From 9cabbe078c16ce476400859ebbdf160c82f6ea80 Mon Sep 17 00:00:00 2001
From: Kevin Hock <khock@yelp.com>
Date: Fri, 20 Sep 2019 21:28:40 -0700
Subject: [PATCH] :tada: Add verification for Stripe secret API keys

---
 detect_secrets/plugins/stripe.py | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/detect_secrets/plugins/stripe.py b/detect_secrets/plugins/stripe.py
index 2c94420f2..8d9e0217e 100644
--- a/detect_secrets/plugins/stripe.py
+++ b/detect_secrets/plugins/stripe.py
@@ -4,8 +4,12 @@
 from __future__ import absolute_import
 
 import re
+from base64 import b64encode
+
+import requests
 
 from .base import RegexBasedDetector
+from detect_secrets.core.constants import VerifiedResult
 
 
 class StripeDetector(RegexBasedDetector):
@@ -16,3 +20,22 @@ class StripeDetector(RegexBasedDetector):
         # Stripe standard keys begin with sk_live and restricted with rk_live
         re.compile(r'(?:r|s)k_live_[0-9a-zA-Z]{24}'),
     )
+
+    def verify(self, token, **kwargs):  # pragma: no cover
+        response = requests.get(
+            'https://api.stripe.com/v1/charges',
+            headers={
+                'Authorization': b'Basic ' + b64encode(
+                    '{}:'.format(token).encode('utf-8'),
+                ),
+            },
+        )
+
+        if response.status_code == 200:
+            return VerifiedResult.VERIFIED_TRUE
+
+        # Restricted keys may be limited to certain endpoints
+        if token.startswith('rk_live'):
+            return VerifiedResult.UNVERIFIED
+
+        return VerifiedResult.VERIFIED_FALSE