kingfisher/crates/kingfisher-rules/data/rules/ringcentral.yml

rules:
  - name: RingCentral Client ID
    id: kingfisher.ringcentral.1
    pattern: |
      (?x)
      \b
      (?i:ringcentral|ring.?central)
      (?:.|[\n\r]){0,32}?
      (?i:CLIENT.?ID|APP.?KEY|APP.?ID)
      (?:.|[\n\r]){0,32}?
      \b
      (
        [A-Za-z0-9_-]{22}
      )
      \b
    pattern_requirements:
      min_digits: 2
      min_uppercase: 1
      min_lowercase: 1
    min_entropy: 3.5
    confidence: medium
    visible: false
    examples:
      - 'RINGCENTRAL_CLIENT_ID="aB1cD2eF3gH4iJ5kL6mN7o"'
    references:
      - https://developers.ringcentral.com/api-reference/

  - name: RingCentral Client Secret
    id: kingfisher.ringcentral.2
    pattern: |
      (?x)
      \b
      (?i:ringcentral|ring.?central)
      (?:.|[\n\r]){0,32}?
      (?i:CLIENT.?SECRET|APP.?SECRET)
      (?:.|[\n\r]){0,32}?
      \b
      (
        [A-Za-z0-9_-]{22}
      )
      \b
    pattern_requirements:
      min_digits: 2
      min_uppercase: 1
      min_lowercase: 1
    min_entropy: 3.5
    confidence: medium
    examples:
      - 'RINGCENTRAL_CLIENT_SECRET="xY9zW8vU7tS6rQ5pO4nM3l"'
    negative_examples:
      - 'RINGCENTRAL_URL="https://platform.ringcentral.com"'
    validation:
      type: Http
      content:
        request:
          method: POST
          url: "{{ RINGCENTRAL_BASE_URL }}/restapi/oauth/token"
          headers:
            Accept: application/json
            Content-Type: application/x-www-form-urlencoded
            Authorization: "Basic {{ CLIENT_ID | append: ':' | append: TOKEN | b64enc }}"
          body: >
            grant_type=authorization_code&code=INVALID_AUTH_CODE&redirect_uri={{ REDIRECT_URI | url_encode }}
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status: [400]
            - type: WordMatch
              match_all_words: false
              words:
                - invalid_grant
                - authentication_error
            - type: WordMatch
              words:
                - invalid_client
              negative: true
    depends_on_rule:
      - rule_id: kingfisher.ringcentral.1
        variable: CLIENT_ID
      - rule_id: kingfisher.ringcentral.3
        variable: RINGCENTRAL_BASE_URL
      - rule_id: kingfisher.ringcentral.4
        variable: REDIRECT_URI
    references:
      - https://developers.ringcentral.com/guide/authentication/auth-code-flow

  - name: RingCentral OAuth Base URL
    id: kingfisher.ringcentral.3
    pattern: |
      (?xi)
      \b
      (
        https://platform(?:\.devtest)?\.ringcentral\.com
      )
      \b
    min_entropy: 1.0
    confidence: medium
    visible: false
    examples:
      - RINGCENTRAL_BASE_URL=https://platform.ringcentral.com
      - RINGCENTRAL_SANDBOX_URL=https://platform.devtest.ringcentral.com
    references:
      - https://developers.ringcentral.com/guide/authentication/auth-code-flow

  - name: RingCentral Redirect URI
    id: kingfisher.ringcentral.4
    pattern: |
      (?xi)
      \b
      ring.?central
      (?:.|[\n\r]){0,64}?
      (?:redirect[_-]?uri|oauth[_-]?redirect)\b
      (?:.|[\n\r]){0,16}?
      [=:"'\s]
      (
        https?://[^\s"'<>]{6,200}
      )
    min_entropy: 1.5
    confidence: medium
    visible: false
    examples:
      - RINGCENTRAL_REDIRECT_URI=https://example.com/ringcentral/callback
      - 'ringcentral.redirect_uri = "https://localhost:8080/oauth/ringcentral"'
    references:
      - https://developers.ringcentral.com/guide/authentication/auth-code-flow