Merge pull request #1577 from doyensec:veles-codecatalyst

PiperOrigin-RevId: 842221015

Author: copybara-github

binary/proto/scan_result.proto

@@ -736,6 +736,7 @@ message SecretData {
     ReCaptchaKey re_captcha_key = 51;
     PyxKeyV1 pyx_key_v1 = 52;
     PyxKeyV2 pyx_key_v2 = 53;
+    CodeCatalystCredentials code_catalyst_credentials = 54;
   }
 
   message GCPSAK {
@@ -1010,14 +1011,17 @@ message SecretData {
   message ReCaptchaKey {
     string secret = 1;
   }
-
   message PyxKeyV1 {
     string key = 1;
   }
 
   message PyxKeyV2 {
     string key = 1;
   }
+
+  message CodeCatalystCredentials{
+    string url = 1;
+  }
 }
 
 message SecretStatus {

binary/proto/scan_result_go_proto/scan_result.pb.go

@@ -37,6 +37,7 @@ import (
 	"github.com/google/osv-scalibr/veles/secrets/gcpoauth2client"
 	velesgcpsak "github.com/google/osv-scalibr/veles/secrets/gcpsak"
 	"github.com/google/osv-scalibr/veles/secrets/gcshmackey"
+	"github.com/google/osv-scalibr/veles/secrets/gitbasicauth/codecatalyst"
 	velesgithub "github.com/google/osv-scalibr/veles/secrets/github"
 	"github.com/google/osv-scalibr/veles/secrets/gitlabpat"
 	velesgrokxaiapikey "github.com/google/osv-scalibr/veles/secrets/grokxaiapikey"
@@ -222,11 +223,23 @@ func velesSecretToProto(s veles.Secret) (*spb.SecretData, error) {
 		return pyxKeyV1ToProto(t), nil
 	case pyxkeyv2.PyxKeyV2:
 		return pyxKeyV2ToProto(t), nil
+	case codecatalyst.Credentials:
+		return codeCatalystCredentialsToProto(t), nil
 	default:
 		return nil, fmt.Errorf("%w: %T", ErrUnsupportedSecretType, s)
 	}
 }
 
+func codeCatalystCredentialsToProto(s codecatalyst.Credentials) *spb.SecretData {
+	return &spb.SecretData{
+		Secret: &spb.SecretData_CodeCatalystCredentials_{
+			CodeCatalystCredentials: &spb.SecretData_CodeCatalystCredentials{
+				Url: s.FullURL,
+			},
+		},
+	}
+}
+
 func awsAccessKeyCredentialToProto(s awsaccesskey.Credentials) *spb.SecretData {
 	return &spb.SecretData{
 		Secret: &spb.SecretData_AwsAccessKeyCredentials_{
@@ -982,6 +995,10 @@ func velesSecretToStruct(s *spb.SecretData) (veles.Secret, error) {
 		return pyxkeyv2.PyxKeyV2{
 			Key: s.GetPyxKeyV2().GetKey(),
 		}, nil
+	case *spb.SecretData_CodeCatalystCredentials_:
+		return codecatalyst.Credentials{
+			FullURL: s.GetCodeCatalystCredentials().GetUrl(),
+		}, nil
 	default:
 		return nil, fmt.Errorf("%w: %T", ErrUnsupportedSecretType, s.GetSecret())
 	}

binary/proto/secret.go

@@ -112,6 +112,7 @@ See the docs on [how to add a new Extractor](/docs/new_extractor.md).
 | Type                                        | Extractor Plugin                     |
 |---------------------------------------------|--------------------------------------|
 | AWS access key                              | `secrets/awsaccesskey`               |
+| Amazon CodeCatalyst credentials             | `secrets/codecatalystcredentials`    |
 | Anthropic API key                           | `secrets/anthropicapikey`            |
 | Azure Token                                 | `secrets/azuretoken`                 |
 | Crates.io API Token                         | `secrets/cratesioapitoken`           |

docs/supported_inventory_types.md

@@ -41,6 +41,7 @@ import (
 	"github.com/google/osv-scalibr/veles/secrets/gcpoauth2access"
 	"github.com/google/osv-scalibr/veles/secrets/gcpsak"
 	"github.com/google/osv-scalibr/veles/secrets/gcshmackey"
+	"github.com/google/osv-scalibr/veles/secrets/gitbasicauth/codecatalyst"
 	"github.com/google/osv-scalibr/veles/secrets/github"
 	"github.com/google/osv-scalibr/veles/secrets/gitlabpat"
 	"github.com/google/osv-scalibr/veles/secrets/grokxaiapikey"
@@ -119,6 +120,7 @@ var (
 		fromVeles(gcpoauth2access.NewValidator(), "secrets/gcpoauth2accesstokenvalidate", 0),
 		fromVeles(gcshmackey.NewValidator(), "secrets/gcshmackeyvalidate", 0),
 		fromVeles(awsaccesskey.NewValidator(), "secrets/awsaccesskeyvalidate", 0),
+		fromVeles(codecatalyst.NewValidator(), "secrets/codecatalystcredentialsvalidate", 0),
 	})
 
 	// SecretsEnrich lists enrichers that add data to detected secrets.

enricher/enricherlist/list.go

@@ -97,6 +97,7 @@ import (
 	"github.com/google/osv-scalibr/extractor/filesystem/sbom/spdx"
 	"github.com/google/osv-scalibr/extractor/filesystem/secrets/awsaccesskey"
 	"github.com/google/osv-scalibr/extractor/filesystem/secrets/convert"
+	"github.com/google/osv-scalibr/extractor/filesystem/secrets/gitbasicauth/codecatalyst"
 	"github.com/google/osv-scalibr/extractor/filesystem/secrets/mariadb"
 	"github.com/google/osv-scalibr/extractor/filesystem/secrets/mysqlmylogin"
 	"github.com/google/osv-scalibr/extractor/filesystem/secrets/onepasswordconnecttoken"
@@ -287,6 +288,7 @@ var (
 		onepasswordconnecttoken.Name: {noCFG(onepasswordconnecttoken.New)},
 		mariadb.Name:                 {noCFG(mariadb.NewDefault)},
 		awsaccesskey.Name:            {noCFG(awsaccesskey.New)},
+		codecatalyst.Name:            {noCFG(codecatalyst.New)},
 	}
 
 	// SecretDetectors for Detector interface.