rules:
  - id: payment-sensitive-in-telemetry
    message: Sensitive Zahlungsdaten in Telemetrie oder Tracing pruefen.
    severity: ERROR
    languages: [python, javascript, typescript, java, go]
    pattern-regex: (?i)(trace|span|metric|telemetry).*(pan|cvv|track2|cardnumber|pin|expiry)

  - id: payment-sensitive-in-cache
    message: Sensitiver Wert in Cache-Key oder Cache-Payload pruefen.
    severity: WARNING
    languages: [python, javascript, typescript, java, go]
    pattern-regex: (?i)(cache|redis|memcache).*(pan|cvv|track2|cardnumber|pin)

  - id: payment-sensitive-export
    message: Export oder Report mit sensitiven Feldern pruefen.
    severity: WARNING
    languages: [python, javascript, typescript, java, go]
    pattern-regex: (?i)(export|report|csv|xlsx|pdf).*(pan|cvv|track2|cardnumber|pin)

  - id: payment-test-fixture-real-data
    message: Testdaten mit moeglichen echten Kartendaten pruefen.
    severity: WARNING
    languages: [json, yaml, python, javascript, typescript]
    pattern-regex: (?i)(4111111111111111|5555555555554444|track2|cvv)

  - id: payment-queue-sensitive-payload
    message: Queue-Nachricht mit sensitiven Zahlungsfeldern pruefen.
    severity: WARNING
    languages: [python, javascript, typescript, java, go]
    pattern-regex: (?i)(publish|send|enqueue).*(pan|cvv|track2|cardnumber|pin)