From be5d68c5a04b5609deac0ca001310e4dcb17f63e Mon Sep 17 00:00:00 2001
From: kagahd <kay.agahd@idealo.de>
Date: Tue, 14 Jan 2025 09:34:10 +0100
Subject: [PATCH 1/4] add a detector for Aiven token

---
 CHANGELOG.md                          |  8 ++++++++
 README.md                             |  1 +
 detect_secrets/plugins/aiven_token.py | 16 ++++++++++++++++
 tests/plugins/aiven_token_test.py     | 24 ++++++++++++++++++++++++
 4 files changed, 49 insertions(+)
 create mode 100644 detect_secrets/plugins/aiven_token.py
 create mode 100644 tests/plugins/aiven_token_test.py

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 47935533e..61bc0204f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -25,6 +25,14 @@ If you love `detect-secrets`, please star our project on GitHub to show your sup
 [@xxxx]: https://github.com/xxxx
 -->
 
+<!--
+### Unreleased
+##### January 14th, 2025
+#### :tada: New Features
+- Added a detector for Aiven token ([#tba])
+[#tba]: https://github.com/Yelp/detect-secrets/pull/tba
+-->
+
 ### v1.5.0
 ##### May 6th, 2024
 
diff --git a/README.md b/README.md
index 1a08f131c..6df781277 100644
--- a/README.md
+++ b/README.md
@@ -91,6 +91,7 @@ $ git ls-files -z | xargs -0 detect-secrets-hook --baseline .secrets.baseline
 
 ```bash
 $ detect-secrets scan --list-all-plugins
+AivenTokenDetector
 ArtifactoryDetector
 AWSKeyDetector
 AzureStorageKeyDetector
diff --git a/detect_secrets/plugins/aiven_token.py b/detect_secrets/plugins/aiven_token.py
new file mode 100644
index 000000000..d24d23992
--- /dev/null
+++ b/detect_secrets/plugins/aiven_token.py
@@ -0,0 +1,16 @@
+"""
+This plugin searches for Aiven tokens
+"""
+import re
+
+from detect_secrets.plugins.base import RegexBasedDetector
+
+
+class AivenTokenDetector(RegexBasedDetector):
+    """Scans for Aiven tokens."""
+    secret_type = 'Aiven Token'
+
+    denylist = [
+        # Aiven tokens follow the pattern: AVNS_<alphanumeric and underscores with a minimum length of 8>
+        re.compile(r'AVNS_[A-Za-z0-9_]{8,}'),
+    ]
diff --git a/tests/plugins/aiven_token_test.py b/tests/plugins/aiven_token_test.py
new file mode 100644
index 000000000..610ecbc69
--- /dev/null
+++ b/tests/plugins/aiven_token_test.py
@@ -0,0 +1,24 @@
+import pytest
+
+from detect_secrets.plugins.aiven_token import AivenTokenDetector
+
+
+class TestAivenTokenDetector:
+
+    @pytest.mark.parametrize(
+        'payload, should_flag',
+        [
+            ('AVNS_4Yt6Gdnjcs8ivIlYSFU', True),
+            ('AVNS_D0j9bUsCyQ3s67T', True),
+            ('AVNS_LaGqz39AC', True),
+            ('AVNS_RaFIf_JzHxFXlKs', True),
+            ('AVNS_UahLjsENr4QexJ1', True),
+            ('foo', False),
+            ('AVNS_', False),  # Incomplete token
+            ('AVNS12345678', False),  # Missing underscore
+        ],
+    )
+    def test_analyze(self, payload, should_flag):
+        logic = AivenTokenDetector()
+        output = logic.analyze_line(filename='mock_filename', line=payload)
+        assert len(output) == int(should_flag)

From 5f758d291a18f9e90f317ad1776342e7ea0933cc Mon Sep 17 00:00:00 2001
From: kagahd <kay.agahd@idealo.de>
Date: Tue, 14 Jan 2025 09:43:03 +0100
Subject: [PATCH 2/4] add ref to PR

---
 CHANGELOG.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 61bc0204f..9198654c4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -29,8 +29,8 @@ If you love `detect-secrets`, please star our project on GitHub to show your sup
 ### Unreleased
 ##### January 14th, 2025
 #### :tada: New Features
-- Added a detector for Aiven token ([#tba])
-[#tba]: https://github.com/Yelp/detect-secrets/pull/tba
+- Added a detector for Aiven token ([#910])
+[#910]: https://github.com/Yelp/detect-secrets/pull/910
 -->
 
 ### v1.5.0

From c999cb7cccfa3a3bcf6e11eb45c9d7c594c06b57 Mon Sep 17 00:00:00 2001
From: kagahd <kay.agahd@idealo.de>
Date: Fri, 24 Jan 2025 17:39:25 +0100
Subject: [PATCH 3/4] make regexp easier

---
 detect_secrets/plugins/aiven_token.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/detect_secrets/plugins/aiven_token.py b/detect_secrets/plugins/aiven_token.py
index d24d23992..b730d51f2 100644
--- a/detect_secrets/plugins/aiven_token.py
+++ b/detect_secrets/plugins/aiven_token.py
@@ -12,5 +12,5 @@ class AivenTokenDetector(RegexBasedDetector):
 
     denylist = [
         # Aiven tokens follow the pattern: AVNS_<alphanumeric and underscores with a minimum length of 8>
-        re.compile(r'AVNS_[A-Za-z0-9_]{8,}'),
+        re.compile(r'AVNS_[\w]{8,}'),
     ]

From 0e8649855ed6cef7ee88a4a46782b25c46c7e2fe Mon Sep 17 00:00:00 2001
From: kagahd <kay.agahd@idealo.de>
Date: Fri, 24 Jan 2025 17:39:43 +0100
Subject: [PATCH 4/4] add unit test

---
 tests/plugins/aiven_token_test.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/plugins/aiven_token_test.py b/tests/plugins/aiven_token_test.py
index 610ecbc69..f91b60df4 100644
--- a/tests/plugins/aiven_token_test.py
+++ b/tests/plugins/aiven_token_test.py
@@ -16,6 +16,7 @@ class TestAivenTokenDetector:
             ('foo', False),
             ('AVNS_', False),  # Incomplete token
             ('AVNS12345678', False),  # Missing underscore
+            ('AVNS_UahLjs', False),  # Too short
         ],
     )
     def test_analyze(self, payload, should_flag):