forked from mirrors/kingfisher
32 lines
984 B
YAML
32 lines
984 B
YAML
rules:
|
|
- name: JDBC connection string with embedded credentials
|
|
id: kingfisher.jdbc.1
|
|
pattern: |
|
|
(?xi)
|
|
(
|
|
jdbc:
|
|
[a-z][a-z0-9+.-]{2,32}
|
|
(?:[:][a-z0-9+.-]{1,32})*
|
|
:
|
|
[^\s"'<>,(){}\[\]]{10,448}
|
|
)
|
|
pattern_requirements:
|
|
min_special_chars: 2
|
|
special_chars: ";=/?@&"
|
|
ignore_if_contains:
|
|
- "****"
|
|
- "xxxx"
|
|
- "example"
|
|
min_entropy: 3.3
|
|
confidence: medium
|
|
validation:
|
|
type: Jdbc
|
|
tls_mode: lax
|
|
examples:
|
|
- jdbc:postgresql://db.example.com:5432/app?user=admin&password=s3cr3t
|
|
- jdbc:mysql://admin:s3cr3t@prod.internal:3306/inventory
|
|
- jdbc:oracle:thin:@ora.example.net:1521/ORCLPDB1
|
|
- jdbc:sqlserver://sql.example.org:1433;databaseName=inventory;user=sa;password=s3cr3t!
|
|
references:
|
|
- https://docs.oracle.com/javase/8/docs/api/java/sql/DriverManager.html
|
|
- https://jdbc.postgresql.org/documentation/use/
|