eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions

Added rules for line

Browse source
This commit is contained in:
Mick Grove 2025-06-25 14:22:37 -07:00
commit cc75be309b
3 changed files with 114 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

24
data/rules/jenkins.yml Normal file
View file

@ -0,0 +1,24 @@
rules:
- name: Jenkins Token or Crumb
id: kingfisher.jenkins.1
pattern: '(?i)jenkins.{0,10}(?:crumb)?.{0,10}\b([0-9a-f]{32,36})\b'
categories: [api, fuzzy, secret]
min_entropy: 3.3
confidence: medium
examples:
- |
jenkins_user = 'root'
# jenkins_passwd = '116365fd86d63bf507aba962606a5c8956' Pre token
jenkins_passwd = '11811f784531053132519844d047186074' # Dev Token
jenkins_url = 'http://10.1.188.121'
- |
export JENKINS_USER=justin-admin-edit-view
export JENKINS_TOKEN=11f4274ec59be12eace9a08b08ee13d54b
export JENKINS=jenkins-cicd.apps.sno.openshiftlabs.net
- |
sh "curl -X POST 'http://jenkins.lsfusion.luxsoft.by/job/${Paths.updateParentVersionsJob}/build' --user ${USERPASS} -H 'Jenkins-Crumb:440561953171ba44ace9740562d172bb'"
negative_examples:
- '1. ~~Does not play well with [Build Token Root Plugin](https://wiki.jenkins-ci.org/display/JENKINS/Build+Token+Root+Plugin) URL formats.~~ (added with [this commit](https://github.com/morficus/Parameterized-Remote-Trigger-Plugin/commit/f687dbe75d1c4f39f7e14b68220890384d7c5674) )'
references:
- https://www.jenkins.io/blog/2018/07/02/new-api-token-system/
- https://www.jenkins.io/doc/book/security/csrf-protection/

54
data/rules/jira.yml Normal file
View file

@ -0,0 +1,54 @@
rules:
- name: Jira Domain
id: kingfisher.jira.1
pattern: |
(?x)
(?i)
(
[a-z][a-z0-9-]{5,24}\.atlassian\.net
)
\b
min_entropy: 3.5
visible: false
confidence: medium
examples:
- example-jira.atlassian.net
- jira.sprintUri= https://leakyday.atlassian.net/rest
- name: Jira Token
id: kingfisher.jira.2
pattern: |
(?x)
(?i)
\b
jira
(?:.|[\n\r]){0,8}?
(?:SECRET|PRIVATE|ACCESS|KEY|PASSWORD|TOKEN)
(?:.|[\n\r]){0,16}?
\b
(
[a-z0-9-]{24}
)
\b
min_entropy: 3.3
confidence: medium
examples:
- 'Here is my Jira token: VDOheDe1sSCeGkuTARhkFDE2'
- public static final String JIRA_PASSWORD = "VDOheDe1sSCeGkuTARhkFDE2";
validation:
type: Http
content:
request:
headers:
Accept: application/json
Authorization: Basic {{ TOKEN }}
method: GET
response_matcher:
- report_response: true
- status:
- 200
type: StatusMatch
url: https://{{ DOMAIN }}/rest/api/3/dashboard
depends_on_rule:
- rule_id: kingfisher.jira.1
variable: DOMAIN

36
data/rules/line.yml Normal file
View file

@ -0,0 +1,36 @@
rules:
- name: Line Messaging API Token
id: kingfisher.line.1
pattern: |
(?x)
(?i)
\b
line
(?:.|[\n\r]){0,32}?
(?:SECRET|PRIVATE|ACCESS|KEY|TOKEN)
(?:.|[\n\r]){0,32}?
\b
(
(?:[0-9A-Za-z+/]{57}){3}=?
)
min_entropy: 3.5
confidence: medium
examples:
- line_access_token = 13IRTqF+j0TfDtuJoIWKRBPhpDnqYUaaSlOilnoy0urLE+kbf5hN4HUf5pSPw20ruyO0BFFF1IDjnBojctp5emFw0hZ51WxB8c75qo48upJInfmqDQ1xrFd4yFKBwx4yRBHYXmI/FyrtcWKd0FBoBAdB04t81/1O/w1cDnyilFU=
- linemsg_token:"13IRTqF+j0TfDtuJoIWKRBPhpDnqYUaaSlOilnoy0urLE+kbf5hN4HUf5pSPw20ruyO0BFFF1IDjnBojctp5emFw0hZ51WxB8c75qo48upJInfmqDQ1xrFd4yFKBwx4yRBHYXmI/FyrtcWKd0FBoBAdB04t81/1O/w1cDnyilFU="
references:
- https://developers.line.biz/en/reference/messaging-api/#get-consumption
validation:
type: Http
content:
request:
headers:
Authorization: 'Bearer {{ TOKEN }}'
Content-Type: application/json
method: GET
response_matcher:
- report_response: true
- status:
- 200
type: StatusMatch
url: https://api.line.me/v2/bot/message/quota/consumption