Updated trufflehog sourcegraph secret format (#2254)

2024-11-10 15:14:38 +00:00 · 2024-01-06 11:48:41 -05:00 · 2024-01-06 11:48:41 -05:00 · e5289ac8e4
commit e5289ac8e4
parent 7365dba9c9
2 changed files with 18 additions and 5 deletions
--- a/pkg/detectors/sourcegraph/sourcegraph.go
+++ b/pkg/detectors/sourcegraph/sourcegraph.go
@ -22,7 +22,7 @@ var _ detectors.Detector = (*Scanner)(nil)
 var (
 	defaultClient = common.SaneHttpClient()
 	// Make sure that your group is surrounded in boundary characters such as below to reduce false positives.
-	keyPat = regexp.MustCompile(`\b(sgp_[a-f0-9]{40})\b`)
+	keyPat = regexp.MustCompile(`\b(sgp_(?:[a-fA-F0-9]{16}|local)_[a-fA-F0-9]{40}|sgp_[a-fA-F0-9]{40}|[a-fA-F0-9]{40})\b`)
 )

 // Keywords are used for efficiently pre-filtering chunks.
@ -47,6 +47,9 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 			DetectorType: detectorspb.DetectorType_Sourcegraph,
 			Raw:          []byte(resMatch),
 		}
+		s1.ExtraData = map[string]string{
+			"rotation_guide": "https://howtorotate.com/docs/tutorials/sourcegraph/",
+		}

 		if verify {
 			client := s.client
--- a/pkg/detectors/sourcegraph/sourcegraph_test.go
+++ b/pkg/detectors/sourcegraph/sourcegraph_test.go
@ -25,15 +25,24 @@ func TestSourcegraph_FromChunk(t *testing.T) {
 	if err != nil {
 		t.Fatalf("could not get test secrets from GCP: %s", err)
 	}
-	secret := testSecrets.MustGetField("SOURCEGRAPH")
-	inactiveSecret := testSecrets.MustGetField("SOURCEGRAPH_INACTIVE")
+
+	secretV1 := testSecrets.MustGetField("SOURCEGRAPH_V1")
+	secretV2 := testSecrets.MustGetField("SOURCEGRAPH_V2")
+	secretV3 := testSecrets.MustGetField("SOURCEGRAPH_V3")
+
+	inactiveSecretV1 := testSecrets.MustGetField("SOURCEGRAPH_INACTIVE_V1")
+	inactiveSecretV2 := testSecrets.MustGetField("SOURCEGRAPH_INACTIVE_V2")
+	inactiveSecretV3 := testSecrets.MustGetField("SOURCEGRAPH_INACTIVE_V3")
+
+	secrets := []string{secretV1, secretV2, secretV3, inactiveSecretV1, inactiveSecretV2, inactiveSecretV3}

 	type args struct {
 		ctx    context.Context
 		data   []byte
 		verify bool
 	}
-	tests := []struct {
+	for _, secret := range secrets {
+	tests = append(tests, []struct {
 		name                string
 		s                   Scanner
 		args                args
@ -122,6 +131,7 @@ func TestSourcegraph_FromChunk(t *testing.T) {
 			wantVerificationErr: true,
 		},
 	}
+}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			got, err := tt.s.FromData(tt.args.ctx, tt.args.verify, tt.args.data)
@ -137,7 +147,7 @@ func TestSourcegraph_FromChunk(t *testing.T) {
 					t.Fatalf("wantVerificationError = %v, verification error = %v", tt.wantVerificationErr, got[i].VerificationError())
 				}
 			}
-			ignoreOpts := cmpopts.IgnoreFields(detectors.Result{}, "Raw", "verificationError")
+			ignoreOpts := cmpopts.IgnoreFields(detectors.Result{}, "Raw", "VerificationError", "ExtraData")
 			if diff := cmp.Diff(got, tt.want, ignoreOpts); diff != "" {
 				t.Errorf("Sourcegraph.FromData() %s diff: (-got +want)\n%s", tt.name, diff)
 			}