forked from mirrors/kingfisher
81d2f47c67
- Added rules for sendbird, mattermost, langchain, notion - JWT validation hardened to reject alg:none by default (only allowed if explicitly configured), require iss for OIDC/JWKS verification, ensuring Active Credential means cryptographically verified and time-valid, not just unexpired - Updated the Git cloning logic to include all refs and minimize clone output, allowing Kingfisher to analyze pull request and deleted branch history
32 lines
No EOL
825 B
YAML
32 lines
No EOL
825 B
YAML
rules:
|
|
- name: StackHawk API Key
|
|
id: kingfisher.stackhawk.1
|
|
pattern: |
|
|
(?xi)
|
|
\b
|
|
(
|
|
hawk\.[0-9A-Z_-]{20}\.[0-9A-Z_-]{20}
|
|
)
|
|
\b
|
|
confidence: medium
|
|
min_entropy: 3.0
|
|
examples:
|
|
- 'HAWK_API_KEY="hawk.nHAOHdJjXoNyzAcTDC5M.R2gqQh2aCesrh0yCGB7q"'
|
|
references:
|
|
- https://docs.stackhawk.com/apidocs.html
|
|
- https://apidocs.stackhawk.com/reference/getuser
|
|
validation:
|
|
type: Http
|
|
content:
|
|
request:
|
|
method: GET
|
|
url: "https://api.stackhawk.com/api/v1/auth/user"
|
|
headers:
|
|
X-Api-Key: "{{TOKEN}}"
|
|
response_matcher:
|
|
- report_response: true
|
|
- type: StatusMatch
|
|
status: [200]
|
|
- type: WordMatch
|
|
words:
|
|
- '"user":' |