Merge pull request #78 from Skyscanner/ghtokens

Add detection for new Github personal access token format

tests/fixtures/gitkeys.yml

@@ -0,0 +1,5 @@
+compliant:
+  name: GHP_THISISASTRINGTHATHASTHESAMELENASTOKE
+
+noncompliant:
+  name: ghp_fK8UXjzPM1Lzf356hwgGym4JAfnHARDcoded

tests/unit/test_cli.py

@@ -62,7 +62,7 @@ def test_cli_info():
     with patch("sys.stdout", mock_print):
         cli_info()
         result = mock_print.getvalue()
-        assert "available rules" in result
+        assert "available rule IDs" in result
         for rule_id in WhisperRules().rules.keys():
             assert rule_id in result
 

tests/unit/test_secrets.py

@@ -92,6 +92,7 @@ def test_detection_by_key(src, expected):
         ("java.properties", 3),
         ("webhooks.yml", 3),
         ("creditcards.yml", 3),
+        ("gitkeys.yml", 1),
     ],
 )
 def test_detection_by_value(src, count):

whispers/__version__.py

@@ -1,3 +1,3 @@
-VERSION = (1, 5, 1)
+VERSION = (1, 5, 2)
 
 __version__ = ".".join(map(str, VERSION))

whispers/cli.py

@@ -69,7 +69,7 @@ def cli_info():
     rule_ids = list(WhisperRules().rules.keys())
     rule_ids.sort()
     cli_parser().print_help()
-    print("\navailable rules:")
+    print("\navailable rule IDs:")
     for rule_id in rule_ids:
         print(f"  {rule_id}")
 

whispers/rules/gitkeys.yml

@@ -0,0 +1,7 @@
+github:
+  description: Github personal access token
+  message: Github token
+  severity: CRITICAL
+  value:
+    regex: ^ghp_[a-zA-Z0-9]{36}$
+    ignorecase: False