Skip to content

Added deepseek support #3980

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Added deepseek support #3980

wants to merge 8 commits into from

Conversation

bunnyanon
Copy link

Description:

Added support for the DeepSeek API (https://api-docs.deepseek.com/)

Note Before Merging:

Should add a valid DEEPSEEK key and an invalid DEEPSEEK_INACTIVE key to fulfill integration tests

Checklist:

  • Tests passing (make test-community)?
  • Lint passing (make lint this requires golangci-lint)?

@bunnyanon bunnyanon requested review from a team as code owners March 15, 2025 13:01
kashifkhan0771
kashifkhan0771 requested changes Mar 17, 2025
View reviewed changes
abmussani
abmussani requested changes Mar 17, 2025
View reviewed changes
abmussani
abmussani reviewed Mar 19, 2025
View reviewed changes
pkg/detectors/deepseek/deepseek.go Outdated
var (
defaultClient = common.SaneHttpClient()

keyPat = regexp.MustCompile(`\b(sk-[a-z0-9]{32})\b`)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bunnyanon can we tighten up the regex using the Prefix helper ? I have a doubt that current regex will be too loose.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think it's needed. The only other key pattern that's somewhat similar to the deepseek one is OpenAI, however OpenAI keys are longer and include uppercase letters. Furthermore, using the OpenAI library to use DeepSeek is a fairly common practice as the API endpoints are compatible.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think it's needed. The only other key pattern that's somewhat similar to the deepseek one is OpenAI, however OpenAI keys are longer and include uppercase letters. Furthermore, using the OpenAI library to use DeepSeek is a fairly common practice as the API endpoints are compatible.

@bunnyanon please use the regex prefix filter. We may add other detectors with the sk- prefix in the future.

kashifkhan0771
kashifkhan0771 approved these changes Mar 26, 2025
View reviewed changes
Copy link
Contributor

@kashifkhan0771 kashifkhan0771 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @bunnyanon for adding this detector.

zricethezav
zricethezav requested changes Mar 26, 2025
View reviewed changes
pkg/detectors/deepseek/deepseek.go Outdated
// Keywords are used for efficiently pre-filtering chunks.
// Use identifiers in the secret preferably, or the provider name.
func (s Scanner) Keywords() []string {
return []string{"sk-"}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bunnyanon sk- is not a sufficient keyword. deepseek is necessary for filtering out fps.

pkg/detectors/deepseek/deepseek.go Outdated
var (
defaultClient = common.SaneHttpClient()

keyPat = regexp.MustCompile(`\b(sk-[a-z0-9]{32})\b`)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think it's needed. The only other key pattern that's somewhat similar to the deepseek one is OpenAI, however OpenAI keys are longer and include uppercase letters. Furthermore, using the OpenAI library to use DeepSeek is a fairly common practice as the API endpoints are compatible.

@bunnyanon please use the regex prefix filter. We may add other detectors with the sk- prefix in the future.

kashifkhan0771
kashifkhan0771 requested changes Apr 4, 2025
View reviewed changes
Copy link
Contributor

@kashifkhan0771 kashifkhan0771 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add PrefixRegex as recommended by @zricethezav and resolve the conflicts.

abmussani added 2 commits May 21, 2025 17:44
@abmussani
Merge branch 'main' into pr-3980
9ad3304 
* main: (121 commits)
  Fixed Grafana detector (trufflesecurity#4166)
  Reduce verbosity of chunk trace logging (trufflesecurity#4161)
  Increase postman logging verbosity (trufflesecurity#4160)
  Change github file extension log message verbosity (trufflesecurity#4159)
  docs: fix typos (trufflesecurity#4158)
  fix(twitch): Update Twitch detector to handle new RawV2 field and adjust test expectations (trufflesecurity#4150)
  Add a bunch of Postman logging (trufflesecurity#4154)
  Added DataBricks Analyzer (trufflesecurity#4135)
  fixed shopify detector line number (trufflesecurity#4149)
  chore: run setup-go after checkout (trufflesecurity#4143)
  Add per-chunk detection logging (trufflesecurity#4152)
  [Feat] Added Dropbox API OAuth2 Token Analyzer (trufflesecurity#4080)
  Updated Github Source Validate method (trufflesecurity#4144)
  replace anthropic reference with groq (trufflesecurity#4147)
  [Fix] Line number issue for custom detector (trufflesecurity#3997)
  fix(postman): prevent infinite recursion in variable substitution (trufflesecurity#4145)
  Add metrics to the Postman source (trufflesecurity#4142)
  [Feat] Implementation of Posthog Analyzer (trufflesecurity#4103)
  [Feat] Added Mux API Analyzer (trufflesecurity#4128)
  fixed name of netlify analyzer in cli output (trufflesecurity#4140)
  ...

# Conflicts:
#	pkg/pb/detectorspb/detectors.pb.go
#	proto/detectors.proto
@abmussani
add 'deepseek' as regex prefix and keywords to avoid false positive
1978cc3 
updated the test, to aligned with regex prefix.
@abmussani
Copy link
Contributor

Hey @bunnyanon, Thank you for your contribution in adding the Deepseek detector. This PR adds significant value to the project. However, it could not be merged without resolving merge conflicts and addressing some blocking comments raised by @zricethezav and @kashifkhan0771.

As there has been no activity from your side for over a month, I have taken the initiative to resolve the conflicts and implement the necessary changes as a maintainer. Just wanted to keep you informed.

kashifkhan0771
kashifkhan0771 approved these changes May 21, 2025
View reviewed changes
Copy link
Contributor

@kashifkhan0771 kashifkhan0771 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @abmussani for fixing the comments and resolving the conflicts and thank you @bunnyanon for the contribution!

nabeelalam
nabeelalam approved these changes May 21, 2025
View reviewed changes
Copy link
Contributor

@nabeelalam nabeelalam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abmussani abmussani abmussani approved these changes

@nabeelalam nabeelalam nabeelalam approved these changes

@kashifkhan0771 kashifkhan0771 kashifkhan0771 approved these changes

@zricethezav zricethezav Awaiting requested review from zricethezav

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@bunnyanon @abmussani @zricethezav @nabeelalam @kashifkhan0771