rules:
  - name: HTTP Basic Authentication
    id: kingfisher.http.1

    pattern: |
      (?x)(?i)
      Authorization (?: :\s+ | \s*.{1, 5}\s*) Basic \s+
      ( [A-Za-z0-9+/]{6,} ={0,2} )
      (?: [^A-Za-z0-9+/=] | $ )
    confidence: low
    min_entropy: 3.0
    examples:
      - "Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="

    references:
      - https://datatracker.ietf.org/doc/html/rfc7617
      - https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication

  - name: HTTP Bearer Token
    id: kingfisher.http.2
    pattern: |
      (?x)(?i)
      Authorization (?: :\s+ | \s*.{1, 5}\s*) Bearer \s+
      ([a-zA-z0-9._~+/-]{6,} =*)
      (?: [^a-zA-z0-9._~+/=-] | $ )
    confidence: low
    min_entropy: 3.0
    examples:
      - |
        GET /resource HTTP/1.1
        Host: server.example.com
        Authorization: Bearer mF_9.B5f-4.1JqM

    references:
      - https://datatracker.ietf.org/doc/html/rfc6750
      - https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication