Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-11-10 07:04:24 +00:00
Code Issues Projects Releases Packages Wiki Activity

Make AzureDevopsPersonalAccessToken verification more robust (#2359)

Browse source 
* Make AzureDevopsPersonalAccessToken verification more robust

* fix snifftest
This commit is contained in:
Dustin Decker 2024-02-01 08:40:44 -08:00 committed by GitHub
parent 5651eb6cbd
commit c2ae31d060
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
hack/snifftest/snifftest.sh
View file

@ -1,7 +1,7 @@
#!/usr/bin/env bash
REPO_ARRAY=(
# "https://github.com/Netflix/Hystrix.git"
"https://github.com/Netflix/Hystrix.git"
# "https://github.com/facebook/flow.git"
# "https://github.com/Netflix/vizceral.git"
# "https://github.com/Netflix/metaflow.git"

3
pkg/detectors/azuredevopspersonalaccesstoken/azuredevopspersonalaccesstoken.go
View file

@ -69,7 +69,8 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
res, err := client.Do(req)
if err == nil {
defer res.Body.Close()
if res.StatusCode >= 200 && res.StatusCode < 300 {
hasVerifiedRes, _ := common.ResponseContainsSubstring(res.Body, "lastUpdateTime")
if res.StatusCode >= 200 && res.StatusCode < 300 && hasVerifiedRes {
s1.Verified = true
} else if res.StatusCode == 401 {
// The secret is determinately not verified (nothing to do)