forked from mirrors/kingfisher
34 lines
998 B
YAML
34 lines
998 B
YAML
rules:
|
|
- name: Heroku API Key
|
|
id: kingfisher.heroku.1
|
|
pattern: |
|
|
(?xi)
|
|
heroku
|
|
(?:.|[\n\r]){0,32}?
|
|
(?:SECRET|PRIVATE|ACCESS|KEY|TOKEN)
|
|
(?:.|[\n\r]){0,32}?
|
|
\b
|
|
(
|
|
[0-9a-f]{8}-[0-9a-f]{4}-
|
|
[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}
|
|
)
|
|
\b
|
|
min_entropy: 3.0
|
|
confidence: medium
|
|
examples:
|
|
- 'HEROKU_API_KEY: c55dbac4-e0e8-4a06-b892-75cac2387ce5'
|
|
references:
|
|
- https://devcenter.heroku.com/articles/authentication
|
|
validation:
|
|
type: Http
|
|
content:
|
|
request:
|
|
method: GET
|
|
headers:
|
|
Accept: application/vnd.heroku+json; version=3
|
|
Authorization: Bearer {{ TOKEN }}
|
|
url: https://api.heroku.com/apps
|
|
response_matcher:
|
|
- report_response: true
|
|
- type: StatusMatch
|
|
status: [200]
|