forked from mirrors/kingfisher
181df458ba
- Added mercury.yml and neon.yml rules from main - Merged Docker Hub Organization Access Token rule from main into updated dockerhub.yml - Resolved file location conflicts due to rules directory restructuring
67 lines
1.7 KiB
YAML
67 lines
1.7 KiB
YAML
rules:
|
|
- name: Mercury Production API Token
|
|
id: kingfisher.mercury.1
|
|
pattern: |
|
|
(?x)
|
|
\b
|
|
(
|
|
mercury_production_
|
|
[a-z]{3,6}
|
|
_
|
|
[a-zA-Z0-9]{40,50}
|
|
_yrucrem
|
|
)
|
|
\b
|
|
min_entropy: 3.5
|
|
confidence: medium
|
|
examples:
|
|
- Bearer secret-token:mercury_production_wma_24SCp4G81X3yHL4Wq8FgzuaP9ye3VKf2mgTDctXyRg5HY_yrucrem
|
|
references:
|
|
- https://docs.mercury.com/docs/api-token-security-policies
|
|
validation:
|
|
type: Http
|
|
content:
|
|
request:
|
|
headers:
|
|
Authorization: Bearer {{ TOKEN }}
|
|
Accept: application/json
|
|
method: GET
|
|
response_matcher:
|
|
- report_response: true
|
|
- status:
|
|
- 200
|
|
type: StatusMatch
|
|
url: https://api.mercury.com/api/v1/accounts
|
|
- name: Mercury Non-Production API Token
|
|
id: kingfisher.mercury.2
|
|
pattern: |
|
|
(?x)
|
|
\b
|
|
(
|
|
mercury_sandbox_
|
|
[a-z]{3,6}
|
|
_
|
|
[a-zA-Z0-9]{40,50}
|
|
_yrucrem
|
|
)
|
|
\b
|
|
min_entropy: 3.5
|
|
confidence: medium
|
|
examples:
|
|
- Bearer secret-token:mercury_sandbox_rma_24pnbcT7NygLbpJPr4xBuSuBDpo6tK89S8u3ERYn3FXVz_yrucrem
|
|
references:
|
|
- https://docs.mercury.com/docs/api-token-security-policies
|
|
validation:
|
|
type: Http
|
|
content:
|
|
request:
|
|
headers:
|
|
Authorization: Bearer {{ TOKEN }}
|
|
Accept: application/json
|
|
method: GET
|
|
response_matcher:
|
|
- report_response: true
|
|
- status:
|
|
- 200
|
|
type: StatusMatch
|
|
url: https://api-sandbox.mercury.com/api/v1/accounts
|