forked from mirrors/kingfisher
57 lines
1.6 KiB
YAML
57 lines
1.6 KiB
YAML
rules:
|
|
- name: Stripe Publishable Key
|
|
id: kingfisher.stripe.1
|
|
|
|
pattern: |
|
|
(?xi)
|
|
(?:stripe|strp)
|
|
(?:.|[\n\r]){0,16}?
|
|
(?:SECRET|PRIVATE|ACCESS|KEY|TOKEN)
|
|
(?:.|[\n\r]){0,16}?
|
|
(
|
|
pk_live_
|
|
(?:[0-9A-Z]{6}){4,30}
|
|
)
|
|
min_entropy: 3.3
|
|
confidence: medium
|
|
categories: [api, key]
|
|
examples:
|
|
- stripe_pub_key = pk_live_HQS0j4H75XpthOW87eY1sXa2BYz3Ab
|
|
|
|
- name: Stripe Secret / Restricted Key
|
|
id: kingfisher.stripe.2
|
|
|
|
pattern: |
|
|
(?xi)
|
|
(?:stripe|strp)
|
|
(?:.|[\n\r]){0,16}?
|
|
(?:SECRET|PRIVATE|ACCESS|KEY|TOKEN)
|
|
(?:.|[\n\r]){0,16}?
|
|
(
|
|
(?:
|
|
sk|rk
|
|
)_live_
|
|
(?:[0-9A-Z]{8}){3,25}
|
|
)
|
|
min_entropy: 3.3
|
|
confidence: medium
|
|
examples:
|
|
- stripe_secret_key = sk_live_f01c79xuuug7yodgzj5ws0h1x2kyvho3
|
|
- "strp_sec_key: rk_live_4haG9YwGkL2hXqTj5pSzo8FzB3uCwE7n"
|
|
|
|
validation:
|
|
type: Http
|
|
content:
|
|
request:
|
|
method: GET
|
|
headers:
|
|
Authorization: Bearer {{ TOKEN }}
|
|
Accept: application/json
|
|
url: https://api.stripe.com/v1/account
|
|
response_matcher:
|
|
- report_response: true
|
|
- type: StatusMatch
|
|
status: [200]
|
|
- type: WordMatch
|
|
match_all_words: true
|
|
words: ['"object":"account"']
|