forked from mirrors/kingfisher
rule improvements to reduce FP's
This commit is contained in:
Mick Grove
parent
c212768e8f
commit
e46fa7b86c
4 changed files with 60 additions and 15 deletions
|
|
@ -23,13 +23,24 @@ rules:
|
|||
- name: Alibaba Access Key Secret
|
||||
id: kingfisher.alibabacloud.2
|
||||
pattern: |
|
||||
(?xi)
|
||||
(?x)
|
||||
\b
|
||||
alibaba
|
||||
(?:.|[\n\r]){0,32}?
|
||||
(
|
||||
[a-z0-9]{30}
|
||||
(?i:alibaba|alibaba[\s_-]*cloud|aliyun)
|
||||
(?:.|[\n\r]){0,40}?
|
||||
(?i:access[\s_-]*key[\s_-]*secret|access[\s_-]*secret|secret|token|key)
|
||||
(?:.|[\n\r]){0,16}?
|
||||
(?:
|
||||
[=:]
|
||||
|
|
||||
["']\s*:\s*["']
|
||||
)
|
||||
\s*
|
||||
["']?
|
||||
(
|
||||
[A-Za-z0-9]{30}
|
||||
)
|
||||
\b
|
||||
["']?
|
||||
min_entropy: 4.2
|
||||
confidence: medium
|
||||
examples:
|
||||
|
|
|
|||
|
|
@ -31,33 +31,43 @@ rules:
|
|||
- name: Azure Storage Account Key
|
||||
id: kingfisher.azurestorage.2
|
||||
pattern: |
|
||||
(?xi)
|
||||
(?x)
|
||||
\b
|
||||
(?:
|
||||
azure(?:[_\s-]*storage)?
|
||||
(?i:azure)(?:[_\s-]*(?i:storage))?
|
||||
(?:[_\s-]*(?:account[_\s-]*key|storage[_\s-]*key|shared[_\s-]*key|access[_\s-]*key|accountkey))
|
||||
|
|
||||
account[_\s-]*key
|
||||
(?i:account)[_.\s-]*(?i:key)
|
||||
|
|
||||
storage[_\s-]*key
|
||||
(?i:storage)[_.\s-]*(?i:key)
|
||||
)
|
||||
\b
|
||||
(?:.|[\n\r]){0,24}?
|
||||
[ \t]*[=:][ \t]*
|
||||
['"]?
|
||||
(?:
|
||||
[=:]
|
||||
|
|
||||
["']\s*:\s*["']
|
||||
)
|
||||
\s*
|
||||
["']?
|
||||
(
|
||||
[A-Z0-9+\\/-]{86,88}(?:={1,2})?
|
||||
[A-Za-z0-9+/]{86}==
|
||||
)
|
||||
['"]?
|
||||
pattern_requirements:
|
||||
min_digits: 2
|
||||
min_uppercase: 2
|
||||
min_lowercase: 2
|
||||
min_special_chars: 1
|
||||
min_entropy: 4.0
|
||||
confidence: medium
|
||||
examples:
|
||||
- Azure AccountKey=Xy9aB8cD7eF6gH5iJ4kL3mN2oP1qR0sT9uV8wX7yZ6aB5cD4eF3gH2iJ1kL0mN9oP8qR7sT6uV5wX4yZ3aB2cD1q
|
||||
- Azure AccountKey=Ky7aC1cD7eF6gH5iJ4kL3mN2oP1qR0sT9uV8wX7yZ6aB5cD4eF3gH2iJ1kL0mN9oP8qR7sT6uV5wX4yZ3aB2cD1g==\
|
||||
- Azure AccountKey=oqb4TdY9T0hphvktd5fJnMiHuQqzVy1jd5sSuOpAbGkaoqTlrHl0BOJN2okcasinVLOJzfDbZo1L+ASt68RAhA==
|
||||
- Azure AccountKey=B/1EVX2Ui47X09tqU3GI/j+Nko9r5COPm0Hea9tfzitF9MQX9lZZiNO3tYQckWnt+rtlGIWS+sCx+AStkq8ZLg==
|
||||
- Azure AccountKey=u45diQdTiXeuSKl5r4EjgbPP72EYpuTNEzfMTi0mk+d2sTisA4gWzt4H1Ag3kqFaCykWZv2S6KQo+AStHF56RQ==
|
||||
- Azure AccountKey=b8a/Z4wFAbhOPQTMa4PUTKr2XQhwoyWtP/3PnEto3mK86CFQnVYyTV/HSrij88h5jVYyzwUk0oTw+AStIKN/4w==
|
||||
- Azure AccountKey=JJD1GDiHCmtTpCOKpBYkXgZKrZvi7P4mRDe3jNVGc/JL/bp51uWcWL0rkOByk5VsX2MM62A/ABkE+AStU9qMkA==
|
||||
- Azure AccountKey=u45diQdTiXeuSKl5r4EjgbPP72EYpuTNEzfMTi0mk+d2sTisA4gWzt4H1Ag3kqFaCykWZv2S6KQo+AStHF56RQ==
|
||||
validation:
|
||||
type: AzureStorage
|
||||
references:
|
||||
|
|
|
|||
|
|
@ -8,9 +8,9 @@ rules:
|
|||
\.
|
||||
ey[A-Za-z0-9_-]{12,} (?# payload )
|
||||
\.
|
||||
[A-Za-z0-9_-]{12,} (?# signature )
|
||||
[A-Za-z0-9_-]{24,} (?# signature )
|
||||
)
|
||||
(?:[^A-Z0-9_-])
|
||||
(?:[^A-Za-z0-9_-]|$)
|
||||
pattern_requirements:
|
||||
min_digits: 4
|
||||
min_entropy: 3.3
|
||||
|
|
|
|||
|
|
@ -125,6 +125,30 @@ rules:
|
|||
- "****"
|
||||
- "xxxx"
|
||||
- "example"
|
||||
- "<password>"
|
||||
- "<db_password>"
|
||||
- "<username>"
|
||||
- "<u>:<p>"
|
||||
- "<redacted>"
|
||||
- "<DO_NOT_UPDATE_AUTH>"
|
||||
- "{username}:{password}"
|
||||
- "{password}"
|
||||
- "${"
|
||||
- "$("
|
||||
- "{{"
|
||||
- "<"
|
||||
- ":pass@"
|
||||
- ":password@"
|
||||
- ":secret@"
|
||||
- ":passw0rd@"
|
||||
- ":secretPassw0rd@"
|
||||
- ":wrong_password@"
|
||||
- ":fakepassword@"
|
||||
- "@host:"
|
||||
- "@host/"
|
||||
- "@host1:"
|
||||
- "@some.address"
|
||||
- "@connectionString.com"
|
||||
min_entropy: 3
|
||||
examples:
|
||||
- client = mongoc_client_new ("mongodb+srv://someuser:hunter2@my-atlas-rd941.mongodb.net/test?retryWrites=true&w=majority");
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue