forked from mirrors/kingfisher
58 lines
1.5 KiB
YAML
58 lines
1.5 KiB
YAML
rules:
|
|
- name: PingOne Client ID
|
|
id: kingfisher.pingidentity.1
|
|
pattern: |
|
|
(?xi)
|
|
\b
|
|
ping(?:one|identity)
|
|
(?:.|[\n\r]){0,32}?
|
|
\b(?:client[_-]?id)\b
|
|
(?:.|[\n\r]){0,16}?
|
|
[=:"'\s]
|
|
['"]*
|
|
(
|
|
[0-9a-fA-F]{8}
|
|
-[0-9a-fA-F]{4}
|
|
-[0-9a-fA-F]{4}
|
|
-[0-9a-fA-F]{4}
|
|
-[0-9a-fA-F]{12}
|
|
)
|
|
['"\s]
|
|
pattern_requirements:
|
|
min_digits: 4
|
|
min_entropy: 3.0
|
|
confidence: medium
|
|
visible: false
|
|
examples:
|
|
- "pingone client_id = 7fe9af06-7f40-ce8d-6ebf-55aafe4d9bf4 "
|
|
- "pingone\nclient_id=8af0ba17-8a51-df9e-7fca-66bbaf5e0ca5 "
|
|
references:
|
|
- https://docs.pingidentity.com/r/en-us/pingone/p1_c_environments
|
|
|
|
- name: PingOne Client Secret
|
|
id: kingfisher.pingidentity.2
|
|
pattern: |
|
|
(?xi)
|
|
\b
|
|
ping(?:one|identity)
|
|
(?:.|[\n\r]){0,64}?
|
|
\b(?:client[_-]?secret)\b
|
|
(?:.|[\n\r]){0,16}?
|
|
[=:"'\s]
|
|
['"]*
|
|
(
|
|
[A-Za-z0-9.~_-]{28,48}
|
|
)
|
|
['"\s]
|
|
pattern_requirements:
|
|
min_digits: 2
|
|
min_special_chars: 1
|
|
min_entropy: 3.0
|
|
confidence: medium
|
|
examples:
|
|
- "pingone client_secret = 5dGwD6ZxOQj.~XD9Pd82I.q79zA8rSk9sscgHQ. "
|
|
- "pingone\nclient_secret=6eHxE7AyPRk.~YE0Qe93J.r80AB9sTo0ttdhIR. "
|
|
references:
|
|
- https://docs.pingidentity.com/r/en-us/pingone/p1_c_environments
|
|
# No simple validation: PingOne OAuth2 requires both client_id and
|
|
# client_secret together for the token endpoint.
|