rules:
  - name: Docker Hub Personal Access Token
    id: kingfisher.dockerhub.1
    pattern: |
      (?x)
      \b
      (
        dckr_pat_[A-Za-z0-9_-]{27}
      )
      (?: $ | [^A-Za-z0-9_-] )
    pattern_requirements:
      min_digits: 2
    min_entropy: 3.3
    confidence: medium
    examples:
      - docker login -u gemesa -p dckr_pat_hc8VxYclixyTr2rDFsa2rqzkP3Y
      - docker login -u gemesa -p dckr_pat_tkzBYxjNNC3R_Yg6jd_O-G8FbrJ
      - docker login -u gemesa -p dckr_pat_1q8yKET1VDJTpfCwseUDzT8vFh-
    references:
      - https://docs.docker.com/reference/api/hub/latest/#tag/access-tokens/paths/~1v2~1access-tokens~1%7Buuid%7D/get
    validation:
      type: Http
      content:
        request:
          headers:
            Authorization: Bearer {{ TOKEN }}
            Accept: application/json
          method: GET
          response_matcher:
            - report_response: true
            - status:
                - 200
              type: StatusMatch
          url: https://hub.docker.com/v2/access-tokens?page_size=1
  - name: Docker Hub Organization Access Token
    id: kingfisher.dockerhub.2
    pattern: |
      (?x)
      \b
      (
        dckr_oat_[A-Za-z0-9_-]{32}
      )
      (?: $ | [^A-Za-z0-9_-] )
    pattern_requirements:
      min_digits: 2
    min_entropy: 3.3
    confidence: medium
    examples:
      - docker login -u docker-test -p dckr_oat_7bA9zRt5-JqX3vP0l_MnY8sK2wE-dF6h
    references:
      - https://docs.docker.com/enterprise/security/access-tokens/
    validation:
      type: Http
      content:
        request:
          headers:
            Authorization: Bearer {{ TOKEN }}
            Accept: application/json
          method: GET
          response_matcher:
            - report_response: true
            - status:
                - 200
              type: StatusMatch
          url: https://hub.docker.com/v2/access-tokens?page_size=1