↪️ Merge pull request #195 from adrianbn/add-artifactory-patterns

New Artifactory / Slack Patterns
Yelp · Jun 19, 2019 · a7daccc · a7daccc
2 parents eadaabe + b34dda6
commit a7daccc
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 4 deletions.
diff --git a/detect_secrets/plugins/artifactory.py b/detect_secrets/plugins/artifactory.py
@@ -11,7 +11,7 @@ class ArtifactoryDetector(RegexBasedDetector):
 
     denylist = [
         # artifactory tokens begin with AKC
-        re.compile(r'(?:\s|=|:|"|^)AKC\w{10,}'),    # api token
-        # artifactory encrypted passwords begin with AP6
-        re.compile(r'(?:\s|=|:|"|^)AP6\w{10,}'),    # password
+        re.compile(r'(?:\s|=|:|"|^)AKC[a-zA-Z0-9]{10,}'),    # api token
+        # artifactory encrypted passwords begin with AP[A-Z]
+        re.compile(r'(?:\s|=|:|"|^)AP[\dABCDEF][a-zA-Z0-9]{8,}'),    # password
     ]
diff --git a/detect_secrets/plugins/slack.py b/detect_secrets/plugins/slack.py
@@ -13,5 +13,13 @@ class SlackDetector(RegexBasedDetector):
     secret_type = 'Slack Token'
 
     denylist = (
+        # Slack Token
         re.compile(r'xox(?:a|b|p|o|s|r)-(?:\d+-)+[a-z0-9]+', flags=re.IGNORECASE),
+        # Slack Webhooks
+        re.compile(
+            r"""
+            https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}
+            """,
+            flags=re.IGNORECASE | re.VERBOSE,
+        ),
     )
diff --git a/tests/plugins/artifactory_test.py b/tests/plugins/artifactory_test.py
@@ -11,6 +11,11 @@ class TestArtifactoryDetector(object):
         'payload, should_flag',
         [
             ('AP6xxxxxxxxxx', True),
+            ('AP2xxxxxxxxxx', True),
+            ('AP3xxxxxxxxxx', True),
+            ('AP5xxxxxxxxxx', True),
+            ('APAxxxxxxxxxx', True),
+            ('APBxxxxxxxxxx', True),
             ('AKCxxxxxxxxxx', True),
             (' AP6xxxxxxxxxx', True),
             (' AKCxxxxxxxxxx', True),
@@ -28,7 +33,7 @@ class TestArtifactoryDetector(object):
             ('testAP6withinsomeirrelevantstring', False),
             ('X-JFrog-Art-Api: $API_KEY', False),
             ('X-JFrog-Art-Api: $PASSWORD', False),
-            ('artifactory:_password=AP6xxxxxxxx', False),
+            ('artifactory:_password=AP6xxxxxx', False),
             ('artifactory:_password=AKCxxxxxxxx', False),
         ],
     )

diff --git a/tests/plugins/slack_test.py b/tests/plugins/slack_test.py
@@ -33,6 +33,9 @@ class TestSlackDetector(object):
             (
                 'xoxb-34532454-e039d02840a0b9379c'
             ),
+            (
+                'https://hooks.slack.com/services/Txxxxxxxx/Bxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx'
+            ),
         ],
     )
     def test_analyze(self, file_content):