eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
kingfisher/data/rules/onepassword.yml
Mick Grove c0e4910d1f pattern_requirements for rules — Post-regex character-class gating to cut false positives without lookarounds. Authors can now require minimum counts of digits, uppercase, lowercase, and special characters, with an optional custom special-char set. 
Why: Hyperscan doesn’t support lookaheads/behinds, so many “must contain X and Y” checks had to be baked into the regex (hurting readability) or were impossible. pattern_requirements applies lightweight, in-memory checks after a match is found, keeping patterns fast and clean.
2025-11-04 13:55:31 -05:00

55 lines
2 KiB
YAML
Raw Blame History

rules:
- name: 1Password Service-Account Token
id: kingfisher.1password.1
pattern: |
(?xi)
\b
(
ops_eyj[A-Za-z0-9_-]{80,500}
)
\b
pattern_requirements:
min_digits: 2
min_entropy: 4.0
confidence: medium
examples:
- export OP_SERVICE_ACCOUNT_TOKEN=ops_eyJzaWduSW5BZGRyZXNzIjoibXkuMXBhc3N3b3JkLmV1IiwidXNlckF1dGgiOnsibWV0aG9kIjoiU1JQZy00MDk2IiwiYWxnIjoiUEJFUzJnLUhTMjU2IiwiaXRlcmF0aW9ucyI6NjUwMDAwLCJzYWx0IjoiUUNYYy1wTDUtakdCaDlTVjFHb1lpUSJ9LCJlbWFpbCI6ImF2ZGxyZ3JramU3dm9AMXBhc3N3b3Jkc2VydmljZWFjY291bnRzLmV1Iiwic3JwWCI6IjExNjFkMmYwNTQ3NDgxNTBmOTEwOWMxZDEzYTllZjFiNGY0ZjZiYzhlNTFlNWZkMWI5NmI5ZjQwZjY3NWEyNTciLCJtdWsiOnsiYWxnIjoiQTI1Nkd1111111111
validation:
type: Http
content:
request:
method: GET
url: https://events.1password.com/api/v2/auth/introspect
headers:
Authorization: "Bearer {{ TOKEN }}"
Accept: application/json
response_matcher:
- report_response: true
- type: StatusMatch
status: [200]
- type: WordMatch
words: ['"features"']
match_all_words: true
references:
- https://developer.1password.com/docs/service-accounts/security
- https://developer.1password.com/docs/service-accounts/get-started
- https://developer.1password.com/docs/cli/environment-variables
- https://developer.1password.com/docs/events-api/reference
- name: 1Password Account Secret Key
id: kingfisher.1password.2
pattern: |
(?xi)
(
A[0-9]-[A-Z0-9]{6}-[A-Z0-9]{6}-[A-Z0-9]{5}(?:-[A-Z0-9]{5}){3}
)
pattern_requirements:
min_digits: 2
min_entropy: 3.8
confidence: medium
examples:
- A3-R69SQK-TZ9KPW-8MXYD-6W373-V7GHJ-EDJQW
- A3-ASWWYB-798JRY-LJVD4-23DC2-86TVM-H43EB
references:
- https://support.1password.com/secret-key-security/
- https://developer.1password.com/files/1password-white-paper.pdf
View git blame Copy permalink