Add Veles secret detector and validator for Replicate API tokens#2216
Open
cherry-bisht wants to merge 1 commit into
Open
Add Veles secret detector and validator for Replicate API tokens#2216cherry-bisht wants to merge 1 commit into
cherry-bisht wants to merge 1 commit into
Conversation
Adds a new secret-scanning plugin for Replicate API tokens (prefix `r8_` followed by 37 characters from [A-Za-z0-9_-]). The detector uses the shared simpletoken helper; the validator confirms liveness via a GET request to the Replicate account endpoint (https://api.replicate.com/v1/account) with the token in the Authorization header using the "Token" scheme: HTTP 200 -> valid, 401 -> invalid. - New package veles/secrets/replicateapitoken: Secret type, detector, validator, and detector/validator unit tests (including an acceptance test). - Proto: new SecretData.ReplicateAPIToken message and replicate_api_token oneof field, with conversions in binary/proto/secret.go. - Registers the detector and validator in the extractor and enricher lists. - Documents the new type in docs/supported_inventory_types.md.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a new Veles secret-scanning plugin for Replicate API tokens (prefix
r8_followed by 37 characters from[A-Za-z0-9_-]).veles/secrets/replicateapitoken): uses the sharedsimpletokenhelper to matchr8_[A-Za-z0-9_-]{37}.GET https://api.replicate.com/v1/accountwith the token in the
Authorizationheader using Replicate'sTokenscheme (not
Bearer) — HTTP 200 → valid, 401 → invalid.Changes
veles/secrets/replicateapitoken(Secret type, detector,validator) with detector and validator unit tests, including an acceptance
test and a case covering
-/_in the token body.binary/proto/scan_result.proto: newSecretData.ReplicateAPITokenmessageand
replicate_api_tokenoneof field; regeneratedscan_result.pb.go.binary/proto/secret.go: proto ↔ struct conversions for the new type.list.gofiles.docs/supported_inventory_types.md.Testing
go build ./...,go vet,gofmtclean.go test ./veles/secrets/replicateapitoken/... ./binary/proto/...and thelist packages — all pass.
scalibrCLI against a file containing asample token: detection produces
SecretData.replicate_api_token, and thevalidator correctly reaches
api.replicate.comand classifies the token.