Add Stripe detector to plugins

[dgzlopes]

Signed-off-by: Daniel González Lopes [email protected]
From paper cited on #159. Supports both standard and restricted keys.

[KevinHock]

LGTM 🚢
Thanks for making this!

[KevinHock]

This looks good to me from reading online [1][2][3].

Hi @andrew-d @richo, can you confirm this is accurate?

[richo]

I left Stripe in December, so feel free to ignore me ;)

This is accurate in the abstract, depending on what your goals here are (find exploitable credentials vs detect organisational deviation from best practice) you plausibly want to look for sk_test and rk_test as well though. And while I'm opining and since my opinions can no longer be pinned on Stripe, I'm still 100% willing to die on the hill of prefering denylist/allowlist over blacklist/whitelist. lmk if you'd be interested in a PR for that :)

[KevinHock]

Thanks for the info, that's a great point! I'd happily accept a PR for that 👍

[richo]

Thanks! I'll put something together.

…

On Mon, May 13, 2019 at 3:03 PM KevinHock ***@***.***> wrote: ***@***.**** commented on this pull request. ------------------------------ In detect_secrets/plugins/stripe.py <#169 (comment)>: > +""" +This plugin searches for Stripe keys +""" +from __future__ import absolute_import + +import re + +from .base import RegexBasedDetector + + +class StripeDetector(RegexBasedDetector): + + secret_type = 'Stripe Access Key' + + blacklist = ( + # stripe standard keys begin with sk_live and restricted with rk_live Thanks for the info, that's a great point! I'd happily accept a PR for that 👍 — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#169?email_source=notifications&email_token=AADUKAUWX3K5OHQFU6SSOZTPVHQRPA5CNFSM4HMBND32YY3PNVWWK3TUL52HS4DFWFIHK3DMKJSXC5LFON2FEZLWNFSXPKTDN5WW2ZLOORPWSZGOBYPXF2I#discussion_r283555966>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AADUKAWBILET43WY5Y6IVWDPVHQRPANCNFSM4HMBND3Q> .