Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create plugin to detect Twilio API keys. #267

Merged
merged 4 commits into from
Dec 2, 2019
Merged

Create plugin to detect Twilio API keys. #267

merged 4 commits into from
Dec 2, 2019

Conversation

EdOverflow
Copy link
Contributor

This commit contains a RegexBasedDetector plugin for Twilio API keys. Twilio's API requires an "account SID" and "auth token" which can be detected by this plugin using two regular expressions.

Example account SID: ACxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Regex: AC[a-z0-9]{32}

Example auth token: SKxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Regex: SK[a-z0-9]{32}

It might be worth further expanding this plugin to include a verify function that sends a GET request to {}:{}@api.twilio.com/2010-04-01/Accounts.json.

@EdOverflow
Create plugin to detect Twilio API keys.
74b58d3 
This commit contains a RegexBasedDetector plugin for Twilio API keys.
Twilio's API requires an "Account SID" and "auth token" which can be
detected by this plugin using two regular expressions.

	Example account SID: ACxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
	Regex: AC[a-z0-9]{32}

	Example auth token: SKxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
	Regex: SK[a-z0-9]{32}

It might be worth further expanding this plugin to include a verify
function that sends a GET request to
{}:{}@api.twilio.com/2010-04-01/Accounts.json.
domanchi
domanchi reviewed Nov 10, 2019
View reviewed changes
Copy link
Contributor

@domanchi domanchi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please be sure to run the pre-commit hooks, as this will lint up your code and make tests pass.

@EdOverflow
Run pre-commit against all files.
a649963 
I was importing packages that weren't used in twilio.py. This commit
removes those import statements.
@EdOverflow
Add missing updates to Twilio test file.
9f6a388
domanchi
domanchi approved these changes Nov 11, 2019
View reviewed changes
tests/plugins/twilio_test.py Outdated
def test_analyze(self, payload, should_flag):
logic = TwilioKeyDetector()
output = logic.analyze_line(payload, 1, 'mock_filename')
assert len(output) == int(should_flag)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably can just do:

assert output

as that will make sure that it is a non-empty dictionary.

@EdOverflow
Copy link
Contributor Author

@domanchi, do you think we should add some form of key verification or just leave it as is?

@KevinHock
Copy link
Collaborator

Just realized it's @EdOverflow :) Thank you for contributing!

@EdOverflow
Copy link
Contributor Author

:)

@domanchi
Copy link
Contributor

domanchi commented Dec 2, 2019

@domanchi, do you think we should add some form of key verification or just leave it as is?

Naw. Key verification can always be done at a later iteration. :)

@domanchi domanchi merged commit af887c7 into Yelp:master Dec 2, 2019
killuazhu pushed a commit to IBM/detect-secrets that referenced this pull request May 28, 2020
Bump version (Yelp#267)
ad2a8bf
killuazhu pushed a commit to IBM/detect-secrets that referenced this pull request Jul 9, 2020
@justineyster
Bump version (Yelp#267)
36cf1ad
killuazhu pushed a commit to IBM/detect-secrets that referenced this pull request Sep 17, 2020
@justineyster
Bump version (Yelp#267)
8e786f0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@domanchi domanchi domanchi approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@EdOverflow @KevinHock @domanchi