Description
📌 Description
Request to add a LambdaTest detector in TruffleHog for identifying potentially leaked credentials such as username and access key.
LambdaTest is a cloud testing platform that uses access tokens for authentication, which can be accidentally exposed in codebases. Including a detector would help identify these secrets and prevent misuse.
✅ Preferred Solution
🔍 Regex Patterns
-
Access Key:
^LT_[a-zA-Z0-9]{47}$ -
Username:
^[a-zA-Z0-9]*$
🔑 Keywords for Access Key Detection
detectors.PrefixRegex([]string{
"hub.lambdatest.com",
"accessKey",
"\"access_Key\":",
"ACCESS_KEY",
"key",
"lambdatestKey",
"LT_AUTHKEY",
"LT_ACCESS_KEY",
})
👤 Keywords for Username Detection
userPat = regexp.MustCompile(
detectors.PrefixRegex([]string{
"hub.lambdatest.com",
"userName",
"\"username\":",
"USER_NAME",
"user",
"lambdatestUser",
"LT_USERNAME",
"LAMBDATEST_USERNAME",
})
)
🔐 Credential Validation API
curl --location 'https://auth.lambdatest.com/api/user/token/auth' \
--header 'Content-Type: application/json' \
--data '{
"username": "username",
"token": "key"
}'
Sample Invalid Response:
{
"type": "error",
"title": "Unauthorized Error",
"message": "Something went wrong! Access key not present in db or invalid"
}
Additional Context
You can create an account on https://accounts.lambdatest.com/register and you can get the username and access key from here https://accounts.lambdatest.com/security/username-accesskey
Metadata
Metadata
Assignees
Type
Projects
Milestone
Relationships
Participants
Activity
shahzadhaider1 commentedon Jun 2, 2025
Hi @ksrakshit,
Thank you for taking the time to open this issue, we really appreciate your contribution to the project!
While we’ll aim to address it when the team has available bandwidth, we also welcome contributions from the community. If you or anyone else is interested in taking this on, we’d be happy to support your efforts.
You can follow our guide on how to add a new detector to get started.
Thanks again for helping improve TruffleHog!
nabeelalam commentedon Jun 20, 2025
Hey @ksrakshit, thanks for opening up this request. there's a PR open for this that's currently under review: #4208
ksrakshit commentedon Jun 20, 2025
Thanks, @nabeelalam . I’m from the LambdaTest Security team and have attached a few regex patterns to match the token in this PR #4181 (comment) , so that false positives do not get through. Please do let me know if you need help on this