add stricter secret detection

2024-06-27 15:12:13 -07:00 · 2024-06-27 15:12:13 -07:00 · 84ee37086c
commit 84ee37086c
parent 552bac586f
96 changed files with 2337 additions and 0 deletions
--- a/enterprise/enterprise_hooks/secrets_plugins/snyk_api_token.py
+++ b/enterprise/enterprise_hooks/secrets_plugins/snyk_api_token.py
@ -0,0 +1,23 @@
+"""
+This plugin searches for Snyk API Tokens.
+"""
+
+import re
+
+from detect_secrets.plugins.base import RegexBasedDetector
+
+
+class SnykApiTokenDetector(RegexBasedDetector):
+    """Scans for Snyk API Tokens."""
+
+    @property
+    def secret_type(self) -> str:
+        return "Snyk API Token"
+
+    @property
+    def denylist(self) -> list[re.Pattern]:
+        return [
+            re.compile(
+                r"""(?i)(?:snyk)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:{1,3}=|\|\|:|<=|=>|:|\?=)(?:'|\"|\s|=|\x60){0,5}([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})(?:['|\"|\n|\r|\s|\x60|;]|$)"""
+            )
+        ]