generic.secrets.security.google-maps-apikeyleak.google-maps-apikeyleak

profile photo of semgrepsemgrep
Author
unknown
Download Count*

Detects potential Google Maps API keys in code

Run Locally

Run in CI

Defintion

rules:
  - id: google-maps-apikeyleak
    patterns:
      - pattern-regex: ^(AIza[0-9A-Za-z_-]{35}(?!\S))$
    message: Detects potential Google Maps API keys in code
    languages:
      - generic
    severity: WARNING
    metadata:
      description: Detects potential Google Maps API keys in code
      severity: MEDIUM
      category: security
      confidence: MEDIUM
      impact: HIGH
      likelihood: MEDIUM
      subcategory:
        - audit
      owasp:
        - A3:2017 Sensitive Data Exposure
      references:
        - https://ozguralp.medium.com/unauthorized-google-maps-api-key-usage-cases-and-why-you-need-to-care-1ccb28bf21e
      cwe:
        - "CWE-538: Insertion of Sensitive Information into
          Externally-Accessible File or Directory"
      technology:
        - Google Maps
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
      vulnerability_class:
        - Mishandled Sensitive Information

Examples

google-maps-apikeyleak.generic

# ruleid: google-maps-apikeyleak
AIzaSyAOVYRIgupAurZup5y1PRh8Ismb1A3lLao