eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
1,020 commits 5 branches 83 tags 53 MiB
Commit graph

18 commits

Author SHA1 Message Date
Mick Grove
6e0e8fd2c9 - Skip reporting MongoDB and Postgres findings when their connection strings cannot be parsed, even when validation is disabled. 
- Improve MySQL detection by broadening URI coverage and adding live validation that skips clearly invalid connection strings.
 2025-11-15 08:11:25 -08:00
Mick Grove
62ea3fd615 Filter out empty 'KF_BITBUCKET_*' environment values when constructing the Bitbucket authentication configuration so blank variables no longer override valid credentials 2025-11-13 14:30:27 -08:00
Mick Grove
c14adbdadd added jdbc rule and validator 2025-11-12 22:58:31 -08:00
Mick Grove
57ab249960 added jdbc rule and validator 2025-11-12 22:25:33 -08:00
Mick Grove
03a6699fe8 v1.63.0 2025-11-10 18:47:51 -08:00
Mick Grove
77bcbd6130 changes in response to code review 2025-11-09 09:16:50 -08:00
Mick Grove
12730bb609 Added checksum comparisons to pattern_requirements, new suffix, crc32, and base62 Liquid filters, and verbose logging so mismatched checksums are skipped with context rather than reported as findings. 2025-11-07 16:31:24 -08:00
Mick Grove
dc02abac63 Added an optional exclude_words list to PatternRequirements so matches containing case-insensitive placeholder words are filtered out, with accompanying tests to cover the new behavior. 2025-11-05 17:19:11 -08:00
Mick Grove
3b3a4e5030 Added an optional exclude_words list to PatternRequirements so matches containing case-insensitive placeholder words are filtered out, with accompanying tests to cover the new behavior. 2025-11-04 14:15:04 -05:00
Mick Grove
c0e4910d1f pattern_requirements for rules — Post-regex character-class gating to cut false positives without lookarounds. Authors can now require minimum counts of digits, uppercase, lowercase, and special characters, with an optional custom special-char set. 
Why: Hyperscan doesn’t support lookaheads/behinds, so many “must contain X and Y” checks had to be baked into the regex (hurting readability) or were impossible. pattern_requirements applies lightweight, in-memory checks after a match is found, keeping patterns fast and clean.
 2025-11-04 13:55:31 -05:00
Mick Grove
516e25d125 Replaced Match::finding_id’s SHA1-based hashing with a fast xxh3_64 digest that keeps IDs deterministic while eliminating a hot-path SHA1 dependency 2025-09-24 12:22:56 -07:00
Mick Grove
e7a8da6b3c Dropped the “prevalidated” flag from rule definitions and validation logic so every finding now flows through the standard active/inactive/unknown pipeline, simplifying rule configuration and preventing special‑case bypasses 2025-08-13 08:22:53 -07:00
Mick Grove
51bc64339c - Fixed issue when more than 1 named capture group is used in a rule variable 
- Added 2 new liquid template filters: 'b64dec' and 'es256_sign'
- Added custom validator for Coinbase, and a Coinbase rule that uses it
 2025-07-31 16:52:50 -07:00
Mick Grove
93f1e3b1da JWT validation performs OpenID Connect discovery using the iss claim and verifies signatures via JWKS 2025-07-14 15:31:44 -07:00
Mick Grove
cd4f626502 Added support for HTTP request bodies in rule validation. Added mistral and perplexity rule 2025-07-08 17:49:12 -07:00
Mick Grove
18e0b3c9b4 Fixed malformed rules. Now validating that response_matcher is present in validation section of all rules 2025-06-25 23:29:46 -07:00
Mick Grove
0d3513b6f9 Fixed malformed rules. Now validating that response_matcher is present in validation section of all rules 2025-06-25 22:17:37 -07:00
Mick Grove
fc4aee9e41 preparing for v1.12 2025-06-24 17:17:16 -07:00