From 9e88cdf625a2fc0856e8eaf69b75979110ac90bd Mon Sep 17 00:00:00 2001
From: Dustin Decker <dustin@trufflesec.com>
Date: Mon, 20 Nov 2023 13:55:16 -0800
Subject: [PATCH] add extra data to github detector (#1909)

* add extra data to github detector

* Add verification error
---
 pkg/detectors/github/github.go         |  3 ++
 pkg/detectors/github/github_test.go    | 45 ++++++++++++++++++++++++++
 pkg/detectors/github_old/github_old.go | 12 +++++++
 3 files changed, 60 insertions(+)

diff --git a/pkg/detectors/github/github.go b/pkg/detectors/github/github.go
index 804f90c1b..c0d07e72d 100644
--- a/pkg/detectors/github/github.go
+++ b/pkg/detectors/github/github.go
@@ -97,8 +97,11 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 							s1.ExtraData["site_admin"] = fmt.Sprintf("%t", userResponse.SiteAdmin)
 							s1.ExtraData["name"] = userResponse.Name
 							s1.ExtraData["company"] = userResponse.Company
+							s1.ExtraData["scopes"] = res.Header.Get("X-OAuth-Scopes")
 						}
 					}
+				} else {
+					s1.VerificationError = err
 				}
 			}
 		}
diff --git a/pkg/detectors/github/github_test.go b/pkg/detectors/github/github_test.go
index 202e00e5e..488c5e136 100644
--- a/pkg/detectors/github/github_test.go
+++ b/pkg/detectors/github/github_test.go
@@ -28,6 +28,7 @@ func TestGitHub_FromChunk(t *testing.T) {
 	unverifiedGhu := testSecrets.MustGetField("GITHUB_UNVERIFIED_GHU")
 	unverifiedGhs := testSecrets.MustGetField("GITHUB_UNVERIFIED_GHS")
 	unverifiedGhr := testSecrets.MustGetField("GITHUB_UNVERIFIED_GHR")
+	verifiedGhp := testSecrets.MustGetField("GITHUB_VERIFIED_GHP")
 
 	type args struct {
 		ctx    context.Context
@@ -41,6 +42,32 @@ func TestGitHub_FromChunk(t *testing.T) {
 		want    []detectors.Result
 		wantErr bool
 	}{
+		{
+			name: "found, verified ghp",
+			s:    Scanner{},
+			args: args{
+				ctx:    context.Background(),
+				data:   []byte(fmt.Sprintf("You can find a github secret %s within", verifiedGhp)),
+				verify: true,
+			},
+			want: []detectors.Result{
+				{
+					DetectorType: detectorspb.DetectorType_Github,
+					Verified:     true,
+					ExtraData: map[string]string{
+						"account_type":   "User",
+						"company":        "",
+						"name":           "",
+						"rotation_guide": "https://howtorotate.com/docs/tutorials/github/",
+						"scopes":         "notifications",
+						"site_admin":     "false",
+						"url":            "https://github.com/truffle-sandbox",
+						"username":       "truffle-sandbox",
+					},
+				},
+			},
+			wantErr: false,
+		},
 		{
 			name: "found, unverified ghp",
 			s:    Scanner{},
@@ -53,6 +80,9 @@ func TestGitHub_FromChunk(t *testing.T) {
 				{
 					DetectorType: detectorspb.DetectorType_Github,
 					Verified:     false,
+					ExtraData: map[string]string{
+						"rotation_guide": "https://howtorotate.com/docs/tutorials/github/",
+					},
 				},
 			},
 			wantErr: false,
@@ -69,6 +99,9 @@ func TestGitHub_FromChunk(t *testing.T) {
 				{
 					DetectorType: detectorspb.DetectorType_Github,
 					Verified:     false,
+					ExtraData: map[string]string{
+						"rotation_guide": "https://howtorotate.com/docs/tutorials/github/",
+					},
 				},
 			},
 			wantErr: false,
@@ -85,6 +118,9 @@ func TestGitHub_FromChunk(t *testing.T) {
 				{
 					DetectorType: detectorspb.DetectorType_Github,
 					Verified:     false,
+					ExtraData: map[string]string{
+						"rotation_guide": "https://howtorotate.com/docs/tutorials/github/",
+					},
 				},
 			},
 			wantErr: false,
@@ -101,6 +137,9 @@ func TestGitHub_FromChunk(t *testing.T) {
 				{
 					DetectorType: detectorspb.DetectorType_Github,
 					Verified:     false,
+					ExtraData: map[string]string{
+						"rotation_guide": "https://howtorotate.com/docs/tutorials/github/",
+					},
 				},
 			},
 			wantErr: false,
@@ -117,6 +156,9 @@ func TestGitHub_FromChunk(t *testing.T) {
 				{
 					DetectorType: detectorspb.DetectorType_Github,
 					Verified:     false,
+					ExtraData: map[string]string{
+						"rotation_guide": "https://howtorotate.com/docs/tutorials/github/",
+					},
 				},
 			},
 			wantErr: false,
@@ -133,6 +175,9 @@ func TestGitHub_FromChunk(t *testing.T) {
 				{
 					DetectorType: detectorspb.DetectorType_Github,
 					Verified:     false,
+					ExtraData: map[string]string{
+						"rotation_guide": "https://howtorotate.com/docs/tutorials/github/",
+					},
 				},
 			},
 			wantErr: false,
diff --git a/pkg/detectors/github_old/github_old.go b/pkg/detectors/github_old/github_old.go
index 21cbc9678..b5edc1596 100644
--- a/pkg/detectors/github_old/github_old.go
+++ b/pkg/detectors/github_old/github_old.go
@@ -38,6 +38,7 @@ type userRes struct {
 	SiteAdmin bool   `json:"site_admin"`
 	Name      string `json:"name"`
 	Company   string `json:"company"`
+	UserURL   string `json:"html_url"`
 }
 
 // Keywords are used for efficiently pre-filtering chunks.
@@ -91,6 +92,17 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 						res.Body.Close()
 						if err == nil {
 							s1.Verified = true
+
+							if err == nil {
+								s1.Verified = true
+								s1.ExtraData["username"] = userResponse.Login
+								s1.ExtraData["url"] = userResponse.UserURL
+								s1.ExtraData["account_type"] = userResponse.Type
+								s1.ExtraData["site_admin"] = fmt.Sprintf("%t", userResponse.SiteAdmin)
+								s1.ExtraData["name"] = userResponse.Name
+								s1.ExtraData["company"] = userResponse.Company
+								s1.ExtraData["scopes"] = res.Header.Get("X-OAuth-Scopes")
+							}
 						}
 					}
 				}