↪️Merge pull request #463 from ninoseki/add-plugin-for-sendgrid

Add a plugin for SendGrid

Author: KevinHock

detect_secrets/plugins/sendgrid.py

@@ -0,0 +1,17 @@
+"""
+This plugin searches for SendGrid API keys
+"""
+import re
+
+from detect_secrets.plugins.base import RegexBasedDetector
+
+
+class SendGridDetector(RegexBasedDetector):
+    """Scans for SendGrid API keys."""
+    secret_type = 'SendGrid API key'
+
+    denylist = [
+        # SendGrid API key
+        # ref. https://d2w67tjf43xwdp.cloudfront.net/Classroom/Basics/API/what_is_my_api_key.html
+        re.compile(r'SG\.[a-zA-Z0-9_-]{22}\.[a-zA-Z0-9_-]{43}'),
+    ]

tests/plugins/sendgrid_test.py

@@ -0,0 +1,20 @@
+import pytest
+
+from detect_secrets.plugins.sendgrid import SendGridDetector
+
+
+class TestSendGridDetector:
+
+    @pytest.mark.parametrize(
+        'payload, should_flag',
+        [
+            ('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', True),
+            ('SG.ngeVfQFYQlKU0ufo8x5d1A..TwL2iGABf9DHoTf-09kqeF8tAmbihYzrnopKc-1s5cr', False),
+            ('AG.ngeVfQFYQlKU0ufo8x5d1A.TwL2iGABf9DHoTf-09kqeF8tAmbihYzrnopKc-1s5cr', False),
+            ('foo', False),
+        ],
+    )
+    def test_analyze(self, payload, should_flag):
+        logic = SendGridDetector()
+        output = logic.analyze_line(filename='mock_filename', line=payload)
+        assert len(output) == int(should_flag)