Skip to content

Grafana detector: unexpected HTTP response status 404 #3716

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking β€œSign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
rgmz opened this issue Dec 2, 2024 Β· 6 comments
Open

Grafana detector: unexpected HTTP response status 404 #3716

rgmz opened this issue Dec 2, 2024 Β· 6 comments
Labels
bug

Comments

@rgmz
Copy link
Contributor

rgmz commented Dec 2, 2024

Reproducer

Found unverified result πŸ·πŸ”‘β“
Verification issue: unexpected HTTP response status 404
Detector Type: Grafana
Decoder Type: PLAIN
Raw result: glc_eyJvIjoiMjA0NjMwIiwibiI6InRlc3QtdG9rZW4iLCJrIjoiWHc5MTVXOWtNOWxsNHcyZHEyIiwibSI6eyJyIjoicHJvZC0wIn19
Commit: 62e5c36c60ace8340db72ff3ca109c81be91cadd
File: fuzz/corpus/0f6e27df5b57eb198b8068f312bc80815b06488d
Line: 1
Link: https://github.com/Samsung/CredSweeper/blob/62e5c36c60ace8340db72ff3ca109c81be91cadd/fuzz/corpus/0f6e27df5b57eb198b8068f312bc80815b06488d#L1
Repository: https://github.com/Samsung/CredSweeper.git
Timestamp: 2023-07-25 13:06:10 +0000

Body:

{
  "code": "NotFound",
  "message": "stack region not found",
  "requestId": "96298543-a1a8-4e81-a806-84bf1848d492"
}

https://grafana.com/docs/grafana-cloud/developer-resources/api-reference/cloud-api/#list-a-set-of-tokens
@rgmz rgmz added the bug label Dec 2, 2024
@kashifkhan0771
Copy link
Contributor

@ankushgoel27 This issue is related to the Grafana detector, which does not use any domain pattern. The domain pattern is part of a separate detector, GrafanaServiceAccount.

@kashifkhan0771
Copy link
Contributor

As per our code, we are using a fixed region ?region=us. I tested the API with this region as well as other regions, and it worked fine. The only time I was able to reproduce the error was when I provided an invalid region in the API request.

@kashifkhan0771
Copy link
Contributor

@rgmz I was only able to reproduce this error when using an invalid region, but our detector uses a fixed, valid region. Could you share more details about the error and how you encountered it?

@rgmz
Copy link
Contributor Author

rgmz commented May 20, 2025

@rgmz I was only able to reproduce this error when using an invalid region, but our detector uses a fixed, valid region. Could you share more details about the error and how you encountered it?

The token itself contains region information (m.r):

$ base64 -d <<< "eyJvIjoiMjA0NjMwIiwibiI6InRlc3QtdG9rZW4iLCJrIjoiWHc5MTVXOWtNOWxsNHcyZHEyIiwibSI6eyJyIjoicHJvZC0wIn19"
{"o":"204630","n":"test-token","k":"Xw915W9kM9ll4w2dq2","m":{"r":"prod-0"}}

The original reproducer no longer exhibits the behaviour. Not sure if they've changed their API behaviour.

@kashifkhan0771
Copy link
Contributor

The original reproducer no longer exhibits the behaviour. Not sure if they've changed their API behaviour.

Can we close this issue in that case?

@rgmz
Copy link
Contributor Author

rgmz commented May 20, 2025

I haven't used TruffleHog in the past few months. It would checking if this error has been seen recently β€” does Forager record errors?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rgmz @kashifkhan0771 and others