kingfisher/crates/kingfisher-rules/data/rules/miro.yml

rules:
  - name: Miro Access Token
    id: kingfisher.miro.1
    pattern: |
      (?x)
      \b
      (?i:miro)
      (?:.|[\n\r]){0,32}?
      (?i:(?:SECRET|PRIVATE|ACCESS|KEY|TOKEN|AUTH|TOKEN))
      (?:.|[\n\r]){0,32}?
      \b     
      (
        eyJtaXJv
        [A-Za-z0-9-]{10,64}
        _
        [A-Za-z0-9_-]{20,64}
      )
      \b
    pattern_requirements:
      min_digits: 1
      min_uppercase: 1
      min_lowercase: 1
    min_entropy: 3.5
    confidence: medium
    examples:
      - miro_key = eyJtaXJvLm9yaWdpbiI6ImV1MDEifQ_o-P91OccaII0A63CDSK--x21xiI
      - 'MIRO_TOKEN="eyJtaXJvLm9yaWdpbiI6InVzMDEifQ_kL8m2Nq7RpWxYz3AbCdEfGhI"'
    references:
      - https://developers.miro.com/docs/rest-api-authorization
      - https://developers.miro.com/reference/get-token-info
    validation:
      type: Http
      content:
        request:
          method: GET
          url: https://api.miro.com/v1/oauth-token
          headers:
            Accept: application/json
            Authorization: 'Bearer {{ TOKEN }}'
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status: [200]
            - type: JsonValid

  - name: Miro Client Secret
    id: kingfisher.miro.2
    pattern: |
      (?xi)
      \b
      miro
      (?:.|[\n\r]){0,40}?
      (?:client[_-]?secret|app[_-]?secret)
      (?:.|[\n\r]){0,20}?
      \b
      (
        [A-Za-z0-9]{32}
      )
      \b
    pattern_requirements:
      min_digits: 2
      min_uppercase: 2
      min_lowercase: 2
    min_entropy: 3.5
    confidence: medium
    examples:
      - 'MIRO_CLIENT_SECRET=5VEWim0jDbaytgKXN7ReM7MkfpQ8Rm3d' # nosemgrep
    references:
      - https://developers.miro.com/docs/getting-started-with-oauth
    depends_on_rule:
      - rule_id: kingfisher.miro.3
        variable: CLIENT_ID
    validation:
      type: Http
      content:
        request:
          method: POST
          url: https://api.miro.com/v1/oauth/token
          headers:
            Content-Type: application/x-www-form-urlencoded
          body: "grant_type=authorization_code&client_id={{ CLIENT_ID | url_encode }}&client_secret={{ TOKEN | url_encode }}&code=invalid&redirect_uri=https%3A%2F%2Fexample.com%2Fcallback"
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status: [400]
            - type: JsonValid

  - name: Miro Client ID
    id: kingfisher.miro.3
    pattern: |
      (?xi)
      \b miro
      (?:.|[\n\r]){0,40}?
      (?:client[_-]?id|app[_-]?id)
      (?:.|[\n\r]){0,20}?
      \b
      (
        [0-9]{15,21}
      )
      \b
    pattern_requirements:
      min_digits: 15
    min_entropy: 2.5
    confidence: medium
    visible: false
    examples:
      - 'MIRO_CLIENT_ID=3458764668142796369'
    references:
      - https://developers.miro.com/docs/getting-started-with-oauth