PRP: Secret extractor for DeepL API Key

[r00tX-glitch]

• Secret name: DeepL API Key

• Risk in exposing the secret:
  If exposed, attackers can misuse the DeepL API to make unauthorized translation or text-improvement requests—potentially leading to unexpected charges, abuse of your translation quota, or data privacy breaches.

• Validation method, if any:

  • APIs queried to verify the secret is associated with a real prod account:
    • Use the /usage endpoint to verify the key is valid and active, and retrieve current billing-period usage

• Resources:

https://support.deepl.com/hc/en-us/articles/9773914250012-About-DeepL-API

---

[github-actions]

Welcome to the OSV-SCALIBR patch reward program!
Your issue has been added to our triage queue and will reviewed
shortly. The panel usually takes a decision once per week, so it
can take up to a week before you hear back from us.
Please, do not start the work until the panel has reached a
decision. Although we always welcome contributions, unapproved
work is not eligible for a reward.
~The OSV-SCALIBR PRP team

[github-actions]

This message is addressed to the OSV-SCALIBR panel.

Contributor stats

• The contributor has 0 issues tagged as main;
• The contributor has 0 issues tagged as queue.

Useful links

• All open issues from this contributor
• All open PRs from this contributor

[erikvarga]

The risk in exposing DeepL keys is not very high so we'll consider this out of scope for the PRP.