diff --git a/pkg/detectors/agora/agora.go b/pkg/detectors/agora/agora.go index 95ca02263136..d2da6f1eca74 100644 --- a/pkg/detectors/agora/agora.go +++ b/pkg/detectors/agora/agora.go @@ -27,8 +27,8 @@ var ( defaultClient = common.SaneHttpClient() // Make sure that your group is surrounded in boundary characters such as below to reduce false positives. - keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"agora"}) + `\b([a-z0-9]{32})\b`) - secretPat = regexp.MustCompile(detectors.PrefixRegex([]string{"agora"}) + `\b([a-z0-9]{32})\b`) + keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"agora", "key", "token"}) + `\b([a-z0-9]{32})\b`) + secretPat = regexp.MustCompile(detectors.PrefixRegex([]string{"agora", "secret"}) + `\b([a-z0-9]{32})\b`) ) // Keywords are used for efficiently pre-filtering chunks. @@ -48,21 +48,30 @@ func (s Scanner) getClient() *http.Client { func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (results []detectors.Result, err error) { dataStr := string(data) - matches := keyPat.FindAllStringSubmatch(dataStr, -1) + keyMatches := keyPat.FindAllStringSubmatch(dataStr, -1) secretMatches := secretPat.FindAllStringSubmatch(dataStr, -1) - for _, match := range matches { - if len(match) != 2 { + for _, keyMatch := range keyMatches { + if len(keyMatch) != 2 { continue } - resMatch := strings.TrimSpace(match[1]) + resMatch := strings.TrimSpace(keyMatch[1]) - for _, secret := range secretMatches { - if len(secret) != 2 { + for _, secretMatch := range secretMatches { + if len(secretMatch) != 2 { + continue + } + + resSecret := strings.TrimSpace(secretMatch[1]) + + /* + as both agora key and secretMatch has same regex, the set of strings keyMatch for both probably me same. + we need to avoid the scenario where key is same as secretMatch. This will reduce the number of matches we process. + */ + if resMatch == resSecret { continue } - resSecret := strings.TrimSpace(secret[1]) s1 := detectors.Result{ DetectorType: detectorspb.DetectorType_Agora, diff --git a/pkg/detectors/agora/agora_test.go b/pkg/detectors/agora/agora_test.go index 4a16637fea33..d515b8d0d004 100644 --- a/pkg/detectors/agora/agora_test.go +++ b/pkg/detectors/agora/agora_test.go @@ -3,7 +3,6 @@ package agora import ( "context" "fmt" - "strings" "testing" "github.com/google/go-cmp/cmp" @@ -13,7 +12,15 @@ import ( ) var ( - validPattern = "asdf0987mnbv1234qsxojb6ygb2wsx0o/beqr7215fr4g6bfjkmnvxrtygb2wsxap" + validKeyPattern = "asdf0987mnbv1234qsxojb6ygb2wsx0o" + validSecretPattern = "beqr7215fr4g6bfjkmnvxrtygb2wsxap" + complexPattern = `agora credentials + these are some example credentails for login. + use these to login. + key: asdf0987mnbv1234qsxojb6ygb2wsx0o + secret: beqr7215fr4g6bfjkmnvxrtygb2wsxap + loginUrl: https://www.agora.com/example_login + ` invalidPattern = "asdf0987mNbv1234qsxojb6ygb2w$x0o/beqr7215fr4g6bfjkmnVxrtygb2wsxap" ) @@ -28,23 +35,28 @@ func TestAgora_Pattern(t *testing.T) { }{ { name: "valid pattern", - input: fmt.Sprintf("agora = '%s'", validPattern), - want: []string{"asdf0987mnbv1234qsxojb6ygb2wsx0oasdf0987mnbv1234qsxojb6ygb2wsx0o"}, + input: fmt.Sprintf("agora key='%s' - secret='%s'", validKeyPattern, validSecretPattern), + want: []string{validKeyPattern + validSecretPattern}, + }, + { + name: "valid complex pattern", + input: fmt.Sprintf("agora data='%s'", complexPattern), + want: []string{validKeyPattern + validSecretPattern}, }, { name: "valid pattern - out of prefix range", - input: fmt.Sprintf("agora keyword is not close to the real key and secret = '%s'", validPattern), + input: fmt.Sprintf("agora keyword is not close to the real key or secret = '%s|%s'", validKeyPattern, validSecretPattern), want: nil, }, { name: "valid pattern - only key", - input: fmt.Sprintf("agora %s", strings.Split(validPattern, "/")[0]), - want: []string{"asdf0987mnbv1234qsxojb6ygb2wsx0oasdf0987mnbv1234qsxojb6ygb2wsx0o"}, + input: fmt.Sprintf("agora key%s", validKeyPattern), + want: nil, }, { name: "valid pattern - only secret", - input: fmt.Sprintf("agora %s", strings.Split(validPattern, "/")[1]), - want: []string{"beqr7215fr4g6bfjkmnvxrtygb2wsxapbeqr7215fr4g6bfjkmnvxrtygb2wsxap"}, + input: fmt.Sprintf("agora secret%s", validSecretPattern), + want: nil, }, { name: "invalid pattern",