DeepSeek Secret Extractor Support #1473
Conversation
another-rex
left a comment
another-rex
left a comment
There was a problem hiding this comment.
LGTM, though I'll let @erikvarga take another look as he's more familiar. He should be back from holiday this week.
|
There are some conflicts with the proto file if you can regenerate before we merge that'll be great! |
|
Hi @wannabemrrobot , I'll take a deeper look in the coming days as I ramp up on PRP reviews again. One high-level comment in the meantime is that we've recently added a helper library for HTTP based validation. Can you see if you can switch your validator code to use the helper lib? I suspect it can be much shorter that way. See this example of another validator that migrated to the helper lib. |
|
Hi @erikvarga Thanks. |
|
Thanks @wannabemrrobot . I'll start going through the open PRP PR backlog today in chronological order so it might take a bit of time before I get to those two. Thanks for your patience in the meantime. |
| {anthropicapikey.NewDetector(), "secrets/anthropicapikey", 0}, | ||
| {azuretoken.NewDetector(), "secrets/azuretoken", 0}, | ||
| {azurestorageaccountaccesskey.NewDetector(), "secrets/azurestorageaccountaccesskey", 0}, | ||
| {deepseekapikey.NewDetector(), "secrets/deepseekapikey", 0}, |
There was a problem hiding this comment.
Also add the validator to enricher/list/list.go
There was a problem hiding this comment.
AFAICS this validator uses a constant dndpoint and headers and sets the body based on the key, then returns a validation status based on the response code.
You can use the simplevalidate library for this simply by setting its Endpoint, Body, HTTPHeaders functions and Vlid/InvalidResponseCodes list accordingly.
Here's an example:
3 participants
Added DeepSeek API Key Secret Extractor
Adds detection and validation for DeepSeek API keys (format: sk-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx) to OSV-Scalibr's secret scanning.
What's included:
Detection: Finds DeepSeek API keys using regex pattern matching
Validation: Checks if found keys are actually valid by testing them against DeepSeek's API
Integration: Works with existing OSV-Scalibr scanning workflows
Files changed:
Added new secret extractor in /veles/secrets/deepseekapikey/
Updated protocol buffers and plugin registration
Comprehensive tests with mock API validation
Testing: