The "client_secret.bcheck" file has been created to detect for the "client_secret", "client_id", & "refresh_token" OAuth API variables, plus variants of "api-key", within front-end files. This file is placed in the other/API folder.
Minor update to Content-Security-Policy.bcheck to look for findings in .js & .css files.
BCheck Contributions
The "client_secret.bcheck" file has been created to detect for the "client_secret", "client_id", & "refresh_token" OAuth API variables, plus variants of "api-key", within front-end files. This file is placed in the other/API folder.
Minor update to Content-Security-Policy.bcheck to look for findings in .js & .css files.
[X] BCheck compiles and executes as expected
[X] BCheck contains appropriate metadata (name, version, author, description and appropriate tags)
[X] Only .bcheck files have been added or modified
[X] BCheck is in the appropriate folder
[X] PR contains single or limited number of BChecks (Multiple PRs are preferred)
[X] BCheck attempts to minimize false positives