eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
kingfisher/crates/kingfisher-rules/data/rules/wechat.yml
Mick Grove 2444d83e5d more rules
2026-04-03 23:43:49 -07:00

50 lines
1.2 KiB
YAML
Raw Permalink Blame History

rules:
- name: WeChat App ID
id: kingfisher.wechat.1
pattern: |
(?x)
\b
(
wx
[a-f0-9]{16}
)
\b
pattern_requirements:
min_digits: 4
min_entropy: 2.5
confidence: low
visible: false
examples:
- "wechatuser = wxce38d37295f770f0"
- "WECHAT_APP_ID=wx1a2b3c4d5e6f7a8b"
references:
- https://open.weixin.qq.com/?lang=en
- name: WeChat App Secret
id: kingfisher.wechat.2
pattern: |
(?xi)
\b
(?:wechat|weixin)
(?:.|[\n\r]){0,32}?
\b(?:key|secret|app[_-]?secret)\b
(?:.|[\n\r]){0,16}?
[=:"'\s]
\b
(
[a-f0-9]{32}
)
\b
pattern_requirements:
min_digits: 4
min_entropy: 3.0
confidence: medium
examples:
- "wechat.key = 9bdaebb9594bff61b28073d91213af23"
- "wechat\napp_secret=1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d"
references:
- https://open.weixin.qq.com/?lang=en
- https://developers.weixin.qq.com/doc/offiaccount/Basic_Information/Get_access_token.html
# No standalone validation: WeChat token endpoint requires both
# appid and appsecret together, which cannot be combined in a
# single-credential HTTP validation request.
View git blame Copy permalink