Skip to content

Commit

Permalink
Add a plugin for GitHub token detection
Browse files Browse the repository at this point in the history
  • Loading branch information
ninoseki committed Jun 14, 2021
1 parent b206dc2 commit 983f1a6
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 0 deletions.
16 changes: 16 additions & 0 deletions detect_secrets/plugins/github_token.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
"""
This plugin searches for GitHub tokens
"""
import re

from detect_secrets.plugins.base import RegexBasedDetector


class GitHubTokenDetector(RegexBasedDetector):
"""Scans for GitHub tokens."""
secret_type = 'GitHub token'

denylist = [
# ref. https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/
re.compile(r'(ghp|gho|ghu|ghs|ghr)_[A-Za-z0-9_]{36}'),
]
19 changes: 19 additions & 0 deletions tests/plugins/github_token_test.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
import pytest

from detect_secrets.plugins.github_token import GitHubTokenDetector


class TestGitHubTokenDetector:

@pytest.mark.parametrize(
'payload, should_flag',
[
('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', True),
('foo_wWPw5k4aXcaT4fNP0UcnZwJUVFk6LO0pINUx', False),
('foo', False),
],
)
def test_analyze(self, payload, should_flag):
logic = GitHubTokenDetector()
output = logic.analyze_line(filename='mock_filename', line=payload)
assert len(output) == int(should_flag)

0 comments on commit 983f1a6

Please sign in to comment.