performance improvements and rule improvements

crates/kingfisher-rules/data/rules/cockroachlabs.yml

@@ -1,39 +1,33 @@
 rules:
-  - name: CockroachDB Cloud API Key
+  - name: CockroachDB Cloud Service Account API Key
     id: kingfisher.cockroachlabs.1
     pattern: |
       (?x)
       \b
-      (?:
-        (?i:cockroach(?:db)?(?:cloud)?)
-        (?:.|[\n\r]){0,24}?
-        (?i:api[_\s-]*key|secret|token)
-        |
-        (?i:CC_API_KEY)
-      )
-      (?:.|[\n\r]){0,16}?
       (
-        [A-Z0-9_]{20,60}
+        CCDB1_[A-Za-z0-9]{22}_[A-Za-z0-9]{40}
       )
       \b
     pattern_requirements:
       min_digits: 2
       min_uppercase: 4
-    min_entropy: 3.0
+      min_lowercase: 4
+    min_entropy: 3.5
     confidence: medium
     categories: [api, key]
     examples:
-      - 'COCKROACHDB_API_KEY=B81649_8F7D11A_92BCE13_56782D_C53'
+      - 'CCDB1_z4m5MjGmTx3O4sK2IxvHIh_zv4Cbt3lNujc7f9TO9cZ1qGU7tyJhxrw01I0rWnZ'
+      - 'CCDB1_z6ju5QJ1vZf1SGhBr2yM97_vqqya4b8lKf2ZRfI3OFHZ478xfi6SbqcIbts4nyp'
+      - 'CCDB1_OMxzun9l3g5vjIJRqKqPP7_9HUwzxJDBGpEvtbN3HjJb7L7zirVo3qSCAi1MCct'
     validation:
       type: Http
       content:
         request:
           method: GET
-          url: https://cockroachlabs.cloud/api/v1/clusters?show_inactive=true
+          url: https://cockroachlabs.cloud/api/v1/clusters
           headers:
             Authorization: Bearer {{ TOKEN }}
             Accept: application/json
-            Cc-Version: "2024-09-16"
           response_matcher:
             - report_response: true
             - type: StatusMatch
@@ -44,8 +38,8 @@ rules:
               words:
                 - '"clusters"'
                 - '"pagination"'
-    # Revocation not added: the public Cloud API docs describe bearer-token
-    # authentication for service-account secret keys, but not a documented
-    # self-revocation endpoint for the current secret key value.
+    # Revocation not added: the Cloud API exposes DELETE /api/v1/api-keys/{id},
+    # but a leaked secret value does not reveal the API key ID required to revoke it.
     references:
-      - https://www.cockroachlabs.com/docs/cockroachcloud/cloud-api
+      - https://www.cockroachlabs.com/docs/cockroachcloud/service-accounts
+      - https://cockroachlabs.cloud/assets/docs/api/latest/openapi.json

crates/kingfisher-rules/data/rules/composio.yml

@@ -2,13 +2,10 @@ rules:
   - name: Composio Project API Key
     id: kingfisher.composio.1
     pattern: |
-      (?xi)
-      \b
-      (?:composio|COMPOSIO_API_KEY)
-      (?:.|[\n\r]){0,48}?
+      (?x)
       \b
       (
-        ak_[A-Za-z0-9]{16,48}
+        ak_[A-Za-z0-9_-]{20}
       )
       \b
     pattern_requirements:
@@ -17,7 +14,7 @@ rules:
     min_entropy: 3.5
     confidence: medium
     examples:
-      - 'COMPOSIO_API_KEY="ak_a1b2c3d4e5f6g7h8i9j0"'
+      - 'COMPOSIO_API_KEY="ak_LPktODfyN3W_btXn_d47"'
       - 'composio x-api-key: ak_0f1e2d3c4b5a69788796'
     references:
       - https://docs.composio.dev/reference/authentication
@@ -36,4 +33,27 @@ rules:
             - type: StatusMatch
               status: [200]
             - type: JsonValid
-    # Current Composio API docs expose session verification, but not a same-key revocation flow.
+    # Current Composio API docs expose project-key authentication, but not a same-key revocation flow.
+
+  - name: Composio Consumer API Key
+    id: kingfisher.composio.2
+    pattern: |
+      (?x)
+      \b
+      (
+        ck_[A-Za-z0-9_-]{20}
+      )
+      \b
+    pattern_requirements:
+      min_digits: 1
+      min_lowercase: 4
+    min_entropy: 3.0
+    confidence: medium
+    examples:
+      - 'COMPOSIO_CONSUMER_API_KEY="ck_A1b2C3d4E5f6G7h8I9jK"'
+      - '"x-consumer-api-key": "ck_k7M_Pq2RsTuVwXyZ8aBc"'
+    references:
+      - https://docs.composio.dev/docs/composio-connect
+    # Composio documents consumer API keys for MCP clients via the
+    # x-consumer-api-key header, but does not expose a stable public
+    # token-only validation endpoint in the docs.