kingfisher/crates/kingfisher-rules/data/rules/neo4j.yml

rules:
  - name: Neo4j Database Credentials
    id: kingfisher.neo4j.1
    pattern: |
      (?xi)
      \b
      neo4j
      (?:.|[\n\r]){0,128}?
      \b(?:password|passwd|pwd)\b
      (?:.|[\n\r]){0,16}?
      [=:"'\s]
      (
        [^\s"']{8,64}
      )
    pattern_requirements:
      min_digits: 1
      min_special_chars: 1
    min_entropy: 3.0
    confidence: medium
    examples:
      - "spring.data.neo4j.password: Tr0ub4dor&3xampL"
      - "neo4j.password: ze0h!zafFEa"
    references:
      - https://neo4j.com/docs/getting-started/current/
      - https://neo4j.com/docs/operations-manual/current/authentication-authorization/
    # No public validation endpoint: Neo4j is self-hosted; the Bolt
    # protocol host is instance-specific and not publicly resolvable.