rule improvements to reduce FP's

crates/kingfisher-rules/data/rules/atlassian.yml

@@ -13,10 +13,11 @@ rules:
       \b
     pattern_requirements:
       min_lowercase: 1
+      min_digits: 2
     min_entropy: 3.5
     confidence: medium
     examples:
-      - Atlassian_key = "DjayBenyJrtpvydFCzAphcqc"
+      - Atlassian_key = "DjayBeny2rtpvydF4zAphcqc"
       - "ATLASSIAN_API_TOKEN:'abcdef1234567890abcdef12'"
     references:
       - https://developer.atlassian.com/cloud/admin/organization/rest/api-group-orgs/#api-v1-orgs-get

crates/kingfisher-rules/data/rules/azurestorage.yml

@@ -32,20 +32,23 @@ rules:
     id: kingfisher.azurestorage.2
     pattern: |
       (?xi)
-      azure
-      (?:.|[\n\r]){0,128}?
-      (?:SECRET|PRIVATE|ACCESS|KEY|TOKEN)
-      (?:.|[\n\r]){0,128}?
-      ["':\s=}\]\)]
-      (
-          (?:
-              [A-Z0-9+\\/-]{86,88}={1,2}
-          )
-          |
-          (?:
-              [A-Z0-9+\\/-]{86,88}\b
-          )
+      \b
+      (?:
+        azure(?:[_\s-]*storage)?
+        (?:[_\s-]*(?:account[_\s-]*key|storage[_\s-]*key|shared[_\s-]*key|access[_\s-]*key|accountkey))
+        |
+        account[_\s-]*key
+        |
+        storage[_\s-]*key
       )
+      \b
+      (?:.|[\n\r]){0,24}?
+      [ \t]*[=:][ \t]*
+      ['"]?
+      (
+        [A-Z0-9+\\/-]{86,88}(?:={1,2})?
+      )
+      ['"]?
     pattern_requirements:
       min_digits: 2
       min_uppercase: 2

crates/kingfisher-rules/data/rules/google.yml

@@ -28,10 +28,14 @@ rules:
     id: kingfisher.google.3
     pattern: |
       (?xi)
-      client.?secret .{0,10}
+      client.?secret
+      (?:.|[\n\r]){0,10}?
+      [ \t]*[=:][ \t]*
+      ['"]?
       (
         [a-z0-9_-]{24}
       )
+      ['"]?
       (?: [^a-z0-9_-] |$)
     pattern_requirements:
       min_digits: 1
@@ -80,7 +84,13 @@ rules:
         (GOCSPX-[A-Z0-9_-]{28})
         |
         (?:
-          (?i) client.?secret .{0,10} \b ([A-Z0-9_-]{24})
+          (?i)
+          client.?secret
+          (?:.|[\n\r]){0,10}?
+          [ \t]*[=:][ \t]*
+          ['"]?
+          \b ([A-Z0-9_-]{24})
+          ['"]?
         )
       )
       (?:[^A-Z0-9_-] | $)

crates/kingfisher-rules/data/rules/redis.yml

@@ -85,7 +85,7 @@ rules:
       (?:PASSWORD|PASS|PASSWD|AUTH|SECRET|TOKEN)
       \b
       (?:.|[\n\r]){0,24}?
-      [=:\s]+
+      [ \t]*[=:][ \t]*
       ['"]?
       (?P<password>[a-zA-Z0-9%;._~!$&'()*+,;=/*+-]{8,64})
       ['"]?

crates/kingfisher-rules/data/rules/salesforce.yml

@@ -209,6 +209,10 @@ rules:
     min_entropy: 3.5
     pattern_requirements:
       min_digits: 3
+      ignore_if_contains:
+        - "www.w3.org"
+        - "/2001/"
+        - "/XMLSchema"
     confidence: medium
     examples:
       - |
@@ -309,6 +313,16 @@ rules:
       min_digits: 4
     min_entropy: 3.6
     confidence: medium
+    validation:
+      type: Http
+      content:
+        request:
+          method: GET
+          url: "https://login.salesforce.com/services/oauth2/authorize?response_type=code&client_id={{ TOKEN }}&redirect_uri=https%3A%2F%2Fexample.com%2Fcb"
+          response_matcher:
+            - report_response: true
+            - type: StatusMatch
+              status: [200]
     examples:
       - 3MVG9P8aWj9n4kT2xQ5mV7rY1bC3dF6gH8jK0mN2pR4tU6wX8zA1cE3gH5kM7qS9uV2xY4bD6fJ8nP1rT3vW5yZ7
     references:

crates/kingfisher-rules/data/rules/square.yml

@@ -7,6 +7,7 @@ rules:
       (
         EAAA[a-zA-Z0-9\-\+=]{60}
       )
+      \b
     pattern_requirements:
       min_digits: 4
     min_entropy: 3.3