Implemented Stripe API Key Analyzer (#139)

d-Rickyy-b · Oct 9, 2019 · f9bd202 · f9bd202
1 parent d07021a
commit f9bd202
Show file tree

Hide file tree

Showing 3 changed files with 68 additions and 0 deletions.
diff --git a/pastepwn/analyzers/__init__.py b/pastepwn/analyzers/__init__.py
@@ -28,6 +28,7 @@
 from .adobekeyanalyzer import AdobeKeyAnalyzer
 from .facebookaccesstokenanalyzer import FacebookAccessTokenAnalyzer
 from .base64analyzer import Base64Analyzer
+from .stripeapikeyanalyzer import StripeApiKeyAnalyzer
 from .awssecretkeyanalyzer import AWSSecretKeyAnalyzer
 from .awsaccesskeyanalyzer import AWSAccessKeyAnalyzer
 from .googleoauthkeyanalyzer import GoogleOAuthKeyAnalyzer
@@ -63,6 +64,7 @@
     'EmailPasswordPairAnalyzer',
     'FacebookAccessTokenAnalyzer',
     'Base64Analyzer',
+    'StripeApiKeyAnalyzer',
     'AWSSecretKeyAnalyzer',
     'AWSAccessKeyAnalyzer',
     'GoogleOAuthKeyAnalyzer',

diff --git a/pastepwn/analyzers/stripeapikeyanalyzer.py b/pastepwn/analyzers/stripeapikeyanalyzer.py
@@ -0,0 +1,8 @@
+from .regexanalyzer import RegexAnalyzer
+
+
+class StripeApiKeyAnalyzer(RegexAnalyzer):
+
+    def __init__(self, actions):
+        regex = r'(?:r|s)k_(live|test)_[0-9a-zA-Z]{24}'
+        super().__init__(actions, regex)
diff --git a/pastepwn/analyzers/tests/stripeapikeyanalyzer_test.py b/pastepwn/analyzers/tests/stripeapikeyanalyzer_test.py
@@ -0,0 +1,58 @@
+# -*- coding: utf-8 -*-
+import unittest
+from unittest import mock
+
+from pastepwn.analyzers.stripeapikeyanalyzer import StripeApiKeyAnalyzer
+
+
+class TestStripeApiKeyAnalyzer(unittest.TestCase):
+
+    def setUp(self):
+        self.analyzer = StripeApiKeyAnalyzer(None)
+        self.paste = mock.Mock()
+
+    def test_match_positive(self):
+        """Test if positives are recognized"""
+        # steam key dump
+        self.paste.body = "sk_test_4fsrdffsdf345345dfgfg34i"
+        self.assertTrue(self.analyzer.match(self.paste))
+
+        # steam key dump
+        self.paste.body = "rk_test_4fsrdffsdf345345dfgfg34i"
+        self.assertTrue(self.analyzer.match(self.paste))
+
+        # steam key dump
+        self.paste.body = "sk_live_4fsrdffsdf345345dfgfg34i"
+        self.assertTrue(self.analyzer.match(self.paste))
+
+        # steam key dump
+        self.paste.body = "rk_live_4fsrdffsdf345345dfgfg34i"
+        self.assertTrue(self.analyzer.match(self.paste))
+
+        # steam key dump
+        self.paste.body = "sk_test_YUTGF76uyh876Tyg87T786Tu"
+        self.assertTrue(self.analyzer.match(self.paste))
+
+    def test_match_negative(self):
+        """Test if negatives are not recognized"""
+        self.paste.body = ""
+        self.assertFalse(self.analyzer.match(self.paste))
+
+        self.paste.body = None
+        self.assertFalse(self.analyzer.match(self.paste))
+
+        # Invalid length
+        self.paste.body = "sk_test_YUTGF76uyh876"
+        self.assertFalse(self.analyzer.match(self.paste))
+
+        # Invalid first letter
+        self.paste.body = "pk_test_YUTGF76uyh876Tyg87T786Tu"
+        self.assertFalse(self.analyzer.match(self.paste))
+
+        # Invalid state
+        self.paste.body = "sk_staging_YUTGF76uyh876Tyg87T786Tu"
+        self.assertFalse(self.analyzer.match(self.paste))
+
+
+if __name__ == '__main__':
+    unittest.main()