trufflehog

mirror of https://github.com/trufflesecurity/trufflehog.git synced 2024-11-14 17:07:31 +00:00

History

Cody Rose 61bee6c8b1 Identify transient AWS verification failures (#1563 ) It turns out that GetCallerIdentity returns a surprising quantity of transient, false-negative 403 responses that carry the SignatureDoesNotMatch error reason. I don't know why this is happening, but their transient nature makes them indeterminate verification failures and they should be flagged as such. The AWS detector has therefore been modified to specifically look for the InvalidClientTokenId error reason in 403 responses and mark all other responses as indeterminate. In addition to the functional changes this PR contains some updates to the test code that allow us to test them.	2023-07-31 12:06:11 -04:00
..
alchemy.go	move false positive check in alchemy detector (#1532 )	2023-07-28 11:36:02 -04:00
alchemy_test.go	Identify transient AWS verification failures (#1563 )	2023-07-31 12:06:11 -04:00

Identify transient AWS verification failures (#1563 )

It turns out that GetCallerIdentity returns a surprising quantity of transient, false-negative 403 responses that carry the SignatureDoesNotMatch error reason. I don't know why this is happening, but their transient nature makes them indeterminate verification failures and they should be flagged as such. The AWS detector has therefore been modified to specifically look for the InvalidClientTokenId error reason in 403 responses and mark all other responses as indeterminate.

In addition to the functional changes this PR contains some updates to the test code that allow us to test them.

2023-07-31 12:06:11 -04:00

alchemy.go

move false positive check in alchemy detector (#1532 )

2023-07-28 11:36:02 -04:00

alchemy_test.go

Identify transient AWS verification failures (#1563 )

2023-07-31 12:06:11 -04:00