rules:
  - name: Endor Labs API Key
    id: kingfisher.endorlabs.1
    visible: false
    confidence: medium
    min_entropy: 3.0
    pattern: |
      (?xi)
      \b
      ENDOR_API_CREDENTIALS_KEY
      (?:.|[\n\r]){0,32}?
      (
        endr\+[A-Za-z0-9-]{16}
      )
      \b
    examples:
      - ENDOR_API_CREDENTIALS_KEY=endr+foo1234567890abc
    pattern_requirements:
      min_digits: 2

  - name: Endor Labs API Secret
    id: kingfisher.endorlabs.2
    pattern: |
      (?xi)
      \b
      ENDOR_API_CREDENTIALS_SECRET
      (?:.|[\n\r]){0,32}?
      (
        endr\+[A-Za-z0-9-]{16}
      )
      \b
    pattern_requirements:
      min_digits: 2
    min_entropy: 3.5
    confidence: medium
    examples:
      - ENDOR_API_CREDENTIALS_SECRET=endr+bar1234567890abc
    references:
      - https://docs.endorlabs.com/rest-api/authentication/
    depends_on_rule:
      - rule_id: kingfisher.endorlabs.1
        variable: ENDOR_API_KEY
    validation:
      type: Http
      content:
        request:
          method: POST
          # Endor Labs exchanges key+secret for an ENDOR_TOKEN via this endpoint
          url: https://api.endorlabs.com/v1/auth/api-key
          headers:
            Content-Type: application/json
            Accept: application/json
          body: |
            {"key":"{{ ENDOR_API_KEY }}","secret":"{{ TOKEN }}"}
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status: [200]
            - type: JsonValid
            - type: WordMatch
              words: ['"token"']