mirror of
https://github.com/trufflesecurity/trufflehog.git
synced 2024-11-14 00:47:21 +00:00
fix github detector (#472)
This commit is contained in:
parent
b6b54798a1
commit
1735892c49
2 changed files with 10 additions and 8 deletions
|
@ -23,7 +23,7 @@ var (
|
||||||
// https://developer.github.com/v3/#oauth2-token-sent-in-a-header
|
// https://developer.github.com/v3/#oauth2-token-sent-in-a-header
|
||||||
// Token type list:
|
// Token type list:
|
||||||
// https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/
|
// https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/
|
||||||
keyPat = regexp.MustCompile(`\b((?:ghp|gho|ghu|ghs|ghr)_[a-zA-Z0-9]{36,255}\b)`)
|
keyPat = regexp.MustCompile(`\b((?:ghp|gho|ghu|ghs|ghr)_[a-zA-Z0-9]{36,255})\b`)
|
||||||
|
|
||||||
//TODO: Oauth2 client_id and client_secret
|
//TODO: Oauth2 client_id and client_secret
|
||||||
// https://developer.github.com/v3/#oauth2-keysecret
|
// https://developer.github.com/v3/#oauth2-keysecret
|
||||||
|
@ -74,6 +74,7 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
|
||||||
req.Header.Add("Authorization", fmt.Sprintf("token %s", token))
|
req.Header.Add("Authorization", fmt.Sprintf("token %s", token))
|
||||||
res, err := client.Do(req)
|
res, err := client.Do(req)
|
||||||
if err == nil {
|
if err == nil {
|
||||||
|
if res.StatusCode >= 200 && res.StatusCode < 300 {
|
||||||
var userResponse userRes
|
var userResponse userRes
|
||||||
err = json.NewDecoder(res.Body).Decode(&userResponse)
|
err = json.NewDecoder(res.Body).Decode(&userResponse)
|
||||||
res.Body.Close()
|
res.Body.Close()
|
||||||
|
@ -82,6 +83,7 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
|
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
|
||||||
continue
|
continue
|
||||||
|
|
|
@ -15,7 +15,7 @@ import (
|
||||||
func TestGitHub_FromChunk(t *testing.T) {
|
func TestGitHub_FromChunk(t *testing.T) {
|
||||||
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
|
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
|
||||||
defer cancel()
|
defer cancel()
|
||||||
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "detectors2")
|
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "detectors4")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("could not get test secrets from GCP: %s", err)
|
t.Fatalf("could not get test secrets from GCP: %s", err)
|
||||||
}
|
}
|
||||||
|
@ -123,7 +123,7 @@ func TestGitHub_FromChunk(t *testing.T) {
|
||||||
s: Scanner{},
|
s: Scanner{},
|
||||||
args: args{
|
args: args{
|
||||||
ctx: context.Background(),
|
ctx: context.Background(),
|
||||||
data: []byte(unverifiedGhpLong),
|
data: []byte(fmt.Sprintf("You can find a github secret %s within", unverifiedGhpLong)),
|
||||||
verify: true,
|
verify: true,
|
||||||
},
|
},
|
||||||
want: []detectors.Result{
|
want: []detectors.Result{
|
||||||
|
|
Loading…
Reference in a new issue