From cafa97f8d16b7a2d61d110885db3a1a015d8be92 Mon Sep 17 00:00:00 2001
From: Mick Grove <mick.grove@mongodb.com>
Date: Mon, 27 Apr 2026 14:26:07 -0700
Subject: [PATCH] Updated rule

---
 .../kingfisher-rules/data/rules/anypoint.yml  | 87 +++++++++++++++++++
 1 file changed, 87 insertions(+)

diff --git a/crates/kingfisher-rules/data/rules/anypoint.yml b/crates/kingfisher-rules/data/rules/anypoint.yml
index e632809..91b4b65 100644
--- a/crates/kingfisher-rules/data/rules/anypoint.yml
+++ b/crates/kingfisher-rules/data/rules/anypoint.yml
@@ -41,3 +41,90 @@ rules:
                 - 200
               type: StatusMatch
           url: https://anypoint.mulesoft.com/accounts/api/me
+
+  - name: Anypoint OAuth Client ID
+    id: kingfisher.anypoint.2
+    pattern: |
+      (?xi)
+      \b
+      anypoint
+      (?:.|[\n\r]){0,48}?
+      (?:
+        client[\s_.-]*id
+        |
+        app[\s_.-]*id
+        |
+        connected[\s_.-]*app[\s_.-]*id
+      )
+      (?:.|[\n\r]){0,16}?
+      \b
+      (
+        [0-9a-f]{32}
+      )
+      \b
+    pattern_requirements:
+      min_digits: 4
+      min_lowercase: 4
+    min_entropy: 3.0
+    confidence: medium
+    visible: false
+    examples:
+      - 'ANYPOINT_CLIENT_ID="4f2c9d1081ab7c3de56f9081a2bc4d7e"'
+      - 'anypoint connected app id: 9c7a21e45d6f0b8c3a1d4e6f7b2c9a10'
+    references:
+      - https://docs.mulesoft.com/access-management/connected-apps-developers
+      - https://docs.mulesoft.com/access-management/connected-app-bearer-token-example
+
+  - name: Anypoint OAuth Client Secret
+    id: kingfisher.anypoint.3
+    pattern: |
+      (?xi)
+      \b
+      anypoint
+      (?:.|[\n\r]){0,48}?
+      (?:
+        client[\s_.-]*secret
+        |
+        app[\s_.-]*secret
+        |
+        connected[\s_.-]*app[\s_.-]*secret
+        |
+        oauth[\s_.-]*secret
+      )
+      (?:.|[\n\r]){0,16}?
+      \b
+      (
+        [0-9A-Fa-f]{32}
+      )
+      \b
+    pattern_requirements:
+      min_digits: 4
+    min_entropy: 3.0
+    confidence: medium
+    examples:
+      - 'ANYPOINT_CLIENT_SECRET="3E7f94b18c2d6a40f1b7e9c24d6a8b0f"'
+      - 'anypoint oauth secret = 6a9c1e2f4b7d8a0c3e5f1b2d4a6c8e0f'
+    depends_on_rule:
+      - rule_id: kingfisher.anypoint.2
+        variable: CLIENT_ID
+    validation:
+      type: Http
+      content:
+        request:
+          method: POST
+          url: https://anypoint.mulesoft.com/accounts/api/v2/oauth2/token
+          headers:
+            Content-Type: application/x-www-form-urlencoded
+            Accept: application/json
+          body: "client_id={{ CLIENT_ID | url_encode }}&client_secret={{ TOKEN | url_encode }}&grant_type=client_credentials"
+          response_matcher:
+            - report_response: true
+            - type: StatusMatch
+              status: [200]
+            - type: JsonValid
+            - type: WordMatch
+              words:
+                - '"access_token"'
+    references:
+      - https://docs.mulesoft.com/access-management/connected-app-bearer-token-example
+      - https://docs.mulesoft.com/api-manager/latest/manage-client-apps-connected-apps-concept