Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-09-20 14:42:03 +00:00
Code Issues Projects Releases Packages Wiki Activity

Detectors that fail verification should still report the unverified secret (#440)

Browse source 
* Detectors that fail verification should still report the unverified secret

* fixup - change microsoft webhook keywords, filter false positives for old github detector

* fixup - fix typo
This commit is contained in:
trufflesteeeve 2022-04-21 18:32:26 -04:00 committed by GitHub
parent 913c75db15
commit b5743277a3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
21 changed files with 232 additions and 326 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
pkg/detectors/dropbox/dropbox.go
View file

@ -6,10 +6,9 @@ import (
"net/http"
"regexp"
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
)
type Scanner struct{}
@ -53,10 +52,8 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
}
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", match[1]))
res, err := client.Do(req)
if err != nil {
return results, err
}
defer res.Body.Close()
if err == nil {
res.Body.Close() // The request body is unused.
// 200 means good key for get current user
// 400 is bad (malformed)
@ -65,11 +62,10 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
s.Verified = true
}
}
if !s.Verified {
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
continue
}
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
continue
}
results = append(results, s)

42
pkg/detectors/elasticemail/elasticemail.go
View file

@ -2,15 +2,12 @@ package elasticemail
import (
"context"
// "log"
"encoding/json"
"io"
"net/http"
"regexp"
"strings"
// "fmt"
"encoding/json"
"io/ioutil"
"net/http"
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
@ -56,36 +53,25 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
continue
}
res, err := client.Do(req)
if err != nil {
continue
}
defer res.Body.Close()
var byteData []byte
_, err = res.Body.Read(byteData)
if err != nil {
continue
}
defer res.Body.Close()
data, readErr := ioutil.ReadAll(res.Body)
if readErr != nil {
continue
}
if err == nil {
data, readErr := io.ReadAll(res.Body)
res.Body.Close()
if readErr == nil {
var ResVar struct {
Success bool `json:"success"`
}
if err := json.Unmarshal(data, &ResVar); err != nil {
continue
}
if err := json.Unmarshal(data, &ResVar); err == nil {
if ResVar.Success {
s1.Verified = true
} else {
}
}
}
}
}
if detectors.IsKnownFalsePositive(resMatch, detectors.DefaultFalsePositives, true) {
if !s1.Verified && detectors.IsKnownFalsePositive(resMatch, detectors.DefaultFalsePositives, true) {
continue
}
}
}
results = append(results, s1)
}

11
pkg/detectors/github/github.go
View file

@ -73,24 +73,19 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
req.Header.Add("Content-Type", "application/json; charset=utf-8")
req.Header.Add("Authorization", fmt.Sprintf("token %s", token))
res, err := client.Do(req)
if err != nil {
break
}
defer res.Body.Close()
if res.StatusCode >= 200 && res.StatusCode < 300 {
if err == nil {
var userResponse userRes
err = json.NewDecoder(res.Body).Decode(&userResponse)
res.Body.Close()
if err == nil {
s.Verified = true
}
}
}
if !s.Verified {
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
continue
}
}
results = append(results, s)
}

13
pkg/detectors/github_old/github_old.go
View file

@ -75,21 +75,24 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
req.Header.Add("Content-Type", "application/json; charset=utf-8")
req.Header.Add("Authorization", fmt.Sprintf("token %s", token))
res, err := client.Do(req)
if err != nil {
break
}
defer res.Body.Close()
if err == nil {
if res.StatusCode >= 200 && res.StatusCode < 300 {
var userResponse userRes
err = json.NewDecoder(res.Body).Decode(&userResponse)
res.Body.Close()
if err == nil {
s.Verified = true
}
}
}
}
if !s.Verified && detectors.IsKnownFalsePositive(token, detectors.DefaultFalsePositives, true) {
continue
}
results = append(results, s)
}
return
return detectors.CleanResults(results), nil
}

18
pkg/detectors/gitlab/gitlab.go
View file

@ -6,10 +6,9 @@ import (
"net/http"
"regexp"
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
)
type Scanner struct{}
@ -59,10 +58,8 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
}
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", match[1]))
res, err := client.Do(req)
if err != nil {
return results, err
}
defer res.Body.Close()
if err == nil {
res.Body.Close() // The request body is unused.
// 200 means good key and has `read_user` scope
// 403 means good key but not the right scope
@ -71,15 +68,14 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
secret.Verified = true
}
}
if !secret.Verified {
if detectors.IsKnownFalsePositive(string(secret.Raw), detectors.DefaultFalsePositives, true) {
continue
}
if !secret.Verified && detectors.IsKnownFalsePositive(string(secret.Raw), detectors.DefaultFalsePositives, true) {
continue
}
results = append(results, secret)
}
return
return detectors.CleanResults(results), nil
}

16
pkg/detectors/gitlabv2/gitlab.go
View file

@ -6,10 +6,9 @@ import (
"net/http"
"regexp"
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
)
type Scanner struct{}
@ -59,10 +58,8 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
}
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", match[1]))
res, err := client.Do(req)
if err != nil {
return results, err
}
defer res.Body.Close()
if err == nil {
res.Body.Close() // The request body is unused.
// 200 means good key and has `read_user` scope
// 403 means good key but not the right scope
@ -71,11 +68,10 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
secret.Verified = true
}
}
if !secret.Verified {
if detectors.IsKnownFalsePositive(string(secret.Raw), detectors.DefaultFalsePositives, true) {
continue
}
if !secret.Verified && detectors.IsKnownFalsePositive(string(secret.Raw), detectors.DefaultFalsePositives, true) {
continue
}
results = append(results, secret)

23
pkg/detectors/jdbc/jdbc.go
View file

@ -45,30 +45,27 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
Redacted: redact,
}
if verify {
//TODO can this be verified? Possibly. Could triage verification to other DBMS strings
s.Verified = false
//if verify {
// // TODO: can this be verified? Possibly. Could triage verification to other DBMS strings
// s.Verified = false
// client := common.SaneHttpClient()
// req, err := http.NewRequestWithContext(ctx, "GET", "https://jdbcci.com/api/v2/me", nil)
if err != nil {
continue
}
// if err != nil {
// continue
// }
// req.Header.Add("Accept", "application/json;")
// req.Header.Add("Jdbc-Token", token)
// res, err := client.Do(req)
// if err != nil {
// break
// }
// if err == nil {
// if res.StatusCode >= 200 && res.StatusCode < 300 {
// s.Verified = true
// }
}
// }
//}
if !s.Verified {
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, false) {
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, false) {
continue
}
}
results = append(results, s)
}

17
pkg/detectors/mailchimp/mailchimp.go
View file

@ -54,23 +54,18 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
}
req.SetBasicAuth("anystring", match)
res, err := client.Do(req)
if err != nil {
break
}
defer res.Body.Close()
if err == nil {
res.Body.Close() // The request body is unused.
if res.StatusCode == 200 {
s.Verified = true
} else {
s.Verified = false
}
}
}
}
if !s.Verified {
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
continue
}
}
results = append(results, s)
}

29
pkg/detectors/microsoftteamswebhook/microsoftteamswebhook.go
View file

@ -2,7 +2,7 @@ package microsoftteamswebhook
import (
"context"
"io/ioutil"
"io"
"net/http"
"regexp"
"strings"
@ -27,7 +27,7 @@ var (
// Keywords are used for efficiently pre-filtering chunks.
// Use identifiers in the secret preferably, or the provider name.
func (s Scanner) Keywords() []string {
return []string{"microsoft"}
return []string{"webhook.office.com"}
}
// FromData will find and optionally verify MicrosoftTeamsWebhook secrets in a given set of bytes.
@ -54,25 +54,20 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
}
req.Header.Add("Content-Type", "application/json")
res, err := client.Do(req)
if err != nil {
continue
}
defer res.Body.Close()
body, err := ioutil.ReadAll(res.Body)
if err != nil {
continue
}
if err == nil {
body, err := io.ReadAll(res.Body)
res.Body.Close()
if err == nil {
if res.StatusCode >= 200 && string(body) == "1" {
s1.Verified = true
} else {
//This function will check false positives for common test words, but also it will make sure the key appears 'random' enough to be a real key
if detectors.IsKnownFalsePositive(resMatch, detectors.DefaultFalsePositives, false) {
}
}
}
}
if !s1.Verified && detectors.IsKnownFalsePositive(resMatch, detectors.DefaultFalsePositives, false) {
continue
}
}
}
results = append(results, s1)
}

16
pkg/detectors/midise/midise.go
View file

@ -6,10 +6,9 @@ import (
"net/http"
"regexp"
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
)
type Scanner struct{}
@ -54,20 +53,17 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", match))
req.Header.Add("Content-Type", "application/json")
res, err := client.Do(req)
if err != nil {
return results, err
}
defer res.Body.Close()
if err == nil {
res.Body.Close() // The request body is unused.
if res.StatusCode == http.StatusOK {
s.Verified = true
}
}
if !s.Verified {
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
continue
}
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
continue
}
results = append(results, s)

15
pkg/detectors/onelogin/onelogin.go
View file

@ -63,26 +63,23 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
req.Header.Add("Authorization", fmt.Sprintf("client_id:%s, client_secret:%s", clientID[1], clientSecret[1]))
req.Header.Add("Content-Type", "application/json; charset=utf-8")
res, err := client.Do(req)
if err != nil {
return results, err
}
defer res.Body.Close()
if err == nil {
res.Body.Close() // The request body is unused.
if res.StatusCode >= 200 && res.StatusCode < 300 {
s.Verified = true
break
}
}
}
}
if !s.Verified {
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
continue
}
}
results = append(results, s)
}
}
return
return detectors.CleanResults(results), nil
}

18
pkg/detectors/pivotaltracker/pivotaltracker.go
View file

@ -5,10 +5,9 @@ import (
"net/http"
"regexp"
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
)
type Scanner struct{}
@ -57,24 +56,21 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
req.Header.Add("Content-Type", "application/json; charset=utf-8")
req.Header.Add("X-TrackerToken", token)
res, err := client.Do(req)
if err != nil {
break
}
defer res.Body.Close()
if err == nil {
res.Body.Close() // The request body is unused.
if res.StatusCode >= 200 && res.StatusCode < 300 {
s.Verified = true
}
}
}
if !s.Verified {
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
continue
}
}
results = append(results, s)
}
return
return detectors.CleanResults(results), nil
}

11
pkg/detectors/privatekey/privatekey.go
View file

@ -9,10 +9,9 @@ import (
"time"
log "github.com/sirupsen/logrus"
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
)
type Scanner struct {
@ -62,14 +61,14 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) ([]dete
if verify {
data, err := lookupFingerprint(fingerprint, s.IncludeExpired)
if err != nil {
log.Warn(err)
return nil, err
}
if err == nil {
secret.StructuredData = data
if data != nil {
secret.Verified = true
}
} else {
log.Warn(err)
}
}
results = append(results, secret)

15
pkg/detectors/rechargepayments/rechargepayments.go
View file

@ -54,25 +54,22 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
req.Header.Add("Content-Type", "application/json")
req.Header.Add("X-Recharge-Access-Token", token)
res, err := client.Do(req)
if err != nil {
return results, err
}
defer res.Body.Close()
if err == nil {
res.Body.Close() // The request body is unused.
if res.StatusCode == http.StatusOK {
s.Verified = true
}
}
if !s.Verified {
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
continue
}
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
continue
}
results = append(results, s)
}
}
return
return detectors.CleanResults(results), nil
}

13
pkg/detectors/sendgrid/sendgrid.go
View file

@ -60,10 +60,8 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", res))
req.Header.Add("Content-Type", "application/json")
res, err := client.Do(req)
if err != nil {
return results, err
}
defer res.Body.Close()
if err == nil {
res.Body.Close() // The request body is unused.
// 200 means good key and has `templates` scope
// 403 means good key but not the right scope
@ -72,11 +70,10 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
s.Verified = true
}
}
if !s.Verified {
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
continue
}
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
continue
}
results = append(results, s)

13
pkg/detectors/square/square.go
View file

@ -67,10 +67,8 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
// unclear if this version needs to be set or matters, seems to work without, but docs want it
//req.Header.Add("Square-Version", "2020-08-12")
res, err := client.Do(req)
if err != nil {
return results, err
}
defer res.Body.Close()
if err == nil {
res.Body.Close() // The request body is unused.
// 200 means good key and has `merchants` scope - default allowed by square
// 401 is bad key
@ -78,11 +76,10 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
s.Verified = true
}
}
if !s.Verified {
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
continue
}
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
continue
}
results = append(results, s)

18
pkg/detectors/squareapp/squareapp.go
View file

@ -9,10 +9,9 @@ import (
"regexp"
"strings"
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
)
type Scanner struct{}
@ -75,21 +74,18 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
// unclear if this version needs to be set or matters, seems to work without, but docs want it
//req.Header.Add("Square-Version", "2020-08-12")
res, err := client.Do(req)
if err != nil {
return results, err
}
defer res.Body.Close()
if err == nil {
res.Body.Close() // The request body is unused.
// 404 = Correct crentials. The fake access token should not be found
// 404 = Correct credentials. The fake access token should not be found.
if res.StatusCode == http.StatusNotFound {
s.Verified = true
}
}
if !s.Verified {
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
continue
}
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
continue
}
results = append(results, s)

16
pkg/detectors/stripe/stripe.go
View file

@ -6,10 +6,9 @@ import (
"net/http"
"regexp"
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
)
type Scanner struct{}
@ -56,20 +55,17 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", match))
req.Header.Add("Content-Type", "application/json")
res, err := client.Do(req)
if err != nil {
return results, err
}
defer res.Body.Close()
if err == nil {
res.Body.Close() // The request body is unused.
if res.StatusCode == http.StatusOK || res.StatusCode == http.StatusForbidden {
s.Verified = true
}
}
if !s.Verified {
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
continue
}
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
continue
}
results = append(results, s)

17
pkg/detectors/twilio/twilio.go
View file

@ -7,10 +7,9 @@ import (
"regexp"
"strings"
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
)
type Scanner struct{}
@ -69,20 +68,18 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
req.Header.Add("Accept", "*/*")
req.SetBasicAuth(sid, key)
res, err := client.Do(req)
if err != nil {
break
}
defer res.Body.Close()
if err == nil {
res.Body.Close() // The request body is unused.
if res.StatusCode >= 200 && res.StatusCode < 300 {
s.Verified = true
}
}
}
if !s.Verified {
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
continue
}
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
continue
}
if len(keyMatches) > 0 {

34
pkg/detectors/uri/uri.go
View file

@ -4,16 +4,15 @@ import (
"bytes"
"context"
"encoding/json"
"io/ioutil"
"io"
"net/http"
"net/url"
"regexp"
"strings"
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
)
type Scanner struct {
@ -109,34 +108,25 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
}
req.Header.Add("Content-Type", "application/json")
res, err := client.Do(req)
if err != nil {
// log.WithError(err).Warn("Error in http post to SSRF proxy")
continue
}
defer res.Body.Close()
if err == nil {
result := proxyRes{}
body, err := ioutil.ReadAll(res.Body)
if len(body) == 0 || err != nil {
continue
}
body, err := io.ReadAll(res.Body)
res.Body.Close()
if len(body) != 0 && err == nil {
err = json.Unmarshal(body, &result)
if err != nil {
// log.WithField("body", string(body)).WithError(err).Debug("Error decoding SSRF proxy response")
continue
}
if result.Verified {
if err == nil && result.Verified {
s.Verified = true
}
}
if !s.Verified {
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, false) {
continue
}
}
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, false) {
continue
}
results = append(results, s)
}
return
return detectors.CleanResults(results), nil
}

35
pkg/detectors/webex/webex.go
View file

@ -2,10 +2,8 @@ package webex
import (
"context"
// "fmt"
// "log"
"encoding/json"
"io/ioutil"
"io"
"net/http"
"regexp"
"strings"
@ -21,8 +19,6 @@ type Scanner struct{}
var _ detectors.Detector = (*Scanner)(nil)
var (
client = common.SaneHttpClient()
keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"webex"}) + `\b([A-Za-z0-9_-]{64})\b`)
idPat = regexp.MustCompile(detectors.PrefixRegex([]string{"webex"}) + `\b([A-Za-z0-9_-]{65})\b`)
)
@ -64,39 +60,32 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
continue
}
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
client := common.SaneHttpClient()
res, err := client.Do(req)
if err != nil {
continue
}
defer res.Body.Close()
body, err := ioutil.ReadAll(res.Body)
if err != nil {
continue
}
if err == nil {
body, err := io.ReadAll(res.Body)
res.Body.Close()
if err == nil {
var message struct {
Message string `json:"message"`
}
if err := json.Unmarshal(body, &message); err != nil {
continue
}
if err := json.Unmarshal(body, &message); err == nil {
var getError = regexp.MustCompile(detectors.PrefixRegex([]string{"error"}) + `(redirect_uri_mismatch)`)
result := getError.FindAllStringSubmatch(message.Message, -1)
if len(result) > 0 {
s1.Verified = true
} else {
if detectors.IsKnownFalsePositive(resMatch, detectors.DefaultFalsePositives, true) {
continue
}
}
}
}
}
if !s1.Verified && detectors.IsKnownFalsePositive(resMatch, detectors.DefaultFalsePositives, true) {
continue
}
results = append(results, s1)
}
}
return detectors.CleanResults(results), nil