rules:
  - name: Guardian API Key
    id: kingfisher.guardian.1
    pattern: |
      (?xi)
      \b
      guardian
      (?:.|[\n\r]){0,32}?
      (?:SECRET|PRIVATE|ACCESS|KEY|TOKEN|API)
      (?:.|[\n\r]){0,32}?
      \b
      (
        [0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}
      )
      \b
    pattern_requirements:
      min_digits: 2
    min_entropy: 3.5
    confidence: medium
    examples:
      - guardian SECRET=abcdef12-1234-abcd-5678-abcdef123456
      - guardianPRIVATEKEY=abcdef12-1234-abcd-5678-abcdef123456
    references:
      - https://open-platform.theguardian.com/documentation/
      - https://open-platform.theguardian.com/documentation/section
    validation:
      type: Http
      content:
        request:
          method: GET
          url: "https://content.guardianapis.com/sections?api-key={{ TOKEN }}"
          headers:
            Accept: application/json
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status: [200]
            - type: WordMatch
              words: ['"status":"ok"']