From 6c517465aa4c3f034a2f16460e4e3ea6508692a2 Mon Sep 17 00:00:00 2001
From: Sambit Chakraborty <smbtchakraborty@gmail.com>
Date: Sat, 7 Sep 2024 21:50:03 +0530
Subject: [PATCH] Add: Shopify, Sidekiq

---
 packages/secret-scan/src/denylist.ts         | 25 +++++++--
 packages/secret-scan/src/rules/index.ts      |  6 ++-
 packages/secret-scan/src/rules/shopify.ts    | 55 ++++++++++++++++++++
 packages/secret-scan/src/rules/sidekiq.ts    | 33 ++++++++++++
 packages/secret-scan/src/test/secret.test.ts | 10 +++-
 5 files changed, 124 insertions(+), 5 deletions(-)
 create mode 100644 packages/secret-scan/src/rules/shopify.ts
 create mode 100644 packages/secret-scan/src/rules/sidekiq.ts

diff --git a/packages/secret-scan/src/denylist.ts b/packages/secret-scan/src/denylist.ts
index c5639645..758536f6 100644
--- a/packages/secret-scan/src/denylist.ts
+++ b/packages/secret-scan/src/denylist.ts
@@ -38,7 +38,10 @@ import {
   square_OAuth,
   stripe,
   telegram_token,
-  twilio, dropbox, duffel, dynatrace,
+  twilio,
+  dropbox,
+  duffel,
+  dynatrace,
   easypost,
   facebook,
   flutterwave,
@@ -53,7 +56,19 @@ import {
   infracost,
   intra42,
   // kubernetes,
-  linear, lob, planetscale, postman, prefect, pulumi, readme, rubygems, scalingo, sendinblue, shippo
+  linear,
+  lob,
+  planetscale,
+  postman,
+  prefect,
+  pulumi,
+  readme,
+  rubygems,
+  scalingo,
+  sendinblue,
+  shippo,
+  shopify,
+  sidekiq
 } from '@/rules'
 
 const denylist: SecretConfig = {
@@ -190,7 +205,11 @@ const denylist: SecretConfig = {
 
   sendinblue: sendinblue(),
 
-  shippo: shippo()
+  shippo: shippo(),
+
+  shopify: shopify(),
+
+  sidekiq: sidekiq()
 }
 
 export default denylist
diff --git a/packages/secret-scan/src/rules/index.ts b/packages/secret-scan/src/rules/index.ts
index cb681f09..d3481091 100644
--- a/packages/secret-scan/src/rules/index.ts
+++ b/packages/secret-scan/src/rules/index.ts
@@ -65,6 +65,8 @@ import rubygems from './rubygems'
 import scalingo from './scalingo'
 import sendinblue from './sendinblue'
 import shippo from './shippo'
+import shopify from './shopify'
+import sidekiq from './sidekiq'
 
 export {
   private_key,
@@ -133,5 +135,7 @@ export {
   rubygems,
   scalingo,
   sendinblue,
-  shippo
+  shippo,
+  shopify,
+  sidekiq
 }
diff --git a/packages/secret-scan/src/rules/shopify.ts b/packages/secret-scan/src/rules/shopify.ts
new file mode 100644
index 00000000..d98a44fe
--- /dev/null
+++ b/packages/secret-scan/src/rules/shopify.ts
@@ -0,0 +1,55 @@
+// keyshade-ignore-all
+import type { TestCase }from '@/types'
+
+export default function shopify(): RegExp[] {
+	return [
+		// Shopify Shared Secret regex
+		/shpss_[a-fA-F0-9]{32}/,
+
+		// Shopify Access Token Regex
+		/shpat_[a-fA-F0-9]{32}/,
+
+		// Shopify Custom Access Token Regex
+		/shpca_[a-fA-F0-9]{32}/,
+
+		// Shopify Private App Access Token
+		/shppa_[a-fA-F0-9]{32}/
+	]
+}
+
+const testcase: TestCase[] = [
+	{
+		input: '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',
+		expected: true
+	},
+	{
+		input: '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',
+		expected: true
+	},
+	{
+		input: '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',
+		expected: true
+	},
+	{
+		input: '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',
+		expected: true
+	},
+	{
+		input: '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',
+		expected: true
+	},
+	{
+		input: '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',
+		expected: true
+	},
+	{
+		input: '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',
+		expected: true
+	},
+	{
+		input: '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',
+		expected: true
+	}
+]
+
+shopify.testcases = testcase
\ No newline at end of file
diff --git a/packages/secret-scan/src/rules/sidekiq.ts b/packages/secret-scan/src/rules/sidekiq.ts
new file mode 100644
index 00000000..400d42b9
--- /dev/null
+++ b/packages/secret-scan/src/rules/sidekiq.ts
@@ -0,0 +1,33 @@
+// keyshade-ignore-all
+import type { TestCase }from '@/types'
+
+export default function sidekiq(): RegExp[] {
+	return [
+		// Sidekiq Secret regex
+		/BUNDLE_ENTERPRISE__CONTRIBSYS__COM|BUNDLE_GEMS__CONTRIBSYS__COM( = |=)[^\n]*[a-f0-9]{8}:[a-f0-9]{8}/,
+
+		// Sidekiq Sensitive URL Regex
+		/\bhttps?:\/\/([a-f0-9]{8}:[a-f0-9]{8})@(gems\.contribsys\.com|enterprise\.contribsys\.com)(?:[\/|#|?|:]|$)/i
+	]
+}
+
+const testcase: TestCase[] = [
+	{
+		input: 'BUNDLE_GEMS__CONTRIBSYS__COM=UBrkb/_"6,a,:,xH:}L02N[LFDkqM9+rLk.q~X%+\'zZP>vku<0eaYlV9Uj+YGh]; y%fiMj9j0ba92c069:de1f9899',
+		expected: true
+	},
+	{
+		input: 'BUNDLE_ENTERPRISE__CONTRIBSYS__COM',
+		expected: true
+	},
+	{
+		input: 'http://f85e09bd:a0fd7dff@enterprise.contribsys.com/',
+		expected: true
+	},
+	{
+		input: 'http://70310b59:ad696f7f@gems.contribsys.com',
+		expected: true
+	}
+]
+
+sidekiq.testcases = testcase
\ No newline at end of file
diff --git a/packages/secret-scan/src/test/secret.test.ts b/packages/secret-scan/src/test/secret.test.ts
index 0fd89686..0787346e 100644
--- a/packages/secret-scan/src/test/secret.test.ts
+++ b/packages/secret-scan/src/test/secret.test.ts
@@ -67,7 +67,9 @@ import {
   rubygems,
   scalingo,
   sendinblue,
-  shippo
+  shippo,
+  shopify,
+  sidekiq
 } from '@/rules'
 import type { TestCase } from '@/types'
 import secretDetector from '@/index'
@@ -306,4 +308,10 @@ describe('Detect Secrets from string', () => {
   it(testcaseTitleTemplate('Shippo Key'), () => {
     testSecret(shippo.testcases)
   });
+  it(testcaseTitleTemplate('Shopify Key'), () => {
+    testSecret(shopify.testcases)
+  });
+  it(testcaseTitleTemplate('Sidekiq Key'), () => {
+    testSecret(sidekiq.testcases)
+  });
 })