[Detector] - Restore and Refactor Detectors starting with *CA* #4315
Conversation
…d `verifyMatch` function. Updated integration tests to reflect changes in secret retrieval and verification processes. Adjusted regex patterns for improved accuracy in detecting API keys. Enhanced error handling for API responses.
| @@ -26,7 +27,7 @@ var ( | |||
|
|
|||
| // Make sure that your group is surrounded in boundary characters such as below to reduce false positives. | |||
| keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"cashboard"}) + `\b([0-9A-Z]{3}-[0-9A-Z]{3}-[0-9A-Z]{3}-[0-9A-Z]{3})\b`) | |||
| userPat = regexp.MustCompile(detectors.PrefixRegex([]string{"cashboard"}) + `\b([0-9a-z]{1,})\b`) | |||
| userPat = regexp.MustCompile(detectors.PrefixRegex([]string{"username"}) + `\b([0-9a-z]{1,})\b`) | |||
There was a problem hiding this comment.
I think we shouldn't remove the cashboard keyword, because the regex pattern seems too generic
There was a problem hiding this comment.
This is just a prefix for catching the username once the chunk is inside the detector.
The reason for removing cashboard keyword is that it will create unnecessary sets of credentials.
…tectors to return actual errors instead of nil. This improves error reporting and debugging capabilities.
| @@ -74,6 +66,33 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result | |||
| return results, nil | |||
| } | |||
|
|
|||
| func verifyMatch(ctx context.Context, client *http.Client, token string) (bool, error) { | |||
| req, err := http.NewRequestWithContext(ctx, "GET", "https://app.caflou.com/api/v1/accounts", nil) | |||
There was a problem hiding this comment.
nit: Seems like a good opportunity to replace nil and hard coded strings with http.NoBody and http.MethodGet in all of the detectors
| @@ -22,7 +23,7 @@ var ( | |||
| client = common.SaneHttpClient() | |||
|
|
|||
| // Make sure that your group is surrounded in boundary characters such as below to reduce false positives. | |||
| keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"calendly"}) + `\b(eyJ[A-Za-z0-9-_]{100,300}\.eyJ[A-Za-z0-9-_]{100,300}\.[A-Za-z0-9-_]+)\b`) | |||
| keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"calendly"}) + `\b(eyJ[A-Za-z0-9-_]{10,300}\.eyJ[A-Za-z0-9-_]{10,300}\.[A-Za-z0-9-_]+)\b`) | |||
There was a problem hiding this comment.
In my opinion, this change could lead to more false positives. We're essentially reducing our safeguards. Are we confident about this change? Also, have we verified whether Calendly actually generates keys of this shorter length?
There was a problem hiding this comment.
I made this change cos I saw some valid keys that were less than 100 letters. If we keep it as is, we're potentially increasing false negatives.
I'll confirm this again.
Description:
verifyMatchfunctionNote:
I'm having trouble creating test accounts in Captain Data (.co domain for <V4) and Caspio. The accounts are stuck in verification state.
Checklist:
make test-community)?make lintthis requires golangci-lint)?