kingfisher/crates/kingfisher-rules/data/rules/cloudflare.yml

rules:
  - name: Cloudflare API Token
    id: kingfisher.cloudflare.1
    pattern: |
      (?xi)                   
      \b                     
      cloudflare
      (?:.|[\n\r]){0,32}?
      (?:SECRET|PRIVATE|ACCESS|KEY|TOKEN)
      (?:.|[\n\r]){0,32}?
      \b                     
      (
        [a-z0-9_-]{38,42}
      )
      \b
    pattern_requirements:
      min_digits: 2
    min_entropy: 3.5
    confidence: medium
    examples:
      - cloudflareAPIKey = y3u7gjcxzpboe2hs50hvuewsx10koco3z327z_1i
      - |
        CLOUDFLARE_API_TOKEN: '0pf-j25nxkrkhp8t62qh6k4921ptv09ozq9k0kva'
        cloudflare_key="y3u7gjcxzpboe2hs50hvuewsx10koco3z327z_1i"
    references:
      - https://developers.cloudflare.com/api/resources/user/subresources/tokens/methods/verify/
    validation:
      type: Http
      content:
        request:
          headers:
            Authorization: Bearer {{ TOKEN }}
            Accept: application/json
          method: GET
          response_matcher:
            - report_response: true
            - status:
                - 200
              type: StatusMatch
          url: https://api.cloudflare.com/client/v4/user/tokens/verify

  - name: Cloudflare CA Key
    id: kingfisher.cloudflare.2
    pattern: |
      (?xi)
      \b                     
      (?:cloudflare|x-auth-user-service-key)
      (?:.|[\n\r]){0,64}?
      (
        v1\.0-[a-z0-9._-]{160,}
      )
      \b      
    pattern_requirements:
      min_digits: 2               
    min_entropy: 4.0
    confidence: medium
    examples:
      - 'X-Auth-User-Service-Key = v1.0-e26de050e02ddeaeef6de8d5ee267df5e78f68666ddd0ee76f22d26a0d20756f-eda77de60e8e76077e162727656787de2005d25e2f6e502e2d067657ed65722eade065275001a0f6f6e521e5e1fd76a6e8d7e2d6da8a2ee01e66e061e22570e2-07f2ede0aed78e82e8d2e620aaef8656d81e762266d7d226a205de7e18e2256a'
      - |
        cloudflare_service_key: "v1.0-e26de050e02ddeaeef6de8d5ee267df5e78f68666ddd0ee76f22d26a0d20756f-eda77de60e8e76077e162727656787de2005d25e2f6e502e2d067657ed65722eade065275001a0f6f6e521e5e1fd76a6e8d7e2d6da8a2ee01e66e061e22570e2-07f2ede0aed78e82e8d2e620aaef8656d81e762266d7d226a205de7e18e2256a"
    references:
      - https://developers.cloudflare.com/fundamentals/api/get-started/keys/
      - https://developers.cloudflare.com/fundamentals/api/get-started/keys/
    validation:
      type: Http
      content:
        request:
          headers:
            Content-Type: application/json
            X-Auth-User-Service-Key: '{{ TOKEN }}'
          method: GET
          response_matcher:
            - report_response: true
            - status:
                - 200
              type: StatusMatch
          url: https://api.cloudflare.com/client/v4/certificates?per_page=1