rules:
  - name: Yelp API Key
    id: kingfisher.yelp.1
    pattern: |
      (?xi)
      \b
      yelp
      (?:.|[\n\r]){0,32}?
      (?:SECRET|PRIVATE|ACCESS|KEY|TOKEN)
      (?:.|[\n\r]){0,32}?
      \b
      (
        [a-zA-Z0-9_\\=.\\-]{128}
      )
      \b
    pattern_requirements:
      min_digits: 6
    min_entropy: 3.8
    confidence: medium
    examples:
      - yelp_token = wiuck20l8j-oWwCd9r53FqpN6ELB7K03zGw-ccUQR7uLHc9NaWubovOMdGdyFqIGGM4aVK6nxQ1DreDZn_qBYU4jky_5kQRVkiIDPSheCPggY3WzyRzi27kxoOpoYAYx
    references:
      - https://docs.developer.yelp.com/docs/places-authentication
      - https://docs.developer.yelp.com/reference/v3_business_search
      - https://www.yelp.com/developers
    validation:
      type: Http
      content:
        request:
          method: GET
          # /v3/categories can return data with non-functional bearer strings.
          # /v3/businesses/search reliably enforces API key auth.
          url: "https://api.yelp.com/v3/businesses/search?location=Seattle&limit=1"
          headers:
            Authorization: "Bearer {{ TOKEN }}"
            Accept: application/json
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status: [200]
            - type: WordMatch
              words: ['"businesses"']
            # Yelp docs list these auth/authorization failure codes for this endpoint.
            - type: WordMatch
              words:
                - '"error"'
                - '"UNAUTHORIZED_API_KEY"'
                - '"UNAUTHORIZED_ACCESS_TOKEN"'
                - '"TOKEN_INVALID"'
                - '"AUTHORIZATION_ERROR"'
              negative: true
              match_all_words: false