forked from mirrors/kingfisher
74 lines
1.9 KiB
YAML
74 lines
1.9 KiB
YAML
rules:
|
|
- name: Ory API Key
|
|
id: kingfisher.ory.1
|
|
pattern: |
|
|
(?x)
|
|
\b
|
|
(
|
|
ory_(?:pat|apikey|wak)_[A-Za-z0-9_-]{24,48}
|
|
)
|
|
\b
|
|
pattern_requirements:
|
|
min_digits: 1
|
|
min_entropy: 3.0
|
|
confidence: medium
|
|
examples:
|
|
- 'ORY_API_KEY=ory_pat_xK8m2LpQr5nW0vYz3cJ7aB4dE6fG8h'
|
|
- 'ORY_ACCESS_KEY="ory_wak_a1b2c3d4e5f6g7h8i9j0k1l2"'
|
|
- 'Authorization: Bearer ory_apikey_xK8m2LpQr5nW0vYz3cJ7aB4dE6fG8h'
|
|
references:
|
|
- https://www.ory.sh/docs/security-compliance/token-formats
|
|
validation:
|
|
type: Http
|
|
content:
|
|
request:
|
|
method: GET
|
|
url: https://api.console.ory.sh/projects
|
|
headers:
|
|
Authorization: "Bearer {{ TOKEN }}"
|
|
Accept: application/json
|
|
response_matcher:
|
|
- report_response: true
|
|
- type: StatusMatch
|
|
status: [200, 403]
|
|
- type: WordMatch
|
|
words:
|
|
- '"Unauthorized"'
|
|
negative: true
|
|
|
|
- name: Ory Session Token
|
|
id: kingfisher.ory.2
|
|
pattern: |
|
|
(?x)
|
|
\b
|
|
(
|
|
ory_st_[A-Za-z0-9_-]{24,48}
|
|
)
|
|
\b
|
|
pattern_requirements:
|
|
min_digits: 1
|
|
min_entropy: 3.0
|
|
confidence: medium
|
|
examples:
|
|
- 'ory_session_token=ory_st_xK8m2LpQr5nW0vYz3cJ7aB4dE6fG8h'
|
|
references:
|
|
- https://www.ory.sh/docs/security-compliance/token-formats
|
|
|
|
- name: Ory OAuth2 Token
|
|
id: kingfisher.ory.3
|
|
pattern: |
|
|
(?x)
|
|
\b
|
|
(
|
|
ory_(?:at|rt|ac)_[A-Za-z0-9_-]{24,48}
|
|
)
|
|
\b
|
|
pattern_requirements:
|
|
min_digits: 1
|
|
min_entropy: 3.0
|
|
confidence: medium
|
|
examples:
|
|
- 'access_token=ory_at_xK8m2LpQr5nW0vYz3cJ7aB4dE6fG8h'
|
|
- 'refresh_token="ory_rt_a1b2c3d4e5f6g7h8i9j0k1l2"'
|
|
references:
|
|
- https://www.ory.sh/docs/security-compliance/token-formats
|