Skip to content

Commit

Permalink
Detector-Competition-Fix: Fix SurveyBot Verification (trufflesecurity…
Browse files Browse the repository at this point in the history
  • Loading branch information
lc authored Oct 26, 2023
1 parent 00a00ef commit 98d2922
Showing 1 changed file with 13 additions and 1 deletion.
14 changes: 13 additions & 1 deletion pkg/detectors/surveybot/surveybot.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package surveybot

import (
"context"
"encoding/json"
"net/http"
"regexp"
"strings"
Expand Down Expand Up @@ -29,6 +30,10 @@ func (s Scanner) Keywords() []string {
return []string{"surveybot"}
}

type response struct {
Surveys []interface{} `json:"surveys"`
}

// FromData will find and optionally verify SurveyBot secrets in a given set of bytes.
func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (results []detectors.Result, err error) {
dataStr := string(data)
Expand Down Expand Up @@ -57,7 +62,14 @@ func (s Scanner) FromData(ctx context.Context, verify bool, data []byte) (result
if err == nil {
defer res.Body.Close()
if res.StatusCode >= 200 && res.StatusCode < 300 {
s1.Verified = true
var r response
if err := json.NewDecoder(res.Body).Decode(&r); err != nil {
s1.VerificationError = err
continue
}
if len(r.Surveys) > 0 {
s1.Verified = true
}
} else {
// This function will check false positives for common test words, but also it will make sure the key appears 'random' enough to be a real key.
if detectors.IsKnownFalsePositive(resMatch, detectors.DefaultFalsePositives, true) {
Expand Down

0 comments on commit 98d2922

Please sign in to comment.