forked from mirrors/kingfisher
81d2f47c67
- Added rules for sendbird, mattermost, langchain, notion - JWT validation hardened to reject alg:none by default (only allowed if explicitly configured), require iss for OIDC/JWKS verification, ensuring Active Credential means cryptographically verified and time-valid, not just unexpired - Updated the Git cloning logic to include all refs and minimize clone output, allowing Kingfisher to analyze pull request and deleted branch history
83 lines
No EOL
2 KiB
YAML
83 lines
No EOL
2 KiB
YAML
rules:
|
|
- name: Notion Legacy Token
|
|
id: kingfisher.notion.1
|
|
pattern: |
|
|
(?xi)
|
|
notion
|
|
(?:.|[\\n\r]){0,32}?
|
|
\b
|
|
(
|
|
secret_[A-Z0-9]{43}
|
|
)
|
|
\b
|
|
min_entropy: 4.0
|
|
confidence: medium
|
|
examples:
|
|
- "notion secret_efky1RtWsI0CB1Sn4TRRBLpemW1V11XwPRX3lzUKc5Q"
|
|
validation:
|
|
type: Http
|
|
content:
|
|
request:
|
|
headers:
|
|
Notion-Version: "2022-06-28"
|
|
Authorization: "Bearer {{ TOKEN }}"
|
|
method: GET
|
|
response_matcher:
|
|
- report_response: true
|
|
- type: StatusMatch
|
|
status: [200]
|
|
- type: WordMatch
|
|
words:
|
|
- '"object":"user"'
|
|
- '"type":"bot"'
|
|
match_all_words: true
|
|
url: https://api.notion.com/v1/users/me
|
|
- name: Notion Token
|
|
id: kingfisher.notion.2
|
|
pattern: |
|
|
(?xi)
|
|
notion
|
|
(?:.|[\\n\r]){0,32}?
|
|
\b
|
|
(
|
|
ntn_[A-Z0-9]{40,55}
|
|
)
|
|
\b
|
|
min_entropy: 4.0
|
|
confidence: medium
|
|
references:
|
|
- https://developers.notion.com/page/changelog#september-11-2024
|
|
examples:
|
|
- "notion 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"
|
|
validation:
|
|
type: Http
|
|
content:
|
|
request:
|
|
headers:
|
|
Notion-Version: "2022-06-28"
|
|
Authorization: "Bearer {{ TOKEN }}"
|
|
method: GET
|
|
response_matcher:
|
|
- report_response: true
|
|
- type: StatusMatch
|
|
status: [200]
|
|
- type: WordMatch
|
|
words:
|
|
- '"object":"user"'
|
|
- '"type":"bot"'
|
|
match_all_words: true
|
|
url: https://api.notion.com/v1/users/me
|
|
|
|
- name: Notion OAuth Refresh Token
|
|
id: kingfisher.notion.2
|
|
pattern: |
|
|
(?xi)
|
|
\b
|
|
(
|
|
nrt_[A-Z0-9_]{40,55}
|
|
)
|
|
\b
|
|
min_entropy: 3.5
|
|
confidence: medium
|
|
examples:
|
|
- "nrt_4Y29zY29vbF9leGFtcGxlX3JlZnJlc2hfdG9rZW4xMjM0NQ" |