From 1f2553382bf10184779ec5b38bf5dfaefed8e426 Mon Sep 17 00:00:00 2001
From: Chandra Prakash <chandra.pr.158@gmail.com>
Date: Mon, 29 Apr 2024 11:20:55 +0100
Subject: [PATCH] GH-768: Plugin to detect Telegram bot tokens

---
 README.md                                |  1 +
 detect_secrets/plugins/telegram_token.py | 31 ++++++++++++++++++++++++
 tests/plugins/telegram_token_test.py     | 22 +++++++++++++++++
 3 files changed, 54 insertions(+)
 create mode 100644 detect_secrets/plugins/telegram_token.py
 create mode 100644 tests/plugins/telegram_token_test.py

diff --git a/README.md b/README.md
index cf734df99..50327ed3f 100644
--- a/README.md
+++ b/README.md
@@ -113,6 +113,7 @@ SlackDetector
 SoftlayerDetector
 SquareOAuthDetector
 StripeDetector
+TelegramBotTokenDetector
 TwilioKeyDetector
 ```
 
diff --git a/detect_secrets/plugins/telegram_token.py b/detect_secrets/plugins/telegram_token.py
new file mode 100644
index 000000000..1054c64b0
--- /dev/null
+++ b/detect_secrets/plugins/telegram_token.py
@@ -0,0 +1,31 @@
+"""
+This plugin searches for Telegram bot tokens
+"""
+import re
+
+import requests
+
+from ..constants import VerifiedResult
+from detect_secrets.plugins.base import RegexBasedDetector
+
+
+class TelegramBotTokenDetector(RegexBasedDetector):
+    """Scans for Telegram bot tokens."""
+    secret_type = 'Telegram Bot Token'
+
+    denylist = [
+        # refs https://core.telegram.org/bots/api#authorizing-your-bot
+        re.compile(r'\d{8,10}:[0-9A-Za-z_-]{35}'),
+    ]
+
+    def verify(self, secret: str) -> VerifiedResult:  # pragma: no cover
+        response = requests.get(
+            'https://api.telegram.org/bot{}/getMe'.format(
+                secret,
+            ),
+        )
+        return (
+            VerifiedResult.VERIFIED_TRUE
+            if response.status_code == 200
+            else VerifiedResult.VERIFIED_FALSE
+        )
diff --git a/tests/plugins/telegram_token_test.py b/tests/plugins/telegram_token_test.py
new file mode 100644
index 000000000..74af380f9
--- /dev/null
+++ b/tests/plugins/telegram_token_test.py
@@ -0,0 +1,22 @@
+import pytest
+
+from detect_secrets.plugins.telegram_token import TelegramBotTokenDetector
+
+
+class TestTelegramTokenDetector:
+
+    @pytest.mark.parametrize(
+        'payload, should_flag',
+        [
+            ('bot110201543:AAHdqTcvCH1vGWJxfSe1ofSAs0K5PALDsaw', True),
+            ('110201543:AAHdqTcvCH1vGWJxfSe1ofSAs0K5PALDsaw', True),
+            ('7213808860:AAH1bjqpKKW3maRSPAxzIU-0v6xNuq2-NjM', True),
+            ('foo:AAH1bjqpKKW3maRSPAxzIU-0v6xNuq2-NjM', False),
+            ('foo', False),
+        ],
+    )
+    def test_analyze(self, payload, should_flag):
+        logic = TelegramBotTokenDetector()
+        output = logic.analyze_line(filename='mock_filename', line=payload)
+
+        assert len(output) == int(should_flag)