rules:
  - name: Azure OpenAI API Key
    id: kingfisher.azureopenai.1
    pattern: |
      (?xi)
      \b
      azure
      (?:.|[\n\r]){0,8}?
      (?:openai)
      (?:.|[\n\r]){0,16}?
      (?:SECRET|PRIVATE|ACCESS|KEY|TOKEN)
      (?:.|[\n\r]){0,8}?
      (
        [a-f0-9]{32}
      )
      \b
    min_entropy: 3.5
    confidence: medium
    examples:
      - azure_openai_key=1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d
      - azure_openai_secret=abcdef0123456789abcdef0123456789
    references:
      - https://learn.microsoft.com/en-us/rest/api/azureopenai/models/list?view=rest-azureopenai-2024-10-21&tabs=HTTP
    validation:
      type: Http
      content:
        request:
          method: GET
          url: 'https://{{ AZUREHOST }}/openai/models?api-version=2024-10-21'
          headers:
            Api-Key: '{{ TOKEN }}'
          response_matcher:
            - report_response: true
            - status:
                - 200
              type: StatusMatch
            - type: WordMatch
              words:
                - '"object":'
    depends_on_rule:
      - rule_id: kingfisher.azureopenai.host.1
        variable: AZUREHOST
  - name: Azure OpenAI Host
    id: kingfisher.azureopenai.host.1
    pattern: |
      (?xi)
      \b
      (
        [a-z0-9-]+
        \.openai\.azure\.com
      )
      \b
    min_entropy: 2.0
    visible: false
    confidence: medium
    examples:
      - my-instance.openai.azure.com
      - mycompany-east-us.openai.azure.com