Detector-Competition-Fix: Fix AppFollow Detection & Verification (#1933)

* Detector-Competition-Fix: Fix AppFollow Detection & Verification * fix(regex): update jwt regex for appfollow
trufflesecurity · Oct 31, 2023 · a4fd17c · a4fd17c
1 parent a9b056d
commit a4fd17c
Showing 1 changed file with 3 additions and 7 deletions.
diff --git a/pkg/detectors/appfollow/appfollow.go b/pkg/detectors/appfollow/appfollow.go
@@ -2,8 +2,6 @@ package appfollow
 
 import (
 	"context"
-	b64 "encoding/base64"
-	"fmt"
 	"net/http"
 	"regexp"
 	"strings"
@@ -22,7 +20,7 @@ var (
 	client = common.SaneHttpClient()
 
 	// Make sure that your group is surrounded in boundary characters such as below to reduce false positives.
-	keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"appfollow"}) + `\b([0-9A-Za-z]{20})\b`)
+	keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"appfollow"}) + `\b(eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9\.[0-9A-Za-z]{74}\.[0-9A-Z-a-z\-_]{43})\b`)
 )
 
 // Keywords are used for efficiently pre-filtering chunks.
@@ -49,13 +47,11 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
 		}
 
 		if verify {
-			data := fmt.Sprintf("%s:", resMatch)
-			sEnc := b64.StdEncoding.EncodeToString([]byte(data))
-			req, err := http.NewRequestWithContext(ctx, "GET", "https://api.appfollow.io/test", nil)
+			req, err := http.NewRequestWithContext(ctx, "GET", "https://api.appfollow.io/api/v2/account/users", nil)
 			if err != nil {
 				continue
 			}
-			req.Header.Add("Authorization", fmt.Sprintf("Basic %s", sEnc))
+			req.Header.Add("X-AppFollow-API-Token", resMatch)
 			res, err := client.Do(req)
 			if err == nil {
 				defer res.Body.Close()