Fixed formatting

other/tokens/adobe-oauth-secret.bcheck

@@ -8,8 +8,8 @@ metadata:
 given response then
   if {latest.response} matches "(?i)\b(p8e-[a-z0-9-]{32})(?:[^a-z0-9-]|$)" then
       report issue:
-          severity: info
-          confidence: tentative
-          detail: "Adobe OAuth Client Secret found in page."
-          remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
+        severity: info
+        confidence: tentative
+        detail: "Adobe OAuth Client Secret found in page."
+        remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
   end if

other/tokens/age-secret-key.bcheck

@@ -8,8 +8,8 @@ metadata:
 given response then
   if {latest.response} matches "\bAGE-SECRET-KEY-1[0-9A-Z]{58}\b" then
       report issue:
-          severity: info 
-          confidence: tentative
-          detail: "Age identity key found in page."
-          remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
+        severity: info 
+        confidence: tentative
+        detail: "Age identity key found in page."
+        remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
   end if

other/tokens/aws-access-secret-key.bcheck

@@ -8,14 +8,14 @@ metadata:
 given response then
   if {latest.response} matches "(?:\"|')?AWS_SECRET_ACCESS_KEY(?:\"|')?\\s*:\\s*(?:\"|')?[A-Za-z0-9\\/+=]{40}(?:\"|')?" then
       report issue:
-          severity: low
-          confidence: tentative
-          detail: "AWS Access/Secret Key found in page."
-          remediation: "Review and remove unnecessary exposure of keys and\/or sensitive data from page source."
+        severity: low
+        confidence: tentative
+        detail: "AWS Access/Secret Key found in page."
+        remediation: "Review and remove unnecessary exposure of keys and\/or sensitive data from page source."
   else if {latest.response} matches "(?:\"|')?AWS_ACCESS_KEY_ID(?:\"|')?\\s*:\\s*(?:\"|')?[A-Z0-9]{20}(?:\"|')?" then
       report issue:
-          severity: low 
-          confidence: tentative
-          detail: "AWS Access Key ID found in page."
-          remediation: "Review and remove unnecessary exposure of keys and\/or sensitive data from page source."
+        severity: low 
+        confidence: tentative
+        detail: "AWS Access Key ID found in page."
+        remediation: "Review and remove unnecessary exposure of keys and\/or sensitive data from page source."
   end if

other/tokens/aws-api-key.bcheck

@@ -7,9 +7,9 @@ metadata:
 
 given response then
   if {latest.response} matches "\b((?:A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16})\b" then
-    report issue:
-      severity: info
-      confidence: tentative
-      detail: "AWS API key found in page."
-      remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
+     report issue:
+       severity: info
+       confidence: tentative
+       detail: "AWS API key found in page."
+       remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
   end if

other/tokens/aws-session-token.bcheck

@@ -8,8 +8,8 @@ metadata:
 given response then
   if {latest.response} matches "(?i)(?:aws.?session|aws.?session.?token|aws.?token)[\"'`]?\s{0,30}(?::|=>|=)\s{0,30}[\"'`]?([a-z0-9/+=]{16,200})[^a-z0-9/+=]" then
       report issue:
-          severity: info 
-          confidence: tentative
-          detail: "AWS Session token exposure found in page."
-          remediation: "Review and remove unnecessary exposure of keys and\/or sensitive data from page source."
+        severity: info 
+        confidence: tentative
+        detail: "AWS Session token exposure found in page."
+        remediation: "Review and remove unnecessary exposure of keys and\/or sensitive data from page source."
   end if

other/tokens/axiom-digitalocean-key-exposure.bcheck

@@ -8,8 +8,8 @@ metadata:
 given response then
   if {latest.response} matches "\"do_key\"\: .*" then
       report issue:
-          severity: low 
-          confidence: tentative
-          detail: "DigitalOcean key exposed via Axiom."
-          remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
+        severity: low 
+        confidence: tentative
+        detail: "DigitalOcean key exposed via Axiom."
+        remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
   end if

other/tokens/azure-apim-secretkey.bcheck

@@ -8,8 +8,8 @@ metadata:
 given response then
   if {latest.response} matches "Ocp-Apim-Subscription-Key:" then
       report issue:
-          severity: info 
-          confidence: tentative
-          detail: "Azure - APIM Secret Key found in page."
-          remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
+        severity: info 
+        confidence: tentative
+        detail: "Azure - APIM Secret Key found in page."
+        remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
   end if

other/tokens/bitly-secret-key.bcheck

@@ -8,8 +8,8 @@ metadata:
 given response then
     if {latest.response} matches "R_[0-9a-f]{32}" then
         report issue:
-            severity: info
-            confidence: tentative
-            detail: "Bitly Secret Key found in page."
-            remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
+          severity: info
+          confidence: tentative
+          detail: "Bitly Secret Key found in page."
+          remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
     end if

other/tokens/braintree-access-token.bcheck

@@ -8,8 +8,8 @@ metadata:
 given response then
   if {latest.response} matches "access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}" then
       report issue:
-          severity: info
-          confidence: tentative
-          detail: "Paypal Braintree access token found in page."
-          remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
+        severity: info
+        confidence: tentative
+        detail: "Paypal Braintree access token found in page."
+        remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
   end if

other/tokens/cloudinary-credentials.bcheck

@@ -8,8 +8,8 @@ metadata:
 given response then
   if {latest.response} matches "cloudinary://[0-9]+:[A-Za-z0-9\-_\.]+@[A-Za-z0-9\-_\.]+" then
       report issue:
-          severity: info
-          confidence: tentative
-          detail: "Cloudinary credentials found in page."
-          remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
+        severity: info
+        confidence: tentative
+        detail: "Cloudinary credentials found in page."
+        remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
   end if

other/tokens/codeclimate-token.bcheck

@@ -8,8 +8,8 @@ metadata:
 given response then
   if {latest.response} matches "(?i)codeclima.{0,50}\b([a-f0-9]{64})\b" then
       report issue:
-          severity: info
-          confidence: tentative
-          detail: "CodeClimate token found in page."
-          remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
+        severity: info
+        confidence: tentative
+        detail: "CodeClimate token found in page."
+        remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
   end if

other/tokens/crates-api-key.bcheck

@@ -8,8 +8,8 @@ metadata:
 given response then
   if {latest.response} matches "\bcio[a-zA-Z0-9]{32}\b" then
       report issue:
-          severity: info 
-          confidence: tentative
-          detail: "Crates.io API key found in page."
-          remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
+        severity: info 
+        confidence: tentative
+        detail: "Crates.io API key found in page."
+        remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
   end if

other/tokens/discord-webhook.bcheck

@@ -7,9 +7,9 @@ metadata:
 
 given response then
   if {latest.response} matches "https://discordapp\.com/api/webhooks/[0-9]+/[A-Za-z0-9\-]+" then
-    report issue:
-      severity: info 
-      confidence: tentative
-      detail: "Discord Webhook found in page."
-      remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
+     report issue:
+       severity: info 
+       confidence: tentative
+       detail: "Discord Webhook found in page."
+       remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
   end if

other/tokens/dynatrace-api-token.bcheck

@@ -8,8 +8,8 @@ metadata:
 given response then
   if {latest.response} matches "\b(dt0[a-zA-Z]{1}[0-9]{2}\.[A-Z0-9]{24}\.[A-Z0-9]{64})\b" then
       report issue:
-          severity: info
-          confidence: tentative
-          detail: "Dynatrace API Token found."
-          remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
+        severity: info
+        confidence: tentative
+        detail: "Dynatrace API Token found."
+        remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
   end if

other/tokens/facebook-access-token.bcheck

@@ -8,8 +8,8 @@ metadata:
 given response then
   if {latest.response} matches "\b(EAACEdEose0cBA[a-zA-Z0-9]+)\b" then
       report issue:
-          severity: info
-          confidence: tentative
-          detail: "Facebook access token found in page."
-          remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
+        severity: info
+        confidence: tentative
+        detail: "Facebook access token found in page."
+        remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
   end if

other/tokens/fcm-server-key.bcheck

@@ -7,9 +7,9 @@ metadata:
 
 given response then
   if {latest.response} matches "AAAA[a-zA-Z0-9_-]{7}:[a-zA-Z0-9_-]{140}" then
-    report issue:
-      severity: low
-      confidence: tentative
-      detail: "FCM server key found in page."
-      remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
+     report issue:
+       severity: low
+       confidence: tentative
+       detail: "FCM server key found in page."
+       remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
   end if

other/tokens/github-app.bcheck

@@ -7,9 +7,9 @@ metadata:
 
 given response then
   if {latest.response} matches "\b((?:ghu|ghs)_[a-zA-Z0-9]{36})\b" then
-    report issue:
-      severity: info
-      confidence: tentative
-      detail: "Github App Token found in page."
-      remediation: "Review and remove unnecessary exposure of keys and\/or sensitive data from page source."
+     report issue:
+       severity: info
+       confidence: tentative
+       detail: "Github App Token found in page."
+       remediation: "Review and remove unnecessary exposure of keys and\/or sensitive data from page source."
   end if

other/tokens/github-oauth-access.bcheck

@@ -8,8 +8,8 @@ metadata:
 given response then
   if {latest.response} matches "\b(gho_[a-zA-Z0-9]{36})\b" then
       report issue:
-          severity: info 
-          confidence: tentative
-          detail: "GitHub OAuth Access Token found in page."
-          remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
+        severity: info 
+        confidence: tentative
+        detail: "GitHub OAuth Access Token found in page."
+        remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
   end if

other/tokens/github-personal-access.bcheck

@@ -8,8 +8,8 @@ metadata:
 given response then
   if {latest.response} matches "\b(ghp_[a-zA-Z0-9]{36})\b" then
       report issue:
-          severity: info 
-          confidence: tentative
-          detail: "GitHub Personal Access Token found in page."
-          remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
+        severity: info 
+        confidence: tentative
+        detail: "GitHub Personal Access Token found in page."
+        remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
   end if

other/tokens/github-refresh.bcheck

@@ -8,8 +8,8 @@ metadata:
 given response then
   if {latest.response} matches "\b(ghr_[a-zA-Z0-9]{76})\b" then
       report issue:
-          severity: info
-          confidence: tentative
-          detail: "GitHub refresh token found in page."
-          remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
+        severity: info
+        confidence: tentative
+        detail: "GitHub refresh token found in page."
+        remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
   end if

other/tokens/gitlab-personal-token.bcheck

@@ -8,8 +8,8 @@ metadata:
 given response then
   if {latest.response} matches "\b(glpat-[0-9a-zA-Z_-]{20})(?:\b|$)" then
       report issue:
-          severity: info
-          confidence: tentative
-          detail: "GitLab Personal Access Token found in page."
-          remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
+        severity: info
+        confidence: tentative
+        detail: "GitLab Personal Access Token found in page."
+        remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
   end if

other/tokens/gitlab-pipeline-token.bcheck

@@ -8,8 +8,8 @@ metadata:
 given response then
     if {latest.response} matches "\b(glptt-[0-9a-f]{40})\b" then
         report issue:
-            severity: info
-            confidence: tentative
-            detail: "GitLab Pipeline Trigger Token found in page."
-            remediation: "Review and remove unnecessary exposure of keys and\/or sensitive data from page source."
+          severity: info
+          confidence: tentative
+          detail: "GitLab Pipeline Trigger Token found in page."
+          remediation: "Review and remove unnecessary exposure of keys and\/or sensitive data from page source."
     end if

other/tokens/gitlab-runner-token.bcheck

@@ -8,8 +8,8 @@ metadata:
 given response then
   if {latest.response} matches "\b(GR1348941[0-9a-zA-Z_-]{20})(?:\b|$)" then
       report issue:
-          severity: info
-          confidence: tentative
-          detail: "Exposed GitLab Runner Registration Token found in page."
-          remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
+        severity: info
+        confidence: tentative
+        detail: "Exposed GitLab Runner Registration Token found in page."
+        remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
   end if

other/tokens/google-api-key.bcheck

@@ -8,8 +8,8 @@ metadata:
 given response then
   if {latest.response} matches "AIza[0-9A-Za-z\-_]{35}" then
       report issue:
-          severity: info
-          confidence: tentative
-          detail: "Google API key found in page."
-          remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
+        severity: info
+        confidence: tentative
+        detail: "Google API key found in page."
+        remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
   end if

other/tokens/google-calendar-link.bcheck

@@ -8,8 +8,8 @@ metadata:
 given response then
   if {latest.response} matches "https://www\.google\.com/calendar/embed\?src=[A-Za-z0-9%@&;=\-_\./]+" then
       report issue:
-          severity: info 
-          confidence: tentative
-          detail: "Google Calendar URI found in page."
-          remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
+        severity: info 
+        confidence: tentative
+        detail: "Google Calendar URI found in page."
+        remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
   end if

other/tokens/google-client-id.bcheck

@@ -8,8 +8,8 @@ metadata:
 given response then
   if {latest.response} matches "(?i)\b([0-9]+-[a-z0-9_]{32})\.apps\.googleusercontent\.com" then
       report issue:
-          severity: info 
-          confidence: tentative
-          detail: "Google client ID found in page."
-          remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
+        severity: info 
+        confidence: tentative
+        detail: "Google client ID found in page."
+        remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
   end if

other/tokens/google-oauth-prefixed.bcheck

@@ -7,9 +7,9 @@ metadata:
 
 given response then
   if {latest.response} matches "(GOCSPX-[a-zA-Z0-9_-]{28})" then
-    report issue:
-      severity: info
-      confidence: tentative
-      detail: "Google OAuth Client Secret found in page."
-      remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
+     report issue:
+       severity: info
+       confidence: tentative
+       detail: "Google OAuth Client Secret found in page."
+       remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
   end if

other/tokens/heroku-api-key.bcheck

@@ -8,8 +8,8 @@ metadata:
 given response then
   if {latest.response} matches "(?i)heroku.{0,20}key.{0,20}\b([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b" then
       report issue:
-          severity: info 
-          confidence: tentative
-          detail: "Heroku API key found in page."
-          remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
+        severity: info 
+        confidence: tentative
+        detail: "Heroku API key found in page."
+        remediation: "Review and remove unnecessary exposure of keys and/or sensitive data from page source."
   end if