kingfisher/crates/kingfisher-rules/data/rules/owlbot.yml

rules:
  - name: Owlbot API Key
    id: kingfisher.owlbot.1
    pattern: |
      (?xi)
      \b
      owlbot
      (?:.|[\n\r]){0,64}?
      (?:api[_-]?key|secret|private|access|token|key)
      (?:.|[\n\r]){0,64}?
      \b
      (
        [a-f0-9]{40}
      )
      \b
    pattern_requirements:
      min_digits: 2
    min_entropy: 3.5
    confidence: medium
    examples:
      - "owlbot SECRET b7d21c0e88e9a3c5938fb045b2b6a5e693eaf9d1"
      - "owlbot TOKEN 8a5de3a89b7e4f29bf728b45adcdea6ea3410c78"
    references:
      - https://documentation.owlbot.ai/
    validation:
      type: Http
      content:
        request:
          method: GET
          url: "https://www.owlbot.ai/api/login/checkToken"
          headers:
            # Owlbot expects the API key directly in `Authorization`.
            Authorization: "{{ TOKEN }}"
            Accept: application/json
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status: [200]
            - type: WordMatch
              words: ['"user"', '"chatbot"']