Skip to content

veles: add SendGrid API key detector and validator#1654

Merged
copybara-service[bot] merged 7 commits intogoogle:mainfrom
Alearner12:add-sendgrid-detector
Feb 13, 2026
Merged

veles: add SendGrid API key detector and validator#1654
copybara-service[bot] merged 7 commits intogoogle:mainfrom
Alearner12:add-sendgrid-detector

Conversation

@Alearner12
Copy link
Contributor

@Alearner12 Alearner12 commented Jan 11, 2026

Add a new Veles secret detector for Twilio SendGrid API keys.

SendGrid API keys have a distinctive format:

  • Prefix: SG.
  • Total Length: 69 characters
  • Structure: SG.<22 chars key_id>.<43 chars key_secret>

Detector:

  • Uses regex pattern to match SendGrid API key format
  • Implements veles.Detector interface via simpletoken.Detector

Validator:

  • Validates keys against SendGrid's /v3/user/account endpoint
  • 200 OK or 403 Forbidden -> valid key (exists and active)
  • 401 Unauthorized -> invalid key (expired/revoked)
  • Uses Bearer token authentication

Tests include:

  • True positive cases (valid key formats)
  • True negative cases (invalid formats, wrong prefix, etc.)
  • Validator HTTP response handling
  • Context cancellation handling
  • Authorization header verification

@google-cla
Copy link

google-cla bot commented Jan 11, 2026

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

@Alearner12
veles: add SendGrid API key detector and validator
b86518a 
Add a new Veles secret detector for Twilio SendGrid API keys.

SendGrid API keys have a distinctive format:
- Prefix: SG.
- Total Length: 69 characters
- Structure: SG.<22 chars key_id>.<43 chars key_secret>

Detector:
- Uses regex pattern to match SendGrid API key format
- Implements veles.Detector interface via simpletoken.Detector

Validator:
- Validates keys against SendGrid's /v3/user/account endpoint
- 200 OK or 403 Forbidden -> valid key (exists and active)
- 401 Unauthorized -> invalid key (expired/revoked)
- Uses Bearer token authentication

Tests include:
- True positive cases (valid key formats)
- True negative cases (invalid formats, wrong prefix, etc.)
- Validator HTTP response handling
- Context cancellation handling
- Authorization header verification
@Alearner12 Alearner12 force-pushed the add-sendgrid-detector branch from fe0f05d to b86518a Compare January 11, 2026 08:14
@Alearner12
Register SendGrid detector and validator in plugin lists
0c873b8 
- Add sendgrid.NewDetector() to SecretDetectors in extractor/filesystem/list/list.go
- Add sendgrid.NewValidator() to SecretsValidate in enricher/enricherlist/list.go

This ensures the SendGrid detector is discoverable as a SCALIBR plugin
and can be enabled via --plugins=secrets/sendgrid flag.
erikvarga
erikvarga reviewed Jan 16, 2026
View reviewed changes
erikvarga
erikvarga reviewed Jan 19, 2026
View reviewed changes
Copy link
Collaborator

@erikvarga erikvarga left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like some tests are failing (I think the modified scan_result.pb.go wasn't uploaded)

@Alearner12
Address PR review feedback for SendGrid detector
3661d47 
- Add acceptance tests using velestest.AcceptDetector
- Remove unused methods (SecretType, Provider, String) and their tests
- Add proto support (scan_result.proto message, secret.go conversion)
- Clarify 403 response handling in validator comment
- Remove duplicate TestValidator_InvalidRequest test
@Alearner12 Alearner12 force-pushed the add-sendgrid-detector branch from 5efc991 to 3661d47 Compare January 19, 2026 10:42
Alearner12 and others added 2 commits January 19, 2026 16:13
@Alearner12
Merge branch 'main' into add-sendgrid-detector
a517876
@Alearner12
Fix lint errors and regenerate proto with SendGrid types
0ba2d06 
- Add package comment to validator.go (ST1000)
- Fix unchecked error in validator_test.go (errcheck)
- Regenerate scan_result.pb.go with SendGridAPIKey types
@Alearner12
Copy link
Contributor Author

Alearner12 commented Feb 3, 2026

@erikvarga All feedback addressed , Ready for review when you get a chance. Thanks!

@copybara-service copybara-service bot merged commit a7bdc92 into google:main Feb 13, 2026
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@erikvarga erikvarga erikvarga approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Alearner12 @erikvarga