Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[UPDATE] Updated plaidkey detector results, and added uniqueness check #3709

Merged
merged 4 commits into from
Dec 12, 2024
Merged

[UPDATE] Updated plaidkey detector results, and added uniqueness check #3709

merged 4 commits into from
Dec 12, 2024

Conversation

nabeelalam
Copy link
Contributor

@nabeelalam nabeelalam commented Dec 2, 2024
edited
Loading

Description:

Updated the plaidkey detector.
Makes it so that only unique keys and IDs will be processed.
Also adds the s1 object into the results when the verify flag is false in order to get required output in pattern test.

Checklist:

  • Tests passing (make test-community)?
  • Lint passing (make lint this requires golangci-lint)?

@nabeelalam nabeelalam mentioned this pull request Dec 2, 2024
Merged
2 tasks
@nabeelalam nabeelalam marked this pull request as ready for review December 2, 2024 12:07
@nabeelalam nabeelalam requested a review from a team as a code owner December 2, 2024 12:07
rgmz
rgmz reviewed Dec 2, 2024
View reviewed changes
pkg/detectors/plaidkey/plaidkey.go Outdated Show resolved Hide resolved
pkg/detectors/plaidkey/plaidkey.go Outdated Show resolved Hide resolved
rgmz
rgmz reviewed Dec 2, 2024
View reviewed changes
pkg/detectors/plaidkey/plaidkey.go
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The detector should be updated to handle failures and check for a specific status code. Anything that uses if err == nil or if res.StatusCode >= 200 && res.StatusCode < 300 is defective IMO (#3658).

See the implementation here.

@zricethezav zricethezav merged commit 6f1a003 into trufflesecurity:main Dec 12, 2024
13 checks passed
rgmz added a commit to rgmz/trufflehog that referenced this pull request Dec 12, 2024
@nabeelalam @zricethezav @rgmz
[UPDATE] Updated plaidkey detector results, and added uniqueness check (
c1d9274 
trufflesecurity#3709)

* updated plaidkey detector. Added unique checks. Fixed result return if verify flag false

* Apply suggestions from code review - entropy filter

Co-authored-by: Richard Gomez <[email protected]>

* updated plaidkey detector. added more specific checks for response status, removed deprecated development environment

---------

Co-authored-by: Zachary Rice <[email protected]>
Co-authored-by: Richard Gomez <[email protected]>
@blsaccess blsaccess mentioned this pull request Dec 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rgmz rgmz rgmz left review comments

@kashifkhan0771 kashifkhan0771 kashifkhan0771 approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@nabeelalam @rgmz @kashifkhan0771 @zricethezav