Make OpenAI regex more specific (#1345)

2024-11-10 07:04:24 +00:00 · 2023-05-22 09:39:18 -05:00 · 2023-05-22 09:39:18 -05:00 · 3ab864aca9
commit 3ab864aca9
parent 9cc3d05c31
1 changed files with 5 additions and 6 deletions
--- a/pkg/detectors/openai/openai.go
+++ b/pkg/detectors/openai/openai.go
@ -19,9 +19,8 @@ type Scanner struct{}
 // Ensure the Scanner satisfies the interface at compile time.
 var _ detectors.Detector = (*Scanner)(nil)

-var (
-	keyPat = regexp.MustCompile(`\b((?:sk)-[a-zA-Z0-9]{48})\b`)
-)
+// The magic string T3BlbkFJ is the base64-encoded string: OpenAI
+var keyPat = regexp.MustCompile(`\b(sk-[[:alnum:]]{20}T3BlbkFJ[[:alnum:]]{20})\b`)

 // TODO: Add secret context?? Information about access, ownership etc
 type orgResponse struct {
@ -29,7 +28,7 @@ type orgResponse struct {
 }

 type organization struct {
-	Id          string `json:"id"`
+	ID          string `json:"id"`
 	Title       string `json:"title"`
 	User        string `json:"name"`
 	Description string `json:"description"`
@ -41,7 +40,7 @@ type organization struct {
 // Keywords are used for efficiently pre-filtering chunks.
 // Use identifiers in the secret preferably, or the provider name.
 func (s Scanner) Keywords() []string {
-	return []string{"sk-"}
+	return []string{"T3BlbkFJ"}
 }

 // FromData will find and optionally verify OpenAI secrets in a given set of bytes.
@ -84,7 +83,7 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 						s1.Verified = true
 						org := orgs.Data[0]
 						s1.ExtraData = map[string]string{
-							"id":          org.Id,
+							"id":          org.ID,
 							"title":       org.Title,
 							"user":        org.User,
 							"description": org.Description,