forked from mirrors/kingfisher
52 lines
1.7 KiB
YAML
52 lines
1.7 KiB
YAML
rules:
|
|
- name: Yelp API Key
|
|
id: kingfisher.yelp.1
|
|
pattern: |
|
|
(?xi)
|
|
\b
|
|
yelp
|
|
(?:.|[\n\r]){0,32}?
|
|
(?:SECRET|PRIVATE|ACCESS|KEY|TOKEN)
|
|
(?:.|[\n\r]){0,32}?
|
|
\b
|
|
(
|
|
[a-zA-Z0-9_\\=.\\-]{128}
|
|
)
|
|
\b
|
|
pattern_requirements:
|
|
min_digits: 6
|
|
min_entropy: 3.8
|
|
confidence: medium
|
|
examples:
|
|
- yelp_token = wiuck20l8j-oWwCd9r53FqpN6ELB7K03zGw-ccUQR7uLHc9NaWubovOMdGdyFqIGGM4aVK6nxQ1DreDZn_qBYU4jky_5kQRVkiIDPSheCPggY3WzyRzi27kxoOpoYAYx
|
|
references:
|
|
- https://docs.developer.yelp.com/docs/places-authentication
|
|
- https://docs.developer.yelp.com/reference/v3_business_search
|
|
- https://www.yelp.com/developers
|
|
validation:
|
|
type: Http
|
|
content:
|
|
request:
|
|
method: GET
|
|
# /v3/categories can return data with non-functional bearer strings.
|
|
# /v3/businesses/search reliably enforces API key auth.
|
|
url: "https://api.yelp.com/v3/businesses/search?location=Seattle&limit=1"
|
|
headers:
|
|
Authorization: "Bearer {{ TOKEN }}"
|
|
Accept: application/json
|
|
response_matcher:
|
|
- report_response: true
|
|
- type: StatusMatch
|
|
status: [200]
|
|
- type: WordMatch
|
|
words: ['"businesses"']
|
|
# Yelp docs list these auth/authorization failure codes for this endpoint.
|
|
- type: WordMatch
|
|
words:
|
|
- '"error"'
|
|
- '"UNAUTHORIZED_API_KEY"'
|
|
- '"UNAUTHORIZED_ACCESS_TOKEN"'
|
|
- '"TOKEN_INVALID"'
|
|
- '"AUTHORIZATION_ERROR"'
|
|
negative: true
|
|
match_all_words: false
|