eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
kingfisher/testdata/test_char_requirements.yaml
Mick Grove 0f953f59a5 pattern_requirements for rules — Post-regex character-class gating to cut false positives without lookarounds. Authors can now require minimum counts of digits, uppercase, lowercase, and special characters, with an optional custom special-char set. 
Why: Hyperscan doesn’t support lookaheads/behinds, so many “must contain X and Y” checks had to be baked into the regex (hurting readability) or were impossible. pattern_requirements applies lightweight, in-memory checks after a match is found, keeping patterns fast and clean.
2025-11-04 13:55:31 -05:00

24 lines
704 B
YAML
Vendored
Raw Blame History

rules:
- name: Secure API Key with Character Requirements
id: test.char_requirements.1
pattern: |
(?xi)
api[_-]?key
(?:.|[\n\r]){0,32}?
\b
([A-Za-z0-9!@#$%^&*]{16,})
\b
min_entropy: 3.0
confidence: high
pattern_requirements:
min_digits: 1
min_uppercase: 1
min_lowercase: 1
min_special_chars: 1
examples:
- api_key = "Abc123!SecureToken"
- api-key: "MyK3y!WithSpecial"
negative_examples:
- api_key = "abcdefghijklmnop" # no uppercase, no digit, no special
- api_key = "ABCDEFGHIJKLMNOP" # no lowercase, no digit, no special
- api_key = "abc123defghijklm" # no uppercase, no special
View git blame Copy permalink