diff --git a/CHANGELOG.md b/CHANGELOG.md index 5f87634..e2dfae5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ All notable changes to this project will be documented in this file. - Added `--max-validation-response-length ` for `scan` to control validation response storage truncation (default: `2048`, `0` disables truncation). - Updated `--full-validation-response` to bypass both validation storage truncation and reporter truncation, preserving complete response bodies end-to-end for parsing/reporting workflows. - Added Testkube detection/validation coverage with `kingfisher.testkube.*` rules for API keys plus dependent organization/environment IDs used for live API validation. +- Improved TrueNAS rule ## [v1.89.0] - Added TOON output for `scan`, `validate`, and `revoke`, optimized for LLM/agent workflows; prefer `--format toon` when calling Kingfisher from an LLM. diff --git a/README.md b/README.md index 430c5e3..cb0cc30 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ Kingfisher Logo [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) -[![Detection Rules](https://img.shields.io/badge/Detection%20Rules-544-2ea043.svg)](https://github.com/mongodb/kingfisher)
+[![Detection Rules](https://img.shields.io/badge/Detection%20Rules-546-2ea043.svg)](https://github.com/mongodb/kingfisher)
[![ghcr downloads](https://ghcr-badge.elias.eu.org/shield/mongodb/kingfisher/kingfisher)](https://github.com/mongodb/kingfisher/pkgs/container/kingfisher)
diff --git a/crates/kingfisher-rules/data/rules/truenas.yml b/crates/kingfisher-rules/data/rules/truenas.yml index 57ffcff..08caf37 100644 --- a/crates/kingfisher-rules/data/rules/truenas.yml +++ b/crates/kingfisher-rules/data/rules/truenas.yml @@ -1,4 +1,28 @@ rules: + - name: TrueNAS Instance URL + id: kingfisher.truenas.3 + visible: false + confidence: medium + min_entropy: 2.0 + pattern: | + (?x) + \b + ( + https?://[a-zA-Z0-9._:-]+ + ) + /api/v2\.0/ + (?:system|pool|device|sharing|jail|vm|chart|app|zvol|dataset|replication|snapshot|boot|tunable|smb|nfs|iscsi|certificate|acme|filesystem|reporting|alert|update|core|initshutdownscript) + examples: + - http://192.168.0.30/api/v2.0/system/info + - https://truenas.example.com/api/v2.0/device/get_info + - https://nas.local:443/api/v2.0/pool/dataset + - http://10.0.0.1/api/v2.0/sharing/smb + - https://truenas.local/api/v2.0/jail/query + - http://192.168.1.50:80/api/v2.0/zvol/id + - https://nas:443/api/v2.0/boot/environment + references: + - https://www.truenas.com/docs/api/scale_rest_api.html + - name: TrueNAS API Key (WebSocket) id: kingfisher.truenas.1 pattern: | @@ -30,12 +54,31 @@ rules: - https://www.truenas.com/docs/scale/scaleclireference/auth/cliapikey/ - https://www.truenas.com/docs/scale/api/ - https://www.truenas.com/community/threads/api-examples-in-perl-python.108053/ + depends_on_rule: + - rule_id: kingfisher.truenas.3 + variable: TRUENAS_URL + validation: + type: Http + content: + request: + method: GET + url: "{{ TRUENAS_URL }}/api/v2.0/system/info" + headers: + Authorization: "Bearer {{ TOKEN }}" + Accept: application/json + response_matcher: + - report_response: true + - type: StatusMatch + status: [200] + - type: JsonValid - name: TrueNAS API Key (REST API) id: kingfisher.truenas.2 pattern: | (?x) - Bearer\s* + /api/v2\.0 + (?:.|[\n\r]){0,256}? + Bearer\s+ (\d+-[a-zA-Z0-9]{64}) \b pattern_requirements: @@ -51,3 +94,67 @@ rules: - https://www.truenas.com/docs/scale/scaleclireference/auth/cliapikey/ - https://www.truenas.com/docs/scale/api/ - https://www.truenas.com/community/threads/api-examples-in-perl-python.108053/ + depends_on_rule: + - rule_id: kingfisher.truenas.3 + variable: TRUENAS_URL + validation: + type: Http + content: + request: + method: GET + url: "{{ TRUENAS_URL }}/api/v2.0/system/info" + headers: + Authorization: "Bearer {{ TOKEN }}" + Accept: application/json + response_matcher: + - report_response: true + - type: StatusMatch + status: [200] + - type: JsonValid + + - name: TrueNAS API Key (keyword proximity) + id: kingfisher.truenas.4 + pattern: | + (?xi) + \b(?:truenas|true[_-]nas|tn[_-]) + (?:.|[\n\r]){0,64}? + (?:api[_-]?key|api[_-]?token|key|token|secret|password|auth) + (?:.|[\n\r]){0,32}? + ( + \d+-[a-zA-Z0-9]{64} + ) + \b + pattern_requirements: + min_digits: 2 + min_entropy: 3.3 + confidence: medium + examples: + - 'TRUENAS_API_KEY=8-Lp22ov7halMBLUpG97Wg4y7fibQi3CW19VJiZcCu746zgCs0mdDdTCoOcpgEucgu' + - 'truenas_token: "10-6LZBVhNq8zze0rzXJptfSWDBoskWuThnQb3fUVw4sVNgJ7GKT3ITVIovhwPf34oL"' + - '"truenas_api_key": "9-hTSZDBPyg0PjRZvWb8omoxJ7X2gAjRGmiPKql9ENGIUP9OPtEAzz5f6g9YIMVbZT"' + - 'tn_api_key = "8-Lp22ov7halMBLUpG97Wg4y7fibQi3CW19VJiZcCu746zgCs0mdDdTCoOcpgEucgu"' + - 'true-nas_secret=9-hTSZDBPyg0PjRZvWb8omoxJ7X2gAjRGmiPKql9ENGIUP9OPtEAzz5f6g9YIMVbZT' + references: + - https://www.truenas.com/docs/api/core_websocket_api.html + - https://www.truenas.com/docs/api/scale_rest_api.html + - https://www.truenas.com/docs/scale/scaletutorials/toptoolbar/managingapikeys/ + - https://www.truenas.com/docs/scale/scaleclireference/auth/cliapikey/ + - https://www.truenas.com/docs/scale/api/ + - https://www.truenas.com/community/threads/api-examples-in-perl-python.108053/ + depends_on_rule: + - rule_id: kingfisher.truenas.3 + variable: TRUENAS_URL + validation: + type: Http + content: + request: + method: GET + url: "{{ TRUENAS_URL }}/api/v2.0/system/info" + headers: + Authorization: "Bearer {{ TOKEN }}" + Accept: application/json + response_matcher: + - report_response: true + - type: StatusMatch + status: [200] + - type: JsonValid