Class: Ace::Git::Secrets::Models::DetectedToken

Inherits:
Object
  • Object
show all
Defined in:
lib/ace/git/secrets/models/detected_token.rb

Overview

Represents a detected token in Git history Immutable value object containing token metadata

Constant Summary collapse

CONFIDENCE_LEVELS =

Confidence levels for token detection

%w[high medium low].freeze

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(token_type:, pattern_name:, confidence:, commit_hash:, file_path:, raw_value:, line_number: nil, detected_by: "ruby_patterns") ⇒ DetectedToken

Returns a new instance of DetectedToken.

Parameters:

  • token_type (String)

    Type of token (github_pat, anthropic_api_key, etc.)

  • pattern_name (String)

    Name of pattern that matched

  • confidence (String)

    Confidence level (high, medium, low)

  • commit_hash (String)

    Git commit SHA where token was found

  • file_path (String)

    Path to file containing token

  • line_number (Integer, nil) (defaults to: nil)

    Line number in file

  • raw_value (String)

    The actual token value (stored for revocation)

  • detected_by (String) (defaults to: "ruby_patterns")

    Detection method (gitleaks, ruby_patterns)



24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/ace/git/secrets/models/detected_token.rb', line 24

def initialize(token_type:, pattern_name:, confidence:, commit_hash:,
  file_path:, raw_value:, line_number: nil, detected_by: "ruby_patterns")
  @token_type = token_type
  @pattern_name = pattern_name
  @confidence = validate_confidence(confidence)
  @commit_hash = commit_hash
  @file_path = file_path
  @line_number = line_number
  @raw_value = raw_value
  @detected_by = detected_by

  freeze
end

Instance Attribute Details

#commit_hashObject (readonly)

Returns the value of attribute commit_hash.



10
11
12
 
# File 'lib/ace/git/secrets/models/detected_token.rb', line 10

def commit_hash
  @commit_hash
end

#confidenceObject (readonly)

Returns the value of attribute confidence.



10
11
12
 
# File 'lib/ace/git/secrets/models/detected_token.rb', line 10

def confidence
  @confidence
end

#detected_byObject (readonly)

Returns the value of attribute detected_by.



10
11
12
 
# File 'lib/ace/git/secrets/models/detected_token.rb', line 10

def detected_by
  @detected_by
end

#file_pathObject (readonly)

Returns the value of attribute file_path.



10
11
12
 
# File 'lib/ace/git/secrets/models/detected_token.rb', line 10

def file_path
  @file_path
end

#line_numberObject (readonly)

Returns the value of attribute line_number.



10
11
12
 
# File 'lib/ace/git/secrets/models/detected_token.rb', line 10

def line_number
  @line_number
end

#pattern_nameObject (readonly)

Returns the value of attribute pattern_name.



10
11
12
 
# File 'lib/ace/git/secrets/models/detected_token.rb', line 10

def pattern_name
  @pattern_name
end

#raw_valueObject (readonly)

Returns the value of attribute raw_value.



10
11
12
 
# File 'lib/ace/git/secrets/models/detected_token.rb', line 10

def raw_value
  @raw_value
end

#token_typeObject (readonly)

Returns the value of attribute token_type.



10
11
12
 
# File 'lib/ace/git/secrets/models/detected_token.rb', line 10

def token_type
  @token_type
end

Instance Method Details

#high_confidence?Boolean

Check if this is a high confidence match

Returns:

  • (Boolean) 


57
58
59
 
# File 'lib/ace/git/secrets/models/detected_token.rb', line 57

def high_confidence?
  confidence == "high"
end

#masked_valueString

Returns masked version of token for display Shows first 4 and last 4 characters with asterisks in between

Returns:

  • (String)

    Masked token value



41
42
43
44
45
46
47
 
# File 'lib/ace/git/secrets/models/detected_token.rb', line 41

def masked_value
  return "****" if raw_value.nil? || raw_value.length < 12

  prefix = raw_value[0, 4]
  suffix = raw_value[-4, 4]
  "#{prefix}#{"*" * [raw_value.length - 8, 4].max}#{suffix}"
end

#provider_nameString

Human-readable provider name for grouping in reports

Returns:

  • (String)

    Provider display name



84
85
86
87
88
89
90
91
92
93
94
95
96
97
 
# File 'lib/ace/git/secrets/models/detected_token.rb', line 84

def provider_name
  case revocation_service
  when "github"
    "GitHub"
  when "anthropic"
    "Anthropic"
  when "openai"
    "OpenAI"
  when "aws"
    "AWS"
  else
    "Manual Revocation Required"
  end
end

#revocable?Boolean

Check if token can be revoked via API

Returns:

  • (Boolean) 


78
79
80
 
# File 'lib/ace/git/secrets/models/detected_token.rb', line 78

def revocable?
  !revocation_service.nil?
end

#revocation_serviceString?

Returns service name for revocation

Returns:

  • (String, nil)

    Service name or nil if not revocable



63
64
65
66
67
68
69
70
71
72
73
74
 
# File 'lib/ace/git/secrets/models/detected_token.rb', line 63

def revocation_service
  case token_type
  when /^github_/
    "github"
  when "anthropic_api_key"
    "anthropic"
  when "openai_api_key"
    "openai"
  when /^aws_/
    "aws"
  end
end

#short_commitString

Returns short commit hash (7 characters)

Returns:

  • (String)

    Short commit hash



51
52
53
 
# File 'lib/ace/git/secrets/models/detected_token.rb', line 51

def short_commit
  commit_hash[0, 7]
end

#to_h(include_raw: false) ⇒ Hash

Convert to hash for serialization

Parameters:

  • include_raw (Boolean) (defaults to: false)

    Whether to include raw token value

Returns:

  • (Hash) 


102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
 
# File 'lib/ace/git/secrets/models/detected_token.rb', line 102

def to_h(include_raw: false)
  h = {
    token_type: token_type,
    pattern_name: pattern_name,
    confidence: confidence,
    commit_hash: commit_hash,
    file_path: file_path,
    line_number: line_number,
    masked_value: masked_value,
    detected_by: detected_by,
    revocable: revocable?
  }
  h[:raw_value] = raw_value if include_raw
  h
end