Merge branch 'main' into feature/analyzer/added-figma-pat-analyzer

kashifkhan0771 · web-flow · commit 08bbc13acfbc · 2025-03-14T14:46:15.000+05:00
diff --git a/go.mod b/go.mod
@@ -29,6 +29,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/config v1.29.6
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.59
 	github.com/aws/aws-sdk-go-v2/service/sns v1.33.19
+	github.com/aws/aws-sdk-go-v2/service/sts v1.33.14
 	github.com/aymanbagabas/go-osc52 v1.2.1
 	github.com/bill-rich/go-syslog v0.0.0-20220413021637-49edb52a574c
 	github.com/bitfinexcom/bitfinex-api-go v0.0.0-20210608095005-9e0b26f200fb
@@ -107,11 +108,12 @@ require (
 	go.uber.org/automaxprocs v1.6.0
 	go.uber.org/mock v0.5.0
 	go.uber.org/zap v1.27.0
-	golang.org/x/crypto v0.32.0
-	golang.org/x/net v0.34.0
+	golang.org/x/crypto v0.35.0
+	golang.org/x/net v0.36.0
 	golang.org/x/oauth2 v0.25.0
 	golang.org/x/sync v0.11.0
 	golang.org/x/text v0.22.0
+	golang.org/x/time v0.8.0
 	google.golang.org/api v0.214.0
 	google.golang.org/protobuf v1.36.5
 	gopkg.in/h2non/gock.v1 v1.1.2
@@ -160,7 +162,6 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.13 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.24.15 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.14 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.33.14 // indirect
 	github.com/aws/smithy-go v1.22.2 // indirect
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 	github.com/aymerick/douceur v0.2.0 // indirect
@@ -324,7 +325,6 @@ require (
 	golang.org/x/mod v0.22.0 // indirect
 	golang.org/x/sys v0.30.0 // indirect
 	golang.org/x/term v0.29.0 // indirect
-	golang.org/x/time v0.8.0 // indirect
 	golang.org/x/tools v0.29.0 // indirect
 	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
 	google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect
diff --git a/go.sum b/go.sum
@@ -877,6 +877,8 @@ golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
 golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
 golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
+golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
+golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -944,6 +946,8 @@ golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
 golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
 golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
+golang.org/x/net v0.36.0 h1:vWF2fRbw4qslQsQzgFqZff+BItCvGFQqKzKIzx1rmoA=
+golang.org/x/net v0.36.0/go.mod h1:bFmbeoIPfrw4sMHNhb4J9f6+tPziuGjq7Jk/38fxi1I=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
diff --git a/pkg/analyzer/analyzers/anthropic/anthropic.go b/pkg/analyzer/analyzers/anthropic/anthropic.go
@@ -4,6 +4,7 @@ package anthropic
 import (
 	"errors"
 	"os"
+	"strings"
 
 	"github.com/fatih/color"
 	"github.com/jedib0t/go-pretty/v6/table"
@@ -17,7 +18,8 @@ var _ analyzers.Analyzer = (*Analyzer)(nil)
 
 const (
 	// Key Types
-	APIKey = "API-Key"
+	APIKey   = "API-Key"
+	AdminKey = "Admin-Key"
 )
 
 type Analyzer struct {
@@ -28,7 +30,6 @@ type Analyzer struct {
 type SecretInfo struct {
 	Valid              bool
 	Type               string // key type - TODO: Handle Anthropic Admin Keys
-	Reference          string
 	AnthropicResources []AnthropicResource
 	Permissions        string // always full_access
 	Misc               map[string]string
@@ -39,6 +40,7 @@ type AnthropicResource struct {
 	ID       string
 	Name     string
 	Type     string
+	Parent   *AnthropicResource
 	Metadata map[string]string
 }
 
@@ -73,7 +75,7 @@ func AnalyzeAndPrintPermissions(cfg *config.Config, key string) {
 	}
 
 	if info.Valid {
-		color.Green("[!] Valid Anthropic API key\n\n")
+		color.Green("[!] Valid Anthropic %s\n\n", info.Type)
 		// no user information
 		// print full access permission
 		printPermission(info.Permissions)
@@ -88,16 +90,23 @@ func AnalyzePermissions(cfg *config.Config, key string) (*SecretInfo, error) {
 	// create a HTTP client
 	client := analyzers.NewAnalyzeClient(cfg)
 
-	var secretInfo = &SecretInfo{
-		Type: APIKey, // TODO: implement Admin-Key type as well
-	}
+	keyType := getKeyType(key)
 
-	if err := listModels(client, key, secretInfo); err != nil {
-		return nil, err
+	var secretInfo = &SecretInfo{
+		Type: keyType,
 	}
 
-	if err := listMessageBatches(client, key, secretInfo); err != nil {
-		return nil, err
+	switch keyType {
+	case APIKey:
+		if err := captureAPIKeyResources(client, key, secretInfo); err != nil {
+			return nil, err
+		}
+	case AdminKey:
+		if err := captureAdminKeyResources(client, key, secretInfo); err != nil {
+			return nil, err
+		}
+	default:
+		return nil, errors.New("unsupported key type")
 	}
 
 	// anthropic key has full access only
@@ -133,6 +142,14 @@ func secretInfoToAnalyzerResult(info *SecretInfo) *analyzers.AnalyzerResult {
 			},
 		}
 
+		if Anthropicresource.Parent != nil {
+			binding.Resource.Parent = &analyzers.Resource{
+				Name:               Anthropicresource.Parent.Name,
+				FullyQualifiedName: Anthropicresource.Parent.ID,
+				Type:               Anthropicresource.Parent.Type,
+			}
+		}
+
 		for key, value := range Anthropicresource.Metadata {
 			binding.Resource.Metadata[key] = value
 		}
@@ -162,3 +179,14 @@ func printAnthropicResources(resources []AnthropicResource) {
 	}
 	t.Render()
 }
+
+// getKeyType return the type of key
+func getKeyType(key string) string {
+	if strings.Contains(key, "sk-ant-admin01") {
+		return AdminKey
+	} else if strings.Contains(key, "sk-ant-api03") {
+		return APIKey
+	}
+
+	return ""
+}
diff --git a/pkg/analyzer/analyzers/anthropic/requests.go b/pkg/analyzer/analyzers/anthropic/requests.go
