Slack token analyzer (#133)

* added slacktokenanalyzer and unit tests

* pylinted

* added it to the right place

* cleaning up a little
fixes #128

pastepwn/analyzers/__init__.py

@@ -28,6 +28,7 @@
 from .adobekeyanalyzer import AdobeKeyAnalyzer
 from .facebookaccesstokenanalyzer import FacebookAccessTokenAnalyzer
 from .base64analyzer import Base64Analyzer
+from .slacktokenanalyzer import SlackTokenAnalyzer
 from .mailchimpapikeyanalyzer import MailChimpApiKeyAnalyzer
 from .stripeapikeyanalyzer import StripeApiKeyAnalyzer
 from .awssecretkeyanalyzer import AWSSecretKeyAnalyzer
@@ -66,6 +67,7 @@
     'EmailPasswordPairAnalyzer',
     'FacebookAccessTokenAnalyzer',
     'Base64Analyzer',
+    'SlackTokenAnalyzer',
     'MailChimpApiKeyAnalyzer',
     'SlackWebhookAnalyzer',
     'MegaLinkAnalyzer',

pastepwn/analyzers/slacktokenanalyzer.py

@@ -0,0 +1,18 @@
+# -*- coding: utf-8 -*-
+from .regexanalyzer import RegexAnalyzer
+
+
+class SlackTokenAnalyzer(RegexAnalyzer):
+    """
+    Analyzer to match the content of a paste via regular expressions that look like slack tokens
+    """
+    name = "SlackTokenAnalyzer"
+
+    def __init__(self, actions):
+        """
+        Analyzer which matches a slack token
+        :param actions: A single action or a list of actions to be executed on every paste
+        """
+        regex = r'(xox[pboa]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})'
+        super().__init__(actions, regex)
+

pastepwn/analyzers/tests/slacktokenanalyzer_test.py

@@ -0,0 +1,56 @@
+# -*- coding: utf-8 -*-
+import unittest
+from unittest import mock
+
+from pastepwn.analyzers.slacktokenanalyzer import SlackTokenAnalyzer
+
+
+class TestSlackTokenAnalyzer(unittest.TestCase):
+    def setUp(self):
+        self.analyzer = SlackTokenAnalyzer(None)
+        self.paste = mock.Mock()
+
+    def test_match_positive(self):
+        """Test if positives are recognized"""
+        # slack key dump
+        self.paste.body = "xoxb-999999999999-999999999999-999999999999-9999999999999999999999999999999a"
+        self.assertTrue(self.analyzer.match(self.paste))
+
+        # slack key dump
+        self.paste.body = "xoxb-999999999999-999999999999-999999999999-99999999999999999999999999999999"
+        self.assertTrue(self.analyzer.match(self.paste))
+
+        # slack key dump
+        self.paste.body = "xoxp-999999999999-999999999999-999999999999-99999999999999999999999999999999"
+        self.assertTrue(self.analyzer.match(self.paste))
+
+        # slack key dump
+        self.paste.body = "xoxa-999999999999-999999999999-999999999999-99999999999999999999999999999999"
+        self.assertTrue(self.analyzer.match(self.paste))
+
+        # sentance segment slack key
+        self.paste.body = "my token is: xoxo-999999999999-999999999999-999999999999-99999999999999abc999999999999999"
+        self.assertTrue(self.analyzer.match(self.paste))
+
+    def test_match_negative(self):
+        """Test if negatives are not recognized"""
+        self.paste.body = ""
+        self.assertFalse(self.analyzer.match(self.paste))
+
+        self.paste.body = 'my bike isn\'t a number'
+        self.assertFalse(self.analyzer.match(self.paste))
+
+        # Invalid length
+        self.paste.body = "xoxa-999999999999-999999999999-99999999999-99999999999999999999999999999999"
+        self.assertFalse(self.analyzer.match(self.paste))
+
+        # Upper-case
+        self.paste.body = "my token is: xoxo-999999999999-999999999999-999999999999-99999999999999Abc999999999999999"
+        self.assertFalse(self.analyzer.match(self.paste))
+        # too short and Upper-case
+        self.paste.body = "my token is: xoxo-999999999999-999999999999-99999999999-99999999999999Abc999999999999999"
+        self.assertFalse(self.analyzer.match(self.paste))
+
+
+if __name__ == '__main__':
+    unittest.main()