eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions

fixed failing windows test setup

Browse source
This commit is contained in:
Mick Grove 2026-04-04 17:24:04 -07:00
commit 99fb01aa66
18 changed files with 765 additions and 166 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -7,7 +7,7 @@
<img src="https://img.shields.io/badge/License-Apache%202.0-blue.svg" alt="License" style="height: 24px;" />
</a>
<a href="https://github.com/mongodb/kingfisher">
<img src="https://img.shields.io/badge/Detection%20Rules-720-2ea043.svg" alt="Detection Rules" style="height: 24px;" />
<img src="https://img.shields.io/badge/Detection%20Rules-734-2ea043.svg" alt="Detection Rules" style="height: 24px;" />
</a>
<br>
<a href="https://github.com/mongodb/kingfisher/pkgs/container/kingfisher">

44
crates/kingfisher-rules/data/rules/box.yml Normal file
View file

@ -0,0 +1,44 @@
rules:
- name: Box API Access Token
id: kingfisher.box.1
pattern: |
(?x)
\b
(?i:box)
(?:.|[\n\r]){0,32}?
(?i:ACCESS|TOKEN|DEVELOPER)
(?:.|[\n\r]){0,32}?
\b
(
[A-Za-z0-9]{32}
)
\b
pattern_requirements:
min_digits: 2
min_uppercase: 1
min_lowercase: 1
min_entropy: 3.5
confidence: medium
examples:
- 'BOX_DEVELOPER_TOKEN="DkXZmsjUKizvL2z0WiaLvMBeQ756XCGG"'
- |
box_access_token = 'A4bC5dE6fG7hI8jK9lM0nO1pQ2rS3tU4'
negative_examples:
- 'BOX_DOC_URL="https://developer.box.com"'
- 'sandbox_mode = true'
references:
- https://developer.box.com/reference/
- https://developer.box.com/guides/authentication/tokens/developer-tokens/
validation:
type: Http
content:
request:
method: GET
url: https://api.box.com/2.0/users/me
headers:
Authorization: 'Bearer {{ TOKEN }}'
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: JsonValid

33
crates/kingfisher-rules/data/rules/braintree.yml Normal file
View file

@ -0,0 +1,33 @@
rules:
- name: Braintree Tokenization Key
id: kingfisher.braintree.1
pattern: |
(?x)
\b
(?i:braintree)
(?:.|[\n\r]){0,32}?
(?i:KEY|TOKEN|TOKENIZATION)
(?:.|[\n\r]){0,32}?
\b
(
(?:sandbox|production)
_
[a-z0-9]{6,10}
_
[a-z0-9]{14,20}
)
\b
pattern_requirements:
min_digits: 2
min_lowercase: 6
min_entropy: 3.0
confidence: medium
examples:
- 'BRAINTREE_TOKENIZATION_KEY="sandbox_f252zhq7_hh4cpc39zq4rgjcg"'
- 'braintree_token = production_abc12def_ghij34klmnop5678'
negative_examples:
- sandbox_f252zhq7_hh4cpc39zq4rgjcg
- 'BRAINTREE_URL="https://api.braintreegateway.com"'
references:
- https://developer.paypal.com/braintree/docs/guides/authorization/tokenization-key
- https://developer.paypal.com/braintree/docs/start/overview

51
crates/kingfisher-rules/data/rules/couchbase.yml Normal file
View file

@ -0,0 +1,51 @@
rules:
- name: Couchbase Capella API Key
id: kingfisher.couchbase.1
pattern: |
(?xi)
\b
(?:couchbase|capella)
(?:.|[\n\r]){0,32}?
(?:
api
(?:.|[\n\r]){0,12}?
(?:key|secret)
|
key
(?:.|[\n\r]){0,12}?
secret
)
(?:.|[\n\r]){0,32}?
\b
(
[A-Za-z0-9+/]{60,120}={0,2}
)
\b
pattern_requirements:
min_digits: 4
min_uppercase: 4
min_lowercase: 4
min_entropy: 4.0
confidence: medium
examples:
- 'COUCHBASE_API_KEY_SECRET="QktxVUtFU1dKV1FlJBYXdnTVlRemFZdmFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MDJBQ0RF"'
- |
capella_api_secret = 'aB1cD2eF3gH4iJ5kL6mN7oP8qR9sT0uV1wX2yZ3aA4bB5cC6dD7eE8fF9gG0hH1iJ2kL3m=='
negative_examples:
- 'COUCHBASE_URL="https://cloud.couchbase.com"'
references:
- https://docs.couchbase.com/cloud/management-api-reference/index.html
validation:
type: Http
content:
request:
method: GET
url: https://cloudapi.cloud.couchbase.com/v4/organizations
headers:
Accept: application/json
Authorization: 'Bearer {{ TOKEN }}'
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: JsonValid

165
crates/kingfisher-rules/data/rules/gitguardian.yml
View file

@ -1,165 +0,0 @@
rules:
- name: GitGuardian Public Monitoring API Key
id: kingfisher.gitguardian.1
pattern: |
(?xi)
(?:
\benterprise\.gitguardian\.com\b
(?:.|[\n\r]){0,160}?
|
\bgitguardian\b
(?:.|[\n\r]){0,64}?
\b(?:public|monitoring|github|incident|authorization|token|api)\b
(?:.|[\n\r]){0,64}?
)
\b
(
[a-f0-9]{71}
)
\b
pattern_requirements:
min_digits: 8
min_entropy: 3.5
confidence: medium
examples:
- 'host: enterprise.gitguardian.com\nAuthorization: Token 4283fefc63f0cd0e873a0000c6d07ef7b77e90d3593ad699fc1f7cd5bb2e35cbf0f19c5'
- 'gitguardian public monitoring key = "122b598615dcbe810beacd557705a54b5edbbbe5ce7f8fbeebef7a58f99d96fb2a06311"'
references:
- https://enterprise.gitguardian.com/api/docs
- https://enterprise.gitguardian.com/docs
validation:
type: Http
content:
request:
method: GET
url: https://enterprise.gitguardian.com/api/v1/is_alive
headers:
Authorization: Token {{ TOKEN }}
Accept: application/json
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- name: GitGuardian Internal Monitoring Key
id: kingfisher.gitguardian.2
pattern: |
(?xi)
(?:
\b(?:api(?:\.eu1)?\.gitguardian\.com|ggshield|gitguardian)\b
(?:.|[\n\r]){0,96}?
\b(?:api|internal|monitoring|token|key|authorization)\b
(?:.|[\n\r]){0,64}?
)
\b
(
[a-f0-9]{8}
[a-d]
[a-f0-9]{7}
[c-e]
[a-f0-9]{15}
[c-f]
[a-f0-9]{31}
[5-8]
[a-f0-9]{6}
)
\b
pattern_requirements:
min_digits: 8
min_entropy: 3.5
confidence: medium
examples:
- 'GG_API_URL=https://api.gitguardian.com/v1 authorization = "ae075528a220e087d35b92558589eaffc09cad68386d070c415ed7e70cad19465922995"'
- 'ggshield auth login --method token --token 74bf20f8b6ffc474ec0251908fcdce4bc14f68d9dcbd7a085a368932ff2b2d407dd311c'
references:
- https://api.gitguardian.com/docs
validation:
type: Http
content:
request:
method: GET
url: https://api.gitguardian.com/v1/health
headers:
Authorization: Token {{ TOKEN }}
Accept: application/json
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- name: GitGuardian Incident Token
id: kingfisher.gitguardian.3
pattern: |
(?xi)
(?:
(?:https?://)?dashboard\.gitguardian\.com
|
(?:https?://)?[a-z0-9.-]+/gitguardian
)
/share/incidents/
(
[a-f0-9]{8}-
[a-f0-9]{4}-
[a-f0-9]{4}-
[a-f0-9]{4}-
[a-f0-9]{12}
)
\b
pattern_requirements:
min_digits: 6
min_entropy: 3.1
confidence: medium
examples:
- incident_share=dashboard.gitguardian.com/share/incidents/6f3a2c19-8b4e-4d7a-9c10-2e5f6a7b8c9d
- 'external_review_url: https://onprem.example.com/gitguardian/share/incidents/1d4c7b82-5a90-4471-8f63-0a9b2c3d4e5f'
references:
- https://docs.gitguardian.com/internal-repositories-monitoring/incidents/collaborate
- name: GitGuardian Onboarding Token
id: kingfisher.gitguardian.4
pattern: |
(?xi)
\bdashboard\.gitguardian\.com/core-alerting/incident-resolution/
(
[a-f0-9]{8}-
[a-f0-9]{4}-
[a-f0-9]{4}-
[a-f0-9]{4}-
[a-f0-9]{12}
)
\b
pattern_requirements:
min_digits: 6
min_entropy: 3.1
confidence: medium
examples:
- review_link=dashboard.gitguardian.com/core-alerting/incident-resolution/f2c48010-2231-11ef-9a7b-0242ac120002
- 'gg_onboarding_url: "dashboard.gitguardian.com/core-alerting/incident-resolution/c17e9a40-1250-11ee-88d4-0242ac14000a"'
references:
- https://docs.gitguardian.com/
- name: GitGuardian Platform Magic Link
id: kingfisher.gitguardian.5
pattern: |
(?xi)
\b
(
https://
dashboard(?:\.preprod)?\.gitguardian\.com
/api/v1/auth/magic-link/
[a-f0-9]{8}-
[a-f0-9]{4}-
[a-f0-9]{4}-
[a-f0-9]{4}-
[a-f0-9]{12}
)
\b
pattern_requirements:
min_digits: 8
min_entropy: 3.2
confidence: medium
examples:
- https://dashboard.preprod.gitguardian.com/api/v1/auth/magic-link/2b7d3f10-6e44-413a-a8b1-5c9d0e2f4a6b
- https://dashboard.gitguardian.com/api/v1/auth/magic-link/9a0c1d22-7f58-46be-b321-4d6e8f0a1b2c
references:
- https://docs.gitguardian.com/

42
crates/kingfisher-rules/data/rules/godaddy.yml Normal file
View file

@ -0,0 +1,42 @@
rules:
- name: GoDaddy API Credentials
id: kingfisher.godaddy.1
pattern: |
(?xi)
\b
sso-key
\s+
(
(?:[A-Za-z0-9_]{35}|[A-Za-z0-9_]{37})
:
[A-Za-z0-9]{22}
)
\b
pattern_requirements:
min_digits: 2
min_uppercase: 1
min_lowercase: 1
min_entropy: 3.0
confidence: medium
examples:
- 'Authorization: sso-key Abc123XYZ789Def456GhI789Jkl012MnOpQ:pQ7rS2tUvW5xY8zAaBcDeF'
- 'headers = {"Authorization": "sso-key Abc123XYZ789Def456GhI789Jkl012MnOpQrs:3bKm9wPqRz2nLhFvJ8yG5x"}'
negative_examples:
- 'sso-key test:test'
- 'sso-key a:b'
references:
- https://developer.godaddy.com/doc/endpoint/domains
- https://developer.godaddy.com/getstarted
validation:
type: Http
content:
request:
method: GET
url: https://api.godaddy.com/v1/domains/available?domain=example.com
headers:
Authorization: 'sso-key {{ TOKEN }}'
response_matcher:
- report_response: true
- type: StatusMatch
status: [200, 403]
- type: JsonValid

65
crates/kingfisher-rules/data/rules/langfuse.yml Normal file
View file

@ -0,0 +1,65 @@
rules:
- name: Langfuse Secret Key
id: kingfisher.langfuse.1
pattern: |
(?xi)
\b
(
sk-lf-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}
)
\b
pattern_requirements:
min_digits: 1
min_lowercase: 1
min_entropy: 3.0
confidence: medium
examples:
- sk-lf-a1b2c3d4-e5f6-7890-abcd-ef1234567890
- 'LANGFUSE_SECRET_KEY="sk-lf-9f8e7d6c-5b4a-3210-fedc-ba0987654321"'
negative_examples:
- sk-lf-test
- sk-lf-
references:
- https://langfuse.com/docs/sdk/typescript
- https://langfuse.com/docs/get-started
depends_on_rule:
- rule_id: kingfisher.langfuse.2
variable: PUBLIC_KEY
validation:
type: Http
content:
request:
method: GET
url: https://cloud.langfuse.com/api/public/projects
headers:
Authorization: 'Basic {{ PUBLIC_KEY | append: ":" | append: TOKEN | b64enc }}'
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: JsonValid
- name: Langfuse Public Key
id: kingfisher.langfuse.2
pattern: |
(?xi)
\b
(
pk-lf-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}
)
\b
pattern_requirements:
min_digits: 1
min_lowercase: 1
min_entropy: 3.0
confidence: medium
visible: false
examples:
- pk-lf-a1b2c3d4-e5f6-7890-abcd-ef1234567890
- 'LANGFUSE_PUBLIC_KEY="pk-lf-9f8e7d6c-5b4a-3210-fedc-ba0987654321"'
negative_examples:
- pk-lf-test
- pk-lf-
references:
- https://langfuse.com/docs/sdk/typescript
- https://langfuse.com/docs/get-started

39
crates/kingfisher-rules/data/rules/lemonsqueezy.yml Normal file
View file

@ -0,0 +1,39 @@
rules:
- name: LemonSqueezy API Key
id: kingfisher.lemonsqueezy.1
pattern: |
(?x)
\b
(?i:lemon.?squeezy|lemonsqueezy)
(?:.|[\n\r]){0,32}?
(?i:KEY|TOKEN|API)
(?:.|[\n\r]){0,32}?
(
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9
\.
[A-Za-z0-9_-]{100,500}
\.
[A-Za-z0-9_-]{200,700}
)
min_entropy: 4.0
confidence: medium
examples:
- 'LEMONSQUEEZY_API_KEY="eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJodHRwczovL2FwaS5sZW1vbnNxdWVlenkuY29tIiwiaXNzIjoiaHR0cHM6Ly9sZW1vbnNxdWVlenkuY29tIiwic3ViIjoiMTIzNCIsImlhdCI6MTcwMDAwMDAwMCwiZXhwIjoxNzMwMDAwMDAwLCJzY29wZXMiOltdfQ.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQR"'
negative_examples:
- 'LEMONSQUEEZY_URL="https://api.lemonsqueezy.com"'
references:
- https://docs.lemonsqueezy.com/api
validation:
type: Http
content:
request:
method: GET
url: https://api.lemonsqueezy.com/v1/users/me
headers:
Authorization: 'Bearer {{ TOKEN }}'
Accept: application/vnd.api+json
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: JsonValid

42
crates/kingfisher-rules/data/rules/miro.yml Normal file
View file

@ -0,0 +1,42 @@
rules:
- name: Miro Access Token
id: kingfisher.miro.1
pattern: |
(?x)
\b
(
eyJtaXJv
[A-Za-z0-9_=-]{10,}
_
[A-Za-z0-9_-]{20,}
)
\b
pattern_requirements:
min_digits: 1
min_uppercase: 1
min_lowercase: 1
min_entropy: 3.5
confidence: medium
examples:
- eyJtaXJvLm9yaWdpbiI6ImV1MDEifQ_o-P91OccaII0A63CDSK--x21xiI
- 'MIRO_TOKEN="eyJtaXJvLm9yaWdpbiI6InVzMDEifQ_kL8m2Nq7RpWxYz3AbCdEfGhI"'
negative_examples:
- eyJtaXJv
- eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9
references:
- https://developers.miro.com/docs/rest-api-authorization
- https://developers.miro.com/reference/get-token-info
validation:
type: Http
content:
request:
method: GET
url: https://api.miro.com/v1/oauth-token
headers:
Accept: application/json
Authorization: 'Bearer {{ TOKEN }}'
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: JsonValid

44
crates/kingfisher-rules/data/rules/mixpanel.yml Normal file
View file

@ -0,0 +1,44 @@
rules:
- name: Mixpanel API Secret
id: kingfisher.mixpanel.1
pattern: |
(?x)
\b
(?i:mixpanel)
(?:.|[\n\r]){0,32}?
(?i:SECRET|API.?SECRET|PROJECT.?SECRET)
(?:.|[\n\r]){0,32}?
\b
(
[a-zA-Z0-9]{32}
)
\b
pattern_requirements:
min_digits: 2
min_lowercase: 2
min_entropy: 3.5
confidence: medium
examples:
- 'MIXPANEL_API_SECRET="a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6"'
- |
mixpanel_secret: 'Ab1Cd2Ef3Gh4Ij5Kl6Mn7Op8Qr9St0Uv'
negative_examples:
- 'MIXPANEL_URL="https://api.mixpanel.com"'
- 'mixpanel_project_id=12345'
- 'MIXPANEL_TOKEN="a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6"'
references:
- https://developer.mixpanel.com/reference/authentication
- https://developer.mixpanel.com/reference/overview
validation:
type: Http
content:
request:
method: GET
url: https://mixpanel.com/api/app/me
headers:
Authorization: 'Basic {{ TOKEN | append: ":" | b64enc }}'
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: JsonValid

55
crates/kingfisher-rules/data/rules/ringcentral.yml Normal file
View file

@ -0,0 +1,55 @@
rules:
- name: RingCentral Client ID
id: kingfisher.ringcentral.1
pattern: |
(?x)
\b
(?i:ringcentral|ring.?central)
(?:.|[\n\r]){0,32}?
(?i:CLIENT.?ID|APP.?KEY|APP.?ID)
(?:.|[\n\r]){0,32}?
\b
(
[A-Za-z0-9_-]{22}
)
\b
pattern_requirements:
min_digits: 2
min_uppercase: 1
min_lowercase: 1
min_entropy: 3.5
confidence: medium
visible: false
examples:
- 'RINGCENTRAL_CLIENT_ID="aB1cD2eF3gH4iJ5kL6mN7o"'
negative_examples:
- 'RINGCENTRAL_URL="https://platform.ringcentral.com"'
references:
- https://developers.ringcentral.com/api-reference/
- name: RingCentral Client Secret
id: kingfisher.ringcentral.2
pattern: |
(?x)
\b
(?i:ringcentral|ring.?central)
(?:.|[\n\r]){0,32}?
(?i:CLIENT.?SECRET|APP.?SECRET)
(?:.|[\n\r]){0,32}?
\b
(
[A-Za-z0-9_-]{22}
)
\b
pattern_requirements:
min_digits: 2
min_uppercase: 1
min_lowercase: 1
min_entropy: 3.5
confidence: medium
examples:
- 'RINGCENTRAL_CLIENT_SECRET="xY9zW8vU7tS6rQ5pO4nM3l"'
negative_examples:
- 'RINGCENTRAL_URL="https://platform.ringcentral.com"'
references:
- https://developers.ringcentral.com/api-reference/

49
crates/kingfisher-rules/data/rules/shortcut.yml Normal file
View file

@ -0,0 +1,49 @@
rules:
- name: Shortcut API Token
id: kingfisher.shortcut.1
pattern: |
(?x)
\b
(?i:shortcut|clubhouse)
(?:.|[\n\r]){0,32}?
(?i:TOKEN|API)
(?:.|[\n\r]){0,32}?
\b
(
[0-9a-f]{8}
-
[0-9a-f]{4}
-
[0-9a-f]{4}
-
[0-9a-f]{4}
-
[0-9a-f]{12}
)
\b
pattern_requirements:
min_digits: 4
min_entropy: 3.0
confidence: medium
examples:
- 'SHORTCUT_API_TOKEN="62dc7d80-a1b2-4c3d-8e5f-6a7b8c9d0e1f"'
- |
clubhouse_token = '0a1b2c3d-4e5f-6789-abcd-ef0123456789'
negative_examples:
- 'SHORTCUT_URL="https://app.shortcut.com"'
references:
- https://developer.shortcut.com/api/rest/v3
validation:
type: Http
content:
request:
method: GET
url: https://api.app.shortcut.com/api/v3/member
headers:
Shortcut-Token: '{{ TOKEN }}'
Content-Type: application/json
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: JsonValid

42
crates/kingfisher-rules/data/rules/shutterstock.yml Normal file
View file

@ -0,0 +1,42 @@
rules:
- name: Shutterstock OAuth Token
id: kingfisher.shutterstock.1
pattern: |
(?xi)
\b
shutterstock
(?:.|[\n\r]){0,48}?
(?:ACCESS|TOKEN|BEARER)
(?:.|[\n\r]){0,32}?
(
v2/[A-Za-z0-9+/]{40,}={0,2}
)
pattern_requirements:
min_digits: 2
min_uppercase: 1
min_lowercase: 1
min_entropy: 3.0
confidence: medium
examples:
- 'SHUTTERSTOCK_TOKEN="v2/ODYwYmRlNzBiYjMzNTE2M2UyZTQvYTc0NjI3NjEvNjBiMQ"'
- |
shutterstock_access_token: 'v2/ZDk4YWUxMGQtZGYyYy00ZGQwLWJiOWMtOTM3Y2E1NTA1YjYx'
negative_examples:
- v2/short
- 'SHUTTERSTOCK_DOC_URL=https://api.shutterstock.com/v2/images'
references:
- https://api-reference.shutterstock.com/
- https://www.shutterstock.com/developers/documentation/authentication
validation:
type: Http
content:
request:
method: GET
url: https://api.shutterstock.com/v2/user
headers:
Authorization: 'Bearer {{ TOKEN }}'
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: JsonValid

50
crates/kingfisher-rules/data/rules/squarespace.yml Normal file
View file

@ -0,0 +1,50 @@
rules:
- name: Squarespace API Key
id: kingfisher.squarespace.1
pattern: |
(?x)
\b
(?i:squarespace)
(?:.|[\n\r]){0,32}?
(?i:KEY|TOKEN|API)
(?:.|[\n\r]){0,32}?
\b
(
[0-9a-f]{8}
-
[0-9a-f]{4}
-
[0-9a-f]{4}
-
[0-9a-f]{4}
-
[0-9a-f]{12}
)
\b
pattern_requirements:
min_digits: 4
min_entropy: 3.0
confidence: medium
examples:
- 'SQUARESPACE_API_KEY="a1b2c3d4-e5f6-7890-abcd-ef1234567890"'
- |
squarespace_token: '62dc7d80-9a1b-4c3d-8e5f-6a7b8c9d0e1f'
negative_examples:
- 'SQUARESPACE_URL="https://www.squarespace.com"'
references:
- https://developers.squarespace.com/commerce-apis/overview
- https://developers.squarespace.com/commerce-apis/authentication-and-permissions
validation:
type: Http
content:
request:
method: GET
url: https://api.squarespace.com/1.0/authorization/website
headers:
Authorization: 'Bearer {{ TOKEN }}'
User-Agent: kingfisher
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: JsonValid

44
crates/kingfisher-rules/data/rules/strava.yml Normal file
View file

@ -0,0 +1,44 @@
rules:
- name: Strava Access Token
id: kingfisher.strava.1
pattern: |
(?x)
\b
(?i:strava)
(?:.|[\n\r]){0,32}?
(?i:ACCESS|AUTH)
(?:.|[\n\r]){0,32}?
\b
(
[0-9a-f]{40}
)
\b
pattern_requirements:
min_digits: 4
min_lowercase: 4
min_entropy: 3.5
confidence: medium
examples:
- 'STRAVA_ACCESS_TOKEN="83ebeabdec09f6670863766f792ead24d61fe3f9"'
- |
strava_auth_token: '1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9a0b'
negative_examples:
- 'STRAVA_URL="https://www.strava.com/api/v3"'
- 'strava_client_id=12345'
- 'strava_refresh_token: "83ebeabdec09f6670863766f792ead24d61fe3f9"'
references:
- https://developers.strava.com/docs/authentication/
- https://developers.strava.com/docs/reference/#api-Athletes-getLoggedInAthlete
validation:
type: Http
content:
request:
method: GET
url: https://www.strava.com/api/v3/athlete
headers:
Authorization: 'Bearer {{ TOKEN }}'
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: JsonValid

41
crates/kingfisher-rules/data/rules/todoist.yml Normal file
View file

@ -0,0 +1,41 @@
rules:
- name: Todoist API Token
id: kingfisher.todoist.1
pattern: |
(?x)
\b
(?i:todoist)
(?:.|[\n\r]){0,32}?
(?i:TOKEN|API)
(?:.|[\n\r]){0,32}?
\b
(
[0-9a-f]{40}
)
\b
pattern_requirements:
min_digits: 4
min_entropy: 3.5
confidence: medium
examples:
- 'TODOIST_API_TOKEN="0123456789abcdef0123456789abcdef01234567"'
- |
todoist_token = 'a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0'
negative_examples:
- 'TODOIST_URL="https://api.todoist.com"'
references:
- https://developer.todoist.com/rest/v2/#overview
- https://developer.todoist.com/guides/#developing-with-todoist
validation:
type: Http
content:
request:
method: GET
url: https://api.todoist.com/rest/v2/projects
headers:
Authorization: 'Bearer {{ TOKEN }}'
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: JsonValid

51
crates/kingfisher-rules/data/rules/unsplash.yml Normal file
View file

@ -0,0 +1,51 @@
rules:
- name: Unsplash Access Key
id: kingfisher.unsplash.1
pattern: |
(?xi)
\b
unsplash
(?:.|[\n\r]){0,32}?
(?:
access
(?:.|[\n\r]){0,12}?
key
|
client
(?:.|[\n\r]){0,12}?
id
)
(?:.|[\n\r]){0,32}?
\b
(
[A-Za-z0-9_]{43}
)
\b
pattern_requirements:
min_digits: 2
min_uppercase: 1
min_lowercase: 1
min_entropy: 3.5
confidence: medium
examples:
- 'UNSPLASH_ACCESS_KEY="Ab1Cd2Ef3Gh4Ij5Kl6Mn7Op8Qr9St0UvWxYz1234567"'
- |
unsplash_client_id = 'a1B2c3D4e5F6g7H8i9J0k1L2m3N4o5P6q7R8s9T0u1V'
negative_examples:
- 'UNSPLASH_URL="https://api.unsplash.com"'
references:
- https://unsplash.com/documentation
validation:
type: Http
content:
request:
method: GET
url: https://api.unsplash.com/photos?page=1&per_page=1
headers:
Accept-Version: v1
Authorization: 'Client-ID {{ TOKEN }}'
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: JsonValid

72
crates/kingfisher-rules/data/rules/wiz.yml Normal file
View file

@ -0,0 +1,72 @@
rules:
- name: Wiz Client ID
id: kingfisher.wiz.1
pattern: |
(?x)
\b
(?i:wiz)
(?:.|[\n\r]){0,32}?
(?i:CLIENT.?ID)
(?:.|[\n\r]){0,32}?
\b
(
[a-zA-Z0-9]{53}
)
\b
pattern_requirements:
min_digits: 3
min_uppercase: 3
min_lowercase: 3
min_entropy: 4.0
confidence: medium
visible: false
examples:
- 'WIZ_CLIENT_ID="aB1cD2eF3gH4iJ5kL6mN7oP8qR9sT0uV1wX2yZ3aA4bB5cC6dD7eF"'
negative_examples:
- 'WIZ_URL="https://app.wiz.io"'
references:
- https://docs.wiz.io/wiz-docs/docs/using-the-wiz-api
- name: Wiz Client Secret
id: kingfisher.wiz.2
pattern: |
(?x)
\b
(?i:wiz)
(?:.|[\n\r]){0,32}?
(?i:CLIENT.?SECRET|SECRET)
(?:.|[\n\r]){0,32}?
\b
(
[a-zA-Z0-9]{64}
)
\b
pattern_requirements:
min_digits: 4
min_uppercase: 4
min_lowercase: 4
min_entropy: 4.0
confidence: medium
depends_on_rule:
- rule_id: kingfisher.wiz.1
variable: CLIENT_ID
examples:
- 'WIZ_CLIENT_SECRET="aB1cD2eF3gH4iJ5kL6mN7oP8qR9sT0uV1wX2yZ3aA4bB5cC6dD7eE8fF9gG0hH1i"'
negative_examples:
- 'WIZ_URL="https://app.wiz.io"'
references:
- https://docs.wiz.io/wiz-docs/docs/using-the-wiz-api
validation:
type: Http
content:
request:
method: POST
url: https://auth.app.wiz.io/oauth/token
headers:
Content-Type: application/x-www-form-urlencoded
body: 'grant_type=client_credentials&client_id={{ CLIENT_ID }}&client_secret={{ TOKEN }}&audience=wiz-api'
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: JsonValid