forked from mirrors/kingfisher
29 lines
804 B
YAML
29 lines
804 B
YAML
rules:
|
|
- name: Laravel Application Encryption Key
|
|
id: kingfisher.laravel.1
|
|
pattern: |
|
|
(?xi)
|
|
\b
|
|
app[_-]?key
|
|
(?:.|[\n\r]){0,16}?
|
|
[=:"'\s]
|
|
['"]*
|
|
(
|
|
base64:
|
|
[A-Za-z0-9+/]{43}=
|
|
|
|
|
[A-Za-z0-9]{32}
|
|
)
|
|
['"\s]
|
|
pattern_requirements:
|
|
min_digits: 2
|
|
min_entropy: 3.0
|
|
confidence: high
|
|
examples:
|
|
- "APP_KEY=base64:SomeRandomBase64xStr1234567890ABCDEFGabcdef= "
|
|
- "APP_KEY=AbCdEf1234GhIjKl5678MnOpQr90StUv\n"
|
|
- "'key' => env('APP_KEY', 'base64:xK9mP2qR8sT4wY6zA1cD3eF5gH7iJ0kLmNpQrStuVwx=')"
|
|
references:
|
|
- https://laravel.com/docs/encryption
|
|
# No public validation endpoint: APP_KEY is used for local payload
|
|
# encryption and has no standalone API to validate against.
|