add extra data to github detector (#1909)

* add extra data to github detector * Add verification error
trufflesecurity · Nov 20, 2023 · 9e88cdf · 9e88cdf
1 parent cd9c1ae
commit 9e88cdf
Show file tree

Hide file tree

Showing 3 changed files with 60 additions and 0 deletions.
diff --git a/pkg/detectors/github/github.go b/pkg/detectors/github/github.go
@@ -97,8 +97,11 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 							s1.ExtraData["site_admin"] = fmt.Sprintf("%t", userResponse.SiteAdmin)
 							s1.ExtraData["name"] = userResponse.Name
 							s1.ExtraData["company"] = userResponse.Company
+							s1.ExtraData["scopes"] = res.Header.Get("X-OAuth-Scopes")
 						}
 					}
+				} else {
+					s1.VerificationError = err
 				}
 			}
 		}

diff --git a/pkg/detectors/github/github_test.go b/pkg/detectors/github/github_test.go
@@ -28,6 +28,7 @@ func TestGitHub_FromChunk(t *testing.T) {
 	unverifiedGhu := testSecrets.MustGetField("GITHUB_UNVERIFIED_GHU")
 	unverifiedGhs := testSecrets.MustGetField("GITHUB_UNVERIFIED_GHS")
 	unverifiedGhr := testSecrets.MustGetField("GITHUB_UNVERIFIED_GHR")
+	verifiedGhp := testSecrets.MustGetField("GITHUB_VERIFIED_GHP")
 
 	type args struct {
 		ctx    context.Context
@@ -41,6 +42,32 @@ func TestGitHub_FromChunk(t *testing.T) {
 		want    []detectors.Result
 		wantErr bool
 	}{
+		{
+			name: "found, verified ghp",
+			s:    Scanner{},
+			args: args{
+				ctx:    context.Background(),
+				data:   []byte(fmt.Sprintf("You can find a github secret %s within", verifiedGhp)),
+				verify: true,
+			},
+			want: []detectors.Result{
+				{
+					DetectorType: detectorspb.DetectorType_Github,
+					Verified:     true,
+					ExtraData: map[string]string{
+						"account_type":   "User",
+						"company":        "",
+						"name":           "",
+						"rotation_guide": "https://howtorotate.com/docs/tutorials/github/",
+						"scopes":         "notifications",
+						"site_admin":     "false",
+						"url":            "https://github.com/truffle-sandbox",
+						"username":       "truffle-sandbox",
+					},
+				},
+			},
+			wantErr: false,
+		},
 		{
 			name: "found, unverified ghp",
 			s:    Scanner{},
@@ -53,6 +80,9 @@ func TestGitHub_FromChunk(t *testing.T) {
 				{
 					DetectorType: detectorspb.DetectorType_Github,
 					Verified:     false,
+					ExtraData: map[string]string{
+						"rotation_guide": "https://howtorotate.com/docs/tutorials/github/",
+					},
 				},
 			},
 			wantErr: false,
@@ -69,6 +99,9 @@ func TestGitHub_FromChunk(t *testing.T) {
 				{
 					DetectorType: detectorspb.DetectorType_Github,
 					Verified:     false,
+					ExtraData: map[string]string{
+						"rotation_guide": "https://howtorotate.com/docs/tutorials/github/",
+					},
 				},
 			},
 			wantErr: false,
@@ -85,6 +118,9 @@ func TestGitHub_FromChunk(t *testing.T) {
 				{
 					DetectorType: detectorspb.DetectorType_Github,
 					Verified:     false,
+					ExtraData: map[string]string{
+						"rotation_guide": "https://howtorotate.com/docs/tutorials/github/",
+					},
 				},
 			},
 			wantErr: false,
@@ -101,6 +137,9 @@ func TestGitHub_FromChunk(t *testing.T) {
 				{
 					DetectorType: detectorspb.DetectorType_Github,
 					Verified:     false,
+					ExtraData: map[string]string{
+						"rotation_guide": "https://howtorotate.com/docs/tutorials/github/",
+					},
 				},
 			},
 			wantErr: false,
@@ -117,6 +156,9 @@ func TestGitHub_FromChunk(t *testing.T) {
 				{
 					DetectorType: detectorspb.DetectorType_Github,
 					Verified:     false,
+					ExtraData: map[string]string{
+						"rotation_guide": "https://howtorotate.com/docs/tutorials/github/",
+					},
 				},
 			},
 			wantErr: false,
@@ -133,6 +175,9 @@ func TestGitHub_FromChunk(t *testing.T) {
 				{
 					DetectorType: detectorspb.DetectorType_Github,
 					Verified:     false,
+					ExtraData: map[string]string{
+						"rotation_guide": "https://howtorotate.com/docs/tutorials/github/",
+					},
 				},
 			},
 			wantErr: false,

diff --git a/pkg/detectors/github_old/github_old.go b/pkg/detectors/github_old/github_old.go
@@ -38,6 +38,7 @@ type userRes struct {
 	SiteAdmin bool   `json:"site_admin"`
 	Name      string `json:"name"`
 	Company   string `json:"company"`
+	UserURL   string `json:"html_url"`
 }
 
 // Keywords are used for efficiently pre-filtering chunks.
@@ -91,6 +92,17 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 						res.Body.Close()
 						if err == nil {
 							s1.Verified = true
+
+							if err == nil {
+								s1.Verified = true
+								s1.ExtraData["username"] = userResponse.Login
+								s1.ExtraData["url"] = userResponse.UserURL
+								s1.ExtraData["account_type"] = userResponse.Type
+								s1.ExtraData["site_admin"] = fmt.Sprintf("%t", userResponse.SiteAdmin)
+								s1.ExtraData["name"] = userResponse.Name
+								s1.ExtraData["company"] = userResponse.Company
+								s1.ExtraData["scopes"] = res.Header.Get("X-OAuth-Scopes")
+							}
 						}
 					}
 				}