github.com/google/osv-scalibr@v0.4.1/veles/secrets/slacktoken/detector.go

github.com/google/osv-scalibr@v0.4.1/veles/secrets/slacktoken/detector.go (about)

     1  // Copyright 2025 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Package slacktoken contains a Veles Secret type and a Detector for
    16  // Slack App Tokens including App Level Tokens (prefix `xapp-`),
    17  // App Configuration Access Tokens (prefix `xoxe.xoxp-`), and
    18  // App Configuration Refresh Tokens (prefix `xoxe-`).
    19  package slacktoken
    20  
    21  import (
    22  	"regexp"
    23  
    24  	"github.com/google/osv-scalibr/veles"
    25  	"github.com/google/osv-scalibr/veles/secrets/common/simpletoken"
    26  )
    27  
    28  var (
    29  	// Ensure constructors satisfy the interface at compile time.
    30  	_ veles.Detector = NewAppLevelTokenDetector()
    31  	_ veles.Detector = NewAppConfigAccessTokenDetector()
    32  	_ veles.Detector = NewAppConfigRefreshTokenDetector()
    33  )
    34  
    35  // App Level Token: prefix `xapp-` followed by digits (presumably with max 10 digits), a dash, an app ID,
    36  // a dash, and 64 hex characters.
    37  const appLevelTokenMaxLen = 106
    38  
    39  var appLevelTokenRe = regexp.MustCompile(`xapp-\d{1,10}-[A-Za-z0-9]{11}-[0-9]{13}-[a-fA-F0-9]{64}`)
    40  
    41  // App Configuration Access Token: prefix `xoxe.xoxp-` followed by digits (presumably with max 10 digits),
    42  // a dash, and 166 alphanumeric characters.
    43  const appConfigAccessTokenMaxLen = 187
    44  
    45  var appConfigAccessTokenRe = regexp.MustCompile(`xoxe\.xoxp-\d{1,10}-[a-zA-Z0-9]{166}`)
    46  
    47  // App Configuration Refresh Token: prefix `xoxe-` followed by digits (presumably with max 10 digits),
    48  // a dash, and 147 alphanumeric characters.
    49  const appConfigRefreshTokenMaxLen = 163
    50  
    51  var appConfigRefreshTokenRe = regexp.MustCompile(`xoxe-\d{1,10}-[a-zA-Z0-9]{147}`)
    52  
    53  // NewAppLevelTokenDetector returns a detector for Slack App Level Tokens (xapp-...).
    54  func NewAppLevelTokenDetector() veles.Detector {
    55  	return simpletoken.Detector{
    56  		MaxLen: appLevelTokenMaxLen,
    57  		Re:     appLevelTokenRe,
    58  		FromMatch: func(b []byte) (veles.Secret, bool) {
    59  			return SlackAppLevelToken{Token: string(b)}, true
    60  		},
    61  	}
    62  }
    63  
    64  // NewAppConfigAccessTokenDetector returns a detector for Slack App Configuration Access Tokens (xoxe.xoxp-...).
    65  func NewAppConfigAccessTokenDetector() veles.Detector {
    66  	return simpletoken.Detector{
    67  		MaxLen: appConfigAccessTokenMaxLen,
    68  		Re:     appConfigAccessTokenRe,
    69  		FromMatch: func(b []byte) (veles.Secret, bool) {
    70  			return SlackAppConfigAccessToken{Token: string(b)}, true
    71  		},
    72  	}
    73  }
    74  
    75  // NewAppConfigRefreshTokenDetector returns a detector for Slack App Configuration Refresh Tokens (xoxe-...).
    76  func NewAppConfigRefreshTokenDetector() veles.Detector {
    77  	return simpletoken.Detector{
    78  		MaxLen: appConfigRefreshTokenMaxLen,
    79  		Re:     appConfigRefreshTokenRe,
    80  		FromMatch: func(b []byte) (veles.Secret, bool) {
    81  			return SlackAppConfigRefreshToken{Token: string(b)}, true
    82  		},
    83  	}
    84  }