From 21fcdeabfe86074bb814d2efa445ce2bb1beaf5d Mon Sep 17 00:00:00 2001
From: XIANJUN ZHU <xianjun@us.ibm.com>
Date: Mon, 1 Jun 2020 10:43:48 -0400
Subject: [PATCH] Catch Slack webhook with 10 char (#325)

We were getting report that slack custom application webhook will contain a different foramt
for webhooks. In particualar the B+8 chars could become B+10 chars format

User reprot https://ibm-cio-gi.slack.com/archives/CDMGJ9QG2/p1591018601323500?thread_ts=1590777088.301300&cid=CDMGJ9QG2

We also noticed the response error message is differnet, this commit tried to address that issue and allow us to catch webhook for custom Slack applications
---
 detect_secrets/plugins/slack.py | 15 ++++++++++++++-
 tests/plugins/slack_test.py     |  3 +++
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/detect_secrets/plugins/slack.py b/detect_secrets/plugins/slack.py
index 17f172334..b7c881ed9 100644
--- a/detect_secrets/plugins/slack.py
+++ b/detect_secrets/plugins/slack.py
@@ -26,12 +26,18 @@ class SlackDetector(RegexBasedDetector):
         re.compile(r'xox(?:a|b|p|o|s|r)-(?:\d+-)+[a-z0-9]+', flags=re.IGNORECASE),
         # Slack Webhooks
         re.compile(
+<<<<<<< HEAD
             r'https://hooks.slack.com/services/T[a-zA-Z0-9_]+/B[a-zA-Z0-9_]+/[a-zA-Z0-9_]+',
+=======
+            r"""
+            https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8,10}/[a-zA-Z0-9_]{24}
+            """,
+>>>>>>> Catch Slack webhook with 10 char (#325)
             flags=re.IGNORECASE | re.VERBOSE,
         ),
     )
 
-    def verify(self, token, **kwargs):  # pragma: no cover
+    def verify(self, token, *args, **kwargs):  # pragma: no cover
         if token.startswith('https://hooks.slack.com/services/T'):
             response = requests.post(
                 token,
@@ -39,7 +45,14 @@ def verify(self, token, **kwargs):  # pragma: no cover
                     'text': '',
                 },
             )
+<<<<<<< HEAD
             valid = response.text in ['missing_text_or_fallback_or_attachments', 'no_text']
+=======
+            valid = (
+                response.text == 'missing_text_or_fallback_or_attachments'
+                or response.text == 'no_text'
+            )
+>>>>>>> Catch Slack webhook with 10 char (#325)
         else:
             response = requests.post(
                 'https://slack.com/api/auth.test',
diff --git a/tests/plugins/slack_test.py b/tests/plugins/slack_test.py
index af945c092..049ef2c00 100644
--- a/tests/plugins/slack_test.py
+++ b/tests/plugins/slack_test.py
@@ -33,6 +33,9 @@ class TestSlackDetector:
             (
                 'https://hooks.slack.com/services/Txxxxxxxx/Bxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx'
             ),
+            (
+                'https://hooks.slack.com/services/Txxxxxxxx/Bxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx'
+            ),
         ],
     )
     def test_analyze(self, file_content):