trufflehog/pkg/detectors/bitmex/bitmex.go

package bitmex

import (
	"context"
	"crypto/hmac"
	"crypto/sha256"
	"encoding/hex"
	regexp "github.com/wasilibs/go-re2"
	"net/http"
	"net/url"
	"strconv"
	"strings"
	"time"

	"github.com/trufflesecurity/trufflehog/v3/pkg/common"
	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
)

type Scanner struct{
	detectors.DefaultMultiPartCredentialProvider
}

// Ensure the Scanner satisfies the interface at compile time.
var _ detectors.Detector = (*Scanner)(nil)

var (
	client = common.SaneHttpClient()

	// Make sure that your group is surrounded in boundary characters such as below to reduce false positives.
	keyPat    = regexp.MustCompile(detectors.PrefixRegex([]string{"bitmex"}) + `([ \r\n]{1}[0-9a-zA-Z\-\_]{24}[ \r\n]{1})`)
	secretPat = regexp.MustCompile(detectors.PrefixRegex([]string{"bitmex"}) + `([ \r\n]{1}[0-9a-zA-Z\-\_]{48}[ \r\n]{1})`)
)

// Keywords are used for efficiently pre-filtering chunks.
// Use identifiers in the secret preferably, or the provider name.
func (s Scanner) Keywords() []string {
	return []string{"bitmex"}
}

// FromData will find and optionally verify Bitmex secrets in a given set of bytes.
func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (results []detectors.Result, err error) {
	dataStr := string(data)

	matches := keyPat.FindAllStringSubmatch(dataStr, -1)
	secretMatches := secretPat.FindAllStringSubmatch(dataStr, -1)

	for _, match := range matches {
		if len(match) != 2 {
			continue
		}
		resMatch := strings.TrimSpace(match[1])

		for _, secretMatch := range secretMatches {
			if len(secretMatch) != 2 {
				continue
			}
			resSecretMatch := strings.TrimSpace(secretMatch[1])

			s1 := detectors.Result{
				DetectorType: detectorspb.DetectorType_Bitmex,
				Raw:          []byte(resSecretMatch),
				RawV2:        []byte(resMatch + resSecretMatch),
			}

			if verify {

				timestamp := strconv.FormatInt(time.Now().Unix()+5, 10)
				action := "GET"
				path := "/api/v1/user"
				payload := url.Values{}

				signature := getBitmexSignature(timestamp, resSecretMatch, action, path, payload.Encode())

				req, err := http.NewRequestWithContext(ctx, action, "https://www.bitmex.com"+path, strings.NewReader(payload.Encode()))
				if err != nil {
					continue
				}
				req.Header.Add("api-expires", timestamp)
				req.Header.Add("api-key", resMatch)
				req.Header.Add("api-signature", signature)
				res, err := client.Do(req)
				if err == nil {
					defer res.Body.Close()
					if res.StatusCode >= 200 && res.StatusCode < 300 {
						s1.Verified = true
					}
				}
			}

			results = append(results, s1)
		}
	}

	return results, nil
}

func getBitmexSignature(timeStamp string, secret string, action string, path string, payload string) string {

	mac := hmac.New(sha256.New, []byte(secret))
	mac.Write([]byte(action + path + timeStamp + payload))
	macsum := mac.Sum(nil)
	return hex.EncodeToString(macsum)
}

func (s Scanner) Type() detectorspb.DetectorType {
	return detectorspb.DetectorType_Bitmex
}
added bitmex detector 2022-01-19 06:19:03 +00:00			`package bitmex`

			`import (`
			`"context"`
			`"crypto/hmac"`
			`"crypto/sha256"`
			`"encoding/hex"`
[feat] - Replace regexp pkg w/ go-re2 in detectors (#2324) * update detectors to use go-re regex library replacement * update go mod and sum * add tests with invalid utf-8 * revert 2024-01-23 21:16:22 +00:00			`regexp "github.com/wasilibs/go-re2"`
added bitmex detector 2022-01-19 06:19:03 +00:00			`"net/http"`
			`"net/url"`
added bitmex detector 2022-03-10 06:22:16 +00:00			`"strconv"`
			`"strings"`
			`"time"`
added bitmex detector 2022-01-19 06:19:03 +00:00
module v3 2022-02-10 18:54:33 +00:00			`"github.com/trufflesecurity/trufflehog/v3/pkg/common"`
			`"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"`
			`"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"`
added bitmex detector 2022-01-19 06:19:03 +00:00			`)`

[feat] - Optimize detector performance by reducing data passed to regex (#2812) * optimize maching detetors * update method name * updates * update naming * updates * update comment * updates * remove testcase * update default match len to 512 * update * update test * add support for multpart cred provider * add ability to scan entire chunk * encapsulate matches logic within FindDetectorMatches * use []byte directly * nil chunk data * use []byte * set hidden flag to true * remove * [refactor] - multi part detectors (#2906) * Detectors beginning w/ a * Detectors beginning w/ b * Detectors beginning w/ c * Detectors beginning w/ d * Detectors beginning w/ e * Detectors beginning w/ f * Detectors beginning w/ f&g * fix * Detectors beginning w/ i-l * Detectors beginning w/ m-p * Detectors beginning w/ r-s * Detectors beginning w/ t * Detectors beginning w/ u-z * revert alconst * remaining fixes * lint * [feat] - Add Support for `compareDetectionStrategies` Mode (#2918) * Detector comparison mode * remove else * return error if results dont match * update default hidden flag to not scan entire chunks * fix tests * enhance encapsulation by including methods on DetectorMatch to handle merging and extracting * remove space * fix * update detector * updates * remove else * run comparison concurrently 2024-06-05 20:28:19 +00:00			`type Scanner struct{`
			`detectors.DefaultMultiPartCredentialProvider`
			`}`
added bitmex detector 2022-01-19 06:19:03 +00:00
Clean up comments. (#562) 2022-05-16 16:03:10 +00:00			`// Ensure the Scanner satisfies the interface at compile time.`
added bitmex detector 2022-01-19 06:19:03 +00:00			`var _ detectors.Detector = (*Scanner)(nil)`

			`var (`
			`client = common.SaneHttpClient()`

Clean up comments. (#562) 2022-05-16 16:03:10 +00:00			`// Make sure that your group is surrounded in boundary characters such as below to reduce false positives.`
added bitmex detector 2022-01-19 06:19:03 +00:00			keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"bitmex"}) + `([ \r\n]{1}[0-9a-zA-Z\-\_]{24}[ \r\n]{1})`)
			secretPat = regexp.MustCompile(detectors.PrefixRegex([]string{"bitmex"}) + `([ \r\n]{1}[0-9a-zA-Z\-\_]{48}[ \r\n]{1})`)
			`)`

			`// Keywords are used for efficiently pre-filtering chunks.`
			`// Use identifiers in the secret preferably, or the provider name.`
			`func (s Scanner) Keywords() []string {`
			`return []string{"bitmex"}`
			`}`

			`// FromData will find and optionally verify Bitmex secrets in a given set of bytes.`
			`func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (results []detectors.Result, err error) {`
			`dataStr := string(data)`

			`matches := keyPat.FindAllStringSubmatch(dataStr, -1)`
			`secretMatches := secretPat.FindAllStringSubmatch(dataStr, -1)`

			`for _, match := range matches {`
			`if len(match) != 2 {`
			`continue`
			`}`
			`resMatch := strings.TrimSpace(match[1])`

			`for _, secretMatch := range secretMatches {`
			`if len(secretMatch) != 2 {`
			`continue`
			`}`
			`resSecretMatch := strings.TrimSpace(secretMatch[1])`

			`s1 := detectors.Result{`
			`DetectorType: detectorspb.DetectorType_Bitmex,`
			`Raw: []byte(resSecretMatch),`
[Thog-628] update detector results hash v2 (#710) * Start updating detectors that have two part creds to record the raw result as ID + secret. * Add more detectors. * More detectors. * More detectors. * remove comment out imports. 2022-08-12 21:53:37 +00:00			`RawV2: []byte(resMatch + resSecretMatch),`
added bitmex detector 2022-01-19 06:19:03 +00:00			`}`

			`if verify {`

			`timestamp := strconv.FormatInt(time.Now().Unix()+5, 10)`
			`action := "GET"`
			`path := "/api/v1/user"`
			`payload := url.Values{}`

			`signature := getBitmexSignature(timestamp, resSecretMatch, action, path, payload.Encode())`

check request errors 2022-03-23 23:42:34 +00:00			`req, err := http.NewRequestWithContext(ctx, action, "https://www.bitmex.com"+path, strings.NewReader(payload.Encode()))`
			`if err != nil {`
			`continue`
			`}`
added bitmex detector 2022-01-19 06:19:03 +00:00			`req.Header.Add("api-expires", timestamp)`
			`req.Header.Add("api-key", resMatch)`
			`req.Header.Add("api-signature", signature)`
			`res, err := client.Do(req)`
			`if err == nil {`
			`defer res.Body.Close()`
			`if res.StatusCode >= 200 && res.StatusCode < 300 {`
			`s1.Verified = true`
			`}`
			`}`
			`}`

			`results = append(results, s1)`
			`}`
			`}`

[THOG-793] - Return all unverified results (#856) * Remove the check to filter and return only a single unverified result. * Revert "Remove the check to filter and return only a single unverified result." This reverts commit 494e432803e6389804d6f55b9444dcba62b81ffc. * Add new CLI flag to filter unverified results. 2022-10-31 16:36:10 +00:00			`return results, nil`
added bitmex detector 2022-01-19 06:19:03 +00:00			`}`

			`func getBitmexSignature(timeStamp string, secret string, action string, path string, payload string) string {`

			`mac := hmac.New(sha256.New, []byte(secret))`
			`mac.Write([]byte(action + path + timeStamp + payload))`
			`macsum := mac.Sum(nil)`
			`return hex.EncodeToString(macsum)`
			`}`
Add Type() to detector interface (#1088) * Add Type() to detector interface The goal here is to allow the detector type information to be used without the need for reflection. This could possibly allow us to more easily inject information into detectors or filter them out if necessary. Co-authored-by: ahmed <ahmed.zahran@trufflesec.com> * remove test detector --------- Co-authored-by: ahmed <ahmed.zahran@trufflesec.com> 2023-02-09 22:46:03 +00:00
			`func (s Scanner) Type() detectorspb.DetectorType {`
			`return detectorspb.DetectorType_Bitmex`
			`}`