forked from mirrors/kingfisher
49 lines
1.4 KiB
YAML
49 lines
1.4 KiB
YAML
rules:
|
|
- name: Azure Storage Account Name
|
|
id: kingfisher.azurestorage.1
|
|
pattern: |
|
|
(?xi)
|
|
(?:
|
|
# A) Connection string: AccountName=<name>
|
|
(?i:AccountName)\s*=\s*([a-z0-9]{3,24})(?:\b|[^a-z0-9])
|
|
|
|
|
|
|
# B) Blob endpoint URL: <name>.blob.core.windows.net
|
|
([a-z0-9]{3,24})\.blob\.core\.windows\.net\b
|
|
|
|
|
|
|
# C) Explicit KV labels near 'azure storage/account name' with tight separators
|
|
\bazure(?:[_\s-]*)(?:storage|account)(?:[_\s-]*)(?:name)\b
|
|
[\s:=\"']{0,6}
|
|
([a-z0-9]{3,24})(?:\b|[^a-z0-9])
|
|
)
|
|
min_entropy: 2.0
|
|
visible: false
|
|
confidence: medium
|
|
examples:
|
|
- AccountName=mystorageaccount
|
|
- mystorageaccount.blob.core.windows.net
|
|
- azure_storage_name="prodblob2024"
|
|
|
|
|
|
- name: Azure Storage Account Key
|
|
id: kingfisher.azurestorage.2
|
|
pattern: |
|
|
(?xi)
|
|
\b
|
|
azure
|
|
(?:.|[\n\r]){0,128}?
|
|
(?:SECRET|PRIVATE|ACCESS|KEY|TOKEN)
|
|
(?:.|[\n\r]){0,128}?
|
|
(
|
|
[A-Za-z0-9+/]{86,88}={0,2}
|
|
)
|
|
min_entropy: 4.0
|
|
confidence: medium
|
|
examples:
|
|
- Azure AccountKey=Xy9aB8cD7eF6gH5iJ4kL3mN2oP1qR0sT9uV8wX7yZ6aB5cD4eF3gH2iJ1kL0mN9oP8qR7sT6uV5wX4yZ3aB2cD1eF0gH9iJ8kL7mN6oP5q==\
|
|
validation:
|
|
type: AzureStorage
|
|
depends_on_rule:
|
|
- rule_id: kingfisher.azurestorage.1
|
|
variable: AZURENAME
|