New Artifactory / Slack Patterns

The modifications in this PR are twofold:

1. Add ability to detect Slack Webhooks
2. Improved the artifactory password regex to catch passwords of
different lengths and rotated passwords (Third char increments after
user rotates password).

Restore slack token secret type

Author: adrianbn

detect_secrets/plugins/artifactory.py

@@ -11,7 +11,7 @@ class ArtifactoryDetector(RegexBasedDetector):
 
     denylist = [
         # artifactory tokens begin with AKC
-        re.compile(r'(?:\s|=|:|"|^)AKC\w{10,}'),    # api token
-        # artifactory encrypted passwords begin with AP6
-        re.compile(r'(?:\s|=|:|"|^)AP6\w{10,}'),    # password
+        re.compile(r'(?:\s|=|:|"|^)AKC[a-zA-Z0-9]{10,}'),    # api token
+        # artifactory encrypted passwords begin with AP[A-Z]
+        re.compile(r'(?:\s|=|:|"|^)AP[\dABCDEF][a-zA-Z0-9]{8,}'),    # password
     ]

detect_secrets/plugins/slack.py

@@ -13,5 +13,13 @@ class SlackDetector(RegexBasedDetector):
     secret_type = 'Slack Token'
 
     denylist = (
+        # Slack Token
         re.compile(r'xox(?:a|b|p|o|s|r)-(?:\d+-)+[a-z0-9]+', flags=re.IGNORECASE),
+        # Slack Webhooks
+        re.compile(
+            r"""
+            https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}
+            """,
+            flags=re.IGNORECASE | re.VERBOSE,
+        ),
     )

tests/plugins/artifactory_test.py

@@ -11,6 +11,11 @@ class TestArtifactoryDetector(object):
         'payload, should_flag',
         [
             ('AP6xxxxxxxxxx', True),
+            ('AP2xxxxxxxxxx', True),
+            ('AP3xxxxxxxxxx', True),
+            ('AP5xxxxxxxxxx', True),
+            ('APAxxxxxxxxxx', True),
+            ('APBxxxxxxxxxx', True),
             ('AKCxxxxxxxxxx', True),
             (' AP6xxxxxxxxxx', True),
             (' AKCxxxxxxxxxx', True),
@@ -28,7 +33,7 @@ class TestArtifactoryDetector(object):
             ('testAP6withinsomeirrelevantstring', False),
             ('X-JFrog-Art-Api: $API_KEY', False),
             ('X-JFrog-Art-Api: $PASSWORD', False),
-            ('artifactory:_password=AP6xxxxxxxx', False),
+            ('artifactory:_password=AP6xxxxxx', False),
             ('artifactory:_password=AKCxxxxxxxx', False),
         ],
     )

tests/plugins/slack_test.py

@@ -33,6 +33,9 @@ class TestSlackDetector(object):
             (
                 'xoxb-34532454-e039d02840a0b9379c'
             ),
+            (
+                'https://hooks.slack.com/services/Txxxxxxxx/Bxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx'
+            ),
         ],
     )
     def test_analyze(self, file_content):