| 5 | ) |
| 6 | |
| 7 | func githubKeyMatcher() SecretMatcher { |
| 8 | githubKey := regexp.MustCompile("([a-zA-Z0-9_-]{2,}:)?ghp_[a-zA-Z0-9]{30,}") |
| 9 | |
| 10 | return SecretMatcher{"(string) @matches", func(n *Node) *Secret { |
| 11 | str := n.RawString() |
| 12 | |
| 13 | if !githubKey.MatchString(str) { |
| 14 | return nil |
| 15 | } |
| 16 | |
| 17 | data := map[string]string{ |
| 18 | "key": str, |
| 19 | } |
| 20 | |
| 21 | match := &Secret{ |
| 22 | Kind: "githubKey", |
| 23 | Severity: SeverityLow, |
| 24 | Data: data, |
| 25 | } |
| 26 | |
| 27 | // If the key is in an object we want to include that whole object as context |
| 28 | parent := n.Parent() |
| 29 | if parent == nil || parent.Type() != "pair" { |
| 30 | return match |
| 31 | } |
| 32 | |
| 33 | grandparent := parent.Parent() |
| 34 | if grandparent == nil || grandparent.Type() != "object" { |
| 35 | return match |
| 36 | } |
| 37 | |
| 38 | match.Context = grandparent.AsObject().AsMap() |
| 39 | |
| 40 | return match |
| 41 | }} |
| 42 | } |