Add Review Board's new API tokens format to secret scanning.

Review Request #12651 — Created Sept. 28, 2022 and submitted

Information

ReviewBot
release-3.x

Reviewers

This allows Review Bot's secret scanner to identify Review Board's API tokens,
which were recently updated to follow a new rbp_[A-Za-z0-9]{251} format.

This change also updates the secret scanner unit tests to ensure that any
additional validation methods for validating the secrets are called when
they're supposed to be called. Further, the unit tests were updated to
ensure that checksums are taken into account for secrets that use checksums.

  • Manually tested making review requests that contained new API tokens
    and saw that secret scanning picked them up.
  • Ran and added unit tests to
    ./reviewbot/tools/tests/test_rbsecretscanner.py
Summary ID
Add new API tokens format to secret scanning.
315bc8c4130e1fed34844f761d7d05beef3af1db
Description From Last Updated

Since our tokens can be validated, we should add a validator (like the GitHub one) to avoid false-positives.

chipx86chipx86

djblets isn't a dependency for the bot, only for the extension. We should probably just duplicate the validation logic, since …

daviddavid

Just a note to update this timestamp when you're ready to land.

chipx86chipx86

We can just call checksum.swapcase() in the conditional, so we only do it if needed.

chipx86chipx86

Maybe we should say "Review Board 5+ API Tokens"

chipx86chipx86
maubin
chipx86
  1. 
      
  2. Show all issues

    Since our tokens can be validated, we should add a validator (like the GitHub one) to avoid false-positives.

  3. 
      
maubin
david
  1. 
      
  2. bot/reviewbot/tools/rbsecretscanner.py (Diff revision 3)
     
     
     
    Show all issues

    djblets isn't a dependency for the bot, only for the extension. We should probably just duplicate the validation logic, since it's pretty simple.

  3. 
      
maubin
chipx86
  1. 
      
  2. bot/reviewbot/tools/rbsecretscanner.py (Diff revision 4)
     
     
    Show all issues

    Just a note to update this timestamp when you're ready to land.

  3. bot/reviewbot/tools/rbsecretscanner.py (Diff revision 4)
     
     
    Show all issues

    We can just call checksum.swapcase() in the conditional, so we only do it if needed.

  4. Show all issues

    Maybe we should say "Review Board 5+ API Tokens"

  5. 
      
maubin
chipx86
  1. Ship It!
  2. 
      
maubin
maubin
Review request changed
Status:
Completed
Change Summary:
Pushed to release-3.x (9d5173e)