renamed ID, added test case

Issue: aquasecurity#5650
sourav977 · Dec 7, 2023 · d2b833c · d2b833c
1 parent 273271b
commit d2b833c
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 3 deletions.
diff --git a/pkg/fanal/secret/builtin-rules.go b/pkg/fanal/secret/builtin-rules.go
@@ -143,11 +143,11 @@ var builtinRules = []Rule{
 		Keywords: []string{"ghr_"},
 	},
 	{
-		ID:       "github_pat",
+		ID:       "github-fine-grained-pat",
 		Category: CategoryGitHub,
-		Title:    "GitHub Fine-grained personal access tokens",
+		Title:    "GitHub Personal Access Token (classic)",
 		Severity: "CRITICAL",
-		Regex:    MustCompile(`^github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59}$`),
+		Regex:    MustCompile(`github_pat_[a-zA-Z0-9]{22}_[a-zA-Z0-9]{59}`),
 		Keywords: []string{"github_pat_"},
 	},
 	{

diff --git a/pkg/fanal/secret/scanner_test.go b/pkg/fanal/secret/scanner_test.go
@@ -297,6 +297,27 @@ func TestSecretScanner(t *testing.T) {
 			},
 		},
 	}
+	wantFindingGitHubPAT := types.SecretFinding{
+		RuleID:    "github-fine-grained-pat",
+		Category:  secret.CategoryGitHub,
+		Title:     "GitHub Personal Access Token (classic)",
+		Severity:  "CRITICAL",
+		StartLine: 1,
+		EndLine:   1,
+		Match:     "GITHUB_TOKEN=*********************************************************************************************\nGITHUB_PAT=********",
+		Code: types.Code{
+			Lines: []types.Line{
+				{
+					Number:      1,
+					Content:     "GITHUB_TOKEN=*********************************************************************************************",
+					Highlighted: "GITHUB_TOKEN=*********************************************************************************************",
+					IsCause:     true,
+					FirstCause:  true,
+					LastCause:   true,
+				},
+			},
+		},
+	}
 	wantFindingGHButDisableAWS := types.SecretFinding{
 		RuleID:    "github-pat",
 		Category:  secret.CategoryGitHub,
@@ -721,6 +742,15 @@ func TestSecretScanner(t *testing.T) {
 				Findings: []types.SecretFinding{wantFinding5a, wantFinding6},
 			},
 		},
+		{
+			name:          "should find GitHub Personal Access Token (classic)",
+			configPath:    filepath.Join("testdata", "skip-test.yaml"),
+			inputFilePath: "testdata/github-token.txt",
+			want: types.Secret{
+				FilePath: "testdata/github-token.txt",
+				Findings: []types.SecretFinding{wantFindingGitHubPAT},
+			},
+		},
 		{
 			name:          "should enable github-pat builtin rule, but disable aws-access-key-id rule",
 			configPath:    filepath.Join("testdata", "config-enable-ghp.yaml"),

diff --git a/pkg/fanal/secret/testdata/github-token.txt b/pkg/fanal/secret/testdata/github-token.txt
@@ -0,0 +1 @@
+GITHUB_TOKEN=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