Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Slack Plugin bug fixes #325

Merged
merged 3 commits into from
Aug 9, 2020
Merged

Slack Plugin bug fixes #325

merged 3 commits into from
Aug 9, 2020

Conversation

dryoni
Copy link
Contributor

@dryoni dryoni commented Aug 8, 2020

Fixed the slack webhooks regex to support longer urls which didn't match the existing one.
Also, added 'no_text' as a valid response.text. Without it some valid urls hasn't been marked as verified and didn't appear in the baseline at all

KevinHock
KevinHock approved these changes Aug 8, 2020
View reviewed changes
Copy link
Collaborator

@KevinHock KevinHock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm 🚢

Thanks Doctor Yoni!

KevinHock
KevinHock reviewed Aug 9, 2020
View reviewed changes
Copy link
Collaborator

@KevinHock KevinHock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you mind adding a test case to show what these URLs look like for posterity?

https://github.com/Yelp/detect-secrets/blob/master/tests/plugins/slack_test.py#L35

@dryoni
Copy link
Contributor Author

dryoni commented Aug 9, 2020

Example of a webhook url (which I disabled immediately after creating) : https://hooks.slack.com/services/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

The original regex failed because the second secret part of the URL (starting with B) has 10 characters after the B, and not 8.
The regex is specific enough as is to use the + sign and not limit to specific repetition count

@KevinHock KevinHock merged commit e65371f into Yelp:master Aug 9, 2020
killuazhu pushed a commit to IBM/detect-secrets that referenced this pull request Sep 17, 2020
@justineyster
Catch Slack webhook with 10 char (Yelp#325)
21fcdea 
We were getting report that slack custom application webhook will contain a different foramt
for webhooks. In particualar the B+8 chars could become B+10 chars format

User reprot https://ibm-cio-gi.slack.com/archives/CDMGJ9QG2/p1591018601323500?thread_ts=1590777088.301300&cid=CDMGJ9QG2

We also noticed the response error message is differnet, this commit tried to address that issue and allow us to catch webhook for custom Slack applications
jimmyhlee94 pushed a commit to jimmyhlee94/detect-secrets that referenced this pull request Aug 19, 2021
@justineyster
Catch Slack webhook with 10 char (Yelp#325)
b8203c8 
We were getting report that slack custom application webhook will contain a different foramt
for webhooks. In particualar the B+8 chars could become B+10 chars format

User reprot https://ibm-cio-gi.slack.com/archives/CDMGJ9QG2/p1591018601323500?thread_ts=1590777088.301300&cid=CDMGJ9QG2

We also noticed the response error message is differnet, this commit tried to address that issue and allow us to catch webhook for custom Slack applications
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KevinHock KevinHock KevinHock approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dryoni @KevinHock