linked detector with analyzer for planetscale.

override input form for TUI. refactor some variable name for clarrification.
trufflesecurity · zricethezav · Mar 3, 2025 · Jan 21, 2025 · Feb 3, 2025 · Feb 4, 2025
commit 1bc5059319a755cd39225f0d1e98741ebdeb5d28
@@ -32,7 +32,7 @@ func (a Analyzer) Analyze(_ context.Context, credInfo map[string]string) (*analy
 	if !ok {
 		return nil, errors.New("missing id in credInfo")
 	}
-	key, ok := credInfo["key"]
+	key, ok := credInfo["token"]
 	if !ok {
 		return nil, errors.New("missing key in credInfo")
 	}
@@ -54,12 +54,9 @@ func secretInfoToAnalyzerResult(info *SecretInfo) *analyzers.AnalyzerResult {
 	}
 
 	resource := analyzers.Resource{
-		Name:               info.Organization,
-		FullyQualifiedName: info.Organization,
+		Name:               info.OrgName,
+		FullyQualifiedName: info.OrgName,
 		Type:               "Organization",
-		Metadata: map[string]any{
-			"expires": "never",
-		},
 	}
 
 	for idx, permission := range info.Permissions {
@@ -176,43 +173,42 @@ func checkPermissions(cfg *config.Config, id, key, organization string) ([]strin
 }
 
 type SecretInfo struct {
-	Organization string
-	Permissions  []string
+	OrgName     string
+	Permissions []string
 }
 
-func AnalyzeAndPrintPermissions(cfg *config.Config, id, key string) {
-	info, err := AnalyzePermissions(cfg, id, key)
+func AnalyzeAndPrintPermissions(cfg *config.Config, id, token string) {
+	info, err := AnalyzePermissions(cfg, id, token)
 	if err != nil {
 		color.Red("[x] Error : %s", err.Error())
 		return
 	}
 
 	color.Green("[!] Valid PlanetScale credentials\n\n")
-	color.Green("[i] Organization: %s", info.Organization)
+	color.Green("[i] Organization: %s", info.OrgName)
 	printPermissions(info.Permissions)
-	color.Yellow("\n[i] Expires: Never")
 
 }
 
-func AnalyzePermissions(cfg *config.Config, id, key string) (*SecretInfo, error) {
+func AnalyzePermissions(cfg *config.Config, id, token string) (*SecretInfo, error) {
 	var info = &SecretInfo{}
 
-	organization, err := getOrganization(cfg, id, key)
+	orgName, err := getOrganizationName(cfg, id, token)
 	if err != nil {
-		return nil, fmt.Errorf("getting organization: %w", err)
+		return nil, err
 	}
 
-	permissions, err := checkPermissions(cfg, id, key, organization)
+	permissions, err := checkPermissions(cfg, id, token, orgName)
 	if err != nil {
 		return nil, err
 	}
 
-	if len(permissions) == 0 {
-		return nil, fmt.Errorf("invalid PlanetScale credentials")
-	}
+	// if len(permissions) == 0 {
+	// 	return nil, fmt.Errorf("invalid credentials")
+	// }
 
 	info.Permissions = permissions
-	info.Organization = organization
+	info.OrgName = orgName
 
 	return info, nil
 }
@@ -223,7 +219,7 @@ type organizationJSON struct {
 	} `json:"data"`
 }
 
-func getOrganization(cfg *config.Config, id, key string) (string, error) {
+func getOrganizationName(cfg *config.Config, id, key string) (string, error) {
 	url := "https://api.planetscale.com/v1/organizations"
 
 	client := analyzers.NewAnalyzeClient(cfg)
@@ -242,28 +238,38 @@ func getOrganization(cfg *config.Config, id, key string) (string, error) {
 	}
 	defer resp.Body.Close()
 
-	if resp.StatusCode != 200 {
-		return "", fmt.Errorf("invalid credentials")
-	}
+	// Check response status code
+	switch resp.StatusCode {
+	case http.StatusOK:
+		// Decode response body
+		var organizationJSON organizationJSON
+		err = json.NewDecoder(resp.Body).Decode(&organizationJSON)
+		if err != nil {
+			return "", err
+		}
 
-	// Decode response body
-	var organizationJSON organizationJSON
-	err = json.NewDecoder(resp.Body).Decode(&organizationJSON)
-	if err != nil {
-		return "", err
+		return organizationJSON.Data[0].Name, nil
+	case http.StatusUnauthorized:
+		return "", fmt.Errorf("invalid credentials")
+	default:
+		return "", fmt.Errorf("unexpected status code %d", resp.StatusCode)
 	}
 
-	return organizationJSON.Data[0].Name, nil
-
+	return "", fmt.Errorf("unexpected error")
 }
 
 func printPermissions(permissions []string) {
 	color.Yellow("[i] Permissions:")
-	t := table.NewWriter()
-	t.SetOutputMirror(os.Stdout)
-	t.AppendHeader(table.Row{"Permission"})
-	for _, permission := range permissions {
-		t.AppendRow(table.Row{color.GreenString(permission)})
+
+	if len(permissions) == 0 {
+		color.Yellow("No permissions found")
+	} else {
+		t := table.NewWriter()
+		t.SetOutputMirror(os.Stdout)
+		t.AppendHeader(table.Row{"Permission"})
+		for _, permission := range permissions {
+			t.AppendRow(table.Row{color.GreenString(permission)})
+		}
+		t.Render()
 	}
-	t.Render()
 }
@@ -105,6 +105,6 @@ func Run(keyType string, secretInfo SecretInfo) {
 	case "elevenlabs":
 		elevenlabs.AnalyzeAndPrintPermissions(secretInfo.Cfg, secretInfo.Parts["key"])
 	case "planetscale":
-		planetscale.AnalyzeAndPrintPermissions(secretInfo.Cfg, secretInfo.Parts["id"], secretInfo.Parts["key"])
+		planetscale.AnalyzeAndPrintPermissions(secretInfo.Cfg, secretInfo.Parts["id"], secretInfo.Parts["token"])
 	}
 }
@@ -3,9 +3,10 @@ package planetscale
 import (
 	"context"
 	"fmt"
-	regexp "github.com/wasilibs/go-re2"
 	"net/http"
 
+	regexp "github.com/wasilibs/go-re2"
+
 	"github.com/trufflesecurity/trufflehog/v3/pkg/common"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
 	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
@@ -66,6 +67,10 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 					defer res.Body.Close()
 					if res.StatusCode >= 200 && res.StatusCode < 300 {
 						s1.Verified = true
+						s1.AnalysisInfo = map[string]string{
+							"id":    username,
+							"token": password,
+						}
 					} else if res.StatusCode == 401 {
 						// The secret is determinately not verified
 						s1.Verified = false

@@ -68,6 +68,17 @@ func New(c common.Common, keyType string) *AnalyzeForm {
 			Required:    true,
 			RedactInput: true,
 		}}
+	case "planetscale":
+		inputs = []textinputs.InputConfig{{
+			Label:    "Service Id",
+			Key:      "id",
+			Required: true,
+		}, {
+			Label:       "Service Token",
+			Key:         "token",
+			Required:    true,
+			RedactInput: true,
+		}}
 	default:
 		inputs = []textinputs.InputConfig{{
 			Label:       "Secret",