-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added twist detector #549
Added twist detector #549
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- we should use and scan API keys instead of the user's email and password. I saw an OAuth authentication in its API docs. can you explore on that more?
I have tried this before and it's not working on my end. Let me look into it again. |
Updated this for auth enhancement. Kindly check, thanks! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- can you use the "get current user" endpoint instead
- kindly match the whole test token including the
oauth2:
prefix
Nice catch! I just pushed the changes. |
continue | ||
} | ||
resMatch := strings.TrimSpace(match[1]) | ||
setAuth := resMatch |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you can remove this part since we are expecting to detect tokens with this prefix already
client = common.SaneHttpClient() | ||
|
||
//Make sure that your group is surrounded in boundry characters such as below to reduce false positives | ||
keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"twist"}) + `\b([0-9a-f:]{40,47})\b`) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i think you should include oauth2:
in the regex pattern. we expect that the token already contains oauth2:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No we can't include the oauth2: in the regex pattern because there are two ways in obtaining token. One is oauth and the other is generated using Basic authentication which doesn't have an oauth2 in it. Please check it here https://developer.twist.com/v3/#login.
Add Honeycomb detector by @MNThomson in trufflesecurity/trufflehog#687 Feature/scalr detector by @lonmarsDev in trufflesecurity/trufflehog#519 added websitepulse detector by @lonmarsDev in trufflesecurity/trufflehog#516 added tokeet detector by @lonmarsDev in trufflesecurity/trufflehog#515 Feature/salesmate detector by @lonmarsDev in trufflesecurity/trufflehog#514 added kanbantool detector by @lonmarsDev in trufflesecurity/trufflehog#513 added demio detector by @lonmarsDev in trufflesecurity/trufflehog#512 added heatmapapi detector by @lonmarsDev in trufflesecurity/trufflehog#509 added getresponse detector by @lonmarsDev in trufflesecurity/trufflehog#506 added codeclimate detector by @lonmarsDev in trufflesecurity/trufflehog#484 added flightlabs detector by @ladybug0125 in trufflesecurity/trufflehog#475 added prodpad detector by @lonmarsDev in trufflesecurity/trufflehog#470 added lemlist detector by @lonmarsDev in trufflesecurity/trufflehog#469 added formsite detector by @lonmarsDev in trufflesecurity/trufflehog#467 added docparser detector by @lonmarsDev in trufflesecurity/trufflehog#458 added parseur detector by @lonmarsDev in trufflesecurity/trufflehog#454 Added ecostruxureit detector by @roxanne-tampus in trufflesecurity/trufflehog#555 Added transferwise detector by @roxanne-tampus in trufflesecurity/trufflehog#558 Added holistic detector by @roxanne-tampus in trufflesecurity/trufflehog#556 Added twist detector by @roxanne-tampus in trufflesecurity/trufflehog#549 Added monkeylearn detector by @roxanne-tampus in trufflesecurity/trufflehog#553 Added gtmetrix detector by @roxanne-tampus in trufflesecurity/trufflehog#554 Added duply detector by @roxanne-tampus in trufflesecurity/trufflehog#552 Added braintreepayments detector by @roxanne-tampus in trufflesecurity/trufflehog#541 added apilayer scanner by @lonmarsDev in trufflesecurity/trufflehog#368 added appointed scanner by @lonmarsDev in trufflesecurity/trufflehog#425 [bug] - Fix the starting index value for plus line check. by @ahrav in trufflesecurity/trufflehog#734
No description provided.