rules: - name: Salesforce Access Token id: kingfisher.salesforce.1 pattern: | (?xi) \b ( 00 [A-Z0-9]{13} ! [A-Z0-9._-]{80,260} ) pattern_requirements: min_digits: 6 min_entropy: 3.3 confidence: medium examples: - 00DE0X0A0M0PeLE!CJoAQOx1GCLf1UIt4UU9y0VOPLUZAYN6I8DsdGEDyHh5cO02egObcAhIDHYiGCfi94c53oFbr4HB.xZfuYRGhvNuxobAAXRe - | === Org Description KEY VALUE ──────────────── ──────────────────────────────────────────────────────────────────────────────────────────────────────────────── Access Token 00DE0X0A0M0PeLE!AQcAQH0dMHEXAMPLEzmpkb58urFRkgeBGsxL_QJWwYMfAbUeeG7c1EXAMPLEDUkWe6H34r1AAwOR8B8fLEz6nEXAMPLEAAAA Client Id PlatformCLI Connected Status Connected Id 00D5fORGIDEXAMPLE Instance Url https://MyDomainName.my.salesforce.com Username juliet.capulet@empathetic-wolf-g5qddtr.com validation: type: Http content: request: headers: Authorization: 'Bearer {{ TOKEN }}' method: GET response_matcher: - report_response: true - type: StatusMatch status: [200] - type: WordMatch words: ["DailyApiRequests"] match_all_words: true url: "https://{{ INSTANCE }}.my.salesforce.com/services/data/v60.0/limits" references: - https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_authentication.htm depends_on_rule: - rule_id: "kingfisher.salesforce.2" variable: INSTANCE - name: Salesforce Instance URL id: kingfisher.salesforce.2 pattern: | (?xi) \b (?:https?://)? ( [0-9A-Z-]{5,128} ) \. my\.salesforce\.com \b min_entropy: 2.5 confidence: medium visible: false examples: - https://example123.my.salesforce.com - mydomainname.my.salesforce.com references: - https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_authentication.htm - name: Salesforce Consumer Key id: kingfisher.salesforce.3 pattern: | (?x)(?s) \bconsumerKey\b (?:.|[\n\r]){0,32}? \b ( [A-Za-z0-9+/=._-]{16,256} ) \b min_entropy: 3.3 pattern_requirements: min_digits: 3 confidence: medium examples: - | https://login.example.com/oauth/login/v2/authorize?authHint=SALESFORCE_OAUTH2&authType=oauth2&prompt=login 012cbddfa6b05ec1941143c0d37a036291492be9f2df0b42c5c0c220198185de 7TVG9nQ8gW5RaRxV8i1SaI7vwa0xtQQoejTa48AR5QR6HBYV9YBKPnAzPU7bs6QxOgdjJy9TPabQYVTZtgT83 ExampleProviderOne false OpenIdConnect true false true https://login.example.com/oauth/login/v2/token - | https://api.example.net/oauth/authorize 012cbddfa6b05ec1941143c0d37a036291492be9f2df0b42c5c0c220198185de 7TVG9nQ8gW5RaRxV8i1SaI7vwa0xtQQoejTa48AR5QR6HBYV9YBKPnAzPU7bs6QxOgdjJy9TPabQYVTZtgT83 ExampleBatchConnect false OpenIdConnect true false true https://api.example.net/oauth/token - | https://api.example.net/oauth/authorize 012cbddfa6b05ec1941143c0d37a036291492be9f2df0b42c5c0c220198185de 7TVG9nQ8gW5RaRxV8i1SaI7vwa0xtQQoejTa48AR5QR6HBYV9YBKPnAzPU7bs6QxOgdjJy9TPabQYVTZtgT83 ExampleConnect false OpenIdConnect true false true https://api.example.net/oauth/token references: - https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_oauth_and_connected_apps.htm - name: Salesforce Consumer Secret id: kingfisher.salesforce.4 pattern: | (?xi)(?s) consumerSecret\b (?:.|[\n\r]){0,32}? \b ( [A-Za-z0-9+/=._-]{16,256} ) min_entropy: 3.3 pattern_requirements: min_digits: 6 confidence: medium examples: - | https://login.example.com/oauth/login/v2/authorize?authHint=SALESFORCE_OAUTH2&authType=oauth2&prompt=login 012cbddfa6b05ec1941143c0d37a036291492be9f2df0b42c5c0c220198185de 7TVG9nQ8gW5RaRxV8i1SaI7vwa0xtQQoejTa48AR5QR6HBYV9YBKPnAzPU7bs6QxOgdjJy9TPabQYVTZtgT83 ExampleProviderOne false OpenIdConnect true false true https://login.example.com/oauth/login/v2/token - | https://api.example.net/oauth/authorize 012cbddfa6b05ec1941143c0d37a036291492be9f2df0b42c5c0c220198185de 7TVG9nQ8gW5RaRxV8i1SaI7vwa0xtQQoejTa48AR5QR6HBYV9YBKPnAzPU7bs6QxOgdjJy9TPabQYVTZtgT83 ExampleBatchConnect false OpenIdConnect true false true https://api.example.net/oauth/token - | https://api.example.net/oauth/authorize 012cbddfa6b05ec1941143c0d37a036291492be9f2df0b42c5c0c220198185de 7TVG9nQ8gW5RaRxV8i1SaI7vwa0xtQQoejTa48AR5QR6HBYV9YBKPnAzPU7bs6QxOgdjJy9TPabQYVTZtgT83 ExampleConnect false OpenIdConnect true false true https://api.example.net/oauth/token references: - https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_oauth_and_connected_apps.htm - name: Salesforce Consumer Key and Secret id: kingfisher.salesforce.5 pattern: | (?xi)(?s) (?:salesforce|sforce) (?:.|[\n\r]){0,256}? \bconsumerKey\b (?:.|[\n\r]){0,32}? \b (?P [A-Z0-9+/=._-]{16,256} ) \b.*? (?:.|[\n\r]){0,256}? \bconsumer\s{0,8}secret\b (?:.|[\n\r]){0,32}? \b (?P [A-Za-z0-9+/=._-]{16,256} ) min_entropy: 3.5 pattern_requirements: min_digits: 3 ignore_if_contains: - "www.w3.org" - "/2001/" - "/XMLSchema" confidence: medium examples: - | https://login.example.com/oauth/login/v2/authorize?authHint=SALESFORCE_OAUTH2&authType=oauth2&prompt=login 012cbddfa6b05ec1941143c0d37a036291492be9f2df0b42c5c0c220198185de 7TVG9nQ8gW5RaRxV8i1SaI7vwa0xtQQoejTa48AR5QR6HBYV9YBKPnAzPU7bs6QxOgdjJy9TPabQYVTZtgT83 ExampleProviderOne false OpenIdConnect true false true https://login.example.com/oauth/login/v2/token - | https://api.example.net/oauth/authorize 012cbddfa6b05ec1941143c0d37a036291492be9f2df0b42c5c0c220198185de 7TVG9nQ8gW5RaRxV8i1SaI7vwa0xtQQoejTa48AR5QR6HBYV9YBKPnAzPU7bs6QxOgdjJy9TPabQYVTZtgT83 ExampleBatchConnect false OpenIdConnect true false true https://api.example.net/oauth/token - | https://api.example.net/oauth/authorize 012cbddfa6b05ec1941143c0d37a036291492be9f2df0b42c5c0c220198185de 7TVG9nQ8gW5RaRxV8i1SaI7vwa0xtQQoejTa48AR5QR6HBYV9YBKPnAzPU7bs6QxOgdjJy9TPabQYVTZtgT83 ExampleConnect false OpenIdConnect true false true https://api.example.net/oauth/token references: - https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_oauth_and_connected_apps.htm - name: Salesforce Refresh Token id: kingfisher.salesforce.6 pattern: | (?xi)(?s) (?:salesforce|sforce|login\.salesforce\.com|test\.salesforce\.com|my\.salesforce\.com) (?:.|[\n\r]){0,256}? \brefresh(?:_|[\s-])token\b (?:.|[\n\r]){0,24}? (?: [:=] | ["']\s*:\s*["'] ) \s* ( 5A[A-Z0-9._~-]{40,510} ) (?: \b | ["'] ) pattern_requirements: min_digits: 4 min_entropy: 3.5 confidence: medium examples: - | { "instance_url": "https://mydomain.my.salesforce.com", "refresh_token": "5Aep861vGfRt9a8nT3qgV7wU1rYp3kL2mN8dQ6zX4cB7jH9sT1vW2xY3zA4bC5dE6fG7hI8jK9mN0pQ1rS2tU3vW4xY5z" } - | salesforce: token_endpoint: https://login.salesforce.com/services/oauth2/token refresh_token: 5AefmTn2q8JdV4pP7xR1wY5zC9kL3mN6qS0uV2xY8bD1fG4hJ7kM9nQ2rT5vW8yZ1aC3eF6gH9jK2mP5sR8uV1xY4 references: - https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_understanding_web_server_oauth_flow.htm - https://help.salesforce.com/s/articleView?id=sf.remoteaccess_oauth_refresh_token_flow.htm&type=5 - name: Salesforce Connected App Consumer Key (Prefixed) id: kingfisher.salesforce.7 pattern: | (?x)(?s) \b ( 3MVG9[A-Za-z0-9._~-]{20,180} ) \b pattern_requirements: min_digits: 4 min_entropy: 3.6 confidence: medium validation: type: Http content: request: method: GET url: "https://login.salesforce.com/services/oauth2/authorize?response_type=code&client_id={{ TOKEN }}&redirect_uri=https%3A%2F%2Fexample.com%2Fcb" response_matcher: - report_response: true - type: StatusMatch status: [200] examples: - 3MVG9P8aWj9n4kT2xQ5mV7rY1bC3dF6gH8jK0mN2pR4tU6wX8zA1cE3gH5kM7qS9uV2xY4bD6fJ8nP1rT3vW5yZ7 references: - https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_oauth_and_connected_apps.htm