eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
kingfisher/data/rules/recaptcha.yml
Mick Grove c0e4910d1f pattern_requirements for rules — Post-regex character-class gating to cut false positives without lookarounds. Authors can now require minimum counts of digits, uppercase, lowercase, and special characters, with an optional custom special-char set. 
Why: Hyperscan doesn’t support lookaheads/behinds, so many “must contain X and Y” checks had to be baked into the regex (hurting readability) or were impossible. pattern_requirements applies lightweight, in-memory checks after a match is found, keeping patterns fast and clean.
2025-11-04 13:55:31 -05:00

36 lines
No EOL
929 B
YAML
Raw Blame History

rules:
- name: reCAPTCHA API Key
id: kingfisher.recaptcha.1
pattern: |
(?xi)
recaptcha
(?:.|[\n\r]){0,16}?
\b
(
6l[c-f][a-z0-9_-].{36}
)
\b
pattern_requirements:
min_digits: 3
min_entropy: 3
confidence: medium
examples:
- recaptcha apikey = 6Lcr--w-BBBBBw-w-w----w-w-www-www--ww-w-
- recaptcha_secret = 6Lcw--w-AAAAAw-w-w----w-w-www-www--ww-w-
validation:
type: Http
content:
request:
headers:
Content-Type: application/x-www-form-urlencoded
body: |
secret={{ TOKEN }}
response=test
method: POST
response_matcher:
- report_response: true
- match_all_words: true
type: WordMatch
words:
- '"success": true'
url: https://www.google.com/recaptcha/api/siteverify
View git blame Copy permalink