id: razorpay-clientid-disclosure

info:
  name: Razorpay Client ID Disclosure
  author: Devang-Solanki
  severity: high
  reference:
    - https://github.com/streaak/keyhacks#Razorpay-keys
    - https://docs.gitguardian.com/secrets-detection/detectors/specifics/razorpay_apikey
  metadata:
    max-request: 1
  tags: exposure,token,razorpay

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    extractors:
      - type: regex
        part: body
        regex:
          - "rzp_(live|test)_.{14}"

# digest: 490a0046304402200d89b809e1ccf9caf3bf3209ff934fb96b4f554eac5d1bf96a2383184eac0fd4022071c35dafa344d46daf12c13913b9877853a0322a610390c778f3db7ea149b791:922c64590222798bb761d5b6d8e72950