performance improvements and rule improvements

crates/kingfisher-rules/data/rules/dryrunsecurity.yml

@@ -0,0 +1,45 @@
+rules:
+  - name: DryRun Security API Key
+    id: kingfisher.dryrunsecurity.1
+    pattern: |
+      (?x)
+      \b
+      (
+        dryrunsec_[A-Za-z0-9]{32}
+      )
+      \b
+    pattern_requirements:
+      min_digits: 1
+      min_uppercase: 1
+      min_lowercase: 1
+    min_entropy: 3.2
+    confidence: medium
+    examples:
+      - 'DRYRUN_API_KEY="dryrunsec_XRO3RsNlZm4M3VyZoPb02PzTv7yaEWoF"'
+      - 'Authorization: Bearer dryrunsec_hdKJINE3Bbe4SI3MsP4RoeCp5oY31MLZ'
+      - "dryrun_token=dryrunsec_1lTU5w3SuCqJ59aqmri3rhLVJtabQ0BM"
+    references:
+      - https://docs.dryrun.security/
+      - https://simple-api.dryrun.security/api-docs/index.html
+    validation:
+      type: Http
+      content:
+        request:
+          method: GET
+          url: https://simple-api.dryrun.security/v1/accounts
+          headers:
+            Authorization: "Bearer {{ TOKEN }}"
+            Accept: application/json
+          response_matcher:
+            - report_response: true
+            - type: StatusMatch
+              status: [200]
+            - type: JsonValid
+            - type: WordMatch
+              words:
+                - '"account_id"'
+              match_all_words: true
+    # Revocation not added: the published DryRun Simple API OpenAPI spec documents
+    # bearer-authenticated read/write account resources, but does not expose an
+    # access-key delete, revoke, or "current token" endpoint that can safely
+    # invalidate the presented key.

crates/kingfisher-rules/data/rules/upcloud.yml

@@ -14,7 +14,7 @@ rules:
     min_entropy: 3.5
     confidence: medium
     examples:
-      - 'UPCLOUD_API_TOKEN=ucat_01DQE3AJDEBFEKECFM558TGH2F'
+      - 'UPCLOUD_API_TOKEN=ucat_01KPW6N68RKV5WV44Y2C5CKTZY'
       - 'upcloud_token: "ucat_01J9K4BNZM3RGXW7VDQFTHY5PC"'
     references:
       - https://upcloud.com/docs/guides/managing-api-tokens/