kingfisher/crates/kingfisher-rules/data/rules/gumroad.yml

rules:
  - name: Gumroad Access Token
    id: kingfisher.gumroad.1
    pattern: |
      (?xi)
      \b
      gumroad
      (?:.|[\n\r]){0,32}?
      (?:SECRET|PRIVATE|ACCESS|KEY|TOKEN|ACCESS_TOKEN|OAUTH)
      (?:.|[\n\r]){0,48}?
      \b
      (
        [a-f0-9]{64}
        |
        [A-Z0-9-]{43}
      )
      \b
    pattern_requirements:
      min_digits: 2
    min_entropy: 3.5
    confidence: medium
    examples:
      - gumroad_access_token=abf11e4ab2850ffd50ef690257f7a1c998a443059513d1a4826f2b3159620505
      - gumroadSECRET = abf11e4ab2850ffd50ef690257f7a1c998a443059513d1a4826f2b3159620505
      - gumroadPRIVATE-abf11e4ab2850ffd50ef690257f7a1c998a443059513d1a4826f2b3159620505
    references:
      - https://gumroad.com/api
      - https://gumroad.com/help/article/280-create-application-api
    validation:
      type: Http
      content:
        request:
          method: GET
          url: "https://api.gumroad.com/v2/user?access_token={{ TOKEN }}"
          headers:
            Accept: application/json
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status: [200]
            - type: WordMatch
              words: ['"success":true', '"user"']