Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

improved the agora detector #3360

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 18 additions & 9 deletions pkg/detectors/agora/agora.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,8 @@ var (
defaultClient = common.SaneHttpClient()

// Make sure that your group is surrounded in boundary characters such as below to reduce false positives.
keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"agora"}) + `\b([a-z0-9]{32})\b`)
secretPat = regexp.MustCompile(detectors.PrefixRegex([]string{"agora"}) + `\b([a-z0-9]{32})\b`)
keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"agora", "key", "token"}) + `\b([a-z0-9]{32})\b`)
secretPat = regexp.MustCompile(detectors.PrefixRegex([]string{"agora", "secret"}) + `\b([a-z0-9]{32})\b`)
)

// Keywords are used for efficiently pre-filtering chunks.
Expand All @@ -48,21 +48,30 @@ func (s Scanner) getClient() *http.Client {
func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (results []detectors.Result, err error) {
dataStr := string(data)

matches := keyPat.FindAllStringSubmatch(dataStr, -1)
keyMatches := keyPat.FindAllStringSubmatch(dataStr, -1)
secretMatches := secretPat.FindAllStringSubmatch(dataStr, -1)

for _, match := range matches {
if len(match) != 2 {
for _, keyMatch := range keyMatches {
if len(keyMatch) != 2 {
continue
}

resMatch := strings.TrimSpace(match[1])
resMatch := strings.TrimSpace(keyMatch[1])

for _, secret := range secretMatches {
if len(secret) != 2 {
for _, secretMatch := range secretMatches {
if len(secretMatch) != 2 {
continue
}

resSecret := strings.TrimSpace(secretMatch[1])

/*
as both agora key and secretMatch has same regex, the set of strings keyMatch for both probably me same.
we need to avoid the scenario where key is same as secretMatch. This will reduce the number of matches we process.
*/
if resMatch == resSecret {
continue
}
resSecret := strings.TrimSpace(secret[1])

s1 := detectors.Result{
DetectorType: detectorspb.DetectorType_Agora,
Expand Down
30 changes: 21 additions & 9 deletions pkg/detectors/agora/agora_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ package agora
import (
"context"
"fmt"
"strings"
"testing"

"github.com/google/go-cmp/cmp"
Expand All @@ -13,7 +12,15 @@ import (
)

var (
validPattern = "asdf0987mnbv1234qsxojb6ygb2wsx0o/beqr7215fr4g6bfjkmnvxrtygb2wsxap"
validKeyPattern = "asdf0987mnbv1234qsxojb6ygb2wsx0o"
validSecretPattern = "beqr7215fr4g6bfjkmnvxrtygb2wsxap"
complexPattern = `agora credentials
these are some example credentails for login.
use these to login.
key: asdf0987mnbv1234qsxojb6ygb2wsx0o
secret: beqr7215fr4g6bfjkmnvxrtygb2wsxap
loginUrl: https://www.agora.com/example_login
`
invalidPattern = "asdf0987mNbv1234qsxojb6ygb2w$x0o/beqr7215fr4g6bfjkmnVxrtygb2wsxap"
)

Expand All @@ -28,23 +35,28 @@ func TestAgora_Pattern(t *testing.T) {
}{
{
name: "valid pattern",
input: fmt.Sprintf("agora = '%s'", validPattern),
want: []string{"asdf0987mnbv1234qsxojb6ygb2wsx0oasdf0987mnbv1234qsxojb6ygb2wsx0o"},
input: fmt.Sprintf("agora key='%s' - secret='%s'", validKeyPattern, validSecretPattern),
want: []string{validKeyPattern + validSecretPattern},
},
{
name: "valid complex pattern",
input: fmt.Sprintf("agora data='%s'", complexPattern),
want: []string{validKeyPattern + validSecretPattern},
},
{
name: "valid pattern - out of prefix range",
input: fmt.Sprintf("agora keyword is not close to the real key and secret = '%s'", validPattern),
input: fmt.Sprintf("agora keyword is not close to the real key or secret = '%s|%s'", validKeyPattern, validSecretPattern),
want: nil,
},
{
name: "valid pattern - only key",
input: fmt.Sprintf("agora %s", strings.Split(validPattern, "/")[0]),
want: []string{"asdf0987mnbv1234qsxojb6ygb2wsx0oasdf0987mnbv1234qsxojb6ygb2wsx0o"},
input: fmt.Sprintf("agora key%s", validKeyPattern),
want: nil,
},
{
name: "valid pattern - only secret",
input: fmt.Sprintf("agora %s", strings.Split(validPattern, "/")[1]),
want: []string{"beqr7215fr4g6bfjkmnvxrtygb2wsxapbeqr7215fr4g6bfjkmnvxrtygb2wsxap"},
input: fmt.Sprintf("agora secret%s", validSecretPattern),
want: nil,
},
{
name: "invalid pattern",
Expand Down
Loading