eblume/kingfisher
1
0
Fork 0
forked from mirrors/kingfisher
Code Pull requests Activity Actions
kingfisher/data/rules/linkedin.yml
Mick Grove 0f953f59a5 pattern_requirements for rules — Post-regex character-class gating to cut false positives without lookarounds. Authors can now require minimum counts of digits, uppercase, lowercase, and special characters, with an optional custom special-char set. 
Why: Hyperscan doesn’t support lookaheads/behinds, so many “must contain X and Y” checks had to be baked into the regex (hurting readability) or were impossible. pattern_requirements applies lightweight, in-memory checks after a match is found, keeping patterns fast and clean.
2025-11-04 13:55:31 -05:00

71 lines
No EOL
2 KiB
YAML
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

rules:
- name: LinkedIn Client ID
id: kingfisher.linkedin.1
pattern: |
(?xi)
linkedin
.?
(?: api | app | application | client | consumer | customer )?
.?
(?: id | identifier | key )
.{0,2} \s{0,20} .{0,2} \s{0,20} .{0,2}
\b ([a-z0-9]{12,14}) \b
pattern_requirements:
min_digits: 2
references:
- https://docs.microsoft.com/en-us/linkedin/shared/api-guide/best-practices/secure-applications
min_entropy: 2.5
confidence: medium
examples:
- 'Email ID Last 5 Digits of your SSN LinkedIn ID Availability'
- |
LINKEDIN_KEY = "77yg7tx91p4lag"
LINKEDIN_SECRET = "zt7GeN6IH911xvRj"
validation:
type: Http
content:
request:
headers:
Authorization: "Bearer {{ TOKEN }}"
method: GET
response_matcher:
- report_response: true
- status:
- 200
type: StatusMatch
url: https://api.linkedin.com/v2/me
- name: LinkedIn Secret Key
id: kingfisher.linkedin.2
pattern: |
(?xi)
linkedin
.?
(?: api | app | application | client | consumer | customer | secret | key )
.?
(?: key | oauth | sec | secret )?
.{0,2} \s{0,20} .{0,2} \s{0,20} .{0,2}
\b ([a-z0-9]{16}) \b
pattern_requirements:
min_digits: 2
references:
- https://docs.microsoft.com/en-us/linkedin/shared/api-guide/best-practices/secure-applications
min_entropy: 3.3
confidence: medium
examples:
- |
LINKEDIN_KEY = "77yg7tx91p4lag"
LINKEDIN_SECRET = "zt7GeN6IH911xvRj"
validation:
type: Http
content:
request:
headers:
Authorization: "Bearer {{ TOKEN }}"
method: GET
response_matcher:
- report_response: true
- status:
- 200
type: StatusMatch
url: https://api.linkedin.com/v2/me
View git blame Copy permalink