Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added twist detector #549

Merged
merged 5 commits into from
Aug 25, 2022
Merged

Added twist detector #549

merged 5 commits into from
Aug 25, 2022

Conversation

roxanne-tampus
Copy link
Contributor

No description provided.

galevalerie
galevalerie reviewed May 19, 2022
View reviewed changes
Copy link
Contributor

@galevalerie galevalerie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • we should use and scan API keys instead of the user's email and password. I saw an OAuth authentication in its API docs. can you explore on that more?

@roxanne-tampus
Copy link
Contributor Author

I have tried this before and it's not working on my end. Let me look into it again.

@roxanne-tampus
Copy link
Contributor Author

Updated this for auth enhancement. Kindly check, thanks!

galevalerie
galevalerie reviewed May 23, 2022
View reviewed changes
Copy link
Contributor

@galevalerie galevalerie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • can you use the "get current user" endpoint instead
  • kindly match the whole test token including the oauth2: prefix

@roxanne-tampus
Copy link
Contributor Author

Nice catch! I just pushed the changes.

galevalerie
galevalerie reviewed May 28, 2022
View reviewed changes
pkg/detectors/twist/twist.go
continue
}
resMatch := strings.TrimSpace(match[1])
setAuth := resMatch
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you can remove this part since we are expecting to detect tokens with this prefix already

pkg/detectors/twist/twist.go
client = common.SaneHttpClient()

//Make sure that your group is surrounded in boundry characters such as below to reduce false positives
keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"twist"}) + `\b([0-9a-f:]{40,47})\b`)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i think you should include oauth2: in the regex pattern. we expect that the token already contains oauth2:

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No we can't include the oauth2: in the regex pattern because there are two ways in obtaining token. One is oauth and the other is generated using Basic authentication which doesn't have an oauth2 in it. Please check it here https://developer.twist.com/v3/#login.

@dustin-decker dustin-decker merged commit e192aee into trufflesecurity:main Aug 25, 2022
javajawa added a commit to mewbotorg/mewbot that referenced this pull request Sep 2, 2022
@javajawa
Bump trufflesecurity/trufflehog from 3.7.3 to 3.9.0 (#80)
51d259a 
Add Honeycomb detector by @​MNThomson in trufflesecurity/trufflehog#687
Feature/scalr detector by @​lonmarsDev in trufflesecurity/trufflehog#519
added websitepulse detector by @​lonmarsDev in trufflesecurity/trufflehog#516
added tokeet detector by @​lonmarsDev in trufflesecurity/trufflehog#515
Feature/salesmate detector by @​lonmarsDev in trufflesecurity/trufflehog#514
added kanbantool detector by @​lonmarsDev in trufflesecurity/trufflehog#513
added demio detector by @​lonmarsDev in trufflesecurity/trufflehog#512
added heatmapapi detector by @​lonmarsDev in trufflesecurity/trufflehog#509
added getresponse detector by @​lonmarsDev in trufflesecurity/trufflehog#506
added codeclimate detector by @​lonmarsDev in trufflesecurity/trufflehog#484
added flightlabs detector by @​ladybug0125 in trufflesecurity/trufflehog#475
added prodpad detector by @​lonmarsDev in trufflesecurity/trufflehog#470
added lemlist detector by @​lonmarsDev in trufflesecurity/trufflehog#469
added formsite detector by @​lonmarsDev in trufflesecurity/trufflehog#467
added docparser detector by @​lonmarsDev in trufflesecurity/trufflehog#458
added parseur detector by @​lonmarsDev in trufflesecurity/trufflehog#454
Added ecostruxureit detector by @​roxanne-tampus in trufflesecurity/trufflehog#555
Added transferwise detector by @​roxanne-tampus in trufflesecurity/trufflehog#558
Added holistic detector by @​roxanne-tampus in trufflesecurity/trufflehog#556
Added twist detector by @​roxanne-tampus in trufflesecurity/trufflehog#549
Added monkeylearn detector by @​roxanne-tampus in trufflesecurity/trufflehog#553
Added gtmetrix detector by @​roxanne-tampus in trufflesecurity/trufflehog#554
Added duply detector by @​roxanne-tampus in trufflesecurity/trufflehog#552
Added braintreepayments detector by @​roxanne-tampus in trufflesecurity/trufflehog#541
added apilayer scanner by @​lonmarsDev in trufflesecurity/trufflehog#368
added appointed scanner by @​lonmarsDev in trufflesecurity/trufflehog#425
[bug] - Fix the starting index value for plus line check. by @​ahrav in trufflesecurity/trufflehog#734
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dustin-decker dustin-decker dustin-decker approved these changes

@galevalerie galevalerie galevalerie approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@roxanne-tampus @dustin-decker @galevalerie