Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Slack token detector #122

Merged
merged 2 commits into from
Feb 1, 2019
Merged

Add Slack token detector #122

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
967e9fc
Slack token detector
Oct 9, 2018
2dd3ef8
fix: update slack usage wording
Feb 1, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions detect_secrets/core/usage.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -251,6 +251,11 @@ class PluginOptions(object):
disable_flag_text='--no-aws-key-scan',
disable_help_text='Disables scanning for AWS keys.',
),
PluginDescriptor(
classname='SlackDetector',
disable_flag_text='--no-slack-scan',
disable_help_text='Disables scanning for secret slack.',
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Maybe Disables scanning for Slack tokens.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated in the latest commit 2dd3ef8

),
]

def __init__(self, parser):
Expand Down
1 change: 1 addition & 0 deletions detect_secrets/plugins/common/initialize.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
from ..high_entropy_strings import HexHighEntropyString # noqa: F401
from ..keyword import KeywordDetector # noqa: F401
from ..private_key import PrivateKeyDetector # noqa: F401
from ..slack import SlackDetector # noqa: F401
from detect_secrets.core.log import log


Expand Down
15 changes: 15 additions & 0 deletions detect_secrets/plugins/slack.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
"""
This plugin searches for Slack tokens
"""
from __future__ import absolute_import

import re

from .base import RegexBasedDetector


class SlackDetector(RegexBasedDetector):
secret_type = 'Slack Token'
blacklist = (
re.compile(r'xox(?:a|b|p|o|s|r)-(?:\d+-)+[a-z0-9]+', flags=re.IGNORECASE),
Copy link
Collaborator

@KevinHock KevinHock Feb 1, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Super nit: We could add length ranges but I couldn't find out how much they vary, e.g. the last field might not be more than 32 chars. I rather we lean towards false-positives and iterate though, i.e. ship as-is 👍 (not that I think there will be any false-positives, since xox is sort of rare)

cc @dxa4481, in case you want to compare with your truffleHogRegex

)
1 change: 1 addition & 0 deletions tests/core/usage_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ def test_consolidates_output_basic(self):
'KeywordDetector': {},
'PrivateKeyDetector': {},
'AWSKeyDetector': {},
'SlackDetector': {},
}
assert not hasattr(args, 'no_private_key_scan')

Expand Down
2 changes: 2 additions & 0 deletions tests/main_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ def test_scan_string_basic(self, mock_baseline_initialize):
HexHighEntropyString : True (3.459)
KeywordDetector : False
PrivateKeyDetector : False
SlackDetector : False
""")[1:]

mock_baseline_initialize.assert_not_called()
Expand All @@ -85,6 +86,7 @@ def test_scan_string_cli_overrides_stdin(self):
HexHighEntropyString : False (2.121)
KeywordDetector : False
PrivateKeyDetector : False
SlackDetector : False
""")[1:]

def test_scan_with_all_files_flag(self, mock_baseline_initialize):
Expand Down
45 changes: 45 additions & 0 deletions tests/plugins/slack_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
from __future__ import absolute_import
from __future__ import unicode_literals

import pytest

from detect_secrets.plugins.slack import SlackDetector
from testing.mocks import mock_file_object


class TestSlackDetector(object):

@pytest.mark.parametrize(
'file_content',
[
(
'xoxp-523423-234243-234233-e039d02840a0b9379c'
),
(
'xoxo-523423-234243-234233-e039d02840a0b9379c'
),
(
'xoxs-523423-234243-234233-e039d02840a0b9379c'
),
(
'xoxa-511111111-31111111111-3111111111111-e039d02840a0b9379c'
),
(
'xoxa-2-511111111-31111111111-3111111111111-e039d02840a0b9379c'
),
(
'xoxr-523423-234243-234233-e039d02840a0b9379c'
),
(
'xoxb-34532454-e039d02840a0b9379c'
),
],
)
def test_analyze(self, file_content):
logic = SlackDetector()

f = mock_file_object(file_content)
output = logic.analyze(f, 'mock_filename')
assert len(output) == 1
for potential_secret in output:
assert 'mock_filename' == potential_secret.filename
3 changes: 3 additions & 0 deletions tests/pre_commit_hook_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -151,6 +151,9 @@ def test_that_baseline_gets_updated(
{
'name': 'PrivateKeyDetector',
},
{
'name': 'SlackDetector',
},
]

def test_writes_new_baseline_if_modified(self):
Expand Down