eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions

Updated Supabase rule to detect project url's and validate their corresponding tokens

Browse source
This commit is contained in:
Mick Grove 2025-08-05 16:25:22 -07:00
commit c2e227a832
2 changed files with 53 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -5,6 +5,7 @@ All notable changes to this project will be documented in this file.
## [1.34.0]
- Use system TLS root certificates to support self-hosted GitLab instances with internal CAs
- Added new rule: Coze personal access token
- Updated Supabase rule to detect project url's and validate their corresponding tokens
## [1.33.0]
- Fixed header precedence so custom HTTP validation headers like `Accept` are preserved

54
data/rules/supabase.yml
View file

@ -1,5 +1,5 @@
rules:
- name: Supabase API Key
- name: Supabase Management Token
id: kingfisher.supabase.1
pattern: |
(?xi)
@ -27,4 +27,54 @@ rules:
- report_response: true
- type: StatusMatch
status:
- 200
- 200
- name: Supabase Project API Key
id: kingfisher.supabase.2
pattern: |
(?xi)
\b
(
sb_secret_[a-z0-9_-]{31}
)
\b
min_entropy: 4.0
confidence: high
validation:
type: Http
content:
request:
method: GET
url: "{{SBPROJECTURL}}/rest/v1/?select=*"
headers:
Apikey: "{{TOKEN}}"
User-Agent: ""
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: WordMatch
words:
- '"host":'
references:
- https://supabase.com/docs/reference/api/v1-get-an-organization
examples:
- "sb_secret_9uM4GhB0STF5R4K3HxQtlg_bzWW6DRj"
- "sb_secret_szE_jsbktD3pWgnfUjgahw_hcHEIOBH"
depends_on_rule:
- rule_id: "kingfisher.supabase.3"
variable: SBPROJECTURL
- name: Supabase Project URL
id: kingfisher.supabase.3
pattern:
(?xi)
(
https:\/\/[a-z0-9]{16,32}\.supabase\.co
)
confidence: medium
min_entropy: 3.0
visible: false
validation:
references:
- https://supabase.com/docs/guides/api
examples:
- "https://ejcvydfyxzmbtfbfstnq.supabase.co"