From 69d447dcc95a9c292c9c1c5cfa1dabfe618150ec Mon Sep 17 00:00:00 2001
From: Akshay Jain <akjain_navan@users.noreply.github.com>
Date: Tue, 13 Jan 2026 13:00:55 +0530
Subject: [PATCH] Add detection for short sk-None- prefixed OpenAI API keys

OpenAI issues keys with sk-None- prefix in both short (56 char) and long
(130+ char) formats. The existing openai.2 rule only matches long keys
with {100,} minimum length. This adds openai.3 to detect the short variant:
sk-None- followed by exactly 48 alphanumeric characters.

Fixes detection gap where trufflehog found valid keys that kingfisher missed.
---
 data/rules/openai.yml | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/data/rules/openai.yml b/data/rules/openai.yml
index 3e8d7d8..d77801e 100644
--- a/data/rules/openai.yml
+++ b/data/rules/openai.yml
@@ -60,3 +60,32 @@ rules:
                 - 200
               type: StatusMatch
           url: https://api.openai.com/v1/models
+
+  - name: OpenAI API Key (Short Prefixed)
+    id: kingfisher.openai.3
+    pattern: |
+      (?xi)
+      (
+        sk-None-[A-Z0-9]{48}
+      )
+    pattern_requirements:
+      min_digits: 2
+    min_entropy: 3.3
+    confidence: medium
+    examples:
+      - sk-None-abcdefghij1234567890ABCDEFGHIJ1234567890abcdefgh
+    references:
+      - https://help.openai.com/en/articles/9132009-how-can-i-view-the-users-or-organizations-associated-with-an-api-key
+    validation:
+      type: Http
+      content:
+        request:
+          headers:
+            Authorization: 'Bearer {{ TOKEN }}'
+          method: GET
+          response_matcher:
+            - report_response: true
+            - status:
+                - 200
+              type: StatusMatch
+          url: https://api.openai.com/v1/me