id: confluent-accesstoken

info:
  name: Confluent Access Token
  author: DhiyaneshDK
  severity: info
  reference:
    - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/confluent-access-token.yaml
    - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/confluent-access-token.go
  metadata:
    verified: true
    max-request: 1
  tags: confluent,exposure,tokens

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    extractors:
      - type: regex
        part: body
        regex:
          - (?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$)

# digest: 490a0046304402202ba29bb7b5eeb1819ac3d1f30ed360f39d8cafb331cf53e1435d9333e769c3bf02204705d25be4fbb38f5c97ec6f8cc695ba840298f3363e250c62bfbaa5a61a7efa:922c64590222798bb761d5b6d8e72950