mongodb
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 3 additions & 2 deletions b/‎.github/workflows/ci.yml‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎.github/workflows/release.yml‎
Lines changed: 3 additions & 2 deletions b/‎.github/workflows/release.yml‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 5 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎Cargo.toml‎
Lines changed: 1 addition & 1 deletion b/‎Cargo.toml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎data/rules/datadog.yml‎
Lines changed: 88 additions & 40 deletions b/‎data/rules/datadog.yml‎
Lines changed: 88 additions & 40 deletions
diff --git a/‎src/decompress.rs‎
Lines changed: 2 additions & 2 deletions b/‎src/decompress.rs‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/main.rs‎
Lines changed: 15 additions & 15 deletions b/‎src/main.rs‎
Lines changed: 15 additions & 15 deletions
@@ -77,9 +77,10 @@ jobs:
             C:\vcpkg\downloads
             C:\vcpkg\archives
             C:\Users\runneradmin\AppData\Local\vcpkg\archives
-          key: ${{ runner.os }}-vcpkg-hyperscan-542
+          key: vcpkg-${{ runner.os }}-hs-542
           restore-keys: |
-            ${{ runner.os }}-vcpkg-
+            vcpkg-${{ runner.os }}-
+            vcpkg-
 
       # Ensure downloads dir exists and seed PCRE 8.45 zip from a working mirror
       - name: Pre-seed PCRE 8.45 for vcpkg (bypass SourceForge redirect)
 
@@ -212,9 +212,10 @@ jobs:
             C:\vcpkg\downloads
             C:\vcpkg\archives
             C:\Users\runneradmin\AppData\Local\vcpkg\archives
-          key: ${{ runner.os }}-vcpkg-hyperscan-542
+          key: vcpkg-${{ runner.os }}-hs-542
           restore-keys: |
-            ${{ runner.os }}-vcpkg-
+            vcpkg-${{ runner.os }}-
+            vcpkg-
 
       # Ensure downloads dir exists and seed PCRE 8.45 zip from a working mirror
       - name: Pre-seed PCRE 8.45 for vcpkg (bypass SourceForge redirect)
 
@@ -2,6 +2,11 @@
 
 All notable changes to this project will be documented in this file.
 
+## [v1.63.0]
+- Fixed bug when retrieving some finding values and injecting them as TOKENS in the rule templates
+- Improved Datadog rule
+- Improved AWS rule
+
 ## [v1.62.0]
 - Added `pattern_requirements` checks to rules, providing lightweight post-regex character-class validation without lookarounds. See docs/RULES.md for detail
 - Added an `ignore_if_contains` option to `pattern_requirements` to drop matches containing case-insensitive placeholder words, with tests covering the new behavior.
 
@@ -10,7 +10,7 @@ publish = false
 
 [package]
 name = "kingfisher"
-version = "1.62.0"
+version = "1.63.0"
 description = "MongoDB's blazingly fast and accurate secret scanning and validation tool"
 edition.workspace = true
 rust-version.workspace = true
 
@@ -1,65 +1,113 @@
 rules:
   - name: Datadog API Key
-    id: kingfisher.datadog.1
+    id: kingfisher.datadog.3
     pattern: |
-      (?xi) 
+      (?xi)
       \b
-      datadog
+      (?:datadog|dd)
       (?:.|[\n\r]){0,64}?
-      (?:SECRET|PRIVATE|ACCESS|KEY|TOKEN)
+      (?:SECRET|PRIVATE|ACCESS|KEY|TOKEN)?
       (?:.|[\n\r]){0,32}?
-      \b                     
+      \b
       (
-        [a-z0-9]{32}
+        [A-Za-z0-9]{32}
       )
       \b
     pattern_requirements:
       min_digits: 2
     min_entropy: 3.3
     confidence: medium
     examples:
-      - datadog-secrettoken-0024a29224affe29d173c0bf99e5a89d
+      - DD_API_KEY=0024a29224affe29d173c0bf99e5a89d
     references:
       - https://docs.datadoghq.com/account_management/api-app-keys/
     validation:
       type: Http
       content:
         request:
+          method: GET
+          url: https://api.datadoghq.com/api/v1/validate
           headers:
             Accept: application/json
-            DD-API-KEY: '{{ TOKEN }}'
-            DD-APPLICATION-KEY: '{{ APPKEY }}'
-          method: GET
+            DD-API-KEY: "{{ TOKEN }}"
           response_matcher:
             - report_response: true
-            - status:
-                - 200
-              type: StatusMatch
-          url: https://api.datadoghq.com/api/v2/current_user
-    depends_on_rule:
-      - rule_id: kingfisher.datadog.2
-        variable: APPKEY
+            - type: StatusMatch
+              status: [200]
 
-  - name: Datadog Application Secret
-    id: kingfisher.datadog.2
-    pattern: |
-      (?xi)
-      \b
-      datadog
-      (?:.|[\n\r]){0,64}?
-      (?:SECRET|PRIVATE|ACCESS|KEY|TOKEN)
-      (?:.|[\n\r]){0,16}?
-      (
-        [a-z0-9]{40}
-      )
-    pattern_requirements:
-      min_digits: 2
-      min_uppercase: 1
-      min_lowercase: 1
-    min_entropy: 3.3
-    confidence: medium
-    examples:
-      - datadog_secret_key-3c0c3965368a6b10f7640dbda46abfdca981c2d3
-      - datadog_token = BzHpkcs7LujMb3Q1vLRRjbpBNxxYV0ousumYoKJS
-    references:
-      - https://docs.datadoghq.com/account_management/api-app-keys/
+  # - name: Datadog API Key
+  #   id: kingfisher.datadog.1
+  #   pattern: |
+  #     (?xi) 
+  #     \b
+  #     datadog
+  #     (?:.|[\n\r]){0,64}?
+  #     (?:SECRET|PRIVATE|ACCESS|KEY|TOKEN)
+  #     (?:.|[\n\r]){0,32}?
+  #     \b                     
+  #     (
+  #       [a-z0-9]{32}
+  #     )
+  #     \b
+  #   pattern_requirements:
+  #     min_digits: 2
+  #   min_entropy: 3.3
+  #   confidence: medium
+  #   examples:
+  #     - datadog-secrettoken-0024a29224affe29d173c0bf99e5a89d
+  #   references:
+  #     - https://docs.datadoghq.com/account_management/api-app-keys/
+  #   validation:
+  #     type: Http
+  #     content:
+  #       request:
+  #         headers:
+  #           Accept: application/json
+  #           DD-API-KEY: '{{ TOKEN }}'
+  #           DD-APPLICATION-KEY: '{{ APPKEY }}'
+  #         method: GET
+  #         response_matcher:
+  #           - report_response: true
+  #           - status:
+  #               - 200
+  #             type: StatusMatch
+  #         url: https://api.datadoghq.com/api/v2/current_user
+  #   depends_on_rule:
+  #     - rule_id: kingfisher.datadog.2
+  #       variable: APPKEY
+
+  # - name: Datadog API Key (API-only validation)
+  #   id: kingfisher.datadog.3
+  #   pattern: |
+  #     (?xi)
+  #     \b
+  #     (?:datadog|dd)
+  #     (?:.|[\n\r]){0,64}?
+  #     (?:SECRET|PRIVATE|ACCESS|KEY|TOKEN)?
+  #     (?:.|[\n\r]){0,32}?
+  #     \b
+  #     (
+  #       [A-Za-z0-9]{32}
+  #     )
+  #     \b
+  #   pattern_requirements:
+  #     min_digits: 2
+  #   min_entropy: 3.3
+  #   confidence: medium
+  #   examples:
+  #     - DD_API_KEY=0024a29224affe29d173c0bf99e5a89d
+  #   references:
+  #     - https://docs.datadoghq.com/account_management/api-app-keys/
+  #   validation:
+  #     type: Http
+  #     content:
+  #       request:
+  #         method: GET
+  #         url: https://api.datadoghq.com/api/v1/validate
+  #         headers:
+  #           Accept: application/json
+  #           DD-API-KEY: "{{ TOKEN }}"
+  #         response_matcher:
+  #           - report_response: true
+  #           - type: StatusMatch
+  #             status: [200]
@@ -340,7 +340,7 @@ mod tests {
     fn smoke_decompress_tar_gz_archive() -> anyhow::Result<()> {
         let dir = tempdir()?;
         let tar_gz = dir.path().join("payload.tar.gz");
-        let github_pat = "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"; // this is not a real secret
+        let github_pat = "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"; // this is not a real secret
 
         // build payload.tar.gz containing secret.txt
         {
@@ -393,7 +393,7 @@ mod tests {
     fn smoke_decompress_without_extract_archives() -> anyhow::Result<()> {
         let dir = tempdir()?;
         let tar_gz = dir.path().join("payload.tar.gz");
-        let github_pat = "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";
+        let github_pat = "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";
 
         // ── build payload.tar.gz containing secret.txt ──────────────────────────────
         {
 
@@ -5,27 +5,27 @@
 //   * Fallback - system allocator     (`system-alloc` feature)
 // ────────────────────────────────────────────────────────────
 
-// --- jemalloc (opt-in) ---
-#[cfg(feature = "use-jemalloc")]
-#[global_allocator]
-static GLOBAL: tikv_jemallocator::Jemalloc = tikv_jemallocator::Jemalloc;
-
-// --- mimalloc (default) ---
-#[cfg(all(not(feature = "use-jemalloc"), not(feature = "system-alloc")))]
-#[global_allocator]
-static GLOBAL: mimalloc::MiMalloc = mimalloc::MiMalloc;
+// // --- jemalloc (opt-in) ---
+// #[cfg(feature = "use-jemalloc")]
+// #[global_allocator]
+// static GLOBAL: tikv_jemallocator::Jemalloc = tikv_jemallocator::Jemalloc;
 
-// --- system allocator (explicit opt-out) ---
-#[cfg(feature = "system-alloc")]
-use std::alloc::System;
-#[cfg(feature = "system-alloc")]
-#[global_allocator]
-static GLOBAL: System = System;
+// // --- mimalloc (default) ---
+// #[cfg(all(not(feature = "use-jemalloc"), not(feature = "system-alloc")))]
+// #[global_allocator]
+// static GLOBAL: mimalloc::MiMalloc = mimalloc::MiMalloc;
 
+// // --- system allocator (explicit opt-out) ---
+// #[cfg(feature = "system-alloc")]
 // use std::alloc::System;
+// #[cfg(feature = "system-alloc")]
 // #[global_allocator]
 // static GLOBAL: System = System;
 
+use std::alloc::System;
+#[global_allocator]
+static GLOBAL: System = System;
+
 use std::{
     io::{IsTerminal, Read},
     sync::{Arc, Mutex},