feat: add sendgrid key detection

[eccentricexit]

This rule allows detecting more generic api keys like the ones used by SendGrid.

I cannot run the tests locally or compile the project to continue development due to a typescript error which seems to be present for all packages:

TSError: ⨯ Unable to compile TypeScript:
test/index.test.ts:1:26 - error TS2307: Cannot find module '@secretlint/tester'.

1 import { snapshot } from "@secretlint/tester";
                           ~~~~~~~~~~~~~~~~~~~~
test/index.test.ts:18:17 - error TS7006: Parameter 'name' implicitly has an 'any' type.

18     }).forEach((name, test) => {
                   ~~~~
test/index.test.ts:18:23 - error TS7006: Parameter 'test' implicitly has an 'any' type.

18     }).forEach((name, test) => {

...

Do you have any tips on how I can fix this?

[azu]

I cannot run the tests locally or compile the project to continue development due to a typescript error which seems to be present for all packages:

Fmm.
It is related with #119 changes(not yet released)

Can you run yarn install && yarn run build on root directory?
#119 changes all packages and need to rebuild all packages.
It will build new @secretlint/types pacakge in your local.

It is implicitly dependencies.
Project References will resolve implicitly dependencies and I've created an issue #129

generic key detection

Would we change this rule to more specific rule like @secretlint/secret-rule-sendgrid?
Or, We need to add more strict condition for avoiding false-positive.

We want to reduce false-positive. It is one of Secretlint's Philosophy.

I think that current implementation has a false-positive.

For example enctrypted key like SealedSecrets

api-key="<encrypted-apikey>"

I found similar problem in git-secrets https://github.com/awslabs/git-secrets/blob/5e28df337746db4f070c84f7069d365bfd0d72a8/git-secrets#L239 and I've changed this logic in secretlint-rule-aws

secretlint/packages/@secretlint/secretlint-rule-aws/src/index.ts

Lines 102 to 106 in c09ba64

	// git-secrets implementation match _KEY=XXX, but it is false-positive
	// https://github.com/awslabs/git-secrets/blob/5e28df337746db4f070c84f7069d365bfd0d72a8/git-secrets#L239
	// This Pattern match only `AWS?_SECRET_ACCESS_KEY=XXX`
	const AWSSecretPatten = regx`${QUOTE}${AWS}(?:SECRET|secret|Secret)_?(?:ACCESS|access|Access)_?(?:KEY|key|Key)${QUOTE}${CONNECT}${QUOTE}([A-Za-z0-9/\+=]{40})${QUOTE}\b`;
	const results = matchAll(source.content, AWSSecretPatten);

While, Detecting SG.<ID>.<VALUE> as Send Grid API Key is reasonable.

• API Keys - SendGrid Documentation | SendGrid
• How to get the full SendGrid API Key? - Stack Overflow

It is similar with slack api key.

secretlint/packages/@secretlint/secretlint-rule-slack/src/index.ts

Lines 41 to 47 in c09ba64

	// Based on https://docs.cribl.io/docs/regexesyml
	// https://api.slack.com/docs/token-types
	// Bot user token strings begin with xoxb-
	// User token strings begin with xoxp-
	// Workspace access token strings begin with xoxa-2
	// Workspace refresh token strings begin with xoxr.
	const PRIVATE_KEY_PATTERN = /\bxox[abposr]-(?:\d{1,40}-)+[a-zA-Z0-9]{1,40}\b/g;

[eccentricexit]

Can you run yarn install && yarn run build on root directory?

I did that and it seems to be all good now.

Would we change this rule to more specific rule like @secretlint/secret-rule-sendgrid?
Or, We need to add more strict condition for avoiding false-positive.
We want to reduce false-positive. It is one of Secretlint's Philosophy.
I think that current implementation has a false-positive.

Oh I see. You are right, I'll update this to do @secretlint/secret-rule-sendgrid instead 👍

[azu]

I'll publish this pacakge in next update(today ~ tommorow).
Also, I'll add secretlint-rule-sendgrid to recommended preset #131

Thanks for improving!
I've invited @mtsalenc as collaboration into secretlint organization 🎉