github.com/google/osv-scalibr@v0.4.1/veles/secrets/azurestorageaccountaccesskey/detector.go

github.com/google/osv-scalibr@v0.4.1/veles/secrets/azurestorageaccountaccesskey/detector.go (about)

     1  // Copyright 2025 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package azurestorageaccountaccesskey
    16  
    17  import (
    18  	"regexp"
    19  
    20  	"github.com/google/osv-scalibr/veles"
    21  	"github.com/google/osv-scalibr/veles/secrets/common/simpletoken"
    22  )
    23  
    24  // Azure Storage Account Access Key maximum length is 88 chars.
    25  const maxTokenLength = 88
    26  
    27  // keyRe is a regular expression that matches an azure storage account access keys.
    28  // Azure Storage account access keys are made by:
    29  // - zero to one of the greater than symbol (>), apostrophe ('), equal sign (=), quotation mark ("), or number sign (#)
    30  // - a combination of 86 characters that are lower- or uppercase letters, digits, the forward slash (/), or plus sign (+)
    31  // - two equal signs (=)
    32  //
    33  // References:
    34  // - https://learn.microsoft.com/en-us/purview/sit-defn-azure-storage-account-key-generic
    35  var keyRe = regexp.MustCompile(`(?i)(?:(?:AZURE|ACCOUNT|STORAGE|ACCESS)[_.-]?){1,4}KEY.{0,5}?([>'=?#]?[A-Za-z0-9+\/]{86}==)`)
    36  
    37  // NewDetector returns a new simpletoken.Detector
    38  // that matches Azure Storage Account Access Key and returns the appropriate key type.
    39  func NewDetector() veles.Detector {
    40  	return simpletoken.Detector{
    41  		MaxLen: maxTokenLength,
    42  		Re:     keyRe,
    43  		FromMatch: func(b []byte) (veles.Secret, bool) {
    44  			// Extract the capture group (the actual key)
    45  			matches := keyRe.FindSubmatch(b)
    46  			// In the regex we have the following matches:
    47  			// 1st is the entire string
    48  			// 2nd is the key
    49  			if len(matches) != 2 {
    50  				return nil, false
    51  			}
    52  			return AzureStorageAccountAccessKey{Key: string(matches[1])}, true
    53  		},
    54  	}
    55  }