trufflehog/pkg/detectors/moderation/moderation.go

package moderation

import (
	"context"
	"fmt"
	"net/http"
	"strings"
	"time"

	regexp "github.com/wasilibs/go-re2"

	"github.com/trufflesecurity/trufflehog/v3/pkg/common"
	"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
)

type Scanner struct{}

// Ensure the Scanner satisfies the interface at compile time.
var _ detectors.Detector = (*Scanner)(nil)

var (
	client = common.SaneHttpClient()

	// Make sure that your group is surrounded in boundary characters such as below to reduce false positives.
	keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"moderation"}) + `\b([a-zA-Z0-9]{36}\.[a-zA-Z0-9]{115}\.[a-zA-Z0-9_]{43})\b`)
)

// Keywords are used for efficiently pre-filtering chunks.
// Use identifiers in the secret preferably, or the provider name.
func (s Scanner) Keywords() []string {
	return []string{"moderation"}
}

// FromData will find and optionally verify Moderation secrets in a given set of bytes.
func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (results []detectors.Result, err error) {
	dataStr := string(data)

	matches := keyPat.FindAllStringSubmatch(dataStr, -1)

	for _, match := range matches {
		if len(match) != 2 {
			continue
		}
		resMatch := strings.TrimSpace(match[1])

		s1 := detectors.Result{
			DetectorType: detectorspb.DetectorType_Moderation,
			Raw:          []byte(resMatch),
		}

		if verify {
			timeout := 5 * time.Second
			client.Timeout = timeout
			payload := strings.NewReader(`{"value": "This is an english text"}`)
			req, err := http.NewRequestWithContext(ctx, "POST", "https://moderationapi.com/api/v1/analyze/language", payload)
			if err != nil {
				continue
			}
			req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", resMatch))
			req.Header.Add("Content-type", "application/json")
			res, err := client.Do(req)

			if err == nil {
				defer res.Body.Close()
				if res.StatusCode >= 200 && res.StatusCode < 300 {
					s1.Verified = true
				}
			}
		}

		results = append(results, s1)
	}

	return results, nil
}

func (s Scanner) Type() detectorspb.DetectorType {
	return detectorspb.DetectorType_Moderation
}
added moderation detector 2022-03-10 06:22:26 +00:00			`package moderation`

			`import (`
			`"context"`
			`"fmt"`
			`"net/http"`
			`"strings"`
			`"time"`

[feat] - Optimize detector performance by reducing data passed to regex (#2812) * optimize maching detetors * update method name * updates * update naming * updates * update comment * updates * remove testcase * update default match len to 512 * update * update test * add support for multpart cred provider * add ability to scan entire chunk * encapsulate matches logic within FindDetectorMatches * use []byte directly * nil chunk data * use []byte * set hidden flag to true * remove * [refactor] - multi part detectors (#2906) * Detectors beginning w/ a * Detectors beginning w/ b * Detectors beginning w/ c * Detectors beginning w/ d * Detectors beginning w/ e * Detectors beginning w/ f * Detectors beginning w/ f&g * fix * Detectors beginning w/ i-l * Detectors beginning w/ m-p * Detectors beginning w/ r-s * Detectors beginning w/ t * Detectors beginning w/ u-z * revert alconst * remaining fixes * lint * [feat] - Add Support for `compareDetectionStrategies` Mode (#2918) * Detector comparison mode * remove else * return error if results dont match * update default hidden flag to not scan entire chunks * fix tests * enhance encapsulation by including methods on DetectorMatch to handle merging and extracting * remove space * fix * update detector * updates * remove else * run comparison concurrently 2024-06-05 20:28:19 +00:00			`regexp "github.com/wasilibs/go-re2"`

added moderation detector 2022-03-10 06:22:26 +00:00			`"github.com/trufflesecurity/trufflehog/v3/pkg/common"`
			`"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"`
			`"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"`
			`)`

			`type Scanner struct{}`

Clean up comments. (#562) 2022-05-16 16:03:10 +00:00			`// Ensure the Scanner satisfies the interface at compile time.`
added moderation detector 2022-03-10 06:22:26 +00:00			`var _ detectors.Detector = (*Scanner)(nil)`

			`var (`
			`client = common.SaneHttpClient()`

Clean up comments. (#562) 2022-05-16 16:03:10 +00:00			`// Make sure that your group is surrounded in boundary characters such as below to reduce false positives.`
added moderation detector 2022-03-10 06:22:26 +00:00			keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"moderation"}) + `\b([a-zA-Z0-9]{36}\.[a-zA-Z0-9]{115}\.[a-zA-Z0-9_]{43})\b`)
			`)`

			`// Keywords are used for efficiently pre-filtering chunks.`
			`// Use identifiers in the secret preferably, or the provider name.`
			`func (s Scanner) Keywords() []string {`
			`return []string{"moderation"}`
			`}`

			`// FromData will find and optionally verify Moderation secrets in a given set of bytes.`
			`func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (results []detectors.Result, err error) {`
			`dataStr := string(data)`

			`matches := keyPat.FindAllStringSubmatch(dataStr, -1)`

			`for _, match := range matches {`
			`if len(match) != 2 {`
			`continue`
			`}`
			`resMatch := strings.TrimSpace(match[1])`

			`s1 := detectors.Result{`
			`DetectorType: detectorspb.DetectorType_Moderation,`
			`Raw: []byte(resMatch),`
			`}`

			`if verify {`
			`timeout := 5 * time.Second`
			`client.Timeout = timeout`
			payload := strings.NewReader(`{"value": "This is an english text"}`)
check request errors 2022-03-23 23:42:34 +00:00			`req, err := http.NewRequestWithContext(ctx, "POST", "https://moderationapi.com/api/v1/analyze/language", payload)`
			`if err != nil {`
			`continue`
			`}`
added moderation detector 2022-03-10 06:22:26 +00:00			`req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", resMatch))`
			`req.Header.Add("Content-type", "application/json")`
			`res, err := client.Do(req)`

			`if err == nil {`
			`defer res.Body.Close()`
			`if res.StatusCode >= 200 && res.StatusCode < 300 {`
			`s1.Verified = true`
			`}`
			`}`
			`}`

			`results = append(results, s1)`
			`}`

[THOG-793] - Return all unverified results (#856) * Remove the check to filter and return only a single unverified result. * Revert "Remove the check to filter and return only a single unverified result." This reverts commit 494e432803e6389804d6f55b9444dcba62b81ffc. * Add new CLI flag to filter unverified results. 2022-10-31 16:36:10 +00:00			`return results, nil`
added moderation detector 2022-03-10 06:22:26 +00:00			`}`
Add Type() to detector interface (#1088) * Add Type() to detector interface The goal here is to allow the detector type information to be used without the need for reflection. This could possibly allow us to more easily inject information into detectors or filter them out if necessary. Co-authored-by: ahmed <ahmed.zahran@trufflesec.com> * remove test detector --------- Co-authored-by: ahmed <ahmed.zahran@trufflesec.com> 2023-02-09 22:46:03 +00:00
			`func (s Scanner) Type() detectorspb.DetectorType {`
			`return detectorspb.DetectorType_Moderation`
			`}`