From 593184730033cad10be3439aa4b01acf88bb3322 Mon Sep 17 00:00:00 2001
From: Mick Grove <mick.grove@mongodb.com>
Date: Tue, 5 Aug 2025 14:45:51 -0700
Subject: [PATCH] - Use system TLS root certificates to support self-hosted
 GitLab instances with internal CAs - Added new rule: Coze personal access
 token

---
 CHANGELOG.md        |  4 ++++
 Cargo.toml          |  4 ++--
 data/rules/aws.yml  |  2 +-
 data/rules/coze.yml | 31 +++++++++++++++++++++++++++++++
 4 files changed, 38 insertions(+), 3 deletions(-)
 create mode 100644 data/rules/coze.yml

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4f169a7..58c66e5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,10 @@
 
 All notable changes to this project will be documented in this file.
 
+## [1.34.0]
+- Use system TLS root certificates to support self-hosted GitLab instances with internal CAs
+- Added new rule: Coze personal access token
+
 ## [1.33.0]
 - Fixed header precedence so custom HTTP validation headers like `Accept` are preserved
 - Added new Heroku rule
diff --git a/Cargo.toml b/Cargo.toml
index c4328e0..4295167 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -10,7 +10,7 @@ publish = false
 
 [package]
 name = "kingfisher"
-version = "1.33.0"
+version = "1.34.0"
 description = "MongoDB's blazingly fast secret scanning and validation tool"
 edition.workspace = true
 rust-version.workspace = true
@@ -82,9 +82,9 @@ reqwest = { version = "0.12", default-features = false, features = [
     "deflate", 
     "stream",
     "rustls-tls",
+    "rustls-tls-native-roots",
     "blocking",
     "multipart",
-    "rustls-tls",
 ] }
 
 
diff --git a/data/rules/aws.yml b/data/rules/aws.yml
index b324dcc..49fcbe3 100644
--- a/data/rules/aws.yml
+++ b/data/rules/aws.yml
@@ -6,7 +6,7 @@ rules:
       \b                  
       (
         (?:AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)
-        [0-9A-Z]{16}
+        [2-7A-Z]{16}
       )
       \b                  
     min_entropy: 3.2
diff --git a/data/rules/coze.yml b/data/rules/coze.yml
new file mode 100644
index 0000000..df3692a
--- /dev/null
+++ b/data/rules/coze.yml
@@ -0,0 +1,31 @@
+rules:
+  - name: Coze Personal Access Token
+    id: kingfisher.coze.1
+    pattern: '(?i)\b(pat_[a-zA-Z0-9]{64})\b'
+    confidence: medium
+    min_entropy: 5.0
+    validation:
+      type: Http
+      content:
+        request:
+          method: GET
+          url: "https://api.coze.com/v1/workspaces?"
+          headers:
+            Authorization: "Bearer {{TOKEN}}"
+            Content-Type: application/json
+          response_matcher:
+            - type: StatusMatch
+              status: [200, 403] # API returns 403 for a valid token without permission to route
+            - type: JsonValid
+            - type: WordMatch
+              words:
+                - '"access token invalid"'
+                - '"does not have permission"'
+              negative: true
+    references:
+      - https://www.coze.com/docs/developer_guides/coze_api_overview
+      - https://www.coze.com/docs/developer_guides/retrieve_files
+    examples:
+      - "pat_DlOG7fNcVfmw8cYhPWNcdfwrjjzwDr9EkV8EBjzHdgRWU2DzqHC1pPe0x590NN5f"
+      - "pat_93QiTdIvZGuRCFcfGTQJJ1VIYZ9dNHanX88wKoMojwMk3tX5tKqfFtxUp0ux8CjI"
+      - "pat_WvUTLYq5yZyaqegkyLSxXJMjXAJotjYEuC1sqT8daFlfwM3BiaRVJIZsER42DnhV"