From 65de1b029019aa8ddd8329d3bd61238b993ebad0 Mon Sep 17 00:00:00 2001
From: Mick Grove <mick.grove@mongodb.com>
Date: Mon, 30 Jun 2025 17:04:29 -0700
Subject: [PATCH] added rules for deepseek, xai. Removed branding. Added a
 NOTICE file

---
 CHANGELOG.md            |  5 +++++
 Cargo.toml              |  2 +-
 NOTICE                  | 35 +++++++++++++++++++++++++++++++++++
 README.md               |  2 ++
 data/rules/deepseek.yml | 35 +++++++++++++++++++++++++++++++++++
 data/rules/xAI.yml      | 36 ++++++++++++++++++++++++++++++++++++
 src/cli/global.rs       |  7 ++-----
 7 files changed, 116 insertions(+), 6 deletions(-)
 create mode 100644 NOTICE
 create mode 100644 data/rules/deepseek.yml
 create mode 100644 data/rules/xAI.yml

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 304a49f..c9b4701 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,11 @@
 
 All notable changes to this project will be documented in this file.
 
+## [1.18.0]
+- Added rules for DeepSeek, xAI
+- Removed branding
+- Added NOTICE file
+
 ## [1.17.1]
 - Fixed broken sourcegraph rule
 - Added test to prevent this and similar issues
diff --git a/Cargo.toml b/Cargo.toml
index f428453..6a90c97 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -10,7 +10,7 @@ publish = false
 
 [package]
 name = "kingfisher"
-version = "1.17.1"
+version = "1.18.0"
 edition.workspace = true
 rust-version.workspace = true
 license.workspace = true
diff --git a/NOTICE b/NOTICE
new file mode 100644
index 0000000..da698e9
--- /dev/null
+++ b/NOTICE
@@ -0,0 +1,35 @@
+NOTICE file corresponding to Section 4 (d) of the Apache License, Version 2.0
+
+--------------------------------------------------------------------
+Upstream notices
+--------------------------------------------------------------------
+Copyright 2022 Praetorian Security, Inc <https://praetorian.com>.
+
+This product includes software from the Nosey Parker project developed
+by Praetorian Security, Inc:
+
+    https://github.com/praetorian-inc/noseyparker
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+--------------------------------------------------------------------
+Additional notices for Kingfisher
+--------------------------------------------------------------------
+Copyright 2025 MongoDB, Inc.
+https://www.mongodb.com
+
+Kingfisher is a fork of Nosey Parker that adds (at the time of writing):
+  - Live secret validation via cloud-provider APIs
+  - Extra detection rules and tree-sitter parsing
+  - Native GitLab integration and Windows x64 support
+Source repository: https://github.com/mongodb/kingfisher
diff --git a/README.md b/README.md
index f41545c..8e45179 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,7 @@ Kingfisher is a blazingly fast secret‑scanning and validation tool built in Ru
 
 Kingfisher originated as a fork of [Nosey Parker](https://github.com/praetorian-inc/noseyparker) by Praetorian Security, Inc, and is built atop their incredible work and the work contributed by the Nosey Parker community.
 
+Kingfisher extends Nosey Parker with live secret validation via cloud-provider APIs, augments regex detection with tree-sitter for code parsing, adds GitLab support, and builds a Windows x64 binary. 
 
 **MongoDB Blog**: [Introducing Kingfisher: Real-Time Secret Detection and Validation](https://www.mongodb.com/blog/post/product-release-announcements/introducing-kingfisher-real-time-secret-detection-validation)
 
@@ -138,6 +139,7 @@ kingfisher scan /path/to/repo --rule-stats
 ```
 
 ### Scan while ignoring likely test files
+
 ```bash
 # Scan source but skip likely unit / integration tests
 kingfisher scan ./my-project --ignore-tests
diff --git a/data/rules/deepseek.yml b/data/rules/deepseek.yml
new file mode 100644
index 0000000..f303c48
--- /dev/null
+++ b/data/rules/deepseek.yml
@@ -0,0 +1,35 @@
+rules:
+  - name: DeepSeek API Key
+    id:   kingfisher.deepseek.1
+    pattern: |
+      (?xi)
+      \b
+      (
+        sk-[a-f0-9]{32}
+      )                   
+      \b
+    min_entropy: 3.7
+    confidence: medium
+    examples:
+      - sk-ba588036180d4d1d9cebbf6456f1e220
+      - sk-2481fb3538a1453fac54f6cbdca981cb
+      - sk-8be2c2f8cf2e424aad1643c1d3944377
+    validation:
+      type: Http
+      content:
+        request:
+          method: GET
+          url: https://api.deepseek.com/models
+          headers:
+            Authorization: "Bearer {{ TOKEN }}"
+            Accept: application/json
+          response_matcher:
+            - report_response: true
+            - type: StatusMatch
+              status: [200]
+            - type: WordMatch
+              words: ['"data"']             
+              match_all_words: true
+    references:
+      - https://api-docs.deepseek.com/   
+      - https://api-docs.deepseek.com/api/list-models  
diff --git a/data/rules/xAI.yml b/data/rules/xAI.yml
new file mode 100644
index 0000000..398ac03
--- /dev/null
+++ b/data/rules/xAI.yml
@@ -0,0 +1,36 @@
+rules:
+  - name: xAI (Grok) API Key
+    id:   kingfisher.xai.1
+    pattern: |
+      (?xi)
+      \b
+      (
+        xai-[A-Za-z0-9_-]{70,120}
+      )         
+      \b
+    min_entropy: 3.8
+    confidence: medium
+    examples:
+      - xai-CNPlxZEZVpxDTRD8N6Luet7LwS2qyuijh7pdHbmNzswLAYSWUeODm8Cav2On1LqgrCewPvGCWxBqSbh3
+      - xai-RoGXl5O4gCeiTW1AtbVbDC3YLOEC3WubJFNSUvzlWq2Lt41kiFHc6P896yxrEMmHBdpC1e8M7fkmXSr8
+      - xai-vogGGUbepTcg1Qft4w2K46BXuS8eQzD6Q294eQhXc4yqHFzC4wfzAvnHM3sUGVvbHNzhqIPdRey8qm13
+    validation:
+      type: Http
+      content:
+        request:
+          method: GET
+          url: https://api.x.ai/v1/language-models
+          headers:
+            Authorization: "Bearer {{ TOKEN }}"
+            Accept: application/json
+          response_matcher:
+            - report_response: true
+            - type: WordMatch
+              words:
+                - '"Incorrect API key provided'
+              negative: true
+    references:
+      - https://x.ai/api 
+      - https://docs.x.ai/docs/api-reference
+      - https://docs.x.ai/docs/overview
+      - https://docs.x.ai/docs/management-api
diff --git a/src/cli/global.rs b/src/cli/global.rs
index 5a7cf94..37e0bbb 100644
--- a/src/cli/global.rs
+++ b/src/cli/global.rs
@@ -12,11 +12,8 @@ use crate::cli::commands::{
 
 #[deny(missing_docs)]
 #[derive(Parser, Debug)]
-#[command(
-    version = env!("CARGO_PKG_VERSION"),
-    after_help = "Made with \u{2764} by MongoDB",
-)]
-/// Kingfisher by MongoDB — Detect and validate secrets across files and full Git history
+
+/// Kingfisher — Detect and validate secrets across files and full Git history
 pub struct CommandLineArgs {
     /// The command to execute
     #[command(subcommand)]