diff --git a/CHANGELOG.md b/CHANGELOG.md index 47935533e..9198654c4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,14 @@ If you love `detect-secrets`, please star our project on GitHub to show your sup [@xxxx]: https://github.com/xxxx --> + + ### v1.5.0 ##### May 6th, 2024 diff --git a/README.md b/README.md index 1a08f131c..6df781277 100644 --- a/README.md +++ b/README.md @@ -91,6 +91,7 @@ $ git ls-files -z | xargs -0 detect-secrets-hook --baseline .secrets.baseline ```bash $ detect-secrets scan --list-all-plugins +AivenTokenDetector ArtifactoryDetector AWSKeyDetector AzureStorageKeyDetector diff --git a/detect_secrets/plugins/aiven_token.py b/detect_secrets/plugins/aiven_token.py new file mode 100644 index 000000000..d24d23992 --- /dev/null +++ b/detect_secrets/plugins/aiven_token.py @@ -0,0 +1,16 @@ +""" +This plugin searches for Aiven tokens +""" +import re + +from detect_secrets.plugins.base import RegexBasedDetector + + +class AivenTokenDetector(RegexBasedDetector): + """Scans for Aiven tokens.""" + secret_type = 'Aiven Token' + + denylist = [ + # Aiven tokens follow the pattern: AVNS_ + re.compile(r'AVNS_[A-Za-z0-9_]{8,}'), + ] diff --git a/tests/plugins/aiven_token_test.py b/tests/plugins/aiven_token_test.py new file mode 100644 index 000000000..610ecbc69 --- /dev/null +++ b/tests/plugins/aiven_token_test.py @@ -0,0 +1,24 @@ +import pytest + +from detect_secrets.plugins.aiven_token import AivenTokenDetector + + +class TestAivenTokenDetector: + + @pytest.mark.parametrize( + 'payload, should_flag', + [ + ('AVNS_4Yt6Gdnjcs8ivIlYSFU', True), + ('AVNS_D0j9bUsCyQ3s67T', True), + ('AVNS_LaGqz39AC', True), + ('AVNS_RaFIf_JzHxFXlKs', True), + ('AVNS_UahLjsENr4QexJ1', True), + ('foo', False), + ('AVNS_', False), # Incomplete token + ('AVNS12345678', False), # Missing underscore + ], + ) + def test_analyze(self, payload, should_flag): + logic = AivenTokenDetector() + output = logic.analyze_line(filename='mock_filename', line=payload) + assert len(output) == int(should_flag)