detect-secrets/detect_secrets/plugins/softlayer.py at master · IBM/detect-secrets · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
import re

import requests

from .base import RegexBasedDetector
from detect_secrets.core.constants import VerifiedResult


class SoftlayerDetector(RegexBasedDetector):
    """ Scans for SoftLayer Credentials """

    secret_type = 'SoftLayer Credentials'

    # opt means optional
    sl = r'(?:softlayer|sl|)(?:_|-|)(?:api|)'
    key_or_pass = r'(?:key|pwd|password|pass|token|creds|credentials|cred|auth)'
    secret = r'([a-z0-9]{64})'
    denylist = [
        RegexBasedDetector.assign_regex_generator(
            prefix_regex=sl,
            password_keyword_regex=key_or_pass,
            password_regex=secret,
        ),

        re.compile(
            r'(?:http|https)://api.softlayer.com/soap/(?:v3|v3.1)/([a-z0-9]{64})',
            flags=re.IGNORECASE,
        ),
    ]

    def verify(self, token, content, potential_secret=None):
        usernames = find_username(content)
        if not usernames:
            return VerifiedResult.UNVERIFIED

        for username in usernames:
            return verify_softlayer_key(username, token, potential_secret)

        return VerifiedResult.VERIFIED_FALSE


def find_username(content):
    # opt means optional
    username_keyword = r'(?:username|id|user|userid|user-id|user-name|' + \
        r'name|user_id|user_name|uname)'
    username = r'(\w(?:\w|_|@|\.|-)+)'
    regex = re.compile(
        RegexBasedDetector.assign_regex_generator(
            prefix_regex=SoftlayerDetector.sl,
            password_keyword_regex=username_keyword,
            password_regex=username,
        ),
    )

    return [
        match
        for line in content.splitlines()
        for match in regex.findall(line)
    ]


def verify_softlayer_key(username, token, potential_secret=None):
    try:
        headers = {'Content-type': 'application/json'}
        response = requests.get(
            'https://api.softlayer.com/rest/v3/SoftLayer_Account.json',
            auth=(username, token), headers=headers,
        )

        if response.status_code == 200:
            if potential_secret:
                potential_secret.other_factors['username'] = username
            return VerifiedResult.VERIFIED_TRUE
        else:
            return VerifiedResult.VERIFIED_FALSE
    except requests.exceptions.RequestException:
        return VerifiedResult.UNVERIFIED