forked from mirrors/kingfisher
77 lines
2.7 KiB
YAML
77 lines
2.7 KiB
YAML
rules:
|
|
- name: Azure CosmosDB Account Key
|
|
id: kingfisher.azurecosmosdb.1
|
|
pattern: |
|
|
(?x)
|
|
\b
|
|
(?:
|
|
(?i:cosmos(?:db)?[_\s-]*(?:key|account[_\s-]*key|primary[_\s-]*key|secondary[_\s-]*key|master[_\s-]*key))
|
|
|
|
|
(?i:azure[_\s-]*cosmos(?:db)?[_\s-]*(?:key|account_key|primary_key|master_key))
|
|
|
|
|
(?i:documentdb(?:authkey|key))
|
|
)
|
|
(?:.|[\n\r]){0,16}?
|
|
(
|
|
[A-Za-z0-9+/]{86}==
|
|
)
|
|
pattern_requirements:
|
|
min_digits: 2
|
|
min_uppercase: 2
|
|
min_lowercase: 2
|
|
min_special_chars: 1
|
|
min_entropy: 4.0
|
|
confidence: medium
|
|
categories: [api, key]
|
|
examples:
|
|
- AZURE_COSMOSDB_KEY=oqb4TdY9T0hphvktd5fJnMiHuQqzVy1jd5sSuOpAbGkaoqTlrHl0BOJN2okcasinVLOJzfDbZo1L+ASt68RAhA==
|
|
- 'DocumentDbAuthKey=B/1EVX2Ui47X09tqU3GI/j+Nko9r5COPm0Hea9tfzitF9MQX9lZZiNO3tYQckWnt+rtlGIWS+sCx+AStkq8ZLg=='
|
|
references:
|
|
- https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-obtain-account-keys
|
|
|
|
- name: Azure CosmosDB Connection String
|
|
id: kingfisher.azurecosmosdb.2
|
|
pattern: |
|
|
(?x)
|
|
(?i:AccountEndpoint=(?P<COSMOS_ENDPOINT>https://[a-z0-9-]+\.documents\.azure\.com(?::\d+)?)/?;)
|
|
AccountKey=
|
|
(?P<secret>
|
|
(?P<TOKEN>
|
|
[A-Za-z0-9+/]{86}==
|
|
)
|
|
)
|
|
pattern_requirements:
|
|
min_digits: 2
|
|
min_uppercase: 2
|
|
min_special_chars: 1
|
|
min_entropy: 4.0
|
|
confidence: high
|
|
categories: [api, key]
|
|
examples:
|
|
- 'AccountEndpoint=https://myaccount.documents.azure.com:443;AccountKey=oqb4TdY9T0hphvktd5fJnMiHuQqzVy1jd5sSuOpAbGkaoqTlrHl0BOJN2okcasinVLOJzfDbZo1L+ASt68RAhA==;'
|
|
validation:
|
|
type: Http
|
|
content:
|
|
request:
|
|
method: GET
|
|
url: "{{ COSMOS_ENDPOINT }}/dbs"
|
|
headers:
|
|
Accept: application/json
|
|
x-ms-date: '{{ REQUEST_RFC1123_DATE | downcase }}'
|
|
x-ms-version: "2018-12-31"
|
|
Authorization: |
|
|
{%- assign x_ms_date = REQUEST_RFC1123_DATE | downcase -%}
|
|
{%- assign string_to_sign = "get\ndbs\n\n" | append: x_ms_date | append: "\n\n" -%}
|
|
{%- assign signature = string_to_sign | hmac_sha256_b64key: TOKEN | url_encode -%}
|
|
type=master&ver=1.0&sig={{ signature }}
|
|
response_matcher:
|
|
- report_response: true
|
|
- type: StatusMatch
|
|
status: [200]
|
|
- type: JsonValid
|
|
- type: WordMatch
|
|
words:
|
|
- '"Databases"'
|
|
references:
|
|
- https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-obtain-account-keys
|
|
- https://learn.microsoft.com/en-us/rest/api/cosmos-db/access-control-on-cosmosdb-resources
|