forked from mirrors/kingfisher
212 lines
No EOL
5.7 KiB
YAML
212 lines
No EOL
5.7 KiB
YAML
rules:
|
|
- name: Generic Secret
|
|
id: kingfisher.generic.1
|
|
pattern: |
|
|
(?xi)
|
|
secret
|
|
.{0,20}
|
|
(
|
|
[0-9a-z]{32,64}
|
|
)
|
|
\b
|
|
pattern_requirements:
|
|
min_digits: 2
|
|
min_entropy: 3.3
|
|
confidence: low
|
|
examples:
|
|
- ' private static String CLIENT_SECRET = "6fb1cff7690db9ac066cadbbde8e3c078efdabcf";'
|
|
- name: Generic API Key
|
|
id: kingfisher.generic.2
|
|
pattern: |
|
|
(?xi)
|
|
(?: api_key | apikey | access_key | accesskey )
|
|
(?:.|[\n\r]){0,8}?
|
|
(
|
|
[0-9a-z][0-9a-z\-._/+]{30,62}[0-9a-z]
|
|
)
|
|
\b
|
|
pattern_requirements:
|
|
min_digits: 2
|
|
min_entropy: 3.3
|
|
confidence: low
|
|
examples:
|
|
- 'API_KEY = "951bc382db9abad29c68634761dd6e19"'
|
|
- "buildConfigField 'String' , 'API_KEY' , '\"951bc382db9cfee29c68634761dd6e19\"'\tAPI_KEY\t"
|
|
- name: Generic Username and Password
|
|
id: kingfisher.generic.3
|
|
pattern: |
|
|
(?xi)
|
|
(?: username | user)
|
|
(?:.|[\n\r]){0,16}?
|
|
(?: password | pass )
|
|
(?:.|[\n\r]){0,16}?
|
|
["'] ([^"']{5,30}) ["']
|
|
min_entropy: 3.3
|
|
confidence: low
|
|
examples:
|
|
- |
|
|
credential = UsernamePasswordCredential(
|
|
client_id='da34859b-2ae4-48c3-bfe0-1b28b7cf2eed',
|
|
username='donjuandemarco',
|
|
password='1qay@WXS????',
|
|
tenant_id='bc877b20-f135-4c13-a266-8ed26b8f0f4b')
|
|
- |
|
|
hostname = '10.11.12.13'
|
|
username = 'donjuandemarco@example.com'
|
|
password = '`123QWERasdf'
|
|
- |
|
|
hostname = '10.11.12.13'
|
|
USERNAME = 'donjuandemarco@example.com'
|
|
# some comment
|
|
# some other comment
|
|
PASS = '`123QWERasdf'
|
|
- |
|
|
user = 'abuser' # some comment
|
|
password = 'abuser123456' # some other comment
|
|
- |
|
|
user = 'Aladdin'
|
|
password = 'open sesame'
|
|
- name: Generic Username and Password
|
|
id: kingfisher.generic.4
|
|
pattern: |
|
|
(?xi)
|
|
(?: username | user)
|
|
(?:.|[\n\r]){0,16}?
|
|
(?: password | pass )
|
|
(?:.|[\n\r]){0,16}?
|
|
(\S{5,30})
|
|
(?: \s | $ )
|
|
min_entropy: 3.3
|
|
confidence: low
|
|
examples:
|
|
- |
|
|
user = Aladdin
|
|
password = open_sesame
|
|
- |
|
|
user = Aladdin
|
|
// some comment
|
|
// some other comment
|
|
password = open_sesame
|
|
- ":authn_dbd_params => 'host=db_host port=3306 user=apache password=###### dbname=apache_auth',"
|
|
- name: Generic Password
|
|
id: kingfisher.generic.5
|
|
pattern: |
|
|
(?xi)
|
|
password
|
|
(?:.|[\n\r]){0,16}?
|
|
["']
|
|
([^$<%@.,\s'"(){}&/\#\-][^\s'"(){}/]{4,}) (?# password )
|
|
["']
|
|
min_entropy: 3.3
|
|
confidence: low
|
|
examples:
|
|
- |
|
|
password = "super$ecret"
|
|
- |
|
|
password="super$ecret"
|
|
- |
|
|
String usernamePassword = "application:" + appKey + ":" + appSecret;
|
|
- |
|
|
my_password: "super$ecret"
|
|
- |
|
|
"password": "super$ecret",
|
|
- |
|
|
my_password := "super$ecret"
|
|
- |
|
|
password => "super$ecret"
|
|
- |
|
|
"ApplicationServicesConnection" : {
|
|
"ServiceAddress" : "https://services-dev.examples.com",
|
|
"AdminPassword" : "thisismypassword"
|
|
}
|
|
- |
|
|
private const string DevFolkoosComPfxPassword = "thisismypassword";
|
|
- |
|
|
"password": "YOURPASSWROD"
|
|
- |
|
|
create_random_name('sfrp-cli-cert2', 24),
|
|
'cluster_name': self.create_random_name('sfrp-cli-', 24),
|
|
'vm_password': "Pass123!@#",
|
|
'policy_path': os.path.join(TEST_DIR, 'policy.json')
|
|
})
|
|
- name: Weak Password Pattern
|
|
id: kingfisher.generic.6
|
|
pattern: |
|
|
(?xi)
|
|
(
|
|
blink\d{3,6}
|
|
|correcthorsebatterystaple\d{0,6}
|
|
|letmein\d{1,6}
|
|
|newpass\d{1,6}
|
|
|p@ssw0rd\d{0,6}
|
|
|pa55word\d{0,6}
|
|
|pass4now\d{0,6}
|
|
|password\d{1,6}
|
|
|qwer\d{4,6}
|
|
|qwerty\d{3,6}
|
|
|trustno\d{1,6}
|
|
)
|
|
min_entropy: 1.0
|
|
confidence: low
|
|
examples:
|
|
- password123
|
|
- blink5678
|
|
- letmein42
|
|
- p@ssw0rd99
|
|
- qwerty456
|
|
- name: Generic Username and Password
|
|
id: kingfisher.generic.8
|
|
pattern: |
|
|
(?xi)
|
|
(?: db_user | db_USERNAME | db_name)
|
|
(?:.|[\n\r]){0,8}?
|
|
["'] ([^"']{5,40}) ["']
|
|
(?:.|[\n\r]){0,32}?
|
|
(
|
|
db_password | db_pass
|
|
\b
|
|
(?:.|[\n\r]){0,16}?
|
|
["'] [^"']{5,40}
|
|
) ["']
|
|
min_entropy: 3.3
|
|
confidence: low
|
|
examples:
|
|
- |
|
|
credential = UsernamePasswordCredential(
|
|
client_id='da34859b-2ae4-48c3-bfe0-1b28b7cf2eed',
|
|
username='donjuandemarco',
|
|
password='1qay@WXS????',
|
|
tenant_id='bc877b20-f135-4c13-a266-8ed26b8f0f4b')
|
|
- |
|
|
hostname = '10.11.12.13'
|
|
username = 'donjuandemarco@example.com'
|
|
password = '`123QWERasdf'
|
|
- |
|
|
hostname = '10.11.12.13'
|
|
USERNAME = 'donjuandemarco@example.com'
|
|
# some comment
|
|
# some other comment
|
|
PASS = '`123QWERasdf'
|
|
- |
|
|
user = 'abuser' # some comment
|
|
password = 'abuser123456' # some other comment
|
|
- |
|
|
user = 'Aladdin'
|
|
password = 'open sesame'
|
|
- name: Docker Robot Credentials (plaintext pair)
|
|
id: kingfisher.generic.9
|
|
pattern: |
|
|
(?xi)
|
|
(
|
|
(?P<USER> [a-z0-9._-]+ \+ [a-z0-9._-]+ )
|
|
:
|
|
(?P<PASS> [A-Z0-9]{32,80} )
|
|
)
|
|
\b
|
|
min_entropy: 2.0
|
|
confidence: low
|
|
examples:
|
|
- some+thing:02PDFMQN2PL2ZAB9OX3IOHC1XMIW1SE5NWG3RETG58JUZJ310WFYESRA7F0LM461
|
|
- org+builder:1C2F9D0BB1E67E9F6B3B5B9A2A3D4E5F6A7B8C9D0E1F2A3B4C5D6E7F8A9B0C1
|
|
references:
|
|
- https://docs.quay.io/glossary/robot-accounts.html |