Skip to content

[Detector] rippling detector for phrase api tokens #4348

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

[Detector] rippling detector for phrase api tokens #4348

wants to merge 7 commits into from
+416 −7

Conversation

SyedAliHamad
Copy link
Contributor

@SyedAliHamad SyedAliHamad commented Jul 28, 2025
edited
Loading

Description:

This PR adds a Detector for phase OAuth API token.

Checklist:

  • Tests passing (make test-community)?
  • Lint passing (make lint this requires golangci-lint)?

@SyedAliHamad
Copy link
Contributor Author

SyedAliHamad commented Jul 28, 2025
edited
Loading

This PR introduces a new detector for Phrase Access Tokens.

Detection Strategy:

  • Keyword Filtering: Efficiently scans for "phrase" keywords to identify relevant data chunks
  • Pattern Matching: Uses regex to find 64-character hexadecimal tokens, typically prefixed with "phrase"
  • Deduplication: Ensures each unique token is tested only once to prevent redundant API calls

Verification:
Live API Testing: Validates tokens against Phrase's /v2/projects endpoint. Uses the required Authorization: token header format

Response Handling:
200 OK: Token is valid and active
401/403: Token is invalid or expired
Other statuses: Reported as verification errors

Testing:
Includes comprehensive tests covering pattern matching, live API verification with both active and inactive tokens and edge cases.

@SyedAliHamad SyedAliHamad marked this pull request as ready for review July 28, 2025 15:09
@SyedAliHamad SyedAliHamad requested review from a team as code owners July 28, 2025 15:09
amanfcp
amanfcp requested changes Jul 29, 2025
View reviewed changes
@amanfcp amanfcp changed the title Oss 264 rippling detector for phrase api tokens [Detector] rippling detector for phrase api tokens Jul 29, 2025
@shahzadhaider1
Copy link
Contributor

I can't see pkg/engine/defaults/defaults.go being updated in this PR. Why is that?
Also, please resolve the conflicts.

@AKadisak1313
Copy link

You currently have no open pull requests authored by you (AKadisak1313) on GitHub. If you need help finding closed PRs or have other requests, let me know!

@SyedAliHamad SyedAliHamad requested a review from amanfcp August 1, 2025 18:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@amanfcp amanfcp Awaiting requested review from amanfcp

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@SyedAliHamad @shahzadhaider1 @AKadisak1313 @amanfcp