kingfisher/data/rules/rapidapi.yml

rules:
  - name: RapidAPI Key
    id: kingfisher.rapidapi.1
    pattern: |
      (?xi)
      \b
      rapidapi
      (?:.|[\n\r]){0,32}?
      (?:SECRET|PRIVATE|ACCESS|KEY|TOKEN)
      (?:.|[\n\r]){0,32}?
      \b
      (
        [A-Za-z0-9_-]{50}
      )
      \b
    pattern_requirements:
      min_digits: 2
    min_entropy: 4.0
    confidence: medium
    examples:
      - rapidapi_key=abcdefghij1234567890ABCDEFGHIJ1234567890abcdefghij
      - '"rapidapiKey":"ABCDEFGHIJ1234567890abcdefghij1234567890ABCDEFGHIJ"'
    references:
      - https://docs.rapidapi.com/docs/configuring-api-security
      - https://docs.rapidapi.com/docs/keys-and-key-rotation
    validation:
      type: Http
      content:
        request:
          method: GET
          url: "https://weatherapi-com.p.rapidapi.com/current.json?q=London"
          headers:
            x-rapidapi-key: "{{ TOKEN }}"
            x-rapidapi-host: "weatherapi-com.p.rapidapi.com"
            Accept: application/json
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status: [200]
            - type: WordMatch
              words: ['"country"']