forked from mirrors/kingfisher
59 lines
No EOL
1.9 KiB
YAML
59 lines
No EOL
1.9 KiB
YAML
rules:
|
|
- name: Azure Storage Account Name
|
|
id: kingfisher.azurestorage.1
|
|
pattern: |
|
|
(?xi)
|
|
(?:
|
|
# A) Connection string: AccountName=<name>
|
|
(?i:AccountName)\s*=\s*([a-z0-9]{3,24})(?:\b|[^a-z0-9])
|
|
|
|
|
# B) Blob endpoint URL: <name>.blob.core.windows.net
|
|
([a-z0-9]{3,24})\.blob\.core\.windows\.net\b
|
|
|
|
|
# C) Explicit KV labels near 'azure storage/account name' with tight separators
|
|
\bazure(?:[_\s-]*)(?:storage|account)(?:[_\s-]*)(?:name)\b
|
|
[\s:=\"']{0,6}
|
|
([a-z0-9]{3,24})(?:\b|[^a-z0-9])
|
|
|
|
|
# D) Explicit KV labels near 'azure storage/account name' with tight separators
|
|
(?i:Account[_.-]?Name|Storage[_.-]?(?:Name))(?:.|\s){0,32}?\b([A-Z0-9]{3,32})\b|([A-Z0-9]{3,32})(?i:\.blob\.core\.windows\.net)
|
|
)
|
|
min_entropy: 2.0
|
|
visible: false
|
|
confidence: medium
|
|
examples:
|
|
- AccountName=mystorageaccount
|
|
- mystorageaccount.blob.core.windows.net
|
|
- azure_storage_name="prodblob2024"
|
|
- name: Azure Storage Account Key
|
|
id: kingfisher.azurestorage.2
|
|
pattern: |
|
|
(?xi)
|
|
azure
|
|
(?:.|[\n\r]){0,128}?
|
|
(?:SECRET|PRIVATE|ACCESS|KEY|TOKEN)
|
|
(?:.|[\n\r]){0,128}?
|
|
["':\s=}\]\)]
|
|
(
|
|
(?:
|
|
[A-Z0-9+\\/-]{86,88}={1,2}
|
|
)
|
|
|
|
|
(?:
|
|
[A-Z0-9+\\/-]{86,88}\b
|
|
)
|
|
)
|
|
pattern_requirements:
|
|
min_digits: 2
|
|
min_uppercase: 2
|
|
min_lowercase: 2
|
|
min_entropy: 4.0
|
|
confidence: medium
|
|
examples:
|
|
- Azure AccountKey=Xy9aB8cD7eF6gH5iJ4kL3mN2oP1qR0sT9uV8wX7yZ6aB5cD4eF3gH2iJ1kL0mN9oP8qR7sT6uV5wX4yZ3aB2cD1q
|
|
- Azure AccountKey=Ky7aC1cD7eF6gH5iJ4kL3mN2oP1qR0sT9uV8wX7yZ6aB5cD4eF3gH2iJ1kL0mN9oP8qR7sT6uV5wX4yZ3aB2cD1g==\
|
|
validation:
|
|
type: AzureStorage
|
|
depends_on_rule:
|
|
- rule_id: kingfisher.azurestorage.1
|
|
variable: AZURENAME |