forked from mirrors/kingfisher
61 lines
1.5 KiB
YAML
61 lines
1.5 KiB
YAML
rules:
|
|
- name: Endor Labs API Key
|
|
id: kingfisher.endorlabs.1
|
|
visible: false
|
|
confidence: medium
|
|
min_entropy: 3.0
|
|
pattern: |
|
|
(?xi)
|
|
\b
|
|
ENDOR_API_CREDENTIALS_KEY
|
|
(?:.|[\n\r]){0,32}?
|
|
(
|
|
endr\+[A-Za-z0-9-]{16}
|
|
)
|
|
\b
|
|
examples:
|
|
- ENDOR_API_CREDENTIALS_KEY=endr+foo1234567890abc
|
|
pattern_requirements:
|
|
min_digits: 2
|
|
|
|
- name: Endor Labs API Secret
|
|
id: kingfisher.endorlabs.2
|
|
pattern: |
|
|
(?xi)
|
|
\b
|
|
ENDOR_API_CREDENTIALS_SECRET
|
|
(?:.|[\n\r]){0,32}?
|
|
(
|
|
endr\+[A-Za-z0-9-]{16}
|
|
)
|
|
\b
|
|
pattern_requirements:
|
|
min_digits: 2
|
|
min_entropy: 3.5
|
|
confidence: medium
|
|
examples:
|
|
- ENDOR_API_CREDENTIALS_SECRET=endr+bar1234567890abc
|
|
references:
|
|
- https://docs.endorlabs.com/rest-api/authentication/
|
|
depends_on_rule:
|
|
- rule_id: kingfisher.endorlabs.1
|
|
variable: ENDOR_API_KEY
|
|
validation:
|
|
type: Http
|
|
content:
|
|
request:
|
|
method: POST
|
|
# Endor Labs exchanges key+secret for an ENDOR_TOKEN via this endpoint
|
|
url: https://api.endorlabs.com/v1/auth/api-key
|
|
headers:
|
|
Content-Type: application/json
|
|
Accept: application/json
|
|
body: |
|
|
{"key":"{{ ENDOR_API_KEY }}","secret":"{{ TOKEN }}"}
|
|
response_matcher:
|
|
- report_response: true
|
|
- type: StatusMatch
|
|
status: [200]
|
|
- type: JsonValid
|
|
- type: WordMatch
|
|
words: ['"token"']
|