Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updated Fastly Personal Token Detector #3386

Conversation

kashifkhan0771
Copy link
Contributor

@kashifkhan0771 kashifkhan0771 commented Oct 9, 2024

Description:

  • Updated the verification API to /tokens/self.
  • Restructured the code
  • Added pattern test cases

Output format for valid Token:

βœ… Found verified result πŸ·πŸ”‘
Detector Type: FastlyPersonalToken
Decoder Type: PLAIN
Raw result: <found_token>
Token_id: <token_id>
User_id: <user_id>
Token_expires_at: <expires_at> (Format: 2024-10-09T19:00:00Z)
Token_scope: global global:read
File: <file>
Line: <line_no>

Pattern Test Cases:

Screenshot from 2024-10-09 13-07-59

Checklist:

  • Tests passing (make test-community)?
  • Lint passing (make lint this requires golangci-lint)?

@kashifkhan0771 kashifkhan0771 changed the title Updated verification API and enhanced the code for fastly personal to… Updated Fastly Personal Token Detector Oct 9, 2024
Comment on lines +35 to +37
TokenID string `json:"id"`
UserID string `json:"user_id"`
ExpiresAt string `json:"expires_at"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kashifkhan0771 Response also contains scope of that token. My suggestion would be to include it in the extraData.

pkg/detectors/fastlypersonaltoken/fastlypersonaltoken.go Outdated Show resolved Hide resolved
continue
extraData, verified, verificationErr := verifyFastlyApiToken(ctx, resMatch)
s1.Verified = verified
if extraData != nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: IMO nil check for extraData is unneccesary.

pkg/detectors/fastlypersonaltoken/fastlypersonaltoken.go Outdated Show resolved Hide resolved
}
got[i].Raw = nil
}
if diff := pretty.Compare(got, tt.want); diff != "" {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have doubt that this test will fail due to extraData diff (nil vs Map) in valid & verified cases.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, good catch! I'll update these test cases.

extraData, verified, verificationErr := verifyFastlyApiToken(ctx, match)
s1.Verified = verified
s1.ExtraData = extraData
s1.SetVerificationError(verificationErr)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we're supposed to pass the secret(s) as varargs to SetVerificationErr so they get redacted? Been a while and I'm on my phone so Idk.

I think @ahrav would know.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, it does take secrets as a optional second parameter.

Copy link
Collaborator

@zricethezav zricethezav left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work!

@zricethezav zricethezav merged commit bc32592 into trufflesecurity:main Oct 10, 2024
13 checks passed
abmussani added a commit to abmussani/trufflehog that referenced this pull request Oct 14, 2024
* main: (127 commits)
  Update SaladCloud description (trufflesecurity#3399)
  fix tests (trufflesecurity#3400)
  [chore] Update custom detector default description (trufflesecurity#3398)
  add description to salad (trufflesecurity#3397)
  Add detector for SaladCloud API Keys (trufflesecurity#3273)
  fix(deps): update module github.com/xanzy/go-gitlab to v0.111.0 (trufflesecurity#3393)
  Add SliceContainsString common util (trufflesecurity#3395)
  fix: pr template link to golangci-lint (trufflesecurity#3392)
  fix(deps): update golang.org/x/exp digest to f66d83c (trufflesecurity#3389)
  Separate detector tests into unit/integration (trufflesecurity#3274)
  Manually upgrade github dep (trufflesecurity#3387)
  Updated Fastly Personal Token Detector (trufflesecurity#3386)
  fix(deps): update module google.golang.org/api to v0.200.0 (trufflesecurity#3391)
  [Fix] Snowflake privatelink Support (trufflesecurity#3286)
  Enhanced the easyinsight detector (trufflesecurity#3384)
  Log skipped files on debug level (trufflesecurity#3383)
  build: update retracted bluemonday ver (trufflesecurity#3369)
  Fix git binary handling and add a smoke test (trufflesecurity#3379)
  fix(deps): update module google.golang.org/protobuf to v1.35.1 (trufflesecurity#3382)
  Added Cisco Meraki API Key detector (trufflesecurity#3367)
  ...

# Conflicts:
#	pkg/engine/defaults.go
#	pkg/pb/detectorspb/detectors.pb.go
#	proto/detectors.proto
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

Successfully merging this pull request may close these issues.

4 participants