Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

added flyio detector #2381

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

added flyio detector #2381

wants to merge 2 commits into from

Conversation

lonmarsDev
Copy link
Contributor

Description:

Explain the purpose of the PR.

Checklist:

  • Tests passing (make test-community)?
  • Lint passing (make lint this requires golangci-lint)?

zricethezav
zricethezav reviewed Feb 12, 2024
View reviewed changes
pkg/detectors/flyio/flyio.go
var (
defaultClient = common.SaneHttpClient()
// Make sure that your group is surrounded in boundary characters such as below to reduce false positives.
keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"flyio"}) + `\b([a-zA-Z0-9_]{47})\b`)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lonmarsDev all the tokens I generated started with fo1_. Does that match what you were seeing? If so we should probably add fo1_ as part of this regex and to the keywords.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fly.io has a few legacy token formats that are no longer issued, but still might exist in the wild:

  • [a-zA-Z0-9_-]{43}
  • fm1[ar]_[a-zA-Z0-9+\/]={0,2}

And two formats that we currently issue

  • fo1_[a-zA-Z0-9_-]{43}
  • fm2_[a-zA-Z0-9+\/]={0,2}

@zricethezav
Copy link
Collaborator

We might want to rename this as flyiopersonalaccesstoken since fly.io also has organization tokens (see https://fly.io/docs/flyctl/tokens-create-org/ and https://fly.io/dashboard/{user_id}/tokens). Alternatively we could just leave this as flyio and use flyioorgtoken for the organizational token detector when we get to that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@btoews btoews

@zricethezav zricethezav

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lonmarsDev @zricethezav @btoews