trufflehog/pkg/detectors/newrelicpersonalapikey/newrelicpersonalapikey.go

package newrelicpersonalapikey

import (
	"context"
	regexp "github.com/wasilibs/go-re2"
	"net/http"
	"strings"

	"github.com/trufflesecurity/trufflehog/v3/pkg/common"
	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
)

type Scanner struct{}

// Ensure the Scanner satisfies the interface at compile time.
var _ detectors.Detector = (*Scanner)(nil)

var (
	client = common.SaneHttpClient()

	// Make sure that your group is surrounded in boundary characters such as below to reduce false positives.
	keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"newrelic"}) + `\b([A-Za-z0-9_\.]{4}-[A-Za-z0-9_\.]{42})\b`)
)

// Keywords are used for efficiently pre-filtering chunks.
// Use identifiers in the secret preferably, or the provider name.
func (s Scanner) Keywords() []string {
	return []string{"newrelic"}
}

// FromData will find and optionally verify NewRelicPersonalApiKey secrets in a given set of bytes.
func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (results []detectors.Result, err error) {
	dataStr := string(data)

	matches := keyPat.FindAllStringSubmatch(dataStr, -1)

	for _, match := range matches {
		if len(match) != 2 {
			continue
		}
		resMatch := strings.TrimSpace(match[1])

		s1 := detectors.Result{
			DetectorType: detectorspb.DetectorType_NewRelicPersonalApiKey,
			Raw:          []byte(resMatch),
		}

		if verify {
			req, err := http.NewRequestWithContext(ctx, "GET", "https://api.newrelic.com/v2/users.json", nil)
			reqEU, errEU := http.NewRequestWithContext(ctx, "GET", "https://api.eu.newrelic.com/v2/users.json", nil)
			if err != nil || errEU != nil {
				continue
			}
			req.Header.Add("X-Api-Key", resMatch)
			reqEU.Header.Add("X-Api-Key", resMatch)

			res, err := client.Do(req)
			resEU, errEU := client.Do(reqEU)

			if err == nil {
				defer res.Body.Close()
				if res.StatusCode >= 200 && res.StatusCode < 300 {
					s1.Verified = true
				}
			} else if errEU == nil {
				defer resEU.Body.Close()
				if resEU.StatusCode >= 200 && resEU.StatusCode < 300 {
					s1.Verified = true
				}
			}
		}

		results = append(results, s1)
	}

	return results, nil
}

func (s Scanner) Type() detectorspb.DetectorType {
	return detectorspb.DetectorType_NewRelicPersonalApiKey
}
added newrelicpersonalapikey detector 2022-01-19 06:19:10 +00:00			`package newrelicpersonalapikey`

			`import (`
			`"context"`
[feat] - Replace regexp pkg w/ go-re2 in detectors (#2324) * update detectors to use go-re regex library replacement * update go mod and sum * add tests with invalid utf-8 * revert 2024-01-23 21:16:22 +00:00			`regexp "github.com/wasilibs/go-re2"`
added newrelicpersonalapikey detector 2022-03-10 06:22:27 +00:00			`"net/http"`
added newrelicpersonalapikey detector 2022-01-19 06:19:10 +00:00			`"strings"`

module v3 2022-02-10 18:54:33 +00:00			`"github.com/trufflesecurity/trufflehog/v3/pkg/common"`
			`"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"`
			`"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"`
added newrelicpersonalapikey detector 2022-01-19 06:19:10 +00:00			`)`

			`type Scanner struct{}`

Clean up comments. (#562) 2022-05-16 16:03:10 +00:00			`// Ensure the Scanner satisfies the interface at compile time.`
added newrelicpersonalapikey detector 2022-01-19 06:19:10 +00:00			`var _ detectors.Detector = (*Scanner)(nil)`

			`var (`
			`client = common.SaneHttpClient()`

Clean up comments. (#562) 2022-05-16 16:03:10 +00:00			`// Make sure that your group is surrounded in boundary characters such as below to reduce false positives.`
added newrelicpersonalapikey detector 2022-01-19 06:19:10 +00:00			keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"newrelic"}) + `\b([A-Za-z0-9_\.]{4}-[A-Za-z0-9_\.]{42})\b`)
			`)`

			`// Keywords are used for efficiently pre-filtering chunks.`
			`// Use identifiers in the secret preferably, or the provider name.`
			`func (s Scanner) Keywords() []string {`
			`return []string{"newrelic"}`
			`}`

			`// FromData will find and optionally verify NewRelicPersonalApiKey secrets in a given set of bytes.`
			`func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (results []detectors.Result, err error) {`
			`dataStr := string(data)`

			`matches := keyPat.FindAllStringSubmatch(dataStr, -1)`

			`for _, match := range matches {`
			`if len(match) != 2 {`
			`continue`
			`}`
			`resMatch := strings.TrimSpace(match[1])`

			`s1 := detectors.Result{`
			`DetectorType: detectorspb.DetectorType_NewRelicPersonalApiKey,`
			`Raw: []byte(resMatch),`
			`}`

			`if verify {`
check request errors 2022-03-23 23:42:34 +00:00			`req, err := http.NewRequestWithContext(ctx, "GET", "https://api.newrelic.com/v2/users.json", nil)`
fix: NewRelic Detector: fallback to EU Api for verification (#1932) 2023-10-24 16:02:39 +00:00			`reqEU, errEU := http.NewRequestWithContext(ctx, "GET", "https://api.eu.newrelic.com/v2/users.json", nil)`
			`if err != nil \|\| errEU != nil {`
check request errors 2022-03-23 23:42:34 +00:00			`continue`
			`}`
[chore] Address more linter errors (#1134) * Address lint errors in detectors * Update deprecated ioutil call 2023-02-28 16:00:41 +00:00			`req.Header.Add("X-Api-Key", resMatch)`
fix: NewRelic Detector: fallback to EU Api for verification (#1932) 2023-10-24 16:02:39 +00:00			`reqEU.Header.Add("X-Api-Key", resMatch)`
[feat] - Replace regexp pkg w/ go-re2 in detectors (#2324) * update detectors to use go-re regex library replacement * update go mod and sum * add tests with invalid utf-8 * revert 2024-01-23 21:16:22 +00:00
added newrelicpersonalapikey detector 2022-01-19 06:19:10 +00:00			`res, err := client.Do(req)`
fix: NewRelic Detector: fallback to EU Api for verification (#1932) 2023-10-24 16:02:39 +00:00			`resEU, errEU := client.Do(reqEU)`

added newrelicpersonalapikey detector 2022-01-19 06:19:10 +00:00			`if err == nil {`
			`defer res.Body.Close()`
			`if res.StatusCode >= 200 && res.StatusCode < 300 {`
			`s1.Verified = true`
			`}`
fix: NewRelic Detector: fallback to EU Api for verification (#1932) 2023-10-24 16:02:39 +00:00			`} else if errEU == nil {`
			`defer resEU.Body.Close()`
			`if resEU.StatusCode >= 200 && resEU.StatusCode < 300 {`
			`s1.Verified = true`
			`}`
added newrelicpersonalapikey detector 2022-01-19 06:19:10 +00:00			`}`
			`}`

			`results = append(results, s1)`
			`}`

[THOG-793] - Return all unverified results (#856) * Remove the check to filter and return only a single unverified result. * Revert "Remove the check to filter and return only a single unverified result." This reverts commit 494e432803e6389804d6f55b9444dcba62b81ffc. * Add new CLI flag to filter unverified results. 2022-10-31 16:36:10 +00:00			`return results, nil`
added newrelicpersonalapikey detector 2022-01-19 06:19:10 +00:00			`}`
Add Type() to detector interface (#1088) * Add Type() to detector interface The goal here is to allow the detector type information to be used without the need for reflection. This could possibly allow us to more easily inject information into detectors or filter them out if necessary. Co-authored-by: ahmed <ahmed.zahran@trufflesec.com> * remove test detector --------- Co-authored-by: ahmed <ahmed.zahran@trufflesec.com> 2023-02-09 22:46:03 +00:00
			`func (s Scanner) Type() detectorspb.DetectorType {`
			`return detectorspb.DetectorType_NewRelicPersonalApiKey`
			`}`