[Feat] Detector implementation for Azure API Management Direct Management Key #3938
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rgmz
reviewed
Feb 26, 2025
| s1 := detectors.Result{ | ||
| DetectorType: detectorspb.DetectorType_AzureDirectManagementKey, | ||
| Raw: []byte(baseUrl), | ||
| RawV2: []byte(baseUrl + primaryKey), |
There was a problem hiding this comment.
Can we start making RawV2 structured in new detectors? #3634 (comment)
There was a problem hiding this comment.
There was a problem hiding this comment.
... it is tightly coupled with Enterprise and (in future) if we need to restructure it, due to any reason, We wont be able to do it.
That is the case regardless. Making it structured at least makes it parseable and human-readable, unlike doing a simple concatenation.
| var ( | ||
| defaultClient = common.SaneHttpClient() | ||
| urlPat = regexp.MustCompile(`https://([a-z0-9][a-z0-9-]{0,48}[a-z0-9])\.management\.azure-api\.net`) // https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.APIM.Name/ | ||
| primaryKeyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"azure"}) + `\b([a-zA-Z0-9+\/-]{86,88}\b={0,2})`) // Base64-encoded primary key |
There was a problem hiding this comment.
@rgmz Initially I copied that regex from another detector, Azure Storage. After your comment, I generated 20 times a key and confidently say that all of them ended with [a-zA-Z0-9]==. Updated the regex.
abmussani
force-pushed
the
azuredirectmanagementapikey-detector-impl
branch
from
eb37f00 to
a76aa3d
Compare
rgmz
reviewed
Feb 28, 2025
| var ( | ||
| defaultClient = common.SaneHttpClient() | ||
| urlPat = regexp.MustCompile(`https://([a-z0-9][a-z0-9-]{0,48}[a-z0-9])\.management\.azure-api\.net`) // https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.APIM.Name/ | ||
| keyPat = regexp.MustCompile(detectors.PrefixRegex([]string{"azure", ".management.azure-api.net"}) + `\b([a-zA-Z0-9+\/]{83,85}[a-zA-Z0-9]==)`) // pattern for both Primary and secondary key |
There was a problem hiding this comment.
\b isn't valid when beside / or +.
There was a problem hiding this comment.
This has bitten me so many times... 😭
There was a problem hiding this comment.
Updated the regex but AzureContainerRegistry Detector has the similar issue. right ?
abmussani
changed the title
abmussani
force-pushed
the
azuredirectmanagementapikey-detector-impl
branch
from
b132a61 to
0a16736
Compare
code refactoring, remove unnecessary code. updated the description of detector. reduce the expiry to 5 seconds.
refactor variable name for better understanding.
implemented host caching if host is not reachable to avoid unnecessary extra verification calls.
abmussani
force-pushed
the
azuredirectmanagementapikey-detector-impl
branch
from
ca0e501 to
9345878
Compare
kashifkhan0771
approved these changes
Apr 21, 2025
| return "Azure API Management provides a direct management REST API for performing operations on selected entities, such as users, groups, products, and subscriptions." | ||
| } | ||
|
|
||
| func (s Scanner) IsFalsePositive(_ detectors.Result) (bool, string) { |
There was a problem hiding this comment.
If we want to skip some specific keyword can we implement it as this
|
@abmussani gotta fix conflicts here too |
zricethezav
approved these changes
May 5, 2025
abmussani
added a commit
to abmussani/trufflehog
that referenced
this pull request
May 8, 2025
* main: (40 commits) [Feat] Detector implementation for Azure API Management Direct Management Key (trufflesecurity#3938) Fastly Analyzer (trufflesecurity#4082) Postman Code Uses Consistent Casing for Id Var Names (trufflesecurity#4124) Normalize UID to Uid in Postman Code (trufflesecurity#4125) postman_client.IDNameUUID becomes IdNameUid (trufflesecurity#4123) Fixed Kontent Detector (trufflesecurity#4122) [Fix] Added Prefix In Dockerhub Detector Regex (trufflesecurity#4084) Issue - 3697 - GitHub analyzer panic (trufflesecurity#4113) fix(test/snowflake): Snowflake flaky pattern test (trufflesecurity#4083) Netlify Analyzer (trufflesecurity#4106) Add xAI detector (trufflesecurity#4117) added tunnel authtoken detection in ngrok detector (trufflesecurity#4115) Postman increase http client timeout (trufflesecurity#4086) feat: bing subscription key support (trufflesecurity#4092) Improve precommit hook setup and support both global and repo pre-commit hooks, frameworkless and with pre-commit or husky (trufflesecurity#4098) Make a first pass at some structural introduction docs (trufflesecurity#4076) Update action.yml (trufflesecurity#4108) Refactor Netlify Detector (trufflesecurity#4102) chore: added github action custom detector name (trufflesecurity#3417) Fixed PubnubsubsciptionKey detector verification (trufflesecurity#4107) ... # Conflicts: # pkg/engine/defaults/defaults.go # pkg/pb/detectorspb/detectors.pb.go # proto/detectors.proto
abmussani
added a commit
to abmussani/trufflehog
that referenced
this pull request
May 16, 2025
* main: [Feat] Added Mux API Analyzer (trufflesecurity#4128) fixed name of netlify analyzer in cli output (trufflesecurity#4140) fix(discordwebhook): Update Discord webhook detector to support 19-digit IDs (trufflesecurity#4133) [Feat] Added New AccuWeather Detector Version (trufflesecurity#4114) [Feat] Added Ngrok API Key Analyzer (trufflesecurity#4110) Improved JDBC Detector Regex (trufflesecurity#4109) [Feat] Detector implementation for Azure Configuration Connection String Key (trufflesecurity#3939) test(sources/s3): fix missing region error (trufflesecurity#4131) feat(sources/s3): migrate to AWS SDK v2 (trufflesecurity#4069) Update PreCommit.md (trufflesecurity#4112) Exclusion of FalsePositive GH's usernames in PrivateKeyDetector (trufflesecurity#4046) Monday App Analyzer (trufflesecurity#4120) [Feat] Detector implementation for Azure API Management Direct Management Key (trufflesecurity#3938) Fastly Analyzer (trufflesecurity#4082) Postman Code Uses Consistent Casing for Id Var Names (trufflesecurity#4124) Normalize UID to Uid in Postman Code (trufflesecurity#4125) postman_client.IDNameUUID becomes IdNameUid (trufflesecurity#4123) Fixed Kontent Detector (trufflesecurity#4122) # Conflicts: # pkg/analyzer/analyzers/analyzers.go # pkg/analyzer/cli.go
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
This PR implements a new Detector for Azure Direct management API key. This detector looks for direct manage url and keys (Primary or Secondary), generates a access token with expiry of 5 seconds (to avoid leakage) and verify the credentials based on generated values.
Test Output:
Checklist:
make test-community)?make lintthis requires golangci-lint)?