kingfisher/crates/kingfisher-rules/data/rules/launchdarkly.yml

rules:
  - name: LaunchDarkly Access Token
    id: kingfisher.launchdarkly.1
    pattern: |
      (?xi)
      launchdarkly
      (?:.|[\n\r]){0,32}?
      \b
      (
        [a-z0-9_\-=]{40}
      )
    pattern_requirements:
      min_digits: 2
    min_entropy: 3.2
    confidence: medium
    examples:
      - LAUNCHDARKLY_TOKEN=api-123abc456def789ghi012jkl345mno678pqr
      - '"launchdarkly": "ld-abcdefghijklmno1234567890pqrstuvwxzab"'
    references:
      - https://launchdarkly.com/docs/api
    validation:
      type: Http
      content:
        request:
          method: GET
          url: https://app.launchdarkly.com/api/v2/members
          headers:
            Authorization: '{{ TOKEN }}'
            Accept: application/json
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status:
                - 200
    revocation:
      type: HttpMultiStep
      content:
        steps:
          - name: lookup_token_id
            request:
              method: GET
              url: https://app.launchdarkly.com/api/v2/tokens
              headers:
                Authorization: "{{ TOKEN }}"
                Accept: application/json
              response_matcher:
                - type: StatusMatch
                  status: [200]
            extract:
              LD_TOKEN_ID:
                type: JsonPath
                path: "$.items[0]._id"
          - name: delete_token
            request:
              method: DELETE
              url: "https://app.launchdarkly.com/api/v2/tokens/{{ LD_TOKEN_ID }}"
              headers:
                Authorization: "{{ TOKEN }}"
              response_matcher:
                - report_response: true
                - type: StatusMatch
                  status: [204]