rules:
  - name: Azure Storage Account Name
    id: kingfisher.azurestorage.1
    pattern: |
      (?xi)
      (?:
        # A) Connection string: AccountName=<name>
        (?i:AccountName)\s*=\s*([a-z0-9]{3,24})(?:\b|[^a-z0-9])
      |
        # B) Blob endpoint URL: <name>.blob.core.windows.net
        ([a-z0-9]{3,24})\.blob\.core\.windows\.net\b
      |
        # C) Explicit KV labels near 'azure storage/account name' with tight separators
        \bazure(?:[_\s-]*)(?:storage|account)(?:[_\s-]*)(?:name)\b
        [\s:=\"']{0,6}
        ([a-z0-9]{3,24})(?:\b|[^a-z0-9])
      |
        # D) Explicit KV labels near 'azure storage/account name' with tight separators
        (?i:Account[_.-]?Name|Storage[_.-]?(?:Name))(?:.|\s){0,32}?\b([A-Z0-9]{3,32})\b|([A-Z0-9]{3,32})(?i:\.blob\.core\.windows\.net)
      )
    min_entropy: 2.0
    visible: false
    confidence: medium
    examples:
      - AccountName=mystorageaccount
      - mystorageaccount.blob.core.windows.net
      - azure_storage_name="prodblob2024"
    references:
      - https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview
      - https://learn.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key
  - name: Azure Storage Account Key
    id: kingfisher.azurestorage.2
    pattern: |
      (?x)
      \b
      (?:
        (?i:azure)(?:[_\s-]*(?i:storage))?
        (?:[_\s-]*(?:account[_\s-]*key|storage[_\s-]*key|shared[_\s-]*key|access[_\s-]*key|accountkey))
        |
        (?i:account)[_.\s-]*(?i:key)
        |
        (?i:storage)[_.\s-]*(?i:key)
      )
      \b
      (?:.|[\n\r]){0,24}?
      (?:
        [=:]
        |
        ["']\s*:\s*["']
      )
      \s*
      ["']?
      (
        [A-Za-z0-9+/]{86}==
      )
      ['"]?
    pattern_requirements:
      min_digits: 2
      min_uppercase: 2
      min_lowercase: 2
      min_special_chars: 1
    min_entropy: 4.0
    confidence: medium
    examples:
      - Azure AccountKey=oqb4TdY9T0hphvktd5fJnMiHuQqzVy1jd5sSuOpAbGkaoqTlrHl0BOJN2okcasinVLOJzfDbZo1L+ASt68RAhA==
      - Azure AccountKey=B/1EVX2Ui47X09tqU3GI/j+Nko9r5COPm0Hea9tfzitF9MQX9lZZiNO3tYQckWnt+rtlGIWS+sCx+AStkq8ZLg==
      - Azure AccountKey=u45diQdTiXeuSKl5r4EjgbPP72EYpuTNEzfMTi0mk+d2sTisA4gWzt4H1Ag3kqFaCykWZv2S6KQo+AStHF56RQ==
      - Azure AccountKey=b8a/Z4wFAbhOPQTMa4PUTKr2XQhwoyWtP/3PnEto3mK86CFQnVYyTV/HSrij88h5jVYyzwUk0oTw+AStIKN/4w==
      - Azure AccountKey=JJD1GDiHCmtTpCOKpBYkXgZKrZvi7P4mRDe3jNVGc/JL/bp51uWcWL0rkOByk5VsX2MM62A/ABkE+AStU9qMkA==
      - Azure AccountKey=u45diQdTiXeuSKl5r4EjgbPP72EYpuTNEzfMTi0mk+d2sTisA4gWzt4H1Ag3kqFaCykWZv2S6KQo+AStHF56RQ==
    validation:
      type: AzureStorage
    references:
      - https://learn.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key
      - https://learn.microsoft.com/en-us/rest/api/storageservices/
    depends_on_rule:
      - rule_id: kingfisher.azurestorage.1
        variable: AZURENAME