rules:
  - name: urlscan.io API Key
    id: kingfisher.urlscan.1
    pattern: |
      (?xi)
      \b
      urlscan
      (?:.|[\n\r]){0,16}?
      (?:SECRET|PRIVATE|ACCESS|KEY|TOKEN)
      (?:.|[\n\r]){0,16}?
      \b
      (
        (?:[A-Za-z0-9]{32}|[A-Za-z0-9]{36})
      )
      \b
    min_entropy: 3.5
    confidence: medium
    pattern_requirements:
      min_digits: 2
    examples:
      - urlscan_api_key = "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8"
      - URLSCAN_KEY=abcdef1234567890abcdef1234567890
    references:
      - https://urlscan.io/docs/api/
      - https://docs.urlscan.io/
    validation:
      type: Http
      content:
        request:
          method: GET
          url: https://urlscan.io/user/quotas/
          headers:
            API-Key: "{{ TOKEN }}"
            Content-Type: application/json
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status: [200]
            - type: JsonValid