-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
improved the agora detector #3360
improved the agora detector #3360
Conversation
Changes:
|
Question: Currently, both the key and secret regex patterns include the I need some suggestions here 😃 |
My advice: use GitHub search to find real-world examples and use them as inspiration for unit test cases. |
@kashifkhan0771 My advice would be to remove those and run against a good number of projects in the wild. Then analyze the false positives and try to observe if there is any pattern in it. Personally I spent most of time analyzing the false positives and false negatives :) |
I like e.g., this is a common pattern that doesn't get detected if you only use
|
* main: (79 commits) Log skipped files on debug level (trufflesecurity#3383) build: update retracted bluemonday ver (trufflesecurity#3369) Fix git binary handling and add a smoke test (trufflesecurity#3379) fix(deps): update module google.golang.org/protobuf to v1.35.1 (trufflesecurity#3382) Added Cisco Meraki API Key detector (trufflesecurity#3367) improved the agora detector (trufflesecurity#3360) fix(deps): update module github.com/xanzy/go-gitlab to v0.110.0 (trufflesecurity#3376) fix(deps): update golang.org/x/exp digest to 225e2ab (trufflesecurity#3371) fix(deps): update module golang.org/x/net to v0.30.0 (trufflesecurity#3373) fix(deps): update module golang.org/x/crypto to v0.28.0 (trufflesecurity#3372) chore(deps): update sigstore/cosign-installer action to v3.7.0 (trufflesecurity#3368) fix(deps): update module cloud.google.com/go/storage to v1.44.0 (trufflesecurity#3366) fix(deps): update module github.com/schollz/progressbar/v3 to v3.16.1 (trufflesecurity#3365) [refactor] - Decouple Metrics From Cache Implementation (trufflesecurity#3355) fix(deps): update module github.com/snowflakedb/gosnowflake to v1.11.2 (trufflesecurity#3363) Updated Cosign Install URL (trufflesecurity#3364) fix(deps): update module github.com/jedib0t/go-pretty/v6 to v6.6.0 (trufflesecurity#3361) Added Pattern test cases for detectors (trufflesecurity#3354) remove size check (trufflesecurity#3351) fix(deps): update module go.mongodb.org/mongo-driver to v1.17.1 (trufflesecurity#3357) ... # Conflicts: # go.sum
Description:
This PR improve the agora detector logic to avoid processing when secret and key matches as both have same regex.
Pattern Test Cases Output:
Checklist:
make test-community
)?make lint
this requires golangci-lint)?