mirror of
https://github.com/trufflesecurity/trufflehog.git
synced 2024-09-20 14:42:03 +00:00
Detectors that fail verification should still report the unverified secret (#440)
* Detectors that fail verification should still report the unverified secret * fixup - change microsoft webhook keywords, filter false positives for old github detector * fixup - fix typo
This commit is contained in:
parent
913c75db15
commit
b5743277a3
21 changed files with 232 additions and 326 deletions
|
@ -6,10 +6,9 @@ import (
|
|||
"net/http"
|
||||
"regexp"
|
||||
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
|
||||
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
|
||||
)
|
||||
|
||||
type Scanner struct{}
|
||||
|
@ -53,10 +52,8 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
|
|||
}
|
||||
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", match[1]))
|
||||
res, err := client.Do(req)
|
||||
if err != nil {
|
||||
return results, err
|
||||
}
|
||||
defer res.Body.Close()
|
||||
if err == nil {
|
||||
res.Body.Close() // The request body is unused.
|
||||
|
||||
// 200 means good key for get current user
|
||||
// 400 is bad (malformed)
|
||||
|
@ -65,11 +62,10 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
|
|||
s.Verified = true
|
||||
}
|
||||
}
|
||||
|
||||
if !s.Verified {
|
||||
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
|
||||
continue
|
||||
}
|
||||
|
||||
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
|
||||
continue
|
||||
}
|
||||
|
||||
results = append(results, s)
|
||||
|
|
|
@ -2,15 +2,12 @@ package elasticemail
|
|||
|
||||
import (
|
||||
"context"
|
||||
// "log"
|
||||
"encoding/json"
|
||||
"io"
|
||||
"net/http"
|
||||
"regexp"
|
||||
"strings"
|
||||
|
||||
// "fmt"
|
||||
"encoding/json"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
|
||||
|
@ -56,36 +53,25 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
|
|||
continue
|
||||
}
|
||||
res, err := client.Do(req)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
defer res.Body.Close()
|
||||
var byteData []byte
|
||||
_, err = res.Body.Read(byteData)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
|
||||
defer res.Body.Close()
|
||||
data, readErr := ioutil.ReadAll(res.Body)
|
||||
if readErr != nil {
|
||||
continue
|
||||
}
|
||||
if err == nil {
|
||||
data, readErr := io.ReadAll(res.Body)
|
||||
res.Body.Close()
|
||||
if readErr == nil {
|
||||
var ResVar struct {
|
||||
Success bool `json:"success"`
|
||||
}
|
||||
if err := json.Unmarshal(data, &ResVar); err != nil {
|
||||
continue
|
||||
}
|
||||
if err := json.Unmarshal(data, &ResVar); err == nil {
|
||||
if ResVar.Success {
|
||||
s1.Verified = true
|
||||
} else {
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if detectors.IsKnownFalsePositive(resMatch, detectors.DefaultFalsePositives, true) {
|
||||
if !s1.Verified && detectors.IsKnownFalsePositive(resMatch, detectors.DefaultFalsePositives, true) {
|
||||
continue
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
results = append(results, s1)
|
||||
}
|
||||
|
|
|
@ -73,24 +73,19 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
|
|||
req.Header.Add("Content-Type", "application/json; charset=utf-8")
|
||||
req.Header.Add("Authorization", fmt.Sprintf("token %s", token))
|
||||
res, err := client.Do(req)
|
||||
if err != nil {
|
||||
break
|
||||
}
|
||||
defer res.Body.Close()
|
||||
if res.StatusCode >= 200 && res.StatusCode < 300 {
|
||||
if err == nil {
|
||||
var userResponse userRes
|
||||
err = json.NewDecoder(res.Body).Decode(&userResponse)
|
||||
res.Body.Close()
|
||||
if err == nil {
|
||||
s.Verified = true
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if !s.Verified {
|
||||
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
|
||||
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
|
||||
continue
|
||||
}
|
||||
}
|
||||
|
||||
results = append(results, s)
|
||||
}
|
||||
|
|
|
@ -75,21 +75,24 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
|
|||
req.Header.Add("Content-Type", "application/json; charset=utf-8")
|
||||
req.Header.Add("Authorization", fmt.Sprintf("token %s", token))
|
||||
res, err := client.Do(req)
|
||||
if err != nil {
|
||||
break
|
||||
}
|
||||
defer res.Body.Close()
|
||||
if err == nil {
|
||||
if res.StatusCode >= 200 && res.StatusCode < 300 {
|
||||
var userResponse userRes
|
||||
err = json.NewDecoder(res.Body).Decode(&userResponse)
|
||||
res.Body.Close()
|
||||
if err == nil {
|
||||
s.Verified = true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if !s.Verified && detectors.IsKnownFalsePositive(token, detectors.DefaultFalsePositives, true) {
|
||||
continue
|
||||
}
|
||||
|
||||
results = append(results, s)
|
||||
}
|
||||
|
||||
return
|
||||
return detectors.CleanResults(results), nil
|
||||
}
|
||||
|
|
|
@ -6,10 +6,9 @@ import (
|
|||
"net/http"
|
||||
"regexp"
|
||||
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
|
||||
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
|
||||
)
|
||||
|
||||
type Scanner struct{}
|
||||
|
@ -59,10 +58,8 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
|
|||
}
|
||||
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", match[1]))
|
||||
res, err := client.Do(req)
|
||||
if err != nil {
|
||||
return results, err
|
||||
}
|
||||
defer res.Body.Close()
|
||||
if err == nil {
|
||||
res.Body.Close() // The request body is unused.
|
||||
|
||||
// 200 means good key and has `read_user` scope
|
||||
// 403 means good key but not the right scope
|
||||
|
@ -71,15 +68,14 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
|
|||
secret.Verified = true
|
||||
}
|
||||
}
|
||||
|
||||
if !secret.Verified {
|
||||
if detectors.IsKnownFalsePositive(string(secret.Raw), detectors.DefaultFalsePositives, true) {
|
||||
continue
|
||||
}
|
||||
|
||||
if !secret.Verified && detectors.IsKnownFalsePositive(string(secret.Raw), detectors.DefaultFalsePositives, true) {
|
||||
continue
|
||||
}
|
||||
|
||||
results = append(results, secret)
|
||||
}
|
||||
|
||||
return
|
||||
return detectors.CleanResults(results), nil
|
||||
}
|
||||
|
|
|
@ -6,10 +6,9 @@ import (
|
|||
"net/http"
|
||||
"regexp"
|
||||
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
|
||||
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
|
||||
)
|
||||
|
||||
type Scanner struct{}
|
||||
|
@ -59,10 +58,8 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
|
|||
}
|
||||
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", match[1]))
|
||||
res, err := client.Do(req)
|
||||
if err != nil {
|
||||
return results, err
|
||||
}
|
||||
defer res.Body.Close()
|
||||
if err == nil {
|
||||
res.Body.Close() // The request body is unused.
|
||||
|
||||
// 200 means good key and has `read_user` scope
|
||||
// 403 means good key but not the right scope
|
||||
|
@ -71,11 +68,10 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
|
|||
secret.Verified = true
|
||||
}
|
||||
}
|
||||
|
||||
if !secret.Verified {
|
||||
if detectors.IsKnownFalsePositive(string(secret.Raw), detectors.DefaultFalsePositives, true) {
|
||||
continue
|
||||
}
|
||||
|
||||
if !secret.Verified && detectors.IsKnownFalsePositive(string(secret.Raw), detectors.DefaultFalsePositives, true) {
|
||||
continue
|
||||
}
|
||||
|
||||
results = append(results, secret)
|
||||
|
|
|
@ -45,30 +45,27 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
|
|||
Redacted: redact,
|
||||
}
|
||||
|
||||
if verify {
|
||||
//TODO can this be verified? Possibly. Could triage verification to other DBMS strings
|
||||
s.Verified = false
|
||||
//if verify {
|
||||
// // TODO: can this be verified? Possibly. Could triage verification to other DBMS strings
|
||||
// s.Verified = false
|
||||
// client := common.SaneHttpClient()
|
||||
// req, err := http.NewRequestWithContext(ctx, "GET", "https://jdbcci.com/api/v2/me", nil)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
// if err != nil {
|
||||
// continue
|
||||
// }
|
||||
// req.Header.Add("Accept", "application/json;")
|
||||
// req.Header.Add("Jdbc-Token", token)
|
||||
// res, err := client.Do(req)
|
||||
// if err != nil {
|
||||
// break
|
||||
// }
|
||||
// if err == nil {
|
||||
// if res.StatusCode >= 200 && res.StatusCode < 300 {
|
||||
// s.Verified = true
|
||||
// }
|
||||
}
|
||||
// }
|
||||
//}
|
||||
|
||||
if !s.Verified {
|
||||
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, false) {
|
||||
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, false) {
|
||||
continue
|
||||
}
|
||||
}
|
||||
|
||||
results = append(results, s)
|
||||
}
|
||||
|
|
|
@ -54,23 +54,18 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
|
|||
}
|
||||
req.SetBasicAuth("anystring", match)
|
||||
res, err := client.Do(req)
|
||||
if err != nil {
|
||||
break
|
||||
}
|
||||
defer res.Body.Close()
|
||||
if err == nil {
|
||||
res.Body.Close() // The request body is unused.
|
||||
|
||||
if res.StatusCode == 200 {
|
||||
s.Verified = true
|
||||
} else {
|
||||
s.Verified = false
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if !s.Verified {
|
||||
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
|
||||
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
|
||||
continue
|
||||
}
|
||||
}
|
||||
|
||||
results = append(results, s)
|
||||
}
|
||||
|
|
|
@ -2,7 +2,7 @@ package microsoftteamswebhook
|
|||
|
||||
import (
|
||||
"context"
|
||||
"io/ioutil"
|
||||
"io"
|
||||
"net/http"
|
||||
"regexp"
|
||||
"strings"
|
||||
|
@ -27,7 +27,7 @@ var (
|
|||
// Keywords are used for efficiently pre-filtering chunks.
|
||||
// Use identifiers in the secret preferably, or the provider name.
|
||||
func (s Scanner) Keywords() []string {
|
||||
return []string{"microsoft"}
|
||||
return []string{"webhook.office.com"}
|
||||
}
|
||||
|
||||
// FromData will find and optionally verify MicrosoftTeamsWebhook secrets in a given set of bytes.
|
||||
|
@ -54,25 +54,20 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
|
|||
}
|
||||
req.Header.Add("Content-Type", "application/json")
|
||||
res, err := client.Do(req)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
defer res.Body.Close()
|
||||
|
||||
body, err := ioutil.ReadAll(res.Body)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
|
||||
if err == nil {
|
||||
body, err := io.ReadAll(res.Body)
|
||||
res.Body.Close()
|
||||
if err == nil {
|
||||
if res.StatusCode >= 200 && string(body) == "1" {
|
||||
s1.Verified = true
|
||||
} else {
|
||||
//This function will check false positives for common test words, but also it will make sure the key appears 'random' enough to be a real key
|
||||
if detectors.IsKnownFalsePositive(resMatch, detectors.DefaultFalsePositives, false) {
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if !s1.Verified && detectors.IsKnownFalsePositive(resMatch, detectors.DefaultFalsePositives, false) {
|
||||
continue
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
results = append(results, s1)
|
||||
}
|
||||
|
|
|
@ -6,10 +6,9 @@ import (
|
|||
"net/http"
|
||||
"regexp"
|
||||
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
|
||||
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
|
||||
)
|
||||
|
||||
type Scanner struct{}
|
||||
|
@ -54,20 +53,17 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
|
|||
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", match))
|
||||
req.Header.Add("Content-Type", "application/json")
|
||||
res, err := client.Do(req)
|
||||
if err != nil {
|
||||
return results, err
|
||||
}
|
||||
defer res.Body.Close()
|
||||
if err == nil {
|
||||
res.Body.Close() // The request body is unused.
|
||||
|
||||
if res.StatusCode == http.StatusOK {
|
||||
s.Verified = true
|
||||
}
|
||||
}
|
||||
|
||||
if !s.Verified {
|
||||
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
|
||||
continue
|
||||
}
|
||||
|
||||
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
|
||||
continue
|
||||
}
|
||||
|
||||
results = append(results, s)
|
||||
|
|
|
@ -63,26 +63,23 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
|
|||
req.Header.Add("Authorization", fmt.Sprintf("client_id:%s, client_secret:%s", clientID[1], clientSecret[1]))
|
||||
req.Header.Add("Content-Type", "application/json; charset=utf-8")
|
||||
res, err := client.Do(req)
|
||||
if err != nil {
|
||||
return results, err
|
||||
}
|
||||
defer res.Body.Close()
|
||||
if err == nil {
|
||||
res.Body.Close() // The request body is unused.
|
||||
|
||||
if res.StatusCode >= 200 && res.StatusCode < 300 {
|
||||
s.Verified = true
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if !s.Verified {
|
||||
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
|
||||
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
|
||||
continue
|
||||
}
|
||||
}
|
||||
|
||||
results = append(results, s)
|
||||
}
|
||||
}
|
||||
|
||||
return
|
||||
return detectors.CleanResults(results), nil
|
||||
}
|
||||
|
|
|
@ -5,10 +5,9 @@ import (
|
|||
"net/http"
|
||||
"regexp"
|
||||
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
|
||||
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
|
||||
)
|
||||
|
||||
type Scanner struct{}
|
||||
|
@ -57,24 +56,21 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
|
|||
req.Header.Add("Content-Type", "application/json; charset=utf-8")
|
||||
req.Header.Add("X-TrackerToken", token)
|
||||
res, err := client.Do(req)
|
||||
if err != nil {
|
||||
break
|
||||
}
|
||||
defer res.Body.Close()
|
||||
if err == nil {
|
||||
res.Body.Close() // The request body is unused.
|
||||
|
||||
if res.StatusCode >= 200 && res.StatusCode < 300 {
|
||||
s.Verified = true
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
if !s.Verified {
|
||||
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
|
||||
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
|
||||
continue
|
||||
}
|
||||
}
|
||||
|
||||
results = append(results, s)
|
||||
}
|
||||
|
||||
return
|
||||
return detectors.CleanResults(results), nil
|
||||
}
|
||||
|
|
|
@ -9,10 +9,9 @@ import (
|
|||
"time"
|
||||
|
||||
log "github.com/sirupsen/logrus"
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
|
||||
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
|
||||
)
|
||||
|
||||
type Scanner struct {
|
||||
|
@ -62,14 +61,14 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) ([]dete
|
|||
|
||||
if verify {
|
||||
data, err := lookupFingerprint(fingerprint, s.IncludeExpired)
|
||||
if err != nil {
|
||||
log.Warn(err)
|
||||
return nil, err
|
||||
}
|
||||
if err == nil {
|
||||
secret.StructuredData = data
|
||||
if data != nil {
|
||||
secret.Verified = true
|
||||
}
|
||||
} else {
|
||||
log.Warn(err)
|
||||
}
|
||||
}
|
||||
|
||||
results = append(results, secret)
|
||||
|
|
|
@ -54,25 +54,22 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
|
|||
req.Header.Add("Content-Type", "application/json")
|
||||
req.Header.Add("X-Recharge-Access-Token", token)
|
||||
res, err := client.Do(req)
|
||||
if err != nil {
|
||||
return results, err
|
||||
}
|
||||
|
||||
defer res.Body.Close()
|
||||
if err == nil {
|
||||
res.Body.Close() // The request body is unused.
|
||||
|
||||
if res.StatusCode == http.StatusOK {
|
||||
s.Verified = true
|
||||
}
|
||||
}
|
||||
if !s.Verified {
|
||||
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
|
||||
continue
|
||||
}
|
||||
|
||||
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
|
||||
continue
|
||||
}
|
||||
|
||||
results = append(results, s)
|
||||
}
|
||||
}
|
||||
|
||||
return
|
||||
return detectors.CleanResults(results), nil
|
||||
}
|
||||
|
|
|
@ -60,10 +60,8 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
|
|||
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", res))
|
||||
req.Header.Add("Content-Type", "application/json")
|
||||
res, err := client.Do(req)
|
||||
if err != nil {
|
||||
return results, err
|
||||
}
|
||||
defer res.Body.Close()
|
||||
if err == nil {
|
||||
res.Body.Close() // The request body is unused.
|
||||
|
||||
// 200 means good key and has `templates` scope
|
||||
// 403 means good key but not the right scope
|
||||
|
@ -72,11 +70,10 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
|
|||
s.Verified = true
|
||||
}
|
||||
}
|
||||
|
||||
if !s.Verified {
|
||||
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
|
||||
continue
|
||||
}
|
||||
|
||||
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
|
||||
continue
|
||||
}
|
||||
|
||||
results = append(results, s)
|
||||
|
|
|
@ -67,10 +67,8 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
|
|||
// unclear if this version needs to be set or matters, seems to work without, but docs want it
|
||||
//req.Header.Add("Square-Version", "2020-08-12")
|
||||
res, err := client.Do(req)
|
||||
if err != nil {
|
||||
return results, err
|
||||
}
|
||||
defer res.Body.Close()
|
||||
if err == nil {
|
||||
res.Body.Close() // The request body is unused.
|
||||
|
||||
// 200 means good key and has `merchants` scope - default allowed by square
|
||||
// 401 is bad key
|
||||
|
@ -78,11 +76,10 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
|
|||
s.Verified = true
|
||||
}
|
||||
}
|
||||
|
||||
if !s.Verified {
|
||||
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
|
||||
continue
|
||||
}
|
||||
|
||||
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
|
||||
continue
|
||||
}
|
||||
|
||||
results = append(results, s)
|
||||
|
|
|
@ -9,10 +9,9 @@ import (
|
|||
"regexp"
|
||||
"strings"
|
||||
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
|
||||
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
|
||||
)
|
||||
|
||||
type Scanner struct{}
|
||||
|
@ -75,21 +74,18 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
|
|||
// unclear if this version needs to be set or matters, seems to work without, but docs want it
|
||||
//req.Header.Add("Square-Version", "2020-08-12")
|
||||
res, err := client.Do(req)
|
||||
if err != nil {
|
||||
return results, err
|
||||
}
|
||||
defer res.Body.Close()
|
||||
if err == nil {
|
||||
res.Body.Close() // The request body is unused.
|
||||
|
||||
// 404 = Correct crentials. The fake access token should not be found
|
||||
// 404 = Correct credentials. The fake access token should not be found.
|
||||
if res.StatusCode == http.StatusNotFound {
|
||||
s.Verified = true
|
||||
}
|
||||
}
|
||||
|
||||
if !s.Verified {
|
||||
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
|
||||
continue
|
||||
}
|
||||
|
||||
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
|
||||
continue
|
||||
}
|
||||
|
||||
results = append(results, s)
|
||||
|
|
|
@ -6,10 +6,9 @@ import (
|
|||
"net/http"
|
||||
"regexp"
|
||||
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
|
||||
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
|
||||
)
|
||||
|
||||
type Scanner struct{}
|
||||
|
@ -56,20 +55,17 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
|
|||
req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", match))
|
||||
req.Header.Add("Content-Type", "application/json")
|
||||
res, err := client.Do(req)
|
||||
if err != nil {
|
||||
return results, err
|
||||
}
|
||||
defer res.Body.Close()
|
||||
if err == nil {
|
||||
res.Body.Close() // The request body is unused.
|
||||
|
||||
if res.StatusCode == http.StatusOK || res.StatusCode == http.StatusForbidden {
|
||||
s.Verified = true
|
||||
}
|
||||
}
|
||||
|
||||
if !s.Verified {
|
||||
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
|
||||
continue
|
||||
}
|
||||
|
||||
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
|
||||
continue
|
||||
}
|
||||
|
||||
results = append(results, s)
|
||||
|
|
|
@ -7,10 +7,9 @@ import (
|
|||
"regexp"
|
||||
"strings"
|
||||
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
|
||||
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
|
||||
)
|
||||
|
||||
type Scanner struct{}
|
||||
|
@ -69,20 +68,18 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
|
|||
req.Header.Add("Accept", "*/*")
|
||||
req.SetBasicAuth(sid, key)
|
||||
res, err := client.Do(req)
|
||||
if err != nil {
|
||||
break
|
||||
}
|
||||
defer res.Body.Close()
|
||||
if err == nil {
|
||||
res.Body.Close() // The request body is unused.
|
||||
|
||||
if res.StatusCode >= 200 && res.StatusCode < 300 {
|
||||
s.Verified = true
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if !s.Verified {
|
||||
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
|
||||
continue
|
||||
}
|
||||
|
||||
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, true) {
|
||||
continue
|
||||
}
|
||||
|
||||
if len(keyMatches) > 0 {
|
||||
|
|
|
@ -4,16 +4,15 @@ import (
|
|||
"bytes"
|
||||
"context"
|
||||
"encoding/json"
|
||||
"io/ioutil"
|
||||
"io"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"regexp"
|
||||
"strings"
|
||||
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/detectors"
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/pb/detectorspb"
|
||||
|
||||
"github.com/trufflesecurity/trufflehog/v3/pkg/common"
|
||||
)
|
||||
|
||||
type Scanner struct {
|
||||
|
@ -109,34 +108,25 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
|
|||
}
|
||||
req.Header.Add("Content-Type", "application/json")
|
||||
res, err := client.Do(req)
|
||||
if err != nil {
|
||||
// log.WithError(err).Warn("Error in http post to SSRF proxy")
|
||||
continue
|
||||
}
|
||||
defer res.Body.Close()
|
||||
if err == nil {
|
||||
result := proxyRes{}
|
||||
body, err := ioutil.ReadAll(res.Body)
|
||||
if len(body) == 0 || err != nil {
|
||||
continue
|
||||
}
|
||||
body, err := io.ReadAll(res.Body)
|
||||
res.Body.Close()
|
||||
if len(body) != 0 && err == nil {
|
||||
err = json.Unmarshal(body, &result)
|
||||
if err != nil {
|
||||
// log.WithField("body", string(body)).WithError(err).Debug("Error decoding SSRF proxy response")
|
||||
continue
|
||||
}
|
||||
if result.Verified {
|
||||
if err == nil && result.Verified {
|
||||
s.Verified = true
|
||||
}
|
||||
}
|
||||
|
||||
if !s.Verified {
|
||||
if detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, false) {
|
||||
continue
|
||||
}
|
||||
}
|
||||
|
||||
if !s.Verified && detectors.IsKnownFalsePositive(string(s.Raw), detectors.DefaultFalsePositives, false) {
|
||||
continue
|
||||
}
|
||||
|
||||
results = append(results, s)
|
||||
}
|
||||
|
||||
return
|
||||
return detectors.CleanResults(results), nil
|
||||
}
|
||||
|
|
|
@ -2,10 +2,8 @@ package webex
|
|||
|
||||
import (
|
||||
"context"
|
||||
// "fmt"
|
||||
// "log"
|
||||
"encoding/json"
|
||||
"io/ioutil"
|
||||
"io"
|
||||
"net/http"
|
||||
"regexp"
|
||||
"strings"
|
||||
|
@ -21,8 +19,6 @@ type Scanner struct{}
|
|||
var _ detectors.Detector = (*Scanner)(nil)
|
||||
|
||||
var (
|
||||
client = common.SaneHttpClient()
|
||||
|
||||
keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"webex"}) + `\b([A-Za-z0-9_-]{64})\b`)
|
||||
idPat = regexp.MustCompile(detectors.PrefixRegex([]string{"webex"}) + `\b([A-Za-z0-9_-]{65})\b`)
|
||||
)
|
||||
|
@ -64,39 +60,32 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
|
|||
continue
|
||||
}
|
||||
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
|
||||
client := common.SaneHttpClient()
|
||||
res, err := client.Do(req)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
|
||||
defer res.Body.Close()
|
||||
body, err := ioutil.ReadAll(res.Body)
|
||||
if err != nil {
|
||||
continue
|
||||
}
|
||||
|
||||
if err == nil {
|
||||
body, err := io.ReadAll(res.Body)
|
||||
res.Body.Close()
|
||||
if err == nil {
|
||||
var message struct {
|
||||
Message string `json:"message"`
|
||||
}
|
||||
if err := json.Unmarshal(body, &message); err != nil {
|
||||
continue
|
||||
}
|
||||
|
||||
if err := json.Unmarshal(body, &message); err == nil {
|
||||
var getError = regexp.MustCompile(detectors.PrefixRegex([]string{"error"}) + `(redirect_uri_mismatch)`)
|
||||
result := getError.FindAllStringSubmatch(message.Message, -1)
|
||||
if len(result) > 0 {
|
||||
s1.Verified = true
|
||||
} else {
|
||||
if detectors.IsKnownFalsePositive(resMatch, detectors.DefaultFalsePositives, true) {
|
||||
continue
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if !s1.Verified && detectors.IsKnownFalsePositive(resMatch, detectors.DefaultFalsePositives, true) {
|
||||
continue
|
||||
}
|
||||
|
||||
results = append(results, s1)
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
return detectors.CleanResults(results), nil
|
||||
|
|
Loading…
Reference in a new issue