-
Notifications
You must be signed in to change notification settings - Fork 483
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create plugin to detect Twilio API keys. #267
Conversation
This commit contains a RegexBasedDetector plugin for Twilio API keys. Twilio's API requires an "Account SID" and "auth token" which can be detected by this plugin using two regular expressions. Example account SID: ACxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Regex: AC[a-z0-9]{32} Example auth token: SKxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Regex: SK[a-z0-9]{32} It might be worth further expanding this plugin to include a verify function that sends a GET request to {}:{}@api.twilio.com/2010-04-01/Accounts.json.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please be sure to run the pre-commit hooks, as this will lint up your code and make tests pass.
I was importing packages that weren't used in twilio.py. This commit removes those import statements.
tests/plugins/twilio_test.py
Outdated
def test_analyze(self, payload, should_flag): | ||
logic = TwilioKeyDetector() | ||
output = logic.analyze_line(payload, 1, 'mock_filename') | ||
assert len(output) == int(should_flag) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably can just do:
assert output
as that will make sure that it is a non-empty dictionary.
@domanchi, do you think we should add some form of key verification or just leave it as is? |
Just realized it's @EdOverflow :) Thank you for contributing! |
:) |
Naw. Key verification can always be done at a later iteration. :) |
This commit contains a
RegexBasedDetector
plugin for Twilio API keys. Twilio's API requires an "account SID" and "auth token" which can be detected by this plugin using two regular expressions.It might be worth further expanding this plugin to include a verify function that sends a GET request to
{}:{}@api.twilio.com/2010-04-01/Accounts.json
.