eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
kingfisher/data/rules/jwt.yml
Mick Grove c0e4910d1f pattern_requirements for rules — Post-regex character-class gating to cut false positives without lookarounds. Authors can now require minimum counts of digits, uppercase, lowercase, and special characters, with an optional custom special-char set. 
Why: Hyperscan doesn’t support lookaheads/behinds, so many “must contain X and Y” checks had to be baked into the regex (hurting readability) or were impossible. pattern_requirements applies lightweight, in-memory checks after a match is found, keeping patterns fast and clean.
2025-11-04 13:55:31 -05:00

28 lines
No EOL
1.1 KiB
YAML
Raw Blame History

rules:
- name: JSON Web Token (base64url-encoded)
id: kingfisher.jwt.1
pattern: |
(?x)
(
(?:ey|ewogIC)[A-Za-z0-9_-]{12,} (?# header )
\.
ey[A-Za-z0-9_-]{12,} (?# payload )
\.
[A-Za-z0-9_-]{12,} (?# signature )
)
(?:[^A-Z0-9_-]|$)
pattern_requirements:
min_digits: 4
min_entropy: 3.3
confidence: medium
examples:
- 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsb2dnZWRJbkFzIjoiYWRtaW4iLCJpYXQiOjE0MjI3Nzk2Mzh9.gzSraSYS8EXBxLN_oWnFSRgCzcmEmMjLiuyu5CSpyHI'
- 'NUCLEAR_SERVICES_ANON_KEY=eyJhbGciOiJIUzI1NiIsEnR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6InFqcnVqc2lzY2Nzdnl2am5xdG5xIiwicm9sZSI6ImEub24iLCJpYXQiOjE2NTY1OTY0NjEsImV4cCI6MTk3MjE3MjQ2MX0.WQWcwBAQFNE259f2o8ruFln_UMLTFEnEaUD7KHrs9Aw'
references:
- https://en.wikipedia.org/wiki/JSON_Web_Token
- https://datatracker.ietf.org/doc/html/rfc7519
- https://en.wikipedia.org/wiki/Base64#URL_applications
- https://datatracker.ietf.org/doc/html/rfc4648
- https://developer.okta.com/blog/2018/06/20/what-happens-if-your-jwt-is-stolen
validation:
type: JWT
View git blame Copy permalink