forked from mirrors/kingfisher
98d009deae
Adds a new rule to detect ScraperAPI keys with: - Pattern matching for 32-character alphanumeric keys - Live validation against ScraperAPI endpoint - Medium confidence with entropy check (min 3.5) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
35 lines
978 B
YAML
35 lines
978 B
YAML
rules:
|
|
- name: ScraperAPI Key
|
|
id: kingfisher.scraperapi.1
|
|
pattern: |
|
|
(?xi)
|
|
\b(?:scraper(?:\s|[_-])?api|scraperapi)
|
|
(?:.|[\n\r]){0,32}?
|
|
(?:key|token|api[_-]?key)
|
|
(?:.|[\n\r]){0,16}?
|
|
([a-z0-9]{32})
|
|
\b
|
|
pattern_requirements:
|
|
min_digits: 2
|
|
min_lowercase: 10
|
|
min_entropy: 3.5
|
|
confidence: medium
|
|
examples:
|
|
- 'SCRAPERAPI_KEY=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6'
|
|
- 'scraper_api_token: "9f8e7d6c5b4a3029182736455463728a"'
|
|
references:
|
|
- https://www.scraperapi.com/documentation/
|
|
validation:
|
|
type: Http
|
|
content:
|
|
request:
|
|
method: GET
|
|
url: "https://api.scraperapi.com?api_key={{ TOKEN }}&url=http://httpbin.org/ip"
|
|
response_matcher:
|
|
- report_response: true
|
|
- type: StatusMatch
|
|
status: [200]
|
|
- type: JsonValid
|
|
- type: WordMatch
|
|
words:
|
|
- '"origin"'
|