eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions

performance improvements and rule improvements

Browse source
This commit is contained in:
Mick Grove 2026-04-21 14:32:32 -07:00
commit bc65ce9d5b
4 changed files with 92 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

2
crates/kingfisher-rules/data/rules/highnote.yml
View file

@ -8,7 +8,7 @@ rules:
(?:.|[\n\r]){0,24}?
\b
(
(?:sk|rk)_(?:live|test)_[a-zA-Z0-9]{20,60}
sk_live_a2V5Xz[A-Za-z0-9+/]{69}
)
\b
pattern_requirements:

34
crates/kingfisher-rules/data/rules/stripe.yml
View file

@ -1,26 +1,22 @@
rules:
- name: Stripe Publishable Key
id: kingfisher.stripe.1
pattern: |
(?xi)
(?:stripe|strp)
(?:.|[\n\r]){0,16}?
(?:SECRET|PRIVATE|ACCESS|KEY|TOKEN)
(?:.|[\n\r]){0,16}?
(
pk_live_
(?:[0-9A-Z]{6}){4,30}
(?x)
\b
(
pk_live_[A-Za-z0-9]{24,128}
)
\b
pattern_requirements:
min_digits: 2
min_uppercase: 1
min_lowercase: 1
min_entropy: 3.3
confidence: medium
categories: [api, key]
examples:
- stripe_pub_key = pk_live_HQS0j4H75XpthOW87eY1sXa2BYz3Ab
- stripe_pub_key = pk_live_51O4GlNLQpd8Ph8H3or6Sv8fhuSPIQncX0dY318y8Hc9SYRyS4aeyrTN19ztOmAsuVZSTKNfI7RZoSOwNkLa0cwm010oLA68VFA
references:
- https://stripe.com/docs/api/authentication
@ -28,25 +24,20 @@ rules:
id: kingfisher.stripe.2
pattern: |
(?xi)
(?:stripe|strp)
(?:.|[\n\r]){0,16}?
(?:SECRET|PRIVATE|ACCESS|KEY|TOKEN)
(?:.|[\n\r]){0,16}?
(?x)
\b
(
(?:
sk|rk
)_live_
(?:[0-9A-Z]{8}){3,25}
(?:sk|rk)_(?:test|live)_[A-Za-z0-9]{24,128}
)
\b
pattern_requirements:
min_digits: 2
min_entropy: 3.3
confidence: medium
examples:
- stripe_secret_key = sk_live_f01c79xuuug7yodgzj5ws0h1x2kyvho3
- stripe_secret_key = pk_live_51O4GlNLQpd8Ph8H3or6Sv8fhuSPIQncX0dY318y8Hc9SYRyS4aeyrTN19ztOmAsuVZSTKNfI7RZoSOwNkLa0cwm010oLA68VFA
- "strp_sec_key: rk_live_4haG9YwGkL2hXqTj5pSzo8FzB3uCwE7n"
validation:
type: Http
content:
@ -61,7 +52,6 @@ rules:
- type: StatusMatch
status: [200]
- type: WordMatch
match_all_words: true
words: ['"object":"account"']
words: ['"object":"account"','"id":']
references:
- https://stripe.com/docs/api/authentication

75
crates/kingfisher-rules/data/rules/upstash.yml
View file

@ -74,3 +74,78 @@ rules:
- 'upstash_url=https://sharp-raven-67890.upstash.io'
references:
- https://upstash.com/docs/redis/features/restapi
- name: Upstash Account Email
id: kingfisher.upstash.3
pattern: |
(?xi)
\b
(?:
UPSTASH_EMAIL
|
upstash
(?:.|[\n\r]){0,40}?
email
)
(?:.|[\n\r]){0,12}?
(
[A-Za-z0-9._%+\-]+
@
[A-Za-z0-9.\-]+\.[A-Za-z]{2,}
)
\b
min_entropy: 2.0
confidence: medium
visible: false
examples:
- UPSTASH_EMAIL=agent@example.com
- 'upstash email: "ops.bot@example.org"'
references:
- https://upstash.com/docs/devops/cli/overview
- name: Upstash Management API Key
id: kingfisher.upstash.4
pattern: |
(?xi)
\b
(?i:upstash)
(?:.|[\n\r]){0,24}?
\b
(
[0-9a-f]{8}
-
[0-9a-f]{4}
-
4[0-9a-f]{3}
-
[89ab][0-9a-f]{3}
-
[0-9a-f]{12}
)
\b
min_entropy: 3.0
confidence: medium
examples:
- UPSTASH_API_KEY=7e6fbb80-71d8-4f97-9b38-62c17a3de154
- 'upstash management api key: "9d13b4f2-2d43-4378-8f32-4fca3d6be861"'
references:
- https://upstash.com/docs/devops/developer-api/authentication
- https://upstash.com/docs/devops/cli/overview
depends_on_rule:
- rule_id: kingfisher.upstash.3
variable: UPSTASH_EMAIL
validation:
type: Http
content:
request:
method: GET
url: https://api.upstash.com/v2/redis/databases
headers:
Accept: application/json
Authorization: "Basic {{ UPSTASH_EMAIL | append: ':' | append: TOKEN | b64enc }}"
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: JsonValid
# Upstash Management API keys are created and deleted in the Upstash console; no self-revocation API is documented.

5
crates/kingfisher-rules/data/rules/workos.yml
View file

@ -4,8 +4,11 @@ rules:
pattern: |
(?x)
\b
(?i:workos)
(?:.|[\n\r]){0,24}?
\b
(
sk_(?:live|test)_a2V5Xz[A-Za-z0-9+/]{69}
sk_live_a2V5Xz[A-Za-z0-9+/]{69}
)
\b
pattern_requirements: