GH-768: Plugin to detect Telegram bot tokens

[Chandra158]

Please check if the PR fulfills these requirements

• Tests for the changes have been added

• Docs have been added / updated

• All CI checks are green

What kind of change does this PR introduce?

• Feature: new plugin for Telegram bot tokens
• Detection of telegram bot API-keys #768

Tests

• New test added for plugin
• Tested manually in local with newly created token

{
        "type": "Telegram Bot Token",
        "filename": "test_data/test-bot.yaml",
        "hashed_secret": "c429079ee6a839ece2e7b0a6770198d8fe5ed438",
        "is_verified": true,
        "line_number": 11
},

[lorenzodb1]

Looking at other RegexBasedDetector, it doesn't look like you need a verify method like you would in a BasePlugin (see github_token.py for reference).

[Chandra158]

plugins.md#verified-secrets

provides the ability to decrease false positives by making an API call to a server to check whether a PotentialSecret is indeed real. This can be extremely useful for specific secrets (e.g. RegexBasedDetector subclasses) since we are able to determine which server to contact.

verify method is optional but really good in decreasing False-positives. Others RegexBasedDetector plugins also has this method implemented where there is a way to verify whether the token is still active. (stripe.py, slack.py)

In my test in local:

• without verify: will report if any string matches the plugin regex ("is_verified": false)
• with verify: will only report if the token is still active ("is_verified": true)

[lorenzodb1]

Is this the same as #769?

[Chandra158]

Is this the same as #769?

Yes, looks same as 769. Didn't see it earlier.
Not sure if it is abandoned or they are still working on it. Anyway, let me know if I should close my PR.

[lorenzodb1]

@Chandra158 I don't see any update on that PR, so I'd go with this one.

[jpdakran]

LGTM