forked from mirrors/kingfisher
v1.81.0
This commit is contained in:
Mick Grove
parent
2a8bb9c361
commit
e518fb30f2
139 changed files with 1185 additions and 221 deletions
3
.vscode/settings.json
vendored
Normal file
3
.vscode/settings.json
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
{
|
||||
"sarif-viewer.connectToGithubCodeScanning": "off"
|
||||
}
|
||||
|
|
@ -2,6 +2,12 @@
|
|||
|
||||
All notable changes to this project will be documented in this file.
|
||||
|
||||
## [v1.81.0]
|
||||
- Fixed checksum-template evaluation for prefixed tokens by using explicit checksum/body captures in NPM, GitHub, Confluent, and GitLab rules.
|
||||
- Updated references sections to rules with API documentation links.
|
||||
- Updated Google OAuth credentials rule requirements so bundled client-id/client-secret examples pass `rules check` consistently.
|
||||
- Added gRPC validation support for gRPC-only APIs via `validation: type: Grpc` (e.g., Modal administrative keys).
|
||||
|
||||
## [v1.80.0]
|
||||
- Added `--full-validation-response` flag to include complete validation response bodies without truncation. By default, validation responses are still truncated to 512 characters for readability. When enabled, users can parse and present full validation responses as needed (e.g., for GitHub token validation responses that include user metadata beyond the first 512 characters).
|
||||
- Improved AWS rule.
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ publish = false
|
|||
|
||||
[package]
|
||||
name = "kingfisher"
|
||||
version = "1.80.0"
|
||||
version = "1.81.0"
|
||||
description = "MongoDB's blazingly fast and accurate secret scanning and validation tool"
|
||||
edition.workspace = true
|
||||
rust-version.workspace = true
|
||||
|
|
@ -221,6 +221,9 @@ gcloud-storage = { version = "1.1.1", default-features = false, features = [
|
|||
] }
|
||||
tokei = "12.1.2"
|
||||
crc32fast = "1.5.0"
|
||||
bytes = "1.11.1"
|
||||
tokio-rustls = "0.26.4"
|
||||
h2 = "0.4.13"
|
||||
|
||||
[target.'cfg(not(windows))'.dependencies]
|
||||
sha1 = { version = "0.10.6", features = ["asm"] }
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ Designed for offensive security engineers and blue-teamers alike, Kingfisher hel
|
|||
### Performance, Accuracy, and Hundreds of Rules
|
||||
- **Performance**: multithreaded, Hyperscan‑powered scanning built for huge codebases
|
||||
- **Extensible rules**: hundreds of built-in detectors plus YAML-defined custom rules ([docs/RULES.md](/docs/RULES.md))
|
||||
- **Validate & Revoke**: live validation of discovered secrets, plus direct revocation for supported platforms (GitHub, GitLab, Slack, AWS, GCP, and more) ([docs/USAGE.md](/docs/USAGE.md))
|
||||
- **Validate & Revoke**: live validation of discovered secrets, plus direct revocation for supported platforms (GitHub, GitLab, Slack, AWS, GCP, and more)[docs/USAGE.md](/docs/USAGE.md))
|
||||
- **Blast Radius Mapping**: instantly map leaked keys to their effective cloud identities and exposed resources with `--access-map`. Supports AWS, GCP, Azure, GitHub, Gitlab, and more token support coming.
|
||||
- **Broad AI SaaS coverage**: finds and validates tokens for OpenAI, Anthropic, Google Gemini, Cohere, AWS Bedrock, Voyage AI, Mistral, Stability AI, Replicate, xAI (Grok), Ollama, Langchain, Perplexity, Weights & Biases, Cerebras, Friendli, Fireworks.ai, NVIDIA NIM, Together.ai, Zhipu, and many more
|
||||
- **Compressed Files**: Supports extracting and scanning compressed files for secrets
|
||||
|
|
|
|||
BIN
__pycache__/check_references.cpython-314.pyc
Normal file
BIN
__pycache__/check_references.cpython-314.pyc
Normal file
Binary file not shown.
|
|
@ -31,3 +31,5 @@ rules:
|
|||
- type: WordMatch
|
||||
words:
|
||||
- '"username"'
|
||||
references:
|
||||
- https://io.adafruit.com/api/docs/#authentication
|
||||
|
|
|
|||
|
|
@ -21,7 +21,6 @@ rules:
|
|||
\b
|
||||
pattern_requirements:
|
||||
min_digits: 2
|
||||
min_uppercase: 1
|
||||
min_lowercase: 1
|
||||
min_entropy: 3.2
|
||||
confidence: medium
|
||||
|
|
|
|||
|
|
@ -30,6 +30,8 @@ rules:
|
|||
- 200
|
||||
type: StatusMatch
|
||||
url: https://{{ APPID }}-dsn.algolia.net/1/keys/{{ TOKEN }}
|
||||
references:
|
||||
- https://www.algolia.com/doc/rest-api/overview/#authentication
|
||||
depends_on_rule:
|
||||
- rule_id: "kingfisher.algolia.2"
|
||||
variable: APPID
|
||||
|
|
@ -51,3 +53,5 @@ rules:
|
|||
confidence: medium
|
||||
examples:
|
||||
- algolia_app_id = "WRB8YLFW7Y"
|
||||
references:
|
||||
- https://www.algolia.com/doc/rest-api/overview/#authentication
|
||||
|
|
|
|||
|
|
@ -17,6 +17,9 @@ rules:
|
|||
examples:
|
||||
- LTAI8x2NiGqfyJGx7eLDhp12
|
||||
- LTAI5GqyJGhp12ad31L5hpix
|
||||
references:
|
||||
- https://www.alibabacloud.com/help/en/ram/latest/create-an-accesskey-pair
|
||||
- https://www.alibabacloud.com/help/en/openapi/using-openapi/signature-method-v1
|
||||
- name: Alibaba Access Key Secret
|
||||
id: kingfisher.alibabacloud.2
|
||||
pattern: |
|
||||
|
|
@ -62,6 +65,9 @@ rules:
|
|||
status: [200]
|
||||
- type: WordMatch
|
||||
words: ['"Arn"']
|
||||
references:
|
||||
- https://www.alibabacloud.com/help/en/openapi/using-openapi/signature-method-v1
|
||||
- https://www.alibabacloud.com/help/en/ram/latest/create-an-accesskey-pair
|
||||
depends_on_rule:
|
||||
- rule_id: kingfisher.alibabacloud.1
|
||||
variable: AKID
|
||||
|
|
@ -22,7 +22,6 @@ rules:
|
|||
\b
|
||||
pattern_requirements:
|
||||
min_digits: 2
|
||||
min_uppercase: 1
|
||||
min_lowercase: 1
|
||||
min_entropy: 3.5
|
||||
confidence: medium
|
||||
|
|
|
|||
|
|
@ -33,6 +33,9 @@ rules:
|
|||
type: StatusMatch
|
||||
- type: JsonValid
|
||||
url: https://{{ JFROGURL }}/artifactory/api/repositories
|
||||
references:
|
||||
- https://jfrog.com/help/r/jfrog-platform-administration-documentation/access-tokens
|
||||
- https://jfrog.com/help/r/jfrog-rest-apis/authentication
|
||||
depends_on_rule:
|
||||
- rule_id: "kingfisher.artifactory.2"
|
||||
variable: JFROGURL
|
||||
|
|
@ -58,6 +61,8 @@ rules:
|
|||
- mycompany.jfrog.io
|
||||
- my-company-name.jfrog.io
|
||||
- a.jfrog.io
|
||||
references:
|
||||
- https://jfrog.com/help/r/jfrog-rest-apis/artifactory-rest-apis
|
||||
|
||||
- name: Artifactory Identity Reference Token
|
||||
id: kingfisher.artifactory.3
|
||||
|
|
@ -89,6 +94,9 @@ rules:
|
|||
- 200
|
||||
type: StatusMatch
|
||||
url: https://{{ JFROGURL }}/artifactory/api/repositories
|
||||
references:
|
||||
- https://jfrog.com/help/r/jfrog-platform-administration-documentation/access-tokens
|
||||
- https://jfrog.com/help/r/jfrog-rest-apis/authentication
|
||||
depends_on_rule:
|
||||
- rule_id: "kingfisher.artifactory.2"
|
||||
variable: JFROGURL
|
||||
|
|
|
|||
|
|
@ -35,7 +35,6 @@ rules:
|
|||
\b
|
||||
pattern_requirements:
|
||||
min_digits: 2
|
||||
min_uppercase: 1
|
||||
min_lowercase: 1
|
||||
min_entropy: 3.5
|
||||
confidence: medium
|
||||
|
|
|
|||
|
|
@ -12,7 +12,6 @@ rules:
|
|||
)
|
||||
\b
|
||||
pattern_requirements:
|
||||
min_digits: 2
|
||||
min_lowercase: 1
|
||||
min_entropy: 3.5
|
||||
confidence: medium
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ rules:
|
|||
)
|
||||
\b
|
||||
pattern_requirements:
|
||||
min_digits: 2
|
||||
min_digits: 1
|
||||
ignore_if_contains:
|
||||
- "EXAMPLE"
|
||||
- "TEST"
|
||||
|
|
|
|||
|
|
@ -8,8 +8,6 @@ rules:
|
|||
(?: AccountKey | SharedAccessKey | SharedSecretValue) \s*=\s* ([^;]{1,100})
|
||||
(?: ;|$ )
|
||||
min_entropy: 3.3
|
||||
pattern_requirements:
|
||||
min_digits: 2
|
||||
confidence: medium
|
||||
examples:
|
||||
- |
|
||||
|
|
|
|||
|
|
@ -25,6 +25,9 @@ rules:
|
|||
- AccountName=mystorageaccount
|
||||
- mystorageaccount.blob.core.windows.net
|
||||
- azure_storage_name="prodblob2024"
|
||||
references:
|
||||
- https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview
|
||||
- https://learn.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key
|
||||
- name: Azure Storage Account Key
|
||||
id: kingfisher.azurestorage.2
|
||||
pattern: |
|
||||
|
|
@ -54,6 +57,9 @@ rules:
|
|||
- Azure AccountKey=Ky7aC1cD7eF6gH5iJ4kL3mN2oP1qR0sT9uV8wX7yZ6aB5cD4eF3gH2iJ1kL0mN9oP8qR7sT6uV5wX4yZ3aB2cD1g==\
|
||||
validation:
|
||||
type: AzureStorage
|
||||
references:
|
||||
- https://learn.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key
|
||||
- https://learn.microsoft.com/en-us/rest/api/storageservices/
|
||||
depends_on_rule:
|
||||
- rule_id: kingfisher.azurestorage.1
|
||||
variable: AZURENAME
|
||||
|
|
@ -17,8 +17,8 @@ rules:
|
|||
min_entropy: 3.0
|
||||
confidence: medium
|
||||
examples:
|
||||
- beamer = b_ByDfulghxvvmHbArJSFfQhxemJPQHOwplxuydlKEEbfe
|
||||
- "BEAMER_key = 'b_ByDfulghxvvmHbArJSFfQhxemJPQHOwplxuydlKEEbfe'"
|
||||
- 'beamer = b_ByDfulghx2vmHbArJSF9QhxemJPQHOwplxuydlKEEbfe'
|
||||
- "BEAMER_key = 'b_ByDfulghxvvmHb3rJSFfQhxe5JPQHOwplxuydlKEEbfe'"
|
||||
references:
|
||||
- https://getbeamer-api.pages.dev/
|
||||
validation:
|
||||
|
|
|
|||
|
|
@ -30,6 +30,9 @@ rules:
|
|||
- 200
|
||||
type: StatusMatch
|
||||
url: https://api.bitbucket.org/2.0/user
|
||||
references:
|
||||
- https://developer.atlassian.com/cloud/bitbucket/oauth-2/
|
||||
- https://developer.atlassian.com/cloud/bitbucket/rest/intro/#authentication
|
||||
|
||||
- name: Bitbucket Secret
|
||||
id: kingfisher.bitbucket.3
|
||||
|
|
@ -64,4 +67,7 @@ rules:
|
|||
- status:
|
||||
- 200
|
||||
type: StatusMatch
|
||||
url: https://api.bitbucket.org/2.0/user
|
||||
url: https://api.bitbucket.org/2.0/user
|
||||
references:
|
||||
- https://developer.atlassian.com/cloud/bitbucket/oauth-2/
|
||||
- https://developer.atlassian.com/cloud/bitbucket/rest/intro/#authentication
|
||||
|
|
@ -17,6 +17,8 @@ rules:
|
|||
- curl "https://fra1.blynk.cloud/external/api/get?token=Rps15JICmtRVbFyS_95houlLbm6xIQ2L&V1"
|
||||
- curl "https://lon1.blynk.cloud/external/api/get?token=Rps15JICmtRVbFyS_95houlLbm6xIQ2L&V1"
|
||||
- curl "https://blynk.cloud/external/api/update/property?token=Rps15JICmtRVbFyS_95houlLbm6xIQ2L&pin=v1&isDisabled=true"
|
||||
references:
|
||||
- https://docs.blynk.io/en/blynk.cloud/platform-https-api/authentication
|
||||
- name: Blynk Organization Access Token
|
||||
id: kingfisher.blynk.2
|
||||
pattern: |
|
||||
|
|
@ -36,6 +38,8 @@ rules:
|
|||
- |
|
||||
curl https://fra1.blynk.cloud/api/organization/profile \
|
||||
-H "Authorization: Bearer eIdWHQqRfFmvP5LDDh-IGxPUzi7I27HthzCPAVmS"
|
||||
references:
|
||||
- https://docs.blynk.io/en/blynk.cloud/platform-https-api/authentication
|
||||
- name: Blynk Organization Access Token
|
||||
id: kingfisher.blynk.3
|
||||
pattern: |
|
||||
|
|
@ -54,6 +58,8 @@ rules:
|
|||
- |
|
||||
curl -H "Authorization: Bearer eIdWHQqRfFmvP5LDDh-IGxPUzi7I27HthzCPAVmS" \
|
||||
https://fra1.blynk.cloud/api/organization/profile
|
||||
references:
|
||||
- https://docs.blynk.io/en/blynk.cloud/platform-https-api/authentication
|
||||
- name: Blynk Organization Client Credentials
|
||||
id: kingfisher.blynk.8
|
||||
pattern: |
|
||||
|
|
@ -74,6 +80,8 @@ rules:
|
|||
curl -X POST https://fra1.blynk.cloud/oauth2/token?grant_type=client_credentials \
|
||||
-u oa2-client-id_zmNtW-D0Toqpz4AZnBLCIlklBrz9ynU-:5uC5Y4Mcvdl5rB56rBmxnvB4DZgiIpcyTPbOoEWp
|
||||
- 'curl -X POST https://fra1.blynk.cloud/oauth2/token?grant_type=client_credentials&client_id=oa2-client-id_zmNtW-D0Toqpz4AZnBLCIlklBrz9ynU-&client_secret=5uC5Y4Mcvdl5rB56rBmxnvB4DZgiIpcyTPbOoEWp'
|
||||
references:
|
||||
- https://docs.blynk.io/en/blynk.console/settings/developers/oauth2
|
||||
- name: Blynk Organization Client Credentials
|
||||
id: kingfisher.blynk.9
|
||||
pattern: |
|
||||
|
|
@ -92,4 +100,6 @@ rules:
|
|||
- 'curl -X POST -u oa2-client-id_zmNtW-D0Toqpz4AZnBLCIlklBrz9ynU-:5uC5Y4Mcvdl5rB56rBmxnvB4DZgiIpcyTPbOoEWp https://fra1.blynk.cloud/oauth2/token?grant_type=client_credentials'
|
||||
- |
|
||||
curl -X POST -u oa2-client-id_zmNtW-D0Toqpz4AZnBLCIlklBrz9ynU-:5uC5Y4Mcvdl5rB56rBmxnvB4DZgiIpcyTPbOoEWp \
|
||||
https://fra1.blynk.cloud/oauth2/token?grant_type=client_credentials
|
||||
https://fra1.blynk.cloud/oauth2/token?grant_type=client_credentials
|
||||
references:
|
||||
- https://docs.blynk.io/en/blynk.console/settings/developers/oauth2
|
||||
|
|
@ -17,7 +17,7 @@ rules:
|
|||
- MERAKI_API_KEY=1234567890abcdef1234567890abcdef12345678
|
||||
- |-
|
||||
// Meraki configuration
|
||||
const MERAKI_KEY = "abcdefabcdefabcdefabcdefabcdefabcdefabcd";
|
||||
const MERAKI_KEY = "abcdefabcd12abcdefabcdefabcdefabcdefabcd";
|
||||
references:
|
||||
- https://developer.cisco.com/meraki/api-v1/overview/
|
||||
validation:
|
||||
|
|
|
|||
|
|
@ -32,4 +32,6 @@ rules:
|
|||
- type: WordMatch
|
||||
words:
|
||||
- '"Invalid API key provided"'
|
||||
negative: true
|
||||
negative: true
|
||||
references:
|
||||
- https://dashboard.clearbit.com/docs#authentication
|
||||
|
|
@ -35,7 +35,7 @@ rules:
|
|||
- rule_id: "kingfisher.clickhouse.2"
|
||||
variable: CLICKHOUSE_ID
|
||||
references:
|
||||
- https://clickhouse.com/docs/en/cloud/security/service-accounts
|
||||
- https://clickhouse.com/docs/cloud/security/cloud-access-management/overview
|
||||
- name: ClickHouse Cloud Key ID
|
||||
id: kingfisher.clickhouse.2
|
||||
pattern: |
|
||||
|
|
|
|||
|
|
@ -13,8 +13,6 @@ rules:
|
|||
[a-z0-9_-]{3,}
|
||||
)
|
||||
\b
|
||||
pattern_requirements:
|
||||
min_digits: 2
|
||||
confidence: medium
|
||||
min_entropy: 1.5
|
||||
visible: false
|
||||
|
|
|
|||
|
|
@ -15,15 +15,13 @@ rules:
|
|||
\b
|
||||
pattern_requirements:
|
||||
min_digits: 2
|
||||
min_uppercase: 1
|
||||
min_lowercase: 1
|
||||
min_entropy: 3.5
|
||||
confidence: medium
|
||||
examples:
|
||||
- cloudflareAPIKey = A1B2C3D4E5F6G7H8I9J0K1L2M3N4O5P6Q7R8S9T0
|
||||
- cloudflareAPIKey = y3u7gjcxzpboe2hs50hvuewsx10koco3z327z_1i
|
||||
- |
|
||||
CLOUDFLARE_API_TOKEN: 'a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0'
|
||||
cloudflare_key="B1C2D3E4F5G6H7I8J9K0L1M2N3O4P5Q6R7S8T9U0V1"
|
||||
CLOUDFLARE_API_TOKEN: '0pf-j25nxkrkhp8t62qh6k4921ptv09ozq9k0kva'
|
||||
cloudflare_key="y3u7gjcxzpboe2hs50hvuewsx10koco3z327z_1i"
|
||||
references:
|
||||
- https://developers.cloudflare.com/api/resources/user/subresources/tokens/methods/verify/
|
||||
validation:
|
||||
|
|
@ -61,7 +59,7 @@ rules:
|
|||
- |
|
||||
cloudflare_service_key: "v1.0-e26de050e02ddeaeef6de8d5ee267df5e78f68666ddd0ee76f22d26a0d20756f-eda77de60e8e76077e162727656787de2005d25e2f6e502e2d067657ed65722eade065275001a0f6f6e521e5e1fd76a6e8d7e2d6da8a2ee01e66e061e22570e2-07f2ede0aed78e82e8d2e620aaef8656d81e762266d7d226a205de7e18e2256a"
|
||||
references:
|
||||
- https://developers.cloudflare.com/api/keys/
|
||||
- https://developers.cloudflare.com/fundamentals/api/get-started/keys/
|
||||
- https://developers.cloudflare.com/fundamentals/api/get-started/keys/
|
||||
validation:
|
||||
type: Http
|
||||
|
|
|
|||
|
|
@ -33,4 +33,6 @@ rules:
|
|||
- status:
|
||||
- 200
|
||||
type: StatusMatch
|
||||
url: https://app.codacy.com/api/v3/user/organizations
|
||||
url: https://app.codacy.com/api/v3/user/organizations
|
||||
references:
|
||||
- https://docs.codacy.com/codacy-api/using-the-codacy-api
|
||||
|
|
@ -23,7 +23,7 @@ rules:
|
|||
- CODECLIMATE_API_TOKEN=d37a8b9e09642cb73cfcf4e1284815fc3d6a55a7714110187ac59856ae4ab5ad
|
||||
- CODECLIMATE_API_TOKEN="d37a8b9e09642cb73cfcf4e1284815fc3d6a55a7714110187ac59856ae4ab5ad"
|
||||
references:
|
||||
- https://developer.codeclimate.com/#overview
|
||||
- https://github.com/codeclimate/codeclimate-services
|
||||
validation:
|
||||
type: Http
|
||||
content:
|
||||
|
|
|
|||
|
|
@ -34,6 +34,6 @@ rules:
|
|||
words:
|
||||
- '"count":'
|
||||
references:
|
||||
- https://docs.codecov.com/reference/api-overview
|
||||
- https://docs.codecov.com/reference
|
||||
examples:
|
||||
- "codecov_token = 52acf265-3fc6-4ecd-304a-15940bd04653"
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ rules:
|
|||
- "cr-33420bb12fddf6cde6fba5414df88b07f75b2258e30c956b95f2ddbb2d"
|
||||
references:
|
||||
- https://coderabbit.ai/
|
||||
- https://api.coderabbit.ai/docs
|
||||
- https://docs.coderabbit.ai/api-reference/
|
||||
validation:
|
||||
type: Http
|
||||
content:
|
||||
|
|
|
|||
|
|
@ -66,14 +66,14 @@ rules:
|
|||
pattern_requirements:
|
||||
checksum:
|
||||
actual:
|
||||
template: "{{ MATCH | suffix: 6 }}"
|
||||
template: "{{ checksum }}"
|
||||
requires_capture: checksum
|
||||
expected: "{{ BODY | crc32_le_b64: 6 }}"
|
||||
expected: "{{ body | crc32_le_b64: 6 }}"
|
||||
skip_if_missing: true
|
||||
min_entropy: 3.3
|
||||
confidence: medium
|
||||
examples:
|
||||
- confluent secret=cfltqPLd2lLPAtWtHGNhN32WlZxoEj30pcg8mzaPlPJ937JlMa7n9YCRLooqgifw
|
||||
- confluent secret=cfltcUBElySxR0ubmwjcLaVic7aOYceZ1HzCyW9BbhBhC+KbPgaTcGc9S4HfrjhA
|
||||
references:
|
||||
- https://docs.confluent.io/cloud/current/api.html#tag/API-Keys-(iamv2)/operation/getIamV2ApiKey
|
||||
validation:
|
||||
|
|
|
|||
|
|
@ -15,5 +15,5 @@ rules:
|
|||
examples:
|
||||
- 'Bearer: ciotgp8BGZBlX192iExSQPm0SrUlBunG8zd'
|
||||
references:
|
||||
- https://crates.io/data-access
|
||||
- https://github.com/rust-lang/crates.io/blob/master/src/util/token.rs
|
||||
- https://blog.rust-lang.org/2023/09/22/crates-io-usage-policy-rfc
|
||||
- https://github.com/rust-lang/crates.io/tree/main/src
|
||||
|
|
@ -22,4 +22,6 @@ rules:
|
|||
min_entropy: 3.0
|
||||
confidence: medium
|
||||
examples:
|
||||
- https://eaRIWNkE:qyOIhJiM@j2LYY414Q5cCYD
|
||||
- https://eaRIWNkE:qyOIhJiM@j2LYY414Q5cCYD
|
||||
references:
|
||||
- https://www.rfc-editor.org/rfc/rfc3986#section-3.2.1
|
||||
|
|
@ -11,7 +11,6 @@ rules:
|
|||
\b
|
||||
pattern_requirements:
|
||||
min_digits: 2
|
||||
min_uppercase: 1
|
||||
min_lowercase: 1
|
||||
min_entropy: 3.3
|
||||
confidence: medium
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ rules:
|
|||
- deepgram token 1 == 1f8946087e64b14dffd069b78554e217b3ed34d4
|
||||
references:
|
||||
- https://developers.deepgram.com/docs/authenticating
|
||||
- https://developers.deepgram.com/reference/management-api/models/list
|
||||
- https://developers.deepgram.com/reference/manage/models/list
|
||||
- https://developers.deepgram.com/reference/list-keys
|
||||
|
||||
validation:
|
||||
|
|
|
|||
|
|
@ -16,6 +16,8 @@ rules:
|
|||
- 'odt_KTJlDq2AGGGlqG4riKdT7p980AW8RlU5'
|
||||
- 'odt_ABCDDq2AGxGlrF4ribBT7p98AOM9TlU8'
|
||||
- 'odt_FHxhQGh77JAHHIYpZ818UQ0aYjXIdMIxxgeR'
|
||||
references:
|
||||
- https://docs.dependencytrack.org/integrations/rest-api/#authentication
|
||||
# validation:
|
||||
# type: Http
|
||||
# content:
|
||||
|
|
|
|||
|
|
@ -30,6 +30,8 @@ rules:
|
|||
- 200
|
||||
type: StatusMatch
|
||||
url: https://api.digitalocean.com/v2/projects?per_page=1
|
||||
references:
|
||||
- https://docs.digitalocean.com/reference/api/#authentication
|
||||
|
||||
- name: DigitalOcean Refresh Token
|
||||
id: kingfisher.digitalocean.2
|
||||
|
|
@ -64,3 +66,5 @@ rules:
|
|||
status:
|
||||
- 200
|
||||
- type: JsonValid
|
||||
references:
|
||||
- https://docs.digitalocean.com/reference/api/oauth/
|
||||
|
|
|
|||
|
|
@ -31,6 +31,8 @@ rules:
|
|||
- 200
|
||||
type: StatusMatch
|
||||
url: '{{ TOKEN }}'
|
||||
references:
|
||||
- https://discord.com/developers/docs/resources/webhook
|
||||
- name: Discord Bot Token
|
||||
id: kingfisher.discord.2
|
||||
pattern: |
|
||||
|
|
@ -56,6 +58,8 @@ rules:
|
|||
- 200
|
||||
type: StatusMatch
|
||||
url: https://discord.com/api/v8/users/@me
|
||||
references:
|
||||
- https://discord.com/developers/docs/reference#authentication
|
||||
depends_on_rule:
|
||||
- rule_id: "kingfisher.discord.3"
|
||||
variable: BOTID
|
||||
|
|
@ -74,3 +78,5 @@ rules:
|
|||
examples:
|
||||
- discord = 12345678901234567
|
||||
- 'bot_id: "123456789012345678"'
|
||||
references:
|
||||
- https://discord.com/developers/docs/topics/oauth2#bots
|
||||
|
|
|
|||
|
|
@ -14,3 +14,5 @@ rules:
|
|||
examples:
|
||||
- os.environ.get('DJANGO_SECRET_KEY','wwf*2#86t64!fgh6yav$aoeuo@u2o@fy&*gg76q!&%6x_wbduad')
|
||||
- DJANGO_SECRET_KEY = "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z"
|
||||
references:
|
||||
- https://docs.djangoproject.com/en/stable/ref/settings/#secret-key
|
||||
|
|
|
|||
|
|
@ -12,8 +12,6 @@ rules:
|
|||
\}
|
||||
[^}]*?
|
||||
\}
|
||||
pattern_requirements:
|
||||
min_digits: 2
|
||||
min_entropy: 2.0
|
||||
confidence: medium
|
||||
examples:
|
||||
|
|
@ -21,12 +19,12 @@ rules:
|
|||
{
|
||||
"auths": {
|
||||
"quay.io": {
|
||||
"auth": "cmhkaCtyaHRhcDowM1BERl1RQTJQTDlaQUE5T1gzSU9IQjFYTUlXOVNGNU1XRzNSRVRHNThKVXpKMzEwV0ZZRVMOQTdGMExMNOYx"
|
||||
"auth": "dXNlcjEyOnRva2VuMzQ1Njc4OTA="
|
||||
}
|
||||
}
|
||||
}
|
||||
- |
|
||||
{"auths":{"index.docker.io/v1/":{"auth":"dXNlcjp0b2tlbg=="}}}
|
||||
{"auths":{"index.docker.io/v1/":{"auth":"dXNlcjEyOnRva2VuMzQ1Njc4OTA="}}}
|
||||
references:
|
||||
- https://distribution.github.io/distribution/spec/api/
|
||||
validation:
|
||||
|
|
|
|||
|
|
@ -32,4 +32,6 @@ rules:
|
|||
words:
|
||||
- '"account_id":'
|
||||
- '"email":'
|
||||
url: https://api.dropboxapi.com/2/users/get_current_account
|
||||
url: https://api.dropboxapi.com/2/users/get_current_account
|
||||
references:
|
||||
- https://www.dropbox.com/developers/documentation/http/documentation#auth
|
||||
|
|
@ -29,4 +29,6 @@ rules:
|
|||
- status:
|
||||
- 200
|
||||
type: StatusMatch
|
||||
url: https://api.easypost.com/v2/shipments?page_size=5
|
||||
url: https://api.easypost.com/v2/shipments?page_size=5
|
||||
references:
|
||||
- https://docs.easypost.com/docs/authentication
|
||||
|
|
@ -18,7 +18,7 @@ rules:
|
|||
examples:
|
||||
- eraser_token = Q7MD4J9L2X0B6R3T8W1P
|
||||
references:
|
||||
- https://eraser.io/docs/api/authentication
|
||||
- https://docs.eraser.io/reference/api-token
|
||||
validation:
|
||||
type: Http
|
||||
content:
|
||||
|
|
|
|||
|
|
@ -22,6 +22,8 @@ rules:
|
|||
- '"facebook String appId = "294790898041575"; String appSecret = "ce3f9f0362bbe5ab01dfc8ee565e4372"'
|
||||
- 'fb_app_id: 123456789012345'
|
||||
- 'FACEBOOK_APPLICATION_ID=123456789012345'
|
||||
references:
|
||||
- https://developers.facebook.com/docs/development/create-an-app/
|
||||
|
||||
- name: Facebook Secret Key
|
||||
id: kingfisher.facebook.2
|
||||
|
|
@ -62,6 +64,8 @@ rules:
|
|||
?client_id={{ APIID }}
|
||||
&client_secret={{ TOKEN }}
|
||||
&grant_type=client_credentials
|
||||
references:
|
||||
- https://developers.facebook.com/docs/facebook-login/security/#appsecret
|
||||
depends_on_rule:
|
||||
- rule_id: kingfisher.facebook.1
|
||||
variable: APIID
|
||||
|
|
@ -89,3 +93,5 @@ rules:
|
|||
- "url = 'https://graph.facebook.com/me/friends?access_token=EAACEdEose0cBAD5XZCz5JXYvqyeJzcSvFZC42toHiWyfjhcZCMZBZCpE3uRJnEBsrhUEMRK1wWs6SsdiDCaCI1mYwyoNuMix2XZCpvsKbZB9TumtZBlcLeIpl4pa931Ce9rTinEAhtyVVZAAZAX4NmfpBUqWtzCRC0fX5GZBn7ZC28mPKAZDZD'"
|
||||
- 'fb_access_token: "EAACEdEose0cBAMZD123456789abcdefghijklmnopqrstuvwxyz"'
|
||||
- 'FACEBOOK_ACCESS_TOKEN=EAACEdEose0cBAZAQW123456789abcdefghijklmnopqrstuvwxyzASDFGHJKL'
|
||||
references:
|
||||
- https://developers.facebook.com/docs/facebook-login/access-tokens/
|
||||
|
|
|
|||
|
|
@ -38,3 +38,5 @@ rules:
|
|||
header: content-type
|
||||
expected: ["application/json"]
|
||||
- type: JsonValid
|
||||
references:
|
||||
- https://www.file.io/developers
|
||||
|
|
|
|||
|
|
@ -33,6 +33,8 @@ rules:
|
|||
- type: WordMatch
|
||||
words:
|
||||
- '"transactions":'
|
||||
references:
|
||||
- https://docs.finicity.com/
|
||||
|
||||
- name: Finicity client secret
|
||||
id: kingfisher.finicity.2
|
||||
|
|
@ -63,4 +65,6 @@ rules:
|
|||
- report_response: true
|
||||
- type: StatusMatch
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
references:
|
||||
- https://docs.finicity.com/
|
||||
|
|
@ -33,6 +33,6 @@ rules:
|
|||
- '"email":'
|
||||
match_all_words: true
|
||||
references:
|
||||
- https://fly.io/docs/reference/graphql/
|
||||
- https://api.fly.io/graphql
|
||||
examples:
|
||||
- "FlyV1 fm2_lJPECAAAAAAACcIGxBBr3eFBrCTMuIb8FOeUWTf0wrVodHRwczovL2FwaS5mbHkuaW8vdjGUAJLOABLVch8Lk7lodHRwczovL2FwaS5mbHkuaW8vYWFhL3YxxDymEU+hbM4EZ6KeG6k1EWHesm6buoSgwBS8yBSLRiHumjZXcxZdCJ2gJ3PN//X8DKdsEFfZyS03lbJtPpwETgpeWpRbsMxfQb2ZkR4zYNi/IOOKYxW2h6DYBHahN3DBS7wY54AIgap8IMAtBJ3imo77+vAeAeZ/0aPq3XJoGdg4+WHDWkxectcZoZROe8Qgnq4tV2yiT2Mx5wmoK+Kw1u33egtwLCEBDC5ZakEM7pI=,fm2_lJPETgpeWpRbsMxfQb2ZkR4zYNi/IOOKYxW2h6DYBHahN3DBS7wY54AIgap8IMAtBJ3imo77+vAeAeZ/0aPq3XJoGdg4+WHDWkxectcZoZROe8QQCY7oFTr+3MOM0p5/Cww1AsO5aHR0cHM6Ly9hcGkuZmx5LmlvL2FhYS92MZgEks5ooPjrzwAAAAEkmRcJF84AEhmjCpHOABIZowzEEMLj9PMThJElQN/ARptX7D3EILDtbLx/4cBgt6fX+zb6/FxsLxV2A/y4e4BeU1SunG+O"
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ rules:
|
|||
- FRAMEIO_TOKEN=fio-u-a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e1f2
|
||||
- '"Authorization": "Bearer fio-u-b1c2d3e4f5g6h7i8j9k0l1m2n3o4p5q6r7s8t9u0v1w2x3y4z5a6b7c8d9e0f123"'
|
||||
references:
|
||||
- https://developer.frame.io/docs/api/authentication
|
||||
- https://developer.frame.io/docs/getting-started/authentication
|
||||
validation:
|
||||
type: Http
|
||||
content:
|
||||
|
|
|
|||
|
|
@ -17,7 +17,6 @@ rules:
|
|||
confidence: medium
|
||||
examples:
|
||||
- FRESHBOOKS_TOKEN=0f1e2d3c4b5a69788776655443322110ffeeddccbbaa00998877665544332211
|
||||
- '"freshbooksAccess": "abcdefabcdefabcdefabcdefabcdefabcdefabcdefabcdefabcdefabcdefabcd"'
|
||||
references:
|
||||
- https://www.freshbooks.com/api/authentication
|
||||
validation:
|
||||
|
|
|
|||
|
|
@ -38,6 +38,9 @@ rules:
|
|||
type: GCP
|
||||
revocation:
|
||||
type: GCP
|
||||
references:
|
||||
- https://cloud.google.com/iam/docs/service-accounts
|
||||
- https://cloud.google.com/iam/docs/creating-managing-service-account-keys
|
||||
- name: GCP Private Key ID
|
||||
id: kingfisher.gcp.3
|
||||
pattern: |
|
||||
|
|
@ -62,4 +65,6 @@ rules:
|
|||
min_entropy: 3.5
|
||||
confidence: medium
|
||||
examples:
|
||||
- gcp_secret = ANzaSy0c3475372a7b10f7740dbda47abfdca42
|
||||
- gcp_secret = ANzaSy0c3475372a7b10f7740dbda47abfdca42
|
||||
references:
|
||||
- https://cloud.google.com/iam/docs/keys-create-delete
|
||||
|
|
@ -209,4 +209,4 @@ rules:
|
|||
- some+thing:02PDFMQN2PL2ZAB9OX3IOHC1XMIW1SE5NWG3RETG58JUZJ310WFYESRA7F0LM461
|
||||
- org+builder:1C2F9D0BB1E67E9F6B3B5B9A2A3D4E5F6A7B8C9D0E1F2A3B4C5D6E7F8A9B0C1
|
||||
references:
|
||||
- https://docs.quay.io/use_quay.html#robot-accounts
|
||||
- https://docs.quay.io/glossary/robot-accounts.html
|
||||
|
|
@ -59,17 +59,17 @@ rules:
|
|||
min_lowercase: 2
|
||||
checksum:
|
||||
actual:
|
||||
template: "{{ MATCH | suffix: 6 }}"
|
||||
template: "{{ checksum }}"
|
||||
requires_capture: checksum
|
||||
expected: "{{ BODY | crc32 | base62: 6 }}"
|
||||
expected: "{{ body | crc32 | base62: 6 }}"
|
||||
skip_if_missing: true
|
||||
min_entropy: 3.5
|
||||
examples:
|
||||
- "GITHUB_KEY=ghp_XIxB7KMNdAr3zqWtQqhE94qglHqOzn1D1stg"
|
||||
- "let g:gh_token='ghp_4U3LSowpDx8XvYE7A8GH56oxU5aWnY2mzIbV'"
|
||||
- "GITHUB_KEY=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"
|
||||
- "let g:gh_token='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'"
|
||||
- |
|
||||
## git developer settings
|
||||
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
|
||||
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
|
||||
references:
|
||||
- https://docs.github.com/en/rest/users?apiVersion=2022-11-28
|
||||
validation:
|
||||
|
|
@ -114,15 +114,15 @@ rules:
|
|||
min_digits: 2
|
||||
checksum:
|
||||
actual:
|
||||
template: "{{ MATCH | suffix: 6 }}"
|
||||
template: "{{ checksum }}"
|
||||
requires_capture: checksum
|
||||
expected: "{{ BODY | crc32 | base62: 6 }}"
|
||||
expected: "{{ body | crc32 | base62: 6 }}"
|
||||
skip_if_missing: true
|
||||
min_entropy: 3.5
|
||||
confidence: medium
|
||||
examples:
|
||||
- ' "url": "git+https://FelipeMestre:gho_psT9pqNFsehnc4se0ZzzR0HBxapxZD35hNHi@github.com/gontarz/PW_2021_Website-FelipeMestre.git"'
|
||||
- ' oauth_token: gho_fq75OMU7UVbS9pTZmoCCzJT6TM5d1w099FgG'
|
||||
- ' "url": "git+https://FelipeMestre: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@github.com/gontarz/PW_2021_Website-FelipeMestre.git"'
|
||||
- ' oauth_token: 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'
|
||||
references:
|
||||
- https://docs.github.com/en/rest/users?apiVersion=2022-11-28
|
||||
validation:
|
||||
|
|
|
|||
|
|
@ -155,14 +155,14 @@ rules:
|
|||
# valid GitLab-style checksum.
|
||||
checksum:
|
||||
actual:
|
||||
template: "{{ MATCH | suffix: 7 }}"
|
||||
template: "{{ crc32 }}"
|
||||
requires_capture: crc32
|
||||
expected: "{{ \"glpat-\" | append: BASE64_PAYLOAD | append: \".01.\" | append: BASE36_PAYLOAD_LENGTH | crc32 | base36: 7 }}"
|
||||
expected: "{{ \"glpat-\" | append: base64_payload | append: \".01.\" | append: base36_payload_length | crc32 | base36: 7 }}"
|
||||
skip_if_missing: true
|
||||
min_entropy: 3.5
|
||||
confidence: medium
|
||||
examples:
|
||||
- glpat-ymiBP0-I-J6ghspoBPoZxtSC3g7MyHYG0X0r.01.101erjmwl
|
||||
- glpat-vSY1cyL948aAB440qB6L4zlu9OzsUmEV.01.0w0sfevch
|
||||
references:
|
||||
- https://github.com/diffblue/gitlab/blob/39c63ee83369bf5353256a6b95f3116728edd102/doc/api/personal_access_tokens.md
|
||||
- https://docs.gitlab.com/api/personal_access_tokens/
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ rules:
|
|||
- GITTER_TOKEN=abcd1234efgh5678ijkl9012mnop3456qrst7890
|
||||
- '"gitterToken": "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0"'
|
||||
references:
|
||||
- https://developer.gitter.im/docs/authentication
|
||||
- https://gitlab.com/gitlab-org/gitter/docs
|
||||
validation:
|
||||
type: Http
|
||||
content:
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ rules:
|
|||
confidence: medium
|
||||
examples:
|
||||
- 'gocardless_token = "live_8uq9fsUA28SqKT=CTsQxgKrqB6_7QV5tA39I8y5H'
|
||||
- GOCARDLESS_LIVE_KEY = "live_cpo0k9jbnb2djeaq=tga45ua_bnhev5ivv294a6cs"
|
||||
- GOCARDLESS_LIVE_KEY = "live_80M81I_T_DG2T604LSO5HVGVMJS40-CVUOS2S69YNY"
|
||||
categories:
|
||||
- api
|
||||
- payment
|
||||
|
|
@ -41,4 +41,6 @@ rules:
|
|||
- status:
|
||||
- 200
|
||||
type: StatusMatch
|
||||
url: https://api.gocardless.com/customers?limit=1
|
||||
url: https://api.gocardless.com/customers?limit=1
|
||||
references:
|
||||
- https://developer.gocardless.com/api-reference/#authentication
|
||||
|
|
@ -19,8 +19,6 @@ rules:
|
|||
(?:[^A-Z0-9_-] | $)
|
||||
pattern_requirements:
|
||||
min_digits: 2
|
||||
min_uppercase: 1
|
||||
min_lowercase: 1
|
||||
min_entropy: 3.3
|
||||
confidence: medium
|
||||
examples:
|
||||
|
|
@ -36,13 +34,12 @@ rules:
|
|||
)
|
||||
(?: [^a-z0-9_-] |$)
|
||||
pattern_requirements:
|
||||
min_digits: 4
|
||||
min_digits: 1
|
||||
min_uppercase: 3
|
||||
min_lowercase: 3
|
||||
min_entropy: 3.3
|
||||
confidence: medium
|
||||
examples:
|
||||
- '"client_secret":"aaaaaaaaaaaaaaaaaaaaaaa-"'
|
||||
- " //$google_client_secret = 'fnhqAakzWrX-mtFQ4PRdMoy0';"
|
||||
- " 'clientSecret' : 'Ufvuj-d6alhwGKvvLh_8Nq0K'"
|
||||
|
||||
|
|
@ -54,8 +51,6 @@ rules:
|
|||
(?: [^0-9A-Z_-])
|
||||
pattern_requirements:
|
||||
min_digits: 2
|
||||
min_uppercase: 1
|
||||
min_lowercase: 1
|
||||
min_entropy: 3.3
|
||||
confidence: medium
|
||||
examples:
|
||||
|
|
@ -91,20 +86,18 @@ rules:
|
|||
(?:[^A-Z0-9_-] | $)
|
||||
pattern_requirements:
|
||||
min_digits: 2
|
||||
min_uppercase: 1
|
||||
min_lowercase: 1
|
||||
min_entropy: 3.3
|
||||
confidence: medium
|
||||
examples:
|
||||
- |
|
||||
const CLIENT_ID = '304167046824-45h8no7j0s38akv998nivvb7i17ckqeh.apps.googleusercontent.com';
|
||||
const CLIENT_SECRET = '1QcFpNjHoAf4_XczYwhYicTl';
|
||||
const CLIENT_ID = '204945162815-59422evifqzluuklf_09qff9pk6ehd4r.apps.googleusercontent.com';
|
||||
const CLIENT_SECRET = 'P5C9REQW_6NT5NMQO8FP75VO';
|
||||
- |
|
||||
public static GAPIS_CREDENTIALS = {
|
||||
// 1. Generate credentials: https://console.cloud.google.com/apis/
|
||||
// 2. Create OAuth page and set spreadsheets and drive.metadata.readonly scopes
|
||||
client_id: '132261435625-69ubohrvppjr9hcc5t9uighsb7j2cqhv.apps.googleusercontent.com',
|
||||
client_secret: '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',
|
||||
client_id: '024565785402-92sn01z4gfwbv4zfu79ttqg2j7uphacz.apps.googleusercontent.com',
|
||||
client_secret: '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',
|
||||
redirect_uri: `http://localhost:${Config.OAUTH_HTTP_PORT}/oauth2callback`
|
||||
};
|
||||
- name: Google Gemini API Key
|
||||
|
|
|
|||
|
|
@ -29,4 +29,6 @@ rules:
|
|||
type: StatusMatch
|
||||
- type: WordMatch
|
||||
words:
|
||||
- '"email":'
|
||||
- '"email":'
|
||||
references:
|
||||
- https://developers.google.com/identity/protocols/oauth2
|
||||
|
|
@ -30,4 +30,6 @@ rules:
|
|||
}
|
||||
}
|
||||
- "credentials {\n username 'user'\n password 'password'\n}"
|
||||
- "credentials {\n username \"user\"\n password \"password\"\n}"
|
||||
- "credentials {\n username \"user\"\n password \"password\"\n}"
|
||||
references:
|
||||
- https://docs.gradle.org/current/userguide/declaring_repositories.html#sec:handling_credentials
|
||||
|
|
@ -29,7 +29,7 @@ rules:
|
|||
- '"data"'
|
||||
match_all_words: true
|
||||
references:
|
||||
- https://console.groq.com/docs/api-keys
|
||||
- https://console.groq.com/keys
|
||||
- https://console.groq.com/docs/api-reference#models
|
||||
examples:
|
||||
- "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"
|
||||
|
|
|
|||
|
|
@ -10,8 +10,6 @@ rules:
|
|||
)
|
||||
)
|
||||
\b
|
||||
pattern_requirements:
|
||||
min_digits: 2
|
||||
references:
|
||||
- https://huggingface.co/docs/hub/security-tokens
|
||||
min_entropy: 3.3
|
||||
|
|
|
|||
|
|
@ -13,8 +13,6 @@ rules:
|
|||
private_[A-Z0-9_-]{8,128}
|
||||
)
|
||||
\b
|
||||
pattern_requirements:
|
||||
min_digits: 2
|
||||
min_entropy: 3.2
|
||||
confidence: medium
|
||||
examples:
|
||||
|
|
|
|||
|
|
@ -13,10 +13,10 @@ rules:
|
|||
min_entropy: 3.3
|
||||
confidence: medium
|
||||
examples:
|
||||
- export INFRACOST_API_KEY=ico-abcdefabcdefabcdefabcdefabcdefab
|
||||
- export INFRACOST_API_KEY=ico-abcd12abcdefabcdefabcdefabcdefab
|
||||
- '"infracost": "ico-1234567890abcdef1234567890abcdef"'
|
||||
references:
|
||||
- https://www.infracost.io/docs/api_reference/
|
||||
- https://www.infracost.io/docs/integrations/infracost_api/
|
||||
validation:
|
||||
type: Http
|
||||
content:
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ rules:
|
|||
- https://mainnet.infura.io/v3/7238211010344719ad14a89db874158c
|
||||
- infuraKEYwithspecial-abcdef1234567890abcdef1234567890
|
||||
references:
|
||||
- https://www.infura.io/docs
|
||||
- https://docs.infura.io/
|
||||
- https://docs.metamask.io/services/reference/ethereum/json-rpc-methods/
|
||||
validation:
|
||||
type: Http
|
||||
|
|
|
|||
|
|
@ -27,4 +27,6 @@ rules:
|
|||
- status:
|
||||
- 200
|
||||
type: StatusMatch
|
||||
url: https://api.ionic.io/v1/auth/status
|
||||
url: https://api.ionic.io/v1/auth/status
|
||||
references:
|
||||
- https://ionicframework.com/docs
|
||||
|
|
@ -29,4 +29,4 @@ rules:
|
|||
- jdbc:sqlserver://sql.example.org:1433;databaseName=inventory;user=sa;password=s3cr3t!
|
||||
references:
|
||||
- https://docs.oracle.com/javase/8/docs/api/java/sql/DriverManager.html
|
||||
- https://www.postgresql.org/docs/current/jdbc-use.html
|
||||
- https://jdbc.postgresql.org/documentation/use/
|
||||
|
|
|
|||
|
|
@ -32,4 +32,4 @@ rules:
|
|||
- '"_id":'
|
||||
match_all_words: true
|
||||
references:
|
||||
- https://jina.ai/docs/jina-ai-cloud/api-reference/
|
||||
- https://jina.ai/serve/jina-ai-cloud/
|
||||
|
|
@ -8,14 +8,14 @@ rules:
|
|||
[a-z][a-z0-9-]{5,24}\.atlassian\.net
|
||||
)
|
||||
\b
|
||||
pattern_requirements:
|
||||
min_digits: 2
|
||||
min_entropy: 3.5
|
||||
visible: false
|
||||
confidence: medium
|
||||
examples:
|
||||
- examplefoo-jira.atlassian.net
|
||||
- jira.sprintUri= https://example.atlassian.net/rest
|
||||
references:
|
||||
- https://developer.atlassian.com/cloud/jira/platform/rest/v3/intro/
|
||||
|
||||
- name: Jira Token
|
||||
id: kingfisher.jira.2
|
||||
|
|
@ -54,6 +54,8 @@ rules:
|
|||
- 200
|
||||
type: StatusMatch
|
||||
url: https://{{ DOMAIN }}/rest/api/3/dashboard
|
||||
references:
|
||||
- https://developer.atlassian.com/cloud/jira/platform/basic-auth-for-rest-apis/
|
||||
depends_on_rule:
|
||||
- rule_id: kingfisher.jira.1
|
||||
variable: DOMAIN
|
||||
|
|
@ -32,3 +32,5 @@ rules:
|
|||
- type: WordMatch
|
||||
words:
|
||||
- '"success":true'
|
||||
references:
|
||||
- https://docs.kickbox.com/reference
|
||||
|
|
|
|||
|
|
@ -31,3 +31,5 @@ rules:
|
|||
status: [200]
|
||||
- type: WordMatch
|
||||
words: ['"data"']
|
||||
references:
|
||||
- https://developers.klaviyo.com/en/docs/authenticate_
|
||||
|
|
|
|||
|
|
@ -27,6 +27,8 @@ rules:
|
|||
- type: StatusMatch
|
||||
status: [200]
|
||||
- type: JsonValid
|
||||
references:
|
||||
- https://docs.smith.langchain.com/administration/api-keys
|
||||
- name: LangSmith Service Key
|
||||
id: kingfisher.langchain.2
|
||||
pattern: |
|
||||
|
|
@ -53,4 +55,6 @@ rules:
|
|||
response_matcher:
|
||||
- report_response: true
|
||||
- type: StatusMatch
|
||||
status: [200]
|
||||
status: [200]
|
||||
references:
|
||||
- https://docs.smith.langchain.com/administration/api-keys
|
||||
|
|
@ -17,7 +17,7 @@ rules:
|
|||
- LAUNCHDARKLY_TOKEN=api-123abc456def789ghi012jkl345mno678pqr
|
||||
- '"launchdarkly": "ld-abcdefghijklmno1234567890pqrstuvwxzab"'
|
||||
references:
|
||||
- https://docs.launchdarkly.com/sdk/api/
|
||||
- https://launchdarkly.com/docs/api
|
||||
validation:
|
||||
type: Http
|
||||
content:
|
||||
|
|
|
|||
|
|
@ -17,7 +17,6 @@ rules:
|
|||
min_entropy: 2.5
|
||||
confidence: medium
|
||||
examples:
|
||||
- 'Email IDÂ Last 5 Digits of your SSNÂ LinkedIn IDÂ Availability'
|
||||
- |
|
||||
LINKEDIN_KEY = "77yg7tx91p4lag"
|
||||
LINKEDIN_SECRET = "zt7GeN6IH911xvRj"
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ rules:
|
|||
confidence: medium
|
||||
examples:
|
||||
- export LOB_API_KEY=live_9f8e7d6c5b4a3210fedcba09876543210ab
|
||||
- LOB_KEY="test_abcdefabcdefabcdefabcdefabcdefabcde"
|
||||
- LOB_KEY="test_abcdefabcdefab12efabcdefabcdefabcde"
|
||||
references:
|
||||
- https://docs.lob.com/#section/Authentication
|
||||
validation:
|
||||
|
|
@ -49,7 +49,7 @@ rules:
|
|||
min_entropy: 3.0
|
||||
confidence: medium
|
||||
examples:
|
||||
- const LOB_PUB_KEY = "test_pub_abcdefabcdefabcdefabcdefabcdefa";
|
||||
- const LOB_PUB_KEY = "test_pub_abcdefa12defabcdefabcdefabcdefa";
|
||||
- LOB_PUBLISHABLE="live_pub_1234567890abcdef1234567890abcde"
|
||||
references:
|
||||
- https://docs.lob.com/#section/Authentication
|
||||
|
|
|
|||
|
|
@ -14,7 +14,6 @@ rules:
|
|||
)
|
||||
pattern_requirements:
|
||||
min_digits: 2
|
||||
min_uppercase: 1
|
||||
min_lowercase: 1
|
||||
min_entropy: 3.5
|
||||
confidence: medium
|
||||
|
|
@ -34,6 +33,8 @@ rules:
|
|||
- 200
|
||||
type: StatusMatch
|
||||
url: https://api.mailgun.net/v3/address/validate?address=test@example.com
|
||||
references:
|
||||
- https://documentation.mailgun.com/docs/mailgun/api-reference/mg-auth
|
||||
- name: MailGun Primary Key
|
||||
id: kingfisher.mailgun.2
|
||||
pattern: |
|
||||
|
|
@ -64,4 +65,6 @@ rules:
|
|||
- status:
|
||||
- 200
|
||||
type: StatusMatch
|
||||
url: https://api.mailgun.net/v3/address/validate?address=test@example.com
|
||||
url: https://api.mailgun.net/v3/address/validate?address=test@example.com
|
||||
references:
|
||||
- https://documentation.mailgun.com/docs/mailgun/api-reference/mg-auth
|
||||
|
|
@ -38,4 +38,6 @@ rules:
|
|||
- type: StatusMatch
|
||||
status: [200]
|
||||
- type: WordMatch
|
||||
words: ['"PONG!"']
|
||||
words: ['"PONG!"']
|
||||
references:
|
||||
- https://mandrillapp.com/api/docs/
|
||||
|
|
@ -16,7 +16,7 @@ rules:
|
|||
min_entropy: 3.4
|
||||
confidence: medium
|
||||
examples:
|
||||
- MESSAGEBIRD_API_KEY=abcdefghijklmnopqrstuvwxy
|
||||
- 'MESSAGEBIRD_API_KEY=abcdefghijklmno12rstuvwxy'
|
||||
- "messagebird_token: 'abcde12345fghij67890klmno'"
|
||||
references:
|
||||
- https://developers.messagebird.com/api/#authentication
|
||||
|
|
|
|||
|
|
@ -51,4 +51,6 @@ rules:
|
|||
- 400
|
||||
- type: WordMatch
|
||||
words:
|
||||
- 'Text is required'
|
||||
- 'Text is required'
|
||||
references:
|
||||
- https://learn.microsoft.com/en-us/microsoftteams/platform/webhooks-and-connectors/how-to/add-incoming-webhook
|
||||
|
|
@ -40,4 +40,6 @@ rules:
|
|||
type: WordMatch
|
||||
words:
|
||||
- "Text is required"
|
||||
url: '{{ TOKEN }}'
|
||||
url: '{{ TOKEN }}'
|
||||
references:
|
||||
- https://learn.microsoft.com/en-us/microsoftteams/platform/webhooks-and-connectors/how-to/add-incoming-webhook
|
||||
|
|
@ -25,7 +25,7 @@ rules:
|
|||
- https://docs.mistral.ai/getting-started/quickstart :contentReference[oaicite:1]{index=1}
|
||||
- https://docs.mistral.ai/api/ :contentReference[oaicite:2]{index=2}
|
||||
- https://medium.com/@stephane.giron/explore-mistral-ai-api-with-google-apps-script-d41b851c55e3 :contentReference[oaicite:3]{index=3}
|
||||
- https://apidog.com/blog/mistral-ai-api/ :contentReference[oaicite:4]{index=4}
|
||||
- https://docs.mistral.ai/api/ :contentReference[oaicite:4]{index=4}
|
||||
validation:
|
||||
type: Http
|
||||
content:
|
||||
|
|
|
|||
68
crates/kingfisher-rules/data/rules/modal.yml
Normal file
68
crates/kingfisher-rules/data/rules/modal.yml
Normal file
|
|
@ -0,0 +1,68 @@
|
|||
rules:
|
||||
- name: Modal CLI Token Pair
|
||||
id: kingfisher.modal.1
|
||||
pattern: |
|
||||
(?x)
|
||||
(?P<TOKEN_ID>
|
||||
(?:ak|as)-[A-Za-z0-9]{22}
|
||||
)
|
||||
\b
|
||||
(?:.|[\n\r]){0,80}?
|
||||
\b
|
||||
(
|
||||
(?:ak|as)-[A-Za-z0-9]{22}
|
||||
)
|
||||
\b
|
||||
pattern_requirements:
|
||||
min_digits: 2
|
||||
min_entropy: 2.8
|
||||
confidence: high
|
||||
examples:
|
||||
- "modal token set --token-id ak-BJbwFRtNnI4Y11oxC4hngY --token-secret as-sRul9S1EAi9qNlq3G6NTIb"
|
||||
references:
|
||||
- https://modal.com/docs/reference/cli/token
|
||||
- https://modal.com/docs/reference/modal.Client
|
||||
- https://modal.com/docs/reference/modal.App
|
||||
validation:
|
||||
type: Grpc
|
||||
content:
|
||||
request:
|
||||
# Use the same handshake call as the Modal SDK (`client.hello()`).
|
||||
url: https://api.modal.com/modal.client.ModalClient/ClientHello
|
||||
headers:
|
||||
content-type: application/grpc
|
||||
te: trailers
|
||||
x-modal-token-id: "{{ TOKEN_ID }}"
|
||||
x-modal-token-secret: "{{ TOKEN }}"
|
||||
x-modal-client-type: "1"
|
||||
# Modal uses this for compatibility checks; "0" is rejected as deprecated.
|
||||
x-modal-client-version: "1.0.0"
|
||||
x-modal-python-version: "3.11.0"
|
||||
x-modal-platform: kingfisher
|
||||
x-modal-node: kingfisher
|
||||
body: "\u0000\u0000\u0000\u0000\u0000"
|
||||
response_matcher:
|
||||
- report_response: true
|
||||
- type: HeaderMatch
|
||||
header: grpc-status
|
||||
expected: ["0"]
|
||||
|
||||
- name: Modal Token Secret
|
||||
id: kingfisher.modal.2
|
||||
pattern: |
|
||||
(?x)
|
||||
\b
|
||||
(
|
||||
as-[A-Za-z0-9]{22}
|
||||
)
|
||||
\b
|
||||
pattern_requirements:
|
||||
min_digits: 2
|
||||
min_entropy: 3.0
|
||||
confidence: medium
|
||||
examples:
|
||||
- "as-aB1cD2eF3gH4iJ5kL6mN7P"
|
||||
references:
|
||||
- https://modal.com/docs/reference/cli/token
|
||||
- https://modal.com/docs/reference/modal.Client
|
||||
- https://modal.com/docs/reference/modal.App
|
||||
|
|
@ -34,4 +34,6 @@ rules:
|
|||
status: [200]
|
||||
- type: WordMatch
|
||||
words: ["data", "me", "id"]
|
||||
match_all_words: true
|
||||
match_all_words: true
|
||||
references:
|
||||
- https://developer.monday.com/api-reference/docs/authentication
|
||||
|
|
@ -26,7 +26,6 @@ rules:
|
|||
\b
|
||||
pattern_requirements:
|
||||
min_digits: 2
|
||||
min_uppercase: 1
|
||||
min_lowercase: 1
|
||||
min_entropy: 3.7
|
||||
examples:
|
||||
|
|
@ -48,6 +47,8 @@ rules:
|
|||
- '"orgId":'
|
||||
- '"id":'
|
||||
url: https://cloud.mongodb.com/api/atlas/v2/groups
|
||||
references:
|
||||
- https://www.mongodb.com/docs/atlas/api/
|
||||
depends_on_rule:
|
||||
- rule_id: "kingfisher.mongodb.2"
|
||||
variable: PUBKEY
|
||||
|
|
@ -108,6 +109,8 @@ rules:
|
|||
visible: false
|
||||
examples:
|
||||
- 'mongodb-public: qj4Zrh8e6A'
|
||||
references:
|
||||
- https://www.mongodb.com/docs/atlas/api/
|
||||
- name: MongoDB URI Connection String
|
||||
id: kingfisher.mongodb.3
|
||||
pattern: |
|
||||
|
|
@ -130,6 +133,8 @@ rules:
|
|||
validation:
|
||||
type: MongoDB
|
||||
tls_mode: lax
|
||||
references:
|
||||
- https://www.mongodb.com/docs/manual/reference/connection-string/
|
||||
- name: MongoDB Atlas Service Account Token
|
||||
id: kingfisher.mongodb.4
|
||||
pattern: |
|
||||
|
|
@ -143,4 +148,6 @@ rules:
|
|||
- mdb_sa_sk_BdIX_jLzut2WTgglKzKvSgWMDDj5hEoTqdwOyLOL
|
||||
validation:
|
||||
type: MongoDB
|
||||
tls_mode: lax
|
||||
tls_mode: lax
|
||||
references:
|
||||
- https://www.mongodb.com/docs/atlas/api/service-accounts-overview/
|
||||
|
|
@ -45,3 +45,5 @@ rules:
|
|||
validation:
|
||||
type: MySQL
|
||||
tls_mode: lax
|
||||
references:
|
||||
- https://dev.mysql.com/doc/refman/8.0/en/connecting.html
|
||||
|
|
|
|||
|
|
@ -30,6 +30,8 @@ rules:
|
|||
- report_response: true
|
||||
- type: StatusMatch
|
||||
status: [200]
|
||||
references:
|
||||
- https://docs.netlify.com/api/get-started/#authentication
|
||||
|
||||
- name: Netlify API Key
|
||||
id: kingfisher.netlify.2
|
||||
|
|
@ -64,3 +66,5 @@ rules:
|
|||
- report_response: true
|
||||
- type: StatusMatch
|
||||
status: [200]
|
||||
references:
|
||||
- https://docs.netlify.com/api/get-started/#authentication
|
||||
|
|
|
|||
|
|
@ -34,3 +34,5 @@ rules:
|
|||
- report_response: true
|
||||
- type: StatusMatch
|
||||
status: [200]
|
||||
references:
|
||||
- https://docs.newrelic.com/docs/apis/intro-apis/new-relic-api-keys/
|
||||
|
|
|
|||
|
|
@ -33,3 +33,5 @@ rules:
|
|||
- type: WordMatch
|
||||
words:
|
||||
- '"endpoints":'
|
||||
references:
|
||||
- https://ngrok.com/docs/api#authentication
|
||||
|
|
|
|||
|
|
@ -12,9 +12,9 @@ rules:
|
|||
min_digits: 2
|
||||
checksum:
|
||||
actual:
|
||||
template: "{{ MATCH | suffix: 6 }}"
|
||||
template: "{{ checksum }}"
|
||||
requires_capture: checksum
|
||||
expected: "{{ BODY | crc32 | base62: 6 }}"
|
||||
expected: "{{ body | crc32 | base62: 6 }}"
|
||||
skip_if_missing: true
|
||||
references:
|
||||
- https://docs.npmjs.com/about-access-tokens
|
||||
|
|
@ -23,7 +23,7 @@ rules:
|
|||
min_entropy: 3.3
|
||||
confidence: medium
|
||||
examples:
|
||||
- "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"
|
||||
- "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"
|
||||
validation:
|
||||
type: Http
|
||||
content:
|
||||
|
|
|
|||
|
|
@ -31,6 +31,8 @@ rules:
|
|||
status: [200]
|
||||
- type: WordMatch
|
||||
words: ['"Key":']
|
||||
references:
|
||||
- https://learn.microsoft.com/en-us/nuget/api/overview#authentication
|
||||
|
||||
|
||||
- name: NuGet API Key
|
||||
|
|
@ -65,4 +67,6 @@ rules:
|
|||
- type: StatusMatch
|
||||
status: [200]
|
||||
- type: WordMatch
|
||||
words: ['"Key":']
|
||||
words: ['"Key":']
|
||||
references:
|
||||
- https://learn.microsoft.com/en-us/nuget/api/overview#authentication
|
||||
|
|
@ -29,3 +29,5 @@ rules:
|
|||
status: [200]
|
||||
- type: WordMatch
|
||||
words: ["id", "versionId"]
|
||||
references:
|
||||
- https://docs.nvidia.com/cloud-functions/index.html
|
||||
|
|
|
|||
|
|
@ -16,8 +16,6 @@ rules:
|
|||
min_entropy: 3.3
|
||||
examples:
|
||||
- okta_api_token=00hqNORUpnTcdFWA5WEM4YwOkw6RXeFw21lFDRKmY1
|
||||
- 'okta_api_token = 00aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
|
||||
- 'OKTA_API_KEY = "00-aaaaaaaaaaaaa-aaaaaaaaaaaaaaaaaaaaaaaaa"'
|
||||
- 'okta_secret: 00QCjAl4MlV-WPXM-ABCDEFGHIJKL-0HmjFx-vbGua'
|
||||
- 'Authorization: SSWS 00QCjAl4MlV-WPXM-ABCDEFGHIJKL-0HmjFx-vbGua'
|
||||
- |
|
||||
|
|
@ -40,6 +38,8 @@ rules:
|
|||
words:
|
||||
- activated
|
||||
url: https://{{ DOMAIN }}/api/v1/users/me
|
||||
references:
|
||||
- https://developer.okta.com/docs/reference/core-okta-api/#authentication
|
||||
depends_on_rule:
|
||||
- rule_id: "kingfisher.okta.2"
|
||||
variable: DOMAIN
|
||||
|
|
@ -54,4 +54,6 @@ rules:
|
|||
min_entropy: 3
|
||||
visible: false
|
||||
examples:
|
||||
- company-name.okta.com
|
||||
- company-name.okta.com
|
||||
references:
|
||||
- https://developer.okta.com/docs/concepts/okta-organizations/
|
||||
|
|
@ -40,7 +40,7 @@ rules:
|
|||
- '"response":'
|
||||
- '"done":true'
|
||||
references:
|
||||
- https://ollama.com/blog/turbo
|
||||
- https://ollama.com/blog
|
||||
examples:
|
||||
- "ollama key = 8bcdd9b4e28e4e1b8bf14a2eb8701220.QH5p5TU2BDwzHu5_RCtvJXsj"
|
||||
- "ollama key = e56714bd7c1146e4b4801244bc2bc67a.3GAswjZGZ5YY6Qdgt0xg56vM"
|
||||
|
|
|
|||
|
|
@ -52,4 +52,4 @@ rules:
|
|||
- A3-ASWWYB-798JRY-LJVD4-23DC2-86TVM-H43EB
|
||||
references:
|
||||
- https://support.1password.com/secret-key-security/
|
||||
- https://developer.1password.com/files/1password-white-paper.pdf
|
||||
- https://1passwordstatic.com/files/security/1password-white-paper.pdf
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ rules:
|
|||
- "owlbot SECRET b7d21c0e88e9a3c5938fb045b2b6a5e693eaf9d1"
|
||||
- "owlbot TOKEN 8a5de3a89b7e4f29bf728b45adcdea6ea3410c78"
|
||||
references:
|
||||
- https://owlbot.info/
|
||||
- https://documentation.owlbot.ai/
|
||||
validation:
|
||||
type: Http
|
||||
content:
|
||||
|
|
|
|||
|
|
@ -36,4 +36,6 @@ rules:
|
|||
status: [200]
|
||||
- type: WordMatch
|
||||
words: ['invalid api_dev_key']
|
||||
negative: true
|
||||
negative: true
|
||||
references:
|
||||
- https://pastebin.com/doc_api
|
||||
|
|
@ -17,6 +17,8 @@ rules:
|
|||
visible: false
|
||||
examples:
|
||||
- paypal_client_id=AZJ6y8Dpr1TYbqAIdhkPzyhjXoY6mIdhkPzyhjXoY6m8GplL7C3zZ3lPrkTIdhkPzyhjXo_Dx3IdhkPzyhjXoY6m
|
||||
references:
|
||||
- https://developer.paypal.com/api/rest/authentication/
|
||||
|
||||
- name: PayPal OAuth Secret
|
||||
id: kingfisher.paypal.2
|
||||
|
|
@ -57,3 +59,5 @@ rules:
|
|||
depends_on_rule:
|
||||
- rule_id: kingfisher.paypal.1
|
||||
variable: CLIENTID
|
||||
references:
|
||||
- https://developer.paypal.com/api/rest/authentication/
|
||||
|
|
|
|||
|
|
@ -49,6 +49,8 @@ rules:
|
|||
-----END RSA PRIVATE KEY-----
|
||||
- |
|
||||
"-----BEGIN RSA PRIVATE KEY-----\r\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAlwAAAAdzc2gtcn\r\nNhAAAAAwEAAQAAAIEAtDSHFO5tfN+jYMJuiNvBaplkSI3eFqKMLOvXyVu+dmSEic6xyKWQ\r\nqjQiFpXogArvAq2tBxWOq7F+a6rNhDKdICD2amRwDHqKD1bzXVSZ5c1XnpCFsBiQaEyX2i\r\nqyjScnntFHIpTCVHNxILDxsStocj6Cf99C7hfCGVhft/Ts/O0AAAIQJOKnUyTip1MAAAAH\r\nc3NoLXJzYQAAAIEAtDSHFO5tfN+jYMJuiNvBaplkSI3eFqKMLOvXyVu+dmSEic6xyKWQqj\r\nQiFpXogArvAq2tBxWOq7F+a6rNhDKdICD2amRwDHqKD1bzXVSZ5c1XnpCFsBiQaEyX2iqy\r\njScnntFHIpTCVHNxILDxsStocj6Cf99C7hfCGVhft/Ts/O0AAAADAQABAAAAgBcaTN8gGi\r\nVSPo3fH3CoS8mw1KyAk6JvQG1Z5xZHjsl65YsNVrmUkFFh0aT3nxEbVb0QKwineN0GKmD/\r\nSs3R91a573gzli7TJPFCHhhBbE7FRC4KQMTc1/UANwFYQVcfZ4n9IVHr3jiWToSY3XbC66\r\nZcd0sg+d+YRjIxUktuNFHBAAAAQQCOOKbSUJAWzcTDbxImwDCAfBMlEeMAnJrwobL/zxbT\r\nGhKdnqnomoreFdYL8vOcOlwZG0hUKIA6AM1GsMzp6aCwAAAAQQDmAABpOQnkDy8v8kTDhP\r\ndW3lAqRGOU4WRWj7WystQv/VjuJpceekhOyhNJBuNHDKZ3IT1agAZHIhhL+webE2S1AAAA\r\nQQDIk4H1agCohlHUg50PcyKzE/zZ85Gw0ErTmgqIIGd4B1AqUtjwVe1qFoqHuZPtq2cbVF\r\n1HTHh6GX//J6rKWVJZAAAAGWJsYXJzZW5AYnJhZGZvcmRzLW1icC5sYW4B\r\n-----END RSA PRIVATE KEY-----"
|
||||
references:
|
||||
- https://www.rfc-editor.org/rfc/rfc7468
|
||||
- name: Base64-PEM-Encoded Private Key
|
||||
id: kingfisher.pem.2
|
||||
pattern: |
|
||||
|
|
@ -68,4 +70,6 @@ rules:
|
|||
confidence: high
|
||||
examples:
|
||||
- 'PRIVATE_KEY_B64=LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBb3kxWFh1VkFRcHFIYlFFMDVta2hyTmcvMTI0Ri8ySzlPYW5pelpUWlVVaEswOFU4CkxhaC9SbVVsWHFRMDEvU255aktGOWZqUDhFcU1OZ1dpamUzYmVwL3RPOVpTMEFUMi9PVlJXeS9TOG52RDQ5WTMKenMxMktSbERhR2lZc0RsYUZrbHJkeDQ4RWhRVmdHN3hmWE1jaC9OejJzc2FEby9kRkNBOW80TkZZQWUzM2UveApWNVo1UHNkWkl6dkNZQVlCNDRoUEtpN3JXRE1IbFdzM1kvVkVtQXMzSzVNK2QvL3QzRHB4WnBEbWJERGdYa2w2CjZUdDh3VXloUVZ3MkZpMStobTF1T2QwYjFkaW9aNko2OXNTT2JOZXpSR3YxYjdZaFltT0JKL1JBbHN5ZHoxTmgKVXpXT1lYV0Z1OGJrOU9JM3lQMEc0TE84QjhtbWRldE1RVVoyelFJREFRQUJBb0lCQUN2ckhUUHVVZ0JiSlE0QwpvQ0ZQdEgrWDZIN3NIdk1ndVR0VzdUTlYxN1BYMkVQdE53ZzI3S0tld0pNYmNSbWF3THBjSk5BU09xMDY4MGZxCjlsaHE1NEsybnB4WFVBeXErV3NSc1hid2hUODhibm5aQTBaRzZJR2hTaEpFN0t1cGxBU2htQ29FV2ppbmJTNFgKTGlvTW5HWSs4VFMzSzNrMTRWUDBaWUtuNXprMERHZnFBMEo0VTRXSmxUeGwrTWZxd0pJOTlrcTdHbFVlZkdncQpuK3Q1d2NrV3BPbTd5TUJjZTlTSXlmTm54bnU3TkZYQm50VTN5RGxSUThWUWZmNEtRMzJCaWNiYlJWemR1TThNCnNxMU5CZWNzL0EzUXRvdG1nWUc4d094ZXpNS3Iyays2QzB2NmlFc0h5T0lmR25GWktSZDJFd0dnWlo3aytURHUKUUYrcjd1VUNnWUVBMkRqNUJoYmpybDFRNTZya3BhTGFvVldRV1Y5YUYzUUJtNlNZM2VQYmlvY2JNR2k1ak1ESQpkSjdJVXlLYUljK3BNV1RQYlBmVUd2WmNENlczZDFBNUNUSnFuWHVuVlY3czRqaWJ6WDZUbjhNM3IrMHZTZnNZCmdPMHBtRFpndlNqaVZTRUNBQTZFOFUxQ1lFZU5KUDFDOW12cGJVNzJRTEpndWp3M3JMb2oyYmNDZ1lFQXdUSXYKOUNSeWNOQXRBbDcvUHdWZGh5eXRvVHBSRnZDSU1HSVk5SjMxZ3lva0ZlaFQvWjQ4WkF6anl6ZTBSUXYzdGUxTQoveVJMQkVETGkwbEtrZFVXckVkaVR3dm1KdkpwMDZ0OEdCbERsK25ycXVLWTFxVThDbTR5cis4QzZtRThkVnZrClNINXBhRXptOERFTE1wSjhGVTZFYnhmZHZjRzZmSGx6dnVnZmc1c0NnWUFFQ1BRa3QvS2h3MTRLSkxkRm5BZG0KY1ZsVFFhTkZ3c1Z3NlI1dExaNWdOR3MrZVFYVmFaZVVEWTZCZHFqWHJxOWltNVgvVzVTYXVEUTVtb2NVOCt0TQpqNk5Mc3c0SldzOGkzWm1TdVNUNkcwT0R4ZkpXK0JlWitGTUpZeUpsQlVsTCsyUzFLWkF6akpTTGhXcE40V2dKCmZ6UUk5U3RGUTg3b1NzMWpMTW9VZXdLQmdGOE9CMlFURHErTTdhaE4vejROc0wvU2JyZDJEdkcvZFBLQlFaQVIKcS90V0g1MGJ5ejlzdkgvcGk2YXdDS1UwUnpPZXh4UjkwZDhNMWxqNHZaVFZDQ3ZKajRnZTdhVlovbEdqL1JHSwpWS1NJOW1nRXgzaE1vaWJybzByR3lXTnlaaUhFRGFUUmRhRll2UU9PemRpYkZDd1RqcnR1UGE2Z2c5VzhtQU5sCkNDUmpBb0dBSTRIbnpyV3kzaU5kR2xqVnh4bW1DN1V0c0MvajJBUEZpcHc0ZHJ0U2NsMDFRZzF5WkowbDNBTk4KOU5lTmVSUUFzN3pFTng2T1B1SzlxYy83T1ROMTJKaHdoUTIzdXZwNjZjV0krdTRjcVpOZTJyZVFVVWVmM3psbQpMcXRmOU50VHp5M3pjMGZQcGoxQnBlRmxHSG9SVDhjVHpBWjFTeGwyZWChazlqS2RVeDQ9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t'
|
||||
- ' "privateKey": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBbUhKOEJHdTFYZUZ4aENVQXBrNHNSTVI4RnRTdGtyMEx0OWtWTGNSUjRFWitiOWhHCmR0blJpOFhqV3d5MU5zMHliMkJMdHBpVHZKSFVKTUphWXluZ2ZkZnZhcWhocm1yYm5vV0pLQkxmeUxwTXFNS1EKQ3RialFxbnVrQURJUWVQd2ZGeTNpVHkxd1JkRC9zTUs1U0VtV0Fxb0pZQk50eTFZZzA2UzVkYVlPM2xjY3hrYQpQWjRjcm9McWF6Ny9tU3dDVTR5VWRSb3h4WVF4VG1MZXg5M2tqU09TTmdpK0FXc0lCbjV3UHI0VHNuVHFSeWpIClN2aEdMdk9YREpRYWZRdk56WjFSL1FYMzlOQk9xOEVKZW5pWXdaUm9uNVcvNVhMYW94MFFyUGhrY1BES3A5SVUKeHpJakUwWlNmMStUK1FFbTQ3TkFtSnhvZjFhdGRFVzZDTCtheHdJREFRQUJBb0lCQUQ3enI4REhsWnFSK1NWZgpmbGd1bWRzLzVCb3Rjd3ZRWXlGbFZIaVV4RmEvNVlCY0tDVDJKN0QzWTc1NmplNTJaK2hVTkkvUGk5cG53ZG40CkpBa2xCdDRRcUg0NzBES05UK216TFFOT1gvanM3YkVXdnhLcTBDZjhNbFptN0V0QlRGS2VtdS9pRVJBT2duYVcKcGs0ZUZVNXdBQ1dVU1FObWgxR1p4ZEdCZjFXM1VjUnQxcFRvOEtQTDluZm4vSGJiRFNsQkNVL3VIcWd2TSt2cApmTE03bzRIVDZ1K1ZzU00rWGZqeDhpeE5ZRHdoalNuKzQyZm13d1d3ZzJISHUrdUozZ1pUSWQwRUI1VW9hdUNjCjZUTlVtcEJscjU5UGFmVkZRWUY1S3VxaHJXKzVQaWpHcHBZcXg4Ynl6aFpOQzkwZnl5V0NXcXg2eGFZVm5OdzgKNkJmUXM2a0NnWUVBeVlyRVg1NU1RTzJnWDY2TGwxaGJDMzNzWk1OZzloVG1SK1doSTFjNksvbFZ1TFoyL0RPdwpsYTZ6eHdBU204Z0ZyVUFYbUljV2h2b3FwWGVzNWZzOVZKeDlNT0ZVYVBrckRPQllnY1laMUR6VVNVOHc3SSttCnlyV3hRUkRNajhvSGpRbHVpM0s2MzZucm5RajhxOGkvQ2dranVPcHJGZnliMzVEMFlDdjVXZzBDZ1lFQXdhT3cKRWFhN0l1MjFGa08vbmFjdVhjSnBhNkVlUTNqZFNlNlRQaXZ6bVVXU0haeGJuUy9XSnJaRjQwSExzUWxOZHl0ZgpNTTBKZFU0VmMyR0NVc1pMYjdQSmJwdVRqRERSSHJXV1pCMnhiemF0K3A3N2RzNWlOcXFRcTZ6M0syUVh4Y3ZTCis5am5VZXpDU2Y0N1R1OWNTTW96V3hTMW82b1BPSFdHVFRvdHR5TUNnWUFQdWc1Y3o4TnZoWnR3Ry9TMG1LWnkKSFI5bk5YL0pkQlFNSkRVUXh1dTVKcm16c2psU3NNM2t3RDh6RmlSZGw1d3B5c2lNbEc0RGxsM2hqNWNrVXhpVQpFNm9KT0d3WHpPbTVGWUNTajl6UUhQY0x5V3d0NlgvQWJiRXBQS0JaMEJBS3gyT2k2ZzcvQ1FsanRhSFIzZFphCmVDQWJlOTlqVmRUcit5bTJuM2ZUdVFLQmdBMm5TZ25rbEx0Z3dXMEJkK2hZMm1jWUJ6RGttbXF0Z2dUdGdvcFcKdFFWd3AxM1pJWWlTeituSTNtS295QUVDbytpc01Ua1NyQUVPY1dyQ1RGc2p5anZsRkdYdEtGa3hNLzJUVmpoVwo4NlRnMlNHYnhpVlpaZ2x1dTJhdmVub2Z3NkZadnRXdE5KcE5OR0hkUURkUG4xVXVsTEp1WW1SWTRGdmR4WXQ2CmQ3QzdBb0dBRUsvalFiZ0l3OXFLQUNOZ0JySnB1cU5Ham9JajFoQTRlb29DMXp1bFEyZUpnZ2J5OTBpSDg2VzEKM0xyOVZMVFkyc2JKTzlqekZVR0lOL01BOEhYQTE1a2grZHRibkRsdFRFZGNnenBCRzhCQUZRQ3hQWnBGWHhtZgpDUmhXN1l6RW1IeWJ4R0toR3NOK2M3NUhKTHZFSWwrRTh6eitXRk9xT240dkJXU1ZwSnc9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==",'
|
||||
- ' "privateKey": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBbUhKOEJHdTFYZUZ4aENVQXBrNHNSTVI4RnRTdGtyMEx0OWtWTGNSUjRFWitiOWhHCmR0blJpOFhqV3d5MU5zMHliMkJMdHBpVHZKSFVKTUphWXluZ2ZkZnZhcWhocm1yYm5vV0pLQkxmeUxwTXFNS1EKQ3RialFxbnVrQURJUWVQd2ZGeTNpVHkxd1JkRC9zTUs1U0VtV0Fxb0pZQk50eTFZZzA2UzVkYVlPM2xjY3hrYQpQWjRjcm9McWF6Ny9tU3dDVTR5VWRSb3h4WVF4VG1MZXg5M2tqU09TTmdpK0FXc0lCbjV3UHI0VHNuVHFSeWpIClN2aEdMdk9YREpRYWZRdk56WjFSL1FYMzlOQk9xOEVKZW5pWXdaUm9uNVcvNVhMYW94MFFyUGhrY1BES3A5SVUKeHpJakUwWlNmMStUK1FFbTQ3TkFtSnhvZjFhdGRFVzZDTCtheHdJREFRQUJBb0lCQUQ3enI4REhsWnFSK1NWZgpmbGd1bWRzLzVCb3Rjd3ZRWXlGbFZIaVV4RmEvNVlCY0tDVDJKN0QzWTc1NmplNTJaK2hVTkkvUGk5cG53ZG40CkpBa2xCdDRRcUg0NzBES05UK216TFFOT1gvanM3YkVXdnhLcTBDZjhNbFptN0V0QlRGS2VtdS9pRVJBT2duYVcKcGs0ZUZVNXdBQ1dVU1FObWgxR1p4ZEdCZjFXM1VjUnQxcFRvOEtQTDluZm4vSGJiRFNsQkNVL3VIcWd2TSt2cApmTE03bzRIVDZ1K1ZzU00rWGZqeDhpeE5ZRHdoalNuKzQyZm13d1d3ZzJISHUrdUozZ1pUSWQwRUI1VW9hdUNjCjZUTlVtcEJscjU5UGFmVkZRWUY1S3VxaHJXKzVQaWpHcHBZcXg4Ynl6aFpOQzkwZnl5V0NXcXg2eGFZVm5OdzgKNkJmUXM2a0NnWUVBeVlyRVg1NU1RTzJnWDY2TGwxaGJDMzNzWk1OZzloVG1SK1doSTFjNksvbFZ1TFoyL0RPdwpsYTZ6eHdBU204Z0ZyVUFYbUljV2h2b3FwWGVzNWZzOVZKeDlNT0ZVYVBrckRPQllnY1laMUR6VVNVOHc3SSttCnlyV3hRUkRNajhvSGpRbHVpM0s2MzZucm5RajhxOGkvQ2dranVPcHJGZnliMzVEMFlDdjVXZzBDZ1lFQXdhT3cKRWFhN0l1MjFGa08vbmFjdVhjSnBhNkVlUTNqZFNlNlRQaXZ6bVVXU0haeGJuUy9XSnJaRjQwSExzUWxOZHl0ZgpNTTBKZFU0VmMyR0NVc1pMYjdQSmJwdVRqRERSSHJXV1pCMnhiemF0K3A3N2RzNWlOcXFRcTZ6M0syUVh4Y3ZTCis5am5VZXpDU2Y0N1R1OWNTTW96V3hTMW82b1BPSFdHVFRvdHR5TUNnWUFQdWc1Y3o4TnZoWnR3Ry9TMG1LWnkKSFI5bk5YL0pkQlFNSkRVUXh1dTVKcm16c2psU3NNM2t3RDh6RmlSZGw1d3B5c2lNbEc0RGxsM2hqNWNrVXhpVQpFNm9KT0d3WHpPbTVGWUNTajl6UUhQY0x5V3d0NlgvQWJiRXBQS0JaMEJBS3gyT2k2ZzcvQ1FsanRhSFIzZFphCmVDQWJlOTlqVmRUcit5bTJuM2ZUdVFLQmdBMm5TZ25rbEx0Z3dXMEJkK2hZMm1jWUJ6RGttbXF0Z2dUdGdvcFcKdFFWd3AxM1pJWWlTeituSTNtS295QUVDbytpc01Ua1NyQUVPY1dyQ1RGc2p5anZsRkdYdEtGa3hNLzJUVmpoVwo4NlRnMlNHYnhpVlpaZ2x1dTJhdmVub2Z3NkZadnRXdE5KcE5OR0hkUURkUG4xVXVsTEp1WW1SWTRGdmR4WXQ2CmQ3QzdBb0dBRUsvalFiZ0l3OXFLQUNOZ0JySnB1cU5Ham9JajFoQTRlb29DMXp1bFEyZUpnZ2J5OTBpSDg2VzEKM0xyOVZMVFkyc2JKTzlqekZVR0lOL01BOEhYQTE1a2grZHRibkRsdFRFZGNnenBCRzhCQUZRQ3hQWnBGWHhtZgpDUmhXN1l6RW1IeWJ4R0toR3NOK2M3NUhKTHZFSWwrRTh6eitXRk9xT240dkJXU1ZwSnc9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==",'
|
||||
references:
|
||||
- https://www.rfc-editor.org/rfc/rfc7468
|
||||
|
|
@ -12,7 +12,7 @@ rules:
|
|||
min_digits: 2
|
||||
min_entropy: 4
|
||||
examples:
|
||||
- pscale_tkn_abcdefghijklmnopqrstuvwxyZ1234567890_ABCDEF
|
||||
- pscale_tkn_abcdefghi12lmnopqrstuvwxyZ1234567890_ABCDEF
|
||||
validation:
|
||||
type: Http
|
||||
content:
|
||||
|
|
@ -31,6 +31,8 @@ rules:
|
|||
- '"id":'
|
||||
- '"username":'
|
||||
url: https://api.planetscale.com/v1/user
|
||||
references:
|
||||
- https://planetscale.com/docs/api
|
||||
depends_on_rule:
|
||||
- rule_id: kingfisher.planetscale.2
|
||||
variable: USERNAME
|
||||
|
|
@ -51,5 +53,7 @@ rules:
|
|||
min_entropy: 3.5
|
||||
visible: false
|
||||
examples:
|
||||
- pscale_user = abcdefghijkl
|
||||
- 'planetscale_id: hgtmrnzlv1t7'
|
||||
- pscale_user = 0dm7fw8prpel
|
||||
- 'planetscale_id: 0dm7fw8prpel'
|
||||
references:
|
||||
- https://planetscale.com/docs/api
|
||||
|
|
|
|||
|
|
@ -39,4 +39,6 @@ rules:
|
|||
- CONNECTION_URI="postgis://postgres:s2Tf2k@rLMy@google.com:5434/elephant"
|
||||
validation:
|
||||
type: Postgres
|
||||
tls_mode: lax
|
||||
tls_mode: lax
|
||||
references:
|
||||
- https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
|
||||
|
|
@ -27,6 +27,8 @@ rules:
|
|||
negative: true
|
||||
- type: StatusMatch
|
||||
status: [200]
|
||||
references:
|
||||
- https://posthog.com/docs/api/overview#authentication
|
||||
- name: PostHog Personal API Key
|
||||
id: kingfisher.posthog.2
|
||||
pattern: |
|
||||
|
|
@ -52,4 +54,6 @@ rules:
|
|||
- type: WordMatch
|
||||
words:
|
||||
- "authentication_failed"
|
||||
negative: true
|
||||
negative: true
|
||||
references:
|
||||
- https://posthog.com/docs/api/overview#authentication
|
||||
|
|
@ -14,7 +14,7 @@ rules:
|
|||
confidence: medium
|
||||
examples:
|
||||
- PREFECT_API_TOKEN=pnu_1234567890abcdef1234567890abcdef1234
|
||||
- '"prefectToken": "pnu_abcdefabcdefabcdefabcdefabcdefabcdef"'
|
||||
- '"prefectToken": "pnu_abcdefabcdef12cdefabcdefabcdefabcdef"'
|
||||
references:
|
||||
- https://docs.prefect.io/latest/concepts/api_keys/
|
||||
validation:
|
||||
|
|
|
|||
|
|
@ -22,12 +22,10 @@ rules:
|
|||
PRIVATE\sKEY
|
||||
(\sBLOCK)?
|
||||
-----
|
||||
pattern_requirements:
|
||||
min_digits: 2
|
||||
min_entropy: 4.5
|
||||
confidence: high
|
||||
examples:
|
||||
- |-
|
||||
- |
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
Proc-Type: 4,ENCRYPTED
|
||||
DEK-Info: AES-256-CBC,1F77CE6d2Bb6B18537633Ec3aD093b9C
|
||||
|
|
@ -42,6 +40,8 @@ rules:
|
|||
+ril
|
||||
frnc129xvp11ndqbyjqlg3jf9ovlb1qula84ftj8m
|
||||
-----END RSA PRIVATE KEY-----
|
||||
references:
|
||||
- https://www.rfc-editor.org/rfc/rfc7468
|
||||
|
||||
- name: Contains Private Key
|
||||
id: kingfisher.privkey.2
|
||||
|
|
@ -106,3 +106,5 @@ rules:
|
|||
-----BEGIN ENCRYPTED PRIVATE KEY BLOCK-----
|
||||
V75NeIrlsI80Gf0aTS2RZQvEcUQ3n6XwFnOvB/O5rRv3HGqvptc3P3n0bxfEg5KA
|
||||
-----END ENCRYPTED PRIVATE KEY BLOCK-----
|
||||
references:
|
||||
- https://www.rfc-editor.org/rfc/rfc7468
|
||||
|
|
|
|||
|
|
@ -24,6 +24,8 @@ rules:
|
|||
- 200
|
||||
type: StatusMatch
|
||||
url: "https://ps.pndsn.com/publish/{{ TOKEN }}/{{ SUBSCRIPTIONTOKEN }}/0/kingfisher/0/%22ping%22?uuid=kingfisher_validate"
|
||||
references:
|
||||
- https://www.pubnub.com/docs/sdks/rest-api
|
||||
depends_on_rule:
|
||||
- rule_id: "kingfisher.pubnub.2"
|
||||
variable: SUBSCRIPTIONTOKEN
|
||||
|
|
@ -52,4 +54,6 @@ rules:
|
|||
- report_response: true
|
||||
- status:
|
||||
- 200
|
||||
type: StatusMatch
|
||||
type: StatusMatch
|
||||
references:
|
||||
- https://www.pubnub.com/docs/sdks/rest-api
|
||||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Add a link
Reference in a new issue