eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
kingfisher/crates/kingfisher-rules/data/rules/mapbox.yml
Mick Grove bc1093ca4a v1.90.0
2026-03-15 13:59:07 -07:00

115 lines
4.1 KiB
YAML
Raw Permalink Blame History

rules:
- name: Mapbox Public Access Token
id: kingfisher.mapbox.1
pattern: '(?i)(?s)mapbox.{0,30}(pk\.[a-z0-9\-+/=]{32,128}\.[a-z0-9\-+/=]{20,30})\b'
pattern_requirements:
min_digits: 2
min_entropy: 3.3
confidence: medium
examples:
- |
mapboxApiKey:
'pk.eyJ1Ijoia3Jpc3R3IiwiYSI6ImNqbGg1N242NTFlczczdnBcf99iMjgzZ2sifQ.lUneM-o3NucXN189EYyXxQ'
references:
- https://docs.mapbox.com/api/accounts/tokens/#token-format
- https://docs.mapbox.com/help/getting-started/access-tokens/
- https://docs.mapbox.com/help/troubleshooting/how-to-use-mapbox-securely
validation:
type: Http
content:
request:
method: GET
url: https://api.mapbox.com/styles/v1/mapbox/streets-v11?access_token={{ TOKEN }}
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: JsonValid
- name: Mapbox Secret Access Token
id: kingfisher.mapbox.2
pattern: |
(?xi)(?s)
mapbox.{0,30}
(
sk\.[a-z0-9\-+/=]{32,128}\.[a-z0-9\-+/=]{20,30}
)
\b
pattern_requirements:
min_digits: 2
min_entropy: 3.3
confidence: medium
examples:
- " //mapboxgl.accessToken = 'sk.eyJ1Ijoic2hlbmdsaWgiLCJhIjCf99ttaWF5bDBsMGNlaDJubGZyMGUwZXNmaCJ9.eI8KXNm5zKZXOKh0c8u9vg';"
- 'export MAPBOX_SECRET_TOKEN=sk.eyJ1IjoiY2FwcGVsYWVyZSIsImEicf99c1BaTkZnIn0.P4lD1eHeSEx7AsBq1zbJ4g'
references:
- https://docs.mapbox.com/api/accounts/tokens/#token-format
- https://docs.mapbox.com/api/accounts/tokens/#retrieve-a-token
- https://docs.mapbox.com/api/accounts/tokens/#delete-a-token
- https://docs.mapbox.com/help/getting-started/access-tokens/
- https://docs.mapbox.com/help/troubleshooting/how-to-use-mapbox-securely
validation:
type: Http
content:
request:
method: GET
url: https://api.mapbox.com/styles/v1/mapbox/streets-v11?access_token={{ TOKEN }}
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: JsonValid
revocation:
type: HttpMultiStep
content:
steps:
- name: lookup_token_metadata
request:
method: GET
url: https://api.mapbox.com/tokens/v2?access_token={{ TOKEN }}
response_matcher:
- type: StatusMatch
status: [200]
- type: JsonValid
extract:
TOKEN_USER:
type: JsonPath
path: "$.user"
TOKEN_AUTHORIZATION:
type: JsonPath
path: "$.authorization"
- name: revoke_token
request:
method: DELETE
url: https://api.mapbox.com/tokens/v2/{{ TOKEN_USER }}/{{ TOKEN_AUTHORIZATION }}?access_token={{ TOKEN }}
response_matcher:
- report_response: true
- type: StatusMatch
status: [204]
- name: Mapbox Temporary Access Token
id: kingfisher.mapbox.3
pattern: '(?i)(?s)mapbox.{0,30}(tk\.[a-z0-9\-+/=]{32,128}\.[a-z0-9\-+/=]{20,30})\b'
pattern_requirements:
min_digits: 2
min_entropy: 3.3
confidence: medium
examples:
- " //mapboxgl.accessToken = 'tk.eyJ1Ijoic2hlbmdsaWgiLCJhIjCf99ttaWF5bDBsMGNlaDJubGZyMGUwZXNmaCJ9.eI8KXNm5zKZXOKh0c8u9vg';"
- 'export MAPBOX_TEMP_TOKEN=tk.eyJ1IjoiY2FwcGVsYWVyZSIsImEicf99c1BaTkZnIn0.P4lD1eHeSEx7AsBq1zbJ4g'
references:
- https://docs.mapbox.com/api/accounts/tokens/#token-format
- https://docs.mapbox.com/help/getting-started/access-tokens/
- https://docs.mapbox.com/help/troubleshooting/how-to-use-mapbox-securely
validation:
type: Http
content:
request:
method: GET
url: https://api.mapbox.com/styles/v1/mapbox/streets-v11?access_token={{ TOKEN }}
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: JsonValid
View git blame Copy permalink