github.com/google/osv-scalibr@v0.4.1/veles/secrets/github/app_u2s_detector.go

github.com/google/osv-scalibr@v0.4.1/veles/secrets/github/app_u2s_detector.go (about)

     1  // Copyright 2025 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package github
    16  
    17  import (
    18  	"regexp"
    19  
    20  	"github.com/google/osv-scalibr/veles"
    21  	"github.com/google/osv-scalibr/veles/secrets/common/simpletoken"
    22  	checksum "github.com/google/osv-scalibr/veles/secrets/github/checksum"
    23  )
    24  
    25  const u2sTokenMaxLen = 40
    26  
    27  var u2sTokenPattern = regexp.MustCompile(`ghu_[A-Za-z0-9]{36}`)
    28  
    29  // NewAppU2SDetector returns a new Veles Detector that finds Github app user to server tokens
    30  func NewAppU2SDetector() veles.Detector {
    31  	return simpletoken.Detector{
    32  		MaxLen: u2sTokenMaxLen,
    33  		Re:     u2sTokenPattern,
    34  		FromMatch: func(match []byte) (veles.Secret, bool) {
    35  			if !checksum.Validate(match) {
    36  				return nil, false
    37  			}
    38  			return AppUserToServerToken{Token: string(match)}, true
    39  		},
    40  	}
    41  }