rules:
  - name: MaxMind License Key
    id: kingfisher.maxmind.1
    pattern: |
      (?xi)
      \b
      (
        [a-z0-9]{6}_[a-z0-9]{29}_mmk
      )
      \b
    pattern_requirements:
      min_digits: 2
    min_entropy: 3.8
    confidence: medium
    examples:
      - MAXMIND_LICENSE=AB12CD_1234567890abcdef1234567890abc_mmk
      - license_key="ZXCVBN_0987654321abcdef1234567890abc_mmk"
    references:
      - https://dev.maxmind.com/geoip/docs/web-services
    depends_on_rule:
      - rule_id: kingfisher.maxmind.2
        variable: ACCOUNT_ID
    validation:
      type: Http
      content:
        request:
          method: GET
          url: https://geoip.maxmind.com/geoip/v2.1/city/me
          headers:
            Authorization: "Basic {{ ACCOUNT_ID | append: ':' | append: TOKEN | b64enc }}"
            Accept: application/json
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status:
                - 200
  - name: MaxMind Account ID
    id: kingfisher.maxmind.2
    pattern: |
      (?xi)
      (?:maxmind|geoip|geolite)
      (?:.|[\n\r]){0,40}?
      (?:account|user)
      (?:.|[\n\r]){0,10}?
      (?:id|number)
      (?:.|[\n\r]){0,16}?
      (
        \d{4,8}
      )
    min_entropy: 2.0
    confidence: medium
    visible: false
    examples:
      - MAXMIND_ACCOUNT_ID=123456
      - '"maxmind": {"account_id": "654321", "license_key": "..."}'
      - 'geoip_account_number: 456789'
    references:
      - https://dev.maxmind.com/geoip/docs/web-services