rules:
  - name: Amplitude Secret Key
    id: kingfisher.amplitude.1
    pattern: |
      (?xi)
      \b
      amplitude
      (?:.|[\n\r]){0,32}?
      (?:SECRET|PRIVATE|ACCESS|KEY|TOKEN|AUTHORIZATION)
      (?:.|[\n\r]){0,16}?
      \b
      (
        [a-f0-9]{32}
      )
      \b
    pattern_requirements:
      min_digits: 4
    min_entropy: 3.3
    confidence: medium
    examples:
      - 'amplitude_api_key=8b6f8d6594749cb659b1be03e6a0a2e7'
      - 'AMPLITUDE_API_KEY=ef929907c3923e8f3da83c24f0255aa6'
      - "AMPLITUDE_SECRET_KEY=8b6f8d6594749cb659b1be03e6a0a2e7"
    references:
      - https://amplitude.com/docs/apis/authentication
      - https://www.docs.developers.amplitude.com/analytics/apis/export-api/
    validation:
      type: Http
      content:
        request:
          method: POST
          url: https://api2.amplitude.com/2/httpapi
          headers:
            Content-Type: application/json
            Accept: "*/*"
          body: |
            {
              "api_key": "{{ TOKEN }}",
              "events": [
                {
                  "user_id": "203201202",
                  "device_id": "C8F9E604-F01A-4BD9-95C6-8E5357DF265D",
                  "event_type": "watch_tutorial"
                }
              ]
            }
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status: [200]
            - type: WordMatch
              words:
                - '"code":200'