eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
kingfisher/data/rules/particle.io.yml
Mick Grove 0f953f59a5 pattern_requirements for rules — Post-regex character-class gating to cut false positives without lookarounds. Authors can now require minimum counts of digits, uppercase, lowercase, and special characters, with an optional custom special-char set. 
Why: Hyperscan doesn’t support lookaheads/behinds, so many “must contain X and Y” checks had to be baked into the regex (hurting readability) or were impossible. pattern_requirements applies lightweight, in-memory checks after a match is found, keeping patterns fast and clean.
2025-11-04 13:55:31 -05:00

76 lines
No EOL
2.7 KiB
YAML
Raw Blame History

rules:
- name: particle.io Access Token
id: kingfisher.particleio.1
pattern: |
(?xi)
https://api\.particle\.io/v1/[A-Z0-9_\-\s/"\\?]*
(?:access_token=|Authorization:\s*Bearer\s*)
(
[A-Z0-9]{40}
)
\b
pattern_requirements:
min_digits: 2
min_entropy: 3.3
confidence: medium
examples:
- |
curl https://api.particle.io/v1/devices \
-H "Authorization: Bearer 38bb7b318cc6898c80317decb34525844bc9db55"
- |
curl https://api.particle.io/v1/devices \
-d access_token=38bb7b318cc6898c80317decb34525844bc9db55
- 'curl https://api.particle.io/v1/devices -H "Authorization: Bearer 38bb7b318cc6898c80317decb34525844bc9db55"'
- 'curl https://api.particle.io/v1/devices -d access_token=38bb7b318cc6898c80317decb34525844bc9db55'
- 'curl "https://api.particle.io/v1/devices/events?access_token=38bb7b318cc6898c80317decb34525844bc9db55"'
- 'curl "https://api.particle.io/v1/access_tokens/current?access_token=38bb7b318cc6898c80317decb34525844bc9db55"'
references:
- https://docs.particle.io/reference/cloud-apis/api/
validation:
type: Http
content:
request:
method: GET
url: https://api.particle.io/v1/user?access_token={{ TOKEN }}
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: WordMatch
match_all_words: true
words: ['"username":']
- name: particle.io Access Token
id: kingfisher.particleio.2
pattern: |
(?xi)
(?:access_token=|Authorization:\s*Bearer\s*)
([A-Z0-9]{40})
\b
[\s"\\]*https://api\.particle\.io/v1
min_entropy: 3.3
confidence: medium
examples:
- |
curl -H "Authorization: Bearer 38bb7b318cc6898c80317decb34525844bc9db55" \
https://api.particle.io/v1/devices
- |
curl -d access_token=38bb7b318cc6898c80317decb34525844bc9db55 \
https://api.particle.io/v1/devices
- 'curl -H "Authorization: Bearer 38bb7b318cc6898c80317decb34525844bc9db55" https://api.particle.io/v1/devices'
- 'curl -d access_token=38bb7b318cc6898c80317decb34525844bc9db55 https://api.particle.io/v1/devices'
references:
- https://docs.particle.io/reference/cloud-apis/api/
validation:
type: Http
content:
request:
method: GET
url: https://api.particle.io/v1/user?access_token={{ TOKEN }}
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: WordMatch
match_all_words: true
words: ['"username":']
View git blame Copy permalink