From a5582d05444294f93094b809b5d6a5a5fba1ea4c Mon Sep 17 00:00:00 2001 From: Mick Grove Date: Tue, 24 Feb 2026 12:56:50 -0700 Subject: [PATCH] added redis rule, modified from Titus project, and updated NOTICE file --- README.md | 3 ++- crates/kingfisher-rules/data/rules/redis.yml | 17 ++++++----------- 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 4f29db2..3d65bbd 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,8 @@

Kingfisher Logo -[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
+[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) +[![Detection Rules](https://img.shields.io/badge/Detection%20Rules-473-2ea043.svg)](https://github.com/mongodb/kingfisher)
[![ghcr downloads](https://ghcr-badge.elias.eu.org/shield/mongodb/kingfisher/kingfisher)](https://github.com/mongodb/kingfisher/pkgs/container/kingfisher)
diff --git a/crates/kingfisher-rules/data/rules/redis.yml b/crates/kingfisher-rules/data/rules/redis.yml index 1dbb098..61cc2eb 100644 --- a/crates/kingfisher-rules/data/rules/redis.yml +++ b/crates/kingfisher-rules/data/rules/redis.yml @@ -3,31 +3,28 @@ rules: name: Redis URI Connection String # Hyperscan-compatible pattern (no lookbehind) # Host supports hostnames, IPv4, and IPv6 in brackets + # Supports both "username:password@host" and ":password@host" (password-only) pattern: | (?xi) (?: redis | rediss | redis\+sentinel ) :// (?# URI scheme ) (?: (?P[a-zA-Z0-9%;._~!$&'()*+,;=-]{1,}) (?# username - optional ) : )? - (?P[a-zA-Z0-9%;._~!$&'()*+,;=/*+-]{8,}) (?# password - min 8 chars ) - @ (?P(?:\[[0-9a-fA-F:.]+\]|[a-zA-Z0-9_.-]+)) (?: :(?P\d{1,5}))? (?# host and optional port ) + (?P[a-zA-Z0-9%;._~!$&'()*+,;=/+-]{8,}) (?# password - min 8 chars ) + @ (?P[a-zA-Z0-9_.-]{1,}) (?: :(?P\d{1,5}))? (?# hostname and optional port ) (?: / (?P\d{1,2}))? (?# optional database number ) \b pattern_requirements: - min_digits: 1 ignore_if_contains: - "****" - "xxxx" - "example.com" - "your_password" - "your-password" - - "changeme" - - "replaceme" - ":password@" - ":secret@" - "localhost" - - "127.0.0.1" - "# redis" - "// redis" @@ -39,7 +36,7 @@ rules: - 'rediss://admin:TESTsecur3K3y456@redis.cache.internal:6380/1' - 'redis+sentinel://default:SAMPLEr3d1sK3y789@sentinel.cluster.local:26379' - 'redis://:oJs3RjFV5CVDyObDiooJk8NGGSylGTlNmAzCaPVydjM=@gainazurecacheforredis03.eastus.redisenterprise.cache.azure.net:10000' - - 'redis://default:MyP4ss@192.168.1.10:6379/2' + - 'redis://default:MyP4ssw0rd@192.168.1.10:6379/2' - 'rediss://:token123@[::1]:6380/0' references: @@ -61,10 +58,9 @@ rules: (?:,|\s) (?# separator ) .*? host\s*=\s* (?# host key ) - (?P(?:\[[0-9a-fA-F:.]+\]|[a-zA-Z0-9_.-]+)) (?# host - hostname, IPv4, or IPv6 ) + (?P[a-zA-Z0-9_.-]+) (?# host - hostname, IPv4, or IPv6 ) pattern_requirements: - min_digits: 1 ignore_if_contains: - "password=None" - "passwd=None" @@ -92,11 +88,10 @@ rules: (?:.|[\n\r]){0,24}? [=:\s]+ ['"]? - (?P[a-zA-Z0-9%;._~!$&'()*+,;=/*+-]{8,}) + (?P[a-zA-Z0-9%;._~!$&'()*+,;=/*+-]{8,64}) ['"]? pattern_requirements: - min_digits: 1 ignore_if_contains: - "****" - "xxxx"