GitHub Secrets Scanning Token Type is pypi_api_token (#9276)

tests/unit/integration/github/test_utils.py

@@ -45,7 +45,8 @@ def test_invalid_token_leak_request():
         ({}, "Record is missing attribute(s): token, type, url", "format"),
         (
             {"type": "not_found", "token": "a", "url": "b"},
-            "Matcher with code not_found not found. Available codes are: failer, token",
+            "Matcher with code not_found not found. "
+            "Available codes are: failer, pypi_api_token",
             "invalid_matcher",
         ),
         (
@@ -73,7 +74,7 @@ def extract(self, text):
 
 def test_token_leak_disclosure_request_from_api_record():
     request = utils.TokenLeakDisclosureRequest.from_api_record(
-        {"type": "token", "token": "pypi-1234", "url": "http://example.com"}
+        {"type": "pypi_api_token", "token": "pypi-1234", "url": "http://example.com"}
     )
 
     assert request.token == "pypi-1234"
@@ -562,7 +563,7 @@ def metrics_increment(key):
     utils.analyze_disclosure(
         request=request,
         disclosure_record={
-            "type": "token",
+            "type": "pypi_api_token",
             "token": "pypi-1234",
             "url": "http://example.com",
         },
@@ -636,7 +637,7 @@ def metrics_increment(key):
     utils.analyze_disclosure(
         request=request,
         disclosure_record={
-            "type": "token",
+            "type": "pypi_api_token",
             "token": "pypi-1234",
             "url": "http://example.com",
         },

warehouse/integrations/github/utils.py

@@ -51,7 +51,7 @@ def extract(self, text):
 
 
 class PlainTextTokenLeakMatcher(TokenLeakMatcher):
-    name = "token"
+    name = "pypi_api_token"
     # Macaroons are urlsafe_b64 encodeded so non-alphanumeric chars are - and _
     # https://github.com/ecordell/pymacaroons/blob/06b55110eda2fb192c130dee0bcedf8b124d1056/pymacaroons/serializers/binary_serializer.py#L32
     pattern = re.compile(r"pypi-[A-Za-z0-9-_=]+")