- Skip reporting MongoDB and Postgres findings when their connection strings cannot be parsed, even when validation is disabled.

- Improve MySQL detection by broadening URI coverage and adding live validation that skips clearly invalid connection strings.
2025-11-15 08:23:06 -08:00 · 2025-11-15 08:23:06 -08:00 · f159dac5ab
commit f159dac5ab
parent 6e0e8fd2c9
4 changed files with 12 additions and 7 deletions
--- a/data/rules/adobe.yml
+++ b/data/rules/adobe.yml
@ -46,6 +46,7 @@ rules:
      \b
      adobe
      (?:.|[\n\r]){0,64}?
+      \b
      (
        [a-z0-9]{12}
      )
--- a/data/rules/azureopenai.yml
+++ b/data/rules/azureopenai.yml
@ -49,7 +49,7 @@ rules:
      (?xi)
      \b
      (
-        [a-z0-9-]+
+        [a-z0-9-]{3,32}
        \.openai\.azure\.com
      )
      \b
--- a/data/rules/grafana.yml
+++ b/data/rules/grafana.yml
@ -100,12 +100,12 @@ rules:
  - name: Grafana Domain
    id: kingfisher.grafana.4
    pattern: |
-      (?xi)                                
-      (?:https?://)?              
-      (?:[A-Z0-9-]+\.)*                 
-      grafana\.[A-Z0-9.-]+           
-      (?::\d{2,5})?                        
-      (?:[/?\#]\S*)?        
+      (?xi)
+      (?:https?://)?
+      (?:[A-Z0-9-]+\.){0,32}
+      grafana\.[A-Z0-9.-]{3,32}
+      (?::\d{2,5})?
+      (?:[/?\#]\S*)?   
    min_entropy: 3.0               
    visible: false
    confidence: medium
--- a/data/rules/jdbc.yml
+++ b/data/rules/jdbc.yml
@ -10,6 +10,10 @@ rules:
        :
        [^\s"'<>,(){}\[\]]{10,448}
      )
+    pattern_requirements:
+      ignore_if_contains:
+        - "*****"
+        - "xxxxx"
    min_entropy: 3.3
    confidence: medium
    validation: