PRP: Secret extractor for Heroku

[FUZZYCHICK]

• Secret name: Heroku API Key

• Risk in exposing the secret:
  Attackers can impersonate the account owner, gain full access to Heroku apps, modify deployments, view logs, inject malicious code, or shut down production services. They can also leverage integrations with other platforms (e.g., GitHub, databases, third-party add-ons) leading to a wider compromise.

• Validation method, if any:

curl -X POST https://api.heroku.com/apps \
-H "Accept: application/vnd.heroku+json; version=3" \
-H "Authorization: Bearer $HEROKU_API_KEY"

• Resources:
  • Heroku Platform API Reference
  • Managing API Keys

[github-actions]

Welcome to the OSV-SCALIBR patch reward program!
Your issue has been added to our triage queue and will reviewed
shortly. The panel usually takes a decision once per week, so it
can take up to a week before you hear back from us.
Please, do not start the work until the panel has reached a
decision. Although we always welcome contributions, unapproved
work is not eligible for a reward.
~The OSV-SCALIBR PRP team

[github-actions]

This message is addressed to the OSV-SCALIBR panel.

Contributor stats

• The contributor has 0 issues tagged as main;
• The contributor has 0 issues tagged as queue.

Useful links

• All open issues from this contributor
• All open PRs from this contributor

[FUZZYCHICK]

Hello @erikvarga,
Hope you are having a great day!
Could you please take a quick look at my new submission and help validate which one I can start working on? This way I don’t have to wait through the weekend before making progress. Thanks a lot🙏