Groq Analyzer (#3962)

* added groq analyzer

* print resource if present

Author: kashifkhan0771

pkg/analyzer/analyzers/analyzers.go

@@ -89,6 +89,7 @@ const (
 	AnalyzerTypePlanetScale
 	AnalyzerTypeAirtableOAuth
 	AnalyzerTypeAirtablePat
+	AnalyzerTypeGroq
 	// Add new items here with AnalyzerType prefix
 )
 
@@ -124,6 +125,7 @@ var analyzerTypeStrings = map[AnalyzerType]string{
 	AnalyzerTypePlanetScale:   "PlanetScale",
 	AnalyzerTypeAirtableOAuth: "AirtableOAuth",
 	AnalyzerTypeAirtablePat:   "AirtablePat",
+	AnalyzerTypeGroq:          "Groq",
 	// Add new mappings here
 }
 

pkg/analyzer/analyzers/anthropic/anthropic.go

@@ -1,3 +1,4 @@
+//go:generate generate_permissions permissions.yaml permissions.go anthropic
 package anthropic
 
 import (

pkg/analyzer/analyzers/dockerhub/dockerhub.go

@@ -1,4 +1,4 @@
-//go:generate generate_permissions permissions.yaml permissions.go elevenlabs
+//go:generate generate_permissions permissions.yaml permissions.go dockerhub
 package dockerhub
 
 import (

pkg/analyzer/analyzers/groq/groq.go

@@ -0,0 +1,158 @@
+//go:generate generate_permissions permissions.yaml permissions.go groq
+package groq
+
+import (
+	"errors"
+	"os"
+
+	"github.com/fatih/color"
+	"github.com/jedib0t/go-pretty/v6/table"
+
+	"github.com/trufflesecurity/trufflehog/v3/pkg/analyzer/analyzers"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/analyzer/config"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/context"
+)
+
+var _ analyzers.Analyzer = (*Analyzer)(nil)
+
+type Analyzer struct {
+	Cfg *config.Config
+}
+
+// SecretInfo hold the information about the anthropic key
+type SecretInfo struct {
+	Valid         bool
+	Reference     string
+	GroqResources []GroqResource
+	Permissions   []string
+	Misc          map[string]string
+}
+
+// GroqResource is a single groq resource which can be accessed with groq api key
+type GroqResource struct {
+	ID         string
+	Name       string
+	Type       string
+	Permission string
+	Metadata   map[string]string
+}
+
+// appendGroqResource append the single groq resource to secretinfo groqresources list
+func (s *SecretInfo) appendGroqResource(resource GroqResource) {
+	s.GroqResources = append(s.GroqResources, resource)
+}
+
+// updateMetadata safely update the metadata of the groq resource
+func (g GroqResource) updateMetadata(key, value string) {
+	if g.Metadata == nil {
+		g.Metadata = map[string]string{}
+	}
+
+	g.Metadata[key] = value
+}
+
+func (a Analyzer) Type() analyzers.AnalyzerType {
+	return analyzers.AnalyzerTypeGroq
+}
+
+func (a Analyzer) Analyze(_ context.Context, credInfo map[string]string) (*analyzers.AnalyzerResult, error) {
+	key, exist := credInfo["key"]
+	if !exist {
+		return nil, errors.New("key not found in credentials info")
+	}
+
+	secretInfo, err := AnalyzePermissions(a.Cfg, key)
+	if err != nil {
+		return nil, err
+	}
+
+	return secretInfoToAnalyzerResult(secretInfo), nil
+}
+
+func AnalyzeAndPrintPermissions(cfg *config.Config, key string) {
+	info, err := AnalyzePermissions(cfg, key)
+	if err != nil {
+		// just print the error in cli and continue as a partial success
+		color.Red("[x] Invalid Anthropic API key\n")
+		color.Red("[x] Error : %s", err.Error())
+		return
+	}
+
+	if info == nil {
+		color.Red("[x] Error : %s", "No information found")
+		return
+	}
+
+	color.Green("[i] Valid Anthropic API key\n")
+	color.Yellow("\n[i] Permission: Full Access\n")
+
+	if len(info.GroqResources) > 0 {
+		printGroqResources(info.GroqResources)
+	}
+
+	color.Yellow("\n[!] Expires: Never")
+}
+
+func AnalyzePermissions(cfg *config.Config, apiKey string) (*SecretInfo, error) {
+	// create a HTTP client
+	client := analyzers.NewAnalyzeClient(cfg)
+
+	var secretInfo = &SecretInfo{Valid: true}
+
+	if err := captureBatches(client, apiKey, secretInfo); err != nil {
+		return nil, err
+	}
+
+	if err := captureFiles(client, apiKey, secretInfo); err != nil {
+		return nil, err
+	}
+
+	return secretInfo, nil
+}
+
+// secretInfoToAnalyzerResult translate secret info to Analyzer Result
+func secretInfoToAnalyzerResult(info *SecretInfo) *analyzers.AnalyzerResult {
+	if info == nil {
+		return nil
+	}
+
+	result := analyzers.AnalyzerResult{
+		AnalyzerType: analyzers.AnalyzerAnthropic,
+		Metadata:     map[string]any{"Valid_Key": info.Valid},
+		Bindings:     make([]analyzers.Binding, len(info.GroqResources)),
+	}
+
+	// extract information to create bindings and append to result bindings
+	for _, groqResource := range info.GroqResources {
+		binding := analyzers.Binding{
+			Resource: analyzers.Resource{
+				Name:               groqResource.Name,
+				FullyQualifiedName: groqResource.ID,
+				Type:               groqResource.Type,
+				Metadata:           map[string]any{},
+			},
+			Permission: analyzers.Permission{
+				Value: groqResource.Permission,
+			},
+		}
+
+		for key, value := range groqResource.Metadata {
+			binding.Resource.Metadata[key] = value
+		}
+
+		result.Bindings = append(result.Bindings, binding)
+	}
+
+	return &result
+}
+
+func printGroqResources(resources []GroqResource) {
+	color.Green("\n[i] Resources:")
+	t := table.NewWriter()
+	t.SetOutputMirror(os.Stdout)
+	t.AppendHeader(table.Row{"Name", "Type"})
+	for _, resource := range resources {
+		t.AppendRow(table.Row{color.GreenString(resource.Name), color.GreenString(resource.Type)})
+	}
+	t.Render()
+}

pkg/analyzer/analyzers/groq/groq_test.go

@@ -0,0 +1,72 @@
+package groq
+
+import (
+	_ "embed"
+	"encoding/json"
+	"fmt"
+	"testing"
+	"time"
+
+	"github.com/trufflesecurity/trufflehog/v3/pkg/analyzer/config"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/common"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/context"
+)
+
+func TestAnalyzer_Analyze(t *testing.T) {
+	ctx, cancel := context.WithTimeout(context.Background(), time.Minute*5)
+	defer cancel()
+	testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "detectors5")
+	if err != nil {
+		t.Fatalf("could not get test secrets from GCP: %s", err)
+	}
+
+	apiKey := testSecrets.MustGetField("GROQ")
+
+	tests := []struct {
+		name    string
+		apiKey  string
+		want    string
+		wantErr bool
+	}{
+		{
+			name:    "valid dockerhub credentials",
+			apiKey:  apiKey,
+			want:    `{"AnalyzerType":2,"Bindings":[],"UnboundedResources":null,"Metadata":{"Valid_Key":true}}`,
+			wantErr: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			a := Analyzer{Cfg: &config.Config{}}
+			got, err := a.Analyze(ctx, map[string]string{"key": tt.apiKey})
+			if (err != nil) != tt.wantErr {
+				t.Errorf("Analyzer.Analyze() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+
+			// marshal the actual result to JSON
+			gotJSON, err := json.Marshal(got)
+			if err != nil {
+				t.Fatalf("could not marshal got to JSON: %s", err)
+			}
+
+			fmt.Println(string(gotJSON))
+
+			// compare the JSON strings
+			if string(gotJSON) != string(tt.want) {
+				// pretty-print both JSON strings for easier comparison
+				var gotIndented, wantIndented []byte
+				gotIndented, err = json.MarshalIndent(got, "", " ")
+				if err != nil {
+					t.Fatalf("could not marshal got to indented JSON: %s", err)
+				}
+				wantIndented, err = json.MarshalIndent(tt.want, "", " ")
+				if err != nil {
+					t.Fatalf("could not marshal want to indented JSON: %s", err)
+				}
+				t.Errorf("Analyzer.Analyze() = %s, want %s", gotIndented, wantIndented)
+			}
+		})
+	}
+}

pkg/analyzer/analyzers/groq/permissions.go

@@ -0,0 +1,2 @@
+permissions:
+  - full_access # by default groq api key has full access