forked from mirrors/kingfisher
36 lines
1.1 KiB
YAML
36 lines
1.1 KiB
YAML
rules:
|
|
- name: Braintree Tokenization Key
|
|
id: kingfisher.braintree.1
|
|
pattern: |
|
|
(?x)
|
|
\b
|
|
(?i:braintree)
|
|
(?:.|[\n\r]){0,32}?
|
|
(?i:KEY|TOKEN|TOKENIZATION)
|
|
(?:.|[\n\r]){0,32}?
|
|
\b
|
|
(
|
|
(?:sandbox|production)
|
|
_
|
|
[a-z0-9]{6,10}
|
|
_
|
|
[a-z0-9]{14,20}
|
|
)
|
|
\b
|
|
pattern_requirements:
|
|
min_digits: 2
|
|
min_lowercase: 6
|
|
min_entropy: 3.0
|
|
confidence: medium
|
|
examples:
|
|
- 'BRAINTREE_TOKENIZATION_KEY="sandbox_f252zhq7_hh4cpc39zq4rgjcg"'
|
|
- 'braintree_token = production_abc12def_ghij34klmnop5678'
|
|
negative_examples:
|
|
- sandbox_f252zhq7_hh4cpc39zq4rgjcg
|
|
- 'BRAINTREE_URL="https://api.braintreegateway.com"'
|
|
references:
|
|
- https://developer.paypal.com/braintree/docs/guides/authorization/tokenization-key
|
|
- https://developer.paypal.com/braintree/docs/start/overview
|
|
# No standalone validation or revocation is added: Braintree documents
|
|
# tokenization keys as publishable client credentials, and the public docs
|
|
# do not describe a programmatic tokenization-key introspection or revoke API.
|