| 1234567891011121314151617 |
- # This config contains a single rule which defines a regex and a range of entropy values. If a rule has
- # both regex and entropy then that rule uses BOTH the regex and entropy in combination when performing an scan.
- # In other words, if a line of code has an entropy value that is within the range of the entropies defined and
- # a regex match is found then that line of code contains a leak.
- # So, for this example if a line of code has an entropy value of 4.6 AND matches the regex below then we got a leak.
- [[rules]]
- description = "entropy and regex"
- regex = '''(?i)key(.{0,20})?['|"][0-9a-zA-Z]{16,45}['|"]'''
- tags = ["entropy"]
- [[rules.Entropies]]
- Min = "4.5"
- Max = "5.7"
- [[rules.Entropies]]
- Min = "5.5"
- Max = "6.3"
|
