rules:
  - name: Contentstack API Key
    id: kingfisher.contentstack.2
    pattern: |
      (?xi)
      \b
      contentstack
      (?:.|[\n\r]){0,32}?
      (?:API[_\s]?KEY|STACK[_\s]?API[_\s]?KEY)
      (?:.|[\n\r]){0,16}?
      \b
      (
        blt[a-f0-9]{10}
      )
      \b
    min_entropy: 3.0
    confidence: medium
    visible: false
    examples:
      - CONTENTSTACK_API_KEY=blt1234567890
  - name: Contentstack Management Token
    id: kingfisher.contentstack.1
    pattern: |
      (?xi)
      \b
      contentstack
      (?:.|[\n\r]){0,32}?
      (?:MANAGEMENT[_\s]?TOKEN|AUTH[_\s]?TOKEN|TOKEN)
      (?:.|[\n\r]){0,32}?
      \b
      (
        cs[a-f0-9]{32}
      )
      \b
    min_entropy: 3.5
    confidence: medium
    pattern_requirements:
      min_digits: 2
    examples:
      - CONTENTSTACK_MANAGEMENT_TOKEN=cs1234567890abcdef1234567890abcdef
      - contentstack_token = "csa1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4"
    references:
      - https://www.contentstack.com/docs/developers/create-tokens/overview-of-tokens
      - https://www.contentstack.com/docs/developers/apis/content-management-api
    validation:
      type: Http
      content:
        request:
          method: GET
          url: "https://api.contentstack.io/v3/stacks"
          headers:
            api_key: "{{ APIKEY }}"
            authorization: "Bearer {{ TOKEN }}"
            Content-Type: application/json
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status: [200]
            - type: JsonValid
    depends_on_rule:
      - rule_id: kingfisher.contentstack.2
        variable: APIKEY