Add regex to detect test.pypi.org tokens

Yelp · May 2, 2024 · 8eebb5c · 8eebb5c
1 parent b05cecc
commit 8eebb5c
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/detect_secrets/plugins/pypi_token.py b/detect_secrets/plugins/pypi_token.py
@@ -12,5 +12,9 @@ class PypiTokenDetector(RegexBasedDetector):
 
     denylist = [
         # refs https://warehouse.pypa.io/development/token-scanning.html
+        # pypi.org token
         re.compile(r'pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{70,}'),
+
+        # test.pypi.org token
+        re.compile(r'pypi-AgENdGVzdC5weXBpLm9yZw[A-Za-z0-9-_]{70,}'),
     ]
diff --git a/tests/plugins/pypi_token_test.py b/tests/plugins/pypi_token_test.py
@@ -12,6 +12,10 @@ class TestPypiTokenDetector:
                 # pragma: allowlist nextline secret
                 'pypi-AgEIcHlwaS5vcmcCJDU3OTM1MjliLWIyYTYtNDEwOC05NzRkLTM0MjNiNmEwNWIzYgACF1sxLFsitesttestbWluaW1hbC1wcm9qZWN0Il1dAAIsWzIsWyJjYWY4OTAwZi0xNDMwLTRiYQstYmFmMi1mMDE3OGIyNWZhNTkiXV0AAAYgh2UINPjWBDwT0r3tQ1o5oZyswcjN0-IluP6z34SX3KM', True,  # noqa: E501
             ),
+            (
+                # pragma: allowlist nextline secret
+                'pypi-AgENdGVzdC5weXBpLm9yZwIkN2YxOWZhOWEtY2FjYS00MGZhLTj2MGEtODFjMnE2MjdmMzY0AAIqWzMsImJlM2FiOWI5LTRmYUTnNEg4ZS04Mjk0LWFlY2Y2NWYzNGYzNyJdAAAGIMb5Hb8nVvhcAizcVVzA-bKKnwN7Pe0RmgPRCvrPwyJf', True,  # noqa: E501
+            ),
             (
                 # pragma: allowlist nextline secret
                 'pypi-AgEIcHlwaS5vcmcCJDU3OTM1MjliLWIyYTYtNDEwOC05NzRkLTM0MjNiNmEwNWIzYgACF1sxLFsibWluaW1h', False,  # noqa: E501