added token_revoke status condition in slack api detector (#3831)

Author: nabeelalam

pkg/detectors/slack/slack.go

@@ -102,6 +102,10 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 						// https://api.slack.com/methods/auth.test) (Per
 						// https://slack.com/help/articles/360000446446-Manage-deactivated-members-apps-and-integrations,
 						// reactivating a bot regenerates its tokens, so this candidate is determinately unverified.)
+					} else if authResponse.Error == "token_revoked" {
+						// "Authentication token is for a deleted user or workspace, or the app has been removed when using a user token."
+						// This indicates the token is no longer valid and determinately unverified.
+						// https://api.slack.com/methods/auth.test
 					} else {
 						err = fmt.Errorf("unexpected error auth response %+v", authResponse.Error)
 						s1.SetVerificationError(err, token)

pkg/detectors/slack/slack_integration_test.go

@@ -102,6 +102,27 @@ func TestSlack_FromChunk(t *testing.T) {
 			wantErr:             false,
 			wantVerificationErr: false,
 		},
+		{
+			name: "token_revoked",
+			s:    Scanner{client: common.ConstantResponseHttpClient(200, `{"ok": false, "error": "token_revoked"}`)},
+			args: args{
+				ctx:    context.Background(),
+				data:   []byte(fmt.Sprintf("You can find a slack secret %s within", secret)),
+				verify: true,
+			},
+			wantResults: []detectors.Result{
+				{
+					DetectorType: detectorspb.DetectorType_Slack,
+					Verified:     false,
+					ExtraData: map[string]string{
+						"rotation_guide": "https://howtorotate.com/docs/tutorials/slack/",
+						"token_type":     "Slack User Token",
+					},
+				},
+			},
+			wantErr:             false,
+			wantVerificationErr: false,
+		},
 		{
 			name: "found, would be verified if not for timeout",
 			s:    Scanner{client: common.SaneHttpClientTimeOut(1 * time.Microsecond)},