eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
kingfisher/data/rules/clarifai.yml
Mick Grove 0f953f59a5 pattern_requirements for rules — Post-regex character-class gating to cut false positives without lookarounds. Authors can now require minimum counts of digits, uppercase, lowercase, and special characters, with an optional custom special-char set. 
Why: Hyperscan doesn’t support lookaheads/behinds, so many “must contain X and Y” checks had to be baked into the regex (hurting readability) or were impossible. pattern_requirements applies lightweight, in-memory checks after a match is found, keeping patterns fast and clean.
2025-11-04 13:55:31 -05:00

40 lines
1.2 KiB
YAML
Raw Blame History

rules:
- name: Clarifai API Key
id: kingfisher.clarifai.1
pattern: |
(?xi)
\b
clarifai
(?:.|[\n\r]){0,32}?
\b
(
[0-9a-f]{32,36}
)
\b
pattern_requirements:
min_digits: 2
min_entropy: 3.0
confidence: medium
examples:
- clarifai_key = 29ee853d47364107b9edf5e5ad4374c2
- "clarifai_token: eb3cf5440b7b45f8954bb4a1fcea0ea5"
- clarifai-secret = 8e43e018f61b493c8104024ee124a57f
- clarifai_api = cf3cacafabe747988298298bffcbb459
references:
- https://docs.gitguardian.com/secrets-detection/secrets-detection-engine/detectors/specifics/clarifai_key
- https://docs.clarifai.com/control/authentication/key/
validation:
type: Http
content:
request:
method: GET
url: https://api.clarifai.com/v2/models
headers:
Authorization: Key {{ TOKEN }}
response_matcher:
- report_response: true
- type: WordMatch
match_all_words: true
words:
- '"code":10000'
- '"description":"Ok"'
View git blame Copy permalink