rules:
  - name: Ngrok API Key
    id: kingfisher.ngrok.1
    pattern: |
      (?xi)
      \b
      ngrok
      (?:.|[\\n\r]){0,32}?
      (?:SECRET|PRIVATE|ACCESS|KEY|TOKEN)
      (?:.|[\n\r]){0,32}?
      (
        (?:[a-z0-9]{25,30}_\d[a-z0-9]{20}
        |
        (?:cr_|ak_)[a-z0-9]{25,30})
      )
      \b
    min_entropy: 4
    examples:
      - 'ngrok authtoken: 2Ot3hdNCKF3JRJDCioqNV2J0PPc_6th2CSUm9KsjfXdtRDvzT'
    validation:
      type: Http
      content:
        request:
          method: GET
          headers:
            Authorization: Bearer {{ TOKEN }}
            ngrok-version: 2
          url: https://api.ngrok.com/endpoints          
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status: [200]                         
            - type: WordMatch                          
              words:
                - '"endpoints":'
    references:
      - https://ngrok.com/docs/api#authentication