Mirrors/trufflehog
2
0
Fork 0
mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-11-14 08:57:40 +00:00
Code Issues Projects Releases Packages Wiki Activity

updating jiratoken detector to use tristate verification

Browse source
This commit is contained in:
ahmed 2023-08-29 16:55:21 -04:00
parent 7ba880f47a
commit c98fc3b04f
1 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
pkg/detectors/jiratoken/jiratoken.go
View file

@ -85,8 +85,12 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
// If the request is successful and the login reason is not failed authentication, then the token is valid. // If the request is successful and the login reason is not failed authentication, then the token is valid.
// This is because Jira returns a 200 status code even if the token is invalid. // This is because Jira returns a 200 status code even if the token is invalid.
// Jira returns a default dashboard page. // Jira returns a default dashboard page.
if (res.StatusCode >= 200 && res.StatusCode < 300) && res.Header.Get(loginReasonHeaderKey) != failedAuth { if res.StatusCode >= 200 && res.StatusCode < 300 {
s1.Verified = true if res.Header.Get(loginReasonHeaderKey) != failedAuth {
s1.Verified = true
}
} else {
s1.VerificationError = fmt.Errorf("unexpected HTTP response status %d", res.StatusCode)
} }
} }
} }
@ -98,7 +102,6 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
} }
results = append(results, s1) results = append(results, s1)
} }
} }