forked from mirrors/kingfisher
115 lines
3.2 KiB
YAML
115 lines
3.2 KiB
YAML
rules:
|
|
- name: Tableau Personal Access Token
|
|
id: kingfisher.tableau.1
|
|
pattern: |
|
|
(?xi)
|
|
(?:
|
|
\btableau\b
|
|
(?:.|[\n\r]){0,96}?
|
|
|
|
|
PersonalAccessTokenAuth
|
|
(?:.|[\n\r]){0,32}?
|
|
|
|
|
X-Tableau-Auth
|
|
(?:.|[\n\r]){0,16}?
|
|
)
|
|
(?:
|
|
(?P<TABLEAU_PAT_NAME>[A-Za-z0-9+/]{12,24}
|
|
(?:={1,2})?
|
|
)
|
|
:
|
|
(?P<TOKEN>[A-Za-z0-9+/=_-]{24,48})
|
|
)
|
|
pattern_requirements:
|
|
min_digits: 2
|
|
min_uppercase: 2
|
|
min_lowercase: 2
|
|
min_entropy: 3.5
|
|
confidence: medium
|
|
examples:
|
|
- "tableau_auth = TSC.PersonalAccessTokenAuth('prod_svc', 'WLQKWBs1TnuBx4G7gIzz/w==:yDwZ74EWDPIgU6cSlz8RDJHp7CV2rtFP', 'companysite')"
|
|
- 'curl -H "X-Tableau-Auth:oJzK8bqwPTnmSl1/E2+aXw==:ZvTsRqFmKpWuLdNhYcBjXiGe" https://tableau.example.com/api/3.17/sites'
|
|
validation:
|
|
type: Http
|
|
content:
|
|
request:
|
|
method: POST
|
|
url: "{{ TABLEAU_SERVER }}/api/3.28/auth/signin"
|
|
headers:
|
|
Accept: application/json
|
|
Content-Type: application/json
|
|
body: >
|
|
{"credentials":{"personalAccessTokenName":"{{ TABLEAU_PAT_NAME }}","personalAccessTokenSecret":"{{ TOKEN }}","site":{"contentUrl":"{{ TABLEAU_SITE | default: "" }}"}}}
|
|
response_matcher:
|
|
- report_response: true
|
|
- type: StatusMatch
|
|
status: [200]
|
|
- type: JsonValid
|
|
- type: WordMatch
|
|
match_all_words: false
|
|
words:
|
|
- '"token"'
|
|
- '"site"'
|
|
depends_on_rule:
|
|
- rule_id: kingfisher.tableau.2
|
|
variable: TABLEAU_SERVER
|
|
- rule_id: kingfisher.tableau.3
|
|
variable: TABLEAU_SITE
|
|
references:
|
|
- https://help.tableau.com/current/api/rest_api/en-us/REST/rest_api_ref_authentication.htm
|
|
- https://help.tableau.com/current/server/en-us/security_personal_access_tokens.htm
|
|
|
|
- name: Tableau Server URL
|
|
id: kingfisher.tableau.2
|
|
pattern: |
|
|
(?xi)
|
|
\b
|
|
(
|
|
https://(?:
|
|
(?:[a-z0-9-]+\.)?online\.tableau\.com
|
|
|
|
|
(?:[a-z0-9-]+\.)*tableau(?:\.[a-z0-9-]+)+
|
|
)
|
|
)
|
|
(?:
|
|
/api/\d+\.\d+
|
|
)?
|
|
(?:
|
|
/[^\s"'<>]{0,120}
|
|
)?
|
|
min_entropy: 1.5
|
|
confidence: medium
|
|
visible: false
|
|
examples:
|
|
- https://tableau.example.com
|
|
- https://10ax.online.tableau.com
|
|
- server="https://analytics.tableau.example.com"
|
|
references:
|
|
- https://help.tableau.com/current/api/rest_api/en-us/REST/rest_api_ref_authentication.htm
|
|
|
|
- name: Tableau Site Content URL
|
|
id: kingfisher.tableau.3
|
|
pattern: |
|
|
(?xi)
|
|
\b
|
|
(?:
|
|
tableau[_-]?(?:site|content[_-]?url)
|
|
|
|
|
tableau
|
|
(?:.|[\n\r]){0,48}?
|
|
(?:site|content[_-]?url)
|
|
)
|
|
(?:.|[\n\r]){0,12}?
|
|
[=:"'\s]
|
|
(
|
|
[A-Za-z0-9._-]{1,64}
|
|
)
|
|
\b
|
|
min_entropy: 1.0
|
|
confidence: medium
|
|
visible: false
|
|
examples:
|
|
- tableau_site=companysite
|
|
- tableau_content_url="default"
|
|
references:
|
|
- https://help.tableau.com/current/api/rest_api/en-us/REST/rest_api_ref_authentication.htm
|