forked from mirrors/kingfisher
113 lines
4.7 KiB
YAML
113 lines
4.7 KiB
YAML
rules:
|
|
- name: Azure Connection String
|
|
id: kingfisher.azure.1
|
|
pattern: |
|
|
(?xi)
|
|
(?: AccountName | SharedAccessKeyName | SharedSecretIssuer) \s*=\s* ([^;]{1,80}) \s*;\s*
|
|
.{0,10}\s*
|
|
(?: AccountKey | SharedAccessKey | SharedSecretValue) \s*=\s* ([^;]{1,100})
|
|
(?: ;|$ )
|
|
min_entropy: 3.3
|
|
confidence: medium
|
|
examples:
|
|
- |
|
|
# Azure Storage Connection String
|
|
AzureWebJobsStorage=DefaultEndpointsProtocol=https;AccountName=hanatour9833;AccountKey=6jqh42QQjWWBwoPGGR/Jr0PZjhBMZVbHm/gkhEfHvOj8aV6+oI8ed6ZAAwB5a6993WqyQDiuJJB0QpseJwqYxw==;EndpointSuffix=core.windows.net
|
|
- |
|
|
DefaultEndpointsProtocol=http;AccountName=testacc1;
|
|
AccountKey=1gy3lpE7Du1j5ljKiupgKzywSw2isjsa69sfsdfsdsgfsgfdgfdgfd/YThisv/OVVLfIOv9kQ==;
|
|
BlobEndpoint=http://127.0.0.1:8440/testacc1;
|
|
TableEndpoint=http://127.0.0.1:8440/testacc1;
|
|
QueueEndpoint=http://127.0.0.1:8440/testacc1;
|
|
- |
|
|
"IOTHUB_CONNECTION_STRING": {
|
|
"value": "HostName=d1-vi-ioth521.azure-devices.net;SharedAccessKeyName=registryReadWrite;SharedAccessKey=S8ii67l3Gd1Ba69az78iP9UksewzhjvUfh1DIuDs30w="
|
|
}
|
|
- |
|
|
"AZURE_STORAGE_CONNECTION_STRING": {
|
|
"value": "DefaultEndpointsProtocol=https;AccountName=d1biblobstor521;AccountKey=NjEwGHd9+piK+iCi2C2XURWPmeDDjif9UKN1HAszYptL4iQ+yD7/dgjLMZc3VOpURsa53aJ4HZfbVWzL429C5g==;EndpointSuffix=core.windows.net"
|
|
}
|
|
references:
|
|
- https://azure.microsoft.com/en-us/blog/windows-azure-web-sites-how-application-strings-and-connection-strings-work/
|
|
- https://docs.microsoft.com/en-us/azure/storage/common/storage-configure-connection-string
|
|
- https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-sas#best-practices-when-using-sas
|
|
|
|
- name: Azure App Configuration Connection String
|
|
id: kingfisher.azure.2
|
|
pattern: |
|
|
(?xi)
|
|
(https://[A-Z0-9-]+\.azconfig\.io);
|
|
Id=(.{4}-.{2}-.{2}:[A-Z0-9+/]{18,22});
|
|
Secret=([A-Z0-9+/]{36,50}=)
|
|
min_entropy: 3.3
|
|
confidence: medium
|
|
examples:
|
|
- 'Endpoint=https://foo-nonprod-appconfig.azconfig.io;Id=ABCD-E6-s0:tl6ABcdefGHi7kLMno/p;Secret=abCD1EF+GHIJxLMnOPqRSa53VWX05zaBCdE/fg9hi4k='
|
|
- 'https://foo-nonprod-appconfig.azconfig.io;Id=ABCD-E6-s0:tl6ABcdefGHi7kLMno/p;Secret=abCD1EF+GHIJxLMnOA53ST8uVWX05zaBCdE/fg9hi4k='
|
|
- 'Endpoint=https://appconfig-test01.azconfig.io;Id=09pv-l0-s0:opFCQMC6+9485xJgN5Ws;Secret=GcoEA53t7GLRNJ910M46IrbHO/Vg0tt4HujRdsaCoTY='
|
|
- ' private static string appConfigurationConnectionString = "Endpoint=https://appcs-fg-pwc.azconfig.io;Id=pi5x-l9-s0:SZLlhHA53Nz2MpAl04cU;Secret=CQ+mlfQqkzfZv4XA53gigJ/seeXMKwNsqW/rM3wmtuE=";'
|
|
references:
|
|
- https://docs.microsoft.com/en-us/azure/azure-app-configuration/
|
|
- https://docs.microsoft.com/en-us/azure/azure-app-configuration/howto-best-practices
|
|
- https://github.com/Azure/azure-sdk-for-python/blob/main/sdk/appconfiguration/azure-appconfiguration/azure/appconfiguration/_utils.py
|
|
|
|
- name: Azure Personal Access Token
|
|
id: kingfisher.azure.3
|
|
pattern: |
|
|
(?xi)
|
|
(?i: ADO_PAT | pat_token | personal_?access_?token | \$token )
|
|
\s* = \s*
|
|
["']
|
|
([a-z0-9]{52})
|
|
["']
|
|
min_entropy: 3.3
|
|
confidence: medium
|
|
examples:
|
|
- |
|
|
var personalAccessToken = "zpczok4kqgnw5prpfy3ehiylbqvgbjfkdiqkejsxqamy7qbkep7q"; // Provide a value or retrieve it from configuration
|
|
- |
|
|
$token = "58oo4mvqr2tpw7b4w3loeckwfu5o6nw3sihfckvlwoxgqimlddza"
|
|
- |
|
|
if __name__ == "__main__":
|
|
ado_pat = "iyfmob6xjrfmit67anxbot64umfx2clwx7dz5ynxi4q2z3uqegvq"
|
|
- name: Azure Container Registry URL
|
|
id: kingfisher.azure.4
|
|
pattern: |
|
|
(?xi)
|
|
(
|
|
[a-z0-9][a-z0-9-]{1,100}[a-z0-9]
|
|
)\.azurecr\.io
|
|
confidence: medium
|
|
min_entropy: 2.0
|
|
examples:
|
|
- "myregistry.azurecr.io"
|
|
- name: Azure Container Registry Password
|
|
id: kingfisher.azure.5
|
|
pattern: |
|
|
(?xi)
|
|
\b
|
|
(
|
|
[A-Z0-9+/]{42}\+ACR[A-Z0-9]{6}
|
|
)
|
|
\b
|
|
confidence: medium
|
|
min_entropy: 4.0
|
|
validation:
|
|
type: Http
|
|
content:
|
|
request:
|
|
method: GET
|
|
url: "https://{{ACR_USERNAME}}.azurecr.io/v2/_catalog"
|
|
headers:
|
|
Authorization: "Basic {{ ACR_USERNAME | append: ':' | append: TOKEN | b64enc }}"
|
|
response_matcher:
|
|
- report_response: true
|
|
- type: StatusMatch
|
|
status: [200]
|
|
examples:
|
|
- "Abcdefghijklmnopqrstuvwxyz1234567890ABCD+ACRefg123"
|
|
depends_on_rule:
|
|
- rule_id: "kingfisher.azure.4"
|
|
variable: ACR_USERNAME
|
|
references:
|
|
- https://learn.microsoft.com/en-us/azure/container-registry/container-registry-authentication
|