PRP: Secret extractor for Square Access token

[FUZZYCHICK]

Secret Name

Square Access Token

Risk in Exposing the Secret

Square access tokens can be used to access payment data, process transactions, retrieve customer information, manage inventory, access location data, and perform financial operations through the Square API. This could lead to unauthorized access to sensitive payment information, customer data, business analytics, and the ability to process fraudulent transactions or refunds.

Validation Method

One can validate the access token with the following endpoint:

curl https://connect.squareup.com/v2/locations \
  -H "Authorization: Bearer access_token_here" 

Alternatively, test with a simple merchant info request:

curl https://connect.squareup.com/v2/merchants \
  -H "Authorization: Bearer access_token_here" \

Token Details

• Application tokens are associated with specific Square applications

Reference

Square API Authentication Documentation

[github-actions]

Welcome to the OSV-SCALIBR patch reward program!
Your issue has been added to our triage queue and will reviewed
shortly. The panel usually takes a decision once per week, so it
can take up to a week before you hear back from us.
Please, do not start the work until the panel has reached a
decision. Although we always welcome contributions, unapproved
work is not eligible for a reward.
~The OSV-SCALIBR PRP team

[github-actions]

This message is addressed to the OSV-SCALIBR panel.

Contributor stats

• The contributor has 0 issues tagged as main;
• The contributor has 0 issues tagged as queue.

Useful links

• All open issues from this contributor
• All open PRs from this contributor