Skip to content

Port OpenAI, Groq, and GitLab PAT analyzers to rego#90

Draft
Eteriss wants to merge 4 commits intoleaktk:mainfrom
Eteriss:port-analyzers
Draft

Port OpenAI, Groq, and GitLab PAT analyzers to rego#90
Eteriss wants to merge 4 commits intoleaktk:mainfrom
Eteriss:port-analyzers

Conversation

@Eteriss
Copy link
Copy Markdown

@Eteriss Eteriss commented Mar 25, 2026

Ports analyze-openai-token, analyze-groq-key, and analyze-gitlab-pat from leaktk/hack into opa_policy.rego as native Rego rules.

Changes

  • OpenAI API Keys — matches sk-...T3BlbkFJ..., validates via GET /v1/models
  • Groq API Keys — matches gsk_[A-Za-z0-9]{52}, validates via GET /v1/models
  • GitLab Personal Access Tokens — matches glpat-..., two rules: one for valid active tokens that does both calls to retrieve token metadata (scopes, expiry) and account context (username, admin status), and a fallback that explicitly marks invalid tokens as valid: false rather than leaving them unanalyzed

Source analyzers

bplaxco
bplaxco reviewed Mar 25, 2026
View reviewed changes
Comment thread patterns/leaktk/1/opa_policy.rego
bplaxco
bplaxco reviewed Mar 25, 2026
View reviewed changes
Comment thread patterns/leaktk/1/opa_policy.rego Outdated
Eteriss and others added 3 commits March 30, 2026 09:52
@Eteriss @bplaxco
Apply suggestion from @bplaxco
aace93a 
Co-authored-by: Braxton Plaxco <bplaxco@redhat.com>
@Eteriss @bplaxco
Apply suggestion from @bplaxco
86c8b49 
Co-authored-by: Braxton Plaxco <bplaxco@redhat.com>
@Eteriss
Add valid_status_code and get_if helper functions
5d6df31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bplaxco bplaxco bplaxco left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Eteriss @bplaxco