Skip to content

Commit

Permalink
updated buildkite detectors (#3611)
Browse files Browse the repository at this point in the history
* updated buildkite detectors

* resolved comments

* added scoped in extradata
  • Loading branch information
kashifkhan0771 authored Nov 21, 2024
1 parent 75e43bd commit e494eaf
Show file tree
Hide file tree
Showing 7 changed files with 60 additions and 30 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,9 @@ package buildkite

import (
"context"
"encoding/json"
"fmt"
"io"
"net/http"
"strings"

Expand All @@ -15,6 +17,10 @@ import (

type Scanner struct{}

type APIResponse struct {
Scopes []string `json:"scopes"`
}

func (s Scanner) Version() int { return 1 }

// Ensure the Scanner satisfies the interface at compile time.
Expand Down Expand Up @@ -49,21 +55,15 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
s1 := detectors.Result{
DetectorType: detectorspb.DetectorType_Buildkite,
Raw: []byte(resMatch),
ExtraData: make(map[string]string),
}

if verify {
req, err := http.NewRequestWithContext(ctx, "GET", "https://api.buildkite.com/v2/access-token", nil)
if err != nil {
continue
}
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", resMatch))
res, err := client.Do(req)
if err == nil {
defer res.Body.Close()
if res.StatusCode >= 200 && res.StatusCode < 300 {
s1.Verified = true
}
}
extraData, isVerified, verificationErr := VerifyBuildKite(ctx, client, resMatch)
s1.Verified = isVerified
s1.SetVerificationError(verificationErr, resMatch)

s1.ExtraData = extraData
}

results = append(results, s1)
Expand All @@ -79,3 +79,42 @@ func (s Scanner) Type() detectorspb.DetectorType {
func (s Scanner) Description() string {
return "Buildkite is a platform for running fast, secure, and scalable continuous integration pipelines. Buildkite API tokens can be used to access and modify pipeline data and configurations."
}

func VerifyBuildKite(ctx context.Context, client *http.Client, secret string) (map[string]string, bool, error) {
// create a request
// api doc: https://buildkite.com/docs/apis/rest-api/access-token#get-the-current-token
req, err := http.NewRequestWithContext(ctx, "GET", "https://api.buildkite.com/v2/access-token", nil)
if err != nil {
return nil, false, err
}

// add authorization header
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", secret))

res, err := client.Do(req)
if err != nil {
return nil, false, err
}
defer func() {
_, _ = io.Copy(io.Discard, res.Body)
_ = res.Body.Close()
}()

switch res.StatusCode {
case http.StatusOK:
var response APIResponse

if err := json.NewDecoder(res.Body).Decode(&response); err != nil {
return nil, false, err
}

extraData := make(map[string]string)

extraData["scopes"] = strings.Join(response.Scopes, ", ")
return extraData, true, nil
case http.StatusUnauthorized:
return nil, false, nil
default:
return nil, false, fmt.Errorf("unexpected HTTP response status %d", res.StatusCode)
}
}
File renamed without changes.
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,13 @@ package buildkitev2

import (
"context"
"fmt"
"net/http"
"strings"

regexp "github.com/wasilibs/go-re2"

"github.com/trufflesecurity/trufflehog/v3/pkg/common"
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
v1 "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/buildkite/v1"
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
)

Expand Down Expand Up @@ -52,18 +51,10 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
}

if verify {
req, err := http.NewRequestWithContext(ctx, "GET", "https://api.buildkite.com/v2/access-token", nil)
if err != nil {
continue
}
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", resMatch))
res, err := client.Do(req)
if err == nil {
defer res.Body.Close()
if res.StatusCode >= 200 && res.StatusCode < 300 {
s1.Verified = true
}
}
extraData, isVerified, verificationErr := v1.VerifyBuildKite(ctx, client, resMatch)
s1.Verified = isVerified
s1.SetVerificationError(verificationErr, resMatch)
s1.ExtraData = extraData
}

results = append(results, s1)
Expand Down
File renamed without changes.
8 changes: 4 additions & 4 deletions pkg/engine/defaults/defaults.go
Original file line number Diff line number Diff line change
Expand Up @@ -109,8 +109,8 @@ import (
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors/budibase"
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors/bugherd"
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors/bugsnag"
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors/buildkite"
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors/buildkitev2"
buildKitev1 "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/buildkite/v1"
buildKitev2 "github.com/trufflesecurity/trufflehog/v3/pkg/detectors/buildkite/v2"
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors/bulbul"
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors/bulksms"
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors/buttercms"
Expand Down Expand Up @@ -934,8 +934,8 @@ func buildDetectorList() []detectors.Detector {
&budibase.Scanner{},
&bugherd.Scanner{},
&bugsnag.Scanner{},
&buildkite.Scanner{},
&buildkitev2.Scanner{},
&buildKitev1.Scanner{},
&buildKitev2.Scanner{},
&bulbul.Scanner{},
&bulksms.Scanner{},
&buttercms.Scanner{},
Expand Down

0 comments on commit e494eaf

Please sign in to comment.