forked from mirrors/kingfisher
078fa16e6a
- Stored optional validation response bodies as boxed strings to avoid allocating empty payloads and to streamline validator caches. - Parallelized git cloning based on the configured job count and begin scanning repositories as soon as each clone finishes to reduce end-to-end scan times. - Combined per-repository results into a single aggregate summary after scans complete. - Added initial access-map support and report viewer html file. Currently beta features.
97 lines
3.1 KiB
JSON
97 lines
3.1 KiB
JSON
{
|
|
"findings": [
|
|
{
|
|
"rule": {
|
|
"name": "Alibaba Access Key Secret",
|
|
"id": "kingfisher.alibabacloud.2"
|
|
},
|
|
"finding": {
|
|
"snippet": "m0qx7h2v4n8c9t3b6p1r5w0kzsdjf",
|
|
"fingerprint": "13778709639383676952",
|
|
"confidence": "medium",
|
|
"entropy": "4.55",
|
|
"validation": {
|
|
"status": "Inactive Credential",
|
|
"response": "{\"RequestId\":\"48F0D2A0-7C0E-5DE2-BC89-39811315C04A\",\"Message\":\"Specified access key is not found.\",\"Recommend\":\"https://api.aliyun.com/troubleshoot?q=InvalidAccessKeyId.NotFound&product=Sts&requestId=48F0D2A0-7C0E-5DE2-BC89-39811315C04A\",\"HostId\":\"sts.aliyuncs.com\",\"Code\":\"InvalidAccessKeyId.NotFound\"}"
|
|
},
|
|
"language": "Plain Text",
|
|
"line": 5,
|
|
"column_start": 0,
|
|
"column_end": 29,
|
|
"path": "/tmp/repo/tmp/secretstuff/alibaba-test.txt"
|
|
}
|
|
},
|
|
{
|
|
"rule": {
|
|
"name": "Alibaba Access Key Secret",
|
|
"id": "kingfisher.alibabacloud.2"
|
|
},
|
|
"finding": {
|
|
"snippet": "z91trw6fap8kq2xmd4s7h3b0vnclpf",
|
|
"fingerprint": "8292190854848911527",
|
|
"confidence": "medium",
|
|
"entropy": "4.44",
|
|
"validation": {
|
|
"status": "Inactive Credential",
|
|
"response": "Validation skipped - missing dependent rules: kingfisher.alibabacloud.1, kingfisher.alibabacloud.1"
|
|
},
|
|
"language": "Unknown",
|
|
"line": 8,
|
|
"column_start": 39,
|
|
"column_end": 68,
|
|
"path": "/tmp/repo/tmp/secretstuff/alibaba/alibaba-validator/.venv/lib/python3.13/site-packages/alibabacloud_tea_util-0.3.13.dist-info/RECORD"
|
|
}
|
|
},
|
|
{
|
|
"rule": {
|
|
"name": "AWS Secret Access Key",
|
|
"id": "kingfisher.aws.2"
|
|
},
|
|
"finding": {
|
|
"snippet": "dB9PyxlN/qa8sF0tJ4uM2qZr7eVw6TgHkC0nBpZq",
|
|
"fingerprint": "17034522315778178539",
|
|
"confidence": "medium",
|
|
"entropy": "4.67",
|
|
"validation": {
|
|
"status": "Active Credential",
|
|
"response": "AKIAFAKEKEY123456789 --- ARN: arn:aws:iam::000000000000:user/example_user --- AWS Account Number: 000000000000"
|
|
},
|
|
"language": "Unknown",
|
|
"line": 1,
|
|
"column_start": 65,
|
|
"column_end": 104,
|
|
"path": "/tmp/repo/tmp/secretstuff/utf8.txt "
|
|
}
|
|
}
|
|
],
|
|
"access_map": [
|
|
{
|
|
"provider": "aws",
|
|
"account": "prod",
|
|
"groups": [
|
|
{ "resources": ["arn:aws:s3:::prod-bucket"], "permissions": ["s3:GetObject", "s3:ListBucket"] },
|
|
{ "resources": ["arn:aws:iam::123456789012:role/Admin"], "permissions": ["iam:AssumeRole"] }
|
|
]
|
|
},
|
|
{
|
|
"provider": "gcp",
|
|
"account": "test-project",
|
|
"groups": [
|
|
{ "resources": ["projects/test/instances/primary"], "permissions": ["compute.instances.get", "compute.instances.list"] }
|
|
]
|
|
}
|
|
],
|
|
"stats": {
|
|
"total": 259,
|
|
"critical": 37,
|
|
"validated": 167,
|
|
"unique_paths": 21,
|
|
"confidence_buckets": {
|
|
"High": 37,
|
|
"Medium": 222
|
|
},
|
|
"confidence_order": ["High", "Medium"],
|
|
"scan_date": "2025-11-25T15:37:41.863868-08:00",
|
|
"kingfisher_version": "1.68.0"
|
|
}
|
|
}
|