -9516,9 +9521,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.117" +version = "0.2.118" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dca9693ef2bab6d4e6707234500350d8dad079eb508dca05530c85dc3a529ff2" +checksum = "9d08065faf983b2b80a79fd87d8254c409281cf7de75fc4b773019824196c904" dependencies = [ "bumpalo", "proc-macro2", @@ -9529,9 +9534,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.117" +version = "0.2.118" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39129a682a6d2d841b6c429d0c51e5cb0ed1a03829d8b3d1e69a011e62cb3d3b" +checksum = "5fd04d9e306f1907bd13c6361b5c6bfc7b3b3c095ed3f8a9246390f8dbdee129" dependencies = [ "unicode-ident", ] @@ -9553,7 +9558,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bb0e353e6a2fbdc176932bbaab493762eb1255a7900fe0fea1a2f96c296cc909" dependencies = [ "anyhow", - "indexmap 2.13.0", + "indexmap 2.14.0", "wasm-encoder", "wasmparser", ] @@ -9607,7 +9612,7 @@ checksum = "47b807c72e1bac69382b3a6fb3dbe8ea4c0ed87ff5629b8685ae6b9a611028fe" dependencies = [ "bitflags 2.11.0", "hashbrown 0.15.5", - "indexmap 2.13.0", + "indexmap 2.14.0", "semver", ] @@ -9628,9 +9633,9 @@ dependencies = [ [[package]] name = "web-sys" -version = "0.3.94" +version = "0.3.95" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cd70027e39b12f0849461e08ffc50b9cd7688d942c1c8e3c7b22273236b4dd0a" +checksum = "4f2dfbb17949fa2088e5d39408c48368947b86f7834484e87b73de55bc14d97d" dependencies = [ "js-sys", "wasm-bindgen", @@ -10226,7 +10231,7 @@ checksum = "b7c566e0f4b284dd6561c786d9cb0142da491f46a9fbed79ea69cdad5db17f21" dependencies = [ "anyhow", "heck 0.5.0", - "indexmap 2.13.0", + "indexmap 2.14.0", "prettyplease", "syn 2.0.117", "wasm-metadata", @@ -10257,7 +10262,7 @@ checksum = "9d66ea20e9553b30172b5e831994e35fbde2d165325bec84fc43dbf6f4eb9cb2" dependencies = [ "anyhow", "bitflags 2.11.0", - "indexmap 2.13.0", + "indexmap 2.14.0", "log", "serde", "serde_derive", @@ -10276,7 +10281,7 @@ checksum = "ecc8ac4bc1dc3381b7f59c34f00b67e18f910c2c0f50015669dde7def656a736" dependencies = [ "anyhow", "id-arena", - "indexmap 2.13.0", + "indexmap 2.14.0", "log", "semver", "serde", @@ -10288,9 +10293,9 @@ dependencies = [ [[package]] name = "writeable" -version = "0.6.2" +version = "0.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9edde0db4769d2dc68579893f2306b26c6ecfbe0ef499b013d731b7b9247e0b9" +checksum = "1ffae5123b2d3fc086436f8834ae3ab053a283cfac8fe0a0b8eaae044768a4c4" [[package]] name = "wyz" @@ -10483,21 +10488,21 @@ checksum = "eb2a05c7c36fde6c09b08576c9f7fb4cda705990f73b58fe011abf7dfb24168b" dependencies = [ "arbitrary", "crc32fast", - "indexmap 2.13.0", + "indexmap 2.14.0", "memchr", "time", ] [[package]] name = "zip" -version = "8.5.0" +version = "8.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2726508a48f38dceb22b35ecbbd2430efe34ff05c62bd3285f965d7911b33464" +checksum = "dcab981e19633ebcf0b001ddd37dd802996098bc1864f90b7c5d970ce76c1d59" dependencies = [ "crc32fast", "deflate64", "flate2", - "indexmap 2.13.0", + "indexmap 2.14.0", "memchr", "time", "typed-path", diff --git a/crates/kingfisher-rules/data/rules/digitalocean.yml b/crates/kingfisher-rules/data/rules/digitalocean.yml index bf637df..7fc36f8 100644 --- a/crates/kingfisher-rules/data/rules/digitalocean.yml +++ b/crates/kingfisher-rules/data/rules/digitalocean.yml @@ -32,6 +32,19 @@ rules: url: https://api.digitalocean.com/v2/projects?per_page=1 references: - https://docs.digitalocean.com/reference/api/#authentication + revocation: + type: Http + content: + request: + method: POST + url: https://cloud.digitalocean.com/v1/oauth/revoke + headers: + Authorization: "Bearer {{ TOKEN }}" + Content-Type: application/json + response_matcher: + - report_response: true + - type: StatusMatch + status: [200] - name: DigitalOcean Refresh Token id: kingfisher.digitalocean.2 diff --git a/crates/kingfisher-rules/data/rules/discord.yml b/crates/kingfisher-rules/data/rules/discord.yml index ca008d9..c67943f 100644 --- a/crates/kingfisher-rules/data/rules/discord.yml +++ b/crates/kingfisher-rules/data/rules/discord.yml @@ -33,6 +33,16 @@ rules: url: '{{ TOKEN }}' references: - https://discord.com/developers/docs/resources/webhook + revocation: + type: Http + content: + request: + method: DELETE + url: "{{ TOKEN }}" + response_matcher: + - report_response: true + - type: StatusMatch + status: [204] - name: Discord Bot Token id: kingfisher.discord.2 pattern: | diff --git a/crates/kingfisher-rules/data/rules/elastic.yml b/crates/kingfisher-rules/data/rules/elastic.yml index e4040d7..4f123b3 100644 --- a/crates/kingfisher-rules/data/rules/elastic.yml +++ b/crates/kingfisher-rules/data/rules/elastic.yml @@ -26,6 +26,22 @@ rules: - 'ELASTIC_CLOUD_API_KEY=VnVhQ2ZHY0JDZGJrUW0tZTVhT3g6dWkybHAyYXhUTm1zeWFrdzl0dk5udw==' references: - https://www.elastic.co/docs/deploy-manage/api-keys/elastic-cloud-api-keys + validation: + type: Http + content: + request: + method: GET + url: https://api.elastic-cloud.com/api/v1/user + headers: + Authorization: "ApiKey {{ TOKEN }}" + Accept: application/json + response_matcher: + - report_response: true + - type: StatusMatch + status: [200] + - type: WordMatch + words: + - '"user_id"' - name: Elasticsearch API Key with Prefix id: kingfisher.elastic.2 @@ -46,3 +62,19 @@ rules: - 'Authorization: ApiKey VnVhQ2ZHY0JDZGJrUW0tZTVhT3g6dWkybHAyYXhUTm1zeWFrdzl0dk5udw==' references: - https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-api-key.html + validation: + type: Http + content: + request: + method: GET + url: https://api.elastic-cloud.com/api/v1/user + headers: + Authorization: "ApiKey {{ TOKEN }}" + Accept: application/json + response_matcher: + - report_response: true + - type: StatusMatch + status: [200] + - type: WordMatch + words: + - '"user_id"' diff --git a/crates/kingfisher-rules/data/rules/gemfury.yml b/crates/kingfisher-rules/data/rules/gemfury.yml index f74c747..e2944d2 100644 --- a/crates/kingfisher-rules/data/rules/gemfury.yml +++ b/crates/kingfisher-rules/data/rules/gemfury.yml @@ -18,7 +18,22 @@ rules: - "push_token = https://OS7Jq-grMnyU5pMtBs7btYY0LUTWgfgR@push.fury.io/myorg/" references: - https://gemfury.com/help/getting-started - # No public validation endpoint available for Gemfury deploy tokens. + validation: + type: Http + content: + request: + method: GET + url: https://api.fury.io/1/accounts/me + headers: + Authorization: "Bearer {{ TOKEN }}" + Accept: application/json + response_matcher: + - report_response: true + - type: StatusMatch + status: [200] + - type: WordMatch + words: + - '"username"' - name: Gemfury Full Access Token id: kingfisher.gemfury.2 @@ -39,4 +54,19 @@ rules: - "GEMFURY_URL=https://Ua9vWx4yAz0BcDeFgHiJ:@npm.fury.io/myteam" references: - https://gemfury.com/help/getting-started - # No public validation endpoint available for Gemfury full access tokens. + validation: + type: Http + content: + request: + method: GET + url: https://api.fury.io/1/accounts/me + headers: + Authorization: "Bearer {{ TOKEN }}" + Accept: application/json + response_matcher: + - report_response: true + - type: StatusMatch + status: [200] + - type: WordMatch + words: + - '"username"' diff --git a/crates/kingfisher-rules/data/rules/hcaptcha.yml b/crates/kingfisher-rules/data/rules/hcaptcha.yml index cc1a129..42429d6 100644 --- a/crates/kingfisher-rules/data/rules/hcaptcha.yml +++ b/crates/kingfisher-rules/data/rules/hcaptcha.yml @@ -22,3 +22,21 @@ rules: - 'hcaptcha_secret: ES_abcdef1234567890abcdef1234567890' references: - https://docs.hcaptcha.com/ + validation: + type: Http + content: + request: + method: POST + url: https://api.hcaptcha.com/siteverify + headers: + Content-Type: application/x-www-form-urlencoded + body: "secret={{ TOKEN }}&response=invalid_response&sitekey=00000000-0000-0000-0000-000000000000" + response_matcher: + - report_response: true + - type: WordMatch + words: + - '"success":' + - type: WordMatch + words: + - "invalid-input-secret" + negative: true diff --git a/crates/kingfisher-rules/data/rules/launchdarkly.yml b/crates/kingfisher-rules/data/rules/launchdarkly.yml index 56bb774..88945b4 100644 --- a/crates/kingfisher-rules/data/rules/launchdarkly.yml +++ b/crates/kingfisher-rules/data/rules/launchdarkly.yml @@ -32,3 +32,31 @@ rules: - type: StatusMatch status: - 200 + revocation: + type: HttpMultiStep + content: + steps: + - name: lookup_token_id + request: + method: GET + url: https://app.launchdarkly.com/api/v2/tokens + headers: + Authorization: "{{ TOKEN }}" + Accept: application/json + response_matcher: + - type: StatusMatch + status: [200] + extract: + LD_TOKEN_ID: + type: JsonPath + path: "$.items[0]._id" + - name: delete_token + request: + method: DELETE + url: "https://app.launchdarkly.com/api/v2/tokens/{{ LD_TOKEN_ID }}" + headers: + Authorization: "{{ TOKEN }}" + response_matcher: + - report_response: true + - type: StatusMatch + status: [204] diff --git a/crates/kingfisher-rules/data/rules/linode.yml b/crates/kingfisher-rules/data/rules/linode.yml index a55c383..34509af 100644 --- a/crates/kingfisher-rules/data/rules/linode.yml +++ b/crates/kingfisher-rules/data/rules/linode.yml @@ -49,3 +49,31 @@ rules: - type: WordMatch words: - '"username"' + revocation: + type: HttpMultiStep + content: + steps: + - name: lookup_token_id + request: + method: GET + url: https://api.linode.com/v4/profile/tokens + headers: + Authorization: "Bearer {{ TOKEN }}" + Accept: application/json + response_matcher: + - type: StatusMatch + status: [200] + extract: + LINODE_TOKEN_ID: + type: JsonPath + path: "$.data[0].id" + - name: delete_token + request: + method: DELETE + url: "https://api.linode.com/v4/profile/tokens/{{ LINODE_TOKEN_ID }}" + headers: + Authorization: "Bearer {{ TOKEN }}" + response_matcher: + - report_response: true + - type: StatusMatch + status: [200] diff --git a/crates/kingfisher-rules/data/rules/llamacloud.yml b/crates/kingfisher-rules/data/rules/llamacloud.yml index 766d4e7..8f3b991 100644 --- a/crates/kingfisher-rules/data/rules/llamacloud.yml +++ b/crates/kingfisher-rules/data/rules/llamacloud.yml @@ -18,4 +18,17 @@ rules: - "llama_api_key = 'llx-M0nQ3rS9tU5xZ7aB2dE4fG6hI1jK8lN0oPqRsT4wXyZa'" references: - https://docs.llmapi.com/quickstart - # No public validation endpoint documented. + validation: + type: Http + content: + request: + method: GET + url: https://api.cloud.llamaindex.ai/api/v1/projects + headers: + Authorization: "Bearer {{ TOKEN }}" + Accept: application/json + response_matcher: + - report_response: true + - type: StatusMatch + status: [200] + - type: JsonValid diff --git a/crates/kingfisher-rules/data/rules/mailgun.yml b/crates/kingfisher-rules/data/rules/mailgun.yml index 2ff2faf..937b623 100644 --- a/crates/kingfisher-rules/data/rules/mailgun.yml +++ b/crates/kingfisher-rules/data/rules/mailgun.yml @@ -35,6 +35,9 @@ rules: url: https://api.mailgun.net/v3/address/validate?address=test@example.com references: - https://documentation.mailgun.com/docs/mailgun/api-reference/mg-auth + # Revocation not added: Mailgun API key revocation (DELETE /v1/keys/{key_id}) + # requires the key_id (not the key value) and the token format here doesn't + # allow us to reliably extract the key_id from a listing. - name: MailGun Primary Key id: kingfisher.mailgun.2 pattern: | diff --git a/crates/kingfisher-rules/data/rules/netlify.yml b/crates/kingfisher-rules/data/rules/netlify.yml index 828d03c..427d841 100644 --- a/crates/kingfisher-rules/data/rules/netlify.yml +++ b/crates/kingfisher-rules/data/rules/netlify.yml @@ -32,6 +32,34 @@ rules: status: [200] references: - https://docs.netlify.com/api/get-started/#authentication + revocation: + type: HttpMultiStep + content: + steps: + - name: lookup_token_id + request: + method: GET + url: https://api.netlify.com/api/v1/access_tokens + headers: + Authorization: "Bearer {{ TOKEN }}" + Accept: application/json + response_matcher: + - type: StatusMatch + status: [200] + extract: + NETLIFY_TOKEN_ID: + type: JsonPath + path: "$[0].id" + - name: delete_token + request: + method: DELETE + url: "https://api.netlify.com/api/v1/access_tokens/{{ NETLIFY_TOKEN_ID }}" + headers: + Authorization: "Bearer {{ TOKEN }}" + response_matcher: + - report_response: true + - type: StatusMatch + status: [204] - name: Netlify API Key id: kingfisher.netlify.2 @@ -61,10 +89,38 @@ rules: headers: Authorization: Bearer {{ TOKEN }} method: GET - url: https://api.netlify.com/api/v1/user + url: https://api.netlify.com/api/v1/user response_matcher: - report_response: true - type: StatusMatch status: [200] references: - https://docs.netlify.com/api/get-started/#authentication + revocation: + type: HttpMultiStep + content: + steps: + - name: lookup_token_id + request: + method: GET + url: https://api.netlify.com/api/v1/access_tokens + headers: + Authorization: "Bearer {{ TOKEN }}" + Accept: application/json + response_matcher: + - type: StatusMatch + status: [200] + extract: + NETLIFY_TOKEN_ID: + type: JsonPath + path: "$[0].id" + - name: delete_token + request: + method: DELETE + url: "https://api.netlify.com/api/v1/access_tokens/{{ NETLIFY_TOKEN_ID }}" + headers: + Authorization: "Bearer {{ TOKEN }}" + response_matcher: + - report_response: true + - type: StatusMatch + status: [204] diff --git a/crates/kingfisher-rules/data/rules/polar.yml b/crates/kingfisher-rules/data/rules/polar.yml index 15b3eee..925f2fe 100644 --- a/crates/kingfisher-rules/data/rules/polar.yml +++ b/crates/kingfisher-rules/data/rules/polar.yml @@ -18,3 +18,19 @@ rules: - 'polar_org_token: polar_oat_AbCdEfGhIjKlMnOpQrStUvWx12' references: - https://docs.polar.sh/api/authentication + validation: + type: Http + content: + request: + method: GET + url: https://api.polar.sh/v1/users/me + headers: + Authorization: "Bearer {{ TOKEN }}" + Accept: application/json + response_matcher: + - report_response: true + - type: StatusMatch + status: [200] + - type: WordMatch + words: + - '"email"' diff --git a/crates/kingfisher-rules/data/rules/resend.yml b/crates/kingfisher-rules/data/rules/resend.yml index a889842..28ef1cd 100644 --- a/crates/kingfisher-rules/data/rules/resend.yml +++ b/crates/kingfisher-rules/data/rules/resend.yml @@ -41,3 +41,31 @@ rules: - type: StatusMatch status: [200, 401] - type: JsonValid + revocation: + type: HttpMultiStep + content: + steps: + - name: lookup_key_id + request: + method: GET + url: https://api.resend.com/api-keys + headers: + Authorization: "Bearer {{ TOKEN }}" + Accept: application/json + response_matcher: + - type: StatusMatch + status: [200] + extract: + RESEND_KEY_ID: + type: JsonPath + path: "$.data[0].id" + - name: delete_key + request: + method: DELETE + url: "https://api.resend.com/api-keys/{{ RESEND_KEY_ID }}" + headers: + Authorization: "Bearer {{ TOKEN }}" + response_matcher: + - report_response: true + - type: StatusMatch + status: [200] diff --git a/crates/kingfisher-rules/data/rules/thingsboard.yml b/crates/kingfisher-rules/data/rules/thingsboard.yml index ce5ed78..edb2a77 100644 --- a/crates/kingfisher-rules/data/rules/thingsboard.yml +++ b/crates/kingfisher-rules/data/rules/thingsboard.yml @@ -20,6 +20,19 @@ rules: references: - https://thingsboard.io/docs/paas/reference/http-api/ - https://thingsboard.io/docs/paas/reference/coap-api/ + validation: + type: Http + content: + request: + method: POST + url: "https://thingsboard.cloud/api/v1/{{ TOKEN }}/telemetry" + headers: + Content-Type: application/json + body: '{"_kingfisher_validation_ping": 1}' + response_matcher: + - report_response: true + - type: StatusMatch + status: [200] - name: ThingsBoard Provision Device Key id: kingfisher.thingsboard.2 diff --git a/crates/kingfisher-rules/data/rules/thunderstore.yml b/crates/kingfisher-rules/data/rules/thunderstore.yml index 50a8d81..dbac16f 100644 --- a/crates/kingfisher-rules/data/rules/thunderstore.yml +++ b/crates/kingfisher-rules/data/rules/thunderstore.yml @@ -17,3 +17,19 @@ rules: - 'THUNDERSTORE_TOKEN=tss_AbCdEfGhIjKlMnOpQrStUvWxYz123456' references: - https://thunderstore.io/api/docs/ + validation: + type: Http + content: + request: + method: GET + url: https://thunderstore.io/api/experimental/current-user/ + headers: + Authorization: "Bearer {{ TOKEN }}" + Accept: application/json + response_matcher: + - report_response: true + - type: StatusMatch + status: [200] + - type: WordMatch + words: + - '"username"' diff --git a/crates/kingfisher-rules/data/rules/valtown.yml b/crates/kingfisher-rules/data/rules/valtown.yml index fdaa9b5..86a097c 100644 --- a/crates/kingfisher-rules/data/rules/valtown.yml +++ b/crates/kingfisher-rules/data/rules/valtown.yml @@ -17,3 +17,19 @@ rules: - 'VALTOWN_TOKEN=vtwn_AbCdEfGhIjKlMnOpQrStUvWxYz123456' references: - https://docs.val.town/api/authentication/ + validation: + type: Http + content: + request: + method: GET + url: https://api.val.town/v1/me + headers: + Authorization: "Bearer {{ TOKEN }}" + Accept: application/json + response_matcher: + - report_response: true + - type: StatusMatch + status: [200] + - type: WordMatch + words: + - '"id"' diff --git a/crates/kingfisher-rules/data/rules/vonage.yml b/crates/kingfisher-rules/data/rules/vonage.yml index acd701e..8cb3657 100644 --- a/crates/kingfisher-rules/data/rules/vonage.yml +++ b/crates/kingfisher-rules/data/rules/vonage.yml @@ -52,6 +52,24 @@ rules: references: - https://developer.vonage.com/en/getting-started/overview - https://developer.nexmo.com/api/account#secret-management + depends_on_rule: + - rule_id: kingfisher.vonage.1 + variable: VONAGE_API_KEY + validation: + type: Http + content: + request: + method: GET + url: "https://rest.nexmo.com/account/get-balance?api_key={{ VONAGE_API_KEY }}&api_secret={{ TOKEN }}" + headers: + Accept: application/json + response_matcher: + - report_response: true + - type: StatusMatch + status: [200] + - type: WordMatch + words: + - '"value"' revocation: type: Http content: diff --git a/crates/kingfisher-rules/data/rules/zapier.yml b/crates/kingfisher-rules/data/rules/zapier.yml index 83f37f2..41ea155 100644 --- a/crates/kingfisher-rules/data/rules/zapier.yml +++ b/crates/kingfisher-rules/data/rules/zapier.yml @@ -18,3 +18,20 @@ rules: - webhook_url="https://hooks.zapier.com/hooks/catch/2929690/ztd17n/" references: - https://help.zapier.com/hc/en-us/articles/8496288690317-Trigger-Zaps-from-webhooks + validation: + type: Http + content: + request: + method: POST + url: "{{ TOKEN }}" + headers: + Content-Type: application/json + body: '{}' + response_matcher: + - report_response: true + - type: StatusMatch + status: [200] + - type: WordMatch + words: + - "attempt" + - "status" diff --git a/docs-site/docs/changelog.md b/docs-site/docs/changelog.md index de4e611..57582be 100644 --- a/docs-site/docs/changelog.md +++ b/docs-site/docs/changelog.md @@ -7,6 +7,10 @@ description: "Kingfisher release history: new features, rules, bug fixes, and im All notable changes to this project will be documented in this file. +## [v1.97.0] +- Added live HTTP validation for 12 rules across 10 providers: Val Town, Polar, hCaptcha, Thunderstore, Elastic Cloud (2 rules), LlamaCloud, Gemfury (2 rules), Vonage, ThingsBoard, and Zapier. +- Added revocation support for 7 rules across 6 providers: Discord webhooks (single-step DELETE), DigitalOcean PATs (self-revoke via OAuth), and multi-step HttpMultiStep revocation for LaunchDarkly, Resend, Linode, and Netlify (2 rules). Built-in revocation coverage is now 34 provider families with 53 revocation-enabled rules. + ## [v1.95.0] - Fixed scan performance regression: the rule profiler was unconditionally active even without `--rule-stats`, causing RwLock contention across scan threads. Scans are now ~15% faster than v1.94.0. - Added 80+ built-in rules, bringing the bundled ruleset to 825 total. New coverage includes Amazon OAuth, Asaas, multiple Azure credential families, Bitrise, Canva, CockroachDB, eBay, Elastic, hCaptcha, Highnote, Lichess, MailerSend, Onfido, Paddle, Pangea, Persona, Pinterest, Proof, Rootly, Runpod, Telnyx, Thunderstore, Valtown, Volcengine, and more. diff --git a/docs-site/docs/features/revocation.md b/docs-site/docs/features/revocation.md index 0b9a61c..8f1d884 100644 --- a/docs-site/docs/features/revocation.md +++ b/docs-site/docs/features/revocation.md @@ -8,8 +8,8 @@ description: "Revoke compromised credentials directly from the CLI using built-i Kingfisher supports direct secret revocation through rule-level `revocation:` blocks. Current coverage in built-in rules: -- `28` provider families -- `46` revocation-enabled rules +- `34` provider families +- `53` revocation-enabled rules Use `kingfisher revoke --rule ` to invoke these flows. See [USAGE.md](../usage/basic-scanning.md#direct-secret-revocation-with-kingfisher-revoke) for command details. @@ -24,6 +24,8 @@ Use `kingfisher revoke --rule ` to invoke these flows. See [US | `confluent` | 2 | `kingfisher.confluent.2`, `kingfisher.confluent.3` | | `cratesio` | 1 | `kingfisher.cratesio.1` | | `deviantart` | 1 | `kingfisher.deviantart.1` | +| `digitalocean` | 1 | `kingfisher.digitalocean.1` | +| `discord` | 1 | `kingfisher.discord.1` | | `doppler` | 6 | `kingfisher.doppler.1`, `kingfisher.doppler.2`, `kingfisher.doppler.3`, `kingfisher.doppler.4`, `kingfisher.doppler.5`, `kingfisher.doppler.6` | | `gcp` | 1 | `kingfisher.gcp.1` | | `github` | 3 | `kingfisher.github.1`, `kingfisher.github.2`, `kingfisher.github.5` | @@ -31,10 +33,14 @@ Use `kingfisher revoke --rule ` to invoke these flows. See [US | `google` | 2 | `kingfisher.google.4`, `kingfisher.google.oauth2.1` | | `harness` | 1 | `kingfisher.harness.pat.1` | | `heroku` | 2 | `kingfisher.heroku.1`, `kingfisher.heroku.2` | +| `launchdarkly` | 1 | `kingfisher.launchdarkly.1` | +| `linode` | 1 | `kingfisher.linode.1` | | `mapbox` | 1 | `kingfisher.mapbox.2` | | `mongodb` | 1 | `kingfisher.mongodb.1` | +| `netlify` | 2 | `kingfisher.netlify.1`, `kingfisher.netlify.2` | | `npm` | 2 | `kingfisher.npm.1`, `kingfisher.npm.2` | | `particle.io` | 2 | `kingfisher.particleio.1`, `kingfisher.particleio.2` | +| `resend` | 1 | `kingfisher.resend.api_key.1` | | `sendgrid` | 1 | `kingfisher.sendgrid.1` | | `slack` | 2 | `kingfisher.slack.1`, `kingfisher.slack.2` | | `sumologic` | 1 | `kingfisher.sumologic.2` |