Skip to content

New Detector for Salesforce #4182

@Chemo850

Description

@Chemo850

Description

Salesforce OAuth2 credentials including the consumer and secret key pair are used to authenticate and authorize applications that need access to Salesforce data. These credentials are part of a connected app, which allows external services to securely interact with Salesforce APIs. The consumer key acts as a unique identifier for the app, while the consumer secret is used to verify the app’s authenticity when requesting an access token. Additionally, refresh tokens play a crucial role in maintaining access without requiring users to log in repeatedly. When an access token expires, a refresh token allows the application to request a new access token without user intervention. This ensures seamless and uninterrupted access to Salesforce resources while enhancing security by limiting the lifespan of access tokens. The current Salesforce detector is only scanning for access tokens that have a short TTL by default, but it is not scanning for either the long live consumer/secret key pair or the refresh token that are utilized to generate the access token in the first place. The two secret types should be able to be mostly identified by the regex patterns below.

Refresh Token: 5aep861[a-zA-Z0-9._=]+

Consumer Key: 3MVG9[a-zA-Z0-9+/=.]+
Secret Key: [A-Za-z0-9+/=
.]{64} OR [0-9]{19}

Preferred Solution

Expand the current Salesforce detector to identify the three credential types that make up the Salesforce OAuth2 workflow. The provided patterns should make for a decent baseline on the expected match.

Activity

shahzadhaider1

shahzadhaider1 commented on May 29, 2025

@shahzadhaider1
Contributor

Hi @Chemo850!

Thank you for taking the time to open this issue, we really appreciate your contribution to the project!

We do have Salesforce Detector but for the long live consumer/secret key pair and the refresh token, we’ll take a look and get back to you as soon as we can. If we need any clarification, we’ll follow up here.

Thanks again for helping make this project better!

shahzadhaider1

shahzadhaider1 commented on Jun 2, 2025

@shahzadhaider1
Contributor

Hi, I just wanted to share that while we’ll aim to address it when the team has available bandwidth, we also welcome contributions from the community. If you or anyone else is interested in taking this on, we’d be happy to support your efforts.

You can follow our guide on how to add a new detector to get started.

Thanks again for helping improve TruffleHog!

linked a pull request that will close this issueSalesforce OAuth2 Detector #4252on Jun 20, 2025
linked a pull request that will close this issueSalesforce Refresh Token Detector #4295on Jul 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

    Participants

    @shahzadhaider1@Chemo850

    Issue actions

      New Detector for Salesforce · Issue #4182 · trufflesecurity/trufflehog