rules:
  - name: Azure Function Key in URL
    id: kingfisher.azurefunctionkey.1
    pattern: |
      (?x)
      (
        (?i:https://[a-z0-9-]+\.azurewebsites\.net/api/)[a-zA-Z0-9_-]+
        (?i:\?code=)[a-zA-Z0-9_/+=-]{20,100}
      )
    pattern_requirements:
      min_digits: 2
    min_entropy: 3.5
    confidence: medium
    categories: [api, key]
    examples:
      - 'https://myfunc.azurewebsites.net/api/HttpTrigger1?code=AbCdEfGhIjKlMnOpQrStUvWxYz1234567890/+=='
    validation:
      type: Http
      content:
        request:
          method: GET
          url: "{{ TOKEN }}"
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status: [200, 202, 204, 400, 404, 405]
            - type: StatusMatch
              status: [401, 403]
              negative: true
    references:
      - https://learn.microsoft.com/en-us/azure/azure-functions/functions-bindings-http-webhook-trigger

  - name: Azure Function Master/Host Key
    id: kingfisher.azurefunctionkey.2
    pattern: |
      (?x)
      \b
      (?:
        (?i:azure[_\s-]*function[_\s-]*(?:key|master[_\s-]*key|host[_\s-]*key))
        |
        (?i:x-functions-key)
      )
      (?:.|[\n\r]){0,16}?
      (
        [a-zA-Z0-9_/+=-]{40,100}
      )
    pattern_requirements:
      min_digits: 2
    min_entropy: 3.5
    confidence: medium
    categories: [api, key]
    examples:
      - 'AZURE_FUNCTION_KEY=AbCdEfGhIjKlMnOpQrStUvWxYz1234567890ABCDEFGH/+=='
      - 'x-functions-key: AbCdEfGhIjKlMnOpQrStUvWxYz1234567890ABCDEFGH'
    references:
      - https://learn.microsoft.com/en-us/azure/azure-functions/functions-bindings-http-webhook-trigger