rules:
  - name: VirusTotal API Key
    id: kingfisher.virustotal.1
    pattern: |
      (?xi)
      \b
      virustotal
      (?:.|[\n\r]){0,32}?
      (?:api[_-]?key|x[_-]?apikey|key)
      (?:.|[\n\r]){0,16}?
      \b
      (
        [A-Za-z0-9]{64}
      )
      \b
    min_entropy: 3.6
    confidence: medium
    pattern_requirements:
      min_digits: 2
    examples:
      - VIRUSTOTAL_API_KEY=abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890
      - virustotal_x_apikey = "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e1f2"
    references:
      - https://docs.virustotal.com/reference/authentication
      - https://docs.virustotal.com/docs/please-give-me-an-api-key
    validation:
      type: Http
      content:
        request:
          method: GET
          url: https://www.virustotal.com/api/v3/domains/google.com
          headers:
            x-apikey: "{{ TOKEN }}"
            Accept: application/json
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status: [200]
            - type: StatusMatch
              status: [401, 403]
              negative: true
            - type: JsonValid