forked from mirrors/kingfisher
78 lines
No EOL
2.9 KiB
YAML
78 lines
No EOL
2.9 KiB
YAML
rules:
|
|
- name: Azure Storage Account Name
|
|
id: kingfisher.azurestorage.1
|
|
pattern: |
|
|
(?xi)
|
|
(?:
|
|
# A) Connection string: AccountName=<name>
|
|
(?i:AccountName)\s*=\s*([a-z0-9]{3,24})(?:\b|[^a-z0-9])
|
|
|
|
|
# B) Blob endpoint URL: <name>.blob.core.windows.net
|
|
([a-z0-9]{3,24})\.blob\.core\.windows\.net\b
|
|
|
|
|
# C) Explicit KV labels near 'azure storage/account name' with tight separators
|
|
\bazure(?:[_\s-]*)(?:storage|account)(?:[_\s-]*)(?:name)\b
|
|
[\s:=\"']{0,6}
|
|
([a-z0-9]{3,24})(?:\b|[^a-z0-9])
|
|
|
|
|
# D) Explicit KV labels near 'azure storage/account name' with tight separators
|
|
(?i:Account[_.-]?Name|Storage[_.-]?(?:Name))(?:.|\s){0,32}?\b([A-Z0-9]{3,32})\b|([A-Z0-9]{3,32})(?i:\.blob\.core\.windows\.net)
|
|
)
|
|
min_entropy: 2.0
|
|
visible: false
|
|
confidence: medium
|
|
examples:
|
|
- AccountName=mystorageaccount
|
|
- mystorageaccount.blob.core.windows.net
|
|
- azure_storage_name="prodblob2024"
|
|
references:
|
|
- https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview
|
|
- https://learn.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key
|
|
- name: Azure Storage Account Key
|
|
id: kingfisher.azurestorage.2
|
|
pattern: |
|
|
(?x)
|
|
\b
|
|
(?:
|
|
(?i:azure)(?:[_\s-]*(?i:storage))?
|
|
(?:[_\s-]*(?:account[_\s-]*key|storage[_\s-]*key|shared[_\s-]*key|access[_\s-]*key|accountkey))
|
|
|
|
|
(?i:account)[_.\s-]*(?i:key)
|
|
|
|
|
(?i:storage)[_.\s-]*(?i:key)
|
|
)
|
|
\b
|
|
(?:.|[\n\r]){0,24}?
|
|
(?:
|
|
[=:]
|
|
|
|
|
["']\s*:\s*["']
|
|
)
|
|
\s*
|
|
["']?
|
|
(
|
|
[A-Za-z0-9+/]{86}==
|
|
)
|
|
['"]?
|
|
pattern_requirements:
|
|
min_digits: 2
|
|
min_uppercase: 2
|
|
min_lowercase: 2
|
|
min_special_chars: 1
|
|
min_entropy: 4.0
|
|
confidence: medium
|
|
examples:
|
|
- Azure AccountKey=oqb4TdY9T0hphvktd5fJnMiHuQqzVy1jd5sSuOpAbGkaoqTlrHl0BOJN2okcasinVLOJzfDbZo1L+ASt68RAhA==
|
|
- Azure AccountKey=B/1EVX2Ui47X09tqU3GI/j+Nko9r5COPm0Hea9tfzitF9MQX9lZZiNO3tYQckWnt+rtlGIWS+sCx+AStkq8ZLg==
|
|
- Azure AccountKey=u45diQdTiXeuSKl5r4EjgbPP72EYpuTNEzfMTi0mk+d2sTisA4gWzt4H1Ag3kqFaCykWZv2S6KQo+AStHF56RQ==
|
|
- Azure AccountKey=b8a/Z4wFAbhOPQTMa4PUTKr2XQhwoyWtP/3PnEto3mK86CFQnVYyTV/HSrij88h5jVYyzwUk0oTw+AStIKN/4w==
|
|
- Azure AccountKey=JJD1GDiHCmtTpCOKpBYkXgZKrZvi7P4mRDe3jNVGc/JL/bp51uWcWL0rkOByk5VsX2MM62A/ABkE+AStU9qMkA==
|
|
- Azure AccountKey=u45diQdTiXeuSKl5r4EjgbPP72EYpuTNEzfMTi0mk+d2sTisA4gWzt4H1Ag3kqFaCykWZv2S6KQo+AStHF56RQ==
|
|
validation:
|
|
type: AzureStorage
|
|
references:
|
|
- https://learn.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key
|
|
- https://learn.microsoft.com/en-us/rest/api/storageservices/
|
|
depends_on_rule:
|
|
- rule_id: kingfisher.azurestorage.1
|
|
variable: AZURENAME |