fix github detector (#472)

This commit is contained in:
Dustin Decker 2022-04-22 08:51:38 -07:00 committed by GitHub
parent b6b54798a1
commit 1735892c49
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 8 deletions

View file

@ -23,7 +23,7 @@ var (
// https://developer.github.com/v3/#oauth2-token-sent-in-a-header // https://developer.github.com/v3/#oauth2-token-sent-in-a-header
// Token type list: // Token type list:
// https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/ // https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/
keyPat = regexp.MustCompile(`\b((?:ghp|gho|ghu|ghs|ghr)_[a-zA-Z0-9]{36,255}\b)`) keyPat = regexp.MustCompile(`\b((?:ghp|gho|ghu|ghs|ghr)_[a-zA-Z0-9]{36,255})\b`)
//TODO: Oauth2 client_id and client_secret //TODO: Oauth2 client_id and client_secret
// https://developer.github.com/v3/#oauth2-keysecret // https://developer.github.com/v3/#oauth2-keysecret
@ -74,6 +74,7 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
req.Header.Add("Authorization", fmt.Sprintf("token %s", token)) req.Header.Add("Authorization", fmt.Sprintf("token %s", token))
res, err := client.Do(req) res, err := client.Do(req)
if err == nil { if err == nil {
if res.StatusCode >= 200 && res.StatusCode < 300 {
var userResponse userRes var userResponse userRes
err = json.NewDecoder(res.Body).Decode(&userResponse) err = json.NewDecoder(res.Body).Decode(&userResponse)
res.Body.Close() res.Body.Close()
@ -82,6 +83,7 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
} }
} }
} }
}
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) { if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
continue continue

View file

@ -15,7 +15,7 @@ import (
func TestGitHub_FromChunk(t *testing.T) { func TestGitHub_FromChunk(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*5) ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
defer cancel() defer cancel()
testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "detectors2") testSecrets, err := common.GetSecret(ctx, "trufflehog-testing", "detectors4")
if err != nil { if err != nil {
t.Fatalf("could not get test secrets from GCP: %s", err) t.Fatalf("could not get test secrets from GCP: %s", err)
} }
@ -123,7 +123,7 @@ func TestGitHub_FromChunk(t *testing.T) {
s: Scanner{}, s: Scanner{},
args: args{ args: args{
ctx: context.Background(), ctx: context.Background(),
data: []byte(unverifiedGhpLong), data: []byte(fmt.Sprintf("You can find a github secret %s within", unverifiedGhpLong)),
verify: true, verify: true,
}, },
want: []detectors.Result{ want: []detectors.Result{